This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
current.
Changes made between OpenBSD 5.8 and 5.9
- When doing a lookup in the routing table, account for the fact that L2 entries are always in the first table of a routing domain. This fixes a regression introduced during 5.7 and 5.8.
- Fix ECMP routing by passing the correct destination address to the hash routine.
- On hppa, hppa64, macppc and sgi, restore validity checks for the disklabels read from disk. This fixes a problem when reading CDROM disklabels.
- In pkg_add(1), sanitize the environment thru a whitelist. Only pass what is relevant for ftp(1) and similar programs.
- In pdisk(8/macppc), fix display of pdisk partition sizes.
- In the installer, fix macppc installs to HFS-partitioned disks.
- Ensure the IP header is aligned correctly in the copies of multicast/broadcast packets received by a physical interface with carp(4) interfaces on it.
- In ssh(1), fix a spurious error message when an incorrect passphrase is entered for keys.
- In patch(1), properly handle ed-files which fully replace input file content.
- In smtpd(8), avoid overriding the user-provided address family for a listener.
- In eigrpd(8):
- Filter RTM_GET messages which are not from us.
- Make eigrpd(8) work against newer IOS routers.
- Add scope id only for unicast IPv6 packets.
- Skip redistributed routes when updating the FIB.
- In tcpdump(8), show details of beacon country elements in verbose mode only.
- On i386, fix a boot issue on non-ACPI i386 machines that need X permissions on the BIOS region in the ISA hole.
- On alpha, re-enable OpenGL.
- On alpha, avoid an ICE generated when building mesa with -O2.
- In azalia(4), enable snooping on Intel C610.
- In random subsystem, avoid a undefined behaviour when using right shift operation.
- In em(4), add support for the Intel I219 network chip.
- On arm, disable the stack protector when building libstdc++.
- In ssh, unbreak SSHv1.
- In syslogd(8), prevent an integer overflow in syslogd when parsing the priority.
- In /etc/ssl/cert.pem, add a few root certificates from Mozilla's cert store.
- In sshd(8), make sandboxed privilege separation the default.
- In tar(1), ignore trailing slashes and skip over duplicate slashes in chk_path() to avoid infinite loop when creating intermediate directories.
- In ssh(1), add a "Close session" log entry (at loglevel=verbose) to correspond to the existing "Starting session" one.
- In tar(1), fix archiving a 101-character absolute path in ustar format.
- In httpd(8), fix a double free in the patterns code.
- In softraid(4), avoid using uninitialized variables in two corner cases.
- In smtpd(8), add the "listen on socket" smtpd.conf(5) rule.
- In iwm(4), initialize net80211 callback pointers at attach time. This fixes a crash.
- In makemap(8), remove support for "dbm".
- Remove the "GenuineIntel" check from x86 mdrandom(). This enables the use of RDRAND and TSC fallback on CPUs from other vendors, notably AMD.
- In ssh(1), avoid fatal error for PKCS11 tokens that present empty key IDs (bz#1773).
- In ieee80211(9), don't pass QoS "no data" frames to the A-MPDU reordering logic. This avoids major confusion.
- In ipmi(4), check the sensor name length more carefully. This avoids a panic on the Dell R210 II.
- In sftp(1), fix a regression where existing destination directories would incorrectly terminate recursive uploads (bz#2528).
- In wsconsctl(8), hidms and uts(4), permit negative x and y coordinates in mouse.scale.
- On hppa64, make __cpu_simple_lock provide serialisation of the critical section. This makes atomic sequences actually atomic.
- In 5.8, fix a bug in vlan(4) and carp(4) refcounting. This will cause a panic when root does an "ifconfig destroy" of a the parent interface. (5.7 and -current are not affected.)
- In ieee80211(9), log frames which fall outside the BlockAack window in dmesg(8) if the interface debug flag is set.
- In pkg_add(1), drop privileges prior to running ftp(1).
- On hppa, make __cpu_simple_lock provide serialisation of the critical section. This makes atomic sequences actually atomic.
- In ssh(1), turn off more old crypto: hmac-md5, ripemd, truncated HMACs, RC4 and blowfish.
- In ssh(1), do not attempt to percent-expand an already-canonicalised addresses. This avoids unnecessary failures when attempting to connect to scoped IPv6 addresses.
- In hexdump(1), fix a bug that caused nothing to be skipped when skipping exactly the number of bytes present in a regular file was requested.
- In 5.8, fix a kernel crash when root creates, changes or destroys carp(4) interfaces multiple times with ifconfig(8). (5.7 and -current are not affected.)
- In ssh(1), make application of rekey limits more accurate (related to bz#2521).
- In ieee80211(9):
- Work around buggy APs which occasionally emit sequence numbers much higher than the current 11n BlockAck window.
- Stop requiring a BlockAck session timeout. Just use it if the AP is asking for it.
- In iwn(4), fix off-by-one in a loop termination condition.
- In dhcpd(8), avoid a use-after-free when parsing address ranges from a config.
- In vmd(8), avoid a double free in an error path.
- Update to xkeyboard-config 2.17.
- In pchtemp(4), add support for the Intel 9 Series.
- In radeondrm(4), enable the code that reads the BIOS from the ACPI VFCT table on platforms with ACPI.
- Fix iwn(4) CCMP replay detection so it does not drop out-of-order A-MPDU subframes. This helps 11n mode with WPA.
- In the msdosfs code, guard against integer overflow when checking whether writing to a file stays within the maximum file size.
- Make write(1) explicitly ASCII only. This prevents sending of potentially harmful bytes to terminals that do not support UTF-8.
- In iwm(4) and iwn(4), set max A-MPDU length to 64k instead of 4k and tell the firmware about A-MPDU spacing.
- In ieee80211(9), store ADDBA request and response parameters in the block ack record. Now it is possible keep track of the ACK policy and echo it back to the AP. This fixes Apple Airport APs.
- On mips64, re-enable OpenGL.
- In ssh(1), fix a problem where the mux master would sporadically fail to notice that the client had exited.
- In tmux(1), do not wrap cursor at start or end of history.
- Use pledge(2) in talk(1) and talkd(8).
- On amd64 and i386, add /dev/ipmi0.
- In ipmi(4), implement FreeBSD-compatible IOCTL to access BMC.
- In iwn(4):
- Restore the CCMP key to firmware after HT protection setting updates. This unbreaks WPA in 11n mode.
- Pass 802.11 control frames in monitor mode.
- In ieee80211(9), restore the BlockAck session timer.
- In smtpd(8), when deleting a message, remove associated envelopes from the cache.
- In the ext2fs and ufs code, prevent a signed overflow.
- In tcpdump(8), fix an infinite loop when printing a country element in a management frame in case we hit channel Tx power limits that cannot be pretty-printed.
- In efiboot, work around peculiarities of (buggy) UEFI implementations: always call SetMode(), but don't report an error if the current mode is the same as the desired mode.
- In radeondrm(4), prevent a panic when the ROM size is 0.
- In sd(4), avoid a possible use-after-free.
- In pkg_add(1), update the font cache after removing packages with @fontdir markers.
- In tcpdump(8), show 802.11 control frames.
- In dhclient(8), dhcpd(8) and dhcrelay(8), be very careful accepting packets via bpf(4).
- Enable hostctl(8) on amd64 and i386.
- In tail(1), fix off-by-one in argument parsing.
- Prevent efifb(4/amd64) from attaching if we are the console.
- In smtpd(8), fixe a mismatch between DSN's subject line and its content.
- On amd64 and i386, correct signal delivery on systems where the AVX leaf is disabled.
- On amd64 RAMDISK_CD, enable pvbus(4), xen(4), xnf(4) and xspd(4).
- In libxcb, make sure the socket send buffer is at least 64KB. This should speed up applications that send images to the X server, like Firefox.
- In xen(4) and xenstore(4), make a few reliability improvements in the power management interface.
- Stop setting the process title in bgpd(8), dvmrpd(8), eigrpd(8), hostapd(8), httpd(8), ldpd(8), npppd(8), ntpd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), snmpd(8), smtpd(8) and vmd(8). This makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name.
- Use pledge(2) in pdisk(8/macppc).
- Implement "ldapctl -r datadir".
- On armv7, add A20 support to sxirtc.
- In sxitimer(4/armv7), remove A20 support; agtimer is now used instead.
- Move to -release mode.
- In ldapd(8), add -r to specify an alternative directory to store/read the database.
- In ieee80211(9), stop requiring a BlockAck session timeout, but still honour the timeout if the AP requests it.
- In tcpdump(8), show 802.11 QoS frames properly.
- On armv7, fix the encoding of AP bits for large page second-level short-descriptors.
- Revamp /etc/ssl/cert.pem certificate information formatting and sort certificates in a more useful way.
- In pdisk(8/macppc), set lblock_start and lblocks to 0 in free space entries like Apple does.
- In tmux(1):
- Fix new-session with -t after command flags changes.
- Support negative trim values in formats to trim from the end.
- Add RGB escape sequences for capture-pane -e.
- On armv7:
- Allow the kernel to boot from a u-boot without the OLD_SUNXI_KERNEL_COMPAT option.
- Use ARM Generic Timer (agtimer) instead of sxitimer(4/armv7) on Allwinner sun7i/A20.
- Hook OPENBSD-RELAYD-MIB into OPENBSD-SNMPD-CONF.
- Sync libedit with NetBSD.
- In pkg_add(1), extend URL abbreviation support from pkg.conf(5) so that every URL can be abbreviated.
- In ping(8) and ping6(8), fix a regression in -E.
- In xen(4), add support for the "control/shutdown" power management facility. At the moment only "poweroff" and "reboot" actions are supported.
- In xenstore(4), add support for XS_WATCH, a XenStore notification facility.
- In pdisk(8/macppc):
- Tweak printing of partitions: always show the pblock and lblock info in the "p" and "P" commands, respectively.
- Warn of partitions extending past the end of the media.
- Support only base 10 for partition IDs.
- In aucat(1), fix unsupported parameters not being detected if compiled in 24-bit mode and sndiod is not running.
- In pdisk(8/macppc), improve conformance to OS X's behaviour.
- In tmux(1), add support for RGB colour.
- In audioctl(1), display play and record parameters that are not independent as a single variable.
- Install the relayd(8) SNMP MIB.
- In ssh, allow RekeyLimits in excess of 4G up to 2**63 bits (part of bz#2521).
- In ftp(1), fix a crash when a server sends a non-standard newline.
- In daily(8), run "rcctl ls faulty".
- In pdisk(8/macppc), make "r" (reorder, a.k.a. swap) command work with any two existing partitions. Do not allow partition 1 to be moved.
- In pkg.conf(5), allow installpath to be set to a bare hostname which implies "http://hostname/pub/OpenBSD/[snapshots-or-version]/packages/[arch]".
- In pdisk(8/macppc):
- Check block 0 signature, physical block size and physical block count when reading partition map.
- Check for unmapped physical blocks and overlapping partitions when reading partition map.
- Remove "v" command.
- Add hostctl(8), a tool to access key-value stores on the host, currently for hypervisor information stores on pvbus(4). It is not enabled yet.
- On amd64 and i386, add /dev/pvbus0.
- In pvbus(4), add a key-value interface that allows to get or set values in the underlying information store of the host from the OpenBSD-VM's userspace.
- In libpthread, replace the malloc spinlock with a mutex. This makes ports like Firefox significantly more usable.
- In mg(1), ensure the backup file has the same mtime as the original file.
- In xnf(4), rewrite tx path to use flat transmit ring without fragment chains. This gives a transmit performance improvement and taxes grant table references much less than before.
- In xen(4), do not take a grant table entry mutex in xen_grant_table_{enter,remove} since it is unnecessary. This provides a performance improvement as well.
- In malloc(3), fix a possible crash when dumping malloc stats.
- In xen(4), ensure use of locked atomic operations even on the SP kernel.
- In fputwc(3), when encoding fails set the error indicator as required by POSIX and as done by FreeBSD, SunOS 10/11 and glibc.
- In vr(4), fix an mbuf leak on encapsulation failure.
- In tail(1), fix a crash.
- In pf(4), fix a pf_state_key leak.
- In ieee80211(9), honour ERP protection on 2 GHz channels in 11n mode.
- In vmm(4/amd64), zero the buffer to be copied out to userland to avoid information leak.
- In 5.8, fix a kernel crash when root creates, changes or destroys vlan(4) interfaces multiple times with ifconfig(8). (5.7 and -current are not affected.)
- In ieee80211(9), iwm(4) and iwn(4), keep track of HT protection settings in beacons and have 11n-capable drivers update hardware configuration accordingly.
- In xnf(4), revert the minimum number of rx ring slots back to 32.
- In vmx(4), do not send the mbuf to bpf(4) after passing it to the hardware. This could have resulted in a page fault.
- In snmpd(8), avoid a potential double free.
- In etherip(4), do not return an uninitialised value for the SIOCGLIFPHYRTABLE case.
- In ypldap(8):
- Implement the "master" request.
- Set argument encode / result decode call backs for "maplist".
- Set argument encode / result decode callbacks for "all".
- In ld.so(1), make a nodelete object lock down the entire load group, not just the specific object.
- Update to Mesa 11.0.9.
- On arm and armv7, switch to SVC mode when machines with virtualisation extensions boot into a HYP processor mode that has different memory management and register behaviour among other things. This prevents an early crash.
- In pdisk(8/macppc), avoid double prompt after creating default map on startup.
- In dwiic(4), avoid reading uninitialised memory when expected value types are not present.
- In xnf(4), set up interface features based on capabilities provided by the backend.
- In xnf(4), set minimum number of slots on the receive ring to 18 as most versions of Xen require at least this number of slots.
- Always check destination MAC address of received unicast packets, not only when in promiscuous mode. This is necessary for NICs like virtio(4).
- In vxlan(4), drop packets whose VNI flag is not set and VNI is not zero.
- In etherip(4), support tunnel VRF.
- In pdisk(8/macppc):
- Remove "expert" mode and the -d flag. Instead make all commands available all the time.
- Change the "P" command: it now shows map data structures.
- Stop accepting uppercase aliases for commands documented as lower case.
- Eliminate the 'written' field and just use the 'changed' field to mediate when it is appropriate to ask whether changes should be discarded.
- Repair creation of initial partition table on a blank disk.
- In ieee80211 stack, fix the timeout value sent in ADDBA request and response frames.
- In socpcic(4/socppc), avoid use of an uninitialised variable.
- In ieee80211(9), fix the timeout value sent in ADDBA request and response frames.
- In pdisk(8/macppc), do not silently open a disk read-only when read/write access was requested.
- In calendar(1), add a calendar for New Zealand.
- On sparc64, check for disks deeper than 4 levels down in the Open Firmware device tree. This makes softraid(4) boot possible on more sparc64 machines.
- In xnf(4), do not bump output errors when when tx ring is full.
- Add hidmt(4) (a HID-layer driver for multitouch touchpads that conform to the "Windows Precision Touchpad" standard) and imt(4) (an i2c-HID driver that sits between ihidev(4) and hidmt(4)).
- In ihidev(4), add the ability to set and get reports and establish interrupt before probing for devices to handle each report ID.
- In morse(6), use the <AC> prosign as "@". Support decoding only of other prosigns, including <SK> as we were previously using for "@".
- In unbound(8), suppress "cannot assign requested address" log messages unless verbosity is high.
- On sparc, fix a race causing hardclock(9) to be sometimes invoked between the end of cpu_configure() and initclocks().
- In xnf(4):
- Fix a few issues in the transmit path.
- Mask interrupts on boot, masking/unmasking is handled by stop/init.
- In pdisk(8/macppc), remove the "expert" mode "d"/"D" command.
- In mg(1) cscope, skip empty entries in $PATH instead of erroneously interpreting them as ".".
- In pdisk(8/macppc), remove the "debugging" mode command to examine the Apple_Patches partition contents.
- Add UTF-8 support to colrm(1).
- In xen(4), provide a Xen v3 API compatible fallback for event channel hypercalls.
- In ls(1), fix a regression (and POSIX violation) introduced with UTF-8 support.
- In xenstore(4), fixup a hang while performing a read operation on XenStore.
- Add UTF-8 support to ul(1).
- In sndiod(8):
- Load pki keys before daemonising. Passphrase-protected keys require access to stdin.
- Allow time differences between two clock_gettime() calls to be up to 60s without logging a warning.
- In morse(6), use distinct codes for left and right parentheses.
- In dwiic(4), fix an off-by-one that could result in read operations not reading the last byte.
- On the amd64 RAMDISK_CD, enable ikbd(4).
- In ldapd(8), properly remove unix sockets upon exit of the parent process.
- In mandoc(1), unbreak reading from stdin.
- In pdisk(8/macppc), remove support for 1024- and 2048-byte sector devices.
- On octeon, attach secondary CPUs by coremask. This fixes a crash that happened if the MP kernel was booted with coremask=1.
- On octeon, panic if booting the kernel without CPU 0.
- Fix two issues in the systat(1) state view:
- Fix peak and rate computations for states that transferred more than 4 GB.
- Prevent a possible in the rate and peak when creating new cache entries for existing states.
- In pflogd(8), remove broken interface status printing support.
- In tmux(1), add hooks for alerts (bell, silence, activity).
- On the amd64 RAMDISK_CD, enable sdhc(4) at acpi(4) so eMMC will be available at install time.
- In dwiic(4), prevent attach the driver if the device is not present.
- In puc(4), add Moxa CP-168U support.
- Implement intr_barrier(9) for sh/landisk.
- In xspd(4), if the xnf(4) driver is enabled, detach emulated network devices.
- In eigrpctl(8), introduce the "eigrpctl clear neighbors" command.
- In eigrpd(8):
- Do not set the EoT flag in the last startup update.
- Add support for manually clearing neighbors.
- Fix bug that happened when a passive interface was shut down and then reactivated.
- Several fixes in the Conditionally Received (CR) mode.
- Fix detection of the Stuck-in-Active (SIA) state.
- If an explicit nexthop was advertised for a route, show it in the "eigrpctl show topology".
- For each prefix, order routes by their nexthop.
- In eigrpctl(8), in the "show" commands, order the routing instances by AF and then by AS.
- In ddb(4), add a "show socket" command.
- In rpcgen(1), add support for parsing "hyper" and "quad" types, as per RFC 4506.
- When enabling a non-volatile memory express controller, wait till CSTS.RDY lights up.
- In ssh(1), fix some file descriptor leaks.
- In which(1):
- Use the default path if there is no PATH in the environment.
- Avoid potential read of one byte before the start of a buffer.
- Attach dwiic(4) on the Intel Bay Trail i2c controllers.
- In dwiic(4), fix several issues:
- Properly map bus space
- Properly implement the iic(4) operations.
- Keep timings set up by the firmware if the SSCN and FMCN methods aren't available.
- Add ikbd(4), a driver for HID-over-i2c keyboards.
- In calendar(1), add a calendar file for the United Kingdom.
- Prevent a NULL dereference when detaching a USB device with ugen(4) disabled or if allocating memory during the attachment process failed.
- On octeon, add support for a variety of USB devices.
- In ssh, remove roaming support altogether.
- 5.7 and 5.8 SECURITY FIX: experimental roaming code in the ssh client could be tricked by a hostile sshd server, potentially leaking key material (CVE-2016-0777 and CVE-0216-0778).
A source code patch and workaround is available for 5.7 and 5.8.
- In ssh(1), disable experimental client-side roaming support.
- Grab the kernel lock before delivering a message to the routing socket when an ARP resolution has been done. This should fix the "receive 1" panic.
- In pfctl(8), print an error message when detecting multiple root queues on a single interface.
- In acpi(4), fix a bug in dwiic(4) where it would try to access i2c devices on busses they're not attached to.
- In ssh(1), eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension.
- In luit(1), properly disable LNEXT (^V) processing.
- Update to xterm 322.
- On amd64, enable xen(4), xnf(4) and xspd(4) in GENERIC kernels.
- In ihidev(4), fix hid packet length calculation.
- In dhcrelay(8), check UDP length for short as well as long values.
- Implement VFS read clustering for MSDOSFS.
- Make "ifconfig $if mode" a valid subcommand that works independently of the "media" subcommand.
- In iwn(4), tell the firmware to retry failed Tx at 1Mbit/s instead of MCS 0. This seems to make tx rate scaling go up faster and helps rx performance.
- In vlan(4), do not propagate any of the parent interfaces offload features on svlan(4).
- On amd64 and i386, in the TSC fallback code, perturbance is biased towards the lower bytes of a word. Compensate for this with a bit-spreading operation which applies a result byte by byte.
- Let smtpd(8) start on machines without a FQDN as hostname.
- In pdisk(8/macppc), remove -i.
- In ndp(8), do not print an error if the list of prefixes is empty.
- Remove wireless turbo mode support. It is a non-standard extension supported only by obsolete devices.
- In carp(4), prevent a NULL dereference if SIOCGVH is issued without carpdev argument.
- In acpi(4), improve emulation of PM registers on Hardware-reduced ACPI. This makes the transition into S5 (powerdown) work on the ASUS X205TA.
- In pdisk(8/macppc), remove -c and -d.
- Add dwiic(4) (a driver for the Synopsys DesignWare i2c controller), ihidev(4) (a HID-over-i2c driver) and ims(4) (a HID-over-i2c mouse/trackpad driver).
- In the installer validate the data for CGI_{METHOD,TIME,TZ} since it comes from an external source.
- In em(4), avoid a use-after-free when posting the packet on 82547 chips after bpf(4).
- Make sdhc(4) attach to hardware IDs 80860F14 and PNP0FFF.
- Make sure the keyboard mux gets picked up by the primary (console) display and that USB keyboards get paired with the console even if they are not marked as the console keyboard.
- In relayd(8), add the host_error output and the http code (when available) to the host-check log.
- On amd64 and i386, ensure the keyboard mux gets picked up by the primary (console) display and that USB keyboards get paired with the console even if they are not marked as the console keyboard.
- In pdisk(8/macppc), remove -v.
- In perl(1), fix "XS File::Spec::canonpath loses taint" (CVE-2015-8607).
- In xenstore(4):
- Handle zero-length messages.
- Prevent infinite loop when receiving and empty reply or directory node.
- Fix a bug where cron(8) could skip re-reading the spool after two consecutive changes.
- In ipmi(4), if possible, read values from disabled sensors.
- Make sdhc(4) attach to acpi(4). This is neede to support the SD host controllers integrated on Intel's Bay Trail SoCs.
- In sdmmc(4), add limited support for controllers that implement version 3.0 of the SD host controller standard.
- In pdisk(8/macppc), use the device's default disklabel to determine a disk size.
- In acpithinkpad(4), add ThinkPad tablet dock/undock ACPI events.
- In ipmi(4):
- When stopping the watchdog, clear DONTSTOP bits. Without this, BMC records a watchdog timer expiration event.
- Print a message to console when the watchdog is enabled or disabled.
- Make the eMMC on the ASUS X205TA work.
- Add UTF-8 support to ps(1).
- On mips64, revert the MP pmap diff. It does not work on non-PMAP_DIRECT systems due to lock recursion.
- In jot(1), when generating random sequences, fix the bias at both ends of the specified interval.
- In audio(4), fix a bug when closing /dev/audioctl and /dev/mixer they wrongly return ENXIO.
- In acpi(4), initial support for Hardware-Reduced ACPI.
- In fdisk(8), revamp the display of GPT information, hiding less important information under the -v flag.
- In ipmi(4), correct sensor threshold handling by properly checking the response of the Get Sensor Reading Command.
- In ftp(1), handle redirects to relative URIs containing "://".
- Remove the arp and revarp input queues. Packets of these types are now processed in the softnet task without holding the kernel lock.
- In sndiod(8), unbreak support for multiple -L options.
- Improve UTF-8 support in ksh(1):
- Allow non-ASCII characters to be part of words.
- Allow insertion of non-ASCII characters without screwing up the display.
- Fix forward movement.
- In sis(4), work around buggy zero-length packets produced by the DP83816A.
- Enable uonerng(4) in kernels where ualea(4) is already present.
- Add uonerng(4), a driver for the Moonbase Otago OneRNG.
- On octeon, avoid rendezvous from failing if buffering is enabled.
- In Mesa, disable reading of drirc files by default. This allows for a stronger pledge(2) in chromium.
- In ieee80211(9), make the A-MPDU reordering buffer more resilient against APs which drop some subframes or let the sequence number jump up by more than 1. This should fix network stalls seen in 11n mode.
- In iwn(4) and iwm(4), fix A-MPDU parameters in link quality firmware commands.
- In mandoc(1), detect recursive "define" in eqn(7) which avoids infinite loops.
- In hack(6), read ^Z as a normal character. This fixes suspend/resume.
- In fmt(1), add UTF-8 support for -c.
- In ifconfig(8), sync displayed interface flags to reality.
- In acpibtn(4), fix the lid sensor for machines that do not generate an event when the lid opens.
- Add xnf(4), a Xen virtual networking interface (Netfront) driver.
- In cpsw(4/armv7), properly handle the receive queue being full condition instead of hanging.
- In em(4), mark the driver MP-safe.
- In ipmi(4), fix a panic in odd situations.
- On i386, when booting from softraid, get the first, not the last, OpenBSD partition in the MBR.
- In vi(1), remove the message catalogs.
- In iwm(4), initialize the A-MPDU parameters field in HT capability elements.
- In malloc(3), remove the "a" option.
- In expr(1), use 64-bit integers for arithmetic.
- On amd64, when booting from softraid, get the first, not the last, OpenBSD partition in the MBR.
- Prevent integer overflows in sosend(9) and soreceive(9).
- In iwn(4), always use a CCK rate as last fallback in the firmware's tx rate retry table. This may make 11n mode work in very noisy environments.
- In acpi(4), fix systems that don't implement legacy mode.
- Revert sys/dev/pci/if_oce.c r1.87 (which unlocked the interrupt handler rx path).
- On mips64, make POWER Indigo2 R8000 boot multiuser again.
- In fgetws(3), fix a bug when errno is EILSEQ upon function entry or when the file ends without a terminating L'\n' character.
- Fix lots of bugs in the fprintf(3) family of functions.
- In mandoc(1), improve handling of .Va and .Vt macros.
- In iwn(4), add initial support for 11n mode to the iwn(4) driver. Only MCS 0 to 7 are supported for now.
- In ieee80211(9):
- Skip over 11n mode during scanning to avoid scanning channels more than once.
- Allow switching into 11a and 11b/g mode correctly when the driver supports 11n.
- Fix manual scan while associated in 11a mode.
- Fix negotiating A-MPDUs with some APs.
- Use pledge(2) in spamd-setup(8).
- In re(4), mark the driver MP-safe.
- In nc(1), use the correct values for TLS certificate and private key flags.
- On vmm(4/amd64), do proper termination of VMs by doing proper VCPU run state management. This should fix some of the odd termination errors.
- In mg(1), allow macro execution to continue without delay in the event of a visible bell call.
- Fix problems with EFI installs involving many disks.
- Update to randrproto 1.5.0.
- Update to x11proto 7.0.28.
- In pchtemp(4):
- Add support for Intel 100 Series.
- Enable on i386.
- Update to freetype-doc 2.6.2.
- In mg(1), add dired-find-alternate-file.
- In iec(4/sgi), take the PHY out of reset before attaching the interface. This allows for disabling some checks on reboot, making reboots faster especially on IP27.
- In sendsyslog2(2), avoid a panic that could occur when writing to the console.
- In ix(4), do not grab the kernel lock in the rx and tx paths.
- In trunk(4), fix the "lacp_compose_key protection fault trap" when removing a port from a lacp trunk.
- Add pchtemp(4), a driver for the thermal sensor on recent Intel PCHs.
- In inteldrm(4), unconditionally set the "switchcookie". This fixes synchronous VT switching.
- Use pledge(2) in tokenadm(8).
- In malloc(3), fix a NULL dereference in case the abort option is disabled.
- In nlist(3), avoid out-of-bounds access and excessive memory allocation on a malformed ELF header.
- In mg(1), add transpose-words. It is limited to one iteration until "undo" is looked into.
- In wscons(4), change keyboard configuration detection to work even when a kbd(8) setting has multiple bits set (e.g. us.dvorak.swapctrlcaps).
- In bge(4), mark the start routine as MP-safe.
- Set the UltraDMA transfer mode for SATA drives. Some of these drives, such as the Maxtor 7Y250M0, refuse to do DMA unless the transfer mode has been set. This causes reads (and presumably writes) to time out.
- In the installer, do not insist on EFISYS partitions on non-root disks and prevent an autoinstall loop.
- In re(4), mark the interrupt handler as MP-safe.
- Add GENERIC-IP27.MP for MP support on the SGI Octane 350.
- Import libdrm 2.4.65.
- On amd64 and i386, if available, prefer the rdseed instruction over rdrand when adding entropy to the kernel random number generator.
- In puc(4), add the Perle Speed8 LE.
- In cp(1), set the times, mode and flags on symlinks when doing cp -p (or mv across filesystems).
- In ukbd(4), enable the iso keyboard munge fix for MacBookAir6,2.
- In libevent, revert the change to call kevent(2) immediately (which was done to prevent the dispatch loop from bringing down the entire process). tcpbench(1) relies on the old behaviour.
- On sgi, add a timecounter for MP, make interrupt masking MP-aware, add launch logic for secondary CPUs and add IPI logic.
- In kdump(1), implement basic kevent(2) printing.
- In fgetwc(3), set the error indicator when an encoding error occurs, as specified by both the manual page and POSIX.
- In file(1), add --brief and --dereference. These are used by xdg-open and xdg-mime.
- In mg(1), add -R to open the specified files read-only.
- Implement privsep and use pledge(2) in mountd(8).
- Use pledge(2) in sndiod(8).
- Update to sqlite3 3.9.2.
- In rdate(8), expand the size of messages between processes to accommodate larger messages.
- Import Mesa 11.0.8. This seems to fix some of the problems with clutter/gnome reported to occur on r600 with Mesa 11.0.6.
- Ensure the installer asks for the IPv4 default route in case an interface has been configured via dhcp and then again manually.
- Find the OpenBSD disklabel on GPT partitioned softraid volumes in order to allow booting from such volumes.
- In asmc(4), make communication with the Apple SMC chip more reliable.
- Add viocon(4), the VirtIO console device.
- In smtpd.conf(5), switch to "file" backend for the aliases table by default.
- In smtpctl(8), support some sendmail-compatible command-line arguments.
- In tmux(1), fix a bug where the "attach-session -d" detached the wrong session.
- In Xserver(1), default to using the modesetting(4) driver on Broadwell. It works better than the intel(4) driver.
- In drm(4), advertise support for DRM version 1.4. This makes the PCI-based probe method in the modesetting(4) driver work.
- In Mesa:
- Set the configure option to enable floating point textures. This is required by drivers such as r600 to support OpenGL 3.x.
- Build the gallium software rasteriser (softpipe). This fixes loading the r300 driver on macppc.
- In sndiod(8), implement initial privilege separation and reenable networking.
- In uvideo(4), do not delay video(4) attachment if the device does not need to load firmware.
- Use pledge(2) in mtree(8).
- On alpha, disable pcn(4) on ramdisk kernels.
- Move to 5.9-beta.
- In dhclient(8), do not exit if a route can not be added.
- In rc.d(8), don't report that the daemon has succesfully started if it actually failed because of a config error.
- Prevent GPU lockups with KMS and AGP-enable on Uninorth (G4) machines. KMS is now usable on Uninorth machines but X11 output is still corrupted.
- Do not match Uninorth bridges until we have a working KMS with AGP support for G4 machines. This allows us to enable agp(4) again for G5 machines which makes X11 usable on the Dual G5 with radeondrm(4).
- Make carp_output() MP-safe.
- Add UTF-8 support to uniq(1). Let -f recognize non-ASCII blank characters and let -s count characters rather than bytes.
- In tmux(1), make input off flag (selectp -d) apply to synchronize-panes too.
- Fix urtwn(4) on big-endian architectures.
- Make ix(4) MP-safer.
- Use pledge(2) in mknod(8).
- In casin(3), casinf(3), and casinl(3), give correct results if the imaginary part is zero.
- Fix the behaviour of csqrt(3): we should have csqrt(conj(z)) == conj(csqrt(z)).
- Avoid modulo bias in the IPv6 stack.
- In the scheduler, make the cost of moving a process to the primary CPU a bit higher. This is the CPU that handles most hardware interrupts, so by making it less likely that the softnet taskq runs on that CPU, most of the performance lost by "unlocking" network drivers is restored.
- In acpithinkpad(4), add display brightness support, available on the last few ThinkPad generations. This fixes surprising brightness changes that would sometimes happen if you used the brightness keys or if the firmware decided to reset the brightness level for some other reason.
- Update to xf86-input-synaptics 1.8.3.
- Update to xf86-input-keyboard 1.8.1.
- In libevent, prevent the dispatch loop from bringing down the entire process because of incomplete kqueue(2) support for various types of files and filesystems.
- In awk(1) and npppd(8), remove modulo bias in the random number generator.
- Add the _sndiop user and group in preparation of the sndiod(8) privsep.
- In resolver(3), remove support for HOSTALIASES. It is incompatible with pledge(2).
- In acpithinkpad(4), avoid panics on older ThinkPads when pressing the ThinkLight key.
- In nc(1), print the certificate validity to the verbose output when using TLS.
- Avoid grabbing the kernel lock in uvm_unmap() if we have an interrupt-safe map.
- In syslogd(8), unbreak adding mark messages to log files.
- Remove the Class 3 Public Primary Certification Authority root certificate from /etc/ssl/cert.pem, per recommendation of Symantec/VeriSign.
- In asmc(4), add more temperature keys found in MacBook Airs (6,1 and 7,2) and MacBook Pro (10,2).
- Update to unbound 1.5.7.
- In mountd(8), fix issues with adding and deleting exports when (re)reading the exports(5) file.
- Add UTF-8 support to fmt(1). The -c option is not yet handled.
- Do not panic when trying to delete an non-existing route with ART.
- In relayd(8), handle the HTTP PATCH request correctly.
- In tmux(1), allow list-keys and list-commands to be run without a running server.
- In acpithinkpad(4), handle the keyboard backlight found on newer Thinkpads.
- Add initial 802.11n support to iwm(4).
- In mailwrapper(8), update the default MTA reference to smtpd(8).
- Use pledge(2) in dhcpd(8).
- In acpithinkpad(4), support ThinkLight.
- In eigrpd(8), introduce a new command to show traffic statistics.
- In tmux(1):
- Allow prefix and prefix2 to be set to None to disable.
- Add the key-table option to set the default key table for a session.
- In smtpd(8):
- Bump Diffie-Hellman parameterss to 2048.
- Allow overriding the default cipher-suite in smtpd.conf(5).
- Remove CA from pki and no longer allow specifying a CA with "pki" keyword. Introduce "ca" keyword to smtpd.conf(5) allow specifying a custom CA.
- On sgi, adjust IPI numbers to get the interrupts working.
- Avoid dhclient(8) from hanging during boot when the attempt to configure the address fails without dhclient(8) realizing it.
- In asmc(4), enable keyboard backlight support.
- In wsconsctl(8), add the keyboard backlight variable.
- In wscons(4), add new ioctls to control keyboard backlights.
- In smtpd(8), implement senders map.
- In ieee80211(9):
- Finish support for receiving 11n A-MPDUs.
- Add 11n/HT negotiation fixes.
- Makes 11n negotiation with Linux iwlwifi AP succeed.
- In smtpd(8), prepare for support of wildcard CA and DANE.
- In fdisk(8), open the disk read-only if none of -i, -e or -u are specified.
- Fix a bug where exhausting a tmpfs filesystem leads to kernel panic.
- In fdisk(8), add -v to force the display of both GPTs and the MBR.
- In libevent, do not print to stderr.
- Use pledge(2) in spamlogd(8).
- In dhcpd(8), fix a bug where the default-lease-time, max-lease-time, bootp-lease-length statements specified in dhcpd.conf(5) were being ignored.
- In nsd(8), disable the database file by default.
- Update to nsd 4.1.7.
- In ehci(4), work around Nvidia EHCI controllers bugs.
- In vmctl(8), allow the "id" argument to be a number or a VM name.
- In smtpd(8), add -F to run in foreground while logging to syslog.
- In makemap(8), add -U, like the sendmail makemap.
- In ssh(1), do not try to load an SSHv1 private key when compiled without SSHv1 support (bz#2505).
- Remove now unused plain DES from the kernel crypto framework, including the crypto accelerator drivers.
- Use pledge(2) in dhclient(8).
- In bnx(4), mark the start routine as MP-safe.
- In ksh(1), fix moving trough and deleting multibyte characters in emacs command-line editing mode.
- Install the OpenBSD::Pledge Perl module.
- Remove plain DES encryption: remove support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakpmd(8), ipsecctl(8) and iked(8).
- In libcrypto, change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms. This avoids truncation of the counter on 32-bit platforms.
- Do not trigger a KASSERT() if the route we're trying to remove does not exist and we get another matching one instead.
- Do not trigger a KASSERT() when destroying/detaching an interface with RTF_CLONED routes attached.
- In inteldrm(4), enable support for 3840x2160 60Hz SST.
- Rework the if_start MP-safe serialisation so it can serialise arbitrary work.
- In malloc(3):
- Add random "canaries" to the end of an allocation. This option is enabled with the malloc.conf(5) "C" flag.
- When writing junk to freed chunks (current default behavior), check that the junk is still intact when freeing the delayed chunk in order to catch a potential use-after-free.
- Add xenstore(4), a driver for XenStore, the configuration storage.
- Add xspd(4), a driver for the XenSource Platform Device.
- Add xen(4).
- In iwm(4), avoid synchronization issues with the firmware that might cause association to be aborted or stop the interface from working until reboot.
- Rewrite getusershell(3) to avoid the possibility of overflow.
- In doas(1), add -a to specify a non-default authentication style.
- In vmctl(8), add the "console" subcommand to connect to a specified VM console by id.
- Use pledge(2) in spamd(8).
- In tmux(1), add a hooks infrastructure, basic commands, and a couple of client hooks.
- Add UTF-8 support to wc(1): amongst other things, add -m for character counting.
- Add the root certificate for COMODO RSA Certification Authority to /etc/ssl/cert.pem.
- In calendar(1), add -w to display the day of week.
- In vmd(8), fix reloading after a previous load error.
- In vm.conf(5), allow unquoted slashes in strings. This also allows pathnames to be concatenated with macros.
- Merge makemap(8) into smtpctl(8).
- In tmux(1), fix bell indicators across detach.
- Update to freetype 2.6.2.
- In azalia(4), enable snooping on Intel 100 Series HDA.
- In ichiic(4), attach on Intel 100 series.
- In nc(1), make the random sequence of ports less biased.
- In vmm(4), prevent panics caused by opening /dev/vmm in the case of an unsupported configuration or in case vmm0 did not attach.
- In ifconfig(8), remove the "txpower" option. It is not relevant anymore.
- In newfs(8) and newfs_ext2fs(8), avoid out-of-boundary access on illegal command line arguments.
- In the libc locale code, validate input files to prevent out of boundary accesses.
- In vmctl(8), print the TTY in the status output.
- In vmm(4), restore VMM mode after resume from suspend/hibernate.
- In vmd(8), terminate all running VMs on startup: it is not possible to pick up state of "zombie" VMs yet.
- In as(1), implement the .inst assembler directive for arm.
- Ensure the same CPU numbering is used for the kern.cptime2 sysctl as for kern.proc. This fixes an issue in top(1) where a CPU would seem to be idle even though a thread was reported to be running on it.
- In ssh(1), prefer rsa-sha2-512 over -256 for hostkeys.
- Update termtypes.master to upstream terminfo-20151128.
- In rc.conf(8), merge "multicast_router" and "multicast_host" into a single "multicast" configuration variable.
- In bnx(4), make the interrupt handler MP-safe, and perform RX and TX completion outside the kernel lock.
- Make pppx(4) packets with npppd(8) through the device. This makes pppx(4) work with pipex.enable=0. Also fix tun(4) not to pass the packets to pipex(4) when pipex.enable=0.
- Do not loop on EAGAIN in imsg_read(3); return the error instead. This fixes spinning relayd(8) processes seen on busy TLS relays. Adjust all imsg_read(3) consumers accordingly.
- Use pledge(2) in ospfd(8).
- Let acpicpu(4) enable the deeper C-states for AMD Family 12h and later processors.
- Add an rc(8) script for vmd(8).
- In cap_mkdb(1), remove -i.
- In ssh, implement SHA2-256 and SHA2-512 for RSASSA-PKCS1-v1_5 signatures for user and host auth.
- In vmctl(8), add -c to the "start" subcommand to automatically connect to the VM console after startup.
- Add a few kernel lock improvements in the network stack.
- 5.7 and 5.8 RELIABILITY FIX: a NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections.
A source code patch is available for 5.7 and 5.8.
- Add a fix for OpenSSL CVE-2015-3195 and one for OpenSSL CVE-2015-3195.
- In vmctl(8), re-add the "load" and "reload" commands.
- Re-enable acceleration on Broadwell.
- Revert xenocara/driver/xf86-video-intel/src/sna/sna_accel.c r1.6 that partly disabled acceleration on Broadwell. The "blt" codepath is not tested well and makes X crash.
- Replace vmmctl(8) with vmctl(8).
- In smtpd.conf(5), introduce the "limit session" keyword instead of using fixed values in smtpd(8).
- In pppx(4), avoid a kernel panic when enqueueing an mbuf chain.
- Use pledge(2) in ssh(1).
- In vmd(8), add -D and -f.
- Add support for an optional vm.conf(5) file in vmd(8). This file will replace vmm.conf(5) in vmmctl(8).
- In netstat(1), print the interface index; its name is no longer available.
- In myx(4), use an MP-safe start routine.
- Add etherip(4).
- Add UTF-8 support to rs(1).
- Allow network interfaces to provide an MP-safe start routine.
- Use the ncurses files in /usr/share/terminfo/* instead of using the custom BDB terminfo(5) databases.
- In rebound(8), when running without net, prevent the resolver from having to wait for timeout when queries cannot be forwarded.
- In vi(1), after inserting a backslash, don't treat ^H ^? or ^U as special cases.
- In doas(1), provide a custom password prompt that includes username and host.
- In route(8), print the interface index which is part of the route msg header.
- Add privsep and pledge(2) to vmd(8).
- In relayd(8), improve the algorithm distributing client sessions over hosts.
- In spamd(8), fix STARTTLS support.
- In rc(8), fix a bug where it was no longer possible to add shlib_dirs using rc.conf.local(8).
- In the installer, improve GPT handling.
- On octeon, enable the DR1 region even with 32-bit page table entries.
- In azalia(4), fix the speaker audio on IDT 92HD75B3/4 codecs with HP subids.
- In cut(1), add UTF-8 support. Implement -c and -n options, and let -d option accept a multibyte delimiter character.
- In unbound(8), fix a file descriptor leak in the parent process.
- In azalia(4), add an unmute quirk for IDT 92HD75B3/4 codecs with HP subids. This is required to get speaker audio on the HP Elitebook 2540p.
- Use pledge(2) to ssh-agent(1).
- In Xserver(1):
- Make DRI2 work on OpenBSD where we don't have support for DRI3 yet.
- Enable glamor on architectures where we have OpenGL.
- In ppb(4), properly condigure bridges left unconfigured by the system firmware. This makes the Apple Thunderbolt Giabit Ethernet adapter work when inserted at boot time.
- Enable the GSE interrupt on Broadwell. This fixes ACPI brightness control on the MacBookPro12,1 and 3rd generation Lenovo X1 Carbon.
- In pcidump(8), print PME# state together with the PCI power state when enabled/asserted.
- Add UTF-8 support to cut(1) and ls(1).
- In smtpd(8), add received-auth parameter to listener to identify authenticated sessions in locally appended "Received" header when enabled.
- Fix an issue with gcc(1) on i386 which in turn fixes the Mesa i965 dri module on i386.
- Fix bridge(4) to forward broadcast/multicast frames from gif(4).
- In bgpd(8), fix rdomain setups.
- Remove the aviion and the solbourne platforms.
- Add separate users and groups for tftp-proxy(8) and ftp-proxy(8) so that they don't share the same ones.
- In fdisk(8), make -i zap any undesirable GPT hanging around, just like the reinit command does.
- In rtadvd(8), fix dynamic prefix tracking.
- In smtpd(8):
- Support user+tag expansion in aliases.
- While delivering to lmtp or mda, accept the optional "as user" parameter in smtpd.conf(5).
- Fix IPv6 address parsing in smtpd.conf(5).
- Allow the use of the tls+backup:// schema in smtpd.conf(5).
- Remove table-passwd, table-sqlite and table-ldap.
- In ubcmtp(4), add support for the touchpad found on the MacBookPro12,1.
- Use pledge(2) in adventure(6), backgammon(6), boggle(6), bs(6), canfield(6), fish(6), gomoku(6), grdc(6), mille(6), prime(6), ssh-keysign(8), trek(6) and wump(6).
- Make it possible to detach bge(4).
- Add OpenBSD::Pledge, a Perl interface to pledge(2).
- In xhci(4):
- Make the integrated SD card reader in the MacBookPro12,1 attach.
- Make hotplugging USB 3.0 devices work on the MacBookPro12,1.
- Convert the simple list of multipath route entries used by ART kernels to a SRP list. This makes the rtable_* layer MP-safe.
- Remove stdethers(8) and stdhosts(8).
- In atc(6), battlestar(6) and robots(6), use pledge(2) and move the score file to the user's home directory.
- Use pledge(2) in cribbage(6).
- In make(1), fix duplicate targets in target list.
- In skeyinit(1):
- Use pledge(2).
- Allow the -n flag to work in -s mode.
- In installboot(8), back out pledge(2).
- Mark the interrupt handler for pci (but not sbus) attached gem(4) as MP-safe.
- In ssh-keygen(1), do not leak a temporary file if there is no known_hosts file.
- In sshd(8), don't include port number in tcpip-forward replies for requests that don't allocate a port (bz#2509).
- In doas(1), don't write past the end of a buffer after reading too long a line from the configuration file.
- On sparc64, don't panic in pmap_enter() if we deplete the pool of pv entries and the PMAP_CANFAIL flag is set.
- In pci(4), do not report a bus conflict for bridges that are left (partly) unconfigured by the system firmware.
- In df(1), avoid reading past the end of a buffer.
- In ugen(4), attach the iPhone 6.
- In snake(6), use pledge(2) and move the score file into the user's home directory.
- Change the command-line syntax of vmmctl(8).
- In efiboot, avoid setting mode to GOP if the mode is unchanged. Also don't panic if the setting mode is failed.
- Remove rpc.yppasswdd(8).
- Use pledge(2) in installboot(8), login_radius(8) and scp(1).
- In chpass(1), login_chpass(8) and passwd(1), delete YP password related code.
- In rpc.bootparamd(8), delete YP lookup code.
- In syslog.conf(5), disable the *.emerg block by default.
- Automatically start vmm(4) when the first VM is created and after the last VM is terminated. This removes the explicit enable and disable cmmands from vmmctl(8) and vmm.conf(5).
- In fdisk(8), when prompting for a GPT partition type, use the partition's current type as default; and when prompting for an LBA, show the minimum and maximum values in the prompt.
- In ifconfig(8), fix breakage when re-configuring an IPv6 static address.
- Stop building Mesa on alpha on mips64 because of gcc and binutils issues.
- Replace IFF_OACTIVE manipulation with MP-safe operations.
- Add sendsyslog2(2). This makes it possible to remove the direct /dev/console opening code from libc.
- On libc, use reentrant versions of getpwnam(3), getpwuid(3), getgrnam(3), and getgrgid(3) within libc to avoid reusing the static buffers returned by the non-reentrant versions.
- In tmux(1):
- Show libevent version in showmsgs -I.
- All kill-session -C to clear alerts in all windows.
- Remove the -I part of show-messages.The server start time can be accessed with a new start_time format.
- In pciide(4), allow to reliably found disks on Xserve G5 by increasing the delay between the PHY reset and the status check for ServerWorks SATA.
- In vi(1), turn on filename tab completion by default.
- In telnet(1), don't support repeated connections. This avoids problems with pledge(2).
- In atc(6), battlestar(6), hack(6), phantasia(6), robots(6), sail(6), and snake(6), remove the setgid bit.
- In canfield(6), remove the setgid bit and move score files into the user's home directory.
- Use pledge(2) in fdisk(8) and mount(8).
- Remove support for "lookup yp" in resolv.conf(5). It is incompatible with pledge(2).
- In vmd(8), add the -d and -v flags.
- In vmd(8), add support for logging to stderr or syslog, and to run it in foreground with -d option.
- In sndiod(8):
- Ensure the /tmp/aucat directory gets the right permissions.
- Exit cleanly in the case where the clock is ticking because of a MMC start message.
- Remove the unused -M option.
- Attach zs(4/macppc) as "zs" rather than "zsc".
- In bc(1), fix printing of non-ASCII characters in an error message and fix a number of problems caused by invalid input.
- In vmmctl(8), add support for vmm.conf(5).
- Add vmd(8) and vmmctl(8).
- In tmux(1), if display-time is set to 0, show status messages until a key is pressed.
- In ospfctl(8), print what ospfd(8) thinks is connected by adding a "C" to the nexthop output.
- In ospfd(8), improve ABR support especially for self-originated stub networks. This solves the last issues when using ospfd(8) in multiple areas.
- Import mesa 11.0.6.
- Use pledge(2) in nsd(8).
- In pcidump(8), print the PCI power state when -v is given.
- In fdisk(8), bring GPT partition editing into line with MBR partition editing.
- Fix inteldrm(4) on recent Apple hardware.
- Make sdhc(4) work with 64-bit memory BARs such as those found on the new PC Engines apu.
- In tail(1), improve fixes for running without -f.
- In vmm(4), do not create a VM if vmm mode hasn't been enabled.
- In fdisk(8), fix several nits in editing partitions.
- In mandoc(1), fix multiple issues regarding process group and signal mask handling.
- Remove login_tis(8).
- In the installer, do not auto-skip X sets on systems without wscons(4).
- In em(4), revert all the changes to run the tx completion path without holding the kernel lock. It causes "watchdog timeout" problems.
- In cvs(1), disable server-side pserver support.
- In sppp(4), remove support for SPPP with framing. It is no longer used.
- In ed(1), restore the user-defined prompt (specified with -p) when it was turned off and then on again with "P".
- Use pledge(2) in monop(6), skeyinit(1), tetris(6), trpt(8), worm(6) and worms(6).
- Repair most cases of "tail +n" usage.
- In tmux(1), only assume pasting with at least two characters.
- Update to flex(1) 2.5.39 and add various improvements including use of pledge(2).
- In fdisk(8), when an existing partition is modified in LBA mode, ensure that the partition table is marked dirty so that it gets written when "quit" is issued.
- In tail(1), allow tailing multiple files.
- Use pledge(2) in OpenCVS.
- In the kernel, don't try and wakeup other threads to handle pending work when it is known there's only one thread in the taskq.
- In newsyslog(8), back out pledge(2).
- In ssh(1), disallow ConnectionAttempts=0.
- In vi(1), remove cscope support.
- In the installer, set "prohibit-password" in sshd_config(5) instead of "without-password".
- Use pledge(2) in fvwm(1), FvwmPager(1), hotplugd(8), locale(1), sensorsd(8).
- Add icdb, the Internal C Database: a simpler replacement for the old Berkeley DB code.
- Add getpwnam_shadow(3) and getpwuid_shadow(3). These functions will always open the secure/shadow/master password files.
- In cnmac(4/octeon), fix the reception of short non-IP packets by accounting of padding with dynamic short packets.
- In tmux(1), add the "s/foo/bar/:" prefix for formats to substitute bar for foo.
- Fix a regression introduced by the rtalloc(9) rewrite where only the first route of a multipath chain had a valid next hop and could be used.
- In ssh-keygen(1), fix -l for private keys. This was broken in support for multiple plain keys on stdin.
- In sndiod(8), disable -L (networking) until privilege separation is implemented.
- In fdisk(8), since -e edits the on-disk information, remove GPT and re-read it from disk if appropriate.
- In crontab(1), check for setgid(2) failure before executing editor and warn if the exec of shell + editor fails.
- In ntpd(8), fix memory leak in remove a constraint code path.
- In trpt(8), remove the setgid bit.
- In tetris(6), remove the setgid bit and move score files into the user's home directory.
- Remove lptest(1), pac(8) and yptest(8),
- In bge(4), clear the interface timer when shutting down the interface so the watchdog timer doesn't fire a few seconds later.
- In snmpd(8), exclude sensors marked as invalid from the sensors MIB.
- Use pledge(2) in cvs(1), getconf(1), newsyslog(8), sa(8) and showmount(8).
- Unbreak next-hop caching on multipath setups: when multiple gateways are in use, the next-hop entry might not be on the same interface.
- In bgpd(8), in the session engine, handle loss of the pipe with a normal shutdown of sessions and exit.
- In ssh-keygen(1), allow fingerprinting from standard input and support fingerprinting multiple plain keys in a file and authorized_keys files (bz#1319).
- Use pledge(2) in calendar(1), gprof(1), mail(1), and shutdown(8).
- In at(1), make -l comply with POSIX.
- Fix a panic that happens when radeomdrm(4) detaches because the hardware couldn't be initialized properly.
- In pvbus(4), fix a panic on i386 under VMware.
- Add the QuoVadis root certificates to /etc/ssl/cert.pem.
- In sshd(8), add a new authorized_keys option "restrict" that includes all current and future key restrictions. Also add permissive versions of the existing restrictions.
- In ssh_config(5), add the AddKeysToAgent option.
- In intel(4), partly disable acceleration on Broadwell. This avoids use of the render ring which gets stuck after resume.
- In ieee80211(9):
- Add 11n HT support.
- Expose 11n mode to the ifmedia layer and introduce the concept of MCS. Make sure 11n features are enabled only if media type is autoselect or 11n.
- Add support for 11n mode to the rate adaptation (AMRR) code.
- In Xorg(1), remove the -configure option. It has been broken for a long time.
- Use pledge(2) in
locate(1), tput(1), tset(1), and user(8).
- In rdistd(1), support hardlinked symlinks.
- In the binutils tools:
- Don't try to preserve setuid bits.
- Always strip off setuid/setgid bits when creating copies of files.
- In ieee80211(9), fix CCMP (WPA2) in preparation for 11n.
- Remove libocurses. It is no longer used.
- In mandoc(1), fix a bug where hitting Ctrl-Backslash (= SIGQUIT) in the less(1) process spawned by man(1) causes man(1) to die uncleanly leaving behind its temp files, and kill less(1) uncleanly leaving the terminal in the wrong state.
- Use pledge(2) in ar(1), info(1), infokey(1), install-info(1), ldconfig(8), ldd(1), makeinfo(1), objcopy(1), texindex(1), vi(1), xconsole(1) and ypldap(8).
- In rs(1), fix a bug with -z where every column was at least as wide as the previous one.
- Update to xkeyboard-config 2.16.
- In telnet(1):
- Remove S/Key support.
- Remove support for !shell.
- Remove the tracefile command.
- Remove the debug command.
- Set rtable(4) on the whole process, not only in the socket.
- Use pledge(2).
- Use pledge(2) in as(1), fdisk(8), gcc(1), ld(1), nm(1), rarpd(8), tcpbench(1) and tftp-proxy(8).
- In crypto(9):
- Remove unused non-HMAC versions of MD5 and SHA1.
- Remove unused ARC4.
- In tmux(1) add the window_visible_layout format.
- In file(1), with -L, make links actually be followed.
- Add vmm(4). It is disabled by default.
- In ssh, send SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during KEX (bz#2949).
- In sshd_config(5), support "none" as an argument for ForceCommand and ChrootDirectory (bz#2486).
- In ssh-keygen(1), for -L, support multiple certificates (one per line) and reading from standard input.
- In nc(1), with -V, set rtable(4) on the whole process, not only in the socket.
- Revert sys/dev/pci/if_bge.c r1.372. It causes regressions on some models.
- In dhclient(8), when link loss is reported, cancel any active timeout and wait for link to return.
- Use pledge(2) in cwm(1) and fingerd(8).
- In fdisk(8):
- Avoid problems with pathological input during edit operations by never attempting to use data past the end of the input.
- Refresh the in-kernel copy of the disklabel from the disk after writing the new GPT.
- Let "reinit mbr" zero existing MBR and GPT partition information before constructing default MBR.
- In cron(8), move the socket to /var/run/cron.sock.
- In tmux(1):
- Remove the mouse-utf8 option. Instead, always turn on UTF-8 mouse if the client says it supports UTF-8.
- Support UTF-8 key bindings.
- Remove the mouse_utf8_flag.
- Remove the utf8 and status-utf8 options. Make tmux only a UTF-8 terminal.
- In fdisk(8), display the full disk size when editing GPT, not the truncated MBR size. Display the "disk too large" message only when no GPT is found.
- Use pledge(2) in mg(1), spamdb(8), xclock(1) and Xserver(1).
- In mg(1), clear the mini buffer once a question has been displayed.
- In ehci(4), mark the interrupt handler IPL_MPSAFE.
- Add /dev/vmm.
- In bge(4), unbreak the BCM5704 A3 found on some Xserve G5 (RackMac3,1).
- In fdisk(8), make GPT on large disks work.
- In rs(1):
- With -H, do not overrun a static buffer on files longer than 4 kB.
- With -K, do not print bogus blank lines in case of premature EOF.
- Reduce the memory overhead of our ART routing table from 80M to 70M compared to the existing radix-tree when loading ~550K IPv4 routes.
- In newfs(8), remove TMPDIR support.
- Install ikeca.cnf by default as ikectl(8) now requires CA-specific sections not present in the general openssl(1) cnf files.
- In libc:
- 5.7 and 5.8 RELIABILITY FIX: insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
A source code patch is available for 5.7 and 5.8.
- Use pledge(2) in less(1) and nohup(1).
- In less(1), do not save history in secure mode.
- Use the correct rdomain(4) when sending gre(4) keepalive packets.
- In ehci(4), fix a NULL dereference in case a Root Port Hub interrupt is handled before the soft-interrupt has been established.
- In efiboot, avoid a crash when attempting to calculate the header checksum.
- Make HFSC work on age(4) and vr(4).
- Add the _vmd user and group for the forthcoming vmd(8) daemon.
- Revert gnu/usr.bin/gcc/gcc/cp/g++spec.c r1.2 and r.13 in order to go back to the default upstream behaviour when linking a shared library with c++. It is no longer necessary to behave the same as g++ 2.95.
- In ssh-keyscan(1), add -c to allow fetching certificates instead of plain keys.
- In ncr53c9x, when issuing a non-dma command, set a length variable to 0 upfront to avoid problems on command completition interrupt.
- In ssh(1), fix an OOB read in the packet code.
- Fix possible system panics due insufficient validation of RSN element group cipher values in 802.11 stack.
- Fix a use-after-free in fwvm(1).
- In sdmmc(4), always claim to support sector mode for eMMC. This allows BeagleBone Black boards with Micron eMMC to work.
- In less(1), remove LESSGLOBALTAGS support.
- In efiboot, make "machine disk" show EFI info instead of BIOS info.
- In restore(8), make hardlinks of symlinks work.
- In efiboot, disable red-zone since EFI is running with a different ABI. This may fix an issue when loading a compressed kernel on MacBooks.
- Update to xserver 1.17.4.
- Use input handlers for bridge(4). This allows more flexible configurations with vlan(4) and bridge(4) on top of the same physical interface.
- Use pledge(2) in xterm(1).
- In hypotf(3), fix wrong magic numbers in scaling causing incorrect results for large and small values.
- In getty(8), remove ppplogin support.
- Radically improve the performance of bgpd(8) filters.
- In less(1):
- Remove support for "!" to run a shell command.
- Remove LESSCHARDEF support.
- Remove unused charsets and LESSCHARSET support.
- Make HFSC work on de(4) and ie(4/sparc).
- In ld.so(1), fix unloading of load groups when the last reference was not on the load_object but rather some descendent.
- On i386, fix a regression by reading/writing to CR4 register only if the processor has this capability.
- Stop creating the directory /usr/share/nls. If the user does not specify a NLS path, fail early in catopen(3).
- In res_init(3), restrict the number, size and address family of nameservers. This fixes a crash in sendmail. Only programs that use the bind resolver internals directly are affected.
- Replace less(1) with the cleaned-up fork of less 458 maintained by Garrett D'Amore.
- Update to unbound 1.5.6.
- Update to nsd 4.1.6.
- In the loongson installer, ensure that the partition containing the boot blocks is recognized on the eBenton EBT700.
- Use pledge(2) in httpd(8), ikectl(8), slowcgi(8) and wall(1).
- For USB mice with wheels, check for the W direction at AC Pan input.
- In pkg_add(8), tweak dependencies handling. This might fix some infrequent bugs.
- In tcpdump(8), fix a segmentation fault by capping the GRE packet len to tcpdump's snap len.
- In tmux(1), pass through right click if mouse is on.
- In smtpctl(8), implement the "uncorrupt" subcommand.
- In smtpd(8), correctly handle messages that consist solely of headers and do not end with an empty line.
- In km(4), match the temperature sensor in GX-412TC SOC.
- In ipsecctl(8), decode Chacha20-Poly1305 when dumping SAs.
- In iked(8), support Chacha20-Poly1305 for Child SAs.
- Fix a potential use-after-free in pf(4).
- Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains IP options or if an IPv6 packet contains header extensions.
- In rtadvd(8), recognize carp(4) interfaces in order to send the src lladdr option.
- In fdisk(8), don't allow the user to enter GPT partition names too large to fit in the GPT partition structure. Also avoid running off the end of the name buffer.
- Prevent a panic caused by an infinite recursion in the network stack.
- In efiboot, use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" to find the boot device since the MacBook does not support the latter protocol.
- In snmpd(8), don't lose the ARP entries when updating an interface.
- Add Chacha20-Poly1305 to the OpenBSD Cryptographic Framework and enable it in the software crypto driver and the IPsec/ESP and PF_KEY frameworks.
- In whois(1), add -I to use whois.iana.org (root zone database).
- In tcpdump(8), print RDNSS nameserver addresses and option names for some other known options that are not otherwise decoded yet (DNSSL, route information).
- In libssl, add EVP_aead_chacha20_poly1305_ietf(3), a ChaCha20 with a Poly1305 authenticator for IETF protocols.
- Remove ARP load-balacing in order to simplify making ARP MP-safe.
- In xhci(4), mark the interrupt handler as IPL_MPSAFE since it only schedules a soft-interrupt.
- In ikectl(8):
- Accept an "ocsp" option when creating certificates to set the extended key usage for OCSP signing.
- Let openssl(1) add valid signed certs to the index file which is required to use the builtin openssl OCSP server.
- Switch from SHA-1 to SHA-256.
- Introduce ml_purge(9) and mq_purge(9) to free all mbufs on an mbuf list or queue.
- In intel(4), fix rendering problems on Broadwell GT3 (Iris 6100/Iris Pro 6200).
- In re(4), expand the rx and tx rings so that deviced needing more packets per interrupt can use them.
- Rework the netstart(8) script.
- In inteldrm(4):
- Prevent the desktop "Iris Pro Graphics 6200" from being misidentified as ULT.
- Make the mobile "Iris Graphics 6100" be correctly identified as being a ULT part.
- Use pledge(2) in bgpctl(8), ldapctl(8), ldapd(8), m4(1), skeyaudit(1) and skeyinfo(1).
- In ntpd(8), revert some parts introduced with the original server rtable support, so servers with numeric IP addresses won't be skipped.
- In mg(1), mark *Completions* buffer as read-only.
- In httpd(8), revert usr.sbin/httpd/httpd.c r1.42 (fix PATH_INFO for "/" requests). It breaks slowcgi(8) and php-fpm setups.
- In mandoc(1) do not access a NULL pointer when a .Bd macro has no arguments at all.
- In ntpd(8), remove support for sending status reports to syslog on SIGINFO.
- In cvs(1), fix a crash in pserver mode when CVSROOT/passwd contains an old DES password.
- Fix interaction between inteldrm(4) and efifb(4).
- In mg(1), fix opening dired from the command line.
- In libcrypto, add support for the Poly1305 Message Authentication Code.
- In asmc(4), enable the keyboard backlight led earlier to avoid a race.
- In ping(8), back out chacha.
- In rebound(8), print stats upon SIGUSR1.
- In smtpctl(8), implement the "discover" subcommand.
- In ssh(1), fix "PubkeyAcceptedKeyTypes +..." inside a Match block.
- Make inteldrm(4) attach to pci(4) instead of vga(4). This is needed for machines where Intel graphics isn't the primary graphics device and on systems with UEFI firmware that put the device in non-VGA mode.
- Use pledge(2) and privsep in rdate(8).
- Use pledge(2) in at(1), cap_mkdb(1), cron(8), crontab(1) and last(1).
- In cnmac(4/octeon), enable TCP/UDP checksum offloading on packet transmission.
- Support backspace in softraid(4) boot passphrase prompt.
- In lpd(8), remove pidfile support.
- Use pledge(2) in apm(8).
- In resolv.conf(5), remove support for "[addr]:port" syntax from the "nameserver" line.
- In smtpd(8), support aliases(5) entries resolving to maildir:/path.
- Add a rcpt-to paramater to smtpd.conf(5).
- In unbound(8), don't use a pidfile by default.
- In relayd(8), change cipher-server-preference to be on by default.
- Document eigrpd.conf(5).
- In eigrpd(8):
- Print a missing "metric" before the actual metric when printing a redistribute line.
- Whenever a summary route is activated, install a respective blackhole route in the FIB.
- In pkg-config(1), do not reject properties with no whitespace after the colon.
- In repquota(8), don't allow -a together with specifying filesystems.
- Fix makemap(8) for values containing a "#".
- In dhclient(8), add the ability to use option 119 ("Domain Search") if supplied by the server.
- In fdisk(8), add GPT editing.
- Remove rip6query(8).
- In crontab(1), diff(1) and sendbug(1), remove TMPDIR support.
- In top(1), print the uptime too.
- In httpd(8), fix PATH_INFO for "/" requests.
- In mrouted(8), pppd(8), rarpd(8), rbootd(8), smtpd(8), wsmoused(8), ypserv(8), remove pidfile(3) support.
- In smtpd(8), avoid a potential double free.
- In ssh(1), expand tildes in filenames passed to -i before checking whether or not the identity file exists in case the shell doesn't do the expansion (bz#2481).
- In route6d(8), fix a memory leak.
- In ssh(1), do not prepend "exec" to the shell command run by "Match exec" in a config file (bz#2471).
- In tmux(1), extend the modifiers allowed before formats.
- Use pledge(2) in rtadvd(8).
- In cron(8), ftpd(8), route6d(8) and rtadvd(8), remove pidfile support.
- Fix installboot(8) on i386/amd64 when softraid is on top of GPT.
- Enable asmc(4) on i386.
- In asmc(4), fix seldomly seen "comm collision" errors.
- In disklabel(8), remove support for the "b0" and "b1" disktab(5) capabilities.
- Do not expose nd6 randomid's to userland via ioctl(2).
- In ping6(8), remove -g after IPV6_NEXTHOP removal.
- In ip6(4), remove IPV6_NEXTHOP implementation.
- In telnet(1), remove IP Source Route support.
- In ping6(8), implement ping(8)'s -L option.
- Remove the NLS support from libc messages.
- In tmux(1), remove TMPDIR support.
- Use pledge(2) in
dig(1),
host(1),
nslookup(1),
quiz(6),
- In eigrpd(8), keep conversions between the real and composite bandwidth consistent with what Cisco does.
- In ssh(1), fix keyscan output for multiple hosts/addresses on one line when host hashing or a non standard port is in use (bz#2479).
- In tcpdump(8), avoid a segfault with malformed DECnet packets.
- In ping6(8), move the output of the src address to the -v option. This syncs the output with that of ping(8).
- Ignore Router Advertisment's current hop limit.
- Wait a short while between setting a USB device's address and reloading its descriptor. This fixes a flaky attach of USB devices on the Thinkpad Helix 2.
- In syslogd(8), stop the chrooted child from trying to load the default CA file.
- In bgpctl(8):
- Print if a route is redistributed or not at least for static and connected.
- Allow other MRT message types to be parsed.
- Add pair(4), a vether-based virtual Ethernet driver to interconnect rdomains and bridges on the local system.
- In cnmac(4/octeon), make use of hardware RX checksum validation.
- In catopen(3), verify that an opened message catalog is valid. This avoids integer overflows and out-of-boundary accesses.
- Fix renaming in the root directory of FAT filesystems.
- In syslogd(8), if a write to a tty is blocked, use an event instead of forking.
- In tmux(1), add a format for scroll position.
- In ndp(8), don't do DNS lookups when -n is specified.
- Split up tun(4) into tun(4) and tap(4).
- In ntpd(8), no longer allow upstream NTP servers to be in multiple routing tables.
- Don't enable /etc/fonts/conf.d/10-autohint.conf by default. It causes problems with glyphs exceeding the cell size.
- Introduce a new sysctl(3) NET_RT_IFNAMES that returns only ifnames to ifindex mappings.
- Use pledge(2) in
ldpctl(8),
ldpd(8),
route(8),
- Translate calendar files to UTF-8.
- On amd64 and i386, enable viornd(4) on RAMDISK_CD.
- In eigrpd(8), fix some bugs in the handling of the RTM_GET and RTM_CHANGE messages.
- In mandoc(1), avoid a NULL pointer dereference.
- Stop linking iked(8) statically. This has benefits like having full ASLR and taking take advantage of libcrypto updates.
- Use pledge(2) in addr2line(1), iked(8), login_yubikey(8), nc(1), objdump(1), ps(1), readelf(1), strings(1), su(1), top(1) and
w(1).
- In bgpd(8), revert usr.sbin/bgpd/parse.y r1.282 that allowed for empty blocks for peers. It broke the grammar by introducing shift/reduce errors.
- In tmux(1), fix "tmux killw\; detach".
- In bgpd(8), log and ignore received empty route messages.
- Use pledge(2) in doas(1), hangman(6) and renice(8).
- In libssl:
- Avoid a (harmless) read and write overrun in the RC4 code.
- Avoid a segfault in "openssl gendh 0".
- In ssh(1), fix a memory leak in an error path.
- In tmux(1), add a default binding for mouse wheel up to scroll into history.
- In ssh(1) and moduli(5), remove Diffie-Hellman moduli entries below 2048 bits.
- In eigrpd(8), add support for route summarization.
- Add a new getsockopt(2) option IP_IPDEFTTL to retrieve the default TTL.
- In write(1), fix writing to other user's tty.
- Use pledge(2) in rmt(8).
- Replace dnssocket() and dnsconnect() with a SOCK_DNS flag on socket(2).
- In vr(4), fix 802.1p VLAN priority code points for VLAN_HWTAGGING.
- In tcpdump(8), avoid division by zero by adding an explicit check for a malformed AS segment.
- In eigrpd(8), fix a use-after-free.
- In iked(8), unbreak OCSP support.
- Use pledge(2) in nice(1), radiusctl(8) and radiusd(8).
- In libssl, stop supporing legacy time formats that OpenSSL supports.
- In eigrpd(8), fix memory leaks in error paths.
- In iked(8), remove IKEv1 support.
- In radiusd(8), avoid a NULL dereference.
- Update to freetype 2.6.1.
- In bge(4), move rxeof and txeof outside the kernel lock.
- In drm(4), backport a fix to prevent machines from hanging or resetting.
- In crunchgen(8), avoid integer overflow with very large files.
- Use pledge(2) in bgplg(8) and inetd(8).
- Add two new system calls: dnssocket() and dnsconnect().
- In drm(4), don't poke registers on the wrong PCI device. This should fix machines such as the Asus EeePC 701.
- Use pledge(2) in csh(1), sort(1), savecore(8) and tmux(1).
- In ping6(8), implement -w like in ping(8).
- In bgpd(8), do not accept fds on the control socket.
- In snmpd(8), tighten up the control socket: do not allow users to terminate the daemon by sending corrupted imsgs.
- In xinit(1) and xdm(1), don't automatically launch dbus as part of the default user sessions.
- In ssh(1), increase the minimum modulus that will be sent or accepted in diffie-hellman-group-exchange to 2048 bits.
- Unbreak route6d(8): adding unneeded space to its cmsg item breaks sendmsg(2).
- In sysmerge(8), drop usage of TMPDIR.
- In ping6(8):
- Move -t and -w functionality to -a.
- Remove RFC 4620 support.
- In iwm(4), fix occasional firmware errors while bringing the interface up or scanning.
- In nlist(3) and other nlist implementations, validate parsed ELF values to prevent out of boundary accesses.
- In hack(6), disable the "!" command to escape to a shell.
- In patch(1), add native support for ed(1)-style diffs. This allows for a stronger pledge(2).
- Use pledge(2) in cu(1), getty(8), pwd_mkdb(8), route6d(8), vipw(8) and zic(8).
- Add the _rebound user and group in order to improve privdrop for rebound(8).
- Use pledge(2) in ftp(1), identd(8), login_token(8), rebound(8) and sdiff(1).
- Import rebound(8), a lightweight DNS proxy.
- In disklabel(8), remove -B.
- In x99token(1), avoid a race between fopen(3) and fchmod(2). This prevents an attacker to open an old file with wrong permissions before the secret is written into it. It also guarantees that a new file with correct permissions is created.
- On vax, use MI installboot(8) instead of "disklabel -B" to install boot blocks.
- Add proper support for vax to installboot(8).
- Use pledge(2) in x99token(1).
- Remove the "!" (subshell) and "v" (edit) commands from the ramdisk more(1) command.
- On octeon, let the rx path of cnmac(4/octeon) run without the kernel lock.
- In smtpctl(8), allow "all" as an argument for the "resume envelope", "pause envelope" and "remove" subcommands.
- In tcpdump(8), fix a crash that occurs when printing the filename in a malformed NFS request packet.
- 5.6, 5.7 and 5.8 RELIABILITY FIX: the OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak.
A source code patch is available for 5.6, 5.7, 5.8.
- In tar(1), use a strict $PATH to run the (de)compressors.
- In newsyslog.conf(5), allow the wheel group to read /var/log/maillog.
- RELEASE CD ISSUE: the "src.tar.gz" file on the source tree was created on the wrong day and does not match the 5.8 release builds.
A replacement file is available for 5.8.
- 5.6, 5.7 and 5.8 RELIABILITY FIX: a problem with timer kevents could result in a kernel hang (local denial of service).
A source code patch is available for 5.6, 5.7 and 5.8.
- In ping6(8), use ping(8)-like semantics for -I.
- In sort(1), copy permissions and ownership when -o will override an input file.
- In fsck_ext2fs(8), fsck_ffs(8) and fsck_msdos(8), only accept one filesystem/device as argument for checking.
- Use pledge(2) in banner(6), bcd(6), caesar(6), factor(6), fsck_ext2fs(8), fsck_ffs(8), fsck_msdos(8), login_passwd(8), login_reject(8), morse(6), number(6), pig(6), pom(6), ppt(6), rain(6) and random(6).
- In ugen(4), prevent a NULL-pointer dereference when closing a ugen(4) node in case the kernel failed to change the interface of a device.
- In mg(1), check if a file name can be extracted from a line before marking for deletion.
- In sort(1), ignore the setuid/setgid/sticky bits when copying the permissions of an input file to the new output file.
- In ping6(8), remove the -b flag.
- Make sure RTF_LOCAL route entries are UP when added to the tree.
- Use pledge(2) in crunchgen(8), lockspool(1), mklocale(1), netgroup_mkdb(8), newfs_ext2fs(8), nologin(8), smtpd(8). syslogc(8) and yes(1),
- In mg(1), when refreshing a dired buffer, avoid losing the files marked for deletion.
- In ping6(8), deprecate and remove the -W flag.
- Make ftp(1) non-static, allowing for better ASLR.
- In ntpd(8), improve the privsep design. In particular, remove the delays that have been introduced by expensive constraint forks.
- Use pledge(2) in apropos(1), config(8), dev_mkdb(8), help(1), kvm_mkdb(8), mailwrapper(8), makewhatis(8), man(1), mandoc(1), mesg(1), mkuboot(8), mksuncd(1), skey(1) and whatis(1).
- In bgpd.conf(5), allow the blackhole well-known community to be given by name.
- In bgpctl(8), add "best" as an alias for "selected".
- Use pledge(2) in ac(8), biff(1), clri(8), clri(8)/pax(1)/tar(1), tunefs(8), stty(1) and zdump(8).
- In pkg-config(1), handle comma-separated list of arguments.
- Disallow "rm -rf /".
- Always set the timeout at least one tick in the future for EVFILT_TIMER to avoid looping in softclock().
- In bc(1), avoid fork/execve of dc(1). This allows a for a strong pledge(2).
- Use pledge(2) in apply(1), arithmetic(6), awk(1), dvmrpctl(8), encrypt(1), env(1), fsirand(8), fstat(1), gencat(1), infocmp(1), kill(1), ln(1), lndir(1), pflogd(8), pkill(1), rcs(1), rpcgen(1), scan_ffs(8), sdiff(1), sendbug(1), spell(1), tftpd(8), tic(1), time(1), tsort(1), ul(1), unexpand(1), which(1), xargs(1), yacc(1) and ypcat(1).
- In asmc(4), add location to the fan description.
- In mg(1), make functions that accept multiple iterations via C-u N, honour 0. Except C-k which has a defined behaviour.
- Make tcpdump(8) print more information from the HT Capabilities element.
- In syslogd(8), if it is started with -S, it accepts TLS connections to receive encrypted messages and the server certificates are taken from /etc/ssl.
- Use pledge(2) in cmp(1), du(1), eigrpctl(8), eigrpd(8), getcap(1), getent(1), ksh(1), lex(1), ospf6ctl(8), relayctl(8) and relayd(8).
- In ksh(1), disable the mknod builtin.
- In comsat(8), remove NFS spool support.
- In syslogd(8), add the -S option to accept TLS connections and receive encrypted messages.
- In smtpd(8), turn the local enqueuer setgid(2) _smtpq and restrict access to the offline queue.
- In mg(1), fix a line number bug when calling onlywind().
- Use pledge(2) in comsat(8), ospfctl(8), ripctl(8), syslogd(8) and tradcpp(1).
- Rename tame(2) to pledge(2).
- On amd64 and i386, increase the HEAP_LIMIT from 0x90000 to 0xA0000, to fix an out-of-heap when booting on a large block size (32K) partition.
- In tame(2), add the "mcast" request that exposes a small set of multicast (IP_MULTICAST_IF, IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP) join operators.
- In ksh(1), don't open history files that don't belong to the user.
- Lock the page queues by turning uvm_lock_pageq() and uvm_unlock_pageq() into mtx_enter() and mtx_leave() operations.
- Use tame(2) in make(1), portmap(8) and signify(1).
- In trunk(4), if the mbuf has a valid flowid, use it instead of using siphash24 and a bunch of header fields we have to parse the mbuf for.
- Unlock the softnet task.
- In httpd(8), fix an fd leak if a socket connection fails.
- In snmpd(8):
- Use correct return value for IP-MIB::ipForwarding.
- Fix getbulk requests for multiple OIDs.
- Add initial support for UEFI/GPT installs to the installer.
- In ssh(1), include PubkeyAcceptedKeyTypes in "ssh -G" config dump.
- In g++(1), correct handling of enum attributes.
- In tmux(1), fix a couple of memory leaks in error paths.
- Use tame(2) in cp(1), ctags(1), from(1), getopt(1), head(1), htpasswd(1), lastcomm(1), logname(1), look(1), mkdir(1), mktemp(1), nl(1), paste(1), pr(1), printenv(1), readlink(1), rev(1), rmdir(1), split(1), tee(1), tftp(1), tty(1), users(1) and uudecode(1).
- In installboot(8), add initial support for installing UEFI boot files to a GPT EFI System Partition.
- In ssh(1), make it possible to use tun(4) and tap(4) networking as non-root user if device permissions and interface flags are pre-established.
- In em(4), fix the watchdog timeouts reported by various people.
- In skeyinit(1), remove the -C option that converts an S/Key database to the new format.
- In smtpd(8), fix a memory leak in an error path.
- Use tame(2) in csplit(1), date(1), ed(1), join(1), jot(1), lam(1), lock(1), openssl(1), printf(1), tail(1), touch(1), tr(1), units(1), unvis(1) and what(1).
- Fix cu(1) to make xmodem work with -d.
- In diff(1), remove the non-standard -l flag that pipes the output through pr(1).
- On the alpha ramdisk, remove cd(4).
- Use tame(2) in bgpd(8), cal(1), col(1), colrm(1), column(1), comm(1), cut(1), deroff(1), diff(1), diff3(1), dirname(1), expand(1), fgen(1), find(1), fmt(1), fold(1), hexdump(1), id(1), indent(1), kdump(1), logger(1), nm(1), rs(1), stat(1), unifdef(1), vis(1) and write(1).
- In disklabel(8), remove -B support on landisk. It has been superseded by MI installboot(8).
- On landisk, use MI installboot(8) instead of disklabel(8) -B to put boot blocks on installation media.
- In fdisk(8), enhance -g to create a default GPT label in addition to the protective MBR. If -b is specified, an EFI System partition of the requested size is created.
- In eigrpd(8):
- Add option to configure or disable the DUAL active timeout.
- Ignore IPv4 TLVs in IPv6 instances and vice-versa.
- When the SIA state is declared for a given destination, reset the adjacency with the unresponsive neighbor(s).
- Add the _eigrpd user and group for eigrpd(8).
- In rcctl(8), make it possible to give the same action to several daemons at once.
- In asmc(4), check the validity flag earlier and do not try to attach invalid (non-existing) keys.
- In ahci(4), fix a memory leak in an error path.
- Use tame(2) in banner(1), dd(1), df(1), dmesg(8), expr(1), file(1), ls(1) and pwd(1).
- Enable eigrpd(8) and eigrpctl(8).
- In dc(1):
- Remove the "!" command. This makes dc(1) better tameable.
- Use tame(2).
- On octeon, fix a memory leak in an error code path.
- Use tame(2) in cat(1), echo(1), test(1), uname(1) and wc(1).
- Add IPv6 transport for pflow(4) data.
- When multiple vxlan(4) interfaces are configured with same VNI, select the interface whose tunnel destination corresponded to the incoming packets' source address.
- In libssl, fix reference counting and memory leak in error path in an error path.
- Use tame(2) in acpidump(8), arp(8), basename(1), chflags(1), finger(1), grep(1), gzip(1), kdump(1), leave(1), md5(1), ntpctl(8), ntpd(8), patch(1), ping(8), ping6(8), script(1), sed(1), sleep(1), sshd(8), tcpdump(8), traceroute(8), uniq(1) and whois(1).
- Revert the mmap(2) unlock. It causes vnode-related panics on several architectures in the codepath that implements mmap(2).
- In iked(8):
- Fix EAP (user-based auth) with IKEv2 in El Capitan.
- Remove MD5 from the default proposals
- Fix EAP (user-based auth) with IKEv2 in El Capitan.
- In pfctl(8), make the "-s all" option show queues.
- In libssl, conform with RFC 5280 for times allowed in a X.509 certificate.
- In snmpd(8), mitigate the risk of user-injected file descriptor leakage from the optional world-writable restricted control socket.
- Add ktracing of argv and envp to execve(2), with envp not traced by default.
- Add eigrpd(8) (and eigrpctl(8)), an Enhanced Interior Gateway Routing Protocol daemon.
- 5.6, 5.7 and 5.8 SECURITY FIX: multiple reliability and security issues in smtpd(8).
A source code patch is available for 5.6, 5.7 and 5.8.
- In smtpd(8):
- Do not allow connection IDs to wrap and collide with another active connection ID. This allows a local user to force the daemon to exit.
- Fix a stack-based buffer overflow in the token expansion code of the (unprivileged) lookup process. This allows a local user to crash the server or potentially to execute arbitrary code.
- Allow reading of imsg while discarding fd's when reading from a context where we don't expect/want to receive one. This prevents a local user from exhausting resources and causing smtpd to hang by crafting valid imsg that don't expect a descriptor but passing one anyway.
- Prevent users from playing hardlink/symlink/mkfifo games with their offline messages and ~/.forward files. This allows a a local user to hang smtpd or even reset chflags and read the first line of an arbitrary file.
- Do not exit on unexpected causes of SIGCHLD. This allows a specially crafted mda to cause smtpd to exit.
- Make uid checking on ~/.forward files more strict. This avoids users from creating hardlink to root-owned files and leaking the first line.
- Fix a use-after-free and out-of-bounds memory reads in the (unprivileged) lookup process. This avoids crashes or potential arbitrary code execution.
- Revert src/sys/net/route.c r1.245. It breaks some NFS setups.
- Update to tzdata2015g from ftp.iana.org.
- In asmc(4), relax vendor comparison to match variations found in older models such as the MacMini1,1.
- On alpha, make the pmap (more) MP-safe by protecting both the pmap itself and the pv lists with a mutex. This should make pmap_enter(9), pmap_remove(9) and pmap_page_protect(9) safe to use without holding the kernel lock.
- In iked(8), fix several interoperability issues:
- If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
- Don't reject an "empty" CERTREQ (one with no CA hashes), instead treat it as if no CERTREQ were received. This may fix other interoperability issues.
- In sndio(7), remove support for the AUCAT_COOKIE environment variable.
- Update to pixman 0.32.8.
- On amd64, add asmc(4), a driver for the Apple System Management Controller (SMC).
- Implement a new "prot_exec" tame(2) request.
- In em(4), run the tx completion path without the kernel lock held.
- Do not try to refetch a route at the L2 layer if the given one is down and always return EHOSTUNREACH.
- Remove Cisco HDLC support from sppp(4). It is no longer used.
- Update to libxcb 1.11.1.
- Hopefully fix the stability problems seen on SandyBridge and up after the PPGTT code got enabled.
- On mips64, fix the R8000 kernel to have all their m[ft]c0 instructions correctly wrapped.
- In oce(4), unlock interrupt handler rx path with intr_barrier(9).
- In mg(1), fix the location of the cursor when opening a directory using filevisit, findvisitalt and poptofile.
- Add support for the Huawei K4511 3G to umsm(4).
- 5.7 and 5.8 SECURITY FIX: an incorrect operation in uvm could result in system panic.
A source code patch is available for 5.7 and 5.8.
- In mmap(2), remove the no longer needed kernel lock in the fixed case.
- Add the UVM_FLAG_UNMAP flag to indicate to uvm_map(9) that it should unmap to make space.
- 5.7 RELIABILITY FIX: various problems were identified in relayd.
A source code patch is available for 5.7.
- Fix a panic in inteldrm(4).
- In tame(2), make using the "/" path work.
- In mg(1), make dired mode treat a double "/" in a path like fundamental mode.
- In inteldrm(4), no longer support the "Quanta Transcode" device. This avoids incorrectly overriding the generic match for the HD Graphics P4000.
- Enable monitor hot plugging for the framebuffer console.
- Add IP26 kernels and boot blocks to the installation media.
- In iwm(4):
- Fix problems occurring when doing bsd.rd upgrades.
- Fix the bug where the firmware stops passing traffic after the MAC address is changed.
- Add the Ed25519 SSH host key to changelist(5).
- Make carp_input() MP-safe.
- Prevent X from crashing the kernel when attaching inteldrm(4) fails.
- Protect the list of free map entries with a mutex. This should fix crashes on i386.
- Unlock the mmap(2) system call.
- Add transpose-paragraphs to mg(1).
- Correct a range problem in citrus-utf8 version of wcrtomb(3) in order to match RFC 3629.
- In inteldrm(4):
- Make the PPGTT code work. This seems to fix the caching issues on Broadwell.
- Don't hardcode the type of BARs to be 64-bit.
- On octeon and sgi, restore the interrupt mask even on secondary CPUs. This prevents the IPI from being left disabled accidentally on a non-primary CPU which will cause the system to hang eventually.
- On octeon, let MP-safe interrupt handlers run without the kernel lock.
- In mandoc(1), fix multiple aspects of SYNOPSIS .Nm formatting.
- In tmux(1), if the terminal has colors=256, only try to use setaf/setab if they exist.
- Fix inteldrm(4) on the GM45 chipset.
- In slowcgi(8), output the contents of the environment in debug mode.
- In inteldrm(4):
- Disable IPS for now. It causes unsynched displays after waking it from standby or after VT switches.
- Backport some of the Broadwell fixes.
- In tmux(1), free the history when it is cleared.
- Ensure the GPT header size is in a valid range before checksumming it. This prevents a crash.
- Ensure that RTF_LOCAL route entries always stay UP, even when a link state change occurs.
- In inteldrm(4):
- Properly implement waitqueue_active().
- Enable MSIs on hardware that supports it.
- In disklabel(8), expunge VAX SMD special handling.
- On sgi, properly handle IP26 streaming cache controller bus error interrupts.
- In mg(1), fix where the cursor is positioned after expunging files.
- In trunk(4), avoid theoretical m_pullup(9) mishandling by delegating the mbuf reclaiming to the PDU and marker input routines.
- In tmux(1), fix two fd leaks and a memory leak.
- In ssh(1), add the CertificateFile option to explicitly list a certificate (bz#2436).
- In mg(1):
- Fix multiple iterations of kill-paragraph.
- Add mark-paragraph.
- Update inteldrm to the code from Linux 3.14.52.
- In ld.so(1) on alpha, avoid write-protecting .data when it shares a page with the GOT and PLT.
- On mips64:
- When inserting an entry for a KV1 address, avoid having to write back the ASID value.
- Use conditional instructions when picking a random TLB set number.
- In iwm(4):
- While not associated, pass the broadcast ethernet address to the firmware, rather than zeros.
- Properly reset the RX ring by clearing RX buffer status memory.
- In cwm(1), avoid unnecessary pointer querying.
- In trunk(4):
- Remove watchdog code since it doesn't do anything useful.
- Adapt code to avoid locking protection in the future.
- In mg(1), fix line number handling in dired delete functions.
- Prevent the efiboot and kernel memory regions from overlapping. This fixes a problem where the kernel fails to boot.
- When a connected route is deleted, pass the corresponding priority to rtrequest1(9). Otherwise the route will remain attached to a stale ifa.
- In mandoc(1), account for significant whitespace when determining the width of a tag.
- Remove SHA-0 and MD2 remnants from openssl(1).
- In bpgd(8):
- Allow for empty blocks for peers.
- Allow to log all updates sent from an individual peer, and, when applied to a group, to disable logging on a sub-member of the group.
- In tmux(1), reset the alerts timer always on activity.
- Fix a couple of libtool(1) issues.
- In mg(1), fix behaviour when opening the same directory twice in dired mode.
- On alpha, powerpc and mips64, fix membar positioning in mtx_enter_try(9) and mtx_leave(9).
- In ssh(1), fix a possible hang on closed output (bz#2469).
- On sparc, increase MAXTSIZ to 64 MB. This is required for gcc/gnat.
- Fix suspend on machines with em(4) now that it uses intr_barrier(9).
- In syslogd(8), avoid potential event loss due to misuse of TLS read and write in libevent.
- Enable IP26 builds.
- On mips64, correctly compute the userland pte index in a pte page in the userland tlb miss handler.
- Add the -d, -r and -w flags to rmt(8) to make it run in a restricted mode.
- In ld.so(1), delete the bind lock, the callback, the sigprocmask stub.
- On powerpc, make sure PROT_EXEC is set on the GOT for BSS-PLT binaries.
- In em(4), avoid using a mutex in the rx completion path. Instead rely on intr_barrier(9) to avoid having the interrupt handler touch the rx data structures while the interface is brought down.
- On sgi, go back to the previous approach when managing individual HPC DMA descriptors: provide an optional storage for a copy of the descriptor in the "sync" (fetch) function, and use the returned address afterwards.
- In sysmerge(8), in case of a hard error, avoid missing files for comparison at the next run.
- Fix an uninitialized variable in iec(4/sgi).
- In tmux(1), let the -l option of join-pane and split-window apply to the new pane instead of the old one when -b is also specified.
- Revert r1.25 of src/lib/libssl/src/crypto/bn/bn_print.c. It introduces a NULL dereference.
- Implement SRPL_INSERT_AFTER_LOCKED(9).
- Make vmx(4) interrupts MP-safe.
- Back out r1.125 of src/sys/uvm/uvm_km.c. This avoids page queue corruptions and the resulting uvm_pmr_size_RB_REMOVE_COLOR() faults.
- Update to xserver 1.17.2.
- In cc(1), enable -msecure-plt by default on powerpc.
- In od(1), fix two bugs in the [+]offset[.][Bb] XSI offset syntax.
- Fix an uninitialized variable in bios(4) and in arp(4).
- Fix an overlapping memcpy(3) in vdsp(4).
- In ugen(4), fix a panic when using pcsc-lite.
- Unbreak booting from GPT partitions.
- Add tls_config_insecure_noverifytime(3) to libtls to disable certificate validity checking.
- In LibreSSL, add support for disabling certificate and CRL validity checking.
- Remove SHA-0 and MD4 support from libcrypto.
- Put the 12x22 font on alpha and macppc installation kernels.
- In netstart(8), only print the "IPv6 autoconf" line if there are interfaces to configure.
- In ssh-add(1), when adding keys to the agent, don't ignore the comment of keys for which the user is prompted for a passphrase.
- In tmux(1), add the -e flag to copy-mode to exit copy mode when scrolling off the bottom.
- In libcrypto, check ECDH output buffer length and avoid truncation.
- Introduce intr_barrier(9), an interface that guarantees that an interrupt handler that was running has finished.
- Introduce sched_barrier(), an interface that acts as a scheduler barrier in the sense that it guarantees that the specified CPU went through the scheduler.
- Add the Certplus CA root certificate to /etc/ssl/cert.pem.
- In nc(1), display negotiated TLS version and cipher suite in verbose mode.
- In libcrypto, add OPENSSL_cpu_caps(), to return the currently running CPU's specific hardware capabilities users of libcrypto might be interested in.
- In LibreSSL, if there is hardware acceleration for AES, prefer AES as a symmetric cipher over CHACHA20. Otherwise, prefer CHACHA20 with AES second.
- Make if_get() and vlan_input() MP-safe using SRPs.
- On arm, use kbind(2) for lazy binding GOT/PLT updates.
- In openssl(1):
- Fix the "prime" command: when checking a decimal number for primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged.
- Add support for AEAD algorithms to the "speed" command.
- Remove support for the SSLEAY_CONF environment variable.
- Add an ftpproxy6 rc script. ftp-proxy(8) can only open one listening socket at a time, so a second instance of the daemon is required.
- Introduce if_input_local(), a function to feed local traffic back to the protocol queues.
- In ping6(8), avoid out-of-boundary access on invalid or short packet reads.
- In ddb(4), show the non-idle, on-proc threads before showing the stack trace when panicking.
- In em(4), add support for the 88E1512/88E1514 phys.
- Update to sqlite3 3.8.11.1.
- In acpicpu(4), work around broken AML by treating FFH vendor 8 the same as vendor 1 (Intel).
- Make the powerpc pmap (more) MP-safe. This should make pmap_enter(9), pmap_remove(9) and pmap_page_protect(9) safe to use without holding the kernel lock.
- Add TLS support to nc(1).
- Remove RTF_XRESOLVE support from route(4), route(8), netstat(1) and route6d(8).
- Introduce refcnt, a wrapper around reference counts.
- Introduce rtref(9), a function to increment a reference to a routing entry, and use it in rtable_lookup().
- In "ifconfig media", stop advertising media with fixed data rates on wireless interfaces.
- Don't generate ICMPv6 packets with incorrect checksums for dropped IPv6 packets.
- Fix a use-after-free in route(4).
- In openssl(1), remove the engine command and parameters.
- Save/restore MSR_APICBASE during suspend/resume. This re-enables x2apic on the application processors at resume.
- Remove the unfinished che(4) driver.
- In libtls, do not match a wildcard against a name with no host part.
- Make room for media types of the future: extend the ifmedia word to 64 bits.
- In netstart(8), set "inet6 autoconf" individually on interfaces that have rtsol set in hostname.if(5). Previously, netstart tried to configure them all at once.
- Take a first step towards making ix(4) MP-safe.
- In mkhybrid(8), cast the isascii(3) argument to unsigned char, to avoid undefined behaviour.
- In qle(4), don't copy more sense data than we have space for. This avoids a crash when trying to talk to a Sun STK6140 (although it still doesn't work).
- Spoof EFI SYSTEM GPT partitions as MSDOS partitions, as is done with MBR EFI SYSTEM partitions.
- No longer grab the kernel lock in the interrupt-safe multi page backend allocator implementation. This is possible because that interrupt-safe uvm maps are now properly locked.
- Fix a NULL dereference in bpf(4).
- Fix hangs on systems with more than 7 interfaces.
- In ddb(4), add ps/o to display just the non-idle on-proc threads.
- Don't spoof GPT OpenBSD partitions. Simply record and use the first one found, as is done in MBR processing.
- Change device locators type from int to long, for the sake of 64-bit ports without proper device trees.
- In ssh(1), expand %i in ControlPath to UID (bz#2449).
- In openssl(1), make the s_time command perform a proper shutdown by default. This allows s_time to benchmark a full TLS connection more accurately. The new -no_shutdown flag restores the previous behaviour.
- In syslogd(8), instead of having global variables containing the libevent structures, allocate them with malloc. This makes the address space layout more random.
- Add kqueue(2) support for wsmouse(4), wskbd(4) and wsmux(4). This is needed for the libinput port.
- In LibreSSL:
- Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations.
- When loading a DSA key from a raw (without DH parameters) ASN.1 serialization, perform some consistency checks on its "p" and "q" values, and return an error if the checks failed.
- Enable GPT in the GENERIC kernel.
- Avoid division by zero in fsck_ext2fs(8).
- Use the full IPv6 source address (rather than only half of it) as input for the syn cache hash. Using only half the address makes it trivial to create syn cache collisions.
- Move the if input handler list to an SRP list.
- In libc, add hidden _libc_FOO aliases for the system call stubs.
- Various cleanups of the ksh(1) code.
- Several libtls API changes and improvements.
- In tmux(1), add session_last_attached time and format.
- Remove link_addr(3).
- Add locking for interrupt-safe maps.
- In mkhybrid(8), fix various buffer overflows and make it work on unsigned char platforms.
- Add client certificate support to libtls.
- Move to the next tame(2) API. The flags are now passed as a very simple string.
- Introduce reference counts for interfaces. The new if_put() function releases the reference acquired by if_get().
- In ntpd(8), plug a memory leak in an error path.
- Convert bpf to using an srp list for the list of descriptors.
- Implement a singly linked list built with SRPs.
- On powerpc, it is no longer needed to use mprotect(2) to take away PROT_WRITE. This fixes ld(1) -Z and paves the way for the new Secure-PLT ABI.
- In binutils 2.17, force .ctors, .dtors and .got to be read-only for truly static binaries. This prevents W^X violations on architectures that need an executable GOT (basically BSS-PLT powerpc).
- Prevent nc(1) from hanging when writing more than the low water mark of the socket write buffer.
- In disklabel(8), avoid a SIGSEGV with FGJ malloc.conf flags when a template is used.
- The default backend allocator implementation no longer needs to grab the kernel lock.
- Build xf86-video-wsfb on amd64 and i386. It can be used by efifb now.
- In efifb(4), make scrolling a bit faster.
- Delete ktracing of context switches. It is unused and not particularly useful.
- In smtpd(8), insert a Message-Id header if necessary.
- In httpd(8), prevent a potential double free introduced in r1.64 of src/usr.sbin/httpd/server.c.
- It is no longer necessary to grab the kernel lock for allocating and freeing pages in the (default) single page pool backend allocator.
- In libc, fix aliasing of sys_errlist, sys_nerr, sys_siglist, and sys_signame to eliminate duplicate copies of the tables and get direct access internally.
- In wsfontload(8), avoid a floating point exception when an invalid font width was specified.
- On the minirootXX.fs and iso images, create an EFI system partition using fdisk(8) -b and put the UEFI boot loader on there.
- Add support for QEMU PCI serial devices to puc(4).
- In awk(1), revert srand() to its old behaviour with regard to what values it returns.
- On sgi, remove the need for the memory controller to switch between "fast" and "slow" mode every time a DMA descriptor is updated.
- Update to xterm 320.
- In pms(4):
- Improve tap-and-drag detection for ALPS touchpads.
- Support Synaptics touchpads without W mode.
- Use the new resolution framework for wrapping catopen(3), catgets(3) and catclose(3), and for dbopen(3).
- In wscons(4), add support for xterm-compatible SGR escapes 39 and 49 (reset fg/bg colour to default).
- Some symbol cleanup in libc.
- In fdisk(8), add a -b option, to be used together with -i, to add a special boot partition on architectures that need it.
- In audio(4), improve the search for candidates for the wskbd "record level" control. This may fix "record level" keys on certain keyboards.
- In ugen(4), do not use an intermediary buffer on the stack of the caller when submitting a bulk write request. This means big bulk write requests are no longer split into multiple small transfers which libusb consumers do not expect.
- Give every consumer of the radix tree a chance to explicitly initialize the shared data structures, instead of relying on another subsystem to do the initialization. ART kernels should now be fully usable because pf(4) and IPSEC properly initialize the radix tree.
- In ssh(1) and sshd(8), plug minor memory leaks when options are used more than once (bz#2182).
- In netstat(1), fix mbuf memory accounting after the recent *8 pool size change.
- Fix a use-after-free in pflow(4).
- Add support for the RTL8168H to re(4).
- In libkvm, fix a race when fetching files from the kernel.
- On i386, fix a race in pmap_page_remove_86() and pmap_page_remove_pae().
- On amd64, fix a race in pmap_page_remove().
- Adapt ping(8) to tame(2).
- In dwc2, fix timeout-related crashes.
- Again revert the two uses of rtisvalid(9). They break NFS.
- In dwc2, avoid a possible lock recursion panic on transfer timeout.
- Modify acpidump(8) to work on systems booted from efi boot.
- Bring back the two uses of rtisvalid(9). The bug it exposed has been fixed.
- Unconditionally set the RTF_UP flags when adding a route to the table. This makes dhclient(8)-configured default routes usable without relying on the link-state change hooks not present in RAMDISK kernels.
- In ugen(4), do not use an intermediary buffer on the stack of the caller when submitting a read request. This means big read requests are no longer split into multiple small transfers which libusb consumers do not expect.
- In smtpd(8), remove the session kicking mechanism until it is redesigned. It has an accounting bug leading to some legitimate sessions being kicked if they generate too many consecutive errors.
- On sparc64, make pmap_kenter_pa(9) and pmap_kremove(9) MP-safe.
- In syslogd(8), log a message about failed log attempts using sendsyslog(2).
- Revert the two uses of rtisvalid(9). It breaks dhclient(8)-configured networks on RAMDISK kernels.
- Add the uefi boot loader.
- In ping6(8), display the correct source address when using a non-default routing table.
- In pf(4), don't let route-to, dup-to and reply-to override the block action.
- In syslogd(8), bind the *:514 UDP socket with SO_REUSEADDR.
- On octeon, increase the transfer FIFOs for dwc2. This improves USB performance.
- Convert the (cached) route entry checks in ip{,6}_output() to rtisvalid(9).
- In doas(1), restrict the exec path only if the rule specifies a command.
- Introduce rtisvalid(9), a function to check if a (cached) route entry can be used or should be released by rtfree(9).
- Reject USB requests that could damage the bus integrity.
- Fix a use-after-free in tame_namei().
- On powerpc, make bus_dmamap_load_raw(9) respect the segment size constraint. This makes xhci(4) work on the G5.
- In efifb(4):
- Only advertise the color depth that is actually supported. This makes the xf86-video-wsfb driver work.
- Map the framebuffer in write-combining mode. This significantly speeds up.
- In static binaries, invoke kbind(2) once to disable it.
- On m88k and sparc, use kbind(2) for lazy binding GOT/PLT updates.
- It is no longer needed to hold the kernel lock for MP-safe bpfs (again).
- Bring back the commit that makes bpf_mtap MP-safe by using srp, but now using srp_follow(9) to avoid races and corruption.
- Add srp_follow(9) which is necessary to correctly order the taking and releasing of SRP critical sections in situations such as following a chain of data structures linked with SRPs.
- In dhclient(8), accept multiple domain names in dhcp option 15 (Domain Name). This allows resolv.conf(5) "search" statements to be built with multiple entries.
- In syslogd(8), don't truncate program names and hostnames in syslog.conf(5). This fixes matching with IP addresses if syslogd is started with -n.
- In efifb(4), check the driver name so that the driver only attempts to attach when we actually want it to.
- In binutils 2.17, raise the number of spare local GOT entries from 5 to 7. This fixes building liblto_plugin.so in the gcc 4.9 port.
- In tame(2) mode:
- Return EPERM for *chmod(2) if uid/gid change is not towards cr_uid/cr_gid (effective ids).
- Consider getfsstat(2) an RPATH.
- Rather than killing when *chmod(2) is asked to do setuid/setgid, clear those bits in the request and continue.
- Do not install connected routes on loopback interfaces. This will allow systems with AUTOCONF'd addresses to see loopback connected routes in the routing table.
- Fix a use-after-free in uow(4).
- Compute the checksum before looping back the copy of an IPv6 multicast packet.
- Add a framework for resolving libc namespace issues.
- In gunzip(1) and uncompress(1), ignore setuid/setgid settings from a compress/gzip file.
- In mandoc(1):
- Don't die on an assertion if an .Fo macro lacks its mandatory argument.
- Drop leading, internal, and trailing blank characters in \o (overstrike) escape sequences.
- In ping6(8), remove RH0 support.
- In ddb(4):
- In the kernel, use a global table for domains instead of building a list at run time.
- Prepare the kernel to boot from UEFI. Amongst other things, add efifb(4).
- Enable xhci(4) on macppc.
- On macppc, map the whole config1 space based on the size read from the device tree. This allows supplementary PCIe cards to be properly detected and should prevent the kernel from faulting when reading unmapped PCI addresses.
- Prevent cards with no midi connectors from attaching midi(4) devices.
- For *chmod(2), allow S_ISTXT in tame(2) mode.
- In mandoc(1):
- Add a minimal implementation of the read-only number register \n(.$ which returns the number of arguments of the current macro.
- Implement the escape sequence \\$* which expands to all arguments of the current user-defined macro.
- Parse and ignore the escape sequences \, and \/.
- Don't escape breakable hyphens yet when we have to reparse the text line because we spring an input line trap.
- Create a miniroot for alpha.
- In ws(4) and synaptics(4), read multiple events at once.
- In tmux(1), check for name changes at most once every 500 milliseconds.
- On sparc64, add support for switching CPUs in ddb(4).
- On sh, use kbind(2) for lazy binding GOT/PLT updates.
- Make gdb(1) work again on mips64 PIE binaries by making sure a reasonable 64-bit ABI is selected for 64-bit ELF files instead of a 32-bit ABI.
- 5.8 SECURITY FIX: LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted.
A source code patch is available for 5.8.
- In apmd(8), log battery changes every 10%, not every 21%.
- In envy(4), disable interrupts while the midi uart is not in use. This avoids generating unused interrupts when a chatty peripheral is connected but not used.
- In binutils 2.17, add support for Irix-style "64-bit" archives.
- Fix the build of the drm libraries on sparc64.
- In envy(4), fix support of M-Audio Delta 44 cards that use different GPIO pins.
- In tmux(1):
- Allow environment variables in #{}.
- Remove the lock-server option.
- Plug a memory leak.
- In binutils 2.17, do proper GOT slot accounting for symbols that were forced to be local.
- Rework the UNIX domain socket garbage collector.
- Make ld.so(1) work on hppa when _dl_bind_start gets hidden by the version script.
- Fix rare occurrences of wrong floating-point values with MP kernels on Octeon.
- On mips64, access the image of the floating point registers via p_md.md_regs instead of directly on the frame. This prevents updates from getting lost.
- Ensure that syslogd(8) uses its original command-line arguments when it reloads its configuration and re-executes itself.
- Prevent a socket that poll(2) reports is writable from becoming unwritable before write(2) is called.
- In doas(1), add a type of "auth-doas" to the perm check to allow login.conf(5) fiddling.
- In aucat(1), allow sparse blocks to be used as silence if samples are encoded as signed integers.
- Remove SSLv3 support from LibreSSL.
- On hppa, use kbind(2) for lazy binding GOT/PLT updates.
- Add more overflow checks to libexpat.
- 5.8 SECURITY FIX: in sshd(8), inverted logic made PermitRootLogin "prohibit-password" unsafe.
A source code patch is available for 5.8.
- Let MBR have priority over GPT.
- Fix an alignment issue in bridge(4).
- Add TIOCGETA to the TAME_IOCTL list. This is used by readpassphrase(3) and libcurses.
- In radiusd(8), fix a use-after-free in an error path.
- On alpha and mips64, use kbind(2) for lazy binding GOT/PLT updates.
- Remove exect(2). It was unused and not portable across arches.
- Hide many libc symbols that should not be used.
- In cron(8), use ppoll(2) instead of poll(2). This avoids time conversion issues and eliminates a race condition that could delay SIGCHLD and SIGHUP actions.
- In syslogd(8), don't use strlcpy(3) on strings that are not NUL-terminated. This prevents a crash.
- Fix an out-of-bounds read in tmux(1).
- On i386 and powerpc, use kbind(2) for lazy binding GOT/PLT updates.
- On i386, enforce the kernel W^X policy by properly setting NX (as needed) for kernel text, PTEs, .rodata, data, bss and the symbol regions.
- In restore(8), switch from utimes(2) to utimensat(2).
- Re-enable GTP support on amd64 and i386.
- Remove the -h option from radiusd(8).
- Set the required IPL at the syn-cache pool instead of doing a splsoftnet() explicitly.
- Prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
- Fix the GPT code to work with non-DEV_BSIZE disks.
- Fix a crash in tmux(1).
- Fix a cheating bug in worm(6).
- Fix a crash during "ifconfig bridge0 destroy".
- In bm(4/macppc), work around slow transfer speed.
- In cwm(1):
- Don't allow freeze operations on fullscreen.
- Implement _NET_CLIENT_LIST_STACKING.
- Use IPL_SOFTNET protection for the pool. This fixes a panic.
- In sysmerge(8):
- Switch from /usr/share/sysmerge to /var/sysmerge.
- Use /var/sysmerge/backups for persistent backups and keep three earlier rotations.
- Avoid two potential double frees in tame(2).
- Fix an fd leak in mv(1).
- Apply a symbol export list to ld.so(1) with just the expected dl*() and the two symbols needed by gdb.
- Make the Atom S1200 UART work.
- In binutils 2.17, introduce -Bsymbolic-functions and related flags.
- On amd64 and sparc64, use kbind(2) for lazy binding GOT/PLT updates.
- In tame(2):
- Perform maximum one cwd lookup.
- Fix /tmp handling of unlink(2).
- Update to xf86-video-geode 2.11.17.
- In cwm(1), make CLIENT_STICKY apply to group hide/unhide rather than client hide/unhide.
- In cc(1), make the -msecure-plt option work, which is necessary to generate Secure-PLT ABI code.
- On powerpc, add support for the Secure-PLT ABI variant. This will give us better W^X support on powerpc.
- In binutils 2.17, fully enable the Secure-PLT ABI.
- In libc, restore codeset checking instead of silently falling back to ASCII.
- Revert the bpf+srp commits. They cause problems in a bridge setup.
- Move to the tame(int flags, char *paths[]) API/ABI.
- Explicitly list the symbols permitted to be exported by libc. This will prevent unintentional additions in the future and sets the stage for reductions.
- In doas(1), add the cwd context to the syslog entry.
- Make urtwn(4) attach to Netgear WNA1000Mv2.
- Ensure tls_read(3) and tls_write(3) always set outlen to zero on error.
- In rc(8), properly handle double quotes in wsconsctl.conf(5).
- In ctags(1), avoid calling system(3) for the -u option.
- Update to libdrm 2.4.64.
- In ssh(1), fix printing of HostKeyAlgorithms=+... when using -G.
- In sshd(8), fix expansion of HostkeyAlgorithms=+...
- Regenerate moduli(5).
- In cwm(1):
- Preserve the command list order from .cwmrc.
- Hide the "term" and "lock" commands in the application menu.
- Don't let _NET_WM_STATE_STICKY apply to the position and size of a window.
- Add the client freeze extension to _NET_WM_STATE Atom, allowing flag to persist.
- In em(4), run the part of the interrupt handler that does rx completion without holding the kernel lock.
- In relayd(8), don't drop the reply messages when "check icmp" is used with many hosts.
- In httpd(8), avoid an HTTP 405 error when using the WebDAV MOVE method.
- Whitelist TIOCGPGRP (for tcgetpgrp(3)) in TAME_IOCTL.
- In azalia(4), enable beep and CD controls on ALC292.
- In sshd(8), fix the inverted logic that broke PermitRootLogin.
- If we're allowed to try and use large pages, we try and fit at least 8 of the items. This amortises the per page cost of an item a bit.
- In acpi(4), respect the access size when reading or writing to pci config space and ensure writes are properly aligned. This prevents panics and fixes at least battery status passthrough in vmware and the brightness keys on the X220.
- In exp2(3), avoid left-shifting a negative integer.
- In cwm(1), make the big move and resize bindings match what is in the manual page.
- On octeon, use the IPD Clock Count register as a timecounter.
- Import an alternative routing table backend based on Yoichi Hariguchi's ART implementation.
- In identd(8) and tftpd(8), use SOCK_NONBLOCK to avoid a FIONBIO ioctl(2).
- In identd(8), don't exit on unknown write(2) failures.
- In azalia(4), enable audio on ThinkPad docks.
- Reactivate tame(2) after release.
- Remove unused vesafb code.
- Update to libepoxy 1.3.1.
- In LibreSSL, properly handle missing TLS extensions in client hello as a non-failure.
- In ssh:
- Don't call unlink(2) with an uninitialised path in ssh-keygen(1).
- Don't free an uninitialised pointer in ssh(1).
- Fix a double free in an error path.
- Improve compat matching for WinSCP and add compat matching for FuTTY.
- Enable the build of libOSMesa.
- In pf(4), keep the IPv6 fragment size as chosen by sender also for packets that are routed on behalf of route-to.
- Prevent mips64 FPU emulation from corrupting the page queues in MP systems.
- Do not use a stale local address from the routing table. This prevents an interface address without interface pointer causing a uvm_fault.
- On octeon, allow booting the SP kernel with a set of CPUs that does not contain core 0.
- Unbreak the ikectl(8) "ca" commands after the removal of $ENV:: overwriting in LibreSSL.
- Remove casts from many calls to malloc(3)-like functions.
- Update the en_US.UTF-8 locale to Unicode 7.0.0.
- Remove the last fragments of ST-506 support.
- In whois(1), fix whois server detection for new TLDs.
- Accept NULL pointers in rtfree(9). This will simplify upcoming conversions of rt_refcnt-- to rtfree(9).
- 5.6 and 5.7 SECURITY FIX: a change to sshd(8) resulted in incorrect permissions being applied to pseudo terminal devices, allowing local users to write to (but not read from) them.
A source code patch is available for 5.7.
- No longer hold the kernel lock when calling bpf.
- Make bpf_mtap MP-safe by using srp.
- Avoid a TOCTOU problem in if_input in the bpf handling.
- In tmux(1), come out of copy mode when history is cleared.
- Add Loongson 3A support.
- On alpha, consider ISA interrupts level-triggered if the SRM has explicitly set them up that way. This makes the kernel correctly run with serial console on the Multia.
- Enable AlphaBook 1 support in alpha bsd.rd.
- In smtpd(8):
- Increase the size of acceptable headers lines.
- Assume messages use 8-bit bytes by default.
- Remove charsets other than UTF-8 from locale(1) output.
- Load LC_MESSAGES locale only if the character encoding is UTF-8.
- Disable support for loading LC_CTYPE locales other than UTF-8.
- In swapctl(8), use vfork(2) & execl(2) instead of system(3) when invoking mount_nfs(8).
- In myx(4):
- Rework the way the packets on the rx rings are tracked.
- Move to a per rx ring timeout for refilling empty rings. This gets rid of the locking around the refilling of the rx ring.
- Use a single atomic op instead of one per packet when doing global tx free accounting. This allows packets to be sent a little faster.
- On macppc and powerpc, replace the assembly mutexes with a C implementation.
- Add ml_requeue(9) and mq_requeue(9) to prepend mbufs on lists/queues.
- Move the locate(1) database build directory back to /tmp.
- In ntpd(8), avoid calling poll() multiple times with no timeout, racking up CPU time for no real reason.
- Add the -A, -P and -t options to nm(1).
- Remove discarded attributes from disktab(5).
- In rc(8), improve the sysctl.conf(5), mixerctl.conf(5) and wsconsctl(5) parsers.
- Let pkg_create(1) recreate packages correctly.
- Prevent an mbuf leak when no handler consumed that mbuf.
- Fix a case where ceill(3) returns 1.0L.
- Rework the /etc/rc script.
- In tmux(1), add the "-of" suffix to the "left", "right", "up" and "down" special tokens for the pane index.
- Plug two memory leaks in ti(4).
- In acpihpet(4), check for a proper HPET period value during attach.
- In file(1), add various improvements to the magic(5) parser.
- In sndiod(8), don't make system calls when not being used.
- Update time zone data to tzdata2015f.
- Fix recent regressions in ugold(4).
- Improve openssl(1) s_client -starttls xmpp support.