This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
In sshd_config(5), add prohibit-password as a synonym for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only.
In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password".
In em(4), fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed.
Skip C2 and C3 states from the FADT if the cpu doesn't have ARAT.
Do not save and restore a read-only capability register in acpihpet(4).
Fix clct(4) which was stuttering to the point of being useless.
In identd(8), don't die on socket operation errors.
In acpicpu(4), provide the fallback C1-via-halt even when _CST can't be evaluated. This fixes systems that only provide _CST for a subset of the CPUs.
On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations.
5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs. A source code patch exists for 5.6 and 5.7.
Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing patch(1) about the state of the ed(1) child process is in.
In the installer, make "without-password" the default answer to the "Allow root ssh login?" question.
Change the sshd_config(5) PermitRootLogin default to "without-password".
In ksh(1), fix the baskslash-escaped codes ("\nnn") usage in PS1.
Allow ssh_config(5) and sshd_config(5) kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it.
In envy(4), properly recover when interrupts are blocked for too long. This fixes permanent distortion on MP systems.
In relayd(8), fix a bug where other than the last of multiple forward rules in http protocols would be ignored.
Add linker warnings in case SSLv3_{,client,server}_method are referenced.
On macppc, powerpc and socppc, do not save the status register and restore it for machine check exceptions.
Revert r1.289 of src/sys/dev/acpi/acpi.c (respect the access size when reading or writing to pci config space). It is locking up suspend or boot on some laptops.
Disable tame(2) with ENOSYS for upcoming release cycle.
Acquire the kernel lock in pmap_remove(). The reasons for this can't be stated as the committer has been asked to be polite in his commit message.
In azalia(4), rework the buffer position reporting code.
Build r300g and r600g on macppc and sparc64.
Make the Gallium r300 works on big-endian architectures.
In case the system misses enough audio interrupts for DMA pointers to wrap, recover by detecting and compensating for the missed interrupts. This fixes certain audio hangs on MP machines.
In libsndio and audioctl(1), use the new AUDIO_GETPOS ioctl instead of AUDIO_GETxOFFS and AUDIO_xERROR.
Add the AUDIO_GETPOS ioctl to fetch a snapshot of the 4 counters returned by AUDIO_GETxOFFS and AUDIO_xERROR ioctls.
In mandoc(1), remove the hack of scrolling forward and backward with +G1G. Instead, when using a pager, use another temporary file for the formatted page(s).
For unix domain sequenced packet socket pairs, don't report an EMSGSIZE error when the sent message was not too large.
Enforce tame(2) by disabling all TAME_ flags if tame_fail() is reached, not only if TAME_ABORT is set.
5.6 and 5.7 SECURITY FIX: the patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file. A source code patch exists for 5.6 and 5.7. These patches remove the RCS support.
5.6 and 5.7 SECURITY FIX: a kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace. A source code patch exists for 5.6 and 5.7.
In radiusd(8), make the modules priviledge-separated.
In tmux(1), make -q suppress ambiguous option warnings too.
Don't exit when the command line is too long to log.
In patch(1), remove support for automatically checking files out of RCS. This may cause patch to be tricked into running arbitrary shell code with a specially crafted diff.
In disktab(5) on amd64, fix ba# attribute in rdroot entry.
Update to terminfo 20150725.
On alpha, ensure pci_intr_map() will perform proper interrupt swizzling for devices behind a bridge, if the SRM didn't pick an interrupt line for them.
On alpha, adapt the way the vga(4) textmode is obtained in order to support the Alphabook 1.
In libsndio, fix an arithmetic mistake causing errors when there are more xruns on the record side than on the play side.
In sndiod(8), clear watchdog timer when device is closed. This fixes a use-after-free in error code paths when the device is closed before the audio is stopped.
In security(8), don't risk blocking when reading untrusted user files and for additional safety against race attacks, make sure they are regular files.
In ktrace(2), make KTR_SYSRET records variables variables sized, leaving out the retval on error, including a long long retval on successful lseek(), and including a register_t retval for other successes. This fixes lseek reporting on ILP32 archs.
Correctly check the return value of strtoll(3) (Coverity CID 105339).
Free a variable on error (Coverity CID 78826).
Free a variable before potentially reusing it (Coverity CID 78824).
Only close a descriptor if not already closed (Coverity CID 78916).
In tcpdump(8), show 11n HTOP primary and secondary channel numbers for 40MHz BSS instead of showing just the primary one and "above" or "below" for secondary.
Rename the tps65090 driver to "tpspmic".
Introduce tame(2), a subsystem which restricts programs into a "reduced feature operating model".
In libssl, remove the logic responsible for outputting most AES-NI instructions as raw byte sequences.
Revert the previous commit in ospfd(8) (properly handle carp interfaces in "backup" mode on start-up), because it breaks on systems without carp.
In doas(1), if execvpe fails with ENOENT, print "command not found", like sudo.
On exynos, make the keyboard driver poll until it can be improved more.
In snmpd(8) and relayd(8), don't return failure for agentx messages with 0-length payloads. This allows snmpd to properly handle ping messages from agentx subagents.
In libssl, abort when ENGINE_remove fails (Coverity CID 21656).
Make tcpdump(8) show HTOP elements in 11n management frames.
In bioctl(8), remove the restriction to disallow the use of a passphrase file during initial creation of a crypto volume.
In relayd(8), fix unbounded buffer growth. In the case of a slow client reading large files, we would consume large amounts of memory.
In ospfd(8), properly handle carp(4) interfaces in "backup" mode on start-up.
Abstract the routing table internals behind an rtable_* API.
In acpicpu(4), if _CST provides a C2 or C3 but lacks a C1 that we understand, provide a fallback C1 state using "halt".
In libssl, check the return value of ASN1_STRING_set() (Coverity CIDs 24810 and 24846).
In install(1), add -D to create the full destination path before installing the source into it.
In ssh:
Skip uninitialised PKCS#11 slots (bz#2427).
Don't ignore PKCS#11 hosted keys that return empty CKA_ID (bz#2429).
In sshd(8), only query each keyboard-interactive device once per authentication request regardless of how many times it is listed.
In doas(1), add -s as a shorthand for "doas $SHELL".
In httpd(8), allow to change the default media type globally or per-location.
In mandoc(1), insist that manual page file name extensions must begin with a digit lest pkg.conf(5) be shown when pkg(5) is asked for.
Support HTTP Strict Transport Security (HSTS) in httpd(8).
Have tftpd(8) provide a block of random data when clients request the file /etc/random.seed.
In mandoc(1), clean up the temporary file when the process dies from a signal.
In libssl, remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.
On alpha, correctly set up interrupts. Now the kernel no longer get stuck with an SCSI interrupt storm at the end of autoconf.
In snmpd(8), use RTF_CONNECTED to properly track connected routes.
On alpha, check for errors in the status register after performing a PCI configuration space read, for errors may not cause a machine check. This makes phantom PCI devices disappear on alphabook.
Allow route(8) to show all routes with a priority or all routes without a specific priority.
Allow sysctl(3) to show all routes with a priority or all routes without a specific priority.
Plug a leak in libssl (Coverity CID 78897).
Drop promiscuously received packets if the trunk(4) interface is not in promiscuous mode.
Add the _dpb, _pbuild, _pfetch users to do dpb multi-user builds.
On amd64 and i386, avoid assigning low addresses to PCI BARs. These addresses will never actually be routed to the PCI bus and therefore guaranteed not to work.
In mandoc(1), add initial support for less(1) -T and :t ctags(1)-like functionality to jump to the definitions of various terms inside manual pages.
Make sound cards work on older PowerMacs.
Fix MPLS routing when receiving packet with multiple labels.
Release the kernel lock while tearing down the uvm map in the reaper. This speeds up workloads that fork a lot of processes and, more importantly, reduces latency.
Prevent non-ACPI uniprocessor i386 machines with NX/PAE from panicing in pcibiosattach.
In ldpd(8), filter routes based on RTF_LLINFO and RTF_BROADCAST flags and use RTF_CONNECTED to properly track connected routes.
In sed(1), add the -i flag to do in-place editing.
In ripd(8), filter routes by RTF_LLINFO and RTF_BROADCAST and use RTF_CONNECTED to determine if a route is connected or not.
In binutils 2.17, correctly consume mandatory 0x66 prefix when disassembling aes{dec{,last},enc{,last},imc} instructions (a regression in 2.17) and correctly disassemble aeskeygenassist.
In ospfd(8) and ospf6d(8), filter broadcast and llinfo routes, and adjust the tracking of connected routes to the new way.
In bpgd(8), only filter RTF_LLINFO or RTF_BROADCAST routes out but not RTF_LOCAL ones since we need those for loopback and point-to-point interfaces.
Make tcpdump(8) decode the country element in 802.11 mgmt frames.
Announce an IP address after inserting its corresponding RTF_LOCAL route and not during the SIOCSIFADDR ioctl. This way addresses are not announced when an error occurs.
Manage spd entries by using the radix api directly instead of reaching around through the routing table.
Fix a regression introduced by the M_PROTO1 loop prevention cleaning because gif(4) was abusing this flag to figure out if the packet was coming from a bridge(4).q
Make tcpdump(8) display BSS load information contained in 802.11 mgmt frames.
Update to NSD 4.1.3.
Enable exynos on armv7.
Remove support for SSLv3 from openssl(1) ciphers, s_client, s_server and s_time.
In iked(8), assign the correct destination port value for the destination netmask. This repairs setup of SPD flows that specify port only on the one side of the from-to specification.
In sndiod(8), fix hangs during clean-up after the audio device is disconnected or an unrecoverable error is detected.
In libssl and openssl(1), remove workaround for TLS padding bug from SSLeay days.
In sshd(8), fix an incorrect test for SSH1 keys when compiled without SSH1 support.
Prevent syslogd(8) from writing too much data into the log file.
Make doas(1) fail if /etc/doas.conf is g+w or o+w or is not owned by root.
On amd64 and i386, remove the 4-second delay on reboot and shutdown that was added 8 years ago to "workaround MP timeout/splhigh/scsi race at reboot time". The issue probably has been fixed by now.
Allow (almost) any non-space character to be a part of "word" in doas.conf(5). This allows weird commands like /bin/echo to be used for real.
Remove the IP_ROUTETOETHER pseudo-option. It is hack to support return-rst on bridge(4).
Make tcpdump(8) show 11n HT capabilities in 802.11 management frames.
Ignore the 4-byte trailing padding of each received packet when copying to the upper layer.
Add USB 3.0 related code.
Update to libdrm 2.4.62.
Refix memory handling for machines with less than 256M broken by r1.64 of src/sys/arch/octeon/octeon/machdep.c.
In httpd(8), use vis(3) instead of url_encode() for some values like User-Agent.
In libssl, fix a few Coverity CIDs including 125063.
Recognize CARP interfaces when sending packet to a multicast address.
On arm and armv7, account for the fact that the exynos gic is not at a fixed offset from periphbase.
In urtw(4), fix error code paths to not panic the kernel. This makes the driver work with somewhat flaky urtw(4) devices.
In libssl:
The previous fix for Coverity CID 21785 did not cope correctly with the case where seed_len != 0 and seed_in == NULL. Since this situation is an error anyway, bail out early.
Do not allow TS_check_signer_name() with signer == NULL from int_TS_RESP_verify_token() (Coverity CID 21710).
Avoid leaking objects upon error.
Fix unchecked allocations, and make sure we do not leak upon error (Coverity CID 21739 and more).
Fix a memory leak (Coverity CID 78836).
Fix a possible 32-byte buffer overrun (Coverity CID 78869).
Fix two theoretical NULL pointer dereferences which can only happen if you have seriously corrupted your memory (Coverity CIDs 21708 and 21721). Also plug a memory leak.
Remove dead code (Coverity CID 21688).
Flense out dead code (Coverity CIDs 21691 and 21698).
In httpd(8), allow the certificate and key to each be almost 16 kB rather than having a combined total of less than 16 kB.
5.6 and 5.7 SECURITY FIX: a TCP socket can become confused and not properly cleanup resources. A source code patch exists for 5.6 and 5.7.
Revert to marking lines as wrapped on newlines. This fixes problems with capturep -J.
Add a -s flag to show-environment to output Bourne shell commands à la ssh-agent.
Add a format to show if client is a control client.
Fix a few problems when running out of file descriptors.
Ignore environment variables that are too long to send to the server.
Reset G0/G1 state when resetting everything else with send-keys -R.
First stab at making the hppa mpsafe.
In devname(3), don't write a warning to stderr if the db cannot be opened. This avoids bogus warnings in chroots.
In tcpdump(8), don't consider \v and \f printable characters.
In cwm(1), introduce "groupsearch" for group menu search.
In xhci(4), do not trust the hardware when it says that the number of remaining bytes to transfer is superior to the length of the transfer.
On i386, amd64 and sparc64, don't call pool_put(9) while holding a mutex to prevent lock ordering problems between the per-pmap mutexes and the kernel lock. This happens because pool_put(9) may grab the kernel lock when it decides to free a pool page.
In ssh, turn off DSA by default. Add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side so it can be turned back on.
In syslogd(8), ensure the privsep parent and syslogd child are kept in sync if the fd limit is reached.
On amd64, prevent possible interrupt recursion before unwinding the stack.
In ssh, re-enable ed25519-certs if compiled without OpenSSL.
In fdisk(8), do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
In file(1), properly handle files >= 4 GB on 32-bit architectures.
Switch "openssl dhparam" default from 512 to 2048 bits.
Allow to re-plug USB3 devices on the root hub without going through a suspend/resume cycle (or rebooting) with Intel ICH7 xHCI.
In ps(1), remove the calculation that includes the process lifetime and just use the p_pctcpu value as %cpu time.
In cwm(1), show an empty "ssh to" menu if the known_hosts file is missing.
In syslogd(8), add the possibility to store all syslog messages received from a specific host into a single log file.
Never cache an RTF_GATEWAY route as next hop for a gateway route. This prevents rtentry loops when rt→rt_gwroute points to rt leading to an infamous "rtentry leak" panic.
Allow uvideo_mmap_queue() to fail gracefully when the mmap queue is full.
In libpciaccess, attempt to establish a write combining mapping instead of relying on mttrs. Setting the mttrs fails on the ThinkPad X1 rev. 3, making the xorg-video-vesa driver painfully slow.
On macppc, do not quiesce the firmware on Quad G5 to let it manage the fans. This also unbreak "bsd -cd" on such machines.
Stop garbage collecting mbufs from the ARP, IPv4 and IPv6 queues when an interface is destroyed or removed.
In drm(4), introduce Linux work queue APIs and use them.
Ensure that e_shentsize (sections header's size in bytes) is large enough to fill at least one Elf_Shdr.
Ensure that freed variables in elf_symloadx() are reinitialised when an error is detected.
On amd64, make sure that the page tables are created after esym and after end. This avoids a crash with small non-generic kernels that write to the page tables.
In nm(1), before accessing data, check if the section header table is present and check the consistency of the section header table size.
In npppd(8), properly handle zero-length 1701/udp and GRE packets.
In ssh, don't count successful partial authentication as failures in monitor. This may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed.
On amd64 and i386, make it possible to create write combining mappings through /dev/mem.
In pf(4), increment rule counters only after successful state insertion.
In ssh, don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer.
In httpd(8), URL-encode $SERVER_NAME and $REMOTE_USER before using them in the Location header.
Make xhci(4)'s root hub report the same status bits as physical USB3 hubs.
Apparently some BIOSes not supporting xHCI natively switch USB ports back to EHCI at suspend, so route the ports back to xHCI at resume.
In an(4), don't use uninitialized data as a return value.
Don't leak memory if wsfont_rotate() fails.
In httpd(8), allow to specify characters like "?" in the Location URI.
In bgpd(8), fix a race between sending notifications to the SE and getting a new peer_up event in the RDE.
Fix a bug that causes uvm_pmr_get1page() to fail for allocations that specify an address constraint even when free pages that meet the constraint are still available.
In libssl, provide EC_curve_nid2nist() and EC_curve_nist2nid().
In Xserver(1), don't listen to "tcp" by default and add the -listen option.
In xinput(1), fix a crash when enabling/disabling without a device argument.
Remove obsolete MDC-2DES from libcrypto.
In bgpd(8), when we terminate the session, show the number of (currently) known prefixes and the max-prefix limit and show ">" as soon as we go above the limit since there may be more that we haven't/won't process.
Remove isp(4) now that the ql* family have replaced it.
In LibreSSL:
Change DTLS client cert request code to match TLS. DTLS currently doesn't check whether a client cert is expected.
On mips64, let alloc_contiguous_pages() round the allocation size to a page boundary, not to a u-area boundary.
On sgi, clear the PIC 'write request' memory at initialization time. There is apparently a risk of spurious parity errors if we don't.
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. This will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
In syslogd(8), implement -F to stay in the foreground.
Bring back r1.78 and r1.79 of src/sys/dev/usb/uhub.c. They were thought to introduce a regression, but it turned out to be a hardware failure.
Pass the "-nolisten tcp" option to Xserver(1) so that it doesn't listen on port 6000 by default.
In trunk(4), fix a double free in the destroy path.
In LibreSSL, make CBS_get_any_asn1_element() more compliant with DER encoding.
In ssh, return failure on RSA signature error.
On sparc, build __moddi3, __muldi3 and __qdivrem from libkern, and built no-pie, instead of getting them from libgcc.a, built pie. This repairs boot blocks operation.
In tmux(1), add a format for client PID (client_pid) and server PID (pid).
Add plrtc(4), a driver for the ARM PrimeCell PL031 RTC.
Parse _CST objects and use the C-states they describe when they're sane.
In rtwn(4), busy-wait a short while after sending a command to rtwn(4) firmware. This fixes selection of initial TX rate.
In glob(3), initialize the glob_t before the first failure check.
In binutils 2.17, add more encodings of options for the armv7 barrier instructions and allow non "sy"/0xf options for dmb. This omits the *ld options available in armv8 running in a32 mode.
In LibreSSL, reject long-form tags in CBS_peek_asn1_tag. Currently, CBS only handles short-form tags.
5.6 and 5.7 SECURITY FIX: several defects from OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792). For more information, see the OpenSSL advisory. A source code patch exists for 5.6 and 5.7.
5.6 and 5.7 SECURITY FIX: multiple reliability issues in smtpd. A source code patch exists for 5.6 and 5.7.
In libiberty, prevent an integer overflow leading to a heap-buffer overflow (CVE-2012-3509).
In LibreSSL:
Avoid an infinite loop that can be triggered by parsing an ASN.1 ECParameters structure that has a specially malformed binary polynomial field (CVE-2015-1788).
Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing length checks (CVE-2015-1789).
Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID (CVE-2015-1792). (However, this code is not enabled/built in LibreSSL.)
In the NFS code, avoid double-free in error path by cribbing the HASBUF flag logic from the rest of the kernel that deals with filename lookups.
In relayd(8), introduce a state on the ctl_relay_event struct. This makes it possible to better track the connection state of a session and stops doing double opens in certain situations using http relays.
In pms(4), don't match Elantech v4 devices with firmware versions 0xX7XXXX or with firmware versions higher than 0xX8XXXX.
Add initial support for the ARM Versatile Express boards as emulated by qemu with virtio memory ranges.
Ensure polled bulk, control and interrupt transfers actually poll. This fixes panics on shutdown with various usb sticks.
In tmux(1), add the -E flag to bypass update-environment when attaching or switching clients.
Remove HBG support from the DCF77 drivers.
On armv7, add initial exynos4 bits.
Introduce unhandled_af() for cases where code conditionally does something based on an address family and later assumes one of the paths was taken. This reduces the amount of noise with static analysers and acts as a sanity check.
Allow ehci to be built on platforms that lack a pci bus.
On amd64 and i386, enable use of mwait in non-MP boxes and report # of C-substates up to C7, truncating trailing zeros.
Make the qemu cortex a15 useable without trustzone.
Allow the rtsol keyword in hostname.if(5) with net.inet6.ip6.forwarding=1.
Enable rtwn(4) on RAMDISK_CD kernels for upgrades.
Put the link-layer address back into the gateway field of RTF_LOCAL routes. This fixes the "arpresolve: unresolved and rt_expire == 0" issue.
In tmux(1), handle the RGB colour escape sequence like xterm(1) does.
On alpha, do not unconditionally clear pcb_onfault after a uvm_fault. This should fix getentropy issues on MP systems.
In arp(8) and ndp(8), don't assume that the sockaddr_dl will be in the gateway sa. This fixes a regression introduced with the support of multiple connected routes.
Rework the ppp handling in the tty layer so it has its own private pool to allocate packet memory out of. This fixes a long standing issue in ppp on a tty/serial line where it allocates mbufs at IPL_SOFTTTY, which is above the IPL_NET the mbuf layer protects itself at.
Add a new HT-PCI bridge driver and the necessary glue to openpic(4) to get interrupts working on U4 machines. With this OpenBSD can run on PowerMac11,2 (Quad G5).
Make sparc go PIE (not "static PIE" yet).
On sparc, override PIE range constants with a variable which is decided at runtime, in order to only enable PIE on sun4m which has a large enough address space.
In the lazy binding routine, make sure we actually allocate the stack we need, instead of corrupting the caller's stack by mistake. This fixes segfaults in __powerpc_read_tcb() reported on earlier G3 systems.
Enable secureplt by default on alpha.
Allow gcc(1) to produce more precise relocation information on alpha. This will be necessary to enable secureplt by default.
Acquire/release the i2c bus before/after reading the temperature register. This prevents concurrent access to the smu(4) microcontroller on Apple G5 machines, which would result in errors reading the RTC.
On armv7, set the usb otg port on the cubox to host mode and attach ehci to it.
Change spamd(8) to use divert-to instead of rdr-to.
In dhclient(8), stop rejecting leases with a subnet that overlaps a subnet already present.
In ntpd(8), scale the error margin with the number of resolved NTP peers. This way, a very small number of outliers in an NTP pool cannot immediately trigger new connections to the contraint servers.
Export the rdomain to userland through struct if_data.
In cu(1), add the -d flag and the dc capability to open devices non-blocking. This is useful for the few drivers that do not support cua* so tty* must be used.
Reenable the page zeroing thread on MP m88k kernels.
On aviion and luna88k, make sure the lock is not taken for clock interrupts.
Add the -D option to nm(1) to display the dynamic symbol table.
In ntpd(8), if the constraint resolves to multiple IP addresses, try each of them one by one.
In axe(4), read ethernet address from EEPROM on AX88772B.
Add an F_ISATTY option to fcntl(), so that isatty() can use this rather than the bloated ioctl() interface.
In aucat(1), prevent periodic glitches occurring under certain circumstances.
In audioctl(1), display simply "play" when play mode is set.
Make it possible to use the same network on multiple interfaces at the same time.
Use a salted hash of the lock passphrase instead of plain text and do constant-time comparisons of it.
Add a 0.1s incrementing delay for each failed unlock attempt up to 10s.
In upd(4), make the "Battery Present" sensor a dependency of all the battery-related sensors only if it is present.
Update to font-util 1.3.1.
Extend autoinstall(8) to allow for hostname-mode.conf response files and to put response files in a subdir of the webserver's document root.
On armv7, rework the imxenet hardware address setup.
In smtpd(8), avoid multiple "From " and "Return-Path" headers.
Translate the fec parameters from the novena dtb to set a different clock skew to the same micrel phy used on sabre lite. This change resolves the stability problems with imxenet on novena.
In tmux(1), to replace c0-*, add a high watermark to the pty event, and also backoff when any of the ttys the pane is going to write to has buffered enough data.
Revert r1.3 of src/gnu/usr.bin/binutils-2.17/bfd/elflink.c. It introduces bogus failures when inter-library dependencies are present.
In em(4), make sure the rx ring lwm is set to at least 4. As far as we know, all hardware variants need at least 4 descriptors on the rx ring to be able to receive packets.
imxiic is known to be broken, so don't try attaching it on utilite.
On armv7, raise VM_PHYSSEG_MAX to two and load an additional physical memory segment if u-boot reports it. This is needed for the utilite where u-boot reports two 1GB segments of physical memory.
Adjust the physical memory limit on armv7 in order to prevent a panic on the Novena.
In col(1), recognize SUSv2-style escape-digit sequences in the input stream.
Various improvements to the GPT code.
In wsdisplay(4), when changing screen saver parameters, check the flags of the currently displayed screen in order to decide whether the screen saver needs to be retriggered, rather than the flags of the device we are issuing the ioctl on. Also, ensure the screen burner gets reenabled when switching from X11 to a virtual text console, and disabled when switching back to X.
In wsconsctl(8), add a flag for variables to prevent reading their value after modifying them and use this flag for display.focus. Also disallow -= and += syntax for display.focus.
In col(1), fix various integer overflows and underflows, and logic errors.
Switch i386 and sparc64 to binutils 2.17.
Avoid NULL function pointer dereference during boot on sabresd.
Add initial board-specific parts of Novena support to armv7.
In ssh:
Don't choke on new-format private keys encrypted with an AEAD cipher (bz#2366).
Fix a post-auth crash with permitopen=none (bz#2355).
In tmux(1), update the environment when switching sessions as well as attaching.
In man(1), let the -m option add to the default manpath rather than override it.
Include the timestamp TCP option in keep alive packets.
Fix a crash on HP bc2500 blades with MP kernels when writing to the DSDT.
Use ether_input() as default input packet handler and do the necessary m_adj(9) to keep bridge(4) working while other pseudo-drivers are converted to if_input().
Fix misformatting of man(7) manuals and potentially of mdoc(7) manuals.
Fix an assertion failure.
Reenable page zeroing thread on SMP mips kernels.
Do not grab the kernel lock for clock interrupts on mips64, octeon and sgi.
In ssh(1), improve error messages on TCP connection resets (bz#2257).
In sshd(8), prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods.
Pass fflag to VOP_POLL so vfs fifo functions can get at the file flags to check FREAD/FWRITE if needed.
Avoid a NULL dereference in fd_getfile_mode().
5.6 and 5.7 SECURITY FIX: a remote user can crash httpd(8). A source code patch exists for 5.6 and 5.7.
5.6 and 5.7 SECURITY FIX: malformed binaries could trigger kernel panics or view kernel memory A source code patch exists for 5.6 and 5.7.
5.6 and 5.7 SECURITY FIX: multiple issues in cpio(1)/pax(1)/tar(1). A source code patch exists for 5.6 and 5.7.
Don't add a separate .got.plt section as it would result in a partially writable GOT. ld.so(1) will properly write-protect the single .got.
Add the tmux and tmux-256color entries to termcap(5) and terminfo. This can be used inside tmux for correct italics support.
In tmux(1), if default-terminal is set to "screen" or "screen-*", follow historic screen(1) behaviour and send smso (standout) instead of sitm (italics) for SGR 3.
Fix a use after free and a NULL pointer access in mandoc(1).
Support passing a template file for the auto-allocation to disklabel(8).
In the installer, rework sshd enable root login questions in light of sshd PermitRootLogin default change. The new default is not to ask to enable root logins when a non-root user has been added.
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface. This fixes a use after free introduced in r1.98 of src/sys/netinet6/in6.c.
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for the file(1) child process.
In upd(4), parse the HID descriptor multiple times to find sensors. This avoid lookups in the hot path for sensors that depend on the value of others.
In tmux(1), if the requested pane is already active, do not unzoom the window (or do anything else). This prevents mouse clicking when zoomed causing unzoom.
Correctly write the 64bits of the HID 1, 4 and 5 registers on powerpc.
Allow "sshd -f none" to skip reading the config file, much like "ssh -F none" does.
Let bgpd(8) check the length of the control socket path to make sure it fits -- just like bgpctl(8) does.
Fix a typo in sndiod(8): the buffer size should be 7680 rather than 7860.
Get dwc2 working on octeon:
Transplant the clock setup code from octhci.
Add a bus space tag to deal with dwc2 using little endian addressing.
ump up the rx fifo size, necessary for umass/sd to work.
Support checksum offloading for IPv4 TX on vio(4).
In bgpctl(8), for every policy we write out, flush the output so we don't get a partially written line.
On i386, disable PAE when switching to the hibernate resume pagetables. This makes (un)hibernate work with the new PAE pmap.
On i386, enable NX support in the resume path. This makes suspend/resume work with the PAE pmap.
On i386, only enable PAE if the CPU we're running on has NX support.
Bump i386 MAXDSIZ to 3 GB.
Make the Belkin Components F5U109 Serial work at 115200 baud in umct(4).
Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.
In the IRR parser of bgpctl(8), ignore case when reading the tokens.
We are now following the ABI and always clear cld on function entry, so remove the extra CLD instructions from when that wasn't true.
In file(1), only print MIME warnings when warnings are enabled.
Repair boot device detection when booting off the second SCSI controller on AV530.
Update to perl 5.20.2.
In file(1), fail if a \ appears at EOL of a magic(5) file rather than continuing off the end of the buffer.
In LibreSSL, don't ignore the reference count in X509_STORE_free.
In tmux(1), explicitly cancel mouse "button" mode. This happens implicitly with some of the other things we send with xterm, but not with urxvt.
In m4(1) and make(1), add a check for overflow while doubling.
In LibreSSL, check for invalid leading zeros in CBS_get_asn1_uint64.
In bgpd(8), allow rules that match directly on the peer AS. Also adjust the IRR ruleset output to include the declared peer AS instead of hoping they listed their neighbor IP address.
In httpd(8), prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986.
In bgpctl(8), handle an IRR record of "export ... action X" the same way we handle "import ... action X".
Add a quirk to azalia(4) for the Cirrus Logic CS4208 which is needed for MacBookAir6,1.
Set up the signal handler earlier so that we don't get zombies.
Allow choice options (multiple states) to be toggled between states 0 and 1.
Set the working directory for run-shell and if-shell.
Enable PAE mode for those CPUs that support it. This allows us to use the NX bit for userland and kernel W^X. Unlike the previous c.2008 PAE experiment, this does not provide > 4GB phys ram on i386 -- PAE is solely being used for NX capability this time. If you need > 4GB phys, use amd64.
Make sure we keep the whole recursive mapping of the PDP instead of just the mapping for the first page when tearing things down.
If ~/.magic exists but can't be used, fail rather than silently falling back to /etc/magic.
Do not attempt to use ~/.magic if running as root (or issetugid()).
Add a new implementation of file(1). This is a simplified, modernised version with a nearly complete magic(5) parser but omits some of the complex builtin tests (notably ELF) and has a reduced set of options.
Revert r1.7 of src/sys/arch/powerpc/include/atomic.h (implement the MI atomic API for PowerPC). This code triggers an off by one in device_unref().
Enable the NX bit and use it in the PAE pmap code. PAE is still disabled while we're chasing at least one remaining bug.
In ssh-agent(1), add the -D option to leave ssh-agent in foreground without enabling debug mode (bz#2381).
Use "softintr_pic0" instead of "softintr_fakepic" when faking a struct device so there is enough space in the buffer for a NUL and the unit is included in the string.
Pass mouse events through to commands for if-shell.
Pass mouse events triggering a drag on to the application inside the pane.
Bind mouse dragging so that it is passed through to applications if they want it.
Revert r1.182 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators) again. Incoherent architectures aren't having much fun with it.
In ntpd(8), fix a memory leak if tls_read() fails.
Add a mac to the timestamp payload and calculate it with siphash.
By default fill the ping payload with a chacha stream instead of an unvarying payload. By aggressively varying the payload we hope to generate more opportunities for dodgy network equipment to show errors.
In xhci(4), do not truncate possible remaining transfer length.
Remove emulation of OSS audio ioctls from Linux emulation.
Implement binary code patching on i386.
Enable the REG_READ ioctl.
Don't lock the file for "vi -R" or "view".
Work around what appear to be CPUID lies about the monitor-line size. This makes the mwait-based idle loop actually work.
Convert many atoi() calls to strtonum() in userland, adding range checks and failure handling along the way.
In install(1), use futimens() to preserve timestamps with subsec precision.
In pf(4), do not include padding of Ethernet packets in reassembled fragmented packets.
In ssh, don't try to cleanup NULL KEX proposals in kex_prop_free().
Change alpha mutexes so they record which cpu owns the lock rather than just if the lock is held or not.
Remove the unsupported SADB_X_IDENTTYPE_CONNECTION, unused ipsp_parse_headers, and stubs and support code for NIC-enabled IPsec.
Fix a crash in the bgpctl(8) "network bulk" command.
In ualea(4), crank the timeout and decrease the buffer size to not end up dropping all the entropy provided by the device. Also make sure we match the right endpoint.
Tweaks in utimensat/futimens handling:
Always update ctime, even when both atime and mtime are UTIME_OMIT (at least for ufs, tmpfs, and ext2fs).
Correctly handle a timestamp of -1.
Don't call record_login() in monitor when UseLogin is enabled (bz#378).
Add some missing options to sshd -T and fix the output of VersionAddendum HostCertificate (bz#2346).
In mandoc(1), restore the page headers and page footers in the HTML output.
Remove unfinished and unused support for socket-attached ipsec-policies.
In pkg_add(1), expand the %a, %c, %m and %v sequences in PKG_PATH.
In tmux(1), fix setting old-style window -fg/-bg/-attr options that aren't global.
In tun(4), fix a typo introduced in the niq_enqueue() conversion. This should fix a panic reported by many.
Import libepoxy 1.2, a library for handling gl/glx/egl function pointer management. This is needed by glamor egl in the xserver which is in turn needed to get acceleration with some hardware on xf86-video-ati.
Update to xf86-video-ati 7.5.0.
Make ipsp_address thread safe.
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything.
In uchcom(4), make sure we close the interrupt pipe when the device is detached.
Initialize RX/TX on re(4) slightly later. It appears that newer chips don't set up DMA correctly until more configuration has been done -- enabling RX too soon causes DMA to bad places.
Perform IPsec bypass check on a socket before performing TDB lookups.
In sed(1), correct a multiplication idiom during xreallocarray() and avoid an integer overflow.
In ssh, deprecate the ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message.
Let nl_langinfo(CODESET) return "US-ASCII" as the name of the character codeset for the POSIX/C default locale. This is the preferred IANA name and also used by FreeBSD.
Update to xf86-video-intel 2.99.916. This fixes a display bug. Newer X.Org (2.99.917 or master) versions cause corruption on older machines (X40, i965), probably caused by a bug in our kernel. This is under investigation by kettenis@.
Bring PAE code back to life on i386. More specifically, bring the PAE pmap on i386 closer to the current non-PAE pmap. This allows us to take a big next step toward better i386 W^X in the kernel (similar to what we did a few months ago on amd64). Unlike the original PAE pmap, this diff will not be supporting more than 4 GB physical memory on i386 -- this effort is specifically geared toward providing W^X (via NX) only. There still seems to be a bug removing certain pmap entries when PAE is enabled, so PAE mode is left disabled for the moment.
Switch example NSD config to splitting master and slave zones into different subdirectories and create these in mtree.
Disable the pool garbage collector. There are reports of strange lockups on various multiprocessor architectures and this is the only interesting diff in the window.
In softraid(4), directly handle ioctls issued to a SCSI device associated with a softraid volume, ignoring any device name specified in the bio(4) ioctl struct. Amongst other things, this makes bioctl -d now work with DUIDs.
In softraid(4), re-enable the RAID 5 discipline and add support for restarting rebuilds on it.
Remove OPENSSL_issetugid() from LibreSSL. By default on systems lacking true issetugid(), OPENSSL_issetugid() returns 0, falsely indicating safety. This means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite.
Update to xf86-input-synaptics 1.8.2.
Remove all getenv() calls in LibreSSL, especially those wrapped by issetugid(). getenv()'s wrapped by issetugid() are safe, but issetugid() is difficult to implement on many operating systems.
In httpd(8), always check the return value of proc_composev_imsg() and handle failures appropriately. Otherwise imsg construction can silently fail, resulting in non-obvious problems.
Let vi(1) use resizeterm(3) instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
In tmux(1), add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
Replace the use of ifqueues for most input queues serviced by netisr with niqueues.
In ehci(4), implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this lets people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
Add support for CRC-enabled elantech v3 touchpads to pms(4).
In ssh(1), don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.
In vlan(4), don't inherit the parent interface's hardmtu as the vlan interface's mtu when it gets set up. Instead, allow the vlan interface's mtu to be raised to the parent's hardmtu in SIOCSIFMTU handling.
Make pthread_atfork(3) track the DSO that called it like atexit(3) does, unregistering callbacks if the DSO is unloaded. Move the callback handling from libpthread to libc, though libpthread still overrides the inner call to handle locking and thread-library reinitialization.
In mandoc(1), do not mistreat empty arguments to font alternating macros as vertical spacing requests.
Add support for an efi-app-x86_64 target to binutils. This is needed for UEFI bootloader work.
In mandoc(1), use the default width for .RS without arguments. This reduces groff-mandoc differences in base and Xenocara by about 4%.
Update to xcb-util 0.4.0, xcb-util-image 0.4.0, xcb-util-keysyms 0.4.0, libXxf86vm 1.1.4, libXvMC 1.0.9, libXdmcp 1.1.2 and libX11 1.6.3.
In pkg_info(1), check that the info of distant packages is signed.
In pkg_add(1),
mark installed locations as "trusted" so that pkg_info does not check sigs
on them.
In realloc(3), when expanding a region, actually use the free page cache instead of simply zapping it. This can save many syscalls in a program that repeatedly grows and shrinks a buffer.
Work-in-progress support for non-accelerated X11 on somesti(4) frame buffers; based upon the old HP ngle X11 driver. Currently limited to CRX (720/735/750), Timber (710, old 715), Artist (712, 715) and EG (B-series). However, the colormap isn't set up correctly on Timber and EG yet.
Do not permute command line arguments, but still support the obsolescent "-o outfile" after input files syntax.
The -b flag should only apply when key fields are specified. If -b follows -k it has no effect.
For the -g flag, treat non-floating point keys as 0, similar to -n. This makes "sort -gu" and "sort -nu" behave similarly and passes our sort regress tests.
Update to sqlite3 3.8.8.3.
Give man(7) section and subsection headers hanging indentation. This reduces groff-mandoc differences in base by about 2.5%.
Better implementation of rounding rules in mandoc(1).
Show the remote labels in the ldpctl(8) "show lib" command even if they are not installed in the FIB.
Remove lo protection in ldpd(8). There's no need to protect the 127/8 network since it is filtered before being sent to lde.
Show the full LIB in the ldpctl(8) "show lib" command.
Add support for commit ids to "opencvs status".
Fix the modified timestamp in the output of "opencvs status".
In mandoc(1), don't allow breaking the output line after hyphens following escape sequences. Improves tic(1), sxpm(1) and a few Perl manuals.
Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by kauaiata(4).
In mandoc(1), fix a quirk with respect to an empty .HP.
In sti(4), fix an unsigned vs signed comparison causing an infinite loop for the WSDISPLAYIO_PUTCMAP ioctl.
In sort(1), prevent an integer overflow when parsing the -S argument as percentage. Also make sure that the parsed memory amount won't be larger than SIZE_MAX to properly support 32-bit systems.
Change gcc and ld semantics to make static PIE the default when invoking "cc -static".
Prevent a tiny signal race by blocking signals when inserting into the tmp_files list.
Check for overflow when handling buffer size suffixes.
Run most of the vnet(4) interrupt handler without holding the kernel lock.
In httpd(8), zero the tls cert/key length variables when inheriting a server configuration for multiple listen statements in a server block. Otherwise httpd(8) will crash when a listen statement with tls is followed by a listen statement without tls.
Prevent ssh(1) from warning about SSH1 keys present when compiled without SSH1 support. Also identify SSH1 keys when scanning, even when compiled without SSH1 support.
Don't make the -m and -c options of sort(1) mutually exclusive.
Let the vlan(4) mtu be limited by the parent's hard mtu, not the current mtu. This makes it possible to have networks on the "native" (untagged) vlan on an interface at 1500, while setting a child vlan interface's mtu to jumbos.
Call atexit() to clean up temporary files on error.
Use mkstemp() to create the temporary file when the output file equals one of the input files.
Preserve the original file mode on the temporary file.
Check for write access on the original file before creating the temporary one.
In ssh-keygen(1), if a user tries to add a comment to a non-RSA1 key and has entered their passphrase, explicitly clear it before exit.
Tell the firmware to shut down the fan management thread on the last generation of G5s. Without this mpi@'s PowerMac11,2 hang when smu(4) attaches.
Move the default font path from /usr/local/lib/X11/fonts to /usr/local/share/fonts to match XDG_DATA_DIR (where Desktop tools will look for by default).
Fix the repeating keys/delay problem that occurs on newer ThinkPads when touching the trackpad/trackstick while typing during the installer in a less invasive way.
Update to xkeyboard-config 2.14.
Some work on macppc G5 interrupts.
Allow syslogd(8) to read configuration files with arbitrary line lengths. Also ensure the configuration file has been read in full in order to prevent syslogd(8) from running with incomplete configuration.
Update to xcb-util-cursor 0.1.2.
Fix an uninitialised memory read in ssh(1) when parsing a config file consisting of a single nul byte.
In mandoc(1), handle special punctuation modes for -Tpdf.
Restore user-loaded vga fonts upon switching from X11 to VT and upon resume.
Let esp(4) correctly match SUNW,fas in the boot path.
In tcpdump(8), remove an extra line when printing AH and RIP packets.
Revert r1.29 of src/usr.bin/telnet/sys_bsd.c (don't clear ICRNL when editing mode is off, so that character local echo mode don't echo ^M locally) as this causes problems sending CR to some Cisco equipment.
Let httpd(8) translate CGI environment variables in accordance with RFCs 7230 and 3875.
Ban all-zero curve25519 keys in ssh, as recommended by the latest CFRG curves draft.
Update to libdrm 2.4.60.
Determine if the trackstick buttons are wired to the trackpad and need to be re-routed to the trackstick. Without this change the buttons on 2015 Thinkpads get picked up as extended buttons that show up as scroll up/down. Remove the X1 Carbon 2015 (LEN0048) and X250 (LEN0046) from the top button area/soft buttons quirks list. Also avoid using the quirk list entirely if the capability bit is set.
Save/restore AVX registers and other XSAVE-managed state information when entering/leaving a signal handler like we already do the the FPU and SSE state. This should make it possible to use AVX instructions in signal handlers.
Ignore v1 errors on ssh-add -D; only try v2 keys on -l/-L (unless compiled with SSH1 support).
With a per interface IPv6 stateless adress auto configuration flag it is possible to allow IPv6 forwarding and SLAAC at the same time. This is needed for RFC 7084.
In ksh(1), bind the Delete key (ESC[3~) to delete-char-forward.
Don't let rcmdsh(3) fail if it is passed a non resolvable hostname. Instead, silently ignore the fact and instead let the underlying ssh (or $RSH) command handle it.
In ping6(8), bump the size of the time types on the wire to 64 bit (port of r1.116 of src/sbin/ping/ping.c).
In ping(8) and ping6(8), obfuscate the monotonic clock values put on the wire by offsetting them with a random value.
Don't let ssh-keygen -A try (and fail) to generate ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL (bz#2369).
Make setting 11a rates and scanning on iwm(4) conditional on the 5GHz support bit in the nvm.
Add sysconf() extensions PHYS_PAGES, AVPHYS_PAGES, NPROCESSORS_CONF
and NPROCESSORS_ONLN to getconf(1).
On amd64, add support for saving/restoring FPU state using the XSAVE/XRSTOR. Limit support to the X87, SSE and AVX state. This gives us (almost) full AVX support.
On sparc, abort attach of iommu requiring boards on non-iommu systems.
Don't let ldpd(8) try to send address withdraws to neighbors that are unreachable after an address removal in the system.
Let ldpd(8) remove attached adjacencies whenever an interface is disabled for whatever reason. This will speed up the convergence process.
Don't let ldpd(8) assign labels for BGP routes. This would be very resource consuming in some scenarios and unnecessary.
In vnet(4), considerably improve the reliability of re-establishing network connections between domains after some sort of hickup.
Let man(1) fall back to /usr/share/man:/usr/X11R6/man:/usr/local/man as default search path if no path is given via -m, -M, $MANPATH and /etc/man.conf.
Fix a memory leak in libtls with repeated use of tls_connect().
In sort(1), use the hw.usermem sysctl to determine the amount user (non-kernel) memory instead of sysconf(_SC_PHYS_PAGES) (which also counts pages wired by the kernel). Don't try to use a memory buffer larger than the datasize hard resource limit.
Work around buggy AML trying to access PCI config space using PCI function number FFFF.
In renice(8), when mixing historic BSD syntax (where the priority is absolute) with the -n flag (where the priority, according to POSIX, is an increment), the increment specified via -n will only affect the entries that follow it.
Rather than disabling checksum offload in re(4) for all packets, let it advertise checksum offload to the stack for small (normal-sized) packets and do the checksum itself in software for large packets.
Reintroduce r1.173 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators). This was backed out because of fallout on landisk which has since been fixed.
Unbreak WEP/WPA on AR5211 ath(4) devices by setting hardware WEP keytable entry types to NULL, as done for AR5212 devices. ath(4) uses software crypto.
Re-apply r1.115 of src/sys/dev/pci/if_ix.c (when setting up advanced TX descriptor, use m_getptr to locate the IP or IPv6 header instead of assuming contiguousness of the target buffer across Ethernet and IP/IPv6 headers) that got accidentally reverted.
Fix a memory leak in an error path in LibreSSL (from OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f).
5.6 and 5.7 SECURITY FIX: several crash causing defects in OpenSSL (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288 and CVE-2015-0289). A source code patch is available for 5.6 and 5.7.
5.5 SECURITY FIX: two possible crash causing defects in OpenSSL (CVE-2015-0286 and CVE-2015-0292). A source code patch is available for 5.5.
Fix CVE-2015-0209, CVE-2015-0286, CVE-2015-0287 and CVE-2015-0289 in LibreSSL.
Deal with half-configured control pipes in dwc2, using the same workaround as in ehci(4) and ohci(4).
Use struct timespec internally in pax(1). This gives nanosecond precision to the -rw option and a basis for support of mtime and atime values in pax-format extended header records.
In route(8), instead of embedding interface names in a sockaddr, use their indexes when adding route entries with the -link option. This prevent the ARP layer to take the name of your interface for an Ethernet address.
Rework the virtual memory layout on SRMMU systems (sun4d/sun4m) to use a much lower VM_MIN_KERNEL_ADDRESS, since these systems are not crippled by the Sun-4 MMU hole and have the real 4GB of address space. Kernels running on Sun-4 MMU are not affected and will still be restricted to the existing 128MB of kernel space, with 1GB - 128MB of user space.
Reenable the pa1.1 fallback code for sha256 on hppa.
"Handle" wccp2 packets if net.inet.gre.wccp is set to 2 by truncating skipping the wccp 2 header.
5.5, 5.6 and 5.7 SECURITY FIX: buffer overflows in libXfont (CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804). A source code patch is available for 5.5, 5.6 and 5.7.
Update to libXfont 1.5.1 which contains fixes for CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804.
Fix swap auto-allocation in disklabel(8) for machines with very little memory.
Replace sort(1) with the implementation from FreeBSD.
In the installer, don't ask about xdm if the answer to the X question was "no" (restores previous behaviour that got lost in r1.780 of src/distrib/miniroot/install.sub).
Prevent a race in ehci(4) resulting in an infinite loop printing "ehci_idone" messages.
Fix erratic behaviour of dig(1) and nslookup(1) when no (valid) nameserver is configured in resolv.conf.
Explicitly handle SIGPIPE in mandoc(1). This prevents a "Broken pipe" message from csh(1).
Try a third approach for handling pms and pckbd interrupt storms, when there is no pms driver in the kernel.
Update to sqlite3 3.8.7.4.
Avoid a NULL pointer dereference in LibreSSL. A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. According to OpenSSL, this is the fix for CVE-2015-0288.
Allow the xdm(1) greeter to set the background color of the input fields. The "inpColor" resource is used for that.
In mandoc(1), avoid off-by-one read access to the termacts array, which could
sometimes result in missing line breaks before subsection headers.
In the installer, eliminate the question "Which cd?" and just show the available cd's in the "Location of sets?" prompt.
Allow for multiple concurrent devopen() calls, and fill the .readdir member
of fs_ops. This makes the "ls" command finally work in the macppc bootloader.
In last(1), use ctime_r to avoid a re-entrancy signal race.
Check for the size of the supposed destination address when constructing the Ethernet frame. This prevents an overflow.
Rewrite the sh(1) manual page and confine it to document features supported by POSIX-compliant shells.
In ospfd(8), when removing interfaces in the RDE, also remove all the RDE neighbors that are part of that interface. This prevents use-after-free situations.
In makewhatis(8), fix hardlink detection on platforms having padding in struct inodev, typically 64-bit platforms.
Use the shorter ofwbootfd (without softraid support) on the miniroot. This fixes booting of cdNN.iso and installNN.iso on the Blade 150.
Make "boot -c" support work on a variety of newer machines. This is not expected to harm older machines.
Handle the way some BIOSes initialize newer-style nubbins/touchpads into strange (advanced) modes, which can muddle up the pckbc pipe. This is experienced as 10-second typing pauses and strange repeat behaviour on the RAMDISK (and is caused by "lightly brushing" the touchpad).
Automatic parent interface selection no longer works in ifconfig(8) (see r1.245 of src/sys/netinet/ip_carp.c); carpdev is a required argument now.
Escape ! characters for tab completion in ksh(1). This is necessary if using "set -o csh-history".
In pax(1)/tar(1), try to recognize a few well-known compression formats, and report them to the user.
Remove setgid kmem support from systat(1). As a result, the netstat view of systat is slightly different.
In ping(8), bump the size of the time types on the wire to 64 bit.
Add back r1.206 of src/usr.bin/ssh/packet.c that fixed some leaks in error paths and was reverted by mistake.
Set verbosity to 1 (the default is 0) in nsd.conf(5) so that incoming notifies and zone xfers are logged.
Improve locking in amd64 pmap using mutexes.
Disable the database file by default in nsd.conf(5). It is believed to be a saner default for the common use case and there is a problem with missing records on shutdown.
Fix a regression in man(1) where the first manual shown is not properly displayed in the pager if that manual is compressed.
In vi(1), display "Search wrapped" even when searching from the end of the file.
In wdc(4), do not attempt to read the status register unless WDCF_IRQ_WAIT is not set; this used to be the case but got broken in r1.113. This fixes the Acard ATP865-R.
In worm(6), make the worm grow faster on larger terminals. This is more fun than starting with an enormous pile of worm at the start.
Don't do IPv6 SLAAC for prefixes with a preferred lifetime of zero, per RFC 4941.
Prevent an archive from escaping the current directory by itself.
For tar without -P, if a path in the archive has any ".." components, then strip everything up to and including the last of them (if it ends in ".." then it becomes ".").
For directories whose times or mode will be fixed up in the clean-up pass, record their dev+ino and then use open(O_DIRECTORY)+fstat() to verify that we're updating the correct directory before using futimens() and fchmod().
Correct buffer overflow in handling of pax extension headers, caught by the memcpy() overlap check.