This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
current.
Changes made between OpenBSD 5.5 and 5.6
- Fixed ssl(8) to avoid allocating and then leaking a fresh fragment structure when a zero-length fragment is received (CVE-2014-3507).
- Fixed ssl(8): made sure the output buffer is always NUL terminated if buf_len was initially greater than zero; reject OIDs that are too long, too short, or not in proper base-127 (CVE-2014-3508).
- Corrected ssl(8) test (reversed during merge of fix for CVE-2014-3509).
- Fixed ssl(8) DTLS handshake message size checks (CVE-2014-3506).
- Stopped httpd(8) trying to output FCGI_STDERR into error.log if there is no data.
- Try to parse "Status: $code" in the first response from the httpd(8) fcgi daemon, use that code as HTTP response code (fallback to 200). Possible fix for redirects in cvsweb.
- Fixed ssl(8) TLS downgrade (CVE-2014-3511).
- Fixed DTLS anonymous EC(DH) denial of service in ssl(8) (CVE-2014-3510).
- Made httpd(8) correctly report "internal server error" if the very first fcgi STDOUT record has length 0.
- Changed httpd.conf(5) grammar to remove a shift/reduce conflict. "listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
- Added support for NOTE_EOF (for kqueue(2) EVFILT_READ filters) on NFS files.
- Limit the body size in client requests (eg. POST data) to 1M by default in httpd.conf(5); added a configuration option to change the limit.
- Prevented X(7) server crash on zaurus (and possibly other architectures) where there is no pci(4).
- Provided httpd.conf(5) configuration options that allow the SSL certificate, key and ciphers to be specified for each server.
- Clear the httpd(8) public key when it is no longer needed.
- Configured the default ssl(8) ciphers as HIGH:!aNULL in httpd(8).
- Restored previous ssl(8) behaviour that allows a PEM block to be fed through the base64 decoder.
- Corrected some dma cleanup error paths in qe(4/vax).
- POST support added to httpd(8).
- Added CONTENT_TYPE environment variables (without the HTTP_prefix) to httpd(8), for use with cgi scripts .
- Fixed bug in server_write that broke httpd(8) keep-alive support.
- httpd(8) now adjusts read/write watermarks according to the TCP send buffer. Fixes sending of large files.
- Load the httpd(8) ssl(8) public/private keys in the parent process, then provide them to the privsep process via imsg. Allows keys to be moved out of chroot(8).
- Added ssl(8) support for loading the public/private key from memory, rather than directly from file.
- If a driver (eg umct(4)) opens an interrupt pipe without callback function, made sure the correct transfer is aborted.
- Added httpd.conf(5) options for max requests per connection and timeout limit.
- Brought back httpd.conf(5) TCP/IP configuration options.
- Limited the number of Keep-Alive requests per httpd(8) connection to 100.
- Improved httpd(8) logging to allow per-server/location log files; log files can now be owned by root.
- Added httpd.conf(5) option to specify the chroot(8) directory.
- Enabled httpd(8) in rc.d(8) for wider testing.
- Temporarily moved default location of the httpd(8) SSL/TLS server key and certificate from /var/www/ to /var/www/conf/.
- Added "HTTPS = on" CGI variable to httpd(8).
- Redirect httpd(8) to https:// if SSL/TLS is enabled.
- Added TLS/SSL support to httpd(8), based on the recent ssl(8) commits.
- Changed httpd.conf(5) grammar from "log [style]" to "log style [style]".
- Provided an ssl(8) function that returns a server connection context.
- Provided an ssl(8) utility function for loading a private/public keypair.
- httpd(8) will now print error message if the log files cannot be opened.
- Improved ressl_{read,write} handling of non-blocking reads/writes in ssl(8)
- Added initial httpd(8) support for log files in /var/www/logs/.
- Implemented httpd(8) PATH_INFO and added DOCUMENT_ROOT.
- httpd(8) now also writes log messages (eg 404 Not Found) on error.
- Extended httpd(8) to dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables.
- Add ral(4) to GENERIC and RAMDISK on macppc.
- Fixed sys/dev/usb/ehci.c r1.162 to stop returning initialised memory on error in ehci_alloc_sqtd().
- Fixed sys/dev/ic/bwi.c r1.106. Prevents packet loss.
- Split httpd(8) fastcgi socket path and document root options; added the SCRIPT_FILENAME CGI param with a prepended root. Fixes php-fpm that expects SCRIPT_FILENAME.
- Added missing httpd(8) log call for fastcgi requests.
- Added another httpd.conf(5) log mode "connection" for a relayd(8)-style log entry after each connection.
- httpd(8) now prefers getnameinfo() with NI_NUMERICHOST over inet_ntop (to include IPv6 scope ID).
- httpd.conf(5) locations now inherit access log settings from the server.
- Made sure httpd(8) reads fcgi padding data if any is received.
- Made httpd(8) properly read from the fcgi bufferevent until it is empty.
- Allow httpd(8) to specify a fastcgi TCP socket on localhost.
- Fixed scandir(3)-based directory auto index on NFS in httpd(8).
- Use the log buffer to defer httpd(8) logging until the connection is closed or the request completed.
- Added common and combined access logging to httpd(8).
- Rewrote httpd(8) fcgi_add_param and hand over a lot more http headers etc. to the cgi script.
- Correctly parse fastcgi records if httpd(8) doesn't get the whole record in one bufferevent_read().
- Allow softraid(4) rebuilds to work correctly when the volume metadata has a different data offset to that currently in use.
- Unbroke aac(4), by re-adding uvm_extern.h for ptoa().
- httpd(8) now only writes the HTTP header for the first fastcgi chunk.
- httpd(8) fastcgi improvements: submit QUERY_STRING, if it exists; use a proper function to create an HTTP header; use server_file_error() to detect EOF and fastcgi stream errors; disable keep-alive/persist until there is a reliable way to get the content length.
- Use exact on-disk inode size with ext2 filesystems.
- Properly evaluate rc.d(8) values only after running _rc_quirks(), because these can modify flags.
- In rc.d(8) debug mode, properly sort and drop duplicate entries to make output less confusing.
- Allow httpd.conf(5) to specify a non-default fastcgi socket.
- Renamed httpd(8) "docroot" variable to "path" (as it will be used for either files or the fastcgi socket).
- Added httpd.conf(5) configuration variable "fastcgi" to enable it per server or location.
- Initial fastcgi implementation for httpd(8).
- Made sysmerge(8) properly warn when an example changes and the corresponding file is found under /etc.
- Add tradcpp(1) version 0.4, a standalone traditional whitespace-preserving cpp(1).
- Added httpd.conf(5) "location" keyword, to specify path-specific configuration in servers; made it work with name-based virtual servers.
- Reserve an extra file descriptor per httpd(8) connection, instead of per request. Fixes fd accounting with persistent connections.
- Added extended directory index options "[no] index" and "[no] auto index" to httpd.conf(5).
- Reverted checks about RTF_LOCAL route(4) (userland tools are not yet ready for this).
- Last (known) msgbuf_write(3) vs EOF fix incorporated into smtpd(8).
- Fixed I/O ktrace(1) of sendsyslog(2).
- Pass a default media to the le(4/sparc) child. Allows SPARCbook system default to AUI without requiring a manual media change.
- Removed buggy ssl(8) SRP code (never enabled in OpenBSD).
- 5.4, 5.5 and -current RELIABILITY FIX: Fixed possible memory exhaustion in dhclient(8) and dhcpd(8), occurring on DHCP options with 0 length.
A source code patch is available for 5.4 and 5.5.
- Merged dhcpd(8) packet.c r1.7 into dhclient(8) and dhcrelay(8), to remove DoS attack vector.
- Match any relevant driver (not just whitelist) for X(7) "aperture needed" detection.
- Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
- Made pkg_add(1) log libraries in a proper way.
- Stopped mandoc(1) assuming in -Tutf8 output mode that a non-breaking space character has width 0.
- Fixed hangs during suspend when stopping secondary cpu.
- Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines.
- Fixed (very hard to reach) DoS attack vector against dhcpd(8).
- Differentiate httpd(8) servers by address and port, not just by address.
- Use a URL in the Location header of httpd(8) 3xx responses.
- Append mandatory Date header to each httpd(8) response.
- In httpd(8), canonicalise the request path once without the docroot; prepend the docroot only only when it's needed.
- Prevent ssh-agent(1) keys remaining in memory after they have been expired or deleted.
- Stopped httpd(8) leaking the docroot in the error message if the default index file is missing.
- Fixed httpd(8) address matching of multiple server blocks with non-virtual hosts.
- Added support to httpd(8) for "virtual hosts" (aka. server blocks).
- Added "root" configuration option to httpd.conf(5).
- Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4).
- Made man.cgi(8) sort result pages first by section number, then by name.
- Provide eeprom(8) on the sparc installation media.
- Build machinery added to build eeprom(8) for the installation media on relevant arches.
- Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
- Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
- Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
- Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
- When httpd(8) is canonicalising the path, fail on truncation.
- Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash.
- First attempt at having httpd(8) verify request path and access permissions.
- In getaddrinfo_async(3) and similar, made queries fail when the hostname param is an empty string.
- In ssl(8) level_add_node(), do not free objects on cleanup which are still being referenced by other objects.
- Made sure ssl(3) PEM_def_callback() correctly handles negative buffer sizes.
- Removed lynx from the base system (available in packages(7) instead).
- Mandoc(1) security fix: after decoding numeric or one-character escape sequences, HTML-encode resulting character.
- Correctly shutdown the servers when the httpd(8) process is terminating. Prevents a crash on exit.
- On octeon, correctly drain and destroy the bufq upon detach.
- Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
- Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
- man.cgi(8) security fixes, to prevent XSS attacks.
- In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
- Enable httpd(8) in the builds for more testing (not finished but can serve static files).
- Added initial httpd.conf(5) example for httpd(8).
- Added the X(7) "aperture needed" test to vgafb(4), to match vga@pci.
- Corrected the initialiser for tunnconf_default_pptp in npppd(8).
- Reduced amount of messages from key_load_private_pem during ssh(1) hostbased auth.
- Made mandoc(1) preserve manpath and arch in .Xr links.
- Reverted tmux(1) up/down wheel emulation.
- Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
- Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
- Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
- Stopped kprintf in gcc(1) accepting the <number>$ flags (as printf(9) doesn't support them).
- When amd64/i386/loongson hibernate, look up correct device when using softraid(4).
- Updated to pixman 0.32.6
- Support hibernating to softraid(4) crypto volumes on amd64/i386/loongson.
- Fix tcpdump(8) display of logical link control data in IEEE802 frames.
- acpi(4) now ignores region marked as "Preserve" if all bits will be modified. Fixes hang on some Sony and Asus laptops.
- Always allocate bwi(4) ring descriptors below the 1GB boundary. Fixes "intr fatal TX/RX" errors.
- On bwi(4), make bwi_dma_mbuf_create() use the correct loop counter in error case.
- Load bwi(4) firmware once, not every time the interface is brought up. Fixes a panic.
- Fixed array overflow in telnet(1) command line handling
- When spamd(8) is started by rc.d(8): no longer start in background mode; return from rc_start() if spamd(8) failed to start; execute spamd-setup(8) without explicitly waiting for spamd(8).
- Fixed auto-upgradable file detection by sysmerge(8).
- Aligned telnet(1) with the manpage by making the "-a" use getlogin(2); ignore value if it returns a nonexistent user.
- Flensed the telnet(1) code base of support for ancient protocols and systems.
- On loongson, fixed Lemote reboot issue and usb(4) problems on Gdium models.
- mandoc(1) security fixes: validate name of file before opening; only allow relative filenames starting with "man" or "cat" and not containing "/.." or "../"; validate the manpath up front, report a Bad Request if it is not listed in manpath.conf; in case of configuration errors, only report "Internal Server Error".
- Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
- Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2).
- Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
- Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
- Fixed pkg_add(1) sorted output.
- When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way.
- Fixed privilege separation in npppd(8).
- In bnx(4), implemented EFBIG handling for heavily fragmented packets on the tx path.
- In dump(8), allow files-to-dump to be a duid.
- On sgi, optimised use of external L2 cache handling on the few Indy/Indigo2 systems which have it.
- Unbroke rc.d(8) script for smapd(8) after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
- Zero out the random buffer for sysctl(3) and the entropy buffer.
- Made sure the biglock is held on i386 when running interrupt handlers (which rely on it).
- Reflect stdio-forward ("ssh -W host:port ...") failures in ssh(1) exit status (bz#2255).
- In x509_vfy.c, free sktmp when it's no longer needed. Fixes many memory leaks in ssl(3).
- Added mpbios(4) to RAMDISK_CD on i386/amd64, so bsd.mp is selected when installing to Soekris net6501.
- Implemented file descriptor accounting in httpd(8) for single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests.
- Added sshd(8) support for unix domain socket forwarding.
- Updated to xf86-video-neomagic 1.2.8.
- Enable ext2fs support on RAMDISK_CD.
- Converted ftp(1) to libressl.
- Removed securelevel(7) variable from rc(8).
- powerdown=YES removed from reboot(8).
- Updated to xterm(1) version 309.
- Fixed timeouts in relayd(8) when one connection is spliced and one non-spliced.
- Added configuration handling for certificate and key files to libressl.
- KASSERTMSG(9): new function for a kernel assertion with message.
- Fixed sched_stop_secondary_cpus() to properly drain run queues from CPUs.
- Display zero page hit and miss counters in vmstat(8) -s.
- Show an error if cmd_find_session can't find the current tmux(1) session.
- Made tmux(1) close a connection when it receives an EOF.
- If a client is killed while suspended with ^Z, tmux(1) will no longer try to resume it.
- Removed all crypt choices other than bcrypt from adduser(8).
- When using NAT or redirects, recalculate the checksum of reassembled IPv6 fragments before the packet is refragmented.
- Fixed path MTU discovery with ping6(8) through pf(4) using nat or rdr.
- Introduced the PS_NOBROADCASTKILL flag that excludes processes from receiving kill(1) -1 broadcast signals.
- KERNEL_ASSERT_LOCKED(9) function added, working towards removal of the kernel lock.
- Initial support to read GPT partition tables in the kernel on i386/amd64 (requires option GPT).
- Ensured httpd(8) finishes writing the output before closing the connection.
- Fixed tight renew loop regression in dhclient(8).
- httpd(8) will now close the connection after the response is completed (no Keepalive yet).
- Added httpd(8) support for media types (compatible with nginx(8) mime.types file).
- Added ext4 read support.
- Brought man.cgi default mode closer to what man(1) does.
- Close connection/remove event handler when ypldap(8) msgbuf_write() hits an EOF.
- Introduced mount(8) -N option and a "net" mount option, and matching fsck(8) -N flag.
- Updated glxinfo(1) and glxgears(1) to version in mesa demos 8.2.0.
- Better httpd(8) error messages.
- Added httpd(8), a simple web server (preliminary version).
- dmesg(8) now indicates if aperture driver is required by X(7). Used by installer for sysctl(8) machdep.allowaperture setting.
- Fixed usb(4) connect freeze on octeon, by clearing the host port interrupt.
- Resize inpcb hashtable automatically.
- Removed udfu(4).
- Updated to xf86-video-modesetting 0.9.0.
- On octeon, fixed root hub descriptors by matching ehci(4)'s descriptors.
- In sysmerge(8), use sha256(1) for compared files.
- Rework zyd(4)'s register read/write methods to eliminate race conditions.
- Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
- Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
- Use imsg(3) between the privileged and the non-privileged npppd(8) processes.
- Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
- Removed qli(4) (never enabled and was unfinished).
- Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
- Updated to libICE 1.0.9 and libXft 2.3.2.
- Add a function to drop all clean pages on the uvm(9) page daemon queues; call it when we hibernate.
- Moved macppc abtn(4) driver from workq to taskq.
- Only detach the usb(4) device that has been disconnected, to fix a regression.
- Implemented checksum offload for divert(4).
- Allowed acpitz(4) to accept a temperature reading of 0 degC (fixes some machines with "failed to read _TMP" errors).
- Stopped acpitz(4) reporting bogus temperature values (temperatures > 4,000 degC) and therefore shutting down the machine.
- Initial version of libressl; provide LIBRESSL_VERSION_NUMBER to detect versions distinct from OPENSSL_XXX.
- Limit relayd(8) HTTP header length to 8K (based on the default of 4-8K common in web servers).
- In boot(9), purged curproc-overriding hacks.
- bluetooth(4) support removed (code did not work properly anyway).
- Better m4(1) error handling in mkstemp/unlink/fdopen logic.
- Started reducing the attack surface of lynx(1) (gopher, news, and dired left enabled for now).
- Enabled interrupt routines on octeon.
- Added relayd.conf(5) options for disallowing client-initiated renegotiations and to prefer the server's cipher list.
- Added relayd(8) support for EDH to provide perfect forward secrecy for older ssl(8) clients.
- Stopped DHCPINFORM in dhcpd(8) looking up the lease database, filling the yiaddr field, or including lease time parameters.
- Introduced IFXF_AUTOCONF6 interface and removed net.inet6.ip6.accept_rtadv from sysctl(8).
- Allow IFXF_AUTOCONF6 to be set and cleared via ifconfig(8).
- On rtsold(8), turned AFXF_AUTOCONF6 on.
- Placed the first examples into the new /etc/examples directory.
- Documentation update for libcrypto and ssl(8).
- Prevent infinite loop during ssl(8) configuration file parsing (PR #2985).
- In ssl3_get_cert_verify(), accommodate ssl(8) RSA keys larger than 4096-bit (PR #319).
- Fixed copy for CCM, GCM and XTS (ssl(8) PR #3272).
- Added machine independent reboot(9) function.
- Removed redundant check and wrong fix from fsck_msdos(8): fat.c checks already take care of cluster chains.
- In ssl(8) asn1_get_length(), tolerate leading zeroes in BER encoding (PR #2746).
- In ssl(8) EVP_PBE_alg_add don't use the underlying NID for the cipher, as it may have a non-standard key size (PR #3206).
- By popular demand, added back hamc-sha1 to sshd(8) protocols (still used by many clients).
- Fixed ssl(8) OID encoding for single components (PR #2556).
- More ssl(8) memory leaks and unchecked allocations fixed (PR #3403).
- Made sure BN_sqr never returns negative numbers (ssl(8) PR #3400).
- Let ssl(8) accept CCS again after "finished" has been sent by the client. Avoids failed renegotiations (PR #3400).
- In ssl(8) dtls1_clear_queues(), free buffered_add_data.q correctly (PR #3286).
- Fixed version number processing in ssl(8) cms_sd_set_version() (PR #3249).
- Removed rdist(1).
- Avoid panic on alpha when using network card with a small number of tx descriptors per packet, a lot of memory, and a heavily fragmented packets.
- When looking for the issuer of a ssl(8) X.509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359).
- In ssl(8) ssl3_get_client_key_exchange() parsing a GOST session key, invoke the regular ASN.1 parser (PR #3335).
- Removed RFC4620 Node Information Query support from the kernel.
- Made ssl(8) CMS_decrypt_set1_pkey() return an error if no recipient type matches, instead of returning a random key (PR #3348).
- Fixed missing initialisation in ssl(8) (PR#3289 and #3345).
- Simplified relayd(8) code that handles the HTTP headers. Fixes some issues (e.g. handling of multiple "Set-Cookie" headers).
- Don't hold the kernel lock while halting a processor.
- New CPU_BUSY_CYCLE() function, so the CPU can reduce power consumption in busy loops.
- Synchronised zaurus's boot(9) with all others by having it call if_downall().
- Added -u option to dhcpd(8). Binds UDP port to answer DHCPINFORM from clients on non-ethernet interfaces (eg. tun(4) or pppx(4)).
- Converted bus_dmamem_map(9) to km_alloc(9), to fail (not sleep) if the allocator cannot obtain a lock when BUS_DMA_NOWAIT is specified.
- Updated to Xserver(1) version 1.15.2.
- Corrected readlink termination in csh(1).
- Using -U command-line option, allow ftp(1) to change its user agent for HTTP(S) URL requests.
- Flush the buffercache to 16MB on hibernate and restore its previous max size (kern.bufcachepercent) on resume. Better hibernate performance.
- Set cold to 1 before executing the DVACT_POWERDOWN handlers when halting or rebooting a machine. Avoids panic on macppc with uhci(4) cardbus.
- Fixed panic seen when unplugging a cardbus ehci(4), ohci(4) or uhci(4).
- Taught fsck_msdos(8) that uninitialised values (-1) in FSInfo are valid.
- newfs_msdos(8) fixes: always put boot signature at end of 512 byte sector, even on disks with larger sector sizes; do not point at a cluster that is in use; avoid out of boundary access when checking invalid long filenames; validate number of FATs; validate critical file system info.
- Improved smtpd(8) scheduler: can now return envelopes of different types in a single run (interlaced to avoid batch effects); send envelopes at a rate that the queue can sustain; limit the number of envelopes in a holdq (excess returned to pending queue).
- Return RSN (WPA) information to userland during ifconfig(8) wireless scan; show whether a wireless network uses WEP or WPA.
- m4(1) will now annotate regexp error messages with the source string.
- Stop using a shutdown hook for softraid(4) and explicitly shutdown the disciplines right after vfs_shutdown().
- Added bus and root hub routines to octeon, to prevent panic at attach.
- Made usbdevs(8) correctly report devices connected to xhci(4).
- Fixed missing allocation checks and potential NULL pointer dereference in the error path in ssl(8) PEM_X509_INFO_read_bio().
- vic(4) now records the size of the rx rings so we can wrap around them correctly. Fixed a panic.
- Added internal buffering for dump(8). Ensures all requested data is actually read from the device when they have non-512 byte sectors.
- Removed bogus preprocessor statements (trying to pick the largest integer type for BF_LONG, MD[45]_LONG and SHA_LONG) from ssl(8).
- Removed compression from ssl(8).
- Simplified the way divert(4) sends packets to userspace.
- When relayd(8) is copying structures via imsg, ensured contents do not contain bogus pointer values.
- Merged in mesa 10.2.3.
- In ssl(8) ocsp_lib.c, reset host, port and path to null after freeing so the caller doesn't accidentally free them again.
- Removed mkstr(1) and xstr(1).
- Replace relayd(8) protocol directives for HTTP with a new generic filtering language (grammar inspired by pf(4)).
- Fixed resume time page table issue on amd64 if the piglet was located above 1GB physical (caused by using an incorrect page size mask).
- Cleaned up and simplified ssl(8) SSL_CIPHER_description by always using asprintf(3).
- Added daemon_timeout variable to rc.d(8) and rc.subr(8) (sets maximum time to wait for actions to return).
- Fixed crash in ssh-add(1) while loading more than one key.
- Fixed classless-{ms-,}static-routes in dhcpd(8) to comply RFC 3442.
- Added "no-dsn" listener option smtpd.conf(5), which disables DSN extension.
- Suspend kernel's stack smash guard to avoid panicking during unpack.
- Fixed i386/amd64 hibernate issue where kernel lock acquisition was started but not completed.
- Removed ssl(8) "export" cipher handling.
- ncheck_ffs(8) now accepts duid for the filesystem argument.
- smtpd(8) config parser improvements: fail if the same option is specified multiple times on a listener; prompt for queue encryption key after (not during) smtpd.conf(5) parsing; added ip addresses to localnames table.
- bpf(4) code simplification.
- Set sysctl(8) default of net.inet6.icmp6.nodeinfo to 0, disabling responses to RFC4620 IPv6 Node Information Queries.
- Fixed boot(8) -d on amd64 and i386.
- Updated to lynx(1) version 2.8.8rel2, keeping local changes.
- Downgraded more ssh(1) error() to debug(). Suppresses spurious errors with hostbased authentication enabled.
- More useful sftp(1) error message when GLOB_NOSPACE occurs (bz#2254).
- While filling the rx ring, stopped bnx(4) and msk(4) being too smart in avoiding overuse of file descriptors.
- Marked the weakened ssl(8) 40-bit export ciphers as invalid.
- smtpd(8) now sends correct imsg when enabling profiling at runtime.
- Removed asa(1).
- Fixed a double free bug in parsing npppd.conf(5).
- Stopped npppd(8) accessing freed memory when it is exiting.
- Define SMALL_REGISTER_BANK in ssl(8) on arm and vax. Generates faster code (vax 30% faster).
- Various smtpd(8) queue improvements.
- Made sure to clear the WAIT flag when cancelling the smtpd(8) MTA connector timeout.
- Pulled the rx ring accounting out of the mbuf(9) layer. Simplifies the allocation paths.
- On em(4), bus_dmamap_sync the rx ring once per em_rxeof call, rather than for every rx descriptor.
- Stopped em(4) stalling the entire tx path when it encounters a heavily fragmented packet.
- Cleaned up mandoc(1) ERROR messages related to document structure and macros.
- Run getuid(2), getgid(2), getresuid(2), setreuid(2) and setuid(2) without the kernel lock.
- Stopped pckbc(1) printing warnings for mouse interrupts when running bsd.rd.
- In pkg_add(1), restored the progress meter for large files.
- Stopped mandoc(1) unnecessarily deleting any content from .Rs blocks.
- Implemented .dei and .ami in roff(7).
- smtpd(8) now allows enabling profiling at runtime.
- If acpi(4) finds a bogus interrupt, don't panic but print a message, to workaround dodgy BIOS.
- Marked getentropy(2) with NOLOCK (it doesn't need the kernel lock).
- After mandoc(1) skips an escape sequence with incomplete arguments, stop it discarding the rest of the string.
- Fixed expansion of escape sequences with incomplete arguments by roff(7).
- Fixed handling of escape sequences taking numeric arguments by mandoc(1).
- Avoid radeon(4) segfault on device open when accel is not working.
- Fixed ssh(1) remote-forward cancel regression.
- ftp(1) fixes: URL-decode user and password info before base64 encoding it for the Authorization header; eliminated COOKIE_MAX_LEN constant; renamed the "user:pass" variable from "cookie" to "credentials"; empty password is no longer an error; fixed leak of username/password memory.
- Cleaned up -offset and -width in mandoc(1): bugfix so last one wins; do not ignore ".Bl -width" without argument.
- smtpd(8) will now always attempt to use tls for relaying to the primary server when acting as a backup mx.
- tcpdump(8) now always prints the OSPF router id.
- Changed kvm_getprocs(3) (sysctl(3) and kvm(3) backends) to report thread's "most active" scheduler state.
- Fixed mandoc(1) formatting of empty .Bl -inset item heads; show the list type in the error message.
- Added a sshd_config(5) PermitUserRC option to control whether ~/.ssh/rc is executed (bz#2160).
- Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no. Allows client to choose address family (bz#2222).
- When ssh(1) is rekeying, skip file/DNS lookups if it is the same as the key sent during initial key exchange (bz#2154).
- radeon(4) now gets clocks from Open Firmware on macppc and sparc64.
- bge(4) can now cope with heavily fragmented packets when the DMA map lacks space.
- Stopped uvm(9) releasing the kernel lock between issuing a wakeup and clearing the PG_BUSY and PG_WANTED flags.
- Made ssh(1) "too many authentication failures" message format similar to other authentication messages (bz#2199).
- Reverted to r1.129 of sys/kern/subr_pool.c, as pool_init() is called before rwlocks can be used on some archs.
- ssh_config(5) LocalCommand and ControlPath variables now expand to unique identifers (bz#2220).
- When hashing or removing hosts using ssh-keygen(1), no longer choke on @revoked markers or remove @cert-authority markers (bz#2241).
- Standardised ssh(1) on NI_MAXHOST for gethostname(3) string lengths. Fixes bz#2239.
- Use EVP_Digest() for one-shot hash instead of creating, updating, finalising and destroying a context in ssh(1) (bz#2231).
- Made stdout line-buffered; saves partial output getting lost when ssh-add(1) fatal()s part-way through (bz#2234).
- Only cleanup agent socket in the main ssh-agent(1) process, not in any subprocesses (bz#2236).
- Made ed25519 key titles fit properly in the ssh(1) randomart border (bz#2247).
- Be more careful when recreating single-precision (float) argument to service precise exceptions on m88k.
- Improved mandoc(1) messages about empty macros (reporting the macro names involved).
- Fixed fpu_compare() on m88k, so gcc(1) correctly compare numbers to infinity.
- Hold kernel lock when invoking process_domem() on alpha and m88k. Fixes ptrace(2) operation on MP kernels.
- Added support for adjusting the receive filter to allow for promiscuous mode/multicast traffic by imx(4/armv7).
- Revised change made in pk7_doit.c r1.20 in ssl(8). Fixes detached signature processing.
- Made sure tmux(1) session sockets are not cleared in the daily(8) tmp cleanup.
- Fixed the column numbers associated with in_line_argn() macros in mandoc(1).
- kdump(1) now properly processes minherit(2) flags.
- Improved "skipping paragraph macro" messages in mandoc(1).
- Fixed regression in ssh(1) protocol 1 to avoid fatal(); more useful status codes.
- Implemented obsolete mdoc(7) macros .En .Es .Fr and .Ot for backward compatibility.
- Clean up the warnings related to mandoc(1) document structure.
- Allow link-local address to be configured by "ifconfig up" if the inet6(4) address was configured beforehand.
- Fixed panic seen when trying to remove a route(4) with a 0.0.0.0 destination.
- Turned pkg_add(1) out-of-order extraction back on; activated out-of-order archives based on history.
- scsi(8) io can now run through the midlayer without the kernel biglock.
- Fixed roff(7) control flow keywords \{ and \} when they immediately follow a request or macro name.
- pfctl(8) af-to rules no longer need to specify the address family after "pass".
- Suppressed spurious ssh(1) error message when loading key with a passphrase.
- Attach HFSC only after it's been initialised. Fixes the "integer divide fault trap" bug.
- Major cleanup in roff(7) .de parsing routine, to correctly handle names terminated by escape sequences.
- Fixed loading of private keys by ssh(1).
- Move to a smaller rbytes buffer and skip a random part in malloc(3), to introduce noise in the arc4random(3) calling pattern.
- Fixed remote forwarding in sshd(8) with same listen port but different listen address.
- Avoid buffer overflow when there are too many boot arguments, and on reaching maximum line length.
- Do not redirect STDERR of security(8) to /dev/null, so errors in the security(8) script are seen.
- Fully remove relevant carp(4) addresses when IFXF_NOINET6 is set or when the rdomain is changed.
- Workaround compatibility problems between Intel ahci(4) and Intel SSDs, by retrying device detection.
- pfctl(8) now disallows translation rules containing addresses of { inet(4) inet6(4) } when the rule doesn't specify one.
- When the nsd(8) daemon is launched via rc.d(8), use a correct exit code (per rc.subr(8)).
- Improved messages with roff(7) ".so": show the filename argument that was passed; on failure, report the file/line number.
- If an ssl(8) chacha operation does not consume all of the generated key stream, save it for subsequent writes.
- Made TCP_NODELAY work in ssl(8).
- Removed the noaccesstime synonym for noatime in mount(8).
- When scp(1) is copying local to remote and it fails during read, don't send uninitialised heap to the remote end.
- Don't fatal() ssh(1) when hostname canonicalisation fails with a ProxyCommand in use.
- New ssh(1) key API: refactored key-related functions to be more library-like (existing API now a set of wrappers).
- Fixed bug in ssh(1) KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format.
- Made gcc(1) version 4 emit warning when it is ignoring alignment constraints.
- Fixed possible crash on encountering invalid msdosfs filesystems.
- Disabled IPv6 on interfaces by default (a link-local address is no longer assigned by default).
- Use bus_space(9) on acpi(4) SystemMemory, to correctly access memory mapped registers.
- Made "ifconfig(8) <if> inet6 eui64" reset the NOINET6 flag (unconditionally), to ensure link-local address is assigned.
- Allow tmux(1) keys and send-keys to send to invisible panes.
- Fixed tmux(1) so it counts mouse clicks correctly.
- Stopped building procfs on i386.
- In ssl(8) BIO_get_port(), only accept valid port numbers.
- Made sure uvm(9) kmthread never loops without making progress.
- kill(2) an untraced process (instead of looping) if the kernel generates a deadly trap signal and it is ignored.
- Specify the correct strength bits for 3DES cipher suites in ssl(8).
- Protect explicit_bzero(3) from a link-time optimisation.
- In ssl(3), wrap getenv(3) OPENSSL_ALLOW_PROXY_CERTS in an issetugid(2) check. Stops setuid(2) applications from being fooled.
- Prefix error messages from mandoc(1) with "mandoc: ", so users know where messages came from.
- Made "S" and "E" mean the start and end to capture-pane in tmux(1).
- Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
- Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be.
- More tweaking of makewhatis(8) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
- In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
- Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
- Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock.
- Fixed memory leak in md5(1) digest_file() on ferror(3).
- Implemented the membar(9) API for powerpc.
- Copy newline when at EOL when tmux(1) is in vi(1) mode.
- Made tmux(1) reset the mouse buttons when the mouse wheel is used.
- Some terminals send spurious releases for mouse wheel in SGR mouse mode, tmux(1) now suppresses these.
- Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
- Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process.
- Stopped makewhatis(8) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
- Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
- Fixed off by one in msdosfs pm_inusemap().
- Fixed the use of 16384-bit RSA keys by ssh(1).
- Changed SSL_COMP_add_compression_method() in ssl(8), so error cases actually return "error" rather than "success".
- Disallow __sysctl() in the sshd(8) systrace(1) sandbox (as there is now a dedicated getentropy(2) system call for arc4random(3)).
- Implemented the membar(9) API for hppa.
- Added configuration bit in vio(4) flags, to workaround qemu < 2.0 bug that prevented VLANs from working.
- Be more aggressive flushing L2 cache entries on mips64 RM7000 systems.
- Set uart based on the io clock rate on octeon II (CN6xxx), as the rate differs from the cpu clock.
- Use MAP_INHERIT_ZERO in arc4random(3), to zero out the RNG state if the process forks.
- Enabled pci(4) power management on lemote.
- Reverted "Always create a local route for every configured IPv4 address" (caused regressions).
- Allow the autoinstaller to fetch sets from multiple locations.
- Fixed vnode leak in systrace(4).
- In ssl(8) aes_gcm_cleanup(), clean the entire context (no longer leaving AES key untouched).
- Fixed hang with virtio event_idx feature, to cure occasional network freeze in vio(4).
- Updated to xcb-util-renderutil 0.3.9.
- Avoid infinite loop in fsck_msdos(8) if cluster chain is a cyclic list.
- Fixed memory leaks in fsck_msdos(8) bootblock handling.
- Fixed fsck_msdos(8) regression in r1.16 of boot.c: write fsinfo, not block into FSInfo region.
- Fixed fsck_msdos(8) regression in r1.20 of fat.c by properly incrementing a pointer.
- Added more bounded attributes to the buffer and md5/sha headers in ssl(8).
- Removed wait(2) support for "union wait" (deprecated since 4.3BSD) and WSTOPPED (means something else now in POSIX).
- Stopped ze(4/vax) rx ring pointer stalling when running "all multicast" or bpf(4) in promiscuous mode.
- Switched dump(8) "blockswritten" to int64_t, so it won't wrap at 2TB.
- Correctly calculate the key block length in t1_enc.c and s3_enc.c when using ssl(8) "export" ciphers.
- Added ChaCha20-Poly1305 based ciphersuites to ssl(8).
- ssl(8) can now change cipher state with an EVP_AEAD, encrypt/decrypt TLS using the EVP_AEAD.
- Added getentropy(2) system call.
- Indicate in the sysctl(1) LIVELOCKS column if there is a pending (deferred) mbuf(9) update.
- Fixed tcp-mss-adjust in pipex(4) and npppd(8).
- Removed support for the "opaque PRF input" extension from ssl(8) (draft expired 7 years ago and never became an RFC).
- Added timingsafe_memcmp() to memcmp(3).
- Added MAP_INHERIT_ZERO support to minherit(2). Provides child process with fresh, zero-initialised anonymous memory.
- Fixed ptrace(2) hanging hppa and mips64 MP systems, by grab the kernel lock before cleaning up single-step breakpoints.
- Updated to nginx(8) version 1.6.0 (including syslog support backported from the 1.7 branch).
- Disable the "switch to insertion sort" optimisation in qsort(3). Avoids quadratic behaviour for certain inputs.
- Changed pkg_add(1) to display the full url (if possible) for unsigned packages.
- Fixed memory leak in ssl(8) d1_lib.c.
- Restored the original behaviour of RTM_ADD and RTM_DELETE by always generating one message per locally configured ip(4) address.
- Always create a local route(4) for every configured IPv4 address on the machine.
- Flag any local route(4) as such and make them use the highest possible priority.
- Created (currently unused) system taskq ("systqmp") which runs without the kernel lock (see task_add(9)).
- Raised the low water mark in em(4) so the internal buffers can hold at least two jumbo frames.
- On i386/amd64 hibernate, don't map phys pages < 64KB in the resume page table. Matches recent kernel change.
- Fixed off by one in fsck_msdos(8) when writing the FAT for FAT12 filesystems.
- In ssl(8), check return value of EVP_MD_CTX_copy_ex(). Avoids potential null pointer dereference.
- In mtree(8), added ed25519 ssh host keys to /etc/mtree/special.
- Lowered nc(1) buffers back to 16k for now, to avoid bufferbloat.
- Increased nc(1) buffer size to 64k, and actually use the buffer.
- Abandoned the ssl(8) "auto-ENGINE" /dev/crypto interface.
- In ssl(3) tls1_cert_verify_mac(), avoid a possible NULL function call on ctx.final().
- Implemented slowcgi(8) -u (user to drop privs to) and -p (path to chroot(8) to). Allows slowcgi(8) to run non-chrooted.
- Cleaned up slowcgi(8) socket creation.
- Multiple fixes for ssl(8) ssl3_digest_cached_records().
- Ensured ssl(8) ssl3_final_finish_mac() returns failure if either the MD5 or SHA1 handshake MAC calculation fails.
- Changed installboot(8) file copying process, to make it less likely that the PBR will change upon update.
- Fixed possible out of boundary access by fsck_msdos(8) if the filesystem is full or corrupt.
- Updated to xf86-video-modesetting 0.8.1 and xf86-video-geode 2.11.15.
- Further cleanup of context handling in ssl(3) tls1_change_cipher_state().
- In run(4), fixed TXWI and RXWI offset calculations so RT5592 devices function.
- When relying on the local enqueuer, let smtpd(8) cope with long To/Cc lines. Avoids broken headers and confusing some MUAs.
- Fixed inverted test in ssh(1) so PKCS#11 keys that are explicitly listed are preferred.
- Reset properly when tmux(1) c0-change-trigger is increased from zero, so panes don't get stuck.
- 5.4 and 5.5 and -current SECURITY FIXES in ssl(8) for: buffer overflow with crafted DTLS fragments (CVE-2014-0195); DTLS infinite recursion flaw with "Hello Request" (CVE-2014-0221); SSL/TLS MITM vulnerability (CVE-2014-0224); anonymous ECDH denial of service (CVE-2014-3470).
A source code patch is available for 5.4 and 5.5.
- Reduced amount of traceroute(8) code running as root; only error out if the creation of a needed socket failed.
- Moved ld.so(1) to a (slightly stripped) version of libc malloc(3).
- 5.4 and 5.5 and -current SECURITY FIX: improper close-on-exec flag handling by sendmail(8) (CVE-2014-3956).
A source code patch is available for 5.4 and 5.5.
- Added support for COLUMNS env variable to ps(1).
- Included work-around in mandoc(1), as makewhatis(8) expects its current dir to not be /.
- vflush(9) now works for fuse(4).
- Do not skip or add a byte for the report ID when usbhid(3) is manipulating data.
- Made uaudio(4) properly compare endpoint addresses by ignoring the direction bit.
- Accept -C as an alias for -c in tr(1).
- Made zyd(4) compile with ZYD_DEBUG.
- Fix zyd(4) frame length adjustment in the RX path.
- In libm math code, made sure STRICT_ASSIGN handles double as well.
- Stripped openssl(1) functions called when "-rand" is specified (underlying code long gone).
- Removed easy access to the unsafe intel RDRAND instruction from ssl(8).
- When checking for unicast and broadcast addresses, do one lookup instead of two.
- Fixed uninitialised variable, which caused sndiod(8) crashes when handling errors.
- In ssl(3) tls1_setup_key_block(), use the correct IV length for GCM mode. Fixes key block length calculation.
- Removed real mode vga(4) repost option.
- Change the actual default for returned asn1 strings to utf8 in the ssl(3) code.
- Reverted previous diff setting cold to 1 on shutdown (broken with softraid(4) disks).
- Added dump(8) -S option, to only estimate backup size and number of tapes required.
- Avoid panics on macppc with an uhci(4) cardbus when halting/rebooting.
- Fixed segfault seen on Xorg(1) startup when using the nv(4) or savage(4) drivers.
- Converted many malloc(3) to reallocarray(3). Avoids 53 potential integer overflows in ssl(8).
- In envy(4), use the same convention for mixer control names as in azalia(4).
- Added an enc_flags field to ssl3_enc_method. Helps identify ssl(3) protocol version requirements.
- Made fsck(8) use the same values in checking as newfs(8) does in creating a fs(5).
- Fixed two more cases where ssl_replace_hash() return value was not checked by ssl(8).
- To give perl(1) a random seed, call arc4random(3) rather than read /dev/arandom. Makes it work in chroot(8) environments.
- Enabled writing per-commit commitid tokens to rcs(1) ",v" files.
- When less(1) is invoked as more(1), made behaviour for "-i" match "less -I" (per POSIX).
- When suspending/resuming, avoid hangs by detaching/attaching usb(4) devices (avoids uhub(4) interrupt races).
- On mg(1) delete-window, display the correct line number when revisiting the buffer.
- Added -L option to pwd(1) (required by POSIX).
- Fixed mount(8) -ur for msdosfs: allow sync after more than one rw -> ro cycle; sync data (not only metadata).
- Fixed instance of the Y2038 problem in ssl(8).
- Refactored radix code. Solves issues with failed deletes of down routes.
- Enable strong stack protector by default for architectures running gcc(1) version 3.
- Allow tmux(1) to handle the top bit of xterm(1)-style modifier keys.
- Added some formats for tmux(1) pane bounds.
- Prevented userland from altering the local and broadcast flags in route(4).
- Reserved the highest route(4) priority for kernel-managed routes.
- Fixed memory leak and un-cleaned EVP_CIPHER_CTX upon error in ssl(3) tls_decrypt_ticket().
- Removed /usr/src from mtree(8) to avoid useless warning from daily security(8) mail.
- Implemented improved ssl(8) EVP AEAD API.
- Made sure utpms(4) only matches mouse interface, so ukbd(4) works on more Powerbooks.
- Fixed ssl(8) resource descriptor leaks (CID: 966576 & 966577).
- Allow tty(4) to handle threaded processes correctly with kerninfo status requests (a.k.a. ^T).
- Fixed azalia(4) format mistakes when AZALIA_DEBUG is defined.
- Pass DVACT_QUIESCE to usb(4) to stop "new" uhub(4) device reattaching at every resume.
- Fixed off-by-one in index validation before accessing arrays in ssl(8) ssl_cipher_get_evp().
- In ssl(3), enabled three brainpool elliptic curves for TLS (per RFC 7027).
- Made fsck_ext2fs(8) and fsck_ffs(8) output verbiage more consistent.
- Added support for newer run(4) hardware.
- Made fsck_ext2fs(8) initialise newent.e2d_type to EXT2_FT_UNKNOWN (a.k.a. 0).
- Reverted pax(1) ar_io.c r1.45 to stop showing archives written with a non-standard blocksize as truncated reads.
- Stopped tcpdump(8) "weird flag" warning for DNS NOTIFY messages which should have "AA" set.
- Permit less(1) searches to work past/across NUL bytes.
- Made the pax(1) signal handler safe.
- Expose bif_capacity in acpibat(4), to report the design capacity of the battery.
- Clean up after the snmpd(8) traphandler children, to avoid leaving zombie processes.
- Marked ssl(8) malloc(3) wrapper functions as deprecated.
- Fixed smtpd(8) crash when running the pki lookup code.
- On sgi, converted the PS/2 keyboard layouts to sgi serial keyboard layouts.
- Let sgi keyboard(7) work in polling mode; fixed "international" ("GERlessthan") key.
- Made qle(4) less likely to get stuck looping when the firmware behaves inconsistently.
- Fixed file size reported by lpq(1) -l by giving stat(2) privileges on the spool file.
- Fixed fdisk(8) -u on sparc64.
- Fixed ipsec(4) route addition, broken since the removal of the link-layer addresses from the per-ifp list.
- Made xhci(4) handle the stall condition like the bable condition.
- pax(1) now exits with non-zero status if a read is truncated.
- Added support for -o XXX or -oXXX options, and -o max_read=XXX to fuse(4).
- When sending icmp(4) messages, assign the queue ID to the correct packet header.
- Fixed eui64 address generation, broken upon removal of the link-layer address from the per-ifp list.
- No more (obsolete) 5- and 6-byte or surrogate pair code point encodings in ssl(8) UTF8_{getc,putc}.
- Upon HTTPS ftp(1) redirects, don't reinitialise ssl(8), and reuse SSL_CTX.
- Plugged memory leak in rcs(1).
- More consistency in fuse(4) error handling.
- Made fuse(4) use realpath for more reliable mount(8) operations.
- On armv7, loongson and socppc use autoconf(9) to track usb(4) host controller's children.
- Stopped dhclient(8) trying to update file when none has been specified by -L flag.
- Added H_SAVE_FP operation to editline(3), to save history to an open file pointer.
- Fixed uhci(4). Unbreaks the build when DIAGNOSTIC is not defined.
- Updated run(4) firmware to version 0.33.
- Made mkuboot(8) correctly handle files smaller than an elf(5) header.
- In ssl(3) ssl3_send_certificate_request(), properly adjust for payload size.
- Upon error, made sure ssl(3) ssl3_setup_buffers() frees pqueue before returning.
- Fixed tail packet check in pms(4) elantech v3 touchpad code.
- Stopped dhclient(8) adding a lease to the leases TAILQ more than once. Avoids infinite loop.
- Updated to libXfont 1.4.8.
- Check ssl(3) bio_err initialisation succeeds before using it.
- Updated to fontconfig 2.11.1.
- Updated to xf86-input-synaptics 1.8.0.
- Fixed kernel build when ehci(4) uses EHCI_DEBUG.
- Switched ssl(8) RSA key generation default to 2048 bits (matching ssh(1)).
- Made qla(4) less likely to get stuck looping when the firmware behaves inconsistently.
- Change interrupt handler's return value to 0 when nothing is processed on pcexmem(4/luna88k).
- When pfctl(8) is parsing a numerical value for the TOS bits, ensure it is in a valid range.
- Fixed mountd(8): when a host in a netgroup is unresolvable, don't ignore entire netgroup.
- Sped up signify(1) -C.
- Made df(1) do calculations of available space the same way as ffs_statfs() does.
- Improved logging messages and style for snmpd(8).
- Don't put a link-layer address on the per-ifp lists or RB-Tree. Improves address lookups.
- Fixed memory leaks in ssl(3) asn1 upon failure.
- Replaced ssl(3) ASN1_GENERALIZEDTIME_adj(), ASN1_UTCTIME_adj() and ASN1_TIME_to_generalizedtime() with wrappers.
- Added a ChaCha20-Poly1305 AEAD EVP implementation to ssl(3) libcrypto.
- Added an AEAD EVP interface to ssl(3) libcrypto, along with AES-GCM AEAD implementations.
- Made signify(1) -C mode work again.
- rtadvd(8) now ignores route info messages on the listening side.
- Stopped flushing streams on abort(3), which was unsafe.
- Removed arch-specific lo(4) MTU and set to 32768 everywhere.
- Made signify(1) recode base64 hashes if necessary; spell out base64 in error messages.
- Better use of realloc(3), to speed up signify(1) checksum verification.
- Added poly1305 to ssl(3), utilising Andrew Moon's public domain implementation.
- tmux(1) no longer allows multiple buffers with the same name.
- 5.4, 5.5 and -current SECURITY FIX: integer, memory and buffer overflows in libXfont (CVE-2014-0209; CVE-2014-0210 and CVE-2014-0211).
- Fixed regression in r1.285 of sys/net/if.c (TAILQ corruption where rdomain was not switched).
- In iked(8), pass SA initiator (not the exchange initiator) to sa_address().
- The resolver now skips incomplete entries in /etc/hosts and /etc/networks (rather than crash).
- Pass multi-argument tmux(1) commands directly to execvp(3). Helps avoid quoting problems.
- Added a copy mode key binding to copy to a named tmux(1) buffer.
- Added tmux(1) support for named buffers.
- Fixed multiple bugs in ncheck_ffs(8) handling of indirect blocks.
- Updated drm(4) to libdrm 2.4.54.
- Fixed ntpd(8) format strings involving time_t arguments. Fixes ntpd(8) -d on sparc.
- Moved GTT management for Sandy Bridge into inteldrm(4).
- Removed AES_bi_ige_encrypt() from ssl(3).
- Removed md5crypt from crypt(3).
- Moved the ohash functions into libutil.
- Stopped dhclient(8) exiting when sent RTM_NEWADDR or RTM_DELADDR routing messages lacking appropriate address info.
- Altered usbhidctl(1) and usbhidaction(1) parsers to keep in sync with the kernel HID parser.
- Fixed possible smtpd(8) double free when tls is required but not advertised by the server.
- Updated the HID parser to properly parse modern input device descriptors.
- Added router alert option (RAO) in IGMP packets (per RFC2236), needed by some L3 switches.
- More intelligent parsing of WEP keys by ifconfig(8).
- Make sure uhub(4) root hub is re-attached before interrupts get enabled. Unbreaks resume.
- Stop ignoring "lease" statements in dhclient.conf(5).
- Reworked/restored dhclient(8) recorded lease handling.
- Fixed the installer's configuration of a static IPv6 default gateway.
- Various format string fixes on mips64 and octeon.
- Fixed recently-occurring ssl(8) breakage in smtpd(8).
- On i386/amd64, disable speedstep instead of panicking if high and low speeds are the same.
- Allow nginx(8) to chroot(8) to a directory other than /var/www.
- Many string format fixes on sparc64.
- Losing TCP connection no longer results in an unrecoverable stop in iscsid(8).
- Stopped cribbage(6) ignoring words which followed two or more blank characters.
- Print interface name with queues in systat(1) q.
- Updated to: xterm(1) version 304; libXi 1.7.2 and xf86-input-synaptics 1.7.5.
- Fixed fsck_ffs(8) -b to work with the superblock locations on 4096-byte sector disks.
- Use the highest possible priority for any route(4) to local addresses.
- Stopped cribbage(6) choking on one-letter card names which followed three-letter card names.
- Fixed potential uvm(9) integer overflows.
- Made relayd(8) fail when encountering unsupported combinations.
- Only attach pcexmem(4/luna88k) and pcexio(4/luna88k) on luna88k2 (not luna88k).
- Brought back restricted sockets to snmpd(8), inadvertently removed in recent update.
- Made zmore(1) call more(1) and zless(1) call less(1).
- Repaired the termination condition of a write(2) loop in vipw(8).
- In ssl(8) ec_asn1.c, don't free memory unless we allocated it (RT#3338).
- Improved code to clear all bignums from bn_lib.c in ssl(8).
- In ssl(8) BN_clear_free(), don't cleanse the data if the static data flag is set.
- Render roff(7) escape sequences in man page descriptions prior to insertion into mandoc.db(5).
- Fixed two memory leaks in makewhatis(8) -n.
- Fixed segfault in makewhatis(8) -Q if the next .SH after .SH NAME does not have any arguments.
- Backed out the previous ICMP simplifying diff from dhcpd(8), which caused livelocks.
- Try postponed requests first, so iked(8) does in-order processing.
- Made iked(8) authentication work with X.509 certificates not containing a subject-altname.
- Removed the undocumented and ineffective ln(1) -F option.
- Removed sysctl(8) {nd6_,}useloopback options.
- Fixed recently broken ext2fs atime and mtime.
- Introduced gcc(1) -fstack-shuffle, which randomises local stack variables.
- Make sure ssl(8) PKCS7_get_octet_string() return values are checked for NULL (PR#3339).
- Enabled brswphy(4/octeon).
- Allow iked(8) to initiate a create-child-SA and process requests for the peer simultaneously.
- Explicitly zero ibufs before releasing memory. Ensures iked(8) crypto parameters are cleaned.
- Fixed memory leaks in the relayd(8) and smtpd(8) ssl(8) code.
- Re-queue pfkey events while iked(8) is busy initiating child-SAs.
- In iked(8), initiate ike SA rekeying ("ikesalifetime" keyword).
- Fixed iked(8) memleak when SA lookup fails while forwarding encrypted ip6(4) packets.
- Plugged two ucom(4) xfer leaks and a buffer leak.
- Encrypt some iked(8) notify payloads.
- Initial iked(8) support for PFS.
- Cleanse old ssl(8) memory when expanding a bignum; clear all bignums when freed.
- Updated xkeyboard-config to version 2.11.
- Workaround overoptimistic fdisk(8) alignment expectation on dos_partition fields.
- Enhanced reading of saved ascii labels when using disklabel(8) -R.
- Stopped iked(8) leaking on pid mismatch.
- Validate the attribute length in iked(8).
- Removed SRP and Kerberos support from ssl(8).
- On sparc, enabled ssl(8) assembler code for DES.
- On vax, enabled the ssl(8) assembler code for BN.
- In relayd(8) and smtpd(8), fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine.
- Added sysctl(8) kern.nosuidcoredump=3, to dump core(5) into the /var/crash/progname/ directory.
- Enabled ssl(8) assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64.
- Enabled ssl(8) assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm.
- Updated to: xauth(1) version 1.0.9; xbacklight(1) version 1.2.1; xrandr(1) version 1.4.2 and xinput(1) version 1.6.1.
- Updated to libFS 1.0.6.
- Unbroke ssh(1) compression.
- Switched to generating bcrypt(3) 2b hashes by default.
- Added checks for invalid base64 encoded data in ssl(8) padding. Fixes a crash (RT#2608).
- Provide extended-precision math constants (required by POSIX).
- Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid).
- drm(4) i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out.
- Updated Xserver(1) to version 1.15.1.
- On hppa, fixed ssl(8) assembler version of SHA512 to output correct results.
- Make acpiprt(4) correctly handle interrupts with non-standard polarity.
- In acpi(4), made acpi_mutex_acquire/release actually grab the global lock when called.
- Fixed occasional disklabel(8) crashes when altering mount points.
- Reverted __bounded code in ssh(1).
- Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in ssl(8).
- Stopped ssl(8) perl(1) scripts outputting SOM-specific directives.
- Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from ssl(8).
- Extended fread(3) and fwrite(3) to check for integer overflows.
- Moved smtpd(8) RSA key handling from "lka" to a new dedicated "ca" process.
- 5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an ssl(8) alert, which could cause a null pointer dereference.
A source code patch is available for 5.4 and 5.5.
- Fixed gcc(1) on i386, to detect overflows and properly align arrays > 16 bytes.
- Added ChaCha cypher to ssl(8), and provided it with an EVP implementation.
- Added Brainpool and ANSSI FRP256v1 elliptic curves to ssl(8) (RT#2239).
- Corrected isakmpd(8) test when passing data to a keynote.
- Improved malloc(3)'s ability to pick a free chunk at random.
- uvm(9) now correctly flush discarded pages even if the number of hash buckets doesn't change.
- When openssl(1) isn't available, ssh(1) now uses local fallback implementation of AES for UMAC.
- Preserve the intended chronological order of leases in dhclient.leases(5) files.
- Fixed growfs(8) on 4K-sector disks.
- First pass at removing win64 support from the assembly-generating perl(1) scripts in ssl(8).
- Stopped smtpd(8) trying to create folders that already exist when using maildir.
- Improved imsg handling with many concurrent connections in smtpd(8).
- New buffer API, to eventually make ssh(1) usable as a standalone library.
- Improved enforcing of proper alignment of stack variables on sparc.
- smtpd(8) RSA private key privsep will now only load keys after forking the separated process.
- Stopped sftp(1) attempting to append a nul quote character to filenames (bz#2238).
- Implemented RSA privilege separation for smtpd(8). Prevents possible private key leakage.
- Made compiling ssh(8) and sshd(8) against ssl(8) optional.
- When smtpd(8) fails to relay via TLS (and smtpd.conf(5) doesn't require security), try plain; also downgrade if a TLS error happens during the session.
- Constrain bytes read/written to positive values in ssl(8) s3_pkt.c code.
- Re-added local aesctr implementation to ssh(1).
- Moved traceroute6(8) to the attic, fully merged into traceroute(8).
- Removed large memory leak from usb(4).
- Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from nginx(8) to keep attack mitigations enabled.
- Stopped ssh(1) sending success/failure replies when channels have sent a close already (bz#1818).
- Removed less(1) support for the obsolete (non-POSIX) "more -d" prompt.
- Made sure the iked(8) state machine only advances if the AUTH payload has been verified.
- Use explicit_bzero(3) instead of memset(3) to clear out sensitive smtpd(8) data.
- Implemented AI_ADDRCONFIG in getaddrinfo(3), as per RFC 3493.
- Removed more WIN32, WIN64 and MINGW32 tentacles from ssl(8).
- Use the correct algorithm mask in ssl(8) t1_enc.c.
- In ssl(8), stopped SSL_OP_ALL disabling attack mitigations against CBC modes.
- Let nm(1) -w correctly return 0 for valid archives.
- Stopped ping(8) and ping6(8) sleeping after poll(2) returns an error.
- Added fuse(4) support for 255 character file names.
- m4(1) now checks for integer overflows in custom allocs.
- Added support to snmpd(8) for exporting ARP table via "ipNetToMediaTable" OID.
- Fixed a loop so that waiting for wds(4/i386) hardware actually happens.
- Improved error handling when using dbopen(3) in mandoc(1).
- Fixed library search order in libtool(1).
- Updated to xproto 7.0.26.
- On i386, installboot(8) no longer overwrites disklabel and nearby blocks on 4k-sector disk drives.
- Stopped bluetooth(4) HID device grabbing the console.
- Re-added "_ppp" user and "_ppp" group, to be solely used by npppd(8) going forward.
- Stopped ssl(8) using random stack memory as addresses of strings.
- Removed support for building openssl(1) on 16-bit Windows.
- Filter excess data from autoinstall output, to avoid filling the ramdisk.
- Made more(1) POSIX compliant with respect to the -e option.
- Merged less(1) version 458, including local changes.
- Reduced the verbosity of makewhatis(8) -t.
- Do not re-probe pms(4) unnecessarily. Fixes 12 seconds Xorg(1) delay on some laptops.
- Stopped iked(8) and mpii(4) accessing pointers prior to a null check.
- Allow snmpd.conf(5) to set user-defined actions on receipt of snmp traps.
- Removed kinit(1).
- Fixed sudo(8) when checking command line environment variables against the blacklist (CVE 2014-0106).
- Fixed copied text in the snmpd(8) error string.
- Stopped ssl(8) do_ssl3_write() being called recursively; don't release buffer meant for use.
- Audited malloc(3)/calloc(3)/realloc(3) usage in mandoc(1) to be safe from overflows.
- Fixes in ssl(8) kssl.c to prevent double frees and removed a use-after-free.
- Fixed leak in ssl(8) BIO_accept which could have caused the caller to crash.
- Audited strlcpy(3)/strlcat(3) usage in mandoc(1).
- Removed "Z" option from malloc.conf(5); by default always junk small chunks now.
- In unbound(8), use arc4random(9) as PRNG backend, instead of the libcrypto RAND.
- disklabel(8) now fills all required fields after clearing. Avoids consistency check failures.
- Improved malloc(3) hash functions that compute the same on big-endian and little-endian archs.
- Removed OPENSSL_indirect_call() from ssl(8) for reduced attack surface.
- Fixed a missing splbio(9) in sys/ufs/ffs/ffs_softdep.c which caused crashes.
- Remove useless RX checksum offloading support from gem(4) and hme(4).
- Removed Apache from base (replaced by nginx(8)).
- On bge(4) when VLAN_HWTAGGING is disabled, stopped tagging the packet twice.
- Prepend ether_vlan_header rather than regular ethernet header for more efficient vlan tagging.
- Kerberos disabled and removed from base, possibly to be moved to ports(7) later.
- Support the CA key for ssl(8) inspection in the relayd(8) CA process.
- Avoid a loop during autoinstall when the path in the responsefile does not exist.
- Made iscsictl(8) print bytes read and written in human-readable form.
- Allow the installer to configure dhcp for an interface without an active network connection.
- Bind iscsid(8) to localAddr if it is specified.
- Print the target and initiator name in iscsictl(8) show command.
- Verify permissions are correct on the ssh(1) id_ed25519 file.
- Fixed msdosfs to cope with 64-bit time_t. Set unrepresentable dates to 1/1/1980.
- Made dhclient(8) delete discarded offered leases from the correct TAILQ. Avoids infinite loop.
- Implemented sftp(1) upload resume support.
- Reverted r1.101 of traceroute(8), which broke source port selection.
- Added mallocarray(3) function (like calloc(3) but without the cleared-memory guarantee).
- Backed out parts of sys/nfs/nfs_serv.c r1.47, which computed wrong block sizes.
- Added pkg_add(1) support for reading/writing long paths and linkpaths as extended headers.
- Allow iscsid(8) to send data immediately for write commands, for 20% performance boost.
- Stopped disklabel(8) leaking mountpoint info. Fixes mysterious crashes.
- 5.5 RELIABILITY FIX: Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
- Prevent lpd(8) from looking into hosts.equiv(5). Access control is now done only using hosts.lpd.
- Introduced basic stats for the iscsid(8) vscsi(4) layer; added iscsictl(8) controls.
- In mandoc(1) debug messages, truncate strings of excessive lengths.
- dhclient(8) -L now preserves the fd being monitored after new leases, lease renewals and cable unplugs.
- Fixed unchecked snprintf(3) in mandoc(1) page header printing.
- In mandoc(1), made sure static buffers for snprintf(3) are large enough.
- Removed more unused ssl(8) tools and docs.
- Moved iscsid(8) session params initialisation to session start, so config parameters stick.
- iscsid(8) now does proper LoginOperational negotiation.
- Added relayd(8) check for strlcpy(3) overflow when expanding HTTP input value.
- snmpd(8) and relayd(8) will now fail if strlcpy(3) overflows the socket path.
- When installing OpenBSD, ensure that the hostname information is in the dhclient(8) lease db.
- Reimplemented arrays in relayd(8) used to set up process-to-process imsg communication.
- Use calloc(3) instead of malloc(3) + memset(3) across ssl(8), to avoid integer overflows.
- Rearranged qle(4) update processing loop to attach and detach targets last; handle fabric port login errors better.
- Fixed leak in the snmpd(8) and relayd(8) agentx error paths.
- Added support for SSHFP DNS records for ED25519 key types to ssh(1).
- In ssl(8) ts_rsp_verify.c, reset imprint to NULL to avoid double free.
- Added a canonical 6.6+ curve25519 fake version to ssh(1), to be recommended with openssh-6.7.
- Use get/put_u32 to load values and unbreak ssh(1) on strict-alignment architectures.
- Removed checksum offloading from sk(4), faulty on this hardware.
- Added strlcpy(3) check. Stops smtpd(8) fatal at startup if truncation occurred with filters enabled.
- Added missing strlcpy(3) check when parsing the "backup hostname" section in smtpd.conf(5).
- Removed "disable pmtud" and "increased window size" options from sysctl.conf(5) to discourage their use.
- Removed rsh(1). Deprecated in favor of ssh(1).
- Fixed display of destination IP when host is an IP address in traceroute(8).
- Added checks to strlcpy(3) when smtpd(8) is copying envelope "destination" buffer to the mda delivery buffer.
- If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
- Removed obsolete altq bandwidth shaping from pf(4).
- Allow makewhatis(8) to properly handle symlinks .
- Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
- In makewhatis(8) update mode, when opening the database fails, just rebuild it from scratch.
- Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
- For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
- Updated unifdef(1) to version 2.10.
- Raised nginx(8) file limits, but lower number of connections (leaving files to spare for other programs).
- Removed bdes(1), so as to not encourage its use.
- Removed dead KAME code that dealt with IPv4-mapped IPv6 addresses; added check for IPv4-mapped IPv6 destination addresses for non-connected sockets.
- Use arc4random_buf(3) instead of harmful RAND_xxx in kerberos(8).
- Sync traceroute6(8) to traceroute(8): don't print source IP if "-s" is not given.
- In relayd(8), fixed ssl(8) client-only mode when no RSA private key is needed.
- Neuter the -legacy_renegotiation option to the openssl(1) "openssl s_{client,server}"; added support for "-starttls lmtp" to openssl s_client.
- When parsing a new cert into memory occupied by a previously verified cert, ssl(8) will no longer bypass verification checks.
- Introduced privsep for relayd(8) private keys.
- Use asprintf(3) for generating path. Eliminates many unsafe uses of strlcpy(3) and strlcat(3) in ssl(8).
- If nfs rpc requests on a stream socket are already being processed, don't panic, just return.
- Cleanup of relayd(8) code tracking of socketpair between different privsep processes.
- Have each thread keeps its own reference to the process's ucreds. Avoids possible use-after-free.
- Allow printf(1) to handle passing zero as a fieldwidth or precision variable.
- Switched to the new makewhatis(8)/apropos(1)/whatis(1) (described in apropos(1)).
- Added support for smtpd(8) mailaddr lookup in the table_db.
- Reworked qle(4) command polling loop to handle multiple responses in one interrupt, like qla(4).
- Fully kill ssl(8) FIPS API.
- Added some UTF-8 utility functions to tmux(1), to stop splitting UTF-8 characters improperly.
- Ensure parent thread is blocked until any others are detached before letting it exit. Avoids panic.
- Only scroll by one line at a time in tmux(1) choose mode (as lists are generally short).
- Fixed dhclient(8) DHCPDISCOVERY and DHCPDECLINE (as INADDR_ANY != INADDR_BROADCAST).
- Changed ssl(8) library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers.
- Set tmux(1) PATH explicitly, either from the client or session environment.
- Don't limit the tmux(1) DCS buffer to 256 bytes, expand it as needed.
- No longer allow ssl(8) to feed RSA private key information to the random subsystem as entropy.
- openssl(1) PR#3309: when looking for an extension, properly search all extensions.
- Removed the monitor-content option from tmux(1).
- Fixed ssl(8) to call the correct decrypt function in aes_cbc_cipher().
- Execute the active path checks when mpath(4) asks for it (rather than on attach).
- Skip leading zero bytes in ssh(1) buffer_put_bignum2_from_string() function.
- Add ufs2 support in libsa/ufs2.c. One step closer being able to boot from ffs2 filesystems.
- Cleaned up dangerous strncpy(3) use in ssl(8).
- Added missing parens so that rshd(8) errorhost gets properly initialised.
- Gave mlinks and keys tables a sqlite3(1) pageid index. Speeds basic apropos(1) searches by 30%.
- Make dhclient(8) -q even quieter.
- Removed programs from ssl(8) code which don't work with current openssl(1) releases.
- Fixed ssl(8) bugs listed at http://www.viva64.com/en/b/0250/.
- ssl(8) now ignores setting which allowed the connection to negotiate insecurely.
- Zero-pad ssl(8) "usec" format to handle values less than 100,000 correctly.
- Killed bogus "send an SSLv3/TLS hello in SSLv2 format" code from the ssl(8) client.
- Stubbed some functions in ssl(8) mem_dbg.c, to avoid all possibility of using them.
- Always return 1 in the ssl(8) arc4random(9) backend. Unbreaks lynx(1) and git.
- Added generic driver for "NEC PC-9801 extension board slot" on luna88k.
- Made directory ordering in our libtool stable.
- Closed memory leaks in snmpctl(8) client code.
- Removed md2, seed and jpake cyphers from ssl(8).
- Removed approx 30 unused makefiles and more vestiges of ssl2 support from ssl(8).
- In ssh(8) EC_POINT_invert(), check the correct function pointer before attempting to invoke it (openssl(1) RT #2569).
- RotIBM stream cipher (ebcdic), FIPS mode support and GOST engine removed from ssl(8).
- Replaced ssl(8) PRNG with arc4random_buf(), keeping existing RAND interfaces unchanged.
- Added -s (two-byte signed decimal display) to od(1), as mandated by POSIX.
- ssl(8) fixes: corrected cases where code occurred directly after goto/break/return; removed pentium specific benchmark code; removed more vms and windows specific code.
- Unbroke xcb-util-cursor.
- Made smtpd(8) reply with correct imsg when using non-system authentication.
- Stopped mandoc(1) crashing when processing macros in .Sh header lines, or having .Sm off or .Bk -words open.
- Stopped leaking socketpair file descriptors if tmux(1) fork(2) fails.
- Fixed potential race in UFS where an allocated inode could fail to get added.
- Removed o_dir.c from openssl(1) now that OPENSSL_DIR_XXX has been removed from the build.
- Removed nonstandard and unsafe DES support from ed(1).
- Switched pkg_mklocatedb(1) to using common SetList code, renaming -x into -X.
- Updated xcb-utils to 0.3.9.
- Allow slowcgi(8) QUERY_STRING to be longer than 127 bytes.
- Update libxcb to version 1.10.
- Made OPENSSL_NO_HEARTBLEED the default and only option in ssl(8) code.
- Adapted snmpctl(8), relayd(8) and snmpd(8) to use AgentX protocol to send traps.
- Confirm passwords when signify(1) is generating keys.
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
- Better makewhatis(8) error reporting in case of SQL errors: mention dir and file.
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
- Update to xtrans 1.3.4.
- Updated to xextproto 7.3.0.
- Added presentproto 1.0.
- Bring back r1.16 of protector.c in gcc(1) version 2.95. Fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
- 5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) read buffer to stop an attacker injecting data from one connection into another.
A source code patch is available for 5.3, 5.4 and 5.5.
- Made sure cu(1) -l overrides HOST.
- Avoid sshd(8) crash at exit, by checking that pmonitor!=NULL before dereferencing (bz#2225).
- Fixed more(1) to use basic regular expressions (unlike less(1)).
- Clamp offsets to the available memory space. Fixes tmux(1) crash.
- Further apropos(1) speed optimisation, with mmap(3) MAP_ANON SQLITE_CONFIG_PAGECACHE.
- Updated to libdrm 2.4.53
- Disabled Segglemann's RFC520 heartbeat from ssl(8).
- Don't release the ssl(8) read buffer if we're not done reading from it; disabled buf freelists.
- Added validation routines to iked(8): overall header structure is checked for sanity before copying the header; avoid overflow by passing down the number of remaining bytes.
- Notify userland when an arp(4) entry is removed.
- Fixed fd leaks in mg(1) error paths.
- Retired rtinit() and switched to using rt_ifa_add(9) and rt_ifa_del(9) to manage connected routes to prefixes/hosts.
- Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
- Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
- Moved descriptions from mandoc.db(5) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
- In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
- Reverted r1.93 of mg(1) file.c, which broke permission checks.
- 5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
- Updated to xf86-video-ati 7.3.0.
- Made smtpd(8) display correct imsg when profiling is on and if the type was changed.
- Zapped the smtpd(8) mfa process. Content filtering will be done at session level.
- Removed CA certificates from ssl(8) which are not listed in Mozilla's certdata.txt.
- Use root CAs in ssl(8) used by TeleSec (Deutsche Telekom AG): Baltimore CyberTrust Root, Deutsche Telekom Root CA, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3.
- If TLS validation is on, make ftp(1) fetch TLS certificate and check the server hostname against the subjectAltName and/or CommonName.
- Build libgcc without SSP. Unbreaks landisk bootblocks.
- Updated to xorg-macros 1.19.0.
- Ensure that we free buffers written out by the page daemon rather than caching them.
- Fixed error in bcrypt_pbkdf(3) stride calculations.
- Added error detection mechanism to detect when sudo(8) configuration is incorrect for building ports.
- Zero-fill smtpd(8) mta static buffer before use in DSN code.
- Added term_flushln() flag to control indentation of continuation lines in TERMP_NOBREAK mode. Reduces groff-mandoc differences in base by more than 15%.
- Added rgephy(4) for axe(4) and axen(4) on hppa and zaurus.
- Fully implemented roff(7) \B (validate numerical expression) and partially implemented \w (measure text width) escape sequence.
- 5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) CVE-2014-0160 "heartbleed" vulnerability.
A source code patch is available for 5.3, 5.4 and 5.5.
- Added MSI support for xhci(4).
- Enable upd(4) on archs where uhidev(4) is present.
- Do not attach when no upd(4) sensors can be allocated; made device querying smarter.
- Added roff(7) support for indirect references to user-defined strings.
- Made iscsid(8) listen to the control socket, so the connect() call from iscsictl(8) will not fail.
- In udp_output(), use the correct source address in case of an unbound socket.
- Accept arbitrary argument delimiters for various roff(7) escape sequences.
- Increased MSGBUFSIZE on macppc.
- Exit on error or HUP when poll()ing the keyboard. Otherwise, top(1) may spin when its tty goes away.
- Added implementation of roff(7) numerical expressions.
- Retired kernel support for SO_DONTROUTE, this time without breaking localhost connections.
- Updated termtypes.master to upstream terminfo-20140329.src.
- When qla(4) is iterating through fabric ports, start at our own port ID, to simplify tracking.
- Added axen(4) wherever axe(4) is found.
- qla(4) ISP2322 chips need a different firmware image to other 2300s, don't load firmware for them.
- Removed (expensive) temporary connect in udp_output(). Also fixes possible memory leak.
- Added missing addressing modes for the fucomip instruction on i386. Unbreaks webkit port.
- Fixed smtpd(8) when writing multi-line "To" and "Cc" headers.
- Implemented the roff(7) .rr (remove register) request.
- Fixed uvm(9) logic error (and prevented theoretical infinite loop) in uvm_pmr_rootupdate().
- mandoc(1) bugfix: make sure all variables are properly initialised when rendering .ll (line length) requests.
- Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
- Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
- Made makewhatis(8) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
- Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
- Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
- Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
- Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
- When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
- Instead of silently doing nothing, made makewhatis(8) warn and return non-zero when the manpath is empty.
- Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
- Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
- When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
- Renamed the makewhatis(8) -W option to -p. Matches flag introduced in OpenBSD 2.7.
- Proper validation and computation of bsize now occurs in the disklabel(8) expert mode.
- Renamed -v option of mandocdb(8) to -D, to avoid a clash with the -v option of makewhatis(8).
- Reduced the tmux(4) mouse wheel scroll size to 3; allow shift to reduce it to 1; allow meta and ctrl to multiply by 3; support wheel in "choose" mode.
- Fixed npppctl(8) calculation of response message size.
- Added the "#" character as a comment character in the mg(1) startup file.
- Support UTF-8 with tmux(4) choose-buffer; made buffer_sample bigger to let it trim at window right edge.
- Enabled hds(4) on hppa.
- Enabled mpath(4) on macppc.
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents server from forcing a new-hostkey dialog.
- Include fingerprint of key not found by ssh-keysign(8); use arc4random_buf() instead of loop+arc4random().
- In four byte UTF-8 sequences, make sure tmux(1) only uses three bits of the first byte.
- Stopped tmux(1) crashing when a zero-length argument is passed to setb.
- Made tmux(1) message-limit a server option.
- Stopped tmux(1) segfaulting when the parent of the layout cell is NULL.
- Added setb -a to tmux(1) append; added a copy mode append command.
- Made session_attached a count; added session_many_attached flag to tmux(1).
- Added start-of-list, end-of-list, top-line and bottom-line in tmux(1) choice mode.
- Stopped tmux(1) writing into the buffer if there are no arguments.
- Changed secondary device attributes response to "\033[>84;0;0c" which is unique for tmux(1).
- Made bus_dmamap_load(9) and bus_dmamap_unload(9) mpsafe on alpha.
- Restored behaviour of ls(1) -f implying -a (lost in commit made in 1989). Conforms to IEEE 1003.1-2008 ("POSIX.1").
- On loongson, mips and octeon, stopped whole L1 cache being flushed unnecessarily.
- Again allow more than one level of directories to be created via mg(1) make-directory.
- Force detach of all usb(4) devices by disconnecting root hubs before suspending machine. Avoids races.
- libtool(1) now properly add -rpath to the linker when linking libraries. Matches GNU libtool.
- Increased Xtranssock.c send buffer for UNIX sockets. Makes Firefox usable again when viewing large images.
- If HOST or the host argument starts with a "/", cu(1) will now treat it as a device name.
- Fixed REMOTE on cu(1) to work like tip(1); added support for HOST.
- Added SNI support to ftp(1).
- Allow roff(7) to support relative arguments to .ll (increase or decrease line length).
- Repaired boot.net operation on (at least) sparc SS5 PROM v2.21
- Implement the roff(7) .ll (line length) request.
- 5.5 RELIABILITY FIX: Memory corruption occurring during icmp(4) reflection handling (ICMP reflection is disabled by default).
A source code patch is available for 5.5.
- Recognise so-called "EFI-like" interface provided by newer PMON firmware on Loongson 2Gq and Loongson 3A.
- Bugfix and security update to nginx(8) version 1.4.7 (note: CVE-2014-0133 does not affect OpenBSD).
- Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
- Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
- Allow leading and trailing vertical lines in tbl(7), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
- Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
- Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
- Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
- On loongson, made sure the HIBERNATE pages get reserved regardless of the memory layout.
- Program the colormap correctly on grtwo(4/sgi); added a simple screen burner accessop.
- When enforcing TOS (Traffic Class), made pf(4) preserve the ECN bits (as with IPv4 packets).
- Adjusted (commented-out) nginx.conf(5) sample blocks for PHP and SSL configurations.
- Made mg(1) C-t (transpose two chars) behave like emacs.
- Ended experimental machine-independent login.conf(5) template support.
- Made cu(1) handle REMOTE in the environment as either a separate remote(5) file or a host.
- Added cu(1) support for retrieving the line and speed from the /etc/remote "dv" and "br" capabilities like tip(1).
- Fixed handling of the kill(1) "-1" option from a thread other than the original thread.
- Permit generating of NAMI and CSW records inside ktrace(2).
- Ignore the -b option if cksum(1) is called as-is (e.g. "cksum -b /bsd"), to match man page.
- Removed file2c(1). hexdump(1) works as well for most use cases.
- usb(4) root hubs can now happily be detached and reattached.
- When smtpd(8) is locally enqueuing messages without specifying a domain, update headers to show the local domain.
- Strengthened ssh(1): removed weaker pre-SHA2 hashes, broken cipher (arcfour), and the broken mode (CBC) from the default configuration.
- skey(1) bugfixes: default algorithm switched back to md5; do not let skey_set_algorithm() cause a segfault if an unsupported algorithm is specified.
- Added acpithinkpad(4) support for aux button strip on newer thinkpads missing regular F1-F12 keys.
- dd(1) now supports g for gigabytes.
- Reworked the way sysmerge(8) fetches and verifies sets, to simplify the process.
- Merged perl(1) version 5.18.2 (including local patches).
- Stopped calling smtpd(8) purge_task every 10 secs (only needed once at startup).
- Removed "-r" option from ping(8), traceroute6(8) and traceroute(8).
- Enabled SQLITE_ENABLE_FTS3_PARENTHESIS in sqlite3(1).
- Removed the MD4 functions (highly susceptible to collision attacks).
- Skip leading escape sequences in mandoc(1) man_deroff(), for better indexing.
- Gave powerpc PIE.
- Initialise additional BATs (IBAT4-IBAT7 and DBAT4-IBAT7) on socppc. Stops memory corruption on devices with rb600.
- Fix uhidev_detach() when detaching a device which did not claim all reported IDs.
- Reverted audio key handling.
- Make sure sysmerge(8) adds missing users/groups before running the target; otherwise mtree(8) can fail.
- Let mg(1) users input a tag to find, even if no default tag is defined.
- Disabled smtpd(8) imsg buffers profiling code, to stop processes waking up each second.
- npppd(8) tunnels can now have multiple listen addresses.
- Reimplemented control part of npppd(8) with imsg; added "monitor" command for npppctl(8) to monitor PPP session start/stop events.
- Fixed npppd(8) bug which caused segfaults when npppd.conf(5) had "username-suffix" and "strip-atmark-realm" as yes.
- Made npppd(8) keep listening on 1723/tcp when accept() is failed.
- Removed tape as a method for fetching install sets.
- Attempt to workaround the R4000 end-of-page errata on sgi and mips64, triggered by TLB misses when the code flow crosses a page boundary.
- Disabled MS-CHAPv1 (RFC 2433) support in pppd(8).
- Fixed sysmerge(8) regression when not using a full path to sets; make it use ftp(1) -D.
- Installed /var/unbound/db directory for DNSSEC root key; added (commented-out) options for DNSSEC to unbound.conf(5).
- Removed insecure MD4 checksum algorithm from cksum(1).
- Removed ftp method for obtaining installation sets when running the installer.
- Enabled upd(4) on amd64, sparc64 and macppc archs for testing.
- Sync timestamp changes for inodes of special files to disk as late as possible to avoid useless disk i/o.
- Include support in pstat(8) -v to display the IN_LAZYMOD flag.
- On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
- Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
- Retired the rarely used hp300, mvme68k and mvme88k ports.
- Allow makewhatis(8) to check mandoc.db(5) databases are up to date even when you don't have write permissions.
- Notify userland (via the routing socket) when ARP resolution completes.
- Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
- Made bgpctl(8) correctly parse attribute length form imsg.
- Exit from traceroute6(8) if there is at least one unreachable and sum of unreachables and timeouts are >= number of probes.
- Unbroke sndiod(8) monitoring mode, which was shifted in time by 1 block.
- Userland ppp(9) removed.
- In apropos(1) output, sort names and avoid multiple section numbers.
- In slowcgi(8), use SCRIPT_FILENAME (can be an absolute filesystem path). Fallback to SCRIPT_NAME if this is not present.
- Reimplemented htpasswd(1) from scratch.
- Don't use volume keys when in raw-mode. Stops simultaneous volume changes by X(7) and ukbd(4).
- Enable qlw(4) at sbus(4) on sparc64.
- Enabled unbound(8) in base.
- Updated to xcb-proto version 1.10.
- Updated to libdrm 2.4.52.
- Removed the unused userland agp(4) interface.
- Reverted to the freetype2.pc we had before to bring back local changes.
- More informative smtpd(8) log message on unknown SNI.
- Provide an MI api for byteswapping loads and stores, especially beneficial for sparc64 and powerpc.
- Updated to freetype-2.5.3. Fixes vulnerability in the CFF driver (CVE-2014-2240).
- Enabled qla(4) and qle(4) in ramdisks (except on sgi).
- smtpd(8) now prints the correct user name if SMTPD_QUEUE_USER is missing.
- Use ticket locks (not spinlocks) on i386/amd64/sparc64. Provides fairer access to the kernel lock.
- Added a few more instruction patterns to binutils that are needed by gcc(1) version 4.8.
- In mandoc(1) -Tutf8 mode, count hyphens against the output line length even when they are breakable.
- Stopped the smtpd(8) enqueue utility adding a User-Agent header to emails.
- Block userland from entering drm(4) code during suspend/resume. Fixes inteldrm(4) bugs.
- Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
- No more spray(8) in base.
- Fixed buffer overflows in icmp(4) redirect handling (introduced in rev 1.106).
- Switched over from sendmail(8) to smtpd(8) by default.
- Fixed iked(8) config-address w/o pool.
- Unbroke nc(1) "-6 -l" and apply correct fix for previous commit.
- Removed rmail(8).
- Made ssh(1) scan for ed25519 keys by default.
- For isakmpd(8) CA generation, set the correct certificate extensions so more SSL implementations will trust this as a CA cert. Matches ssl(8).
- Bugfix update to nginx(8) version 1.4.6.
- When pf(4) is translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet.
- When pf(4) is setting packet description, also retrieve the Traffic Class field of IPv6 packets.
- Fixed the cnmac(4/octeon) mediastatus when the interface is not configured.
- Optimisation of opendir(3), rewinddir(3) and related functions. 2000x speedup of seekdir(3) in some tests.
- Fixed acpi(4) on amd64, to avoid reboot and stack corruption problems when resuming.
- Reworked per-cpu cache information, to avoid using hardcoding data based on processor type on mips, octeon, and sgi.
- In re(4), fixed operation and made reception of packets work on the 8168G controllers.
- Made mandoc(1) user-defined macros wrapping ".TP" work correctly; preserve line breaks contained in user-defined macros called in ".nf" mode.
- Enable DMA bursting and tagged queueing in qlw(4); enable qlw(4) on alpha/amd64/i386/macppc/sgi/sparc64; only attempt to load firmware if we actually have some.
- Initial xhci(4) implementation: USB 3.0 umass(4) devices get reasonable read/write speed.
- Improved roff(7)'s .if/.ie condition handling.
- Fixed env(1) diagnostic messages to stderr, so failure of env(1) and failure of the specified utility can be distinguished.
- Allow signify(1) to read input messages on a pipe.
- Added usbd_get_hub_descriptor(), to clean up uhub(4) and deal with hub device descriptors in high speed devices.
- With md5(1) -C, exit with exit status of 1 if any of the files specified do not exist.
- mandoc(1) bugfixes related to the closing of conditional blocks: handle more than one '\}' on macro lines; do not treat '\}' as a macro invocation after a dot at the beginning of a line; do not complain about characters following '\}'.
- Makes the "cleartoggle" function in HC drivers optional (upcoming xhci(4) driver doesn't use it).
- Allow signify(1) to accept a password on stdin, as long as it is not a tty(4).
- On qlw(4), set the correct clock rate for ISP1020/1020A.
- When running sysmerge(8), always print the key signify(1) is using.
- Fix the return values of getpwnam_r(3), getpwuid_r(3), getgrnam_r(3), and getgrgid_r(3) to agree with POSIX.
- Altered qlw(4) so it can compile on sparc64 too.
- In -Tutf8 mode, make mandoc_char(7) named accent character escape sequences render as non-combining accents (lets mandoc behave like groff); made \' and \` equivalent to \(aa and \(ga, respectively.
- Introduced qlw(4), a new driver for QLogic ISP SCSI HBAs (currently only supports the pci(4) variants).
- Raised the delay before initialising sdmmc(4). Lets the reader on X220 work reliably.
- Fixed: sndiod(8) read/write position tracking; incorrect delta propagated after xruns in play-only and rec-only modes; crashes seen after a few days of continuous playback.
- Fixed incorrect position reporting with sndiod(8) when using tiny block sizes on busy machines.
- Made sndiod(8) check that the socket is writable before attempting to write data packets.
- On armv7, removed TIMEZONE and DST options from GENERIC-* kernels; added option USBVERBOSE to all kernels.