OpenBSD -current changes

OpenBSD -current changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5.

Changes made between OpenBSD 5.5 and -current

Stopped mandoc(1) crashing when processing macros in .Sh header lines, or having .Sm off or .Bk -words open.
Stopped leaking socketpair file descriptors if tmux(1) fork(2) fails.
Fixed potential race in UFS where an allocated inode could fail to get added.
Removed o_dir.c from openssl(1) now that OPENSSL_DIR_XXX has been removed from the build.
Removed nonstandard and unsafe DES support from ed(1).
Switched pkg_mklocatedb(1) to using common SetList code, renaming -x into -X.
Updated xcb-utils to 0.3.9.
Allow slowcgi(8) QUERY_STRING to be longer than 127 bytes.
Update libxcb to version 1.10.
Made OPENSSL_NO_HEARTBLEED the default and only option in ssl(8) code.
Adapted snmpctl(8), relayd(8) and snmpd(8) to use AgentX protocol to send traps.
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions.
Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
Update to xtrans 1.3.4.
Updated to xextproto 7.3.0.
Added presentproto 1.0.
Bring back r1.16 of protector.c in gcc(1) version 2.95. Fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) read buffer to stop an attacker injecting data from one connection into another.
A source code patch is available for 5.3, 5.4 and 5.5.
Made sure cu(1) -l overrides HOST.
Avoid sshd(8) crash at exit, by checking that pmonitor!=NULL before dereferencing (bz#2225).
Fixed more(1) to use basic regular expressions (unlike less(1)).
Clamp offsets to the available memory space. Fixes tmux(1) crash.
Further apropos(1) speed optimisation, with mmap(3) MAP_ANON SQLITE_CONFIG_PAGECACHE.
Updated to libdrm 2.4.53
Disabled Segglemann's RFC520 heartbeat from ssl(8).
Don't release the ssl(8) read buffer if we're not done reading from it; disabled buf freelists.
Added validation routines to iked(8): overall header structure is checked for sanity before copying the header; avoid overflow by passing down the number of remaining bytes.
Notify userland when an arp(4) entry is removed.
Fixed fd leaks in mg(1) error paths.
Retired rtinit() and switched to using rt_ifa_add(9) and rt_ifa_del(9) to manage connected routes to prefixes/hosts.
Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
Moved descriptions from mandoc(1) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
Reverted r1.93 of mg(1) file.c, which broke permission checks.
5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
Updated to xf86-video-ati 7.3.0.
Made smtpd(8) display correct imsg when profiling is on and if the type was changed.
Zapped the smtpd(8) mfa process. Content filtering will be done at session level.
Removed CA certificates from ssl(8) which are not listed in Mozilla's certdata.txt.
Use root CAs in ssl(8) used by TeleSec (Deutsche Telekom AG): Baltimore CyberTrust Root, Deutsche Telekom Root CA, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3.
If TLS validation is on, make ftp(1) fetch TLS certificate and check the server hostname against the subjectAltName and/or CommonName.
Build libgcc without SSP. Unbreaks landisk bootblocks.
Updated to xorg-macros 1.19.0.
Ensure that we free buffers written out by the page daemon rather than caching them.
Fixed error in bcrypt_pbkdf(3) stride calculations.
Added error detection mechanism to detect when sudo(8) configuration is incorrect for building ports.
Zero-fill smtpd(8) mta static buffer before use in DSN code.
Added term_flushln() flag to control indentation of continuation lines in TERMP_NOBREAK mode. Reduces groff-mandoc differences in base by more than 15%.
Added rgephy(4) for axe(4) and axen(4) on hppa and zaurus.
Fully implemented roff(7) \B (validate numerical expression) and partially implemented \w (measure text width) escape sequence.
5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) CVE-2014-0160 "heartbleed" vulnerability.
A source code patch is available for 5.3, 5.4 and 5.5.
Added MSI support for xhci(4).
Enable upd(4) on archs where uhidev(4) is present.
Do not attach when no upd(4) sensors can be allocated; made device querying smarter.
Added roff(7) support for indirect references to user-defined strings.
Made iscsid(8) listen to the control socket, so the connect() call from iscsictl(8) will not fail.
In udp_output(), use the correct source address in case of an unbound socket.
Accept arbitrary argument delimiters for various roff(7) escape sequences.
Increased MSGBUFSIZE on macppc.
Exit on error or HUP when poll()ing the keyboard. Otherwise, top(1) may spin when its tty goes away.
Added implementation of roff(7) numerical expressions.
Retired kernel support for SO_DONTROUTE, this time without breaking localhost connections.
Updated termtypes.master to upstream terminfo-20140329.src.
When qla(4) is iterating through fabric ports, start at our own port ID, to simplify tracking.
Added axen(4) wherever axe(4) is found.
qla(4) ISP2322 chips need a different firmware image to other 2300s, don't load firmware for them.
Removed (expensive) temporary connect in udp_output(). Also fixes possible memory leak.
Added missing addressing modes for the fucomip instruction on i386. Unbreaks webkit port.
Fixed smtpd(8) when writing multi-line "To" and "Cc" headers.
Implemented the roff(7) .rr (remove register) request.
Fixed uvm(9) logic error (and prevented theoretical infinite loop) in uvm_pmr_rootupdate().
mandoc(1) bugfix: make sure all variables are properly initialised when rendering .ll (line length) requests.
Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
Made mandoc(1) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
Instead of silently doing nothing, made mandoc(1) warn and return non-zero when the manpath is empty.
Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
Renamed the makewhatis(8) -W option to -p. Matches flag introduced in OpenBSD 2.7.
Proper validation and computation of bsize now occurs in the disklabel(8) expert mode.
Renamed -v option of mandocdb(8) to -D, to avoid a clash with the -v option of makewhatis(8).
Reduced the tmux(4) mouse wheel scroll size to 3; allow shift to reduce it to 1; allow meta and ctrl to multiply by 3; support wheel in "choose" mode.
Fixed npppctl(8) calculation of response message size.
Added the "#" character as a comment character in the mg(1) startup file.
Support UTF-8 with tmux(4) choose-buffer; made buffer_sample bigger to let it trim at window right edge.
Enabled hds(4) on hppa.
Enabled mpath(4) on macppc.
When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents server from forcing a new-hostkey dialog.
Include fingerprint of key not found by ssh-keysign(8); use arc4random_buf() instead of loop+arc4random().
In four byte UTF-8 sequences, make sure tmux(1) only uses three bits of the first byte.
Stopped tmux(1) crashing when a zero-length argument is passed to setb.
Made tmux(1) message-limit a server option.
Stopped tmux(1) segfaulting when the parent of the layout cell is NULL.
Added setb -a to tmux(1) append; added a copy mode append command.
Made session_attached a count; added session_many_attached flag to tmux(1).
Added start-of-list, end-of-list, top-line and bottom-line in tmux(1) choice mode.
Stopped tmux(1) writing into the buffer if there are no arguments.
Changed secondary device attributes response to "\033[>84;0;0c" which is unique for tmux(1).
Made bus_dmamap_load(9) and bus_dmamap_unload(9) mpsafe on alpha.
Restored behaviour of ls(1) -f implying -a (lost in commit made in 1989). Conforms to IEEE 1003.1-2008 ("POSIX.1").
On loongson, mips and octeon, stopped whole L1 cache being flushed unnecessarily.
Again allow more than one level of directories to be created via mg(1) make-directory.
Force detach of all usb(4) devices by disconnecting root hubs before suspending machine. Avoids races.
libtool(1) now properly add -rpath to the linker when linking libraries. Matches GNU libtool.
Increased Xtranssock.c send buffer for UNIX sockets. Makes Firefox usable again when viewing large images.
If HOST or the host argument starts with a "/", cu(1) will now treat it as a device name.
Fixed REMOTE on cu(1) to work like tip(1); added support for HOST.
Added SNI support to ftp(1).
Allow roff(7) to support relative arguments to .ll (increase or decrease line length).
Repaired boot.net operation on (at least) sparc SS5 PROM v2.21
Implement the roff(7) .ll (line length) request.
5.5 RELIABILITY FIX: Memory corruption occurring during icmp(4) reflection handling (ICMP reflection is disabled by default).
A source code patch is available for 5.5.
Recognise so-called "EFI-like" interface provided by newer PMON firmware on Loongson 2Gq and Loongson 3A.
Bugfix and security update to nginx(8) version 1.4.7 (note: CVE-2014-0133 does not affect OpenBSD).
Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
Allow leading and trailing vertical lines in mandoc(1), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
On loongson, made sure the HIBERNATE pages get reserved regardless of the memory layout.
Program the colormap correctly on grtwo(4/sgi); added a simple screen burner accessop.
When enforcing TOS (Traffic Class), made pf(4) preserve the ECN bits (as with IPv4 packets).
Adjusted (commented-out) nginx.conf(5) sample blocks for PHP and SSL configurations.
Made mg(1) C-t (transpose two chars) behave like emacs.
Ended experimental machine-independent login.conf(5) template support.
Made cu(1) handle REMOTE in the environment as either a separate remote(5) file or a host.
Added cu(1) support for retrieving the line and speed from the /etc/remote "dv" and "br" capabilities like tip(1).
Fixed handling of the kill(1) "-1" option from a thread other than the original thread.
Permit generating of NAMI and CSW records inside ktrace(2).
Ignore the -b option if cksum(1) is called as-is (e.g. "cksum -b /bsd"), to match man page.
Removed file2c(1). hexdump(1) works as well for most use cases.
usb(4) root hubs can now happily be detached and reattached.
When smtpd(8) is locally enqueuing messages without specifying a domain, update headers to show the local domain.
Strengthened ssh(1): removed weaker pre-SHA2 hashes, broken cipher (arcfour), and the broken mode (CBC) from the default configuration.
skey(1) bugfixes: default algorithm switched back to md5; do not let skey_set_algorithm() cause a segfault if an unsupported algorithm is specified.
Added acpithinkpad(4) support for aux button strip on newer thinkpads missing regular F1-F12 keys.
dd(1) now supports g for gigabytes.
Reworked the way sysmerge(8) fetches and verifies sets, to simplify the process.
Merged perl(1) version 5.18.2 (including local patches).
Stopped calling smtpd(8) purge_task every 10 secs (only needed once at startup).
Removed "-r" option from ping(8), traceroute6(8) and traceroute(8).
Enabled SQLITE_ENABLE_FTS3_PARENTHESIS in sqlite3(1).
Removed the MD4 functions (highly susceptible to collision attacks).
Skip leading escape sequences in mandoc(1) man_deroff(), for better indexing.
Gave powerpc PIE.
Initialise additional BATs (IBAT4-IBAT7 and DBAT4-IBAT7) on socppc. Stops memory corruption on devices with rb600.
Fix uhidev_detach() when detaching a device which did not claim all reported IDs.
Reverted audio key handling.
Make sure sysmerge(8) adds missing users/groups before running the target; otherwise mtree(8) can fail.
Let mg(1) users input a tag to find, even if no default tag is defined.
Disabled smtpd(8) imsg buffers profiling code, to stop processes waking up each second.
npppd(8) tunnels can now have multiple listen addresses.
Reimplemented control part of npppd(8) with imsg; added "monitor" command for npppctl(8) to monitor PPP session start/stop events.
Fixed npppd(8) bug which caused segfaults when npppd.conf(5) had "username-suffix" and "strip-atmark-realm" as yes.
Made npppd(8) keep listening on 1723/tcp when accept() is failed.
Removed tape as a method for fetching install sets.
Attempt to workaround the R4000 end-of-page errata on sgi and mips64, triggered by TLB misses when the code flow crosses a page boundary.
Disabled MS-CHAPv1 (RFC 2433) support in pppd(8).
Fixed sysmerge(8) regression when not using a full path to sets; make it use ftp(1) -D.
Installed /var/unbound/db directory for DNSSEC root key; added (commented-out) options for DNSSEC to unbound.conf(5).
Removed insecure MD4 checksum algorithm from cksum(1).
Removed ftp method for obtaining installation sets when running the installer.
Enabled upd(4) on amd64, sparc64 and macppc archs for testing.
Sync timestamp changes for inodes of special files to disk as late as possible to avoid useless disk i/o.
Include support in pstat(8) -v to display the IN_LAZYMOD flag.
On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
Retired the rarely used hp300, mvme68k and mvme88k ports.
Allow checking mandoc(1) databases are up to date even when you don't have write permissions.
Notify userland (via the routing socket) when ARP resolution completes.
Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
Made bgpctl(8) correctly parse attribute length form imsg.
Exit from traceroute6(8) if there is at least one unreachable and sum of unreachables and timeouts are >= number of probes.
Unbroke sndiod(1) monitoring mode, which was shifted in time by 1 block.
Userland ppp(9) removed.
In apropos(1) output, sort names and avoid multiple section numbers.
In slowcgi(8), use SCRIPT_FILENAME (can be an absolute filesystem path). Fallback to SCRIPT_NAME if this is not present.
Reimplemented htpasswd(1) from scratch.
Don't use volume keys when in raw-mode. Stops simultaneous volume changes by X(7) and ukbd(4).
Enable qlw(4) at sbus(4) on sparc64.
Enabled unbound(8) in base.
Updated to xcb-proto version 1.10.
Updated to libdrm 2.4.52.
Removed the unused userland agp(4) interface.
Reverted to the freetype2.pc we had before to bring back local changes.
More informative smtpd(8) log message on unknown SNI.
Provide an MI api for byteswapping loads and stores, especially beneficial for sparc64 and powerpc.
Updated to freetype-2.5.3. Fixes vulnerability in the CFF driver (CVE-2014-2240).
Enabled qla(4) and qle(4) in ramdisks (except on sgi).
smtpd(8) now prints the correct user name if SMTPD_QUEUE_USER is missing.
Use ticket locks (not spinlocks) on i386/amd64/sparc64. Provides fairer access to the kernel lock.
Added a few more instruction patterns to binutils that are needed by gcc(1) version 4.8.
In mandoc(1) -Tutf8 mode, count hyphens against the output line length even when they are breakable.
Stopped the smtpd(8) enqueue utility adding a User-Agent header to emails.
Block userland from entering drm(4) code during suspend/resume. Fixes inteldrm(4) bugs.
Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
No more spray(8) in base.
Fixed buffer overflows in icmp(4) redirect handling (introduced in rev 1.106).
Switched over from sendmail(8) to smtpd(8) by default.
Fixed iked(8) config-address w/o pool.
Unbroke nc(1) "-6 -l" and apply correct fix for previous commit.
Removed rmail(8).
Made ssh(1) scan for ed25519 keys by default.
For isakmpd(8) CA generation, set the correct certificate extensions so more SSL implementations will trust this as a CA cert. Matches ssl(8).
Bugfix update to nginx(8) version 1.4.6.
When pf(4) is translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet.
When pf(4) is setting packet description, also retrieve the Traffic Class field of IPv6 packets.
Fixed the cnmac(4/octeon) mediastatus when the interface is not configured.
Optimisation of opendir(3), rewinddir(3) and related functions. 2000x speedup of seekdir(3) in some tests.
Fixed acpi(4) on amd64, to avoid reboot and stack corruption problems when resuming.
Reworked per-cpu cache information, to avoid using hardcoding data based on processor type on mips, octeon, and sgi.
In re(4), fixed operation and made reception of packets work on the 8168G controllers.
Made mandoc(1) user-defined macros wrapping ".TP" work correctly; preserve line breaks contained in user-defined macros called in ".nf" mode.
Enable DMA bursting and tagged queueing in qlw(4); enable qlw(4) on alpha/amd64/i386/macppc/sgi/sparc64; only attempt to load firmware if we actually have some.
Initial xhci(4) implementation: USB 3.0 umass(4) devices get reasonable read/write speed.
Improved roff(7)'s .if/.ie condition handling.
Fixed env(1) diagnostic messages to stderr, so failure of env(1) and failure of the specified utility can be distinguished.
Allow signify(1) to read input messages on a pipe.
Added usbd_get_hub_descriptor(), to clean up uhub(4) and deal with hub device descriptors in high speed devices.
With md5(1) -C, exit with exit status of 1 if any of the files specified do not exist.
mandoc(1) bugfixes related to the closing of conditional blocks: handle more than one `\}' on macro lines; do not treat `\}' as a macro invocation after a dot at the beginning of a line; do not complain about characters following `\}'.
Makes the "cleartoggle" function in HC drivers optional (upcoming xhci(4) driver doesn't use it).
Allow signify(1) to accept a password on stdin, as long as it is not a tty(4).
On qlw(4), set the correct clock rate for ISP1020/1020A.
When running sysmerge(8), always print the key signify(1) is using.
Fix the return values of getpwnam_r(3), getpwuid_r(3), getgrnam_r(3), and getgrgid_r(3) to agree with POSIX.
Altered qlw(4) so it can compile on sparc64 too.
In -Tutf8 mode, make mandoc_char(7) named accent character escape sequences render as non-combining accents (lets mandoc behave like groff); made \' and \` equivalent to \(aa and \(ga, respectively.
Introduced qlw(4), a new driver for QLogic ISP SCSI HBAs (currently only supports the pci(4) variants).
Raised the delay before initialising sdmmc(4). Lets the reader on X220 work reliably.
Fixed: sndiod(1) read/write position tracking; incorrect delta propagated after xruns in play-only and rec-only modes; crashes seen after a few days of continuous playback.
Fixed incorrect position reporting with sndiod(1) when using tiny block sizes on busy machines.
Made sndiod(1) check that the socket is writable before attempting to write data packets.
On armv7, removed TIMEZONE and DST options from GENERIC-* kernels; added option USBVERBOSE to all kernels.