File: [local] / www / plus.html (download) (as text)
Revision 1.1391, Tue Jul 5 22:20:08 2016 UTC (7 years, 10 months ago) by tim
Branch: MAIN
Changes since 1.1390: +211 -4 lines
Maggio
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD -current Changelog</title>
<meta name="description" content="OpenBSD -current changes">
<meta name="copyright" content="This document copyright 1996-2016 by OpenBSD.">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="http://www.openbsd.org/plus.html">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238e">
<h2>
<a href="index.html">
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
<font color="#e00000">-current Changelog</font>
</h2>
<hr>
<p>
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the <a href="mail.html#Archives">archives</a>,
or use <a href="anoncvs.html#CVS">CVS</a>.
<p>
Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
<p>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>,
<a href="plus35.html">3.5</a>,
<a href="plus36.html">3.6</a>,
<br>
<a href="plus37.html">3.7</a>,
<a href="plus38.html">3.8</a>,
<a href="plus39.html">3.9</a>,
<a href="plus40.html">4.0</a>,
<a href="plus41.html">4.1</a>,
<a href="plus42.html">4.2</a>,
<a href="plus43.html">4.3</a>,
<a href="plus44.html">4.4</a>,
<a href="plus45.html">4.5</a>,
<a href="plus46.html">4.6</a>,
<a href="plus47.html">4.7</a>,
<a href="plus48.html">4.8</a>,
<a href="plus49.html">4.9</a>,
<a href="plus50.html">5.0</a>,
<a href="plus51.html">5.1</a>,
<a href="plus52.html">5.2</a>,
<a href="plus53.html">5.3</a>,
<br>
<a href="plus54.html">5.4</a>,
<a href="plus55.html">5.5</a>,
<a href="plus56.html">5.6</a>,
<a href="plus57.html">5.7</a>,
<a href="plus58.html">5.8</a>,
<a href="plus59.html">5.9</a>.
<br>
<p>
<h3><font color="#0000e0">Changes made between OpenBSD 5.9 and -current</font></h3>
<p>
<ul>
<!-- 2016-05-31 -->
<li>Add support for using SRPs without the garbage collection machinery.
<li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
<ul>
<li>Ensure that the client's proposed DH-GEX max value is at least as big as the minimum the server will accept.
<li>Check min and max sizes sent by the client against what we support before passing them to the monitor.
</ul>
<li>Fix ptrace PT_WRITE_D that returned EFAULT (broken in src/sys/kern/sys_process.c r1.33).
<li>In libexpat, fix CVE-2016-0718.
<li>In <a href="http://man.openbsd.org/installboot.8">installboot(8)</a>, add support for armv7.
<li>In binutils, port over the binutils fix for PR ld/3111: greatly speed up linking of object files that contain lots of dwarf2 symbols by caching symbol tables.
<li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, permit wxallowed on mfs.
<li>In libedit, fix a crash that occurred when the history contained more than twice as many entries as the new limit.
<li>Ensure that <a href="http://man.openbsd.org/softraid.4">softraid(4)</a> crypto is not run on the crypto taskq.
<li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, guard against using tp_start uninitialized in case no frame was grabbed in verbose mode.
<li>Stop creating and inserting a route entry for ARP and ND automagically.
<li>Flush dynamic route entries attached to an interface when its link state becomes DOWN. This should fix stale RTF_DYNAMIC routes when switching WiFi network during suspend/resume.
<li>Plug a route entry leak triggered under memory pressure.
<!-- 2016-05-30 -->
<li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, add In <a href="http://man.openbsd.org/mmap.2">mmap(2)</a> support for frame grabbing and make it default over <a href="http://man.openbsd.org/read.2">read.(2)</a> unless overriden by the -g flag.
<li>Identify W^X labelled binaries at <a href="http://man.openbsd.org/execve.2">execve(2)</a> time based upon the WX_OPENBSD_WXNEEDED flag set by ld -zwxneeded.
<li>In <a href="http://man.openbsd.org/sed.1">sed(1)</a>, fix a begin-of-word mismatch.
<li>On amd64, include rdtsc in the rdrand callback.
<li>Deal with interfaces removing the VLAN header before the packet has been feed to the pseudo-interfaces input handlers.
<li>Update to freetype-doc 2.6.3.
<!-- 2016-05-29 -->
<li>In libc on i386, do setjmp cookies for eip, esp, and ebp.
<li>In libc on mips64, do setjmp cookies for gp, sp, and ra.
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements.</font><br>A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>.
<li>Update to xserver 1.18.3.
<li>Update to freetype 2.6.3.
<li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a>, add support for new smu-firmware fan commands.
<li>Update to mesa 11.2.2.
<!-- 2016-05-28 -->
<li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with "<a href="http://man.openbsd.org/ncheck_ffs">ncheck_ffs</a> /dev/tty".
<li>In <a href="http://man.openbsd.org/ld.1">ld(1)</a>, implement -z wxneeded.
<li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with "<a href="http://man.openbsd.org/pdisk.8">pdisk</a> /dev/tty".
<li>Implement the fork+exec pattern in <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<li>Fix <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> issues in <a href="http://man.openbsd.org/growfs.8">growfs(8)</a>.
<li>In <a href="http://man.openbsd.org/nc.1">nc(1)</a>:
<ul>
<li>Fix -verbose mode when used on a Unix domain socket.
<li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation when -P is used and a passwords needs to be supplied.
</ul>
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, add support for Intel Wireless 3165 devices.
<li>In <a href="http://man.openbsd.org/fsirand.8">fsirand(8)</a> and <a href="http://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a>, fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation that can be triggered by using DIOCGDINFO on a file that is not a disk device.
<li>In <a href="http://man.openbsd.org/disklabel.8">disklabel(8)</a>, don't crash if no filename is provided.
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, add support for Intel Wireless 8260 devices.
<li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, fix file block size rounding and ensure it's large enough to store a full audio block.
<!-- 2016-05-27 -->
<li>In the install script, set the "wxallowed" <a href="http://man.openbsd.org/mount.8">mount(8)</a> option for the filesystem /usr/local resides on.
<li>No longer allow W^X violations by default. A kernel log message is generated, and <a href="http://man.openbsd.org/mprotect.2">mprotect(2)</a> and <a href="http://man.openbsd.org/mmap.2">mmap(2)</a> return ENOTSUP. If the kern.wxabort <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> is set, a SIGABRT occurs instead. W^X-violating programs can be permitted per FFS/NFS filesystem, using the "wxallowed" <a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
<li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, when resampling, use the exact resampling factor instead of the ratio between input and output block sizes. This change makes playback/recording rate match exactly the requested sample rate.
<li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, return 400 (Bad Request) instead of 500 (Internal Server Error) for requests not specifying the HTTP version.
<!-- 2016-05-26 -->
<li>When initializing the console, add a short delay so that baud rate changes on the console have a chance of working. This prevents the serial console on the APU from hanging when garbage is echoed to the tty.
<li>In <a href="http://man.openbsd.org/procmap.1">procmap(1)</a>, reintroduce vnode-to-filename mapping.
<li>In <a href="http://man.openbsd.org/rc.8">rc(8)</a>:
<ul>
<li>Skip library reordering if /usr/lib is on an NFS filesystem.
<li>Temporarily remount read-write if /usr/lib is on a read-only FFS filesystem.
</ul>
<li>Make amaps use less kernel memory. This is achieved by grouping amap slots into chunks that are allocated on-demand by <a href="http://man.openbsd.org/pool.9">pool(9)</a>.
<!-- 2016-05-25 -->
<li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, prevent screwing up terminal settings by escaping bytes not forming ASCII or UTF-8 characters.
<li>In <a href="http://man.openbsd.org/regex.3">regex(3)</a>, fix another one-byte buffer underflow (read access only).
<li>Avoid a use-after-free in <a href="http://man.openbsd.org/ftp.1">ftp(1)</a>.
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, update to firmware API 16 and enable RTS/CTS frame protection.
<!-- 2016-05-24 -->
<li>In the armv7 install script, use efiboot when setting up the installed disk.
<li>On octeon, prevent gather buffer starvation on currently supported systems.
<!-- 2016-05-23 -->
<li>In <a href="http://man.openbsd.org/acpitz.4">acpitz(4)</a>, disable active cooling trip points when we lack the right method to operate.
<li>Place a cpu-dependent trap/illegal instruction over the remainder of the sigtramp page, so that it will generate a kernel fault if touched.
<li>Remove the kern.random <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
<li>In <a href="http://man.openbsd.org/umsm.4">umsm(4)</a>, support the Airprime/Sierra AirCard 313U and the Netgear/Sierra AirCard 770S.
<li>Various improvements to <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>.
<li>In binutils on sparc64, make the PLT read-only. This allows the kernel and ld.so to load binaries without violating W^X.
<li>Add UTF-8 support to <a href="http://man.openbsd.org/fold.1">fold(1)</a>.
<!-- 2016-05-22 -->
<li>On macppc, use 64-bit integers to fix fan scaling calculations.
<li>Build armv7 efiboot.
<li>In libc on hppa, add XOR cookies for rp and sp.
<li>In libc on powerpc, add XOR cookies for r1 (stack) and lr.
<li>Avoid a uvm fault when pulling an msdos-formatted <a href="http://man.openbsd.org/umass.4">umass(4)</a> stick during mount while the USB stack is busy.
<li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, start work on improving the log format.
<!-- 2016-05-21 -->
<li>Build <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> on armv7.
<li>Implement <a href="http://man.openbsd.org/openprom.4">openprom(4)</a> for armv7.
<li>Make <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> -p print sensible numbers on little-endian platforms.
<li>Remove the -x flag from <a href="http://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a> and always assume the execute bit for readable directories subject to the mask option (-m).
<li>Stop making files executable on msdosfs.
<li>Fix a logic bug in DUID generation: we want to generate DUIDs until we have one that is not a duplicate and not a zero DUID.
<li>In <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a>, harden TLS for constraints.
<li>On armv7, dynamically attach <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/imxiic.4">imxiic(4/armv7)</a> and use the FDT to enumerate devices on i2c busses. The CuBox-i and Hummingboard now need to be booted with an FDT to see the RTC.
<li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/octeon/cnmac.4">cnmac(4/octeon)</a>, make the TX path MP-safe and add some ifq oactive logic.
<!-- 2016-05-20 -->
<li>On armv7, resolve problems with <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/ommmc.4">ommmc(4/armv7)</a> sometimes not attaching properly with recent u-boot versions.
<li>On macppc, hook up <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a> to the thermal management framework.
<li>On macppc, add a thermal management framework which controls the fan speed based on the temperature sensor values.
<li>In the install script, log questions and answers during install/upgrade and mail them to the root user in a format usable as a response file for <a href="http://man.openbsd.org/autoinstall.8">autoinstall(8)</a>.
<li>In libcrypto, fix a short-read bug in the previous version of asn1_d2i_read_bio.
<!-- 2016-05-19 -->
<li>On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions.
<li>Remove the net.inet6.ip6.v6only <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
<!-- 2016-05-18 -->
<li><font color="#e00000">5.9 RELIABILITY FIX: Possible data corruption in <a href="http://man.openbsd.org/bnx.4">bnx(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>.
<li>In <a href="http://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice.
<!-- 2016-05-17 -->
<li>Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy.
<li>On octeon, accept cnmac as a valid rootdev from uboot (e.g. rootdev=/dev/cnmac0).
<li>Rework the fix to prevent a kernel crash when <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a> is called with LOG_CONS and the console device has not been intialized yet.
<li>In <a href="http://man.openbsd.org/regex.3">regex(3)</a>, fix a one-byte buffer underflow (read access only).
<li>Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events.
<li>Fix "<a href="http://man.openbsd.org/skeyinit.1">skeyinit</a> username" run as root.
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="http://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user.</font><br>A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>.
<li>Completely skip link-layer address resolution and NUD on <a href="http://man.openbsd.org/gif.4">gif(4)</a>.
<!-- 2016-05-16 -->
<li>In <a href="http://man.openbsd.org/uvideo.4">uvideo(4)</a>, plug some holes in the V4L2 <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue.
<li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, fix some file-descriptor leaks.
<li>Enable the pcf8523 RTC on Hummingboard and CuBox-i.
<li><font color="#e00000">5.9 RELIABILITY FIX: Issues in <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>.</font><br>A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>.
<li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>:
<ul>
<li>Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.
<li>Plug a file-pointer leak that can lead to resource exhaustion and result in a crash.
</ul>
<li>Have POSTREAD flush the D-cache. This eliminates random data corruption on the CuBox-i4Pro.
<li>Add <a href="http://man.openbsd.org/pfcrtc.4">pfcrtc(4)</a>, a driver for the NXP PCF8523 Real Time Clock.
<!-- 2016-05-15 -->
<li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, enable reception and transmission of Jumbo frames.
<!-- 2016-05-14 -->
<li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a>, add support for pwm fans.
<li>Initial stab at an EFI bootloader for armv7.
<li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, no longer handle /etc/example files.
<!-- 2016-05-12 -->
<li>In <a href="http://man.openbsd.org/install.1">install(1)</a>, add -F to call <a href="http://man.openbsd.org/fsync.2">fsync(2)</a> on the installed file right before closing it.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, add -q to source-file to suppress errors about nonexistent files.
<!-- 2016-05-11 -->
<li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>, disable EIGRPv6 on an interface when it loses its link-local address.
<li>Remove the hppa64 port.
<li>Allow zaudio(4) to start when large blocks are requested.
<li>Make the mips64 pmap MP-safe.
<li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, allow to filter process arguments if they are being displayed.
<!-- 2016-05-10 -->
<li>Avoid a kernel crash when <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a> is called with LOG_CONS and the console device has not been intialized yet.
<li>Do SROP mitigation. sendsig() stores a cookie inside the sigcontext. <a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> checks the syscall entry was from the exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie, and clears it to prevent sigcontext reuse
<li>Try harder to avoid using random data on the disk as an inode, because FFS2 does lazy inode initialization. This avoids crashes when translating a bogus filehandle to a vnode.
<!-- 2016-05-09 -->
<li>Update to libexpat 2.1.1.
<li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, implement Mdocdate keyword substitution.
<!-- 2016-05-08 -->
<li>In imxesdhc(4), add DMA support. It uses ADMA2 "Internal DMA" that is compatible with the SD Host Controller standard.
<li>In <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, add support for level, active low gpio interrupts.
<li>In <a href="http://man.openbsd.org/wall.1">wall(1)</a>, enable UTF-8 detection in wall(1). This deliberately ignores UTF-8 characters and replaces them with a single question mark.
<li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a> and <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, add support for writing gpio pins.
<li>In <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, stop printing the MPSAFE interface flag. It is a kernel-only hint and printing it only creates confusion.
<!-- 2016-05-07 -->
<li>Add <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, a driver for the GPIO controllers found on Intel's Cherry View SoC.
<li>On powerpc, flush page (through the direct map) before mapping it into AGP. This fixes artifacts seen in X on some G5 machines.
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> family of functions, stop opening the shadow database by default.
<li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, print RA Route Information prefix, preference and lifetime.
<li>Use a Thread Information Block in both single and multi-threaded programs. Make libpthread <a href="http://man.openbsd.org/dlopen.3">dlopen(3)</a>'able.
<li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, implement ACPI 5.0 GeneralPurposeIo OpRegion support.
<li>Import Term::ReadKey 2.33.
<!-- 2016-05-06 -->
<li>In imxesdhc(4), add support for changing the bus width and set the 4-bit mode capability.
<li>Make the imxesdhc(4) work on the cubox-i.
<li>Revert the default cachepercent to 20.
<li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, print the router preference contained in RAs in verbose mode.
<!-- 2016-05-05 -->
<li>Fix efiboot not to hang with a disk whose block size is less than 512.
<li>Fix packet corruption in <a href="http://man.openbsd.org/bnx.4">bnx(4)</a>.
<li>Add Dual Data Rate support for eMMC at 52 MHz.
<li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, add support for named initializers for anonymous structs/unions. This is a C11 feature that is starting to get used in places such as Mesa.
<li>In <a href="http://man.openbsd.org/midiplay.1">midiplay(1)</a>, fix one of the reads past the end of the buffer.
<!-- 2016-05-04 -->
<li>In <a href="http://man.openbsd.org/acpithinkpad.4">acpithinkpad(4)</a>, avoid a division by zero in <a href="http://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
<li>In <a href="http://man.openbsd.org/dc.4">dc(4)</a>, cope with the broken DMA engine of the Davicom DM9102 found on some Sun sparc64 machines.
<li>On sparc64, avoid having to panic on hardware with a broken DMA engine that attempts to read beyond the end of the buffer that was programmed.
<li>Add initial support for MSI-X, only on amd64 for now.
<li>In <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, add IdentityAgent.
<li>In <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a>, add high-speed support for SD cards. This causes serious improvement in the read speeds.
<li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, don't mask pins configured as direct IRQ. This nbreaks the keyboard on the Asus x205ta.
<!-- 2016-05-03 -->
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks.
<li>Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code.
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>.</font><br>A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>.
<li>In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types.
<li>Reduce the number of lookups to 1 for non-multicast traffic when <a href="http://man.openbsd.org/pf.4">pf(4)</a> is disabled.
<li>In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.
<!-- 2016-05-02 -->
<li>In <a href="http://man.openbsd.org/telnet.1">telnet(1)</a>, don't check if the hostname is a fully qualified domain. This prevents <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> "dns" issues.
<li>In tmpfs, fix some issues regarding timestamp updating.
<li>In ssh:
<ul>
<li>Support SHA256 and SHA512 RSA signatures in certificates.
<li>Add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03.
</ul>
<li>On arm and armv7, rework mainbus and implement simplebus to be able to span a tree-like topology based on device tree information.
<!-- 2016-05-01 -->
<li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/ommmc.4">ommmc(4/armv7)</a>, add support for changing the bus width to ommmc and set the 4-bit mode capability.
<li>Add bus width switching support for MMC. Enable 8-bit bus support on <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers that support it. This makes the raw transfer rate of the eMMC on the Lenovo Ideacentre Stick 300 go up to 40 MB/s.
<li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a>, fix the DMA issues on Bay Trail.
<li>Add support for changing the bus width to the <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a> subsystem and the <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> controller. Use this to switch SD cards to a 4-bit bus if they support it.
<li>In <a href="http://man.openbsd.org/sppp.4">sppp(4)</a>, fix a bug causing breakage with LCP echoes.
<li><font color="#e00000">5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="http://man.openbsd.org/carp.4">carp(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>.
<!-- 2016-04-30 -->
<li>Convert <a href="http://man.openbsd.org/ldapd.8">ldapd(8)</a> to use the libtls API.
<li>In <a href="http://man.openbsd.org/file.1">file(1)</a>, fix the default type to work properly.
<li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, mask all gpio interrupts when attaching. This fixes an interrupt storm on the Lenovo Ideacentre Stick 300.
<li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> and <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a>:
<ul>
<li>Implement DMA support (only ADMA2 is supported). There is a remaining issue with simultaneous use of eMMC and external SD card on (some) Intel Bay Trail hardware.
<li>Enable the ADMA error interrupt.
<li>Enable high speed timing for bus clock frequencies over 26MHz and advertise support for it.
</ul>
<!-- 2016-04-29 -->
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, add options to include status text in the pane borders.
<li>Fix several bugs due to uninitialized struct nameidata's.
<li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, panic when attempting to execute a scsi command with no discipline defined.
<li>Fix a bug causing <a href="http://man.openbsd.org/gzip.1">gzip(1)</a> to think the resulting file was got larger during compression.
<li>In <a href="http://man.openbsd.org/daily.8">daily(8)</a>, no langer call <a href="http://man.openbsd.org/mailq.8">mailq(8)</a>.
<li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, in interactive mode, check syntax of several important files after merging to give some protection against bad merges.
<li>Don't allow the routing table of a bound socket to be changed. This is not intended and will behave unexpectedly if the address is already used in another domain.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, fix keys parsing again to correctly accept Unicode when not prefixed with Escape.
<li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, fix "smtpctl show queue" reporting "invalid" envelope state.
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, close the ControlPersist background process stderr when the daemon is not in debug mode or when logging to a file or syslog (bz#1988).
<!-- 2016-04-28 -->
<li>In <a href="http://man.openbsd.org/MAKEDEV.8">MAKEDEV(8)</a>, replace /dev/bpf[0-9] with /dev/bpf and /dev/bpf0.
<li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, if the attempt to broadcast a DHCPDISCOVER packet returns EAFNOSUPPORT, just print an error message and exit.
<li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/i386/installboot.8">installboot(8/i386)</a>, plug a couple of leaks of input buffers.
<li>In libssl, allow ^C to break operations such as reading passwords.
<li>In libssl, implement the IETF ChaCha20-Poly1305 cipher suites. The old Google implementation continues to be supported, but the ChaCha20-Poly1305 cipher suites names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
<li>In libssl, rename <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305.3">EVP_aead_chacha20_poly1305(3)</a> to EVP_aead_chacha20_poly1305_old() and replace it with <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305_ietf.3">EVP_aead_chacha20_poly1305_ietf(3)</a>. The IETF version will become the standard version.
<li>In ieee80211, rework handling of frames which fall beyond the block ack window.
<li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, display block ack window slide counter.
<li>In <a href="http://man.openbsd.org/compress.1">compress(1)</a>, account for multiple streams in "gzip -l" output.
<li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, simplify TLS configuration handling and prevent a memory leak when there are multiple certificates specified for the same server.
<li>In <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, show 11n HT rate in "ifconfig scan" output.
<li>Unbreak <a href="http://man.openbsd.org/fsck_ext2fs.8">fsck_ext2fs(8)</a>.
<li>In libedit, initialize the search buffer to avoid a potential read buffer overrun.
<!-- 2016-04-27 -->
<li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, correctly set up byteswapping so this chip works on big-endian architectures.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, apply backspace check after working out the actual key, so that M-BSpace can work.
<li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, align rx buffers so ip packets will be aligned correctly for the stack.
<li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, do not handle echo "`echo \"hi\"`" in POSIX mode differently than in traditional mode. This aligns ksh's behavior with bash and FreeBSD sh.
<li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, make -W show the new 802.11n counters.
<!-- 2016-04-26 -->
<li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, print tcps_noport with "netstat -s" like it is already done for udp.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, fix problems with meta and Unicode keys.
<li>In <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>, implement daemon_rtable support.
<li>In <a href="http://man.openbsd.org/rc.subr.8">rc.subr(8)</a>, introduce <a href="http://man.openbsd.org/rtable.4">rtable(4)</a> support to <a href="http://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
<li>In <a href="http://man.openbsd.org/readelf.1">readelf(1)</a>, show octeon in "readelf -h" output.
<li>In <a href="http://man.openbsd.org/rc.8">rc(8)</a>, re-link (only the newest) libc.so on startup, placing the objects in a random order.
<li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, don't attempt a rebuild using a hot spare with a sector size greater than the sector size of the softraid volume.
<li>Use <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> in <a href="http://man.openbsd.org/groupadd.8">groupadd(8)</a>, <a href="http://man.openbsd.org/groupmod.8">groupmod(8)</a>, <a href="http://man.openbsd.org/groupdel.8">groupdel(8)</a>, <a href="http://man.openbsd.org/groupinfo.8">groupinfo(8)</a>, <a href="http://man.openbsd.org/user.8">user(8)</a>, <a href="http://man.openbsd.org/useradd.8">useradd(8)</a>, <a href="http://man.openbsd.org/usermod.8">usermod(8)</a>, <a href="http://man.openbsd.org/userdel.8">userdel(8)</a> and <a href="http://man.openbsd.org/userinfo.8">userinfo(8)</a>.
<li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, be consistent in batch and interactive mode: ensure sysmerge can be re-run if a file is left for later.
<li>In <a href="http://man.openbsd.org/acpitz.4">acpitz(4)</a>, if the temperature is below the active cooling level for a tz, turn the fan off regardless of what state it is currently in.
<!-- 2016-04-25 -->
<li>In <a href="http://man.openbsd.org/rtsx.4">rtsx(4)</a>, match on RTS522A found in 2016 ThinkPads.
<li>Remove systrace support.
<li>In the install script, when upgrading automatically run <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a> in batch mode before <a href="http://man.openbsd.org/fw_update.1">fw_update(1)</a>.
<li>On macppc and socppc, don't check if the CPU is inside the idle loop when entering <a href="http://man.openbsd.org/ddb.4">ddb(4)</a>. This allows putting breakpoints in interrupt context and have them work if an interrupt fires while the CPU is idle.
<!-- 2016-04-24 -->
<li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, always pass the QUERY_STRING variable to the FastCGI handler.
<li>In <a href="http://man.openbsd.org/Xserver.1">Xserver(1)</a>, fall back to /dev/ttyC0 when the console device is not a <a href="http://man.openbsd.org/wsdisplay.4">wsdisplay(4)</a>.
<li>In <a href="http://man.openbsd.org/ichiic.4">ichiic(4)</a>, match on Intel 100 Series LP.
<li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, match on Intel 100 series and 100 series LP PCH.
<li>In <a href="http://man.openbsd.org/azalia.4">azalia(4)</a>, enable snooping on Intel 100 Series LP HDA.
<!-- 2016-04-23 -->
<li>Fix an issue where the 32-bit UEFI bootloader (BOOTIA32.EFI) would not detect a GPT leading to a failure to boot.
<li>On mips64, sync dcaches and invalidate icaches of all active CPUs of a pmap when making a page executable. This prevents some icache inconsistencies that caused process crashes on multiprocessor IP27/IP30 systems under load.
<li>In <a href="http://man.openbsd.org/dwiic.4">dwiic(4)</a>, match on Cherry Trail.
<!-- 2016-04-22 -->
<li>In <a href="http://man.openbsd.org/synaptics.4">synaptics(4)</a>, don't stop scrolling when handling TOUCH_RESET events.
<li>In <a href="http://man.openbsd.org/asmc.4">asmc(4)</a>, don't try to probe light sensors for machines with none available.
<!-- 2016-04-21 -->
<li>In <a href="http://man.openbsd.org/mpbios.4">mpbios(4)</a>, don't attach if "default configuration" mode is detected during probe rather than panicking.
<li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, use automatic DH parameters instead of fixed ones. Also disable DHE by default since it is computationally expensive and a potential DoS vector.
<!-- 2016-04-20 -->
<li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, apply fix for perl bug 123562 (CVE-2015-8853).
<li>In <a href="http://man.openbsd.org/changelist.5">changelist(5)</a>, don't watch <a href="http://man.openbsd.org/unbound.8">unbound(8)</a>'s DNSSEC root zone key, to reduce <a href="http://man.openbsd.org/security.8">security(8)</a> spam.
<li>In <a href="http://man.openbsd.org/re.4">re(4)</a>, if RTL8111E on PC Engines APU is detected, configure NIC LEDs to display link (instead of the default of a normally-off light for network activity and nothing for ethernet link).
<li>In <a href="http://man.openbsd.org/changelist.5">changelist(5)</a>, add the <a href="http://man.openbsd.org/iked.8">iked(8)</a> default key.
<!-- 2016-04-19 -->
<li>Add the <a href="http://man.openbsd.org/editline.7">editline(7)</a> manual.
<li>Make setting a <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> interface's lladdr more likely to work.
<li>Use the correct byte-order when checking against baddynamic ports.
<li>In <a href="http://man.openbsd.org/xen.4">xen(4)</a> and <a href="http://man.openbsd.org/xnf.4">xnf(4)</a>, allow to grant memory access to domains other than dom0. This fixes running OpenBSD under QubesOS.
<li>In <a href="http://man.openbsd.org/pod2man.1">pod2man(1)</a>, enable UTF-8 output by default and provide a --no-utf8 command line option to disable it.
<!-- 2016-04-18 -->
<li>In <a href="http://man.openbsd.org/pax.1">pax(1)</a>, skip empty lines in the input read for "tar -T", "cpio -E", and <a href="http://man.openbsd.org/cpio.1">cpio(1)</a> with stdin.
<li>On amd64, make the aesni crypto implementation MP-safe.
<li>Add a mechanism for dispatching MP-safe crypto operations.
<li>Update to tzdata2016d from from ftp.iana.org.
<li>Bump the default of cachepercent to 90 to see if we can find problems before we try to remove it entirely.
<li>In <a href="http://man.openbsd.org/pppoe.4">pppoe(4)</a>, remove a hack that prevented changing pppoe params at runtime.
<!-- 2016-04-17 -->
<li>In <a href="man.openbsd.org/nvme.4">nvme(4)</a>, fix a bug causing memory corruption seen on amd64 (and masked on sparc64).
<!-- 2016-04-16 -->
<li>In <a href="http://man.openbsd.org/rbootd.8">rbootd(8)</a>, don't <a href="http://man.openbsd.org/bcopy.3">bcopy(3)</a> non-exchangeable structs. This should unbreak connection timeouts.
<li>Remove am_maxslot from amap and remove the corresponding output from <a href="http://man.openbsd.org/procmap.1">procmap(1)</a>.
<li>In <a href="http://man.openbsd.org/inteldrm.4">inteldrm(4)</a>, make the GMBUS code work on Intel ValleyView.
<!-- 2016-04-15 -->
<li>In <a href="http://man.openbsd.org/rm.1">rm(1)</a>, don't allow removal of "/".
<li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>:
<ul>
<li>Fix a corner case in Feasible Condition check.
<li>Fix a segfault when reloading the config multiple times.
<li>Check for subnet overlap between the configured summary-addresses.
<li>Various other fixes and cleanups.
</ul>
<!-- 2016-04-14 -->
<li>In <a href="http://man.openbsd.org/vlan.4">vlan(4)</a>, rework configuration and mark it as MP-safe.
<li>Enable <a href="http://man.openbsd.org/nvme.4">nvme(4)</a> on amd64 and sparc64.
<li>In <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, implement the "Include" directive.
<li>In <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>, fix a process group race sometimes causing a spawned <a href="http://man.openbsd.org/less.1">less(1)</a> to complain "Stopped (tty output)".
<li>In <a href="http://man.openbsd.org/mg.1">mg(1)</a>, add "sentence-end-double-space".
<li>On octeon:
<ul>
<li>Enable UART FIFOs.
<li>Enable write buffering with write merging. This improves overall performance notably.
</ul>
<li>Enable device cloning for <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
<li>Re-enable <a href="http://man.openbsd.org/pckbd.4">pckbd(4)</a> on resume. This fixes problems on (at least) various HP laptops that previously had no working keyboard after resuming from <a href="http://man.openbsd.org/zzz.8">zzz(8)</a>.
<li>On amd64 and i386, use a CPUID function to determine presence of general purpose architectural performance counters. This fixes a panic seen on some hypervisors when <a href="http://man.openbsd.org/pctr.1">pctr(1)</a> is used when the hypervisor masks out the counters.
<!-- 2016-04-13 -->
<li>Various improvements to <a href="http://man.openbsd.org/nvme.4">nvme(4)</a>.
<li>In libssl, use the correct IV and counter when decrypting the ciphertext for <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305_ietf.3">EVP_aead_chacha20_poly1305_ietf(3)</a>.
<li>In <a href="http://man.openbsd.org/man.1">man(1)</a>, give manuals in purely numerical sections priority over manuals of the same name in sections with an alphabetical suffix (e.g. 3p).
<!-- 2016-04-12 -->
<li>In <a href="http://man.openbsd.org/awk.1">awk(1)</a>, fix a crash with empty assignments, (e.g. "BEGIN {i=$1}").
<li>In <a href="http://man.openbsd.org/pstat.8">pstat(8)</a>, fix a crash when the -T flag is specified.
<li>In <a href="http://man.openbsd.org/nvme.4">nvme(4)</a>, read chip capabilities before operating on it. This ensures the proper timeout for chip enables/disables are obtained.
<li>In <a href="http://man.openbsd.org/mg.1">mg(1)</a>, stop putting a space at the end of a paragraph when using fill-paragraph.
<li>Prevent a kernel panic by providing a dummy function for <a href="http://man.openbsd.org/bridge.4">bridge(4)</a>'s if_output.
<!-- 2016-04-10 -->
<li>On sparc64, (temporarily) disable <a href="http://man.openbsd.org/ahc.4">ahc(4)</a> so that GENERIC.MP kernels don't overflow the 8M reserved for .text and .rodata sections.
<li>In <a href="http://man.openbsd.org/rev.1">rev(1)</a>, enable UTF-8 support.
<!-- 2016-04-09 -->
<li>In libedit, reset the terminal to its initial state before exiting a program that is using libedit.
<!-- 2016-04-08 -->
<li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, don't exit when receiving an RTM_CHANGE message for an RTF_MPATH route that is actually on an interface.
<!-- 2016-04-07 -->
<li>In <a href="http://man.openbsd.org/pf.4">pf(4)</a>, don't panic if an <a href="http://man.openbsd.org/mbuf.9">mbuf(9)</a> already has a statekey. This should help finding the remaining corner cases of packets looped back in the stack.
<li>In <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>, place a BOOTARG_END section at the end of the boot arguments list pushed to the VM during boot. This makes it possible to install and run an OpenBSD i386 guest VM using <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>In libsndio, switch to the "new" <a href="http://man.openbsd.org/audio.4">audio(4)</a> API.
<!-- 2016-04-06 -->
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, don't record duplicate LocalForward and RemoteForward entries (bz#2562).
<!-- 2016-04-05 -->
<li>In <a href="http://man.openbsd.org/bgplg.8">bgplg(8)</a>, use SERVER_NAME for the hostname displayed on the page.
<li>Increase size of the clone bitmap. This is required for upcoming work on cloning <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
<li>In <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>, support processors without unrestricted guest capability.
<!-- 2016-04-04 -->
<li>Fix EXA detection in <a href="http://man.openbsd.org/r128.4">r128(4)</a>, <a href="http://man.openbsd.org/cirrus.4">cirrus(4)</a>, mach64(4) and <a href="http://man.openbsd.org/mga.4">mga(4)</a>.
<li>Enable creation of <a href="http://man.openbsd.org/softraid.4">softraid(4)</a> volumes using disks with non-512 byte sectors. This increments the metadata version.
<li>Fix a memory leak in <a href="http://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>In <a href="http://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, fix an abort due to a missing <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> promise.
<li>Add -f to <a href="http://man.openbsd.org/ndp.8">ndp(8)</a>.
<!-- 2016-04-03 -->
<li>In <a href="http://man.openbsd.org/grep.1">grep(1)</a>, don't do reverse search optimization if looking for all matches in a line.
<li>On armv7, map and use the bootconfig/FDT area passed by u-boot and try to init FDT on it. This allows for the use of device tree information.
<!-- 2016-04-02 -->
<li>In <a href="http://man.openbsd.org/Xserver.1">Xserver(1)</a>, implement VT switching (based on the USL compat interface) in the wscons console backend and use it by default.
<li>Update to xf86-video-ati 7.6.1.
<!-- 2016-04-01 -->
<li>In <a href="http://man.openbsd.org/ihidev.4">ihidev(4)</a> and <a href="http://man.openbsd.org/dwiic.4">dwiic(4)</a>, add support for I2C HID devices with GPIO signalled interrupts.
<li>In <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>, rename the "faulty" list action to "failed".
<!-- 2016-03-31 -->
<li>In <a href="http://man.openbsd.org/tftpd.8">tftpd(8)</a>, go in the background much later to reduce possible silent failures.
<li>If one of the TCP SYN cache buckets overflow, it might be a collision attack against the hash function. Mitigate this attack by reseeding the hash function as soon as possible.
<li>In <a href="http://man.openbsd.org/uslcom.4">uslcom(4)</a>, add support for the USB console port on Aruba 7xxx wireless controllers.
<!-- 2016-03-30 -->
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file (bz#2559).
<li>In <a href="http://man.openbsd.org/wsmouse.4">wsmouse(4)</a>, add support for multitouch input.
<li>In <a href="http://man.openbsd.org/rdistd.1">rdistd(1)</a>, properly create directories that do not exist on the destination.
<li>Improve support for alphas without all IEEE-mode instructions.
<li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, fix optimization for alphas without the "precise arithmetic trap" extension.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, bump the <a href="http://man.openbsd.org/listen.2">listen(2)</a> backlog up from 16 to 128.
<li>Implement proxy ARP for ART based on mpath support.
<li>In <a href="http://man.openbsd.org/acpi.4">acpi(4)</a>, hook up the gpio interrupt on devices that use it for card detection. This makes the SD card slot on machines based on Intel's Bay Trail SoC fully functional.
<li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, add support for gpio-based interrupts.
<li>Add <a href="http://man.openbsd.org/getlogin_r.2">getlogin_r(2)</a> system call that checks and returns errors like the userspace getlogin_r() API.
<li>Remove MLINKS from base. They are no longer required by <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<!-- 2016-03-29 -->
<li>Enable <a href="http://man.openbsd.org/oce.4">oce(4)</a> on sparc64.
<li>In binutils, fix fallout from the switch to binutils 2.17: the binaries created by 2.17 aren't recognized by the in-tree <a href="http://man.openbsd.org/gdb.1">gdb(1)</a> because it's built with the bfd code from 2.15.
<li>Add the net.inet.tcp.synuselimit <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> to adjust tcp_syn_use_limit. This is convenient to test the feature and may be useful to defend against syn flooding in a denial of service condition.
<li>In <a href="http://man.openbsd.org/authpf.8">authpf(8)</a>, avoid a dereference of a null object.
<!-- 2016-03-28 -->
<li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, properly check for the end of captured packet while printing CDP packets.
<li>Ensure that a thread that calls <a href="http://man.openbsd.org/sched_yield.2">sched_yield(2)</a> ends up on the run queue behind all its sibling threads. This results in significant improvements for processes that suffer from lock, most notably firefox.
<li>Add <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, a driver for the gpio controllers found on Intel's Bay Trail SoC.
<!-- 2016-03-27 -->
<li>In <a href="http://man.openbsd.org/netstart.8">netstart(8)</a>, don't delete the 224/4 route unless it's being done to ensure that a -reject route can be added. This restores the ability to set an interface route before daemons are started.
<li>Avoid an attack that could prevent reseeding of the hash function used for the hash buckets in the TCP SYN cache.
<li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a>, make it possible to override the standard card detect mechanism to appease the SD controller on Intel's Bay Trail SoC.
<li>Avoid a NULL pointer dereference when pulling and unmounting a <a href="http://man.openbsd.org/umass.4">umass(4)</a> USB stick.
<!-- 2016-03-26 -->
<li>In libssl, fix a memory leak.
<li>Switch from the SolidRun i.MX6 U-Boot to mainline U-Boot on the CuBox-i.
<li>Always include the route priority in routing messages.
<li>Do not populate RTAX_NETMASK when sending a routing message for RTF_HOST entries. This preserves old behavior with ART and fixes a regression.
<li>In <a href="http://man.openbsd.org/rc.d.8">rc.d(8)</a>, make it possible to get usage as a non-root user.
<li>In <a href="http://man.openbsd.org/less.1">less(1)</a> and <a href="http://man.openbsd.org/ul.1">ul(1)</a>, improve handling of ambiguous overstrike sequences.
<!-- 2016-03-24 -->
<li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a> on arm, change the default arch target from strongarm (armv4) to arm9e (armv5te without xscale extensions).
<li>Enable ART (Allotment Routing Table).
<li>Ensure that a found proxy ARP entry has the correct flag.
<!-- 2016-03-23 -->
<li>In kernel clock, set ticks 15 seconds before its value wraps. This helps to identify issues around ticks wrap in 15 minutes instead of 240ish days.
<li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, display NAMI records and AF_UNIX <a href="http://man.openbsd.org/socket.2">socket(2)</a> paths with <a href="http://man.openbsd.org/vis.3">vis(3)</a>.
<li>Update to tzdata2016c from ftp.iana.org.
<!-- 2016-03-22 -->
<li>In <a href="http://man.openbsd.org/pipex.4">pipex(4)</a>, don't leak an mbuf when copying a packet fails.
<li>Remove ARM10 and ARM11 support.
<li>Fix various issues with bad gateways being picked up by <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Remove ARM9E support.
<!-- 2016-03-21 -->
<li>In <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>, log the reply message from RADIUS server when the authentication fails.
<li>Add <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> to <a href="http://man.openbsd.org/tokeninit.8">tokeninit(8)</a>.
<li>Rename <a href="http://man.openbsd.org/OpenBSD-5.9/sendsyslog2.2">sendsyslog2(2)</a> to <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
<li>In <a href="http://man.openbsd.org/ral.4">ral(4)</a>, improvements for the RT2860 chip:
<ul>
<li>Fix watchdog timeouts and dropped frames under load.
<li>Fix a bug where oactive is not set and mbufs are dropped.
</ul>
<li>Add a counter in the TCP SYN cache and in <a href="http://man.openbsd.org/netstat.1">netstat(1)</a> -s to show how often the hash function is reseeded and the random bucket distribution changes.
<li>On octeon, use the list of the usable memory regions provided by U-Boot instead of the hardcoded regions in memory setup.
<li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, make the "command" builtin POSIX-compliant and consistent with other current shells.
<!-- 2016-03-20 -->
<li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, let the stack smash handler log to console directly if it is not possible to deliver to <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>.
<li>In <a href="http://man.openbsd.org/vnet.4">vnet(4)</a>, plug a memory leak in <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> code path.
<li>Many improvements of libedit, in particular with regard to UTF-8 support.
<li>In <a href="http://man.openbsd.org/axen.4">axen(4)</a>, initialize the hardware on reset. This allows it to attach reliably and pass traffic, and prevents a panic when unplugging it.
<li>Import libdrm 2.4.67.
<!-- 2016-03-19 -->
<li>Attach <a href="http://man.openbsd.org/dwctwo.4">dwctwo(4)</a> only on Octeon models that have a DWC2 controller.
<li>Remove support for StrongARM (SA1), IXP12x0, IXP425 and XScale 80200.
<!-- 2016-03-18 -->
<li>In <a href="http://man.openbsd.org/vi.1">vi(1)</a>, avoid a backwards <a href="http://man.openbsd.org/memcpy.3">memcpy(3)</a> when issuing ":e +something".
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, make scrolling behaviour more sensible and maintain cursor position, as if the same had been done line-by-line.
<li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, use a new _pkgfetch user for separation instead of the _pfetch user.
<li>Remove ARM8 and ARM9T support.
<!-- 2016-03-17 -->
<li>Add octuctl(4), a driver for the Octeon II USB Controller Interface, and attachments for <a href="http://man.openbsd.org/ehci.4">ehci(4)</a> and <a href="http://man.openbsd.org/ohci.4">ohci(4)</a>.
<li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, add support for the TXIC TX382B (currently TX/RX FIFO is not working).
<!-- 2016-03-16 -->
<li>In <a href="http://man.openbsd.org/column.1">column(1)</a>, <a href="http://man.openbsd.org/lpq.1">lpq(1)</a>, <a href="http://man.openbsd.org/ls.1">ls(1)</a>, <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, <a href="http://man.openbsd.org/ps.1">ps(1)</a>, <a href="http://man.openbsd.org/rusers.1">rusers(1)</a>, <a href="http://man.openbsd.org/sed.1">sed(1)</a> and <a href="http://man.openbsd.org/growfs.8">growfs(8)</a>, use the COLUMNS environment variable first, and either terminal width or a hardcoded value (typically 80) as appropriate.
<li>In libssl, use <a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> for ASN1 objects on free. Too often these contain sensitive information.
<li>In <a href="http://man.openbsd.org/vi.1">vi(1)</a>, add error checking for the COLUMNS and LINES environment variables to avoid a crash.
<li>In <a href="http://man.openbsd.org/sd.4">sd(4)</a>, prevent a use-after-free of the scsi link structure during detach.
<li>Expose new and much simpler <a href="http://man.openbsd.org/audio.4">audio(4)</a> ioctls.
<!-- 2016-03-15 -->
<li>In <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>, transition to "Req-Sent" had been missing when RTA in "Opened". This caused a timer event leak.
<li>Update to tzdata2016b from ftp.iana.org.
<li>Allocate amap slots for a virtual memory range reserved with <a href="http://man.openbsd.org/sbrk.2">sbrk(2)</a> lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory.
<li>For amaps with only a few slots, allocate the slots via <a href="http://man.openbsd.org/pool.9">pool(9)</a>. This saves some memory and reduces kmem pressure.
<li><font color="#e00000">5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d programs.</font><br>A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>.
<li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.</font><br>A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>.
<li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, add support for the Exar XR17V354 device.
<!-- 2016-03-14 -->
<li>Remove the legacy <a href="http://man.openbsd.org/OpenBSD-5.9/uiomovei.9">uiomovei(3)</a> function. It has been replaced by <a href="http://man.openbsd.org/uiomove.9">uiomove(9)</a>.
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, unbreak authentication using lone certificate keys in ssh-agent (bz#2550).
<li>In <a href="http://man.openbsd.org/acpicpu.4">acpicpu(4)</a>, correct the value of SRT_ENDTAG: it was documented incorrectly in early ACPI specs.
<!-- 2016-03-13 -->
<li>In libfontconfig, enable atomics operations on mips64 and mips64el.
<li>In <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>, introduce memory ranges to support VMs with 4G or more of RAM.
<li>In <a href="http://man.openbsd.org/ichiic.4">ichiic(4)</a>, ignore the SMBALERT# interrupt. This fixes booting the GENERIC kernel on ADI RCC-VE with buggy BIOS versions, rendering the internal eMMC flash unusable.
<li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, recognize ipmi, vscsi, pvbus, udl, fuse, trunk, pipex and memrange <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> requests.
<!-- 2016-03-11 -->
<li>In <a href="http://man.openbsd.org/sd.4">sd(4)</a>, avoid a kernel panic when unplugging an USB umass stick because of a use after free.
<li>Avoid corrupt mount points without a valid device when unmounting.
<!-- 2016-03-10 -->
<li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="http://man.openbsd.org/xauth.1">xauth(1)</a>.</font><br>A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>.
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, sanitise characters destined for <a href="http://man.openbsd.org/xauth.1">xauth(1)</a>.
<li>In <a href="http://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, don't retransmit responses for unauthenticated messages.
<!-- 2016-03-09 -->
<li>Remove support for vax.
<li>In <a href="http://man.openbsd.org/fdisk.8">fdisk(8)</a> and <a href="http://man.openbsd.org/pdisk.8">pdisk(8)</a>, accept only a character special device as disk.
<!-- 2016-03-08 -->
<li>Rework how <a href="http://man.openbsd.org/mpw.4">mpw(4)</a> interacts with <a href="http://man.openbsd.org/vlan.4">vlan(4)</a>. This will allow vlan(4) to become MP-safe.
<li>In <a href="http://man.openbsd.org/xterm.1">xterm(1)</a>, use UTF-8 mode by default.
<li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, set the content charset for auto index generated pages.
<!-- 2016-03-07 -->
<li>Make "cp -i" behave as "mv -i" or "rm -i", independently of whether stdin is a tty or not.
<li>Do not remove RTF_STATIC L2 entries from the routing table. Static entries might not have a cloning route to re-create them and hence be gone when their timer expires.
<!-- 2016-03-06 -->
<li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, improve display of unknown and KTR_START records.
<li>Avoid refetching blocks already in the buffer cache. This significantly improves read operations on MSDOSFS.
<li>Update to xrandr 1.5.0.
<li>Update to libXrandr 1.5.0.
<li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, make "set +o" conform with POSIX.
<li>Tweak uvm assertions to avoid locking in some cases.
<!-- 2016-03-05 -->
<li>In <a href="http://man.openbsd.org/file.1">file(1)</a>, sync "archive" magic from file 5.25.
<li>In <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a> constraints, avoid using %Z specification of <a href="http://man.openbsd.org/strptime.3">strptime(3)</a> which disagress with RFC7231 and can give surprising results on other operating systems.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, improve UTF-8 locale checking.
<li>Update to unbound 1.5.8.
<li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, fix POSIX-compliant behavior of "set -u" regarding "$*" and "$@" specials.
<li>Almost completely rewrite <a href="http://man.openbsd.org/mknod.8">mknod(8)</a> in order to allow a speedup of <a href="http://man.openbsd.org/MAKEDEV.8">MAKEDEV(8)</a>.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, avoid accessing a NULL pointer.
<!-- 2016-03-04 -->
<li>In <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>, set root device to sd0a, instead of wd0a.
<li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>:
<ul>
<li>Don't parse (...|...) patterns in variable substitution inside double quotes. This fixes a POSIX compatibility issue.
<li>Remove the mknod builtin.
</ul>
<!-- 2016-03-03 -->
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix ClientAliveInterval when a time-based RekeyLimit is set (bz#2252).
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>:
<ul>
<li>Avoid mixing up RGB colours with aixterm colours.
<li>Make the show-* and set-* commands handle a missing target.
</ul>
<li>On amd64 and i386, unwind the trapframe correctly when a breakpoint is set on "syscall". This prevents a fault in <a href="http://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
<li>Remove the machdep.userldt <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
<li>In <a href="http://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, restore an assignment of device current mode. This fixes <a href="http://man.openbsd.org/iwi.4">iwi(4)</a> fatal firmware errors.
<!-- 2016-03-02 -->
<li>Bump link_maxhdr (the space reserved before an ip packet payload for link headers) from 16 to 64.
<li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a>, improve accuracy of reported transfer speeds.
<li>In <a href="http://man.openbsd.org/sftp.1">sftp(1)</a> and <a href="http://man.openbsd.org/scp.1">scp(1)</a>, improve precision of the progress meter.
<li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, improve <a href="http://man.openbsd.org/wcwidth.1">wcwidth(1)</a> and <a href="http://man.openbsd.org/mctowc.1">mbtowc(1)</a> error handling.
<li>Remove Linux emulation support.
<li>In libssl, add bounds checking for read_ledword().
<!-- 2016-03-01 -->
<li>In libssl, add bounds checking for <a href="http://man.openbsd.org/BN_hex2bn.3">BN_hex2bn(3)</a> and <a href="http://man.openbsd.org/BN_dec2bn.3">BN_dec2bn(3)</a>.
<li>In <a href="http://man.openbsd.org/acpi.4">acpi(4)</a>, add more Windows versions for _OSI checks.
<li>In <a href="http://man.openbsd.org/cpsw.4">cpsw(4)</a>, detect and only enable the port that is actually used. This avoids device timeouts. Also enable interrupt pacing to limit interrupts at 2K/s.
<li>Set the IFF_MULTICAST flag on <a href="http://man.openbsd.org/tun.4">tun(4)</a> interfaces so IPv6 addresses can be assigned.
<li>In <a href="http://man.openbsd.org/diff.1">diff(1)</a>, rectify line numbers for "s/.//" commands in ed-style diffs.
<li>In libedit, fix a segfault and functional error in c_gets().
<li>In libssl, remove support for ancient, broken DSA implementations.
<!-- 2016-02-28 -->
<li>Fix a bug when IPsec UDP encapsulation is used for IPv6.
<!-- 2016-02-27 -->
<li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, fix an Internal Compiler Error on alpha when using __sync builtins.
<!-- 2016-02-26 -->
<li>In <a href="http://man.openbsd.org/fnmatch.3">fnmatch(3)</a>, fix negation of POSIX character classes.
<li>Prevent a memory leak in <a href="http://man.openbsd.org/vnet.4">vnet(4/sparc64)</a>.
<li>Valdate fs_maxsymlinklen in the superblock of ffs and ext2fs filesystems to avoid use of bogus data.
<!-- 2016-02-25 -->
<li>On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037.
</ul>
<p>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www