version 1.5, 2015/08/09 18:57:31 |
version 1.6, 2015/09/01 22:29:36 |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- 2015-07-30 --> |
|
<li>On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations. |
|
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>. |
|
<li>Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1">patch(1)</a> about the state of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1">ed(1)</a> child process is in. |
|
<li>Turn off POOL_DEBUG for release. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, repair HSTS header output. |
|
<li>Fix pty permissions in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>. |
|
<li>In the installer, make "without-password" the default answer to the "Allow root ssh login?" question. |
|
<li>Change the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a> PermitRootLogin default to "without-password". |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ksh.1">ksh(1)</a>, fix the baskslash-escaped codes ("\nnn") usage in PS1. |
|
<!-- 2015-07-29 --> |
|
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ssh_config.5">ssh_config(5)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a> kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/envy.4">envy(4)</a>, properly recover when interrupts are blocked for too long. This fixes permanent distortion on MP systems. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>, fix a bug where other than the last of multiple forward rules in http protocols would be ignored. |
|
<li>Add linker warnings in case SSLv3_{,client,server}_method are referenced. |
|
<li>On macppc, powerpc and socppc, do not save the status register and restore it for machine check exceptions. |
|
<li>Revert r1.289 of src/sys/dev/acpi/acpi.c (respect the access size when reading or writing to pci config space). It is locking up suspend or boot on some laptops. |
|
<li>Disable <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a> with ENOSYS for upcoming release cycle. |
|
<li>Acquire the kernel lock in pmap_remove(). The reasons for this can't be stated as the committer has been asked to be polite in his commit message. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/azalia.4">azalia(4)</a>, rework the buffer position reporting code. |
|
<!-- 2015-07-28 --> |
|
<li>Build r300g and r600g on macppc and sparc64. |
|
<li>Make the Gallium r300 works on big-endian architectures. |
|
<li>In case the system misses enough audio interrupts for DMA pointers to wrap, recover by detecting and compensating for the missed interrupts. This fixes certain audio hangs on MP machines. |
|
<li>In libsndio and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/audioctl.1">audioctl(1)</a>, use the new AUDIO_GETPOS ioctl instead of AUDIO_GETxOFFS and AUDIO_xERROR. |
|
<li>Add the AUDIO_GETPOS ioctl to fetch a snapshot of the 4 counters returned by AUDIO_GETxOFFS and AUDIO_xERROR ioctls. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, remove the hack of scrolling forward and backward with +G1G. Instead, when using a pager, use another temporary file for the formatted page(s). |
|
<li>For unix domain sequenced packet socket pairs, don't report an EMSGSIZE error when the sent message was not too large. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>, fix keepenv handling. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, make -B cope with bad checksums. |
|
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pf.4">pf(4)</a> divert-reply for raw sockets. |
|
<li>Do not link an ICMP6 socket to the pf state. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, add HSTS to fcgi responses. |
|
<!-- 2015-07-27 --> |
|
<li>Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), sendmsg(), and recvmsg(). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/gcc.1">gcc(1)</a>, implement support for __builtin_complex() to construct complex values. This is required by the upcoming libm work. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/disktab.5">disktab(5)</a> on i386, fix geometry of rdroot entry. |
|
<li>Rather than disabling <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a> to coredump, leave it enabled but flag that a coredump is happening. This improves behaviour while threaded. |
|
<li>On mips64, allow coalescing of IPI requests on mips64, to make IPI sending non-blocking. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>, permit <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/kbind.2">kbind(2)</a> use in the sandbox. |
|
<li>Enforce <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a> by disabling all TAME_ flags if tame_fail() is reached, not only if TAME_ABORT is set. |
|
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file.</font><br>A source code patch exists for <a href="errata56.html#029_patch">5.6</a> and <a href="errata57.html#012_execve">5.7</a>. These patches remove the RCS support. |
|
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.</font><br>A source code patch exists for <a href="errata56.html#028_execve">5.6</a> and <a href="errata57.html#011_execve">5.7</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/radiusd.8">radiusd(8)</a>, make the modules priviledge-separated. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make -q suppress ambiguous option warnings too. |
|
<!-- 2015-07-26 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>: |
|
<ul> |
|
<li>Implement command matching without execution. |
|
<li>Don't exit when the command line is too long to log. |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1">patch(1)</a>, remove support for automatically checking files out of RCS. This may cause patch to be tricked into running arbitrary shell code with a specially crafted diff. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/disktab.5">disktab(5)</a> on amd64, fix ba# attribute in rdroot entry. |
|
<li>Update to terminfo 20150725. |
|
<!-- 2015-07-25 --> |
|
<li>On alpha, ensure pci_intr_map() will perform proper interrupt swizzling for devices behind a bridge, if the SRM didn't pick an interrupt line for them. |
|
<li>On alpha, adapt the way the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/vga.4">vga(4)</a> textmode is obtained in order to support the Alphabook 1. |
|
<li>Add basic support for tag priorities to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a> |
|
<!-- 2015-07-24 --> |
|
<li>In libsndio, fix an arithmetic mistake causing errors when there are more xruns on the record side than on the play side. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>, clear watchdog timer when device is closed. This fixes a use-after-free in error code paths when the device is closed before the audio is stopped. |
|
<li>Improve syntax error reporting for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5">doas.conf(5)</a>. |
|
<!-- 2015-07-23 --> |
|
<li>Prevent a use-after-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bnx.4">bnx(4)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, change the expansion of %m and %c in installpath to the snapshots folder during -beta. |
|
<li>Revert attempted GPT code cleanup. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, escape the " character in the authentication realm. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/npppd.8">npppd(8)</a> use libradius. |
|
<!-- 2015-07-22 --> |
|
<li>Disable GPT support. It appears to create broken spoofed labels for empty disks. |
|
<li>Implement quoting support in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.5">doas.conf(5)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tail.1">tail(1)</a>, fix a memory leak when -r is used with anything but regular files. |
|
<!-- 2015-07-21 --> |
|
<li>Slam signal handlers harder in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>. |
|
<li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/execve.2">execve(2)</a> with <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4">systrace(4)</a>. |
|
<li>Generate new moduli for ssh. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/security.8">security(8)</a>, don't risk blocking when reading untrusted user files and for additional safety against race attacks, make sure they are regular files. |
|
<li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pvbus.4">pvbus(4)</a> to fully dynamic autoconf. |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpw.4">mpw(4)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>, always permit kbind (for dynamic linking) and add __thrsigdivert to the SELF list like the other threading calls. |
|
<li>Add a -C option to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a> to check config files without running. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/acpi.4">acpi(4)</a>, respect the access size when reading or writing to pci config space. This fixes battery status passthrough in vmware. |
|
<li>Add argument matching support to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>. |
|
<!-- 2015-07-20 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>: |
|
<ul> |
|
<li>Improve handling of addresses on ldpe. |
|
<li>Add configuration reload support. |
|
<li>Record all fields of the received label mappings. |
|
<li>Add VPLS signaling support. |
|
<li>Fix several IPC synchronization issues. |
|
<li>Improve the show lib command. |
|
<li>Re-enable the reload command. |
|
<li>Introduce two show commands for l2vpns. |
|
</ul> |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/radius.8">radius(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/radiusctl.8">radiusctl(8)</a>. |
|
<li>On amd64 and i386, add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pvbus.4">pvbus(4)</a>, a pseudo-bus to attach non-PCI paravirtual devices and buses. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, call the pager without the -T option if the temporary file cannot be created. |
|
<li>Add the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/radius_new_request_packet.3">radius</a> library. This will be used by the RADIUS server and client programs to manipulate RADIUS packets. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>, fix a segfault at startup. |
|
<li>In libssl, correct #if/else logic in BIO's dgram_ctrl (Coverity CID 72741). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pflow.4">pflow(4)</a>, use the kernel socket interface (<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/sosend.9">sosend(9)</a> etc.) instead of shoving packets directly into the network stack with ip_output(). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man6/backgammon.6">backgammon(6)</a>, ensure the computer's men actually move when the computer's move is printed. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, properly encode IpAddress, Gauge32, and Counter32 varbinds received from subagents. |
|
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/tty.4">tty(4)</a> hiwat handling. |
|
<li>Implement MPLS pseudowire (<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpw.4">mpw(4)</a>) to be used with VPLS and VPWS. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>: |
|
<ul> |
|
<li>Avoid NULL deref in openssl s_cb (Coverity CID 24956). |
|
<li>Don't try to run ECDH if ecdh_checks fails in openssl speed (Coverity CID 72744). |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>, crudely canonicalize paths before taming them. |
|
<li>On octeon, add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/octeon/amdcf.4">amdcf(4)</a>, a new flash driver that allows access to the internal memory on (at least) D-Link DSR500 machines. |
|
<li>Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>. This allows threaded programs to work. |
|
<li>Avoid a possible NULL dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a> s_server (Coverity CID 78873). |
|
<li>Add a quirk for Cirrus Logic PD6729: earlier silicon versions of this chip would advertize themselves as multi-function devices while they are not. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, don't accept sockets when syslogd reaches the file descriptor limit. Instead disable the listen event and wait for a second. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>, avoid dereferencing NULL (Coverity CID 21746). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>: |
|
<ul> |
|
<li>Don't dereference NULL FILE pointers. |
|
<li>Don't let any ioctls through with invalid file descriptors. |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bpgd.8">bgpd(8)</a>, execute the RDE and session engine process instead of just forking. This way ASLR and stack cookies are per process. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a> permit late calls to getpagesize() in programs. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add an option (history-file) for a file to save/restore command prompt history. |
|
<li>Plug various memory leaks in libssl. |
|
<li>Try to assign a secondary bus number if the BIOS left the CardBus bridge unconfigured. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, ensure http_path is escaped before using it in Location redirection. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, correct the tsl/fsl sequence to ]0 not ]2. |
|
<li>On alpha, avoid having always to follow two pointers in copy{in,out}{,str} to get to the address of the onfault handler. |
|
<!-- 2015-07-19 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>: |
|
<ul> |
|
<li>Warn when rename() fails in openssl apps (Coverity CIDs 78795 and 78803). |
|
<li>Remove check that is never true (Coverity CID 78799). |
|
<li>Check return value in openssl s_socket (Coverity CID 21655). |
|
<li>Check return value for ENGINE_ctrl and ENGINE_ctrl_cmd (Coverity CID 21645). |
|
</ul> |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/kbind.2">kbind(2)</a>, a syscall for ld.so to use to securely and efficiently update memory for lazy binding. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>, use a minimal set of stripped environment variables so that root shells read the right .kshrc. |
|
<li>On alpha and powerpc, make pmap_remove() grab the kernel lock. This makes MP machines work again with the unlocked reaper. |
|
<li>In octeon iobus, get rid of the static list of children devices and use only a lookup table for address hints where needed. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/netstart.8">netstart(8)</a>, bring up pflow last as it might send with a source address that is on any of the other interfaces. |
|
<li>In LibreSSL, remove the RSAX engine. |
|
<li>Allow line continuations with backslashes in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.5">doas.conf(5)</a>. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/iwm.4">iwm(4)</a> show command codes of unhandled firmware replies. |
|
<li>Change uvm_page[re]alloc_multi to actually use the flags passed in, and return a value so that they may be called with UVM_PLA_NOWAIT. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>: |
|
<ul> |
|
<li>Remove incomplete support for unnecessary modes of operation. |
|
<li>Rework label mapping algorithms to be more in line with the RFC. |
|
<li>Add full multipath support. |
|
<li>Send label withdraws when appropriate. |
|
<li>Add label withdraw/release wildcard support. |
|
<li>Implement MD5 authentication support. |
|
</ul> |
|
<li>In the installer, use the %c and %a fields in pkg.conf. |
|
<li>Show the tame flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ps.1">ps(1)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>: |
|
<ul> |
|
<li>Send only the best routes to lde. |
|
<li>On RTM_CHANGE, remove the old route before installing the new one. |
|
<li>On IMSG_CTL_KROUTE_ADDR, show all nexthops for multpath routes. |
|
<li>Uninstall associated label bindings when a neighbor is down. |
|
</ul> |
|
<li>In the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/install.1">install(1)</a>, do not use the mode set for the target file as the directory mode when using -D. |
|
<li>Enable GPT kernel support. |
|
<li>Define several new C99 macros in math.h. |
|
<li>In the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/nextafterl.3">nextafterl(3)</a> ld80 implementation, make exponents of x and y signed and fix esx and esy comparisons. |
|
<li>In the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/unbound.8">unbound(8)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rc.d.8">rc.d(8)</a> script, no longer gerate control keys/certificates if control-enable is used. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/unbound.8">unbound(8)</a>, enable the control socket by default without using keys/certificates for authentication. |
|
<li>On mips64, add proper kernel locking in fpe_branch_emulate(). This avoids race conditions that could corrupt amap entries. |
|
<li>On octeon, avoid a deadlock caused by disabled IPIs. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, handle error returns from bufferevent_write(). |
|
<li>Use two 2q caches for the buffer cache, moving previously warm buffers from the first queue to the second. |
|
<li>Use DEV_BSIZE instead of 512 where appropriate in the kernel. This starts laying the groundwork to allow disks with other sector sizes. |
|
<li>Adapt <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pms.4">pms(4)</a> so that the synaptics trackpad in the Dell L400 laptop can move the cursor in X. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/fuse.4">fuse(4)</a>, implement basic fh functions to avoid a panic. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/script.1">script(1)</a>, establish the SIGCHLD handler in the parent process only. |
|
<!-- 2015-07-18 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, do not fork and exec <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/gunzip.1">gunzip(1)</a>, but just link with libz instead. |
|
<li>Plug a potential memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pf.4">pf(4)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/ktrace.2">ktrace(2)</a>, make KTR_SYSRET records variables variables sized, leaving out the retval on error, including a long long retval on successful lseek(), and including a register_t retval for other successes. This fixes lseek reporting on ILP32 archs. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>: |
|
<ul> |
|
<li>Correctly check the return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/strtoll.3">strtoll(3)</a> (Coverity CID 105339). |
|
<li>Free a variable on error (Coverity CID 78826). |
|
<li>Free a variable before potentially reusing it (Coverity CID 78824). |
|
<li>Only close a descriptor if not already closed (Coverity CID 78916). |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, show 11n HTOP primary and secondary channel numbers for 40MHz BSS instead of showing just the primary one and "above" or "below" for secondary. |
|
<li>Rename the tps65090 driver to "tpspmic". |
|
<li>Introduce <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>, a subsystem which restricts programs into a "reduced feature operating model". |
|
<li>In libssl, remove the logic responsible for outputting most AES-NI instructions as raw byte sequences. |
|
<li>Revert the previous commit in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospfd.8">ospfd(8)</a> (properly handle carp interfaces in "backup" mode on start-up), because it breaks on systems without carp. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>, if execvpe fails with ENOENT, print "command not found", like sudo. |
|
<li>On exynos, make the keyboard driver poll until it can be improved more. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpd.8">snmpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>, don't return failure for agentx messages with 0-length payloads. This allows snmpd to properly handle ping messages from agentx subagents. |
|
<li>In libssl, abort when ENGINE_remove fails (Coverity CID 21656). |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> show HTOP elements in 11n management frames. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8">bioctl(8)</a>, remove the restriction to disallow the use of a passphrase file during initial creation of a crypto volume. |
|
<li>Remove workarounds in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> now that <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/tls_write.3">tls_write(3)</a> has short write semantics. |
|
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/tls_write.3">tls_write(3)</a> similar short write semantics as <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/write.2">write(2)</a>, so implementing daemons with libevent buffers will be easier. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ftp.1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, handle short writes and TLS_{READ,WRITE}_AGAIN around tls_write(). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/route.8">route(8)</a>, make all commands accepting the "-priority" switch recognize aliases for common priorities. |
|
<li>In libssl, don't dereference NULL (Coverity CID 78910). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, prevent the tls constraint state machine from getting hung on STATE_INVALID. |
|
<li>In libssl, remove the SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, fix malformed packets when returning "no such object/entry" errors for snmp requests. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/virtio.4">virtio(4)</a>, do the relatively expensive ISR read without kernel lock. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, tag dynamic routes with a "D". |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>, fix unbounded buffer growth. In the case of a slow client reading large files, we would consume large amounts of memory. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>, properly handle <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/carp.4">carp(4)</a> interfaces in "backup" mode on start-up. |
|
<li>Abstract the routing table internals behind an rtable_* API. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/acpicpu.4">acpicpu(4)</a>, if _CST provides a C2 or C3 but lacks a C1 that we understand, provide a fallback C1 state using "halt". |
|
<li>In libssl, check the return value of ASN1_STRING_set() (Coverity CIDs 24810 and 24846). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/install.1">install(1)</a>, add -D to create the full destination path before installing the source into it. |
|
<li>In ssh: |
|
<ul> |
|
<li>Skip uninitialised PKCS#11 slots (bz#2427). |
|
<li>Don't ignore PKCS#11 hosted keys that return empty CKA_ID (bz#2429). |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>, only query each keyboard-interactive device once per authentication request regardless of how many times it is listed. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>, add -s as a shorthand for "doas $SHELL". |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, allow to change the default media type globally or per-location. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, insist that manual page file name extensions must begin with a digit lest pkg.conf(5) be shown when pkg(5) is asked for. |
|
<!-- 2015-07-17 --> |
|
<li>Support HTTP Strict Transport Security (HSTS) in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tftpd.8">tftpd(8)</a> provide a block of random data when clients request the file /etc/random.seed. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, clean up the temporary file when the process dies from a signal. |
|
<li>In libssl, remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay. |
|
<li>On alpha, correctly set up interrupts. Now the kernel no longer get stuck with an SCSI interrupt storm at the end of autoconf. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, use RTF_CONNECTED to properly track connected routes. |
|
<li>On alpha, check for errors in the status register after performing a PCI configuration space read, for errors may not cause a machine check. This makes phantom PCI devices disappear on alphabook. |
|
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/route.8">route(8)</a> to show all routes with a priority or all routes without a specific priority. |
|
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/sysctl.3">sysctl(3)</a> to show all routes with a priority or all routes without a specific priority. |
|
<li>Plug a leak in libssl (Coverity CID 78897). |
|
<li>Drop promiscuously received packets if the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/trunk.4">trunk(4)</a> interface is not in promiscuous mode. |
|
<li>Add the _dpb, _pbuild, _pfetch users to do dpb multi-user builds. |
|
<li>On amd64 and i386, avoid assigning low addresses to PCI BARs. These addresses will never actually be routed to the PCI bus and therefore guaranteed not to work. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, add initial support for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/less.1">less(1)</a> -T and :t <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ctags.1">ctags(1)</a>-like functionality to jump to the definitions of various terms inside manual pages. |
|
<li>Make sound cards work on older PowerMacs. |
|
<li>Fix MPLS routing when receiving packet with multiple labels. |
|
<li>Release the kernel lock while tearing down the uvm map in the reaper. This speeds up workloads that fork a lot of processes and, more importantly, reduces latency. |
|
<li>Prevent non-ACPI uniprocessor i386 machines with NX/PAE from panicing in pcibiosattach. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>, filter routes based on RTF_LLINFO and RTF_BROADCAST flags and use RTF_CONNECTED to properly track connected routes. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, always set PATH_INFO. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sed.1">sed(1)</a>, add the -i flag to do in-place editing. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ripd.8">ripd(8)</a>, filter routes by RTF_LLINFO and RTF_BROADCAST and use RTF_CONNECTED to determine if a route is connected or not. |
|
<li>In binutils 2.17, correctly consume mandatory 0x66 prefix when disassembling aes{dec{,last},enc{,last},imc} instructions (a regression in 2.17) and correctly disassemble aeskeygenassist. |
|
<li>Plug a leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a> (Coverity CID 78877). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospfd.8">ospfd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospf6d.8">ospf6d(8)</a>, filter broadcast and llinfo routes, and adjust the tracking of connected routes to the new way. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpd.8">bpgd(8)</a>, only filter RTF_LLINFO or RTF_BROADCAST routes out but not RTF_LOCAL ones since we need those for loopback and point-to-point interfaces. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> decode the country element in 802.11 mgmt frames. |
|
<li>Announce an IP address after inserting its corresponding RTF_LOCAL route and not during the SIOCSIFADDR ioctl. This way addresses are not announced when an error occurs. |
|
<li>Manage spd entries by using the radix api directly instead of reaching around through the routing table. |
|
<li>Fix a regression introduced by the M_PROTO1 loop prevention cleaning because <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/gif.4">gif(4)</a> was abusing this flag to figure out if the packet was coming from a <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bridge.4">bridge(4)</a>.q |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rcctl.8">rcctl(8)</a> return 0 when using "getall". |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> display BSS load information contained in 802.11 mgmt frames. |
|
<li>Update to NSD 4.1.3. |
|
<li>Enable exynos on armv7. |
|
<li>Remove support for SSLv3 from <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a> ciphers, s_client, s_server and s_time. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/iked.8">iked(8)</a>, assign the correct destination port value for the destination netmask. This repairs setup of SPD flows that specify port only on the one side of the from-to specification. |
|
<li>Prevent a double free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>, fix hangs during clean-up after the audio device is disconnected or an unrecoverable error is detected. |
|
<li>In libssl and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>, remove workaround for TLS padding bug from SSLeay days. |
|
<!-- 2015-07-16 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>, fix an incorrect test for SSH1 keys when compiled without SSH1 support. |
|
<li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> from writing too much data into the log file. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a> fail if /etc/doas.conf is g+w or o+w or is not owned by root. |
|
<li>On amd64 and i386, remove the 4-second delay on reboot and shutdown that was added 8 years ago to "workaround MP timeout/splhigh/scsi race at reboot time". The issue probably has been fixed by now. |
|
<li>Allow (almost) any non-space character to be a part of "word" in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5">doas.conf(5)</a>. This allows weird commands like /bin/echo to be used for real. |
|
<li>Remove the IP_ROUTETOETHER pseudo-option. It is hack to support return-rst on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bridge.4">bridge(4)</a>. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> show 11n HT capabilities in 802.11 management frames. |
|
<li>Introduce <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1">doas(1)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/drm.4">drm(4)</a>, introduce a Linux-compatible wait_event API and use it in the inteldrm code. |
|
<li>In libssl, enforce V_ASN1_OCTET_STRING type before accessing the object as octet string (OpenSSL RT #3683). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, prevent having the whole file in RAM when it is read from disk faster than being sent to the client. |
|
<li>Fix Coverity CID 78921 in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1">openssl(1)</a>. |
|
<li>Fix Perl srand() to be a deterministic pseudorandom stream. |
|
<li>Plug a memory leak in libssl (Coverity CID 105348). |
|
<li>Ensure the signs of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/cacosh.3">cacosh(3) and cacoshf(3)</a> are correct. |
|
<!-- 2015-07-15 --> |
|
<li>On amd64 and i386, move grab/release of the kernel_lock for softintrs from the ASM stubs to softintr_dispatch(). |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/getty.8">getty(8)</a>, remove ancient support for edited hostnames. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/btree.3">btree(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/recno.3">recno(3)</a>, remove the stubby not working mmaped file support. |
|
<li>In libssl: |
|
<ul> |
|
<li>Check the return value of all used functions in OCSP_REQUEST_print() (Coverity CID 78796). |
|
<li>After reading a password with terminal echo off, restore the terminal to its original state instead of blindly turning echo on. |
|
</ul> |
|
<li>Update to Unbound 1.5.4. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/axen.4">axen(4)</a>: |
|
<ul> |
|
<li>Ignore the 4-byte trailing padding of each received packet when copying to the upper layer. |
|
<li>Add USB 3.0 related code. |
|
</ul> |
|
<li>Update to libdrm 2.4.62. |
|
<li>Refix memory handling for machines with less than 256M broken by r1.64 of src/sys/arch/octeon/octeon/machdep.c. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, use <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/vis.3">vis(3)</a> instead of url_encode() for some values like User-Agent. |
|
<li>In libssl, fix a few Coverity CIDs including 125063. |
|
<li>Recognize CARP interfaces when sending packet to a multicast address. |
|
<li>On arm and armv7, account for the fact that the exynos gic is not at a fixed offset from periphbase. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/urtw.4">urtw(4)</a>, fix error code paths to not panic the kernel. This makes the driver work with somewhat flaky urtw(4) devices. |
|
<li>In libssl: |
|
<ul> |
|
<li>The previous fix for Coverity CID 21785 did not cope correctly with the case where seed_len != 0 and seed_in == NULL. Since this situation is an error anyway, bail out early. |
|
<li>Do not allow TS_check_signer_name() with signer == NULL from int_TS_RESP_verify_token() (Coverity CID 21710). |
|
<li>Avoid leaking objects upon error. |
|
<li>Fix unchecked allocations, and make sure we do not leak upon error (Coverity CID 21739 and more). |
|
<li>Fix a memory leak (Coverity CID 78836). |
|
<li>Fix a possible 32-byte buffer overrun (Coverity CID 78869). |
|
<li>Fix two theoretical NULL pointer dereferences which can only happen if you have seriously corrupted your memory (Coverity CIDs 21708 and 21721). Also plug a memory leak. |
|
<li>Remove dead code (Coverity CID 21688). |
|
<li>Flense out dead code (Coverity CIDs 21691 and 21698). |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, allow the certificate and key to each be almost 16 kB rather than having a combined total of less than 16 kB. |
|
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a TCP socket can become confused and not properly cleanup resources.</font><br>A source code patch exists for <a href="errata56.html#027_tcp">5.6</a> and <a href="errata57.html#010_tcp">5.7</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>: |
|
<ul> |
|
<li>Fix memory leaks that can occur when config_getserver() fails. |
|
<li>Explicitly check for and handle EOF on a TLS connection. |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rc.d.8">rc.d(8)</a>, require an exact match of the process name and argument list by default. |
|
<li>Match another Netgear WG111T on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/uath.4">uath(4)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rc.d.8">rc.d(8)</a>, always use the default flags when running !start so that rc.d scripts launched with -f can be properly stopped, checked and reloaded. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ugold.4">ugold(4)</a>, add support for newer PCsensor TEMPerHUM thermo- and hygrometers. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sshd.1">sshd(1)</a>, fix a NULL dereference when SSHv1 is enabled. |
|
<li>Make "openssl pkeyutl -verify" return exit code 0 on success. |
|
<!-- 2015-07-14 --> |
|
<li>Fix a crash caused by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/uath.4">uath(4)</a> if device init fails. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rcctl.8">rcctl(8)</a>: |
|
<ul> |
|
<li>Deprecate the getall subcommand |
|
<li>Implement a new ls subcommand to list daemons according to the argument. |
|
<li>Make it possible to get the daemon_class. |
|
</ul> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, move the BIOCGSTATS ioctl operation done by the tcpdump process into a service provided by the privsep monitor. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/devname.3">devname(3)</a>, fall back to scanning /dev if /var/run/dev.db does not exist. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/find.1">find(1)</a>, fix a segmentation fault and a use-after-free. |
|
<li>Avoid a situation where we do not set the tcp persist timer after a zero window condition. |
|
<!-- 2015-07-13 --> |
|
<li>On octeon, do not attempt to configure octhci. It is superseded by dwc2. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>: |
|
<ul> |
|
<li>Revert to marking lines as wrapped on newlines. This fixes problems with capturep -J. |
|
<li>Add a -s flag to show-environment to output Bourne shell commands à la ssh-agent. |
|
<li>Add a format to show if client is a control client. |
|
<li>Fix a few problems when running out of file descriptors. |
|
<li>Ignore environment variables that are too long to send to the server. |
|
<li>Reset G0/G1 state when resetting everything else with send-keys -R. |
|
</ul> |
|
<li>First stab at making the hppa mpsafe. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/devname.3">devname(3)</a>, don't write a warning to stderr if the db cannot be opened. This avoids bogus warnings in chroots. |
|
<!-- 2015-07-12 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, don't consider \v and \f printable characters. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cwm.1">cwm(1)</a>, introduce "groupsearch" for group menu search. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/xhci.4">xhci(4)</a>, do not trust the hardware when it says that the number of remaining bytes to transfer is superior to the length of the transfer. |
|
<!-- 2015-07-10 --> |
|
<li>On i386, amd64 and sparc64, don't call <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/pool_put.9">pool_put(9)</a> while holding a mutex to prevent lock ordering problems between the per-pmap mutexes and the kernel lock. This happens because pool_put(9) may grab the kernel lock when it decides to free a pool page. |
|
<li>In ssh, turn off DSA by default. Add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side so it can be turned back on. |
|
<!-- 2015-07-09 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, ensure the privsep parent and syslogd child are kept in sync if the fd limit is reached. |
|
<li>Disable pool_gc on m88k if MULTIPROCESSOR. |
|
<li>Avoid a double free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>. |
|
<li>On amd64, prevent possible interrupt recursion before unwinding the stack. |
|
<li>In ssh, re-enable ed25519-certs if compiled without OpenSSL. |
|
<!-- 2015-07-08 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8">fdisk(8)</a>, dDo not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, properly handle files >= 4 GB on 32-bit architectures. |
|
<li>Switch "openssl dhparam" default from 512 to 2048 bits. |
|
<li>Fix a use-after-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/et.4">et(4)</a>. |
|
<li>Unify the mutex implementations on all the mips64 platforms. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pf.4">pf(4)</a>, avoid strange state match and create behavior when IPsec is involved. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpd.8">bgpd(8)</a> properly handle interface routes since they no longer have a "gateway" sockaddr of type AF_LINK. |
|
<li>Use a new RTF_CONNECTED flag for interface (connected) routes. |
|
<li>Disallow userland from setting RTF_LOCAL and RTF_BROADCAST. |
|
<li>Replace MFREE(9) with <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/m_freem.9">m_freem(9)</a>. |
|
<!-- 2015-07-07 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ddb.4">ddb(4)</a>, return the correct file name entry from the DWARF line table. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/iked.8">iked(8)</a>, repair policy-ikesa-linking. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/vi.1">vi(1)</a>, fix a regression caused by timespec changes when run without a file to edit. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add the -T option to accept messages on a TCP socket. |
|
<li>Unbreak option parsing in libfuse. |
|
<li>Make non-kms pci video drivers work again on platforms other than i386 and amd64. |
|
<!-- 2015-07-06 --> |
|
<li>On armv7, use u-boot.img instead of u-boot.bin on the panda and beagle. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/comsat.8">comsat(8)</a>, don't discard comsat messages with trailing whitespace. |
|
<li>Add IPv6 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/mail.local.8">mail.local(8)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, update the environment with -E when attach-session used on an already attached session or switch-client used on the current session. |
|
<!-- 2015-07-05 --> |
|
<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> run with non-blocking sockets. |
|
<!-- 2015-07-04 --> |
|
<li>On vax, replace the manual buf list management with a fifo bufq. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/qe.4">qe(4)</a>, count outgoing packets. |
|
<!-- 2015-07-03 --> |
|
<li>Remove sudo; it has moved to ports. |
|
<li>Revert r1.111 of xenocara/app/cwm/kbfunc.c: it broke application menu searching. |
|
<li>Add static PIE support to sparc. |
|
<li>On sparc, correctly handle relative-type relocations. |
|
<!-- 2015-07-02 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh.1">ssh(1)</a>, turn off the 1024-bit diffie-hellman-group1-sha1 key exchange method. |
|
<li>In ssh: |
|
<ul> |
|
<li>Remove support for legacy v00 certificates. |
|
<li>Refuse to generate or accept RSA keys smaller than 1024 bits. |
|
</ul> |
|
<li>Put KERNEL_LOCK/KERNEL_UNLOCK around the pipex destination for mbufs until it is properly MP-protected. |
|
<li>On i386, tweak MUTEX_ASSERT_LOCKED and MUTEX_ASSERT_UNLOCKED to only look at the owner. |
|
<li>On i386, make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/pmap.9">pmap_enter(9), pmap_remove(9) and pmap_page_protect(9)</a> safe to use without holding the kernel lock. Unfortunately there still seems to be an issue that causes deadlocks under pressure. |
|
<li>On m88k, fix MUTEX_ASSERT_LOCKED and MUTEX_ASSERT_UNLOCKED so that they check whether the mutex is locked by the current CPU rather than any CPU. |
|
<!-- 2015-07-01 --> |
|
<li>Introduce <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/srp_enter.9">shared reference pointers</a> (srp). |
|
<li>Compile-time disable SSH version 1 again. |
<!-- 2015-06-30 --> |
<!-- 2015-06-30 --> |
<li>In ssh, better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires. |
<li>In ssh, better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add a -U option to specify an explicit address to receive UDP packets. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add a -U option to specify an explicit address to receive UDP packets. |
|
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make "new -d" work without unsetting $TMUX. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make "new -d" work without unsetting $TMUX. |
<li>Add the new <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtwn.4">rtwn(4)</a> for RTL8188CE wifi cards. |
<li>Add the new <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtwn.4">rtwn(4)</a> for RTL8188CE wifi cards. |
<li>Check for a resolv.conf update the first time the resolver is used after pid has changed. |
<li>Check for a resolv.conf update the first time the resolver is used after pid has changed. |
<li>Add support for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/em.4">em(4)</a> on the Teak 3020, a system based on the Intel Tolopai (EP80579). |
<li>Add support for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/em.4">em(4)</a> on the Teak 3020, a system based on the Intel Tolopai (EP80579). |
<li>Prevent a kernel panic on macppc caused by the kernel perfpolicy code. |
<li>Prevent a kernel panic on macppc caused by the kernel perfpolicy code. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>: |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>: |
<ul> |
<ul> |