OpenBSD -current changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6.
Changes made between OpenBSD 5.6 and -current
- Fix a syslogd(8) regression when specifying all 20 additional log paths.
- Implemented membar API for amd64.
- Deleted procfs (always suffered from race conditions and is now unused).
- 5.4 RELIABILITY FIX: Added a one second receive timeout. Avoids stall of receive queue in vio(4).
- 5.4 and 5.5 RELIABILITY FIX: Removed race condition. Stops occasional network hangs in in vio(4).
- Updated to mesa version 10.2.7.
- Removed SSL_kDHr, SSL_kDHd and SSL_aDH from ssl(8). No supported ciphersuites use them.
- Use shell substitution instead of dirname in sysmerge(8); fixed installing pkg @sample when target directory is missing; fixed output when a file fails to install.
- 5.6 RELIABILITY FIX: Stopped incorrect RX ring computation, which led to panics under load with bge(4), em(4) and ix(4).
A source code patch is available for 5.6.
- Let roff(7) accept .ll in the prologue; parse and ignore the .pl (page length) request.
- Upgraded inodesc.id_entryno in fsck_ffs(8) to u_int64_t, to handle larger file sizes with FFS2; fixed check for allocated fragments marked free in the bitmap.
- Fixed FastCGI-based WebDAV and CalDAV (calendar) servers with httpd(8).
- httpd(8) server name specification changed to name+address+port. Allows using same server name for multiple servers with different addresses.
- Removed /etc/{hosts,myname} from etc.tgz; made the installer create the /etc/hosts template.
- In perl(1), updated libnet to version 1.27.
- Reworked how pool(9) with large pages (>PAGE_SIZE) are implemented.
- Added *.gz support to apropos(1) -a, man(1), and mandoc(1).
- In ssh(1), tightened permissions on pty(4) when the "tty" group does not exist.
- Be coherent in the way arp(8) and ndp(8) display local entries, use "l" flag to distinguish them; skip broadcast entries (are not real arp(4) entries).
- Make sure broadcast entries won't be freed by the arp(4) timer so we can use them for address lookups.
- Treat broadcast entries like local ones and give them the highest route(4) priority.
- Sync amd64 and i386 GENERIC.MP with other arches by enabling MP_LOCKDEBUG option.
- If crypt(3) fails, smtpd(8) will now return an authentication error.
- Implemented traditional -h option for man(1): show the SYNOPSIS only.
- Initial httpd(8) support for persistent FastCGI connections via chunked Transfer-Encoding.
- Added Jumbo support for BCM5714/5780/5717/5719/5720/57765/57766 bge(4) chipsets.
- Fixed makewhatis(8) bug so apropos(1) and man(1) can find Xenocara manuals via .so links.
- In man(1) mode, change to the right directory before starting the parser. Finds more Xenocara manuals.
- Wake up any waiting clients with the tmux(1) "wait-for" command when the server exits.
- smtpd(8) queue_api.c code will now close the file descriptor if fdopen(3) fails.
- Prevented a null dereference of the urtw(4) configuration descriptor.
- Improved option usage output for ssl(8); converted ssl(8) ecparam to new option/usage handling.
- Applied fix from upstream perl(1) to harden the close() function (RT 37700).
- Replaced the "least recently used" bufcache in vfs_cache(9) with one based on 2Q, for scan resistance.
- On amd64, added implementations of atomic_{inc,dec,add,sub}_{int,long}(9) and atomic_{add,sub}_{int,long}_nv(9).
- Correctly made accept4(2) a cancellation point as per pthread_testcancel(3).
- Backported @file support from binutils-2.17.
- Added uuid(3) support routines to libc.
- Made sysmerge(8) completely silent by default when no file is modified.
- In sysmerge(8) pkg mode, warn if the directory we want to copy an @sample into doesn't exist or is not an @sample.
- In sparc64 ld.so(1), made the handling of PLT entries above the 32k mark thread-safe.
- When a service is not available, made rcctl(8) return ENOENT.
- Introduced a man(1) -l option as an alias for mandoc(1) -a.
- Converted the openssl(1) "version" command to new option/usage handling.
- On lii(4), set the MRU to a full size frame instead of basing it on the MTU.
- Let the MRU always be what the oce(4) chip can do, not what the MTU implies.
- Fixed 2 macppc panics.
- Allow new devices to get an address for xhci(4) when XHCI_DEBUG is defined.
- Fixed checking sync for old synaptics touchpad (ver 5.9) in pckbc(4).
- Allow multiple relayd(8) instances to be configured to forward traffic to the same host.
- Major sysmerge(8) cleanup now that both etc and xetc sets are part of base (-S -s and -x options gone).
- Moved the xetc set into xbase (like etc was moved into base).
- Added openssl(8) option handling for input/output formats, ordered flags, and for argument processing.
- Added mdoc(7) support for .St -susv1 and .St -susv4.
- Made diff(1) -uw produce valid output even when one file doesn't end with a newline.
- Implemented table-driven ssl(8) option parsing. Allows an application to specify valid options and where to store them.
- Ported openssl(1) rand application to the new option parsing and usage.
- Nuked sysctl(8) net.inet6.icmp6.rediraccept and allow redirects on interfaces with autoconf enabled.
- In newsyslog.conf(5), added httpd(8) default log files to the rotation.
- Added ssl(8) API function ressl_config_set_ecdhcurve to set or disable a non-standard ECDH curve.
- Added support for Curve25519 to iked(8).
- Write all data before closing the httpd(8) server socket if the output buffer is not empty.
- Added missing capability to handle new $2b version of blowfish(3) password encryption for usermod(8) and friends.
- Added an implementation of man(1) into the /usr/bin/mandoc binary; unify command line options for mandoc(1), man(1), apropos(1), and whatis(1).
- Create etc set during "make build", now embedded it in base set.
- Removed nginx from the base system in favour of OpenBSD's homegrown httpd(8).
- Moved openssl(1) from /usr/sbin/openssl to /usr/bin/openssl.
- Unlinked xfs(1) from the build.
- Added the ability to restrict syslogd(8) to an ip(4) or ip6(4) protocol family.
- Added iked(8) support for DH groups 27-30 using the Brainpool curves as in ssl(8).
- httpd(8) now supports both mime.types flavours (nginx- or apache-style).
- Added generic system-wide /usr/share/misc/mime.types file, usable by httpd.conf(5).
- Moved sending of router solicitations to the kernel. Makes rtsol(8) and rtsold(8) unnecessary.
- Don't allow pasting into input-disabled tmux(1) panes.
- Implemented _NET_WM_STATE_STICKY in cwm(1). Allows client to "stick" to all desktops or groups.
- When using a proxy, made ftp(1) validate the cert hostname against the target hostname, not the proxy hostname.
- Delete secret or secret-derived data in many base utilities with explicit_bzero(3).
- Implementation of bold italic font support for postscript and pdf output in mandoc(1).
- Start all rcctl(8) error messages with "rcctl: " so it is clear where they come from.
- In debug mode, only print the flags relevant to the rc.d(8) we are calling instead of all flags; make it clear when we are using the default flags when none are set.
- Make it possible for rcctl(8) to pass `-d' and `-f' to the rc.d(8) script.
- Removed non-standard GOST cipher suites (which are not compiled in currently) from ssl(8).
- pfctl(8) now makes sure rules have been defined when you specify queues in a rule.
- Switched ndp(8) to display MAC addresses in 00:00:00:00:00:00 format.
- Get arp(8) to print leading zeros in MAC addresses again.
- Disabled use of bind in base (base uses nsd(8)/unbound(8) instead).
- Ensure cwm(1) client that wants to be in nogroup stays in nogroup (thus stays in view), even when (re)reading NET_WM_DESKTOP.
- Made syslogd(8) check host/port length when parsing syslog.conf(5). Avoids nasty error message "syslogd: priv_getaddrinfo: overflow attempt in hostname".
- Set the default nfsd(8) flags to "-tun 4" when launched from rc.d(8).
- Fixed memory leak in isakmpd(8) ike_phase_1.c.
- Fixed acpi(4) sensor status for docking/undocking laptops, to allow sensorsd(8) to correctly detects state changes.
- Bugfix to make whatis(1) case-insensitive again.
- Added Last-Modified: HTTP header to httpd(8).
- Allow syslogd(8) to send and receive udp(4) syslog packets on the IPv6 socket.
- Unbroke sysmerge(8) when "SRCDIR=."
- Limited the mandoc(1) CGI process execution time, to make REDoS attacks less effective.
- Stopped mandoc(1) suppressing white space after .Fl if the next node is a text node on the same input line.
- Made rcctl(8) "status" output match rc.conf(8) format.
- Changed the output of arp(8) to match what ndp(8) does; include the expire timer.
- After nfe(4) allocates an mbuf and cluster, properly init the length fields.
- Implemented rxrinfo ioctl in ix(4) for cluster usage statistics.
- Call audio_{pint,rint}() call-backs with the mutex held.
- When doing "whole disk" installs on macppc, blank the first 1 meg of the disk. Allows successful creation of boot partition.
- Unlinked the crypto(4) pseudo device (disabled by default for about 4 years).
- Made sure eap(4) releases CPU mutexes upon receiving an EINVAL message.
- On i386/amd64, backported support for the "rdtscp" instruction from binutils-2.17.
- Removed the custom jumbo allocator from nfe(4) which was never enabled.
- When sshd(8) is dumping the server configuration, made it print correct KEX, MAC and cipher defaults.
- Introduced rcctl(8), a simple utility for maintaining rc.conf.local(8).
- When a local route(4) entry is added for an ifa having a broadcast address, made it identifiable (by a flag) and persistent.
- Ensure state changes are properly serialised in pms(4). makes enabling/disabling touchpads more reliable.
- Missing stack var initialisation fixed in ld.so(1).
- Added -4 and -6 flags to tcpbench(1), to specify ipv4 or ipv6 respectively.
- Fixed _exit codes in syslogd(8) privsep.c, which were the wrong way around.
- Fixed read access to uninitialised memory in mandoc(1).
- Removed malloc(3) lock across some mmap(2) syscall(9). Speeds up multithreaded programs.
- Added fancy printing of ktrace(1)'s ops argument to kdump(1).
- Made kdump(1) display symbolically the mode argument of mkdir(1), mkfifo(1), mknod(2) and umask(2).
- /etc/netstart now executed using sh(1) instead of sourcing it.
- Repaired operation of sysctl(8) kern.arandom.
- Removed support for public key operations from ubsec(4) and safe(4).
- lofn(4) and nofn(4) removed as obsolete, due to reliance on the crypto(4) interface.
- Switched to using O_CLOEXEC wherever we open a file and then call fcntl(F_SETFD, FD_CLOEXEC)
on it. Reduces system calls and improves thread-safety for libraries.
- More fixes in the attach failure path for ze(4/vax).
- Added bounce matching for [] and {} to mg(1).
- Synced relayd(8) and httpd(8) with RFC 7230-7235 phrases and IANA registered status codes.
- In oce(4), implemented rxrinfo ioctl for cluster usage statistics.
- systat(1) now only show active pools by default, pressing "A" shows all pools.
- Updated drm(4) to libdrm 2.4.56.
- Began cleanup of scaling units in roff(7).
- Some X(7) resource files moved to /usr/X11R6/share/X11/app-defaults.
- With a non-existent httpd(8) root, removed root prefix from PATH_INFO (useful for virtual FastCGI scripts inside a chroot(8)).
- Made sure tftpd(8) always calls freeaddrinfo(3) after getaddrinfo(3).
- In httpd(8), provided a failsafe version of the path_info() function.
- Correctly set the rtable ID of the packet header when sending pppoe(4) Active Discovery Terminate packets.
- Brought pflow(4) IPFIX sequence numbers in line with the RFC.
- Sync pf.conf(5) behaviour with the man page regarding parent anchors for "once" rules.
- On mips64, stopped uvm_map(9) from receiving addresses outside userland bounds.
- Fixed tmux(1) copy mode problems: in vi mode, include the last character if you moved the cursor up or left; in emacs mode include the last character if you moved the cursor left.
- Added tmux(1) flags to selectp, to enable and disable input to a pane.
- In ksh(1), separately set FD_CLOEXEC if the new fd was >= FDBASE. Affects scripts that directly use 9 of the first 10 file descriptors.
- When dhclient(8) is parsing 32 bit values, verify that we received 4 bytes.
- Validate len field in dhcpd(8) for proper length, not just "not zero."
- Brought back r1.131 of sys/kern/subr_pool.c: take the pools mutex when copying stats out of it in the sysctl(8) path.
- Put back the checks about RTF_LOCAL routes now that userland tools are aware of them.
- Stopped arp(4) and ndp(8) from trying to delete RTF_LOCAL entries.
- Fixed unchecked memory allocation (and potential leak upon error) in ssl(8) ssl3_get_cert_verify().
- Provided ssl3_get_cipher_by_id() function that allows ssl(8) ciphers to be looked up by their ID.
- Always write core file of a non-suid process into pwd(1), even if sysctl(8) kern.nosuidcoredump is 2 or 3.
- Fixed race in relayd(8) that caused non-persistent PUT connections with a short body to hang.
- Removed disabled (weakened export and non-ephemeral DH) cipher suites from the ssl(8) cipher list.
- If pkg_create(1) is run as non-root, restore correct group/owner to root/bin, and remove write permissions without explicit modes.
- Fixed kqueue read/write filters for msdosfs and fuse(4) filesystems.
- Fixed the length check for reinjected icmp(4) packets. Stops divert(4) discarding valid packets shorter than 20 bytes.
- Fixed readelf(1) "--debug-dump=frames-interp" output.
- 5.4 and 5.5 SECURITY FIXES: Backported security fixes from openssl 1.0.1i
A source code patch is available for 5.4 and 5.5.
- Initial sysmerge(8) support for handling configuration files from packages.
- Now that uhub(4) can deal with them, added support for non-root hubs.
- Made uhub(4) correctly recognise Super Speed devices.
- Allow httpd.conf(5) to include the "types" section anywhere in the configuration file.
- Removed tmux(1) support for the continuously reporting "any" mouse mode (never worked properly, rarely used).
- Backport from binutils-2.17 the correct i386/amd64 register->int assignments for CFI.
- Allow httpd(8) to use a fastcgi target as the default index (eg index.php).
- Fixed relayd(8) when using DNS over udp(4) so it continues to work after the first request.
- radeon(4) fixes: only apply hdmi "bpc pll" flags when encoder mode is hdmi; fixed dithering on some panels; fixed lane/clock setup for dp 1.2 capable devices.
- Brought mandoc(1) handling of defective prologues closer to groff.
- Simplified man(7) validation in mandoc(1).
- Fixed mandoc(1) floating point handling. Fixes the indentation of the readline(3) manual.
- Allow httpd(8) to serve emtpy (0 bytes) files.
- Improved mandoc(1) handling of next-line scope when it is broken by end of file.
- Partial mandoc(1) implementation of .Bd -centred; various improvements related to .Ex and .Rv.
- Made sure asynchronous commands do not race with synchronous ones in xhci(4).
- Improved xhci(4) logic to determine the maximum endpoint service interface time payload.
- Made xhci(4) always report stalls, as umass(4) relies on this information.
- Added support for using "-" as shorthand for stdin/stdout in tradcpp(1).