OpenBSD -current changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
Changes made between OpenBSD 5.5 and -current
- Added SNI support to ftp(1).
- Allow roff(7) to support relative arguments to .ll (increase or decrease line length).
- Repaired boot.net operation on (at least) sparc SS5 PROM v2.21
- Implement the roff(7) .ll (line length) request.
- 5.5 RELIABILITY FIX: Memory corruption occurring during icmp(4) reflection handling (ICMP reflection is disabled by default).
A source code patch is available for 5.5.
- Recognise so-called "EFI-like" interface provided by newer PMON firmware on Loongson 2Gq and Loongson 3A.
- Bugfix and security update to nginx(8) version 1.4.7 (note: CVE-2014-0133 does not affect OpenBSD).
- Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
- Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
- Allow leading and trailing vertical lines in mandoc(1), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
- Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
- Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
- Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
- On loongson, made sure the HIBERNATE pages get reserved regardless of the memory layout.
- Program the colormap correctly on grtwo(4/sgi); added a simple screen burner accessop.
- When enforcing TOS (Traffic Class), made pf(4) preserve the ECN bits (as with IPv4 packets).
- Adjusted (commented-out) nginx.conf(5) sample blocks for PHP and SSL configurations.
- Made mg(1) C-t (transpose two chars) behave like emacs.
- Ended experimental machine-independent login.conf(5) template support.
- Made cu(1) handle REMOTE in the environment as either a separate remote(5) file or a host.
- Added cu(1) support for retrieving the line and speed from the /etc/remote "dv" and "br" capabilities like tip(1).
- Fixed handling of the kill(1) "-1" option from a thread other than the original thread.
- Permit generating of NAMI and CSW records inside ktrace(2).
- Ignore the -b option if cksum(1) is called as-is (e.g. "cksum -b /bsd"), to match man page.
- Removed file2c(1). hexdump(1) works as well for most use cases.
- usb(4) root hubs can now happily be detached and reattached.
- When smtpd(8) is locally enqueuing messages without specifying a domain, update headers to show the local domain.
- Strengthened ssh(1): removed weaker pre-SHA2 hashes, broken cipher (arcfour), and the broken mode (CBC) from the default configuration.
- skey(1) bugfixes: default algorithm switched back to md5; do not let skey_set_algorithm() cause a segfault if an unsupported algorithm is specified.
- Added acpithinkpad(4) support for aux button strip on newer thinkpads missing regular F1-F12 keys.
- dd(1) now supports g for gigabytes.
- Reworked the way sysmerge(8) fetches and verifies sets, to simplify the process.
- Merged perl(1) version 5.18.2 (including local patches).
- Stopped calling smtpd(8) purge_task every 10 secs (only needed once at startup).
- Removed "-r" option from ping(8), traceroute6(8) and traceroute(8).
- Enabled SQLITE_ENABLE_FTS3_PARENTHESIS in sqlite3(1).
- Removed the MD4 functions (highly susceptible to collision attacks).
- Skip leading escape sequences in mandoc(1) man_deroff(), for better indexing.
- Gave powerpc PIE.
- Initialise additional BATs (IBAT4-IBAT7 and DBAT4-IBAT7) on socppc. Stops memory corruption on devices with rb600.
- Fix uhidev_detach() when detaching a device which did not claim all reported IDs.
- Reverted audio key handling.
- Make sure sysmerge(8) adds missing users/groups before running the target; otherwise mtree(8) can fail.
- Let mg(1) users input a tag to find, even if no default tag is defined.
- Disabled smtpd(8) imsg buffers profiling code, to stop processes waking up each second.
- npppd(8) tunnels can now have multiple listen addresses.
- Reimplemented control part of npppd(8) with imsg; added "monitor" command for npppctl(8) to monitor PPP session start/stop events.
- Fixed npppd(8) bug which caused segfaults when npppd.conf(5) had "username-suffix" and "strip-atmark-realm" as yes.
- Made npppd(8) keep listening on 1723/tcp when accept() is failed.
- Removed tape as a method for fetching install sets.
- Attempt to workaround the R4000 end-of-page errata on sgi and mips64, triggered by TLB misses when the code flow crosses a page boundary.
- Disabled MS-CHAPv1 (RFC 2433) support in pppd(8).
- Fixed sysmerge(8) regression when not using a full path to sets; make it use ftp(1) -D.
- Installed /var/unbound/db directory for DNSSEC root key; added (commented-out) options for DNSSEC to unbound.conf(5).
- Removed insecure MD4 checksum algorithm from cksum(1).
- Removed ftp method for obtaining installation sets when running the installer.
- Enabled upd(4) on amd64, sparc64 and macppc archs for testing.
- Sync timestamp changes for inodes of special files to disk as late as possible to avoid useless disk i/o.
- Include support in pstat(8) -v to display the IN_LAZYMOD flag.
- On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
- Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
- Retired the rarely used hp300, mvme68k and mvme88k ports.
- Allow checking mandoc(1) databases are up to date even when you don't have write permissions.
- Notify userland (via the routing socket) when ARP resolution completes.
- Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
- Made bgpctl(8) correctly parse attribute length form imsg.
- Exit from traceroute6(8) if there is at least one unreachable and sum of unreachables and timeouts are >= number of probes.
- Unbroke sndiod(1) monitoring mode, which was shifted in time by 1 block.
- Userland ppp(9) removed.
- In apropos(1) output, sort names and avoid multiple section numbers.
- In slowcgi(8), use SCRIPT_FILENAME (can be an absolute filesystem path). Fallback to SCRIPT_NAME if this is not present.
- Reimplemented htpasswd(1) from scratch.
- Don't use volume keys when in raw-mode. Stops simultaneous volume changes by X(7) and ukbd(4).
- Enable qlw(4) at sbus(4) on sparc64.
- Enabled unbound(8) in base.
- Updated to xcb-proto version 1.10.
- Updated to libdrm 2.4.52.
- Removed the unused userland agp(4) interface.
- Reverted to the freetype2.pc we had before to bring back local changes.
- More informative smtpd(8) log message on unknown SNI.
- Provide an MI api for byteswapping loads and stores, especially beneficial for sparc64 and powerpc.
- Updated to freetype-2.5.3. Fixes vulnerability in the CFF driver (CVE-2014-2240).
- Enabled qla(4) and qle(4) in ramdisks (except on sgi).
- smtpd(8) now prints the correct user name if SMTPD_QUEUE_USER is missing.
- Use ticket locks (not spinlocks) on i386/amd64/sparc64. Provides fairer access to the kernel lock.
- Added a few more instruction patterns to binutils that are needed by gcc(1) version 4.8.
- In mandoc(1) -Tutf8 mode, count hyphens against the output line length even when they are breakable.
- Stopped the smtpd(8) enqueue utility adding a User-Agent header to emails.
- Block userland from entering drm(4) code during suspend/resume. Fixes inteldrm(4) bugs.
- Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
- No more spray(8) in base.
- Fixed buffer overflows in icmp(4) redirect handling (introduced in rev 1.106).
- Switched over from sendmail(8) to smtpd(8) by default.
- Fixed iked(8) config-address w/o pool.
- Unbroke nc(1) "-6 -l" and apply correct fix for previous commit.
- Removed rmail(8).
- Made ssh(1) scan for ed25519 keys by default.
- For isakmpd(8) CA generation, set the correct certificate extensions so more SSL implementations will trust this as a CA cert. Matches ssl(8).
- Bugfix update to nginx(8) version 1.4.6.
- When pf(4) is translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet.
- When pf(4) is setting packet description, also retrieve the Traffic Class field of IPv6 packets.
- Fixed the cnmac(4/octeon) mediastatus when the interface is not configured.
- Optimisation of opendir(3), rewinddir(3) and related functions. 2000x speedup of seekdir(3) in some tests.
- Fixed acpi(4) on amd64, to avoid reboot and stack corruption problems when resuming.
- Reworked per-cpu cache information, to avoid using hardcoding data based on processor type on mips, octeon, and sgi.
- In re(4), fixed operation and made reception of packets work on the 8168G controllers.
- Made mandoc(1) user-defined macros wrapping ".TP" work correctly; preserve line breaks contained in user-defined macros called in ".nf" mode.
- Enable DMA bursting and tagged queueing in qlw(4); enable qlw(4) on alpha/amd64/i386/macppc/sgi/sparc64; only attempt to load firmware if we actually have some.
- Initial xhci(4) implementation: USB 3.0 umass(4) devices get reasonable read/write speed.
- Improved roff(7)'s .if/.ie condition handling.
- Fixed env(1) diagnostic messages to stderr, so failure of env(1) and failure of the specified utility can be distinguished.
- Allow signify(1) to read input messages on a pipe.
- Added usbd_get_hub_descriptor(), to clean up uhub(4) and deal with hub device descriptors in high speed devices.
- With md5(1) -C, exit with exit status of 1 if any of the files specified do not exist.
- mandoc(1) bugfixes related to the closing of conditional blocks: handle more than one `\}' on macro lines; do not treat `\}' as a macro invocation after a dot at the beginning of a line; do not complain about characters following `\}'.
- Makes the "cleartoggle" function in HC drivers optional (upcoming xhci(4) driver doesn't use it).
- Allow signify(1) to accept a password on stdin, as long as it is not a tty(4).
- On qlw(4), set the correct clock rate for ISP1020/1020A.
- When running sysmerge(8), always print the key signify(1) is using.
- Fix the return values of getpwnam_r(3), getpwuid_r(3), getgrnam_r(3), and getgrgid_r(3) to agree with POSIX.
- Altered qlw(4) so it can compile on sparc64 too.
- In -Tutf8 mode, make mandoc_char(7) named accent character escape sequences render as non-combining accents (lets mandoc behave like groff); made \' and \` equivalent to \(aa and \(ga, respectively.
- Introduced qlw(4), a new driver for QLogic ISP SCSI HBAs (currently only supports the pci(4) variants).
- Raised the delay before initialising sdmmc(4). Lets the reader on X220 work reliably.
- Fixed: sndiod(1) read/write position tracking; incorrect delta propagated after xruns in play-only and rec-only modes; crashes seen after a few days of continuous playback.
- Fixed incorrect position reporting with sndiod(1) when using tiny block sizes on busy machines.
- Made sndiod(1) check that the socket is writable before attempting to write data packets.
- On armv7, removed TIMEZONE and DST options from GENERIC-* kernels; added option USBVERBOSE to all kernels.