OpenBSD 5.3 released (May 1, 2013)
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.4,
5.5,
current.
Changes made between OpenBSD 5.2 and 5.3
- dhclient(8) now tries 10 times to obtain the routing table via sysctl(3), if it can't be done abandons attempt to clean up the routing and arp(4) tables and carries on.
- Fixed xterm(1) segfault which happened when using the mouse wheel over the scrollbar.
- Avoid alignment errors when dhclient(8) processing routing messages, by reading the messages into dynamically allocated memory.
- Added ldomctl(8/sparc64) workaround for some firmware revisions which provided an incorrect factory-default configuration.
- Fixed sndiod(1) crashes occurring when the client sample frequency is much larger than the device sample frequency.
- Don't try to purge one-time rules from the main pf.conf(5) ruleset.
- Always reserve space addresses, to fix memory corruption when doing ipsecctl(8) -ssa with md5sig.
- Fixed trunk(4) panic which occurred when previous interface had modified the mbuf(9) chain.
- Use dma memory for viomb(4) bl_pages, to fix a "Non dma-reachable buffer..." panic on amd64.
- When no acceptable dhclient(8) offers are received within the allowed timeframe, look for a lease in dhclient.leases.IF. If none are available, wait "retry" seconds before restarting DISCOVER; also daemonise the process, giving back the command prompt.
- Support ssh(1) ProxyCommand=- (stdin/out already point to the proxy); Allow IdentityFile=none.
- Don't complain if ssh(1) IdentityFiles specified in system-wide configs are missing.
- Bring back bge(4) 5718/5719/5720 support again; fixes for ip checksum handling.
- Fixed a potential smtpd(8) crash when connecting to a misbehaving smtp server.
- Use imsg_flush() to ensure a quicker exit of any previous copy of dhclient(8).
- Cancel any outstanding protocol timeouts when a dhclient(8) link goes away.
- Reverted revision 1.195 of ahci_pci.c, which caused Intel SATA controllers in compat mode to not see any hard disks on boot.
- When opening an ldomd(8/sparc64) device node fails, show its path in the error message.
- Set wireless interface priority and interfaces to the wlan group for cnw(4) and ray(4) (pre 802.11b wireless drivers).
- install(1) will now report unlink() errors unless ENOENT.
- Stop dhclient(8) deleting permanent arp(4) cache entries when clearing the arp(4) cache.
- Reworked dhclient(8) log messages: only one message logged at termination or restart; removed duplicate cleanup attempts.
- Updated nsd(8) to version 3.2.15.
- Keep track of which ssh(1) IndentityFile options were manually supplied and which were defaults, don't warn if the latter are missing.
- Suppress some pointless dhclient(8) debugging messages.
- Fix line counting when using mg(1) forward-paragraph and backward-paragraph.
- Disabled smtpd.conf(5) queue compression temporarily, as we lack the smtpctl(8) bits.
- Allow dhclient(8) lease renewals to work in a non-default routing domain, and show problematic table id in error messages.
- Only use local hostname in Received lines if smtpd(8) listener has not overridden it, otherwise use the listener hostname.
- Bugfix udp(4) socket splicing when a packet gets diverted, spliced and routed to loopback.
- Do not let user(8) try to (un)lock system users; people wanting to do so should use vipw(8).
- Revert rthread/ld.so(1) diff: not working on sparc/sparc64 or vax.
- Fixed make(1) var module failing while expanding a line ending with a $. Seen when MALLOC_OPTIONS=S.
- Terminate the smtpd(8) session instead of fatal()'ing if getsockname(2) fails.
- Cleanup mg(1) undo history in revert-buffer.
- Unbreak dhclient(8) DISCOVER, by initialising xid from correct field.
- Allocate dma memory below 2^28 limit, allowing ice1712-based envy(4) cards to work on amd64.
- Fixed the relayd(8) "toread" check in the lateconnect case, which allows Content-Length: 0 in HTTP GET request when a request filter is used. Broken by previous commit.
- Do not loop forever if pckbc(4) keyboard send a BAT (Basic Assurance Test) fault code. Handle this code like "Resend" or "BAT success" instead.
- Make sure dhclient(8) asks for a default route in the correct routing domain. Fixes some periodic failures.
- Don't leak dhclient(8) routing socket file descriptor if getting the default route fails.
- Warn more loudly if an ssh(1) IdentityFile provided by the user cannot be read (bz #1981).
- Disable nginx(8) pcre symbol visibility on vax in order to unbreak the build.
- When an interface generates an RTM_IFINFO message, check LLADDR. If it has changed, simulate a SIGHUP to restart.
- Obey RFC 2131: when the broadcast flag is set, send dhcpd(8) reply back via udp broadcast and link-local broadcast. Fixes some switches which use the broadcast flag.
- Correct ssh(1) error message that had a typo and was logging the wrong thing.
- Don't rely on the dhclient(8) packet buffer (client->packet) being preserved between attempts to send DISCOVER or REQUEST packets.
- Repair the legacy xf86-video-intel i810 driver.
- Cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt from the openssl(1) repository.
- Allow use of "=" instead of "=>" when declaring a smtpd.conf(5) mapping.
- Replaced smtpd.conf(5) "users" keyword with "userbase" when providing alternate userbase.
- smtpctl(8) trace expand, enables tracing of aliases expansion.
- Repaired gdb(1) single-stepping on m88k.
- Make librthread compatible with an ld.so(1) that does TCB allocation.
- Added a "block" rule prior to the state creating "pass" rule in the default pf.conf(5).
- Fixed npppd(8) to stop it calling ioctl with the invalid argument (bug introduced by the config parser change commit).
- Return EINVAL instead of panicking when a zero length MPPE is passed by ioctl to pipex(4).
- Make sure pipex(4) MPPE key is not zero length.
- Restore previous dhclient(8) behaviour of not cleaning up in response to SIGTERM, so routes to NFS servers are not lost.
- Reflect the -f option in last(1) output.
- Re-enable the stack protector code on m88k machines.
- Make top(1) display the correct percentage of CPU usage for threaded processes when threads are not displayed.
- Record "Received disconnect" messages at ERROR (not INFO) priority, as they return a non-zero ssh(1) exit status (bz#2057).
- ssh-keygen(1) now appends (not overwrites) moduli(5) file when screening candidates. Allows resumption of an interrupted screen (bz#1957).
- Switched the m68k ports to gcc(1) version 3.
- Updated nginx(8)'s internal pcre to 8.32.
- Don't wait for memory from pool while holding uvm(9) vm_map_lock, as this can cause a deadlock.
- Updated luit(1) to 1.1.1. Fixes the luit(1) tty handling after the introduction of the UNIX98 PTY functions.
- syslogd(8) -h now includes RFC3164-style hostnames when forwarding.
- Don't discard dhclient(8) option list if it contains duplicate option names, just ignore the duplicates.
- Added some pieces for identifying and supporting some of the newer bge(4) chipsets.
- On reboot(8), ignore sysctl failure for CPU_LIDSUSPEND when errno is EOPNOTSUPP.
- Permit frames up to 1758 bytes (MTU 1740) and raise hardmtu to allow the user to set them on vr(4) VT6105M, VT6105 and RhineII-2.
- Allow configuring an MTU of up to 1518 on sis(4). Tested on DP83815.
- Put index and root directives where the the nginx(8) "Pitfalls" list says to put them.
- Fix for perl(1) CVE-2012-6329.
- Make smtpd(8) retain the MX address order as sent by the lka for MXs with the same preference.
- Fix memory leak in npppd(8) privsep.c to free the memory which was allocated by getcap(3).
- Fixed NULL dereference when sftp(1) is built without libedit, and control characters are entered as a command.
- Bring back reserve enforcement and page daemon wakeup into uvm(9) uvm_pglistalloc, to stop potentially running out of memory.
- Make sure the uvm(9) page daemon considers BUFPAGES_INACT when deciding to do work, just as is done when waking it up.
- Added pppx(4) interfaces to the "pppx" interface group.
- sshd_config(5) MaxStartups is now "10:30:100" to start random early drops at 10 to 100 connections. Makes it harder to DoS.
- Rework http content/chunk handling in relayd(8). Allows handling an optional chunk trailer properly (a prerequisite for splicing persistent http connections).
- Unbreak smtpctl(8) table update.
- Install 50x.html for nginx(8), which is part of a default configuration.
- Disable ld(1) "PIE-by-default" if -static (or an alias) is passed on the command line, to produce a fully static binary.
- netstat(1) -vP now also shows the new struct sockbuf field sb_flagsintr.
- Make pflow(4) use flowStartSeconds/flowEndSeconds for netflow v10, so it can see what time a flow started/ended.
- smtpd(8) fixes: handle getaddrinfo() error as LKA_TEMPFAIL; handle getsockname() error in smtp_connected(); accept "/" as part of user-part and expand to ":" (like qmail); fix wrong check in mda leading to bogus Return-Path header; fix aliases parsing when there's a white space between key and separator.
- Automatically reflow wrapped lines when a tmux(1) pane is resized.
- Don't let tmux(1) set certain string formats if the string is NULL.
- Make sure new config file is valid before SIGHUP'ing sshd(8), which would otherwise just kill it.
- Pad "join BSS" command with padding the size of the entire buffer, to make rsu(4) firmware happy.
- Stop as(1) from optimising away R_X86_64_GOTPCREL relocations.
- Use RTM_GET in dhclient(8) to obtain the current default route. Much less work for the routing system.
- Removed product/vendor table and let the urndis(4) driver attach based on class, etc. Print what type of device it is.
- hp300 and mvme68k libtool(1) has switched to elf(5).
- elf(5) toolchain for m68k, following the SysV/m68k ABI.
- dhclient(8) will now add identifying comment to generated resolv.conf(5) so it is easy to see which interface generated it.
- Fixed dhclient(8) crash when checking whether resolv.conf(5) should be written.
- Do not leak lease in dhclient(8) error path.
- dhclient(8) will now handle a non-existent resolv.conf.tail(5) without issuing an error message and handle an empty resolv.conf.tail(5) without exiting. No longer leak an fd if fstat() on resolv.conf.tail(5) fails. Made fstat() failure on successfully opened resolv.conf.tail(5) a fatal error.
- Fixed memleak in libutil imsg_read() when hitting the file descriptor reserve check.
- Resolved some issues with xf86-video-intel screen corruption seen with dpms on ivy bridge.
- If a sndiod(1) device doesn't respond within 2 seconds, close it and drop all connections. Necessary on some MP machine/audio driver combinations.
- Rewritten the msk(4) receive filter handling code and cleaned up ioctl.
- m88k libtool(1) has switched to elf(5) and has shared libs.
- Write out resolv.conf(5) only if the default route is under the control of the process binding the dhclient(8) lease. Re-check the default route when a routing message arrives that might mean default route has changed, and write out resolv.conf(5) if appropriate. Reduces the chances that the name servers in resolv.conf(5) are unreachable.
- Don't tweak the smtpd(8) socket sndbuf, now that envelopes are passed in compressed form. Reduces default envelope message size.
- Fixed port numbers for login_radius(8) servers, which were not configured correctly in npppd(8).
- Deleting the ip address of a tun(4) interface by npppd(8) now works correctly.
- Backed out bge(4) 5718/5719/5720 support, as it breaks 5704C.
- makedev(8) will now create /dev/pppx by default, for pppx(4).
- Added support for POSIX.1-2008 functions dprintf(3) and vdprintf(3).
- Rewritten the url(4) receive filter handling code and cleaned up the ioctl bits.
- Fixed udav(4) bug: when going in and out of promiscuous mode the driver was not disabling all multicast mode.
- bge(4) support for 5718 family of chips, including the 5719 and 5720.
- Make ulpt(4) upload firmware into HP LaserJet printers which require the firmware.
- Large reduction in memory footprint when smtpd(8) is relaying lots of messages.
- Log sender address as "<>" when smtpd(8) delivering bounces.
- Allow lookups from backends in smtpd(8) "accept for [...] virtual" context.
- Openldap client now accepts connections to a ssl-enabled ldapd(8) server.
- Introduced smtpctl(8) "trace lookup" to trace lookup process; improved logging of the transfer process.
- Added TX interrupt mitigation for vr(4) chips, including 6105Ms found in pcengines alix and soekris 5501s.
- Bumped MAXTSIZ to 128 MB in vmparam.h on i386 and amd64, to cope with large binaries.
- Added a pkg_mklocatedb(1) -u option to make it possible to update an existing database.
- Correct the PBA size used for em(4) PCH adapters to 26KB.
- Calculate resolv.conf(5) contents once when dhclient(8) is binding a lease, and reuse as required.
- Restore dhclient(8) "no domain-name, no domain-name-servers means don't touch resolv.conf" behaviour.
- smtpd(8) updates: preliminary ldap and sqlite support; all lookups now done through tables; improved handling of temporary errors; improved scheduler and mta logic; improved queue; improved memory usage under high load; SSL certs/keys isolated to lookup process to avoid facing network; fully virtual setups possible now; and runtime tracing of processes through smtpctl(8) trace; smtpd.conf(5) simplified. FLUSH YOUR QUEUE.
- Don't allow stopping/restarting mountd(8) via rc.d(8) framework, it should be done manually to avoid RPC daemon issues.
- Removed ACSS from ssl(8) and ssh(1).
- dhclient(8) now reads resolv.conf.tail(5) once on startup and save contents for subsequent resolv.conf(5) building.
- Skip ssh(1) serial lookup when certificate's serial number is zero.
- Changed byte-order swapping to 16 bits to match "event type" size. mpii(4) works on sparc64 with this.
- Try to post everything except the flags field in the first myx(4) TX descriptor.
- Fixed ssh(1) handling of (unused) KRL signatures; skip string in correct buffer.
- Always validate the user of a received SNMPv3 request in snmpd(8) if the configured user has a certain security level.
- ARMv7 doesn't support the atomic SWP instruction anymore so using the atomic load and store instructions instead.
- Added instruction fault register functions, which will be needed for further ARMv7 support.
- m88k ld.so(1) now copes if shared library is loaded at a different address than what it was compiled for. Fixes spurious crashes.
- Change interface and span interface lists so bridge(4) behaviour does not suddenly change anymore when adding a vlan(4) interface.
- relayd(8) now only sends a single CRLF terminator between Chunked Transfer Encoding chunks. Fixes (e.g.) Chrome and curl that implement the specification strictly.
- Make pf(4) TCP sequence number tracking less strict by one octet for FIN packets. Previously a packet with the FIN bit set and containing data that fits exactly into the announced window was blocked.
- Properly handle wcsftime(3) "%%" and "%N" where N is not a supported escape. Consistent with strftime(3) behaviour.
- Stopped the radeon(4) driver from trying to restore text mode on PALM and newer chip generations, as it won't succeed.
- Fixed backslash escaping during filename tab-completion in ksh(1).
- Added viomb(4) to amd64 generic kernel.
- Avoid chance of divide by zero in _dl_findhint() if the administrator reruns ldconfig(8) with bogus paths.
- Much faster pkg_add(1) -E: if the "raw" contents file doesn't contain the last part of the filename, then don't parse plist.
- Relax the restriction on sending frames to trunk(4) members to allow bpf(4) writes.
- Converted softraid concat, crypto, and RAID0 to new workunit completion functions.
- Ensure we remove workunit from the pending queue and restart deferred workunits for softraid(4) RAID0, even in error conditions.
- Converted softraid(4) RAID1 to new ccb functions.
- Added dhclient(8) "-L" to specify file storing offer/leases. Allows access to dhcp option information that was formerly passed to dhclient-script.
- Constrained the amount of kernel memory used by NTFS.
- Added global lock enter and leave routines to acpi(4).
- Reset I/O counters when releasing softraid(4) ccbs.
- Update the ARM CPU ID information as the IDs aren't vendor/product specific, they are specific to the ARM CPUs themselves.
- dhclient(8) will now try harder to clear out default routes on the interface being configured.
- Support sshd_config(5) Key Revocation Lists (KRLs), a compact way to represent lists of revoked keys and certificates.
- Don't re-calculate vr(4) vlan tag repeatedly through the descriptor loop.
- Don't try to access vr(4) m_head after it may be freed (unlikely for VT6105M, but possible).
- Ensure the tty(4) hiwat is less than the size of the ring buffer, ensuring a bit of space for kernel ^T handling and such.
- New pmap(9) for pandaboards.
- Do not allow tmux(1) cursor colours to be set beginning with ? as that will report the colour.
- Allow the kernel to directly transfer UDP data from one socket to another.
- Allow two minutes until ospfd(8) neighbour adjacencies are formed; transmit correct state to RDE; do not send IMSG_LS_UPD if we have no links; and improved snapshot handling.
- For ospfd(8) point-to-point interfaces, send lsupdates to the interface address (see RFC 2328, 13.3(5)).
- In ospfd(8), check for state != NBR_STA_XCHNG even if the RDE has processed all received DDs (dd_pending == 0), in case the peer still sends more DD messages.
- Imported xf86-video-modesetting 0.6.0 for KMS testing.
- Display some more flags and subtypes in tcpdump(8), especially flags used in power saving mode.
- Converted softraid(4) concat and RAID 0 to the new ccb functions.
- Fixup printing of bgpd(8) rdomain configs to add network statements and only print the description if it is set.
- Allow amd64 to hibernate with up to 64GB physical memory.
- Force three newest generations of Intel SATA chipsets into ahci(4) mode. Makes the DVD drive and other devices on MacBook Pro with bootcamp more reliable.
- Fixed a.out(5) coredumps by using RB_FOREACH_SAFE in uvm(9).
- Revert unconditionally registering the cpu throttling code on all loongson 2F systems, as the gdium does not have a separate scheduling clock yet.
- Do not register the mips64 internal cpu timer-based timecounter if we support cpu throttling.
- Properly distinguish /boot(8) and biosboot(8) in i386 and amd64 informational and error messages.
- Unbreak the negation toggle code when re-loading pf(4) tables, so negating existing entries on re-load will work.
- Add terminfo(5) entries for rxvt-unicode and rxvt-unicode-256color.
- Added cpu throttling support to the loongson 2F systems.
- Added a new capability flag to identify softraid(4) disciplines where read failures are not necessarily terminal (i.e. we have redundancy).
- Don't tell the dhclient(8) privileged process to discard active_addr if there is a pending address addition. Fixes "routehandler: interface address added" messages and premature exiting.
- Added hardware VLAN tag/untag support for vr(4) VT6105M chips.
- Keep a count of packets added to vr(4) TX queue and only poke the chip if we've added a packet.
- Added a stat clock for the lemote loongson machines, to show more accurate cpu usage statistics.
- Restrict sysctl(8) KERN_PROC_ARGS lookup of KERN_PROC_NENV and KERN_PROC_ENV to process owner and root.
- Implement tmux(1) ECH (erase character, CSI X).
- Per group support for authpf(8) rules files added to /etc/authpf/groups.
- If timing between keys is less than 1 millisecond, tmux(1) will assume the text is being pasted. "assume-paste-time" option changes the value.
- Allow as(1) to correctly assemble PIC code on m88k.
- Switch memory filesystem to bufq. This gives us queue limits and uses FIFO queueing (rather than the current LIFO queueing).
- Process compat_linux(8) futex requeuing even when the thread times out or is signalled.
- Fixed netinet6 to stop flushing prefixes of autoconfigured IPv6 addresses with "ndp(8) -P" causing an uvm fault.
- Make the mount_msdos(8) FAT setattr handling more consistent about unsupported attributes, making it more user-friendly.
- Allow multiple coredumps to be saved at the same time.
- Map the myx(4) registers prefetchable so things that can do write combining will attempt to.
- Avoid extra bus_space barriers in the myx(4) interrupt handler.
- Stopped using separate interrupt handlers for the tht(4) ports. Ensures second port does not get starved.
- Accept both types of etherip rev 3, but continue sending old format. First step of transitioning (over two releases) to new ietf specification.
- Updated to: editres(1) 1.0.6; showfont(1) 1.0.4; viewres(1) 1.0.4; xconsole(1) 1.0.5; xedit(1) 1.2.1; xgc(1) 1.0.4; xmessage(1) 1.0.4 and xmag(1) 1.0.5.
- On loongson, added a driver for the mfgpt1 clock found on lemote and use as system clock; replaced system clock provided by the cpu with a mfgpt to allow cpu throttling; changed the frequency value of hz from 100 to 128.
- Updated nginx(8) to 1.2.6.
- Track, reject and blackhole ospf6d(8) routes and allow them to be redistributed even though they point to the loopback.
- Free the directory block buffer at the completion of a readdir, significantly reducing NTFS kernel memory usage.
- When posting descriptors to the myx(4) chips rings, do multiple writes before calling the bus_space barrier.
- Let dhclient(8)'s lease validate option data and discard bad options before checking if any required options are missing.
- More informative dhclient(8) "options" error message.
- Ignore dhclient(8) options that do not validate, rather than summarily rejecting offered lease. Treat all options whose names start with "option-" as unknown.
- Reverted cwm(1) group.c r1.68, which allows an empty group to be sticky.
- Enabled flow control support with bnx(4) 5708S/5709S adapters.
- Added support for reporting flow control status for mii(4) 5708S/5709S fibre phy.
- Check results of strdup(3) in dhclient(8) domainname and nameservers options.
- Reverted vfs(9) setting a high water mark, it will likely cause problems in low memory situations where we can't get a struct buf.
- Added viomb(4) driver for virtio balloon device. Allows host to request some memory back from the openbsd guest in case of a shortage.
- Improved error message for integrity failure in ssh(1) AES-GCM modes.
- Allow a hp300 kernel whose name contains uppercase letters to be bootable.
- Honour libtool(1) -Wc and -Xcompiler in link mode as GNU does.
- Set the initial cwm(1) group to "1".
- Don't log "unknown subcode" for subcode 0 when the bgpd() hold timer expires, this is a normal condition.
- Don't hardcode the bge(4) phy address at 1, as the 5718 family can have phys as 1, 2, 8, or 9.
- When checking the mii(4) phy check the oui as well as some model numbers overlap (e.g. bge(4) and bnx(4)).
- Enable more libdrm functions in drm(4) and check DRIVER_MODESET flag in kernel to determine if modesetting is supported.
- Correctly initialise ssh-keygen(1) fingerprint type for fingerprinting PKCS#11 keys.
- Support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) in sshd(8).
- Added cwm(1) per-group vert/horiz tiling support with new bind commands "vtile" and "htile."
- Taught as(1) how to handle mips symbolic register names.
- Unbreak xinerama support and fixed menu/client placement for cwm(1) panning setups.
- Reverted the daily(8) SMART check using atactl(8) for disks with SMART enabled.
- Fixed sparc optimisation bug in dump(8).
- Don't propagate XF86XK_Audio{Lower,Raise}Volume keys from pckbd(4) or wscons(4) to userspace. Stops volume from being adjusted twice (by X apps and again by the kernel).
- Make dhclient(8) buffer for lease longer to accomodate strings listing all possible option names.
- Replaced hand formatting of dates in dhclient(8) with strftime(3).
- Changed dhclient(8) to write leases as strings, to write out complete leases at a time.
- Enabled MSI for rtsx(4).
- Updated libXcomposite to 0.4.4; libXdamage to 1.4.4; and xf86-video-mach64 to 6.9.4.
- Check UDP length field for short as well as long values in dhcpd(8) and dhclient(8). Fixes dhcpd(8) crash when a UDP packet arrives saying it has 0 length.
- Switched m88k ports to ELF.
- Stopped rtsx(4) and sdhc(4) drivers attaching to the same device, which then failed to work reliably.
- Allow for the units(1) prefix to be given without a need to quote it.
- Updated xterm(1) to 287; freetype to 2.4.11.
- Allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen(1) -lD ...
- Changed sysmerge(8) parameter order and allow arbitrary filenames in url pattern.
- Extended sysmerge(8) error handling and quoting of user supplied input.
- Correct error handling in mount_ntfs(8) that previously left the ntnode locked and neglected to decrement the use count.
- Ensure mount_ntfs(8) directory link count is always 1. Makes find(1) behave predictably.
- Allow specification of an alternate start directory for sftp-server(8).
- Pass the screen workarea, as opposed to viewarea, allowing cwm(1) client snapping to honour gap.
- Sync hostname.if(5) parsing with netstart(8) in install.sub; also ipv6 "prefix" parsing fix.
- Only check dhclient(8) "-l" parameter for regular-fileness, not the built-in default path. Stops erroring out for no reason and fixes (U)pdate.
- Fixed tty(4) bug that could result in up to 100 lost bytes when it hist the TTYHOG limit and blocks.
- ssh(1) channel_setup_local_fwd_listener() fixed to return 0 on failure, not -ve (fixes bz#2055).
- Added an implementation of fmemopen(3) and open_memstream(3) (to be polished in-tree).
- After toggling a cwm(1) group hidden, don't set it as active (in sticky or non-stick mode), regardless of existing clients assigned to that group.
- Plugged a memleak when unbinding a duplicate key for cwm(1) kbfunc_cmdexec.
- Made number of cwm(1) groups no longer off-by-one.
- Fixed gap value when formatting 1.44MB 3"1/2 floppy disks on sparc and sparc64.
- m88k ELF toolchain added to binutils.
- Rewrote mandoc(1) indentation handling for nested lists.
- Do not mail out diffs of the moduli(5) file.
- Allow native ELF binaries (none yet) to run on m68k.
- Don't compute checksums if pkg_add(1) is already erroring out.
- Added HD4550 to the list of radeon(4) cards.
- Fixed pf(4) for nat with sticky address and ip address change.
- Reset the pf(4) round-robin pool counter in case its current value has been removed (e.g. with ifconfig em0 1.2.3.4 -alias)
- Keep mount_mfs(8) from potentially consuming the entire buffer cache if it falls behind.
- Constrain the filename passed to dhclient(8) -l to a regular file.
- Make HUP to either of the dhclient(8) processes cause a restart that will have it re-read dhclient.conf(5) and get a new lease.
- Fixed grep(1) exit status when there is an error reading a file.
- Make mg(1) respect locale for ctype purposes (e.g. to display ISO Latin 1 characters).
- Avoid spinning in the vfs cleaner when there are insufficient clean pages, but no buffers on the dirty queue to clean.
- Updated sendmail(8) to 8.14.6.
- Added GENERIC.MP to luna88k.
- Replaced one grep with awk patterns and simplified another using -q in sysmerge(8).
- Fix kernel compilation with POOL_DEBUG but not DDB enabled.
- Register cleanup handler passed by ld.so with atexit(3), and fix stack alignment on i386 and sparc.
- Simplified sysmerge(8) by using shell patterns.
- Added tmux(1) ^ and $ special command targets to select lowest and highest numbered windows.
- Add -T option to tmux(1) select-window to toggle to last window if already current.
- Added a -u flag to tmux(1) choose-tree to start uncollapsed.
- Removed an unnecessary tmux(1) window-choose redraw.
- Register sparc64 cleanup handler passed by ld.so with atexit(3).
- Explicitly align i386 stack on a 16-byte boundary such that constructors can use SSE instructions.
- Simplify setting sysmerge(8) FETCH_CMD.
- Make the per-user login_yubikey(8) counter file r/w by group auth.
- Added support for U3 bridges present in macppc G5 machines.
- Attach all known macppc U3 AGP bridges.
- acx(4) now supports power-saving in hostap mode.
- Return EEXIST to "add" and "addspan" when a port is already a bridge(4) member. Makes reconfiguration with netstart(8) silent again.
- Fixed bug in random offset from rev 1.143 of malloc(3); random range was expanded, but not by enough.
- When dhclient(8) is binding to a new lease, wait for the RTM_NEWADDR message in S_BOUND state. Prevents confusion when another DHCPACK arrives.
- Fixed sasyncd(8): the valid port interval is 1 to 65535, not 1 to 65534.
- Rather than calling microtime in bpf(4) bpf_catchpacket each time it's called on a packet, take a timeval indicating when the packet was captured.
- bpf(4) allocates packet buffers in the ioctl path; let it sleep waiting for memory to become available.
- Use openpty() rather than hand-rolled vi(1) pty opening code.
- Correctly update the current ix(4) flow control mode; report it in the media status callback.
- max_frame_size now set after ether_ifattach updates ix(4) if_mtu.
- Readjust sndiod(1) midi flow control after consuming input data.
- Added gcc(1) stack smashing protector for Alpha and MIPS (enabled by default). Reorganised soft frame pointer so that locals are below it and grow downwards.
- Update to xf86-video-vmware 2.1 RC1 (aka 2.0.99.901).
- Removed an output probe method in xf86-video-intel i830PreInit(). With xserver 1.13 this causes a fatal error at run time.
- Sync the "legacy" xf86-video-intel i810 driver (used only on true i810 and i815 chipsets) to X.Org.
- Temporarily bring back the scsi(8) shutdown hook, but only use it to flush the disk cache.
- Adjusted sysmerge(8) arithmetic tests.
- Don't attempt to delete address that has already been deleted; narrows race window, makes rapid-fire starting of dhclient(8) more reliable.
- Stopped an incorrect flag to be set in npppd(8) _this->keylenbits.
- Stopped relayd(8) complaining if the child processes exits cleanly.
- Let the privileged dhclient(8) process clean up itself. Continuous rapid repeated invocations now more reliable.
- Put a default known_hosts into cwm(1) conf; simplified config file setup; other code cleanups.
- Create and use cwm(1) menuq_clear() helper.
- Made cwm(1) screen font an Xft(3) font.
- Daemonize dhclient(8) later in process. Fixes problem where dhclient(8) exits before interface gets an address and a second dhclient(8) has to run.
- Allow gethostbyname(3) to accept a numeric IP string. No lookup is done in this case.
- Unbreak bootblocks on Alpha by fixing the primary load address.
- ix(4) ixgbe_raise_i2c_clk changes: allows for larger timeouts for greater reliability.
- Sync ix(4) advanced transmitter descriptor setup code with upstream; use TXSM instead of IXSM for IP checksum calculation.
- Decrement the number of clusters on the ix(4) ring in case of an error.
- Implemented SFP+ module hot-plug support for ix(4) 82599.
- Fixed link autonegotiation bug on ix(4) 10GbaseT controllers; improved link information reporting.
- cwm(1) menu drawing rewrite, moving to Xft(3) and solving assorted font/colour drawing issues.
- Updated to xf86-video-geode to 2.11.14.
- Added the Validity vendor and some products (including vostro 3360) to usbdevs.
- Prevent a potential dhclient(8) segfault.
- Plugged two iked(8) memory leaks.
- Don't print an error if the iked(8) process exited normally.
- Added support for IT8772F to it(4).
- Added U3 HyperTransport found in PowerMac7,3 to pcidevs.
- Use correct string in ssh(1) error messages.
- Changed tmux(1) load_cfg to fix a crash.
- Fixed a regression introduced to attach drm(4) on macppc.
- Correctly attach vgafb(4) on iMac G3 graphics cards which have a "misc" pci(4) subclass.
- Limit the xf86-video-intel backlight values to the maximum so xbacklight(1) will work on recent thinkpads.
- Properly handle the case where a process has disappeared in between pkill(1) grep'ing and printing it.
- Use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove hand-rolled ssh(1) counter mode code.
- Reset ssh(1) incoming_packet buffer for each new packet in EtM-case.
- Don't print zero length matches in grep(1) -o mode.
- Added ssh(1) encrypt-then-mac (EtM) modes to openssh; these modes are more secure and used by default.
- Drain log messages after receiving ssh(1) keystate from the unpriv child, to stop it from blocking while sending.
- Add a daily(8) SMART check using atactl(8) against disks that support and have SMART enabled.
- Use proper EOL offset for grep(1) -o matching.
- Bring back a small copy optimisation in crypt(3) aes-gcm handling.
- Fix potential for use-after-free of bufs in Fast File System softdep.
- Backoff buffer cache on any uvm(9) page daemon wakeup to avoid repeatedly waking page daemon unnecessarily.
- Limit nfsd(8) up to only 1/4 of available buffer mapping kva when busying up buffers in an nfsiod. Makes sparc installs work over nfsv2.
- Fixed gcc(1) "c-bounded" when arrays are declared without the size expression.
- Fixed gcc(1) unaligned memory loads on Alpha.
- Adjusted oce(4) mbuf chain data pointer so that ip header is word aligned.
- Correct macobio functions to fix kernel panic on PowerMac G5 (present since r1.22 of i2s.c).
- Implemented crypto(3) support for Extended Sequence Numbers for the aesni driver.
- Schedule a timeout if receive ring refill fails on bnx(4). Avoids some stalls when using ipsec(4).
- Added cdce(4/alpha).
- Recognise 7448 and 970MP processors on macppc.
- New "-i" option to dhclient(8), to ignore any values provided for specified options from leases.
- Implemented ldomctl(8/sparc64) and ldomd(8/sparc64) panic command.
- Added /dev/vdsp[0-7] to sparc64.
- Added ldomd(8) to control the availability of virtual disks to guest domains.
- Re-enabled pkg-config(1) --max-version.
- Handle resetting 256-colours properly when tmux(1) is parsing #[default], #[fg=default] and #[bg=default] styles.
- Include a path separator after an ikectl(8) SSLDIR.
- Added support for PowerPC 970 CPUs present in early PowerMac G5 from 2003 (7,2 and 7,3).
- Fixed mbuf leak with devices sending BPDUs to bridge(4) members not configured with STP.
- Conform crypto(3) to RFC 4106 when combined authentication/encryption mode is in use.
- Enable the radeon(4) r100 dri module on macppc.
- Supply correct AAD length to the final round of crypto(3) hashing for Extended Sequence Number support.
- Added support for agp(4) bridges that do not support remapping for processor accesses. Required for having drm(4) on macppc using agp(4).
- Make sure we try to unbind agp(4) memory regions if the aperture base address is 0.
- Simplify tmux(1) command string parsing.
- Implement bus_space_mmap(9) on macppc and i386.
- Set port = NULL for new connections. Fixes sndiod(1) crashes.
- Fixed ix(4) to correctly account rx errors.
- If no domain-name or domain-name-servers provided in the dhclient(8) lease (or if they are ignore'd in dhclient.conf(5)) and there is no resolv.conf.tail, then do not remove any existing resolv.conf(5).
- Attach the 2nd core of SPARC64-VI and SPARC64-VII CPUs.
- Stopped cu(1) sending EOF "character" down serial line at high speed if it loses its input terminal.
- Added ifconfig(8) group support back (ramdisk version was broken).
- Enable agp(4) in macppc generic kernel.
- Bring back mg(1) column numbers and make them configurable. Off by default to not kill slow serial lines.
- Add support for Uninorth agp(4) bridges found in most (if not all) G3 & G4 macppc machines.
- Make macppc bus_dmamem_mmap(9) understand the BUS_DMA_NOCACHE flag, required for agp(4).
- Fix ex(1) hang when exiting shell in script mode.
- Added emulation of POSIX pty APIs posix_openpt(3), ptsname(3), grantpt(3) and unlockpt(3) using /dev/ptm.
- Close sparc64 vdsp disk images if the client disconnects.
- New CA root certificates from GlobalSign, VeriSign, AddTrust, Comodo, UserTrust Network/UTN and Starfield.
- Fix XAA support in xf86-video-mga.
- For netstart(8), use the compact version of the check for ifconfig(8)'able interfaces from install.sub.
- Added sshd_config(5) AllowTcpForwarding "local" and "remote" keywords to enable just local or remote TCP forwarding.
- ssh-add(1) -d will now delete the corresponding certificate too; the -k option will delete key only.
- Fixed sshd(8) logging of authentication when privsep is enabled by adding explicit "Partial" state; report which submethod is used for keyboard-interactive.
- Make ssh_config(5) IdentitiesOnly apply to keys obtained from a PKCS11Provider. Allows control of which keys are offered from tokens using IdentityFile.
- Fixed case where buffers returned on vinvalbuf(9) path and we do not get woken when waiting for kva.
- Fixed vfs(9) kva reserve to ensure that kva reserve is checked for.
- Implement hardware flow control and enable it by default on vcc(4/sparc64).
- Don't wake the vfs(9) cleaner and throw away pages unnecessarily when growing the buffer cache .
- Added check to xf86-video-intel so server can fail with useful error message instead of segfaulting later.
- dhclient(8) will now catch SIGHUP, SIGINT, SIGTERM, SIGUSR1, SIGUS2 and remove routes and the interface address before exiting.
- netstart(8) will try harder to identify invalid interface names and emit an error message.
- Make sure gcc(1) no longer incorrectly optimises away "*volatile_ptr = *volatile_ptr;" constructs on platforms which can perform memory to memory transfers in a single instruction (i.e. m68k and vax).
- Switch m88k ports to gcc(1) version 3.
- Add ldomctl(8/sparc64) support for older firmware on UltraSPARC T1 machines.
- Parse sndiod(1) "-m mode1,mode2,.. " strings strictly.
- Make dhclient(8) privileged process daemonize, not attach to a controlling terminal.
- Make it possible to share ldomctl(8/sparc64) cores between domains.
- Make the bgpd(8) error messages more user friendly.
- If a particular bgpd(8) capability is bad, log the fact and ignore it, rather than return an error. Allows bringing up a session that have (e.g.) unexpected AFI,SAFI pairs in them.
- Add RX TCP/UDP checksum offload support to gem(4).
- Additional CA root certificates added from GeoTrust/Equifax, GoDaddy, StartCom, and Thawte.
- Drain sndiod(1) midi port output buffer before closing it ensuring the last few bytes are not lost.
- Drop clients using sndiod(1) midi ports when port is closed (eg. umidi disconnected); try to reopen it whenever a new client connects.
- When sndiod(1) audio device is closed, mark it as closed before dropping connections. Stops clients attempting to reopen the device.
- Process incoming sndiod(1) midi data on the fly, not by using an input fifo.
- Don't exit sndiod(1) if midi control port is destroyed (it never is).
- Removed retired ssl(8) Thawte/Verisign certificates and intermediate GoDaddy certificate.
- Made cloned devices line up with the rest of the fstat(1) output.
- In locale/ctype/en_US.UTF-8.src, corrected width of some characters in the Hebrew range (0590?05FF).
- Fixed speakers on Apple MacBook Air 2010, they require gpio azalia(4) unmuting.
- Support large MTUs on vio(4); added support for chaining several rx buffers when receiving large packets.
- Added rtsx(4), a new driver for the Realtek RTS5209 card reader.
- Remove setting an initial (assumed) baudrate upon driver attach for many network interface cards.
- 5.2 stability fix for interoperability problem with some newer Junipers: make sure that bgpd(8) ignores the "must be zero" flags correctly and ensure that they are always reset to zero when sending updates out.
A source code patch is available.
- Prevent iked(8) VPN traffic leakages in dual-stack hosts/networks by forcibly blocking IPv6 traffic.
- Fixed wrong argument being passed to snmpd(8) control_dispatch_imsg().
- Made ix(4) compile again with IX_DEBUG defined.
- Minor update to sqlite3(1) 3.7.14.1.
- Specific last match for autogroup in cwmrc(5).
- Changed scandir(3) "select" argument to match POSIX.
- Fixed radeon(4) EXA issue, introduced in xf86-video-ati 6.14.5 with accelerated solid pictures support.
- Support the 47 and 1047 SM and RM sequences (alternate tmux(1) screen without cursor).
- Added mg(1) "make-directory" (not bound to any shortcut).
- Allow dhclient(8) "request", "require" and "ignore" as requests to create empty lists of options. Enables the removal of built-in lists or the removal of global lists inside an "interface" declaration.
- Correctly aggregate together errors from nested tmux(1) config files with source-file.
- Overriding a previous dhclient(8) ignore list will no longer leave incorrect ACTION flags lying around.
- Allow tmux(1) cmd-run-shell to accept -t option to specify the pane to display the output.
- When scrolling in copy mode with the mouse, scroll tmux(1) screen rather than moving cursor.
- Update to drm(4) libdrm 2.4.31 and add the (non-yet-linked) libkms.
- Don't toss away an existing dhclient(8) request/require list unless new list is successfully parsed.
- Add tmux(1) window-status-last-* options.
- Fix tmux(1) session choice so that preferring unattached sessions works.
- ppp(8) panics if M_ZEROIZE gets set on readonly mbufs - use M_PROTO1 and M_LINK0 instead.
- em(4) pch2/82579 fixes: modify em_oem_bits_config_pchlan for pch2; sync pch2 use of gating/un-gating hardware phy config; add 82579 phy workarounds; enable Energy Efficient Ethernet on 82579.
- Make ldomctl(8/sparc64) work on UltraSPARC T2. Enough functionality to create a configuration for a t5120 running System Firmware 7.1.x.
- Make it a dhclient(8) syntax error to attempt to store an option in a list more than once.
- ldomctl(8/sparc64) will now properly remove virtual device ports if we remove the associated channels.
- Do not require, request, or ignore dhclient(8) DHO_PAD ("pad") and DHO_END ("option-end").
- Recognise a wrong network configuration that causes mvme88k tftpboot to stall, inform user what to do.
- Clean up parsing of dhclient(8) option lists: syntactically incorrect request statements in dhclient.conf(5) are ignored; pass size of buffer being filled instead of assuming 256; always zero the passed in buffer; check for out of bounds index prior to using it.
- Don't assign the "host" MAC address to sparc64 virtual switch ports or print address for those ports.
- Better ldomctl(8/sparc64) error reporting.
- Don't segfault if no dhclient(8) subnet-mask is provided, or is marked "ignore" in dhclient.conf(5); always zero out stack masks rather than using stack garbage when no subnet-mask is provided.
- make(1) fixes: be more strict in recognising .if keyword() constructs; don't ignore unknown keywords; uniform white space handling; don't output a "." at the end of directory; complement "need an operator" fatal error message with the actual line content.
- Make login_yubikey(8) hex and modhex decoding case insensitive, to avoid shift/caps lock issues.
- Handle up to 256 different interrupt vectors on cbus(4/sparc64). This is enough for 128 channels.
- Updated to: nsd(8) 3.2.14; pixman 0.28.0; xf86-video-r128 6.9.1; xf86-video-mga 1.6.2.
- Display hardmtu value when "ifconfig(8) hwfeatures" is used.
- Add SIOCGIFHARDMTU to allow gre(4) to retrieve the driver's maximum supported MTU.
- Always pass an array of struct pf_src_node pointers to the pf(4) pf_map_addr. Avoids stack corruption.
- Use the libutil imsg framework rather than a hand-rolled local version for dhclient(8).
- Send ack on smtpd(8) "update map".
- Replace aucat(1) server by a new sndiod(1) daemon that is simpler, smaller and faster.
- Make the aucat(1) client wait for the first flow control message rather than assuming it can send a full initial data buffer.
- Update to libxcb 1.9.0.
- Sparc64 attempting to eject a CD-ROM makes the SCSI midlayer generate a READ_TOC command. Silently fail that command instead of spamming the console.
- Fixed relayd(8) strtonum(), as it can only handle a maximum of LLONG_MAX.
- Try to negotiate version 1.1 of the vDisk protocol to get vdsk(4/sparc64) media type and fake a CD-ROM drive.
- Plugged a cu(1) file descriptor leak.
- Added ldomctl(8/sparc64) and ldomd(8/sparc64) to the build.
- Delete oce(4) rx refill timeouts when bringing an interface down.
- D-Link DUB-E100 rev C1 now recognised by axe(4).
- Made the mips and powerpc gcc(1) optimiser bug workarounds permanent (i.e. applied them to all platforms).
- Allow "smtpctl(8) show queue" to run in "online" mode if the smtpd(8) server is running.
- Do not crash on stray .Ta macros mandoc(1) finds outside column lists.
- Fixed gcc(1) passing of struct by value on m68k. Lets gcc(1) version 3 reliably bootstrap itself now.
- Added atomic 32-bit cas operations to amd64 and i386. Needed for future acpi(4) global locking routines.
- Added tmux(1) halfpage commands to mode command string table.
- Use a utility function to show errors in tmux(1) config file.
- If uvm_km_kmemalloc_pla() fails when just creating a thread (and not a process), then don't decrement the total and per-user counts of processes.
- In mandoc(1) -Tman mode, support automatic word "keeps" in the SYNOPSIS (like -Tascii mode); don't escape the blank characters terminating man(7) macros.
- Make mandoc(1) generated man(7) code more portable by using .PD instead of .sp -1v.
- Don't output "$action not supported" when running rc.d(8) script from /etc/rc(8). Prevents warning at shutdown time when the script has rc_stop=NO.
- Small i386 memcpy optimisations to avoid unnecessary locks.
- Ensure that the base provided to strtol(3) is between 2 and 36 inclusive, or the special value of 0.
- Don't map a buffer (and potentially sleep) when invalidating it in vinvalbuf. Fixes a problem where we could sleep for kva, leading to invalid pointers on the next pass through the loop.
- Simplify vio(4) vio_iff(), set own MAC in unicast MAC filter (needed by virtualbox).
- Don't send iwn(4) with "advanced" bluetooth coexistence the configure coexistence command. Avoids firmware crash.
- Added initial iwn(4) support for Intel Centrino Wireless-N 1030.
- Warn about unknown volume/arch in mandoc(1) Dt macro arguments.
- Third implementation of m88k gcc(1) varags (upstream version still wrong).
- Fixed mandoc(1) for .Ap and .In trailing delimiters. Fixes the end of sentence spacing in open(2).
- Improve mandoc(1) formatting of badly nested font blocks.
- Run dhclient(8) discover_interface() before forking, so both processes will know the interface information.
- Added missing "break;" so that IFT_ETHER dhclient(8) routes are deleted as intended.
- Fixed mandoc(1) crash triggered by .Bl -tag .It Xo .El .Sh.
- Print macppc UniNorth/U3 revision number (taken from openfirmware) to show which AGP chipset is present.
- If max-prefix/restart are used in bgpctl(8), display the values in "bgpctl sh nei" output.
- No longer try to transmit packets if the vr(4) interface is not running.
- If dhclient(8) "-d" is specified, don't redirect privileged child's stdin/stdout/stderr to /dev/null.
- Updated nginx(8) to 1.2.5.
- cwm(1) tab-complete bug fixed: once exec_path is completed, allow for subsequent completion.
- Fixed dhclient(8) so "ignore subnet-mask;" will work.
- Allocate an oce(4) mailbox payload dma memory upfront, instead of per request.
- Added axe(4) support for the lenovo usb 2.0 ethernet adapter.
- Avoid segfault in the unlikely event that a NULL device is passed to tcpdump(8) priv_pcap_live().
- Allow the full range of unsigned serial numbers for ssh-keygen(1).
- Fixed username passed to ssh(1) helper program; prepare stdio fds before closefrom().
- Adjust Makefile.cross to allow cross-gcc to build using different compiler version than the target.
- Do an oce(4) OACTIVE/if_start dance only once per tx interrupt.
- Enabled hardware tx checksum offloading for oce(4).
- npppd(8) can now handle file descriptor exhaustion in the accept() case.
- Correct the first argument of agpmmap(), making possible to mmap the agp(4) aperture.
- Make sure smtpd(8) does not miss the last envelope.
- Allow bgpd.conf(5) filtering based on NEXTHOP attribute (eg "allow from any nexthop neighbor").
- smtpd(8) improvements: log more events, with each messages prefixed with a token to identify its class; implement "smtpctl(8) monitor" to display updates of selected internal counters; when reloading the on-disk queue at startup no longer commits a message if no envelope was submitted for that message.
- fmt_scaled(3) now sets errno to EINVAL (not ERANGE) if it hits an invalid multiplier, to match man page.
- Fixed a potential ldapd(8) memory leak.
- Once a rdist(1) C_RECVDIR command is sent, send matching C_END command later, even if opendir() fails or nodescend option is set.
- Fix various rdist(1) and rdistd(1) format string issues. Stop assuming time_t is long or smaller. Enable warnings.
- Fix pid matching on kernel crashdumps.
- Added support for the Intel Centrino Advanced-N 6235 to iwn(4).
- Stopped mg(1) updating character offset on the line all the time (astoundingly hostile to slow terminals).
- Fix dhclient.conf(5) "default" directive (broken in code refactoring).
- dhclient(8) supersede/append/prepend actions works again even if the dhcp(8) server doesn't send any data for the affected option (broken when the supersede/append/prepend/ignore logic was re-factored).
- Try to load the gallium3d "swrastg" driver if available, before falling back to the default mesa "swrast" one for software rendering.
- Rewrote axe(4) and smsc(4) receive filter handling code; cleaned up the ioctl.
- prevent athn(4) calling athn_detach unnecessarily if shared code was not initialised.
- Enhanced sysmerge(8) error_rm_wrkdir() to print an error message if one is passed as an argument.
- Read CPU frequency from the fixed-function performance counter of on x86 chips with constant time stamp counters. Lets sysctl(8) hw.cpuspeed and hw.setperf reflect correct values.
- Per POSIX, fix raise(3) and abort(3) to send the signal to the current thread.
- Don't sync oce(4) dma memory for the whole ring when updating a single entry.
- Ported most gcc(1) version 2.95 m88k fixes to the gcc(1) version 3 codebase.
- Improved oce(4) flow control code.
- No longer disable VLAN promiscuous mode, so oce(4) can receive ethernet packets with VLAN tags.
- libtool(1) now properly filters symbols on elf(5) systems; runs nm(1) on every object and static library we might need, so we don't lose anything; allows for the result to be empty.
- Fixed libtool(1) get_symbollist: output completely empty file if no symbol; and more debug info.
- oce(4) driver now matches hardware, to support mtu values from 256 up to 9000.
- When halting the oce(4) rx engine, avoid firmware DMA'ing into the freed cluster.
- Fixed kernel builds without bpf(4).
- Close dhclient(8) routing socket fd leak when deleting old address.
- Fix arp(8) so "route -Tx exec arp -an" uses the process rdomain, but still allow command line overrides.
- Don't depend on IFCAP_CSUM flags when configuring ix(4) rx checksumming; corrected an incorrect usage of IXGBE_RXCSUM_PCSD.
- Plugged cwm(1) leak when using "unmap" for kbd/mouse bindings.
- Fix vfs(9) and uvm(9) to allow the cleaner and syncer to run even when under intense memory or kernel virtual address pressure; correct cleaner and sleep/wakeup cases when memory and kva are low.
- Enable %tick access for userland on sparc64 sun4u systems.
- Tab completion support for cwm(1) menus.
- make(1) no longer kills trailing spaces (not shared by other makes, or any standard).
- oce(4) no longer depends on IFCAP_CSUM flags set when reading rx checksumming results from the hardware.
- Fixed dc(1) fractional number exponentiation (including for negative exponents).
- Always setup lo0 with 127.0.0.1/8 when configuring the network, whether installing or upgrading.
- Added pci(4) recognition of video and host bridge found on new Atom motherboard.
- For dc(1) exponention, only warn if the fractional part of the exponent is non-zero; avoid div by zero.
- Removed smtpd(8) mta_session "is_reading" hack and simplified the read/write logic.
- Workaround for pkg_add(1): don't tie python files for now, so timestamps don't trigger recompile.
- Make pkg_add(1) force pkglocatedb-- when auto-installing.
- Fixed a bug where the return value of if_exists() was not checked correctly if the interface disappears while pflogd(8) is running.
- Ensure that pflogd(8) if_exists() always closes its socket before returning.
- 5.2 stability fix for relayd(8) check icmp.
- Use myx(4) SIMPLEQ-based packet descriptor managing code for oce(4).
- Call in[6]_proto_cksum_out() unconditionally, to fix checksum issues seen on ramdisk kernels.
- Fixed memory leak in error paths for synaptics(4) and alps.
- Backport a powerpc --relax fix present in binutils 2.17. Allows mozilla trunk to finally link again.
- Switched sparc to timecounters.
- Show last tmux(1) client activity time in the default choose-client list.
- Typedef'd pthread_key_t to an int instead of a volatile int. Allows webkit with --enable-debug to build.
- Run chown(8)/chgrp(1) only if the preceding mknod(8) call worked.
- Properly clear the dhclient(8) UP flag when forcing interface down/up, rather than setting all flags to zero.
- Make ldomd(8) consume ACKs when doing large sends.
- ldomctl(8) support for listing/selecting configurations store on the SP.
- Call service start function if a particular ldomd(8) domain service has been successfully registered.
- Include declaration of sparcDriverName() to fix segfault on sunffb graphics.
- Switch mvme68k to timecounters.
- Remove default of AuthorizedCommandUser from sshd_config(5). Administrators are now expected to explicitly specify a user.
- Stop dhclient(8) and resolv.conf(5) passing interface names around needlessly when creating/flushing routes.
- Fixes for resolv.conf(5) handling: Don't leak a file descriptor if there are no contents for resolv.conf(5), and delete this file if it is zero-length; allow for only resolv.conf.tail to go into resolv.conf.
- Fixed potential mg(1) memory leak, found by llvm.
- Don't leak a mg(1) file descriptor when testing for permissions; make sure directory is executable, otherwise we can't list it.
- Introduce better and simpler oce(4) producer/consumer queue iterator implementation.
- Remove 13 years old compiler bug workaround in m68k pwd_mkdb(8) code.
- Avoid some misaligned accesses. Lets dhclient(8) work again on sparc64.
- Added smtpd(8) "kick counter" to detect and disconnect clients that hog the session.
- New malloc(3) option "U" to "free unmap": guards/unmaps freed allocations without disabling chunk randomisation. Offers better defence against "heap feng shui" style attacks.
- Unstick bgpctl(8) reload after reloading a bgpd.conf(5) that contains errors.
- Stop dhclient(8) adding a "nameserver" line to resolv.conf(5) if the nameserver in question is the empty string.
- Consistency and robustness improvements in smtpd(8) mda.
- Make smtpd(8) counters more informative in the scheduler: number of envelopes added or cancelled; properly report envelope counts, as well as the outcome of deliveries.
- Watch the non-privileged end of the pipe to the privileged dhclient(8) child process. So when the child dies, the parent exits immediately.
- Include tcp/udp.h unconditionally to unbreak rd(4).
- Don't let aucat(1) insert twice recorded wav files (-o) on the list of recorded files.
- Fixed aucat(1) crashes when wav_close() is called on uninitialised wav structure.
- Use dedicated messages for flow control (instead of clock tick) and enable flow control for aucat(1) MIDI.
- Switched alpha to per-process astpending.
- Repaired __tfork_thread(3) operation for alpha.
- When possible, have vcc(4/spar64) send multiple characters per packet; stop sending when the transmit queue is full; set a timeout to avoid stalling.
- Stopped acpitz(4) showing Kelvin units; fixed Celsius measures (no longer off by a factor of 10).
- Forcibly delete all existing ipv4 addresses from an interface as dhclient(8) binds new lease to that interface. Fixes unexpectedly persistent addresses and failures of dhclient(8) when switching an interface repeatedly between different networks.
- Enable softraid boot support for i386 cdboot(8) and pxeboot(8).
- Make i386 cdboot(8) and pxeboot(8) work correctly when it is larger than 64KB in size.
- Enable softraid boot support for i386 boot(8).
- Add support for Intel's Supervisor Mode Access Prevention (SMAP) feature to i386 and amd64.
- Some fixes for the vio(4) receive filter handling.
- New sshd_config(5) option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem.
- Removed dhclient-script(8) and dhclient.conf(5) "script" directive. Do all interface and route configuration via ioctl's and routing sockets.
- Prevent underflows in pfsync(4) and pflow(4) by using signed variables.
- Use monotonic time_uptime for pfsync(4) and pflow(4) expiration values as time_second can be skewed at runtime.
- Bump the default number of descriptors in ix(4).
- On UltraSPARC T1/T2, block the current strand while spinning so other strands can do some useful work.
- On cwm(1) reload, look for ignore and bwidth changes; ensure existing maximised windows don't inherit new bwidth.
- Attach the synaptics(4) driver to elantech touchpads during auto-configuration.
- Make amd64 cdboot(8) and pxeboot(8) work correctly when they are larger than 64KB in size.
- Enable softraid boot support in amd64 cdboot(8) and pxeboot(8).
- Added support for Elantech touchpads to pms(4), so X synaptics(4) driver can configure these touchpads properly.
- Teach wsconsctl(8) about the elantech mouse type.
- Limit the number of smtpd(8) messages/recipients that can be enqueued on a single SMTP connection.
- Changed dhclient.conf(5) directive 'ignore' to take a list of option names rather than list of option declarations. e.g. "ignore routers;" instead of "ignore routers 1.2.3.4;"
- Made it possible to use ldomctl(8) to reconfigure when ldomd(8) is running.
- Fix ldomd(8) var-config response messages. Makes OpenBoot stop complaining about not being able to update LDOM variables.
- Use ldomd(8) to provide the var-config domain service to all the currently configured guest domains.
- Give ldomd(8) its own copy of the domain services support code and modify it to handle multiple channels.
- All softraid(4) boot(8) support is now enabled by default, including support for booting from crypto volumes. Can be completely enabled or disabled at compile time.
- Made sndio(7) midi code use non-blocking i/o like the other audio code.
- Check that sndio(7) polled fd number is smaller than SIO_MAXNFDS, and crank maximums.
- For sparc64 devices that attach to cbus(4/sparc64), disable interrupts up-front and explicitly enabling them later than the other way around.
- Fixed potential mg(1) memory and fd leak.
- Fix for perl(1) CVE-2012-5195.
- Work-in-progress code for ldomd(8), a daemon running in a sun4v control domain that provides some essential services to guest domains.
- Don't abort ldomctl(8) when we try to reset the logical domain channel.
- Fixed previous revision, which would prevent grtwo(4/sgi) boards from being recognised.
- Properly clear hppa trap frame in setregs() to avoid leaking registers across exec.
- Disabled rc.d(8) reload, since SIGHUP kills smtpd(8).
- Handle the case where smtpd(8) writev() fails with EAGAIN.
- Made oce(4) oce_mbox_{dispatch,wait} more readable and use less bitfields.
- Simplify/unify writes to the oce(4) rx and tx doorbell registers.
- Use an external chunk of DMA for oce_set_promisc, so the commands sent to oce(4) fit in memory.
- Added syslog support to nginx(8) in base.
- Added ability to active pane in tmux(1) list-windows and find-window formats.
- Fixed tmux(1) BELL_NONE which had become broken; also don't redraw unnecessarily.
- Fixed bad size in tmux(1) memcpy.
- Allow the smtpd(8) mda to deal itself with session limits, to makes the server handle envelope bursts more efficiently.
- Use correct file for mg(1) revert-buffer; do not ignore abort.
- Fixed fringe make(1) case where argument length is around 140.
- Treat cwm(1) menu width the same as the height is treated when deciding its max size and location.
- Stop drawing when cwm(1) menu doesn't fit inside the screen.
- Added a new iked(8) option -t to optionally enforce NAT-T with UDP encapsulation on port 4500.
- Fix NAT-T support in iked(8) , both on the initiator and the responder side.
- Add jme(4) flow control support.
- Provide mii(4) flow control status.
- Add (r)evert prompt to mg(1) "File changed on disk; really edit the buffer" prompt.
- Check for dirty buffer on mg(1) buffer change.
- Add flow control support to gem(4).
- Fix the oce(4) multicast filter full size check.
- Bugfix for userland program attempting to do a semop(2). Kernel returns ENOSPC rather than panics.
- Repaired maestro(4) pci powerstate handling and resumes.
- Add the IP_DIVERTFL socket option on divert(4) sockets to control which packets (as in direction) of the traffic will be diverted through the divert socket.
- Add domain services support code to ldomctl(8) and use it to fetch the PRI (Physical Resource Inventory) from the service processor.
- Implement vr(4) transmit DMA segments.
- Fix hardware kill switch detection for the ar9300 chip family.
- Fixed a potential double free in mg(1)
- Make xf86-video-intel hdmi modesetting code handle multiple display pipes.
- Simplify xl(4) for multicast ranges.
- Convert ethernet driver code which predates pci_set_powerstate() to using it instead.
- Numerous make(1) error message fixes.
- Switched luna88k to timecounters.
- Disallow pf.conf(5) tables and address pools for rdr-to, nat-to and route-to with any other scheduling algorithms than round-robin or least-states. Stops pfctl(8) accepting invalid address pools.
- Cleaned up more of the pckbc(4) driver soft-state when suspending.
- Enable sparc64 vldc(4) and vldcp(4).
- Renamed hvctl(4) to vldcp(4), since this driver now handles other services as well.
- Make the ath(4) iv show up properly for big endian bpf(4) consumers.
- Add support for multiple channels on sparc64 hvctl.
- Add domain utilisation to status display to ldomctl(8).
- Change amd64 PCI memory extent to cover the whole 64-bit memory space; fixed erroneous extent allocation panic on IBM x3100.
- smtpd(8) MAX_RULEBUFFER_LEN was too small, bumped.
- -r switch and -d depth option added to mput command of ftp(1) client.
- Added support for recursive ftp(1) upload.
- In ldomctl(8), specify domains by name instead of by number, provide status of all domains if none specified.
- Implement "smtpctl stop" in smtpctl(8).
- In sd(4), do a flush of the disk before hibernate to clear the buffer cache.
- Limit the number of per-user mda (external program) deliveries that smtpd(8) can be running at the same time, to cope with long-running filters in .forward file.
- Limit number of envelopes sent by the smtpd(8) queue to the mda, to avoid file descriptor exhaustion.
- Beginning of ldomctl tool, to control sun4v logical domains. Currently can start and stop domains.
- smtpd(8) will now enforce different permissions on different files in ssl_load_file().
- Avoid some unnecessary aliases expansion in smtpd(8).
- Move xl(4) WOL activation to DVACT_POWERDOWN (instead of doing it twice).
- Stop xl(4) putting itself into D3 mode when going to WOL; allow pci(4) subsystem to do that based on BIOS information if it needs to.
- When smtpd(8) makemap is executed in sendmail mode, check if ".db" is part of the filename and imply it otherwise so "makemap hash /etc/mail/aliases < aliases" works.
- smtpd(8) alias expansion and ruleset matching code now checks for failure to distinguish between "no match" and "internal error" (e.g. missing or broken db file)
- Added I-O DATA RSA-PCI2 support to pci(4).
- Implement mg(1) "revert-buffer", which reverts the current buffer to on-disk copy.
- Fixed make(1) infinite loops on regexps that match the empty word, instead advance by one char and repeat.
- Extend smtpd(8) "retry" field to 16 bits. Former size too small for quadratic retry formula.
- Fixed "disable lidsuspend on shutdown" in init(8).
- Replaced "from all" and "for all" with "from any" and "for any", and "all" with "any" in smtpd.conf(5).
- Fixed make(1) cond parser to be able to handle .if 5 < 7 directly.
- Initialise the protected mode IDT after zeroing .bss to fix pxeboot(8/i386).
- smtpctl(8) can display envelopes and messages using their id. Allows easier queue inspection.
- Mark if smtpd(8) alias node has been expanded from an alias map, as local deliveries expanded from alias map are run as user _smtpd.
- smptd(8) will now show the port number for a relay if specified.
- Revert dhclient(8) r1.155. Routing breaks if dhclient-script(8) flushes the interface's routes when the interface is down.
- Fix the relayd(8) hash http filter action to initialize the hash key correctly.
- Clear ieee80211 powersave flag and purge queued packets when a node leaves the AP. Fixes issues with power saving.
- Allow smtpd(8) listen statement to impose tls on its clients.
- smtpd(8) will reject ssl key/certs/CA/DH files if their ownership/permissions are not correct.
- make(1) engine change: prevent jobs from stomping on each other's files. Fixes races in make -j4 build in src.
- Add nscan as a disk queuing algorithm, make it the default with n = 128. Better performance for long sequential writes.
- Limit writes in flight to disk from buffer cache (via bufq) to a high water mark.
- Teach amd64 boot(8) how to access a softraid crypto volume. Allows for full disk encryption. Currently disabled by default.
- Enabled Supervisor Mode Execution Protection (SMEP) for i386 and amd64, found in recent Intel chips.
- Fixed X(7) xserver re-opening mouse after VT-switch.
- Revamped suspend/hibernate -> resume. If suspend sequence fails, now possible to recover along the resume code path.
- Provide a mechanism for kernel to pass data through to the discipline during softraid(4) volume assembly.
- If amd64 booted from a bootable softraid(4) volume, always select the srX device unless the "a" partition of the disk is FFS.
- Force MIT-MAGIC-COOKIE auth for all displays, like we do for :0.
- Updated nginx(8) to 1.2.4.
- Reduced the difference between i386 and amd64 versions of the speedstep code.
- smtpd(8) will now skip RR if type is not MX. Use hostname if the list of MX is empty after the loop.
- Align hppa stack on a 64-byte boundary, so gcc(1) can properly align stack variables.
- Provide a sendmail(8)-like interface to makemap so that some tools that assume sendmail(8) do not break.
- Bump max number of connections to a route from 5 to 10 in smtpd(8).
- Updated xkeyboard-config to 2.7.
- Stop gcc(1) from wrapping system headers with an implicit extern "C". Unbreaks the webkit port.
- Add basic support for ivy bridge to xf86(4)-video-intel; allows multiple display pipes to work.
- Point interface directly to its bridgeport configuration, instead of to the bridge(4) itself, to improve performance.
- Default map source to S_PLAIN, this allows us to simplify smtpd.conf(5).
- Delay the smtpd(8) call to log_debug() for displaying the backends used until the "real" debug mode is set.
- Added umac128 variant to ssh(1).
- change smtpd(8) to from=<...>, to=<...> instead of to=<...> for logging.
- Use information provided by acpi(4) to attach secondary pci(4) host bridges.
- Stopped smtpd(8) backup MX trying to connect to itself and bounce in the loop detection code.
- Use a buffer large enough to fit a smtpd(8) mailaddr user-part, to avoid a fatal error.
- Disallow smtpd(8) root deliveries for "deliver to filename" and "deliver to mda" rules. Users should create a root alias instead.
- Stop smtpd(8) trying to cope with iobuf_init() failure, make it fatal() instead.
- Only show relayd(8) "inflight" debugging message if compiled with DEBUG > 1.
- Inherit and pass the relayd(8) relay table flags correctly.
- Support more than one relayd(8) relay backup table.
- Attach uath(4) to D-Link WUA-2340.
- make(1) changes: put back some job control that's necessary when we don't run a shell; improved debugging and -p output to sort variables, targets, rules, output stuff in a nicer format mimicing input; better error message when no command is found, explain where the target comes from; sort final error list by file; show system files in errors as ; reincorporate random delay; and optimise siginfo output by not regenerating the whole string each time.
- Allow tmux(1) session tree (C-b s) to expand and collapse sessions with left/right/space keys.
- Fixed ssh(1) -z option, broken in revision 1.215.
- Add some random PEN (private enterprise numbers) to snmpd(8).
- Support 0.0.0.0 and 255.255.255.255 IPv4 addresses in snmpd(8). Fixes aborting address traversal / SNMP walk when an "any"/0.0.0.0 address was configured on an interface.
- When outputting to stdout and compress(1) would grow the file, exit normally instead of with a value of 2. Also avoids unlinking the file "stdout" in the current directory in this case.
- Added decision to the smtpd(8) rule so that we can properly perform a "reject from" or "accept from" match.
- Fixed baud rate setting on uslcom(4) CP1201/2/3 devices; add support for hardware flow control.
- Fix address family for ipv6 bpf(4) packet capture in pipex(4).
- Add support for the Adaptec 39320LPE controller.
- When merging messages from an update, and message already exists in the main queue, don't count it twice.
- Use a smaller buffer size when not attached to a high speed/usb2 controller. Fixes smsc(4) with usb1 controllers.
- Fixed a tmux(1) file descriptor leak.
- Fixed smtpd(8) memory leak in case of fdopen() failure.
- Don't report link status unless ale(4) interface is up. Status is only valid when the interface is up.
- Add support for VLAN sized frames to se(4).
- Added D-Link DGE-530T support to re(4).
- Log final user and method used for local deliveries in smtpd(8).
- Correct iked(8) DPADD to not list libssl, which it does not use.
- Fixed aucat(1) master volume slider stuttering in MIDI programs.
- Stop the space char completing a file name in mg(1). Mimics more recent versions of emacs.
- Add minimal support for gen7/ivybridge in inteldrm. Manages memory; no attempt to setup the rings.
- Add tmux(1) notification for input from a pane.
- Fix tmux(1) search forward so it can match strings on the last line, SF bug 3571114.
- pf(4) now enforces a more sane 'frags' limit.
- Added tmux(1) control_write_buffer.
- Better tmux(1) test for when recovering current working directory.
- Use ACS characters for tmux(1) choose-tree arrows.
- Allow route(8) -T 3 add to create a table even if the table does not exist yet. The only way to create alternate routing tables.
- Enable bgpd(8) graceful restart by default. Disabled per neighbour with "announce restart no".
- Unlink imake and cf from build. This now is in ports.
- On i386, make sure we send MSIs to the primary CPU like we do on amd64.
- Fix for VU#624931 CVE-2012-2978 to to 5.1-stable: nsd(8) denial of service vulnerability from non-standard DNS packet.
- smtpd(8) now logs envelope status in a uniform way, automagically adding a rcpt= field if "dest" differs from the original "rcpt".
- Fixed sftp(1) handling of filenames containing escaped globbing characters, and escape "#" and "*". Also, fixed improper handling of absolute paths when pwd(1) is part of the completed path.
- relayd(8) file descriptor accounting for relays: reserve fds for unopened connections to backend servers.
- Major overhaul of the way make(1) handle jobs.
- Added sensor types to sensor framework: pressure (10^-3 Pa); distance (10^-6 m); acceleration (10^-6 m/s^2).
- Fixed ospf6d(8) kroute code to read the scope of the route correctly.
- pfsync(4) now restores carp(4) demotions, so it won't leave the machine in a demoted state.
- Don't filter spanning tree BPDUs. Either process, or forward them (avoids bridging loops).
- Added driver for Toradex OAK usb sensors: uoaklux(4): LUX USB illuminance sensor; uoakrh(4) USB temperature and relative humidity sensor; uoakv(4) USB +/- 10V 8channel ADC interface.
- Enable npppd(8) and npppctl(8) in default build. Add npppd(8) to rc(8) and install sample configs to /etc/.
- Allow ntpd.conf(5) to assign a stratum to a sensor with the syntax "stratum ".
- Be consistent between installer and useradd(8), and put newly created users into their own primary group. Does not change existing installations that already have a usermgmt.conf(5).
- Lower pf.conf(5) frags limit. Avoids running out of mbuf clusters when dealing with lots of IP fragments.
- Set up i386/amd64 pci(4) bus number resource accounting for the main PCI bus hierarchy.
- Add resource tracking for pci(4) bus numbers. Stops attaching the same bus twice.
- Add i386/amd64 support for the rdrand instruction found in recent Intel processors.
- When a socket(2) is spliced, it may not wakeup the userland for reading. Avoids race condition.
- Added drivers for virtio(4) network (vio(4)) and block devices (vioblk(4), the disks attach as scsi disks).
- Fix relayd(8) ICMP checks by setting the socklen correctly before calling recvfrom().
- Several tweaks to make mpi(4) work for vmware emulated sas adapters, and improved error reporting.
- Once resolv.conf.saved has been copied back as resolv.conf(5), delete so it isn't copied again the next time a dhclient(8) goes away.
- Support the Lenovo ThinkVision LT1421 (portable displaylink monitor) with udl(4).
- Added udl(4) support for 1366x768 widescreen displays.
- Wait until all pci(4) transfers have finished before giving up DMA buffer mappings.
- New configuration syntax for npppd(8). npppd.conf based on parse.y; npppd-users based on getcap(3).
- Add bounds check on sftp(1) tab-completion.
- Print the weight in the bgpctl(8) "show rib" detail output.
- Don't accept dhclient() leases that offer a subnet that is already configured on an interface.
- Add 2 new knobs to usermod(8): "-U" to unlock an account; "-Z" to lock an account.
- When a link is lost, call dhclient-script(8) with reason "FAIL". Removes 'dead' routes.
- Added IPV6_RECVDSTPORT socket option. Enables ip6(4) to get original (= before divert) destination port of a UDP packet.
- Fix relayd(8) statistics.
- Fix format expansion in smtpd.conf(5) to be less confusing.
- Fixed a smtpd(8) bug where local sessions were not accounted for.
- Simplify fw_update(1) detection of release/stable vs. snapshot kernel.
- Recognise executables tagged with ELFOSABI_OPENBSD as native executables. Fixes Go language port.
- Add initial SNMPv3 support to snmpd(8). Configuration is described in snmpd.conf(5).
- clear old ssh(1) keys on re-keying.
- Improved xf86-video-intel hack to restore text mode on ironlake/sandy bridge.
- Ensure we have at least two smtpd(8) descriptors per-client accepted, to avoid fatal when client sends DATA, and we don't have a descriptor for it.
- Allow smtpd(8) queueing to work properly when IPv6 disabled.
- Encode ipsecctl(8) transform parameters in the transform name, too. Unbreaks setups that allow multiple transforms for a connection.
- m88k does not have the m68k long double type, so don't build long double libm routines.
- Don't read the sndiod(1) xrun counter before the offset in the audio ring. Stops potential timing error.
- When printing smtpd(8) ioev, do not segfault if there is no associated iobuf. Also give info about the cipher if there is an ssl(8) context.
- Check limits before allocating the smtpd(8) session.
- Tell make(1) that "!" is a shell reserved word, this lets "test: ! pgrep process" work, without trying to look for a '!' command.
- Stop xinstall unlinking destination if we can't open the source file. Avoids race condition and fixes a problem with databases/ruby-ldap.
- Fix malloc(3) precedence bug (& has lower precedence than !=).
- Simplify the way we call the rc.d(8) script in "restart".
- Added mii(4) code to support recent chips which have phys in locations other than phy address 1.
- Define empty CDIAGFLAGS for programs that use Werror. Makes "make build" build with WARNINGS=Yes on amd64.
- Fixed a sasyncd(8) race condition which would cause segfault.
- Better bgpd(8) graceful restart support. Implements only the "Restarting Client" bits of the RFC. Off by default ("announce restart yes" to enable it).
- Prevent detection of bogus libraries by ldconfig(8).
- Cherry-pick upstream's commit to convert the openchrome driver for compatibility with xserver 1.13.
- Simplify smtpd(8) scheduler by making it a quadratic delaying (delay derived from the retry count).
- Initialise smtpd(8) fd correctly. Fixes many problems.
- Support uftdi(4) FTDI FT2232H.
- Removed "OLF method" used for transition from a.out to elf(5), and compat layers.
- Fixed some smtpd(8) scheduling loop issues and handle envelope scheduling/expiration better.
- Add checks before deciding vmt(4) vmt_probe has succeeded. Prevents doomed attempts to attach on qemu, while allowing it to still work on vmware.
- sh architecture moves to PIE.
- Cleanup vfs(9) mount string handling.
- Added missing pppoe(8) IPv6 congestion indicator code, and drop the unencrypted packets when the MPPE is required.
- Fake a sigwinch after each job, so if the terminal changes size, ksh(1) will notice and update.
- Allow cwm(1) clients to be resized from a max state.
- Set use_collect2 on m88k. IMPORTANT: recompile/reinstall libc, libobjc, libpthread and libstdc++ immediately after installing the new gcc.
- Updates to: xf86-video-wsfb 0.4.1; xf86-video-wsudl 0.2.2; xf86-video-wildcatfb 0.0.2; and xf86-video-dummy 0.3.6.
- Reverse the order that ctors and dtors are run. Fixes gcc(1) C++'s init_priority attribute.
- Switch hp300 and landisk to timecounters.
- Wrap all the agp(4) glue with "if __OS_HAS_AGP" in such form that it is true if the agp(4) driver is present.
- Update to: xf86-video-s3 0.6.5; xf86-video-s3virge to 1.10.6; xf86-video-sis 0.10.7; xf86-video-tdfx 1.4.5; xf86-video-trident 1.3.6; xf86-video-mga 1.6.1; xf86-video-r128 6.8.4; xf86-video-savage 2.3.6; xf86-video-vesa 2.3.2; xf86-video-siliconmotion 1.7.7.
- Plug a race where we're trying to kill a traced process while it is already exiting.
- Bump amd64 CPU feature strings to 12 chars, since some names are now 8 characters long.
- Call pci_min_powerstate() to determine the lowest possible powerstate instead of hardcoding it to D3.
- Fixup a mpii(4) memory access fault on an invalid reply.
- Make mg(1) C-r not screw up the line counter if the pattern ends up not matching.
- Create IPv6 privacy addresses even if static IPv6 addresses are present. Restores ability to use privacy addresses for outgoing connections and static addresses for incoming connections (broken by r1.62).
- Make ssh(1) muxmaster run with -N shut down gracefully when a client sends it "-O stop".
- Print '^Z' instead of a raw ^Z when the sequence is not supported by ssh(1).
- Removed compat_aout support for i386.
- Make all dos file names 11 byte array. Fixes "panic: smashed stack in msdosfs_rename.c".
- Make the ssh(1) escape command help (~?) context sensitive, so only commands that will work in current session are shown.
- shorter display for minor pkg_add(1) updatesets, "foo-0.0->foo-1.0" becomes "foo-0.0->1.0".
- Add ssh(1) ~v and ~V escape sequences to raise and lower the logging level respectively.
- ksh(1) sh -c should not munge argv[]. Fixes ps(1) -ww output.
- rm(1) will now overwrite with random stream (a repeating chunk of random data isn't random at all).
- COMPAT_O48 turned off in GENERIC kernel.
- Implement basic (blocking) YP support for getaddrinfo_async(). YP is now supported on all relevant resolver functions.
- Handle empty list properly in tmux(1) choose-list.
- tmux(1) can't tell what a terminal has done with a DCS string, so reset cursor and attributes afterwards.
- When running fw_update(1), don't let pkg_add(1) turn interactive, and waive the @ask-update questions.
- rtadvd(8) config code no longer truncates a pointer to int, before checking the low bits.
- rm(1) now only does one random overwrite, as this is deemed sufficient.
- crypt(3) now uses arc4random_buf(3) to fill buffers.
- Added support for -fPIC to sparc.
- Fixed log_err() calls in sasyncd(8).
- Fixed the smtpd(8) example filter to match current API.
- Resolve unchecked malloc(3)s in scsi(8).
- Teach as(1) about rdrand on i386/amd64.
- Use the correct index when adding item in tmux(1) choose-tree.
- When choosing a pane found by tmux(1) find-window, switch to that pane rather than just the window.
- Added cmd-choose-list to tmux(1), to allow arbitrary options to be selected.
- Send notifications to control tmux(1) clients. Also don't redraw client when suspended.
- Start with stdin disabled, so tmux(1) doesn't eat anything (eg pasting commands).
- Unbreak compilation of umidi(4) when no DIAGNOSTICS are defined.
- Make profiling work on hppa.
- Take hppa to PIE as well.
- Be nice to the sndiod(1) server and align data packets to audio block boundary.
- Enable PIE on alpha.
- Always update ifi->linkstat in dhclient(8) dispatch() loop.
- Remove support for smtpd(8) encrypted queue, to be reintroduced later.
- gcc(1) fixed to stop segfaults on landisk when building mysql; PR #28467.
- Show more precisely what the problem is when using pkg_add(1).
- Make rc.d(8) "-f" only affect the "start" action.
- Compile ld.so(1) with debug info. Helps ld.so(1) hacking and easier to debug code that uses dlopen(3).
- Allow "filename too long" error message to be seen; error now stops mg(1) exiting when C-x C-c is called.
- Enable PIE on amd64, mips64(el) and sparc64.
- Switch gcc(1) to use __guard_local instead of __guard. Allows GCC to emit -fstack-protector code that doesn't need GOT indirection for accessing __guard.
- Wake on LAN support added to nfe(4).
- Reset an mg(1) errno, so we can save a new file in a directory where permissions are ok.
- On SPARC64 VI/VII CPUs, sleep while spinning (may let another thread do some useful work).
- Stop ipsecctl(8) issuing a spurious "force" when "group none" is specified.
- When reloading envelopes from disk, skip ones already known to the smtpd(8) scheduler.
- Correctly free the smtpd(8) mta task if all rcpt where rejected; fix refcounting; add some stat counters.
- Moved pmdb(1) to the attic.
- Fixed pf(4) sloppy state tracking missing half the connection in asymmetric setups and ignoring state match in icmp(4) direction checks.
- Use (rate / 15) as block size in aucat(1) off-line mode, to ensure the block size stays below SHORT_MAX.
- Stop odd things happening in mg(1) cursor and line counter if you open an already open buffer via C-x C-f.
- Allows user to decide what to do with buffers experiencing write errors during C-x C-c (exiting mg(1)).
- Remove libexec/tftp-proxy now we have usr.sbin/tftp-proxy(8).
- Code added to eventually support Multi-Threaded Processing on Fujitsu SPARC64-VI and SPARC64-VII CPUs.
- Fixed random SIGSEGVs during single-stepping on hppa.
- Test exit status of compiler by pulling it out the pipeline, so mkdep(1) can fail if the compiler does.
- Build libdrm_radeon on macppc too, required for upcoming drm(4) support. Also, build r200 and r300 dri drivers on macppc.
- Our gcc(1) _mcount doesn't use profile counters. Partially fixes profiling on hppa (things link now).
- Make update-moduli append the 6kbit and 8kbit params so that we can trivially regen the <=4k bit ones.
- Update to openssh-6.1.
- Do not add SLAAC or privacy addresses when a static address in the same prefix already exists.
- Add support for PIE-by-default in both ld(1) and gcc(1).
- Update to nsd(8) 3.2.13.
- Don't enable nginx(8) "sendfile", which does not work on OpenBSD.
- Make mg(1) more like emacs when opening new buffer: if parent dir is read-only, make buffer read-only; if parent doesn't exist; print message and create buffer as readable.
- Don't force order of cp(1) file and dir creation, was an optimisation with no measurable effect.
- Always sysmerge(8) compare master.passwd(5) and group(5) regardless of their sums, to ensure no system user(s)/group(s) are missing.
- Instead of tmux(1) requiring a prompt to enter all numbers >10, go back to 0-9a-z, add A-Z and enter the prompt when M-0 to M-9 are pressed (like copy mode).
- Fixed dhclient(8) startup causing initial DHCPDISCOVER/DHCPREQUEST packets to be sent multiple times.
- Hook up nginx(8) to rc(8).
- Bugfix rewrite of the smtpd(8) disk-queue traversal code, and log bogus files found.
- Use the same compression algorithm, gzip, for smtpd(8) message file and envelopes. Allows inspecting compressed queue with gzcat.
- Allow compression of messages and envelopes in the queue. To use, add "queue compress" in smtpd.conf(5).
- smtpd(8) lka must not start servicing requests until it receives full config from parent. Disable imsg from other processes until then. Fixes some races.
- Pause smtpd(8) accepting clients while below fd reserve limit (or if we fail).
- Better detection of the st16650v1 (with broken fifo). Avoids false positives (eg MPC8347 DUART on socppc).
- Sparc64 v445 has touchy sleep mode registers, so skip the wakeup code if we are a serial console.
- Add support for power saving in athn(4) Host AP mode.
- smtpd(8) live profiling of events: "-T profiling" will log_trace(); "-T profstat" will push info to stats API with type STAT_TIMESPEC under key profiling.imsg.*.
- Log pause/resume from the administrator to smtpd(8) maillog.
- Make make(1) wrong variable specs (unterminated) parse errors; add info to be able to pinpoint parse errors at runtime; let job runners abort when a parse error happens while expanding a variable during execution; fix an infinite loop when compiling without FEATURE_RECVARS.
- Log forced removal and expiration of envelopes to smtpd(8) maillog.
- When an smtp session fails and IMSG_QUEUE_REMOVE_MESSAGE is sent to the queue, also notify the smtpd(8) scheduler so it can rollback the current update.
- Added smtpd(8) stat counter for the number of envelopes inflight.
- In smtpd(8) envelope ascii dump/load: remove loading of evpid; don't dump the msgid; ignore msgid at load.
- Update to unbound 1.4.18 (not yet linked to the build).
- Enhance -v mode of smtpd(8) "sendmail" binary.
- Support for Andrew File System and NNPFS removed from the kernel.
- Fixed smtpd(8) multiple recipient support.
- Added smtpd(8) -N for sendmail compat DSN support; unlimited for now.
- Fix race in ral(4) rt2661 Tx interrupt processing which can cause Tx processing to get stuck with OACTIVE set, requiring "ifconfig ral0 down up" to un-wedge.
- To protect assumptions inside systrace(1), don't let systrace file descriptors be shared between processes.
- Build the kernel with -fno-pie.
- Open a remote file/device with the same dump(8) flags we use when opening a local one.
- Add ignore keyword to dhclient(8) conf file, allowing one to ignore unwanted info from the server without specifying a supersede value.
- netstat(1) -h flag added, to print human numbers in conjunction with -w -b
- Allow smtpd(8) to work as a backup MX, relaying only to MXs with higher priority in the DNS record.
- smtpd(8) will try to connect to next host if an IO error occurs before the mta is ready to send a mail.
- Reverse name and meaning of the IFXF_INET6_PRIVACY interface flag (now called IFXF_INET6_NOPRIVACY). IPv6 privacy addresses are on by default without resetting the flag during ifconfig(8) down/up.
- Fix define of endianness macro used in drm code. Makes radeondrm(4) usable on big-endian archs.
- Update to nginx(8) 1.2.3, and merge in pcre-8.31.
- Fix up tmux(1) window reference counting, don't crash if rename timer fires when window is dead but still referenced.
- Added -q "silent" option to pkill(1), similar to grep(1).
- Added support for .openbsd.randomdata sections and PT_OPENBSD_RANDOMIZE segments to kernel, ld(1), and ld.so(1).
- Bump smtpd(8) MAX_LINE_SIZE and SMTP_LINE_MAX. Fixes some crashes and "line too long" errors.
- Stop sending more bytes than necessary with smtpd(8) IMSG_STAT_*.
- Chroot smtpd(8) scheduler in /var/empty instead of /var/spool/smtpd.
- Added mfii(4) support for chaining a list off a request frame if it runs out of space for entries.
- Stop unsetting sysmerge(8) NEED_NEWALIASES too soon, so warnings aren't missed.
- Skip putting a com(4) port in sleep mode when used as serial console. Allows sparc64 v445 to work flawlessly.
- Fixed smtpd(8) smtpctl schedule-all and schedule-id .
- Avoid crash when removing non-existing smtpd(8) envelope.
- Add warnings on smtpd(8) io errors to help diagnosis.
- Introduce smtpd(8) stat_backend, an API for pluggable statistic backends. Statistics: are no longer static structures in shared memory; are only set (smtpd never uses them in its logic); each is a key/value where key can be any (dynamic) string.
- Fixed loongson kernel panic when attempting to select glxpcib timecounter as the current timecounter.
- Disallow empty smtpd(8) domain/address sent after HELO/EHLO command.
- Major update of the smtpd(8) mta internals.
- Limit the number of smtpd(8) bounce sessions running at the same time. Avoids DoS'ing the server when lots of bounces are enqueued at startup.
- Improve error reporting in getnameinfo_async() and getaddrinfo_async().
- Let xenocara build and release proceed through the exact same steps, avoiding nasty surprises.
- Fix ftp(1) http resume without out auth (broken on the last commit).
- Update dhclient(8) global cur_time after exiting poll() and before calling the state engine, to properly account for time passed.
- Update to xf86-video-mach64 6.9.3.
- Generalise ebus(4/sparc64) code to allow for arbitrary wirings. Makes serial console on the v445 work.
- Properly initialise the IOMMU control and status register for pyro(4/sparc64). Fixes DMA problems spotted on the v445.
- Update to glproto 1.4.16.
- Fixed typos in DPRINTF() so ehci(4) and uhci(4) error messages refer to correct interface.
- Add a default CDIAGFLAGS to bsd.own.mk, so programs may enable warnings by making "make WARNINGS=Yes" without having to add CDIAGFLAGS to its makefile.
- Update to pixman 0.26.2.
- Fix possible ieee80211(9) panic while switching from STA mode into hostap/ibss modes.
- Fix mips64 and powerpc's ld.so syscall implementations. Prevents gcc(1) from optimising away memory loads and stores that otherwise appear unused in a function.
- Update to libGL 7.11.2.
- Update to myx(4) firmware 1.4.55, via freebsd revision 236212.
- Added mfi(4) support for "physical devices" on skinny controllers (these let you specify disks that should be accessed directly rather than be part of logical volumes).
- Send ssh(1) client banner immediately, rather than waiting for the server to move first for SSH protocol 2 connections. Based on bz#1999.
- Print details of which host lines were deleted when using ssh-keygen(1) "-R host".
- Force a clean shutdown of ssh(1) ControlMaster client sessions when the ~. escape sequence is used. "~." should now work in mux clients even if the server is no longer responding.
- Updates to: xf86-video-cirrus 1.5.1; xf86-video-i740 1.3.4; xf86-video-neomagic 1.2.7; xf86-video-nv 2.1.20; xf86-input-keyboard to 1.6.2; and xf86-input-mouse 1.8.1.
- Rework mfi(4) so it will do all the completions on a ccb, including calling the done handler. Makes it consistently complete scsi(4) io with all proper error checking.
- Scrub mfi(4) ccbs when we're about to use them, not when put back on the free list. Old state no longer messes up new commands.
- Fixed dma sync for the command frame in mfi(4) mfi_done; consolidate other dma syncs.
- Switch off inetd(8) tftp-proxy(8) and enable the standalone one instead.
- Change gcc(1) to link shared objects with -lpthread and -lc as appropriate (it is no longer necessary to patch software to use -pthread instead of -lpthread).
- On a.out architectures __cerror() is called _cerror(). Fix accordingly so vax can build again.
- Enable IPv6 autoconfprivacy by default.
- Add support for basic ftp(1) HTTP authentication as per RFC 2617 and 3986. Allows "ftp http[s]://user:pass@host/file" idiom.
- In Xserver(1), allow opening tty[E-J]0. Removed ttyD[1-7], since those devices will never get used by X.
- Expose the max number of logical volumes mfi(4) supports as the width of its scsibus. Potentially more openings for busy volumes.
- Boldify tmux(1) windows with alerts in choose-* list.
- Fixed bad argument passed to route(8) errx().
- Optimise rc.d(8) checks for /etc/exports.
- Introduce mfii(4), a driver for the generation of megaraid sas boards.
- Unset _rcflags and _rcuser so that they don't get inherited by rc.d(8) scripts.
- Set the rc.d(8) daemon_class as readonly as it should be.
- Make sure azalia(4) snooping is enabled on Intel 7 Series HD Audio.
- Fixed bug in m88k siglongjmp(), which would not restore a signal mask of zero.
- Mask the bgpd(8) reserved bits and the ext len bit in the attribute flags field. Fixes session failures and ensures updates sent out are correct when the wrong data is received from other systems.
- Fixed Xserver(1) privilege separation regression, where parent pid was initialised too late.
- mandoc(1) .Sq will now use curly right quotes in HTML output to match its curly left quotes; properly reinitialise the styles attribute string buffer for each column, so attributes don't accumulate.
- ld(1) will now correctly handle -rpath-link, instead of eating its argument and handling it as -r.
- Fix ahci(4) state tracking for the error ccb, to stop "ccb->ccb_xa.state == ATA_S_ONCHIP" assertion failures when talking to dying disks.
- Make sure smtpd(8) generated id is never 0.
- Update to xf86-input-elographics 1.4.0; xf86-video-apm 1.2.5; xf86-video-chips 1.2.5; xf86-video-rendition 4.2.5; xf86-video-tseng 1.2.5; xf86-video-voodoo 1.2.5; xf86-video-ark 0.7.5; xf86-video-glint 1.2.8; xf86-video-i128 1.3.6.
- Instead of numbering tmux(1) "choose mode" items 0-9a-z and then nothing, number them all and if there are more than 10 use a prompt when 0-9 is pressed.
- Producer/consumer values used by the mfi(4) device should be little endian. Byteswap where appropriate.
- oce(4) improvements: properly account for cluster chains the driver builds upon receiving a jumbo frame; set a timeout in case the oce(4) chip goes out to lunch; respect the mtu value that ifconfig sets; schedule a rx refill if the ring is empty; try to make sense of the firmware statistics by counting rx and tx errors; and no longer compile rss functions in unless OCE_RSS is specified.
- Allow smtpd(8) failure reports for different recipients of the same message to be grouped into a single bounce message.
- Add BCM5717/19/20C PHYs to mii(4).
- Improve the smtpd(8) message flows to isolate operations on the queue backend within the queue process.
- Update to xf86-video-ati 6.14.6.
- Improved smtpd(8) scheduler backend API.
- Make all ehci(4), ohci(4) and uhci(4) *_device_*_start() functions wait for an interrupt when the bus is in polling mode. Stops some ending at ddb> after running "halt -p".
- Native build system for gl-docs. Removes last dependency in xenocara on imake(1).
- Fixed bug in smtpd(8) evpid parsing on 32bit archs.
- In Xserver(1)'s non-privilege separation mode, avoid accidentally sending a SIGUSR1 signal to init(8).
- Store the data used to generate an icmp(4) error message on a stack instead of allocating a new mbuf.
- Multibyte input to cwm(1) menu code now possible.
- Added support for ix(4) 10Gb ethernet cards based on the Intel X540 chipset.
- Update to xserver 1.12.3.
- If dbus is installed, xdm(1) and xinit(1) will now start the daemon as part of the X session.
- Switched to automake 1.12/autoconf 2.69.
- Add a new rc.d(8) rc_usercheck variable (default to YES). When set to no, root privilege is needed to run rc_check. This means /etc/rc.d/foobar check can now be run as a regular user.
- sysmerge(8) now also logs the file(s) we manually merged/installed.
- Added driver for oce(4) Emulex OneConnect 10Gb Ethernet, for cards based on ServerEngines BladeEngine 2 and 3, and Emulex Lancer (XE201).
- Reset the smtpd(8) session if no RCPT was accepted for the batch.
- Fixed bogus smtpd(8) permfail when no MX is defined on a valid domain.
- In smtpd(8) format string expansion, lowercase() all. Fixes issue where a %u format could lead to a delivery failure (ie: GILLES@openbsd.org should be expanded to gilles (not GILLES) for local deliveries).
- Disable mandoc(1) hyphenation and, for nroff, disable justification. Consistent with how mdoc behaves (and produces more readable manuals).
- Quote the '-' before the mandoc(1) flags, to prevent nroff from putting a line break between the '-' and the flag character.
- Use "\\ " not "\\~" in mandoc(1) as the non-breaking space (historic nroff doesn't support the latter).
- Implement .PD for mandoc(1) -Tascii. Reduces mandoc/groff differences in base by 25%.
- Fix initialisation of audioctl(1) "oldval" field, bug introduced in r1.20.
- Load os passive fingerprints when testing the pfctl(8) ruleset.