This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
current.
Changes made between OpenBSD 5.9 and 6.0
- Unbreak rsu(4).
- In rtwn(4) and urtwn(4), fix byteswap errors. This repairs urtwn(4) on macppc.
- In mesa, disable the code that allocates W|X memory.
- Disable tmpfs.
- In rarpd(8), avoid a hang when the receive buffer of a route socket becomes full.
- In newfs(8), revert the change to scale the default "density" value to create the same number of inodes.
- In bgpd(8), initialize the log subsytem in the SE like it is done in the RDE. This avoids all logging from going to /dev/null.
- When closing bpf(4) devices, ensure the minor number becomes free for reuse by the device cloning code. This fixes a panic.
- In perl(1), patch CVE-2016-1238.
- In tcpdump(8), only chroot(2) when run as root.
- 5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
A source code patch exists which remedies this problem for 5.8 and 5.9.
- In the installer, back out the automatic pkg.conf(5) installpath changes.
- In dhclient(8), back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers send frames to the ethernet broadcast address.
- In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach.
- Disable POOL_DEBUG.
- In newfs(8), scale the default "density" value so that on 4K disks the same number of inodes are creates as on DEV_BSIZE devices.
- In stty(1), error out if the display and modify mode are combined on the command line. This avoids a pledge(2) violation.
- vmm(4/amd64), fix a few CPUID emulation issues.
- In ssh(1), fix pledge(2) violation with the -f option.
- Attach imx(4/armv7) on i.mx6 quad plus.
- In dhclient(8), actually DECLINE and delete unused offers.
- In fec(4/armv7), fallback to the known IRQ number on imx.6 if the fdt interrupts-extended property is missing or not the size that is expected.
- In rtable(4), prevent an infinite recursion when deleting routes inside rtable_walk().
- Prevent NULL-pointer call for filesystems that don't provide vfs_sysctl in their vfsops structs.
- In relayd(8), fix a crash when the connection is terminated prematurely.
- Fix a double rtfree(9) triggered when IPSEC inserts a more specific route because of PMTU.
- In ssh(1):
everse the order in which -J/JumpHost proxies are visited to be more intuitive.
- In switchd(8), add basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT, no FLOW_MOD yet.
- In bgpd(8), don't quit when the local addresses of a peer can't be figured out. Instead bring the session down.
- In tcpbench(1), add AF_UNIX support and also make it possible to randomize the write size in the client.
- In rtwn(4) and urtwn(4), respect the RTS threshold set by net80211.
- In tcpdump(8), silently ignore chroot(2) setup failure, because pledge(2) provides an even better sandbox. This regain -r support.
- In sshd(8), skip passwords longer than 1024 characters in length, so clients can't easily DoS sshd by sending very long passwords.
- Use pledge(2) in switchd(8) and switchctl(8).
- In softraid(4), plug potential leak of device list.
- In switchd(8), parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match).
- In netstat(1), print the relevant counters to tune the TCP SYN cache.
- In iwm(4), disable the beacon filter. This make it possible to keep track of HT protection changes.
- In net80211, enable RTS for frames above a particular size. This change allows for reasonable throughput on loaded 11g networks whereas before they were practically unusable.
- In switchd(8), update OpenFlow 1.3 stub based on the 1.0 code.
- In switchd(8), add the -n flag to check the configuration and exit.
- In iwm(4), properly keep track of HT protection changes while associated.
- Unbreak ural(4), which had been dropping frames on Tx while the IFF_RUNNING flag was set.
- In ehci(4), use for ATI controllers the same workaround as for VIA controllers. This should hopefully help people reporting errors with SB700.
- Add the tcp.synhashsize sysctl(8) to make the size for the syn cache hash array tunable.
- In dhclient(8), narrow the BPF read filter rules so only packets sent to the interface's LLADDR pass. This limits the number of packets that get dropped as a result of dhclient setting BIOCSFILDROP on the bpf descriptor.
- Import switch(4), switchd(8) and switchctl(8), a basic work-in-progress OpenFlow implementation (not build by default).
- In carp(4), fix the check supposed to prevent "ip" and "ip-stealth" balancing modes from leaking the multicast address.
- In sshd_config(5), allow wildcard for PermitOpen hosts as well as ports (bz#2582).
- In "rcctl ls", skip all files with a "." in the name, because pkg_add(1) renames files in this way when the checksums don't match.
- In netstart(8), unbreak vlan(4) on top of tap(4).
- In virtio, always allow MSI/MSI-X. This enables MSI-X with qemu's old "82441FX" pci-bridge.
- In sxitimer(4/armv7), explicitly stop the timers before reloading them. This fixes a hang on the Olimex A10s boards.
- In doas(1), copy the path to the shell from struct passwd to prevent it from being overridden by a getpwuid(3) call. This happens in a double doas call.
- In iwm(4):
- Retry Tx of management frames less often.
- Fix inverted logic in iwm_tx().
- Explicitly set firmware Tx aggregation limit to one (which disables Tx aggregation).
- In pstat(8), fix VFLAG formatting.
- In ssh(1), reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data.
- In kdump(1), ktrace(1) and ltrace(1), add "p" trace point for KTRFAC_PLEDGE, and fix handling of -t+ in ltrace(1).
- Attach sunxi(4/armv7) based on the compatible property of the root node of the device tree.
- In ssh(1), support UTF-8 characters in ssh banners (bz#2058).
- In jot(1), fix a bug causing values to be printed out of bounds if the precision is 0.
- In ldpd(8):
- Fix parsing of malformed optional TLVs/Sub-TLVs.
- Remove potential overflow when validating message's length.
- In virtio(4), support MSI-X. This increases performance for interrupt heavy loads.
- In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled.
- In ldpd(8):
- Update per-neighbor GTSM options on config reload.
- Explicitly ignore the Hop Count and Path Vector TLVs.
- Improve logging of reserved labels.
- Disable acpicbkbd(4) by default until after the release. It causes the kernel to spin forever on certain Chromebooks.
- In ssh(1), reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585).
- Add a ProxyJump ssh_config(5) option and a corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host".
- 5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin.
A source code patch is available for 5.8 and 5.9.
- 5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics.
A source code patch is available for 5.8 and 5.9.
- 5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.
A source code patch is available for 5.8 and 5.9.
- 5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash.
A source code patch is available for 5.8 and 5.9.
- 5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash.
A source code patch is available for 5.8 and 5.9.
- 5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.
A source code patch is available for 5.8 and 5.9.
- 5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.
A source code patch is available for 5.9.
- 5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.
A source code patch is available for 5.9.
- Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots.
- Ignore the kern.usermount sysctl(8). It is unsafe, because it allows any non-pledge(2)'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1.
- In ip6(4), drop received packets with an IPv4-compatible address as source or destination as per RFC4213.
- In fec(4/armv7), do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID.
- Prevent a use-after-free by not updating an ARP entry that has been removed from the table.
- In vioblk(4), properly handle poll timeout.
- Avoid a panic caused by very big mallocs for the ufs_readdir() buffer which should have been limited to 64 kB.
- Avoid a panic caused by very big mallocs that result from uint64-to-int32 truncation when kevent does fd validation.
- On amd64, add hvn(4), a work-in-progress driver for the Hyper-V NetVSC.
- In calendar(1), when matching a day in the month, ensure the date is still in the month we are interested in. This
fixes things like Sunday+5 for months where there is not a 5th Sunday.
- In bpgd(8), output the no-longer-so-new AS operators when printing the configuration.
- In libtls, split the existing TLS cipher suite groups into four: secure, compat, legacy and insecure.
- Check resource limits for mappings established using __MAP_NOFAULT. This prevents callers from triggering a kernel panic and a potential integer overflow in the amap code by forcing the allocation of too many slots.
- In imxehci(4), use the device tree voltage regulator information to supply power to the USB bus, because this only supports "fixed" regulators that are controlled through a gpio.
- Fix a crash when MNT_DOOMED is passed in the flags to unmount(2).
- In syslogd(8), add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages.
- In tmpfs, don't allow mounting with noval owner. It causes a panic later on.
- In factor(6), use an integer version of the Newton method instead of the floating point square root. This fixes a rounding issue.
- In imxesdhc(4/armv7) and fec(4/armv7), use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs.
- Hook up imxgpio(4) to the FDT gpio framework.
- Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route.
- In tcp(4), do not increase the size of the socket buffer under memory pressure.
- In tcpdump(8), recognize MPLS pseudowire with control words. Also print encapsulated ethernet packets.
- In acpimadt(4), properly handle Processor Local X2APIC structures. This makes secondary CPUs attach on the HP DL360 gen 9.
- Dynamically attach imxgpio(4) using the FDT.
- In mandoc(1), fix a bug causing .so links to gzipped manuals to fail in the absence of a mandoc.db(5) database.
- In omap(4/armv7), follow imx and match based on the compatible property of the root node in the fdt instead of attaching the device based on board IDs.
- Dynamically attach i.MX6 ehci(4) using the FDT.
- In ssh(1), improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. This prevents the possibility of a side-channel oracle, though no such oracle has been identified.
- In perl(1), fix a bug where XSLoader could try to load from a subdir of the cwd when called via eval (CVE-2016-6185).
- In malloc(3), correctly implement the three-valued J/j option.
- In syslogd.conf(5), allow space-deliminated fields in syslog.conf in addition to traditional tabs-deliminated fields.
- Various cleanups in route6d(8).
- Fix several places where calculating ticks could overflow, because on arithmetic overflows the compiler may decide to do anything.
- In libtls, correctly handle an EOF that occurs prior to the TLS handshake completing.
- Update to tzdata2016f.
- Build eeprom(8) on octeon.
- On octeon, add openprom(4).
- In libcrypto, add several fixes to make OCSP work with intermediate certificates provided in the response.
- In ld.so(1), remove unfinished prebind support.
- Avoid an integer overflow of the thrsleep() timeout. This prevents a panic.
- On the Quad-G5, make hpb(4) attach first when iterating PCI buses to allow openpic(4) to properly map interrupt for the devices instead of possibly dereferencing garbage.
- In rtable(4)
- In savecore(8), drop support for the undocumented second argument.
- In rcs(1), implement the -I option.
- In smtpd(8), add the -r option to the enqueuer for compatibility with mailx.
- Introduce the "chown" pledge(2).
- Update to perl 5.20.3.
- In rebound(8), avoid a crash by checking the cache tree for collisions when inserting replies.
- In aoa(4/macppc), support the AOAShasta soundchip found on PowerMac9,1.
- In ldpd(8):
- Add GTSM support (RFC 6720).
- Decrease the initialization FSM timeout. This allows quicker recovery of a session with a neighbor.
- Improve RFC 4447 compliance.
- In cat(1), indent the '$' on blank lines when the -ne options are used.
- Make accepted sockets inherit IP_TTL from the listening socket.
- Allow resetting the IP_TTL and IP_MINTTL sockopts.
- Fix an issue where syslogd.8 would print 15 NUL bytes followed by two blank spaces before the log message for warnings generated while parsing syslog.conf.
- Add acpicbkbd(4), a simple keyboard backlight driver for some Chromebooks.
- On armv7, allow booting on SolidRun's HummingBoards and CuBoxes.
- In sndiod(8), avoid triggering watchdog time-outs which prevent sndiod from resuming.
- Update perl Time::HiRes to 1.9739.
- Bump LibreSSL to 2.4.2.
- In rtadvd(8), prevent a NULL dereference.
- In malloc(3), adapt the S option: add C, and remove F and P.
- In inet6(4), restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
- In ssh(1), explicitly check for 100% completion in the progress meter. This avoids a potential floating point rounding error which could cause the progress meter to report 99% on completion.
- In vi(1), if /tmp/vi.recover doesn't exist, don't create it. Warn once that it doesn't exist, afterwards fail silently.
- In smtpd(8), explicitly enclose SMTP transactions between BEGIN and COMMIT/ROLLBACK filter events.
- In ioapic(4/amd64), don't write to the read-only RIRR bit in the IOAPIC redirection register. This may subsequently block interrupt delivery.
- In nc(1), add the -M and -m options to specify the outgoing and incoming minimum TTL.
- In fts_open(3):
- Do not return an error if one of the paths in argv is empty. This prevents programs using fts(3) from reporting an error if one of the paths is empty.
- When the list passed is empty, return EINVAL instead of pretending to succeed. This avoids a NULL pointer dereference in a later fts_read(3) call.
- Add the net.inet.ip.arptimeout and net.inet.ip.arpdown sysctl(8)'s for ARP timers.
- In bgpd(8), use IPV6_MINHOPCOUNT to finish implementing ttl-security for IPv6.
- Update to xkeyboard-config 2.18.
- In pkg_info(1), implement -z that uses is-branch info to produce "complete" stem--[flavor][%branch] listing.
- Add UDP unicast and multicast support for IP_MINTTL and IPV6_MINHOPCOUNT.
- On vmm(4/amd64), fix a panic when CPUs fail to spin up for other reasons during boot.
- On amd64 and i386, enable the UMIP feature if present.
- Enable ure(4) on the architectures where url(4) already is.
- 5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
A source code patch is available for 5.9.
- Repair kill(2) on zombie processes.
- In ldpd(8), fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected.
- In iwn(4), revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips.
- Restore the sys_o58_kill system call. This provides a clean transition for runtimes that make direct system calls.
- Make the IPV6_UNICAST_HOPS socket option usable for incoming TCP connections.
- In ip6(4), implement IPV6_MINHOPCOUNT support.
- In doas(1), revise environment handling. Add a "setenv" keyword to doas.conf(5) for manipulating the environment, the "keepenv" now means only retain everything.
- Add ure(4), a driver for Realtek RTL8152 10/100 USB Ethernet adapters.
- In pkg_add(1), make scp:// work with PKG_CACHE.
- In bcrypt(3), increase the minimum for auto rounds to 6.
- In login.conf(5), use auto rounds for bcrypt (on amd64, i386, macppc and sparc64).
- Dynamically attach cpsw(4/armv7) with the FDT.
- Dynamically attach tiiic(4/armv7) using the FDT. Only match on omap4 compatible controllers such as the one in the am335x on BeagleBone Black.
- Dynamically attach omdog(4/armv7) using the FDT.
- In pkg_add(1), recognize @option is-branch.
- Fix a pledge(2) issue with "fdisk /dev/tty".
- In libcrypto:
- Fix the ocsp code to actually check for errors when comparing time values. Ensure that it only compared GERNERALIZEDTIME values as per RFC6960.
- Ensure that OCSP uses Generalized Time on requests as per RFC6960.
- In pf(4), make nat-to usable by in rules and together with divert-to. Collisions with existing states are found and produce a "NAT proxy port allocation failed" message.
- Update to nsd 4.1.10.
- Log to syslogd(8) when the dmesg(8) buffer overflows and messages are lost.
- When pf_test() returns something but PF_PASS, set error to EACCES instead of EHOSTUNREACH. On the latter, ip_forward() can generate undesired ICMP errors.
- In pax(1), allow creation of devices or fifo without -p.
- In sshd(8), fix AuthenticationMethods during configuration re-parse.
- In fec(4/armv7), fetch MAC address from FDT.
- In unbound(8):
- Update to unbound 1.5.9.
- Fix a segfault in the -h option.
- Fix QNAME minimisation with various broken DNS servers, often found at CDNs.
- In cn30xxgmx(4/octeon), add support for the second GMX interface on the Octeon II. This enables ports eth[0-3] on 8-port EdgeRouters.
- In iwm(4):
- Explicitly send multicast frames at the lowest rate, instead of picking a rate from the firmware RS table.
- Pass the correct Tx rate to BPF (tcpdump(8)) for 5GHz.
- Don't loop over CCK rates when building the Link-Quality command's RS table for 5GHz.
- Let the firmware deal with DTIM and TSF information details by itself. Fixes some association issues with 8260 hardware.
- Clear the in_assoc flag when going down.
- Add hyperv(4), the main Hyper-V nexus driver (work in progress).
- On amd64, set up the Hyper-V hypercall page and an IDT vector.
- In bgpd(8), dvmrpd(8), eigrpd(8), hostapd(8), httpd(8), ifstated(8), iked(8), ipsecctl(8), iscsictl(8), ldapd(8), ldpd(8), ospf6d(8), ospfd(8), pfctl(8), relayd(8), ripd(8), smtpd(8), snmpd(8), vmd(8), ypldap(8), do not allow whitespace in macro names, i.e. "this is" = "a variable".
- In ld.so(1), when handling DT_TEXTREL only set the mapping to READ+WRITE, ignore possible EXEC permission for the section, because the proper permission is set late, and there are no thread concerns in this case. This avoids W^X issues.
- In efifb(4), add support for drawing a console on a coreboot framebuffer. This is useful on chromebooks that have no legacy vga device or, for newer chipsets, a full console and X with wsfb(4).
- In pf.conf(5), change the parser to make af-to on pass out rules an error. This fixes a bug where a nonworking configuration could be loaded.
- On m88k, add sc_cookie in sigcontext, as same as other ports.
- In audioctl(1):
- Reimplement it using new API in a simper way.
- Group all encoding parameters in a single string (ex. "s16le") so that we use the same naming scheme as aucat, sndiod and many ports.
- Remove "properties" as they are not used any longer.
- Remove the list of encodings as there's no benefit in having it.
- Add the -q option, to look like sysctl(8).
- Remove the unused -a option.
- Stop using symlinks in /dev.
- In libcrypto, disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.
- In openssl(1), fix a bug loading the default certificate path locations. The files would only be loaded if the CAfile or CApath locations were successfully loaded first.
- In ld(1), make creation of text-relocations a fatal error by default, with -znotext to permit it and -ztext to reenable the default of forbidding it.
- In bgpd(8), show the "nexthop 1.2.3.4 now valid: via 192.168.0.1" message only in debug mode.
- Add ds1307(4), an I2C driver for the Maxim DS1307 Real Time Clock chip.
- In iwm(4), send PHY DB commands as async commands. This change makes it work better in RAMDISK kernels.
- Make umb(4) also work with devices that implement both NCM 1.0 and MBIM.
- Dynamically attach omap uart with FDT.
- Remove the lockmgr(9) API.
- In rcctl(8):
- Cache the result of often used functions.
- Implement "rcctl get|getdef all".
- In ldpd(8):
- Fix a use-after-free.
- Fix a memory leak.
- Fix removal of dual-stack neighbors.
- In cn30xxgmx(4), make the 1 Gbps SGMII settings the default to define a consistent set of parameters even if a link is down.
- Add the net.inet.tcp.rootonly and net.inet.udp.rootonly sysctl(8)'s, to mark which ports cannot be bound to by non-root users.
- In iwm(4), plug some memory leaks in error paths.
- Dynamically attach ommmc(4/armv7) with FDT.
- In ldpd(8):
- Fix a small LIB-LFIB synchronization issue.
- Do not allow configuring the same interface for both LDP and VPLS.
- In smtpd(8), also add missing date or message-id when listening on the submit port.
- In sshd_config(5), ban AuthenticationMethods="" and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication (bz#2398).
- In pfctl(8), allow "include" in inline anchors.
- In tmux(1), allow a command to be specified to display-panes rather than always just selecting the pane.
- In acpitoshiba(4), enable suspend/hibernate fn keys.
- In smtpd(8):
- Rework the format of the "Received" header so that the TLS part does not violate the RFC.
- Increase number of connections a local address is allowed to establish, and decrease the delay between transactions in the same session.
- Properly reset the transaction when a filter rejects a message.
- Add umb(4), a driver for the Mobile Broadband Interface Model (MBIM) to provide support for USB MBIM devices.
- In tmux(1):
- Add -F to list-commands.
- Automatically exit all modes after 180 seconds of inactivity and if there is pending output.
- In ssh(1), remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching (part of bz#2585).
- Update to tzdata2016e.
- In pkg_add(1), restrict %m and friends to "separate words" so they won't collide with branch specifiers.
- In pppoe(4) and sppp(4), don't hardcode vlan/queue priority for pppoe packets, but instead inherit it from the new "llprio" setting on the pppoe(4) interface.
- In the timeout_add_*(3), prevent a round to zero.
- In pkg_add(1), implement "pkgname%branch" which can be used to restrict matches to a branch matching the pkgpath(7).
- Dynamically attach imxdog(4) using the FDT.
- Avoid socket splicing loops: if the same mbuf is spliced 128 times, assume that there is a loop and abort the splicing.
- In ldpd(8):
- Rework the handling of Hello packets in order to improve IPv6 support.
- Implement a timeout for the session initialization FSM. This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
- Implement support for the Configuration Sequence Number TLV.
- In utvfu(4), start/stop the audio bulk thread as the consumer opens/closes device.
- In uvm_map(9), avoid grabbing the kernel lock for interrupt-safe pools.
- In uhidev(4), do not execute the callback if the device is beeing detached. This should prevent a race triggering a use-after-free.
- Correct the pledge for "disklabel(8) -R -[fF]".
- Dynamically fec(4/armv7) using the FDT.
- In sxie(4/armv7) and sxiuart(4/armv7), handle both the nintr 1 (allwinner a10/cortex a8) and nintr 3 (allwinner a20/cortex a7) cases.
- On armv7, ignore everything from ":" onward in stdout-path when finding the console node. Characters after this are device-specific settings.
- Dynamically attach imxuart using the FDT.
- In exuart(4/armv7), override the address found with FDT if the board ID is c210, because the qemu smdkc210 target uses serial0 for console while the exynos4210-universal_c210 dtb specifies stdout as serial2.
- Dynamically attach sxiuart using the FDT.
- Dynamically attach sxie(4/armv7) using the FDT.
- In ldpd(8):
- Fix parsing of multiple optional TLVs in label and notification messages. This fixes IxANVL LDP test 15.3.
- Make it possible to parse unknown TLVs in the future.
- Send an "Unknown FEC" Notification for unexpected wildcard FECs. This fixes ANVL LDP test 15.6.
- Add missing ntohl(3) when recording a label request. This fixes the following ANVL LDP tests: 1.5 and 9.4.
- Parse the whole Hello packet before processing it. This fixes a bug where we could create a dynamic targeted neighbor in response to a malformed packet.
- In ifconfig(8), add the "llprio" parameter to set the priority of packets that do not go through pf(4).
- In acpi(4), don't attempt to attach acpitimer(4) if the timer isn't present. The power management timer has been made optional in ACPI 5.0A.
- In tetris(6), when eliding a row, clear the invisible row zero, so that no columns can become unusable during game play.
- In ldpd(8):
- Send a fatal notification when the last hello adjacency is deleted. This fixes the following ANVL LDP tests: 7.17 and 23.3.
- Do not shut down the session upon receiving unknown messages. This fixes IxANVL LDP test 22.13.
- Set the Message ID for Hello messages too.
- Dynamically attach imxesdhc(4/armv7) using the FDT.
- Add SGMII support and PHY addresses for 8-port EdgeRouters. This makes plain RJ45 ports eth[4-7] usable.
- Dynamically attach i.MX6 ahci(4) using the FDT.
- In ldpd(8):
- Add one more safety check for Initialization messages. This fixes the following ANVL LDP tests: 6.5, 6.6 and 6.11.
- Change what is considered a NACK for our Initialization messages. This fixes the following ANVL LDP tests: 6.19, 6.21 and 6.22.
- Discard Hello packet if advertised transport address is of different AF. This fixes IxANVL LDP test 5.13.
- Fix quick reconnect when the transport address is changed.
- Remove octhci(4). It has been superseded by dwctwo(4).
- Do the full W^X check on hppa and mips64.
- On armv7, use FDT to find the console to initialize.
- Attach acpitoshiba(4) on Libretto, Dynabook and SPA40 laptops.
- Enforce W^X and map W|X segments without X permission initially. The dynamic linker will make these read-only and add back X permission after relocation processing.
- In ld.so(1), some ELF ABIs still require a PLT that is both writable and executable. To avoid W^X violations, initially map such segments as writable and non-executable, and change the mapping to non-writable and executable after initial relocation processing.
- In ld.so(1), accommodate ELF ABIs that require a PLT that is both writable and executable, without causing W^X violations.
- In sshd(8), revert src/usr.bin/ssh/kexgexs.c r1.28 ("Check min and max sizes sent by the client"). It caused "key_verify failed for server_host_key" in clients that send a DH-GEX min value less that DH_GRP_MIN.
- In doas.conf(5), revert the setenv feature.
- In aucat(1), add the -g and -p options to control device and file start position.
- Add ktrace support for pollfd[] arrays.
- In aucat(1), fix a bug that causes an abort in the last samples of certain files.
- In kdump(1), avoid printing the long string format for times in the 1970s.
- Let vfprintf(3) return EOVERFLOW rather than ENOMEM for overflow conditions to match POSIX.
- In mount_tmpfs(8), allow to set wxallowed on tmpfs filesystems.
- In ldpd(8), speed up session establishment after config reload.
- In video(1), to match the encoding type, compare against "pixelformat" instead of "description". This fixes the VIDIOC_ENUM_FMT ioctl for utvfu(4).
- Move nd6_output()s "short-circuiting" for non-lladdr interface types earlier. This fixes some IPv6 pppoe setups.
- In libcrypto, correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
- In tmux(1):
- Allow #[] in window-status-separator.
- Insert new panes after the pane being split in the list rather than always after the active pane.
- Cache selected state so that cells going from selected to unselected are not skipped.
- In rebound(8), revert r1.27 of src/usr.sbin/rebound/rebound.c that used nonblocking sockets and spinned on them, trying to preemptively avoid kevent.
- In ld.so(1), avoid a W^X violation when setting DT_DEBUG on mips64.
- In eigrpd(8):
- Reset the interface uptime when it is restarted.
- Fix a potential SIGBUS on startup.
- In netstat(1), display correct the counter for the "no basic MCS set" error.
- In dig(1), reduce confusion about the -p option. Parse it, but only permit port 53, and make it an error otherwise instead of a warning.
- In smtpd(8), deal with LMTP servers returning continuation lines.
- Add uvm_share(9) to share a memory range between two address spaces. Its primary use is to make guest VM memory accessible to the host (e.g. vmd(8)).
- In ommmc(4/armv7), reset the bus width back to 1-bit when resetting the host.
- In eigrpd(8), improve security by calling exec(3) after fork(2). This way it has separate ASLR/cookies per process.
- In doas.conf(5), add the "setenv" directive.
- Abort a process if it trips the W^X violation check, unless it came from a filesystem with the wxallowed flag set.
- In video(1), add -q to only display the device properties and quit.
- In bgpd.conf(5), add the =, !=, - (range), >< (exclusive range) operators to the as-path filters (AS, peer-as, source-as, transit-as).
- In iwm(4), fix multicast Rx by updating the MAC context again after sending multicast filter and STA settings during association. This makes ARP and inet6 autoconf work again.
- Avoid decreasing uvm_maxkaddr which may cause the "address selector returned unavailable address" panic.
- In ssh(1), allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using "ssh -W" (but still default to "yes" in that case) (bz#2577).
- In dhclient(8), change the reboot default value to 1 second.
- On armv7, rename imxenet(4/armv7) to fec(4/armv7).
- In kdump(1), allow printing timestamps relative to the beginning of the trace.
- On amd64, fix two issues in the MSI-X code: actually read the MSI-X capability register, and correctly decode the table sizefromits contents.
- In gcc(1), fix internal compiler error with long long arithmetic.
- In mmap(2), prevent vsize_t underflow when checking RLIMIT_DATA, which made the check ineffective when you already had more memory than your limit allowed.
- In iked(8), use the last 32-bits of the IPv6 address to dynamically assign addresses from the pool, instead of the fourth byte.
- In intel(4), fix an undefined symbol crash when opting into uxa.
- In aucat(1), set exit status to 1 if -n is used without -i and -o.
- In nc(1), support the use of service names instead of port numbers.
- Let rmdir(2) return EINVAL intead of EBUSY when trying to remove ".". This restores POSIX compliance for rmdir(2) and rmdirat(2).
- In newsyslog.conf(5), increase permitted sizes for the daemon and messages logs.
- In disklabel(8), unbreak automatic disk allocation based on a template.
- In umsm(4), add support for Netgear/Sierra Aircard 340U.
- In uvideo(4), correctly set the V4L2_BUF_FLAG_QUEUED and V4L2_BUF_FLAG_DONE buffer flags.
- In iked(8):
- Fix a bug in the code that replaces unspecified (e.g. 0.0.0.0) addresses by specified (e.g. 192.0.2.1) ones in IPv6 case.
- Implement a second address pool specifically for IPv6, so that clients can be given an IPv4 and IPv6 address at the same time.
- Remove the net.inet6.ip6.rr_prune sysctl(8).
- Add utvfu(4), a USB device driver for Audio/Video capture devices based on the Fushicai USBTV007 chip.
- Make xhci(4) usable on machines with xHCI BIOS support like most of the recent DELL.
- Add support for using SRPs without the garbage collection machinery.
- In sshd(8):
- Ensure that the client's proposed DH-GEX max value is at least as big as the minimum the server will accept.
- Check min and max sizes sent by the client against what we support before passing them to the monitor.
- Fix ptrace PT_WRITE_D that returned EFAULT (broken in src/sys/kern/sys_process.c r1.33).
- In libexpat, fix CVE-2016-0718.
- In installboot(8), add support for armv7.
- In binutils, port over the binutils fix for PR ld/3111: greatly speed up linking of object files that contain lots of dwarf2 symbols by caching symbol tables.
- In newfs(8), permit wxallowed on mfs.
- In libedit, fix a crash that occurred when the history contained more than twice as many entries as the new limit.
- Ensure that softraid(4) crypto is not run on the crypto taskq.
- In video(1), guard against using tp_start uninitialized in case no frame was grabbed in verbose mode.
- Stop creating and inserting a route entry for ARP and ND automagically.
- Flush dynamic route entries attached to an interface when its link state becomes DOWN. This should fix stale RTF_DYNAMIC routes when switching WiFi network during suspend/resume.
- Plug a route entry leak triggered under memory pressure.
- In video(1), add In mmap(2) support for frame grabbing and make it default over read.(2) unless overriden by the -g flag.
- Identify W^X labelled binaries at execve(2) time based upon the WX_OPENBSD_WXNEEDED flag set by ld -zwxneeded.
- In sed(1), fix a begin-of-word mismatch.
- On amd64, include rdtsc in the rdrand callback.
- Deal with interfaces removing the VLAN header before the packet has been feed to the pseudo-interfaces input handlers.
- Update to freetype-doc 2.6.3.
- In libc on i386, do setjmp cookies for eip, esp, and ebp.
- In libc on mips64, do setjmp cookies for gp, sp, and ra.
- 5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements.
A source code patch is available for 5.8 and 5.9.
- Update to xserver 1.18.3.
- Update to freetype 2.6.3.
- In smu(4/macppc), add support for new smu-firmware fan commands.
- Update to mesa 11.2.2.
- Fix a pledge(2) violation with "ncheck_ffs /dev/tty".
- In ld(1), implement -z wxneeded.
- Fix a pledge(2) violation with "pdisk /dev/tty".
- Implement the fork+exec pattern in smtpd(8).
- Fix pledge(2) issues in growfs(8).
- In nc(1):
- Fix -verbose mode when used on a Unix domain socket.
- Fix a pledge(2) violation when -P is used and a passwords needs to be supplied.
- In iwm(4), add support for Intel Wireless 3165 devices.
- In fsirand(8) and fsck_msdos(8), fix a pledge(2) violation that can be triggered by using DIOCGDINFO on a file that is not a disk device.
- In disklabel(8), don't crash if no filename is provided.
- In iwm(4), add support for Intel Wireless 8260 devices.
- In aucat(1), fix file block size rounding and ensure it's large enough to store a full audio block.
- In the install script, set the "wxallowed" mount(8) option for the filesystem /usr/local resides on.
- No longer allow W^X violations by default. A kernel log message is generated, and mprotect(2) and mmap(2) return ENOTSUP. If the kern.wxabort sysctl(8) is set, a SIGABRT occurs instead. W^X-violating programs can be permitted per FFS/NFS filesystem, using the "wxallowed" mount(8) option.
- In aucat(1), when resampling, use the exact resampling factor instead of the ratio between input and output block sizes. This change makes playback/recording rate match exactly the requested sample rate.
- In httpd(8), return 400 (Bad Request) instead of 500 (Internal Server Error) for requests not specifying the HTTP version.
- When initializing the console, add a short delay so that baud rate changes on the console have a chance of working. This prevents the serial console on the APU from hanging when garbage is echoed to the tty.
- In procmap(1), reintroduce vnode-to-filename mapping.
- In rc(8):
- Skip library reordering if /usr/lib is on an NFS filesystem.
- Temporarily remount read-write if /usr/lib is on a read-only FFS filesystem.
- Make amaps use less kernel memory. This is achieved by grouping amap slots into chunks that are allocated on-demand by pool(9).
- In scp(1) and sftp(1), prevent screwing up terminal settings by escaping bytes not forming ASCII or UTF-8 characters.
- In regex(3), fix another one-byte buffer underflow (read access only).
- Avoid a use-after-free in ftp(1).
- In iwm(4), update to firmware API 16 and enable RTS/CTS frame protection.
- In the armv7 install script, use efiboot when setting up the installed disk.
- On octeon, prevent gather buffer starvation on currently supported systems.
- In acpitz(4), disable active cooling trip points when we lack the right method to operate.
- Place a cpu-dependent trap/illegal instruction over the remainder of the sigtramp page, so that it will generate a kernel fault if touched.
- Remove the kern.random sysctl(8).
- In umsm(4), support the Airprime/Sierra AirCard 313U and the Netgear/Sierra AirCard 770S.
- Various improvements to ldpd(8).
- In binutils on sparc64, make the PLT read-only. This allows the kernel and ld.so to load binaries without violating W^X.
- Add UTF-8 support to fold(1).
- On macppc, use 64-bit integers to fix fan scaling calculations.
- Build armv7 efiboot.
- In libc on hppa, add XOR cookies for rp and sp.
- In libc on powerpc, add XOR cookies for r1 (stack) and lr.
- Avoid a uvm fault when pulling an msdos-formatted umass(4) stick during mount while the USB stack is busy.
- In smtpd(8), start work on improving the log format.
- Build eeprom(8) on armv7.
- Implement openprom(4) for armv7.
- Make eeprom(8) -p print sensible numbers on little-endian platforms.
- Remove the -x flag from mount_msdos(8) and always assume the execute bit for readable directories subject to the mask option (-m).
- Stop making files executable on msdosfs.
- Fix a logic bug in DUID generation: we want to generate DUIDs until we have one that is not a duplicate and not a zero DUID.
- In ntpd(8), harden TLS for constraints.
- On armv7, dynamically attach imxiic(4/armv7) and use the FDT to enumerate devices on i2c busses. The CuBox-i and Hummingboard now need to be booted with an FDT to see the RTC.
- In cnmac(4/octeon), make the TX path MP-safe and add some ifq oactive logic.
- On armv7, resolve problems with ommmc(4/armv7) sometimes not attaching properly with recent u-boot versions.
- On macppc, hook up smu(4/macppc) to the thermal management framework.
- On macppc, add a thermal management framework which controls the fan speed based on the temperature sensor values.
- In the install script, log questions and answers during install/upgrade and mail them to the root user in a format usable as a response file for autoinstall(8).
- In libcrypto, fix a short-read bug in the previous version of asn1_d2i_read_bio.
- On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions.
- Remove the net.inet6.ip6.v6only sysctl(8).
- 5.9 RELIABILITY FIX: Possible data corruption in bnx(4).
A source code patch is available for 5.9.
- In ieee80211(9), in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice.
- Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy.
- On octeon, accept cnmac as a valid rootdev from uboot (e.g. rootdev=/dev/cnmac0).
- Rework the fix to prevent a kernel crash when sendsyslog(2) is called with LOG_CONS and the console device has not been intialized yet.
- In regex(3), fix a one-byte buffer underflow (read access only).
- Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events.
- Fix "skeyinit username" run as root.
- 5.8 and 5.9 SECURITY FIX: Insufficient checks in the uvideo(4) V4L2 ioctl(2) handling leak kernel memory contents to a local user.
A source code patch is available for 5.8 and 5.9.
- Completely skip link-layer address resolution and NUD on gif(4).
- In uvideo(4), plug some holes in the V4L2 ioctl(2) interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue.
- In httpd(8), fix some file-descriptor leaks.
- Enable the pcf8523 RTC on Hummingboard and CuBox-i.
- 5.9 RELIABILITY FIX: Issues in smtpd(8).
A source code patch is available for 5.9.
- In smtpd(8):
- Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.
- Plug a file-pointer leak that can lead to resource exhaustion and result in a crash.
- Have POSTREAD flush the D-cache. This eliminates random data corruption on the CuBox-i4Pro.
- Add pfcrtc(4), a driver for the NXP PCF8523 Real Time Clock.
- In xge(4), enable reception and transmission of Jumbo frames.
- In smu(4/macppc), add support for pwm fans.
- Initial stab at an EFI bootloader for armv7.
- In sysmerge(8), no longer handle /etc/example files.
- In install(1), add -F to call fsync(2) on the installed file right before closing it.
- In tmux(1), add -q to source-file to suppress errors about nonexistent files.
- In eigrpd(8), disable EIGRPv6 on an interface when it loses its link-local address.
- Remove the hppa64 port.
- Allow zaudio(4) to start when large blocks are requested.
- Make the mips64 pmap MP-safe.
- In top(1), allow to filter process arguments if they are being displayed.
- Avoid a kernel crash when sendsyslog(2) is called with LOG_CONS and the console device has not been intialized yet.
- Do SROP mitigation. sendsig() stores a cookie inside the sigcontext. sigreturn(2) checks the syscall entry was from the exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie, and clears it to prevent sigcontext reuse
- Try harder to avoid using random data on the disk as an inode, because FFS2 does lazy inode initialization. This avoids crashes when translating a bogus filehandle to a vnode.
- Update to libexpat 2.1.1.
- In rcs(1), implement Mdocdate keyword substitution.
- In imxesdhc(4), add DMA support. It uses ADMA2 "Internal DMA" that is compatible with the SD Host Controller standard.
- In chvgpio(4), add support for level, active low gpio interrupts.
- In wall(1), enable UTF-8 detection in wall(1). This deliberately ignores UTF-8 characters and replaces them with a single question mark.
- In bytgpio(4) and chvgpio(4), add support for writing gpio pins.
- In ifconfig(8), stop printing the MPSAFE interface flag. It is a kernel-only hint and printing it only creates confusion.
- Add chvgpio(4), a driver for the GPIO controllers found on Intel's Cherry View SoC.
- On powerpc, flush page (through the direct map) before mapping it into AGP. This fixes artifacts seen in X on some G5 machines.
- In the getpwnam(3) family of functions, stop opening the shadow database by default.
- In tcpdump(8), print RA Route Information prefix, preference and lifetime.
- Use a Thread Information Block in both single and multi-threaded programs. Make libpthread dlopen(3)'able.
- In bytgpio(4), implement ACPI 5.0 GeneralPurposeIo OpRegion support.
- Import Term::ReadKey 2.33.
- In imxesdhc(4), add support for changing the bus width and set the 4-bit mode capability.
- Make the imxesdhc(4) work on the cubox-i.
- Revert the default cachepercent to 20.
- In tcpdump(8), print the router preference contained in RAs in verbose mode.
- Fix efiboot not to hang with a disk whose block size is less than 512.
- Fix packet corruption in bnx(4).
- Add Dual Data Rate support for eMMC at 52 MHz.
- In gcc(1), add support for named initializers for anonymous structs/unions. This is a C11 feature that is starting to get used in places such as Mesa.
- In midiplay(1), fix one of the reads past the end of the buffer.
- In acpithinkpad(4), avoid a division by zero in wsconsctl(8).
- In dc(4), cope with the broken DMA engine of the Davicom DM9102 found on some Sun sparc64 machines.
- On sparc64, avoid having to panic on hardware with a broken DMA engine that attempts to read beyond the end of the buffer that was programmed.
- Add initial support for MSI-X, only on amd64 for now.
- In ssh_config(5), add IdentityAgent.
- In sdmmc(4), add high-speed support for SD cards. This causes serious improvement in the read speeds.
- In bytgpio(4), don't mask pins configured as direct IRQ. This nbreaks the keyboard on the Asus x205ta.
- In ssh(1), fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks.
- Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code.
- 5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the advisory.
A source code patch is available for 5.8 and 5.9.
- In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types.
- Reduce the number of lookups to 1 for non-multicast traffic when pf(4) is disabled.
- In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.
- In telnet(1), don't check if the hostname is a fully qualified domain. This prevents pledge(2) "dns" issues.
- In tmpfs, fix some issues regarding timestamp updating.
- In ssh:
- Support SHA256 and SHA512 RSA signatures in certificates.
- Add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03.
- On arm and armv7, rework mainbus and implement simplebus to be able to span a tree-like topology based on device tree information.
- In ommmc(4/armv7), add support for changing the bus width to ommmc and set the 4-bit mode capability.
- Add bus width switching support for MMC. Enable 8-bit bus support on sdhc(4) controllers that support it. This makes the raw transfer rate of the eMMC on the Lenovo Ideacentre Stick 300 go up to 40 MB/s.
- In sdhc(4), fix the DMA issues on Bay Trail.
- Add support for changing the bus width to the sdmmc(4) subsystem and the sdhc(4) controller. Use this to switch SD cards to a 4-bit bus if they support it.
- In sppp(4), fix a bug causing breakage with LCP echoes.
- 5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with carp(4).
A source code patch is available for 5.9.
- Convert ldapd(8) to use the libtls API.
- In file(1), fix the default type to work properly.
- In bytgpio(4), mask all gpio interrupts when attaching. This fixes an interrupt storm on the Lenovo Ideacentre Stick 300.
- In sdhc(4) and sdmmc(4):
- Implement DMA support (only ADMA2 is supported). There is a remaining issue with simultaneous use of eMMC and external SD card on (some) Intel Bay Trail hardware.
- Enable the ADMA error interrupt.
- Enable high speed timing for bus clock frequencies over 26MHz and advertise support for it.
- In tmux(1), add options to include status text in the pane borders.
- Fix several bugs due to uninitialized struct nameidata's.
- In softraid(4), panic when attempting to execute a scsi command with no discipline defined.
- Fix a bug causing gzip(1) to think the resulting file was got larger during compression.
- In daily(8), no longer call mailq(8).
- In sysmerge(8), in interactive mode, check syntax of several important files after merging to give some protection against bad merges.
- Don't allow the routing table of a bound socket to be changed. This is not intended and will behave unexpectedly if the address is already used in another domain.
- In tmux(1), fix keys parsing again to correctly accept Unicode when not prefixed with Escape.
- In smtpd(8), fix "smtpctl show queue" reporting "invalid" envelope state.
- In ssh(1), close the ControlPersist background process stderr when the daemon is not in debug mode or when logging to a file or syslog (bz#1988).
- In MAKEDEV(8), replace /dev/bpf[0-9] with /dev/bpf and /dev/bpf0.
- In dhclient(8), if the attempt to broadcast a DHCPDISCOVER packet returns EAFNOSUPPORT, just print an error message and exit.
- In installboot(8/i386), plug a couple of leaks of input buffers.
- In libssl, allow ^C to break operations such as reading passwords.
- In libssl, implement the IETF ChaCha20-Poly1305 cipher suites. The old Google implementation continues to be supported, but the ChaCha20-Poly1305 cipher suites names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
- In libssl, rename EVP_aead_chacha20_poly1305(3) to EVP_aead_chacha20_poly1305_old() and replace it with EVP_aead_chacha20_poly1305_ietf(3). The IETF version will become the standard version.
- In ieee80211, rework handling of frames which fall beyond the block ack window.
- In netstat(1), display block ack window slide counter.
- In compress(1), account for multiple streams in "gzip -l" output.
- In httpd(8), simplify TLS configuration handling and prevent a memory leak when there are multiple certificates specified for the same server.
- In ifconfig(8), show 11n HT rate in "ifconfig scan" output.
- Unbreak fsck_ext2fs(8).
- In libedit, initialize the search buffer to avoid a potential read buffer overrun.
- In xge(4), correctly set up byteswapping so this chip works on big-endian architectures.
- In tmux(1), apply backspace check after working out the actual key, so that M-BSpace can work.
- In xge(4), align rx buffers so ip packets will be aligned correctly for the stack.
- In ksh(1), do not handle echo "`echo \"hi\"`" in POSIX mode differently than in traditional mode. This aligns ksh's behavior with bash and FreeBSD sh.
- In netstat(1), make -W show the new 802.11n counters.
- In netstat(1), print tcps_noport with "netstat -s" like it is already done for udp.
- In tmux(1), fix problems with meta and Unicode keys.
- In rcctl(8), implement daemon_rtable support.
- In rc.subr(8), introduce rtable(4) support to rc.subr(8).
- In readelf(1), show octeon in "readelf -h" output.
- In rc(8), re-link (only the newest) libc.so on startup, placing the objects in a random order.
- In softraid(4), don't attempt a rebuild using a hot spare with a sector size greater than the sector size of the softraid volume.
- Use pledge(2) in groupadd(8), groupmod(8), groupdel(8), groupinfo(8), user(8), useradd(8), usermod(8), userdel(8) and userinfo(8).
- In sysmerge(8), be consistent in batch and interactive mode: ensure sysmerge can be re-run if a file is left for later.
- In acpitz(4), if the temperature is below the active cooling level for a tz, turn the fan off regardless of what state it is currently in.
- In rtsx(4), match on RTS522A found in 2016 ThinkPads.
- Remove systrace support.
- In the install script, when upgrading automatically run sysmerge(8) in batch mode before fw_update(1).
- On macppc and socppc, don't check if the CPU is inside the idle loop when entering ddb(4). This allows putting breakpoints in interrupt context and have them work if an interrupt fires while the CPU is idle.
- In httpd(8), always pass the QUERY_STRING variable to the FastCGI handler.
- In Xserver(1), fall back to /dev/ttyC0 when the console device is not a wsdisplay(4).
- In ichiic(4), match on Intel 100 Series LP.
- In puc(4), match on Intel 100 series and 100 series LP PCH.
- In azalia(4), enable snooping on Intel 100 Series LP HDA.
- Fix an issue where the 32-bit UEFI bootloader (BOOTIA32.EFI) would not detect a GPT leading to a failure to boot.
- On mips64, sync dcaches and invalidate icaches of all active CPUs of a pmap when making a page executable. This prevents some icache inconsistencies that caused process crashes on multiprocessor IP27/IP30 systems under load.
- In dwiic(4), match on Cherry Trail.
- In synaptics(4), don't stop scrolling when handling TOUCH_RESET events.
- In asmc(4), don't try to probe light sensors for machines with none available.
- In mpbios(4), don't attach if "default configuration" mode is detected during probe rather than panicking.
- In smtpd(8), use automatic DH parameters instead of fixed ones. Also disable DHE by default since it is computationally expensive and a potential DoS vector.
- In perl(1), apply fix for perl bug 123562 (CVE-2015-8853).
- In changelist(5), don't watch unbound(8)'s DNSSEC root zone key, to reduce security(8) spam.
- In re(4), if RTL8111E on PC Engines APU is detected, configure NIC LEDs to display link (instead of the default of a normally-off light for network activity and nothing for ethernet link).
- In changelist(5), add the iked(8) default key.
- Add the editline(7) manual.
- Make setting a vlan(4) interface's lladdr more likely to work.
- Use the correct byte-order when checking against baddynamic ports.
- In xen(4) and xnf(4), allow to grant memory access to domains other than dom0. This fixes running OpenBSD under QubesOS.
- In pod2man(1), enable UTF-8 output by default and provide a --no-utf8 command line option to disable it.
- In pax(1), skip empty lines in the input read for "tar -T", "cpio -E", and cpio(1) with stdin.
- On amd64, make the aesni crypto implementation MP-safe.
- Add a mechanism for dispatching MP-safe crypto operations.
- Update to tzdata2016d from from ftp.iana.org.
- Bump the default of cachepercent to 90 to see if we can find problems before we try to remove it entirely.
- In pppoe(4), remove a hack that prevented changing pppoe params at runtime.
- In nvme(4), fix a bug causing memory corruption seen on amd64 (and masked on sparc64).
- In rbootd(8), don't bcopy(3) non-exchangeable structs. This should unbreak connection timeouts.
- Remove am_maxslot from amap and remove the corresponding output from procmap(1).
- In inteldrm(4), make the GMBUS code work on Intel ValleyView.
- In rm(1), don't allow removal of "/".
- In eigrpd(8):
- Fix a corner case in Feasible Condition check.
- Fix a segfault when reloading the config multiple times.
- Check for subnet overlap between the configured summary-addresses.
- Various other fixes and cleanups.
- In vlan(4), rework configuration and mark it as MP-safe.
- Enable nvme(4) on amd64 and sparc64.
- In ssh_config(5), implement the "Include" directive.
- In mandoc(1), fix a process group race sometimes causing a spawned less(1) to complain "Stopped (tty output)".
- In mg(1), add "sentence-end-double-space".
- On octeon:
- Enable UART FIFOs.
- Enable write buffering with write merging. This improves overall performance notably.
- Enable device cloning for bpf(4).
- Re-enable pckbd(4) on resume. This fixes problems on (at least) various HP laptops that previously had no working keyboard after resuming from zzz(8).
- On amd64 and i386, use a CPUID function to determine presence of general purpose architectural performance counters. This fixes a panic seen on some hypervisors when pctr(1) is used when the hypervisor masks out the counters.
- Various improvements to nvme(4).
- In libssl, use the correct IV and counter when decrypting the ciphertext for EVP_aead_chacha20_poly1305_ietf(3).
- In man(1), give manuals in purely numerical sections priority over manuals of the same name in sections with an alphabetical suffix (e.g. 3p).
- In awk(1), fix a crash with empty assignments, (e.g. "BEGIN {i=$1}").
- In pstat(8), fix a crash when the -T flag is specified.
- In nvme(4), read chip capabilities before operating on it. This ensures the proper timeout for chip enables/disables are obtained.
- In mg(1), stop putting a space at the end of a paragraph when using fill-paragraph.
- Prevent a kernel panic by providing a dummy function for bridge(4)'s if_output.
- On sparc64, (temporarily) disable ahc(4) so that GENERIC.MP kernels don't overflow the 8M reserved for .text and .rodata sections.
- In rev(1), enable UTF-8 support.
- In libedit, reset the terminal to its initial state before exiting a program that is using libedit.
- In bgpd(8), don't exit when receiving an RTM_CHANGE message for an RTF_MPATH route that is actually on an interface.
- In pf(4), don't panic if an mbuf(9) already has a statekey. This should help finding the remaining corner cases of packets looped back in the stack.
- In vmd(8), place a BOOTARG_END section at the end of the boot arguments list pushed to the VM during boot. This makes it possible to install and run an OpenBSD i386 guest VM using vmm(4).
- In libsndio, switch to the "new" audio(4) API.
- In ssh(1), don't record duplicate LocalForward and RemoteForward entries (bz#2562).
- In bgplg(8), use SERVER_NAME for the hostname displayed on the page.
- Increase size of the clone bitmap. This is required for upcoming work on cloning bpf(4).
- In vmm(4), support processors without unrestricted guest capability.
- Fix EXA detection in r128(4), cirrus(4), mach64(4) and mga(4).
- Enable creation of softraid(4) volumes using disks with non-512 byte sectors. This increments the metadata version.
- Fix a memory leak in isakmpd(8).
- In dhcpd(8), fix an abort due to a missing pledge(2) promise.
- Add -f to ndp(8).
- In grep(1), don't do reverse search optimization if looking for all matches in a line.
- On armv7, map and use the bootconfig/FDT area passed by u-boot and try to init FDT on it. This allows for the use of device tree information.
- In Xserver(1), implement VT switching (based on the USL compat interface) in the wscons console backend and use it by default.
- Update to xf86-video-ati 7.6.1.
- In ihidev(4) and dwiic(4), add support for I2C HID devices with GPIO signalled interrupts.
- In rcctl(8), rename the "faulty" list action to "failed".
- In tftpd(8), go in the background much later to reduce possible silent failures.
- If one of the TCP SYN cache buckets overflow, it might be a collision attack against the hash function. Mitigate this attack by reseeding the hash function as soon as possible.
- In uslcom(4), add support for the USB console port on Aruba 7xxx wireless controllers.
- In ssh(1), remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file (bz#2559).
- In wsmouse(4), add support for multitouch input.
- In rdistd(1), properly create directories that do not exist on the destination.
- Improve support for alphas without all IEEE-mode instructions.
- In gcc(1), fix optimization for alphas without the "precise arithmetic trap" extension.
- In tmux(1), bump the listen(2) backlog up from 16 to 128.
- Implement proxy ARP for ART based on mpath support.
- In acpi(4), hook up the gpio interrupt on devices that use it for card detection. This makes the SD card slot on machines based on Intel's Bay Trail SoC fully functional.
- In bytgpio(4), add support for gpio-based interrupts.
- Add getlogin_r(2) system call that checks and returns errors like the userspace getlogin_r() API.
- Remove MLINKS from base. They are no longer required by mandoc(1).
- Enable oce(4) on sparc64.
- In binutils, fix fallout from the switch to binutils 2.17: the binaries created by 2.17 aren't recognized by the in-tree gdb(1) because it's built with the bfd code from 2.15.
- Add the net.inet.tcp.synuselimit sysctl(8) to adjust tcp_syn_use_limit. This is convenient to test the feature and may be useful to defend against syn flooding in a denial of service condition.
- In authpf(8), avoid a dereference of a null object.
- In tcpdump(8), properly check for the end of captured packet while printing CDP packets.
- Ensure that a thread that calls sched_yield(2) ends up on the run queue behind all its sibling threads. This results in significant improvements for processes that suffer from lock, most notably firefox.
- Add bytgpio(4), a driver for the gpio controllers found on Intel's Bay Trail SoC.
- In netstart(8), don't delete the 224/4 route unless it's being done to ensure that a -reject route can be added. This restores the ability to set an interface route before daemons are started.
- Avoid an attack that could prevent reseeding of the hash function used for the hash buckets in the TCP SYN cache.
- In sdhc(4), make it possible to override the standard card detect mechanism to appease the SD controller on Intel's Bay Trail SoC.
- Avoid a NULL pointer dereference when pulling and unmounting a umass(4) USB stick.
- In libssl, fix a memory leak.
- Switch from the SolidRun i.MX6 U-Boot to mainline U-Boot on the CuBox-i.
- Always include the route priority in routing messages.
- Do not populate RTAX_NETMASK when sending a routing message for RTF_HOST entries. This preserves old behavior with ART and fixes a regression.
- In rc.d(8), make it possible to get usage as a non-root user.
- In less(1) and ul(1), improve handling of ambiguous overstrike sequences.
- In gcc(1) on arm, change the default arch target from strongarm (armv4) to arm9e (armv5te without xscale extensions).
- Enable ART (Allotment Routing Table).
- Ensure that a found proxy ARP entry has the correct flag.
- In kernel clock, set ticks 15 seconds before its value wraps. This helps to identify issues around ticks wrap in 15 minutes instead of 240ish days.
- In kdump(1), display NAMI records and AF_UNIX socket(2) paths with vis(3).
- Update to tzdata2016c from ftp.iana.org.
- In pipex(4), don't leak an mbuf when copying a packet fails.
- Remove ARM10 and ARM11 support.
- Fix various issues with bad gateways being picked up by bgpd(8).
- Remove ARM9E support.
- In npppd(8), log the reply message from RADIUS server when the authentication fails.
- Add pledge(2) to tokeninit(8).
- Rename sendsyslog2(2) to sendsyslog(2).
- In ral(4), improvements for the RT2860 chip:
- Fix watchdog timeouts and dropped frames under load.
- Fix a bug where oactive is not set and mbufs are dropped.
- Add a counter in the TCP SYN cache and in netstat(1) -s to show how often the hash function is reseeded and the random bucket distribution changes.
- On octeon, use the list of the usable memory regions provided by U-Boot instead of the hardcoded regions in memory setup.
- In ksh(1), make the "command" builtin POSIX-compliant and consistent with other current shells.
- In ld.so(1), let the stack smash handler log to console directly if it is not possible to deliver to syslogd(8).
- In vnet(4), plug a memory leak in ioctl(2) code path.
- Many improvements of libedit, in particular with regard to UTF-8 support.
- In axen(4), initialize the hardware on reset. This allows it to attach reliably and pass traffic, and prevents a panic when unplugging it.
- Import libdrm 2.4.67.
- Attach dwctwo(4) only on Octeon models that have a DWC2 controller.
- Remove support for StrongARM (SA1), IXP12x0, IXP425 and XScale 80200.
- In vi(1), avoid a backwards memcpy(3) when issuing ":e +something".
- In tmux(1), make scrolling behaviour more sensible and maintain cursor position, as if the same had been done line-by-line.
- In pkg_add(1), use a new _pkgfetch user for separation instead of the _pfetch user.
- Remove ARM8 and ARM9T support.
- Add octuctl(4), a driver for the Octeon II USB Controller Interface, and attachments for ehci(4) and ohci(4).
- In puc(4), add support for the TXIC TX382B (currently TX/RX FIFO is not working).
- In column(1), lpq(1), ls(1), newfs(8), ps(1), rusers(1), sed(1) and growfs(8), use the COLUMNS environment variable first, and either terminal width or a hardcoded value (typically 80) as appropriate.
- In libssl, use explicit_bzero(3) for ASN1 objects on free. Too often these contain sensitive information.
- In vi(1), add error checking for the COLUMNS and LINES environment variables to avoid a crash.
- In sd(4), prevent a use-after-free of the scsi link structure during detach.
- Expose new and much simpler audio(4) ioctls.
- In npppd(8), transition to "Req-Sent" had been missing when RTA in "Opened". This caused a timer event leak.
- Update to tzdata2016b from ftp.iana.org.
- Allocate amap slots for a virtual memory range reserved with sbrk(2) lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory.
- For amaps with only a few slots, allocate the slots via pool(9). This saves some memory and reduces kmem pressure.
- 5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs.
A source code patch is available for 5.9.
- 5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
A source code patch is available for 5.7, 5.8 and 5.9.
- In puc(4), add support for the Exar XR17V354 device.
- Remove the legacy uiomovei(3) function. It has been replaced by uiomove(9).
- In ssh(1), unbreak authentication using lone certificate keys in ssh-agent (bz#2550).
- In acpicpu(4), correct the value of SRT_ENDTAG: it was documented incorrectly in early ACPI specs.
- In libfontconfig, enable atomics operations on mips64 and mips64el.
- In vmm(4), introduce memory ranges to support VMs with 4G or more of RAM.
- In ichiic(4), ignore the SMBALERT# interrupt. This fixes booting the GENERIC kernel on ADI RCC-VE with buggy BIOS versions, rendering the internal eMMC flash unusable.
- In kdump(1), recognize ipmi, vscsi, pvbus, udl, fuse, trunk, pipex and memrange ioctl(2) requests.
- In sd(4), avoid a kernel panic when unplugging an USB umass stick because of a use after free.
- Avoid corrupt mount points without a valid device when unmounting.
- 5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to xauth(1).
A source code patch is available for 5.7, 5.8 and 5.9.
- In ssh(1), sanitise characters destined for xauth(1).
- In isakmpd(8), don't retransmit responses for unauthenticated messages.
- Remove support for vax.
- In fdisk(8) and pdisk(8), accept only a character special device as disk.
- Rework how mpw(4) interacts with vlan(4). This will allow vlan(4) to become MP-safe.
- In xterm(1), use UTF-8 mode by default.
- In httpd(8), set the content charset for auto index generated pages.
- Make "cp -i" behave as "mv -i" or "rm -i", independently of whether stdin is a tty or not.
- Do not remove RTF_STATIC L2 entries from the routing table. Static entries might not have a cloning route to re-create them and hence be gone when their timer expires.
- In kdump(1), improve display of unknown and KTR_START records.
- Avoid refetching blocks already in the buffer cache. This significantly improves read operations on MSDOSFS.
- Update to xrandr 1.5.0.
- Update to libXrandr 1.5.0.
- In ksh(1), make "set +o" conform with POSIX.
- Tweak uvm assertions to avoid locking in some cases.
- In file(1), sync "archive" magic from file 5.25.
- In ntpd(8) constraints, avoid using %Z specification of strptime(3) which disagress with RFC7231 and can give surprising results on other operating systems.
- In tmux(1), improve UTF-8 locale checking.
- Update to unbound 1.5.8.
- In ksh(1), fix POSIX-compliant behavior of "set -u" regarding "$*" and "$@" specials.
- Almost completely rewrite mknod(8) in order to allow a speedup of MAKEDEV(8).
- In tmux(1), avoid accessing a NULL pointer.
- In vmd(8), set root device to sd0a, instead of wd0a.
- In ksh(1):
- Don't parse (...|...) patterns in variable substitution inside double quotes. This fixes a POSIX compatibility issue.
- Remove the mknod builtin.
- In ssh(1), fix ClientAliveInterval when a time-based RekeyLimit is set (bz#2252).
- In tmux(1):
- Avoid mixing up RGB colours with aixterm colours.
- Make the show-* and set-* commands handle a missing target.
- On amd64 and i386, unwind the trapframe correctly when a breakpoint is set on "syscall". This prevents a fault in ddb(4) on amd64.
- Remove the machdep.userldt sysctl(8).
- In ieee80211(9), restore an assignment of device current mode. This fixes iwi(4) fatal firmware errors.
- Bump link_maxhdr (the space reserved before an ip packet payload for link headers) from 16 to 64.
- In scp(1), improve accuracy of reported transfer speeds.
- In sftp(1) and scp(1), improve precision of the progress meter.
- In tmux(1), improve wcwidth(1) and mbtowc(1) error handling.
- Remove Linux emulation support.
- In libssl, add bounds checking for read_ledword().
- In libssl, add bounds checking for BN_hex2bn(3) and BN_dec2bn(3).
- In acpi(4), add more Windows versions for _OSI checks.
- In cpsw(4), detect and only enable the port that is actually used. This avoids device timeouts. Also enable interrupt pacing to limit interrupts at 2K/s.
- Set the IFF_MULTICAST flag on tun(4) interfaces so IPv6 addresses can be assigned.
- In diff(1), rectify line numbers for "s/.//" commands in ed-style diffs.
- In libedit, fix a segfault and functional error in c_gets().
- In libssl, remove support for ancient, broken DSA implementations.
- Fix a bug when IPsec UDP encapsulation is used for IPv6.
- In gcc(1), fix an Internal Compiler Error on alpha when using __sync builtins.
- In fnmatch(3), fix negation of POSIX character classes.
- Prevent a memory leak in vnet(4/sparc64).
- Valdate fs_maxsymlinklen in the superblock of ffs and ext2fs filesystems to avoid use of bogus data.
- On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037.