***************
*** 25,31 ****
in the pages for the specific platforms.
! Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
--- 38,44 ----
in the pages for the specific platforms.
! Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
***************
*** 80,868 ****
!
Changes made between OpenBSD 4.7 and 4.8
!
RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
! Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: The vr(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering. A source code patch is available.
! [Applied to stable]
!
Make pciide(4) save/restore more registers at suspend/resume for those chips which look like they need it or don't, when it appears they don't need it.
!
Fixed readlink(2) on FFS and ext2 file systems to consistently return EFAULT when appropriate.
Improved USB keyboard support to permit rogue keyboard to attach and be usable to a certain extent.
Added infrastructure to build GCC 4.2.1 on sparc platform.
!
Merged mandoc(1) version 1.10.5 with feature -Tpdf now fully working and bug fixes: proper handling of quoted strings by .ds in roff, allow empty .Dd, make .Sm start no-spacing after the first output word, underline .Ad, minor fixes in -Thtml.
Fixed X server mysteriously exiting on macppc platform.
!
Added support for M-audio Audiophile 192k in envy(4).
Make sure to stop DMA before suspend in re(4), bge(4).
Update xserver to version 1.8, xf86-input-keyboard to 1.4.0 and xf86-input-mouse to 1.5.0.
!
Added support for multibyte characters in libc, installed the en_US.UTF-8 ctype locale support file, and allow the UTF-8 ctype locale to be enabled via setlocale(3) (export LC_CTYPE='en_US.UTF-8').
!
Make acpi(4) set the sleeping indicator light on machines that support it.
!
Improved rthreads by correcting the links between threads, processes, pgrps and sessions.
!
Synchronized mandoc(1) with upstream, adding bug fixes: do not let mdoc(7) .Pp produce a newline before/after .Sh, avoid double blank lines related to man(7) .sp and .br, let man(7) .nf and .fi flush the line, let "\ " produce a non-breaking space, discard \m colour escape sequences, map undefined 1-character-escapes to the literal character itself; and new features: support the .in macro in man(7), support minimal PDF output, support .Sm in mdoc(7) HTML output, support .Vb and .nf in man(7) HTML output, complete the mdoc(7) manual.
Extended lint(1) to make it handle C99's _Bool and _Complex plus some GCC extensions (__real__ and __imag__ operators, the use of '~' for complex conjugation, and 'i' or 'j' as a suffix for complex constants).
!
Make elroy(4/HPPA) converts PCI addresses to proper 64-bit physical addresses on hppa64.
In Xenocara, updated xmore to version 1.0.2, xf86-video-ark to 0.7.3, xf86-video-chips to 1.2.3, xf86-video-rendition to 4.2.4, xf86-video-sisusb to 0.9.4, xf86-video-trident to 1.3.4, xf86-video-tseng to 1.2.4, xf86-video-voodoo to 1.2.4, DejaVu TrueType fonts to 2.31, fonts/encodings to 1.0.3, font/alias to 1.0.2.
Added check for vblank_mode in DRI2 GLX code.
Added config query extension to Xenocara DRI2.
Work around the recent Xenocara slowing down caused by mesa changes.
!
Make pmap(9) pmap_extract() work for large pages on hppa64.
!
Added a quirk in uaudio(4) to allow attaching devices which are audio class compliant enough even if the device claim to have a vendor defined interface class.
!
Avoided going back to sleep/reboot/shutdown immediately after resume by clearing acpi(4) event status on resume.
Make xf86-video-wildcatfb driver compatible with Xorg 1.8.
Repaired Gdium support on loongson.
!
Gave each arc(4) devices on the bus full openings.
!
Added support for Winbond/Nuvoton W83627DHG-P in wbsio(4).
In Xenocara, updated xf86-video-dummy to version 0.3.4, xf86-video-neomagic to 1.2.5, xf86-video-sis to 0.10.3, libXcomposite to 0.4.2, libXdamage to 1.1.3, libXfixes to 4.0.5, libXrender to 0.9.6, libXext to 1.1.2.
Prevent MetaGeek Wi-Spy 2.4i from attaching to uhid(4).
!
Make pkg_add(1) store openssl error output during verification, and log it if it didn't work.
!
Added 'bps' and 'msb' members to audio(4) structs audio_encoding and audio_prinfo. They respectively describe the number of bytes per sample and data alignment in the sample.
!
Fixed panic due to virtual memory map lock in uvm(9).
!
Fixed double active connections printing in netstat(1).
!
Make sure rc(8) delete all files in /tmp at boot.
!
Implemented a timing_safe_cmp() in ssh(1) to compare memory without leaking timing information by short-circuiting like memcmp() and used it for some of the more sensitive comparisons.
!
Fixed a broken mask for Core 1 and 2 temperature and bias properly for degC in itherm(4).
!
Merged mandoc(1) to release 1.10.4: proper .Bk support, mostly finished -Tps output, implemented -Thtml output for .Nm blocks and .Bk -words, allowed iterative interpolation of user-defined roff strings. Plus bug fixes and performance improvements.
!
Expand %h to the hostname in ssh_config(5) Hostname options.
!
Make ExitOnForwardFailure work with fork-after-authentication for -f option of ssh(1).
Updated libevent to version 1.4.14b: fixed memory-leak of signal handler array with kqueue, make evutil_make_socket_nonblocking() leave any other flags alone, adjusted fcntl() retval comparison on evutil_make_socket_nonblocking(), re-added event_siglcb, fixed a free(NULL) in min_heap.h, clean up properly when adding a signal handler fails.
Fixed bugs in OpenBSD::State(3p).
!
Make tmux(1) print an error when an old client is not compatible with a new server.
!
Reduced delays a bit in the miibus read/write routines for re(4).
Added bootstrap loader to the beagle platform.
Added support for sun4e on the sparc platform.
Updated libpciaccess to version 0.11 in Xenocara.
!
Prevent clients from hanging on ldapd(8) by retrying requests when the B-Tree is busy.
!
Fixed aucat(1) parameter handling: don't try to open a ``default'' midi port if no files are given on the command line.
!
Fixed a kernel panic in scsi(4) by limiting SCIOCCOMMAND and ATAIOCCOMMAND requests.
!
Rewrote the polling codepath in mpii(4), make it better multiprocessor-safe.
!
Make OpenCVS and rcs(1) conforms to GNU cvs(1) allowed characters in symbol/tag names.
!
Made cvs_unedit_local() OpenCVS conform to other functions with the `-t' and `-n' flags used simultaneously.
!
Prevent fsck_ffs(8) from crashing by using correct types for block numbers, those can grow big on very large filesystems.
!
Many improvement on the bge(4) interface: setup proper mbuf pool watermarks for BCM5717 / BCM57765 chipsets, disabled initiation of multiple DMA reads for BCM5717 chipset, added a performance tweak for BCM5785 chipset, corrected the return ring count used for BCM5717 / BCM57765 chipsets, fixed fibre media detection for BCM5717 chipsets.
Updated sudo to version 1.7.2p8.
Added mapping for ACPI device to PCI bus/device/function.
Switched hppa, i386 and powerpc to gcc4.
!
Make traceroute(8) parse extended ICMP messages defined by RFC 4884.
Added definitions in the TCP/IP stack for ICMP extended headers available for some ICMP messages like time exceeded messages.
Use config_activate_children to get down to the ISA bus activation code.
Prevent devices without read or write functionality from returning ENODEV to the poll.
Improved pipex.
Improved aesni.
!
Moved crypto(4) pool initialization to init_crypto and removed the crypto_pool_initialized variable. This prevents crypto_getreq() from checking if the pool is initialized each time its called.
!
Make ifstated(8) print run commands in debug mode only (ifstated -d).
Fixed deadlocks on sparc64.
!
Added mpi_wait over to mpii(4) as a multiprocessor-safe mechanism: sleep while waiting for a command to complete.
!
Created distinct entry points functions for sun4/4c and sum4m as the bits in their interrupt enable register are completely different (intreg_clr_44c() and intreg_clr_4m() instead of ienabic(), intreg_set_44c and intreg_set_4m instead of ieanb_bis()).
!
In acpi(4), use spl(9) spltty() to lock downcalls from apm(4) against the information being modified by the acpi(4) thread.
!
Make ``apmd & zzz'' work correctly.
!
Prevent ldapctl(8) from segfaulting if ``ldapctl stats'' is run when a database is being reopened due to compaction.
!
Make aucat(1) try to detect busy loops caused by misbehaving audio drivers or hardware. If a busy loop is found, then close the device that caused the loop.
!
Moved the last direct uses of mpi_{get,put}_ccb over to using the scsi_iohandler wrappers in mpi(4).
!
Make aucat(1) handle all streams (audio files and client connections) the same way. Cleaned command line options: stream parameters (-Ccehjmrtvx) must precede stream definitions (-ios) and per-device parameters (-abz) and stream definitions (-ios) must precede device definitions (-f). Since there's no ``server'' and ``non-server'' modes anymore, the -l option just detach the process.
!
Make ospf6d(8) advertise a intra-area-prefix-lsa with all prefixes for the network if there are any adjacent neighbors on link.
!
Improved iked(8) non-debug logging messages when a session is established/closed.
!
Implemented rudimentary support for user defined strings in mandoc(1).
Make the i386 kernel responsible for saving the FPU state before running signal handlers.
!
Removed getrdomain(2) and replaced it by getrtable(2). It fixes the naming of interfaces and variables for rdomain and rtables and make possible to bind sockets (including listening sockets) to rtables and not just rdomains. You'll need to remove /usr/share/man/cat2/[gs]etrdomain.0 after this.
!
In pfctl(8), fixed recursive printing of wildcard anchors, fixed printing of multi-part anchor paths, added a warning to prevent users from specifying multi-component names for inline anchors.
!
Make sd(4) stop on suspend and start again upon resume.
!
Added itherm(4), a driver for Intel 3400 Thermal Sensor.
Implemented translation of the SCSI START STOP UNIT command.
!
Added proper locking around vinvalbuf(9) in NTFS.
!
Fixed the return value of pmap_steal_memory() on hppa64.
Saved some space on RAMDISKs kernels.
!
Added new workaround for PCH devices in em(4) and make an Intel GbE 82578 PHY actually work.
!
Allowed systat(1) to print date and time when in raw mode.
!
Passed and saved state in pkg_add(1) repository related libraries, used to print all error messages.
!
Make sdmmc(4) be detached and re-attached on resume.
!
Allowed softraid(4) to implement seamless transitions from the previous metadata version to current version without needing to recreate the softraid volume by determining the data offset using a variable specified within the softraid metadata.
!
Added support in iked(8) for the tap extension that will tell the kernel to send all IPsec traffic for derived SAs to the specified enc(4) interface instead of enc0.
!
Added support in ipsecctl(8) for dumping the pfkey ADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel.
!
Allowed to specify an alternative enc(4) interface for an SA.
Removed GENERIC kernel compatibility with OpenBSD 4.3.
Fixed subordinate bus number for multi-root PCI buses.
!
Handled special vga(4) cards for resume on i386 and amd64.
!
Cleaned up now irrelevant TODOs and READMEs in the tree.
!
Improved performance on some disks (those that have 4K sectors but report 512B), by making `fdisk -i' start the partition on a power of 2 block boundary.
!
Improved ldpd(8) for future multipath routes support.
Silenced the activation debug reporting in the kernel to prevent possible interactions when printing vga states.
!
Fixed an ldapd(8) crash by making it stop pruning page cache directly when adding to it.
!
Prevent disklabel(8) editor from crashing when pressing ^D.
!
Added support for Ironlake (clarkdale and arrandale, i.e. core i3 and core i5 internal graphics) to intel agp(4) and intel drm(4). Mostly works, but the suspend/resume handler doesn't put the registers back 100%.
Make ExpressCard hotplug work after suspend/resume cycle by saving PCIe slot control and status register.
!
Reworked ldpd(8) network distribution so all path of an active route are sent to the lde so it can assign remote labels to all of the paths.
!
Fixed uhci(4) on numerous machines by preserving and restoring BARs on suspend/resume for all pci(4) devices.
!
Make ldapd(8) validate that all attributes are allowed by any of its object classes.
!
Synchronized ldpd(8) kroute.c with ospfd(8) one for future multipath routes support.
Updated libedit to bring it into sync with the latest version from NetBSD.
!
Allowed key options (command="..." and friends) in sshd(8) AuthorizedPrincipals.
!
Allowed ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 encoded keys
!
Added aesni, an amd64 driver for the crypto framework, similar to the VIA driver for supporting the AES-NI instructions found on recent Intel cores. Special thanks to Huang Ying at Intel for getting the assembly code relicensed from GPL to a more suitable license.
Many improvements in sparc boot.
!
Replaced enc(4) with a new implementation as a clonable device.
!
Used the libutil implementation of UUCP locking in tip(1).
!
Factored iked(8) Diffie-Hellman implementation for isakmpd(8) with lots of benefits: smaller code, libcrypto instead of custom crypto code, theoretically adds support for many new MODP and EC2N/ECP modes.
!
Make call to sysctl(3) fail if a process asked KERN_PROC2 or KERN_FILE2 (or their libkvm wrappers) for more informations than the running implementation knows how to provide.
!
Synchronized mandoc(1) to release 1.10.3: support -Tps -Opaper=a4 and -Opaper=letter.
!
Automatically set /etc/pkg.conf `installfrom' entry to the public mirror used while installing or upgrading.
!
Added a framework for glyph width encoding in mandoc(1).
!
Changed st(4) to use the FIFO buf sorting discipline rather than the default disk-sorting one.
!
Fixed aucat(1) crash by explicitly initialize members of struct dev in dev_open().
!
Prevent aucat(1) from checking if the midi control interface is idle when the device isn't open yet.
!
When given NULL or "" as argument, make unsetenv(3) set errno to EINVAL, conforming to POSIX.
Improved the FPU register saving on the hppa platform.
Factor out code used to save and flush process FPU context in hppa.
!
Forced the dns buffers to be aligned using a union in smtpd(8) and ypserv(8) as a workaround for "misaligned strings on the stack" bug in gcc4 and as a better and more common idiom.
!
Added custom layout in tmux(1), the list-windows command displays the layout as a string that can be applied to another window using select-layout.
!
Allowed selecting both address family and protocol in netstat(1).
!
Rewritten ldapd(8) schema parser. The new parser now support symbolic OID names. You need to update your /etc/ldapd.conf: schemata are now included with the 'schema' keyword.
Added VIA xcrypt for amd64 in libssl.
!
Cleaned interface stats handling in pfctl(8): '-Fi' reset ALL the interface statistics and make '-Fa -i ifname' fail.
!
Added the rtable id as an argument to rn_walktree() in the network stack. This permits functions like rt_if_remove_rtdelete() to be able to correctly remove nodes.
!
Used an SLIST instead of a TAILQ for the ccb free list in arc(4).
Massive removal of unused struct scsi_device.
!
Updated the perl(1) Safe module to version 2.2.7 for CVE-2010-1168 and CVE-2010-1447.
!
Modified IPv6 stack to conform to the last ospf6d(8) changes. Now neighbour discovery is solely based on the cloning route and not on the address neigbourship anymore.
!
Make ospf6d(8) create a cloning route if there is no next hop but an interface index.
!
Used the interface index for writing routes into the kernel in ospf6d(8).
!
Allow tty drivers to request larger buffers at attach time using a max-baud-rate hint. These larger buffers are required by the very high speed KDDI devices in Japan (com(4), or ucom(4)).
!
In cwm(1), fixed window name and class to match cwmrc(5).
!
Added definitions in acpi(4) for Intel/AMD IOMMU ACPI tables.
!
Implemented iopools in osiop(4) to get rid of another use of XS_NO_CCB.
!
Used in com(4) a more moderate FIFO trigger level (4) for moderately quick (sub-38400) port speeds.
!
Synchronized bind(8) root.hint with latest version from rs.internic.net.
!
Fixed kernel manuals thanks to full .nr nS support in mandoc(1).
!
Stopped probing "volume knobs" in azalia(4) on resume. This fixes a resume break.
!
Disabled uguru(4) on i386 and amd64 GENERIC kernels.
!
Fixed a crash in ftp(1) when the directory entry isn't complete.
!
In bgpd(8), instead of specifying the control sockets on the command line have them in bgpd.conf. Removed the -s and -r arguments from bgpd.
Marked the PXE boot device as "netboot" in the i386 and amd64 platform, even if we do not contain NFS client support.
!
Fixed .Bk in mandoc(1): do not print invalid arguments verbatim, do not trigger TERMP_PREKEEP twice, do not die from invalid arguments, continue to ignore even valid arguments.
!
In route(8), Make 'route exec' emit error messages like xargs when execve() fails does.
!
In iked(8), allowed to have multiple certs for the same CA but different srcids in the certs/ directory. This enforced that the subjectAltName has to be set correctly.
!
In ospfd(8), fixed rtmsg_process to return on an error during processing rather than continue. Fixed kr_dispatch_msg so it acts when rtmsg_process fails.
Fixed a NULL dereferencement on zombies processes.
!
Merged mandoc(1) release 1.10.2, bug fixes (interaction of ASCII_HYPH with special chars, handling of roff conditionals, Bd -offset will no more default to 6n), improvements (more caching of .Bd and .Bl arguments for efficiency, deconstify man(7) validation routines, add FreeBSD library names) and start PostScript font-switching.
Added GENERIC.MP kernel to hppa.
!
Improved dired in mg(1): position cursor at first filename after, don't reposition cursor on reopening, check for permission before attempting to open directory.
Prevent the amd64 and i386 platform from hanging on resume in the inter-processor interrupt handlers.
Make ssh(1) log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts.
Worked OpenBSD::State(3p) in the packages system.
!
Make skip the initial check for access with an empty password when PermitEmptyPasswords=no in sshd(8).
!
Fixed printing of extensions in v01 certificates in ssh-keygen(1).
Updated Mesa to version 7.8.2 in Xenocara.
Do not propagate cache invalidate operations between processors on 88110 systems, improves GENERIC.MP kernel speed by 8% on the MVME197DP (mvme88k platform).
Prevent the framebuffer from taking over serial console on early 2.x sun4c PROM if no keyboard is connected.
!
In mpii(4), protected the Command Control Blocks free list with its own mutex.
Doubled the dmesg buffer size on the amd64 platform.
Included the user name on "subsystem request for ..." log messages in OpenSSH.
Added auth debug messages for bad ownership or permissions on the user's keyfiles in OpenSSH.
!
Standardized error messages when attempting to open private key files with ssh-keygen(1).
!
Compaction can now be done by a separate process in ldapd(8).
!
Prevent fsck_ffs(8) from failing when used with disklabel UIDs.
!
Fixed a panic with softraid(4) when sd(4) tries to enable write cache on all disks.
!
Make a whole bunch of newer umsm(4) Huawei devices to work.
!
Count of deinstalling package fixed in pkg_delete(1).
!
Write cache enabled on sd(4) disks during attach.
!
In mpi(4), allowed the cache enabling on virtual disks to run as part of the disks attach routine.
!
Initial support for initiator mode with certificate, which allows to run iked(8) as a "client" or to configure iked(8) to iked(8) (OpenBSD to OpenBSD) IKEv2 VPNs.
!
Added commands in iked(8) to create/delete/install/import keys without involving certificates.
In ldapd(8), fixed a btree reference counting when opening the database with a file descriptor directly using btree_open_fd().
!
Make ospf6d(8) stop preventing dynamic route redistribution because of a "dispatch_rtmsg no nexthop" error was emitted in wrong cases; fixed a use after free(3), fixed a segfault.
!
Make ospf6ctl(8) print additional new line after 'Number of Links' in show database router.
!
Make ospfctl(8) print 'Number of Routers' in show database network.
!
Add support for Intel AES-NI and the CLMUL_ instructions, plus a few others that are needed to implement accelerated AES (and AES-GCM mode) on newer Intel cores.
!
In ldapd(8), track changes in btree_txn_* API, pass a NULL btree when also passing a transaction.
!
In ldapd(8), when a btree NULL pointer is passed to a function that accept both btree and a transaction, the btree is taken from the transaction.
!
Fixes in sort(1): clarify sort's various modes of operation; -m is overridden by -C and -c; ordering options should not appear after -k.
!
In ldapd(8), append a "tombstone" meta page after a database has been compacted. This allows other processes to pick up the change and re-open the file.
!
Added minimal initial -Tps support in mandoc(1).
!
Declare safepri at the MD level on each platform, so that the kern_synch.c does not have to deal with it as a common.
!
In ikectl(8), added a command to revoke a certificate and generate a CRL; make the ca install command install the CRL as well.
!
Added a -S flag to iked(8) to do the same as ``set passive'' but matches the isakmpd(8) flag.
!
Added new commands to iked(8) and ikectl(8), the couple/decouple commands will set loading of the learned flows and SAs to the kernel the active/passive commands are required to use iked with sasyncd(8).
!
RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
! Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages. A source code patch is available.
! [Applied to stable]
!
SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected. A source code patch is available.
! [Applied to stable]
!
RELIABILITY FIX: The vr(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering. A source code patch is available.
! [Applied to stable]
!
Make pciide(4) save/restore more registers at suspend/resume for those chips which look like they need it or don't, when it appears they don't need it.
!
Fixed readlink(2) on FFS and ext2 file systems to consistently return EFAULT when appropriate.
Improved USB keyboard support to permit rogue keyboard to attach and be usable to a certain extent.
Added infrastructure to build GCC 4.2.1 on sparc platform.
!
Merged mandoc(1) version 1.10.5 with feature -Tpdf now fully working and bug fixes: proper handling of quoted strings by .ds in roff, allow empty .Dd, make .Sm start no-spacing after the first output word, underline .Ad, minor fixes in -Thtml.
Fixed X server mysteriously exiting on macppc platform.
!
Added support for M-audio Audiophile 192k in envy(4).
Make sure to stop DMA before suspend in re(4), bge(4).
Update xserver to version 1.8, xf86-input-keyboard to 1.4.0 and xf86-input-mouse to 1.5.0.
!
Added support for multibyte characters in libc, installed the en_US.UTF-8 ctype locale support file, and allow the UTF-8 ctype locale to be enabled via setlocale(3) (export LC_CTYPE='en_US.UTF-8').
!
Make acpi(4) set the sleeping indicator light on machines that support it.
!
Improved rthreads by correcting the links between threads, processes, pgrps and sessions.
!
Synchronized mandoc(1) with upstream, adding bug fixes: do not let mdoc(7) .Pp produce a newline before/after .Sh, avoid double blank lines related to man(7) .sp and .br, let man(7) .nf and .fi flush the line, let "\ " produce a non-breaking space, discard \m colour escape sequences, map undefined 1-character-escapes to the literal character itself; and new features: support the .in macro in man(7), support minimal PDF output, support .Sm in mdoc(7) HTML output, support .Vb and .nf in man(7) HTML output, complete the mdoc(7) manual.
Extended lint(1) to make it handle C99's _Bool and _Complex plus some GCC extensions (__real__ and __imag__ operators, the use of '~' for complex conjugation, and 'i' or 'j' as a suffix for complex constants).
!
Make elroy(4/HPPA) converts PCI addresses to proper 64-bit physical addresses on hppa64.
In Xenocara, updated xmore to version 1.0.2, xf86-video-ark to 0.7.3, xf86-video-chips to 1.2.3, xf86-video-rendition to 4.2.4, xf86-video-sisusb to 0.9.4, xf86-video-trident to 1.3.4, xf86-video-tseng to 1.2.4, xf86-video-voodoo to 1.2.4, DejaVu TrueType fonts to 2.31, fonts/encodings to 1.0.3, font/alias to 1.0.2.
Added check for vblank_mode in DRI2 GLX code.
Added config query extension to Xenocara DRI2.
Work around the recent Xenocara slowing down caused by mesa changes.
!
Make pmap(9) pmap_extract() work for large pages on hppa64.
!
Added a quirk in uaudio(4) to allow attaching devices which are audio class compliant enough even if the device claim to have a vendor defined interface class.
!
Avoided going back to sleep/reboot/shutdown immediately after resume by clearing acpi(4) event status on resume.
Make xf86-video-wildcatfb driver compatible with Xorg 1.8.
Repaired Gdium support on loongson.
!
Gave each arc(4) devices on the bus full openings.
!
Added support for Winbond/Nuvoton W83627DHG-P in wbsio(4).
In Xenocara, updated xf86-video-dummy to version 0.3.4, xf86-video-neomagic to 1.2.5, xf86-video-sis to 0.10.3, libXcomposite to 0.4.2, libXdamage to 1.1.3, libXfixes to 4.0.5, libXrender to 0.9.6, libXext to 1.1.2.
Prevent MetaGeek Wi-Spy 2.4i from attaching to uhid(4).
!
Make pkg_add(1) store openssl error output during verification, and log it if it didn't work.
!
Added 'bps' and 'msb' members to audio(4) structs audio_encoding and audio_prinfo. They respectively describe the number of bytes per sample and data alignment in the sample.
!
Fixed panic due to virtual memory map lock in uvm(9).
!
Fixed double active connections printing in netstat(1).
!
Make sure rc(8) delete all files in /tmp at boot.
!
Implemented a timing_safe_cmp() in ssh(1) to compare memory without leaking timing information by short-circuiting like memcmp() and used it for some of the more sensitive comparisons.
!
Fixed a broken mask for Core 1 and 2 temperature and bias properly for degC in itherm(4).
!
Merged mandoc(1) to release 1.10.4: proper .Bk support, mostly finished -Tps output, implemented -Thtml output for .Nm blocks and .Bk -words, allowed iterative interpolation of user-defined roff strings. Plus bug fixes and performance improvements.
!
Expand %h to the hostname in ssh_config(5) Hostname options.
!
Make ExitOnForwardFailure work with fork-after-authentication for -f option of ssh(1).
Updated libevent to version 1.4.14b: fixed memory-leak of signal handler array with kqueue, make evutil_make_socket_nonblocking() leave any other flags alone, adjusted fcntl() retval comparison on evutil_make_socket_nonblocking(), re-added event_siglcb, fixed a free(NULL) in min_heap.h, clean up properly when adding a signal handler fails.
Fixed bugs in OpenBSD::State(3p).
!
Make tmux(1) print an error when an old client is not compatible with a new server.
!
Reduced delays a bit in the miibus read/write routines for re(4).
Added bootstrap loader to the beagle platform.
Added support for sun4e on the sparc platform.
Updated libpciaccess to version 0.11 in Xenocara.
!
Prevent clients from hanging on ldapd(8) by retrying requests when the B-Tree is busy.
!
Fixed aucat(1) parameter handling: don't try to open a "default" midi port if no files are given on the command line.
!
Fixed a kernel panic in scsi(4) by limiting SCIOCCOMMAND and ATAIOCCOMMAND requests.
!
Rewrote the polling codepath in mpii(4), make it better multiprocessor-safe.
!
Make OpenCVS and rcs(1) conforms to GNU cvs(1) allowed characters in symbol/tag names.
!
Made cvs_unedit_local() OpenCVS conform to other functions with the '-t' and '-n' flags used simultaneously.
!
Prevent fsck_ffs(8) from crashing by using correct types for block numbers, those can grow big on very large filesystems.
!
Many improvement on the bge(4) interface: setup proper mbuf pool watermarks for BCM5717 / BCM57765 chipsets, disabled initiation of multiple DMA reads for BCM5717 chipset, added a performance tweak for BCM5785 chipset, corrected the return ring count used for BCM5717 / BCM57765 chipsets, fixed fibre media detection for BCM5717 chipsets.
Updated sudo to version 1.7.2p8.
Added mapping for ACPI device to PCI bus/device/function.
Switched hppa, i386 and powerpc to gcc4.
!
Make traceroute(8) parse extended ICMP messages defined by RFC 4884.
Added definitions in the TCP/IP stack for ICMP extended headers available for some ICMP messages like time exceeded messages.
Use config_activate_children to get down to the ISA bus activation code.
Prevent devices without read or write functionality from returning ENODEV to the poll.
Improved pipex.
Improved aesni.
!
Moved crypto(4) pool initialization to init_crypto and removed the crypto_pool_initialized variable. This prevents crypto_getreq() from checking if the pool is initialized each time its called.
!
Make ifstated(8) print run commands in debug mode only (ifstated -d).
Fixed deadlocks on sparc64.
!
Added mpi_wait over to mpii(4) as a multiprocessor-safe mechanism: sleep while waiting for a command to complete.
!
Created distinct entry points functions for sun4/4c and sum4m as the bits in their interrupt enable register are completely different (intreg_clr_44c() and intreg_clr_4m() instead of ienabic(), intreg_set_44c and intreg_set_4m instead of ieanb_bis()).
!
In acpi(4), use spl(9) spltty() to lock downcalls from apm(4) against the information being modified by the acpi(4) thread.
!
Make "apmd & zzz" work correctly.
!
Prevent ldapctl(8) from segfaulting if "ldapctl stats" is run when a database is being reopened due to compaction.
!
Make aucat(1) try to detect busy loops caused by misbehaving audio drivers or hardware. If a busy loop is found, then close the device that caused the loop.
!
Moved the last direct uses of mpi_{get,put}_ccb over to using the scsi_iohandler wrappers in mpi(4).
!
Make aucat(1) handle all streams (audio files and client connections) the same way. Cleaned command line options: stream parameters (-Ccehjmrtvx) must precede stream definitions (-ios) and per-device parameters (-abz) and stream definitions (-ios) must precede device definitions (-f). Since there's no "server" and "non-server" modes anymore, the -l option just detach the process.
!
Make ospf6d(8) advertise a intra-area-prefix-lsa with all prefixes for the network if there are any adjacent neighbors on link.
!
Improved iked(8) non-debug logging messages when a session is established/closed.
!
Implemented rudimentary support for user defined strings in mandoc(1).
Make the i386 kernel responsible for saving the FPU state before running signal handlers.
!
Removed getrdomain(2) and replaced it by getrtable(2). It fixes the naming of interfaces and variables for rdomain and rtables and make possible to bind sockets (including listening sockets) to rtables and not just rdomains. You'll need to remove /usr/share/man/cat2/[gs]etrdomain.0 after this.
!
In pfctl(8), fixed recursive printing of wildcard anchors, fixed printing of multi-part anchor paths, added a warning to prevent users from specifying multi-component names for inline anchors.
!
Make sd(4) stop on suspend and start again upon resume.
!
Added itherm(4), a driver for Intel 3400 Thermal Sensor.
Implemented translation of the SCSI START STOP UNIT command.
!
Added proper locking around vinvalbuf(9) in NTFS.
!
Fixed the return value of pmap_steal_memory() on hppa64.
Saved some space on RAMDISKs kernels.
!
Added new workaround for PCH devices in em(4) and make an Intel GbE 82578 PHY actually work.
!
Allowed systat(1) to print date and time when in raw mode.
!
Passed and saved state in pkg_add(1) repository related libraries, used to print all error messages.
!
Make sdmmc(4) be detached and re-attached on resume.
!
Allowed softraid(4) to implement seamless transitions from the previous metadata version to current version without needing to recreate the softraid volume by determining the data offset using a variable specified within the softraid metadata.
!
Added support in iked(8) for the tap extension that will tell the kernel to send all IPsec traffic for derived SAs to the specified enc(4) interface instead of enc0.
!
Added support in ipsecctl(8) for dumping the pfkey ADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel.
!
Allowed to specify an alternative enc(4) interface for an SA.
Removed GENERIC kernel compatibility with OpenBSD 4.3.
Fixed subordinate bus number for multi-root PCI buses.
!
Handled special vga(4) cards for resume on i386 and amd64.
!
Cleaned up now irrelevant TODOs and READMEs in the tree.
!
Improved performance on some disks (those that have 4K sectors but report 512B), by making 'fdisk -i' start the partition on a power of 2 block boundary.
!
Improved ldpd(8) for future multipath routes support.
Silenced the activation debug reporting in the kernel to prevent possible interactions when printing vga states.
!
Fixed an ldapd(8) crash by making it stop pruning page cache directly when adding to it.
!
Prevent disklabel(8) editor from crashing when pressing ^D.
!
Added support for Ironlake (clarkdale and arrandale, i.e. core i3 and core i5 internal graphics) to intel agp(4) and intel drm(4). Mostly works, but the suspend/resume handler doesn't put the registers back 100%.
Make ExpressCard hotplug work after suspend/resume cycle by saving PCIe slot control and status register.
!
Reworked ldpd(8) network distribution so all path of an active route are sent to the lde so it can assign remote labels to all of the paths.
!
Fixed uhci(4) on numerous machines by preserving and restoring BARs on suspend/resume for all pci(4) devices.
!
Make ldapd(8) validate that all attributes are allowed by any of its object classes.
!
Synchronized ldpd(8) kroute.c with ospfd(8) one for future multipath routes support.
Updated libedit to bring it into sync with the latest version from NetBSD.
!
Allowed key options (command="..." and friends) in sshd(8) AuthorizedPrincipals.
!
Allowed ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 encoded keys
!
Added aesni, an amd64 driver for the crypto framework, similar to the VIA driver for supporting the AES-NI instructions found on recent Intel cores. Special thanks to Huang Ying at Intel for getting the assembly code relicensed from GPL to a more suitable license.
Many improvements in sparc boot.
!
Replaced enc(4) with a new implementation as a clonable device.
!
Used the libutil implementation of UUCP locking in tip(1).
!
Factored iked(8) Diffie-Hellman implementation for isakmpd(8) with lots of benefits: smaller code, libcrypto instead of custom crypto code, theoretically adds support for many new MODP and EC2N/ECP modes.
!
Make call to sysctl(3) fail if a process asked KERN_PROC2 or KERN_FILE2 (or their libkvm wrappers) for more informations than the running implementation knows how to provide.
!
Synchronized mandoc(1) to release 1.10.3: support -Tps -Opaper=a4 and -Opaper=letter.
!
Automatically set /etc/pkg.conf 'installfrom' entry to the public mirror used while installing or upgrading.
!
Added a framework for glyph width encoding in mandoc(1).
!
Changed st(4) to use the FIFO buf sorting discipline rather than the default disk-sorting one.
!
Fixed aucat(1) crash by explicitly initialize members of struct dev in dev_open().
!
Prevent aucat(1) from checking if the midi control interface is idle when the device isn't open yet.
!
When given NULL or "" as argument, make unsetenv(3) set errno to EINVAL, conforming to POSIX.
Improved the FPU register saving on the hppa platform.
Factor out code used to save and flush process FPU context in hppa.
!
Forced the dns buffers to be aligned using a union in smtpd(8) and ypserv(8) as a workaround for "misaligned strings on the stack" bug in gcc4 and as a better and more common idiom.
!
Added custom layout in tmux(1), the list-windows command displays the layout as a string that can be applied to another window using select-layout.
!
Allowed selecting both address family and protocol in netstat(1).
!
Rewritten ldapd(8) schema parser. The new parser now support symbolic OID names. You need to update your /etc/ldapd.conf: schemata are now included with the 'schema' keyword.
Added VIA xcrypt for amd64 in libssl.
!
Cleaned interface stats handling in pfctl(8): '-Fi' reset ALL the interface statistics and make '-Fa -i ifname' fail.
!
Added the rtable id as an argument to rn_walktree() in the network stack. This permits functions like rt_if_remove_rtdelete() to be able to correctly remove nodes.
!
Used an SLIST instead of a TAILQ for the ccb free list in arc(4).
Massive removal of unused struct scsi_device.
!
Updated the perl(1) Safe module to version 2.2.7 for CVE-2010-1168 and CVE-2010-1447.
!
Modified IPv6 stack to conform to the last ospf6d(8) changes. Now neighbour discovery is solely based on the cloning route and not on the address neigbourship anymore.
!
Make ospf6d(8) create a cloning route if there is no next hop but an interface index.
!
Used the interface index for writing routes into the kernel in ospf6d(8).
!
Allow tty drivers to request larger buffers at attach time using a max-baud-rate hint. These larger buffers are required by the very high speed KDDI devices in Japan (com(4), or ucom(4)).
!
In cwm(1), fixed window name and class to match cwmrc(5).
!
Added definitions in acpi(4) for Intel/AMD IOMMU ACPI tables.
!
Implemented iopools in osiop(4) to get rid of another use of XS_NO_CCB.
!
Used in com(4) a more moderate FIFO trigger level (4) for moderately quick (sub-38400) port speeds.
!
Synchronized bind(8) root.hint with latest version from rs.internic.net.
!
Fixed kernel manuals thanks to full .nr nS support in mandoc(1).
!
Stopped probing "volume knobs" in azalia(4) on resume. This fixes a resume break.
!
Disabled uguru(4) on i386 and amd64 GENERIC kernels.
!
Fixed a crash in ftp(1) when the directory entry isn't complete.
!
In bgpd(8), instead of specifying the control sockets on the command line have them in bgpd.conf. Removed the -s and -r arguments from bgpd.
Marked the PXE boot device as "netboot" in the i386 and amd64 platform, even if we do not contain NFS client support.
!
Fixed .Bk in mandoc(1): do not print invalid arguments verbatim, do not trigger TERMP_PREKEEP twice, do not die from invalid arguments, continue to ignore even valid arguments.
!
In route(8), Make 'route exec' emit error messages like xargs when execve() fails does.
!
In iked(8), allowed to have multiple certs for the same CA but different srcids in the certs/ directory. This enforced that the subjectAltName has to be set correctly.
!
In ospfd(8), fixed rtmsg_process to return on an error during processing rather than continue. Fixed kr_dispatch_msg so it acts when rtmsg_process fails.
Fixed a NULL dereferencement on zombies processes.
!
Merged mandoc(1) release 1.10.2, bug fixes (interaction of ASCII_HYPH with special chars, handling of roff conditionals, Bd -offset will no more default to 6n), improvements (more caching of .Bd and .Bl arguments for efficiency, deconstify man(7) validation routines, add FreeBSD library names) and start PostScript font-switching.
Added GENERIC.MP kernel to hppa.
!
Improved dired in mg(1): position cursor at first filename after, don't reposition cursor on reopening, check for permission before attempting to open directory.
Prevent the amd64 and i386 platform from hanging on resume in the inter-processor interrupt handlers.
Make ssh(1) log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts.
Worked OpenBSD::State(3p) in the packages system.
!
Make skip the initial check for access with an empty password when PermitEmptyPasswords=no in sshd(8).
!
Fixed printing of extensions in v01 certificates in ssh-keygen(1).
Updated Mesa to version 7.8.2 in Xenocara.
Do not propagate cache invalidate operations between processors on 88110 systems, improves GENERIC.MP kernel speed by 8% on the MVME197DP (mvme88k platform).
Prevent the framebuffer from taking over serial console on early 2.x sun4c PROM if no keyboard is connected.
!
In mpii(4), protected the Command Control Blocks free list with its own mutex.
Doubled the dmesg buffer size on the amd64 platform.
Included the user name on "subsystem request for ..." log messages in OpenSSH.
Added auth debug messages for bad ownership or permissions on the user's keyfiles in OpenSSH.
!
Standardized error messages when attempting to open private key files with ssh-keygen(1).
!
Compaction can now be done by a separate process in ldapd(8).
!
Prevent fsck_ffs(8) from failing when used with disklabel UIDs.
!
Fixed a panic with softraid(4) when sd(4) tries to enable write cache on all disks.
!
Make a whole bunch of newer umsm(4) Huawei devices to work.
!
Count of deinstalling package fixed in pkg_delete(1).
!
Write cache enabled on sd(4) disks during attach.
!
In mpi(4), allowed the cache enabling on virtual disks to run as part of the disks attach routine.
!
Initial support for initiator mode with certificate, which allows to run iked(8) as a "client" or to configure iked(8) to iked(8) (OpenBSD to OpenBSD) IKEv2 VPNs.
!
Added commands in iked(8) to create/delete/install/import keys without involving certificates.
In ldapd(8), fixed a btree reference counting when opening the database with a file descriptor directly using btree_open_fd().
!
Make ospf6d(8) stop preventing dynamic route redistribution because of a "dispatch_rtmsg no nexthop" error was emitted in wrong cases; fixed a use after free(3), fixed a segfault.
!
Make ospf6ctl(8) print additional new line after 'Number of Links' in show database router.
!
Make ospfctl(8) print 'Number of Routers' in show database network.
!
Add support for Intel AES-NI and the CLMUL_ instructions, plus a few others that are needed to implement accelerated AES (and AES-GCM mode) on newer Intel cores.
!
In ldapd(8), track changes in btree_txn_* API, pass a NULL btree when also passing a transaction.
!
In ldapd(8), when a btree NULL pointer is passed to a function that accept both btree and a transaction, the btree is taken from the transaction.
!
Fixes in sort(1): clarify sort's various modes of operation; -m is overridden by -C and -c; ordering options should not appear after -k.
!
In ldapd(8), append a "tombstone" meta page after a database has been compacted. This allows other processes to pick up the change and re-open the file.
!
Added minimal initial -Tps support in mandoc(1).
!
Declare safepri at the MD level on each platform, so that the kern_synch.c does not have to deal with it as a common.
!
In ikectl(8), added a command to revoke a certificate and generate a CRL; make the ca install command install the CRL as well.
!
Added a -S flag to iked(8) to do the same as "set passive" but matches the isakmpd(8) flag.
!
Added new commands to iked(8) and ikectl(8), the couple/decouple commands will set loading of the learned flows and SAs to the kernel the active/passive commands are required to use iked with sasyncd(8).
!