Annotation of www/plus58.html, Revision 1.13
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.8 changes</title>
5: <meta name="description" content="OpenBSD 5.8 changes">
6: <meta name="copyright" content="This document copyright 1996-2012 by OpenBSD.">
7: <link rel="canonical" href="http://www.openbsd.org/plus58.html">
8: </head>
9:
10: <body bgcolor="#ffffff" text="#000000" link="#23238e">
11:
12: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
13: <p>
1.10 lum 14: <h2><font color="#e00000">OpenBSD 5.8 released (Oct 18, 2015)</font></h2>
1.1 deraadt 15: <hr>
16:
17: <p>
18: This selection is intended to include all important
19: and all user-visible changes.
20: For a complete record of all changes, please see the "source-changes"
21: mailing list, called "OpenBSD CVS"
22: in the <a href="mail.html#Archives">archives</a>,
23: or use <a href="anoncvs.html#CVS">CVS</a>.
24:
25: <p>
26: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
27:
28: <p>
29: For changes in other releases, click below:<br>
30: <a href="plus20.html">2.0</a>,
31: <a href="plus21.html">2.1</a>,
32: <a href="plus22.html">2.2</a>,
33: <a href="plus23.html">2.3</a>,
34: <a href="plus24.html">2.4</a>,
35: <a href="plus25.html">2.5</a>,
36: <a href="plus26.html">2.6</a>,
37: <a href="plus27.html">2.7</a>,
38: <a href="plus28.html">2.8</a>,
39: <a href="plus29.html">2.9</a>,
40: <a href="plus30.html">3.0</a>,
41: <a href="plus31.html">3.1</a>,
42: <a href="plus32.html">3.2</a>,
43: <a href="plus33.html">3.3</a>,
44: <a href="plus34.html">3.4</a>,
45: <a href="plus35.html">3.5</a>,
46: <a href="plus36.html">3.6</a>,
47: <br>
48: <a href="plus37.html">3.7</a>,
49: <a href="plus38.html">3.8</a>,
50: <a href="plus39.html">3.9</a>,
51: <a href="plus40.html">4.0</a>,
52: <a href="plus41.html">4.1</a>,
53: <a href="plus42.html">4.2</a>,
54: <a href="plus43.html">4.3</a>,
55: <a href="plus44.html">4.4</a>,
56: <a href="plus45.html">4.5</a>,
57: <a href="plus46.html">4.6</a>,
58: <a href="plus47.html">4.7</a>,
59: <a href="plus48.html">4.8</a>,
60: <a href="plus49.html">4.9</a>,
61: <a href="plus50.html">5.0</a>,
62: <a href="plus51.html">5.1</a>,
63: <a href="plus52.html">5.2</a>,
64: <a href="plus53.html">5.3</a>,
65: <br>
66: <a href="plus54.html">5.4</a>,
67: <a href="plus55.html">5.5</a>,
68: <a href="plus56.html">5.6</a>,
69: <a href="plus57.html">5.7</a>,
1.12 deraadt 70: <a href="plus59.html">5.9</a>,
1.1 deraadt 71: <a href="plus.html">current</a>.
72: <br>
73:
74: <p>
75: <h3><font color="#0000e0">Changes made between OpenBSD 5.7 and 5.8</font></h3>
76: <p>
77:
78: <ul>
1.7 deraadt 79: <!-- 2015-08-06 -->
1.13 ! beck 80: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>, add prohibit-password as a synonym for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only.
1.7 deraadt 81: <li>In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password".
82: <!-- 2015-08-05 -->
1.13 ! beck 83: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/em.4">em(4)</a>, fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed.
1.7 deraadt 84: <!-- 2015-08-04 -->
85: <li>Skip C2 and C3 states from the FADT if the cpu doesn't have ARAT.
1.13 ! beck 86: <li>Do not save and restore a read-only capability register in <a href="http://man.openbsd.org/OpenBSD-current/man4/acpihpet.4">acpihpet(4)</a>.
! 87: <li>Fix <a href="http://man.openbsd.org/OpenBSD-current/man4/clct.4">clct(4)</a> which was stuttering to the point of being useless.
! 88: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/identd.8">identd(8)</a>, don't die on socket operation errors.
1.7 deraadt 89: <!-- 2015-08-03 -->
1.13 ! beck 90: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/acpicpu.4">acpicpu(4)</a>, provide the fallback C1-via-halt even when _CST can't be evaluated. This fixes systems that only provide _CST for a subset of the CPUs.
! 91: <li>Fix incorrect register offsets in <a href="http://man.openbsd.org/OpenBSD-current/man4/acpihpet.4">acpihpet(4)</a>.
1.7 deraadt 92: <li>In binutils 2.17, work around a NULL dereference when a plt entry is not found.
1.13 ! beck 93: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/netstat.1">netstat(1)</a>, show TCP states that were hidden after netstat's conversion from kvm to sysctl.
! 94: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/rarpd.8">rarpd(8)</a>, fix a a regression introduced with the support of multiple connected routes.
! 95: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, avoid a panic triggered for a reply-to rule.
1.7 deraadt 96: <li>On mips64, avoid a potential deadlock by enabling IPIs before calling refreshcreds() in trap().
1.13 ! beck 97: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, fix a problem caused by r1.70 of server.c by re-enabling the buffer event only if it was disabled previously.
1.7 deraadt 98: <li>Enable the xdm installer question on macppc.
99: <!-- 2015-08-02 -->
1.13 ! beck 100: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/radiusd.8">radiusd(8)</a>:
1.7 deraadt 101: <ul>
102: <li>Allow to start without -d.
1.13 ! beck 103: <li>Use <a href="http://man.openbsd.org/OpenBSD-current/man3/syslog.3">syslog(3)</a> instead of stderr.
1.7 deraadt 104: <li>Fix radiusd_module to stop when the daemon stops.
105: <li>Fire pending events when the module starts.
106: <li>Check the received packet length properly.
107: </ul>
108: <!-- 2015-08-01 -->
1.13 ! beck 109: <li>Fix a potential out-of-bounds read in <a href="http://man.openbsd.org/OpenBSD-current/man3/fnmatch.3">fnmatch(3)</a>.
1.6 deraadt 110: <!-- 2015-07-30 -->
111: <li>On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations.
1.13 ! beck 112: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing <a href="http://man.openbsd.org/OpenBSD-current/man1/ed.1">ed(1)</a>-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>.
! 113: <li>Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing <a href="http://man.openbsd.org/OpenBSD-current/man1/patch.1">patch(1)</a> about the state of the <a href="http://man.openbsd.org/OpenBSD-current/man1/ed.1">ed(1)</a> child process is in.
1.6 deraadt 114: <li>Turn off POOL_DEBUG for release.
1.13 ! beck 115: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, repair HSTS header output.
! 116: <li>Fix pty permissions in <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>.
1.6 deraadt 117: <li>In the installer, make "without-password" the default answer to the "Allow root ssh login?" question.
1.13 ! beck 118: <li>Change the <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a> PermitRootLogin default to "without-password".
! 119: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ksh.1">ksh(1)</a>, fix the baskslash-escaped codes ("\nnn") usage in PS1.
1.6 deraadt 120: <!-- 2015-07-29 -->
1.13 ! beck 121: <li>Allow <a href="http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5">ssh_config(5)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a> kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it.
! 122: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/envy.4">envy(4)</a>, properly recover when interrupts are blocked for too long. This fixes permanent distortion on MP systems.
! 123: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, fix a bug where other than the last of multiple forward rules in http protocols would be ignored.
1.6 deraadt 124: <li>Add linker warnings in case SSLv3_{,client,server}_method are referenced.
125: <li>On macppc, powerpc and socppc, do not save the status register and restore it for machine check exceptions.
126: <li>Revert r1.289 of src/sys/dev/acpi/acpi.c (respect the access size when reading or writing to pci config space). It is locking up suspend or boot on some laptops.
1.13 ! beck 127: <li>Disable <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a> with ENOSYS for upcoming release cycle.
1.6 deraadt 128: <li>Acquire the kernel lock in pmap_remove(). The reasons for this can't be stated as the committer has been asked to be polite in his commit message.
1.13 ! beck 129: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/azalia.4">azalia(4)</a>, rework the buffer position reporting code.
1.6 deraadt 130: <!-- 2015-07-28 -->
131: <li>Build r300g and r600g on macppc and sparc64.
132: <li>Make the Gallium r300 works on big-endian architectures.
133: <li>In case the system misses enough audio interrupts for DMA pointers to wrap, recover by detecting and compensating for the missed interrupts. This fixes certain audio hangs on MP machines.
1.13 ! beck 134: <li>In libsndio and <a href="http://man.openbsd.org/OpenBSD-current/man1/audioctl.1">audioctl(1)</a>, use the new AUDIO_GETPOS ioctl instead of AUDIO_GETxOFFS and AUDIO_xERROR.
1.6 deraadt 135: <li>Add the AUDIO_GETPOS ioctl to fetch a snapshot of the 4 counters returned by AUDIO_GETxOFFS and AUDIO_xERROR ioctls.
1.13 ! beck 136: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, remove the hack of scrolling forward and backward with +G1G. Instead, when using a pager, use another temporary file for the formatted page(s).
1.6 deraadt 137: <li>For unix domain sequenced packet socket pairs, don't report an EMSGSIZE error when the sent message was not too large.
1.13 ! beck 138: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>, fix keepenv handling.
! 139: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, make -B cope with bad checksums.
! 140: <li>Implement <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a> divert-reply for raw sockets.
1.6 deraadt 141: <li>Do not link an ICMP6 socket to the pf state.
1.13 ! beck 142: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, add HSTS to fcgi responses.
1.6 deraadt 143: <!-- 2015-07-27 -->
144: <li>Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), sendmsg(), and recvmsg().
1.13 ! beck 145: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/gcc.1">gcc(1)</a>, implement support for __builtin_complex() to construct complex values. This is required by the upcoming libm work.
! 146: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man5/disktab.5">disktab(5)</a> on i386, fix geometry of rdroot entry.
! 147: <li>Rather than disabling <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a> to coredump, leave it enabled but flag that a coredump is happening. This improves behaviour while threaded.
1.6 deraadt 148: <li>On mips64, allow coalescing of IPI requests on mips64, to make IPI sending non-blocking.
1.13 ! beck 149: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, permit <a href="http://man.openbsd.org/OpenBSD-current/man2/kbind.2">kbind(2)</a> use in the sandbox.
! 150: <li>Enforce <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a> by disabling all TAME_ flags if tame_fail() is reached, not only if TAME_ABORT is set.
1.6 deraadt 151: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file.</font><br>A source code patch exists for <a href="errata56.html#029_patch">5.6</a> and <a href="errata57.html#012_execve">5.7</a>. These patches remove the RCS support.
152: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.</font><br>A source code patch exists for <a href="errata56.html#028_execve">5.6</a> and <a href="errata57.html#011_execve">5.7</a>.
1.13 ! beck 153: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/radiusd.8">radiusd(8)</a>, make the modules priviledge-separated.
! 154: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make -q suppress ambiguous option warnings too.
1.6 deraadt 155: <!-- 2015-07-26 -->
1.13 ! beck 156: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>:
1.6 deraadt 157: <ul>
158: <li>Implement command matching without execution.
159: <li>Don't exit when the command line is too long to log.
160: </ul>
1.13 ! beck 161: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/patch.1">patch(1)</a>, remove support for automatically checking files out of RCS. This may cause patch to be tricked into running arbitrary shell code with a specially crafted diff.
! 162: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man5/disktab.5">disktab(5)</a> on amd64, fix ba# attribute in rdroot entry.
1.6 deraadt 163: <li>Update to terminfo 20150725.
164: <!-- 2015-07-25 -->
165: <li>On alpha, ensure pci_intr_map() will perform proper interrupt swizzling for devices behind a bridge, if the SRM didn't pick an interrupt line for them.
1.13 ! beck 166: <li>On alpha, adapt the way the <a href="http://man.openbsd.org/OpenBSD-current/man4/vga.4">vga(4)</a> textmode is obtained in order to support the Alphabook 1.
! 167: <li>Add basic support for tag priorities to <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>
1.6 deraadt 168: <!-- 2015-07-24 -->
169: <li>In libsndio, fix an arithmetic mistake causing errors when there are more xruns on the record side than on the play side.
1.13 ! beck 170: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>, clear watchdog timer when device is closed. This fixes a use-after-free in error code paths when the device is closed before the audio is stopped.
! 171: <li>Improve syntax error reporting for <a href="http://man.openbsd.org/OpenBSD-current/man5/doas.conf.5">doas.conf(5)</a>.
1.6 deraadt 172: <!-- 2015-07-23 -->
1.13 ! beck 173: <li>Prevent a use-after-free in <a href="http://man.openbsd.org/OpenBSD-current/man4/bnx.4">bnx(4)</a>.
! 174: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, change the expansion of %m and %c in installpath to the snapshots folder during -beta.
1.6 deraadt 175: <li>Revert attempted GPT code cleanup.
1.13 ! beck 176: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, escape the " character in the authentication realm.
! 177: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/npppd.8">npppd(8)</a> use libradius.
1.6 deraadt 178: <!-- 2015-07-22 -->
179: <li>Disable GPT support. It appears to create broken spoofed labels for empty disks.
1.13 ! beck 180: <li>Implement quoting support in <a href="http://man.openbsd.org/OpenBSD-current/man5/doas.5">doas.conf(5)</a>.
! 181: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tail.1">tail(1)</a>, fix a memory leak when -r is used with anything but regular files.
1.6 deraadt 182: <!-- 2015-07-21 -->
1.13 ! beck 183: <li>Slam signal handlers harder in <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>.
! 184: <li>Plug a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man2/execve.2">execve(2)</a> with <a href="http://man.openbsd.org/OpenBSD-current/man4/systrace.4">systrace(4)</a>.
1.6 deraadt 185: <li>Generate new moduli for ssh.
1.13 ! beck 186: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/security.8">security(8)</a>, don't risk blocking when reading untrusted user files and for additional safety against race attacks, make sure they are regular files.
! 187: <li>Switch <a href="http://man.openbsd.org/OpenBSD-current/man4/pvbus.4">pvbus(4)</a> to fully dynamic autoconf.
! 188: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man4/mpw.4">mpw(4)</a> support to <a href="http://man.openbsd.org/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a>.
! 189: <li>In <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>, always permit kbind (for dynamic linking) and add __thrsigdivert to the SELF list like the other threading calls.
! 190: <li>Add a -C option to <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a> to check config files without running.
! 191: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/acpi.4">acpi(4)</a>, respect the access size when reading or writing to pci config space. This fixes battery status passthrough in vmware.
! 192: <li>Add argument matching support to <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>.
1.6 deraadt 193: <!-- 2015-07-20 -->
1.13 ! beck 194: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>:
1.6 deraadt 195: <ul>
196: <li>Improve handling of addresses on ldpe.
197: <li>Add configuration reload support.
198: <li>Record all fields of the received label mappings.
199: <li>Add VPLS signaling support.
200: <li>Fix several IPC synchronization issues.
201: <li>Improve the show lib command.
202: <li>Re-enable the reload command.
203: <li>Introduce two show commands for l2vpns.
204: </ul>
1.13 ! beck 205: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man8/radius.8">radius(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/radiusctl.8">radiusctl(8)</a>.
! 206: <li>On amd64 and i386, add <a href="http://man.openbsd.org/OpenBSD-current/man4/pvbus.4">pvbus(4)</a>, a pseudo-bus to attach non-PCI paravirtual devices and buses.
! 207: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, call the pager without the -T option if the temporary file cannot be created.
! 208: <li>Add the <a href="http://man.openbsd.org/OpenBSD-current/man3/radius_new_request_packet.3">radius</a> library. This will be used by the RADIUS server and client programs to manipulate RADIUS packets.
! 209: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>, fix a segfault at startup.
1.6 deraadt 210: <li>In libssl, correct #if/else logic in BIO's dgram_ctrl (Coverity CID 72741).
1.13 ! beck 211: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pflow.4">pflow(4)</a>, use the kernel socket interface (<a href="http://man.openbsd.org/OpenBSD-current/man9/sosend.9">sosend(9)</a> etc.) instead of shoving packets directly into the network stack with ip_output().
! 212: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man6/backgammon.6">backgammon(6)</a>, ensure the computer's men actually move when the computer's move is printed.
! 213: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, properly encode IpAddress, Gauge32, and Counter32 varbinds received from subagents.
! 214: <li>Improve <a href="http://man.openbsd.org/OpenBSD-current/man4/tty.4">tty(4)</a> hiwat handling.
! 215: <li>Implement MPLS pseudowire (<a href="http://man.openbsd.org/OpenBSD-current/man4/mpw.4">mpw(4)</a>) to be used with VPLS and VPWS.
! 216: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>:
1.6 deraadt 217: <ul>
218: <li>Avoid NULL deref in openssl s_cb (Coverity CID 24956).
219: <li>Don't try to run ECDH if ecdh_checks fails in openssl speed (Coverity CID 72744).
220: </ul>
1.13 ! beck 221: <li>In <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>, crudely canonicalize paths before taming them.
! 222: <li>On octeon, add <a href="http://man.openbsd.org/OpenBSD-current/man4/octeon/amdcf.4">amdcf(4)</a>, a new flash driver that allows access to the internal memory on (at least) D-Link DSR500 machines.
! 223: <li>Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>. This allows threaded programs to work.
! 224: <li>Avoid a possible NULL dereference in <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a> s_server (Coverity CID 78873).
1.6 deraadt 225: <li>Add a quirk for Cirrus Logic PD6729: earlier silicon versions of this chip would advertize themselves as multi-function devices while they are not.
1.13 ! beck 226: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, don't accept sockets when syslogd reaches the file descriptor limit. Instead disable the listen event and wait for a second.
! 227: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>, avoid dereferencing NULL (Coverity CID 21746).
! 228: <li>In <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>:
1.6 deraadt 229: <ul>
230: <li>Don't dereference NULL FILE pointers.
231: <li>Don't let any ioctls through with invalid file descriptors.
232: </ul>
1.13 ! beck 233: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bpgd.8">bgpd(8)</a>, execute the RDE and session engine process instead of just forking. This way ASLR and stack cookies are per process.
! 234: <li>Have <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a> permit late calls to getpagesize() in programs.
! 235: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add an option (history-file) for a file to save/restore command prompt history.
1.6 deraadt 236: <li>Plug various memory leaks in libssl.
237: <li>Try to assign a secondary bus number if the BIOS left the CardBus bridge unconfigured.
1.13 ! beck 238: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, ensure http_path is escaped before using it in Location redirection.
! 239: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, correct the tsl/fsl sequence to ]0 not ]2.
1.6 deraadt 240: <li>On alpha, avoid having always to follow two pointers in copy{in,out}{,str} to get to the address of the onfault handler.
241: <!-- 2015-07-19 -->
1.13 ! beck 242: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>:
1.6 deraadt 243: <ul>
244: <li>Warn when rename() fails in openssl apps (Coverity CIDs 78795 and 78803).
245: <li>Remove check that is never true (Coverity CID 78799).
246: <li>Check return value in openssl s_socket (Coverity CID 21655).
247: <li>Check return value for ENGINE_ctrl and ENGINE_ctrl_cmd (Coverity CID 21645).
248: </ul>
1.13 ! beck 249: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man2/kbind.2">kbind(2)</a>, a syscall for ld.so to use to securely and efficiently update memory for lazy binding.
! 250: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>, use a minimal set of stripped environment variables so that root shells read the right .kshrc.
1.6 deraadt 251: <li>On alpha and powerpc, make pmap_remove() grab the kernel lock. This makes MP machines work again with the unlocked reaper.
252: <li>In octeon iobus, get rid of the static list of children devices and use only a lookup table for address hints where needed.
1.13 ! beck 253: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/netstart.8">netstart(8)</a>, bring up pflow last as it might send with a source address that is on any of the other interfaces.
1.6 deraadt 254: <li>In LibreSSL, remove the RSAX engine.
1.13 ! beck 255: <li>Allow line continuations with backslashes in <a href="http://man.openbsd.org/OpenBSD-current/man5/doas.5">doas.conf(5)</a>.
! 256: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a> show command codes of unhandled firmware replies.
1.6 deraadt 257: <li>Change uvm_page[re]alloc_multi to actually use the flags passed in, and return a value so that they may be called with UVM_PLA_NOWAIT.
1.13 ! beck 258: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>:
1.6 deraadt 259: <ul>
260: <li>Remove incomplete support for unnecessary modes of operation.
261: <li>Rework label mapping algorithms to be more in line with the RFC.
262: <li>Add full multipath support.
263: <li>Send label withdraws when appropriate.
264: <li>Add label withdraw/release wildcard support.
265: <li>Implement MD5 authentication support.
266: </ul>
1.13 ! beck 267: <li>In the installer, use the %c and %a fields in <a href="http://man.openbsd.org/OpenBSD-current/man5/pkg.conf.5">pkg.conf(5)</a>.
! 268: <li>Show the tame flag in <a href="http://man.openbsd.org/OpenBSD-current/man1/ps.1">ps(1)</a>.
! 269: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>:
1.6 deraadt 270: <ul>
271: <li>Send only the best routes to lde.
272: <li>On RTM_CHANGE, remove the old route before installing the new one.
273: <li>On IMSG_CTL_KROUTE_ADDR, show all nexthops for multpath routes.
274: <li>Uninstall associated label bindings when a neighbor is down.
275: </ul>
1.13 ! beck 276: <li>In the <a href="http://man.openbsd.org/OpenBSD-current/man1/install.1">install(1)</a>, do not use the mode set for the target file as the directory mode when using -D.
1.6 deraadt 277: <li>Enable GPT kernel support.
278: <li>Define several new C99 macros in math.h.
1.13 ! beck 279: <li>In the <a href="http://man.openbsd.org/OpenBSD-current/man3/nextafterl.3">nextafterl(3)</a> ld80 implementation, make exponents of x and y signed and fix esx and esy comparisons.
! 280: <li>In the <a href="http://man.openbsd.org/OpenBSD-current/man8/unbound.8">unbound(8)</a> <a href="http://man.openbsd.org/OpenBSD-current/man8/rc.d.8">rc.d(8)</a> script, no longer gerate control keys/certificates if control-enable is used.
! 281: <li><a href="http://man.openbsd.org/OpenBSD-current/man8/unbound.8">unbound(8)</a>, enable the control socket by default without using keys/certificates for authentication.
1.6 deraadt 282: <li>On mips64, add proper kernel locking in fpe_branch_emulate(). This avoids race conditions that could corrupt amap entries.
283: <li>On octeon, avoid a deadlock caused by disabled IPIs.
1.13 ! beck 284: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, handle error returns from bufferevent_write().
1.6 deraadt 285: <li>Use two 2q caches for the buffer cache, moving previously warm buffers from the first queue to the second.
286: <li>Use DEV_BSIZE instead of 512 where appropriate in the kernel. This starts laying the groundwork to allow disks with other sector sizes.
1.13 ! beck 287: <li>Adapt <a href="http://man.openbsd.org/OpenBSD-current/man4/pms.4">pms(4)</a> so that the synaptics trackpad in the Dell L400 laptop can move the cursor in X.
! 288: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/fuse.4">fuse(4)</a>, implement basic fh functions to avoid a panic.
! 289: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/script.1">script(1)</a>, establish the SIGCHLD handler in the parent process only.
1.6 deraadt 290: <!-- 2015-07-18 -->
1.13 ! beck 291: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, do not fork and exec <a href="http://man.openbsd.org/OpenBSD-current/man1/gunzip.1">gunzip(1)</a>, but just link with libz instead.
! 292: <li>Plug a potential memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>.
! 293: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man2/ktrace.2">ktrace(2)</a>, make KTR_SYSRET records variables variables sized, leaving out the retval on error, including a long long retval on successful lseek(), and including a register_t retval for other successes. This fixes lseek reporting on ILP32 archs.
! 294: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>:
1.6 deraadt 295: <ul>
1.13 ! beck 296: <li>Correctly check the return value of <a href="http://man.openbsd.org/OpenBSD-current/man3/strtoll.3">strtoll(3)</a> (Coverity CID 105339).
1.6 deraadt 297: <li>Free a variable on error (Coverity CID 78826).
298: <li>Free a variable before potentially reusing it (Coverity CID 78824).
299: <li>Only close a descriptor if not already closed (Coverity CID 78916).
300: </ul>
1.13 ! beck 301: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, show 11n HTOP primary and secondary channel numbers for 40MHz BSS instead of showing just the primary one and "above" or "below" for secondary.
1.6 deraadt 302: <li>Rename the tps65090 driver to "tpspmic".
1.13 ! beck 303: <li>Introduce <a href="http://man.openbsd.org/OpenBSD-5.8/man2/tame.2">tame(2)</a>, a subsystem which restricts programs into a "reduced feature operating model".
1.6 deraadt 304: <li>In libssl, remove the logic responsible for outputting most AES-NI instructions as raw byte sequences.
1.13 ! beck 305: <li>Revert the previous commit in <a href="http://man.openbsd.org/OpenBSD-current/man8/ospfd.8">ospfd(8)</a> (properly handle carp interfaces in "backup" mode on start-up), because it breaks on systems without carp.
! 306: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>, if execvpe fails with ENOENT, print "command not found", like sudo.
1.6 deraadt 307: <li>On exynos, make the keyboard driver poll until it can be improved more.
1.13 ! beck 308: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, don't return failure for agentx messages with 0-length payloads. This allows snmpd to properly handle ping messages from agentx subagents.
1.6 deraadt 309: <li>In libssl, abort when ENGINE_remove fails (Coverity CID 21656).
1.13 ! beck 310: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> show HTOP elements in 11n management frames.
! 311: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bioctl.8">bioctl(8)</a>, remove the restriction to disallow the use of a passphrase file during initial creation of a crypto volume.
! 312: <li>Remove workarounds in <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> now that <a href="http://man.openbsd.org/OpenBSD-current/man3/tls_write.3">tls_write(3)</a> has short write semantics.
! 313: <li>Give <a href="http://man.openbsd.org/OpenBSD-current/man3/tls_write.3">tls_write(3)</a> similar short write semantics as <a href="http://man.openbsd.org/OpenBSD-current/man2/write.2">write(2)</a>, so implementing daemons with libevent buffers will be easier.
! 314: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ftp.1">ftp(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, handle short writes and TLS_{READ,WRITE}_AGAIN around tls_write().
! 315: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/route.8">route(8)</a>, make all commands accepting the "-priority" switch recognize aliases for common priorities.
1.6 deraadt 316: <li>In libssl, don't dereference NULL (Coverity CID 78910).
1.13 ! beck 317: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, prevent the tls constraint state machine from getting hung on STATE_INVALID.
1.6 deraadt 318: <li>In libssl, remove the SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.
1.13 ! beck 319: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, fix malformed packets when returning "no such object/entry" errors for snmp requests.
! 320: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/virtio.4">virtio(4)</a>, do the relatively expensive ISR read without kernel lock.
! 321: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, tag dynamic routes with a "D".
! 322: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, fix unbounded buffer growth. In the case of a slow client reading large files, we would consume large amounts of memory.
! 323: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>, properly handle <a href="http://man.openbsd.org/OpenBSD-current/man4/carp.4">carp(4)</a> interfaces in "backup" mode on start-up.
1.6 deraadt 324: <li>Abstract the routing table internals behind an rtable_* API.
1.13 ! beck 325: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/acpicpu.4">acpicpu(4)</a>, if _CST provides a C2 or C3 but lacks a C1 that we understand, provide a fallback C1 state using "halt".
1.6 deraadt 326: <li>In libssl, check the return value of ASN1_STRING_set() (Coverity CIDs 24810 and 24846).
1.13 ! beck 327: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/install.1">install(1)</a>, add -D to create the full destination path before installing the source into it.
1.6 deraadt 328: <li>In ssh:
329: <ul>
330: <li>Skip uninitialised PKCS#11 slots (bz#2427).
331: <li>Don't ignore PKCS#11 hosted keys that return empty CKA_ID (bz#2429).
332: </ul>
1.13 ! beck 333: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, only query each keyboard-interactive device once per authentication request regardless of how many times it is listed.
! 334: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>, add -s as a shorthand for "doas $SHELL".
! 335: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, allow to change the default media type globally or per-location.
! 336: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, insist that manual page file name extensions must begin with a digit lest pkg.conf(5) be shown when pkg(5) is asked for.
1.6 deraadt 337: <!-- 2015-07-17 -->
1.13 ! beck 338: <li>Support HTTP Strict Transport Security (HSTS) in <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>.
! 339: <li>Have <a href="http://man.openbsd.org/OpenBSD-current/man8/tftpd.8">tftpd(8)</a> provide a block of random data when clients request the file /etc/random.seed.
! 340: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, clean up the temporary file when the process dies from a signal.
1.6 deraadt 341: <li>In libssl, remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.
342: <li>On alpha, correctly set up interrupts. Now the kernel no longer get stuck with an SCSI interrupt storm at the end of autoconf.
1.13 ! beck 343: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, use RTF_CONNECTED to properly track connected routes.
1.6 deraadt 344: <li>On alpha, check for errors in the status register after performing a PCI configuration space read, for errors may not cause a machine check. This makes phantom PCI devices disappear on alphabook.
1.13 ! beck 345: <li>Allow <a href="http://man.openbsd.org/OpenBSD-current/man8/route.8">route(8)</a> to show all routes with a priority or all routes without a specific priority.
! 346: <li>Allow <a href="http://man.openbsd.org/OpenBSD-current/man3/sysctl.3">sysctl(3)</a> to show all routes with a priority or all routes without a specific priority.
1.6 deraadt 347: <li>Plug a leak in libssl (Coverity CID 78897).
1.13 ! beck 348: <li>Drop promiscuously received packets if the <a href="http://man.openbsd.org/OpenBSD-current/man4/trunk.4">trunk(4)</a> interface is not in promiscuous mode.
1.6 deraadt 349: <li>Add the _dpb, _pbuild, _pfetch users to do dpb multi-user builds.
350: <li>On amd64 and i386, avoid assigning low addresses to PCI BARs. These addresses will never actually be routed to the PCI bus and therefore guaranteed not to work.
1.13 ! beck 351: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, add initial support for <a href="http://man.openbsd.org/OpenBSD-current/man1/less.1">less(1)</a> -T and :t <a href="http://man.openbsd.org/OpenBSD-current/man1/ctags.1">ctags(1)</a>-like functionality to jump to the definitions of various terms inside manual pages.
1.6 deraadt 352: <li>Make sound cards work on older PowerMacs.
353: <li>Fix MPLS routing when receiving packet with multiple labels.
354: <li>Release the kernel lock while tearing down the uvm map in the reaper. This speeds up workloads that fork a lot of processes and, more importantly, reduces latency.
355: <li>Prevent non-ACPI uniprocessor i386 machines with NX/PAE from panicing in pcibiosattach.
1.13 ! beck 356: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>, filter routes based on RTF_LLINFO and RTF_BROADCAST flags and use RTF_CONNECTED to properly track connected routes.
! 357: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, always set PATH_INFO.
! 358: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sed.1">sed(1)</a>, add the -i flag to do in-place editing.
! 359: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ripd.8">ripd(8)</a>, filter routes by RTF_LLINFO and RTF_BROADCAST and use RTF_CONNECTED to determine if a route is connected or not.
1.6 deraadt 360: <li>In binutils 2.17, correctly consume mandatory 0x66 prefix when disassembling aes{dec{,last},enc{,last},imc} instructions (a regression in 2.17) and correctly disassemble aeskeygenassist.
1.13 ! beck 361: <li>Plug a leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a> (Coverity CID 78877).
! 362: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ospfd.8">ospfd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/ospf6d.8">ospf6d(8)</a>, filter broadcast and llinfo routes, and adjust the tracking of connected routes to the new way.
! 363: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bpgd(8)</a>, only filter RTF_LLINFO or RTF_BROADCAST routes out but not RTF_LOCAL ones since we need those for loopback and point-to-point interfaces.
! 364: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> decode the country element in 802.11 mgmt frames.
1.6 deraadt 365: <li>Announce an IP address after inserting its corresponding RTF_LOCAL route and not during the SIOCSIFADDR ioctl. This way addresses are not announced when an error occurs.
366: <li>Manage spd entries by using the radix api directly instead of reaching around through the routing table.
1.13 ! beck 367: <li>Fix a regression introduced by the M_PROTO1 loop prevention cleaning because <a href="http://man.openbsd.org/OpenBSD-current/man4/gif.4">gif(4)</a> was abusing this flag to figure out if the packet was coming from a <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a>.q
! 368: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/rcctl.8">rcctl(8)</a> return 0 when using "getall".
! 369: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> display BSS load information contained in 802.11 mgmt frames.
1.6 deraadt 370: <li>Update to NSD 4.1.3.
371: <li>Enable exynos on armv7.
1.13 ! beck 372: <li>Remove support for SSLv3 from <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a> ciphers, s_client, s_server and s_time.
! 373: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/iked.8">iked(8)</a>, assign the correct destination port value for the destination netmask. This repairs setup of SPD flows that specify port only on the one side of the from-to specification.
! 374: <li>Prevent a double free in <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>.
! 375: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>, fix hangs during clean-up after the audio device is disconnected or an unrecoverable error is detected.
! 376: <li>In libssl and <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>, remove workaround for TLS padding bug from SSLeay days.
1.6 deraadt 377: <!-- 2015-07-16 -->
1.13 ! beck 378: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, fix an incorrect test for SSH1 keys when compiled without SSH1 support.
! 379: <li>Prevent <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> from writing too much data into the log file.
! 380: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a> fail if /etc/doas.conf is g+w or o+w or is not owned by root.
1.6 deraadt 381: <li>On amd64 and i386, remove the 4-second delay on reboot and shutdown that was added 8 years ago to "workaround MP timeout/splhigh/scsi race at reboot time". The issue probably has been fixed by now.
1.13 ! beck 382: <li>Allow (almost) any non-space character to be a part of "word" in <a href="http://man.openbsd.org/OpenBSD-current/man5/doas.conf.5">doas.conf(5)</a>. This allows weird commands like /bin/echo to be used for real.
! 383: <li>Remove the IP_ROUTETOETHER pseudo-option. It is hack to support return-rst on <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a>.
! 384: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> show 11n HT capabilities in 802.11 management frames.
! 385: <li>Introduce <a href="http://man.openbsd.org/OpenBSD-current/man1/doas.1">doas(1)</a>.
! 386: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/drm.4">drm(4)</a>, introduce a Linux-compatible wait_event API and use it in the inteldrm code.
1.6 deraadt 387: <li>In libssl, enforce V_ASN1_OCTET_STRING type before accessing the object as octet string (OpenSSL RT #3683).
1.13 ! beck 388: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, prevent having the whole file in RAM when it is read from disk faster than being sent to the client.
! 389: <li>Fix Coverity CID 78921 in <a href="http://man.openbsd.org/OpenBSD-current/man1/openssl.1">openssl(1)</a>.
1.6 deraadt 390: <li>Fix Perl srand() to be a deterministic pseudorandom stream.
391: <li>Plug a memory leak in libssl (Coverity CID 105348).
1.13 ! beck 392: <li>Ensure the signs of <a href="http://man.openbsd.org/OpenBSD-current/man3/cacosh.3">cacosh(3) and cacoshf(3)</a> are correct.
1.6 deraadt 393: <!-- 2015-07-15 -->
394: <li>On amd64 and i386, move grab/release of the kernel_lock for softintrs from the ASM stubs to softintr_dispatch().
1.13 ! beck 395: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/getty.8">getty(8)</a>, remove ancient support for edited hostnames.
! 396: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man3/btree.3">btree(3)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man3/recno.3">recno(3)</a>, remove the stubby not working mmaped file support.
1.6 deraadt 397: <li>In libssl:
398: <ul>
399: <li>Check the return value of all used functions in OCSP_REQUEST_print() (Coverity CID 78796).
400: <li>After reading a password with terminal echo off, restore the terminal to its original state instead of blindly turning echo on.
401: </ul>
402: <li>Update to Unbound 1.5.4.
1.13 ! beck 403: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/axen.4">axen(4)</a>:
1.6 deraadt 404: <ul>
405: <li>Ignore the 4-byte trailing padding of each received packet when copying to the upper layer.
406: <li>Add USB 3.0 related code.
407: </ul>
408: <li>Update to libdrm 2.4.62.
409: <li>Refix memory handling for machines with less than 256M broken by r1.64 of src/sys/arch/octeon/octeon/machdep.c.
1.13 ! beck 410: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, use <a href="http://man.openbsd.org/OpenBSD-current/man3/vis.3">vis(3)</a> instead of url_encode() for some values like User-Agent.
1.6 deraadt 411: <li>In libssl, fix a few Coverity CIDs including 125063.
412: <li>Recognize CARP interfaces when sending packet to a multicast address.
413: <li>On arm and armv7, account for the fact that the exynos gic is not at a fixed offset from periphbase.
1.13 ! beck 414: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/urtw.4">urtw(4)</a>, fix error code paths to not panic the kernel. This makes the driver work with somewhat flaky urtw(4) devices.
1.6 deraadt 415: <li>In libssl:
416: <ul>
417: <li>The previous fix for Coverity CID 21785 did not cope correctly with the case where seed_len != 0 and seed_in == NULL. Since this situation is an error anyway, bail out early.
418: <li>Do not allow TS_check_signer_name() with signer == NULL from int_TS_RESP_verify_token() (Coverity CID 21710).
419: <li>Avoid leaking objects upon error.
420: <li>Fix unchecked allocations, and make sure we do not leak upon error (Coverity CID 21739 and more).
421: <li>Fix a memory leak (Coverity CID 78836).
422: <li>Fix a possible 32-byte buffer overrun (Coverity CID 78869).
423: <li>Fix two theoretical NULL pointer dereferences which can only happen if you have seriously corrupted your memory (Coverity CIDs 21708 and 21721). Also plug a memory leak.
424: <li>Remove dead code (Coverity CID 21688).
425: <li>Flense out dead code (Coverity CIDs 21691 and 21698).
426: </ul>
1.13 ! beck 427: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, allow the certificate and key to each be almost 16 kB rather than having a combined total of less than 16 kB.
1.6 deraadt 428: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a TCP socket can become confused and not properly cleanup resources.</font><br>A source code patch exists for <a href="errata56.html#027_tcp">5.6</a> and <a href="errata57.html#010_tcp">5.7</a>.
1.13 ! beck 429: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>:
1.6 deraadt 430: <ul>
431: <li>Fix memory leaks that can occur when config_getserver() fails.
432: <li>Explicitly check for and handle EOF on a TLS connection.
433: </ul>
1.13 ! beck 434: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/rc.d.8">rc.d(8)</a>, require an exact match of the process name and argument list by default.
! 435: <li>Match another Netgear WG111T on <a href="http://man.openbsd.org/OpenBSD-current/man4/uath.4">uath(4)</a>.
! 436: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/rc.d.8">rc.d(8)</a>, always use the default flags when running !start so that rc.d scripts launched with -f can be properly stopped, checked and reloaded.
! 437: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ugold.4">ugold(4)</a>, add support for newer PCsensor TEMPerHUM thermo- and hygrometers.
! 438: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sshd.1">sshd(1)</a>, fix a NULL dereference when SSHv1 is enabled.
1.6 deraadt 439: <li>Make "openssl pkeyutl -verify" return exit code 0 on success.
440: <!-- 2015-07-14 -->
1.13 ! beck 441: <li>Fix a crash caused by <a href="http://man.openbsd.org/OpenBSD-current/man4/uath.4">uath(4)</a> if device init fails.
! 442: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/rcctl.8">rcctl(8)</a>:
1.6 deraadt 443: <ul>
444: <li>Deprecate the getall subcommand
445: <li>Implement a new ls subcommand to list daemons according to the argument.
446: <li>Make it possible to get the daemon_class.
447: </ul>
1.13 ! beck 448: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, move the BIOCGSTATS ioctl operation done by the tcpdump process into a service provided by the privsep monitor.
! 449: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man3/devname.3">devname(3)</a>, fall back to scanning /dev if /var/run/dev.db does not exist.
! 450: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/find.1">find(1)</a>, fix a segmentation fault and a use-after-free.
1.6 deraadt 451: <li>Avoid a situation where we do not set the tcp persist timer after a zero window condition.
452: <!-- 2015-07-13 -->
453: <li>On octeon, do not attempt to configure octhci. It is superseded by dwc2.
1.13 ! beck 454: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.6 deraadt 455: <ul>
456: <li>Revert to marking lines as wrapped on newlines. This fixes problems with capturep -J.
457: <li>Add a -s flag to show-environment to output Bourne shell commands à la ssh-agent.
458: <li>Add a format to show if client is a control client.
459: <li>Fix a few problems when running out of file descriptors.
460: <li>Ignore environment variables that are too long to send to the server.
461: <li>Reset G0/G1 state when resetting everything else with send-keys -R.
462: </ul>
463: <li>First stab at making the hppa mpsafe.
1.13 ! beck 464: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man3/devname.3">devname(3)</a>, don't write a warning to stderr if the db cannot be opened. This avoids bogus warnings in chroots.
1.6 deraadt 465: <!-- 2015-07-12 -->
1.13 ! beck 466: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, don't consider \v and \f printable characters.
! 467: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/cwm.1">cwm(1)</a>, introduce "groupsearch" for group menu search.
! 468: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/xhci.4">xhci(4)</a>, do not trust the hardware when it says that the number of remaining bytes to transfer is superior to the length of the transfer.
1.6 deraadt 469: <!-- 2015-07-10 -->
1.13 ! beck 470: <li>On i386, amd64 and sparc64, don't call <a href="http://man.openbsd.org/OpenBSD-current/man9/pool_put.9">pool_put(9)</a> while holding a mutex to prevent lock ordering problems between the per-pmap mutexes and the kernel lock. This happens because pool_put(9) may grab the kernel lock when it decides to free a pool page.
1.6 deraadt 471: <li>In ssh, turn off DSA by default. Add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side so it can be turned back on.
472: <!-- 2015-07-09 -->
1.13 ! beck 473: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, ensure the privsep parent and syslogd child are kept in sync if the fd limit is reached.
1.6 deraadt 474: <li>Disable pool_gc on m88k if MULTIPROCESSOR.
1.13 ! beck 475: <li>Avoid a double free in <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>.
1.6 deraadt 476: <li>On amd64, prevent possible interrupt recursion before unwinding the stack.
477: <li>In ssh, re-enable ed25519-certs if compiled without OpenSSL.
478: <!-- 2015-07-08 -->
1.13 ! beck 479: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/fdisk.8">fdisk(8)</a>, do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
! 480: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, properly handle files >= 4 GB on 32-bit architectures.
1.6 deraadt 481: <li>Switch "openssl dhparam" default from 512 to 2048 bits.
1.13 ! beck 482: <li>Fix a use-after-free in <a href="http://man.openbsd.org/OpenBSD-current/man4/et.4">et(4)</a>.
1.6 deraadt 483: <li>Unify the mutex implementations on all the mips64 platforms.
1.13 ! beck 484: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, avoid strange state match and create behavior when IPsec is involved.
! 485: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a> properly handle interface routes since they no longer have a "gateway" sockaddr of type AF_LINK.
1.6 deraadt 486: <li>Use a new RTF_CONNECTED flag for interface (connected) routes.
487: <li>Disallow userland from setting RTF_LOCAL and RTF_BROADCAST.
1.13 ! beck 488: <li>Replace MFREE(9) with <a href="http://man.openbsd.org/OpenBSD-current/man9/m_freem.9">m_freem(9)</a>.
1.6 deraadt 489: <!-- 2015-07-07 -->
1.13 ! beck 490: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ddb.4">ddb(4)</a>, return the correct file name entry from the DWARF line table.
! 491: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/iked.8">iked(8)</a>, repair policy-ikesa-linking.
! 492: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/vi.1">vi(1)</a>, fix a regression caused by timespec changes when run without a file to edit.
! 493: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add the -T option to accept messages on a TCP socket.
1.6 deraadt 494: <li>Unbreak option parsing in libfuse.
495: <li>Make non-kms pci video drivers work again on platforms other than i386 and amd64.
496: <!-- 2015-07-06 -->
497: <li>On armv7, use u-boot.img instead of u-boot.bin on the panda and beagle.
1.13 ! beck 498: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/comsat.8">comsat(8)</a>, don't discard comsat messages with trailing whitespace.
! 499: <li>Add IPv6 support to <a href="http://man.openbsd.org/OpenBSD-current/man8/mail.local.8">mail.local(8)</a>.
! 500: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, update the environment with -E when attach-session used on an already attached session or switch-client used on the current session.
1.6 deraadt 501: <!-- 2015-07-05 -->
1.13 ! beck 502: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> run with non-blocking sockets.
1.6 deraadt 503: <!-- 2015-07-04 -->
504: <li>On vax, replace the manual buf list management with a fifo bufq.
1.13 ! beck 505: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/qe.4">qe(4)</a>, count outgoing packets.
1.6 deraadt 506: <!-- 2015-07-03 -->
507: <li>Remove sudo; it has moved to ports.
508: <li>Revert r1.111 of xenocara/app/cwm/kbfunc.c: it broke application menu searching.
509: <li>Add static PIE support to sparc.
510: <li>On sparc, correctly handle relative-type relocations.
511: <!-- 2015-07-02 -->
1.13 ! beck 512: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, turn off the 1024-bit diffie-hellman-group1-sha1 key exchange method.
1.6 deraadt 513: <li>In ssh:
514: <ul>
515: <li>Remove support for legacy v00 certificates.
516: <li>Refuse to generate or accept RSA keys smaller than 1024 bits.
517: </ul>
518: <li>Put KERNEL_LOCK/KERNEL_UNLOCK around the pipex destination for mbufs until it is properly MP-protected.
519: <li>On i386, tweak MUTEX_ASSERT_LOCKED and MUTEX_ASSERT_UNLOCKED to only look at the owner.
1.13 ! beck 520: <li>On i386, make <a href="http://man.openbsd.org/OpenBSD-current/man9/pmap.9">pmap_enter(9), pmap_remove(9) and pmap_page_protect(9)</a> safe to use without holding the kernel lock. Unfortunately there still seems to be an issue that causes deadlocks under pressure.
1.6 deraadt 521: <li>On m88k, fix MUTEX_ASSERT_LOCKED and MUTEX_ASSERT_UNLOCKED so that they check whether the mutex is locked by the current CPU rather than any CPU.
522: <!-- 2015-07-01 -->
1.13 ! beck 523: <li>Introduce <a href="http://man.openbsd.org/OpenBSD-current/man9/srp_enter.9">shared reference pointers</a> (srp).
1.6 deraadt 524: <li>Compile-time disable SSH version 1 again.
1.3 deraadt 525: <!-- 2015-06-30 -->
526: <li>In ssh, better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires.
1.13 ! beck 527: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add a -U option to specify an explicit address to receive UDP packets.
! 528: <li>Fix alignment issues in <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a>.
1.3 deraadt 529: <!-- 2015-06-29 -->
530: <li>In ssh:
531: <ul>
532: <li>Fix math error in remote window calculations that causes eventual stalls for datagram channels.
533: <li>Call fatal() when a remote window update causes the window value to overflow.
534: </ul>
1.13 ! beck 535: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, add getpid to sandbox (bz#2419).
! 536: <li>Get jumbo frames working in <a href="http://man.openbsd.org/OpenBSD-current/man4/oce.4">oce(4)</a>.
1.4 guenther 537: <li>Allow to re-plug USB3 devices on the root hub without going through a suspend/resume cycle (or rebooting) with Intel ICH7 xHCI.
1.13 ! beck 538: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ps.1">ps(1)</a>, remove the calculation that includes the process lifetime and just use the p_pctcpu value as %cpu time.
! 539: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/cwm.1">cwm(1)</a>, show an empty "ssh to" menu if the known_hosts file is missing.
! 540: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a>, add the possibility to store all syslog messages received from a specific host into a single log file.
1.4 guenther 541: <li>Never cache an RTF_GATEWAY route as next hop for a gateway route. This prevents rtentry loops when rt→rt_gwroute points to rt leading to an infamous "rtentry leak" panic.
1.3 deraadt 542: <!-- 2015-06-28 -->
1.13 ! beck 543: <li>Enable <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/vexpress.4">vexpress(4)</a> on armv7.
1.3 deraadt 544: <li>Implement membar_* for armv7 with the dmb instruction.
545: <li>On amd64, fix trap setup for double faults.
546: <li>On amd64, force the return to userspace from execve to go through iretq to get all registers.
1.13 ! beck 547: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/drm.4">drm(4)</a>, read the lower 16-bits of the GCFGC "double word". This potentially fixes issues with some modes on machines with the 915GM chipset.
1.3 deraadt 548: <li>Enable octdwctwo and add umass on octeon.
549: <li>Update to FreeType 2.6.
550: <!-- 2015-06-27 -->
551: <li>On amd64 and i386, split AST handling from trap() into ast().
1.13 ! beck 552: <li>Build <a href="http://man.openbsd.org/OpenBSD-current/man1/Xserver.1">Xserver(1)</a> with large got on mips.
! 553: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man4/vax/qe.4">qe(4)</a>.
! 554: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dhcpd.8">dhcpd(8)</a>, do not send routers (option 3) or static routes (option 33) when classless static routes (option 121, 249) are sent, per RFC 3442.
! 555: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, ignore blank characters at the beginning of a conditional block, that is, after "\{".
1.3 deraadt 556: <!-- 2015-06-26 -->
1.13 ! beck 557: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/acpimadt.4">acpimadt(4)</a>, completely skip entries for disabled LAPICs so they don't overwrite legitimate enabled ones.
! 558: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/drm.4">drm(4)</a>, introduce the Linux completion API and use it.
! 559: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/cwm.1">cwm(1)</a>, replace screen region info gathering with XRandR equivalent of Xinerama queries.
1.3 deraadt 560: <!-- 2015-06-25 -->
561: <li>In ssh, fix "\"-escaping bug that caused forward path parsing to skip two characters and skip past the end of the string.
562: <li>In binutils 2.17, avoid an assertion failure in elf32_arm_size_dynamic_sections().
563: <li>Implement the missing gus_{malloc,free,mappage,...} to support cards that have no ad1848 chip and don't attach the ad1848 driver.
1.13 ! beck 564: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/de.4">de(4)</a>, ensure the setup block is DMA reachable.
! 565: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, use machine_architecture (arch -s) when assembling PKG_PATHs using %m or %a. This is relevant on archs like powerpc.
1.3 deraadt 566: <li>On octeon, reenable memory above 256mb now that uvm_pmr_get1page() has been fixed.
1.13 ! beck 567: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a>, properly deliver broadcast-like packets to the network stack.
! 568: <li>Fix some weird <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a> configurations involving pseudo-drivers stacked on top of interfaces in a bridge.
1.3 deraadt 569: <li>On macppc, use a single event counter for IPIs like other archs do.
570: <li>Reimplement the audio driver in a simpler way, removing unused/unusable functionality.
571: <!-- 2015-06-24 -->
1.13 ! beck 572: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/npppd.8">npppd(8)</a>:
1.3 deraadt 573: <ul>
574: <li>Reset the LCP option state for dialin-proxy only if re-negotiation is enabled.
575: <li>Fix a use-after-free.
576: </ul>
1.13 ! beck 577: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/chmod.1">chmod(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/compress.1">compress(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/du.1">du(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/grep.1">grep(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/ls.1">ls(1)</a>, put fts_close() where missing.
1.3 deraadt 578: <li>Allow uvideo_mmap_queue() to fail gracefully when the mmap queue is full.
579: <li>In libpciaccess, attempt to establish a write combining mapping instead of relying on mttrs. Setting the mttrs fails on the ThinkPad X1 rev. 3, making the xorg-video-vesa driver painfully slow.
580: <li>On macppc, do not quiesce the firmware on Quad G5 to let it manage the fans. This also unbreak "bsd -cd" on such machines.
581: <li>Stop garbage collecting mbufs from the ARP, IPv4 and IPv6 queues when an interface is destroyed or removed.
1.13 ! beck 582: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/drm.4">drm(4)</a>, introduce Linux work queue APIs and use them.
1.3 deraadt 583: <!-- 2015-06-23 -->
1.13 ! beck 584: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/npppd.8">npppd(8)</a>, terminate all PPP sessions properly.
1.3 deraadt 585: <li>Reenable the pool gc task. The problems it tickled by working outside the biglock on archs with mutex and clock interaction have been fixed.
1.13 ! beck 586: <li>Apply normal handling to atfd+path args to <a href="http://man.openbsd.org/OpenBSD-current/man2/chflagsat.2">chflagsat(2)</a>.
1.3 deraadt 587: <li>Revert r1.38 of src/usr.bin/ssh/uidswap.c (don't call setgroups if we have zero groups).
1.13 ! beck 588: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sed.1">sed(1)</a>, treat multiple "!" characters preceding a function as a single negation, per POSIX.
! 589: <li>On alpha, properly remember curproc in <a href="http://man.openbsd.org/OpenBSD-current/man9/copy.9">copy(9)</a>. This fixes a bug where it sleeps and resumes on a different processor.
! 590: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, add support for Lua <a href="http://man.openbsd.org/OpenBSD-current/man7/patterns.7">patterns(7)</a>.
! 591: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/nm.1">nm(1)</a>:
1.3 deraadt 592: <ul>
593: <li>Correct a read after bound.
594: <li>Ensure that e_shentsize (sections header's size in bytes) is large enough to fill at least one Elf_Shdr.
595: <li>Ensure that freed variables in elf_symloadx() are reinitialised when an error is detected.
596: </ul>
597: <li>On amd64, make sure that the page tables are created after esym and after end. This avoids a crash with small non-generic kernels that write to the page tables.
1.13 ! beck 598: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/nm.1">nm(1)</a>, before accessing data, check if the section header table is present and check the consistency of the section header table size.
! 599: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/npppd.8">npppd(8)</a>, properly handle zero-length 1701/udp and GRE packets.
1.3 deraadt 600: <!-- 2015-06-22 -->
601: <li>In ssh, don't count successful partial authentication as failures in monitor. This may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed.
1.4 guenther 602: <li>On amd64 and i386, make it possible to create write combining mappings through /dev/mem.
1.13 ! beck 603: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, increment rule counters only after successful state insertion.
1.3 deraadt 604: <li>In ssh, don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer.
1.13 ! beck 605: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, URL-encode $SERVER_NAME and $REMOTE_USER before using them in the Location header.
! 606: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man4/xhci.4">xhci(4)</a>'s root hub report the same status bits as physical USB3 hubs.
1.3 deraadt 607: <li>Apparently some BIOSes not supporting xHCI natively switch USB ports back to EHCI at suspend, so route the ports back to xHCI at resume.
608: <!-- 2015-06-21 -->
1.13 ! beck 609: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/an.4">an(4)</a>, don't use uninitialized data as a return value.
1.3 deraadt 610: <li>Don't leak memory if wsfont_rotate() fails.
1.13 ! beck 611: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, allow to specify characters like "?" in the Location URI.
! 612: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, fix a race between sending notifications to the SE and getting a new peer_up event in the RDE.
1.3 deraadt 613: <!-- 2015-06-20 -->
1.13 ! beck 614: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ipmi.4">ipmi(4)</a>, fix a memory leak on failure.
1.3 deraadt 615: <li>Fix a bug that causes uvm_pmr_get1page() to fail for allocations that specify an address constraint even when free pages that meet the constraint are still available.
616: <li>In libssl, provide EC_curve_nid2nist() and EC_curve_nist2nid().
1.13 ! beck 617: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/Xserver.1">Xserver(1)</a>, don't listen to "tcp" by default and add the -listen option.
! 618: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/xinput.1">xinput(1)</a>, fix a crash when enabling/disabling without a device argument.
1.3 deraadt 619: <!-- 2015-06-19 -->
620: <li>Remove obsolete MDC-2DES from libcrypto.
1.13 ! beck 621: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, when we terminate the session, show the number of (currently) known prefixes and the max-prefix limit and show ">" as soon as we go above the limit since there may be more that we haven't/won't process.
! 622: <li>Remove <a href="http://man.openbsd.org/OpenBSD-5.7/man4/isp.4">isp(4)</a> now that the ql* family have replaced it.
1.3 deraadt 623: <!-- 2015-06-18 -->
624: <li>In LibreSSL:
625: <ul>
626: <li>Change DTLS client cert request code to match TLS. DTLS currently doesn't check whether a client cert is expected.
627: <li>Disable ENGINE_load_dynamic (dynamic engine support).
628: </ul>
1.13 ! beck 629: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/cmpci.4">cmpci(4)</a>, set the closest available format for unsupported sample formats instead of returning EINVAL.
1.3 deraadt 630: <!-- 2015-06-17 -->
1.13 ! beck 631: <li>Fix tap-to-click with <a href="http://man.openbsd.org/OpenBSD-current/man4/ubcmtp.4">ubcmtp(4)</a>.
! 632: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, change break-pane to take target and source panes (-t and -s) in line with other commands.
1.3 deraadt 633: <li>On vax, make kernel text read-only and unreadable from userland.
1.13 ! beck 634: <li>Add four new sensors to <a href="http://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a>.
1.3 deraadt 635: <!-- 2015-06-16 -->
1.4 guenther 636: <li>On mips64, let alloc_contiguous_pages() round the allocation size to a page boundary, not to a u-area boundary.
1.3 deraadt 637: <li>On sgi, clear the PIC `write request' memory at initialization time. There is apparently a risk of spurious parity errors if we don't.
638: <li>Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. This will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
639: <!-- 2015-06-15 -->
1.13 ! beck 640: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sylogd.8">syslogd(8)</a>, implement -F to stay in the foreground.
1.3 deraadt 641: <li>Bring back r1.78 and r1.79 of src/sys/dev/usb/uhub.c. They were thought to introduce a regression, but it turned out to be a hardware failure.
1.13 ! beck 642: <li>Pass the "-nolisten tcp" option to <a href="http://man.openbsd.org/OpenBSD-current/man1/Xserver.1">Xserver(1)</a> so that it doesn't listen on port 6000 by default.
! 643: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/trunk.4">trunk(4)</a>, fix a double free in the destroy path.
! 644: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add the window_activity format.
! 645: <li>Make the wifi LED work with <a href="http://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a>.
1.3 deraadt 646: <li>In LibreSSL, make CBS_get_any_asn1_element() more compliant with DER encoding.
647: <!-- 2015-06-14 -->
648: <li>In ssh, return failure on RSA signature error.
649: <li>On sparc, build __moddi3, __muldi3 and __qdivrem from libkern, and built no-pie, instead of getting them from libgcc.a, built pie. This repairs boot blocks operation.
1.13 ! beck 650: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add a format for client PID (client_pid) and server PID (pid).
! 651: <li>Implement IQ calibration support for <a href="http://man.openbsd.org/OpenBSD-current/man4/rtwn.4">rtwn(4)</a>.
1.3 deraadt 652: <!-- 2015-06-13 -->
1.13 ! beck 653: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/plrtc.4">plrtc(4)</a>, a driver for the ARM PrimeCell PL031 RTC.
1.3 deraadt 654: <li>Parse _CST objects and use the C-states they describe when they're sane.
1.13 ! beck 655: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/rtwn.4">rtwn(4)</a>, busy-wait a short while after sending a command to rtwn(4) firmware. This fixes selection of initial TX rate.
! 656: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man3/glob.3">glob(3)</a>, initialize the glob_t before the first failure check.
1.3 deraadt 657: <li>In binutils 2.17, add more encodings of options for the armv7 barrier instructions and allow non "sy"/0xf options for dmb. This omits the *ld options available in armv8 running in a32 mode.
658: <li>In LibreSSL, reject long-form tags in CBS_peek_asn1_tag. Currently, CBS only handles short-form tags.
659: <!-- 2015-06-12 -->
1.13 ! beck 660: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/pfctl.8">pfctl(8)</a>:
1.3 deraadt 661: <ul>
662: <li>Allow rule ID filter to be specified for "-s states" output.
663: <li>Respect the rule ID parameter (-R) specified along with "-s states" to filter out states that are not associated with a given rule from the output.
664: </ul>
1.13 ! beck 665: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/pppd.8">pppd(8)</a>, use memmove() for potentially overlapping regions.
! 666: <li>Fix <a href="http://man.openbsd.org/OpenBSD-current/man4/rtwn.4">rtwn(4)</a> wifi LED support.
1.3 deraadt 667: <!-- 2015-06-11 -->
668: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: several defects from OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792). For more information, see the <a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>.</font><br>A source code patch exists for <a href="errata56.html#026_openssl">5.6</a> and <a href="errata57.html#009_openssl">5.7</a>.
669: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: multiple reliability issues in smtpd.</font><br>A source code patch exists for <a href="errata56.html#025_smtpd">5.6</a> and <a href="errata57.html#008_smtpd">5.7</a>.
670: <li>In libiberty, prevent an integer overflow leading to a heap-buffer overflow (CVE-2012-3509).
671: <li>In LibreSSL:
672: <ul>
673: <li>Avoid an infinite loop that can be triggered by parsing an ASN.1 ECParameters structure that has a specially malformed binary polynomial field (CVE-2015-1788).
674: <li>Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing length checks (CVE-2015-1789).
675: <li>Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID (CVE-2015-1792). (However, this code is not enabled/built in LibreSSL.)
676: </ul>
677: <li>In the NFS code, avoid double-free in error path by cribbing the HASBUF flag logic from the rest of the kernel that deals with filename lookups.
678: <!-- 2015-06-10 -->
1.13 ! beck 679: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/autri.4">autri(4)</a>:
1.3 deraadt 680: <ul>
681: <li>Use the first 4 channels of the board. The previous channel setting caused DMA on the wrong memory location during recording.
682: <li>Don't claim big-endian, signed 8-bit or unsigned 16-bit samples are supported. This fixes sound on big endian machines.
683: </ul>
1.13 ! beck 684: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, export the new pf "no-route" error counter.
1.3 deraadt 685: <!-- 2015-06-09 -->
1.13 ! beck 686: <li>Plug an fd leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>.
1.3 deraadt 687: <!-- 2015-06-08 -->
1.13 ! beck 688: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, introduce a state on the ctl_relay_event struct. This makes it possible to better track the connection state of a session and stops doing double opens in certain situations using http relays.
! 689: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pms.4">pms(4)</a>, don't match Elantech v4 devices with firmware versions 0xX7XXXX or with firmware versions higher than 0xX8XXXX.
1.3 deraadt 690: <li>Add initial support for the ARM Versatile Express boards as emulated by qemu with virtio memory ranges.
691: <!-- 2015-06-07 -->
692: <li>Ensure polled bulk, control and interrupt transfers actually poll. This fixes panics on shutdown with various usb sticks.
1.13 ! beck 693: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add the -E flag to bypass update-environment when attaching or switching clients.
1.3 deraadt 694: <li>Remove HBG support from the DCF77 drivers.
695: <li>On armv7, add initial exynos4 bits.
696: <li>Introduce unhandled_af() for cases where code conditionally does something based on an address family and later assumes one of the paths was taken. This reduces the amount of noise with static analysers and acts as a sanity check.
697: <li>Allow ehci to be built on platforms that lack a pci bus.
698: <li>On amd64 and i386, enable use of mwait in non-MP boxes and report # of C-substates up to C7, truncating trailing zeros.
699: <!-- 2015-06-06 -->
700: <li>Make the qemu cortex a15 useable without trustzone.
1.13 ! beck 701: <li>Allow the rtsol keyword in <a href="http://man.openbsd.org/OpenBSD-current/man5/hostname.if.5">hostname.if(5)</a> with net.inet6.ip6.forwarding=1.
! 702: <li>Enable <a href="http://man.openbsd.org/OpenBSD-current/man4/rtwn.4">rtwn(4)</a> on RAMDISK_CD kernels for upgrades.
1.3 deraadt 703: <li>Put the link-layer address back into the gateway field of RTF_LOCAL routes. This fixes the "arpresolve: unresolved and rt_expire == 0" issue.
704: <!-- 2015-06-05 -->
1.13 ! beck 705: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, handle the RGB colour escape sequence like <a href="http://man.openbsd.org/OpenBSD-current/man1/xterm.1">xterm(1)</a> does.
1.3 deraadt 706: <li>On alpha, do not unconditionally clear pcb_onfault after a uvm_fault. This should fix getentropy issues on MP systems.
1.13 ! beck 707: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, fix an uninitialized variable.
! 708: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/iked.8">iked(8)</a>, fix coupling and decoupling operations.
! 709: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, improve error handling and recovery during state insertion. This also fixes a few bugs.
1.3 deraadt 710: <li>Fix races on powerpwc:
711: <ul>
712: <li>Replace the per-entry locks by a global HASH lock. This guarantees the atomicity of pte_inser{32,64}() when a pted has to be removed first.
713: <li>Protect VP lookups to guarantee that a pted won't be freed or reused by a CPU while another CPU is manipulating it.
714: </ul>
1.13 ! beck 715: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, if a window or session target is prefixed with an =, then only an exact name or index match is accepted.
1.3 deraadt 716: <!-- 2015-06-04 -->
1.13 ! beck 717: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make "new -d" work without unsetting $TMUX.
! 718: <li>Add the new <a href="http://man.openbsd.org/OpenBSD-current/man4/rtwn.4">rtwn(4)</a> for RTL8188CE wifi cards.
1.3 deraadt 719: <li>Check for a resolv.conf update the first time the resolver is used after pid has changed.
1.13 ! beck 720: <li>Add support for <a href="http://man.openbsd.org/OpenBSD-current/man4/em.4">em(4)</a> on the Teak 3020, a system based on the Intel Tolopai (EP80579).
1.3 deraadt 721: <li>Prevent a kernel panic on macppc caused by the kernel perfpolicy code.
1.13 ! beck 722: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.3 deraadt 723: <ul>
724: <li>Add support for a single "marked pane".
725: <li>Make unsetting a global option restore it to the default.
726: </ul>
727: <!-- 2015-06-03 -->
1.13 ! beck 728: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/from.1">from(1)</a>, treat a missing mail spool the same as a zero-length mail spool unless the -f option was specified.
! 729: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, avoid division by 0 and using a 0 upper bound for <a href="http://man.openbsd.org/OpenBSD-current/man3/arc4random_uniform.3">arc4random_uniform(3)</a>.
1.3 deraadt 730: <li>Fix audio interrupts on U4 systems.
1.13 ! beck 731: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/arp.8">arp(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/ndp.8">ndp(8)</a>, don't assume that the sockaddr_dl will be in the gateway sa. This fixes a regression introduced with the support of multiple connected routes.
1.3 deraadt 732: <!-- 2015-06-02 -->
733: <li>Rework the ppp handling in the tty layer so it has its own private pool to allocate packet memory out of. This fixes a long standing issue in ppp on a tty/serial line where it allocates mbufs at IPL_SOFTTTY, which is above the IPL_NET the mbuf layer protects itself at.
1.13 ! beck 734: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/sensorsd.8">sensorsd(8)</a>.
! 735: <li>Add a new HT-PCI bridge driver and the necessary glue to <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/openpic.4">openpic(4)</a> to get interrupts working on U4 machines. With this OpenBSD can run on PowerMac11,2 (Quad G5).
1.3 deraadt 736: <!-- 2015-06-01 -->
737: <li>Make sparc go PIE (not "static PIE" yet).
738: <li>On sparc, override PIE range constants with a variable which is decided at runtime, in order to only enable PIE on sun4m which has a large enough address space.
739: <li>In the lazy binding routine, make sure we actually allocate the stack we need, instead of corrupting the caller's stack by mistake. This fixes segfaults in __powerpc_read_tcb() reported on earlier G3 systems.
740: <li>Enable secureplt by default on alpha.
1.13 ! beck 741: <li>Allow <a href="http://man.openbsd.org/OpenBSD-current/man1/gcc.1">gcc(1) to produce more precise relocation information on alpha. This will be necessary to enable secureplt by default.
1.3 deraadt 742: <li>Switch m88k ports to binutils 2.17.
1.13 ! beck 743: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, fix a memory leak in an error path.
1.1 deraadt 744: <!-- 2015-05-31 -->
1.13 ! beck 745: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, implement the <a href="http://man.openbsd.org/OpenBSD-current/man7/roff.7">roff(7)</a> "r" conditional.
1.1 deraadt 746: <!-- 2015-05-30 -->
1.13 ! beck 747: <li>Plug a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
1.1 deraadt 748: <li>Introduce native atomic operations for i386.
1.13 ! beck 749: <li>Acquire/release the i2c bus before/after reading the temperature register. This prevents concurrent access to the <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4)</a> microcontroller on Apple G5 machines, which would result in errors reading the RTC.
1.1 deraadt 750: <li>On armv7, set the usb otg port on the cubox to host mode and attach ehci to it.
1.13 ! beck 751: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, support - to read from stdin.
1.1 deraadt 752: <!-- 2015-05-29 -->
1.13 ! beck 753: <li>Set the <a href="http://man.openbsd.org/OpenBSD-current/man4/sdmmc.4">sdmmc(4)</a> emmc highspeed flag if the capability register claims it is supported.
! 754: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 755: <ul>
756: <li>Expand formats again inside #().
757: <li>Don't use special strings if #() commands fail, just remove the format (as if the command produced nothing).
758: </ul>
759: <li>Switch vax to binutils 2.17.
1.13 ! beck 760: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man1/ld.so.1">ld.so(1)</a> on alpha cope with binaries built with secureplt.
! 761: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, if reading into a buffer, correct the stored file size at EOF.
1.1 deraadt 762: <li>In the asr, fix a possible off-by-one when reading /etc/hosts if it doesn't end with a newline.
1.13 ! beck 763: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, silently fall back to /etc/magic if ~/.magic can't be opened.
1.1 deraadt 764: <!-- 2015-05-28 -->
1.13 ! beck 765: <li>Initial addition of "Patrol Read" support in <a href="http://man.openbsd.org/OpenBSD-current/man4/bio.4">bio(4)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man8/bioctl.8">bioctl(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man4/mfi.4">mfi(4)</a>.
! 766: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, detect crashes from constraint sub-processes, instead of ignoring them.
1.1 deraadt 767: <li>When the machdep.allowaperture sysctl is set to 3, allow concurrent access.
768: <li>Save the cpuid(6) eax bits in the cpu_info and report the SENSOR and ARAT bits from it.
769: <li>Switch alpha, arm, sh and sparc to binutils 2.17.
1.13 ! beck 770: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>, do not try to unlink the control socket in an unprivileged child process on shutdown.
1.1 deraadt 771: <!-- 2015-05-27 -->
1.13 ! beck 772: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, increase the allowed length of the known host file name in the log message to be consistent with other cases (bz#1993).
! 773: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen(1)</a> default to ed25519 keys when compiled without OpenSSL (bz#2388).
! 774: <li>Remove 1k bit groups from ssh and <a href="http://man.openbsd.org/OpenBSD-current/man5/moduli.5">moduli(5)</a>.
! 775: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, reorder client proposal to prefer diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1.
1.1 deraadt 776: <!-- 2015-05-26 -->
777: <li>In ssh:
778: <ul>
779: <li>Cap DH-GEX group size at 4kbits for Cisco implementations (bz#2209).
780: <li>Support PKCS#11 devices with external PIN entry devices (bz#2240).
781: <li>Add a stronger (4k bit) fallback group that sshd can use when the moduli file is missing or broken, sourced from RFC3526 (bz#2302).
782: </ul>
1.13 ! beck 783: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/audioctl.1">audioctl(1)</a>, expose the number of bytes processed by the sound card instead of the number of bytes processed minus the xruns.
1.1 deraadt 784: <li>Don't create ICMP states on reply packets unless sloppy state tracking is used.
785: <li>Allow for multiple RTF_CLONING routes with the same priority.
786: <li>Normalize route destination before checking for MPATH conflicts.
787: <li>Do not create ARP entries for RTF_BROADCAST routes.
788: <li>Include the firmware for usb devices on the armv7 ramdisk.
789: <!-- 2015-05-25 -->
790: <li>Make vlans inherit their parents hardmtu as well as mtu.
791: <li>Build all the firmware for usb devices on armv7.
1.13 ! beck 792: <li>Build <a href="http://man.openbsd.org/OpenBSD-current/man8/wsconsctl.8">wsconsctl(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/wsconscfg.8">wsconscfg(8)</a> on armv7.
1.1 deraadt 793: <li>Really fix the panic in the PF_KEYv2 code by reverting src/sys/net/pfkeyv2_convert.c to r1.52.
1.13 ! beck 794: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ipsecctl.8">ipsecctl(8)</a>, bump up the default Diffie-Hellman group to modp3072.
1.1 deraadt 795: <li>Fix a panic in the PF_KEYv2 code.
1.13 ! beck 796: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pms.4">pms(4)</a>, match newer Elantech v4 touchpads.
1.1 deraadt 797: <li>Port the ELF m88k work to binutils 2.17. It is good enough to build a booting kernel, and hopefully userland as well.
1.13 ! beck 798: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ugen.4">ugen(4)</a>, prevent a use after free in by closing all open endpoints upon detach. This fixes a panic.
1.1 deraadt 799: <!-- 2015-05-24 -->
1.13 ! beck 800: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.c">sshd(8)</a>, add the missing -c option to getopt().
1.1 deraadt 801: <li>Always establish all the necessary interrupts at pckbc attach time, and get rid of the "intr_establish" pckbc callback.
802: <li>Update to xf86-video-ast 1.0.1, xf86-video-savage 2.3.8, xf86-video-siliconmotion 1.7.8, xf86-video-tdfx 1.4.6, xf86-video-trident 1.3.7 and dejavu-ttf 2.35.
1.13 ! beck 803: <li>Build <a href="http://man.openbsd.org/OpenBSD-current/man4/wsudl.4">wsudl(4)</a> on armv7.
! 804: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man4/udl.4">udl(4)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man4/uvideo.4">uvideo(4)</a> to armv7 GENERIC.
1.1 deraadt 805: <!-- 2015-05-23 -->
806: <li>Update to xf86-video-cirrus 1.5.3, xf86-video-i740 1.3.5, xf86-video-mach64 6.9.5, xf86-video-mga 1.6.4, xf86-video-neomagic 1.2.9 and randrproto 1.4.1.
1.13 ! beck 807: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sftp.1">sftp(1)</a>, fix a memory leak in an error path.
! 808: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sparc64/ldomctl.8">ldomctl(8)</a>, fix a memory leak in an error path.
1.1 deraadt 809: <li>Introduce ipsec-id bundles and use them for ipsecflowinfo. This fixes rekeying for l2tp/ipsec against multiple windows clients and saves memory.
810: <!-- 2015-05-22 -->
1.13 ! beck 811: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dump.8">dump(8)</a>, canonicalize all devices to DUIDs in order to make -w and -W output consistent.
! 812: <li>Don't use an uninitialised softc pointer in <a href="http://man.openbsd.org/OpenBSD-current/man4/midi.4">midi(4)</a>.
! 813: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a>, reserve two DMA segments for sending commands to the firmware. This hopefully fixes a hardware error.
1.1 deraadt 814: <!-- 2015-05-21 -->
1.13 ! beck 815: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, reorder EscapeChar option parsing to avoid a single-byte out-of-bounds read (bz#2396).
! 816: <li>Add a knob to <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a> to relax GSSAPI host credential check for multihomed hosts (bz#928).
! 817: <li>Update Diffie-Hellman groups in ssh and <a href="http://man.openbsd.org/OpenBSD-current/man5/moduli.5">moduli(5)</a>.
1.1 deraadt 818: <li>Establish interrupts for both keyboard and mouse slots at isa pckbc attach time, rather than lazily from pckbc when slots are discovered.
819: <li>Switch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.
1.13 ! beck 820: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen(1)</a>, support -lF hostname to find search known_hosts and print key hashes.
1.1 deraadt 821: <li>Correctly state the link state to INVALID when creating a carp interface.
1.13 ! beck 822: <li>Fix an uninitialized variable in <a href="http://man.openbsd.org/OpenBSD-current/man4/ix.4">ix(4)</a>.
! 823: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>:
1.1 deraadt 824: <ul>
825: <li>Support arguments to AuthorizedKeysCommand.
826: <li>Add AuthorizedPrincipalsCommand that allows getting authorized_principals from a subprocess rather than a file.
827: </ul>
828: <!-- 2015-05-20 -->
1.13 ! beck 829: <li>Remove <a href="http://man.openbsd.org/OpenBSD-current/man4/hotplug.4">hotplug(4)</a> support from <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>.
! 830: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, correctly print the filesize in the Content-Length header for files larger than 2 GB on 32-bit architectures.
1.1 deraadt 831: <!-- 2015-05-19 -->
1.4 guenther 832: <li>Fix installing sets from CD-ROM if more than one CD-ROM drive is present.
1.13 ! beck 833: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/chroot.8">chroot(8)</a>, when a user is specified via the -u flag, use setusercontext() to setup (most of) the execution environment.
! 834: <li>Add the -c flag to <a href="http://man.openbsd.org/OpenBSD-current/man1/id.1">id(1)</a> to display the user's login class.
! 835: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/icmp.4">icmp(4)</a>, do not leak a rtentry if it is unusable.
! 836: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/bge.4">bge(4)</a>, increase a maximum firmware handshake timeout to 10 seconds.
! 837: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, prevent missing cursors with emacs-in-tmux-in-tmux.
1.1 deraadt 838: <!-- 2015-05-18 -->
839: <li>Use the same va entry point on all armv7 socs.
840: <li>Make armv7 startup PIC.
1.13 ! beck 841: <li>Make TAPE=- mean stdout in <a href="http://man.openbsd.org/OpenBSD-current/man1/tar.1">tar(1)</a>.
1.1 deraadt 842: <li>On amd64, do lazy update/reset of the FS.base and %[def]s segment registers.
843: <li>Avoid a kernel crash in the NFS code while running netstat or pstat -f.
844: <li>Make the compiler emit visibility information for (undefined) references with non-default visibility.
1.13 ! beck 845: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/dhcpd.8">dhcpd(8)</a>, accept hostnames starting with 0-9.
! 846: <li>Fix two use-after-free cases in <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
! 847: <li>Change <a href="http://man.openbsd.org/OpenBSD-current/man8/spamd.8">spamd(8)</a> to use divert-to instead of rdr-to.
! 848: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dhclient.8">dhclient(8)</a>, stop rejecting leases with a subnet that overlaps a subnet already present.
! 849: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, scale the error margin with the number of resolved NTP peers. This way, a very small number of outliers in an NTP pool cannot immediately trigger new connections to the contraint servers.
! 850: <li>Enable <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a> by default at install time.
1.1 deraadt 851: <li>Export the rdomain to userland through struct if_data.
1.13 ! beck 852: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/cu.1">cu(1)</a>, add the -d flag and the dc capability to open devices non-blocking. This is useful for the few drivers that do not support cua* so tty* must be used.
1.1 deraadt 853: <!-- 2015-05-17 -->
854: <li>Reenable the page zeroing thread on MP m88k kernels.
855: <li>On aviion and luna88k, make sure the lock is not taken for clock interrupts.
1.13 ! beck 856: <li>Add the -D option to <a href="http://man.openbsd.org/OpenBSD-current/man1/nm.1">nm(1)</a> to display the dynamic symbol table.
! 857: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/nptd.8">ntpd(8)</a>, if the constraint resolves to multiple IP addresses, try each of them one by one.
1.1 deraadt 858: <!-- 2015-05-16 -->
1.13 ! beck 859: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/axe.4">axe(4)</a>, read ethernet address from EEPROM on AX88772B.
1.4 guenther 860: <li>Add an F_ISATTY option to fcntl(), so that isatty() can use this rather than the bloated ioctl() interface.
1.13 ! beck 861: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/aucat.1">aucat(1)</a>, prevent periodic glitches occurring under certain circumstances.
! 862: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/audioctl.1">audioctl(1)</a>, display simply "play" when play mode is set.
1.1 deraadt 863: <!-- 2015-05-15 -->
864: <li>Make it possible to use the same network on multiple interfaces at the same time.
1.13 ! beck 865: <li>Give <a href="http://man.openbsd.org/OpenBSD-current/man4/carp.4">carp(4)</a> interfaces their own low priority.
1.4 guenther 866: <li>Introduce if_output(), a function to do the last steps before enqueuing a packet on the sending queue of an interface.
1.1 deraadt 867: <li>Remove the "Use DUIDs rather than device names in fstab?" question from the installer and use DUIDs unconditionally.
1.13 ! beck 868: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>, don't log credentials upon AUTH LOGIN authentication failures.
1.1 deraadt 869: <!-- 2015-05-14 -->
1.13 ! beck 870: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-agent.1">ssh-agent(1)</a>:
1.1 deraadt 871: <ul>
872: <li>Use a salted hash of the lock passphrase instead of plain text and do constant-time comparisons of it.
873: <li>Add a 0.1s incrementing delay for each failed unlock attempt up to 10s.
874: </ul>
1.13 ! beck 875: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a>, make the "Battery Present" sensor a dependency of all the battery-related sensors only if it is present.
1.1 deraadt 876: <li>Update to font-util 1.3.1.
1.13 ! beck 877: <li>Extend <a href="http://man.openbsd.org/OpenBSD-current/man8/autoinstall.8">autoinstall(8)</a> to allow for <em>hostname</em>-<em>mode</em>.conf response files and to put response files in a subdir of the webserver's document root.
1.1 deraadt 878: <!-- 2015-05-13 -->
879: <li>On armv7, rework the imxenet hardware address setup.
1.13 ! beck 880: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>, avoid multiple "From " and "Return-Path" headers.
1.1 deraadt 881: <!-- 2015-05-12 -->
882: <li>Translate the fec parameters from the novena dtb to set a different clock skew to the same micrel phy used on sabre lite. This change resolves the stability problems with imxenet on novena.
1.13 ! beck 883: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, to replace c0-*, add a high watermark to the pty event, and also backoff when any of the ttys the pane is going to write to has buffered enough data.
1.1 deraadt 884: <li>Revert r1.3 of src/gnu/usr.bin/binutils-2.17/bfd/elflink.c. It introduces bogus failures when inter-library dependencies are present.
1.13 ! beck 885: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/em.4">em(4)</a>, make sure the rx ring lwm is set to at least 4. As far as we know, all hardware variants need at least 4 descriptors on the rx ring to be able to receive packets.
! 886: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 887: <ul>
888: <li>Add bell-action "other".
889: <li>Add a session_alerts format and use this in the default set-titles-string.
890: </ul>
1.13 ! beck 891: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/hifn.4">hifn(4)</a>, fix a potential use-after-free and a memory leak.
! 892: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/urtwn.4">urtwn(4)</a>:
1.1 deraadt 893: <ul>
894: <li>Match additional devices (RTL8188CU_3, DWA123D1, DWA125D1).
895: <li>Fix efuse reading (which fixes a potential error in MAC address read from efuse).
896: </ul>
897: <!-- 2015-05-11 -->
1.13 ! beck 898: <li>Fix an uninitialized variable access in <a href="http://man.openbsd.org/OpenBSD-current/man8/npppd.8">npppd(8)</a>.
1.1 deraadt 899: <li>imxiic is known to be broken, so don't try attaching it on utilite.
900: <li>On armv7, raise VM_PHYSSEG_MAX to two and load an additional physical memory segment if u-boot reports it. This is needed for the utilite where u-boot reports two 1GB segments of physical memory.
1.13 ! beck 901: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/em.4">em(4)</a>, support reading from an OTP iNVM.
! 902: <li>Fix a potential use-after-free in <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>.
! 903: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bioctl.8">bioctl(8)</a>, use <a href="http://man.openbsd.org/OpenBSD-current/man3/explicit_bzero.3">explicit_bzero(3)</a> on private data.
! 904: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, remove the c0-* options which never really worked satisfactorily.
! 905: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a>, refresh sensor values asynchronously.
1.1 deraadt 906: <li>Remove all audio format conversion code from the kernel as we already do better conversions in user mode.
907: <!-- 2015-05-10 -->
1.13 ! beck 908: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/amd64/nvram.4">nvram(4/amd64)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man4/lpt.4">lpt(4)</a>, convert from uiomovei() to uiomove() to prevent short tranfers.
1.1 deraadt 909: <li>When checking flags that will be passed to open(), test the O_ACCMODE portion separately to avoid false negatives.
910: <li>Set POLLHUP even if no valid events were specified as per POSIX.
1.13 ! beck 911: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/urtwn.4">urtwn(4)</a>:
1.1 deraadt 912: <ul>
913: <li>Repair firmware reset on RTL8188CUS devices (and perhaps others).
914: <li>Fix 11b performance for RTL8188EU devices.
915: </ul>
916: <li>Update to kbproto 1.0.7, libFS 1.0.7, libXaw 1.0.13, libXrender 0.9.9, libXt 1.1.5, libfontenc 1.1.3, libpciaccess 0.13.4, libxkbfile 1.0.9, setxkbmap 1.3.1, smproxy 1.0.6, twm 1.0.9, x11perf 1.6.0, xcmsdb 1.0.5, xcompmgr 1.1.7, xdpyinfo 1.3.2, xdriinfo 1.0.5, xedit 1.2.2, xev 1.2.2, xgamma 1.0.6, xgc 1.0.5, xhost 1.0.7, xkbevd 1.1.4, xkbprint 1.0.4, xlsatoms 1.1.2, xlsfonts 1.0.5, xmag 1.0.6, xman 1.1.4, xmodmap 1.0.9, xvinfo 1.1.3 and xorg-docs 1.7.1.
917: <!-- 2015-05-09 -->
918: <li>Adjust the physical memory limit on armv7 in order to prevent a panic on the Novena.
1.13 ! beck 919: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/col.1">col(1)</a>, recognize SUSv2-style escape-digit sequences in the input stream.
1.1 deraadt 920: <li>Various improvements to the GPT code.
921: <!-- 2015-05-08 -->
1.13 ! beck 922: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/wsdisplay.4">wsdisplay(4)</a>, when changing screen saver parameters, check the flags of the currently displayed screen in order to decide whether the screen saver needs to be retriggered, rather than the flags of the device we are issuing the ioctl on. Also, ensure the screen burner gets reenabled when switching from X11 to a virtual text console, and disabled when switching back to X.
! 923: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/wsconsctl.8">wsconsctl(8)</a>, add a flag for variables to prevent reading their value after modifying them and use this flag for display.focus. Also disallow -= and += syntax for display.focus.
! 924: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/col.1">col(1)</a>, fix various integer overflows and underflows, and logic errors.
1.1 deraadt 925: <li>Switch i386 and sparc64 to binutils 2.17.
926: <!-- 2015-05-07 -->
927: <li>Avoid NULL function pointer dereference during boot on sabresd.
928: <li>Add initial board-specific parts of Novena support to armv7.
929: <li>In ssh:
930: <ul>
931: <li>Don't choke on new-format private keys encrypted with an AEAD cipher (bz#2366).
932: <li>Fix a post-auth crash with permitopen=none (bz#2355).
933: </ul>
1.13 ! beck 934: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, update the environment when switching sessions as well as attaching.
! 935: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/man.1">man(1)</a>, let the -m option add to the default manpath rather than override it.
1.1 deraadt 936: <li>Include the timestamp TCP option in keep alive packets.
937: <!-- 2015-05-06 -->
1.13 ! beck 938: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add the window_linked format.
! 939: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/top.1">top(1)</a>, display thread IDs instead of the name of the process's owner when -H is used.
! 940: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, turn cursor off during redraw.
1.1 deraadt 941: <!-- 2015-05-05 -->
1.13 ! beck 942: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, blacklist DH-GEX for specific PuTTY versions rather than all PuTTY versions.
1.1 deraadt 943: <li>Bring back the MI atomic API for powerpc.
1.13 ! beck 944: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/ld.so.1">ld.so(1)</a>.
1.1 deraadt 945: <li>In asr, skip loopback addresses, not loopback interfaces, per RFC 3493.
1.13 ! beck 946: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, implement If-Modified-Since.
! 947: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, don't offer DH-GEX to WinSCP.
1.1 deraadt 948: <li>Flag user-specified routes with an AF_LINK gateway as RTF_LLINFO.
949: <!-- 2015-05-04 -->
1.13 ! beck 950: <li>Add the <a href="http://man.openbsd.org/OpenBSD-current/man8/disklabel.8">disklabel(8)</a> template file based autopartitioning feature to the installer.
1.1 deraadt 951: <li>Add SwissSign CA root certificates to /etc/ssl/cert.pem.
1.13 ! beck 952: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/aucat.1">aucat(1)</a>, fix a clipping bug in float-to-fixed-point conversion.
! 953: <li>Add support for RTL8188EU chips to <a href="http://man.openbsd.org/OpenBSD-current/man4/urtwn.4">urtwn(4)</a>.
1.1 deraadt 954: <li>Fix a crash on HP bc2500 blades with MP kernels when writing to the DSDT.
1.13 ! beck 955: <li>Use ether_input() as default input packet handler and do the necessary <a href="http://man.openbsd.org/OpenBSD-current/man9/m_adj.9">m_adj(9)</a> to keep <a href="http://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a> working while other pseudo-drivers are converted to if_input().
1.1 deraadt 956: <!-- 2015-05-03 -->
1.13 ! beck 957: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/compress.1">compress(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/cp.1">cp(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/mv.1">mv(1)</a>:
1.1 deraadt 958: <ul>
959: <li>Preserve times to nanosecond precision instead of just microsecond.
960: <li>Prefer to set attributes by fd for regular files, and don't follow symlinks for others.
961: </ul>
1.13 ! beck 962: <li>Add byte-range support to <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>.
1.1 deraadt 963: <!-- 2015-05-02 -->
964: <li>Make sure no kernel data is leaked in malloced memory in the padding of struct dirent when reading a directory over NFS.
1.13 ! beck 965: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dump.8">dump(8)</a>, eliminate the -U flag and make usage of DUID in /etc/dumpdates the default.
! 966: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping.8">ping(8)</a>, allow a TTL of 0.
! 967: <li>Fix some problems with <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a> configuration reload.
! 968: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/dhcpd.8">dhcpd(8)</a>, correct switch between current and previous line buffers when encountering a carriage return in the input.
1.1 deraadt 969: <li>Rework hppa mutexes: always record which cpu owns the lock and improve the mutex diagnostics/assertions.
1.13 ! beck 970: <li>Drop pf_rules and ipsec_rules from <a href="http://man.openbsd.org/OpenBSD-current/man5/rc.conf.5">rc.conf(5)</a>.
1.1 deraadt 971: <!-- 2015-05-01 -->
1.13 ! beck 972: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping6.8">ping6(8)</a>, change the lower bound of -h from -1 to 0.
! 973: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>:
1.1 deraadt 974: <ul>
1.13 ! beck 975: <li>Fix misformatting of <a href="http://man.openbsd.org/OpenBSD-current/man7/man.7">man(7)</a> manuals and potentially of <a href="http://man.openbsd.org/OpenBSD-current/man7/mdoc.7">mdoc(7)</a> manuals.
1.1 deraadt 976: <li>Fix an assertion failure.
977: </ul>
978: <li>Reenable page zeroing thread on SMP mips kernels.
979: <li>Do not grab the kernel lock for clock interrupts on mips64, octeon and sgi.
1.13 ! beck 980: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, improve error messages on TCP connection resets (bz#2257).
1.1 deraadt 981: <!-- 2015-04-30 -->
1.13 ! beck 982: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods.
1.1 deraadt 983: <li>Pass fflag to VOP_POLL so vfs fifo functions can get at the file flags to check FREAD/FWRITE if needed.
984: <li>Avoid a NULL dereference in fd_getfile_mode().
1.13 ! beck 985: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a remote user can crash <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>.</font><br>A source code patch exists for <a href="errata56.html#022_httpd">5.6</a> and <a href="errata57.html#005_httpd">5.7</a>.
1.1 deraadt 986: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: malformed binaries could trigger kernel panics or view kernel memory</font><br>A source code patch exists for <a href="errata56.html#023_elf">5.6</a> and <a href="errata57.html#006_elf">5.7</a>.
1.13 ! beck 987: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: multiple issues in <a href="http://man.openbsd.org/OpenBSD-current/man1/cpio.1">cpio(1)</a>/<a href="http://man.openbsd.org/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://man.openbsd.org/OpenBSD-current/man1/tar.1">tar(1)</a>.</font><br>A source code patch exists for <a href="errata56.html#024_tar">5.6</a> and <a href="errata57.html#007_tar">5.7</a>.
! 988: <li>Don't add a separate .got.plt section as it would result in a partially writable GOT. <a href="http://man.openbsd.org/OpenBSD-current/man1/ld.so.1">ld.so(1)</a> will properly write-protect the single .got.
! 989: <li>Prevent a use after free in <a href="http://man.openbsd.org/OpenBSD-current/man4/tun.4">tun(4)</a>.
! 990: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ix.4">ix(4)</a>, set the correct media type for 1000baseLX SFPs.
! 991: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/grep.1">grep(1)</a>, warn when the user specifies -R but no files, like GNU grep.
! 992: <li>Allow use of 1Gb 1000baseLX SFPs in 82599 <a href="http://man.openbsd.org/OpenBSD-current/man4/ix.4">ix(4)</a> SFP+ port.
! 993: <li>Optimise sensor I/O in <a href="http://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a>.
1.4 guenther 994: <li>Introduce fd_getfile_mode() and use it where fd_getfile() is directly followed by a mode check.
1.1 deraadt 995: <!-- 2015-04-29 -->
1.13 ! beck 996: <li>Fix two assertion failures in <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
! 997: <li>Add the tmux and tmux-256color entries to <a href="http://man.openbsd.org/OpenBSD-current/man5/termcap.5">termcap(5)</a> and terminfo. This can be used inside tmux for correct italics support.
! 998: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, if default-terminal is set to "screen" or "screen-*", follow historic screen(1) behaviour and send smso (standout) instead of sitm (italics) for SGR 3.
! 999: <li>Fix a use after free and a NULL pointer access in <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
! 1000: <li>Support passing a template file for the auto-allocation to <a href="http://man.openbsd.org/OpenBSD-current/man8/disklabel.8">disklabel(8)</a>.
! 1001: <li>Fix an fd leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
1.1 deraadt 1002: <!-- 2015-04-28 -->
1.13 ! beck 1003: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>, allow ListenAddress, Port and AddressFamily in any order (bz#68).
1.1 deraadt 1004: <li>Avoid a NULL dereference in CBS_get_any_asn1_element().
1005: <li>In libtls, reject a dNSName of " " for the subjectAltName extension, per RFC 5280.
1006: <li>Explicitly include .codepatch and .codepatchend in .rodata such that the binutils 2.17 linker doesn't make them disappear.
1007: <li>Protect the per-process itimerval structs with a mutex.
1008: <li>On hppa, don't grab the kernel lock for clock interrupts. The way we use mutexes these days is incompatible with that practice and leads to deadlocks.
1.13 ! beck 1009: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/sf.4">sf(4)</a>, fix a memory leak in an error path.
! 1010: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add select-layout -o to undo the last layout change.
1.1 deraadt 1011: <!-- 2015-04-27 -->
1.13 ! beck 1012: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, fix a memory leak in an error path.
1.1 deraadt 1013: <li>In the installer, rework sshd enable root login questions in light of sshd PermitRootLogin default change. The new default is not to ask to enable root logins when a non-root user has been added.
1.13 ! beck 1014: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a> default to PermitRootLogin=no.
1.1 deraadt 1015: <li>Do not call nd6_purge() before purging the IPv6 addresses of a detached interface. This fixes a use after free introduced in r1.98 of src/sys/netinet6/in6.c.
1.13 ! beck 1016: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>:
1.1 deraadt 1017: <ul>
1018: <li>Add simple privilege separation.
1.13 ! beck 1019: <li>Use a <a href="http://man.openbsd.org/OpenBSD-current/man4/systrace.4">systrace(4)</a> sandbox with a short whitelist of allowed syscalls for the file(1) child process.
1.1 deraadt 1020: </ul>
1.13 ! beck 1021: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a>, parse the HID descriptor multiple times to find sensors. This avoid lookups in the hot path for sensors that depend on the value of others.
! 1022: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, if the requested pane is already active, do not unzoom the window (or do anything else). This prevents mouse clicking when zoomed causing unzoom.
1.1 deraadt 1023: <li>Correctly write the 64bits of the HID 1, 4 and 5 registers on powerpc.
1024: <!-- 2015-04-26 -->
1.4 guenther 1025: <li>Allow "sshd -f none" to skip reading the config file, much like "ssh -F none" does.
1.13 ! beck 1026: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, don't support -s on FIFOs.
! 1027: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a> check the length of the control socket path to make sure it fits -- just like <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a> does.
! 1028: <li>Fix a typo in <a href="http://man.openbsd.org/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>: the buffer size should be 7680 rather than 7860.
1.1 deraadt 1029: <li>Get dwc2 working on octeon:
1030: <ul>
1031: <li>Transplant the clock setup code from octhci.
1032: <li>Add a bus space tag to deal with dwc2 using little endian addressing.
1033: <li>ump up the rx fifo size, necessary for umass/sd to work.
1034: </ul>
1.13 ! beck 1035: <li>Support checksum offloading for IPv4 TX on <a href="http://man.openbsd.org/OpenBSD-current/man4/vio.4">vio(4)</a>.
! 1036: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, for every policy we write out, flush the output so we don't get a partially written line.
1.1 deraadt 1037: <li>On i386, disable PAE when switching to the hibernate resume pagetables. This makes (un)hibernate work with the new PAE pmap.
1038: <li>On i386, enable NX support in the resume path. This makes suspend/resume work with the PAE pmap.
1039: <li>On i386, only enable PAE if the CPU we're running on has NX support.
1040: <li>Bump i386 MAXDSIZ to 3 GB.
1.13 ! beck 1041: <li>Make the Belkin Components F5U109 Serial work at 115200 baud in <a href="http://man.openbsd.org/OpenBSD-current/man4/umct.4">umct(4)</a>.
1.1 deraadt 1042: <!-- 2015-04-25 -->
1043: <li>Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.
1.13 ! beck 1044: <li>In the IRR parser of <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, ignore case when reading the tokens.
1.1 deraadt 1045: <li>We are now following the ABI and always clear cld on function entry, so remove the extra CLD instructions from when that wasn't true.
1.13 ! beck 1046: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, only print MIME warnings when warnings are enabled.
1.1 deraadt 1047: <li>Repair boot device detection when booting off the second SCSI controller on AV530.
1048: <li>Update to perl 5.20.2.
1.13 ! beck 1049: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>, fail if a \ appears at EOL of a <a href="http://man.openbsd.org/OpenBSD-current/man5/magic.5">magic(5)</a> file rather than continuing off the end of the buffer.
1.1 deraadt 1050: <li>In LibreSSL, don't ignore the reference count in X509_STORE_free.
1.13 ! beck 1051: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, explicitly cancel mouse "button" mode. This happens implicitly with some of the other things we send with xterm, but not with urxvt.
! 1052: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/m4.1">m4(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/make.1">make(1)</a>, add a check for overflow while doubling.
1.1 deraadt 1053: <li>In LibreSSL, check for invalid leading zeros in CBS_get_asn1_uint64.
1.13 ! beck 1054: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, allow rules that match directly on the peer AS. Also adjust the IRR ruleset output to include the declared peer AS instead of hoping they listed their neighbor IP address.
! 1055: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986.
! 1056: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, handle an IRR record of "export ... action X" the same way we handle "import ... action X".
1.1 deraadt 1057: <!-- 2015-04-24 -->
1.13 ! beck 1058: <li>Add a quirk to <a href="http://man.openbsd.org/OpenBSD-current/man4/azalia.4">azalia(4)</a> for the Cirrus Logic CS4208 which is needed for MacBookAir6,1.
! 1059: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 1060: <ul>
1061: <li>Set up the signal handler earlier so that we don't get zombies.
1062: <li>Allow choice options (multiple states) to be toggled between states 0 and 1.
1063: <li>Set the working directory for run-shell and if-shell.
1064: </ul>
1065: <li>Enable PAE mode for those CPUs that support it. This allows us to use the NX bit for userland and kernel W^X. Unlike the previous c.2008 PAE experiment, this does not provide > 4GB phys ram on i386 -- PAE is solely being used for NX capability this time. If you need > 4GB phys, use amd64.
1066: <li>Make sure we keep the whole recursive mapping of the PDP instead of just the mapping for the first page when tearing things down.
1.13 ! beck 1067: <li>Remove <a href="http://man.openbsd.org/OpenBSD-5.6/man1/tip.1">tip(1)</a>: it has been superseded by <a href="http://man.openbsd.org/OpenBSD-current/man1/cu.1">cu(1)</a>.
! 1068: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>:
1.1 deraadt 1069: <ul>
1070: <li>If ~/.magic exists but can't be used, fail rather than silently falling back to /etc/magic.
1071: <li>Do not attempt to use ~/.magic if running as root (or issetugid()).
1072: </ul>
1.13 ! beck 1073: <li>Add a new implementation of <a href="http://man.openbsd.org/OpenBSD-current/man1/file.1">file(1)</a>. This is a simplified, modernised version with a nearly complete <a href="http://man.openbsd.org/OpenBSD-current/man5/magic.5">magic(5)</a> parser but omits some of the complex builtin tests (notably ELF) and has a reduced set of options.
1.1 deraadt 1074: <li>Revert r1.7 of src/sys/arch/powerpc/include/atomic.h (implement the MI atomic API for PowerPC). This code triggers an off by one in device_unref().
1075: <li>Enable the NX bit and use it in the PAE pmap code. PAE is still disabled while we're chasing at least one remaining bug.
1.13 ! beck 1076: <li>Fix a segfault in <a href="http://man.openbsd.org/OpenBSD-current/man1/user.8">user(8)</a>.
1.1 deraadt 1077: <!-- 2015-04-23 -->
1.13 ! beck 1078: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-agent.1">ssh-agent(1)</a>, add the -D option to leave ssh-agent in foreground without enabling debug mode (bz#2381).
1.1 deraadt 1079: <li>Use "softintr_pic0" instead of "softintr_fakepic" when faking a struct device so there is enough space in the buffer for a NUL and the unit is included in the string.
1.13 ! beck 1080: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-askpass.1">ssh-askpass(1)</a>.
! 1081: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/xlock.1">xlock(1)</a>, don't read past the end of an array.
! 1082: <li>Fix a crash in <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>: we cannot log errors with server_close() before allocating clt_log evbuffer.
1.1 deraadt 1083: <li>Fix a 13 year old typo that should be responsible for the unhappiness of UVM on PowerPC architectures.
1084: <li>Replace the use of struct ifqueue in pipex with mbuf_queues.
1085: <!-- 2015-04-22 -->
1.13 ! beck 1086: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>, check for and reject missing arguments for VersionAddendum and ForceCommand (bz#2281)
1.1 deraadt 1087: <li>Implement the MI atomic API for PowerPC to avoid using gcc builtins that include extra sync operations.
1088: <!-- 2015-04-21 -->
1089: <li>Unknown certificate extensions are non-fatal in ssh, so don't fatal when they are encountered (bz#2387).
1.13 ! beck 1090: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 1091: <ul>
1092: <li>Fix moving windows to nonexistent indexes when renumber-windows is off.
1093: <li>Do not die on USR1 if any of the socket parent directories are missing.
1094: <li>Always format real layout even when zoomed.
1095: <li>Look up indexes as number before name. This makes more sense if windows are named starting with numbers.
1096: </ul>
1097: <li>Remove an extra lcr3 that snuck into pmap_switch, responsible for various reaper panics.
1.13 ! beck 1098: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/rtadvd.8">rtadvd(8)</a>, don't let rltime exceed 9000 seconds, per RFC 4861.
! 1099: <li>Avoid a use after free in <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
! 1100: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 1101: <ul>
1102: <li>Pass mouse events through to commands for if-shell.
1103: <li>Pass mouse events triggering a drag on to the application inside the pane.
1104: <li>Bind mouse dragging so that it is passed through to applications if they want it.
1105: </ul>
1106: <li>Revert r1.182 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators) again. Incoherent architectures aren't having much fun with it.
1107: <!-- 2015-04-20 -->
1.13 ! beck 1108: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, fix a memory leak if tls_read() fails.
! 1109: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
1.1 deraadt 1110: <li>Rework sgi mutexes to use the owner pointer as the lock (similar to r1.14 of src/sys/arch/alpha/alpha/mutex.c).
1.13 ! beck 1111: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add support for multiple key tables to commands to be bound to sequences of keys.
1.1 deraadt 1112: <li>In the installer, fix asking for list of http servers via "?". This should fix scanning for wireless networks too.
1.13 ! beck 1113: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, avoid out-of-bounds read access. This sometimes prevented proper warnings about text nodes preceding the first section header.
! 1114: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make jump-to-backward/jump-to-forward repeatable with jump-reverse/jump-again.
1.1 deraadt 1115: <li>Remove a typo introduced in r1.185 of src/sys/net/route.c. Because of this typo, a local route was <em>always</em> created.
1116: <li>Do not treat loopback interfaces as p2p interfaces and create only one route to ::1.
1.13 ! beck 1117: <li>Always call <a href="http://man.openbsd.org/OpenBSD-current/man9/rt_ifa_dellocal.9">rt_ifa_dellocal(9)</a> when removing an IPv6 address.
1.1 deraadt 1118: <!-- 2015-04-19 -->
1.13 ! beck 1119: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping6.8">ping6(8)</a>, add a mac to the timestamp payload and calculate it with siphash (r1.119 and r1.121 from src/sbin/ping/ping.c).
! 1120: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping.8">ping(8)</a>, fold the icmp seq number into the mac.
! 1121: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
1.1 deraadt 1122: <ul>
1123: <li>Support setting the default window and pane background colours.
1124: <li>Rewrite of tmux mouse support which was a mess.
1125: <li>Honour renumber-windows when unlinking a window.
1126: </ul>
1.13 ! beck 1127: <li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in <a href="http://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>.
! 1128: <li>Fix incorrect logic in <a href="http://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> that could lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash.
1.1 deraadt 1129: <li>Add support for x2apic mode. This is currently only enabled on hypervisors.
1.13 ! beck 1130: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, if an explicit line break request (.br or .sp) occurs within an .HP block, the next line doesn't hang, but is simply indented.
! 1131: <li>If <a href="http://man.openbsd.org/OpenBSD-current/man1/apropos.1">apropos(1)</a> finds no match, print "nothing appropriate" to stderr similar to what the old apropos did.
1.1 deraadt 1132: <li>Update to sqlite3 3.8.9.
1.13 ! beck 1133: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping.8">ping(8)</a>:
1.1 deraadt 1134: <ul>
1135: <li>Add a mac to the timestamp payload and calculate it with siphash.
1136: <li>By default fill the ping payload with a chacha stream instead of an unvarying payload. By aggressively varying the payload we hope to generate more opportunities for dodgy network equipment to show errors.
1137: </ul>
1.13 ! beck 1138: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/xhci.4">xhci(4)</a>, do not truncate possible remaining transfer length.
1.1 deraadt 1139: <li>Remove emulation of OSS audio ioctls from Linux emulation.
1140: <li>Implement binary code patching on i386.
1141: <!-- 2015-04-18 -->
1.4 guenther 1142: <li>Enable the REG_READ ioctl.
1.1 deraadt 1143: <li>Don't lock the file for "vi -R" or "view".
1144: <li>Work around what appear to be CPUID lies about the monitor-line size. This makes the mwait-based idle loop actually work.
1145: <li>Convert many atoi() calls to strtonum() in userland, adding range checks and failure handling along the way.
1.13 ! beck 1146: <li>Remove kdriver/wscons code from <a href="http://man.openbsd.org/OpenBSD-current/man1/Xserver.1">Xserver(1)</a>.
! 1147: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/systat.1">systat(1)</a> avoid calling freeifaddrs() uninitialised pointer in an error path.
! 1148: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, strictly accept CRLF for newlines.
1.1 deraadt 1149: <!-- 2015-04-17 -->
1.13 ! beck 1150: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/install.1">install(1)</a>, use futimens() to preserve timestamps with subsec precision.
! 1151: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>, do not include padding of Ethernet packets in reassembled fragmented packets.
1.1 deraadt 1152: <li>In ssh, don't try to cleanup NULL KEX proposals in kex_prop_free().
1153: <li>Change alpha mutexes so they record which cpu owns the lock rather than just if the lock is held or not.
1154: <li>Remove the unsupported SADB_X_IDENTTYPE_CONNECTION, unused ipsp_parse_headers, and stubs and support code for NIC-enabled IPsec.
1.13 ! beck 1155: <li>Fix a crash in the <a href="http://man.openbsd.org/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a> "network bulk" command.
! 1156: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ualea.4">ualea(4)</a>, crank the timeout and decrease the buffer size to not end up dropping all the entropy provided by the device. Also make sure we match the right endpoint.
1.1 deraadt 1157: <!-- 2015-04-16 -->
1158: <li>Tweaks in utimensat/futimens handling:
1159: <ul>
1160: <li>Always update ctime, even when both atime and mtime are UTIME_OMIT (at least for ufs, tmpfs, and ext2fs).
1161: <li>Correctly handle a timestamp of -1.
1162: </ul>
1163: <li>Don't call record_login() in monitor when UseLogin is enabled (bz#378).
1164: <li>Add some missing options to sshd -T and fix the output of VersionAddendum HostCertificate (bz#2346).
1.13 ! beck 1165: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, restore the page headers and page footers in the HTML output.
1.1 deraadt 1166: <li>Remove unfinished and unused support for socket-attached ipsec-policies.
1.13 ! beck 1167: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, expand the %a, %c, %m and %v sequences in PKG_PATH.
! 1168: <li>Add <a href="http://man.openbsd.org/OpenBSD-current/man4/ualea.4">ualea(4)</a> to support the Araneus Alea II TRNG.
1.1 deraadt 1169: <!-- 2015-04-15 -->
1.13 ! beck 1170: <li>Plug a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a>.
! 1171: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, fix some issues in bright colour handling.
! 1172: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man3/tls_close.3">tls_close(3)</a> more robust.
! 1173: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, fix setting old-style window -fg/-bg/-attr options that aren't global.
! 1174: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/tun.4">tun(4)</a>, fix a typo introduced in the niq_enqueue() conversion. This should fix a panic reported by many.
1.1 deraadt 1175: <li>Import libepoxy 1.2, a library for handling gl/glx/egl function pointer management. This is needed by glamor egl in the xserver which is in turn needed to get acceleration with some hardware on xf86-video-ati.
1176: <!-- 2015-04-14 -->
1177: <li>Update to xf86-video-ati 7.5.0.
1178: <li>Make ipsp_address thread safe.
1179: <li>Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything.
1.13 ! beck 1180: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/uchcom.4">uchcom(4)</a>, make sure we close the interrupt pipe when the device is detached.
1.1 deraadt 1181: <!-- 2015-04-13 -->
1.13 ! beck 1182: <li>Initialize RX/TX on <a href="http://man.openbsd.org/OpenBSD-current/man4/re.4">re(4)</a> slightly later. It appears that newer chips don't set up DMA correctly until more configuration has been done -- enabling RX too soon causes DMA to bad places.
1.1 deraadt 1183: <li>Perform IPsec bypass check on a socket before performing TDB lookups.
1184: <!-- 2015-04-12 -->
1.13 ! beck 1185: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sed.1">sed(1)</a>, correct a multiplication idiom during xreallocarray() and avoid an integer overflow.
1.1 deraadt 1186: <li>In ssh, deprecate the ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message.
1.13 ! beck 1187: <li>Prevent use after free in <a href="http://man.openbsd.org/OpenBSD-current/man1/mg.1">mg(1)</a>.
1.1 deraadt 1188: <li>Let nl_langinfo(CODESET) return "US-ASCII" as the name of the character codeset for the POSIX/C default locale. This is the preferred IANA name and also used by FreeBSD.
1189: <li>Update to xf86-video-intel 2.99.916. This fixes a display bug. Newer X.Org (2.99.917 or master) versions cause corruption on older machines (X40, i965), probably caused by a bug in our kernel. This is under investigation by kettenis@.
1190: <li>Bring PAE code back to life on i386. More specifically, bring the PAE pmap on i386 closer to the current non-PAE pmap. This allows us to take a big next step toward better i386 W^X in the kernel (similar to what we did a few months ago on amd64). Unlike the original PAE pmap, this diff will not be supporting more than 4 GB physical memory on i386 -- this effort is specifically geared toward providing W^X (via NX) only. There still seems to be a bug removing certain pmap entries when PAE is enabled, so PAE mode is left disabled for the moment.
1191: <li>Switch example NSD config to splitting master and slave zones into different subdirectories and create these in mtree.
1192: <li>Disable the pool garbage collector. There are reports of strange lockups on various multiprocessor architectures and this is the only interesting diff in the window.
1193: <!-- 2015-04-11 -->
1.13 ! beck 1194: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/softraid.4">softraid(4)</a>, directly handle ioctls issued to a SCSI device associated with a softraid volume, ignoring any device name specified in the <a href="http://man.openbsd.org/OpenBSD-current/man4/bio.4">bio(4)</a> ioctl struct. Amongst other things, this makes bioctl -d now work with DUIDs.
! 1195: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/softraid.4">softraid(4)</a>, re-enable the RAID 5 discipline and add support for restarting rebuilds on it.
1.1 deraadt 1196: <li>Remove OPENSSL_issetugid() from LibreSSL. By default on systems lacking true issetugid(), OPENSSL_issetugid() returns 0, falsely indicating safety. This means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite.
1197: <li>Update to xf86-input-synaptics 1.8.2.
1198: <li>Remove all getenv() calls in LibreSSL, especially those wrapped by issetugid(). getenv()'s wrapped by issetugid() are safe, but issetugid() is difficult to implement on many operating systems.
1.13 ! beck 1199: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, always check the return value of proc_composev_imsg() and handle failures appropriately. Otherwise imsg construction can silently fail, resulting in non-obvious problems.
1.1 deraadt 1200: <!-- 2015-04-10 -->
1.13 ! beck 1201: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man1/vi.1">vi(1)</a> use <a href="http://man.openbsd.org/OpenBSD-current/man3/resizeterm.3">resizeterm(3)</a> instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
! 1202: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
1.1 deraadt 1203: <li>Replace the use of ifqueues for most input queues serviced by netisr with niqueues.
1.13 ! beck 1204: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/ehci.4">ehci(4)</a>, implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this lets people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
! 1205: <li>Add support for CRC-enabled elantech v3 touchpads to <a href="http://man.openbsd.org/OpenBSD-current/man4/pms.4">pms(4)</a>.
1.1 deraadt 1206: <!-- 2015-04-09 -->
1.13 ! beck 1207: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>, don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.
! 1208: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/vlan.4">vlan(4)</a>, don't inherit the parent interface's hardmtu as the vlan interface's mtu when it gets set up. Instead, allow the vlan interface's mtu to be raised to the parent's hardmtu in SIOCSIFMTU handling.
! 1209: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/zmore.1">zmore(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/zless.1">zless(1)</a>, accept options starting with "+".
! 1210: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/whois.1">whois(1)</a>, improve the lookup of gTLDs.
1.1 deraadt 1211: <li>Make the sparc64 pmap (more) mpsafe by protecting both the pmap itself and the pv lists with a mutex.
1.13 ! beck 1212: <li>Plug a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>.
1.1 deraadt 1213: <!-- 2015-04-08 -->
1.13 ! beck 1214: <li>Fix a regression on <a href="http://man.openbsd.org/OpenBSD-current/man4/re.4">re(4)</a> chips that have 7k jumbo support.
1.1 deraadt 1215: <li>Move vmap back to kernel_map/uvm_km_valloc as it's allowed to fail. This should fix the Dell 2950 when it gets stuck during boot.
1.13 ! beck 1216: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/socppc/tsec.4">tsec(4)</a>, prevent the watchdog from firing when no cable is plugged in but the interface is brought up.
! 1217: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/iwn.4">iwn(4)</a>, don't leak the chip's hardware address during scans when a randomized address is set by the user.
1.1 deraadt 1218: <!-- 2015-04-07 -->
1.13 ! beck 1219: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/tmux.1">tmux(1)</a>, when replacing, don't free the old paste until after the new one's name has been copied. This fixes a use-after-free in window-copy.c.
1.1 deraadt 1220: <li>Introduce a garbage collector for (very) idle pool pages.
1221: <!-- 2015-04-06 -->
1.13 ! beck 1222: <li>Remove the obsolete <a href="http://man.openbsd.org/OpenBSD-5.6/man3/timezone.3">timezone(3)</a> function.
! 1223: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man3/pthread_atfork.3">pthread_atfork(3)</a> track the DSO that called it like <a href="http://man.openbsd.org/OpenBSD-current/man3/atexit.3">atexit(3)</a> does, unregistering callbacks if the DSO is unloaded. Move the callback handling from libpthread to libc, though libpthread still overrides the inner call to handle locking and thread-library reinitialization.
! 1224: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, do not mistreat empty arguments to font alternating macros as vertical spacing requests.
! 1225: <li>Remove DES support from <a href="http://man.openbsd.org/OpenBSD-current/man3/crypt.3">crypt(3)</a>.
1.1 deraadt 1226: <li>Add support for an efi-app-x86_64 target to binutils. This is needed for UEFI bootloader work.
1.13 ! beck 1227: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, use the default width for .RS without arguments. This reduces groff-mandoc differences in base and Xenocara by about 4%.
1.1 deraadt 1228: <li>Update to xcb-util 0.4.0, xcb-util-image 0.4.0, xcb-util-keysyms 0.4.0, libXxf86vm 1.1.4, libXvMC 1.0.9, libXdmcp 1.1.2 and libX11 1.6.3.
1.13 ! beck 1229: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_info.1">pkg_info(1)</a>, check that the info of distant packages is signed.
! 1230: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>,
1.1 deraadt 1231: mark installed locations as "trusted" so that pkg_info does not check sigs
1232: on them.
1.13 ! beck 1233: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man3/realloc.3">realloc(3)</a>, when expanding a region, actually use the free page cache instead of simply zapping it. This can save many syscalls in a program that repeatedly grows and shrinks a buffer.
1.1 deraadt 1234: <!-- 2015-04-05 -->
1.13 ! beck 1235: <li>Work-in-progress support for non-accelerated X11 on <em>some</em> <a href="http://man.openbsd.org/OpenBSD-current/man4/sti.4">sti(4)</a> frame buffers; based upon the old HP ngle X11 driver. Currently limited to CRX (720/735/750), Timber (710, old 715), Artist (712, 715) and EG (B-series). However, the colormap isn't set up correctly on Timber and EG yet.
! 1236: <li>Various improvements to <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>:
1.1 deraadt 1237: <ul>
1238: <li>Do not permute command line arguments, but still support the obsolescent "-o outfile" after input files syntax.
1239: <li>The -b flag should only apply when key fields are specified. If -b follows -k it has no effect.
1240: <li>For the -g flag, treat non-floating point keys as 0, similar to -n. This makes "sort -gu" and "sort -nu" behave similarly and passes our sort regress tests.
1241: </ul>
1242: <!-- 2015-04-04 -->
1243: <li>Update to sqlite3 3.8.8.3.
1.13 ! beck 1244: <li>Give <a href="http://man.openbsd.org/OpenBSD-current/man7/man.7">man(7)</a> section and subsection headers hanging indentation. This reduces groff-mandoc differences in base by about 2.5%.
! 1245: <li>Better implementation of rounding rules in <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
! 1246: <li>Show the remote labels in the <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command even if they are not installed in the FIB.
! 1247: <li>Remove lo protection in <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>. There's no need to protect the 127/8 network since it is filtered before being sent to lde.
! 1248: <li>Show the full LIB in the <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command.
1.1 deraadt 1249: <li>Add support for commit ids to "opencvs status".
1250: <li>Fix the modified timestamp in the output of "opencvs status".
1.13 ! beck 1251: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves <a href="http://man.openbsd.org/OpenBSD-current/man1/tic.1">tic(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/sxpm.1">sxpm(1)</a> and a few Perl manuals.
! 1252: <li>Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/kauaiata.4">kauaiata(4)</a>.
! 1253: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, fix a quirk with respect to an empty .HP.
1.1 deraadt 1254: <!-- 2015-04-03 -->
1.13 ! beck 1255: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/sti.4">sti(4)</a>, fix an unsigned vs signed comparison causing an infinite loop for the WSDISPLAYIO_PUTCMAP ioctl.
! 1256: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>:
1.1 deraadt 1257: <ul>
1258: <li>If -S has been supplied multiple times, only take last one into account.
1259: <li>If -c (or -C) has been specified, only perform that action and ignore -o among other arguments.
1260: <li>Allow only one input file with the -c and -C flags.
1261: </ul>
1.13 ! beck 1262: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/apropos.1">apropos(1)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man1/man.1">man(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't hardcode /usr/bin/ as the path to more(1).
1.1 deraadt 1263: <!-- 2015-04-02 -->
1.13 ! beck 1264: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>, prevent an integer overflow when parsing the -S argument as percentage. Also make sure that the parsed memory amount won't be larger than SIZE_MAX to properly support 32-bit systems.
1.1 deraadt 1265: <li>Change gcc and ld semantics to make static PIE the default when invoking "cc -static".
1266: <!-- 2015-04-01 -->
1.13 ! beck 1267: <li>Many improvements to <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>, including:
1.1 deraadt 1268: <ul>
1.13 ! beck 1269: <li>Use <a href="http://man.openbsd.org/OpenBSD-current/man3/strtonum.3">strtonum(3)</a> to parse the argument to --batch-size.
! 1270: <li>Use <a href="http://man.openbsd.org/OpenBSD-current/man3/mkstemp.3">mkstemp(3)</a> to generate a new temporary file name.
! 1271: <li>Use <a href="http://man.openbsd.org/OpenBSD-current/man3/reallocarray.3">reallocarray(3)</a> where appropriate.
1.1 deraadt 1272: <li>Prevent a tiny signal race by blocking signals when inserting into the tmp_files list.
1273: <li>Check for overflow when handling buffer size suffixes.
1274: </ul>
1.13 ! beck 1275: <li>Run most of the <a href="http://man.openbsd.org/OpenBSD-current/man4/sparc64/vnet.4">vnet(4)</a> interrupt handler without holding the kernel lock.
1.1 deraadt 1276: <!-- 2015-03-31 -->
1.13 ! beck 1277: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>, zero the tls cert/key length variables when inheriting a server configuration for multiple listen statements in a server block. Otherwise httpd(8) will crash when a listen statement with tls is followed by a listen statement without tls.
! 1278: <li>Prevent <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a> from warning about SSH1 keys present when compiled without SSH1 support. Also identify SSH1 keys when scanning, even when compiled without SSH1 support.
! 1279: <li>Fix an fd leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a>.
! 1280: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a> ignore $TMPDIR if setuid or setgid.
! 1281: <li>Don't make the -m and -c options of <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a> mutually exclusive.
! 1282: <li>Let the <a href="http://man.openbsd.org/OpenBSD-current/man4/vlan.4">vlan(4)</a> mtu be limited by the parent's hard mtu, not the current mtu. This makes it possible to have networks on the "native" (untagged) vlan on an interface at 1500, while setting a child vlan interface's mtu to jumbos.
! 1283: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>:
1.1 deraadt 1284: <ul>
1285: <li>Call atexit() to clean up temporary files on error.
1286: <li>Use mkstemp() to create the temporary file when the output file equals one of the input files.
1287: <li>Preserve the original file mode on the temporary file.
1288: <li>Check for write access on the original file before creating the temporary one.
1289: </ul>
1.13 ! beck 1290: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen(1)</a>, if a user tries to add a comment to a non-RSA1 key and has entered their passphrase, explicitly clear it before exit.
! 1291: <li>Tell the firmware to shut down the fan management thread on the last generation of G5s. Without this mpi@'s PowerMac11,2 hang when <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4)</a> attaches.
1.1 deraadt 1292: <li>Move the default font path from /usr/local/lib/X11/fonts to /usr/local/share/fonts to match XDG_DATA_DIR (where Desktop tools will look for by default).
1293: <!-- 2015-03-30 -->
1294: <li>Fix the repeating keys/delay problem that occurs on newer ThinkPads when touching the trackpad/trackstick while typing during the installer in a less invasive way.
1295: <li>Update to xkeyboard-config 2.14.
1296: <li>Some work on macppc G5 interrupts.
1.13 ! beck 1297: <li>Allow <a href="http://man.openbsd.org/OpenBSD-current/man8/syslogd.8">syslogd(8)</a> to read configuration files with arbitrary line lengths. Also ensure the configuration file has been read in full in order to prevent syslogd(8) from running with incomplete configuration.
1.1 deraadt 1298: <li>Update to xcb-util-cursor 0.1.2.
1299: <!-- 2015-03-29 -->
1.13 ! beck 1300: <li>Fix an uninitialised memory read in <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh.1">ssh(1)</a> when parsing a config file consisting of a single nul byte.
! 1301: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, handle special punctuation modes for -Tpdf.
1.1 deraadt 1302: <li>Restore user-loaded vga fonts upon switching from X11 to VT and upon resume.
1.13 ! beck 1303: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man4/sparc64/esp.4">esp(4)</a> correctly match SUNW,fas in the boot path.
! 1304: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>, remove an extra line when printing AH and RIP packets.
! 1305: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man4/sparc64/vnet.4">vnet(4)</a> reject packets that are too large.
1.1 deraadt 1306: <li>Revert r1.29 of src/usr.bin/telnet/sys_bsd.c (don't clear ICRNL when editing mode is off, so that character local echo mode don't echo ^M locally) as this causes problems sending CR to some Cisco equipment.
1.13 ! beck 1307: <li>Make sure that <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a> checks specialfiles.
1.1 deraadt 1308: <!-- 2015-03-28 -->
1309: <li>Initial support for the SABRE SD board.
1.13 ! beck 1310: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/cwm.1">cwm(1)</a>.
! 1311: <li>Match <a href="http://man.openbsd.org/OpenBSD-current/man4/rtsx.4">rtsx(4)</a> on the RTS5249 found on the Dell XPS 13 and treat it as an RTS5229.
1.1 deraadt 1312: <!-- 2015-03-27 -->
1.13 ! beck 1313: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, avoid overflow on 32-bit time_t systems when converting timeval to NTP time.
1.1 deraadt 1314: <li>For ancient pre-v8 sparc, expand kva.
1.13 ! beck 1315: <li>Move <a href="http://man.openbsd.org/OpenBSD-current/man5/man.conf.5">man.conf(5)</a> from /etc/ to /etc/examples.
! 1316: <li>Add the "output" directive to <a href="http://man.openbsd.org/OpenBSD-current/man5/man.conf.5">man.conf(5)</a>.
! 1317: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/security.8">security(8)</a> handle lines in <a href="http://man.openbsd.org/OpenBSD-current/man8/mount.8">mount(8)</a> output that end with "on" (which can happen for NFS mounts).
! 1318: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/security.8">security(8)</a> handle incomplete lines in /etc/passwd that end before the home directory field.
1.1 deraadt 1319: <!-- 2015-03-26 -->
1.13 ! beck 1320: <li>Add the "manpath" directive to <a href="http://man.openbsd.org/OpenBSD-current/man5/man.conf.5">man.conf(5)</a> to override the default search path.
! 1321: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, backout -DSHORTENED semantics by default for now.
! 1322: <li>Add initial support for RFC 7427 signatures to <a href="http://man.openbsd.org/OpenBSD-current/man8/iked.8">iked(8)</a>.
! 1323: <li>Allow input/printing/conversion of terabyte sizes in <a href="http://man.openbsd.org/OpenBSD-current/man8/fdisk.8">fdisk(8)</a>.
! 1324: <li>Fix configuring MPLS routes on <a href="http://man.openbsd.org/OpenBSD-current/man4/mpe.4">mpe(4)</a>.
! 1325: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a> translate CGI environment variables in accordance with RFCs 7230 and 3875.
1.1 deraadt 1326: <li>Ban all-zero curve25519 keys in ssh, as recommended by the latest CFRG curves draft.
1327: <li>Update to libdrm 2.4.60.
1328: <!-- 2015-03-25 -->
1329: <li>Determine if the trackstick buttons are wired to the trackpad and need to be re-routed to the trackstick. Without this change the buttons on 2015 Thinkpads get picked up as extended buttons that show up as scroll up/down. Remove the X1 Carbon 2015 (LEN0048) and X250 (LEN0046) from the top button area/soft buttons quirks list. Also avoid using the quirk list entirely if the capability bit is set.
1330: <li>Save/restore AVX registers and other XSAVE-managed state information when entering/leaving a signal handler like we already do the the FPU and SSE state. This should make it possible to use AVX instructions in signal handlers.
1.13 ! beck 1331: <li>Ignore v1 errors on <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-add.1">ssh-add</a> -D; only try v2 keys on -l/-L (unless compiled with SSH1 support).
1.1 deraadt 1332: <li>With a per interface IPv6 stateless adress auto configuration flag it is possible to allow IPv6 forwarding and SLAAC at the same time. This is needed for RFC 7084.
1.13 ! beck 1333: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/ksh.1">ksh(1)</a>, bind the Delete key (ESC[3~) to delete-char-forward.
1.1 deraadt 1334: <!-- 2015-03-24 -->
1.13 ! beck 1335: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-5.6/man1/ssh.1">ssh(1)</a>.
1.1 deraadt 1336: <li>Work around broken device-tree in PowerMac7,2 and PowerMac7,3 (K2 systems) and get the correct offsets from the "i2s" node.
1.13 ! beck 1337: <li>Remove <a href="http://man.openbsd.org/OpenBSD-5.6/man4/lmc.4">lmc(4)</a>, <a href="http://man.openbsd.org/OpenBSD-5.6/man4/san.4">san(4)</a> and <a href="http://man.openbsd.org/OpenBSD-5.6/man8/lmccontrol.8">lmccontrol(8)</a>.
1.1 deraadt 1338: <li>Use chacha20-poly1305@openssh.com as the default cipher in ssh.
1339: <!-- 2015-03-23 -->
1340: <li>Disable SSH protocol 1 in ssh.
1.13 ! beck 1341: <li>Fix a memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
! 1342: <li>Don't let <a href="http://man.openbsd.org/OpenBSD-current/man3/rcmdsh.3">rcmdsh(3)</a> fail if it is passed a non resolvable hostname. Instead, silently ignore the fact and instead let the underlying ssh (or $RSH) command handle it.
! 1343: <li>Fix memory leaks in <a href="http://man.openbsd.org/OpenBSD-current/man3/tempnam.3">tempnam(3)</a> error paths.
1.1 deraadt 1344: <li>Fix NFS boot on macppc.
1.13 ! beck 1345: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping6.8">ping6(8)</a>, bump the size of the time types on the wire to 64 bit (port of r1.116 of src/sbin/ping/ping.c).
! 1346: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ping.8">ping(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/ping6.8">ping6(8)</a>, obfuscate the monotonic clock values put on the wire by offsetting them with a random value.
! 1347: <li>Don't let <a href="http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen</a> -A try (and fail) to generate ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL (bz#2369).
1.1 deraadt 1348: <!-- 2015-03-22 -->
1.13 ! beck 1349: <li>Make setting 11a rates and scanning on <a href="http://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a> conditional on the 5GHz support bit in the nvm. <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man4/sparc/be.4">be(4)</a> work on sun4c.
1.1 deraadt 1350: <!-- 2015-03-21 -->
1351: <li>Add sysconf() extensions PHYS_PAGES, AVPHYS_PAGES, NPROCESSORS_CONF
1.13 ! beck 1352: and NPROCESSORS_ONLN to <a href="http://man.openbsd.org/OpenBSD-current/man1/getconf.1">getconf(1)</a>.
1.1 deraadt 1353: <li>On amd64, add support for saving/restoring FPU state using the XSAVE/XRSTOR. Limit support to the X87, SSE and AVX state. This gives us (almost) full AVX support.
1354: <li>On sparc, abort attach of iommu requiring boards on non-iommu systems.
1.13 ! beck 1355: <li>Don't let <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a> try to send address withdraws to neighbors that are unreachable after an address removal in the system.
! 1356: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a> remove attached adjacencies whenever an interface is disabled for whatever reason. This will speed up the convergence process.
! 1357: <li>Don't let <a href="http://man.openbsd.org/OpenBSD-current/man8/ldpd.8">ldpd(8)</a> assign labels for BGP routes. This would be very resource consuming in some scenarios and unnecessary.
! 1358: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/sparc64/vnet.4">vnet(4)</a>, considerably improve the reliability of re-establishing network connections between domains after some sort of hickup.
! 1359: <li>Let <a href="http://man.openbsd.org/OpenBSD-current/man1/man.1">man(1)</a> fall back to /usr/share/man:/usr/X11R6/man:/usr/local/man as default search path if no path is given via -m, -M, $MANPATH and /etc/man.conf.
1.1 deraadt 1360: <li>Fix a memory leak in libtls with repeated use of tls_connect().
1.13 ! beck 1361: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>, use the hw.usermem sysctl to determine the amount user (non-kernel) memory instead of sysconf(_SC_PHYS_PAGES) (which also counts pages wired by the kernel). Don't try to use a memory buffer larger than the datasize hard resource limit.
1.1 deraadt 1362: <!-- 2015-03-20 -->
1363: <li>Work around buggy AML trying to access PCI config space using PCI function number FFFF.
1.13 ! beck 1364: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/renice.8">renice(8)</a>, when mixing historic BSD syntax (where the priority is absolute) with the -n flag (where the priority, according to POSIX, is an increment), the increment specified via -n will only affect the entries that follow it.
! 1365: <li>Support jumbo frames on <a href="http://man.openbsd.org/OpenBSD-current/man4/re.4">re(4)</a>.
! 1366: <li>Rather than disabling checksum offload in <a href="http://man.openbsd.org/OpenBSD-current/man4/re.4">re(4)</a> for all packets, let it advertise checksum offload to the stack for small (normal-sized) packets and do the checksum itself in software for large packets.
1.1 deraadt 1367: <li>Reintroduce r1.173 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators). This was backed out because of fallout on landisk which has since been fixed.
1.13 ! beck 1368: <li>Unbreak WEP/WPA on AR5211 <a href="http://man.openbsd.org/OpenBSD-current/man4/ath.4">ath(4)</a> devices by setting hardware WEP keytable entry types to NULL, as done for AR5212 devices. ath(4) uses software crypto.
1.1 deraadt 1369: <li>Re-apply r1.115 of src/sys/dev/pci/if_ix.c (when setting up advanced TX descriptor, use m_getptr to locate the IP or IPv6 header instead of assuming contiguousness of the target buffer across Ethernet and IP/IPv6 headers) that got accidentally reverted.
1370: <!-- 2015-03-19 -->
1371: <li>Fix a memory leak in an error path in LibreSSL (from OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f).
1.13 ! beck 1372: <li>Fix a small memory leak in <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a>.
1.1 deraadt 1373: <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: several crash causing defects in OpenSSL (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288 and CVE-2015-0289).</font><br>A source code patch is available for <a href="errata56.html#020_openssl">5.6</a> and <a href="errata57.html#003_openssl">5.7</a>.
1374: <li><font color="#e00000">5.5 SECURITY FIX: two possible crash causing defects in OpenSSL (CVE-2015-0286 and CVE-2015-0292).</font><br>A source code patch is available for <a href="errata55.html#024_openssl">5.5</a>.
1375: <li>Fix CVE-2015-0209, CVE-2015-0286, CVE-2015-0287 and CVE-2015-0289 in LibreSSL.
1.13 ! beck 1376: <li>Deal with half-configured control pipes in dwc2, using the same workaround as in <a href="http://man.openbsd.org/OpenBSD-current/man4/ehci.4">ehci(4)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man4/ohci.4">ohci(4)</a>.
1.1 deraadt 1377: <!-- 2015-03-18 -->
1.13 ! beck 1378: <li>Use struct timespec internally in <a href="http://man.openbsd.org/OpenBSD-current/man1/pax.1">pax(1)</a>. This gives nanosecond precision to the -rw option and a basis for support of mtime and atime values in pax-format extended header records.
! 1379: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/route.8">route(8)</a>, instead of embedding interface names in a sockaddr, use their indexes when adding route entries with the -link option. This prevent the ARP layer to take the name of your interface for an Ethernet address.
1.1 deraadt 1380: <li>Rework the virtual memory layout on SRMMU systems (sun4d/sun4m) to use a much lower VM_MIN_KERNEL_ADDRESS, since these systems are not crippled by the Sun-4 MMU hole and have the real 4GB of address space. Kernels running on Sun-4 MMU are not affected and will still be restricted to the existing 128MB of kernel space, with 1GB - 128MB of user space.
1.13 ! beck 1381: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/init.8">init(8)</a> static PIE.
1.1 deraadt 1382: <li>Revert r1.52 of src/sys/arch/sparc/dev/zs.c. This reduces the number of spurious zs interrupts seen on sun4c, albeit not completely.
1.13 ! beck 1383: <li>Speed up large directory reading with <a href="http://man.openbsd.org/OpenBSD-current/man3/opendir.3">opendir(3)</a>.
! 1384: <li>Fix <a href="http://man.openbsd.org/OpenBSD-current/man4/mpii.4">mpii(4)</a> on i386.
1.1 deraadt 1385: <!-- 2015-03-17 -->
1386: <li>Reenable the pa1.1 fallback code for sha256 on hppa.
1387: <li>"Handle" wccp2 packets if net.inet.gre.wccp is set to 2 by truncating skipping the wccp 2 header.
1388: <li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: buffer overflows in libXfont (CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804).</font><br>A source code patch is available for <a href="errata55.html#023_libxfont">5.5</a>, <a href="errata56.html#019_libxfont">5.6</a> and <a href="errata57.html#002_libxfont">5.7</a>.
1389: <li>Update to libXfont 1.5.1 which contains fixes for CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804.
1.13 ! beck 1390: <li>Fix swap auto-allocation in <a href="http://man.openbsd.org/OpenBSD-current/man8/disklabel.8">disklabel(8)</a> for machines with very little memory.
! 1391: <li>Replace <a href="http://man.openbsd.org/OpenBSD-current/man1/sort.1">sort(1)</a> with the implementation from FreeBSD.
1.1 deraadt 1392: <li>In the installer, don't ask about xdm if the answer to the X question was "no" (restores previous behaviour that got lost in r1.780 of src/distrib/miniroot/install.sub).
1.13 ! beck 1393: <li>Prevent a race in <a href="http://man.openbsd.org/OpenBSD-current/man4/ehci.4">ehci(4)</a> resulting in an infinite loop printing "ehci_idone" messages.
! 1394: <li>Fix erratic behaviour of <a href="http://man.openbsd.org/OpenBSD-current/man1/dig.1">dig(1)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man1/nslookup.1">nslookup(1)</a> when no (valid) nameserver is configured in resolv.conf.
! 1395: <li>Explicitly handle SIGPIPE in <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>. This prevents a "Broken pipe" message from <a href="http://man.openbsd.org/OpenBSD-current/man1/csh.1">csh(1)</a>.
1.1 deraadt 1396: <!-- 2015-03-15 -->
1.13 ! beck 1397: <li>Repair a missing state insert in <a href="http://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a>.
1.1 deraadt 1398: <li>Try a third approach for handling pms and pckbd interrupt storms, when there is no pms driver in the kernel.
1399: <li>Update to sqlite3 3.8.7.4.</li>
1400: <li>Avoid a NULL pointer dereference in LibreSSL. A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. According to OpenSSL, this is the fix for CVE-2015-0288.
1.13 ! beck 1401: <li>Prevent a use-after-free in <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a>.
! 1402: <li>Allow the <a href="http://man.openbsd.org/OpenBSD-current/man1/xdm.1">xdm(1)</a> greeter to set the background color of the input fields. The "inpColor" resource is used for that.
! 1403: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, avoid off-by-one read access to the termacts array, which could
1.1 deraadt 1404: sometimes result in missing line breaks before subsection headers.
1405: <!-- 2015-03-14 -->
1406: <li>In the installer, eliminate the question "Which cd?" and just show the available cd's in the "Location of sets?" prompt.
1407: <li>Allow for multiple concurrent devopen() calls, and fill the .readdir member
1408: of fs_ops. This makes the "ls" command finally work in the macppc bootloader.
1.13 ! beck 1409: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/last.1">last(1)</a>, use ctime_r to avoid a re-entrancy signal race.
1.1 deraadt 1410: <li>Check for the size of the supposed destination address when constructing the Ethernet frame. This prevents an overflow.
1.13 ! beck 1411: <li>The RTL8411 is supported by <a href="http://man.openbsd.org/OpenBSD-current/man4/rtsx.4">rtsx(4)</a>.
! 1412: <li>Rewrite the <a href="http://man.openbsd.org/OpenBSD-current/man1/sh.1">sh(1)</a> manual page and confine it to document features supported by POSIX-compliant shells.
1.1 deraadt 1413: <!-- 2015-03-13 -->
1.13 ! beck 1414: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>, when removing interfaces in the RDE, also remove all the RDE neighbors that are part of that interface. This prevents use-after-free situations.
! 1415: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man4/wi.4">wi(4)</a> on PCMCIA work on luna88k.
1.1 deraadt 1416: <!-- 2015-03-12 -->
1.13 ! beck 1417: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a>, fix hardlink detection on platforms having padding in struct inodev, typically 64-bit platforms.
1.1 deraadt 1418: <li>Use the shorter ofwbootfd (without softraid support) on the miniroot. This fixes booting of cdNN.iso and installNN.iso on the Blade 150.
1419: <li>Make "boot -c" support work on a variety of newer machines. This is not expected to harm older machines.
1420: <li>Handle the way some BIOSes initialize newer-style nubbins/touchpads into strange (advanced) modes, which can muddle up the pckbc pipe. This is experienced as 10-second typing pauses and strange repeat behaviour on the RAMDISK (and is caused by "lightly brushing" the touchpad).
1.13 ! beck 1421: <li>Automatic parent interface selection no longer works in <a href="http://man.openbsd.org/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a> (see r1.245 of src/sys/netinet/ip_carp.c); carpdev is a required argument now.
! 1422: <li>Escape ! characters for tab completion in <a href="http://man.openbsd.org/OpenBSD-current/man1/ksh.1">ksh(1)</a>. This is necessary if using "set -o csh-history".
1.1 deraadt 1423: <!-- 2015-03-11 -->
1.13 ! beck 1424: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://man.openbsd.org/OpenBSD-current/man1/tar.1">tar(1)</a>, try to recognize a few well-known compression formats, and report them to the user.
! 1425: <li>Remove setgid kmem support from <a href="http://man.openbsd.org/OpenBSD-current/man1/systat.1">systat(1)</a>. As a result, the netstat view of systat is slightly different.
! 1426: <li>In <a href="http://man.openbsd.org/OpenBSD-5.6/man8/ping.8">ping(8)</a>, bump the size of the time types on the wire to 64 bit.
! 1427: <li>Remove <a href="http://man.openbsd.org/OpenBSD-5.6/man1/tcopy.1">tcopy(1)</a>.
! 1428: <li>Remove setgid kmem support from <a href="http://man.openbsd.org/OpenBSD-current/man8/eeprom.8">eeprom(8)</a>. As a result, root privileges are generally needed to run this.
! 1429: <li>Remove setgid kmem support from <a href="http://man.openbsd.org/OpenBSD-current/man8/pstat.8">pstat(8)</a>. As a result, root privileges are needed to use the -d and -v options.
! 1430: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/man.1">man(1)</a>, when interpreting the -O argument as a macro name fails, fall back to showing Nd rather than not showing anything.
! 1431: <li>The 3160 should work with <a href="http://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a>.
1.1 deraadt 1432: <!-- 2015-03-10 -->
1.13 ! beck 1433: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/ping.8">ping(8)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man8/ping6.8">ping6(8)</a>, <a href="http://man.openbsd.org/OpenBSD-current/man8/traceroute.8">traceroute(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/traceroute6.8">traceroute6(8)</a> resistant to local wall clock changes which can skew the intervals reported or make them go negative.
1.1 deraadt 1434: <li>Add back r1.206 of src/usr.bin/ssh/packet.c that fixed some leaks in error paths and was reverted by mistake.
1.13 ! beck 1435: <li>Set verbosity to 1 (the default is 0) in <a href="http://man.openbsd.org/OpenBSD-current/man5/nsd.conf.5">nsd.conf(5)</a> so that incoming notifies and zone xfers are logged.
1.1 deraadt 1436: <li>Improve locking in amd64 pmap using mutexes.
1.13 ! beck 1437: <li>Disable the database file by default in <a href="http://man.openbsd.org/OpenBSD-current/man5/nsd.conf.5">nsd.conf(5)</a>. It is believed to be a saner default for the common use case and there is a problem with missing records on shutdown.
1.1 deraadt 1438: <!-- 2015-03-09 -->
1.13 ! beck 1439: <li>Fix a regression in <a href="http://man.openbsd.org/OpenBSD-current/man1/man.1">man(1)</a> where the first manual shown is not properly displayed in the pager if that manual is compressed.
! 1440: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/vi.1">vi(1)</a>, display "Search wrapped" even when searching from the end of the file.
! 1441: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/wdc.4">wdc(4)</a>, do not attempt to read the status register unless WDCF_IRQ_WAIT is not set; this used to be the case but got broken in r1.113. This fixes the Acard ATP865-R.
! 1442: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man6/worm.6">worm(6)</a>, make the worm grow faster on larger terminals. This is more fun than starting with an enormous pile of worm at the start.
1.1 deraadt 1443: <li>Don't do IPv6 SLAAC for prefixes with a preferred lifetime of zero, per RFC 4941.
1.13 ! beck 1444: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>:
1.1 deraadt 1445: <ul>
1.13 ! beck 1446: <li>Fix vertical spacing at the beginning of tables: <a href="http://man.openbsd.org/OpenBSD-current/man7/man.7">man(7)</a> always prints a blank line; <a href="http://man.openbsd.org/OpenBSD-current/man7/mdoc.7">mdoc(7)</a> doesn't.
! 1447: <li>Don't mistreat negative .sp arguments in <a href="http://man.openbsd.org/OpenBSD-current/man7/mdoc.7">mdoc(7)</a> as large positive ones.
! 1448: Instead, use the same logic as for <a href="http://man.openbsd.org/OpenBSD-current/man7/man.7">man(7)</a>.
1.1 deraadt 1449: <li>Flush the line preceding a table before clearing the right margin, so that that line isn't output with unlimited width.
1450: </ul>
1.13 ! beck 1451: <li>Make <a href="http://man.openbsd.org/OpenBSD-current/man8/httpd.8">httpd(8)</a> and <a href="http://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a> TLSv1.2-only by default.
! 1452: <li>Make -DSHORTENED the default in <a href="http://man.openbsd.org/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>.
1.1 deraadt 1453: <li>Move i386 pvlists to pool backed, and improve the locking using mutexes.
1454: <!-- 2015-03-08 -->
1.13 ! beck 1455: <li>Various fixes for <a href="http://man.openbsd.org/OpenBSD-current/man1/cpio.1">cpio(1)</a>/<a href="http://man.openbsd.org/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://man.openbsd.org/OpenBSD-current/man1/tar.1">tar(1)</a>:
1.1 deraadt 1456: <ul>
1457: <li>Prevent an archive from escaping the current directory by itself.
1458: <li>For tar without -P, if a path in the archive has any ".." components, then strip everything up to and including the last of them (if it ends in ".." then it becomes ".").
1459: <li>For directories whose times or mode will be fixed up in the clean-up pass, record their dev+ino and then use open(O_DIRECTORY)+fstat() to verify that we're updating the correct directory before using futimens() and fchmod().
1460: <li>Correct buffer overflow in handling of pax extension headers, caught by the memcpy() overlap check.
1.3 deraadt 1461: </ul>
1.1 deraadt 1462: </ul>
1463: <p>
1464:
1465: </body>
1466: </html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus58.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www