OpenBSD -current changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6.
Changes made between OpenBSD 5.6 and -current
- Implementation of bold italic font support for postscript and pdf output in mandoc(1).
- Start all rcctl(8) error messages with "rcctl: " so it is clear where they come from.
- In debug mode, only print the flags relevant to the rc.d(8) we are calling instead of all flags; make it clear when we are using the default flags when none are set.
- Make it possible for rcctl(8) to pass `-d' and `-f' to the rc.d(8) script.
- Removed non-standard GOST cipher suites (which are not compiled in currently) from ssl(8).
- pfctl(8) now makes sure rules have been defined when you specify queues in a rule.
- Switched ndp(8) to display MAC addresses in 00:00:00:00:00:00 format.
- Get arp(8) to print leading zeros in MAC addresses again.
- Disabled use of bind in base (base uses nsd(8)/unbound(8) instead).
- Ensure cwm(1) client that wants to be in nogroup stays in nogroup (thus stays in view), even when (re)reading NET_WM_DESKTOP.
- Made syslogd(8) check host/port length when parsing syslog.conf(5). Avoids nasty error message "syslogd: priv_getaddrinfo: overflow attempt in hostname".
- Set the default nfsd(8) flags to "-tun 4" when launched from rc.d(8).
- Fixed memory leak in isakmpd(8) ike_phase_1.c.
- Fixed acpi(4) sensor status for docking/undocking laptops, to allow sensorsd(8) to correctly detects state changes.
- Bugfix to make whatis(1) case-insensitive again.
- Added Last-Modified: HTTP header to httpd(8).
- Allow syslogd(8) to send and receive udp(4) syslog packets on the IPv6 socket.
- Unbroke sysmerge(8) when "SRCDIR=."
- Limited the mandoc(1) CGI process execution time, to make REDoS attacks less effective.
- Stopped mandoc(1) suppressing white space after .Fl if the next node is a text node on the same input line.
- Made rcctl(8) "status" output match rc.conf(8) format.
- Changed the output of arp(8) to match what ndp(8) does; include the expire timer.
- After nfe(4) allocates an mbuf and cluster, properly init the length fields.
- Implemented rxrinfo ioctl in ix(4) for cluster usage statistics.
- Call audio_{pint,rint}() call-backs with the mutex held.
- When doing "whole disk" installs on macppc, blank the first 1 meg of the disk. Allows successful creation of boot partition.
- Unlinked the crypto(4) pseudo device (disabled by default for about 4 years).
- Made sure eap(4) releases CPU mutexes upon receiving an EINVAL message.
- On i386/amd64, backported support for the "rdtscp" instruction from binutils-2.17.
- Removed the custom jumbo allocator from nfe(4) which was never enabled.
- When sshd(8) is dumping the server configuration, made it print correct KEX, MAC and cipher defaults.
- Introduced rcctl(8), a simple utility for maintaining rc.conf.local(8).
- When a local route(4) entry is added for an ifa having a broadcast address, made it identifiable (by a flag) and persistent.
- Ensure state changes are properly serialised in pms(4). makes enabling/disabling touchpads more reliable.
- Missing stack var initialisation fixed in ld.so(1).
- Added -4 and -6 flags to tcpbench(1), to specify ipv4 or ipv6 respectively.
- Fixed _exit codes in syslogd(8) privsep.c, which were the wrong way around.
- Fixed read access to uninitialised memory in mandoc(1).
- Removed malloc(3) lock across some mmap(2) syscall(9). Speeds up multithreaded programs.
- Added fancy printing of ktrace(1)'s ops argument to kdump(1).
- Made kdump(1) display symbolically the mode argument of mkdir(1), mkfifo(1), mknod(2) and umask(2).
- /etc/netstart now executed using sh(1) instead of sourcing it.
- Repaired operation of sysctl(8) kern.arandom.
- Removed support for public key operations from ubsec(4) and safe(4).
- lofn(4) and nofn(4) removed as obsolete, due to reliance on the crypto(4) interface.
- Switched to using O_CLOEXEC wherever we open a file and then call fcntl(F_SETFD, FD_CLOEXEC)
on it. Reduces system calls and improves thread-safety for libraries.
- More fixes in the attach failure path for ze(4/vax).
- Added bounce matching for [] and {} to mg(1).
- Synced relayd(8) and httpd(8) with RFC 7230-7235 phrases and IANA registered status codes.
- In oce(4), implemented rxrinfo ioctl for cluster usage statistics.
- systat(1) now only show active pools by default, pressing "A" shows all pools.
- Updated drm(4) to libdrm 2.4.56.
- Began cleanup of scaling units in roff(7).
- Some X(7) resource files moved to /usr/X11R6/share/X11/app-defaults.
- With a non-existent httpd(8) root, removed root prefix from PATH_INFO (useful for virtual FastCGI scripts inside a chroot(8)).
- Made sure tftpd(8) always calls freeaddrinfo(3) after getaddrinfo(3).
- In httpd(8), provided a failsafe version of the path_info() function.
- Correctly set the rtable ID of the packet header when sending pppoe(4) Active Discovery Terminate packets.
- Brought pflow(4) IPFIX sequence numbers in line with the RFC.
- Sync pf.conf(5) behaviour with the man page regarding parent anchors for "once" rules.
- On mips64, stopped uvm_map(9) from receiving addresses outside userland bounds.
- Fixed tmux(1) copy mode problems: in vi mode, include the last character if you moved the cursor up or left; in emacs mode include the last character if you moved the cursor left.
- Added tmux(1) flags to selectp, to enable and disable input to a pane.
- In ksh(1), separately set FD_CLOEXEC if the new fd was >= FDBASE. Affects scripts that directly use 9 of the first 10 file descriptors.
- When dhclient(8) is parsing 32 bit values, verify that we received 4 bytes.
- Validate len field in dhcpd(8) for proper length, not just "not zero."
- Brought back r1.131 of sys/kern/subr_pool.c: take the pools mutex when copying stats out of it in the sysctl(8) path.
- Put back the checks about RTF_LOCAL routes now that userland tools are aware of them.
- Stopped arp(4) and ndp(8) from trying to delete RTF_LOCAL entries.
- Fixed unchecked memory allocation (and potential leak upon error) in ssl(8) ssl3_get_cert_verify().
- Provided ssl3_get_cipher_by_id() function that allows ssl(8) ciphers to be looked up by their ID.
- Always write core file of a non-suid process into pwd(1), even if sysctl(8) kern.nosuidcoredump is 2 or 3.
- Fixed race in relayd(8) that caused non-persistent PUT connections with a short body to hang.
- Removed disabled (weakened export and non-ephemeral DH) cipher suites from the ssl(8) cipher list.
- If pkg_create(1) is run as non-root, restore correct group/owner to root/bin, and remove write permissions without explicit modes.
- Fixed kqueue read/write filters for msdosfs and fuse(4) filesystems.
- Fixed the length check for reinjected icmp(4) packets. Stops divert(4) discarding valid packets shorter than 20 bytes.
- Fixed readelf(1) "--debug-dump=frames-interp" output.
- 5.4 and 5.5 SECURITY FIXES: Backported security fixes from openssl 1.0.1i
A source code patch is available for 5.4 and 5.5.
- Initial sysmerge(8) support for handling configuration files from packages.
- Now that uhub(4) can deal with them, added support for non-root hubs.
- Made uhub(4) correctly recognise Super Speed devices.
- Allow httpd.conf(5) to include the "types" section anywhere in the configuration file.
- Removed tmux(1) support for the continuously reporting "any" mouse mode (never worked properly, rarely used).
- Backport from binutils-2.17 the correct i386/amd64 register->int assignments for CFI.
- Allow httpd(8) to use a fastcgi target as the default index (eg index.php).
- Fixed relayd(8) when using DNS over udp(4) so it continues to work after the first request.
- radeon(4) fixes: only apply hdmi "bpc pll" flags when encoder mode is hdmi; fixed dithering on some panels; fixed lane/clock setup for dp 1.2 capable devices.
- Brought mandoc(1) handling of defective prologues closer to groff.
- Simplified man(7) validation in mandoc(1).
- Fixed mandoc(1) floating point handling. Fixes the indentation of the readline(3) manual.
- Allow httpd(8) to serve emtpy (0 bytes) files.
- Improved mandoc(1) handling of next-line scope when it is broken by end of file.
- Partial mandoc(1) implementation of .Bd -centred; various improvements related to .Ex and .Rv.
- Made sure asynchronous commands do not race with synchronous ones in xhci(4).
- Improved xhci(4) logic to determine the maximum endpoint service interface time payload.
- Made xhci(4) always report stalls, as umass(4) relies on this information.
- Added support for using "-" as shorthand for stdin/stdout in tradcpp(1).
- Implementation of bold italic font support for postscript and pdf output in mandoc(1).
- Start all rcctl(8) error messages with "rcctl: " such that it is clear where they come from.
- In debug mode, only print the flags relevant to the rc.d(8) we are calling instead of all flags; make it clear when we are using the default flags when none are set.
- Make it possible for rcctl(8) to pass `-d' and `-f' to the rc.d(8) script.
- Removed non-standard GOST cipher suites (which are not compiled in currently) from ssl(8).
- pfctl(8) now makes sure rules have been defined when you specify queues in a rule.
- Switched ndp(8) to display MAC addresses in 00:00:00:00:00:00 format.
- Get arp(8) to print leading zeros in MAC addresses again.
- Disabled use of bind in base (base uses nsd(8)/unbound(8) instead).
- Ensure cwm(1) client that wants to be in nogroup stays in nogroup (thus stays in view), even when (re)reading NET_WM_DESKTOP.
- Made syslogd(8) check host/port length when parsing syslog.conf(5). Avoids nasty error message "syslogd: priv_getaddrinfo: overflow attempt in hostname".
- Set the default nfsd(8) flags to "-tun 4" when launched from rc.d(8).
- Fixed memory leak in isakmpd(8) ike_phase_1.c.
- Fixed acpi(4) sensor status for docking/undocking laptops, to allow sensorsd(8) to correctly detects state changes.
- Bugfix to make whatis(1) case-insensitive again.
- Added Last-Modified: HTTP header to httpd(8).
- Allow syslogd(8) to send and receive udp(4) syslog packets on the IPv6 socket.
- Unbroke sysmerge(8) when "SRCDIR=."
- Limited the mandoc(1) CGI process execution time, to make REDoS attacks less effective.
- Stopped mandoc(1) suppressing white space after .Fl if the next node is a text node on the same input line.
- Made rcctl(8) "status" output match rc.conf(8) format.
- Changed the output of arp(8) to match what ndp(8) does; include the expire timer.
- After nfe(4) allocates an mbuf and cluster, properly init the length fields.
- Implemented rxrinfo ioctl in ix(4) for cluster usage statistics.
- Call audio_{pint,rint}() call-backs with the mutex held.
- When doing "whole disk" installs on macppc, blank the first 1 meg of the disk. Allows successful creation of boot partition.
- Unlinked the crypto(4) pseudo device (disabled by default for about 4 years).
- Made sure CPU mutexes are released on EINVAL.
- On i386/amd64, backported support for the "rdtscp" instruction from binutils-2.17.
- Removed the custom jumbo allocator from nfe(4) which was never enabled.
- When sshd(8) is dumping the server configuration, made it print correct KEX, MAC and cipher defaults.
- Introduced rcctl(8), a simple utility for maintaining rc.conf.local(8).
- When a local route(4) entry is added for an ifa having a broadcast address, made it identifiable (by a flag) and persistent.
- Ensure state changes are properly serialised in pms(4). makes enabling/disabling touchpads more reliable.
- Missing stack var initialisation fixed in ld.so(1).
- Added -4 and -6 flags to tcpbench(1), to specify ipv4 or ipv6 respectively.
- Fixed _exit codes in syslogd(8) privsep.c, which were the wrong way around.
- Fixed read access to uninitialised memory in mandoc(1).
- Removed malloc(3) lock across some mmap(2) syscall(9). Speeds up multithreaded programs.
- Added fancy printing of ktrace(1)'s ops argument to kdump(1).
- Made kdump(1) display symbolicly the mode argument of mkdir(1), mkfifo(1), mknod(2) and umask(2).
- /etc/netstart now executed using sh(1) instead of sourcing it.
- Repaired operation of sysctl(8) kern.arandom.
- Removed support for public key operations from ubsec(4) and safe(4).
- lofn(4) and nofn(4) removed as obsolete, due to reliance on the crypto(4) interface.
- Switched to using O_CLOEXEC where files are opened. Reduces system calls and improves thread-safety for libraries.
- More fixes in the attach failure path for ze(4/vax).
- Added bounce matching for [] and {} to mg(1).
- Synced relayd(8) and httpd(8) with RFC 7230-7235 phrases and IANA registered status codes.
- In oce(4), implemented rxrinfo ioctl for cluster usage statistics.
- systat(1) now only show active pools by default, pressing "A" shows all pools.
- Updated drm(4) to libdrm 2.4.56.
- Began cleanup of scaling units in roff(7).
- Some X(7) resource files moved to /usr/X11R6/share/X11/app-defaults.
- With a non-existent httpd(8) root, removed root prefix from PATH_INFO (useful for virtual FastCGI scripts inside a chroot(8)).
- Made sure tftpd(8) always calls freeaddrinfo(3) after getaddrinfo(3).
- In httpd(8), provided a failsafe version of the path_info() function.
- Correctly set the rtable ID of the packet header when sending pppoe(4) Active Discovery Terminate packets.
- Brought pflow(4) IPFIX sequence numbers in line with the RFC.
- Sync pf.conf(5) behaviour with the man page regarding parent anchors for "once" rules.
- On mips64, stopped uvm_map(9) from receiving addresses outside userland bounds.
- Fixed tmux(1) copy mode problems: in vi mode, include the last character if you moved the cursor up or left; in emacs mode include the last character if you moved the cursor left.
- Added tmux(1) flags to selectp, to enable and disable input to a pane.
- In ksh(1), separately set FD_CLOEXEC if the new fd was >= FDBASE. Affects scripts that directly use 9 of the first 10 file descriptors.
- When dhclient(8) is parsing 32 bit values, verify that we received 4 bytes.
- Validate len field in dhcpd(8) for proper length, not just "not zero."
- Brought back r1.131 of sys/kern/subr_pool.c: take the pools mutex when copying stats out of it in the sysctl(8) path.
- Put back the checks about RTF_LOCAL routes now that userland tools are aware of them.
- Stopped arp(4) and ndp(8) from trying to delete RTF_LOCAL entries.
- Fixed unchecked memory allocation (and potential leak upon error) in ssl(8) ssl3_get_cert_verify().
- Provided ssl3_get_cipher_by_id() function that allows ssl(8) ciphers to be looked up by their ID.
- Always write core file of a non-suid process into pwd(1), even if sysctl(8) kern.nosuidcoredump is 2 or 3.
- Fixed race in relayd(8) that caused non-persistent PUT connections with a short body to hang.
- Removed disabled (weakened export and non-ephemeral DH) cipher suites from the ssl(8) cipher list.
- If pkg_create(1) is run as non-root, restore correct group/owner to root/bin, and remove write permissions without explicit modes.
- Fixed kqueue(2) read/write filters for msdosfs and fuse(4) filesystems.
- Fixed the length check for reinjected ICMP packets. Stops divert(4) discarding valid icmp(4) packets shorter than 20 bytes.
- Fixed readelf(1) "--debug-dump=frames-interp" output.
- 5.4 and 5.5 SECURITY FIXES: Backported security fixes from openssl 1.0.1i
A source code patch is available for 5.4 and 5.5.
- Initial sysmerge(8) support for handling configuration files from packages.
- Now that uhub(4) can deal with them, added support for non-root hubs.
- Made uhub(4) correctly recognise Super Speed devices.
- Allow httpd.conf(5) to include the "types" section anywhere in the configuration file.
- Removed tmux(1) support for the continuously reporting "any" mouse mode (never worked properly, rarely used).
- Backport from binutils-2.17 the correct i386/amd64 register->int assignments for CFI.
- Allow httpd(8) to use a fastcgi target as the default index (eg index.php).
- Fixed relayd(8) when using DNS over UDP so it continues to work after the first request.
- radeon(4) fixes: only apply hdmi "bpc pll" flags when encoder mode is hdmi; fixed dithering on some panels; fixed lane/clock setup for dp 1.2 capable devices.
- Brought mandoc(1) handling of defective prologues closer to groff.
- Simplified man(7) validation in mandoc(1).
- Fixed mandoc(1) floating point handling. Fixes the indentation of the readline(3) manual.
- Allow httpd(8) to serve empty (0 bytes) files.
- Improved mandoc(1) handling of next-line scope when it is broken by end of file.
- Partial mandoc(1) implementation of .Bd -centred; various improvements related to .Ex and .Rv.
- Made sure asynchronous commands do not race with synchronous ones in xhci(4).
- Improved xhci(4) logic to determine the maximum endpoint service interface time payload.
- Made xhci(4) always report stalls, as umass(4) relies on this information.
- Added support for using "-" as shorthand for stdin/stdout in tradcpp(1).