On ppc platforms, make pmap_zero_page MP-safe by using the directmap.
Enable GOST cipher in libcrypto.
-
For cas(4), use pa_device to ensure each MAC address of a multi port board is unique.
-
When running mandoc(1) in man(1) mode, set match order to file name over .Dt name over first .Nm entries over other NAME .Nm enties over SYNOPSIS .Nm entries. Re-run "makewhatis" to effectuate this change.
-
Fix NULL pointer dereference in ssh(1) key loading.
-
Activate support in pkg-config(1) for "package != version" requests.
+
For cas(4), use pa_device to ensure each MAC address of a multi port board is unique.
+
When running mandoc(1) in man(1) mode, set match order to file name over .Dt name over first .Nm entries over other NAME .Nm enties over SYNOPSIS .Nm entries. Re-run "makewhatis" to effectuate this change.
+
Fix NULL pointer dereference in ssh(1) key loading.
+
Activate support in pkg-config(1) for "package != version" requests.
Imported perl 5.20.1.
Add Cammelia cipher to libcrypto.
Make /var/tmp a symbolic link to /tmp. Move /tmp to the same 7-day expiration that /var/tmp had.
-
Add quirks for "Realtek ALC885" found on MacMini3.1, unmutes the internal speaker, line input and hp output.
-
Reduce dhclient(8) risk by putting config file reading after forking the privilege separated child process but before getting hardware link.
+
Reduce dhclient(8) risk by putting config file reading after forking the privilege separated child process but before getting hardware link.
Sync kernel AES code to the one shipped with OpenSSL/LibreSSL.
-
Make usbdevs(8) show super speed status in verbose output mode.
-
In ssh(1), fix KRL generation when multiple CAs are in use.
-
Make mandoc(1) correctly handle whitespace-only lines in regard to vbl and vis variables.
-
Two fixes to make Qemu and VMWare xhci(4) implementations work, always unmask the slow context for the Set Address command and use the right spl when wubmitting a transfer.
+
Make usbdevs(8) show super speed status in verbose output mode.
+
In ssh(1), fix KRL generation when multiple CAs are in use.
+
Make mandoc(1) correctly handle whitespace-only lines in regard to vbl and vis variables.
+
Two fixes to make Qemu and VMWare xhci(4) implementations work, always unmask the slow context for the Set Address command and use the right spl when wubmitting a transfer.
-
Allow cas(4) to retrieve the MAC address from the rom for NS Saturn based boards.
+
Allow cas(4) to retrieve the MAC address from the rom for NS Saturn based boards.
Reworked the sigwait() handling to fix ptrace() in some circumstances.
-
Add cas(4) devices to i386 and amd64 GENERIC kernels.
+
Add cas(4) devices to i386 and amd64 GENERIC kernels.
Change librthread to not restart syscalls on SIGTHR.
Fix in librthread to allow check for cancellation when a handled (but not waited for) signal occurs.
Use newly imported siphash algorithm for in_pcb hashing.
-
In dhclient(8), make -q and -d mutually exclusive.
-
Implemented -h in mandoc(1) for preformatted (cat) pages.
+
Fix for ix(4) SFP+ module detection when booting without the modules plugged in.
+
Added support for USB 1.x devices below external hubs on xhci(4).
+
Make sure httpd(8) does't try to open log files when using syslog.
+
Changed the xhci(4) attach logic to set the address of a device. Fixes issues seen on root hubs with some Low/Full speed devices.
Plug an rtentry leak in route code.
-
Fix pf(4) state linking used to implement transparent relays for connectionless protocols.
+
Fix pf(4) state linking used to implement transparent relays for connectionless protocols.
Added GOST crypto algorithms to libcrypto. Not enabled yet.
-
Make tmux(1) expand formats in copy-pipe command.
+
Make tmux(1) expand formats in copy-pipe command.
-
When a usb(4) pipe is closed, only clear the memory of the corresponding endpoint context. Fixes a panic.
+
When a usb(4) pipe is closed, only clear the memory of the corresponding endpoint context. Fixes a panic.
-
Stopped tmux(1) extending the line to full width on insert/delete character (leaves extra spaces when reflowing); only mark a line wrapped when the cursor actually goes off the end (not on newlines).
+
Stopped tmux(1) extending the line to full width on insert/delete character (leaves extra spaces when reflowing); only mark a line wrapped when the cursor actually goes off the end (not on newlines).
If resuming from sleep (zzz/ZZZ) and the lid is still closed, go back to sleep. Prevents accidental lid flex from waking the machine up.
Libtool moved to the comp set.
-
Enabled xhci(4) on i386 and amd64, for USB 3.0 support.
-
Fixed problems with iked(8) EAP state transition. Allows Win7 to establish the a tunnel again.
-
Fixed a race (and panic) in xhci(4) when submitting a command by using the appropriate spl(9) protection.
-
Removed the SSLv2 option from relayd(8); made "no sslv3" work as intended.
+
Enabled xhci(4) on i386 and amd64, for USB 3.0 support.
+
Fixed problems with iked(8) EAP state transition. Allows Win7 to establish the a tunnel again.
+
Fixed a race (and panic) in xhci(4) when submitting a command by using the appropriate spl(9) protection.
+
Removed the SSLv2 option from relayd(8); made "no sslv3" work as intended.
-
Add support for automatic DH ephemeral keys in ssl(8), so DH keys can be generated based on the server key length; use automatic DH ephemeral parameters instead of fixed 512 bit.
-
Removed ssl(8) support for ephemeral/temporary RSA private keys.
+
Add support for automatic DH ephemeral keys in ssl(8), so DH keys can be generated based on the server key length; use automatic DH ephemeral parameters instead of fixed 512 bit.
+
Removed ssl(8) support for ephemeral/temporary RSA private keys.
Renamed libressl to libtls, to avoid confusion.
-
Major bugsquashing with respect to -offset and -width in mdoc(7).
-
Do not enable interrupts before attaching usb(4). Fixes panic when an Express Card has usb(4) devices.
+
Major bugsquashing with respect to -offset and -width in mdoc(7).
+
Do not enable interrupts before attaching usb(4). Fixes panic when an Express Card has usb(4) devices.
-
Support utf-8 and iso-8859-1 input by integrating preconv(1) utility into mandoc(1).
+
Support utf-8 and iso-8859-1 input by integrating preconv(1) utility into mandoc(1).
-
In mandoc(1) -Tascii mode, only print "" for unicode escapes of unknown representation (not for character escapes with unknown names).
-
Tightened mandoc(1) unicode escape name parsing.
-
Fixed pipex(4) to return multicast packets to the caller so that npppd(8) can handle them.
-
Fixed pipex(4) to initialise DF bit in IP header for L2TP message, so packets larger than minimum MTU aren't dropped.
+
In mandoc(1) -Tascii mode, only print "<?>" for unicode escapes of unknown representation (not for character escapes with unknown names).
+
Tightened mandoc(1) unicode escape name parsing.
+
Fixed pipex(4) to return multicast packets to the caller so that npppd(8) can handle them.
+
Fixed pipex(4) to initialise DF bit in IP header for L2TP message, so packets larger than minimum MTU aren't dropped.
-
5.4, 5.5, 5.6 and -current SECURITY FIX: Fixed incorrect expansion of netmask for dynamic interfaces by pfctl(8). Stops potential elevation of access permissions for IPv6 traffic..
-
Removed execute permission from most pages in the kernel pmap(9) on powerpc.
-
Stopped supporting wsmoused(8) and X(7) in parallel. Code is racy and known to break mice upon resume.
-
Fixed regression in term.c r1.89: repaired handling of zero-width spaces (\&) in mandoc(1) utf-8 output.
+
5.4, 5.5, 5.6 and -current SECURITY FIX: Fixed incorrect expansion of netmask for dynamic interfaces by pfctl(8). Stops potential elevation of access permissions for IPv6 traffic..
+
Removed execute permission from most pages in the kernel pmap(9) on powerpc.
+
Stopped supporting wsmoused(8) and X(7) in parallel. Code is racy and known to break mice upon resume.
+
Fixed regression in term.c r1.89: repaired handling of zero-width spaces (\&) in mandoc(1) utf-8 output.
-
Allow the current lease to expire without causing dhclient(8) to seg fault when it tries to get a new one.
-
Fixed possible infinite recursion in perl(1) Data::Dumper (CVE-2014-4330).
-
Improved mandoc(1) -Tascii output for unicode escape sequences: for the first 512 code points, provide ASCII approximations; provide approximations for some sequences above codepoint 512 via mandoc_char(7) character table.
-
When using the local enqueuer and the internal SMTP session fails, made smtpd(8) copy the original message to ~/dead.letter so it's not lost.
-
On hppa, fixed "read section header string table failed(0)" errors when attempting to boot lif.fs.
+
Allow the current lease to expire without causing dhclient(8) to seg fault when it tries to get a new one.
+
Fixed possible infinite recursion in perl(1) Data::Dumper (CVE-2014-4330).
+
Improved mandoc(1) -Tascii output for unicode escape sequences: for the first 512 code points, provide ASCII approximations; provide approximations for some sequences above codepoint 512 via mandoc_char(7) character table.
+
When using the local enqueuer and the internal SMTP session fails, made smtpd(8) copy the original message to ~/dead.letter so it's not lost.
+
On hppa, fixed "read section header string table failed(0)" errors when attempting to boot lif.fs.
-
Fixed smtpd(8) so newaliases and makemap can parse multi-line aliases entries.
-
Stopped mandoc(1) attempting to parse empty equations. Fixes a null pointer dereference.
-
In mandoc(1), report arguments to .EQ if they have caused an error.
-
Don't attempt to suspend/resume a partially attached drm(4) driver. Fixes crash upon resume with ATI FireMV 2400 card.
+
Fixed smtpd(8) so newaliases and makemap can parse multi-line aliases entries.
+
Stopped mandoc(1) attempting to parse empty equations. Fixes a null pointer dereference.
+
In mandoc(1), report arguments to .EQ if they have caused an error.
+
Don't attempt to suspend/resume a partially attached drm(4) driver. Fixes crash upon resume with ATI FireMV 2400 card.
Stopped the page zeroing thread launching on m88k multiprocessor systems. Avoids a deadlock between reaper and zerothread.
-
Backported fix for binutils bug 11867: ".quad" directive not assembled correctly.
-
Use sha512 instead of md5 for tcp(4) initial sequence number.
-
In ssl(8) s_client, no longer call shutdown on a non-existent socket descriptor.
+
Use sha512 instead of md5 for tcp(4) initial sequence number.
+
In ssl(8) s_client, no longer call shutdown on a non-existent socket descriptor.
In the random number generator, use sha512 to hash the entropy (instead of md5).
-
5.4, 5.5 and 5.6 RELIABILITY FIX: Stopped assuming elf(5) ep_taddr and ep_daddr are page-aligned, to fix a panic. A source code patch is available for 5.4, 5.5 and 5.6.
+
5.4, 5.5 and 5.6 RELIABILITY FIX: Stopped assuming elf(5) ep_taddr and ep_daddr are page-aligned, to fix a panic. A source code patch is available for 5.4, 5.5 and 5.6.
Update to xf86-video-mga 1.6.3
Update to xf86-video-savage 2.3.7.
-
More gracefully handle firmware loading errors in ulpt(4). Avoids potential kernel crash.
-
5.4 and 5.5 RELIABILITY FIX: Fixed two remotely triggerable memory leaks in ssl(8). A source code patch is available for 5.4 and 5.5.
+
More gracefully handle firmware loading errors in ulpt(4). Avoids potential kernel crash.
+
5.4 and 5.5 RELIABILITY FIX: Fixed two remotely triggerable memory leaks in ssl(8). A source code patch is available for 5.4 and 5.5.
-
Check speed of a new device does not exceed parent's speed prior to calling usbd_new_device().
-
5.4, 5.5 and 5.6 SECURITY FIX: Stopped nginx (in base) reusing cached ssl(8) sessions in unrelated contexts (CVE-2014-3616). A source code patch is available for 5.4, 5.5 and 5.6.
-
Added support for "physical devices" to mfii(4).
-
In ssl(8), cleaned up EC cipher handling in ssl3_choose_cipher().
-
Prevented dmesg(8) spam from some windows-only keys (found on very new thinkpads).
-
Do not use the global list of IPv4 addresses in icmp_reflect(), use the route(4) table.
+
5.4, 5.5 and 5.6 SECURITY FIX: Stopped nginx (in base) reusing cached ssl(8) sessions in unrelated contexts (CVE-2014-3616). A source code patch is available for 5.4, 5.5 and 5.6.
+
Added support for "physical devices" to mfii(4).
+
In ssl(8), cleaned up EC cipher handling in ssl3_choose_cipher().
+
Prevented dmesg(8) spam from some windows-only keys (found on very new thinkpads).
+
Do not use the global list of IPv4 addresses in icmp_reflect(), use the route(4) table.
Increased text segment size on arm to 32MB.
-
When setting env(1) in an at(1) atrun script, use the "export foo=bar" form. Allows shell to catch variable names that are not valid shell identifiers.
-
Fixed r1.12 of ssl(8) x509_att.c which had a NULL pointer dereference in the error path.
-
Added option that allows any enabled ssl(8) protocols to be explicitly configured.
-
Use raster operation (ROP) function on luna frame buffer. 4bpp wscons(4) putchar now ~20% faster.
-
Reversion fixed in smtpd(8), which had broken table_passwd.
+
When setting env(1) in an at(1) atrun script, use the "export foo=bar" form. Allows shell to catch variable names that are not valid shell identifiers.
+
Fixed r1.12 of ssl(8) x509_att.c which had a NULL pointer dereference in the error path.
+
Added option that allows any enabled ssl(8) protocols to be explicitly configured.
+
Use raster operation (ROP) function on luna frame buffer. 4bpp wscons(4) putchar now ~20% faster.
+
Introduce config_suspend_all(9), to invoke config_suspend(9) in appropriate order. Fixes problems with unflushed disk caches on machines where mpath(4) takes control of some of your disks.
-
Stopped sd(4) spinning back up while attempting to spin down some drives.
+
Introduce config_suspend_all(9), to invoke config_suspend(9) in appropriate order. Fixes problems with unflushed disk caches on machines where mpath(4) takes control of some of your disks.
+
Stopped sd(4) spinning back up while attempting to spin down some drives.
-
If pkg_add(1) not running as root, dismiss user id and groups, replace with root/bin. For FAKE_AS_ROOT=No.
Made the cleaner, syncer, pagedaemon and aiodone daemons all yield() if CPU is marked SHOULDYIELD.
-
Marked the mfi(4) interrupt handler mpsafe; give up biglock in the scsi(4) cmd submission paths.
-
Fixed interrupt storm on 2009 Mac minis with WOL enabled on nfe(4) interfaces.
-
Stopped uvm(9) sleeping on allocation of hash table entries. Fixes crashes with tmpfs.
-
Stopped pflog(4) counting bad packets multiple times.
-
Added window_last_flag and window_zoomed_flag to tmux(1).
-
5.6 and -current RELIABILITY FIX: Prevent addition of redundant IPv6 autoconf (SLAAC) addresses.
+
Marked the mfi(4) interrupt handler mpsafe; give up biglock in the scsi(4) cmd submission paths.
+
Fixed interrupt storm on 2009 Mac minis with WOL enabled on nfe(4) interfaces.
+
Stopped uvm(9) sleeping on allocation of hash table entries. Fixes crashes with tmpfs.
+
Stopped pflog(4) counting bad packets multiple times.
+
Added window_last_flag and window_zoomed_flag to tmux(1).
+
5.6 and -current RELIABILITY FIX: Prevent addition of redundant IPv6 autoconf (SLAAC) addresses.
-
Fix a syslogd(8) regression when specifying all 20 additional log paths.
+
Fix a syslogd(8) regression when specifying all 20 additional log paths.
Implemented membar API for amd64.
Deleted procfs (always suffered from race conditions and is now unused).
-
5.4 RELIABILITY FIX: Added a one second receive timeout. Avoids stall of receive queue in vio(4).
-
5.4 and 5.5 RELIABILITY FIX: Removed race condition. Stops occasional network hangs in in vio(4).
+
5.4 RELIABILITY FIX: Added a one second receive timeout. Avoids stall of receive queue in vio(4).
+
5.4 and 5.5 RELIABILITY FIX: Removed race condition. Stops occasional network hangs in in vio(4).
Updated to mesa version 10.2.7.
-
Removed SSL_kDHr, SSL_kDHd and SSL_aDH from ssl(8). No supported ciphersuites use them.
-
Use shell substitution instead of dirname in sysmerge(8); fixed installing pkg @sample when target directory is missing; fixed output when a file fails to install.
+
Removed SSL_kDHr, SSL_kDHd and SSL_aDH from ssl(8). No supported ciphersuites use them.
+
Use shell substitution instead of dirname in sysmerge(8); fixed installing pkg @sample when target directory is missing; fixed output when a file fails to install.
-
5.6 RELIABILITY FIX: Stopped incorrect RX ring computation, which led to panics under load with bge(4), em(4) and ix(4). A source code patch is available for 5.6.
-
Let roff(7) accept .ll in the prologue; parse and ignore the .pl (page length) request.
+
5.6 RELIABILITY FIX: Stopped incorrect RX ring computation, which led to panics under load with bge(4), em(4) and ix(4). A source code patch is available for 5.6.
+
Let roff(7) accept .ll in the prologue; parse and ignore the .pl (page length) request.
-
Upgraded inodesc.id_entryno in fsck_ffs(8) to u_int64_t, to handle larger file sizes with FFS2; fixed check for allocated fragments marked free in the bitmap.
-
Fixed FastCGI-based WebDAV and CalDAV (calendar) servers with httpd(8).
-
httpd(8) server name specification changed to name+address+port. Allows using same server name for multiple servers with different addresses.
+
Upgraded inodesc.id_entryno in fsck_ffs(8) to u_int64_t, to handle larger file sizes with FFS2; fixed check for allocated fragments marked free in the bitmap.
+
Fixed FastCGI-based WebDAV and CalDAV (calendar) servers with httpd(8).
+
httpd(8) server name specification changed to name+address+port. Allows using same server name for multiple servers with different addresses.
Removed /etc/{hosts,myname} from etc.tgz; made the installer create the /etc/hosts template.
-
In ssh(1), tightened permissions on pty(4) when the "tty" group does not exist.
-
Be coherent in the way arp(8) and ndp(8) display local entries, use "l" flag to distinguish them; skip broadcast entries (are not real arp(4) entries).
-
Make sure broadcast entries won't be freed by the arp(4) timer so we can use them for address lookups.
-
Treat broadcast entries like local ones and give them the highest route(4) priority.
+
Reworked how pool(9) with large pages (>PAGE_SIZE) are implemented.
+
In ssh(1), tightened permissions on pty(4) when the "tty" group does not exist.
+
Be coherent in the way arp(8) and ndp(8) display local entries, use "l" flag to distinguish them; skip broadcast entries (are not real arp(4) entries).
+
Make sure broadcast entries won't be freed by the arp(4) timer so we can use them for address lookups.
+
Treat broadcast entries like local ones and give them the highest route(4) priority.
Sync amd64 and i386 GENERIC.MP with other arches by enabling MP_LOCKDEBUG option.
-
If crypt(3) fails, smtpd(8) will now return an authentication error.
+
If crypt(3) fails, smtpd(8) will now return an authentication error.
-
Implemented traditional -h option for man(1): show the SYNOPSIS only.
-
Initial httpd(8) support for persistent FastCGI connections via chunked Transfer-Encoding.
-
Added Jumbo support for BCM5714/5780/5717/5719/5720/57765/57766 bge(4) chipsets.
+
Implemented traditional -h option for man(1): show the SYNOPSIS only.
+
Initial httpd(8) support for persistent FastCGI connections via chunked Transfer-Encoding.
+
Added Jumbo support for BCM5714/5780/5717/5719/5720/57765/57766 bge(4) chipsets.
-
Added iked(8) support for DH groups 27-30 using the Brainpool curves as in ssl(8).
+
httpd(8) now supports both mime.types flavours (nginx- or apache-style).
+
Added generic system-wide /usr/share/misc/mime.types file, usable by httpd.conf(5).
+
Moved sending of router solicitations to the kernel. Makes rtsol(8) and rtsold(8) unnecessary.
+
Don't allow pasting into input-disabled tmux(1) panes.
+
Implemented _NET_WM_STATE_STICKY in cwm(1). Allows client to "stick" to all desktops or groups.
+
When using a proxy, made ftp(1) validate the cert hostname against the target hostname, not the proxy hostname.
+
Delete secret or secret-derived data in many base utilities with explicit_bzero(3).
-
Implementation of bold italic font support for postscript and pdf output in mandoc(1).
-
Start all rcctl(8) error messages with "rcctl: " so it is clear where they come from.
-
In debug mode, only print the flags relevant to the rc.d(8) we are calling instead of all flags; make it clear when we are using the default flags when none are set.
-
Make it possible for rcctl(8) to pass `-d' and `-f' to the rc.d(8) script.
+
Implementation of bold italic font support for postscript and pdf output in mandoc(1).
+
Start all rcctl(8) error messages with "rcctl: " so it is clear where they come from.
+
In debug mode, only print the flags relevant to the rc.d(8) we are calling instead of all flags; make it clear when we are using the default flags when none are set.
+
Make it possible for rcctl(8) to pass '-d' and '-f' to the rc.d(8) script.
-
Removed non-standard GOST cipher suites (which are not compiled in currently) from ssl(8).
+
Removed non-standard GOST cipher suites (which are not compiled in currently) from ssl(8).
-
pfctl(8) now makes sure rules have been defined when you specify queues in a rule.
-
Switched ndp(8) to display MAC addresses in 00:00:00:00:00:00 format.
-
Get arp(8) to print leading zeros in MAC addresses again.
-
Disabled use of bind in base (base uses nsd(8)/unbound(8) instead).
-
Ensure cwm(1) client that wants to be in nogroup stays in nogroup (thus stays in view), even when (re)reading NET_WM_DESKTOP.
-
Made syslogd(8) check host/port length when parsing syslog.conf(5). Avoids nasty error message "syslogd: priv_getaddrinfo: overflow attempt in hostname".
-
Set the default nfsd(8) flags to "-tun 4" when launched from rc.d(8).
-
Switched to using O_CLOEXEC wherever we open a file and then call fcntl(F_SETFD, FD_CLOEXEC)
on it. Reduces system calls and improves thread-safety for libraries.
-
More fixes in the attach failure path for ze(4/vax).
-
In httpd(8), provided a failsafe version of the path_info() function.
+
Correctly set the rtable ID of the packet header when sending pppoe(4) Active Discovery Terminate packets.
+
Brought pflow(4) IPFIX sequence numbers in line with the RFC.
-
Sync pf.conf(5) behaviour with the man page regarding parent anchors for "once" rules.
+
Sync pf.conf(5) behaviour with the man page regarding parent anchors for "once" rules.
-
On mips64, stopped uvm_map(9) from receiving addresses outside userland bounds.
-
Fixed tmux(1) copy mode problems: in vi mode, include the last character if you moved the cursor up or left; in emacs mode include the last character if you moved the cursor left.
-
Added tmux(1) flags to selectp, to enable and disable input to a pane.
-
In ksh(1), separately set FD_CLOEXEC if the new fd was >= FDBASE. Affects scripts that directly use 9 of the first 10 file descriptors.
-
When dhclient(8) is parsing 32 bit values, verify that we received 4 bytes.
-
Validate len field in dhcpd(8) for proper length, not just "not zero."
-
Brought back r1.131 of sys/kern/subr_pool.c: take the pools mutex when copying stats out of it in the sysctl(8) path.
+
On mips64, stopped uvm_map(9) from receiving addresses outside userland bounds.
+
Fixed tmux(1) copy mode problems: in vi mode, include the last character if you moved the cursor up or left; in emacs mode include the last character if you moved the cursor left.
+
Added tmux(1) flags to selectp, to enable and disable input to a pane.
+
In ksh(1), separately set FD_CLOEXEC if the new fd was >= FDBASE. Affects scripts that directly use 9 of the first 10 file descriptors.
+
When dhclient(8) is parsing 32 bit values, verify that we received 4 bytes.
+
Validate len field in dhcpd(8) for proper length, not just "not zero."
+
Brought back r1.131 of sys/kern/subr_pool.c: take the pools mutex when copying stats out of it in the sysctl(8) path.
Put back the checks about RTF_LOCAL routes now that userland tools are aware of them.
-
Stopped arp(4) and ndp(8) from trying to delete RTF_LOCAL entries.
+
Stopped arp(4) and ndp(8) from trying to delete RTF_LOCAL entries.
-
Fixed unchecked memory allocation (and potential leak upon error) in ssl(8) ssl3_get_cert_verify().
-
Provided ssl3_get_cipher_by_id() function that allows ssl(8) ciphers to be looked up by their ID.
-
Always write core file of a non-suid process into pwd(1), even if sysctl(8) kern.nosuidcoredump is 2 or 3.
-
Fixed race in relayd(8) that caused non-persistent PUT connections with a short body to hang.
-
Removed disabled (weakened export and non-ephemeral DH) cipher suites from the ssl(8) cipher list.
-
If pkg_create(1) is run as non-root, restore correct group/owner to root/bin, and remove write permissions without explicit modes.
-
Fixed kqueue read/write filters for msdosfs and fuse(4) filesystems.
+
Fixed unchecked memory allocation (and potential leak upon error) in ssl(8) ssl3_get_cert_verify().
+
Provided ssl3_get_cipher_by_id() function that allows ssl(8) ciphers to be looked up by their ID.
+
Always write core file of a non-suid process into pwd(1), even if sysctl(8) kern.nosuidcoredump is 2 or 3.
+
Fixed race in relayd(8) that caused non-persistent PUT connections with a short body to hang.
+
Removed disabled (weakened export and non-ephemeral DH) cipher suites from the ssl(8) cipher list.
+
If pkg_create(1) is run as non-root, restore correct group/owner to root/bin, and remove write permissions without explicit modes.
+
Fixed kqueue read/write filters for msdosfs and fuse(4) filesystems.
-
Fixed the length check for reinjected icmp(4) packets. Stops divert(4) discarding valid packets shorter than 20 bytes.
-
5.4 and 5.5 SECURITY FIXES: Backported security fixes from openssl 1.0.1i A source code patch is available for 5.4 and 5.5.
+
Initial sysmerge(8) support for handling configuration files from packages.
+
Now that uhub(4) can deal with them, added support for non-root hubs.
+
Made uhub(4) correctly recognise Super Speed devices.
+
Allow httpd.conf(5) to include the "types" section anywhere in the configuration file.
+
Removed tmux(1) support for the continuously reporting "any" mouse mode (never worked properly, rarely used).
Backport from binutils-2.17 the correct i386/amd64 register->int assignments for CFI.
-
Allow httpd(8) to use a fastcgi target as the default index (eg index.php).
-
Fixed relayd(8) when using DNS over udp(4) so it continues to work after the first request.
-
radeon(4) fixes: only apply hdmi "bpc pll" flags when encoder mode is hdmi; fixed dithering on some panels; fixed lane/clock setup for dp 1.2 capable devices.
-
Brought mandoc(1) handling of defective prologues closer to groff.
-
Improved mandoc(1) handling of next-line scope when it is broken by end of file.
-
Partial mandoc(1) implementation of .Bd -centred; various improvements related to .Ex and .Rv.
-
Made sure asynchronous commands do not race with synchronous ones in xhci(4).
-
Improved xhci(4) logic to determine the maximum endpoint service interface time payload.
-
Made xhci(4) always report stalls, as umass(4) relies on this information.
-
Added support for using "-" as shorthand for stdin/stdout in tradcpp(1).
+
Allow httpd(8) to use a fastcgi target as the default index (eg index.php).
+
Fixed relayd(8) when using DNS over udp(4) so it continues to work after the first request.
+
radeon(4) fixes: only apply hdmi "bpc pll" flags when encoder mode is hdmi; fixed dithering on some panels; fixed lane/clock setup for dp 1.2 capable devices.
+
Brought mandoc(1) handling of defective prologues closer to groff.
+