OpenBSD 4.8 released (Nov 1, 2010)
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
current.
Changes made between OpenBSD 4.7 and 4.8
- RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
A source code patch is available.
[Applied to stable]
- SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected.
A source code patch is available.
[Applied to stable]
- SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers: glxsb(4), hifn(4), safe(4) and ubsec(4).
A source code patch is available.
[Applied to stable]
- SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: The vr(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: Non-Maskable Interrupt in pci(4) device mapping.
A source code patch is available.
[Applied to stable].
- RELIABILITY FIX: Uninitialized memory may force the RDE into route-collector mode on startup and may prevent bgpd(8) from updating or announcing any routes.
A source code patch is available.
[Applied to stable]
- Fixed a bug in pkg_add(1).
- Improved disklabel(8) editor prompt for the 'R' (resize) command.
- Make sure hardware and software are synchronized in auich(4).
- Added suspend/resume handler for radeondrm(4).
- Closed race between the acpi(4) thread and wscons(4) ioctls running in process context.
- Added suspend/resume for auich(4).
- Make vga(4) try to save the vga hardware state around suspend.
- Moved to 4.8 release status.
- Make ioapic(4) restore the APIC ID to what we set it to at boot.
- Activated malo(4) function for suspend/restore.
- ssh(1) version 5.6.
- Make disklabel -p slightly nicer by accepting capital letters and printing a more useful error message for invalid ones.
- Make ehci(4) silence BIOS takeover failure messages on unsuspends.
- Make acpi(4) report sleep state on RAMDISK kernel.
- Fixed bug that could lead to panic in NTFS.
- Fixed bug in pkg_add(1).
- Added suspend/resume functions to aliagp, viaagp and amdagp.
- Improved sisagp suspend/resume.
- Allow a mdoc(7) initial macro on a line to be delimited by a space or a tab (as groff(1) behaviour).
- Fixed bug and memory leak in relayd(8).
- Make intelagp save and restore registers on suspend/resume.
- Preserved blank lines at the end of .Bd -literal in mandoc(1) -Thtml output.
- Enforced acpi(4) register access restrictions.
- Make acpiac(4) and acpibat(4) generate power change events for APM. Makes power up and power down scripts work with ACPI.
- Avoided panics when detaching a partially attached pgt(4) device.
- Added resume support for com(4).
- Upon resume, make acpi(4) notify all the acpiac(4) and acpibat(4) drivers to update their status.
- Improved pkg_add(1) dependencies check.
- Make init(8) disable lidsuspend when powering down.
- On resume, make the host RNG reactivate on the pchb(4) host bridges that need it.
- Added initial support for com(4) at puc(4) or isa(4) suspend and resume.
- Corrected a problem in bgpd(8) which could cause the wrong af to be displayed.
- Fixed suspend/resume bugs with inteldrm(4) i915 chipsets.
- Fixed suspend/resume bugs with intel i810 chipsets.
- Fixed bug in libsndio.
- Added suspend/resume for bwi(4).
- Added ca_activate handler in xl(4), sis(4), fxp(4) and nfe(4) for suspend/resume.
- Fixed a bug in bktr(4).
- Added a new i386/amd4 sysctl(8) entry: machdep.lidsuspend which decides whether a lid close causes a suspend.
- Added suspend/resume support for sili(4).
- Removed the AML parser from acpidump(8).
- Improved acpibtn(4).
- Fixed traceroute(8) via pf(4) by splitting pf_icmp_mapping() into IPv4 and IPv6 sections.
- Improved acpi(4) to allow some machines to have more than one suspend cycle.
- Added Windows 2009 to the DSDT valid OSI table.
- Avoided a tail queue corruption in pckbc(4).
- Make the caps/num/scroll lock keys on btkbd(4) to lit correctly the LEDs instead of panicking.
- Fixed bugs in ssh(1) local/remote window calculation for datagram data channels.
- Added ca_activate handler in dc(4) for suspend/resume.
- Explicitly disable ftgl in xlock(1).
- Disable bce(4) in i386 GENERIC and RAMDISK kernels.
- Improved athn(4) and ath(4) resume.
- Added suspend/resume support for PCI ral(4) devices.
- Make atapiscsi(4) cdroms attached to pciide(4) wake up.
- Make sure xkblayout is not set from wscons(4) setting if specified in xorg.conf.
- Let mandoc(1) render literal displays correctly when there is more than one macro on an input line.
- Fixed keylength for aes-128-cbc in isakmpd(8) quick mode.
- Updated zoneinfo database to tzdata2010k from elsie.nci.nih.gov.
- Make acpi(4) print supported sleep states to dmesg.
- Fixed a bug in em(4).
- Make tcpdump(8) print the MTU in OSPF dd packets.
- Activated function for suspend/resume in wi(4).
- Added support for CA keys in ssh-keygen(1) PKCS#11 tokens.
- Added fixes from upstream to XCB in Xenocara: various memory leaks, ensure get_wm_class_from_reply returns a valid C-string.
- Enabled certificates for host based authentication in ssh(1).
- Make MAKEDEV create two more USB device nodes by default.
- Make sd(4) stop attempting to read or write caches on USB disks.
- Added support for 82576 fiber adaptors for the em(4) Ethernet devices.
- Prevent pkg_add(1) update from silently ignoring a pkgpath problem.
- Make inteldrm(4) i915 light up after unsuspend.
- Fixed a leak in ypldap(8).
- Improved disklabel(8).
- Allowed usbhidctl(1) to be used on ukbd(4) and ums(4).
- Fixed knote(9) handling for exiting processes.
- Ignore SIGPIPE in smtpd(8) message enqueueing as it prevented /usr/sbin/sendmail from relaying the server diagnostic back to the user.
- Suppressed MAKEDEV(8) warnings about 'unknown device' that can appear during upgrades when /etc/fstab is using disklabel UID's to mount partitions.
- Prevent an illegal struct from casting in carp(4).
- Make pcidump(8) show PCIe link/speed.
- Make pciide(4) save/restore more registers at suspend/resume for those chips which look like they need it or don't, when it appears they don't need it.
- Fixed readlink(2) on FFS and ext2 file systems to consistently return EFAULT when appropriate.
- Improved USB keyboard support to permit rogue keyboard to attach and be usable to a certain extent.
- Added infrastructure to build GCC 4.2.1 on sparc platform.
- Make remote(5) parsable again by tip(1).
- Fixed switching back from a text VT in usbtablet(4) and make it avoid stealing the keyboard or other input device events.
- Prevent ftpd(8) from letting regular users logging in during anonymous-only mode (-A).
- Improved pkg_add(1).
- Merged mandoc(1) version 1.10.5 with feature -Tpdf now fully working and bug fixes: proper handling of quoted strings by .ds in roff, allow empty .Dd, make .Sm start no-spacing after the first output word, underline .Ad, minor fixes in -Thtml.
- Fixed X server mysteriously exiting on macppc platform.
- Added support for M-audio Audiophile 192k in envy(4).
- Fixed an infinite loop in OpenCVS.
- Fixed ym(4).
- Removed the `midisyn' framework and anything using it: the opl device and the midi interface to pcppi(4).
- Updated xrange to version 1.3.3, libpciaccess to 0.12 and sessreg to 1.0.6.
- Prevent midi devices from attaching as uaudio(4) that could lead to leave a phantom uaudio(4).
- Fixed Python 2.6 build on hppa.
- Improved pckbc(4).
- Make "netstat -rvA" not print "Label" caption.
- Avoided an xclock bus error on sparc64.
- Make route(8) and netstat(1) print a column with the routing label if "netstat -vr" or "route -v show" are called with the -v switch.
- Improved ipw(4), iwi(4), iwn(4) and wpi(4).
- Added -U and -C to specify context length for OpenCVS diff command.
- Added suspend save/restore for SIS3112.
- Make acpi(4) delay suspend a bit longer before giving up, it fixes machines that sometimes don't suspend.
- Added ca_activate handler in alc(4) for suspend/resume.
- Added suspend/resume for bce(4).
- Fixed lint(1) compilation on gcc2 platforms.
- Make sure to stop DMA before suspend in re(4), bge(4).
- Update xserver to version 1.8, xf86-input-keyboard to 1.4.0 and xf86-input-mouse to 1.5.0.
- Added support for multibyte characters in libc, installed the en_US.UTF-8 ctype locale support file, and allow the UTF-8 ctype locale to be enabled via setlocale(3) (export LC_CTYPE='en_US.UTF-8').
- Make acpi(4) set the sleeping indicator light on machines that support it.
- Added ldapd(8) to rc(8).
- Fixed video on HP Pavilion dv7-3160us on resume.
- Fixed docked Thinkpads hang at boot.
- Added scsi_cmd_rw_decode() in scsi(4) for decoding any SCSI READ or WRITE command, and update atapiscsi(4) to make use of it.
- Added additional notify handler for acpidock(4), according to ACPI specifications.
- In disklabel(8), make sure FFS inputs and outputs are aligned for optimal performance on newer disk that lie about their sector size.
- Added acpiasus(4) to amd64 GENERIC kernel.
- Make ale(4) back after resume on eeepc 1000HE.
- Improved pkg_add(1) update progress message.
- Make lii(4) back after resume on eeepc701.
- Added a framesize quirk for Microsoft LifeCam in uvideo(4).
- Turn on -Wsystem-headers by default in gcc(1).
- Fixed watchdog timeout issues on em(4).
- Added acpisony(4) to support Sony ACPI hotkeys. Currently it only supports the suspend button.
- Fixed a bus error in ldapd(8) B-Tree.
- Improved rthreads by correcting the links between threads, processes, pgrps and sessions.
- Synchronized mandoc(1) with upstream, adding bug fixes: do not let mdoc(7) .Pp produce a newline before/after .Sh, avoid double blank lines related to man(7) .sp and .br, let man(7) .nf and .fi flush the line, let "\ " produce a non-breaking space, discard \m colour escape sequences, map undefined 1-character-escapes to the literal character itself; and new features: support the .in macro in man(7), support minimal PDF output, support .Sm in mdoc(7) HTML output, support .Vb and .nf in man(7) HTML output, complete the mdoc(7) manual.
- Updated a lot of fonts packages in Xenocara.
- Added portslock cleaning in daily(8).
- Make DVD play again with cd(4).
- Extended lint(1) to make it handle C99's _Bool and _Complex plus some GCC extensions (__real__ and __imag__ operators, the use of '~' for complex conjugation, and 'i' or 'j' as a suffix for complex constants).
- Fixed dead locks in tmux(1).
- Make elroy(4/HPPA) converts PCI addresses to proper 64-bit physical addresses on hppa64.
- In Xenocara, updated xmore to version 1.0.2, xf86-video-ark to 0.7.3, xf86-video-chips to 1.2.3, xf86-video-rendition to 4.2.4, xf86-video-sisusb to 0.9.4, xf86-video-trident to 1.3.4, xf86-video-tseng to 1.2.4, xf86-video-voodoo to 1.2.4, DejaVu TrueType fonts to 2.31, fonts/encodings to 1.0.3, font/alias to 1.0.2.
- Added check for vblank_mode in DRI2 GLX code.
- Added config query extension to Xenocara DRI2.
- Work around the recent Xenocara slowing down caused by mesa changes.
- Make pmap(9) pmap_extract() work for large pages on hppa64.
- Fixed an uvm(9) safe lock causing panics.
- Moved to 4.8-beta.
- Fixed a race in vscsi(4).
- Added suspend/resume to pms(4).
- As latest GNU patch, make patch(1) sends normal output to stdout instead of stderr.
- Fixed a memory leak in ci(1).
- Make ftp(1) handle non standard redirection to relative URL in the `Location:' header of HTTP responses.
- Prevent smtpd(8) from exiting on a fatal error when it permanently fails a bounce delivery.
- Make sure the call to reboot(2) is reached without being killed by some other processes in reboot(8).
- Changed the strategy for using the FPU in the amd64 kernel. The kernel FPU state is now shared with all processes and threads.
- Fixed a leak of FPU and SSE registers content between processes in machine-dependent initialization of amd64 and i386.
- Added support for playback sync endpoints in uaudio(4).
- Imported video(1) in Xenocara. video is an application for recording and/or displaying images from a video(4) device.
- Improved vscsi(4) protection against opening by multiple processes at the same time.
- Added suspend/resume to iwn(4).
- Permitted pipe(2), setresgid(2), setresuid(2) in policy for chrooted named(8).
- Improved suspend on laptops by giving wd(4) more time to complete the STANDBP IMMED command.
- Fixed a tmux(1) crash.
- Make pciide(4) save and restore as many registers as it can from front-ends chips. More to be added, chip by chip.
- Improved wd(4) resume.
- Fixed the "no changes" detection in ci(1) when a file has RCS keywords.
- Removed the VM_KMPAGESFREE sysctl.
- Fixed a NULL pointer deref in iked(8).
- Added suspend/resume to wpi(4).
- Improved vnd(4) buffer error handling.
- Make pckbc(4) keyboard reset on resume.
- Added support for disable and enable states for the pckbc(4) mouse for suspend/resume.
- Big cleanup of SMALL_KERNEL macro in acpi(4).
- In amd64 AES CTR mode, fixed counter increment for buffers larger than 64 bytes.
- Make systat(1) -N resolve network addresses.
- Prevent a process from entering wpi(4) wpi_ioctl() while another process has called a tsleep(9) in wpi_init().
- Fixed various regression in scsi(4) due to scsi_scsi_cmd() removal.
- Prevent a .Nm block from getting a special handling as in the SYNOPSIS when being used as a normal in line element.
- Make systrace(4), crypto(4), pty(4) use ENODEV instead of read()/write() functions.
- Make ypldap(8) search filter ldapd(8) compatible.
- Fixed NULL deref in ypldap(8).
- Improved FPU context checking when an IPI occurs on amd64 and i386.
- Added suspend/resume to athn(4).
- Added quirks for E-MU 0202 in uaudio(4).
- Make OpenCVS "ci" and ci(1) use username when author is NULL.
- Disabled vscsi(4) in the GENERIC kernel.
- Added bits for USB 2.0 playback support in uaudio(4).
- Make uaudio(4) support 24-bits encodings (and removed support 16-bit big endian encodings).
- Make acpitz(4) print to dmesg the temperature that will provoke critical temperature shutdown.
- Prevent iwn(4) from timeouting when stopping DMA channels.
- Added OpenSSH's timingsafe_bcmp() to libkern and switched some obvious network stack MAC comparisons from bcmp(3) to timingsafe_bcmp().
- Improved filesystem stability during suspend by using bufq_quiesce() and bufq_restart() on i386 and zaurus.
- Improved acpi(4) interrupt controller.
- Improved tsleep(9) usage in acpiec(4), acpitz(4), preventing troubles with wakeup(9).
- Fixed a bug in the flexible buffer queue API.
- In make(1), allowed variables SysV modifiers, added :QL modifier.
- Fixed bug in hostap mode for the Ralink RT2860, RT3090, RT3390, RT3562 chipset driver.
- Use new callback in ieee80211(9) hostap mode to notify the driver when a STA leaves the BSS.
- Fixed handling of hidden symbols for the gcc(1) Binary File Descriptor library on the hppa platform.
- Added a "ControlPersist" option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting.
- Improved LSA handling in ospfd(8).
- Added a quirk in uaudio(4) to allow attaching devices which are audio class compliant enough even if the device claim to have a vendor defined interface class.
- Fixed bug in sftp(1).
- Updated termcap(5) from upstream ncurses-5.7-20100717.
- Fixed cproj(3) family to not return garbage on finite arguments.
- Fixed a bug in sftp(1).
- Updated termcap(5) from ncurses-5.7-20100717.
- Added support for VBLANK in drm(4).
- Avoided going back to sleep/reboot/shutdown immediately after resume by clearing acpi(4) event status on resume.
- Make xf86-video-wildcatfb driver compatible with Xorg 1.8.
- Repaired Gdium support on loongson.
- Gave each arc(4) devices on the bus full openings.
- Added support for Winbond/Nuvoton W83627DHG-P in wbsio(4).
- In Xenocara, updated xf86-video-dummy to version 0.3.4, xf86-video-neomagic to 1.2.5, xf86-video-sis to 0.10.3, libXcomposite to 0.4.2, libXdamage to 1.1.3, libXfixes to 4.0.5, libXrender to 0.9.6, libXext to 1.1.2.
- Patched freetype from upstream to fix CVE-2010-2497 freetype integer underflow, CVE-2010-2498 freetype invalid free, CVE-2010-2499 freetype buffer overflow, CVE-2010-2500 freetype integer overflow, CVE-2010-2519 freetype heap buffer overflow, CVE-2010-2520 freetype buffer overflow on heap.
- Many diff(1) improvements.
- Make strip(1) exit with an error if an objfile could not be read.
- Added more timing paranoia in ssh(1).
- Make diff(1) return 2 on error.
- Improved systat(1) terminal capabilities.
- Improved mandoc(1) .Sm macro and end of sentence recognition.
- Make mpii(4) use iohandlers to acknowledge asynchronous events.
- Fixed antenna diversity on Atheros AR5416, AR5418, AR9160, AR9220, AR9223, AR9280, AR9281, AR9285, AR9227 and AR9287 chipsets.
- Make OpenCVS "diff" command and rcsdiff(1) die if pread(2) fails.
- Prevent MetaGeek Wi-Spy 2.4i from attaching to uhid(4).
- Make pkg_add(1) store openssl error output during verification, and log it if it didn't work.
- Added 'bps' and 'msb' members to audio(4) structs audio_encoding and audio_prinfo. They respectively describe the number of bytes per sample and data alignment in the sample.
- Fixed panic due to virtual memory map lock in uvm(9).
- Fixed double active connections printing in netstat(1).
- Implemented videopoll() for video(4).
- Fixed a MRT file descriptor leak in bgpd(8).
- Prevent ioprbs(4) from always reporting success on read/write requests even if they failed or only partially completed.
- Make the routing table sockets, ospfd(8), route(8) notify about lost packets with new message RTM_DESYNC.
- Fixed bugs in em(4).
- Prevent OpenCVS from silently overwriting untracked local files with newly-added repository files.
- Improved OpenCVS conflicts recognition.
- Fixed ci(1) segfault when used with -l option and a zero byte long message. Fix added to OpenCVS RCS too.
- Fixed a kernel panic caused by an integer overflow in FFS allocator.
- Added a DMA allocator in the kernel: dma_alloc() and dma_free().
- Handled Tm macro in makewhatis(8).
- Fixed a bug in makewhatis(8).
- Fixed pflow(4) display in rule printing.
- Fixed iop(4) dmesg printing.
- Avoided a double free(3) in ldapd(8).
- Make sure rc(8) delete all files in /tmp at boot.
- Implemented a timing_safe_cmp() in ssh(1) to compare memory without leaking timing information by short-circuiting like memcmp() and used it for some of the more sensitive comparisons.
- Fixed a broken mask for Core 1 and 2 temperature and bias properly for degC in itherm(4).
- Fixed PR 6376 in pthreads(3).
- Merged mandoc(1) to release 1.10.4: proper .Bk support, mostly finished -Tps output, implemented -Thtml output for .Nm blocks and .Bk -words, allowed iterative interpolation of user-defined roff strings. Plus bug fixes and performance improvements.
- Expand %h to the hostname in ssh_config(5) Hostname options.
- Make ExitOnForwardFailure work with fork-after-authentication for -f option of ssh(1).
- Updated libevent to version 1.4.14b: fixed memory-leak of signal handler array with kqueue, make evutil_make_socket_nonblocking() leave any other flags alone, adjusted fcntl() retval comparison on evutil_make_socket_nonblocking(), re-added event_siglcb, fixed a free(NULL) in min_heap.h, clean up properly when adding a signal handler fails.
- Fixed bugs in OpenBSD::State(3p).
- Make tmux(1) print an error when an old client is not compatible with a new server.
- Reduced delays a bit in the miibus read/write routines for re(4).
- Added bootstrap loader to the beagle platform.
- Added support for sun4e on the sparc platform.
- Updated libpciaccess to version 0.11 in Xenocara.
- Prevent clients from hanging on ldapd(8) by retrying requests when the B-Tree is busy.
- Fixed aucat(1) parameter handling: don't try to open a ``default'' midi port if no files are given on the command line.
- Fixed a kernel panic in scsi(4) by limiting SCIOCCOMMAND and ATAIOCCOMMAND requests.
- Rewrote the polling codepath in mpii(4), make it better multiprocessor-safe.
- Make OpenCVS and rcs(1) conforms to GNU cvs(1) allowed characters in symbol/tag names.
- Made cvs_unedit_local() OpenCVS conform to other functions with the `-t' and `-n' flags used simultaneously.
- Fixed cross build problem with cpp(1).
- Added support for using IPsec in multiple rdomains.
- Fixed table removing bugs in the kernel resident routing tables.
- Allowed to reduce the messages sent to AF_INET or AF_INET6 only daemons in the routing table sockets.
- Fixed pkg_mklocatedb(1).
- Fixed an ospf6d(8) crash.
- Fixed bulk update bugs on pfsync(8).
- On the i386 platform, removed aha(4), tl(4) from the RAMDISK kernel; geodesc(4/I386), gdt(4), twe(4), iha(4), adw(4), xl(4), exphy(4) from the RAMDISKB kernel; ne(4), nsphyter(4), rlphy(4), bmtphy(4) from the RAMDISKC kernel. Those kernels went too big after the gcc4 switch.
- Prevent fsck_ffs(8) from crashing by using correct types for block numbers, those can grow big on very large filesystems.
- Many improvement on the bge(4) interface: setup proper mbuf pool watermarks for BCM5717 / BCM57765 chipsets, disabled initiation of multiple DMA reads for BCM5717 chipset, added a performance tweak for BCM5785 chipset, corrected the return ring count used for BCM5717 / BCM57765 chipsets, fixed fibre media detection for BCM5717 chipsets.
- Updated sudo to version 1.7.2p8.
- Added mapping for ACPI device to PCI bus/device/function.
- Switched hppa, i386 and powerpc to gcc4.
- Make traceroute(8) parse extended ICMP messages defined by RFC 4884.
- Added definitions in the TCP/IP stack for ICMP extended headers available for some ICMP messages like time exceeded messages.
- Use config_activate_children to get down to the ISA bus activation code.
- Prevent devices without read or write functionality from returning ENODEV to the poll.
- Improved pipex.
- Improved aesni.
- Moved crypto(4) pool initialization to init_crypto and removed the crypto_pool_initialized variable. This prevents crypto_getreq() from checking if the pool is initialized each time its called.
- Make ifstated(8) print run commands in debug mode only (ifstated -d).
- Fixed deadlocks on sparc64.
- Added mpi_wait over to mpii(4) as a multiprocessor-safe mechanism: sleep while waiting for a command to complete.
- Made mpii(4) more multiprocessor-safe.
- Improved siop(4).
- Created distinct entry points functions for sun4/4c and sum4m as the bits in their interrupt enable register are completely different (intreg_clr_44c() and intreg_clr_4m() instead of ienabic(), intreg_set_44c and intreg_set_4m instead of ieanb_bis()).
- In acpi(4), use spl(9) spltty() to lock downcalls from apm(4) against the information being modified by the acpi(4) thread.
- Make ``apmd & zzz'' work correctly.
- Prevent ldapctl(8) from segfaulting if ``ldapctl stats'' is run when a database is being reopened due to compaction.
- Make aucat(1) try to detect busy loops caused by misbehaving audio drivers or hardware. If a busy loop is found, then close the device that caused the loop.
- Fixed a memory leak in ldapd(8).
- Added owctr(4), a driver for the externally triggered counters on the Maxim/Dallas DS2423.
- Enabled FIFO IO for sd(4) devices.
- Improved the event notification on mpi(4).
- Moved the last direct uses of mpi_{get,put}_ccb over to using the scsi_iohandler wrappers in mpi(4).
- Make aucat(1) handle all streams (audio files and client connections) the same way. Cleaned command line options: stream parameters (-Ccehjmrtvx) must precede stream definitions (-ios) and per-device parameters (-abz) and stream definitions (-ios) must precede device definitions (-f). Since there's no ``server'' and ``non-server'' modes anymore, the -l option just detach the process.
- Make ospf6d(8) advertise a intra-area-prefix-lsa with all prefixes for the network if there are any adjacent neighbors on link.
- Removed compat_bsdos(8).
- Fixed ldapd(8) update writing to the B-Tree while having a cursor open on the affected pages.
- Fixed use after free in ypldap(8).
- Fixed a memory leak with transaction abortion on ldapd(8).
- Fixed an NFS crash on sparc.
- Make sysmerge(8) automatically install missing users/groups.
- Fixed failure on resume on some machines by resetting acpi(4) SCI_EN on resume.
- Make ^D handling consistent in fdisk(8).
- Improved iked(8) non-debug logging messages when a session is established/closed.
- Implemented rudimentary support for user defined strings in mandoc(1).
- Make the i386 kernel responsible for saving the FPU state before running signal handlers.
- Removed getrdomain(2) and replaced it by getrtable(2). It fixes the naming of interfaces and variables for rdomain and rtables and make possible to bind sockets (including listening sockets) to rtables and not just rdomains. You'll need to remove /usr/share/man/cat2/[gs]etrdomain.0 after this.
- Removed ss(4) and usscanner(4) from all kernels.
- In pfctl(8), fixed recursive printing of wildcard anchors, fixed printing of multi-part anchor paths, added a warning to prevent users from specifying multi-component names for inline anchors.
- Make sd(4) stop on suspend and start again upon resume.
- Added itherm(4), a driver for Intel 3400 Thermal Sensor.
- Implemented translation of the SCSI START STOP UNIT command.
- Added proper locking around vinvalbuf(9) in NTFS.
- Fixed the return value of pmap_steal_memory() on hppa64.
- Saved some space on RAMDISKs kernels.
- Added new workaround for PCH devices in em(4) and make an Intel GbE 82578 PHY actually work.
- Provided an iopool in arc(4).
- Removed support for compat_sunos(8).
- Fixed bugs in npppd.
- Dropped fill_eproc() from SMALL_KERNELS.
- Allowed systat(1) to print date and time when in raw mode.
- Passed and saved state in pkg_add(1) repository related libraries, used to print all error messages.
- Make sdmmc(4) be detached and re-attached on resume.
- Allowed softraid(4) to implement seamless transitions from the previous metadata version to current version without needing to recreate the softraid volume by determining the data offset using a variable specified within the softraid metadata.
- Improved ciss(4) sensor setup loop.
- Make ath(4) come back after resume without having to manually ifconfig(8) it again.
- Improved tip(1).
- Allowed clients to present custom editing forms in ldapd(8).
- Added more MCP79 AHCI ids to the list of devices that need special handling in ahci(4).
- Fixed bad sshd_config(8) options parsing with quoting string (e.g. ``AllowUsers "blah blah" blah'').
- Fixed pci(4) uninitialized variable warning.
- Recent uvm(9) changes exposed an eight year old bug in the network stack: an item was reference after it has been returned to the pool.
- Fixed an error handling in fdisk(8).
- Prevent ldapd(8) from validating modification of immutable attributes in the namespace if configured with relaxed schema checking.
- Forbid deletion of non-leaf nodes in ldapd(8).
- Fixed memory leaks in ldapd(8) schema parser and B-Tree.
- Added ability to limit memory presented to kernel at boot with 'machine memory =128M' style commands on i386 and amd64.
- Added Lenovo Thinkpad X100e quirk for vga_pci.
- Mobility Radeon HD 4870 works with drm(4).
- Avoid register leaks into new i386 or amd64 process images.
- Added more support for ARMv7 on the arm platform.
- Allowed .nr nS to force SYNOPSIS-style .Nm indentation outside the SYNOPSIS in mandoc(1).
- Make i386 and amd64 synchronize FPU state instead of flushing them before suspending.
- Implemented vslock_device() and vsunlock_device() and used them for physio(9).
- Fixed memory leak by adding a missing free(3) in ospf6d(8) and ospfd(8).
- Corrected handling of trailing punctuation in .Nm block headers in mandoc(1).
- Remove PAGEFASTRECYCLE option from the generic kernel.
- Removed obsolete docs from the source tree.
- Implemented LDAP compare operation in ldapd(8).
- Constrained malloc to only grab pages from DMA reachable memory.
- Allowed uvm(9) to swap when there is more memory than what can be DMA.
- Make deeply nested dlopen(3) binaries start faster.
- Switched getpeereid(3) from system calls to library routines by using getsockopt(2) with SOL_SOCKET and SO_PEERCRED.
- Improved pkg_add(1) debug mode.
- Make ldapd(8) parse and ignore schema extensions with an X- prefix.
- Removed compat_ibcs2(8).
- Follow POSIX (IEEE Std 1003.1, 2004 Edition) in the implementation of the sed(1) "y" (translate) command.
- Allow [ to be used as a delimiter in sed(1).
- Make wsconsctl handle more than the first keyboard, mouse and display.
- Make ciss(4), ips(4), vga_pci compile with SMALL_KERNEL.
- Improved mandoc(1) .Nm indentation in the SYNOPSIS.
- Fixed terminal mode restoration after suspending scp(1).
- Added support for disklabel UIDs in bioctl(8).
- Make ldapd(8) reset number of revisions after B-Tree compaction.
- Fixed statistics loss in ldapd(8).
- Improved scsi(4) by killing struct scsi_device.
- Provided safepri value and uvm(9) constraints to hppa64 machine-dependent initialization code.
- Allowed easier canceling of bad requests in ldapd(8).
- Added a man page to npppdctl(8).
- Fixed a null pointer dereference and two possible null pointer assignment in ldapd(8).
- Saved memory on sparsely populated scsi(4) buses.
- Prevent code paths from exposing uninitialized memory to user space or devices in scsi(4).
- Fixed ncr(4) on vax.
- Prevent a thread kill(2) from sending the signal to a separate process.
- Added screen types and emulations in wsconsctl(8).
- Make it possible to get the screen types and emulations for a wsdisplay(4).
- Removed dead assignments in ldapd(8).
- Added support in iked(8) for the tap extension that will tell the kernel to send all IPsec traffic for derived SAs to the specified enc(4) interface instead of enc0.
- Added support in ipsecctl(8) for dumping the pfkey ADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel.
- Allowed to specify an alternative enc(4) interface for an SA.
- Removed GENERIC kernel compatibility with OpenBSD 4.3.
- Fixed subordinate bus number for multi-root PCI buses.
- Handled special vga(4) cards for resume on i386 and amd64.
- Checked ldapd(8) modify don't add immutable attributes.
- Cleaned up now irrelevant TODOs and READMEs in the tree.
- Improved performance on some disks (those that have 4K sectors but report 512B), by making `fdisk -i' start the partition on a power of 2 block boundary.
- Improved ldpd(8) for future multipath routes support.
- Silenced the activation debug reporting in the kernel to prevent possible interactions when printing vga states.
- Fixed an ldapd(8) crash by making it stop pruning page cache directly when adding to it.
- Prevent disklabel(8) editor from crashing when pressing ^D.
- Removed compat_osf1(8).
- Improved error reporting in mandoc(1): avoid error exit after warnings, added ERROR: and FATAL: to messages.
- Added SOL_SOCKET and SO_PEERCRED support to getsockopt(2).
- Make ldapd(8) validate that an entry can't belong to an abstract object class directly.
- Added a global root user that is allowed to read/write entries in all local namespaces to ldapd(8).
- Silenced the activate function when unknown events are given to scsibus.
- Fixed mg(1) buffer problems.
- Use a SLIST for the ccb free list in ips(4) and mfi(4).
- Make sd(4) flush its cache before suspend.
- Make sure pthreads(3) FPU state is aligned on a 128-bit boundary on i386 as it is on amd64.
- Make tcpdump(8) print MPLS label as decimal instead of hexadecimal.
- Fixed route label in pf(4) control device.
- Better handling detaching of cd(4).
- Fixed ldapctl(8) stats, avoided a null pointer dereference when reopening a namespace.
- Fixed arguments to fpu_kernel_enter() and fpu_kernel_exit() on the amd64 platform.
- Modernized pkg_merge(1).
- Improved the AD1848 Parallel-Port 16-Bit SoundPort Stereo Codec.
- Allowed recording to work for Crystal Semiconductor CS4231 Audio Codec/mixer chip when there is only one DMA channel.
- Lots of improvements in pkg_add(1) around the new OpenBSD::State(3p) API.
- Improved ucom(4).
- Added support for Ironlake (clarkdale and arrandale, i.e. core i3 and core i5 internal graphics) to intel agp(4) and intel drm(4). Mostly works, but the suspend/resume handler doesn't put the registers back 100%.
- Make ExpressCard hotplug work after suspend/resume cycle by saving PCIe slot control and status register.
- Reworked ldpd(8) network distribution so all path of an active route are sent to the lde so it can assign remote labels to all of the paths.
- Fixed uhci(4) on numerous machines by preserving and restoring BARs on suspend/resume for all pci(4) devices.
- Make ldapd(8) validate that all attributes are allowed by any of its object classes.
- Synchronized ldpd(8) kroute.c with ospfd(8) one for future multipath routes support.
- Updated libedit to bring it into sync with the latest version from NetBSD.
- Allowed key options (command="..." and friends) in sshd(8) AuthorizedPrincipals.
- Allowed ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 encoded keys
- Improved -o in ftp(1).
- Added some missing UHCI and EHCI register restores on resume.
- Added support for mapping ACPI to PCI devices.
- Added support for referrals in ldapd(8).
- Added aesni, an amd64 driver for the crypto framework, similar to the VIA driver for supporting the AES-NI instructions found on recent Intel cores. Special thanks to Huang Ying at Intel for getting the assembly code relicensed from GPL to a more suitable license.
- Many improvements in sparc boot.
- Replaced enc(4) with a new implementation as a clonable device.
- Added PADDR_IS_DMA_REACHABLE macro in uvm(9).
- Reworked cypress cpu cache setup and enabled writeback mode on sparc.
- Added fpu_kernel_enter() and fpu_kernel_exit() on the i386 and amd64 platform. This allows the use of the FPU in the kernel.
- Fixed some USB keys by removing extra_bytes field in scsi(4) struct scsi_sense_data.
- Make iked(8) lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification.
- Make ldapd(8) return a protocol error when trying to use starttls without a configured certificate, instead of just blocking the client.
- As it is not anymore setuid, removed tip(1) complicated public/private/root permissions scheme for options in favour of a single read-only bit.
- Removed compat_hpux(8).
- Used the libutil implementation of UUCP locking in tip(1).
- Factored iked(8) Diffie-Hellman implementation for isakmpd(8) with lots of benefits: smaller code, libcrypto instead of custom crypto code, theoretically adds support for many new MODP and EC2N/ECP modes.
- Added missing free()s in iked(8).
- Fixed use after free(3) in pfctl(8).
- Improved Intel GbE 82578 and 82578 PHY in em(4).
- Removed mentions of operating system binary emulation in installation notes.
- Improved ahci(4) suspend/resume.
- Improved acpi(4) suspend/resume by using recently added bufq_quiesce().
- Make sasyncd(8) use only 3 verbosity level: None, Important, All.
- Removed compat_ultrix(8).
- Avoided a null pointer dereferencement in usbhidaction(1).
- Added support for badly nested blocks in mandoc(1).
- Cleaned tip(1) from obsolete acu.
- Make call to sysctl(3) fail if a process asked KERN_PROC2 or KERN_FILE2 (or their libkvm wrappers) for more informations than the running implementation knows how to provide.
- Synchronized mandoc(1) to release 1.10.3: support -Tps -Opaper=a4 and -Opaper=letter.
- Automatically set /etc/pkg.conf `installfrom' entry to the public mirror used while installing or upgrading.
- Added a framework for glyph width encoding in mandoc(1).
- Fixed a logic error in spdmem(4).
- Changed st(4) to use the FIFO buf sorting discipline rather than the default disk-sorting one.
- Fixed aucat(1) crash by explicitly initialize members of struct dev in dev_open().
- Prevent aucat(1) from checking if the midi control interface is idle when the device isn't open yet.
- When given NULL or "" as argument, make unsetenv(3) set errno to EINVAL, conforming to POSIX.
- Improved the FPU register saving on the hppa platform.
- Factor out code used to save and flush process FPU context in hppa.
- Forced the dns buffers to be aligned using a union in smtpd(8) and ypserv(8) as a workaround for "misaligned strings on the stack" bug in gcc4 and as a better and more common idiom.
- Added custom layout in tmux(1), the list-windows command displays the layout as a string that can be applied to another window using select-layout.
- Allowed selecting both address family and protocol in netstat(1).
- Rewritten ldapd(8) schema parser. The new parser now support symbolic OID names. You need to update your /etc/ldapd.conf: schemata are now included with the 'schema' keyword.
- Added VIA xcrypt for amd64 in libssl.
- Cleaned interface stats handling in pfctl(8): '-Fi' reset ALL the interface statistics and make '-Fa -i ifname' fail.
- Fixed IFADDRDEL imsg error message in ospfd(8).
- Make tmux(1) commands use stdin, stdout and stderr sent from client to server. You'll need to restart your server after this upgrade.
- Fixed keyboards in wsconsctl(8), better handling of none latin-1 characters.
- Added initial support for Intel GbE 82578 PHY in em(4).
- Added iked(8) to rc(8).
- Added the rtable id as an argument to rn_walktree() in the network stack. This permits functions like rt_if_remove_rtdelete() to be able to correctly remove nodes.
- Used an SLIST instead of a TAILQ for the ccb free list in arc(4).
- Massive removal of unused struct scsi_device.
- Updated the perl(1) Safe module to version 2.2.7 for CVE-2010-1168 and CVE-2010-1447.
- Modified IPv6 stack to conform to the last ospf6d(8) changes. Now neighbour discovery is solely based on the cloning route and not on the address neigbourship anymore.
- Added initial support for RTL8168E in re(4).
- Make ospf6d(8) create a cloning route if there is no next hop but an interface index.
- Used the interface index for writing routes into the kernel in ospf6d(8).
- Allow tty drivers to request larger buffers at attach time using a max-baud-rate hint. These larger buffers are required by the very high speed KDDI devices in Japan (com(4), or ucom(4)).
- In cwm(1), fixed window name and class to match cwmrc(5).
- Added definitions in acpi(4) for Intel/AMD IOMMU ACPI tables.
- Implemented iopools in osiop(4) to get rid of another use of XS_NO_CCB.
- Used in com(4) a more moderate FIFO trigger level (4) for moderately quick (sub-38400) port speeds.
- Synchronized bind(8) root.hint with latest version from rs.internic.net.
- Fixed kernel manuals thanks to full .nr nS support in mandoc(1).
- Stopped probing "volume knobs" in azalia(4) on resume. This fixes a resume break.
- Disabled uguru(4) on i386 and amd64 GENERIC kernels.
- Added PCH/82577 bits from FreeBSD in em(4).
- Fixed a crash in ftp(1) when the directory entry isn't complete.
- In bgpd(8), instead of specifying the control sockets on the command line have them in bgpd.conf. Removed the -s and -r arguments from bgpd.
- Marked the PXE boot device as "netboot" in the i386 and amd64 platform, even if we do not contain NFS client support.
- Fixed .Bk in mandoc(1): do not print invalid arguments verbatim, do not trigger TERMP_PREKEEP twice, do not die from invalid arguments, continue to ignore even valid arguments.
- Fixed recursion in pmap_enter(9).
- Make azalia(4) check if the jacks that will mute the speaker can generate unsolicited events.
- Cleared acpi(4) fixed event status on resume (power buttons/etc) so that some machines don't immediately resume after suspending to S3.
- Added support for 800x480 in udl(4).
- In route(8), Make 'route exec' emit error messages like xargs when execve() fails does.
- In iked(8), allowed to have multiple certs for the same CA but different srcids in the certs/ directory. This enforced that the subjectAltName has to be set correctly.
- Fixed a possible double free in iked(8).
- In ospfd(8), fixed rtmsg_process to return on an error during processing rather than continue. Fixed kr_dispatch_msg so it acts when rtmsg_process fails.
- Fixed a NULL dereferencement on zombies processes.
- Fixed two PRS in pthread(3).
- Added the TPOFF* and DTP{MOD,OFF}* definitions that ld.so will need for doing thread-local storage in amd64, i386, powerpc, sparc and sparc64.
- Added uvm(9) DMA address constraints in every architectures machine-dependent initialization.
- Make use of current working directory when default-path is not set in tmux(1).
- Fixed the length check for ASN1_ID Ids in iked(8).
- Fixed DIOCCHANGERULE in pf(4) control device.
- Basic implementation of .Bk/.Ek in mandoc(1).
- In ldapd(8), added support for different page sizes in the btree.
- Added quirks in azalia(4) for IDT 92HD71B7 in HP laptops.
- Multiple improvements iked(8).
- Added option detach-on-destroy in tmux(1) to set what happens to a client when the session it is attached to is destroyed.
- Suggested a reboot if "sh MAKEDEV" was run or login.conf was modified after using sysmerge(8).
- Make use of a mutex to make atomic operations atomic on hppa multiprocessor kernels.
- Added /dev/diskmap to RAMDISKs kernels.
- Allowed processes to be scheduled onto secondary CPUs on the hppa platform.
- Cleaned useless
#include <sys/user.h>
in more than one hundred files.
- Fixed removal of one-level search index in ldapd(8).
- In com(4), grown COM_IBUFSIZE from 1024 to 8192 to be enough size for recent devices. It fixes the problem using KDDI W04K.
- Brought ss(4) device referencing into line with sd(4), cd(4) and st(4) recent changes.
- HTTP is now the default network install method rather than FTP.
- Implemented a simple keepalive mechanism in gre(4) that is compatible with the one used by Cisco.
- First steps toward variable width fonts in mandoc(1).
- Added the extendedKeyUsage flags serverAuth and clientAuth in libssl, those flags are required by recent Windows.
- Added his own Low Power Link Up code to PCH based em(4).
- Include the Id type in the generated SA tag that is passed to the kernel, a la isakmpd(8).
- Allowed -c0 in ping(8) and ping6(8).
- Make sure some single bit bitfields in rtadvd(8) are single bit.
- Fixed bug in tmux(1) command list pointer.
- Merged mandoc(1) release 1.10.2, bug fixes (interaction of ASCII_HYPH with special chars, handling of roff conditionals, Bd -offset will no more default to 6n), improvements (more caching of .Bd and .Bl arguments for efficiency, deconstify man(7) validation routines, add FreeBSD library names) and start PostScript font-switching.
- Added GENERIC.MP kernel to hppa.
- Improved dired in mg(1): position cursor at first filename after, don't reposition cursor on reopening, check for permission before attempting to open directory.
- Prevent the amd64 and i386 platform from hanging on resume in the inter-processor interrupt handlers.
- Fixed 100% interrupt usage on amd64 MP resume.
- Fixed a bug in adw(4) and sii(4/VAX).
- Removed OpenCVS from the build.
- Avoided a potential race when unlocking a mutex on the hppa platform.
- Added HUAWEI E182 (aka Emobile D31HW) in umsm(4).
- Removed -m option from pfctl(8).
- Added X11ForwardTimeout option in ssh(1).
- Make ssh(1) log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts.
- Worked OpenBSD::State(3p) in the packages system.
- Make skip the initial check for access with an empty password when PermitEmptyPasswords=no in sshd(8).
- Fixed a bug in aucat(1).
- Fixed requirement for /dev/null inside ChrootDirectory with ``internal-sftp'' in sshd(8).
- In OpenSSH, removed hardcoded limit of 100 permitopen clauses and port forwards per direction.
- Make st(4) use xshandlers for scheduling IO.
- Fixed the ikectl(8) log verbose/brief commands.
- Included files annotated @bin in the database produced by pkg_mklocatedb(1).
- Prevent sd(4) from sleeping while dumping.
- Added a CA export command for EAP in ikectl(8).
- Improved errno in ldapd(8).
- Removed compaction and indexing from ldapd(8). Reimplemented it in ldapctl(8).
- Fixed a bug in uvm(9) uvm_pmr_get1page().
- Fixed multiple inclusions in the IPC messaging functions.
- Make ami(4) ioctl(2) and sensor paths more reliable.
- Fixed condition in ospfd(8).
- Fixed printing of extensions in v01 certificates in ssh-keygen(1).
- Updated Mesa to version 7.8.2 in Xenocara.
- Do not propagate cache invalidate operations between processors on 88110 systems, improves GENERIC.MP kernel speed by 8% on the MVME197DP (mvme88k platform).
- Prevent the framebuffer from taking over serial console on early 2.x sun4c PROM if no keyboard is connected.
- In mpii(4), protected the Command Control Blocks free list with its own mutex.
- Doubled the dmesg buffer size on the amd64 platform.
- Included the user name on "subsystem request for ..." log messages in OpenSSH.
- Added auth debug messages for bad ownership or permissions on the user's keyfiles in OpenSSH.
- Standardized error messages when attempting to open private key files with ssh-keygen(1).
- Exposed sshd_config(5) options inside Match blocks (AuthorizedKeysFile, AuthorizedPrincipalsFile, HostbasedUsesNameFromPacketOnly, PermitTunnel).
- Added a choose-buffer command in tmux(1) for easier use of the paste buffer stack.
- Added initial support for PCH based em(4) adapters with intel GbE 82577 PHY.
- Implemented PA linearization on adapters with digital predistorters in athn(4) for AR9003 family only.
- Fixed printing of multipathed route in ldpd(8).
- Stop requiring { } blocks in ldpd(8).
- Improved athn(4).
- Fixed an integer arithmetic overflow and an overflow of the xs sense buffer in vscsi(4).
- In ami(4), protected the Command Control Blocks free list with its own mutex.
- Extended tmux(1) -t:+ and -t:- window targets for next and previous window to accept an offset such as -t:+2.
- Allowed hardlinks to tmux(1) sockets to be used more easily.
- Fixed the disappearance of wild characters in tmux(1).
- Fixed midicat(1) device mode when only -i or only -o is used.
- In eap(4), locked the sample rate of es1731-based devices to 48kHz.
- Make pkg_create(1) display bad symlinks by destination.
- Make various HP laptops boot correctly with acpi(4) by fixing reference counting panic for CondRef.
- Fixed a NULL dereference by skipping exiting process in sysctl system call.
- Linked a new iwn-firmware-5.5 package that contains an update for Intel Centrino Advanced-N 6200/Ultimate-N 6300 adapters for iwn(4) devices.
- Make bioctl(8) work with disklabel UIDs by trying to use opendev(3) first.
- All programs which make use of opendev(3) can now operate with disklabel UIDs.
- Fixed a segmentation fault in ftpd(8) on ftpd_popen() error during status command.
- Fixed a memory leak in sftp(1).
- Fixed sftp(1) "ls" in working directories that contains globbing characters in their pathnames.
- Fixed ldapd(8) byte alignment on sparc64.
- Added support to use sasyncd(8) with iked(8) instead of isakmpd(8).
- Fixed a NULL pointer dereference in sd(4).
- Compaction can now be done by a separate process in ldapd(8).
- Prevent fsck_ffs(8) from failing when used with disklabel UIDs.
- Fixed a panic with softraid(4) when sd(4) tries to enable write cache on all disks.
- Make a whole bunch of newer umsm(4) Huawei devices to work.
- Count of deinstalling package fixed in pkg_delete(1).
- Write cache enabled on sd(4) disks during attach.
- In mpi(4), allowed the cache enabling on virtual disks to run as part of the disks attach routine.
- Initial support for initiator mode with certificate, which allows to run iked(8) as a "client" or to configure iked(8) to iked(8) (OpenBSD to OpenBSD) IKEv2 VPNs.
- Added commands in iked(8) to create/delete/install/import keys without involving certificates.
- Fixed a memleak in the disk mapper.
- Fixed block length for AES in iked(8).
- Fixed EAP responder mode in iked(8).
- In iked(8), make NAT detection work in initiator and responder mode.
- Fixed memory leak in ypldap(8).
- Adjusted FTP reply codes in ftpd(8) (in error conditions) to conform to RFC 959.
- Segmentation fault fixed in lock(1).
- In ldapd(8), fixed a btree reference counting when opening the database with a file descriptor directly using btree_open_fd().
- Make ospf6d(8) stop preventing dynamic route redistribution because of a "dispatch_rtmsg no nexthop" error was emitted in wrong cases; fixed a use after free(3), fixed a segfault.
- Make ospf6ctl(8) print additional new line after 'Number of Links' in show database router.
- Make ospfctl(8) print 'Number of Routers' in show database network.
- Fixed a memory leak in ypldap(8).
- In scsi(4), Restore an unusual XS_SENSE semantic; Fixes restore(8) problems seen on certain tape drives.
- In ldapd(8), Wrap searches in a read-only transaction so it is guaranteed to see a consistent snapshot of the database.
- Implemented IP-FORWARD-MIB for IPv4 in snmpd(8).
- Add support for Intel AES-NI and the CLMUL_ instructions, plus a few others that are needed to implement accelerated AES (and AES-GCM mode) on newer Intel cores.
- In ldapd(8), track changes in btree_txn_* API, pass a NULL btree when also passing a transaction.
- In ldapd(8), when a btree NULL pointer is passed to a function that accept both btree and a transaction, the btree is taken from the transaction.
- Fixes in sort(1): clarify sort's various modes of operation; -m is overridden by -C and -c; ordering options should not appear after -k.
- In ldapd(8), append a "tombstone" meta page after a database has been compacted. This allows other processes to pick up the change and re-open the file.
- Added minimal initial -Tps support in mandoc(1).
- Allowed configure queue expiry in smtpd(5).
- In fsck_ffs(8), added missing headers needed for opendev(3) and close(3).
- Declare safepri at the MD level on each platform, so that the kern_synch.c does not have to deal with it as a common.
- In ikectl(8), added a command to revoke a certificate and generate a CRL; make the ca install command install the CRL as well.
- Added a -S flag to iked(8) to do the same as ``set passive'' but matches the isakmpd(8) flag.
- Added new commands to iked(8) and ikectl(8), the couple/decouple commands will set loading of the learned flows and SAs to the kernel the active/passive commands are required to use iked with sasyncd(8).
- Stopped printing FEC twice in ldpd(8).
- Added another tree in iked(8) to lookup policy SAs by peer address.
- Removed the CRYPTO_ALGORITHM_ALL define from crypto(4).
- In ospfd(8), restricted the interface scope embedding to link local nexthops.
- In ospfd(8), fixed an infinite loop hit when the prefixlen is not dividable by 32 by decoding prefixes correctly.
- Fixed time on Mostek time-of-day chips with dead batteries.
- Moved the logging of FEC changes to the LDE and print the FEC and label information.
- Allow FFS file system to be mounted by a disklabel(8) UID.
- Fixed MPLS pop operation to make PHP work again.
- Reworked UI messages in pkg_add(1).
- Properly enable vscsi(4) on the loongson platform.
- Make ospfd(8) calculate size of update packet with IPv6 header and reserve space for IPsec.
- Introduce a diskmap pseudo device which allows userland to open a disk specified via its disklabel UID.
- Merged mandoc(1) bits that will be going into 1.10.1.
- Fixed various problems of auich(4) on SiS 7012 based chips.
- Reworked the way onboard devices attach on Sun 4/110 systems.
- In tcpdump(8), added minimal decode support for IKEv2 exchange types and payloads.
- Fixed a bug which prevented diskless station from booting (PR6382).
- Make ldpd(8) store all labels in ldpd in host byte order without any additional shifting.
- iked(8), ikectl(8) enabled in the build.