Annotation of www/plus60.html, Revision 1.2
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.0 Changelog</title>
5: <meta name="description" content="OpenBSD 6.0 changes">
6: <meta name="copyright" content="This document copyright 1996-2016 by OpenBSD.">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="http://www.openbsd.org/plus59.html">
10: </head>
11:
12: <body bgcolor="#ffffff" text="#000000" link="#23238e">
13:
14: <h2>
15: <a href="index.html">
16: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
17: <font color="#e00000">6.0 Changelog</font>
18: </h2>
19: <hr>
20:
21: <p>
22: This selection is intended to include all important
23: and all user-visible changes.
24: For a complete record of all changes, please see the "source-changes"
25: mailing list, called "OpenBSD CVS"
26: in the <a href="mail.html#Archives">archives</a>,
27: or use <a href="anoncvs.html#CVS">CVS</a>.
28:
29: <p>
30: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
31:
32: <p>
33: For changes in other releases, click below:<br>
34: <a href="plus20.html">2.0</a>,
35: <a href="plus21.html">2.1</a>,
36: <a href="plus22.html">2.2</a>,
37: <a href="plus23.html">2.3</a>,
38: <a href="plus24.html">2.4</a>,
39: <a href="plus25.html">2.5</a>,
40: <a href="plus26.html">2.6</a>,
41: <a href="plus27.html">2.7</a>,
42: <a href="plus28.html">2.8</a>,
43: <a href="plus29.html">2.9</a>,
44: <a href="plus30.html">3.0</a>,
45: <a href="plus31.html">3.1</a>,
46: <a href="plus32.html">3.2</a>,
47: <a href="plus33.html">3.3</a>,
48: <a href="plus34.html">3.4</a>,
49: <a href="plus35.html">3.5</a>,
50: <a href="plus36.html">3.6</a>,
51: <br>
52: <a href="plus37.html">3.7</a>,
53: <a href="plus38.html">3.8</a>,
54: <a href="plus39.html">3.9</a>,
55: <a href="plus40.html">4.0</a>,
56: <a href="plus41.html">4.1</a>,
57: <a href="plus42.html">4.2</a>,
58: <a href="plus43.html">4.3</a>,
59: <a href="plus44.html">4.4</a>,
60: <a href="plus45.html">4.5</a>,
61: <a href="plus46.html">4.6</a>,
62: <a href="plus47.html">4.7</a>,
63: <a href="plus48.html">4.8</a>,
64: <a href="plus49.html">4.9</a>,
65: <a href="plus50.html">5.0</a>,
66: <a href="plus51.html">5.1</a>,
67: <a href="plus52.html">5.2</a>,
68: <a href="plus53.html">5.3</a>,
69: <br>
70: <a href="plus54.html">5.4</a>,
71: <a href="plus55.html">5.5</a>,
72: <a href="plus56.html">5.6</a>,
73: <a href="plus57.html">5.7</a>,
74: <a href="plus58.html">5.8</a>,
75: <a href="plus59.html">5.9</a>,
76: <a href="plus.html">current</a>.
77: <br>
78:
79: <p>
80: <h3><font color="#0000e0">Changes made between OpenBSD 5.9 and 6.0</font></h3>
81: <p>
82:
83: <ul>
1.2 ! tim 84: <!-- 2016-07-26 -->
! 85: <li>Unbreak <a href="http://man.openbsd.org/rsu.4">rsu(4)</a>.
! 86: <li>In <a href="http://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a>, fix byteswap errors. This repairs <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a> on macppc.
! 87: <!-- 2016-07-25 -->
! 88: <li>In mesa, disable the code that allocates W|X memory.
! 89: <li>Disable tmpfs.
! 90: <li>In <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>, avoid a hang when the receive buffer of a route socket becomes full.
! 91: <li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, revert the change to scale the default "density" value to create the same number of inodes.
! 92: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, initialize the log subsytem in the SE like it is done in the RDE. This avoids all logging from going to /dev/null.
! 93: <li>When closing <a href="http://man.openbsd.org/bpf.4">bpf(4)</a> devices, ensure the minor number becomes free for reuse by the device cloning code. This fixes a panic.
! 94: <li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, patch CVE-2016-1238.
! 95: <!-- 2016-07-24 -->
! 96: <li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only <a href="http://man.openbsd.org/chroot.2">chroot(2)</a> when run as root.
! 97: <!-- 2016-07-23 -->
! 98: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.</font><br>A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>.
! 99: <li>In the installer, back out the automatic <a href="http://man.openbsd.org/pkg.conf.5">pkg.conf(5)</a> installpath changes.
! 100: <li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers sned frames to the ethernet broadcast address.
! 101: <li>In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach.
! 102: <li>Disable POOL_DEBUG.
! 103: <li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, scale the default "density" value so that on 4K disks the same number of inodes are creates as on DEV_BSIZE devices.
! 104: <li>In <a href="http://man.openbsd.org/stty.1">stty(1)</a>, error out if the display and modify mode are combined on the command line. This avoids a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation.
! 105: <li><a href="http://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a few CPUID emulation issues.
! 106: <!-- 2016-07-22 -->
! 107: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with the -f option.
! 108: <li>Attach <a href="http://man.openbsd.org/armv7/imx.4">imx(4/armv7)</a> on i.mx6 quad plus.
! 109: <li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, actually DECLINE and delete unused offers.
! 110: <li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, fallback to the known IRQ number on imx.6 if the fdt interrupts-extended property is missing or not the size that is expected.
! 111: <li>In <a href="http://man.openbsd.org/rtable.4">rtable(4)</a>, prevent an infinite recursion when deleting routes inside rtable_walk().
! 112: <li>Prevent NULL-pointer call for filesystems that don't provide vfs_sysctl in their vfsops structs.
! 113: <li>In <a href="http://man.openbsd.org/relayd.8">relayd(8)</a>, fix a crash when the connection is terminated prematurely.
! 114: <li>Fix a double <a href="http://man.openbsd.org/rtfree.9">rtfree(9)</a> triggered when IPSEC inserts a more specific route because of PMTU.
! 115: <!-- 2016-07-21 -->
! 116: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
! 117: everse the order in which -J/JumpHost proxies are visited to be more intuitive.
! 118: <li>In switchd(8), add basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT, no FLOW_MOD yet.
! 119: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, don't quit when the local addresses of a peer can't be figured out. Instead bring the session down.
! 120: <li>In <a href="http://man.openbsd.org/tcpbench.1">tcpbench(1)</a>, add AF_UNIX support and also make it possible to randomize the write size in the client.
! 121: <li>In <a href="http://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a>, respect the RTS threshold set by net80211.
! 122: <li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, silently ignore <a href="http://man.openbsd.org/chroot.2">chroot(2)</a> setup failure, because <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> provides an even better sandbox. This regain -r support.
! 123: <!-- 2016-07-20 -->
! 124: <li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>, skip passwords longer than 1024 characters in length, so clients can't easily DoS sshd by sending very long passwords.
! 125: <li>Use <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> in switchd(8) and switchctl(8).
! 126: <li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, plug potential leak of device list.
! 127: <li>In switchd(8), parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match).
! 128: <li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, print the relevant counters to tune the TCP SYN cache.
! 129: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, disable the beacon filter. This make it possible to keep track of HT protection changes.
! 130: <li>In net80211, enable RTS for frames above a particular size. This change allows for reasonable throughput on loaded 11g networks whereas before they were practically unusable.
! 131: <li>In switchd(8), update OpenFlow 1.3 stub based on the 1.0 code.
! 132: <li>In switchd(8), add the -n flag to check the configuration and exit.
! 133: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, properly keep track of HT protection changes while associated.
! 134: <li>Unbreak <a href="http://man.openbsd.org/ural.4">ural(4)</a>, which had been dropping frames on Tx while the IFF_RUNNING flag was set.
! 135: <li>In <a href="http://man.openbsd.org/ehci.4">ehci(4)</a>, use for ATI controllers the same workaround as for VIA controllers. This should hopefully help people reporting errors with SB700.
! 136: <li>Add the tcp.synhashsize <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> to make the size for the syn cache hash array tunable.
! 137: <!-- 2016-07-19 -->
! 138: <li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, narrow the BPF read filter rules so only packets sent to the interface's LLADDR pass. This limits the number of packets that get dropped as a result of dhclient setting BIOCSFILDROP on the bpf descriptor.
! 139: <li>Import switch(4), switchd(8) and switchctl(8), a basic work-in-progress OpenFlow implementation (not build by default).
! 140: <li>In <a href="http://man.openbsd.org/carp.4">carp(4)</a>, fix the check supposed to prevent "ip" and "ip-stealth" balancing modes from leaking the multicast address.
! 141: <li>In <a href="http://man.openbsd.org/sshd_config.5">sshd_config(5)</a>, allow wildcard for PermitOpen hosts as well as ports (bz#2582).
! 142: <li>In "<a href="http://man.openbsd.org/rcctl.8">rcctl</a> ls", skip all files with a "." in the name, because <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a> renames files in this way when the checksums don't match.
! 143: <li>In <a href="http://man.openbsd.org/netstart.8">netstart(8)</a>, unbreak <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> on top of <a href="http://man.openbsd.org/tap.4">tap(4)</a>.
! 144: <!-- 2016-07-18 -->
! 145: <li>In virtio, always allow MSI/MSI-X. This enables MSI-X with qemu's old "82441FX" pci-bridge.
! 146: <li>In <a href="http://man.openbsd.org/armv7/sxitimer.4">sxitimer(4/armv7)</a>, explicitly stop the timers before reloading them. This fixes a hang on the Olimex A10s boards.
! 147: <li>In <a href="http://man.openbsd.org/doas.1">doas(1)</a>, copy the path to the shell from struct passwd to prevent it from being overridden by a <a href="http://man.openbsd.org/getpwuid.3">getpwuid(3)</a> call. This happens in a double doas call.
! 148: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>:
! 149: <ul>
! 150: <li>Retry Tx of management frames less often.
! 151: <li>Fix inverted logic in iwm_tx().
! 152: <li>Explicitly set firmware Tx aggregation limit to one (which disables Tx aggregation).
! 153: </ul>
! 154: <li>In <a href="http://man.openbsd.org/pstat.8">pstat(8)</a>, fix VFLAG formatting.
! 155: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data.
! 156: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, <a href="http://man.openbsd.org/ktrace.1">ktrace(1)</a> and <a href="http://man.openbsd.org/ltrace.1">ltrace(1)</a>, add "p" trace point for KTRFAC_PLEDGE, and fix handling of -t+ in <a href="http://man.openbsd.org/ltrace.1">ltrace(1)</a>.
! 157: <!-- 2016-07-17 -->
! 158: <li>Attach <a href="http://man.openbsd.org/armv7/sunxi.4">sunxi(4/armv7)</a> based on the compatible property of the root node of the device tree.
! 159: <!-- 2016-07-16 -->
! 160: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, support UTF-8 characters in ssh banners (bz#2058).
! 161: <li>In <a href="http://man.openbsd.org/jot.1">jot(1)</a>, fix a bug causing values to be printed out of bounds if the precision is 0.
! 162: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 163: <ul>
! 164: <li>Fix parsing of malformed optional TLVs/Sub-TLVs.
! 165: <li>Remove potential overflow when validating message's length.
! 166: </ul>
! 167: <li>In <a href="http://man.openbsd.org/virtio.4">virtio(4)</a>, support MSI-X. This increases performance for interrupt heavy loads.
! 168: <!-- 2016-07-15 -->
! 169: <li>In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled.
! 170: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 171: <ul>
! 172: <li>Update per-neighbor GTSM options on config reload.
! 173: <li>Explicitly ignore the Hop Count and Path Vector TLVs.
! 174: <li>Improve logging of reserved labels.
! 175: </ul>
! 176: <li>Disable acpicbkbd(4) by default until after the release. It causes the kernel to spin forever on certain Chromebooks.
! 177: <!-- 2016-07-14 -->
! 178: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585).
! 179: <li>Add a ProxyJump <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a> option and a corresponding -J <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> command-line flag to allow simplified indirection through a SSH bastion or "jump host".
! 180: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin.</font><br>A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>.
! 181: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. </font><br>A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>.
! 182: <li><font color="#e00000">5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.</font><br>A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>.
! 183: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>.
! 184: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>.
! 185: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.</font><br>A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>.
! 186: <li><font color="#e00000">5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.</font><br>A source code patch is available for <a href="errata59.html#014_unp">5.9</a>.
! 187: <li><font color="#e00000">5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</font><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>.
! 188: <li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots.
! 189: <li>Ignore the kern.usermount <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1.
! 190: <li>In <a href="http://man.openbsd.org/ip6.4">ip6(4)</a>, drop received packets with an IPv4-compatible address as source or destination as per RFC4213.
! 191: <li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID.
! 192: <li>Prevent a use-after-free by not updating an ARP entry that has been removed from the table.
! 193: <li>In <a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a>, properly handle poll timeout.
! 194: <!-- 2016-07-13 -->
! 195: <li>Avoid a panic caused by very big mallocs for the ufs_readdir() buffer which should have been limited to 64 kB.
! 196: <li>Avoid a panic caused by very big mallocs that result from uint64-to-int32 truncation when kevent does fd validation.
! 197: <li>On amd64, add hvn(4), a work-in-progress driver for the Hyper-V NetVSC.
! 198: <li>In <a href="http://man.openbsd.org/calendar.1">calendar(1)</a>, when matching a day in the month, ensure the date is still in the month we are interested in. This
! 199: fixes things like Sunday+5 for months where there is not a 5th Sunday.
! 200: <li>In <a href="http://man.openbsd.org/bpgd.8">bpgd(8)</a>, output the no-longer-so-new AS operators when printing the configuration.
! 201: <li>In libtls, split the existing TLS cipher suite groups into four: secure, compat, legacy and insecure.
! 202: <li>Check resource limits for mappings established using __MAP_NOFAULT. This prevents callers from triggering a kernel panic and a potential integer overflow in the amap code by forcing the allocation of too many slots.
! 203: <li>In imxehci(4), use the device tree voltage regulator information to supply power to the USB bus, because this only supports "fixed" regulators that are controlled through a gpio.
! 204: <!-- 2016-07-12 -->
! 205: <li>Fix a crash when MNT_DOOMED is passed in the flags to <a href="http://man.openbsd.org/unmount.2">unmount(2)</a>.
! 206: <li>In <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>, add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages.
! 207: <!-- 2016-07-11 -->
! 208: <li>In tmpfs, don't allow mounting with noval owner. It causes a panic later on.
! 209: <li>In <a href="http://man.openbsd.org/factor.6">factor(6)</a>, use an integer version of the Newton method instead of the floating point square root. This fixes a rounding issue.
! 210: <li>In <a href="http://man.openbsd.org/armv7/imxesdhc.4">imxesdhc(4/armv7)</a> and <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7</a>, use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs.
! 211: <li>Hook up imxgpio(4) to the FDT gpio framework.
! 212: <li>Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route.
! 213: <li>In <a href="http://man.openbsd.org/tcp.4">tcp(4)</a>, do not increase the size of the socket buffer under memory pressure.
! 214: <!-- 2016-07-10 -->
! 215: <li>In <a href="http://man.openbsd.org/tpcump.8">tcpdump(8)</a>, recognize MPLS pseudowire with control words. Also print encapsulated ethernet packets.
! 216: <li>In <a href="http://man.openbsd.org/acpimadt.4">acpimadt(4)</a>, properly handle Processor Local X2APIC structures. This makes secondary CPUs attach on the HP DL360 gen 9.
! 217: <li>Dynamically attach imxgpio(4) using the FDT.
! 218: <li>In <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>, fix a bug causing .so links to gzipped manuals to fail in the absence of a <a href="http://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> database.
! 219: <!-- 2016-07-09 -->
! 220: <li>In <a href="http://man.openbsd.org/armv7/omap.4">omap(4/armv7)</a>, follow imx and match based on the compatible property of the root node in the fdt instead of attaching the device based on board IDs.
! 221: <li>Dynamically attach i.MX6 <a href="http://man.openbsd.org/ehci.4">ehci(4)</a> using the FDT.
! 222: <!-- 2016-07-07 -->
! 223: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. This prevents the possibility of a side-channel oracle, though no such oracle has been identified.
! 224: <li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, fix a bug where XSLoader could try to load from a subdir of the cwd when called via eval (CVE-2016-6185).
! 225: <!-- 2016-07-06 -->
! 226: <li>In <a href="http://man.openbsd.org/malloc.3">malloc(3)</a>, correctly implement the three-valued J/j option.
! 227: <li>In <a href="http://man.openbsd.org/syslogd.conf.5">syslogd.conf(5)</a>, allow space-deliminated fields in syslog.conf in addition to traditional tabs-deliminated fields.
! 228: <li>Various cleanups in <a href="http://man.openbsd.org/route6d.8">route6d(8)</a>.
! 229: <li>Fix several places where calculating ticks could overflow, because on arithmetic overflows the compiler may decide to do anything.
! 230: <!-- 2016-07-05 -->
! 231: <li>In libtls, correctly handle an EOF that occurs prior to the TLS handshake completing.
! 232: <li>Update to tzdata2016f.
! 233: <li>Build <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> on octeon.
! 234: <li>On octeon, add <a href="http://man.openbsd.org/openprom.4">openprom(4)</a>.
! 235: <!-- 2016-07-04 -->
! 236: <li>In libcrypto, add several fixes to make OCSP work with intermediate certificates provided in the response.
! 237: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, remove unfinished prebind support.
! 238: <li>Avoid an integer overflow of the thrsleep() timeout. This prevents a panic.
! 239: <li>On the Quad-G5, make <a href="http://man.openbsd.org/macppc/hpb.4">hpb(4)</a> attach first when iterating PCI buses to allow <a href="http://man.openbsd.org/macppc/openpic.4">openpic(4)</a> to properly map interrupt for the devices instead of possibly dereferencing garbage.
! 240: <li>In <a href="http://man.openbsd.org/rtable.4">rtable(4)</a>
! 241: <!-- 2016-07-03 -->
! 242: <li>In <a href="http://man.openbsd.org/savecore.8">savecore(8)</a>, drop support for the undocumented second argument.
! 243: <li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, implement the -I option.
! 244: <li>In <a href="http://man.openbsd.org/smptd.8">smtpd(8)</a>, add the -r option to the enqueuer for compatibility with mailx.
! 245: <!-- 2016-07-02 -->
! 246: <li>Introduce the "chown" <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>.
! 247: <li>Update to perl 5.20.3.
! 248: <li>In <a href="http://man.openbsd.org/rebound.8">rebound(8)</a>, avoid a crash by checking the cache tree for collisions when inserting replies.
! 249: <li>In <a href="http://man.openbsd.org/macppc/aoa.4">aoa(4/macppc)</a>, support the AOAShasta soundchip found on PowerMac9,1.
! 250: <!-- 2016-07-01 -->
! 251: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 252: <ul>
! 253: <li>Add GTSM support (RFC 6720).
! 254: <li>Decrease the initialization FSM timeout. This allows quicker recovery of a session with a neighbor.
! 255: <li>Improve RFC 4447 compliance.
! 256: </ul>
! 257: <li>In <a href="http://man.openbsd.org/cat.1">cat(1)</a>, indent the '$' on blank lines when the -ne options are used.
! 258: <li>Make accepted sockets inherit IP_TTL from the listening socket.
! 259: <li>Allow resetting the IP_TTL and IP_MINTTL sockopts.
! 260: <li>Fix an issue where <a href="http://man.openbsd.org/syslogd.8">syslogd.8</a> would print 15 NUL bytes followed by two blank spaces before the log message for warnings generated while parsing syslog.conf.
! 261: <li>Add acpicbkbd(4), a simple keyboard backlight driver for some Chromebooks.
! 262: <li>On armv7, allow booting on SolidRun's HummingBoards and CuBoxes.
! 263: <!-- 2016-06-30 -->
! 264: <li>In <a href="http://man.openbsd.org/sndiod.8">sndiod(8)</a>, avoid triggering watchdog time-outs which prevent sndiod from resuming.
! 265: <li>Update perl Time::HiRes to 1.9739.
! 266: <li>Bump LibreSSL to 2.4.2.
! 267: <li>In <a href="http://man.openbsd.org/rtadvd.8">rtadvd(8)</a>, prevent a NULL dereference.
! 268: <li>In <a href="http://man.openbsd.org/malloc.3">malloc(3)</a>, adapt the S option: add C, and remove F and P.
! 269: <li>In <a href="http://man.openbsd.org/inet6.4">inet6(4)</a>, restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
! 270: <!-- 2016-06-29 -->
! 271: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, explicitly check for 100% completion in the progress meter. This avoids a potential floating point rounding error which could cause the progress meter to report 99% on completion.
! 272: <li>In <a href="http://man.openbsd.org/vi.1">vi(1)</a>, if /tmp/vi.recover doesn't exist, don't create it. Warn once that it doesn't exist, afterwards fail silently.
! 273: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, explicitely enclose SMTP transactions between BEGIN and COMMIT/ROLLBACK filter events.
! 274: <li>In <a href="http://man.openbsd.org/amd64/ioapic.4">ioapic(4/amd64)</a>, don't write to the read-only RIRR bit in the IOAPIC redirection register. This may subsequently block interrupt delivery.
! 275: <!-- 2016-06-28 -->
! 276: <li>In <a href="http://man.openbsd.org/nc.1">nc(1)</a>, add the -M and -m options to specify the outgoing and incoming minimum TTL.
! 277: <li>In <a href="http://man.openbsd.org/fts_open.3">fts_open(3)</a>:
! 278: <ul>
! 279: <li>Do not return an error if one of the paths in argv is empty. This prevents programs using <a href="http://man.openbsd.org/fts.3">fts(3)</a> from reporting an error if one of the paths is empty.
! 280: <li>When the list passed is empty, return EINVAL instead of pretending to succeed. This avoids a NULL pointer dereference in a later <a href="http://man.openbsd.org/fts_read.3">fts_read(3)</a> call.
! 281: </ul>
! 282: <li>Add the net.inet.ip.arptimeout and net.inet.ip.arpdown <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>'s for ARP timers.
! 283: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, use IPV6_MINHOPCOUNT to finish implementing ttl-security for IPv6.
! 284: <li>Update to xkeyboard-config 2.18.
! 285: <li>In <a href="http://man.openbsd.org/pkg_info.1">pkg_info(1)</a>, implement -z that uses is-branch info to produce "complete" stem--[flavor][%branch] listing.
! 286: <li>Add UDP unicast and multicast support for IP_MINTTL and IPV6_MINHOPCOUNT.
! 287: <!-- 2016-06-27 -->
! 288: <li>On <a href="http://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a panic when CPUs fail to spin up for other reasons during boot.
! 289: <li>On amd64 and i386, enable the UMIP feature if present.
! 290: <li>Enable <a href="http://man.openbsd.org/ure.4">ure(4)</a> on the architectures where <a href="http://man.openbsd.org/url.4">url(4)</a> already is.
! 291: <li><font color="#e00000">5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.</font><br>A source code patch is available for <a href="errata59.html#012_crypto">5.9</a>.
! 292: <li>Repair <a href="http://man.openbsd.org/kill.2">kill(2)</a> on zombie processes.
! 293: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>, fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected.
! 294: <li>In <a href="http://man.openbsd.org/iwn.4">iwn(4)</a>, revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips.
! 295: <li>Restore the sys_o58_kill system call. This provides a clean transition for runtimes that make direct system calls.
! 296: <li>Make the IPV6_UNICAST_HOPS socket option usable for incoming TCP connections.
! 297: <li>In <a href="http://man.openbsd.org/ip6.4">ip6(4)</a>, implement IPV6_MINHOPCOUNT support.
! 298: <li>In <a href="http://man.openbsd.org/doas.1">doas(1)</a>, revise environment handling. Add a "setenv" keyword to <a href="http://man.openbsd.org/doas.conf.5">doas.conf(5)</a> for manipulating the environment, the "keepenv" now means only retain everything.
! 299: <li>Add <a href="http://man.openbsd.org/ure.4">ure(4)</a>, a driver for Realtek RTL8152 10/100 USB Ethernet adapters.
! 300: <li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, make scp:// work with PKG_CACHE.
! 301: <!-- 2016-06-26 -->
! 302: <li>In <a href="http://man.openbsd.org/bcrypt.3">bcrypt(3)</a>, increase the minimum for auto rounds to 6.
! 303: <li>In <a href="http://man.openbsd.org/login.conf.5">login.conf(5)</a>, use auto rounds for bcrypt (on amd64, i386, macppc and sparc64).
! 304: <li>Dynamically attach <a href="http://man.openbsd.org/armv7/cpsw.4">cpsw(4/armv7)</a> with the FDT.
! 305: <li>Dynamically attach tiiic(4/armv7) using the FDT. Only match on omap4 compatible controllers such as the one in the am335x on BeagleBone Black.
! 306: <!-- 2016-06-25 -->
! 307: <li>Dynamically attach <a href="http://man.openbsd.org/armv7/omdog.4">omdog(4/armv7)</a> using the FDT.
! 308: <li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, recognize @option is-branch.
! 309: <li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> issue with "<a href="http://man.openbsd.org/fdisk.8">fdisk</a> /dev/tty".
! 310: <li>In libcrypto:
! 311: <ul>
! 312: <li>Fix the ocsp code to actually check for errors when comparing time values. Ensure that it only compared GERNERALIZEDTIME values as per RFC6960.
! 313: <li>Ensure that OCSP uses Generalized Time on requests as per RFC6960.
! 314: </ul>
! 315: <!-- 2016-06-24 -->
! 316: <li>In <a href="http://man.openbsd.org/pf.4">pf(4)</a>, make nat-to usable by in rules and together with divert-to. Collisions with existing states are found and produce a "NAT proxy port allocation failed" message.
! 317: <li>Update to nsd 4.1.10.
! 318: <!-- 2016-06-23 -->
! 319: <li>Log to <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> when the <a href="http://man.openbsd.org/dmesg.8">dmesg(8)</a> buffer overflows and messages are lost.
! 320: <li>When pf_test() returns something but PF_PASS, set error to EACCES instead of EHOSTUNREACH. On the latter, ip_forward() can generate undesired ICMP errors.
! 321: <li>In <a href="http://man.openbsd.org/pax.1">pax(1)</a>, allow creation of devices or fifo without -p.
! 322: <!-- 2016-06-22 -->
! 323: <li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>, fix AuthenticationMethods during configuration re-parse.
! 324: <li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, fetch MAC address from FDT.
! 325: <li>In <a href="http://man.openbsd.org/unbound.8">unbound(8)</a>:
! 326: <ul>
! 327: <li>Update to unbound 1.5.9.
! 328: <li>Fix a segfault in the -h option.
! 329: <li>Fix QNAME minimisation with various broken DNS servers, often found at CDNs.
! 330: </ul>
! 331: <li>In cn30xxgmx(4/octeon), add support for the second GMX interface on the Octeon II. This enables ports eth[0-3] on 8-port EdgeRouters.
! 332: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>:
! 333: <ul>
! 334: <li>Explicitly send multicast frames at the lowest rate, instead of picking a rate from the firmware RS table.
! 335: <li>Pass the correct Tx rate to BPF (<a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>) for 5GHz.
! 336: <li>Don't loop over CCK rates when building the Link-Quality command's RS table for 5GHz.
! 337: <li>Let the firmware deal with DTIM and TSF information details by itself. Fixes some association issues with 8260 hardware.
! 338: <li>Clear the in_assoc flag when going down.
! 339: </ul>
! 340: <!-- 2016-06-21 -->
! 341: <li>Add hyperv(4), the main Hyper-V nexus driver (work in progress).
! 342: <li>On amd64, set up the Hyper-V hypercall page and an IDT vector.
! 343: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, <a href="http://man.openbsd.org/dvmrpd.8">dvmrpd(8)</a>, <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>, <a href="http://man.openbsd.org/hostapd.8">hostapd(8)</a>, <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, <a href="http://man.openbsd.org/ifstated.8">ifstated(8)</a>, <a href="http://man.openbsd.org/iked.8">iked(8)</a>, <a href="http://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>, <a href="http://man.openbsd.org/iscsictl.8">iscsictl(8)</a>, <a href="http://man.openbsd.org/ldapd.8">ldapd(8)</a>, <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>, <a href="http://man.openbsd.org/ospf6d.8">ospf6d(8)</a>, <a href="http://man.openbsd.org/ospfd.8">ospfd(8)</a>, <a href="http://man.openbsd.org/pfctl.8">pfctl(8)</a>, <a href="http://man.openbsd.org/relayd.8">relayd(8)</a>, <a href="http://man.openbsd.org/ripd.8">ripd(8)</a>, <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, <a href="http://man.openbsd.org/snmpd.8">snmpd(8)</a>, <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>, <a href="http://man.openbsd.org/ypldap.8">ypldap(8)</a>, do not allow whitespace in macro names, i.e. "this is" = "a variable".
! 344: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, when handling DT_TEXTREL only set the mapping to READ+WRITE, ignore possible EXEC permission for the section, because the proper permission is set late, and there are no thread concerns in this case. This avoids W^X issues.
! 345: <li>In <a href="http://man.openbsd.org/efifb.4">efifb(4)</a>, add support for drawing a console on a coreboot framebuffer. This is useful on chromebooks that have no legacy vga device or, for newer chipsets, a full console and X with <a href="http://man.openbsd.org/wsfb.4">wsfb(4)</a>.
! 346: <li>In <a href="http://man.openbsd.org/pf.conf.5">pf.conf(5)</a>, change the parser to make af-to on pass out rules an error. This fixes a bug where a nonworking configuration could be loaded.
! 347: <li>On m88k, add sc_cookie in sigcontext, as same as other ports.
! 348: <li>In <a href="http://man.openbsd.org/audioctl.1">audioctl(1)</a>:
! 349: <ul>
! 350: <li>Reimplement it using new API in a simper way.
! 351: <li>Group all encoding parameters in a single string (ex. "s16le") so that we use the same naming scheme as aucat, sndiod and many ports.
! 352: <li>Remove "properties" as they are not used any longer.
! 353: <li>Remove the list of encodings as there's no benefit in having it.
! 354: <li>Add the -q option, to look like <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
! 355: <li>Remove the unused -a option.
! 356: <li>Stop using symlinks in /dev.
! 357: </ul>
! 358: <!-- 2016-06-20 -->
! 359: <li>In libcrypto, disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.
! 360: <li>In <a href="http://man.openbsd.org/openssl.1">openssl(1)</a>, fix a bug loading the default certificate path locations. The files would only be loaded if the CAfile or CApath locations were succesfully loaded first.
! 361: <li>In <a href="http://man.openbsd.org/ld.1">ld(1)</a>, make creation of text-relocations a fatal error by default, with -znotext to permit it and -ztext to reenable the default of forbidding it.
! 362: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, show the "nexthop 1.2.3.4 now valid: via 192.168.0.1" message only in debug mode.
! 363: <li>Add ds1307(4), an I2C driver for the Maxim DS1307 Real Time Clock chip.
! 364: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, send PHY DB commands as async commands. This change makes it work better in RAMDISK kernels.
! 365: <!-- 2016-06-19 -->
! 366: <li>Make <a href="http://man.openbsd.org/umb.4">umb(4)</a> also work with devices that implement both NCM 1.0 and MBIM.
! 367: <li>Dynamically attach omap uart with FDT.
! 368: <li>Remove the <a href="http://man.openbsd.org/OpenBSD-5.9/lockmgr.9">lockmgr(9)</a> API.
! 369: <li>In <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>:
! 370: <ul>
! 371: <li>Cache the result of often used functions.
! 372: <li>Implement "rcctl get|getdef all".
! 373: </ul>
! 374: <!-- 2016-06-18 -->
! 375: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 376: <ul>
! 377: <li>Fix a use-after-free.
! 378: <li>Fix a memory leak.
! 379: <li>Fix removal of dual-stack neighbors.
! 380: </ul>
! 381: <li>In cn30xxgmx(4), make the 1 Gbps SGMII settings the default to define a consistent set of parameters even if a link is down.
! 382: <li>Add the net.inet.tcp.rootonly and net.inet.udp.rootonly <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>'s, to mark which ports cannot be bound to by non-root users.
! 383: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, plug some memory leaks in error paths.
! 384: <!-- 2016-06-17 -->
! 385: <li>Dynamically attach <a href="http://man.openbsd.org/armv7/ommmc.4">ommmc(4/armv7)</a> with FDT.
! 386: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 387: <ul>
! 388: <li>Fix a small LIB-LFIB synchronization issue.
! 389: <li>Do not allow configuring the same interface for both LDP and VPLS.
! 390: </ul>
! 391: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, also add missing date or message-id when listening on the submit port.
! 392: <!-- 2016-06-16 -->
! 393: <li>In <a href="http://man.openbsd.org/sshd_config.5">sshd_config(5)</a>, ban AuthenticationMethods="" and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication (bz#2398).
! 394: <li>In <a href="http://man.openbsd.org/pfctl.8">pfctl(8)</a>, allow "include" in inline anchors.
! 395: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, allow a command to be specified to display-panes rather than always just selecting the pane.
! 396: <li>In <a href="http://man.openbsd.org/acpitoshiba.4">acpitoshiba(4)</a>, enable suspend/hibernate fn keys.
! 397: <!-- 2016-06-15 -->
! 398: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>:
! 399: <ul>
! 400: <li>Rework the format of the "Received" header so that the TLS part does not violate the RFC.
! 401: <li>Increase number of connections a local address is allowed to establish, and decrease the delay between transactions in the same session.
! 402: <li>Properly reset the transaction when a filter rejects a message.
! 403: </ul>
! 404: <li>Add <a href="http://man.openbsd.org/umb.4">umb(4)</a>, a driver for the Mobile Broadband Interface Model (MBIM) to provide support for USB MBIM devices.
! 405: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>:
! 406: <ul>
! 407: <li>Add -F to list-commands.
! 408: <li>Automatically exit all modes after 180 seconds of inactivity and if there is pending output.
! 409: </ul>
! 410: <!-- 2016-06-14 -->
! 411: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching (part of bz#2585).
! 412: <li>Update to tzdata2016e.
! 413: <li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, restrict %m and friends to "separate words" so they won't collide with branch specifiers.
! 414: <li>In <a href="http://man.openbsd.org/pppoe.4">pppoe(4)</a> and <a href="http://man.openbsd.org/sppp.4">sppp(4)</a>, don't hardcode vlan/queue priority for pppoe packets, but instead inherit it from the new "llprio" setting on the pppoe(4) interface.
! 415: <li>In the <a href="http://man.openbsd.org/timeout_set.9">timeout_add_*(3)</a>, prevent a round to zero.
! 416: <li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, implement "pkgname%branch" which can be used to restrict matches to a branch matching the <a href="http://man.openbsd.org/pkgpath.7">pkgpath(7)</a>.
! 417: <!-- 2016-06-13 -->
! 418: <li>Dynamically attach imxdog(4) using the FDT.
! 419: <li>Avoid socket splicing loops: if the same mbuf is spliced 128 times, assume that there is a loop and abort the splicing.
! 420: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 421: <ul>
! 422: <li>Rework the handling of Hello packets in order to improve IPv6 support.
! 423: <li>Implement a timeout for the session initialization FSM. This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
! 424: <li>Implement support for the Configuration Sequence Number TLV.
! 425: </ul>
! 426: <li>In <a href="http://man.openbsd.org/utvfu.4">utvfu(4)</a>, start/stop the audio bulk thread as the consumer opens/closes device.
! 427: <li>In <a href="http://man.openbsd.org/uvm_map.9">uvm_map(9)</a>, avoid grabbing the kernel lock for interrupt-safe pools.
! 428: <li>In <a href="http://man.openbsd.org/uhidev.4">uhidev(4)</a>, do not execute the callback if the device is beeing detached. This should prevent a race triggering a use-after-free.
! 429: <li>Correct the pledge for "<a href="http://man.openbsd.org/disklabel.8">disklabel(8)</a> -R -[fF]".
! 430: <!-- 2016-06-12 -->
! 431: <li>Dynamically <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a> using the FDT.
! 432: <li>In <a href="http://man.openbsd.org/armv7/sxie.4">sxie(4/armv7)</a> and sxiuart(4/armv7), handle both the nintr 1 (allwinner a10/cortex a8) and nintr 3 (allwinner a20/cortex a7) cases.
! 433: <!-- 2016-06-11 -->
! 434: <li>On armv7, ignore everything from ":" onward in stdout-path when finding the console node. Characters after this are device-specific settings.
! 435: <li>Dynamically attach imxuart using the FDT.
! 436: <li>In exuart(4/armv7), override the address found with FDT if the board ID is c210, because the qemu smdkc210 target uses serial0 for console while the exynos4210-universal_c210 dtb specifies stdout as serial2.
! 437: <li>Dynamically attach sxiuart using the FDT.
! 438: <li>Dynamically attach <a href="http://man.openbsd.org/armv7/sxie.4">sxie(4/armv7)</a> using the FDT.
! 439: <!-- 2016-06-10 -->
! 440: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 441: <ul>
! 442: <li>Fix parsing of multiple optional TLVs in label and notification messages. This fixes IxANVL LDP test 15.3.
! 443: <li>Make it possible to parse unknown TLVs in the future.
! 444: <li>Send an "Unknown FEC" Notification for unexpected wildcard FECs. This fixes ANVL LDP test 15.6.
! 445: <li>Add missing <a href="http://man.openbsd.org/ntohl.3">ntohl(3)</a> when recording a label request. This fixes the following ANVL LDP tests: 1.5 and 9.4.
! 446: <li>Parse the whole Hello packet before processing it. This fixes a bug where we could create a dynamic targeted neighbor in response to a malformed packet.
! 447: </ul>
! 448: <li>In <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, add the "llprio" parameter to set the priority of packets that do not go through <a href="http://man.openbsd.org/pf.4">pf(4)</a>.
! 449: <li>In <a href="http://man.openbsd.org/acpi.4">acpi(4)</a>, don't attempt to attach <a href="http://man.openbsd.org/acpitimer.4">acpitimer(4)</a> if the timer isn't present. The power management timer has been made optional in ACPI 5.0A.
! 450: <li>In <a href="http://man.openbsd.org/tetris.6">tetris(6)</a>, when eliding a row, clear the invisible row zero, so that no columns can become unusable during game play.
! 451: <!-- 2016-06-09 -->
! 452: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 453: <ul>
! 454: <li>Send a fatal notification when the last hello adjacency is deleted. This fixes the following ANVL LDP tests: 7.17 and 23.3.
! 455: <li>Do not shut down the session upon receiving unknown messages. This fixes IxANVL LDP test 22.13.
! 456: <li>Set the Message ID for Hello messages too.
! 457: </ul>
! 458: <li>Dynamically attach <a href="http://man.openbsd.org/armv7/imxesdhc.4">imxesdhc(4/armv7)</a> using the FDT.
! 459: <li>Add SGMII support and PHY addresses for 8-port EdgeRouters. This makes plain RJ45 ports eth[4-7] usable.
! 460: <li>Dynamically attach i.MX6 ahci(4) using the FDT.
! 461: <!-- 2016-06-08 -->
! 462: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>:
! 463: <ul>
! 464: <li>Add one more safety check for Initialization messages. This fixes the following ANVL LDP tests: 6.5, 6.6 and 6.11.
! 465: <li>Change what is considered a NACK for our Initialization messages. This fixes the following ANVL LDP tests: 6.19, 6.21 and 6.22.
! 466: <li>Discard Hello packet if advertised transport address is of different AF. This fixes IxANVL LDP test 5.13.
! 467: <li>Fix quick reconnect when the transport address is changed.
! 468: </ul>
! 469: <li>Remove octhci(4). It has been superseded by <a href="http://man.openbsd.org/dwctwo.4">dwctwo(4)</a>.
! 470: <li>Do the full W^X check on hppa and mips64.
! 471: <li>On armv7, use FDT to find the console to initialise.
! 472: <li>Attach <a href="http://man.openbsd.org/acpitoshiba.4">acpitoshiba(4)</a> on Libretto, Dynabook and SPA40 laptops.
! 473: <li>Enforce W^X and map W|X segments without X permission initially. The dynamic linker will make these read-only and add back X permission after relocation processing.
! 474: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, some ELF ABIs still require a PLT that is both writable and executable. To avoid W^X violations, initially map such segments as writable and non-executable, and change the mapping to non-writable and executable after initial relocation processing.
! 475:
! 476: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, accommodate ELF ABIs that require a PLT that is both writable and executable, without causing W^X violations.
! 477: <!-- 2016-06-07 -->
! 478: <li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>, revert src/usr.bin/ssh/kexgexs.c r1.28 ("Check min and max sizes sent by the client"). It caused "key_verify failed for server_host_key" in clients that send a DH-GEX min value less that DH_GRP_MIN.
! 479: <li>In <a href="http://man.openbsd.org/doas.conf.5">doas.conf(5)</a>, revert the setenv feature.
! 480: <li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, add the -g and -p options to control device and file start position.
! 481: <li>Add ktrace support for pollfd[] arrays.
! 482: <li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, fix a bug that causes an abort in the last samples of certain files.
! 483: <!-- 2016-06-06 -->
! 484: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, avoid printing the long string format for times in the 1970s.
! 485: <li>Let <a href="http://man.openbsd.org/vfprintf.3">vfprintf(3)</a> return EOVERFLOW rather than ENOMEM for overflow conditions to match POSIX.
! 486: <li>In <a href="http://man.openbsd.org/mount_tmpfs.8">mount_tmpfs(8)</a>, allow to set wxallowed on tmpfs filesystems.
! 487: <li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>, speed up session establishment after config reload.
! 488: <li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, to match the encoding type, compare against "pixelformat" instead of "description". This fixes the VIDIOC_ENUM_FMT ioctl for <a href="http://man.openbsd.org/utvfu.4">utvfu(4)</a>.
! 489: <li>Move nd6_output()s "short-circuiting" for non-lladdr interface types earlier. This fixes some IPv6 pppoe setups.
! 490: <li>In libcrypto, correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
! 491: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>:
! 492: <ul>
! 493: <li>Allow #[] in window-status-separator.
! 494: <li>Insert new panes after the pane being split in the list rather than always after the active pane.
! 495: <li>Cache selected state so that cells going from selected to unselected are not skipped.
! 496: </ul>
! 497: <!-- 2016-06-05 -->
! 498: <li>In <a href="http://man.openbsd.org/rebound.8">rebound(8)</a>, revert r1.27 of src/usr.sbin/rebound/rebound.c that used nonblocking sockets and spinned on them, trying to preemptively avoid kevent.
! 499: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, avoid a W^X violation when setting DT_DEBUG on mips64.
! 500: <li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>:
! 501: <ul>
! 502: <li>Reset the interface uptime when it is restarted.
! 503: <li>Fix a potential SIGBUS on startup.
! 504: </ul>
! 505: <li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, display correct the counter for the "no basic MCS set" error.
! 506: <li>In <a href="http://man.openbsd.org/dig.1">dig(1)</a>, reduce confusion about the -p option. Parse it, but only permit port 53, and make it an error otherwise instead of a warning.
! 507: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, deal with LMTP servers returning continuation lines.
! 508: <li>Add uvm_share(9) to share a memory range between two address spaces. Its primary use is to make guest VM memory accessible to the host (e.g. <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>).
! 509: <li>In <a href="http://man.openbsd.org/armv7/ommmc.4">ommmc(4/armv7)</a>, reset the bus width back to 1-bit when resetting the host.
! 510: <!-- 2016-06-04 -->
! 511: <li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>, improve security by calling <a href="http://man.openbsd.org/exec.3">exec(3)</a> after <a href="http://man.openbsd.org/fork.2">fork(2)</a>. This way it has separate ASLR/cookies per process.
! 512: <li>In <a href="http://man.openbsd.org/doas.conf.5">doas.conf(5)</a>, add the "setenv" directive.
! 513: <li>Abort a process if it trips the W^X violation check, unless it came from a filesystem with the wxallowed flag set.
! 514: <li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, add -q to only display the device properties and quit.
! 515: <!-- 2016-06-03 -->
! 516: <li>In <a href="http://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a>, add the =, !=, - (range), >< (exclusive range) operators to the as-path filters (AS, peer-as, source-as, transit-as).
! 517: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, fix multicast Rx by updating the MAC context again after sending multicast filter and STA settings during association. This makes ARP and inet6 autoconf work again.
! 518: <li>Avoid decreasing uvm_maxkaddr which may cause the "address selector returned unavailable address" panic.
! 519: <!-- 2016-06-02 -->
! 520: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using "ssh -W" (but still default to "yes" in that case) (bz#2577).
! 521: <li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, change the reboot default value to 1 second.
! 522: <li>On armv7, rename <a href="http://man.openbsd.org/OpenBSD-5.9/armv7/imxenet.4">imxenet(4/armv7)</a> to <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>.
! 523: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, allow printing timestamps relative to the beginning of the trace.
! 524: <li>On amd64, fix two issues in the MSI-X code: actually read the MSI-X capability register, and correctly decode the table sizefromits contents.
! 525: <li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, fix internal compiler error with long long arithmetic.
! 526: <li>In <a href="http://man.openbsd.org/mmap.2">mmap(2)</a>, prevent vsize_t underflow when checking RLIMIT_DATA, which made the check ineffective when you already had more memory than your limit allowed.
! 527: <li>In <a href="http://man.openbsd.org/iked.8">iked(8)</a>, use the last 32-bits of the IPv6 address to dynamically assign addresses from the pool, instead of the fourth byte.
! 528: <!-- 2016-06-01 -->
! 529: <li>In <a href="http://man.openbsd.org/intel.4">intel(4)</a>, fix an undefined symbol crash when opting into uxa.
! 530: <li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, set exit status to 1 if -n is used without -i and -o.
! 531: <li>In <a href="http://man.openbsd.org/nc.1">nc(1)</a>, support the use of service names instead of port numbers.
! 532: <li>Let <a href="http://man.openbsd.org/rmdir.2">rmdir(2)</a> return EINVAL intead of EBUSY when trying to remove ".". This restores POSIX compliance for <a href="http://man.openbsd.org/rmdir.2">rmdir(2)</a> and <a href="http://man.openbsd.org/rmdirat.2">rmdirat(2)</a>.
! 533: <li>In <a href="http://man.openbsd.org/newsyslog.conf.5">newsyslog.conf(5)</a>, increase permitted sizes for the daemon and messages logs.
! 534: <li>In <a href="http://man.openbsd.org/disklabel.8">disklabel(8)</a>, unbreak automatic disk allocation based on a template.
! 535: <li>In <a href="http://man.openbsd.org/umsm.4">umsm(4)</a>, add support for Netgear/Sierra Aircard 340U.
! 536: <li>In <a href="http://man.openbsd.org/uvideo.4">uvideo(4)</a>, correctly set the V4L2_BUF_FLAG_QUEUED and V4L2_BUF_FLAG_DONE buffer flags.
! 537: <li>In <a href="http://man.openbsd.org/iked.8">iked(8)</a>:
! 538: <ul>
! 539: <li>Fix a bug in the code that replaces unspecified (e.g. 0.0.0.0) addresses by specified (e.g. 192.0.2.1) ones in IPv6 case.
! 540: <li>Implement a second address pool specifically for IPv6, so that clients can be given an IPv4 and IPv6 address at the same time.
! 541: </ul>
! 542: <li>Remove the net.inet6.ip6.rr_prune <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
! 543: <li>Add <a href="http://man.openbsd.org/utvfu.4">utvfu(4)</a>, a USB device driver for Audio/Video capture devices based on the Fushicai USBTV007 chip.
! 544: <li>Make <a href="http://man.openbsd.org/xhci.4">xhci(4)</a> usable on machines with xHCI BIOS support like most of the recent DELL.
! 545: <!-- 2016-05-31 -->
! 546: <li>Add support for using SRPs without the garbage collection machinery.
! 547: <li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
! 548: <ul>
! 549: <li>Ensure that the client's proposed DH-GEX max value is at least as big as the minimum the server will accept.
! 550: <li>Check min and max sizes sent by the client against what we support before passing them to the monitor.
! 551: </ul>
! 552: <li>Fix ptrace PT_WRITE_D that returned EFAULT (broken in src/sys/kern/sys_process.c r1.33).
! 553: <li>In libexpat, fix CVE-2016-0718.
! 554: <li>In <a href="http://man.openbsd.org/installboot.8">installboot(8)</a>, add support for armv7.
! 555: <li>In binutils, port over the binutils fix for PR ld/3111: greatly speed up linking of object files that contain lots of dwarf2 symbols by caching symbol tables.
! 556: <li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, permit wxallowed on mfs.
! 557: <li>In libedit, fix a crash that occurred when the history contained more than twice as many entries as the new limit.
! 558: <li>Ensure that <a href="http://man.openbsd.org/softraid.4">softraid(4)</a> crypto is not run on the crypto taskq.
! 559: <li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, guard against using tp_start uninitialized in case no frame was grabbed in verbose mode.
! 560: <li>Stop creating and inserting a route entry for ARP and ND automagically.
! 561: <li>Flush dynamic route entries attached to an interface when its link state becomes DOWN. This should fix stale RTF_DYNAMIC routes when switching WiFi network during suspend/resume.
! 562: <li>Plug a route entry leak triggered under memory pressure.
! 563: <!-- 2016-05-30 -->
! 564: <li>In <a href="http://man.openbsd.org/video.1">video(1)</a>, add In <a href="http://man.openbsd.org/mmap.2">mmap(2)</a> support for frame grabbing and make it default over <a href="http://man.openbsd.org/read.2">read.(2)</a> unless overriden by the -g flag.
! 565: <li>Identify W^X labelled binaries at <a href="http://man.openbsd.org/execve.2">execve(2)</a> time based upon the WX_OPENBSD_WXNEEDED flag set by ld -zwxneeded.
! 566: <li>In <a href="http://man.openbsd.org/sed.1">sed(1)</a>, fix a begin-of-word mismatch.
! 567: <li>On amd64, include rdtsc in the rdrand callback.
! 568: <li>Deal with interfaces removing the VLAN header before the packet has been feed to the pseudo-interfaces input handlers.
! 569: <li>Update to freetype-doc 2.6.3.
! 570: <!-- 2016-05-29 -->
! 571: <li>In libc on i386, do setjmp cookies for eip, esp, and ebp.
! 572: <li>In libc on mips64, do setjmp cookies for gp, sp, and ra.
! 573: <li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements.</font><br>A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>.
! 574: <li>Update to xserver 1.18.3.
! 575: <li>Update to freetype 2.6.3.
! 576: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a>, add support for new smu-firmware fan commands.
! 577: <li>Update to mesa 11.2.2.
! 578: <!-- 2016-05-28 -->
! 579: <li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with "<a href="http://man.openbsd.org/ncheck_ffs">ncheck_ffs</a> /dev/tty".
! 580: <li>In <a href="http://man.openbsd.org/ld.1">ld(1)</a>, implement -z wxneeded.
! 581: <li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with "<a href="http://man.openbsd.org/pdisk.8">pdisk</a> /dev/tty".
! 582: <li>Implement the fork+exec pattern in <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>.
! 583: <li>Fix <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> issues in <a href="http://man.openbsd.org/growfs.8">growfs(8)</a>.
! 584: <li>In <a href="http://man.openbsd.org/nc.1">nc(1)</a>:
! 585: <ul>
! 586: <li>Fix -verbose mode when used on a Unix domain socket.
! 587: <li>Fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation when -P is used and a passwords needs to be supplied.
! 588: </ul>
! 589: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, add support for Intel Wireless 3165 devices.
! 590: <li>In <a href="http://man.openbsd.org/fsirand.8">fsirand(8)</a> and <a href="http://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a>, fix a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation that can be triggered by using DIOCGDINFO on a file that is not a disk device.
! 591: <li>In <a href="http://man.openbsd.org/disklabel.8">disklabel(8)</a>, don't crash if no filename is provided.
! 592: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, add support for Intel Wireless 8260 devices.
! 593: <li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, fix file block size rounding and ensure it's large enough to store a full audio block.
! 594: <!-- 2016-05-27 -->
! 595: <li>In the install script, set the "wxallowed" <a href="http://man.openbsd.org/mount.8">mount(8)</a> option for the filesystem /usr/local resides on.
! 596: <li>No longer allow W^X violations by default. A kernel log message is generated, and <a href="http://man.openbsd.org/mprotect.2">mprotect(2)</a> and <a href="http://man.openbsd.org/mmap.2">mmap(2)</a> return ENOTSUP. If the kern.wxabort <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> is set, a SIGABRT occurs instead. W^X-violating programs can be permitted per FFS/NFS filesystem, using the "wxallowed" <a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
! 597: <li>In <a href="http://man.openbsd.org/aucat.1">aucat(1)</a>, when resampling, use the exact resampling factor instead of the ratio between input and output block sizes. This change makes playback/recording rate match exactly the requested sample rate.
! 598: <li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, return 400 (Bad Request) instead of 500 (Internal Server Error) for requests not specifying the HTTP version.
! 599: <!-- 2016-05-26 -->
! 600: <li>When initializing the console, add a short delay so that baud rate changes on the console have a chance of working. This prevents the serial console on the APU from hanging when garbage is echoed to the tty.
! 601: <li>In <a href="http://man.openbsd.org/procmap.1">procmap(1)</a>, reintroduce vnode-to-filename mapping.
! 602: <li>In <a href="http://man.openbsd.org/rc.8">rc(8)</a>:
! 603: <ul>
! 604: <li>Skip library reordering if /usr/lib is on an NFS filesystem.
! 605: <li>Temporarily remount read-write if /usr/lib is on a read-only FFS filesystem.
! 606: </ul>
! 607: <li>Make amaps use less kernel memory. This is achieved by grouping amap slots into chunks that are allocated on-demand by <a href="http://man.openbsd.org/pool.9">pool(9)</a>.
! 608: <!-- 2016-05-25 -->
! 609: <li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, prevent screwing up terminal settings by escaping bytes not forming ASCII or UTF-8 characters.
! 610: <li>In <a href="http://man.openbsd.org/regex.3">regex(3)</a>, fix another one-byte buffer underflow (read access only).
! 611: <li>Avoid a use-after-free in <a href="http://man.openbsd.org/ftp.1">ftp(1)</a>.
! 612: <li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, update to firmware API 16 and enable RTS/CTS frame protection.
! 613: <!-- 2016-05-24 -->
! 614: <li>In the armv7 install script, use efiboot when setting up the installed disk.
! 615: <li>On octeon, prevent gather buffer starvation on currently supported systems.
! 616: <!-- 2016-05-23 -->
! 617: <li>In <a href="http://man.openbsd.org/acpitz.4">acpitz(4)</a>, disable active cooling trip points when we lack the right method to operate.
! 618: <li>Place a cpu-dependent trap/illegal instruction over the remainder of the sigtramp page, so that it will generate a kernel fault if touched.
! 619: <li>Remove the kern.random <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
! 620: <li>In <a href="http://man.openbsd.org/umsm.4">umsm(4)</a>, support the Airprime/Sierra AirCard 313U and the Netgear/Sierra AirCard 770S.
! 621: <li>Various improvements to <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>.
! 622: <li>In binutils on sparc64, make the PLT read-only. This allows the kernel and ld.so to load binaries without violating W^X.
! 623: <li>Add UTF-8 support to <a href="http://man.openbsd.org/fold.1">fold(1)</a>.
! 624: <!-- 2016-05-22 -->
! 625: <li>On macppc, use 64-bit integers to fix fan scaling calculations.
! 626: <li>Build armv7 efiboot.
! 627: <li>In libc on hppa, add XOR cookies for rp and sp.
! 628: <li>In libc on powerpc, add XOR cookies for r1 (stack) and lr.
! 629: <li>Avoid a uvm fault when pulling an msdos-formatted <a href="http://man.openbsd.org/umass.4">umass(4)</a> stick during mount while the USB stack is busy.
! 630: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, start work on improving the log format.
! 631: <!-- 2016-05-21 -->
! 632: <li>Build <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> on armv7.
! 633: <li>Implement <a href="http://man.openbsd.org/openprom.4">openprom(4)</a> for armv7.
! 634: <li>Make <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> -p print sensible numbers on little-endian platforms.
! 635: <li>Remove the -x flag from <a href="http://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a> and always assume the execute bit for readable directories subject to the mask option (-m).
! 636: <li>Stop making files executable on msdosfs.
! 637: <li>Fix a logic bug in DUID generation: we want to generate DUIDs until we have one that is not a duplicate and not a zero DUID.
! 638: <li>In <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a>, harden TLS for constraints.
! 639: <li>On armv7, dynamically attach <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/imxiic.4">imxiic(4/armv7)</a> and use the FDT to enumerate devices on i2c busses. The CuBox-i and Hummingboard now need to be booted with an FDT to see the RTC.
! 640: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/octeon/cnmac.4">cnmac(4/octeon)</a>, make the TX path MP-safe and add some ifq oactive logic.
! 641: <!-- 2016-05-20 -->
! 642: <li>On armv7, resolve problems with <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/ommmc.4">ommmc(4/armv7)</a> sometimes not attaching properly with recent u-boot versions.
! 643: <li>On macppc, hook up <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a> to the thermal management framework.
! 644: <li>On macppc, add a thermal management framework which controls the fan speed based on the temperature sensor values.
! 645: <li>In the install script, log questions and answers during install/upgrade and mail them to the root user in a format usable as a response file for <a href="http://man.openbsd.org/autoinstall.8">autoinstall(8)</a>.
! 646: <li>In libcrypto, fix a short-read bug in the previous version of asn1_d2i_read_bio.
! 647: <!-- 2016-05-19 -->
! 648: <li>On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions.
! 649: <li>Remove the net.inet6.ip6.v6only <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
! 650: <!-- 2016-05-18 -->
! 651: <li><font color="#e00000">5.9 RELIABILITY FIX: Possible data corruption in <a href="http://man.openbsd.org/bnx.4">bnx(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>.
! 652: <li>In <a href="http://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice.
! 653: <!-- 2016-05-17 -->
! 654: <li>Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy.
! 655: <li>On octeon, accept cnmac as a valid rootdev from uboot (e.g. rootdev=/dev/cnmac0).
! 656: <li>Rework the fix to prevent a kernel crash when <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a> is called with LOG_CONS and the console device has not been intialized yet.
! 657: <li>In <a href="http://man.openbsd.org/regex.3">regex(3)</a>, fix a one-byte buffer underflow (read access only).
! 658: <li>Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events.
! 659: <li>Fix "<a href="http://man.openbsd.org/skeyinit.1">skeyinit</a> username" run as root.
! 660: <li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="http://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user.</font><br>A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>.
! 661: <li>Completely skip link-layer address resolution and NUD on <a href="http://man.openbsd.org/gif.4">gif(4)</a>.
! 662: <!-- 2016-05-16 -->
! 663: <li>In <a href="http://man.openbsd.org/uvideo.4">uvideo(4)</a>, plug some holes in the V4L2 <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue.
! 664: <li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, fix some file-descriptor leaks.
! 665: <li>Enable the pcf8523 RTC on Hummingboard and CuBox-i.
! 666: <li><font color="#e00000">5.9 RELIABILITY FIX: Issues in <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>.</font><br>A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>.
! 667: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>:
! 668: <ul>
! 669: <li>Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.
! 670: <li>Plug a file-pointer leak that can lead to resource exhaustion and result in a crash.
! 671: </ul>
! 672: <li>Have POSTREAD flush the D-cache. This eliminates random data corruption on the CuBox-i4Pro.
! 673: <li>Add <a href="http://man.openbsd.org/pfcrtc.4">pfcrtc(4)</a>, a driver for the NXP PCF8523 Real Time Clock.
! 674: <!-- 2016-05-15 -->
! 675: <li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, enable reception and transmission of Jumbo frames.
! 676: <!-- 2016-05-14 -->
! 677: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/macppc/smu.4">smu(4/macppc)</a>, add support for pwm fans.
! 678: <li>Initial stab at an EFI bootloader for armv7.
! 679: <li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, no longer handle /etc/example files.
! 680: <!-- 2016-05-12 -->
! 681: <li>In <a href="http://man.openbsd.org/install.1">install(1)</a>, add -F to call <a href="http://man.openbsd.org/fsync.2">fsync(2)</a> on the installed file right before closing it.
! 682: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, add -q to source-file to suppress errors about nonexistent files.
! 683: <!-- 2016-05-11 -->
! 684: <li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>, disable EIGRPv6 on an interface when it loses its link-local address.
! 685: <li>Remove the hppa64 port.
! 686: <li>Allow zaudio(4) to start when large blocks are requested.
! 687: <li>Make the mips64 pmap MP-safe.
! 688: <li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, allow to filter process arguments if they are being displayed.
! 689: <!-- 2016-05-10 -->
! 690: <li>Avoid a kernel crash when <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a> is called with LOG_CONS and the console device has not been intialized yet.
! 691: <li>Do SROP mitigation. sendsig() stores a cookie inside the sigcontext. <a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> checks the syscall entry was from the exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie, and clears it to prevent sigcontext reuse
! 692: <li>Try harder to avoid using random data on the disk as an inode, because FFS2 does lazy inode initialization. This avoids crashes when translating a bogus filehandle to a vnode.
! 693: <!-- 2016-05-09 -->
! 694: <li>Update to libexpat 2.1.1.
! 695: <li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, implement Mdocdate keyword substitution.
! 696: <!-- 2016-05-08 -->
! 697: <li>In imxesdhc(4), add DMA support. It uses ADMA2 "Internal DMA" that is compatible with the SD Host Controller standard.
! 698: <li>In <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, add support for level, active low gpio interrupts.
! 699: <li>In <a href="http://man.openbsd.org/wall.1">wall(1)</a>, enable UTF-8 detection in wall(1). This deliberately ignores UTF-8 characters and replaces them with a single question mark.
! 700: <li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a> and <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, add support for writing gpio pins.
! 701: <li>In <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, stop printing the MPSAFE interface flag. It is a kernel-only hint and printing it only creates confusion.
! 702: <!-- 2016-05-07 -->
! 703: <li>Add <a href="http://man.openbsd.org/chvgpio.4">chvgpio(4)</a>, a driver for the GPIO controllers found on Intel's Cherry View SoC.
! 704: <li>On powerpc, flush page (through the direct map) before mapping it into AGP. This fixes artifacts seen in X on some G5 machines.
! 705: <li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> family of functions, stop opening the shadow database by default.
! 706: <li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, print RA Route Information prefix, preference and lifetime.
! 707: <li>Use a Thread Information Block in both single and multi-threaded programs. Make libpthread <a href="http://man.openbsd.org/dlopen.3">dlopen(3)</a>'able.
! 708: <li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, implement ACPI 5.0 GeneralPurposeIo OpRegion support.
! 709: <li>Import Term::ReadKey 2.33.
! 710: <!-- 2016-05-06 -->
! 711: <li>In imxesdhc(4), add support for changing the bus width and set the 4-bit mode capability.
! 712: <li>Make the imxesdhc(4) work on the cubox-i.
! 713: <li>Revert the default cachepercent to 20.
! 714: <li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, print the router preference contained in RAs in verbose mode.
! 715: <!-- 2016-05-05 -->
! 716: <li>Fix efiboot not to hang with a disk whose block size is less than 512.
! 717: <li>Fix packet corruption in <a href="http://man.openbsd.org/bnx.4">bnx(4)</a>.
! 718: <li>Add Dual Data Rate support for eMMC at 52 MHz.
! 719: <li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, add support for named initializers for anonymous structs/unions. This is a C11 feature that is starting to get used in places such as Mesa.
! 720: <li>In <a href="http://man.openbsd.org/midiplay.1">midiplay(1)</a>, fix one of the reads past the end of the buffer.
! 721: <!-- 2016-05-04 -->
! 722: <li>In <a href="http://man.openbsd.org/acpithinkpad.4">acpithinkpad(4)</a>, avoid a division by zero in <a href="http://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
! 723: <li>In <a href="http://man.openbsd.org/dc.4">dc(4)</a>, cope with the broken DMA engine of the Davicom DM9102 found on some Sun sparc64 machines.
! 724: <li>On sparc64, avoid having to panic on hardware with a broken DMA engine that attempts to read beyond the end of the buffer that was programmed.
! 725: <li>Add initial support for MSI-X, only on amd64 for now.
! 726: <li>In <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, add IdentityAgent.
! 727: <li>In <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a>, add high-speed support for SD cards. This causes serious improvement in the read speeds.
! 728: <li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, don't mask pins configured as direct IRQ. This nbreaks the keyboard on the Asus x205ta.
! 729: <!-- 2016-05-03 -->
! 730: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks.
! 731: <li>Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code.
! 732: <li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>.</font><br>A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>.
! 733: <li>In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types.
! 734: <li>Reduce the number of lookups to 1 for non-multicast traffic when <a href="http://man.openbsd.org/pf.4">pf(4)</a> is disabled.
! 735: <li>In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.
! 736: <!-- 2016-05-02 -->
! 737: <li>In <a href="http://man.openbsd.org/telnet.1">telnet(1)</a>, don't check if the hostname is a fully qualified domain. This prevents <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> "dns" issues.
! 738: <li>In tmpfs, fix some issues regarding timestamp updating.
! 739: <li>In ssh:
! 740: <ul>
! 741: <li>Support SHA256 and SHA512 RSA signatures in certificates.
! 742: <li>Add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03.
! 743: </ul>
! 744: <li>On arm and armv7, rework mainbus and implement simplebus to be able to span a tree-like topology based on device tree information.
! 745: <!-- 2016-05-01 -->
! 746: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man4/armv7/ommmc.4">ommmc(4/armv7)</a>, add support for changing the bus width to ommmc and set the 4-bit mode capability.
! 747: <li>Add bus width switching support for MMC. Enable 8-bit bus support on <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers that support it. This makes the raw transfer rate of the eMMC on the Lenovo Ideacentre Stick 300 go up to 40 MB/s.
! 748: <li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a>, fix the DMA issues on Bay Trail.
! 749: <li>Add support for changing the bus width to the <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a> subsystem and the <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> controller. Use this to switch SD cards to a 4-bit bus if they support it.
! 750: <li>In <a href="http://man.openbsd.org/sppp.4">sppp(4)</a>, fix a bug causing breakage with LCP echoes.
! 751: <li><font color="#e00000">5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="http://man.openbsd.org/carp.4">carp(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>.
! 752: <!-- 2016-04-30 -->
! 753: <li>Convert <a href="http://man.openbsd.org/ldapd.8">ldapd(8)</a> to use the libtls API.
! 754: <li>In <a href="http://man.openbsd.org/file.1">file(1)</a>, fix the default type to work properly.
! 755: <li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, mask all gpio interrupts when attaching. This fixes an interrupt storm on the Lenovo Ideacentre Stick 300.
! 756: <li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a> and <a href="http://man.openbsd.org/sdmmc.4">sdmmc(4)</a>:
! 757: <ul>
! 758: <li>Implement DMA support (only ADMA2 is supported). There is a remaining issue with simultaneous use of eMMC and external SD card on (some) Intel Bay Trail hardware.
! 759: <li>Enable the ADMA error interrupt.
! 760: <li>Enable high speed timing for bus clock frequencies over 26MHz and advertise support for it.
! 761: </ul>
! 762: <!-- 2016-04-29 -->
! 763: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, add options to include status text in the pane borders.
! 764: <li>Fix several bugs due to uninitialized struct nameidata's.
! 765: <li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, panic when attempting to execute a scsi command with no discipline defined.
! 766: <li>Fix a bug causing <a href="http://man.openbsd.org/gzip.1">gzip(1)</a> to think the resulting file was got larger during compression.
! 767: <li>In <a href="http://man.openbsd.org/daily.8">daily(8)</a>, no langer call <a href="http://man.openbsd.org/mailq.8">mailq(8)</a>.
! 768: <li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, in interactive mode, check syntax of several important files after merging to give some protection against bad merges.
! 769: <li>Don't allow the routing table of a bound socket to be changed. This is not intended and will behave unexpectedly if the address is already used in another domain.
! 770: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, fix keys parsing again to correctly accept Unicode when not prefixed with Escape.
! 771: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, fix "smtpctl show queue" reporting "invalid" envelope state.
! 772: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, close the ControlPersist background process stderr when the daemon is not in debug mode or when logging to a file or syslog (bz#1988).
! 773: <!-- 2016-04-28 -->
! 774: <li>In <a href="http://man.openbsd.org/MAKEDEV.8">MAKEDEV(8)</a>, replace /dev/bpf[0-9] with /dev/bpf and /dev/bpf0.
! 775: <li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, if the attempt to broadcast a DHCPDISCOVER packet returns EAFNOSUPPORT, just print an error message and exit.
! 776: <li>In <a href="http://man.openbsd.org/OpenBSD-current/man8/i386/installboot.8">installboot(8/i386)</a>, plug a couple of leaks of input buffers.
! 777: <li>In libssl, allow ^C to break operations such as reading passwords.
! 778: <li>In libssl, implement the IETF ChaCha20-Poly1305 cipher suites. The old Google implementation continues to be supported, but the ChaCha20-Poly1305 cipher suites names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
! 779: <li>In libssl, rename <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305.3">EVP_aead_chacha20_poly1305(3)</a> to EVP_aead_chacha20_poly1305_old() and replace it with <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305_ietf.3">EVP_aead_chacha20_poly1305_ietf(3)</a>. The IETF version will become the standard version.
! 780: <li>In ieee80211, rework handling of frames which fall beyond the block ack window.
! 781: <li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, display block ack window slide counter.
! 782: <li>In <a href="http://man.openbsd.org/compress.1">compress(1)</a>, account for multiple streams in "gzip -l" output.
! 783: <li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, simplify TLS configuration handling and prevent a memory leak when there are multiple certificates specified for the same server.
! 784: <li>In <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, show 11n HT rate in "ifconfig scan" output.
! 785: <li>Unbreak <a href="http://man.openbsd.org/fsck_ext2fs.8">fsck_ext2fs(8)</a>.
! 786: <li>In libedit, initialize the search buffer to avoid a potential read buffer overrun.
! 787: <!-- 2016-04-27 -->
! 788: <li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, correctly set up byteswapping so this chip works on big-endian architectures.
! 789: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, apply backspace check after working out the actual key, so that M-BSpace can work.
! 790: <li>In <a href="http://man.openbsd.org/xge.4">xge(4)</a>, align rx buffers so ip packets will be aligned correctly for the stack.
! 791: <li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, do not handle echo "`echo \"hi\"`" in POSIX mode differently than in traditional mode. This aligns ksh's behavior with bash and FreeBSD sh.
! 792: <li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, make -W show the new 802.11n counters.
! 793: <!-- 2016-04-26 -->
! 794: <li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, print tcps_noport with "netstat -s" like it is already done for udp.
! 795: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, fix problems with meta and Unicode keys.
! 796: <li>In <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>, implement daemon_rtable support.
! 797: <li>In <a href="http://man.openbsd.org/rc.subr.8">rc.subr(8)</a>, introduce <a href="http://man.openbsd.org/rtable.4">rtable(4)</a> support to <a href="http://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
! 798: <li>In <a href="http://man.openbsd.org/readelf.1">readelf(1)</a>, show octeon in "readelf -h" output.
! 799: <li>In <a href="http://man.openbsd.org/rc.8">rc(8)</a>, re-link (only the newest) libc.so on startup, placing the objects in a random order.
! 800: <li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, don't attempt a rebuild using a hot spare with a sector size greater than the sector size of the softraid volume.
! 801: <li>Use <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> in <a href="http://man.openbsd.org/groupadd.8">groupadd(8)</a>, <a href="http://man.openbsd.org/groupmod.8">groupmod(8)</a>, <a href="http://man.openbsd.org/groupdel.8">groupdel(8)</a>, <a href="http://man.openbsd.org/groupinfo.8">groupinfo(8)</a>, <a href="http://man.openbsd.org/user.8">user(8)</a>, <a href="http://man.openbsd.org/useradd.8">useradd(8)</a>, <a href="http://man.openbsd.org/usermod.8">usermod(8)</a>, <a href="http://man.openbsd.org/userdel.8">userdel(8)</a> and <a href="http://man.openbsd.org/userinfo.8">userinfo(8)</a>.
! 802: <li>In <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, be consistent in batch and interactive mode: ensure sysmerge can be re-run if a file is left for later.
! 803: <li>In <a href="http://man.openbsd.org/acpitz.4">acpitz(4)</a>, if the temperature is below the active cooling level for a tz, turn the fan off regardless of what state it is currently in.
! 804: <!-- 2016-04-25 -->
! 805: <li>In <a href="http://man.openbsd.org/rtsx.4">rtsx(4)</a>, match on RTS522A found in 2016 ThinkPads.
! 806: <li>Remove systrace support.
! 807: <li>In the install script, when upgrading automatically run <a href="http://man.openbsd.org/sysmerge.8">sysmerge(8)</a> in batch mode before <a href="http://man.openbsd.org/fw_update.1">fw_update(1)</a>.
! 808: <li>On macppc and socppc, don't check if the CPU is inside the idle loop when entering <a href="http://man.openbsd.org/ddb.4">ddb(4)</a>. This allows putting breakpoints in interrupt context and have them work if an interrupt fires while the CPU is idle.
! 809: <!-- 2016-04-24 -->
! 810: <li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, always pass the QUERY_STRING variable to the FastCGI handler.
! 811: <li>In <a href="http://man.openbsd.org/Xserver.1">Xserver(1)</a>, fall back to /dev/ttyC0 when the console device is not a <a href="http://man.openbsd.org/wsdisplay.4">wsdisplay(4)</a>.
! 812: <li>In <a href="http://man.openbsd.org/ichiic.4">ichiic(4)</a>, match on Intel 100 Series LP.
! 813: <li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, match on Intel 100 series and 100 series LP PCH.
! 814: <li>In <a href="http://man.openbsd.org/azalia.4">azalia(4)</a>, enable snooping on Intel 100 Series LP HDA.
! 815: <!-- 2016-04-23 -->
! 816: <li>Fix an issue where the 32-bit UEFI bootloader (BOOTIA32.EFI) would not detect a GPT leading to a failure to boot.
! 817: <li>On mips64, sync dcaches and invalidate icaches of all active CPUs of a pmap when making a page executable. This prevents some icache inconsistencies that caused process crashes on multiprocessor IP27/IP30 systems under load.
! 818: <li>In <a href="http://man.openbsd.org/dwiic.4">dwiic(4)</a>, match on Cherry Trail.
! 819: <!-- 2016-04-22 -->
! 820: <li>In <a href="http://man.openbsd.org/synaptics.4">synaptics(4)</a>, don't stop scrolling when handling TOUCH_RESET events.
! 821: <li>In <a href="http://man.openbsd.org/asmc.4">asmc(4)</a>, don't try to probe light sensors for machines with none available.
! 822: <!-- 2016-04-21 -->
! 823: <li>In <a href="http://man.openbsd.org/mpbios.4">mpbios(4)</a>, don't attach if "default configuration" mode is detected during probe rather than panicking.
! 824: <li>In <a href="http://man.openbsd.org/smtpd.8">smtpd(8)</a>, use automatic DH parameters instead of fixed ones. Also disable DHE by default since it is computationally expensive and a potential DoS vector.
! 825: <!-- 2016-04-20 -->
! 826: <li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, apply fix for perl bug 123562 (CVE-2015-8853).
! 827: <li>In <a href="http://man.openbsd.org/changelist.5">changelist(5)</a>, don't watch <a href="http://man.openbsd.org/unbound.8">unbound(8)</a>'s DNSSEC root zone key, to reduce <a href="http://man.openbsd.org/security.8">security(8)</a> spam.
! 828: <li>In <a href="http://man.openbsd.org/re.4">re(4)</a>, if RTL8111E on PC Engines APU is detected, configure NIC LEDs to display link (instead of the default of a normally-off light for network activity and nothing for ethernet link).
! 829: <li>In <a href="http://man.openbsd.org/changelist.5">changelist(5)</a>, add the <a href="http://man.openbsd.org/iked.8">iked(8)</a> default key.
! 830: <!-- 2016-04-19 -->
! 831: <li>Add the <a href="http://man.openbsd.org/editline.7">editline(7)</a> manual.
! 832: <li>Make setting a <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> interface's lladdr more likely to work.
! 833: <li>Use the correct byte-order when checking against baddynamic ports.
! 834: <li>In <a href="http://man.openbsd.org/xen.4">xen(4)</a> and <a href="http://man.openbsd.org/xnf.4">xnf(4)</a>, allow to grant memory access to domains other than dom0. This fixes running OpenBSD under QubesOS.
! 835: <li>In <a href="http://man.openbsd.org/pod2man.1">pod2man(1)</a>, enable UTF-8 output by default and provide a --no-utf8 command line option to disable it.
! 836: <!-- 2016-04-18 -->
! 837: <li>In <a href="http://man.openbsd.org/pax.1">pax(1)</a>, skip empty lines in the input read for "tar -T", "cpio -E", and <a href="http://man.openbsd.org/cpio.1">cpio(1)</a> with stdin.
! 838: <li>On amd64, make the aesni crypto implementation MP-safe.
! 839: <li>Add a mechanism for dispatching MP-safe crypto operations.
! 840: <li>Update to tzdata2016d from from ftp.iana.org.
! 841: <li>Bump the default of cachepercent to 90 to see if we can find problems before we try to remove it entirely.
! 842: <li>In <a href="http://man.openbsd.org/pppoe.4">pppoe(4)</a>, remove a hack that prevented changing pppoe params at runtime.
! 843: <!-- 2016-04-17 -->
! 844: <li>In <a href="man.openbsd.org/nvme.4">nvme(4)</a>, fix a bug causing memory corruption seen on amd64 (and masked on sparc64).
! 845: <!-- 2016-04-16 -->
! 846: <li>In <a href="http://man.openbsd.org/rbootd.8">rbootd(8)</a>, don't <a href="http://man.openbsd.org/bcopy.3">bcopy(3)</a> non-exchangeable structs. This should unbreak connection timeouts.
! 847: <li>Remove am_maxslot from amap and remove the corresponding output from <a href="http://man.openbsd.org/procmap.1">procmap(1)</a>.
! 848: <li>In <a href="http://man.openbsd.org/inteldrm.4">inteldrm(4)</a>, make the GMBUS code work on Intel ValleyView.
! 849: <!-- 2016-04-15 -->
! 850: <li>In <a href="http://man.openbsd.org/rm.1">rm(1)</a>, don't allow removal of "/".
! 851: <li>In <a href="http://man.openbsd.org/eigrpd.8">eigrpd(8)</a>:
! 852: <ul>
! 853: <li>Fix a corner case in Feasible Condition check.
! 854: <li>Fix a segfault when reloading the config multiple times.
! 855: <li>Check for subnet overlap between the configured summary-addresses.
! 856: <li>Various other fixes and cleanups.
! 857: </ul>
! 858: <!-- 2016-04-14 -->
! 859: <li>In <a href="http://man.openbsd.org/vlan.4">vlan(4)</a>, rework configuration and mark it as MP-safe.
! 860: <li>Enable <a href="http://man.openbsd.org/nvme.4">nvme(4)</a> on amd64 and sparc64.
! 861: <li>In <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, implement the "Include" directive.
! 862: <li>In <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>, fix a process group race sometimes causing a spawned <a href="http://man.openbsd.org/less.1">less(1)</a> to complain "Stopped (tty output)".
! 863: <li>In <a href="http://man.openbsd.org/mg.1">mg(1)</a>, add "sentence-end-double-space".
! 864: <li>On octeon:
! 865: <ul>
! 866: <li>Enable UART FIFOs.
! 867: <li>Enable write buffering with write merging. This improves overall performance notably.
! 868: </ul>
! 869: <li>Enable device cloning for <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
! 870: <li>Re-enable <a href="http://man.openbsd.org/pckbd.4">pckbd(4)</a> on resume. This fixes problems on (at least) various HP laptops that previously had no working keyboard after resuming from <a href="http://man.openbsd.org/zzz.8">zzz(8)</a>.
! 871: <li>On amd64 and i386, use a CPUID function to determine presence of general purpose architectural performance counters. This fixes a panic seen on some hypervisors when <a href="http://man.openbsd.org/pctr.1">pctr(1)</a> is used when the hypervisor masks out the counters.
! 872: <!-- 2016-04-13 -->
! 873: <li>Various improvements to <a href="http://man.openbsd.org/nvme.4">nvme(4)</a>.
! 874: <li>In libssl, use the correct IV and counter when decrypting the ciphertext for <a href="http://man.openbsd.org/EVP_aead_chacha20_poly1305_ietf.3">EVP_aead_chacha20_poly1305_ietf(3)</a>.
! 875: <li>In <a href="http://man.openbsd.org/man.1">man(1)</a>, give manuals in purely numerical sections priority over manuals of the same name in sections with an alphabetical suffix (e.g. 3p).
! 876: <!-- 2016-04-12 -->
! 877: <li>In <a href="http://man.openbsd.org/awk.1">awk(1)</a>, fix a crash with empty assignments, (e.g. "BEGIN {i=$1}").
! 878: <li>In <a href="http://man.openbsd.org/pstat.8">pstat(8)</a>, fix a crash when the -T flag is specified.
! 879: <li>In <a href="http://man.openbsd.org/nvme.4">nvme(4)</a>, read chip capabilities before operating on it. This ensures the proper timeout for chip enables/disables are obtained.
! 880: <li>In <a href="http://man.openbsd.org/mg.1">mg(1)</a>, stop putting a space at the end of a paragraph when using fill-paragraph.
! 881: <li>Prevent a kernel panic by providing a dummy function for <a href="http://man.openbsd.org/bridge.4">bridge(4)</a>'s if_output.
! 882: <!-- 2016-04-10 -->
! 883: <li>On sparc64, (temporarily) disable <a href="http://man.openbsd.org/ahc.4">ahc(4)</a> so that GENERIC.MP kernels don't overflow the 8M reserved for .text and .rodata sections.
! 884: <li>In <a href="http://man.openbsd.org/rev.1">rev(1)</a>, enable UTF-8 support.
! 885: <!-- 2016-04-09 -->
! 886: <li>In libedit, reset the terminal to its initial state before exiting a program that is using libedit.
! 887: <!-- 2016-04-08 -->
! 888: <li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, don't exit when receiving an RTM_CHANGE message for an RTF_MPATH route that is actually on an interface.
! 889: <!-- 2016-04-07 -->
! 890: <li>In <a href="http://man.openbsd.org/pf.4">pf(4)</a>, don't panic if an <a href="http://man.openbsd.org/mbuf.9">mbuf(9)</a> already has a statekey. This should help finding the remaining corner cases of packets looped back in the stack.
! 891: <li>In <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>, place a BOOTARG_END section at the end of the boot arguments list pushed to the VM during boot. This makes it possible to install and run an OpenBSD i386 guest VM using <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>.
! 892: <li>In libsndio, switch to the "new" <a href="http://man.openbsd.org/audio.4">audio(4)</a> API.
! 893: <!-- 2016-04-06 -->
! 894: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, don't record duplicate LocalForward and RemoteForward entries (bz#2562).
! 895: <!-- 2016-04-05 -->
! 896: <li>In <a href="http://man.openbsd.org/bgplg.8">bgplg(8)</a>, use SERVER_NAME for the hostname displayed on the page.
! 897: <li>Increase size of the clone bitmap. This is required for upcoming work on cloning <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
! 898: <li>In <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>, support processors without unrestricted guest capability.
! 899: <!-- 2016-04-04 -->
! 900: <li>Fix EXA detection in <a href="http://man.openbsd.org/r128.4">r128(4)</a>, <a href="http://man.openbsd.org/cirrus.4">cirrus(4)</a>, mach64(4) and <a href="http://man.openbsd.org/mga.4">mga(4)</a>.
! 901: <li>Enable creation of <a href="http://man.openbsd.org/softraid.4">softraid(4)</a> volumes using disks with non-512 byte sectors. This increments the metadata version.
! 902: <li>Fix a memory leak in <a href="http://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
! 903: <li>In <a href="http://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, fix an abort due to a missing <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> promise.
! 904: <li>Add -f to <a href="http://man.openbsd.org/ndp.8">ndp(8)</a>.
! 905: <!-- 2016-04-03 -->
! 906: <li>In <a href="http://man.openbsd.org/grep.1">grep(1)</a>, don't do reverse search optimization if looking for all matches in a line.
! 907: <li>On armv7, map and use the bootconfig/FDT area passed by u-boot and try to init FDT on it. This allows for the use of device tree information.
! 908: <!-- 2016-04-02 -->
! 909: <li>In <a href="http://man.openbsd.org/Xserver.1">Xserver(1)</a>, implement VT switching (based on the USL compat interface) in the wscons console backend and use it by default.
! 910: <li>Update to xf86-video-ati 7.6.1.
! 911: <!-- 2016-04-01 -->
! 912: <li>In <a href="http://man.openbsd.org/ihidev.4">ihidev(4)</a> and <a href="http://man.openbsd.org/dwiic.4">dwiic(4)</a>, add support for I2C HID devices with GPIO signalled interrupts.
! 913: <li>In <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>, rename the "faulty" list action to "failed".
! 914: <!-- 2016-03-31 -->
! 915: <li>In <a href="http://man.openbsd.org/tftpd.8">tftpd(8)</a>, go in the background much later to reduce possible silent failures.
! 916: <li>If one of the TCP SYN cache buckets overflow, it might be a collision attack against the hash function. Mitigate this attack by reseeding the hash function as soon as possible.
! 917: <li>In <a href="http://man.openbsd.org/uslcom.4">uslcom(4)</a>, add support for the USB console port on Aruba 7xxx wireless controllers.
! 918: <!-- 2016-03-30 -->
! 919: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file (bz#2559).
! 920: <li>In <a href="http://man.openbsd.org/wsmouse.4">wsmouse(4)</a>, add support for multitouch input.
! 921: <li>In <a href="http://man.openbsd.org/rdistd.1">rdistd(1)</a>, properly create directories that do not exist on the destination.
! 922: <li>Improve support for alphas without all IEEE-mode instructions.
! 923: <li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, fix optimization for alphas without the "precise arithmetic trap" extension.
! 924: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, bump the <a href="http://man.openbsd.org/listen.2">listen(2)</a> backlog up from 16 to 128.
! 925: <li>Implement proxy ARP for ART based on mpath support.
! 926: <li>In <a href="http://man.openbsd.org/acpi.4">acpi(4)</a>, hook up the gpio interrupt on devices that use it for card detection. This makes the SD card slot on machines based on Intel's Bay Trail SoC fully functional.
! 927: <li>In <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, add support for gpio-based interrupts.
! 928: <li>Add <a href="http://man.openbsd.org/getlogin_r.2">getlogin_r(2)</a> system call that checks and returns errors like the userspace getlogin_r() API.
! 929: <li>Remove MLINKS from base. They are no longer required by <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>.
! 930: <!-- 2016-03-29 -->
! 931: <li>Enable <a href="http://man.openbsd.org/oce.4">oce(4)</a> on sparc64.
! 932: <li>In binutils, fix fallout from the switch to binutils 2.17: the binaries created by 2.17 aren't recognized by the in-tree <a href="http://man.openbsd.org/gdb.1">gdb(1)</a> because it's built with the bfd code from 2.15.
! 933: <li>Add the net.inet.tcp.synuselimit <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> to adjust tcp_syn_use_limit. This is convenient to test the feature and may be useful to defend against syn flooding in a denial of service condition.
! 934: <li>In <a href="http://man.openbsd.org/authpf.8">authpf(8)</a>, avoid a dereference of a null object.
! 935: <!-- 2016-03-28 -->
! 936: <li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, properly check for the end of captured packet while printing CDP packets.
! 937: <li>Ensure that a thread that calls <a href="http://man.openbsd.org/sched_yield.2">sched_yield(2)</a> ends up on the run queue behind all its sibling threads. This results in significant improvements for processes that suffer from lock, most notably firefox.
! 938: <li>Add <a href="http://man.openbsd.org/bytgpio.4">bytgpio(4)</a>, a driver for the gpio controllers found on Intel's Bay Trail SoC.
! 939: <!-- 2016-03-27 -->
! 940: <li>In <a href="http://man.openbsd.org/netstart.8">netstart(8)</a>, don't delete the 224/4 route unless it's being done to ensure that a -reject route can be added. This restores the ability to set an interface route before daemons are started.
! 941: <li>Avoid an attack that could prevent reseeding of the hash function used for the hash buckets in the TCP SYN cache.
! 942: <li>In <a href="http://man.openbsd.org/sdhc.4">sdhc(4)</a>, make it possible to override the standard card detect mechanism to appease the SD controller on Intel's Bay Trail SoC.
! 943: <li>Avoid a NULL pointer dereference when pulling and unmounting a <a href="http://man.openbsd.org/umass.4">umass(4)</a> USB stick.
! 944: <!-- 2016-03-26 -->
! 945: <li>In libssl, fix a memory leak.
! 946: <li>Switch from the SolidRun i.MX6 U-Boot to mainline U-Boot on the CuBox-i.
! 947: <li>Always include the route priority in routing messages.
! 948: <li>Do not populate RTAX_NETMASK when sending a routing message for RTF_HOST entries. This preserves old behavior with ART and fixes a regression.
! 949: <li>In <a href="http://man.openbsd.org/rc.d.8">rc.d(8)</a>, make it possible to get usage as a non-root user.
! 950: <li>In <a href="http://man.openbsd.org/less.1">less(1)</a> and <a href="http://man.openbsd.org/ul.1">ul(1)</a>, improve handling of ambiguous overstrike sequences.
! 951: <!-- 2016-03-24 -->
! 952: <li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a> on arm, change the default arch target from strongarm (armv4) to arm9e (armv5te without xscale extensions).
! 953: <li>Enable ART (Allotment Routing Table).
! 954: <li>Ensure that a found proxy ARP entry has the correct flag.
! 955: <!-- 2016-03-23 -->
! 956: <li>In kernel clock, set ticks 15 seconds before its value wraps. This helps to identify issues around ticks wrap in 15 minutes instead of 240ish days.
! 957: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, display NAMI records and AF_UNIX <a href="http://man.openbsd.org/socket.2">socket(2)</a> paths with <a href="http://man.openbsd.org/vis.3">vis(3)</a>.
! 958: <li>Update to tzdata2016c from ftp.iana.org.
! 959: <!-- 2016-03-22 -->
! 960: <li>In <a href="http://man.openbsd.org/pipex.4">pipex(4)</a>, don't leak an mbuf when copying a packet fails.
! 961: <li>Remove ARM10 and ARM11 support.
! 962: <li>Fix various issues with bad gateways being picked up by <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>.
! 963: <li>Remove ARM9E support.
! 964: <!-- 2016-03-21 -->
! 965: <li>In <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>, log the reply message from RADIUS server when the authentication fails.
! 966: <li>Add <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> to <a href="http://man.openbsd.org/tokeninit.8">tokeninit(8)</a>.
! 967: <li>Rename <a href="http://man.openbsd.org/OpenBSD-5.9/sendsyslog2.2">sendsyslog2(2)</a> to <a href="http://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
! 968: <li>In <a href="http://man.openbsd.org/ral.4">ral(4)</a>, improvements for the RT2860 chip:
! 969: <ul>
! 970: <li>Fix watchdog timeouts and dropped frames under load.
! 971: <li>Fix a bug where oactive is not set and mbufs are dropped.
! 972: </ul>
! 973: <li>Add a counter in the TCP SYN cache and in <a href="http://man.openbsd.org/netstat.1">netstat(1)</a> -s to show how often the hash function is reseeded and the random bucket distribution changes.
! 974: <li>On octeon, use the list of the usable memory regions provided by U-Boot instead of the hardcoded regions in memory setup.
! 975: <li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, make the "command" builtin POSIX-compliant and consistent with other current shells.
! 976: <!-- 2016-03-20 -->
! 977: <li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, let the stack smash handler log to console directly if it is not possible to deliver to <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>.
! 978: <li>In <a href="http://man.openbsd.org/vnet.4">vnet(4)</a>, plug a memory leak in <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> code path.
! 979: <li>Many improvements of libedit, in particular with regard to UTF-8 support.
! 980: <li>In <a href="http://man.openbsd.org/axen.4">axen(4)</a>, initialize the hardware on reset. This allows it to attach reliably and pass traffic, and prevents a panic when unplugging it.
! 981: <li>Import libdrm 2.4.67.
! 982: <!-- 2016-03-19 -->
! 983: <li>Attach <a href="http://man.openbsd.org/dwctwo.4">dwctwo(4)</a> only on Octeon models that have a DWC2 controller.
! 984: <li>Remove support for StrongARM (SA1), IXP12x0, IXP425 and XScale 80200.
! 985: <!-- 2016-03-18 -->
! 986: <li>In <a href="http://man.openbsd.org/vi.1">vi(1)</a>, avoid a backwards <a href="http://man.openbsd.org/memcpy.3">memcpy(3)</a> when issuing ":e +something".
! 987: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, make scrolling behaviour more sensible and maintain cursor position, as if the same had been done line-by-line.
! 988: <li>In <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, use a new _pkgfetch user for separation instead of the _pfetch user.
! 989: <li>Remove ARM8 and ARM9T support.
! 990: <!-- 2016-03-17 -->
! 991: <li>Add octuctl(4), a driver for the Octeon II USB Controller Interface, and attachments for <a href="http://man.openbsd.org/ehci.4">ehci(4)</a> and <a href="http://man.openbsd.org/ohci.4">ohci(4)</a>.
! 992: <li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, add support for the TXIC TX382B (currently TX/RX FIFO is not working).
! 993: <!-- 2016-03-16 -->
! 994: <li>In <a href="http://man.openbsd.org/column.1">column(1)</a>, <a href="http://man.openbsd.org/lpq.1">lpq(1)</a>, <a href="http://man.openbsd.org/ls.1">ls(1)</a>, <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, <a href="http://man.openbsd.org/ps.1">ps(1)</a>, <a href="http://man.openbsd.org/rusers.1">rusers(1)</a>, <a href="http://man.openbsd.org/sed.1">sed(1)</a> and <a href="http://man.openbsd.org/growfs.8">growfs(8)</a>, use the COLUMNS environment variable first, and either terminal width or a hardcoded value (typically 80) as appropriate.
! 995: <li>In libssl, use <a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> for ASN1 objects on free. Too often these contain sensitive information.
! 996: <li>In <a href="http://man.openbsd.org/vi.1">vi(1)</a>, add error checking for the COLUMNS and LINES environment variables to avoid a crash.
! 997: <li>In <a href="http://man.openbsd.org/sd.4">sd(4)</a>, prevent a use-after-free of the scsi link structure during detach.
! 998: <li>Expose new and much simpler <a href="http://man.openbsd.org/audio.4">audio(4)</a> ioctls.
! 999: <!-- 2016-03-15 -->
! 1000: <li>In <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>, transition to "Req-Sent" had been missing when RTA in "Opened". This caused a timer event leak.
! 1001: <li>Update to tzdata2016b from ftp.iana.org.
! 1002: <li>Allocate amap slots for a virtual memory range reserved with <a href="http://man.openbsd.org/sbrk.2">sbrk(2)</a> lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory.
! 1003: <li>For amaps with only a few slots, allocate the slots via <a href="http://man.openbsd.org/pool.9">pool(9)</a>. This saves some memory and reduces kmem pressure.
! 1004: <li><font color="#e00000">5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d programs.</font><br>A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>.
! 1005: <li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.</font><br>A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>.
! 1006: <li>In <a href="http://man.openbsd.org/puc.4">puc(4)</a>, add support for the Exar XR17V354 device.
! 1007: <!-- 2016-03-14 -->
! 1008: <li>Remove the legacy <a href="http://man.openbsd.org/OpenBSD-5.9/uiomovei.9">uiomovei(3)</a> function. It has been replaced by <a href="http://man.openbsd.org/uiomove.9">uiomove(9)</a>.
! 1009: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, unbreak authentication using lone certificate keys in ssh-agent (bz#2550).
! 1010: <li>In <a href="http://man.openbsd.org/acpicpu.4">acpicpu(4)</a>, correct the value of SRT_ENDTAG: it was documented incorrectly in early ACPI specs.
! 1011: <!-- 2016-03-13 -->
! 1012: <li>In libfontconfig, enable atomics operations on mips64 and mips64el.
! 1013: <li>In <a href="http://man.openbsd.org/vmm.4">vmm(4)</a>, introduce memory ranges to support VMs with 4G or more of RAM.
! 1014: <li>In <a href="http://man.openbsd.org/ichiic.4">ichiic(4)</a>, ignore the SMBALERT# interrupt. This fixes booting the GENERIC kernel on ADI RCC-VE with buggy BIOS versions, rendering the internal eMMC flash unusable.
! 1015: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, recognize ipmi, vscsi, pvbus, udl, fuse, trunk, pipex and memrange <a href="http://man.openbsd.org/ioctl.2">ioctl(2)</a> requests.
! 1016: <!-- 2016-03-11 -->
! 1017: <li>In <a href="http://man.openbsd.org/sd.4">sd(4)</a>, avoid a kernel panic when unplugging an USB umass stick because of a use after free.
! 1018: <li>Avoid corrupt mount points without a valid device when unmounting.
! 1019: <!-- 2016-03-10 -->
! 1020: <li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="http://man.openbsd.org/xauth.1">xauth(1)</a>.</font><br>A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>.
! 1021: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, sanitise characters destined for <a href="http://man.openbsd.org/xauth.1">xauth(1)</a>.
! 1022: <li>In <a href="http://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, don't retransmit responses for unauthenticated messages.
! 1023: <!-- 2016-03-09 -->
! 1024: <li>Remove support for vax.
! 1025: <li>In <a href="http://man.openbsd.org/fdisk.8">fdisk(8)</a> and <a href="http://man.openbsd.org/pdisk.8">pdisk(8)</a>, accept only a character special device as disk.
! 1026: <!-- 2016-03-08 -->
! 1027: <li>Rework how <a href="http://man.openbsd.org/mpw.4">mpw(4)</a> interacts with <a href="http://man.openbsd.org/vlan.4">vlan(4)</a>. This will allow vlan(4) to become MP-safe.
! 1028: <li>In <a href="http://man.openbsd.org/xterm.1">xterm(1)</a>, use UTF-8 mode by default.
! 1029: <li>In <a href="http://man.openbsd.org/httpd.8">httpd(8)</a>, set the content charset for auto index generated pages.
! 1030: <!-- 2016-03-07 -->
! 1031: <li>Make "cp -i" behave as "mv -i" or "rm -i", independently of whether stdin is a tty or not.
! 1032: <li>Do not remove RTF_STATIC L2 entries from the routing table. Static entries might not have a cloning route to re-create them and hence be gone when their timer expires.
! 1033: <!-- 2016-03-06 -->
! 1034: <li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, improve display of unknown and KTR_START records.
! 1035: <li>Avoid refetching blocks already in the buffer cache. This significantly improves read operations on MSDOSFS.
! 1036: <li>Update to xrandr 1.5.0.
! 1037: <li>Update to libXrandr 1.5.0.
! 1038: <li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, make "set +o" conform with POSIX.
! 1039: <li>Tweak uvm assertions to avoid locking in some cases.
! 1040: <!-- 2016-03-05 -->
! 1041: <li>In <a href="http://man.openbsd.org/file.1">file(1)</a>, sync "archive" magic from file 5.25.
! 1042: <li>In <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a> constraints, avoid using %Z specification of <a href="http://man.openbsd.org/strptime.3">strptime(3)</a> which disagress with RFC7231 and can give surprising results on other operating systems.
! 1043: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, improve UTF-8 locale checking.
! 1044: <li>Update to unbound 1.5.8.
! 1045: <li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>, fix POSIX-compliant behavior of "set -u" regarding "$*" and "$@" specials.
! 1046: <li>Almost completely rewrite <a href="http://man.openbsd.org/mknod.8">mknod(8)</a> in order to allow a speedup of <a href="http://man.openbsd.org/MAKEDEV.8">MAKEDEV(8)</a>.
! 1047: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, avoid accessing a NULL pointer.
! 1048: <!-- 2016-03-04 -->
! 1049: <li>In <a href="http://man.openbsd.org/vmd.8">vmd(8)</a>, set root device to sd0a, instead of wd0a.
! 1050: <li>In <a href="http://man.openbsd.org/ksh.1">ksh(1)</a>:
! 1051: <ul>
! 1052: <li>Don't parse (...|...) patterns in variable substitution inside double quotes. This fixes a POSIX compatibility issue.
! 1053: <li>Remove the mknod builtin.
! 1054: </ul>
! 1055: <!-- 2016-03-03 -->
! 1056: <li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix ClientAliveInterval when a time-based RekeyLimit is set (bz#2252).
! 1057: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>:
! 1058: <ul>
! 1059: <li>Avoid mixing up RGB colours with aixterm colours.
! 1060: <li>Make the show-* and set-* commands handle a missing target.
! 1061: </ul>
! 1062: <li>On amd64 and i386, unwind the trapframe correctly when a breakpoint is set on "syscall". This prevents a fault in <a href="http://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
! 1063: <li>Remove the machdep.userldt <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>.
! 1064: <li>In <a href="http://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, restore an assignment of device current mode. This fixes <a href="http://man.openbsd.org/iwi.4">iwi(4)</a> fatal firmware errors.
! 1065: <!-- 2016-03-02 -->
! 1066: <li>Bump link_maxhdr (the space reserved before an ip packet payload for link headers) from 16 to 64.
! 1067: <li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a>, improve accuracy of reported transfer speeds.
! 1068: <li>In <a href="http://man.openbsd.org/sftp.1">sftp(1)</a> and <a href="http://man.openbsd.org/scp.1">scp(1)</a>, improve precision of the progress meter.
! 1069: <li>In <a href="http://man.openbsd.org/tmux.1">tmux(1)</a>, improve <a href="http://man.openbsd.org/wcwidth.1">wcwidth(1)</a> and <a href="http://man.openbsd.org/mctowc.1">mbtowc(1)</a> error handling.
! 1070: <li>Remove Linux emulation support.
! 1071: <li>In libssl, add bounds checking for read_ledword().
! 1072: <!-- 2016-03-01 -->
! 1073: <li>In libssl, add bounds checking for <a href="http://man.openbsd.org/BN_hex2bn.3">BN_hex2bn(3)</a> and <a href="http://man.openbsd.org/BN_dec2bn.3">BN_dec2bn(3)</a>.
! 1074: <li>In <a href="http://man.openbsd.org/acpi.4">acpi(4)</a>, add more Windows versions for _OSI checks.
! 1075: <li>In <a href="http://man.openbsd.org/cpsw.4">cpsw(4)</a>, detect and only enable the port that is actually used. This avoids device timeouts. Also enable interrupt pacing to limit interrupts at 2K/s.
! 1076: <li>Set the IFF_MULTICAST flag on <a href="http://man.openbsd.org/tun.4">tun(4)</a> interfaces so IPv6 addresses can be assigned.
! 1077: <li>In <a href="http://man.openbsd.org/diff.1">diff(1)</a>, rectify line numbers for "s/.//" commands in ed-style diffs.
! 1078: <li>In libedit, fix a segfault and functional error in c_gets().
! 1079: <li>In libssl, remove support for ancient, broken DSA implementations.
! 1080: <!-- 2016-02-28 -->
! 1081: <li>Fix a bug when IPsec UDP encapsulation is used for IPv6.
! 1082: <!-- 2016-02-27 -->
! 1083: <li>In <a href="http://man.openbsd.org/gcc.1">gcc(1)</a>, fix an Internal Compiler Error on alpha when using __sync builtins.
! 1084: <!-- 2016-02-26 -->
! 1085: <li>In <a href="http://man.openbsd.org/fnmatch.3">fnmatch(3)</a>, fix negation of POSIX character classes.
! 1086: <li>Prevent a memory leak in <a href="http://man.openbsd.org/vnet.4">vnet(4/sparc64)</a>.
! 1087: <li>Valdate fs_maxsymlinklen in the superblock of ffs and ext2fs filesystems to avoid use of bogus data.
! 1088: <!-- 2016-02-25 -->
! 1089: <li>On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037.
1.1 deraadt 1090: </ul>
1091: <p>
1092:
1093: </body>
1094: </html>