OpenBSD 5.4 released (Nov 1, 2013)
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.5,
current.
Changes made between OpenBSD 5.3 and 5.4
- Let the X(7) server build on hp300 again.
- Stopped awk(1) sporadically exiting early (blaming a spurious "}" in the first few lines of input) on m88k 88100-based systems.
- Let mkuboot(8) recognise native ELF binaries, only output the program headers area when found. Saves the need for "objcopy -O binary"; makes beagle install/upgrade processes easier until it gets a native bootloader.
- Revert wrong chunk introduced in zs.c r1.50, causing zs(4/sparc) console keyboards not to attach as console. Fixes non-wsmux kernels such as bsd.rd.
- Make sure ftpd(8) tmpline[] is always NULL terminated, to avoid possible read-beyond-end in get_line().
- Backout gem(4) flow control support (r1.97 of gem.c) and RX TCP/UDP checksum offload support (r1.98) to stop hangs on Sun ERI.
- sftp(1) extended to allow support for resuming partial downloads.
- Daemonise backgrounded ssh(1) (ControlPersist'ed) multiplexing master, so it is fully detached from its controlling terminal.
- Do not reset the pf(4) fragment timeout each time a fragment arrives; drop all fragments if the packet cannot be reassembled within 60 seconds.
- We now have IDEA and MDC2 in crypto(3), so no longer disable them in openssl(1).
- Fixed sockaddr overflow with IPv6 in smtpd(8).
- When installing a new system, stop adding static entries to /etc/hosts for dynamic ip addresses.
- Fixed umount(8) -a in cases where there are multiple file systems specified for the same mount point.
- Updated to: xconsole 1.0.6, xrandr 1.4.1, xhost 1.0.6, mkfontscale 1.1.1, xfd 1.1.2 and xfontsel 1.0.5.
- Added cu(1) support for XMODEM-CRC, and fix transfer initiation.
- Sum consecutive dx and dy motion events in xf86-input-ws before sending them up to X(7). Reduces staircase effects on diagonal freehand drawings.
- Updated smtpd(8) ldap and sqlite table backends and provide them as external backends.
- Call ssh-agent(1) cleanup_handler on SIGINT when in debug mode, so sockets are cleaned up on manual exit (bz#2120).
- More useful ssh-keygen(1) and ssh(1) error message on missing current user in /etc/passwd.
- When smtpd(8) is accepting a message, log one line per recipient with the number of generated envelopes for each.
- smtpd(8) MTA improvements: better transient error handling logic (failing destinations automatically disabled for a while); more informative error report when all routes fail for a message; implemented smtpctl(8) "show hoststats" command to get the latest stat message per MX domain; implemented smtpctl(8) "show routes" command to show the state the currently known routes to remote MXs; implemented smtpctl(8) "resume route" command to re-enable a route that has been disabled; do not hardcode limits.
- smtpd(8) queue improvements: cleanup the internal queue backend API; implement a queue_proc backend; enabled support for queue encryption; added an envelope cache; better logging and error reporting.
- Allow smtpd.conf(5) to specify an address family on a listener.
- smtpd(8) scheduler improvements: implemented suspend/resume scheduling for individual envelopes or message, with the associated smtpctl(8) commands; allow the mta to request immediate scheduling of an envelope; on temporary failures a penalty can be given to further delay the next try.
- New implementation for smtpctl(8) and its command line parser.
- Implemented tls "perfect forward secrecy" with ECDHE in smtpd(8).
- Allow "!" in the smtpd(8) email addresses supported charset.
- Introduced expand-string modifiers to smtpd.conf(5).
- Extended ssh-agent(1) support to allows encrypted hostkeys, or hostkeys on smartcards on sshd(8) (bz #1974).
- Reverted r1.191 and r1.193 of sysctl.c, and properly fixed sysctl(8)'s access to ext2 filesystems.
- Corrected sysctl(8) being off-by-one in naming of nodes below vfs.mounts.
- In ssh(1) man page, be more exact with respect to permissions for ~/.ssh/config (bz#2078).
- Implemented identd(8) -H, which hides existing and non-existent users (as well as implying -h).
- Fixed bgpd(8) counting the number of prefixes wrongly (tripling max-prefix).
- Disabled httpd(8) SSL compression, in order to mitigate CRIME attacks.
- Enabled ECDHE support in httpd(8) via a SSLECDHCurve option.
- Define httpd(8) HonorCipherOrder as a FLAG so that it works correctly as a boolean on/off flag.
- Make sure the ioctl(2) has been processed by sppp(4) before printing any ifconfig(8) phase error. Prevents ifconfig(8) from printing "sppp: phase..." messages for long-name vlan(4) interfaces.
- Correctly initialise pms(4) width value to 0 instead of passing garbage to wsmouse_input() when no finger is reported.
- Restore ifb(4/sparc64) textmode acceleration on Expert3D{,-Lite} and XVR-1200. Broken since r1.17 of ifb.c.
- When ucom(4) is detached, free its pipes, close attached tty before freeing its descriptor. Fixes panic introduced in r1.59 of ucom.c.
- Added monochrome Xserver(1) support for luna88k.
- Added some missing asm functions to vax.
- To prevent lock ordering problems with the sparc64 kernel lock, block all interrupts that can grab the kernel lock.
- Fixed possible memory/file descriptor leak in ldd(1) error path.
- When using man.conf(5) _default search path with _subdir, first sort by manual section (1, 8, 6...), then by manual tree (share, X11R6, local), only for ties prefer cat over man.
- Make tmux(1) next-word-end work properly with vi(1) keys.
- Set TCP nodelay for ssh(1) connections started with -N (bz#2124).
- ssh-keygen(1) do_print_resource_record() can't be called with NULL filename, don't attempt asking for one if it has not been specified (bz#2127).
- Avoid confusing ssh(1) error message in some broken resolver cases (bz#2122).
- Introduced httpd(8) HonorCipherOrder to use the server's order of preference of ciphers.
- sk(4) now works on macppc, should work on sparc64 too.
- bgpd(8) SE now always messages the RDE when a peer comes up or when a reload happens, so the RDE should end up with correct values.
- Backed out the virtual file system cache flipper temporarily.
- Added basic support for digitisers with pens in uhts(4).
- Added support for mouse based group {,r}cycle to cwmrc(5).
- Replaced a few (x)malloc with (x)calloc to prevent potential integer overflows in cwm(1).
- Updated drm(4)'s libdrm to 2.4.46.
- Old make(1) option "-P" removed, it has not been doing anything for years.
- Use the write-only rasops(9) code to speed up the console framebuffer on macppc.
- Create more com(4) entries by default since puc(4)s are now guaranteed to show up at com4 or higher on x86.
- Advertise utpms(4) as being a WSMOUSE_TYPE_USB so ws(4) can use the touchpad directly. Makes some touchpads usable if the bluetooth HID mouse is not detected or ums(4) is disabled.
- Vax elf(5) toolchain added, using "%" as the register prefix.
- Taught mopd(8) and mopa.out about ELF files. Allows forthcoming vax elf(5) boot blocks to be converted to working mop binaries.
- Avoid truncation when calculating clock gain/loss on sparc and sparc64.
- When the tmux(1) session option renumber-window is used, make sure the winlink lists stay in sync with one another.
- Act like vi(1) when tmux(1) is moving words; clarify error messages when setting options.
- Implemented tmux(1) s, S, C mode switch commands for when in vi(1) mode.
- Made pfctl(8) collect and display "match" counters for pf(4) tables; fixed pf(4) table displays to fit within 80 chars.
- Added support for fuse_teardown(3). This function is needed by zipfs.
- Correctly abort and free the pipe when detaching the umodem(4) device.
- Brought the cpsw(4/beagle) driver to a working state.
- Added support for the gcc(1) binary integer constants extension.
- Pass ioctl(2) calls to parent uhidev(4) device first, to be able to get the HID descriptor with usbhidctl(1) -r, among others.
- Disabled intel(4) i915 fast scrolling code, use write-only rasops(9) code instead on older chips. Avoids random page table errors.
- Make ksh(1) $(< /nonexistent) have the same behaviour as $(cat /nonexistent) with respect to errors.
- Tweaked regexp so that RUSAGE_CHILDREN will be matched and displayed by kdump(1).
- Stop man(1) adding an "-s" switch if user had specified more(1) as (MAN)PAGER.
- Reverted previous xf86-video-ati commit, loading the dri driver caused Xorg(1) to crash with r700 (PCI HD4350).
- When an I/O error occurs on a softraid(4) chunk, only take it offline if the discipline supports redundancy.
- Switched bgplgsh(8) to use use the libedit readline compatibility headers.
- Linked sqlite3(1) against libedit; added an empty history.h header for compatibility with GNU readline.
- Added a luna88k-specific function to initialise the instruction cmmu SAPR register.
- Build xf86-video-ati with support for kernel mode setting. UMS will still be used if KMS is not available.
- Added basic EXA acceleration for the xf86-video-cirrus alpine chipset.
- Fixed NULL pixmaps with xf86-video-sis server.
- Added support for write-only framebuffers to rasops(9). Can be a considerable performance win.
- Enabled msi and tagged status for bge(4) 5717+. Fixes poor transmit performance in the beginning of a TCP connection.
- Rewritten sis(4) media / link state handling.
- Adjust interrupts on amd64 after recent audio interrupt changes. Should improve latency of audio interrupts a tiny bit.
- ukbd(4) will now flash LED only if safe. Stops some logitech mice disconnecting right after being attached.
- Use vt05 as default for xdm(1) on macppc now that virtual consoles are supported.
- Removed the setgid(2) on kmem(4/i386) for the time being, so procmap(1) works again for regular users.
- Repaired bge(4) flow control (broken in r1.329), make sure that ifconfig(8) won't alter our negotiated flow control settings.
- Bring ohci(4) and uhci(4) in sync with ehci(4) by ensuring that a transfer is submitted when a zero-length bulk or interrupt transfer is requested.
- When we remove work from the nfsd(8) queue, wake up anything waiting for room to queue IO right away.
- Restart the vinvalbuf(9) if we have to wait for a busy buffer to complete.
- Reverted r1.20 of sys/net/if_pppx.c, to make sure the newly created address is added to the global list, until the issue with carp(4) is addressed.
- Added a tmux(1) server option to control focus events. Defaults to off.
- Made tmux(1) always push a focus event when the application turns it on.
- Mark tmux(1) control commands specially so the client can identify them.
- Reverted sys/netinet/in.c r1.78 for now, it breaks ipv4 on carp.
- Updated to libXv 1.0.9.
- Enable native encoding on on mavb(4/sgi) (24-bit lsb-aligned). Allows encoding conversions to be handled in userland.
- Default to stdin/stdout if no input files are given to indent(1).
- For ssh(1) hostbased authentication, print the client host and user on the auth success/failure line (bz#2064).
- Improved mandoc(1) handling of the roff(7) "\t" escape sequence.
- Updated to libdrm 2.4.45.
- Added ut/nut flags to indent(1) to enable/disable tabs.
- When cwm(1) selfont is configured, make sure we continue and configure the rest of the screen.
- Disabled nginx(8) SPDY until we have a better understanding about code and protocol within OpenBSD.
- Initialise disklabel(8) duid memory before shifting stuff into elements of it.
- Make sure the target directory gets created by lex(1) in the includes target; add a trailing / as well to avoid problems.
- Stopped dhclient(8) from printing some stings twice (eg "1.2.3.4, not 1.2.3.4, deleted from ...").
- Before pulling TCP options from the mbuf onto the stack, do an additional length check in pf(4) so overflow cannot happen.
- Updated kerberos(8) to heimdal 1.5.2.
- Handle time_t values as long long's when scp(1) and rcp(1) are formatting them, or parsing them from remote servers.
- Allow mouse button4 and button5 in cwmrc(5).
- Improved locale(1) output formatting.
- Move mg(1) cursor upwards past multiple lines with no characters, instead of stopping when first line with no characters is found.
- Run any pending traps before calling the EXIT or ERR traps when ksh(1) -e is set. Fixes bug where signal trap would not be run if (eg) ^C was pressed and -e was set.
- Hooked up locale(1) to the build.
- Updated the beagle ramdisk to support usb.
- Reworked beagle's ehci(4) driver, enabling the clocks. Only pandaboard supported for now.
- Updated to: libXrender 0.9.8 and libXvMC 1.0.8
- Disabled broken EXA operations in xf86-video-mga; default to EXA acceleration.
- Added support for fuse_version(3) and fuse_get_context(3). Needed by ntfs-3g port.
- Updated nginx(8) internal pcre library to 8.33.
- Corrected interrupt moderation setting for ix(4) 82598.
- Fixed loading the driver without XAA and initialisation of shadowfb with modern X servers in xf86-video-trident, xf86-video-i740 and xf86-video-neomagic.
- Added support for protected-subnet config types to iked(8).
- 5.3 RELIABILITY FIX: Two flaws in vio(4) may cause a kernel panic, and may cause IPv6 neighbour discovery to fail.
A source code patch is available for 5.3.
- Updated to sendmail-8.14.7.
- 5.3 RELIABILITY FIX: inability to oack would cause tftpd(8) to segfault
A source code patch is available for 5.3.
- Stopped tmux(1) emitting annoying beeps if a machine was shutdown while tmux is running and you then focus in/out of an xterm.
- High memory page flipping for the buffer cache. Allows use of large buffer caches on amd64 with > 4 GB of memory.
- Activated the sitaracm driver (beaglebone only).
- Optimised memcpy(9) on amd64, alpha, i386, vax, sh, sparc, hppa and hppa64 by always doing forward copy; made memcpy(9) use the forward copy branch of memmove(9); implemented bcopy(9) by swapping its arguments and dropping into memmove(9).
- POSIX specifies that for an AND/OR list, only the last command's exit status matters for "set -e". Revert ksh(1) to follow this.
- On mach64, only disable xf86-video-mach64 RenderAccel, not the full EXA acceleration. This is enough to fix screen corruption.
- Made cwm(1) check for, and honour, CWStackMode and CWSibling change requests during a ConfigureRequest event.
- Unbreak the xf86-video-sunffb driver.
- Fixes for integer overflows in XF86DRIOpenConnection() and XF86DRIGetClientDriverName() (CVE-2013-1993).
- Reverted ssh(1) revision 1.203 of readconf.c while crashes are investigated.
- Fixed dhclient(8) populating egress group.
- Updated to sqlite3(1) and its shell to version 3.7.17.
- Some archs are missing memmove(3), added it to i386, sparc and sparc64.
- Backout dhclient(8) static/classless route handling and default route refactoring, which broke "egress" group populating.
- Fix libc parsing of ambiguous options so the whole loop is processed.
- Add new sysctl(8) for pipex packet input/output queue length and counters.
- Added proper mmap(2) support for drm(4)/inteldrm(4). Eventual speedups (through not accessing all graphics memory via the GTT).
- Disabled EXA acceleration in the xf86-video-mach64 driver, which is currently broken.
- Updated to: pixman 0.30.0; freetype 2.4.12; Xserver 1.14.1.
- Add ssh(1) "ABANDONED" channel state; use for mux sessions that are disconnected via the ~. escape sequence (bz#1917).
- Disable a broken optimisation in try_combine(); gcc(1) PR #34628. Fixes bogus code generation on macppc.
- Added the remaining support code for 4th gen intel(4) Core/Haswell graphics.
- Prevent idle thread from being stolen on startup.
- Fixed re_format(7) so [[:>:]] anchors the character preceding it to end of word, not the character following it.
- Initial port of the cpsw(4/beagle) driver, to support ethernet on the beaglebone.
- Fixed ssh(1) memory leaks (bz#1967 and bz#1967).
- Fixed a crypto(9) bug that caused time-based rekeys to happen too frequently.
- When running sshd(8) -D, close stderr unless we have explicitly requesting logging to stderr (bz#1976).
- The kernel will now keep a record of recently exit(3)'ed pids, so they don't get recycled too quickly.
- Support added for the presto(4/sparc) SS10/SS20 NVSIMM as block devices.
- Added dhclient(8) support for static routes option (33) and classless static routes option (121).
- Prevent failures when sftp(1) is linked against a libedit built with wide character support (bz#1990).
- Disable parity on the alpha pci(4) bus to avoid data parity errors. To help Alphabooks, as well as early Multia.
- Use MAXPATHLEN for ssh(1) buffer size, instead of fixed value.
- Implemented pf(4) divert-to and divert-reply for IPv6 raw sockets.
- Prevent panic on alpha if "ifconfig(8) up" is run on an unplugged de(4) interface.
- Added login_yubikey(8) handling for keyboard layouts which break modhex (eg dvorak); added keymap table.
- Do not feed UTF-8 input into mandoc(1) or nroff(1), because that results in corrupt output.
- Fix dhclient(8) "\" escape handling in read_string().
- Updated to libX11 1.6.0.
- Introduced the ldpctl(8) "show discovery" command.
- Sped up the ldpd(8) session establishment process.
- Do not allow ldpd(8) TCP connection to associate with any neighbour/adjacency before an "Initialization" message is received.
- Added support for macppc virtual consoles, based on previous work done for inteldrm(4).
- Implemented ldpd(8) support for adjacencies and targeted "hellos"; allow more complex topologies with targeted sessions.
- Properly implement the exponential backoff timer on ldpd(8) session initialisation, to match section 2.5.3 of RFC 5036.
- Notify the lde process when an ldpd(8) neighbour is deleted (discovery timeout).
- 5.2 and 5.3 RELIABILITY FIX: With HTTP keepalive, relayd(8) only filtered the first request and switched to pass-through mode for subsequent requests from the client. Make sure to stay in HTTP header mode.
- Stopped npppd(8) doing pipex(4) ioctl if no tunnel interface is configured.
- Don't add newly created thread to the process's thread list until it's fully built, so that it can't get a signal from realitexpire().
- Only produce UTF-8 output when using perl(1) if the user's locale asks for it.
- Fixed potential vmx(4) panic if an mbuf was replaced but new one not returned by vmxnet3_load_mbuf().
- Add bcrypt_pbkdf(3), a password based key derivation function (using a bcrypt(3) variant better suited for use as a pluggable hash).
- Reworked logic for matching macppc boot device, to allow for root on any drive attached to the first controller.
- Fixed ksh(1): "for var in; do ..." shouldn't be interpreted as "for var; do ...". Brings ksh(1) more in line with POSIX.
- Backported unique commitid support to cvs(1) (with a new random id generator).
- Fixed bug in ldpd(8) so the fib-update directive accepts "no" as an option.
- pf(4) divert-reply states where the initial SYN does not get an answer, can now be handled more correctly.
- Advertise the ldpd(8) implicit-null label for routes attached to loopback interfaces to guarantee PHP.
- Implement ldpd(8) support for multiple addresses per interface.
- Fixed a pf(4) regression introduced with pf.c 1.827, allowing us to create icmp(4) states again.
- Stop a ucom(4) panic when trying to open a non-connected serial; more checks to avoid races when the driver is being detached.
- Added userland fuse(3) library.
- Fixes possible timeout on ssl(8) sessions if there is data pending in the smtpd(8) ssl buffer.
- Added ":" to the ksh(1) list of special characters.
- Added locale(1) utility, to check the current locale configuration and provides a list of locales supported by the system.
- Perform more aggressive compile-time optimisations in ethernet code path. Significant performance improvements on busy firewalls.
- Added dired-revert, to refresh the mg(1) dired buffer.
- -I option added to confirm pkill(1) process-by-process.
- Fixed "anchor quick" with pf(4) nested anchors (previously quick flag was lost as soon as we stepped into a child anchor).
- Force ssh(1) MAC output to be 64-bit aligned, so umac won't see unaligned accesses on strict-alignment architectures (bz#2101).
- Updated to xterm 293.
- Updated to xf86-input-synaptics 1.7.1.
- Let mandoc(1) .Do .Dq .Ql .So .Sq generate the correct roff(7) character escape sequences such that output modes like -Tutf8 have a chance to select nice glyphs.
- Fixed a bug where the calibration loop could show wrong CPU frequencies on i386/amd64.
- Fixed relayd(8) so it filters all HTTP keepalives, not just the first.
- Fixed wcstof(3), wcstod(3), wcstold(3) C99 compliance to: handle "inf", "infinity", "nan", and "nan(whatever)"; reject bare minus and plus signs; handle multi-byte characters; and set *endptr = nptr for all failure cases.
- Exclude mac address for the HMAC calculation if lladdr is the real one, so that we can use the real MAC address for carp(4).
- Make tmux(1) escape "Ss", because groff(1) thinks it has found a macro.
- Moved bgplg(8) and slowcgi(8) sockets to /var/www/run.
- Made ssh(1) parent_alive_interval time_t (to avoid signed/unsigned comparison).
- Fixed kadmin(8) race.
- Added the "quit-window" dired command to mg(1).
- Rename the mg(1) dired-* commands to be like the emacs equivalents.
- Correct wrongly exchanged labels in trek(6) "computer warpcost" output.
- While lock is held, block all interrupts that can grab the kernel lock on amd64. Prevents lock ordering problems.
- Fixed an xinstall race condition, where multiple install -d's trying to create overlapping paths in parallel could error out.
- Fixed acpi(4) panic on Lanner FW-8758.
- Partially back out new librthread ticket locks code, until heavier CPU usage issues are resolved.
- Stop printing acpi(4) wakeup devices in dmesg(8) after the 16th wakeup device, to workaround vmware reporting hundreds of wakeup devices.
- Update sftp(1) progress meter when data is acked, not when it's sent (bz#2108).
- Fix catopen(3) for UTF-8 locales and update the implementation to POSIX-2008. catopen(3) now chooses a catalog which matches the locale's encoding, if available.
- Librthread now features a new spinlock (that is really a ticket lock).
- Stopped mtree(8) generating arbitrary directories in /usr/share/locale.
- Changed the naming scheme used for directories in /usr/share/locale to eliminate redundant copies of LC_CTYPE files.
- Restart the ldpd(8) keepalive timer whenever a LDP PDU is sent.
- Updated to xf86-video-sunffb 1.2.2.
- Don't try to send a Shutdown message if ldpd(8) connection is already closed or a read error occurred; as per RFC 5036, send a "Shutdown" message if an unexpected message is received during the initialisation process; check if the whole LSR ID of received messages is correct; ignore messages from the process whose associated neighbour is not in the operational state.
- Dropped support for per-interface ldpd(8) labelspaces.
- Don't allow enabling ldpd(8) on loopback and carp(4) interfaces. LDP should be allowed only on physical or tunnel interfaces.
- Removed mg(1) "lint" mode.
- Correctly initialise the number of cores/cpus on an octeon board, so bsd.mp boots up on the ERL.
- Pass the routing domain to IPv6 pr_ctlinput() like in IPv4 for icmp6(4).
- Updated to nginx(8) version 1.4.1; enable the SPDY module by default.
- Fixed race between exit(3) and fork1(9) with threaded processes.
- Make hostaliases work for gethostbyname(3) and getaddrinfo(3) when looking into /etc/hosts.
- Made mg(1) "kill-paragraph" behave like emacs.
- Use a standard locale name in mandoc(1), "UTF-8" is an ugly non-standard alias that doesn't work on OpenBSD.
- Updated to libXrandr 1.4.1 and libXv 1.0.8.
- Hooked up slowcgi(8) to the tree.
- Use clock_gettime(2) CLOCK_MONOTONIC for ssh(1) timers so keepalives/rekeying will work properly over clock steps.
- Introduced ltrace(1). Works with ld.so to inject utrace(2) record for each plt call. Minimal filtering capabilities are provided.
- Added utrace(2), a system call allowing for userland to send its own ktrace(2) records.
- Adjusted mg(1) M-} (forward-paragraph) to behave like emacs.
- Return ROFF_TBL as soon as we open a mandoc(1) data cell, as it may never get properly closed but instead be interrupted by .TE.
- Don't set the Message ID for ldpd(8) "hello" messages, to match Cisco IOS.
- Always advertise the Router-ID as the transport address in ldpd(8) "hello" messages, as per RFC 5036, section 2.5.2.
- Added support for advertising route information (RFC 4191) to rtadvd(8) and icmp6(4).
- Fixed regression with BGP MPLS VPNs that got broken by recent reload related bgpd(8) commits.
- Fixed the build for a kernel without wd(4) and pciide(4) in its config(8).
- Updated to: libX11 1.5.99.902 (aka 1.6rc2); xfs 1.1.3; xinit 1.3.2 and libXext 1.3.2.
- Added getprogname(3) and setprogname(3), useful for some ports(7).
- Added the vmx(4) driver for vmware's VMXNET3 ethernet controller.
- Correct the range checks in ifconfig(8) properly for vhid, advbase and advskew.
- Stopped ping6(8) truncating trailing zeros from the round-trip times.
- Added tmux(1) host_short format.
- Updated to: appres 1.0.4; xrefresh 1.0.5; xwininfo 1.1.3; xdpyinfo 1.3.1 and bitmap 1.0.7.
- nginx(8) now also listens on IPv6 by default.
- Rename tpms(4), the driver for Apple USB touchpads, to utpms(4) because it is also used on some intel-based mac laptops.
- Added elantech v4 (clickpad) support to pms(4).
- Inform the mg(1) user about beginning / end of buffer in "previous-line" and "next-line".
- Make the system bell toggle-able via mg(1) "audible-bell", and if switched off, make available an alternative "visible-bell".
- Enabled Realtek 8211C(L) GbE phy with axe(4).
- Updated to: libFS 1.0.5; libxcb 1.9.1; libXau 1.0.8; libXcursor 1.1.14; libXfixes 5.0.1; libXi 1.6.3rc1; libXinerama 1.1.3; libXres 1.0.7; libXt 1.1.4; libXtst 1.2.2; libXxf86dga 1.1.4; libXxf86vm 1.1.3; libdmx 1.1.3 and libfontenc 1.1.2.
- Accommodate bge(4) E5/C600 and 5719/5720 PCI-E maximum payload size handling. Fixes RX path on 5719.
- Switched ldpd(8) to use a non-blocking connection so other LDP sessions and ldpctl(8) remain responsive.
- Stopped tmux(1) mangling top-bit-set characters when they passed to window_pane_key.
- Fixed use after free in case the vio(4) mbuf needs defragmentation, to fix a panic.
- When removing "dump (all|updates)" from bgpd.conf(5) and reloading, tell the session engine to actually stop logging.
- Export the original (aka untranslated) address in pflow(4), and also in the "af-to" case.
- Support relayd(8) SSL inspection, the ability to transparently filter in SSL/TLS connections (eg. HTTPS) by using a local CA that is accepted by the clients.
- Fixed bug in amd64 hibernate code (introduced when we moved the kernel to load at 16MB physical address).
- Change HTTP/1.x in the generated relayd(8) error messages, to HTTP/1.0. Required by Safari; makes it RFC-compliant.
- setsockopt(2) to see ifstated(8) messages for interfaces in all routing domains again, instead of just the primary one.
- Tied mkuboot utility into the build.
- Fixed ls(1) column padding of inode numbers and block counts >2^32, as well as display of directory block totals >2^32.
- Fixed bug when starting ldpd(8) with a configured interface in the down state so it is not promoted to ACTIVE.
- Fixed pci_min_powerstate() to return the current power state (not D3) if ACPI is not compiled in.
- Stop ldpd(8) trying to send hello messages if the interface is down.
- Simplified ldpd(8) hello holdtime calculation and stop the timeout timer if the holdtime is "infinite".
- Improve ldpd(8) sanity checks on received UDP messages: "PDU Length" now checked against what RFC 5036, section 3.1 specifies.
- ldpd(8) no longer uses a carp address as ldp router id because it is not unique.
- Do not allow SIOCSIFADDR on AF_INET6 sockets. Avoids possible local denial of service.
- 5.2 and 5.3 RELIABILITY FIX: Do not allow SIOCSIFADDR on AF_INET6 sockets. Avoids possible local denial of service.
A source code patch is available for 5.2 and 5.3.
- Build fixed for sis (SiS and XGI video) driver under xserver 1.14.
- Make mkuboot install into the path so we can use it during builds.
- Updated inputproto to 2.3.
- Send correct ttl on outgoing bgpd(8) packets, so peer sessions can come up correctly if both sides use ttl-security.
- Removed make(1) cmtime again, but with a proper test for nodes without children.
- mandoc(1) now rejects non-printable characters found in the input stream, even when preceded by a backslash.
- pkg-config(1) error message for empty files now display the full path, in case the file exists in multiple locations.
- Make the mg(1) dired commands dired-flag-file-deleted, dired-backup-unflag and dired-unflag behave more like emacs when the cursor stays on the first character of the file name.
- Disabled bge(4) PHY auto-polling mode on anything newer than BCM5705. Fixes uplink negotiation on BCM5719.
- In mandoc(1) SYNOPSIS mode, fixed .Ek (it doesn't end a keep).
- Allow pkg_add(1) installpath to use +=.
- mg(1) dired mode commands "dired-copy-file", "dired-rename-file", "dired-create-directory" will now refresh the dired buffer.
- Reset be(4/sparc), brgphy(4), dcphy(4), mlphy(4), rgephy(4) and urlphy(4) autonegotiation timer when PHY gets the link, so that if we restart the timer the mii_ticks value will be sane.
- Correctly display rightmost tile when current resolution is not a multiple of the tile size in gbe(4/sgi) emulation (text) mode.
- Added dired commands and dired-create-directory to function maps in mg(1).
- Autodetect ipv6 addresses for route(8).
- Added ":B" to the list of options actually handled in PkgCheck.pm by pkg_add(1).
- Minimal support for MVME224 and MVME236 memory boards on mvme88k architecture; fixed MVME181 memory detection code.
- When recreating a tun(4) interface, set the IFF_RUNNING flag after the IFF_LINK0 flag has been added.
- Sync smtpd(8) with OpenSMTPD 5.3.2.
- Since audio code is mp safe, establish isa(4) and pci(4) audio interrupts with the IPL_MPSAFE flag, so interrupt handlers don't need to wait for global kernel_lock.
- Merge upstream fixes for several X(7) library vulnerabilities (integer overflows/buffer overflows/memory corruption).
- Change ttys(5) console speed to 115200 on octeon.
- Revert pms(4) Active PS/2 support for now, until solution found for pckbc(4) and gsckbc(4/hppa) chipsets that stopped working.
- Simplified cwm(1) grabbing keys per screen (during init) and during a MappingNotify.
- Put slowcgi(8) (a FastCGI to CGI wrapper) in, to work on it in-tree. Not hooked up to the build yet.
- Properly implement acpi(4) access to IndexField() field units.
- Allow auto-scaling encrypt(1) bcrypt rounds based on CPU power.
- Set correct route priority in bgpd(8) send_rt6msg. Fixes v6 routes being added to the kernel as RTP_DEFAULT.
- Shuffle mg(1) shell-command-on-region around to give shell-command.
- Check validity of cwmrc(5) mousebind buttons during the parse phase, not when client needs to grab (when it's too late); load the default config if this is invalid.
- Don't use BUS_DMA_WAITOK in the bge(4) bge_init path, since it might be called from a timeout(9).
- make(1) changes: use arc4random_uniform(3) to randomise queue; display debug timestamp with -ns; use clock_gettime(2) directly.
- Modified luna88k comkbd(4/sparc64) RAWKEY_XXX values, to input the right characters on Japanese keyboards.
- Synced libedit with upstream to fix: buffer growing, memory allocation for wide chars, and to handle return of mbstowcs(3).
- Fixed pty(4) descriptor leak occurring if fork(2) fails.
- Added driver for the am335x timers, to be used by the beaglebone.
- Fixed missing softraid(4) work unit state initialisations.
- Eliminate the need to change the cwm(1) menu window on every Xft(3) font draw; added support for _NET_WM_STATE_MAXIMIZED_{HORZ,VERT}, _NET_ACTIVE_WINDOW ClientMessage and _NET_WM_STATE ClientMessage.
- Make sure bgpd(8) addr.aid is actually available when first accessed.
- Remove "abort_task" from usb(4) task queue before recycling the containing structure, to avoid ehci(4), ohci(4) or uhci(4) panic.
- Switched cwm(1) border colours to Xft(3). If colour name allocation fails, revert back to default.
- Support .Bl -offset in mandoc(1) -mdoc -Tman.
- If pid<0, kill(2) no longer fails with EPERM unless none of the target processes could be signalled.
- Switched mvme68k to the machine independent wdsc(4/sgi) driver.
- Added more messages for when apmd(8) is entering suspend.
- Make mg(1) cursor position when moving backwards by paragraph behave the same as emacs (move it to line above paragraph).
- Fixed duplicate TouchBegin selection with virtual devices. Fixes gtk+3 applications crashing with "BadImplementation" error.
- Don't try to start an ssh-agent(1) via xinit(1) or xsession if $SSH_AGENT_PID is already set.
- Standardise logging of supplemental information during ssh(1) userauth, pushing all logging onto a single line.
- Fixed failure to recognise ssh(1) cert-authority keys if a key of a different type appeared in authorized_keys before it.
- /dev/ttyc is no longer special on sparc/sparc64 now that sun serial mice are handled by wsmouse(4); update ttys(5) and fbtab(5) accordingly.
- Build and install libgcov on gcc(1) version 4 platforms. Makes gcc -fprofile-arcs work again.
- On arm, make sure we executed an instruction before continuing to the next. Replaced calls to drain the write buffer with the correct ones for armv7.
- Fixed the "right-of-cursor background color is inverted when we do delete-after-cursor" bug on luna88k wscons(4) console.
- Preliminary support added for mvme88k MVME180 and MVME181 boards.
- nginx(8) security fix for CVE-2013-2028 (see http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html).
- Stopped binutils rejecting "++" and "--" in expressions, as some versions of gcc(1) emit these.
- Don't leak usb(4) information to userland in the case where the actual transfer length is smaller than the requested one and the USBD_SHORT_XFER_OK flag is set.
- 5.3 RELIABILITY FIX: Do not attempt to delete the undeletable RNF_ROOT route(4). This fix stops a kernel panic.
A source code patch is available for 5.3. Matches the fix in -current.
- wsmoused(8) support added to drm(4) Intel i915 driver.
- nginx(8) security fix for CVE-2013-2070 (see http://thread.gmane.org/gmane.comp.security.oss.general/10173).
- Implemented wsmoused(8) support based on the new multiple screen support in rasops(9).
- If a directory exists when trying to create a new one, mg(1) will now warn the user.
- Update "cur_time" after poll(2) returns on dhcpd(8), as poll(2) might have slept for an arbitrary amount of time.
- Implemented mechanism to establish interrupt handlers that don't grab the kernel lock upon entry on i386/amd64.
- Run audio interrupts without grabbing the kernel lock on sparc64.
- Added the ability to ignore specific unrecognised ssh_config(5) options; bz#866.
- Add an optional second argument to ssh(1) RekeyLimit and sshd_config(5) to allow rekeying based on elapsed time in addition to amount of traffic.
- If an /etc/apm/* program fails, apmd(8) will now log the failure and error message.
- Allow m88k and mvme88k to correctly printf(3) or panic(9) early on unrecognised systems.
- Updated nginx(8) to 1.2.9; several bugfixes, security fix for CVE-2013-2070.
- Don't let tmux(1) cursor position overflow when reflowing.
- Introduced a global interrupt-aware mutex protecting data structures (including sound-card registers) from concurrent access by syscall(9) and interrupt code-paths.
- Added support for intel(4) E7221 integrated graphics.
- Pass the correct pointer to pool_put(9) if pf_state_key_attach fails.
- Removed "swapin" and "swapout" from uvm(9) statistics (as we haven't swapped out of uvm(9) for a few years); don't display swapin/swapout uvmexp fields in systat(1), vmstat(8) or rpc.rstatd(8).
- make(1) now keeps track of age of the youngest child process. Helps with out-of-date messages in -dm mode.
- Stopped the line buffer being potentially accessed out of bounds when ^W (WERASE) is used in vi(1) insert mode.
- pkg_add(1) PackingElement.pm samples should never alias specialfiles, so error out right away.
- Added sparc64 support for running interrupt handlers without taking the kernel lock (via bus_intr_establish(9) interface). Used only by schizo(4/sparc64) for now.
- Added an implementation of memmem(3).
- Make sure the global IPv4 address list and the per-interface list remain in sync even when SIOCAIFADDR or SIOCSIFADDR ioctl(2) have not been issued.
- Where we have a KMS driver (currently inteldrm(4) only) wsdisplay(4) now switches from X back to console screen upon entering ddb(4) .
- In wsdisplay(4), make sure it really is the console before attempting to switch screens.
- Handle big (a.k.a. >2TB) disks by adding logic to handle the 12 and 16 byte scsi read/write commands on sparc64.
- Removed use after free the in case where the vio(4) mbuf needs defragmentation. Fixes a panic.
- Make easier to stop taking the kernel lock when running "mp safe" interrupt handlers on i386/amd64/sparc64.
- S-Records boot loader added to mvme88k. Allows kernel to be loaded from network, using either the on-board interface (on MVME187 and MVME197) or any MVME376; added MVME376 support to netboot.
- Fixed sndiod(1) check for whether a midi port is referenced (which sometimes caused the port to be closed prematurely); use order specified by -q to order the exposed midi ports.
- Swapped cwm(1) x/y calculations in kbd move/resize, to match those in the respective mouse functions.
- Set trunk(4)'s MTU to that of the first trunkport. Allows trunk to work with jumbo/baby-jumbo frames.
- Fixed dhclient(8) subnet check: check our rdomain against the rdomains of the other interfaces, not against our own.
- Bail if device_lookup doesn't find anything, to bring vscsi(4) in line with other drivers.
- Sync state key pointers with pf_state_key_attach values. Stops pfsync(4) inserting garbage addresses into packets when there is a state key collision.
- Added support for future time_t and ino_t size enlargements to compat_linux(8).
- Fixed memleak in ssh(1) cert_free(), which wasn't actually freeing the struct; bz#2096
- Fixed ssh(1) bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100.
- Do not panic when running the MP kernel on a single-processor mips64 systems.
- Allow gdb(1) on m88k to fetch symbols from shared libraries when debugging dynamically linked binaries.
- Added driver for the OMAP identification registers/fuses, so we can adjust the timer frequency per PandaBoard version.
- Ported arm dma sync code (from NetBSD). Makes it easier to flush the secondary cache, as we always have the physical address.
- Backported fix for gcc(1) PR target/31152 on arm: match the correct operand for optimised LT0 test; removed optimisation for GT.
- Reset uthum(4) device on detach (required for planed usb device claiming).
- Correctly compute packet size when including DNS search lists in rtadvd(8); fixed a comparison when building a packet with DNS search lists.
- Fixed an uninitialised variable access in intel_ddi_prepare_link_retrain() in intel(4) i915 code (patched from upstream).
- Fixed some leaks in mfi(4) error paths.
- Re-commit uthum_activate() removal in uthum(4), now that uhidev(4) can handle it.
- When a fork(2)'d child process (whose parent set SA_NOCLDWAIT or ignored SIGCHLD) is exiting, unconditionally wake parent instead of doing this only for the last child.
- Prevent a chunked HTTP connection stalling relayd(8); use a 64 bit variable to allow (theoretical) large chunks.
- Don't limit tmux(1) width and height to 222 in standard mouse mode.
- When deactivating usb(4) child devices do not panic if their driver does not implement an *activate() function.
- Fixed a double free in an ami(4) error path.
- Warn and load defaults when negative values are specified for borderwidth, moveamount, snapdist or gap in cwm(1).
- Show list of mismatched "for" loops when a fatal error occurs in make(1).
- Workaround faulty cycles-per-second readings on i386 and amd64; fallback to rdtsc if cpuspeed reported as 0.
- Fixed sndiod(1) channel mappings being wrong when the client has not specified the channels.
- Record the time a lease is bound to an interface so the correct dhclient(8) process survives a netstart(8).
- Initialise client rate to fix sndiod(1) crashes when the client doesn't set the rate.
- Provide smtpd(8) with a way to encrypt envelopes and messages using aes-256-gcm before they hit the queue. Not activated yet.
- Make sure we allocate outside the Legacy Address Range on intel(4) i915. Gets rid of the "no ifp" warning on the x41.
- Fixed use after free in the error paths of kerberos(8), ldconfig(8) and ldpd(8).
- Use a blacklist detecting non-regex patterns so more are covered by the fast grep(1) code.
- Use open(2)/fstat(2) instead of stat(2)/open(2) for checking proper permissions of "local" .exrc or .nexrc files in vi(1).
- Switched the malloc(3) and pool freelists to using xor simpleq. Adds a tiny bit more protection from list manipulation.
- Export ingress/egress interface index in pflow(4). Needed for some netflow collector and tests.
- Fixed mem leak in swapmount.
- Fixed resetting MB_CUR_MAX when switching locales away from a UTF-8 locale.
- Updated xf86-input-keyboard to 1.7.0 and xf86-input-mouse to 1.9.0.
- Start dbus-launch in a consistent way in xinitrc and Xsession.
- Only redraw the name/size box when the client resizes, not every time there's movement; improves cwm(1) resize syncs.
- Always attach the mfi(4) battery sensor if the adapter lets us query it, so newly replaced batteries show up immediately.
- Added secure monitor call function for arm/beagle, so a secondary cache controller driver can talk to its controller properly.
- Disabled PandaBoard's L2 Cache early on bootup (it re-enables later once it is ready).
- Fixed a case on arm where we might be cache flushing unmapped pages.
- 5.3 RELIABILITY FIX: for flaw in vr(4) driver where it did not recover from some error conditions. A source code patch is available.
- Provide a sensor for the battery backup unit (bbu) on the mfi(4) boards that support it.
- Added a cortex bus which represents the ARM MPCore Complex (attaches to ARM Cortex A9 and A15 SoCs).
- On intel(4) i915, clear the correct pixels when scrolling backwards.
- Use ARMv7 access permission bits on the beagle architecture.
- Handle newer fibre adapters the same way as em(4) 82575/82576. Required to make 82580 (i340) and i350 based adapters work.
- Made ypldap(8) ignore SIGPIPE so it doesn't fail if an ldap connection breaks.
- Removed most of the pre-rc.d(8) backward compatibility (see http://www.openbsd.org/faq/current.html#20130429).
- Updated ulpt(4), as it now depends on firmload (since its rev 1.41 that adds support for uploading HP LaserJet firmwares).
- Implemented identd(8) -h, used to hide usernames/uids (as in libexec/identd).
- Preliminary modifications for Xorg 1bpp server for luna88k, including enabling wsmux(4) on GENERIC kernel.
- Reverted fix for binutils linker errors (breaks the xenocara build on macppc; fixed in binutils 2.17 anyway).
- Updated libX11 to 1.6RC.
- Updated xproto to 7.0.24
- Improved dealing of ARMv7 faults. Added ARMv7 fault descriptions.
- Use strptime(3) for parse_date() and date writing logic for dhclient(8) (to match dhcpd(8)).
- time_t 64bit fixes for relayd(8) and relayctl(8).
- Convert softraid(4) RAID 4/5/6 to new work unit completion routines.
- Fixed binutils linker errors when using llvm/clang (see http://lists.gnu.org/archive/html/bug-binutils/2004-07/msg00000.html).
- Added the ability to change ARM frequency and added match functions on beagle.
- Added GPIO support for the pandaboard.
- Added a terminator to the device list, to avoid unexpected behaviour when a device isn't found by beagle.
- Correctly enable ARM's Generic Interrupt Controller on beagle.
- Fixed range for assigned ports managed by the IANA (see RFC 1700) in pf.conf(5).
- Added tstohz(9) as the timespec analog to tvtohz(9).
- When a ucom(4) is removed, walk the knotes in ttyfree(). Fixes crash when unplugging a ucom(4) which cu(1) is running.
- When attaching disks, feed the disklabel(8) checksum to the random(4) pool as unique-esque-but-not-secret data.
- Use the manufacturer-supplied bios serial/uuid as a source of uniqueness to seed the random(4) pool on i386/amd64.
- Disabled sendmail(1) ident queries since ident(1) does not run by default anymore.
- Increase ip_ttl on packets from 16 to 128, so people living many hops from their dhcp(8) server can still get leases.
- Support src/libexec/identd's -e option in src/usr.sbin/identd(8).
- Speed up ffs disk access a little and fsck_ffs(8) substantially (see: www.mckusick.com/publications/faster_fsck.pdf)
- Reworked tee(1) to simplify, check errors against -1, remove casts, etc.
- Removed TIMESTAMP abstraction layer in make(1); adapt to time_t being 32 bits OR 64 bits.
- Convert softraid(4) RAID 4/5/6 to new ccb handling.
- Removed rarely-used identd(8) option for specifying which port you want to run on.
- Added identd(8) support for returning uids instead of usernames via -n, like libexec identd.
- Added identd(8) -N to let users put .noident in their homedir, to return HIDDEN-USER instead of their username.
- When using choose-tree -u, start with the current tmux(1) window highlighted.
- Get tmux(1) session of -t window rather than client's window.
- When dhcpd(8) is sync'ing, look for lease by hwaddr and then ipaddr. Fixes loops while sync'ing.
- Call recalculate_sizes() after killing a tmux(1) window, in case it is in a grouped session.
- Do not die when identd(8) parent process has a backlog of requests for the child process.
- Handle large time_t correctly in ray(4) debug code.
- Check for underflow before using ffs2 blockcount, as it is unsigned.
- Corrected tv_sec handling in scsi(4) mass storage debug code.
- Avoid truncating a pfctl(8) time_t division into days.
- Use arc4random_uniform(3) in mrouted(8).
- Don't let tmux(1) server_client_check_focus use a dead bufferevent.
- Let rtsold(8) handle exceedingly long uptimes; reset IPv6 timers upon reaching 2038.
- gio(4/sgi) now allows smaller-than-32-bit accesses to the ID register (on boards with 32-bit ID register) for better device detection.
- Unify the zs(4/macppc) tty driver across macppc, sgi, solbourne, sparc and sparc64 architectures.
- Convert softraid(4) RAID1 to the new work unit completion functions and generic interrupt handler.
- Unbreak edquota(8) by fixing the temporary file name template.
- Made umount(8) via DUID possible.
- When mount(8) is run in verbose mode, display f_mntfromspec if it differs from f_mntfromname.
- Disabled inetd(8) by default.
- On getty(8), use poll/nanosleep instead of select with a fixed size fd_set.
- Reverted rev 1.45 of usr.sbin/procmap/procmap.c.
- Stopped using unsafe random(3) in npppd(8), use arc4random(9) instead.
- Made i2c bit-banging code work with slow slave device (eg SDVO chips and DDC eeproms) found on some inteldrm(4) hardware.
- Cranked C_MAXFILE static limit of files to serve in rbootd(8). Existing limit of 10 is too small for some networks.
- Disabled time service (RFC 868) by default in inetd(8).
- Enabled active PS/2 multiplexing if available. Supported for i386 and amd64 except SMALL_KERNEL.
- Fixed npppd(8)'s PPPoE server, which was broken since last configuration rework.
- Added -o option to getopt string and usage in rdate(8).
- Use time_t instead of long for binutils archive timestamps, and print them as a long long.
- Disabled cpu migration code when on single processor systems.
- Log (at LOG_INFO) which interfaces dhcpd(8) listens to, and their addresses.
- Made rdate(8) -n the default; added -o flag for the old RFC 868 time protocol (which uses a 32-bit value for its wire protocol).
- For datagrams, inetd(8) now assumes other protocols should fail.
- ksh(1) now handles long long time_t.
- Added ksh(1) support for printing long long (%lld).
- find(1) now handles large numbers. Fixes time_t beyond 2038, constrains the range of i_num correctly, and now handles files > 4GB in size on 32-bit machines.
- Matched vacation(1) behaviour to current sendmail-based vacation.
- Make sure the fs blocksize doesn't get too big when using disklabel(8).
- Made rtsold(8), rpc.lockd(8) and rtadvd(8) print tv_sec properly.
- Added the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh(1).
- Fatal() ssh(1) when ChrootDirectory specified without root privileges (reintroduced without previous connection-killing bug).
- Fixed some ssh(1) memory leaks; bz#2088.
- Improved netstat(1) time_t handling and printing.
- Made ssh(1) "sftp -q" behave as documented and hush everything but errors.
- Accelerated scrolling backwards for intel(4) i915.
- Made ar(1) and ranlib(1) handle greater time_t, so that .a files will work after 2038.
- Added intel(4) i915 support for 16bpp mode to code that interfaces with the rasops(9) code.
- Print "UTC" at the end of dates in the dhcpd(8) leases file.
- Replaced hand-rolled date printing/parsing code in dhcpd(8) with strftime(3)/strptime(3).
- Resolver now checks return value of strdup(3) and take into account that asr_use_resolver() can return NULL; fixed mem leak in error path.
- Don't set the frequency of the statclock if we don't have one on amd64 and i386. Prevents strange hangs during reboot.
- Don't permanently avoid BRKSIZ gap for mmap(2). Allows some platforms, notably i386, to fully utilise their address space.
- Check memory pool we are about to init isn't already on the list, in order to detect double init and double destroy mistakes.
- Unbreak and cleanup nfsd(8) diskless swap automount.
- Adapted cron(8) and at(1) for future large time_t and tv_sec types.
- Variety of fixes to correct large time_t code in file(1).
- Long long and %lld for time_t output added to tmux(1).
- Add new ioctl command USB_DEVICE_GET_DDESC to usb(4) to retrieve the device descriptor.
- Reverted usr.bin/ssh/session.c rev 1.262 (it fails because the uid is already set there).
- Handle large time_t for kdump(1), sysctl(8), rtsold(8), csh(1), time(1) and mtree(8).
- Added secondary cache flushes to armv7's pmap(9).
- Correctly allocate a buffer for a uhci(4) transfer; do not pre-allocate TDs to put them in the free list.
- Pass state correctly so pkg_add(1) can do error messages.
- Fixed some AVPs of SCCRP to comply RFC 2661 in npppd(8): firmware revision and vendor name AVP are not mandatory; hostname AVP must have 1 octet at least.
- Fixed panic when pipex(4) session is terminated by idle timer.
- Stopped existing authentication being removed when the npppd.conf(5) configuration is reloaded.
- Fixed npppd(8) configuration options "max-session", "user-max-session", "strip-nt-domain" and "strip-atmark-realm".
- Fixed npppd(8)'s pppoed, broken since the last configuration parser change.
- Use the dd(1) and ed(1) that are on the install media, instead of the one post-install.
- Removed CTL_USER hierarchy from sysctl(3) and sysctl(8) (use sysconf(3) or confstr(3) instead).
- Implemented fdatasync(2) as a wrapper around fsync(2).
- Added SHA-224 to cksum(1). SHA-224 is to SHA-256 as SHA-384 is to SHA-512, and was in a later revision of FIPS-180.
- Backed out rev 1.17 of lib/libc/rpc/svc_tcp.c and its conversion to poll (to avoid endless loop).
- Reverted pckbc(4) sys/dev/pckbc/pms.c r1.37, now that we stop after the first matching protocol.
- Moved pckbc(4) IntelliMouse protocol definition after Elantech ones (some touchpads support both, we want to pick the latter).
- Stopped pckbc(4) probing for all supported protocols. It confused some touchpads and made it harder to pick the right protocol if a device answers to more than one magic sequence.
- Added escape codes for F21 to F24 to wscons(4).
- Support added for F13-F24 keys found on IBM 122-key pckbc(4) keyboards.
- Unbreak tape boot blocks on mvme68k (broken since the switch to the MI libsa loadfile code).
- To speed scrolling, framebuffer acceleration now uses the registers to determine first visible pixel; works even while X is running, and safely scroll when printing panic messages or if we've entered ddb(4).
- Added new option to xenocara to automatically build the Gallium3D software rasteriser as part of the libGL.
- Make sure drm(4) turns hsync/vsync back on at crt enable (v2) for intel i915 chipsets.
- Perform a warm reset instead of putting hardware into full sleep mode to avoid system hangs upon "ifconfig down up" with some AR5212 hardware.
- Fix cnmac(4/octeon) log messages displayed to the user.
- Remove some Korean characters from the tmux(1) utf8 zero-width list that shouldn't be there.
- Copy the tmux(1) client into the new cmdq in source-file so commands that work on it (such as new-session) can work.
- Enable the fallback method of getting the crt EDID on drm(4) if normal gmbus access fails for the intel i915 chipsets.
- Unbreak dhcpd(8) lease synchronisation by making the sync header contain the correct packet length even when padding is present.
- Call setlocale(LC_TIME) at tmux(1) startup.
- In the resolver, avoid a mem leak and reinit of context for each resolver call for single threaded programs.
- Send an SGR0 after turning on modifyOtherKeys, to fix tmux(1) Terminal.app which treats \033[>4;1m and \033[4;1m (bold+underline).
- Copy out a blank string if no wmesg, so userland can rely on reading sysctl(3) p_wmesg[0] and not find junk leftover from before.
- Quieten disconnect notifications on the ssh(1) server from error() back to logit() if it is a normal client closure; bz#2057.
- Fixed bug introduced in last commit, which led to pax(1) checking the typeflag after already overwriting it.
- Correctly handle data memory protection ID traps on hppa.
- compat_linux(8) fixes: assert that refcount is larger than 0 when doing futex_put; prevent multiple futex pool initialisations.
- Set EV_WRITE for jobs so tmux(1) run/if-shell jobs don't hang.
- Fixed tmux(1) bug where end guard in control mode was not printed after session destroyed.
- Get the standard path for which(1) and whereis(1) from _PATH_STDPATH instead of sysctl({CTL_USER,USER_CS_PATH}).
- Added a magic number to the head of the signature block to prevent accidental unhibernates and endless unhibernate/reboot cycles.
- newvers.sh uses "basename" for directory name to stamp the kernel version ID with. Permit paths with spaces in the name.
- Added extended header support for ustar in pax(1). Currently only path and linkpath are handled.
- Retry ftp(1) when SSL_read fails with SSL_ERROR_WANT_READ. Fixes the case where a https server attempts renegotiation.
- Show what was parsed in resolver debug output.
- Resolver will not fail anymore if the user buffer is too short to hold the packet: fill it to the given size, return the packet length.
- Plugged cmw(1) memleak: always need to menuq_clear even when a selection is made.
- Recalculate IP/protocol checksums of packets (re)injected via divert(4) sockets.
- Add new ioctl's USB_DEVICE_GET_CDESC and USB_DEVICE_GET_FDESC to usb(4).
- Allow octeon to find it's root device, based on the flags passed by U-Boot. Temporary fix until there are proper bootblocks.
- Made the resolver comply with RFC2553. Fixes hostname resolution for OpenVPN 2.3.1.
- Make the netinet6 SO_BINDANY socket option also work for raw IPv6 sockets.
- Check BGE_SGDIG_STS when the bge(4) chip is NOT a 5717 A0.
- Added an -E option to ssh(1) and sshd(8) to append debugging logs to a specified file instead of stderr or syslog.
- Turn a npppd(8) error into a warning to be able to start l2tp tunnels even if gre(4) is not allowed.
- Removed the rthreads sysctl(8), as they are always enabled.
- The new resolver will now not fail on EINTR.
- Extend com(4) to enable com3 on both i386 and amd64 (com4 config is added, but disabled).
- Cleanup ssh(1) mux-created channels that are in SSH_CHANNEL_OPENING state too (in addition to ones already in OPEN); bz#2079.
- Use the existing _PATH_SSH_USER_RC define to construct the other ssh(1) pathnames; bz#2077.
- Added gcc(1) support for "d" floating-point suffix, as defined by draft N1312 of TR 24732.
- Do not allow the listen(2) syscall for an already connected socket, as this would create a weird set of states in TCP.
- Fixed ufs bug where clear_remove() and clear_inodedeps() would not iterate over the entire pagedep and inodedep hash tables.
- Snapshots for the octeon platform are available now.
- Show only available actions in rc.d(8) script usage messages. Also, clean up the display of actions list.
- Make the resolver properly follow the CNAME chain in reverse lookups.
- Use MSG_NOSIGNAL when writing DNS queries over TCP sockets to ensure resolver doesn't trigger SIGPIPE.
- Honour PATH search order for cwm(1)'s exec.
- Other window managers grab the Xserver(1) during the whole client setup process, so make cwm(1) match. Avoids race conditions.
- Make it possible for ldomctl(8/sparc64) to explicitly specify the number of vcpus and the amount of memory for the primary domain. Also prevents people mistakenly creating two domains named "primary".
- Fixed drm(4) EDID detailed timing vsync parsing and frame rate.
- Backout drm(4) commit, which introduced a bogus check that could lead to an infinite loop in some eDP setups.
- Reverted rev 1.21, to fix a race condition where multiple mkdir(1) -p's trying to create overlapping paths in parallel could error out.
- Re-implemented tcp_read() in the resolver, so it can get the packet length in multiple reads.
- Have tht(4) set IFF_ALLMULTI when in promisc mode.
- Set the nxe(4) IFF_ALLMULTI flag as appropriate.
- Removed Evergreen IDs incorrectly added to radeon(4) radeondrm in the past.
- Changed smtpd(8) log format to fix a warning.
- A large number of subsystems and utilities adjusted to use large time_t.
- acpithinkpad(4) now ignores power change event from the newer thinkpads groups.
- Allow raw IPv6 sockets for ipsec(4) protocols, to match IPv4.
- If more than one lookup line is found in resolv.conf(5), the latest one takes precedence.
- The resolver will now properly check for domain name truncation at various places and fail if that happens.
- Build mips kernels with -G 0 so it will link.
- Updated ldomctl(8/sparc64) for some UltraSPARC T2 firmware which need "rngs" and "rng" nodes in the Hypervisor machine description.
- Avoid sdiff(1) memory leak while parsing diff's output.
- Enable the use of getaddrinfo() in libxcb, to allow X11 clients to talk to a remote server over IPv6 again.
- Added octeon as a supported hardware platform.
- Fix so the hp300 boot blocks compile again.
- Validate the softraid(4) crypto I/O request when it is first received, rather than waiting until disk I/O is performed.
- Make setrlimit(2) return EINVAL if rlim_cur > rlim_max, per POSIX.
- Added a default .cvsrc for cvs(1) to /etc/skel.
- Implement nameserver retry/backoff as in the old resolver(3).
- getaddrinfo(3) is now thread-safe.
- Use i2c bit-banging on the SDVO port for intel(4) i915, rather than using buggy GMBUS. Makes more digital video ports (DVI, HDMI) work.
- Unbreak the build on amd64 by making sure that inteldrm pulls in the generic i2c bit-banging code.
- Put back a space that got lost in fstat(1) state output.
- Do not transfer diverted packets into ipsec(4) processing, let them reach the socket the user has specified in pf.conf(5).
- Revert alpha and ppc to the binutils 2.15 state, to let a binutils 2.17 toolchain produce working binaries.
- Allow "0" as service name for raw sockets in getaddrinfo(3).
- Stopped async_resolver(3) assuming a local nameserver if resolv.conf(5) doesn't exist, and just use /etc/hosts.
- Unbreak drm(4) EDID fetching over displayport.
- Two fixes to drm(4) intel_sdvo_write_cmd(): allocate a large enough buffer to store messages; make sure we return true if we successfully transferred the command. Makes it possible to talk to the SDVO chip on the other end.
- In getent(1), use getaddrinfo() to display multiple addresses including IPv6.
- Prevent some undesirable interactions between using the brightness keys and wsconsctl(8) on the Dell XPS M1330.
- Restrict protocol numbers for raw sockets to the range from 0 to 255.
- Have smtpd(8) temporarily refuse new messages if file system holding the queue has less than 10% of disk space or inodes left.
- Fixed a ftp(1) memory leak during HTTP header parsing.
- Revert to the old method of intel(4) execbuffer pinning for i915.
- Provide a default softraid(4) discipline interrupt handling function and migrate all of the disciplines that now have the same interrupt code.
- Added function to read the MPCore base address on arm. Allows dynamically determining where e.g. the interrupt controller is.
- Correctly show the scope for IPv6 addresses in getnameinfo(3).
- Stopped the resolver failing in gethostbyname_async() when there are multiple addresses in a DNS packet.
- Prevent race conditions in smtpd(8) db file handling.
- Allow snmpd(8) to be put into read-only mode so that all "set" requests will be rejected.
- Fixed some missing sd_sync check/wakeup after scsi_io_put() calls in softraid(4).
- Fixed building urtwn(4) on the RAMDISK media.
- Prevent panic during rtsx(4) attachment if a card is inserted while booting and the interrupt handler triggered before sdmmc(4) is attached.
- Let mii_attach() know where the bnx(4) PHY is located (instead of scanning for it) since we know where it will be anyway.
- Switch to the new resolver implementation.
- Enable fmemopen(3), open_memstream(3) and open_wmemstream(3).
- If tmux(1) -s to swap-pane is not given, use the current pane.
- Make tmux(1) copy-mode -u still scroll up if already in copy mode, handy for people who bind it with -n.
- Let the new resolver accept and use any protocol specified by the caller.
- expr(1), csh(1) and ksh(1) will no longer die with SIGFPE on INT_MIN / -1 or % -1. Instead, INT_MIN / -1 == INT_MIN and % -1 == 0.
- Enable pax(1) support for write_opt=nodir for ustar archives. For tar archive readers that rely on appended "/".
- Added an open_wmemstream(3) implementation and fixed various issues for fmemopen(3) and open_memstream(3).
- Rewritten work unit handling code in the softraid(4) RAID 1/4/5/6 interrupt handlers. Ensures that work units are always removed from the pending queue and that colliders are started, even in the event of an I/O failure.
- Move the tmux(1) cursor back into the last column on CUU/CUD, to match xterm(1) behaviour.
- Make sure the new resolver only uses the search domains for DNS lookups, as the previous resolver did.
- Short-circuit screen switching on intel(4) i915 if we're switching to the screen that's currently active.
- Stop pci(4) rePOSTing devices supported by inteldrm(4), as the driver now properly restores the graphics mode.
- Added AES-XTS support to aesni crypto(4) driver on amd64. Allows softraid(4) to benefit from the AES-NI instructions on newer Intel CPUs.
- Only accept partial keys if the timer has not expired. Fixes infinite tmux(1) loop when escape is pressed the wrong number of times.
- During upgrade network setup, print friendlier error message if dhclient(8) is required but missing.
- Avoid null dereference affecting mod_perl, perl(1) RT bug 116441.
- Imported perl(1) 5.16.3 from CPAN.
- Added basic support for multiple screens to rasops(9), use this to provide proper virtual terminals to intel(4) i915.
- Fixed libkvm build on m68k.
- tmux(1) will try to establish client for run-shell and if-shell if no -t.
- Reverted the tmux(1) command-prefix change, which broke sequences of commands.
- Reseed the random(4) pool with the dmesg(8) when more devices are attached.
- Sync ospf6d(8) with ospfd(8): allow two minutes until neighbour adjacencies are formed; for point-to-point interfaces, send lsupdates to the interface address (since there is no DR and multicast messages to the DR will be ignored); improve snapshot handling.
- Create a new context when copying instead of using the (possibly nonexistent) input context. Fixes tmux(1) crash.
- Display the window's column number in the mg(1) mode line, not the column number of the active window.
- Write escaped tmux(1) output in control mode rather than hex.
- Allow tmux(1) to handle empty pending output (and not fail), and add \n.
- When only two panes are in a tmux(1) window, only draw half the separating line as active.
- Don't let tmux(1) display-message crash if no client.
- tmux(1) will now only send end guard if begin was sent.
- Process "^[" as meta when a partial key is found by tmux(1).
- Record when the buffer was saved in the mg(1) undo history.
- Handle "no client" better in tmux(1) display-message.
- Don't zoom windows with one tmux(1) pane.
- Correct line numbers for mg(1) undo-list.
- Added home and end (as modified by xterm) in tmux(1) keypad mode.
- Don't add prefix to tmux(1) %output pane id.
- Fixed tmux(1) if-shell and run-shell if there are no sessions.
- Added time and a command count to tmux(1) control mode guards.
- Fixed handling of short (< 4 character) checksums and a bug with parsing old-style custom tmux(1) layouts.
- Do not redraw tmux(1) panes if invisible.
- Add tmux(1) wait-for -L and -U for lock and unlock.
- Added tmux(1) wait-for command which blocks a client on a named channel until it is woken up again (with wait-for -S).
- Allow lastgc to be NULL in grid_string_cells so tmux(1) find-window doesn't crash.
- Preserve trailing spaces with tmux(1) capture-pane -J.
- Add tmux(1) -q flag to silence errors to capture-pane and show-options.
- Add -a to tmux(1) capture-pane, to capture alternate screen.
- Updated drm(4) libdrm to 2.4.42.
- Do not let pstat(8) or fstat(1) leak kernel pointers, unless operating as root.
- Added tmux(1) -A flag to new-session, to make it behave like attach-session if the session exists.
- Added resize-pane -Z to temporarily zoom/unzoom the active tmux(1) pane.
- Added a -o option to set-option, to prevent tmux(1) setting an option already set.
- Add a tmux(1) command queue to standardise and simplify commands that call other commands.
- Allow tmux(1) to handle focus events from the terminal.
- Expand format variables in the tmux(1) run-shell and if-shell shell commands.
- Added option command-prefix which is automatically prepended to any tmux(1) command (apart from a naked default-shell).
- Added support for focus notifications when tmux(1) pane changes.
- Reverted revision 1.138 of bsd.own.mk and switch amd64, i386, arm, sh and sparc64 back to binutils 2.15.
- Fixed bug in ld(1) --gc-sections to stop it stripping out .note sections. Unbreaks building chromium with binutils-2.17.
- dhclient(8) will now ignore client-identifier option sent by the server and instead record the local client-identifier used to obtain the lease, or construct one. Stops confusing servers when renewing a previous lease from a different MAC.
- Stop dhcpd(8) including the client-identifier option in OFFER or ACK messages, as per RFC 2131 4.3.1.
- Add tmux(1) -C and -J to capture pane to escape control sequences and to join wrapped line.
- Clear last attributes after reset in tmux(1) string_cells.
- Fixed tmux(1) so capture-pane/save-buffer can work in control clients.
- Add tmux(1) copy-pipe mode command to copy selection and also pipe to a command.
- Add -e flag to tmux(1) capture-pane to include embedded ANSI SGR escape sequences.
- Allow ospf6ctl(8) and ospf6d(8) use of an alternative control socket, ported from ospfd(8).
- Added resize-pane -x and -y to specify an absolute tmux(1) pane size.
- tmux(1) can now correctly handle UTF8 mouse option being toggled.
- In terminals with XT, tmux(1) activates/handles modifyOtherKeys=1 with the escape sequence, pass them through if xterm-keys is on.
- Reinstate ospfd(8) code to announce routes to backup carp interfaces, so that a specific route is maintained during failover.
- Stopped sysmerge(8) outputting a warning when the target of the link does not yet exist on the system.
- Backported fix to permit "xrandr(1) --output LVDS1 --mode 1280x800 --panning 1380x1024 --scale 1.8x1.8" to behave properly.
- Fixed tmux(1) non-prefixed bindings.
- Include the \033 in the tmux(1) key tree and adjust key matching for this change.
- Support tmux(1) capture-pane -p, to send to stdout.
- Detect on-die temp sensor for Atom E6xx on amd64.
- Add tmux(1) -c to refresh-client, to set client size in control mode.
- tmux(1) will no longer crash when calling choose-tree with a command that changes the mode.
- Add tmux(1) user options, prefixed with @. May be set to any arbitrary string.
- Add tmux(1) -v to set; and "setw" to show only option value.
- Allow formats in tmux(1) status options.
- Show alias in tmux(1) lscm output.
- Allow choose commands to be used outside tmux(1), so long as at least one client is attached.
- Fixed detection of the MAC address on cnmac(4/octeon) by reading it from the correct address.
- Use boot_info->config_flags to determine if the host has PCI capabilities. Fixes a hang on the EdgeRouter Lite.
- Enable drm(4) opregion code. Makes the brightness keys on x230 work.
- Correctly issue WSKBDIO_GETDEFAULTKEYREPEAT ioctl when wsconsctl(8) is getting the default repeat settings.
- 5.2 RELIABILITY FIX: Allow tftpd(8) to OACK and stop a segfault occurring.
A source code patch is available.
- Switched amd64, arm, i386, sh and sparc64 to binutils 2.17.
- Previous commit to i386/amd64 acpi_machdep.c broke suspend, now fixed by using the IPI that halts the CPU to save state.
- As non-root, whenever netstat(1) is about to print out a kernel pointer, print 0x0 instead.
- Only root can look at the kernel address space with procmap(1) now.
- Don't shutdown nc(1)'s network socket when stdin closes. Matches both GNU and Hobbit's netcats; -N reverts to old behaviour.
- Do not allow netstat(1) to expose a kernel address.
- Fixed return value of i2c_algo_dp_aux_exec, so getting the Extended Display Identification Data on displayport now works.
- When non-root asks sysctl(3) for kinfo proc or file requests, do not fill in any kernel addresses information.
- Do not touch the jumbo replenish threshold register on bge(4) chips that do not have jumbo support.
- Added a ruby20 FLAVOR to ruby-module(5).
- Don't advertise brightness control if it isn't supported by intel(4) i915 hardware.
- Added an OpenBSD-specific implementation of xf86-video-intel backlight control that uses the appropriate wscons(4) ioctls.
- Fixed race condition in socket splicing timeout which caused a uvm fault in sounsplice().
- Fix sudo(8) use_loginclass, backport from upstream.
- Updated to xf86-video-intel 2.20.19.
- Stop probing once touchpad detected. Stops pms(4) driver "not in sync yet" messages after attaching to elantech v2 hardware.
- Update intel(4) and the device-independent drm(4) code. Includes support for kernel modesetting and enables use of the rings on gen6+ Intel hardware.
- Updated sqlite(1) to 3.7.15.2.
- Provide a way for *drm(4) to prevent VGA text console wsdisplay(4) instance from attaching after it has control of the VGA hardware.
- Backout radeon(4) xf86-video-ati workaround for broken accelerated solid pictures with XAA on big endian architectures, and apply the correct fix (working at depth 16 and 24).
- Limit the identd(8) client to 256 bytes of input. If they send too much, just close the connection.
- Timeout based on the whole identd(8) session, not after every read/write. Stops clients from consuming fds on the server.
- Handle EMFILE/ENFILE from accept by disabling handling of events on the identd(8) listeners for a second.
- New identd(8) daemon, to replace the libexec one often run from inetd(8). An event driven non-blocking implemention.
- Added an interface to rebind agp(4) DMA mappings. For KMS to reload bindings after suspend/resume.
- Set glxpcib(4/loongson) "Power Immediate" bit upon attaching, so Fuloong can auto restart upon power failure.
- Updated nginx(8) to 1.2.7.
- Correct the clock speeds used to calculate int moderation values provided by the SK_IM_USECS() macro on msk(4) and sk(4).
- Added workaround for HW bug in bge(4) BCM5717/BCM5718/BCM5719-A0/BCM5720-A0 chipsets: don't include interface input drop counter in input errors.
- Apply the "AcceptPerfectMatch" workaround for sis(4) DP83815 chipsets to the 15D revision as well.
- Fixed size of unicast rx filter table on vio(4), to stop unicast address overwriting part of the multicast rx filter table.
- Updated fonts-conf(5).
- 5.2 and 5.3 RELIABILITY FIX: Stop bgpd(8) replacing an active during session startup.
A source code patch is available for 5.2 and 5.3.
- Allow tftpd(8) option ACK to negotiate 2 byte transfers with extra options.
- Fixed double free which occurred if a tftpd(8) option ACK failed.
- Don't unconditionally try to attach octcf(4) to a CF bus on octeon. Stops endless faults on the EdgeRouter Lite.
- Removed the unused sequencer(4) driver.
- Re-enabled build of Xserver(1) on hp300.
- Enable vge(4) flow control support.
- Fixed mii(4) flow control support; workaround for the IP1001 PHY where downshift support was not functioning properly.
- Install npppd.conf(5) with permissions of 0640, as there could be the radius config in this file.
- Disabled pie for lkm(4).
- Removed faithd(8) and faith(4).
- Make sure dhclient(8) doesn't delete IPv6 routes.
- Allow octeon to reboot by poking the right address for a soft cpu reset.
- In aucat(1) debug mode, log successful connections.
- Stopped sndiod(1) and aucat(1) displaying warnings if accept() returns ECONNABORTED or EWOULDBLOCK, as we do in other daemons.
- Fake "SMBIOS detection" for quirky Soekris boxes, to make it easier to attach device drivers.
- Require that the mktemp(1) template include at least 6 trailing Xs to match POSIX mkstemp/mkdtemp. Improved error messages.
- Fixed kernel profiling on MP systems by using per-CPU buffers and teaching kgmon(8) to deal with them.
- Allow snmpd(8) report new PF "translation" counter.
- Add pf(4) "translation" counter, use this (not "memory") when address translation fails due to no free ports in the configured range.
- Turn identd(8) off by default.
- Allow systrace(1), identd(8), uucpd(8), iked(8), nfsd(8), talk(1), tcpbench(1), bgpd(8), dvmrpd(8), ftp-proxy(8), inetd(8), iscsid(8), ldpd(8), ospf6d(8), ospfd(8), ppp(8), relayd(8), ripd(8), sasyncd(8), smtpd(8), snmpd(8) and syslogd(8) to handle ECONNABORTED errors from accept(2).
- When binding a lease, check for and clear out any "zombie" routes left behind by a dead dhclient(8).
- As per RFC 2131, stop dhcpd(8) ACK'ing any REQUEST containing a server-identifier option that specifies a different dhcp server.
- Removed the -I option from ndp(8).
- Do not start npppd(8) if a pptp tunnel is configured but the gre(4) protocol is not enabled.
- Flush writes to BGE_MI_COMM to avoid "APE lock request failed!" errors with HP 331T (5719) and 332T (5720) bge(4) cards.
- Changed relayd(8) to use the monotonic clock instead of gettimeofday() and call fatal() on error-that-should-not-happen.
- Removed obsolete sudo(8) code that used to change the mode of sudoers from the old (pre-1.6) default.
- Reserve a file descriptor on accept() for subsequent connect() call by ftp-proxy(8), as done in relayd(8).
- Put tip(1) back, but without the hardlink to cu(1) for now.
- Make it possible to override already attached wsdisplay(4) console later in the boot process. Needed for upcoming KMS changes.
- Workaround for some PowerBooks without an adb(4/macppc) bus, to prevent their PMU from shutting down the machine.
- Prevent gzsig(1) going into an endless loop on input error.
- Prevent gzsig(1) race condition by using already opened file descriptors. Properly presume owner/mode of gzip(1) file.
- Add new cu(1), a libevent-based implementation of the old tip(1)/cu(1) with a few new things (eg basic xmodem support). Disable tip(1).
- Always use the internal PHY on Apple variants. This unbreaks gem(4) on some PowerMac G5.
- Disabled re(4) IP checksum offloading for Realtek 8168 (broken if the packet has IP options).
- Updated to: xterm(1) 291, bdftopcf(1) 1.0.4, beforelight(1) 1.0.5, ico(1) 1.0.4, xcalc(1) 1.0.5, xfsinfo(1) 1.0.4, xkbutils 1.0.4, xsetroot(1) 1.1.1, xstdcmap(1) 1.0.3, xvidtune(1) 1.0.3, xvinfo(1) 1.1.2, xsm(1) 1.0.3, libXrandr 1.4.0, and xrandr(1) 1.4.0.
- Enable TCP socket splicing for HTTP persistent connection and chunked transfer encoding. Speeds up relayd(8).
- Updated to fontconfig 2.10.91 + a few local fixes: replaced ugly bitmapped Lucida fonts with Luxi or DejaVu TrueType fonts; moved the target of fontconfig recipes to the "pattern" from the "font" to add the default values properly.
- Rewrite the ste(4) receive filter handling code and cleanup the ioctl bits.
- First steps towards alphabook1 support.
- Allow ssh(1) "-f none ..."
- Implement a bgpctl(8) nei foo destroy that will remove the specified cloned neighbour.
- Better bgpd(8) templates support: on config reload adjust the cloned neighbours so that they get the config changes as well; clean up sessions that are 1h idle but in state active (instead of down); allow bgpctl(8) to destroy cloned neighbours.
- Added submethod support to sshd_config(5) AuthenticationMethods.
- Fixed return value of wcrtomb(3) in single-byte locales if the "s" argument is NULL.
- Allow a "+" in the cron(8) MAILTO email address.
- Per POSIX, if getconf(1) confstr() returns zero without setting errno ("no defined value") then print "undefined\n".
- Correct the delay when programming the sis(4) short cable fix to 100us, not 100ms.
- Fixed and simplified determining whether we're using an rl(4) 8129 or 8139 chipset. Allows D-Link DFE-520TX to work.
- Fixed ssh(1) public key and hostbased authentication when the client has specified a style (e.g. "root:skey").
- Fatal() ssh(1) session when ChrootDirectory is specified while running without root privileges.
- Account for the size of the allocation when defending the uvm(9) pagedaemon reserve.
- Sync yyerror() in ospfd(8), ospf6d(8), snmpd(8), dvmrpd(8), ifstated(8), ldpd(8), ripd(8), smtpd(8) and ypldap(8) with version in bgpd(8), so that it logs to syslog when daemonised.
- Patch for CVE-2013-1667 in perl(1): DoS in rehashing code (see http://code.activestate.com/lists/perl5-porters/191311/).
- When dumping ospfd(8) config, just print "passive" for passive interfaces rather than showing the "hello" timers and keys.
- Fixed a bad comparison when calculating the size of the hibernate code's signature block.
- Updated: rgb to 1.0.5, xev(1) to 1.2.1, and sessreg(1) to 1.0.8.
- Reset ssh(1) pubkey order on partial success.
- Let whois(1) -P do a query against https://www.peeringdb.com/.
- softraid(4) disciplines are now shutdown in reverse attach order, making manually stacked volumes more practical.
- Reorder pci(4) code such that wsdisplay(4) attaches after drm(4). Preparation for framebuffer console support on amd64/i386.
- When deleting an IPv6 interface address, also remove the prefix and the cloning route.
- Added HG20F9 usb ethernet to axe(4).
- Check ldomctl(8/sparc64) parser's return value and exit if parsing failed. Report syntax error with duplicated domain name.
- Use vlog() to log relayd(8) parser errors so they will show up in logs if they occur when reloading.
- When user(8) is locking/unlocking an account, never touch passwords that are "*" or 13*. Also make sure to never end up with an empty password.
- Fixed format string issue when printing an error out on bge(4) with APE and more than 4 pci(4) functions.
- Fixed ksh(1) quoting in word part of ${var+word} (and similar) when entire thing is quoted or in a here-doc.
- Disabled duplicate address detection on carp(4) interfaces, as the peer may have the same addresses.
- Make sure that IPv6 source address selection only chooses a carp(4) address if the interface is in master state.
- Fixed the combination of "j" format flag and the XPG "$" modifier in vfprintf(3).
- Unbreak softraid(4) compilation with debug enabled.
- Fixed pf(4) so when a pf.conf(5) containing "set tos" is followed by a scrub option, the tos will not be changed to 0x00.
- Properly conditionalise adding wscons(4) to the list of consoles on amd64 NWSDISPLAY.
- Always compare aliases(5) at the end of the sysmerge(8). Prevents newaliases(8) from failing due to smtpd.conf(5) syntax change.
- When passwd(1) is using an external password quality check program, don't run (potentially contradictory) internal pattern checks.
- Bring getconf(1) substantially up to spec with POSIX 1003.1-2008: 155 new names; support for the -v option. Added support for non-standard -L and -l options for listing the known names.