OpenBSD 5.6 Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0, 7.1,
7.2, 7.3, 7.4, 7.5, current.

Changes made between OpenBSD 5.5 and 5.6

Fixed ssl(8) to avoid allocating and then leaking a fresh fragment structure when a zero-length fragment is received (CVE-2014-3507).
Fixed ssl(8): made sure the output buffer is always NUL terminated if buf_len was initially greater than zero; reject OIDs that are too long, too short, or not in proper base-127 (CVE-2014-3508).
Corrected ssl(8) test (reversed during merge of fix for CVE-2014-3509).
Fixed ssl(8) DTLS handshake message size checks (CVE-2014-3506).
Stopped httpd(8) trying to output FCGI_STDERR into error.log if there is no data.
Try to parse "Status: $code" in the first response from the httpd(8) fcgi daemon, use that code as HTTP response code (fallback to 200). Possible fix for redirects in cvsweb.
Fixed ssl(8) TLS downgrade (CVE-2014-3511).
Fixed DTLS anonymous EC(DH) denial of service in ssl(8) (CVE-2014-3510).
Made httpd(8) correctly report "internal server error" if the very first fcgi STDOUT record has length 0.
Changed httpd.conf(5) grammar to remove a shift/reduce conflict. "listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
Added support for NOTE_EOF (for kqueue(2) EVFILT_READ filters) on NFS files.
Limit the body size in client requests (eg. POST data) to 1M by default in httpd.conf(5); added a configuration option to change the limit.
Prevented X(7) server crash on zaurus (and possibly other architectures) where there is no pci(4).
Provided httpd.conf(5) configuration options that allow the SSL certificate, key and ciphers to be specified for each server.
Clear the httpd(8) public key when it is no longer needed.
Configured the default ssl(8) ciphers as HIGH:!aNULL in httpd(8).
Restored previous ssl(8) behaviour that allows a PEM block to be fed through the base64 decoder.
Corrected some dma cleanup error paths in qe(4/vax).
POST support added to httpd(8).
Added CONTENT_TYPE environment variables (without the HTTP_prefix) to httpd(8), for use with cgi scripts .
Fixed bug in server_write that broke httpd(8) keep-alive support.
httpd(8) now adjusts read/write watermarks according to the TCP send buffer. Fixes sending of large files.
Load the httpd(8) ssl(8) public/private keys in the parent process, then provide them to the privsep process via imsg. Allows keys to be moved out of chroot(8).
Added ssl(8) support for loading the public/private key from memory, rather than directly from file.
If a driver (eg umct(4)) opens an interrupt pipe without callback function, made sure the correct transfer is aborted.
Added httpd.conf(5) options for max requests per connection and timeout limit.
Brought back httpd.conf(5) TCP/IP configuration options.
Limited the number of Keep-Alive requests per httpd(8) connection to 100.
Improved httpd(8) logging to allow per-server/location log files; log files can now be owned by root.
Added httpd.conf(5) option to specify the chroot(8) directory.
Enabled httpd(8) in rc.d(8) for wider testing.
Temporarily moved default location of the httpd(8) SSL/TLS server key and certificate from /var/www/ to /var/www/conf/.
Added "HTTPS = on" CGI variable to httpd(8).
Redirect httpd(8) to https:// if SSL/TLS is enabled.
Added TLS/SSL support to httpd(8), based on the recent ssl(8) commits.
Changed httpd.conf(5) grammar from "log [style]" to "log style [style]".
Provided an ssl(8) function that returns a server connection context.
Provided an ssl(8) utility function for loading a private/public keypair.
httpd(8) will now print error message if the log files cannot be opened.
Improved ressl_{read,write} handling of non-blocking reads/writes in ssl(8)
Added initial httpd(8) support for log files in /var/www/logs/.
Implemented httpd(8) PATH_INFO and added DOCUMENT_ROOT.
httpd(8) now also writes log messages (eg 404 Not Found) on error.
Extended httpd(8) to dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables.
Add ral(4) to GENERIC and RAMDISK on macppc.
Fixed sys/dev/usb/ehci.c r1.162 to stop returning initialised memory on error in ehci_alloc_sqtd().
Fixed sys/dev/ic/bwi.c r1.106. Prevents packet loss.
Split httpd(8) fastcgi socket path and document root options; added the SCRIPT_FILENAME CGI param with a prepended root. Fixes php-fpm that expects SCRIPT_FILENAME.
Added missing httpd(8) log call for fastcgi requests.
Added another httpd.conf(5) log mode "connection" for a relayd(8)-style log entry after each connection.
httpd(8) now prefers getnameinfo() with NI_NUMERICHOST over inet_ntop (to include IPv6 scope ID).
httpd.conf(5) locations now inherit access log settings from the server.
Made sure httpd(8) reads fcgi padding data if any is received.
Made httpd(8) properly read from the fcgi bufferevent until it is empty.
Allow httpd(8) to specify a fastcgi TCP socket on localhost.
Fixed scandir(3)-based directory auto index on NFS in httpd(8).
Use the log buffer to defer httpd(8) logging until the connection is closed or the request completed.
Added common and combined access logging to httpd(8).
Rewrote httpd(8) fcgi_add_param and hand over a lot more http headers etc. to the cgi script.
Correctly parse fastcgi records if httpd(8) doesn't get the whole record in one bufferevent_read().
Allow softraid(4) rebuilds to work correctly when the volume metadata has a different data offset to that currently in use.
Unbroke aac(4), by re-adding uvm_extern.h for ptoa().
httpd(8) now only writes the HTTP header for the first fastcgi chunk.
httpd(8) fastcgi improvements: submit QUERY_STRING, if it exists; use a proper function to create an HTTP header; use server_file_error() to detect EOF and fastcgi stream errors; disable keep-alive/persist until there is a reliable way to get the content length.
Use exact on-disk inode size with ext2 filesystems.
Properly evaluate rc.d(8) values only after running _rc_quirks(), because these can modify flags.
In rc.d(8) debug mode, properly sort and drop duplicate entries to make output less confusing.
Allow httpd.conf(5) to specify a non-default fastcgi socket.
Renamed httpd(8) "docroot" variable to "path" (as it will be used for either files or the fastcgi socket).
Added httpd.conf(5) configuration variable "fastcgi" to enable it per server or location.
Initial fastcgi implementation for httpd(8).
Made sysmerge(8) properly warn when an example changes and the corresponding file is found under /etc.
Add tradcpp(1) version 0.4, a standalone traditional whitespace-preserving cpp(1).
Added httpd.conf(5) "location" keyword, to specify path-specific configuration in servers; made it work with name-based virtual servers.
Reserve an extra file descriptor per httpd(8) connection, instead of per request. Fixes fd accounting with persistent connections.
Added extended directory index options "[no] index" and "[no] auto index" to httpd.conf(5).
Reverted checks about RTF_LOCAL route(4) (userland tools are not yet ready for this).
Last (known) msgbuf_write(3) vs EOF fix incorporated into smtpd(8).
Fixed I/O ktrace(1) of sendsyslog(2).
Pass a default media to the le(4/sparc) child. Allows SPARCbook system default to AUI without requiring a manual media change.
Removed buggy ssl(8) SRP code (never enabled in OpenBSD).
5.4, 5.5 and -current RELIABILITY FIX: Fixed possible memory exhaustion in dhclient(8) and dhcpd(8), occurring on DHCP options with 0 length.
A source code patch is available for 5.4 and 5.5.
Merged dhcpd(8) packet.c r1.7 into dhclient(8) and dhcrelay(8), to remove DoS attack vector.
Match any relevant driver (not just whitelist) for X(7) "aperture needed" detection.
Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
Made pkg_add(1) log libraries in a proper way.
Stopped mandoc(1) assuming in -Tutf8 output mode that a non-breaking space character has width 0.
Fixed hangs during suspend when stopping secondary cpu.
Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines.
Fixed (very hard to reach) DoS attack vector against dhcpd(8).
Differentiate httpd(8) servers by address and port, not just by address.
Use a URL in the Location header of httpd(8) 3xx responses.
Append mandatory Date header to each httpd(8) response.
In httpd(8), canonicalise the request path once without the docroot; prepend the docroot only only when it's needed.
Prevent ssh-agent(1) keys remaining in memory after they have been expired or deleted.
Stopped httpd(8) leaking the docroot in the error message if the default index file is missing.
Fixed httpd(8) address matching of multiple server blocks with non-virtual hosts.
Added support to httpd(8) for "virtual hosts" (aka. server blocks).
Added "root" configuration option to httpd.conf(5).
Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4).
Made man.cgi(8) sort result pages first by section number, then by name.
Provide eeprom(8) on the sparc installation media.
Build machinery added to build eeprom(8) for the installation media on relevant arches.
Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
When httpd(8) is canonicalising the path, fail on truncation.
Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash.
First attempt at having httpd(8) verify request path and access permissions.
In getaddrinfo_async(3) and similar, made queries fail when the hostname param is an empty string.
In ssl(8) level_add_node(), do not free objects on cleanup which are still being referenced by other objects.
Made sure ssl(3) PEM_def_callback() correctly handles negative buffer sizes.
Removed lynx from the base system (available in packages(7) instead).
Mandoc(1) security fix: after decoding numeric or one-character escape sequences, HTML-encode resulting character.
Correctly shutdown the servers when the httpd(8) process is terminating. Prevents a crash on exit.
On octeon, correctly drain and destroy the bufq upon detach.
Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
man.cgi(8) security fixes, to prevent XSS attacks.
In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
Enable httpd(8) in the builds for more testing (not finished but can serve static files).
Added initial httpd.conf(5) example for httpd(8).
Added the X(7) "aperture needed" test to vgafb(4), to match vga@pci.
Corrected the initialiser for tunnconf_default_pptp in npppd(8).
Reduced amount of messages from key_load_private_pem during ssh(1) hostbased auth.
Made mandoc(1) preserve manpath and arch in .Xr links.
Reverted tmux(1) up/down wheel emulation.
Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
Stopped kprintf in gcc(1) accepting the <number>$ flags (as printf(9) doesn't support them).
When amd64/i386/loongson hibernate, look up correct device when using softraid(4).
Updated to pixman 0.32.6
Support hibernating to softraid(4) crypto volumes on amd64/i386/loongson.
Fix tcpdump(8) display of logical link control data in IEEE802 frames.
acpi(4) now ignores region marked as "Preserve" if all bits will be modified. Fixes hang on some Sony and Asus laptops.
Always allocate bwi(4) ring descriptors below the 1GB boundary. Fixes "intr fatal TX/RX" errors.
On bwi(4), make bwi_dma_mbuf_create() use the correct loop counter in error case.
Load bwi(4) firmware once, not every time the interface is brought up. Fixes a panic.
Fixed array overflow in telnet(1) command line handling
When spamd(8) is started by rc.d(8): no longer start in background mode; return from rc_start() if spamd(8) failed to start; execute spamd-setup(8) without explicitly waiting for spamd(8).
Fixed auto-upgradable file detection by sysmerge(8).
Aligned telnet(1) with the manpage by making the "-a" use getlogin(2); ignore value if it returns a nonexistent user.
Flensed the telnet(1) code base of support for ancient protocols and systems.
On loongson, fixed Lemote reboot issue and usb(4) problems on Gdium models.
mandoc(1) security fixes: validate name of file before opening; only allow relative filenames starting with "man" or "cat" and not containing "/.." or "../"; validate the manpath up front, report a Bad Request if it is not listed in manpath.conf; in case of configuration errors, only report "Internal Server Error".
Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2).
Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
Fixed pkg_add(1) sorted output.
When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way.
Fixed privilege separation in npppd(8).
In bnx(4), implemented EFBIG handling for heavily fragmented packets on the tx path.
In dump(8), allow files-to-dump to be a duid.
On sgi, optimised use of external L2 cache handling on the few Indy/Indigo2 systems which have it.
Unbroke rc.d(8) script for smapd(8) after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
Zero out the random buffer for sysctl(3) and the entropy buffer.
Made sure the biglock is held on i386 when running interrupt handlers (which rely on it).
Reflect stdio-forward ("ssh -W host:port ...") failures in ssh(1) exit status (bz#2255).
In x509_vfy.c, free sktmp when it's no longer needed. Fixes many memory leaks in ssl(3).
Added mpbios(4) to RAMDISK_CD on i386/amd64, so bsd.mp is selected when installing to Soekris net6501.
Implemented file descriptor accounting in httpd(8) for single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests.
Added sshd(8) support for unix domain socket forwarding.
Updated to xf86-video-neomagic 1.2.8.
Enable ext2fs support on RAMDISK_CD.
Converted ftp(1) to libressl.
Removed securelevel(7) variable from rc(8).
powerdown=YES removed from reboot(8).
Updated to xterm(1) version 309.
Fixed timeouts in relayd(8) when one connection is spliced and one non-spliced.
Added configuration handling for certificate and key files to libressl.
KASSERTMSG(9): new function for a kernel assertion with message.
Fixed sched_stop_secondary_cpus() to properly drain run queues from CPUs.
Display zero page hit and miss counters in vmstat(8) -s.
Show an error if cmd_find_session can't find the current tmux(1) session.
Made tmux(1) close a connection when it receives an EOF.
If a client is killed while suspended with ^Z, tmux(1) will no longer try to resume it.
Removed all crypt choices other than bcrypt from adduser(8).
When using NAT or redirects, recalculate the checksum of reassembled IPv6 fragments before the packet is refragmented.
Fixed path MTU discovery with ping6(8) through pf(4) using nat or rdr.
Introduced the PS_NOBROADCASTKILL flag that excludes processes from receiving kill(1) -1 broadcast signals.
KERNEL_ASSERT_LOCKED(9) function added, working towards removal of the kernel lock.
Initial support to read GPT partition tables in the kernel on i386/amd64 (requires option GPT).
Ensured httpd(8) finishes writing the output before closing the connection.
Fixed tight renew loop regression in dhclient(8).
httpd(8) will now close the connection after the response is completed (no Keepalive yet).
Added httpd(8) support for media types (compatible with nginx(8) mime.types file).
Added ext4 read support.
Brought man.cgi default mode closer to what man(1) does.
Close connection/remove event handler when ypldap(8) msgbuf_write() hits an EOF.
Introduced mount(8) -N option and a "net" mount option, and matching fsck(8) -N flag.
Updated glxinfo(1) and glxgears(1) to version in mesa demos 8.2.0.
Better httpd(8) error messages.
Added httpd(8), a simple web server (preliminary version).
dmesg(8) now indicates if aperture driver is required by X(7). Used by installer for sysctl(8) machdep.allowaperture setting.
Fixed usb(4) connect freeze on octeon, by clearing the host port interrupt.
Resize inpcb hashtable automatically.
Removed udfu(4).
Updated to xf86-video-modesetting 0.9.0.
On octeon, fixed root hub descriptors by matching ehci(4)'s descriptors.
In sysmerge(8), use sha256(1) for compared files.
Rework zyd(4)'s register read/write methods to eliminate race conditions.
Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
Use imsg(3) between the privileged and the non-privileged npppd(8) processes.
Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
Removed qli(4) (never enabled and was unfinished).
Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
Updated to libICE 1.0.9 and libXft 2.3.2.
Add a function to drop all clean pages on the uvm(9) page daemon queues; call it when we hibernate.
Moved macppc abtn(4) driver from workq to taskq.
Only detach the usb(4) device that has been disconnected, to fix a regression.
Implemented checksum offload for divert(4).
Allowed acpitz(4) to accept a temperature reading of 0 degC (fixes some machines with "failed to read _TMP" errors).
Stopped acpitz(4) reporting bogus temperature values (temperatures > 4,000 degC) and therefore shutting down the machine.
Initial version of libressl; provide LIBRESSL_VERSION_NUMBER to detect versions distinct from OPENSSL_XXX.
Limit relayd(8) HTTP header length to 8K (based on the default of 4-8K common in web servers).
In boot(9), purged curproc-overriding hacks.
bluetooth(4) support removed (code did not work properly anyway).
Better m4(1) error handling in mkstemp/unlink/fdopen logic.
Started reducing the attack surface of lynx(1) (gopher, news, and dired left enabled for now).
Enabled interrupt routines on octeon.
Added relayd.conf(5) options for disallowing client-initiated renegotiations and to prefer the server's cipher list.
Added relayd(8) support for EDH to provide perfect forward secrecy for older ssl(8) clients.
Stopped DHCPINFORM in dhcpd(8) looking up the lease database, filling the yiaddr field, or including lease time parameters.
Introduced IFXF_AUTOCONF6 interface and removed net.inet6.ip6.accept_rtadv from sysctl(8).
Allow IFXF_AUTOCONF6 to be set and cleared via ifconfig(8).
On rtsold(8), turned AFXF_AUTOCONF6 on.
Placed the first examples into the new /etc/examples directory.
Documentation update for libcrypto and ssl(8).
Prevent infinite loop during ssl(8) configuration file parsing (PR #2985).
In ssl3_get_cert_verify(), accommodate ssl(8) RSA keys larger than 4096-bit (PR #319).
Fixed copy for CCM, GCM and XTS (ssl(8) PR #3272).
Added machine independent reboot(9) function.
Removed redundant check and wrong fix from fsck_msdos(8): fat.c checks already take care of cluster chains.
In ssl(8) asn1_get_length(), tolerate leading zeroes in BER encoding (PR #2746).
In ssl(8) EVP_PBE_alg_add don't use the underlying NID for the cipher, as it may have a non-standard key size (PR #3206).
By popular demand, added back hamc-sha1 to sshd(8) protocols (still used by many clients).
Fixed ssl(8) OID encoding for single components (PR #2556).
More ssl(8) memory leaks and unchecked allocations fixed (PR #3403).
Made sure BN_sqr never returns negative numbers (ssl(8) PR #3400).
Let ssl(8) accept CCS again after "finished" has been sent by the client. Avoids failed renegotiations (PR #3400).
In ssl(8) dtls1_clear_queues(), free buffered_add_data.q correctly (PR #3286).
Fixed version number processing in ssl(8) cms_sd_set_version() (PR #3249).
Removed rdist(1).
Avoid panic on alpha when using network card with a small number of tx descriptors per packet, a lot of memory, and a heavily fragmented packets.
When looking for the issuer of a ssl(8) X.509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359).
In ssl(8) ssl3_get_client_key_exchange() parsing a GOST session key, invoke the regular ASN.1 parser (PR #3335).
Removed RFC4620 Node Information Query support from the kernel.
Made ssl(8) CMS_decrypt_set1_pkey() return an error if no recipient type matches, instead of returning a random key (PR #3348).
Fixed missing initialisation in ssl(8) (PR#3289 and #3345).
Simplified relayd(8) code that handles the HTTP headers. Fixes some issues (e.g. handling of multiple "Set-Cookie" headers).
Don't hold the kernel lock while halting a processor.
New CPU_BUSY_CYCLE() function, so the CPU can reduce power consumption in busy loops.
Synchronised zaurus's boot(9) with all others by having it call if_downall().
Added -u option to dhcpd(8). Binds UDP port to answer DHCPINFORM from clients on non-ethernet interfaces (eg. tun(4) or pppx(4)).
Converted bus_dmamem_map(9) to km_alloc(9), to fail (not sleep) if the allocator cannot obtain a lock when BUS_DMA_NOWAIT is specified.
Updated to Xserver(1) version 1.15.2.
Corrected readlink termination in csh(1).
Using -U command-line option, allow ftp(1) to change its user agent for HTTP(S) URL requests.
Flush the buffercache to 16MB on hibernate and restore its previous max size (kern.bufcachepercent) on resume. Better hibernate performance.
Set cold to 1 before executing the DVACT_POWERDOWN handlers when halting or rebooting a machine. Avoids panic on macppc with uhci(4) cardbus.
Fixed panic seen when unplugging a cardbus ehci(4), ohci(4) or uhci(4).
Taught fsck_msdos(8) that uninitialised values (-1) in FSInfo are valid.
newfs_msdos(8) fixes: always put boot signature at end of 512 byte sector, even on disks with larger sector sizes; do not point at a cluster that is in use; avoid out of boundary access when checking invalid long filenames; validate number of FATs; validate critical file system info.
Improved smtpd(8) scheduler: can now return envelopes of different types in a single run (interlaced to avoid batch effects); send envelopes at a rate that the queue can sustain; limit the number of envelopes in a holdq (excess returned to pending queue).
Return RSN (WPA) information to userland during ifconfig(8) wireless scan; show whether a wireless network uses WEP or WPA.
m4(1) will now annotate regexp error messages with the source string.
Stop using a shutdown hook for softraid(4) and explicitly shutdown the disciplines right after vfs_shutdown().
Added bus and root hub routines to octeon, to prevent panic at attach.
Made usbdevs(8) correctly report devices connected to xhci(4).
Fixed missing allocation checks and potential NULL pointer dereference in the error path in ssl(8) PEM_X509_INFO_read_bio().
vic(4) now records the size of the rx rings so we can wrap around them correctly. Fixed a panic.
Added internal buffering for dump(8). Ensures all requested data is actually read from the device when they have non-512 byte sectors.
Removed bogus preprocessor statements (trying to pick the largest integer type for BF_LONG, MD[45]_LONG and SHA_LONG) from ssl(8).
Removed compression from ssl(8).
Simplified the way divert(4) sends packets to userspace.
When relayd(8) is copying structures via imsg, ensured contents do not contain bogus pointer values.
Merged in mesa 10.2.3.
In ssl(8) ocsp_lib.c, reset host, port and path to null after freeing so the caller doesn't accidentally free them again.
Removed mkstr(1) and xstr(1).
Replace relayd(8) protocol directives for HTTP with a new generic filtering language (grammar inspired by pf(4)).
Fixed resume time page table issue on amd64 if the piglet was located above 1GB physical (caused by using an incorrect page size mask).
Cleaned up and simplified ssl(8) SSL_CIPHER_description by always using asprintf(3).
Added daemon_timeout variable to rc.d(8) and rc.subr(8) (sets maximum time to wait for actions to return).
Fixed crash in ssh-add(1) while loading more than one key.
Fixed classless-{ms-,}static-routes in dhcpd(8) to comply RFC 3442.
Added "no-dsn" listener option smtpd.conf(5), which disables DSN extension.
Suspend kernel's stack smash guard to avoid panicking during unpack.
Fixed i386/amd64 hibernate issue where kernel lock acquisition was started but not completed.
Removed ssl(8) "export" cipher handling.
ncheck_ffs(8) now accepts duid for the filesystem argument.
smtpd(8) config parser improvements: fail if the same option is specified multiple times on a listener; prompt for queue encryption key after (not during) smtpd.conf(5) parsing; added ip addresses to localnames table.
bpf(4) code simplification.
Set sysctl(8) default of net.inet6.icmp6.nodeinfo to 0, disabling responses to RFC4620 IPv6 Node Information Queries.
Fixed boot(8) -d on amd64 and i386.
Updated to lynx(1) version 2.8.8rel2, keeping local changes.
Downgraded more ssh(1) error() to debug(). Suppresses spurious errors with hostbased authentication enabled.
More useful sftp(1) error message when GLOB_NOSPACE occurs (bz#2254).
While filling the rx ring, stopped bnx(4) and msk(4) being too smart in avoiding overuse of file descriptors.
Marked the weakened ssl(8) 40-bit export ciphers as invalid.
smtpd(8) now sends correct imsg when enabling profiling at runtime.
Removed asa(1).
Fixed a double free bug in parsing npppd.conf(5).
Stopped npppd(8) accessing freed memory when it is exiting.
Define SMALL_REGISTER_BANK in ssl(8) on arm and vax. Generates faster code (vax 30% faster).
Various smtpd(8) queue improvements.
Made sure to clear the WAIT flag when cancelling the smtpd(8) MTA connector timeout.
Pulled the rx ring accounting out of the mbuf(9) layer. Simplifies the allocation paths.
On em(4), bus_dmamap_sync the rx ring once per em_rxeof call, rather than for every rx descriptor.
Stopped em(4) stalling the entire tx path when it encounters a heavily fragmented packet.
Cleaned up mandoc(1) ERROR messages related to document structure and macros.
Run getuid(2), getgid(2), getresuid(2), setreuid(2) and setuid(2) without the kernel lock.
Stopped pckbc(1) printing warnings for mouse interrupts when running bsd.rd.
In pkg_add(1), restored the progress meter for large files.
Stopped mandoc(1) unnecessarily deleting any content from .Rs blocks.
Implemented .dei and .ami in roff(7).
smtpd(8) now allows enabling profiling at runtime.
If acpi(4) finds a bogus interrupt, don't panic but print a message, to workaround dodgy BIOS.
Marked getentropy(2) with NOLOCK (it doesn't need the kernel lock).
After mandoc(1) skips an escape sequence with incomplete arguments, stop it discarding the rest of the string.
Fixed expansion of escape sequences with incomplete arguments by roff(7).
Fixed handling of escape sequences taking numeric arguments by mandoc(1).
Avoid radeon(4) segfault on device open when accel is not working.
Fixed ssh(1) remote-forward cancel regression.
ftp(1) fixes: URL-decode user and password info before base64 encoding it for the Authorization header; eliminated COOKIE_MAX_LEN constant; renamed the "user:pass" variable from "cookie" to "credentials"; empty password is no longer an error; fixed leak of username/password memory.
Cleaned up -offset and -width in mandoc(1): bugfix so last one wins; do not ignore ".Bl -width" without argument.
smtpd(8) will now always attempt to use tls for relaying to the primary server when acting as a backup mx.
tcpdump(8) now always prints the OSPF router id.
Changed kvm_getprocs(3) (sysctl(3) and kvm(3) backends) to report thread's "most active" scheduler state.
Fixed mandoc(1) formatting of empty .Bl -inset item heads; show the list type in the error message.
Added a sshd_config(5) PermitUserRC option to control whether ~/.ssh/rc is executed (bz#2160).
Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no. Allows client to choose address family (bz#2222).
When ssh(1) is rekeying, skip file/DNS lookups if it is the same as the key sent during initial key exchange (bz#2154).
radeon(4) now gets clocks from Open Firmware on macppc and sparc64.
bge(4) can now cope with heavily fragmented packets when the DMA map lacks space.
Stopped uvm(9) releasing the kernel lock between issuing a wakeup and clearing the PG_BUSY and PG_WANTED flags.
Made ssh(1) "too many authentication failures" message format similar to other authentication messages (bz#2199).
Reverted to r1.129 of sys/kern/subr_pool.c, as pool_init() is called before rwlocks can be used on some archs.
ssh_config(5) LocalCommand and ControlPath variables now expand to unique identifers (bz#2220).
When hashing or removing hosts using ssh-keygen(1), no longer choke on @revoked markers or remove @cert-authority markers (bz#2241).
Standardised ssh(1) on NI_MAXHOST for gethostname(3) string lengths. Fixes bz#2239.
Use EVP_Digest() for one-shot hash instead of creating, updating, finalising and destroying a context in ssh(1) (bz#2231).
Made stdout line-buffered; saves partial output getting lost when ssh-add(1) fatal()s part-way through (bz#2234).
Only cleanup agent socket in the main ssh-agent(1) process, not in any subprocesses (bz#2236).
Made ed25519 key titles fit properly in the ssh(1) randomart border (bz#2247).
Be more careful when recreating single-precision (float) argument to service precise exceptions on m88k.
Improved mandoc(1) messages about empty macros (reporting the macro names involved).
Fixed fpu_compare() on m88k, so gcc(1) correctly compare numbers to infinity.
Hold kernel lock when invoking process_domem() on alpha and m88k. Fixes ptrace(2) operation on MP kernels.
Added support for adjusting the receive filter to allow for promiscuous mode/multicast traffic by imx(4/armv7).
Revised change made in pk7_doit.c r1.20 in ssl(8). Fixes detached signature processing.
Made sure tmux(1) session sockets are not cleared in the daily(8) tmp cleanup.
Fixed the column numbers associated with in_line_argn() macros in mandoc(1).
kdump(1) now properly processes minherit(2) flags.
Improved "skipping paragraph macro" messages in mandoc(1).
Fixed regression in ssh(1) protocol 1 to avoid fatal(); more useful status codes.
Implemented obsolete mdoc(7) macros .En .Es .Fr and .Ot for backward compatibility.
Clean up the warnings related to mandoc(1) document structure.
Allow link-local address to be configured by "ifconfig up" if the inet6(4) address was configured beforehand.
Fixed panic seen when trying to remove a route(4) with a 0.0.0.0 destination.
Turned pkg_add(1) out-of-order extraction back on; activated out-of-order archives based on history.
scsi(8) io can now run through the midlayer without the kernel biglock.
Fixed roff(7) control flow keywords \{ and \} when they immediately follow a request or macro name.
pfctl(8) af-to rules no longer need to specify the address family after "pass".
Suppressed spurious ssh(1) error message when loading key with a passphrase.
Attach HFSC only after it's been initialised. Fixes the "integer divide fault trap" bug.
Major cleanup in roff(7) .de parsing routine, to correctly handle names terminated by escape sequences.
Fixed loading of private keys by ssh(1).
Move to a smaller rbytes buffer and skip a random part in malloc(3), to introduce noise in the arc4random(3) calling pattern.
Fixed remote forwarding in sshd(8) with same listen port but different listen address.
Avoid buffer overflow when there are too many boot arguments, and on reaching maximum line length.
Do not redirect STDERR of security(8) to /dev/null, so errors in the security(8) script are seen.
Fully remove relevant carp(4) addresses when IFXF_NOINET6 is set or when the rdomain is changed.
Workaround compatibility problems between Intel ahci(4) and Intel SSDs, by retrying device detection.
pfctl(8) now disallows translation rules containing addresses of { inet(4) inet6(4) } when the rule doesn't specify one.
When the nsd(8) daemon is launched via rc.d(8), use a correct exit code (per rc.subr(8)).
Improved messages with roff(7) ".so": show the filename argument that was passed; on failure, report the file/line number.
If an ssl(8) chacha operation does not consume all of the generated key stream, save it for subsequent writes.
Made TCP_NODELAY work in ssl(8).
Removed the noaccesstime synonym for noatime in mount(8).
When scp(1) is copying local to remote and it fails during read, don't send uninitialised heap to the remote end.
Don't fatal() ssh(1) when hostname canonicalisation fails with a ProxyCommand in use.
New ssh(1) key API: refactored key-related functions to be more library-like (existing API now a set of wrappers).
Fixed bug in ssh(1) KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format.
Made gcc(1) version 4 emit warning when it is ignoring alignment constraints.
Fixed possible crash on encountering invalid msdosfs filesystems.
Disabled IPv6 on interfaces by default (a link-local address is no longer assigned by default).
Use bus_space(9) on acpi(4) SystemMemory, to correctly access memory mapped registers.
Made "ifconfig(8) <if> inet6 eui64" reset the NOINET6 flag (unconditionally), to ensure link-local address is assigned.
Allow tmux(1) keys and send-keys to send to invisible panes.
Fixed tmux(1) so it counts mouse clicks correctly.
Stopped building procfs on i386.
In ssl(8) BIO_get_port(), only accept valid port numbers.
Made sure uvm(9) kmthread never loops without making progress.
kill(2) an untraced process (instead of looping) if the kernel generates a deadly trap signal and it is ignored.
Specify the correct strength bits for 3DES cipher suites in ssl(8).
Protect explicit_bzero(3) from a link-time optimisation.
In ssl(3), wrap getenv(3) OPENSSL_ALLOW_PROXY_CERTS in an issetugid(2) check. Stops setuid(2) applications from being fooled.
Prefix error messages from mandoc(1) with "mandoc: ", so users know where messages came from.
Made "S" and "E" mean the start and end to capture-pane in tmux(1).
Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be.
More tweaking of makewhatis(8) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock.
Fixed memory leak in md5(1) digest_file() on ferror(3).
Implemented the membar(9) API for powerpc.
Copy newline when at EOL when tmux(1) is in vi(1) mode.
Made tmux(1) reset the mouse buttons when the mouse wheel is used.
Some terminals send spurious releases for mouse wheel in SGR mouse mode, tmux(1) now suppresses these.
Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process.
Stopped makewhatis(8) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
Fixed off by one in msdosfs pm_inusemap().
Fixed the use of 16384-bit RSA keys by ssh(1).
Changed SSL_COMP_add_compression_method() in ssl(8), so error cases actually return "error" rather than "success".
Disallow __sysctl() in the sshd(8) systrace(1) sandbox (as there is now a dedicated getentropy(2) system call for arc4random(3)).
Implemented the membar(9) API for hppa.
Added configuration bit in vio(4) flags, to workaround qemu < 2.0 bug that prevented VLANs from working.
Be more aggressive flushing L2 cache entries on mips64 RM7000 systems.
Set uart based on the io clock rate on octeon II (CN6xxx), as the rate differs from the cpu clock.
Use MAP_INHERIT_ZERO in arc4random(3), to zero out the RNG state if the process forks.
Enabled pci(4) power management on lemote.
Reverted "Always create a local route for every configured IPv4 address" (caused regressions).
Allow the autoinstaller to fetch sets from multiple locations.
Fixed vnode leak in systrace(4).
In ssl(8) aes_gcm_cleanup(), clean the entire context (no longer leaving AES key untouched).
Fixed hang with virtio event_idx feature, to cure occasional network freeze in vio(4).
Updated to xcb-util-renderutil 0.3.9.
Avoid infinite loop in fsck_msdos(8) if cluster chain is a cyclic list.
Fixed memory leaks in fsck_msdos(8) bootblock handling.
Fixed fsck_msdos(8) regression in r1.16 of boot.c: write fsinfo, not block into FSInfo region.
Fixed fsck_msdos(8) regression in r1.20 of fat.c by properly incrementing a pointer.
Added more bounded attributes to the buffer and md5/sha headers in ssl(8).
Removed wait(2) support for "union wait" (deprecated since 4.3BSD) and WSTOPPED (means something else now in POSIX).
Stopped ze(4/vax) rx ring pointer stalling when running "all multicast" or bpf(4) in promiscuous mode.
Switched dump(8) "blockswritten" to int64_t, so it won't wrap at 2TB.
Correctly calculate the key block length in t1_enc.c and s3_enc.c when using ssl(8) "export" ciphers.
Added ChaCha20-Poly1305 based ciphersuites to ssl(8).
ssl(8) can now change cipher state with an EVP_AEAD, encrypt/decrypt TLS using the EVP_AEAD.
Added getentropy(2) system call.
Indicate in the sysctl(1) LIVELOCKS column if there is a pending (deferred) mbuf(9) update.
Fixed tcp-mss-adjust in pipex(4) and npppd(8).
Removed support for the "opaque PRF input" extension from ssl(8) (draft expired 7 years ago and never became an RFC).
Added timingsafe_memcmp() to memcmp(3).
Added MAP_INHERIT_ZERO support to minherit(2). Provides child process with fresh, zero-initialised anonymous memory.
Fixed ptrace(2) hanging hppa and mips64 MP systems, by grab the kernel lock before cleaning up single-step breakpoints.
Updated to nginx(8) version 1.6.0 (including syslog support backported from the 1.7 branch).
Disable the "switch to insertion sort" optimisation in qsort(3). Avoids quadratic behaviour for certain inputs.
Changed pkg_add(1) to display the full url (if possible) for unsigned packages.
Fixed memory leak in ssl(8) d1_lib.c.
Restored the original behaviour of RTM_ADD and RTM_DELETE by always generating one message per locally configured ip(4) address.
Always create a local route(4) for every configured IPv4 address on the machine.
Flag any local route(4) as such and make them use the highest possible priority.
Created (currently unused) system taskq ("systqmp") which runs without the kernel lock (see task_add(9)).
Raised the low water mark in em(4) so the internal buffers can hold at least two jumbo frames.
On i386/amd64 hibernate, don't map phys pages < 64KB in the resume page table. Matches recent kernel change.
Fixed off by one in fsck_msdos(8) when writing the FAT for FAT12 filesystems.
In ssl(8), check return value of EVP_MD_CTX_copy_ex(). Avoids potential null pointer dereference.
In mtree(8), added ed25519 ssh host keys to /etc/mtree/special.
Lowered nc(1) buffers back to 16k for now, to avoid bufferbloat.
Increased nc(1) buffer size to 64k, and actually use the buffer.
Abandoned the ssl(8) "auto-ENGINE" /dev/crypto interface.
In ssl(3) tls1_cert_verify_mac(), avoid a possible NULL function call on ctx.final().
Implemented slowcgi(8) -u (user to drop privs to) and -p (path to chroot(8) to). Allows slowcgi(8) to run non-chrooted.
Cleaned up slowcgi(8) socket creation.
Multiple fixes for ssl(8) ssl3_digest_cached_records().
Ensured ssl(8) ssl3_final_finish_mac() returns failure if either the MD5 or SHA1 handshake MAC calculation fails.
Changed installboot(8) file copying process, to make it less likely that the PBR will change upon update.
Fixed possible out of boundary access by fsck_msdos(8) if the filesystem is full or corrupt.
Updated to xf86-video-modesetting 0.8.1 and xf86-video-geode 2.11.15.
Further cleanup of context handling in ssl(3) tls1_change_cipher_state().
In run(4), fixed TXWI and RXWI offset calculations so RT5592 devices function.
When relying on the local enqueuer, let smtpd(8) cope with long To/Cc lines. Avoids broken headers and confusing some MUAs.
Fixed inverted test in ssh(1) so PKCS#11 keys that are explicitly listed are preferred.
Reset properly when tmux(1) c0-change-trigger is increased from zero, so panes don't get stuck.
5.4 and 5.5 and -current SECURITY FIXES in ssl(8) for: buffer overflow with crafted DTLS fragments (CVE-2014-0195); DTLS infinite recursion flaw with "Hello Request" (CVE-2014-0221); SSL/TLS MITM vulnerability (CVE-2014-0224); anonymous ECDH denial of service (CVE-2014-3470).
A source code patch is available for 5.4 and 5.5.
Reduced amount of traceroute(8) code running as root; only error out if the creation of a needed socket failed.
Moved ld.so(1) to a (slightly stripped) version of libc malloc(3).
5.4 and 5.5 and -current SECURITY FIX: improper close-on-exec flag handling by sendmail(8) (CVE-2014-3956).
A source code patch is available for 5.4 and 5.5.
Added support for COLUMNS env variable to ps(1).
Included work-around in mandoc(1), as makewhatis(8) expects its current dir to not be /.
vflush(9) now works for fuse(4).
Do not skip or add a byte for the report ID when usbhid(3) is manipulating data.
Made uaudio(4) properly compare endpoint addresses by ignoring the direction bit.
Accept -C as an alias for -c in tr(1).
Made zyd(4) compile with ZYD_DEBUG.
Fix zyd(4) frame length adjustment in the RX path.
In libm math code, made sure STRICT_ASSIGN handles double as well.
Stripped openssl(1) functions called when "-rand" is specified (underlying code long gone).
Removed easy access to the unsafe intel RDRAND instruction from ssl(8).
When checking for unicast and broadcast addresses, do one lookup instead of two.
Fixed uninitialised variable, which caused sndiod(8) crashes when handling errors.
In ssl(3) tls1_setup_key_block(), use the correct IV length for GCM mode. Fixes key block length calculation.
Removed real mode vga(4) repost option.
Change the actual default for returned asn1 strings to utf8 in the ssl(3) code.
Reverted previous diff setting cold to 1 on shutdown (broken with softraid(4) disks).
Added dump(8) -S option, to only estimate backup size and number of tapes required.
Avoid panics on macppc with an uhci(4) cardbus when halting/rebooting.
Fixed segfault seen on Xorg(1) startup when using the nv(4) or savage(4) drivers.
Converted many malloc(3) to reallocarray(3). Avoids 53 potential integer overflows in ssl(8).
In envy(4), use the same convention for mixer control names as in azalia(4).
Added an enc_flags field to ssl3_enc_method. Helps identify ssl(3) protocol version requirements.
Made fsck(8) use the same values in checking as newfs(8) does in creating a fs(5).
Fixed two more cases where ssl_replace_hash() return value was not checked by ssl(8).
To give perl(1) a random seed, call arc4random(3) rather than read /dev/arandom. Makes it work in chroot(8) environments.
Enabled writing per-commit commitid tokens to rcs(1) ",v" files.
When less(1) is invoked as more(1), made behaviour for "-i" match "less -I" (per POSIX).
When suspending/resuming, avoid hangs by detaching/attaching usb(4) devices (avoids uhub(4) interrupt races).
On mg(1) delete-window, display the correct line number when revisiting the buffer.
Added -L option to pwd(1) (required by POSIX).
Fixed mount(8) -ur for msdosfs: allow sync after more than one rw -> ro cycle; sync data (not only metadata).
Fixed instance of the Y2038 problem in ssl(8).
Refactored radix code. Solves issues with failed deletes of down routes.
Enable strong stack protector by default for architectures running gcc(1) version 3.
Allow tmux(1) to handle the top bit of xterm(1)-style modifier keys.
Added some formats for tmux(1) pane bounds.
Prevented userland from altering the local and broadcast flags in route(4).
Reserved the highest route(4) priority for kernel-managed routes.
Fixed memory leak and un-cleaned EVP_CIPHER_CTX upon error in ssl(3) tls_decrypt_ticket().
Removed /usr/src from mtree(8) to avoid useless warning from daily security(8) mail.
Implemented improved ssl(8) EVP AEAD API.
Made sure utpms(4) only matches mouse interface, so ukbd(4) works on more Powerbooks.
Fixed ssl(8) resource descriptor leaks (CID: 966576 & 966577).
Allow tty(4) to handle threaded processes correctly with kerninfo status requests (a.k.a. ^T).
Fixed azalia(4) format mistakes when AZALIA_DEBUG is defined.
Pass DVACT_QUIESCE to usb(4) to stop "new" uhub(4) device reattaching at every resume.
Fixed off-by-one in index validation before accessing arrays in ssl(8) ssl_cipher_get_evp().
In ssl(3), enabled three brainpool elliptic curves for TLS (per RFC 7027).
Made fsck_ext2fs(8) and fsck_ffs(8) output verbiage more consistent.
Added support for newer run(4) hardware.
Made fsck_ext2fs(8) initialise newent.e2d_type to EXT2_FT_UNKNOWN (a.k.a. 0).
Reverted pax(1) ar_io.c r1.45 to stop showing archives written with a non-standard blocksize as truncated reads.
Stopped tcpdump(8) "weird flag" warning for DNS NOTIFY messages which should have "AA" set.
Permit less(1) searches to work past/across NUL bytes.
Made the pax(1) signal handler safe.
Expose bif_capacity in acpibat(4), to report the design capacity of the battery.
Clean up after the snmpd(8) traphandler children, to avoid leaving zombie processes.
Marked ssl(8) malloc(3) wrapper functions as deprecated.
Fixed smtpd(8) crash when running the pki lookup code.
On sgi, converted the PS/2 keyboard layouts to sgi serial keyboard layouts.
Let sgi keyboard(7) work in polling mode; fixed "international" ("GERlessthan") key.
Made qle(4) less likely to get stuck looping when the firmware behaves inconsistently.
Fixed file size reported by lpq(1) -l by giving stat(2) privileges on the spool file.
Fixed fdisk(8) -u on sparc64.
Fixed ipsec(4) route addition, broken since the removal of the link-layer addresses from the per-ifp list.
Made xhci(4) handle the stall condition like the bable condition.
pax(1) now exits with non-zero status if a read is truncated.
Added support for -o XXX or -oXXX options, and -o max_read=XXX to fuse(4).
When sending icmp(4) messages, assign the queue ID to the correct packet header.
Fixed eui64 address generation, broken upon removal of the link-layer address from the per-ifp list.
No more (obsolete) 5- and 6-byte or surrogate pair code point encodings in ssl(8) UTF8_{getc,putc}.
Upon HTTPS ftp(1) redirects, don't reinitialise ssl(8), and reuse SSL_CTX.
Plugged memory leak in rcs(1).
More consistency in fuse(4) error handling.
Made fuse(4) use realpath for more reliable mount(8) operations.
On armv7, loongson and socppc use autoconf(9) to track usb(4) host controller's children.
Stopped dhclient(8) trying to update file when none has been specified by -L flag.
Added H_SAVE_FP operation to editline(3), to save history to an open file pointer.
Fixed uhci(4). Unbreaks the build when DIAGNOSTIC is not defined.
Updated run(4) firmware to version 0.33.
Made mkuboot(8) correctly handle files smaller than an elf(5) header.
In ssl(3) ssl3_send_certificate_request(), properly adjust for payload size.
Upon error, made sure ssl(3) ssl3_setup_buffers() frees pqueue before returning.
Fixed tail packet check in pms(4) elantech v3 touchpad code.
Stopped dhclient(8) adding a lease to the leases TAILQ more than once. Avoids infinite loop.
Updated to libXfont 1.4.8.
Check ssl(3) bio_err initialisation succeeds before using it.
Updated to fontconfig 2.11.1.
Updated to xf86-input-synaptics 1.8.0.
Fixed kernel build when ehci(4) uses EHCI_DEBUG.
Switched ssl(8) RSA key generation default to 2048 bits (matching ssh(1)).
Made qla(4) less likely to get stuck looping when the firmware behaves inconsistently.
Change interrupt handler's return value to 0 when nothing is processed on pcexmem(4/luna88k).
When pfctl(8) is parsing a numerical value for the TOS bits, ensure it is in a valid range.
Fixed mountd(8): when a host in a netgroup is unresolvable, don't ignore entire netgroup.
Sped up signify(1) -C.
Made df(1) do calculations of available space the same way as ffs_statfs() does.
Improved logging messages and style for snmpd(8).
Don't put a link-layer address on the per-ifp lists or RB-Tree. Improves address lookups.
Fixed memory leaks in ssl(3) asn1 upon failure.
Replaced ssl(3) ASN1_GENERALIZEDTIME_adj(), ASN1_UTCTIME_adj() and ASN1_TIME_to_generalizedtime() with wrappers.
Added a ChaCha20-Poly1305 AEAD EVP implementation to ssl(3) libcrypto.
Added an AEAD EVP interface to ssl(3) libcrypto, along with AES-GCM AEAD implementations.
Made signify(1) -C mode work again.
rtadvd(8) now ignores route info messages on the listening side.
Stopped flushing streams on abort(3), which was unsafe.
Removed arch-specific lo(4) MTU and set to 32768 everywhere.
Made signify(1) recode base64 hashes if necessary; spell out base64 in error messages.
Better use of realloc(3), to speed up signify(1) checksum verification.
Added poly1305 to ssl(3), utilising Andrew Moon's public domain implementation.
tmux(1) no longer allows multiple buffers with the same name.
5.4, 5.5 and -current SECURITY FIX: integer, memory and buffer overflows in libXfont (CVE-2014-0209; CVE-2014-0210 and CVE-2014-0211).
Fixed regression in r1.285 of sys/net/if.c (TAILQ corruption where rdomain was not switched).
In iked(8), pass SA initiator (not the exchange initiator) to sa_address().
The resolver now skips incomplete entries in /etc/hosts and /etc/networks (rather than crash).
Pass multi-argument tmux(1) commands directly to execvp(3). Helps avoid quoting problems.
Added a copy mode key binding to copy to a named tmux(1) buffer.
Added tmux(1) support for named buffers.
Fixed multiple bugs in ncheck_ffs(8) handling of indirect blocks.
Updated drm(4) to libdrm 2.4.54.
Fixed ntpd(8) format strings involving time_t arguments. Fixes ntpd(8) -d on sparc.
Moved GTT management for Sandy Bridge into inteldrm(4).
Removed AES_bi_ige_encrypt() from ssl(3).
Removed md5crypt from crypt(3).
Moved the ohash functions into libutil.
Stopped dhclient(8) exiting when sent RTM_NEWADDR or RTM_DELADDR routing messages lacking appropriate address info.
Altered usbhidctl(1) and usbhidaction(1) parsers to keep in sync with the kernel HID parser.
Fixed possible smtpd(8) double free when tls is required but not advertised by the server.
Updated the HID parser to properly parse modern input device descriptors.
Added router alert option (RAO) in IGMP packets (per RFC2236), needed by some L3 switches.
More intelligent parsing of WEP keys by ifconfig(8).
Make sure uhub(4) root hub is re-attached before interrupts get enabled. Unbreaks resume.
Stop ignoring "lease" statements in dhclient.conf(5).
Reworked/restored dhclient(8) recorded lease handling.
Fixed the installer's configuration of a static IPv6 default gateway.
Various format string fixes on mips64 and octeon.
Fixed recently-occurring ssl(8) breakage in smtpd(8).
On i386/amd64, disable speedstep instead of panicking if high and low speeds are the same.
Allow nginx(8) to chroot(8) to a directory other than /var/www.
Many string format fixes on sparc64.
Losing TCP connection no longer results in an unrecoverable stop in iscsid(8).
Stopped cribbage(6) ignoring words which followed two or more blank characters.
Print interface name with queues in systat(1) q.
Updated to: xterm(1) version 304; libXi 1.7.2 and xf86-input-synaptics 1.7.5.
Fixed fsck_ffs(8) -b to work with the superblock locations on 4096-byte sector disks.
Use the highest possible priority for any route(4) to local addresses.
Stopped cribbage(6) choking on one-letter card names which followed three-letter card names.
Fixed potential uvm(9) integer overflows.
Made relayd(8) fail when encountering unsupported combinations.
Only attach pcexmem(4/luna88k) and pcexio(4/luna88k) on luna88k2 (not luna88k).
Brought back restricted sockets to snmpd(8), inadvertently removed in recent update.
Made zmore(1) call more(1) and zless(1) call less(1).
Repaired the termination condition of a write(2) loop in vipw(8).
In ssl(8) ec_asn1.c, don't free memory unless we allocated it (RT#3338).
Improved code to clear all bignums from bn_lib.c in ssl(8).
In ssl(8) BN_clear_free(), don't cleanse the data if the static data flag is set.
Render roff(7) escape sequences in man page descriptions prior to insertion into mandoc.db(5).
Fixed two memory leaks in makewhatis(8) -n.
Fixed segfault in makewhatis(8) -Q if the next .SH after .SH NAME does not have any arguments.
Backed out the previous ICMP simplifying diff from dhcpd(8), which caused livelocks.
Try postponed requests first, so iked(8) does in-order processing.
Made iked(8) authentication work with X.509 certificates not containing a subject-altname.
Removed the undocumented and ineffective ln(1) -F option.
Removed sysctl(8) {nd6_,}useloopback options.
Fixed recently broken ext2fs atime and mtime.
Introduced gcc(1) -fstack-shuffle, which randomises local stack variables.
Make sure ssl(8) PKCS7_get_octet_string() return values are checked for NULL (PR#3339).
Enabled brswphy(4/octeon).
Allow iked(8) to initiate a create-child-SA and process requests for the peer simultaneously.
Explicitly zero ibufs before releasing memory. Ensures iked(8) crypto parameters are cleaned.
Fixed memory leaks in the relayd(8) and smtpd(8) ssl(8) code.
Re-queue pfkey events while iked(8) is busy initiating child-SAs.
In iked(8), initiate ike SA rekeying ("ikesalifetime" keyword).
Fixed iked(8) memleak when SA lookup fails while forwarding encrypted ip6(4) packets.
Plugged two ucom(4) xfer leaks and a buffer leak.
Encrypt some iked(8) notify payloads.
Initial iked(8) support for PFS.
Cleanse old ssl(8) memory when expanding a bignum; clear all bignums when freed.
Updated xkeyboard-config to version 2.11.
Workaround overoptimistic fdisk(8) alignment expectation on dos_partition fields.
Enhanced reading of saved ascii labels when using disklabel(8) -R.
Stopped iked(8) leaking on pid mismatch.
Validate the attribute length in iked(8).
Removed SRP and Kerberos support from ssl(8).
On sparc, enabled ssl(8) assembler code for DES.
On vax, enabled the ssl(8) assembler code for BN.
In relayd(8) and smtpd(8), fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine.
Added sysctl(8) kern.nosuidcoredump=3, to dump core(5) into the /var/crash/progname/ directory.
Enabled ssl(8) assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64.
Enabled ssl(8) assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm.
Updated to: xauth(1) version 1.0.9; xbacklight(1) version 1.2.1; xrandr(1) version 1.4.2 and xinput(1) version 1.6.1.
Updated to libFS 1.0.6.
Unbroke ssh(1) compression.
Switched to generating bcrypt(3) 2b hashes by default.
Added checks for invalid base64 encoded data in ssl(8) padding. Fixes a crash (RT#2608).
Provide extended-precision math constants (required by POSIX).
Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid).
drm(4) i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out.
Updated Xserver(1) to version 1.15.1.
On hppa, fixed ssl(8) assembler version of SHA512 to output correct results.
Make acpiprt(4) correctly handle interrupts with non-standard polarity.
In acpi(4), made acpi_mutex_acquire/release actually grab the global lock when called.
Fixed occasional disklabel(8) crashes when altering mount points.
Reverted __bounded code in ssh(1).
Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in ssl(8).
Stopped ssl(8) perl(1) scripts outputting SOM-specific directives.
Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from ssl(8).
Extended fread(3) and fwrite(3) to check for integer overflows.
Moved smtpd(8) RSA key handling from "lka" to a new dedicated "ca" process.
5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an ssl(8) alert, which could cause a null pointer dereference.
A source code patch is available for 5.4 and 5.5.
Fixed gcc(1) on i386, to detect overflows and properly align arrays > 16 bytes.
Added ChaCha cypher to ssl(8), and provided it with an EVP implementation.
Added Brainpool and ANSSI FRP256v1 elliptic curves to ssl(8) (RT#2239).
Corrected isakmpd(8) test when passing data to a keynote.
Improved malloc(3)'s ability to pick a free chunk at random.
uvm(9) now correctly flush discarded pages even if the number of hash buckets doesn't change.
When openssl(1) isn't available, ssh(1) now uses local fallback implementation of AES for UMAC.
Preserve the intended chronological order of leases in dhclient.leases(5) files.
Fixed growfs(8) on 4K-sector disks.
First pass at removing win64 support from the assembly-generating perl(1) scripts in ssl(8).
Stopped smtpd(8) trying to create folders that already exist when using maildir.
Improved imsg handling with many concurrent connections in smtpd(8).
New buffer API, to eventually make ssh(1) usable as a standalone library.
Improved enforcing of proper alignment of stack variables on sparc.
smtpd(8) RSA private key privsep will now only load keys after forking the separated process.
Stopped sftp(1) attempting to append a nul quote character to filenames (bz#2238).
Implemented RSA privilege separation for smtpd(8). Prevents possible private key leakage.
Made compiling ssh(8) and sshd(8) against ssl(8) optional.
When smtpd(8) fails to relay via TLS (and smtpd.conf(5) doesn't require security), try plain; also downgrade if a TLS error happens during the session.
Constrain bytes read/written to positive values in ssl(8) s3_pkt.c code.
Re-added local aesctr implementation to ssh(1).
Moved traceroute6(8) to the attic, fully merged into traceroute(8).
Removed large memory leak from usb(4).
Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from nginx(8) to keep attack mitigations enabled.
Stopped ssh(1) sending success/failure replies when channels have sent a close already (bz#1818).
Removed less(1) support for the obsolete (non-POSIX) "more -d" prompt.
Made sure the iked(8) state machine only advances if the AUTH payload has been verified.
Use explicit_bzero(3) instead of memset(3) to clear out sensitive smtpd(8) data.
Implemented AI_ADDRCONFIG in getaddrinfo(3), as per RFC 3493.
Removed more WIN32, WIN64 and MINGW32 tentacles from ssl(8).
Use the correct algorithm mask in ssl(8) t1_enc.c.
In ssl(8), stopped SSL_OP_ALL disabling attack mitigations against CBC modes.
Let nm(1) -w correctly return 0 for valid archives.
Stopped ping(8) and ping6(8) sleeping after poll(2) returns an error.
Added fuse(4) support for 255 character file names.
m4(1) now checks for integer overflows in custom allocs.
Added support to snmpd(8) for exporting ARP table via "ipNetToMediaTable" OID.
Fixed a loop so that waiting for wds(4/i386) hardware actually happens.
Improved error handling when using dbopen(3) in mandoc(1).
Fixed library search order in libtool(1).
Updated to xproto 7.0.26.
On i386, installboot(8) no longer overwrites disklabel and nearby blocks on 4k-sector disk drives.
Stopped bluetooth(4) HID device grabbing the console.
Re-added "_ppp" user and "_ppp" group, to be solely used by npppd(8) going forward.
Stopped ssl(8) using random stack memory as addresses of strings.
Removed support for building openssl(1) on 16-bit Windows.
Filter excess data from autoinstall output, to avoid filling the ramdisk.
Made more(1) POSIX compliant with respect to the -e option.
Merged less(1) version 458, including local changes.
Reduced the verbosity of makewhatis(8) -t.
Do not re-probe pms(4) unnecessarily. Fixes 12 seconds Xorg(1) delay on some laptops.
Stopped iked(8) and mpii(4) accessing pointers prior to a null check.
Allow snmpd.conf(5) to set user-defined actions on receipt of snmp traps.
Removed kinit(1).
Fixed sudo(8) when checking command line environment variables against the blacklist (CVE 2014-0106).
Fixed copied text in the snmpd(8) error string.
Stopped ssl(8) do_ssl3_write() being called recursively; don't release buffer meant for use.
Audited malloc(3)/calloc(3)/realloc(3) usage in mandoc(1) to be safe from overflows.
Fixes in ssl(8) kssl.c to prevent double frees and removed a use-after-free.
Fixed leak in ssl(8) BIO_accept which could have caused the caller to crash.
Audited strlcpy(3)/strlcat(3) usage in mandoc(1).
Removed "Z" option from malloc.conf(5); by default always junk small chunks now.
In unbound(8), use arc4random(9) as PRNG backend, instead of the libcrypto RAND.
disklabel(8) now fills all required fields after clearing. Avoids consistency check failures.
Improved malloc(3) hash functions that compute the same on big-endian and little-endian archs.
Removed OPENSSL_indirect_call() from ssl(8) for reduced attack surface.
Fixed a missing splbio(9) in sys/ufs/ffs/ffs_softdep.c which caused crashes.
Remove useless RX checksum offloading support from gem(4) and hme(4).
Removed Apache from base (replaced by nginx(8)).
On bge(4) when VLAN_HWTAGGING is disabled, stopped tagging the packet twice.
Prepend ether_vlan_header rather than regular ethernet header for more efficient vlan tagging.
Kerberos disabled and removed from base, possibly to be moved to ports(7) later.
Support the CA key for ssl(8) inspection in the relayd(8) CA process.
Avoid a loop during autoinstall when the path in the responsefile does not exist.
Made iscsictl(8) print bytes read and written in human-readable form.
Allow the installer to configure dhcp for an interface without an active network connection.
Bind iscsid(8) to localAddr if it is specified.
Print the target and initiator name in iscsictl(8) show command.
Verify permissions are correct on the ssh(1) id_ed25519 file.
Fixed msdosfs to cope with 64-bit time_t. Set unrepresentable dates to 1/1/1980.
Made dhclient(8) delete discarded offered leases from the correct TAILQ. Avoids infinite loop.
Implemented sftp(1) upload resume support.
Reverted r1.101 of traceroute(8), which broke source port selection.
Added mallocarray(3) function (like calloc(3) but without the cleared-memory guarantee).
Backed out parts of sys/nfs/nfs_serv.c r1.47, which computed wrong block sizes.
Added pkg_add(1) support for reading/writing long paths and linkpaths as extended headers.
Allow iscsid(8) to send data immediately for write commands, for 20% performance boost.
Stopped disklabel(8) leaking mountpoint info. Fixes mysterious crashes.
5.5 RELIABILITY FIX: Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
Prevent lpd(8) from looking into hosts.equiv(5). Access control is now done only using hosts.lpd.
Introduced basic stats for the iscsid(8) vscsi(4) layer; added iscsictl(8) controls.
In mandoc(1) debug messages, truncate strings of excessive lengths.
dhclient(8) -L now preserves the fd being monitored after new leases, lease renewals and cable unplugs.
Fixed unchecked snprintf(3) in mandoc(1) page header printing.
In mandoc(1), made sure static buffers for snprintf(3) are large enough.
Removed more unused ssl(8) tools and docs.
Moved iscsid(8) session params initialisation to session start, so config parameters stick.
iscsid(8) now does proper LoginOperational negotiation.
Added relayd(8) check for strlcpy(3) overflow when expanding HTTP input value.
snmpd(8) and relayd(8) will now fail if strlcpy(3) overflows the socket path.
When installing OpenBSD, ensure that the hostname information is in the dhclient(8) lease db.
Reimplemented arrays in relayd(8) used to set up process-to-process imsg communication.
Use calloc(3) instead of malloc(3) + memset(3) across ssl(8), to avoid integer overflows.
Rearranged qle(4) update processing loop to attach and detach targets last; handle fabric port login errors better.
Fixed leak in the snmpd(8) and relayd(8) agentx error paths.
Added support for SSHFP DNS records for ED25519 key types to ssh(1).
In ssl(8) ts_rsp_verify.c, reset imprint to NULL to avoid double free.
Added a canonical 6.6+ curve25519 fake version to ssh(1), to be recommended with openssh-6.7.
Use get/put_u32 to load values and unbreak ssh(1) on strict-alignment architectures.
Removed checksum offloading from sk(4), faulty on this hardware.
Added strlcpy(3) check. Stops smtpd(8) fatal at startup if truncation occurred with filters enabled.
Added missing strlcpy(3) check when parsing the "backup hostname" section in smtpd.conf(5).
Removed "disable pmtud" and "increased window size" options from sysctl.conf(5) to discourage their use.
Removed rsh(1). Deprecated in favor of ssh(1).
Fixed display of destination IP when host is an IP address in traceroute(8).
Added checks to strlcpy(3) when smtpd(8) is copying envelope "destination" buffer to the mda delivery buffer.
If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
Removed obsolete altq bandwidth shaping from pf(4).
Allow makewhatis(8) to properly handle symlinks .
Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
In makewhatis(8) update mode, when opening the database fails, just rebuild it from scratch.
Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
Updated unifdef(1) to version 2.10.
Raised nginx(8) file limits, but lower number of connections (leaving files to spare for other programs).
Removed bdes(1), so as to not encourage its use.
Removed dead KAME code that dealt with IPv4-mapped IPv6 addresses; added check for IPv4-mapped IPv6 destination addresses for non-connected sockets.
Use arc4random_buf(3) instead of harmful RAND_xxx in kerberos(8).
Sync traceroute6(8) to traceroute(8): don't print source IP if "-s" is not given.
In relayd(8), fixed ssl(8) client-only mode when no RSA private key is needed.
Neuter the -legacy_renegotiation option to the openssl(1) "openssl s_{client,server}"; added support for "-starttls lmtp" to openssl s_client.
When parsing a new cert into memory occupied by a previously verified cert, ssl(8) will no longer bypass verification checks.
Introduced privsep for relayd(8) private keys.
Use asprintf(3) for generating path. Eliminates many unsafe uses of strlcpy(3) and strlcat(3) in ssl(8).
If nfs rpc requests on a stream socket are already being processed, don't panic, just return.
Cleanup of relayd(8) code tracking of socketpair between different privsep processes.
Have each thread keeps its own reference to the process's ucreds. Avoids possible use-after-free.
Allow printf(1) to handle passing zero as a fieldwidth or precision variable.
Switched to the new makewhatis(8)/apropos(1)/whatis(1) (described in apropos(1)).
Added support for smtpd(8) mailaddr lookup in the table_db.
Reworked qle(4) command polling loop to handle multiple responses in one interrupt, like qla(4).
Fully kill ssl(8) FIPS API.
Added some UTF-8 utility functions to tmux(1), to stop splitting UTF-8 characters improperly.
Ensure parent thread is blocked until any others are detached before letting it exit. Avoids panic.
Only scroll by one line at a time in tmux(1) choose mode (as lists are generally short).
Fixed dhclient(8) DHCPDISCOVERY and DHCPDECLINE (as INADDR_ANY != INADDR_BROADCAST).
Changed ssl(8) library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers.
Set tmux(1) PATH explicitly, either from the client or session environment.
Don't limit the tmux(1) DCS buffer to 256 bytes, expand it as needed.
No longer allow ssl(8) to feed RSA private key information to the random subsystem as entropy.
openssl(1) PR#3309: when looking for an extension, properly search all extensions.
Removed the monitor-content option from tmux(1).
Fixed ssl(8) to call the correct decrypt function in aes_cbc_cipher().
Execute the active path checks when mpath(4) asks for it (rather than on attach).
Skip leading zero bytes in ssh(1) buffer_put_bignum2_from_string() function.
Add ufs2 support in libsa/ufs2.c. One step closer being able to boot from ffs2 filesystems.
Cleaned up dangerous strncpy(3) use in ssl(8).
Added missing parens so that rshd(8) errorhost gets properly initialised.
Gave mlinks and keys tables a sqlite3(1) pageid index. Speeds basic apropos(1) searches by 30%.
Make dhclient(8) -q even quieter.
Removed programs from ssl(8) code which don't work with current openssl(1) releases.
Fixed ssl(8) bugs listed at http://www.viva64.com/en/b/0250/.
ssl(8) now ignores setting which allowed the connection to negotiate insecurely.
Zero-pad ssl(8) "usec" format to handle values less than 100,000 correctly.
Killed bogus "send an SSLv3/TLS hello in SSLv2 format" code from the ssl(8) client.
Stubbed some functions in ssl(8) mem_dbg.c, to avoid all possibility of using them.
Always return 1 in the ssl(8) arc4random(9) backend. Unbreaks lynx(1) and git.
Added generic driver for "NEC PC-9801 extension board slot" on luna88k.
Made directory ordering in our libtool stable.
Closed memory leaks in snmpctl(8) client code.
Removed md2, seed and jpake cyphers from ssl(8).
Removed approx 30 unused makefiles and more vestiges of ssl2 support from ssl(8).
In ssh(8) EC_POINT_invert(), check the correct function pointer before attempting to invoke it (openssl(1) RT #2569).
RotIBM stream cipher (ebcdic), FIPS mode support and GOST engine removed from ssl(8).
Replaced ssl(8) PRNG with arc4random_buf(), keeping existing RAND interfaces unchanged.
Added -s (two-byte signed decimal display) to od(1), as mandated by POSIX.
ssl(8) fixes: corrected cases where code occurred directly after goto/break/return; removed pentium specific benchmark code; removed more vms and windows specific code.
Unbroke xcb-util-cursor.
Made smtpd(8) reply with correct imsg when using non-system authentication.
Stopped mandoc(1) crashing when processing macros in .Sh header lines, or having .Sm off or .Bk -words open.
Stopped leaking socketpair file descriptors if tmux(1) fork(2) fails.
Fixed potential race in UFS where an allocated inode could fail to get added.
Removed o_dir.c from openssl(1) now that OPENSSL_DIR_XXX has been removed from the build.
Removed nonstandard and unsafe DES support from ed(1).
Switched pkg_mklocatedb(1) to using common SetList code, renaming -x into -X.
Updated xcb-utils to 0.3.9.
Allow slowcgi(8) QUERY_STRING to be longer than 127 bytes.
Update libxcb to version 1.10.
Made OPENSSL_NO_HEARTBLEED the default and only option in ssl(8) code.
Adapted snmpctl(8), relayd(8) and snmpd(8) to use AgentX protocol to send traps.
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions.
Better makewhatis(8) error reporting in case of SQL errors: mention dir and file.
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
Update to xtrans 1.3.4.
Updated to xextproto 7.3.0.
Added presentproto 1.0.
Bring back r1.16 of protector.c in gcc(1) version 2.95. Fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) read buffer to stop an attacker injecting data from one connection into another.
A source code patch is available for 5.3, 5.4 and 5.5.
Made sure cu(1) -l overrides HOST.
Avoid sshd(8) crash at exit, by checking that pmonitor!=NULL before dereferencing (bz#2225).
Fixed more(1) to use basic regular expressions (unlike less(1)).
Clamp offsets to the available memory space. Fixes tmux(1) crash.
Further apropos(1) speed optimisation, with mmap(3) MAP_ANON SQLITE_CONFIG_PAGECACHE.
Updated to libdrm 2.4.53
Disabled Segglemann's RFC520 heartbeat from ssl(8).
Don't release the ssl(8) read buffer if we're not done reading from it; disabled buf freelists.
Added validation routines to iked(8): overall header structure is checked for sanity before copying the header; avoid overflow by passing down the number of remaining bytes.
Notify userland when an arp(4) entry is removed.
Fixed fd leaks in mg(1) error paths.
Retired rtinit() and switched to using rt_ifa_add(9) and rt_ifa_del(9) to manage connected routes to prefixes/hosts.
Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
Moved descriptions from mandoc.db(5) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
Reverted r1.93 of mg(1) file.c, which broke permission checks.
5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
Updated to xf86-video-ati 7.3.0.
Made smtpd(8) display correct imsg when profiling is on and if the type was changed.
Zapped the smtpd(8) mfa process. Content filtering will be done at session level.
Removed CA certificates from ssl(8) which are not listed in Mozilla's certdata.txt.
Use root CAs in ssl(8) used by TeleSec (Deutsche Telekom AG): Baltimore CyberTrust Root, Deutsche Telekom Root CA, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3.
If TLS validation is on, make ftp(1) fetch TLS certificate and check the server hostname against the subjectAltName and/or CommonName.
Build libgcc without SSP. Unbreaks landisk bootblocks.
Updated to xorg-macros 1.19.0.
Ensure that we free buffers written out by the page daemon rather than caching them.
Fixed error in bcrypt_pbkdf(3) stride calculations.
Added error detection mechanism to detect when sudo(8) configuration is incorrect for building ports.
Zero-fill smtpd(8) mta static buffer before use in DSN code.
Added term_flushln() flag to control indentation of continuation lines in TERMP_NOBREAK mode. Reduces groff-mandoc differences in base by more than 15%.
Added rgephy(4) for axe(4) and axen(4) on hppa and zaurus.
Fully implemented roff(7) \B (validate numerical expression) and partially implemented \w (measure text width) escape sequence.
5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) CVE-2014-0160 "heartbleed" vulnerability.
A source code patch is available for 5.3, 5.4 and 5.5.
Added MSI support for xhci(4).
Enable upd(4) on archs where uhidev(4) is present.
Do not attach when no upd(4) sensors can be allocated; made device querying smarter.
Added roff(7) support for indirect references to user-defined strings.
Made iscsid(8) listen to the control socket, so the connect() call from iscsictl(8) will not fail.
In udp_output(), use the correct source address in case of an unbound socket.
Accept arbitrary argument delimiters for various roff(7) escape sequences.
Increased MSGBUFSIZE on macppc.
Exit on error or HUP when poll()ing the keyboard. Otherwise, top(1) may spin when its tty goes away.
Added implementation of roff(7) numerical expressions.
Retired kernel support for SO_DONTROUTE, this time without breaking localhost connections.
Updated termtypes.master to upstream terminfo-20140329.src.
When qla(4) is iterating through fabric ports, start at our own port ID, to simplify tracking.
Added axen(4) wherever axe(4) is found.
qla(4) ISP2322 chips need a different firmware image to other 2300s, don't load firmware for them.
Removed (expensive) temporary connect in udp_output(). Also fixes possible memory leak.
Added missing addressing modes for the fucomip instruction on i386. Unbreaks webkit port.
Fixed smtpd(8) when writing multi-line "To" and "Cc" headers.
Implemented the roff(7) .rr (remove register) request.
Fixed uvm(9) logic error (and prevented theoretical infinite loop) in uvm_pmr_rootupdate().
mandoc(1) bugfix: make sure all variables are properly initialised when rendering .ll (line length) requests.
Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
Made makewhatis(8) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
Instead of silently doing nothing, made makewhatis(8) warn and return non-zero when the manpath is empty.
Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
Renamed the makewhatis(8) -W option to -p. Matches flag introduced in OpenBSD 2.7.
Proper validation and computation of bsize now occurs in the disklabel(8) expert mode.
Renamed -v option of mandocdb(8) to -D, to avoid a clash with the -v option of makewhatis(8).
Reduced the tmux(4) mouse wheel scroll size to 3; allow shift to reduce it to 1; allow meta and ctrl to multiply by 3; support wheel in "choose" mode.
Fixed npppctl(8) calculation of response message size.
Added the "#" character as a comment character in the mg(1) startup file.
Support UTF-8 with tmux(4) choose-buffer; made buffer_sample bigger to let it trim at window right edge.
Enabled hds(4) on hppa.
Enabled mpath(4) on macppc.
When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents server from forcing a new-hostkey dialog.
Include fingerprint of key not found by ssh-keysign(8); use arc4random_buf() instead of loop+arc4random().
In four byte UTF-8 sequences, make sure tmux(1) only uses three bits of the first byte.
Stopped tmux(1) crashing when a zero-length argument is passed to setb.
Made tmux(1) message-limit a server option.
Stopped tmux(1) segfaulting when the parent of the layout cell is NULL.
Added setb -a to tmux(1) append; added a copy mode append command.
Made session_attached a count; added session_many_attached flag to tmux(1).
Added start-of-list, end-of-list, top-line and bottom-line in tmux(1) choice mode.
Stopped tmux(1) writing into the buffer if there are no arguments.
Changed secondary device attributes response to "\033[>84;0;0c" which is unique for tmux(1).
Made bus_dmamap_load(9) and bus_dmamap_unload(9) mpsafe on alpha.
Restored behaviour of ls(1) -f implying -a (lost in commit made in 1989). Conforms to IEEE 1003.1-2008 ("POSIX.1").
On loongson, mips and octeon, stopped whole L1 cache being flushed unnecessarily.
Again allow more than one level of directories to be created via mg(1) make-directory.
Force detach of all usb(4) devices by disconnecting root hubs before suspending machine. Avoids races.
libtool(1) now properly add -rpath to the linker when linking libraries. Matches GNU libtool.
Increased Xtranssock.c send buffer for UNIX sockets. Makes Firefox usable again when viewing large images.
If HOST or the host argument starts with a "/", cu(1) will now treat it as a device name.
Fixed REMOTE on cu(1) to work like tip(1); added support for HOST.
Added SNI support to ftp(1).
Allow roff(7) to support relative arguments to .ll (increase or decrease line length).
Repaired boot.net operation on (at least) sparc SS5 PROM v2.21
Implement the roff(7) .ll (line length) request.
5.5 RELIABILITY FIX: Memory corruption occurring during icmp(4) reflection handling (ICMP reflection is disabled by default).
A source code patch is available for 5.5.
Recognise so-called "EFI-like" interface provided by newer PMON firmware on Loongson 2Gq and Loongson 3A.
Bugfix and security update to nginx(8) version 1.4.7 (note: CVE-2014-0133 does not affect OpenBSD).
Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
Allow leading and trailing vertical lines in tbl(7), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
On loongson, made sure the HIBERNATE pages get reserved regardless of the memory layout.
Program the colormap correctly on grtwo(4/sgi); added a simple screen burner accessop.
When enforcing TOS (Traffic Class), made pf(4) preserve the ECN bits (as with IPv4 packets).
Adjusted (commented-out) nginx.conf(5) sample blocks for PHP and SSL configurations.
Made mg(1) C-t (transpose two chars) behave like emacs.
Ended experimental machine-independent login.conf(5) template support.
Made cu(1) handle REMOTE in the environment as either a separate remote(5) file or a host.
Added cu(1) support for retrieving the line and speed from the /etc/remote "dv" and "br" capabilities like tip(1).
Fixed handling of the kill(1) "-1" option from a thread other than the original thread.
Permit generating of NAMI and CSW records inside ktrace(2).
Ignore the -b option if cksum(1) is called as-is (e.g. "cksum -b /bsd"), to match man page.
Removed file2c(1). hexdump(1) works as well for most use cases.
usb(4) root hubs can now happily be detached and reattached.
When smtpd(8) is locally enqueuing messages without specifying a domain, update headers to show the local domain.
Strengthened ssh(1): removed weaker pre-SHA2 hashes, broken cipher (arcfour), and the broken mode (CBC) from the default configuration.
skey(1) bugfixes: default algorithm switched back to md5; do not let skey_set_algorithm() cause a segfault if an unsupported algorithm is specified.
Added acpithinkpad(4) support for aux button strip on newer thinkpads missing regular F1-F12 keys.
dd(1) now supports g for gigabytes.
Reworked the way sysmerge(8) fetches and verifies sets, to simplify the process.
Merged perl(1) version 5.18.2 (including local patches).
Stopped calling smtpd(8) purge_task every 10 secs (only needed once at startup).
Removed "-r" option from ping(8), traceroute6(8) and traceroute(8).
Enabled SQLITE_ENABLE_FTS3_PARENTHESIS in sqlite3(1).
Removed the MD4 functions (highly susceptible to collision attacks).
Skip leading escape sequences in mandoc(1) man_deroff(), for better indexing.
Gave powerpc PIE.
Initialise additional BATs (IBAT4-IBAT7 and DBAT4-IBAT7) on socppc. Stops memory corruption on devices with rb600.
Fix uhidev_detach() when detaching a device which did not claim all reported IDs.
Reverted audio key handling.
Make sure sysmerge(8) adds missing users/groups before running the target; otherwise mtree(8) can fail.
Let mg(1) users input a tag to find, even if no default tag is defined.
Disabled smtpd(8) imsg buffers profiling code, to stop processes waking up each second.
npppd(8) tunnels can now have multiple listen addresses.
Reimplemented control part of npppd(8) with imsg; added "monitor" command for npppctl(8) to monitor PPP session start/stop events.
Fixed npppd(8) bug which caused segfaults when npppd.conf(5) had "username-suffix" and "strip-atmark-realm" as yes.
Made npppd(8) keep listening on 1723/tcp when accept() is failed.
Removed tape as a method for fetching install sets.
Attempt to workaround the R4000 end-of-page errata on sgi and mips64, triggered by TLB misses when the code flow crosses a page boundary.
Disabled MS-CHAPv1 (RFC 2433) support in pppd(8).
Fixed sysmerge(8) regression when not using a full path to sets; make it use ftp(1) -D.
Installed /var/unbound/db directory for DNSSEC root key; added (commented-out) options for DNSSEC to unbound.conf(5).
Removed insecure MD4 checksum algorithm from cksum(1).
Removed ftp method for obtaining installation sets when running the installer.
Enabled upd(4) on amd64, sparc64 and macppc archs for testing.
Sync timestamp changes for inodes of special files to disk as late as possible to avoid useless disk i/o.
Include support in pstat(8) -v to display the IN_LAZYMOD flag.
On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
Retired the rarely used hp300, mvme68k and mvme88k ports.
Allow makewhatis(8) to check mandoc.db(5) databases are up to date even when you don't have write permissions.
Notify userland (via the routing socket) when ARP resolution completes.
Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
Made bgpctl(8) correctly parse attribute length form imsg.
Exit from traceroute6(8) if there is at least one unreachable and sum of unreachables and timeouts are >= number of probes.
Unbroke sndiod(8) monitoring mode, which was shifted in time by 1 block.
Userland ppp(9) removed.
In apropos(1) output, sort names and avoid multiple section numbers.
In slowcgi(8), use SCRIPT_FILENAME (can be an absolute filesystem path). Fallback to SCRIPT_NAME if this is not present.
Reimplemented htpasswd(1) from scratch.
Don't use volume keys when in raw-mode. Stops simultaneous volume changes by X(7) and ukbd(4).
Enable qlw(4) at sbus(4) on sparc64.
Enabled unbound(8) in base.
Updated to xcb-proto version 1.10.
Updated to libdrm 2.4.52.
Removed the unused userland agp(4) interface.
Reverted to the freetype2.pc we had before to bring back local changes.
More informative smtpd(8) log message on unknown SNI.
Provide an MI api for byteswapping loads and stores, especially beneficial for sparc64 and powerpc.
Updated to freetype-2.5.3. Fixes vulnerability in the CFF driver (CVE-2014-2240).
Enabled qla(4) and qle(4) in ramdisks (except on sgi).
smtpd(8) now prints the correct user name if SMTPD_QUEUE_USER is missing.
Use ticket locks (not spinlocks) on i386/amd64/sparc64. Provides fairer access to the kernel lock.
Added a few more instruction patterns to binutils that are needed by gcc(1) version 4.8.
In mandoc(1) -Tutf8 mode, count hyphens against the output line length even when they are breakable.
Stopped the smtpd(8) enqueue utility adding a User-Agent header to emails.
Block userland from entering drm(4) code during suspend/resume. Fixes inteldrm(4) bugs.
Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
No more spray(8) in base.
Fixed buffer overflows in icmp(4) redirect handling (introduced in rev 1.106).
Switched over from sendmail(8) to smtpd(8) by default.
Fixed iked(8) config-address w/o pool.
Unbroke nc(1) "-6 -l" and apply correct fix for previous commit.
Removed rmail(8).
Made ssh(1) scan for ed25519 keys by default.
For isakmpd(8) CA generation, set the correct certificate extensions so more SSL implementations will trust this as a CA cert. Matches ssl(8).
Bugfix update to nginx(8) version 1.4.6.
When pf(4) is translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet.
When pf(4) is setting packet description, also retrieve the Traffic Class field of IPv6 packets.
Fixed the cnmac(4/octeon) mediastatus when the interface is not configured.
Optimisation of opendir(3), rewinddir(3) and related functions. 2000x speedup of seekdir(3) in some tests.
Fixed acpi(4) on amd64, to avoid reboot and stack corruption problems when resuming.
Reworked per-cpu cache information, to avoid using hardcoding data based on processor type on mips, octeon, and sgi.
In re(4), fixed operation and made reception of packets work on the 8168G controllers.
Made mandoc(1) user-defined macros wrapping ".TP" work correctly; preserve line breaks contained in user-defined macros called in ".nf" mode.
Enable DMA bursting and tagged queueing in qlw(4); enable qlw(4) on alpha/amd64/i386/macppc/sgi/sparc64; only attempt to load firmware if we actually have some.
Initial xhci(4) implementation: USB 3.0 umass(4) devices get reasonable read/write speed.
Improved roff(7)'s .if/.ie condition handling.
Fixed env(1) diagnostic messages to stderr, so failure of env(1) and failure of the specified utility can be distinguished.
Allow signify(1) to read input messages on a pipe.
Added usbd_get_hub_descriptor(), to clean up uhub(4) and deal with hub device descriptors in high speed devices.
With md5(1) -C, exit with exit status of 1 if any of the files specified do not exist.
mandoc(1) bugfixes related to the closing of conditional blocks: handle more than one '\}' on macro lines; do not treat '\}' as a macro invocation after a dot at the beginning of a line; do not complain about characters following '\}'.
Makes the "cleartoggle" function in HC drivers optional (upcoming xhci(4) driver doesn't use it).
Allow signify(1) to accept a password on stdin, as long as it is not a tty(4).
On qlw(4), set the correct clock rate for ISP1020/1020A.
When running sysmerge(8), always print the key signify(1) is using.
Fix the return values of getpwnam_r(3), getpwuid_r(3), getgrnam_r(3), and getgrgid_r(3) to agree with POSIX.
Altered qlw(4) so it can compile on sparc64 too.
In -Tutf8 mode, make mandoc_char(7) named accent character escape sequences render as non-combining accents (lets mandoc behave like groff); made \' and \` equivalent to \(aa and \(ga, respectively.
Introduced qlw(4), a new driver for QLogic ISP SCSI HBAs (currently only supports the pci(4) variants).
Raised the delay before initialising sdmmc(4). Lets the reader on X220 work reliably.
Fixed: sndiod(8) read/write position tracking; incorrect delta propagated after xruns in play-only and rec-only modes; crashes seen after a few days of continuous playback.
Fixed incorrect position reporting with sndiod(8) when using tiny block sizes on busy machines.
Made sndiod(8) check that the socket is writable before attempting to write data packets.
On armv7, removed TIMEZONE and DST options from GENERIC-* kernels; added option USBVERBOSE to all kernels.