mirror of https://github.com/openbsd/www.git
210 lines
8.5 KiB
HTML
210 lines
8.5 KiB
HTML
<!doctype html>
|
|
<html lang=en id=plus>
|
|
<meta charset=utf-8>
|
|
<title>OpenBSD 2.0 Changelog</title>
|
|
<meta name="description" content="OpenBSD 2.0 changes">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<link rel="stylesheet" type="text/css" href="openbsd.css">
|
|
<link rel="canonical" href="https://www.openbsd.org/plus20.html">
|
|
<style>
|
|
strong {
|
|
color: var(--red);
|
|
}
|
|
|
|
h3 {
|
|
color: var(--blue);
|
|
}
|
|
|
|
p strong {
|
|
font-weight: normal;
|
|
}
|
|
</style>
|
|
|
|
<h2 id=OpenBSD>
|
|
<a href="index.html">
|
|
<i>Open</i><b>BSD</b></a>
|
|
2.0 Changelog
|
|
</h2>
|
|
<hr>
|
|
|
|
<p>
|
|
This is a partial list of the major machine independent changes
|
|
(i.e., these are the changes people ask about most often). Machine
|
|
specific changes have also been made, and are sometimes mentioned
|
|
in the pages for the specific <a href=plat.html>platforms</a> if you
|
|
are interested in further port-specific details. Many ports
|
|
have had architecture-specific enhancements relative to NetBSD,
|
|
but when they do not they certainly have plenty of platform-independent
|
|
changes, starting with those listed below..
|
|
|
|
<p>
|
|
Note: <strong>Problems for which patches exist are marked in red</strong>.
|
|
|
|
<p>
|
|
For changes in other releases, click below:<br>
|
|
<a href="plus21.html">2.1</a>,
|
|
<a href="plus22.html">2.2</a>,
|
|
<a href="plus23.html">2.3</a>,
|
|
<a href="plus24.html">2.4</a>,
|
|
<a href="plus25.html">2.5</a>,
|
|
<a href="plus26.html">2.6</a>,
|
|
<a href="plus27.html">2.7</a>,
|
|
<a href="plus28.html">2.8</a>,
|
|
<a href="plus29.html">2.9</a>,
|
|
<a href="plus30.html">3.0</a>,
|
|
<a href="plus31.html">3.1</a>,
|
|
<a href="plus32.html">3.2</a>,
|
|
<a href="plus33.html">3.3</a>,
|
|
<a href="plus34.html">3.4</a>,
|
|
<a href="plus35.html">3.5</a>,
|
|
<a href="plus36.html">3.6</a>,
|
|
<a href="plus37.html">3.7</a>,
|
|
<br>
|
|
<a href="plus38.html">3.8</a>,
|
|
<a href="plus39.html">3.9</a>,
|
|
<a href="plus40.html">4.0</a>,
|
|
<a href="plus41.html">4.1</a>,
|
|
<a href="plus42.html">4.2</a>,
|
|
<a href="plus43.html">4.3</a>,
|
|
<a href="plus44.html">4.4</a>,
|
|
<a href="plus45.html">4.5</a>,
|
|
<a href="plus46.html">4.6</a>,
|
|
<a href="plus47.html">4.7</a>,
|
|
<a href="plus48.html">4.8</a>,
|
|
<a href="plus49.html">4.9</a>,
|
|
<a href="plus50.html">5.0</a>,
|
|
<a href="plus51.html">5.1</a>,
|
|
<a href="plus52.html">5.2</a>,
|
|
<a href="plus53.html">5.3</a>,
|
|
<a href="plus54.html">5.4</a>,
|
|
<br>
|
|
<a href="plus55.html">5.5</a>,
|
|
<a href="plus56.html">5.6</a>,
|
|
<a href="plus57.html">5.7</a>,
|
|
<a href="plus58.html">5.8</a>,
|
|
<a href="plus59.html">5.9</a>,
|
|
<a href="plus60.html">6.0</a>,
|
|
<a href="plus61.html">6.1</a>,
|
|
<a href="plus62.html">6.2</a>,
|
|
<a href="plus63.html">6.3</a>,
|
|
<a href="plus64.html">6.4</a>,
|
|
<a href="plus65.html">6.5</a>,
|
|
<a href="plus66.html">6.6</a>,
|
|
<a href="plus67.html">6.7</a>,
|
|
<a href="plus68.html">6.8</a>,
|
|
<a href="plus69.html">6.9</a>,
|
|
<a href="plus70.html">7.0</a>,
|
|
<a href="plus71.html">7.1</a>,
|
|
<br>
|
|
<a href="plus72.html">7.2</a>,
|
|
<a href="plus73.html">7.3</a>,
|
|
<a href="plus.html">current</a>.
|
|
<br>
|
|
|
|
<p>
|
|
<h3>Changes made between birth and OpenBSD 2.0</h3>
|
|
<p>
|
|
|
|
<ul>
|
|
<li>CTM is now a supported way of obtaining OpenBSD source code.
|
|
<li>Added sudo (which is maintained by one of our developers)
|
|
<li>Working Linux ext2fs.
|
|
<li>We have completed security reviews of almost all userland programs and libraries except for the gnu stuff (where, based on preliminary inspection there is poor handling of temp files).
|
|
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
|
|
<li>A 7% reduction in size of static binaries.
|
|
<li>Compile time option to compile the source tree almost completely dynamic.
|
|
<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
|
|
<li>Another kerberos security fix.
|
|
<li>deal with the SYN bomb problem (denial of service attack) as well known.
|
|
<li>less version 2.90
|
|
<li>mopd for networking booting Digital machines
|
|
<li>latest GNU groff, incorporated in a clean wrapperized form.
|
|
<li>secure multicast tools against possible security problems.
|
|
<li>sendmail gecos hole fixed (in a number of ways; other programs in the source tree were also vulnerable).
|
|
<li>Nice sample files in /etc
|
|
<li>16 partitions working on sparc and i386 (yipee!)
|
|
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim also works better.
|
|
<li>And of course... more security related bugfixes... (ie. dump, restore, mt).
|
|
<li>ftp command modified for easily scripted ftp & http downloads.
|
|
<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
|
|
<li>New routed from SGI.
|
|
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
|
|
<li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
|
|
<li>DDB can now access symbol tables from LKM modules
|
|
<li>Some serial driver support for /dev/cuaXX devices to support transparent out+dial
|
|
<li>FreeBSD pipe() system call; quite a bit faster.
|
|
<li>libgnumalloc is gone; our malloc() is better.
|
|
<li>Kernel warns if /dev/console does not exist; nice warning for booting with an unpopulated /dev directory.
|
|
<li>cdio command for using CD audio.
|
|
<li>Even more security fixes.
|
|
<li>latest version of perl, and a lndir command.
|
|
<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc bugs).
|
|
<li>vim version 4.5
|
|
<li>a good start at NETIPX support
|
|
<li>improved locate command
|
|
<li>Fixed timeout support in RPC library, and also fixed it to support more than FD_SETSIZE file descriptors.
|
|
<li>rudimentary support for ISA Plug-and-Play cards
|
|
<li>'lsof'-style features in fstat.
|
|
<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
|
|
<li>ncr53cXXX scsi scripts assembler
|
|
<li>arc4-based random support in kernel
|
|
<li>Kerberos is much more silent if not configured
|
|
<li>scsi subsystem security fix
|
|
<li>much newer join command (4.4lite2 with other fixes)
|
|
<li>RCS version 5.7
|
|
<li>added /etc/fbtab support to login & init.
|
|
<li>partial protection against tcp SYN attacks.
|
|
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed by chown(). This can be turned off with sysctl.
|
|
<li>a real adduser program, which can even be used uninteractively.
|
|
<li>install now supports -C, -p, and -S flags.
|
|
<li>20 or so more security fixes
|
|
<li>at -f security fix.
|
|
<li>generic protection against the bind() takeover problem.
|
|
<li>new rdisc Router Discovery daemon
|
|
<li>Numerous FreeBSD userland fixes and improvements incorporated.
|
|
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
|
|
<li>Fixed long-standing vm swap-leak.
|
|
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
|
|
<li>Newest version of pppd.
|
|
<li>zlib (non-GPL'd gzip-compatible library)
|
|
<li>Numerous more security policy and implementation improvements (OpenBSD defaults to installing in a very secure mode)
|
|
<li>Significantly improved ftp daemon.
|
|
<li>Protection from the udp spamming and ftp bounce attacks.
|
|
<li>randomized port allocation in bind(), bindresvport(), and rresvport() -- security via unpredictability.
|
|
<li>The most secure rdist support anywhere.
|
|
<li>Fortran in the tree.
|
|
<li>terminfo database support.
|
|
<li>Working ATAPI audio support for multiple architectures.
|
|
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
|
|
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to generate them too
|
|
<li>Even more security fixes.
|
|
<li>using AT&T awk, gawk is toast
|
|
<li>pax as tar, gnutar is toast
|
|
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
|
|
<li>ATM support (support for one company's sparc & i386 cards available)
|
|
<li>kernfs extensions
|
|
<li>select() that can handle any amount of file descriptors.
|
|
<li>new system calls: rfork(), minherit(), poll().
|
|
<li>/sbin/init now deals with non-existent ttys, no longer spins gettys madly.
|
|
<li>ncheck utility for ffs
|
|
<li>Numerous scsi fixes
|
|
<li>Some ddb improvements and extensions
|
|
<li>In-kernel update(8) with an adaptive algorithm
|
|
<li>/dev/*random -- a device driver providing some kinds of random data
|
|
<li>Solid YP master, server, and client capabilities.
|
|
<li>Kerberos and other crypto in the source tree that is exportable
|
|
<li>Numerous security related fixes
|
|
<li>new scsi, md5, pkg_* commands
|
|
<li>ATAPI support (should work on all ISA buses)
|
|
<li>Some LKM support in the tree.
|
|
<li>All the pieces needed for cross compilation are in the source tree.
|
|
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
|
|
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports to use kvm utilities
|
|
<li>better ELF support
|
|
<li>ipfilter for filtering dangerous packets and Network Address Translation for IP masquerading.
|
|
<li>The FreeBSD ports subsystem was integrated and is usable by you!
|
|
<li>a termlib library which understands termcap.db, needed for new curses.
|
|
<li>New curses library, including libform, libpanel and libmenu.
|
|
<li>Many many NetBSD PRs fixed (which NetBSD has not yet fixed)
|
|
</ul>
|