OpenBSD 5.5 released (May 1, 2014)
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
current.
Changes made between OpenBSD 5.4 and 5.5
- Made ssh(1) ignore environmental variables with embedded '=' or '\0' characters.
- Added -C checksum mode to signify(1), to make using sha256 files safer and easier.
- If a smtpd(8) peer advertises DSN and we don't want to use it, don't send trailing spaces (not all MTAs can cope).
- fdisk(8) -l option added, to force LBA mode.
- Fixed miniroot so it can get sets from a msdos partition.
- Allow pfctl(8) to use a "*" wildcard on the command line for anchors that were not initially specified with a "*".
- Stopped smtpd(8) missing F_BACKUP when dumping envelope (could break backup MX).
- Fixes backported from openssl-1.0.1f (CVE-2013-4353, CVE-2013-6449 and CVE-2013-6450).
- Made it possible to run X(7) with machdep.allowaperture=0 on hardware supported by radeondrm(4) on macppc too.
- Use a larger read buffer, to speed up ftp(1).
- Made ssh(1) cache OIDs of supported GSSAPI mechanisms before privsep sandboxing (bz#2107).
- Stopped ssh(1) assuming that a socks4 username is \0 terminated.
- Avoid early hostname lookups by ssh(1) unless canonicalisation is enabled (bz#2205).
- Fix armv7 install script to allow it to work on both sd(4) and eMMC.
- Support for ed25519 keys added to xdm(1) and xinit(1).
- Made azalia(4) wait until the RIRB DMA engine is ready, so audio device integrated in the Vortex86EX SoC will work.
- Abort/close all interrupt pipes when detaching HID devices (drivers attaching to uhidev(4) do not always do this).
- radeon(4) workaround for broken BIOS that don't assign an address to the ROM BAR.
- Revert r1.348 in sys/dev/pci/if_bge.c, to disable IPv6 TCP checksum offload for now.
- Bring back ehci(4) code suspending root hub's ports before reseting the controller (saves power when suspended).
- Fixed off by one leading to invalid host stats tree in smtpd(8).
- Added "-p " switch to fw_update(1), to specifying the location of firmware packages.
- Allow ssh_config(5) to cope with configurations that always refer to canonical hostnames.
- Made fw_update(1) print out the path to the firmware packages when in verbose mode.
- Give drm(4) a console locator, to make sure /dev/drm0 always matches the primary display.
- On mips64, increased _STACKALIGNBYTES, so long doubles on the stack are correctly aligned.
- Fixed crash in tmux(1) caused by uninitialised lastwp member of layout_cell.
- Basic i210/i211 support added to em(4).
- tmux(1) fixed for "-fg/-bg/-style" with 256 colour terminals.
- rc(8) now ignores blank characters at the end of ${pkg_scripts}, and will not execute /etc/rc.d/ in that case.
- /etc/random.seed support added to alpha, mvme88k and vax.
- Improved installer logic to find a filesystem to store the prefetched sets.
- Made pax(1) map negative mtimes to zero instead of skipping the affected files.
- Many fixes to drm(4) for i915.
- Check to see if an i386/amd64 CPU supports tsc, avoid illegal instruction trap when it does not.
- Stopped dhclient(8) creating default dhcp-client-identifier if an empty string has been configured as the value.
- Fixed tmux(1) memory leaks with paste_replace.
- Made it possible to build an i386 kernel with binutils-2.17 again.
- Allow mouse down and mouse wheel for any pane with tmux(1) mouse-select-pane (not just in copy mode).
- Fixed "p->p_wchan == NULL" panics seen with usb ethernet adapters.
- Call control_init() before daemon() so that iscsid(8) and iscsictl(8) reloads work.
- Stopped tmux(1) crashing when given an invalid colour.
- Added iked(8) "config address" syntax, to list a range of addresses to use in a specified flow.
- Basic iked(8) OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'.
- New smtpctl(8) "show status" command, to show if mta/mda/smtp are currently running or paused.
- Stopped smtpd(8) looking up pki based on hostname if one was specified for the listener.
- Fixed bcrypt(3) to avoid wraparound at 256 characters ("b" revision designation denotes fixed version).
- Added initial em(4) support for i354 MAC and M88E1543 PHY.
- Unbroke ld.so(1) with ssp-strong/all on sparc64 and powerpc.
- Avoid spurious "getsockname failed: Bad file descriptor" errors in ssh(1) -W (bz#2200).
- Preliminary nep(4) driver for the Sun Neptune 10/100/1000/10G Ethernet chip.
- In radeon(4) drm code, fixed surface sync in fence on cayman (v2).
- Allow X(7) to run with machdep.allowaperture=0 on inteldrm(4) and radeondrm(4).
- Implemented the roff(7) ".as" request (append to user-defined string).
- Let roff(7) handle some read-only number registers (e.g. .H and .V).
- Re-added audio devices to the zaurus.
- Updated to xterm(1) version 301.
- Updated to xf86-video-intel 2.99.910 (aka 3.0RC10).
- When terminfo(5) has colors#256, tmux(1) will now use setaf and setab for the 256 colour set.
- Made C-j the same as C-m with tmux(1) mode keys.
- In qle(4), added firmware for isp25xx; added isp25xx support.
- Removed isp24xx-related code. Broken, and superceded by qle(4).
- Fixed strptime(3) logic bug, as tm_yday can only be inferred if both tm_mday and tm_mon are set.
- On i386/amd64, allow "disabling" of pagefaults, needed for some inteldrm(4) "fast" path code.
- Fixed drm(4) bug which only copied out 32 bits of a 64-bit value.
- Octeon now partially supports the D-Link DSR-500.
- When sending neighbour advertisements, use the carp(4) mac address as target lladdr.
- Allow larger totals to be displayed by iostat(8).
- Show in dmesg(8) when an attached sd(4) is readonly, makes it clearer why write operations fail.
- Introduced the qle(4) driver for QLogic ISP24xx fibre channel HBAs.
- Made iked(8) set the msg_responded flag on the original message.
- New dd(1) operands "status=noxfer" and "status=none", to suppress status lines printed to stderr.
- Support for Intel Centrino Wireless-N 2200/105/135 added to iwn(4).
- Stopped systat(1)'s pftop leaking memory at every queue refresh.
- Build isp2xxx firmware into separate object files, to only include one when both isp(4) and qla(4) are enabled.
- On sgi, block all interrupts that can grab the kernel lock.
- Intel Centrino Wireless-N 2230 support added to iwn(4).
- Fixed tmux(1) xterm-keys change where some keys (e.g. \033OA) were wrongly treated as partial matches.
- Run the serving and privileged ntpd(8) processes at high priority, to lower latency.
- Fixed MAC address format to let ospf work on myx(4) even without PROMISC enabled on a network interface.
- Fixed drm(4) ttm: to handle in-memory region copies; ttm_bo_move_memcpy; memory type compatibility checks.
- arc4random_uniform(3) returns a value strictly less than its argument; fixed arithmetic so that PID_MAX can be reached when the kernel is forking.
- Many drm(4) on radeon(4) fixes, including: dac handling improvements; endian bugs; LCD record parsing; handling of variable sized arrays for router objects; panel scaling with eDP and LVDS bridges.
- Added support in binutils for i386 XSAVE family of instructions: xgetbv, xsetbv, xsave, xrstor, and xsaveopt.
- Fixed pmap(9) on vax when processes are using more than 512KB of stack.
- Fixed failure of dhclient(8) to write resolv.conf(5) when -L is used; made add_address() and add_route() also wait until imsg is in pipe.
- Stopped pkg_add(1) taking crypto sigs into account for "always-update" comparisons (the sig will always differ).
- Stopped malformed IMSG_HUP messages causing the privileged dhclient(8) process to exit.
- Fixed memory leak introduced in r1.96 of sys/dev/usb/usb_subr.c.
- Fixed system hang issue when using radeon(4) KMS with older cards; fixed drm(4) card_posted check for newer asics; fixed endian issues with DP (v3) handling.
- Rectified lock order reversal problem to stop panics seen in multi-threaded programs when using gdb(1).
- When running sysmerge(8), only create DBDIR if it does not exist.
- Made bus_dmamap_load(9) and bus_dmamap_unload(9) "mpsafe" on hppa.
- Create dhclient(8) lease files and dhcpd(8) lease files with permissions 0640, rather than 0000 and 0664 respectively.
- Be less verbose for pkg_delete(1) -X.
- Stop disabling/enabling interrupts in the interrupt handler for "chip type D" (Marvell 9580).
- Copy the correct number of channels in sndiod(1) join/expand.
- Use the proper integer width when sndiod(1) calls AMSG_ISSET().
- Macppc G5 systems with >2GB RAM now report correct amount of memory (kernel still only uses the lower 2GB).
- Changed pkg_add(1) default to requiring signed packages.
- Limit the number of currently opened pkg_add(1) packages, to limit memory usage.
- Fixed booting of socppc n1200 with a usb disk plugged in.
- Allow 64-bit page table entries on mips64 and sgi, making physical memory beyond 16GB addressable by pmap(9).
- Stopped attempting to initialise the time from an uninitialised variable on socppc.
- In the installer, make sure a free bpf(4) exists before dhclient(8) is run.
- Fixed remote printing by lpd(8) which was broken in r1.50 of printjob.c.
- Made carp(4) send IPv6 neighbour advertisements with the "router" flag when acting as router. Stops clients losing default routes during carp(4) failover.
- Updated to sendmail(1) version 8.14.8.
- Made dhclient(8) create "-L" leases files with the same 0000 permissions as regular leases.IF files.
- Log when dhclient(8) fails to fchmod(2) or fchown(2) the file written in priv_write_file().
- Fixed inet6_opt_init(3) to only check extlen when extbuff is not NULL (as per RFC 3542).
- Fixed regression in ssh(1) for UsePrivilegedPort=yes.
- Only set the cwm(1) urgency flag if the client is not active.
- Fixed a MP race in the alpha's fpu context saving code.
- Stopped tcpdump(8) segfaulting on IPv6 NFS traffic.
- Made pax(1) cope with a stripped down format list (e.g. when compiled with -DNOCPIO).
- Fixed spurious SIGSEGVs in inteldrm(4) with xf86-video-intel version 2.99.909.
- Fixed myx(4) race, which prevented the driver from transmitting packets.
- Always reset the signature when fdisk(8) is writing an MBR to disk, to ensure MBR is readable by disklabel(8).
- kvm(3) crash dump parsing fixes: correct paddr in process info and pids in file info.
- Made syslogd(8) ignore ENETUNREACH, so remote logging is not stuck after a "network unreachable" error.
- Added smtpd(8) support for DSN and Enhanced Status Code.
- Allow the smtpd(8) admin to pause relaying to a specific domain.
- Socketmap table backend added to smtpd(8).
- In smtpd(8), extend the allowed charset for email address; escape potentially dangerous ones.
- Fixed smtpd(8) dump function which occurred with some flag combinations.
- Reverted broken part of sys/dev/pci/if_bge.c r1.329 (link state handling for the BCM5700 B2).
- Delayed lowercasing of hostname until right before hostname canonicalisation, to unbreak case-sensitive matching of ssh_config(5).
- Fixed dpb issue with E=x11/qt3.
- Fix ssh(1) memory leak in ECDSA_SIG_new().
- Stopped ucom(4) trying to cleanup if it is being detached when returning from tsleep(9). Fixes a panic.
- Fixed a null dereference introduced when uftdi(4) was converted to use usbd_is_dying().
- On alpha, make sure sched_init_cpu() on the secondary processors is invoked with the kernel lock held.
- Stopped pkg_add(1) mixing up the list of manpages to be deleted with those to be added.
- Store a compact form of manpages when running pkg_add(1).
- Updated to xf86-video-intel 2.99.909.
- Properly clean up after sysmerge(8) is run.
- Build bsd.mp on the alpha platform.
- Allow use of "*************" as password in the installer response file for accounts with password logins disabled but login (e.g. with ssh-keys) still possible.
- Simplified how "kept" packages are handled by pkg_add(1).
- Rearrange interrupt register processing for 2200s. Makes onboard FC controllers in Sun systems work better.
- Converted memset(3) of potentially-private ssh(1) and sshd(8) data to explicit_bzero().
- Improved cut(1) POSIX compliance: continue to process the remaining file operands even after not finding an input file.
- On alpha, manage a per-cpu pmap(9) free entries queue, in addition to the in-use queue to avoid corrupting memory; simplified try_lock(), to avoid one forward branch in the common case.
- Take bwidth into account for the cwm(1) menu's position and size.
- Fixed pkg_add(1) kept packages bug (they have to be completed somewhere).
- When pkg_add(1) is stopped by ^C^C, try to exit only when the database is in a safe state.
- drm(4) i915 now invalidates TLBs for the rings after a reset.
- On amd64, removed some of the excessive cache and TLB flushing going on during hibernate unpack.
- Allow the cwm(1) config parser continue parsing even after encountering an error.
- Replaced most usages of bzero(3) with explicit_bzero in ssh(1) and lib/libutil/bcrypt_pbkdf.c and pkcs5_pbkdf2.c.
- Fixed partial matches in tmux(4) with xterm-keys on.
- Add \033[18t window operations to tmux(1).
- Set IFCAP_VLAN_MTU on tl(4) to allow for VLAN sized frames.
- If a scsi(4) device doesn't have device ids or serial numbers, try using node_wwn to generate a devid.
- Fixed VCPU reset sequence bug on bge(4) BCM5906.
- Simplified adjtime(2) by keeping track of the adjustment in a 64-bit integer. Stops ntpd(8) losing sync.
- Stopped umodem(4) matching control interfaces if data interface is missing or already claimed. Fixes Ericsson F3507g.
- Made sure partial installs of a package are handled properly by pkg_add(1).
- Added an MI api for atomic ops (e.g atomic_add_int(9)) in the kernel.
- Added a -d flag to fw_update(1), to remove the specified firmware packages.
- Added fuse(4) support for IO_APPEND.
- Check command name/path for truncation and provide user feedback during cwm(1) config parse .
- Fixed ftp(1) progress meter, broken after the introduction of the '-D' flag
- Allow replacing separate foo-{fg,bg,attr} tmux(1) options with a single foo-style option (e.g. "set -g status-style fg=yellow,bg=red,blink").
- Remember the last active tmux(1) pane in the top-bottom or left-right cell so that it can be restored when using selectp -L/-R/etc.
- Enable IPv6 TCP checksum offload for bge(4).
- Check cwm(1) "ignore windowname" for truncation and provide user feedback during config parse.
- Error out on an unacceptable worm(6) length argument; start with the cursor on the worm's head.
- nginx.conf default changed to stop sending nginx(8) version number in error pages and "Server" header.
- cwm(1) now follows the EWMH spec: if the cardinal returned is 0xFFFFFFFF (-1) then the window should appear on all desktops.
- Added CoreChip RD9700 support to udav(4).
- Dropped FETCH_CMD from sysmerge(8), now always use ftp(1).
- Fixes/workarounds for bge(4) BCM5719/BCM5720/BCM57765/BCM57766 chipsets; added support for the new BCM5762 ASIC (BCM5725/BCM5727/BCM57767); added all of the newer PCI ids.
- Replaced ssl(3) HMAC and MD5 with implementations based on native sshd(8) ssh_digest_*.
- Removed the no-op flags -L and -V from compress(1); removed -g flag from gzip(1) (non-standard, only makes sense in compress(1)).
- Enhance sysmerge(8) errors output and display what is going on.
- Enabled IPv6 checksum offload in jmw(4).
- Attempt to make user changes of keyboard layout configs more "sticky" on wsmux(4).
- Work in progress code added for SMP on the alpha architecture.
- Installer fixes to: extend logic for finding a location to place prefetched sets; complain loudly on errors and give users a chance to react; improve detection of ftp(1) fails while fetching sets; be more cautious while removing temporary directories.
- tcpdump(8) now correctly shows that checksums of zero are invalid when listening to UDP over IPv6 traffic.
- Stopped ufs_setattr() assuming atime/mtime/ctime flag bits needing to be updated weren't already set.
- Stopped pkg_add(1) allowing file permissions to be adjusted without an explicit @mode annotation.
- Changed the default pf.conf(5) block policy to "block return".
- Reverted counter size changes in netinet, as it broke netstat(1).
- Added a special case to ssh(1) for the DH group size for 3des-cbc, which has an effective strength much lower than the key size.
- Corrected parsing of dhclient.conf(5) statements "fixed-address" and "next-server".
- Ditched kernel high and low water marks for vfs(9) pages and replaced with a single target, to minimise use of biglock.
- Disable lapic when halting CPUs on i386, for improved suspend.
- Implemented the traceroute6(8) "-c", "-D" and "-S" flags (from traceroute(8)).
- Improved formatting of broken blocks in mandoc(1) -Tman.
- When a disklabel(5) is read from a MBR partitioned disk, preserve any changes the user makes with disklabel(8) "-b".
- Made iked(8) re-lookup the policy as soon as we have the ID of the peer (destid).
- Enabled format-string checks for log_*() in iked(8).
- Made sure iked(8) sa_lookup() can actually find the SAs.
- Stopped iked(8) leaking prv RSA key for each signature.
- Avoid wdc(4) panics where free_xfer is called after scsi_done calls xfer_put.
- In bgpd(8), corrected the matching for filter rules of "prefixlen = XX".
- Fixed VRAM size calculation for VRAM >= 4GB, and many other fixes for radeon(4).
- Fixed a use-after-free when GPU acceleration disabled; many more drm(4) fixes.
- Killed (inaccurate) hardware checksummed packet counters and use software counters instead; switched netstat(1) to use them.
- Allow the special bgpd(8) case of making a route valid before setting the blackhole flag on it.
- Support multi-stream archives in pkg_sign(1), storing packing-list as a separate stream for efficiency.
- Made cwm(1) supply a more useful title for windows launched via the ssh(1) command menu ("[ssh] ").
- Switched radeon(4) drm to MSI on the cards that support it.
- Added -D shorttitle support to ftp(1).
- Added initial softraid(4) support for rebuilding a RAID5 volume.
- Fixed resume on some radeon(4) rs4xx(v2) boards.
- Support paste key in tmux(1) copy mode input (for search etc); clamp length to screen width.
- Properly release X(7) resources during cwm(1) teardown.
- Streamlined cwm(1) event loop/restart/quit handling.
- Implemented the "\:" (optional line break) escape sequence in mandoc(1).
- Do not permit periods in tmux(1) session names.
- Only exit tmux(1) copy mode at the bottom if no selection is in progress.
- bus_dmamap_load(9) and bus_dmamap_unload(9) made mpsafe on sparc64.
- sysmerge(8) cleans up work directory better; improved handling and comparisons of symlinks; simplified signature handling.
- Removed genmask support from route(8).
- Fixed problems installing from atapiscsi(4) cdrom devices.
- Added CoreChip RD9700 support to udav(4).
- Fixed a bug where stale bgpd(8) routes were not properly flushed on sessions announcing the graceful restart capability.
- Made sure the disklabel(5) is written to the correct spot on devices with non-512-byte sectors.
- Improved isakmpd(8) randomisation.
- Introduced fine grained locking to myx(4) (only from the interrupt side).
- Fixed a double free caused by a relayd.conf(5) config with two "listen on" statements in a relay.
- Allow pflow(4) to determine the src IP address based on the route table if flowsrc is not set.
- Added a virtio(4) random driver.
- Enabled mpsafe interrupts on pyro(4/sparc64).
- Do not clean the multicast records of an interface when it is destroyed (as pcb multicast options might keep a pointer to them).
- Disabled lapic when halting amd64 CPUs. Fixes suspend on some machines.
- Enabled signature checking by default to sysmerge(8), with new option -S to skip.
- Allow dhclient.conf(5) to specify "fixed-address", "next-serve", "filename" and "server-name".
- When creating the effective lease, dhclient.conf(5) can now override anything in an offer or saved lease.
- Fixed softraid(4) RAID5 write functionality: changed parity calculation algorithm to avoid volume scrubs; allow writes to function correctly even when a chunk is lost.
- Allow pf(4) to match "any" interface (excluding loopback).
- Added sdmmc(4) support to i386/amd64 install media.
- Fixed lpd(8) race condition during symlink check.
- Added ubcmtp driver for Broadcom multitouch trackpads (on some MacBooks) enabling multi-finger gestures with synaptics(4).
- Convert the softraid(4) work unit workqs to taskqs.
- Added strong stack protector mode for propolice in gcc(1) version 3.
- Support added to pfctl(8) for "!received-on ".
- Allow the Alix APU to reboot by changing the acpi(4) checks.
- Added newqueue support to systat(1) for the queue view.
- Allow vio(4) to recover after running out of mbuf(9)s.
- Allow userland to pass RTF_MPATH flag. Unbreaks multipath routes.
- Set initial pf(4) ruleset to explicitly allow dhcp / bootp and dhcpv6. Lease renewals blocked without this change.
- Introduced fine grained locking around the lists of packet handlers myx(4) maintains.
- Reworked parsing of numbers by dhclient(8) to improve the error messages.
- Introduced qla(4), a new driver for Qlogic fibre channel HBAs (only ISP23xx so far).
- Count dropped icmp(4) errors when the rate limit is exceeded. netstat(1) will report this now.
- When installboot(8) is copying files, do it in 512 byte blocks to appease install media.
- Merged mesa 9.2.5.
- Reworked installboot(8) to use a single directory with a single makefile.
- Call random_start() immediately after cpu_startup.
- Support a second -v on mandocdb(8), to show keys while they are being added.
- Unlink an associated pf(4) divert state when a socket connection gets destroyed.
- Made mos(4) pass received broadcast frames explicitly if not in promiscuous mode. Fixes a problem with initiating connections.
- Stopped xterm(1) "-hold" from chewing CPU cycles.
- Remove the RAID 4 discipline from softraid(4). RAID 5 should be used instead.
- Updated the radeon(4) drm headers based on libdrm 2.4.51; updated libdrm to 2.4.51.
- Added installboot(8) "-r", to allows the mount point of the root filesystem to be specified.
- Stopped dhclient(8) following symlinks for -l and -L arguments.
- Made dhclient(8) parse_X return -1 when it encounters a parsing error. Enables recognition of zero length value vs parsing error.
- Fixed off-by-one on specially crafted /etc/shells file.
- Optimisations to mandocdb: db build time goes down by 10% (now 1.9x of makewhatis(8)); db size goes down by 4% (now 11x of makewhatis(8)); db build time with -Q goes down by 15% (now at 0.28x of makewhatis(8)); db size with -Q goes down by 3% (now 3.35x of makewhatis(8)).
- Avoid size_t overflows while dhclient(8) is reading /etc/resolv.conf.tail, and in file(1) apprentice_map.
- Added support for mknod(8) in fuse(4); removed an infinite loop in fuse_device_cleanup().
- Incorrect cast to size_t removed from sftp(1), which broke resume of large downloads.
- Added more luna88k-specific initialisation in xf86-video-wsfb.
- Re-open the default pipe with updated values when attaching a new ohci(4) or ehci(4) device, so the device will be recognised.
- Added support for the DS1337 TOD octrtc(4/octeon) clocks.
- Added md5(1) -C option (to only do checksum comparison for specified files).
- Initialise _res.nsaddr_list in res_init(), fixing some programs which depend on bind resolver internals.
- Reset the top(1) cursor position each time there is a resize event.
- Added new option "-fstack-protector-strong" for gcc(1) version 4.
- Added the "next" keyword as an alias for "+ 1" for relative times with at(1); support "months" and "years" relative time units (all per POSIX).
- When parsing dhclient.conf(5) or dhclient.leases(5) and encountering a "}" or a ";", always continue reading rest of file.
- Enabled gcc(1) -Wbounded by default.
- New signify(1) options: -m message and -x signature.
- Reverted to pkg_add(1) PackageRepository.pm r1.97, as there is a memory leak when using internal GZip.
- Updated to freetype 2.5.2.
- Added -DNOCPIO option to pax(1), for use by distrib/special
- Let tcpdump(8) detect bad ICMP/ICMPv6 checksums with the -v flag.
- While the hibernated image is being unpacked, acpi(4) now demotes APs to real mode, place them in HLT loop. Fixes some spurious reboots on resume.
- Added MSI support to jme(4).
- Corrected sigpending(2) argument handling, to stop it writing to the wrong memory on hppa and hppa64.
- When md5(1) is using a checklist, print MISSING for non-existent files.
- Fixed ping6(8) bug where binary built with stack-protector-strong would fail to set the routing table id.
- Made ddb(4) "show mbuf" print all mbuf(9) fields in a consistent way.
- Don't let ssh(1) or sshd(8) connect to clients/servers that suffer from SSH_BUG_DERIVEKEY. These are too vulnerable to KEX attacks.
- Option "-e" for embedded signatures added to signify(1).
- Allow tmux(1) "attach-session -t" to accept a window and pane to select them on attach; made "switch-client -t" accept a window and pane.
- tmux(1) changes: check for truncation when copying path; don't use a temporary buffer in screen_set_title; include strerror in output when connecting to server fails.
- Fixed the radeon(4) burner method, ensuring cookie is a pointer to rasops_info. Fixes hangs on shutdown.
- When sftp(1) is formating the time, show dates in the future with the year; fixed incorrect date calculations.
- Updated pax(1) -v format to match ls(1) -l: display the year for dates in the future; eliminate bogus handling of LC_TIME environment variable.
- Per POSIX, times in the future are now reported by ls(1) with the year.
- Added support for -h hashfile to cksum(1), md5(1), sha1(1) and sha256(1).
- Updated to libXfont 1.4.7 (includes fix for CVE-2013-6462).
- 5.3 and 5.4 SECURITY FIX: CVE-2013-6462: unlimited "sscanf" can overflow the Xserver(1) libXfont stack buffer.
A source code patch is available for 5.3 and 5.4.
- Restrict what characters can be in a pkg_add(1) signer, to make certain it's not possible to go ../ from /etc/signify.
- Propagate an rdomain number to the icmp6(4) nd6_lookup independently from the ifp pointer. Prevents a crash.
- Follow-up fixes for IFID collision handling in IPv6CP; properly change the link-local address.
- Made pkg_add(1) verify all checksums, including special files (e.g. prevents people from tampering with DESC).
- Sped up mandocdb(8) -Q by another 3% (now at 39.5% of makewhatis(8)).
- Delay checking vnode(9) locking of the target vnodes in tmpfs_rename() until we've confirmed they're on the same filesystem as the source.
- Allow pkg_add(1) processing of package lists in parallel, a large speedup when re-gzipping a signed package.
- Enable memory beyond 1.5GB on sgi octane, to test if kernel panics seen on some MP systems have been fixed.
- More speedups for mandocdb(8) -Q mode, found with gprof(1).
- Fixed sparc64 kernel profiling.
- On sgi, let 2048-byte sector media use a volume header using fake 512-byte sectors, yet still allow reading the native label from it.
- Fixed mandocdb(8) -d and -u (broken by recent optimisations).
- Make sure in6_ifdetach() removes the ff01::1 route for the detaching interface, too.
- make(1) "target: prereq" solving now done after parsing, not during command execution.
- Added option -Q (quick) to mandoc(1), for accelerated generation of reduced-size databases.
- On i386/amd64, don't use the first 64KB memory for anything (including tramps and uvm). Avoids possible corruption by buggy BIOS SMM code.
- Hooked installboot(8) into the build.
- No longer have "unreachable manuals", removed the code from mandoc(1).
- /dev/random added to the install media, providing additional usable entropy for bsd.rd and first boot.
- Fixed vgafb(4) on macppc to bring back textmode cursor.
- Updated to x11proto 7.0.25 and xauth 1.0.8.
- When rebooting from single user mode, stopped init(8) raising securelevel(7) at rc.shutdown(8).
- Ensure we close the socket to the whois(1) server before returning, to avoid a loop.
- Made pf(4) queues properly disappear when interfaces are destroyed.
- Updated to: xf86-input-elographics 1.4.1, xf86-input-joystick 1.6.2, xf86-input-vmmouse 13.0.0, libpciacces 0.13.2 and glproto 1.4.17.
- Calculate proper cwm(1) menu width/height on the first Expose event.
- Allowed cwm(1) to accept _NET_WM_DESKTOP and _NET_CURRENT_DESKTOP ClientMessage.
- Don't allow cwm(1) to resize to 0x0 during mouse resize.
- Added primary support for luna88k 4bpp/8bpp frame buffer, with colour support on the luna wscons(4).
- Updated to xterm(1) to version 300.
- Temporarily disabled ahci(4) MSI for Samsung XP941.
- Tweaked azalia(4) to enable beep and CD controls on ALC282, ALC221 and ALC269.
- Fixed mkuboot(8) "make bsd.umg"; allow it to handle PT_LOAD, fail on any others.
- Fixed deadlocks when sndiod(1) device slot uses the SIO_SYNC mode.
- Fixed ztsscale(8/zaurus) after struct wscons_event size change.
- Don't consider ld.so(1) to be successfully built unless a test program using it works.
- Experimental feature to let apropos(1) show different keys than .Nd.
- Added signify(1), a tool to sign and verify signatures.
- First steps to replacing the Berkeley-DB based mandocdb with an sqlite3(1) version.
- ssh(1) and sshd(8) now refuse keys from clients/servers using obsolete RSA+MD5 signature scheme.
- Reverted rgephy(4) to pre r1.25 behaviour: fetch link and media status when attached to re(4).
- Enabled azalia(4) snooping on Lynx Point-LP HD Audio. Fixes Acer Aspire E1 572G audio.
- Support .St -p1003.1-2013, "IEEE Std 1003.1-2008/Cor 1-2013" in mdoc(7).
- Corrected initialisation of the Bt458 in the luna 8bpp frame buffer.
- Stopped mandoc(1) triggering end-of-sentence spacing (near period) at partial implicit macros.
- When showing ssh(1) hostkeys, show ed25519 keys as well.
- Stopped ssh(1) refusing to load ed25519 certificates.
- Allow deletion of ed25519 keys from the ssh(1) agent.
- Allow ssh(1) ed25519 keys to appear as certificate authorities.
- Call PHY_RESET upon attaching eephy(4) to trigger PHY initialisation (to match behaviour before r1.52).
- i386 now uses PIE.
- Update to Xserver(1) version 1.14.5 (mac68k and mvmeppc are no longer supported).
- Added installboot support for vax, hp300, hppa64, sparc64 and landisk.
- arc4random(3) accessible by init(8), leading to random pids for anything besides 0 and 1.
- Create a seed file for the bootloader in /etc/random.seed, for random data very early in the boot process.
- Free(bbp) in newfs_ext2fs(8) error paths (coverity CID 274748).
- "/stand" directory removed (has not been used in decades).
- Provide a bootstrap implementation for use with architectures like hppa, landisk and vax.
- Initial version of a unified installboot(8). For now only for i386/hppa/amd64.
- rc(8) will now report absence of pkg_scripts.
- Properly remap mandoc(1) \B, \H, \h, \L, and \l to ESCAPE_IGNORE.
- Parse and ignore the roff(7) escape sequences \d (move half line down) and \u (move half line up).
- Implemented .Fo/.Fa/.Fc indentation and break handling for mandoc(1) -Tman.
- Probe for a keyboard on all iockbc(4/sgi) ports, attach to the first one found.
- Fixed pkg_add(1) autoloading of quirks; avoid loading the old quirks file; always report if quirks should be there if it can't be loaded.
- In the SYNOPSIS, implemented hanging indentation for .Fo and avoid mandoc(1) outputting line breaks inside .Fa arguments.
- Added mdoc(7) support for .St -xsh4.2, the System Interfaces part of the original Single UNIX Specification.
- Final circleq to tailq fix for netstat(1), tcpbench(1) and systat(1).
- Stopped mandoc(1) breaking output lines in .Fn function arguments in SYNOPSIS mode.
- Rearranged/corrected bpf(4) timeout conditionals. Fixes negative timeout panics.
- Implemented SYNOPSIS .Fn indentation for mandoc(1) -Tman.
- Stopped mandoc(1) outputting line breaks after block macros spanning more than one input line when encountering a ".Bk".
- Added ftp(1) support for SSL/TLS server certificate validation (enabled by default); allow setting preferred ciphers.
- Fixed mg(1) bugs: dotline off by one when adding newline at EOF; align and sync dotlines when displaying the same buffer in two windows.
- Allow pkg_add(1) to cope with the change in ftp(1) warning messages.
- The xbase set requires the comp set. When installing, include comp automatically if xbase is selected.
- Fixed IPv6 functionality in tftp-proxy(8); implemented "-a" option to make it work on a NAT gateway; generate pass rules instead of erroring out when no address for the current AF was specified.
- Revert previous acpi(4) commit, which made resume hang on some GENERIC.MP systems.
- Made ld.so(1) pass its cleanup handler, stopped it calling atexit(4) directly on i386, sparc64, alpha, powerpc, amd64 and hppa.
- In mandoc(1), implemented hanging indentation for .Fn in SYNOPSIS mode.
- radeon(4) now tries to keep the framebuffer console layout set up by the firmware on sparc64.
- On alpha, set the primary CPU's PAL revision correctly, to properly spin up secondary processors.
- Implemented mandoc(1) end-of-sentence spacing at the end of man(7) macro lines.
- Fixed dhclient(8) "string constant too long" errors when reading back a lease with filename or servername attributes containing escaped characters.
- Save and restore acpihpet(4) configuration on suspend/resume.
- Fixed locking in the drm(4) i915 page fault handler.
- Allow kdump(1) to recognise itimer and ktrace facility names to {get,set}itimer() and ktrace().
- Add support for truncate in fuse(4).
- Added vioscsi(4) driver, work-in-progress but functional enough to work with both Google Compute Engine and RHEVM.
- Made mg(1) set the correct line number after successfully searching with re-search-{backward,forward}.
- Fixed ksh(1) crash when trying to access ${12345678901234567890}.
- When ftp(1) is writing a file, break out when we get a write(2) error, not just an EPIPE.
- Switched netstat(1), systat(1) and tcpbench(1) from CIRCLEQ to TAILQ and purged last renants of CIRCLEQ in the base.
- Reliability fix for ssl(8) SHA384 SSL/TLS ciphers, to avoid application crash on strict alignment architectures.
- 5.3 and 5.4 RELIABILITY FIX: avoid application crash while using ssl(8) SHA384 SSL/TLS ciphers.
A source code patch is available for 5.3 and 5.4.
- Initialise each cpu's mttr properly (for PAT) at boot and after suspend/resume on i386/amd64.
- Made mg(1) "dired-unmark-backward" behave the same as emacs.
- Plugged memory leak in tftp-proxy(8).
- Recognise octeon2 cpus, like those found in the lanner mr326.
- Stopped ssh-agent(1) from crashing (NULL deref) when deleting PKCS#11 keys from an agent that has a mix of normal and PKCS#11 keys (bz#2186).
- Fixed multiple remote forwardings with dynamically assigned listen ports, so ssh(1) client can discriminate between them (bz#2147).
- Avoid potential integer overflow in ssh(1) client_alive_interval timeout (bz#2170).
- Made ssh-add(1) skip requesting smartcard PIN when removing keys from agent (bz#2187).
- Provide a random stackgap on pthread frames.
- Removed artificial limit on the ksh(1) max array index.
- Reverted the other part of bpf.c's r1.84. May finally fix "timeout_add: to_ticks (-1) < 0".
- Changed install password prompts; added autoinstall(8) question for root ssh(1) pubkey; make pubkey prompts appear in log.
- Correctly read strings containing non-printable characters in dhclient(8) lease file; allow embedded NUL characters rather than skipping them.
- Cleanup in ksh(1) code for ctypes, and re-auditing of this area.
- Added tcgetsid(3) function, as it is now in POSIX base.
- Back-port code from binutils 2.16, so weak undefined references work on alpha.
- Run spamd-setup from within /etc/rc.d/spamd; made the rc.d(8) script take $spamd_black into consideration.
- Bugfix by switching generic drm(4) modesetting code to give negative errno return values.
- Made acpi(4) restore sysctl(8) hw.setperf upon resume like we do for apm(4) on i386.
- Implemented cwm(1) support for _NET_WM_STATE_FULLSCREEN hint, with keybinding changes: CM-f "fullscreen", CM-m "maximize".
- Changed subject of install/upgrade log to better match periodic maintenance emails.
- Allow double quotes to be quoted (by doubling them) in mdoc(7), to match roff(7) and man(7).
- Prevented drm(4) causing a kernel panic if an unsupported frame buffer configuration is requested.
- Made ssh-add(1) also add .ssh/id_ed25519, to match the manual page.
- Removed popa3d(8) from base (no plaintext-password-only daemons allowed anymore).
- Fixed ubt(4) compilation after last commit to sys/dev/usb/ubt.c; fixed bthub compilation.
- Overhauled intel(4) i915 pread/pwrite code, to fix cache coherency issues and reduce screen artifacts.
- Avoid timeouts of ULONG_MAX milliseconds. Stops the Xserver(1) from crashing with "select returned EINVAL" messages.
- In dhclient(8), update timestamps in "effective" lease prior to printing the lease.
- Enabled tmpfs so it gets tested some more.
- Instead of using the work area, use the Xinerama area for cwm(1) snap calculations.
- Initial version of autoinstall(8) manpage, for unattended installs/upgrades.
- Save-set when cwm(1) is re-exec'ing so as to not lose State on our hidden clients.
- Added cwmrc(5) support for XUrgency and matching _NET_WM_STATE_DEMANDS_ATTENTION ewmh hint, with configurable urgencyborder.
- Rewritten receive filter handling and ioctl bits in aue(4).
- Have df(1) in the daily(8) output show used/free inode levels.
- Make sure cwm(1) really takes the work area gap into account with snap calculations.
- Track the last event timestamp and pass it on for cwm(1) WM_TAKE_FOCUS ClientMessage. Solves focus order issue.
- Fixed static linking of libpthread.
- Better bus error diagnostics on sgi (only affects IP28).
- Revert change to sha256 in sys/dev/rnd.c, so ramdisk will build again.
- Use u_int32_t to store the magic number sent by sppp(4). Fixes a bug on big-endian LP64 archs.
- Use a correct pexp to unbreak identd(8) stop/reload (old pexp in /var/run/rc.d/identd has to be manually removed).
- Revert to return EPERM for sem_init(3) pshared until it works properly.
- Support XA_WM_HINTS in cwm(1) PropertyNotify events.
- In sys/dev/rnd.c, replace use of md5(1) with sha256(1).
- Prevent gcc(1) from inlining the unsafe functions (and hiding warnings for) sprintf(3), vsprintf(3), stpcpy(3), strcat(3) and strcpy(3).
- Redraw cwm(1) client border when unhiding.
- Dropped the f0, f1, f2 gettytab(5) capabilities ("modern" replacement is the set of i#, o#, c#, l# to poke magic numbers into termios(4)).
- Added infrastructure to create un-biglocked task queues.
- Stopped fuse(4) attempt to free a non-heap object.
- At resume, do not move flushing characters in from the com(4) chip, as there shouldn't be any.
- Remove MD intagp(4) code that is unused now that inteldrm(4) manages the GTT all by itself.
- Re-factor processing of classless static routes option (121) in dhclient(8); added more data validation.
- Fixed crash on urndis(4) detach.
- Stopped iked(8) dropping messages if we are usually the initiator and the peer initiates rekeying first.
- Allow uvm(9) aobj to shrink and grow, for mount_tmpfs(8) support.
- In sgi architecture, fixed boot block installation on IP28.
- Fix cwm(1) client group shortcut in menu lists when clients aren't assigned to a group, to fix a crash.
- Updated to Xserver(1) version 1.14.4.
- Enabled rum(4) for armv7.
- Fixed pcn(4), to allow bringing interface out of all-multicast mode once a range of multicast addresses has been found.
- Corrected the sudo(8) check for whether a user may change the login class.
- Enabled fast path for relocations and enabled cpu relocations on intel(4) i915.
- If the ring was full, make jme(4) put the packet back on the queue so it can be transmitted.
- Fixed jme(4) error handling for DMA.
- Made intel(4) clflush() flush the correct cache line on i386/amd64. Fixes gnome screen corruption and hangs.
- Stopped intel(4) i915 from panicking if an object is truncated while still mapped.
- Fixed smtpctl(8) resume route.
- ssh(1) now supports ed25519 hostkeys and user identities (see http://ed25519.cr.yp.to/software.html).
- New ssh(1) private key format, with bcrypt as the default KDF.
- Fixed memory leak in sftp(1) error path in do_readdir().
- Warn when smtpd(8) fails to parse a field.
- When a relay fails, let the smtpd(8) scheduler update all envelopes in the holdq as if they tempfailed.
- Libcompat (for compatability with 4.3BSD) is purged.
- Corrected spin timeout detection in __mp_lock debug code.
- Fixed ssh(1) AuthorizedKeysCommand inside a Match block (bz#2161).
- When dhclient(8) receives a /32 IP address assignment, mimic ISC DHCP by adding a direct route(8) for the default gateway.
- Fixed the installer's parsing of nwids containing blanks.
- Protect calls to bio_getitall with the sc_lock, so mfi(4) doesn't panic.
- Don't leak local_fd on sftp(1) error (bz#2171).
- Allow sgi IP27 to be able to boot off cdrom via the "Install System Software" menu.
- Fixed iwi(4) to cope with fatal firmware errors: reset chip, reload firmware and bring the interface back up.
- Fixed an out-of-bounds-memcpy in iked(8) pfkey_process().
- smtpd(8) scheduler_ramqueue is now in O(log n).
- Stopped fuse(4) appending a NUL character to buf in readlink(2); more checks for malloc(3) return values.
- Allow fuse(4) to free the representation of the vnode(9) in userspace.
- Unmount the fuse(4) filesystem if communication ends with the fuse device.
- Added missing fuse(4) checks that the communication channel with libfuse is still open before sending fusebufs.
- Stopped smtpd(8) sending all delivery notifications to the queue in one go.
- Warn when smtpd(8) fails to enqueue an internal bounce.
- Fixed dc(4) so it can bring the interface out of all multicast mode once a range of multicast addresses; fixed multicast range checking.
- When cwm(1) receives a NotionNotify event, don't redraw the top menu selection.
- Always highlight the first menu item in the cwm(1) menu.
- Prepend the group shortcut in the cwm(1) client search menu; prepend shortcut in unhide menu.
- Stopped ntfs subsystem trying to put an off_t into an int, which resulted in a 2GB limit.
- Avoid truncating ntfs 64-bit attribute values to 32-bits. Otherwise an attribute's data length value wraps at 4GB.
- If not hidden during an UnmapNotify event, cwm(1) will now un-manage the client.
- Corrected ssh(1) bzero of chacha20+poly1305 key context (bz#2177).
- Made ssh(1) key_to_blob() return a NULL blob on failure (part of bz#2175).
- Fixed use-after-free in ssh(1) ssh-pkcs11-helper.c (bz#2175).
- Switched mvme68k to the MI zs(4/mvme68k) driver.
- More robust parsing of the DHCP lease file for autoinstall.
- Updated to pixman 0.32.4.
- Fixed intel(4) write-read race with multiple rings.
- Brightness quirk for Acer Aspire 4736Z added to intel(4)
- Prevent "bogus xmit rate %d setup" panics in wireless IBSS mode.
- Made ifconfig(8) scan show the nwid, channel, and bssid for IBSS networks (not just access points).
- Allow the autoinstaller to pass a public ssh(1) key for inclusion in the user's .ssh/authorized_keys.
- Fixed nsd(8) bug#534: IXFR query loop over UDP for zones that are unchanged, to stop query flood from the slave.
- Use arc4random(3) instead of srand(3) and rand(3) in kerberos(8).
- Restore radeon(4) frame buffer upon last close; makes sure we we have a usable console after exiting X(7).
- Do not send the smtpd(8) holdq release message if no envelope was held for a relay.
- Do not hard-code smtpd(8) scheduler batch size; reduced default limit to avoid hammering effects.
- Reverted sys/net/bpf.c back to r1.85, as panics are still being reported.
- For pthread_main_np(3), use a new flag, THREAD_ORIGINAL, to indicate the original thread for this process. Fixes some ConsoleKit failures.
- Made the installer's ask_which bail out on a missing response in the autoinstall case rather than looping endlessly.
- Re-enabled radeon(4) RADEON_INFO_VA_START and RADEON_INFO_IB_VM_MAX_SIZE.
- Mark replaced iked(8) flows as "not loaded".
- Don't let iked(8) leak duplicate flows.
- iked(8) now drops duplicate requests, to avoid corrupt child-SA tables.
- Made iked(8) discard & free duplicate IKESAs; made sure new SAs are not created that cannot be inserted in the SA tree.
- Include hexdump in iked(8) debug output only for -vvv.
- Support raw pubkey authentication w/o x509 certificates in iked(8).
- When wpi(4) has a fatal firmware error, reset the chip, reload the firmware and bring the interface up again.
- Limit the number of envelopes to recall in the smtpd(8) hoststat cache.
- Removed some double frees in fuse(4).
- Fixed smtpd(8) loading of passphrase-protected keys.
- Allow subdomain matching in smtpd(8) mailaddr table(5).
- Changed the way multicast(4) addresses are linked to an interface.
- Now the auto installer supports both install and upgrade, use "non-interactive mode" instead of installation.
- Fixed a more(1) read loop, subtly broken on big-endian machines for some time.
- Like "gap", made cwm(1) "snapdist" per-screen.
- Let cwm(1) deal with clients that don't have WM_NORMAL_HINTS.
- Removed cwmrc(5) option to bind a key by keycode with brackets, which never worked. Users should be using keysym names not keycodes.
- Made timeout_add(9) return whether the timeout(9) was scheduled in this call (by returning 1), or a previous call (by returning 0).
- Grow nfsd(8) request cache for the server side from 64 to 2048 entries. Avoids "file already exists" errors.
- Fixed a possible double-free/NULL dereference in vi(1) msg_print.
- Updated nsd(8) to version 4.0.0; use nsd-control to signal; generate keys for nsd-control if they don't exist.
- Copy some entries from Apache's httpd(8) mime.types file to the one used by nginx(8).
- Only set the IFF_ALLMULTI flag if there is at least one real multicast(4) address.
- Added some logic to the autoinstaller, to select an interface for the initial dhcp request.
- Allow autoinstall/upgrade even when not netbooted.
- Reworked install.sub _autorespond(): better line parsing; treat empty/missing/multiple answers as an error and exit; ensure $RESPONSEFILE exists.
- Vax can now compress/decompress .xz files.
- Many utilities adjusted to use u_char for buffers in "yylex for ctype" calls.
- Stopped netstat(1) -Ar leaking kernel pointers to unprivileged users.
- Disable %n in printf(9), to avoid making any format-string vulnerabilities exploitable.
- Reworked pmap(9) on vax to allow the kernel to use much less memory for page tables.
- Increase NMBCLUSTERS in vax (using kernel memory saved by recent pmap(9) changes).
- In uvm(9), replaced the swapdev CIRCLEQ with a TAILQ; replaced list traversals with LIST_FOREACH.
- I2C driver for am335x added to armv7 (not enabled yet).
- Prevent some race conditions in make(1) by just chdir()'ing into the right objdir.
- Merged mesa 9.2.3.
- In install.sub, use a flag file to recognise a successful autoinstaller run; provide the autoinstaller logfile as mail to root.
- With tmux(1) -k, only kill the window after using it to work out -c path.
- Made tmux(1) handle empty current directory more gracefully.
- kdump(1) now understands USB, VIDIOC and generic DRM ioctl(2).
- Taught fsck_ext2fs(8) about MAXPARTITIONS, to let it operate on partitions "i" through "p".
- Guard against a compiler optimising away a comparison against NULL-1 in fsck_ext2fs(8) and fsck_ffs(8).
- Made isakmpd(8) keep the flow until last ipsec(4) SA is deleted, if the flow is shared by multiple SAs via NAT-T.
- Fixed memory leaks in fuse(4).
- Initial support in em(4) for integrated Lynx Point ethernet with external i217 and i218 PHYs.
- Bring back check of driver freeing uninitialised structures to urndis(4).
- Security update to nginx(8) version 1.4.4, which fixes CVE-2013-4547 (see http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html).
- 5.3 and 5.4 SECURITY FIX FOR nginx(8) CVE-2013-4547. A source code patch is available for 5.3 and 5.4.
- Updated to libdrm 2.4.47 for drm(4).
- Changed /dev/drm* permissions to 0600.
- Correctly set verify flag on the smtpd(8) listener.
- Fail if smtpd(8)'s lka can't load the certificate file.
- Added newer ssh(1) protocol 2 transport cipher "chacha20-poly1305@openssh.com",
- Removed disksort from the kernel, now that all the direct users have been removed.
- rthread shared semaphore fixes: sem_init(3) shared semaphores now work; in sem_open(3), initialise the spinlock if we created the semaphore.
- Added gpio(4/armv7) support for omap3/4 and am335x; added omgpio(4) manpage.
- Reworked smtpd(8) mda and scheduler to limit the number of pending deliveries to the same user.
- Delay closure of sshd(8) in/out fds until after "Bad protocol version identification..." message, as get_remote_ipaddr/get_remote_port require them open.
- Added the autoinstall configuration to the list of files stirring the random(4) pool at install.
- Moved the GTT management into the intel(4) drm driver.
- Backed out intel(4) DRM_IOCTL_I915_GEM_WAIT commit (which left X(7) unusable on resume on some machines).
- In install.sub, try to fetch a host-specific responsefile, fallback to a generic one otherwise.
- Allow "*" in the user part of mail addresses in smtpd.conf(5).
- Impose a limit on the number of inflight envelopes on smtpd(8).
- Enabled MSI on the remaining re(4) chipsets.
- While autoinstalling, decide whether to install or upgrade from DHCP attribute "filename".
- Give /dev/drm0 to the user logged on the console and/or xdm(1), to allow running of OpenGL applications.
- Bugfix for pf(4) so a "prio" value of a match rule is not overridden by a later pass rule.
- Fixed xf86-video-nv shadow framebuffer implementation for nv(4).
- When smtpd(8) is looking up an MX, parse the address if the domain is a "[ipaddr]" string.
- Converted trunk(4) to use a detachhook.
- Added ugl(4), a driver for Genesys Logic GL620USB-A USB host-to-host link cable. Derived from upl(4).
- Unhooked radeonold from the build.
- Merged in libdrm 2.4.47 for radeon(4).
- Removed unused /dev/X0 entries.
- On luna88k, map the bitmap planes of the frame buffer used by the driver. 10% speedup under X(7).
- On luna88k, allow ddb(4) to be entered from the keyboard, when there is a glass console and ddb.console=1, with ctrl-alt/zenmen-esc.
- Enabled 802.11a support in wpi(4) such as Intel PRO/Wireless 3945ABG rev 0x02.
- Reverted r1.858 of sys/net/pf.c, as it caused panics.
- Added ugl(4), a driver for Genesys Logic GL620USB-A USB host-to-host link cable. Driver is derived from upl(4).
- Bring back stack scanning/dropping of IPv6 type 0 routing headers, but only engage this code when pf(4) is disabled.
- Don't fail when an em(4) has no MAC address, and move on to the logic that addresses this.
- Fixed setups with ipsec(4) and ifbound, so all local IPSec packets (tunnel->tunnel) match state in pf(4).
- Kill the activate routine in ucom(4) and adapt the parent process to no longer call it.
- HID cleanups in uhid(4), uhidev(4), ukbd(4), ums(4) and utpms(4), including cleanup match/attach multi-casting.
- Made athn(4) tick calculation work as intended. Should fix excessive timeouts and "Michael mic" errors.
- Cope with the EAGAIN API change for msgbuf_write(3) in various daemons.
- Improvements for sppp(4) address assignment and related issues in IPv6CP; deal with IFID collisions instead of ignoring them; use arc4random(3) during IFID generation; assign destination address to /128 point-to-point links.
- Fixed isakmpd(8) parameter types for x509 routines.
- Be more specific in ksh(1) ulimit error messages.
- Fixed ^C handling in miniroot.
- Setup pfkey timer before use in iked(8). Ignore messages meant for other daemons, like isakmpd(8) does.
- Fixed automatic retry in msgbuf_write(3) on EAGAIN (which resulted in spinning).
- Ignore empty lines and empty answers in install.conf.
- Fixed usbd_dopoll() to take the device as argument (polling is done per controller not per interface).
- bgpd.conf(5) knob added, to set priority of routes bgpd(8) inserts into the kernel routing table.
- Disabled smtpd(8) forward(5) lookup if sticky bit is set on homedir.
- Fixed case-folding issue with smtpd(8) pki names (they are case-insensitive). Check that a pki entry exists when used in a listen or relay rule.
- Don't set the TENTATIVE flag on an IPv6 address that is marked as NODAD (otherwise address is rendered unusable).
- Ensure that install.conf is non-empty and is re-fetched on every restart of the autoinstaller.
- Improved on cwm(1) fix in r1.35 of event.c. If UnmapNotify event is synthetic, set the state to Withdrawn or Iconic ("hidden").
- Implemented sd(4) card detection in armv7. Fixes "sdmmc0: can't enable card" on beaglebone black when there is no card.
- Fixed bootloader random hangs while counting down on LUNA-88K2; applied same logic to luna88k/dev/timekeeper.c.
- 5.3 and 5.4 RELIABILITY FIX: fixed vnode(9) locking so an unprivileged cannot hang the system.
A source code patch is available for 5.3 and 5.4.
- bpf(4) bpf.c r1.84 returns, this time without panic(9).
- Disabled kerberos(8) support in cvs(1) (only used by the strongly-discouraged pserver).
- Set "to" address to INADDR_BROADCAST (not "from" address) when dhclient(8) is trying to send broadcast request to server.
- Updated to xf86-input-keyboard 1.8.0.
- Reverted recent bpf(4) changes to stop "panic: timeout_add: to_ticks (-1)".
- Follow RFC 2131: when dhclient(8) is renewing a lease begin by using unicast, fall back to broadcast.
- Put back the border draw call in cwm(1) client_resize (needed for redrawing maximised clients).
- Cleaned up the activate routines from the uoaklux(4), uoakrh(4) and uoakv(4) drivers.
- Re-enabled hardware acceleration on intel(4) Haswells.
- Fixed calculations using ticks in bpf(4), athn(4), and radeon(4) to cope with the tick value wrapping.
- Bugfixes to drm(4) i915 code to avoid possible Haswell system hangs and GPU locks.
- In drm(4) i915, fixed context sizes on HSW (Haswell graphics).
- When the mandoc(1) parser is closing an explicit block that is not open, also close below-subsection implicit scopes.
- In the mandoc(1) formatter, make sure indentation is reset when leaving a scope, not only when entering the next one.
- Fixed mandoc(1) blank lines rendering right after .SH and .SS.
- Added mandoc_char(7) support for Unicode characters alternative syntax \C'uXXXX'.
- Many font packages updated.
- Added fcu(4/macppc) to RAMDISK ,to avoid playing a fan symphony when installing/upgrading some PowerMac G5s.
- Stopped growfs(8) assuming the disk sector size is 512-bytes and using p_size as the full partition size.
- Corrected the netstat(1) printout of socket buffer counts.
- Abort autoinstaller if no sets are found in install_files(), or in case of an invalid answer to a yes/no question.
- In azalia(4), enabled snooping on Intel 8 Series HD Audio, and now recognise Realtek ALC221.
- Merged in mesa version 9.2.2.
- Support tmux(1) case insensitive searching in the same manner as emacs (any uppercase means case sensitive).
- Make quota(1) work with DUIDs.
- 5.3 and 5.4 RELIABILITY FIX: avoid crash occurring on pflow(4) interface destruction.
A source code patch is available for 5.3 and 5.4.
- Correctly redraw the top two lines in tmux(1) copy mode when they are selected.
- Made sure vlan(4) detach hooks are executed in reverse order they were added.
- 5.3 and 5.4 SECURITY FIX: fixed memory corruption vulnerability in the post-authentication sshd(8) process with aes128-gcm@openssh.com or aes256-gcm@openssh.com keys.
A source code patch is available for 5.3 and 5.4.
- Fixed regression in r1.101 of sys/dev/usb/uhci.c to avoid dereferencing an uninitialised variable when a uhci(4) transfer times out.
- Made ssh(1) output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden.
- Do not leak the detach hook when the parent interface of a vlan(4) is destroyed/removed.
- Stopped autoconf(9) processing transfers when a uhci(4) controller is deactivated.
- Backport remainder of the use_loginclass fix from sudo(8) version 1.7.9.
- Search the userland buffer of dirent structures before falling back to getdents(2), for considerable speedup.
- Fixed ssh(1) rekeying for AES-GCM modes.
- Added support for the RTS5229 card reader to rtsx(4).
- Added support for "Power Resources" for Dx states to acpi(4), so usb(4) is detected after resume on thinkpads.
- Fixed assertion that could lead to orphaned messages left in the smtpd(8) queue after all envelopes are gone.
- Format changes and expanded options in smtpd.conf(5).
- Stopped mpii(4) running out of command slots when large numbers of devices are detached.
- Fixed ifconfig(8) with IPv6 tunnel addresses (broken by recent vxlan(4) commit).
- Removed iop(4).
- Use DL_SETPSIZE() on i386 to set partition size. Fixes tree breakage.
- Make sure seekdir(3) works even when dirp->dd_buf still contains some pending entries.
- Fixed softraid(4) levels 0, 4, 5, and 6 to use all available space with partitions larger than 2TB.
- Temporary cwm(1) keyboard focus fix for clients that neither populate wmhints nor wmprotocols (e.g. rdesktop).
- Enabled locking of fields using the acpi(4) global lock when required.
- Let fuse_opt_insert_arg() take an empty string as argument, to unbreak ntfs-3g.
- Reserve the last page of the uvm(9) primary swap space, in case we need to place a hibernate signature there.
- Hooked up nginx.conf(5) to the build.
- The radeon(4) code that sets the DPMS mode may sleep, so do not run from a timeout, hand it off to a taskq.
- Fixed ssh(1) rekeying for KEX_C25519_SHA256.
- Enabled TX checksum offload in jme(4).
- Removed unnecessary spinlock that slowed down pthread_getspecific(3).
- Use curve25519 for default sshd(8) key exchange (curve25519-sha256@libssh.org).
- Let ssh(1) support pkcs#11 tokens that only provide x509 certificates instead of raw pubkeys (fixes bz#1908).
- Replaced rc4 with ChaCha20 in crypto(9).
- Made sure login_yubikey(8) does not log passwords, even if they are wrong.
- Bring back spnego support into kerberos(8) gssapi as it used to be before the update to 1.5.2.
- Push the pf(4) queues every 1/HZ using timeout(9); use a timeout for each HFSC-enabled interface.
- Removed ray(4) from i386/amd64.
- Hooked up sunxi bits for miniroot and ramdisk (tested on pcduino).
- Use m_copydata() instead of mtod(), so routing messages compatibility code will work on strict alignment architectures.
- Added missing bitfields to fuse(4) that are needed by gnome virtual filesystem.
- Fixed mkuboot(8) endianess for big endian architecture.
- Made sure we send pflow(4) packets via the correct rdomain.
- Re-added cwm(1) support for WM_TAKE_FOCUS. Solves keyboard input focus loss for java apps.
- Enabled fuse(4).
- Update UK dialling codes from ofcom information, and added 970 (Palestine), to share/misc/inter.phone.
- Better defaults for the wsdisplay(4) screen burner settings: all unblank actions enabled (burning still disabled by default).
- Removed a.out(5) support from compat_linux(8).
- Installed fuse(4) headers in "make includes", to unbreak ports(7) builds.
- Converted the route expire timestamp in kernel and routing message to 64 bit.
- Switched the crypto(9) work queue to the task_add(9) api.
- Re-enable compat_linux(8) on i386, now it is working with post-32bit-time.
- Added a header for various hardware implementation dependent register (HID) definitions to macppc.
- Make sure bioctl(8) -v output is properly aligned with the normal output.
- Added smtpctl(8) "show relays" and "show hosts" commands.
- Enabled native builds of the luna88k boot block and install it into /usr/mdec; copy boot blocks into /boot on the root disk in md_installboot().
- Fixed some jagged diagonal lines when using ws(4).
- Treat another OMRON UPS, BY35S, as ugen(4). Allows sysutils/nut to work on this device.
- Allow kernels to compile without INET6.
- Unbreak glxsb(4/i386) by properly allocating its key schedule.
- Fixed potential file descriptor overlap by making sure that file descriptors zero to two are always open when starting slowcgi(8).
- Added missing "heloname" field for smtpd(8) relayhost; differentiate relays with different helotable/heloname.
- Emit an extra "config" convenience target that allows one to rerun config(8) without changing directories.
- Use "/etc/mail/mailname" instead of "/etc/mailname" in smtpd(8).
- Report smtpd(8) mta sessions errors on the route (not the MX). If a route has too many such errors, disable it for a while.
- sshd_config(5) PermitTTY options to disallow TTY allocation, mirroring the no-pty authorized_keys option (bz#2070).
- Moved most of the uses of workqs in drm(4) to the new taskq api. Fixes hangs on radeon(4).
- Let vmwpvs(4) get hotplug events from the hypervisor, so you can add and remove disks at runtime.
- Introduced tasks and taskqs (e.g. task_add(9)). Ongoing replacement of workq_add_task(9) and posse.
- Unlock the vnode(9) while calling a device's d_close routine, to ensure the device close routine doesn't block indefinitely.
- First steps of a native luna88k bootloader, able to boot elf(5) kernels with symbols from disk or network.
- On armv7, enabled blocksize > 512.
- Allow smtpd(8) to accept credentials formated as " ", and empty alias files.
- Report the ssl certificate verification status in the smtpd(8) mail header; log ssl certificate validation errors; fixed several ssl-related leaks.
- Use the correct value for the Interframe Gap Time 0 bit in the usb(4) transmit configuration register.
- Revamped armv7 ramdisk and miniroot creation process; installer can recognise the SoC and makes decision based on it.
- Added -A (-ax) support to ps(1)
- Removed fddi(4) support and the three flavours of the driver, fpa(4), fea(4) and fta(4).
- Make prcm(4/armv7) aware of the GPIO modules on armv7 machines.
- Made smtpd(8) handle the case where the filter string is quoted.
- Fixed a potential race when several smtpd(8) relays share a single domain (resulted in temporary delays/failures).
- Make sure that the kernel symbols area isn't marked as free space on armv7.
- bzero(3) some smtpd(8) structures before using them, to be safe.
- Improved elf(5) handling, so mkuboot(8) will create valid images running on 64-bit systems.
- Support added for unattended OpenBSD installations, using DHCP and a response file.
- Added support for AUTH LOGIN in smtpd(8) mta.
- Fixed smtpd(8) parsing of inet6(4) addresses when prefixed with "IPv6:"
- Allow smtpd(8) mta to "hold" envelopes in the scheduler when it has too many tasks for a given relay.
- Fixed the timer on sunxi A20 boards.
- Abort early if another smtpd(8) instance is running.
- Fixed makefile, to make sure we build the manual pages of all architectures on macppc.
- Enabled gpioctl(8) for armv7, and added associated devices on armv7/sunxi.
- Fixed traceroute6(8), nc(1) and telnet(1) when the -V flag is not given.
- For sunxi boards where u-boot doesn't set MAC address (e.g. pcduino), generate address based on the Security ID (SID).
- Updated xkeyboard-config(7) to version 2.10.1.
- Fixed ssh(1) crash caused by previous commit which occurs when using ProxyCommand.
- Fixed/re-enable re(4) RX checksum offload for 8168C/8168CP. Flag was accidently removed with rev 1.140 of sys/dev/ic/re.c.
- Let smtpd(8) local enqueuer cope with the output of a long running program; use sendmail(8)-like exit status.
- Allocate smtpd(8) key storage dynamically, instead of using a fixed size buffer.
- Made sure cwm(1) client_delete does not try to destroy clients that are already gone (and generate spurious errors).
- Don't let smtpd(8) ignore "remove" requests for an envelope which is inflight.
- Improve reporting in smtpctl(8): when sending a request to the scheduler, wait for the success/failure report; report the total number of affected envelopes for schedule, pause, resume and remove envelope operations.
- Stopped falsely assuming that the icmp(4) checksum field is always in the first mbuf(9) of an mbuf chain.
- X11 clients added to the aviion architecture.
- Fixed off-by-one when mpii(4) is calculating the length of an sgl segment.
- Fixed regression that made the pandaboard panic when it tried to enable PRCM_MMC0 on the omap4.
- Added support for xbox 360 controller as a uhid(4).
- Added support for the hardware random number generator on octeons, octrng(4).
- Understand node contexts when smtpd(8) is building the expansion tree (e.g. same delivery for different users, or as a different destination address).
- Fixed USERINFO and CREDENTIALS lookups in the (experimental) smtpd(8) sqlite backend.
- Plugged smtpd(8) memory leaks on update.
- nm(1) output on archives on mips now displays correctly.
- Fixed sendmail(1) to cope with filesystems with large f_bavail values.
- Do not rely on u-boot to enable mmc clocks on armv7.
- Do not fatal() smtpd(8) immediately on write error. Fixes bug where the server would stop if smtpctl(8) exited early.
- Don't try to resolve hostnames when a ssh(1) ProxyCommand is set unless the user has forced canonicalisation.
- Disallow empty Match statements in sshd_config(5), and add "Match all", which matches everything.
- Periodically print progress and, if possible, expected time to completion when screening moduli(5) for DH groups.
- Include local address and port in sshd(8) "Connection from ..." message (only shown at loglevel>=verbose).
- Enabled TX checksum offload in bnx(4) and bg(4).
- Allow traceroute6(8) to operate across a nat64 gateway.
- Made slowcgi(8) loop around waitpid to catch all exited children, as there is no guarantee of one signal per child.
- Added support for displaying the cache write policy of RAID volumes to bioctl(8); make mfi(4) pass up the necessary information.
- Added key to tmux(1), to swap to other end of selection (bound to o with vi keys)
- Overwrite icmp(4) type-specific nextptr field only when pf(4) changed it, to fix icmp(4) to icmp6(4) translation regression.
- In pthread_kill(3)/pthread_cancel(3), make sure the thread ID won't be reused until the kill(2) is complete.
- Allow uppercase "K/M/G" specification in "machine memory" boot(8) command on i386/amd64.
- Relative-specified ssh-keygen(1) certificate expiry time should be relative to current time and not the validity start time.
- Hostname may have %h sequences, these should be expanded prior to ssh(1) Match evaluation.
- Made roff(7) parse and ignore .hw (hyphenation points in words).
- Save "next-server" (a.k.a. siaddr) info into the dhclient.leases(5) file.
- Added SMC_CAPS_SINGLE_ONLY capability to sdmmc(4), to force the sdmmc stack to only issue single blocks transfers.
- Resolved an issue where icmp(4) traffic with pf(4) nat-to failed due to incorrect checksums.
- Added support for allwinner-based devices (A1x/A20) such as the cubieboard to armv7.
- Removed arc4random_stir() and arc4random_addrandom(), which should not be called directly.
- Unbreak mg(1) make-directory by stripping trailing "/".
- Stopped slowcgi(8) leak fds in the fork(2) error path.
- Added support for sdhc(4) to detect GPIO pins on the i.MX6 wandboard.
- Added a pmtu delay sysctl(8) BUTTON for netinet6.
- Enabled vxlan(4).
- Made dhcpd(8) use provided netmask in "subnet" statements, allowing later comparisons with interface addresses to work properly.
- Added load_font and list_font accessops to all rasops(9) wsdisplay(4) drivers, e.g. tga(4) and gpx(4/vax).
- Fixed pf(4) icmpid bug (only affected icmp(4) echos via nat, when the nat doesn't change the address).
- Allow a user to switch telnet(1) to rdomain zero.
- Made nc(1) set the requested rdomain on the socket instead of only on the IPv4 part; allow switching to rdomain zero.
- Added rdomain support to IPv6 configuration tools ndp(8), rtsold(8), ping6(8) and traceroute6(8).
- With disklabel(8) -A, take 10% for swap, setting a maximum based on physmem.
- Introduced the "display.font" parameter, which requests the wsdisplay(4) driver to change the display font.
- Enabled support for vmware paravirtual SCSI via vmwpvs(4) on i386/amd64.
- Built-in kernel fonts will now appear in the list of font usable by wsdisplay(4), vga(4), rasops(9) and wsfontload(8).
- Eliminate global limit on the number of fonts able to be loaded by wsdisplay(4).
- In hibernate for i386/amd64, temporarily reverted "Realmode park" mode.
- Do not run any command from the client which starts the tmux(1) server until after the configuration file completes loading.
- Let wsfontload(8) report i/o errors on stdin as occurring on "stdin" not "(null)".
- Added i386/amd64 boot(9) support for keydisk-based softraid crypto volumes.
- If a font is not a file, wsfontload(8) now computes the numbers of characters it contains from its size, instead of assuming 256; default to 12x22 glyph instead of 8x16 if the display is a raster frame buffer.
- Updated to xf86-video-dummy 0.3.7 and xf86-video-vesa 2.3.3.
- WSDISPLAYIO_GTYPE ioctl support added to radeon(4) and intel(4) KMS drivers.
- Fixed resume time stream corruption seen on x230 with large (16GB) unhibernation.
- Allow hibernate to work on Ivy Bridge and later CPUs.
- Don't turn on ModifyOtherKeys by default, as when tmux(1) is killed and it's left stuck on.
- slowcgi(8) now properly reserves file descriptors for incoming connections.
- Fixed some spurious failure-to-hibernate errors.
- Removed the noct(4) driver.
- In the ssh_config(5) "Match" section, renamed the "command" sub-clause to "exec".
- Parse the argument the -r option with atoll(3) to support dates past 2038
- Reverted r1.138 of pp/cwm/client.c (WM_TAKE_FOCUS) for now.
- ip6_input() adjusted to remove double scanning for routing header type 0 in the IPv6 stack, as pf(4) handles this anyway.
- No longer make cwm(1) redraw unnecessarily on every unhide, resize, and mouse move/resize "Expose" event.
- Improved address and linkstate hooks, added additional detach hook to track changes on the parent multicast interface in vxlan(4).
- Support the hibernate key (Fn-F12) on thinkpads.
- Enabled TX checksum offload on em(4).
- In crontab(5), added a random sleep of up to half an hour to distribute the server load from spamd-setup(8).
- Merged bgpd.conf(5) prefix and prefixlen filter components into one filter, so rules are grouped by prefixes last.
- slowcgi(8) now keeps better track of fds, to only close those still open. Avoids closing random fds from other connections.
- Fix receipt of OID varbinds when snmpd(8) is sending traps.
- When we attach a network interface, do not reuse the last index. Avoids some race conditions.
- Simplified pipex(4) checksum handling.
- Stop pre-computing the pseudo header checksum and incrementally updating it in the tcp(4) and udp(4) stacks.
- Fixed some 512-byte block vs disk sector confusion on hppa and sgi.
- For cwm(1) clients that support WM_TAKE_FOCUS in their WM_PROTOCOLS property, send a ClientMessage event.
- Don't silence stderr from pkg_add(1) when running fw_update(1) in verbose mode.
- UTF-8 support for wsdisplay(4) emulation modes, so vt100 and sun emulation recognise xterm-compatible escape sequences ESC % G and ESC % @.
- When rasops(9) can't find a proper glyph for a requested character, use a question mark instead of a space.
- Bugfix update to nginx(8) version 1.4.3.
- Disable global page mappings before we start to unpack on i386/amd64 using acpi(4), for more robust hibernate.
- Use openlog(3) in slowcgi(8) to log to syslog(3).
- Made slowcgi(8) set FD_CLOEXEC; fixed some pointer calculations.
- Adjusted the disklabel(8) editor to allow more space for swap on large disks (e.g. useful for hibernation).
- Allow hibernate to run the radeon(4) suspend code before mountroot.
- Prepared the route(8) command for printing 64 bit route expire time; fixed conversion between relative and absolute expire time.
- Include remote port in ssh(1) bad banner message (bz#2162).
- pf.conf(5) cannot have queue definitions inside anchors, don't let pfctl(8) attempt to load them, error out if we run into one.
- Updated snmpd(8) to use the proc.c privsep style from iked(8) and relayd(8).
- Remove support for a.out(5) and ecoff on all platforms (we only do elf(5) now).
- "fsync@" protocol extension for sftp-server(8). Client support for calling fsync(2) for faster transfers (bz#1798).
- snmpd(8) -r option removed.
- Support added for oaic in the aviion boot blocks.
- Moved creation of "restricted" communication sockets into snmpd.conf(5); added ability to specify an alternate "control" socket location; allow for the creation of multiple "restricted" sockets.
- Prefer acpi(4) over apm(4/i386) on i386.
- Implemented ssh(1) client-side hostname canonicalisation. Avoids need for host certificates to list unqualified alongside fully-qualified names.
- Stopped ldpd(8) binding a label for the default route.
- avoid ldpd(8) segfaults by passing the ldpd_conf structure as an argument.
- The disklabel(8) variables aflag and dflag are boolean, so use logical instead of binary operators for comparison.
- Improved ldpd(8) parsing of LDP messages; proper notification messages on error conditions.
- ldpd(8) now ignores messages that have Unknown flag set.
- Added support for ERL ethernet on octeon (which can now be booted over NFS).
- Driver added for the oaic(4/aviion) AIC-6250 SCSI controller found on aviion models 100, 200, 300, 400 and 4300.
- Fixed tmux(1) detach -a, by skipping clients where the session is NULL.
- Added a "Match" keyword to ssh_config(5) that allows matching on hostname, user or result of arbitrary commands.
- Made logging of ssh(1) session starts a more useful format.
- Check for invalid values in the routing message, to stop root crashing kernel from userland.
- Fixed hangs seen when unplugging a USB keyboard which was attached to an uhci(4).
- Added 7.5kbit Diffie-Hellman groups to moduli(5).
- Count number of lines in moduli input file and pass to the testing ssh-keygen(1) process, to provide completion time estimate.
- Made roff(7) parse/ignore the .fam (font family) request. Fixes irunner(1) and uim-xim(1) ports.
- Use crunchgen(8) DIST_LIB/DIST_OBJS hooks to make it possible to link crunched binaries against libraries compiled with smaller objects.
- Fixed regression introduced when macppc pci(4) started parsing device tree to enumerate devices, so ht(4/macppc) controllers work.
- Added libefi to mandoc(1), and simplified some names.
- Set the default vxlan(4) MTU to full 1500 bytes.
- Imported vxlan(4), the virtual extensible local area network tunnel interface.
- Standalone hfsc implementation added to pf(4), for the new bandwidth shaping subsystem (altq stays during migration phase).
- Let systat(1) adapt to recent queueing changes.
- Add initial RTL8106E and RTL8168G/8111G support to re(4).
- Fixed hang-on-close problem seen with ssh(1) and xterm(1) when a closed pty(4) is poll(2)'ed.
- Changed pf(4) to prevent non-data packets from being dropped.
- Stopped tmux(1) leaking file descriptors in the rare MSG_VERSION case.
- Updated to freetype 2.5.0.1.
- Added support for am335x edma3 controller to armv7.
- When tmux(1) is respawning, pass -1 for cwd now (not NULL).
- Show session name in tmux(1) detached message.
- Alter how tmux(1) handles the working directory: -c flag to new, neww, splitw allows the working directory to be overridden; -c flag to attach let's the session working directory be changed; default-path option has been removed.
- Make tilde expansion in tmux(1) command strings work even if it isn't terminated by /.
- Instead of fixed size buffers for some tmux(1) messages, send only the string length; similarly for MSG_COMMAND - allow full imsg limit (not arbitrary 2048).
- When mouse button is pressed within a tmux(1) pane, no longer resize the pane if edge of the border is later hit.
- Support tmux(1) -c for new-session.
- Upon mouse click, stopped tmux(1) selecting panes which aren't visible.
- Restored missing tmux(1) key binding for %.
- Ensure the tmux(1) check on the permissions of TMUX_TMPDIR is performed on directories only (not files).
- Clear tmux(1) WINLINK_ALERTFLAGS properly, otherwise sessions may still see flags for winlinks which have been cleared.
- When tmux(1) choose-tree expands/collapses items, ensure the item is visible at the bottom of the screen.
- Made tmux(1) assign mouse x/y coords before checking them. Fixes off-by-one when the statusbar is at the top of the screen.
- Allow tmux(1) to accept multiple parameters to SM/RM/DECSET/DECRST.
- Only include actual trailing spaces (not unused cells) with tmux(1) capturep -J.
- Allow tmux(1) nested format expansion.
- Allow the file descriptor received from the tmux(1) client to be -1.
- Extended tmux(1) to handle input mouse positions greater than 33.
- Make tmux(1) recalculate_sizes() handle an empty window with no active pane. This can happen when a window is in two sessions.
- Stopped tmux(1) leaking formats if they are added multiple times, and leaking grouped sessions on destroy.
- Fixed potential tmux(1) crash when a command in a command client can't be parsed.
- Stopped tmux(1) adding client formats when they are NULL.
- Fixed sshd(8) re-exec fallback, by ensuring that startup_pipe is correctly updated (bz#2139).
- Added ability to whitelist and/or blacklist sftp protocol requests by name to sftp-server(8).
- Changed "physical address" to "tunnel:" in ifconfig(8)'s tunnel address output.
- Merged binutils 2.15 einfo() buffering change to binutils-2.17.
- Enabled oosiop(4) synch negotiation.
- Various fixes to make kiic(4/macppc) work on some G5s.
- Fixed Powerbooks regression, where one of the two kiic(4/macppc) would timeout when trying to configure the audio chip.
- Made syslogd(8) trim leading white space from the message before trying to extract the program name.
- Include the "state of health" field in the mfi(4) "bbu ok" (battery capacity) sensor value.
- Stopped pf(4) leaking ruleitems from match rules when hitting a per-rule max state limit.
- Allow bgpctl(8) to bulk add/delete routes with the same attributes. Really useful for distributing IP lists.
- Fixed dixfonts from upstream for CVE-2013-4396 (use after free in Xserver handling of ImageText requests).
- When available, use monitor/mwait to idle on i386/amd64.
- Early stages of a working disk bootloader for OpenBSD/aviion. Currently limited to oosiop(4) controllers
- Increased the size of the Diffie-Hellman groups requested for a each ssh(1) symmetric key. New values taken from NIST 800-57, upper limit from RFC4419.
- Added vmwpvs(4), a driver for VMware Paravirtual SCSI in vmware guests.
- Use CLOCK_UPTIME, so that vmstat(8) uptime averages/rates are over the actual time-running-not-suspended.
- Fixed a segfault in ndp(8) -A to properly free the buffer when not in repeat mode.
- Show number of sectors, not the number of 512-byte blocks, when newfs(8) is saying "n sectors of m bytes".
- Allow snmpctl(8) to specify the "oid" option multiple times (e.g. "snmpctl walk 127.0.0.1 oid system oid ifName").
- Added axen(4) device driver, for ASIX AX88178a and AX88179 Ethernet interfaces.
- getdirentries(2) is dead; long live getdents(2).
- Fixed mandoc(1) to allow breaking the line at hyphens in macro arguments (e.g. .Nd and most of the .%? citation macros).
- Stopped mandoc(1) throwing a fatal error and dying if there is anything inside a .Bl block body before the first .It.
- Added quirk to azalia(4) for ALC260 (found on Acer Extensa 6700).
- Added CLOCK_UPTIME, a clock which measures time-running-not-suspended, used in clock_gettime(2) and other places.
- Backed out POLLHUP change until a problem with xterm(1) hanging on close is fixed.
- Support for the i.MX6-based Wandboard Quad added to the armv7 architecture.
- Disabled interrupts in the re(4) interrupt handler. Fixes the occasional watchdog timeout when using MSI.
- Removed Adaptec 2940 SCSI controllers from i386 RAMDISK kernels to make other things fit.
- Use monitor/mwait to idle amd64 CPUs when available.
- Change the default for the "default-path" option to ~ in tmux(1).
- Updated to mesa 9.2.1.
- In tmux(1), use open(".")/fchdir(2) to save and restore current directory rather than getcwd(3)/chdir(2).
- Fix boot device matching in the presence of mpath(4) on hppa/hppa64.
- poll(2) on a closed tty(4) now returns POLLIN|POLLHUP in revents when events is set to POLLIN, and POLLHUP when events is set to POLLOUT.
- Added ntpctl(8), which allows us to query the locally running ntpd(8) process.
- Fix tuner ioctl TVTUNER_SETFREQ in bktr(4) (broken after rev 1.30).
- In mandoc(1), support roff(7) simple numerical conditions.
- Support mandoc(1) setting and printing out arbitrary roff(7) number registers, preserving support for the ".nr nS" SYNOPSIS state register.
- Fixed drm(4) incoherence with fence updates on Sandybridge and higher CPUs.
- Kernel adjusted to print many daddr_t variables with %lld, and u_int64_t variables with %llu in many places.
- Made it possible to correctly set up and label a vnd image with a boot area on aviion.
- Emulate 64-bit drm(4) atomic operations on 32-bit architectures by using a mutex.
- Replaced rc4 with ChaCha20 in arc4random(3).
- Added initial SNMP client utility to snmpctl(8). For example, "snmpctl snmp walk 127.0.0.1".
- In ld(1), make stderr buffered in einfo(), to speed up display of error messages on slower platforms.
- Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX (not MAXPATHNAMELEN, MAXNAMLEN or MAXLOGNAME) in the C library.
- Stopped drm(4)'s drmclose unreferencing objects while a mutex is locked.
- Ensure the OpenBSD area of the disk does not enclose the boot area on the aviion architecture; added installboot(8/aviion).
- On aviion, test whether the WHOAMI register exists before using it.
- Two new libX11 locale(1) added: km_KH.UTF-8 and sr_CS.UTF-8.
- Enabled mpath, rdac, and sym in GENERIC kernels to find bugs.
- Ensure stack is 1:1 mapped before attempting to give control back to the PROM at halt/reboot time, so aviion can reboot.
- Updated to: xserver 1.14.3; makedepend 1.0.5; xman 1.1.3; libX11 1.6.2; libXaw 1.0.12; libXmu 1.1.2; libXpm 3.5.11; libXrandr 1.4.2 and libXv 1.0.10.
- poll(2) on a socket now sets POLLHUP on EOF, so socketpair(2) matches pipe(2) behaviour when the other end is closed.
- Refined gio(4/sgi) frame buffer probe, to correctly detect a newport frame buffer on Indy if a HPC SCSI board is attached.
- Correctly probe for the Ethernet chip on hpc(4/sgi) v1.5 expansion boards. Gets rid of "sq not configured" in dmesg(8).
- In boot(9), do not iterate over alldevs if it is empty (e.g. halting from ddb(4) with ddb entered early with boot -d).
- With even number of offsets, choose middle offset with lowest delay. Resolves uncertainty in the ntpd(8) REFID assignment.
- Stopped the message that uthum(4)'s calibration offset is incorrect, when the offset is less than 1 degree C.
- Stopped wd(4) incrementing the address the next i/o will start at by an incorrect amount.
- IPv6 atomic fragments must not go into the pf(4) reassembly queue, but be processed immediately.
- Use the cpuid vendor string (not model string) when enabling VIA specific amd64 code so the code works with Eden X2 processors.
- Take into account that the iked(8) ike message header might no longer point to the same memory after buffer manipulations.
- Make sure drm(4) vblank_time_lock blocks interrupts; made most atomic operations really atomic; removed all 64-bit atomic operations on 32-bit architectures. Potentially fixes some races/panics.
- Sync most machine independent LANCE code (le(4/vax)); added ILACC (79900) support.
- Stop traffic for a given usb(4) endpoint when a transfer reports an I/O error. Fixes ehci(4) looping with "ehci_idone:" messages.
- Try to release the console if pckbc(4) fails to send the initial command byte, giving USB keyboards a better chance of attaching.
- On hp300: Removed SLOWSCSI; increased scsi(4) target selection timeout. Booting kernel from disk now much faster.
- Keep sudo(8) default env_keep to minimum required for pkg_add(1); env_keep for building src and ports moved to "wsrc" group.
- Report each m88k cmmu on its own line in dmesg(8); fixed multiprocessor writeback logic.
- Fixed luna88k installer, to add bsd.mp to the default sets if > 1 processor.
- Stopped merging the per-thread and per-process flags when reporting them via sysctl(8) KERN_PROC.
- Updated to: util-macros 1.17.1 and videoproto 2.3.2.
- Merge unbound 1.4.21 and ldns 1.6.16.
- Fixed tmpfs' uio_offset, to stop it skipping one entry for each block.
- Fix an ino_t inconsistency to unbreak the build of fuse(4)'s libfuse.
- Made aviion understand ELF files well enough to netboot kernels on AV530.
- Switch to machine independent dart(4) driver on aviion.
- Set top(1) a higher MAX_COLS, more reasonable for modern widescreen displays.
- Fixed occasional SIGSEGV in privsep'd binaries (eg syslogd(8) and pflogd(8)) on sparc/sparc64 running on sun4/4c/4e.
- Added support for root on NFSv3.
- Configure pms(4) absolute mode for elantech v2. Synaptics driver now attaches to elantech v2 touchpads. Print the firmware version at attach time for reference in future bug reports.
- Fixed panic in pipex(4) seen if pipex deleted a session via idle-timer when npppd(8) was frozen, causing use-after-free.
- Don't assume the length of npppd(8) chap challenges.
- Added length check for Proxy LCP and Authentication AVPs in npppd(8); also in 5.2, 5.3 and 5.4 stable branches.
- Do no try to clear the uhidev(4) endpoint (as it if has stalled) if the USB transfer reported an I/O error.
- Made ssh(1) BindAddress work with UsePrivilegedPort=yes (bz#1211).
- Tell the client when their preferred ssh(1) listen address has been overridden by the server's GatewayPorts (bz#1297).
- Store the initial file offset so the progress meter doesn't freak out when resuming sftp(1) transfers (bz#2137).
- Get ethernet working on the edgerouter lite; added atphy(4) to RAMDISK and GENERIC.
- Increased default number of ugen(4) device files: two are too few for modern standards.
- Removed gssapi config parts from ssh_config(5).
- Fixed mandoc(1) horizontal spacing for input lines beginning like ".Oc Ns".
- Fixed mandoc(1) horizontal spacing where "Ns" macro follows a block-closing macro and the corresponding block-opening macro is not on the same line.
- Reverted ksh(1), so commands executed via `foo` or $( bar ) inherit "set -e" status (as POSIX requires).
- Updated to: twm(1) version 1.0.8; xclipboard(1) version 1.1.3; xclock(1) version 1.0.7; xinit(1) version 1.3.3; xkill(1) version 1.0.4; xlsclients(1) version 1.1.3; xmodmap(1) version 1.0.8; xrdb(1) version 1.1.0 and libSM version 1.2.2.
- Bar pflow(4) if flowsrc is not set.
- Fixed sign of returned error code for drm(4) i915.
- Prevent hardclock(9) trying to schedule a softclock interrupt before its cookie has been allocated (this caused panics on macppc).
- Added SM_PATH to the default env_keep in sudoers(5).
- Added basic support for eMMC memory and enable it on the BeagleBone Black.
- Revert previous sys/net/if.c diff to always increment the if(4) interface index (tun_switch() depends on this feature).
- Avoid leaking mbufs in cpsw(4/armv7) failure paths.
- Fixed ssh(1) connection crash when sending break (~B) on a ControlPersist'd session.
- Switched to using arc4random in sqlite3(1).
- Allow for 0-length "octet strings" in SNMP traps, so snmpd(8) conforms with ITU X.690 (ASN.1 definition document).
- Correctly NUL-terminate the systat(1) cpu view array. Fixes a segfault on powerpc and probably others.
- Fixed user(8) bug where owner/mode is not set on the user's homedir if the specified skeldir does not exist.
- Added support for SM_PATH environment variable. sysmerge(8) can search this path for etcXX.tgz and/or xetcXX.tgz.
- Disabled intel(4) blit acceleration on haswell (for now).
- Allow BOOTP lease times and the options dhcp-lease-time, dhcp-rebinding-time, and dhcp-renewal-time to be controlled via dhclient.conf(5).
- Added relayd.conf(5) support for ECDHE (Elliptic Curve Diffie-Hellman) to enable TLS/SSL Perfect Forward Secrecy (PFS).
- Import nl(1) from NetBSD, with local changes (inc. "-" syntax for stdin, multibyte delimiter support from FreeBSD, code simplifications).
- Fixed some omissions and flag errors for radeon(4) pci match tables, removed the duplicate table for i915.
- Monochrome Xserver(1) now available on luna88k.
- Fixed scsi(4) mpath "next path" selection. If the current path is NULL the machine will no longer panic.
- Enabled vmx(4) on i386 and amd64.
- Added a new systat(1) screen "cpu" listing the usage of each CPU core; new -B command line flag, similar to -b.
- Changed default relayd(8) and ldapd(8) ciphers to HIGH:!aNULL.
- Plugged a snmpd(8) memory leak when walking the pfTblAddrTable in PF-MIB.
- Sync PF-MIB and snmpd(8) with the pf(4) table byte/packet counters for "match" rules.
- Support added to arm for FreeScale's i.MX6 SoC.
- Taught id(1) about the whoami(1) and groups(1) run modes (removes shell wrappers).
- When slowcgi(8) is dumping FastCGI protocol headers during debug, also dump the "request begin" and "request end" protocol entries.
- Made slowcgi(8) use the correct buffer size for memory allocation and reads.
- Added ugold(4), a driver for PCsensor's USB gold TEMPer temperature measurement device.
- Merged mesa version 9.2.0 into xenocara.
- Set relayd(8) "toread" to 0 if we don't expect a body. Fixes handling of HTTP requests with a body (e.g. POST).
- Add a proper suspend ksh(1) builtin that saves/restores the tty and pgrp as needed instead of using an alias (login shells may be suspended if they are not running in an orphan process group).
- The beagle architecture has been replaced by the more generic armv7.
- time_t and other random fixes from upstream merged into base nsd(8).
- Added libtxc_dxtn 1.0.1, a DXTn/S3 texture compression library.
- When a partition is changing to UNUSED, save kernel-set values on all partitions, not just open ones and keep the new partition type. Allows changing the RAW_PART partition (a.k.a. "c") to UNUSED.
- Rewritten ARMv7 cpu cache discovery code (to remove false assumptions); fixed log2(3) on arm.
- After resume, make the pms(4) driver wait longer when /dev/wsmouse is opened. Allows mouse to work after resume on x130e.
- Updated to nsd(8) version 3.2.16.
- Only free the per-protocol descriptor if a pms(4) touchpad cannot be correctly identified during attach.
- Removed unnecessary calls to arc4random_stir(3) in ssh-keygen(1) and sshd(8). Increases available entropy.
- Use arc4random(9) as the preferred random number source in fontconfig.
- Properly pass daemon_flags to amd(8).
- Update line buffer allocation on radeon(4). Fixes blank screen problems on dce4.1, dce5 and dce6 asics (see https://bugs.freedesktop.org/show_bug.cgi?id=64850).
- Updated GLU to version 9.0.0. GLU was previously part of Mesa but is now separate.
- Made sftp(1) "^w" delete the previous word, instead of the entire line. Matches ksh(1) behaviour.
- Lock the audio mutex before invoking the audio(4) call-back. Fixes panics on zaurus.
- Turn on mass storage interface for mfii(4).
- If a slowcgi(8) script dies due to receipt of signal, pass that back to the HTTP frontend as the "application return status".
- Use PCIe capability version 2 when displaying link speeds with pcidump(8).
- Fixed handling of getdents() against UDF filesystems.
- Use arc4random_buf(3) in iceauth(1).
- Added iwn(4) support for advanced btcoex.
- Allow setlocale(3) (LC_MESSAGES, ...); to succeed. Stops some ports (e.g. gnome) from freaking out.
- Quieten ssh-keygen(1) batch processing; exit with non-zero if asked to find a non-existent hostname in the known_hosts file.
- When we attach an inet(4) interface, avoid races by not reusing the last index.
- Enabled RS400/RS480/RS690 in radeon(4).
- Non-integrated radeon(4) >= r600 parts will now try to enable PCIe 2.0/3.0 speeds if the PCIe root port advertises those speeds.
- Made mpath(4) path driver "match routes" return 8, so they will definitely be higher than the real device drivers.
- Assume roundrobin path scheduler type within a group of mpath(4) paths now (sym(4) devices work around this by putting every path in its own group).
- When pmap(9) flushes page from all caches, writeback on all CPUs. Fixes spurious m88k segmentation faults.
- Updated xterm(1) to version 296 (with sixel graphics disabled for now), DejaVu Fonts to 2.34 and libX11 to 1.6.1.
- Simplified xvctl(1), a utility to get or set Xv(3) extension values.
- Replaced rand(3)/random(3) calls with secure arc4random(9) in npppd(8)'s radius authentication, make(1) and route6d(8).
- Implemented handling of group failover in mpath(4).
- New slowcgi(8) option to specify an alternate FastCGI socket on which to listen.
- Introduced the idea of groups of paths to mpath(4). Only paths on the first group in the list will handle io now.
- Adjust startup sequence so mpath(4) attaches before other hardware.
- Make ommmc interrupts show up in vmstat(8) -i, systat(1), etc on beagle.
- Updated to pixman 0.30.2.
- Allocate and deallocate memory for encryption contexts within cryptosoft. Removes the need for zerokey functions.
- Make disklabel(8) partitions from "i" to "p" functional on luna88k.
- Initialise loongson pcimap earlier, to make sure its value is not tested before initialisation (only affects 2e systems).
- Fixed usage of fork(2) in programs linked against libpthread on m88k 88100 processors, where the parent thread would spin.
- Updated to Xserver(1) version 1.14.2.
- Replaced random(3) with arc4random(9) in libevent.
- Fixed minor discrepancies with ix(4) link state handling.
- Stopped oce(4) and ix(4) calling if_link_state_change if link state is not changed.
- Fix memory initialisation for octeons that have less than 256MB.
- Stir PRNG after sshd(8) runs post-accept fork. The child gets a different PRNG state anyway via rexec and explicit privsep reseeds, but it's good to be sure.
- Do not let netstart(8) create a route to alias addresses via 127.0.0.1 (the stack is able to tell if the address is local or not).
- Correct format string mismatches in various code turned up by gcc(1) -Wformat=2.
- Added acpi(4) indicator sensor to acpibtnX, to reflect lid status when available. Useful for people not using machdep.lidsuspend.
- With wsdisplay(4), use the console locator to make sure wsdisplay0 is always the glass console on i386/amd64.
- Use int64_t in the spamdb(8) greylist db file, with backwards compatibility for records with 32-bit times.
- Fixed build of ix(4) without vlan.
- Added urtwn(4) to the sgi kernels where it makes sense.
- Added nc(1) -F flag to enabled fd-pass mode: establish connection and pass connected socket to stdout.
- Remove uscanner(4). Disabled in GENERIC long ago (when libusb became the preferred solution for USB scanners).
- Enabled mpii(4) on sparc64.
- Added ssh_config(5) ProxyUseFDPass option, to establish a connection and then pass file descriptor back to ssh(1).
- Make pf(4) "match quick" abort ruleset evaluation with the current block/pass state, rather than continuing on.
- Fixed kernel profiling on powerpc architectures (broken since the buffers were made per-cpu).
- Fixed prototypes of do_load_half() and do_load_byte() on m88k to stop obscure bugs in awk(1) and elsewhere.
- Disable appleagp(4). It doesn't really work yet, and hurts certain iBook G3 models (PowerMac4,3).
- Fixed xf86-video-ati shadowfb on big-endian machines.
- Updated to: xload 1.1.2, xprop 1.2.2, xset 1.2.3, libXfont 1.4.6 and xwd 1.0.6.
- Stop dhclient(8) creating a route to the bound address via 127.0.0.1, as the stack should be able to correctly short-circuit packet routing to local addresses without this.
- Make the vgafb(4) console correctly restore when exiting X(7).
- Stopped macppc pretending to support non-console devices, because vgafb(4) only matches the framebuffer device setup by the firmware.
- Use %lld and cast to long long when passwd(1) is printing time_t values, and atoll(3) when parsing them.
- For ikectl(8), snmpctl(8) and rdate(8) use %lld and cast to long long when printing time_t values.
- Enabled radeondrm(4) on macppc.
- Use mapiodev to do the initial mapping of vgafb(4). Allows radeondrm(4) to bus_space_map(9) it without panicking.
- Updated to xf86-video-ati 7.2.0. Fixes endianess problem with kms.
- Avoid integer overflow in sector calculation reading UDF DVDs, which broke reads past 2GB.
- On luna88k, check number of planes (1, 4, or 8bpp) in framebuffer by ourselves (PROM gives false values). Lets monochrome X(7) server work correctly with a 4bpp framebuffer.
- Enabled radeondrm(4) on sparc64.
- Align stack yp(8) buffers to 64-bit boundaries now, for they might contain a struct passwd(5).
- Blast uhts(4), as the code was merged into ums(4) last week.
- Stop defining SIOC{S,G}ETVLAN as SIOC{S,G}IFGENERIC. Lets vlan(4) handle pppoe(4)-specific ioctls and vice versa without smashing the stack of the caller.
- Make sure "drm.h" gets generated on all architectures that support pci(4), making alpha and loongson compile again.
- Set bgpd.conf(5) to filter the IPv6 Discard-Only prefix, because it should not be globally routable (see RFC6666).
- Rewrite the internals of the bgpd(8) RDE reload logic. First step to make reload non-blocking. Speeds up the reload time, should also fix a few edge cases on reloads.
- Enforce that the ls_id and the adv_rtr field in a type 1 router LSA are the same. This will drop updates trying to attack the ospfd(8) LSDB.
- Only skip dhclient(8) address deleting/adding and route deleting/adding on identical lease when we are in state S_RENEWING. Makes sure we end up with an IP address on the interface.
- Don't depend on a list of archs to determine endianess, unbreaks X(7) gallium build on sparc64.
- Let fw_update(1) handle firmware for radeondrm(4).
- Allow the user to specify which firmware to install with fw_update(1), or to install all of them using the -a switch.
- Updated iceauth to 1.0.6 and xfwp to 1.0.3.
- Let the Xserver(1) handle more /dev/drmN devices.
- Improved pci(4)'s VGA arbiter support now the kernel can give us information about the resources required by a particular device.
- Moved ray(4) to the attic.
- When handling puts from a client, tftpd(8) will now close the file once downloaded, instead of waiting until after we clean up the client .
- Remove bogus refcounting of usb(4) pipes, to avoid memory leaks and potentially aborting a pipe when requests are still pending.
- Made the tree compile again on architectures without drm(4).
- Switch time_t, ino_t, clock_t, and struct kevent's ident and data members to 64bit types; build perl(1) with -DBIG_TIME.
- Add the tcp(4) socket option TCP_NOPUSH to delay sending the stream. Useful to aggregate data in the kernel from multiple sources, avoids sending small packets.
- ps(1) flags are split between thread and process but it is useful for ddb(4) to show both. Show both in ps overview, list them explicitly for the specific thread.
- Match macppc framebuffer device against its OpenFirmware node, to enable sharing of console detection logic with sparc64 in radeondrm(4).
- Build mesa radeon(4) drivers on sparc64; switch to gallium drivers for r300 and r600.
- Enabled xf86-video-ati kernel modesetting support.
- Added TTM and radeon(4) DRM code. Includes kernel modesetting, framebuffer console and support for newer hardware.
- Fixes for as(1) on mvme88k: provide 88110 syntactic sugar for the control register names; correctly handle -m options; allow the register prefix to correctly be recognised in front of the condition codes.
- Cancel timeouts on pflow(4) interface destruction.
- Plugged file descriptor and memory leak in fuse(4)'s fuse_open() error path.
- Fixed a potential race on luna88k, where a secondary cpu incorrectly resets variables on the primary cpu.
- Merged uhts(1) into ums(1).
- Added rc.d(8) scripts for ipropd-master and ipropd-slave.
- Added urtwn(4) for upgrades to macppc ramdisk.
- Enabled ctrl-left-arrow and ctrl-right-arrow to move forward/back a word in ssh(1); matching ksh(1)'s recent change.
- Do getopt parsing for all sftp(1) commands, to ensure consistent behaviour.
- Implemented the roff(7) font-escape sequence \f(BI "bold+italic".
- Made it possible for graphics drivers to opt-out of VGA arbitration.
- Neither the flow control diff nor the RX checksum offload diff is responsible for gem(4) hangs, so put them back.
- Bugfix update to nginx(8) version 1.4.2.
- Build libdrm_radeon on sparc64.
- Create drm(4) device nodes on sparc64 and create additional entries on amd64/i386/macppc for running with multiple cards.
- Fixed sftp(1) regression: symlinking a file would incorrectly canonicalise the target path (bz#2129).
- Disabled libexec/identd and enable usr.sbin/identd(8).
- After a panic(9), do not fill up the dmesg(8) with splassert messages. They scroll away the important information.
- Another major overhaul of the inteldrm(4) GEM code.
- Make sure states learnt via pfsync(4) from a peer with the same ruleset checksum get properly assigned to rules.
- Stopped gcc(1) warning on missing newline at EOF. Matches the behaviour of gcc >= 4.3 and clang.
- Moved check in mktemp(1) for template length, so error message is also shown in the -t case instead of EINVAL.
- Make user(8) write UIDs/GIDs as unsigned in the passwd file and error messages. Matches what pw_scan(3) expects.
- Switched vax to gcc(1) version 3.3.6; removed gcc(1) version 2.95 from the tree.
- Fixed mandoc(1) bug by reverting r1.10 of term.c: after a leading blank on an output line, don't generate a premature line break.
- Updated ix(4) to the Intel/FreeBSD current version. Brings support for the flow control and additional (untested) bits for 1G fibre versions.
- Enabled MSI on re(4) RT810xE.
- Unbreak PMTU-discovery for ipsec(4) AES-GCM.
- Don't flush the cache on page inflate for hibernate on amd64 for faster resume on some machines.
- Fixed corner cases in the implementation of pow(3) to make it compatible with C99.
- Implement if_nametoindex(3) and if_indextoname(3) for pfctl(8). 20x speedup factor with some complex rulesets.
- Create more inodes on the sparc64 installation ramdisk. Prevents problems during install/upgrade when files or nodes need to be added.
- Added ral(4) support for the Ralink RT3060, which uses the RT3572 MAC/BBP.
- Remove the sysmerge(8) glue from the installer (it has never been used and is being replaced).