OpenBSD Changelog

What's new in OpenBSD 6.3

Apr 2, 2018

Improved hardware support, including:
SMP support on OpenBSD/arm64 platforms.
VFP and NEON support on OpenBSD/armv7 platforms.
New acrtc(4) driver for X-Powers AC100 audio codec and Real Time Clock.
New axppmic(4) driver for X-Powers AXP Power Management ICs.
New bcmrng(4) driver for Broadcom BCM2835/BCM2836/BCM2837 random number generator.
New bcmtemp(4) driver for Broadcom BCM2835/BCM2836/BCM2837 temperature monitor.
New bgw(4) driver for Bosch motion sensor.
New bwfm(4) driver for Broadcom and Cypress FullMAC 802.11 devices (still experimental and not compiled into the kernel by default)
New efi(4) driver for EFI runtime services.
New imxanatop(4) driver for i.MX6 integrated regulator.
New rkpcie(4) driver for Rockchip RK3399 Host/PCIe bridge.
New sxirsb(4) driver for Allwinner Reduced Serial Bus controller.
New sxitemp(4) driver for Allwinner temperature monitor.
New sxits(4) driver for temperature sensor on Allwinner A10/A20 touchpad controller.
New sxitwi(4) driver for two-wire bus found on several Allwinner SoCs.
New sypwr(4) driver for the Silergy SY8106A regulator.
Support for Rockchip RK3328 SoCs has been added to the dwge(4), rkgrf(4), rkclock(4) and rkpinctrl(4) drivers.
Support for Rockchip RK3288/RK3328 SoCs has been added to the rktemp(4) driver.
Support for Allwinner A10/A20, A23/A33, A80 and R40/V40 SoCs has been added to the sxiccmu(4) driver.
Support for Allwinner A33, GR8 and R40/V40 SoCs has been added to the sxipio(4) driver.
Support for SAS3.5 MegaRAIDs has been added to the mfii(4) driver.
Support for Intel Cannon Lake and Ice Lake integrated Ethernet has been added to the em(4) driver.
cnmac(4) ports are now assigned to different CPU cores for distributed interrupt processing.
The pms(4) driver now detects and handles reset announcements.
On amd64 Intel CPU microcode is loaded on boot and installed/updated by fw_update(1).
Support the sun4v hypervisor interrupt cookie API, adding support for SPARC T7-1/2/4 machines.
Hibernate support has been added for SD/MMC storage attached to sdhc(4) controllers.
clang(1) is now used as the system compiler on armv7, and it is also provided on sparc64.
vmm(4)/ vmd(8) improvements:
Add CD-ROM/DVD ISO support to vmd(8) via vioscsi(4).
vmd(8) no longer creates an underlying bridge interface for virtual switches defined in vm.conf(5).
vmd(8) receives switch information (rdomain, etc) from underlying switch interface in conjunction of settings in vm.conf(5).
Time Stamp Counter (TSC) support in guest VMs.
Support ukvm/Solo5 unikernels in vmm(4).
Handle valid (but uncommon) instruction encodings better.
Better PAE paging support for 32-bit Linux guest VMs.
vmd(8) now allows up to four network interfaces in each VM.
Add paused migration and snapshotting support to vmm(4) for AMD SVM/RVI hosts.
BREAK commands sent over a pty(4) are now understood by vmd(8).
Many fixes to vmctl(8) and vmd(8) error handling.
IEEE 802.11 wireless stack improvements:
The iwm(4) and iwn(4) drivers will automatically roam between access points which share an ESSID. Forcing a particular AP's MAC address with ifconfig's bssid command disables roaming.
Automatically clear configured WEP/WPA keys when a new network ESSID is configured.
Removed the ability for userland to read configured WEP/WPA keys back from the kernel.
The iwm(4) driver can now connect to networks with a hidden SSID.
USB devices supported by the athn(4) driver now use an open source firmware, and hostap mode now works with these devices.
Generic network stack improvements:
The network stack no longer runs with the KERNEL_LOCK() when IPsec is enabled.
Processing of incoming TCP/UDP packets is now done without KERNEL_LOCK().
The socket splicing task runs without KERNEL_LOCK().
Cleanup and removal of code in sys/netinet6 since autoconfiguration runs in userland now.
bridge(4) members can now be prevented to talk to each others with the new protected option.
The pf divert-packet feature has been simplified. The IP_DIVERTFL socket option has been removed from divert(4).
Various corner cases of pf divert-to and divert-reply are more consistent now.
Enforce in pf(4) that all neighbor discovery packets have 255 in their IPv6 header hop limit field.
New set syncookies option in pf.conf(5).
Support for GRE over IPv6.
New egre(4) driver for Ethernet over GRE tunnels.
Support for the optional GRE key header and GRE key entropy in gre(4) and egre(4).
New nvgre(4) driver for Network Virtualization using Generic Routing Encapsulation.
Support for configuring the Don't Fragment flag packets encapsulated by tunnel interfaces.
Installer improvements:
if install.site or upgrade.site fails, notify the user and error out after storing rand.seed.
allow CIDR notation when entering IPv4 and IPv6 addresses.
repair selection of a HTTP mirror from the list of mirrors.
allow '-' in usernames.
ask a question at the end of the install/upgrade process so carriage return causes the appropriate action, e.g. reboot.
display the mode (install or upgrade) shell prompts as long as no hostname is known.
correctly detect which interface has the default route and if it was configured via DHCP.
ensure sets can be read from the prefetch area.
ensure URL redirection is effective for entire install/upgrade.
add the HTTP proxy used when fetching sets to rc.firsttime, where fw_update and syspatch can find and use it.
add logic to support RFC 7217 with SLAAC.
ensure that IPv6 is configured for dynamically created network interfaces like vlan(4).
create correct hostname when both domain-name and domain-search options are provided in the DHCP lease.
Routing daemons and other userland network improvements:
bgpctl(8) has a new ssv option which outputs rib entries as a single semicolon-separated like for selection before output.
slaacd(8) generates random but stable IPv6 stateless autoconfiguration addresses according to RFC 7217. These are enabled per default in accordance with RFC 8064.
slaacd(8) follows RFC 4862 by removing an artificial limitation on /64 sized prefixes using RFC 7217 (random but stable) and RFC 4941 (privacy) style stateless autoconfiguration addresses.
ospfd(8) can now set the metric for a route depending on the status of an interface.
ifconfig(8) has a new staticarp option to make interfaces reply to ARP requests only.
ipsecctl(8) can now collapse flow outputs having the same source or destination.
The -n option in netstart(8) no longer messes with the default route. It is now documented as well.
Security improvements:
Use even more trap-sleds on various architectures.
More use of .rodata for constant variables in assembly source.
Stop using x86 "repz ret" in dusty corners of the tree.
Introduce "execpromises" in pledge(2).
The elfrdsetroot utility used to build ramdisks and the rebound(8) monitoring process now use pledge(2).
Prepare for the introduction of MAP_STACK to mmap(2) after 6.3.
Push a small piece of KARL-linked kernel text into the random number generator as entropy at startup.
Put a small random gap at the top of thread stacks, so that attackers have yet another calculation to perform for their ROP work.
Mitigation for Meltdown vulnerability for Intel brand amd64 CPUs.
OpenBSD/arm64 now uses kernel page table isolation to mitigate Spectre variant 3 (Meltdown) attacks.
OpenBSD/armv7 and OpenBSD/arm64 now flush the Branch Target Buffer (BTB) on processors that do speculative execution to mitigate Spectre variant 2 attacks.
pool_get(9) perturbs the order of items on newly allocated pages, making the kernel heap layout harder to predict.
The fktrace(2) system call was deleted.
dhclient(8) improvements:
Parsing dhclient.conf(5) no longer leaks SSID strings, strings that are too long for the parsing buffer or repeated string options and commands.
Storing leases in dhclient.conf(5) is no longer supported.
'DENY' is no longer valid in dhclient.conf(5).
dhclient.conf(5) and dhclient.leases(5) parsing error messages have been simplified and clarified, with improved behaviour in the presence of unexpected semicolons.
More care is taken to only use configuration information that was successfully parsed.
'-n' has been added, which causes dhclient(8) to exit after parsing dhclient.conf(5).
Default routes in options classless-static-routes (121) and classless-ms-static-routes (249) are now correctly represented in dhclient.leases(5) files.
Overwrite the file specified with '-L' rather than appending to it.
Leases in dhclient.leases(5) now contain an 'epoch' attribute recording the time the lease was accepted, which is used to calculate correct renewal, rebinding and expiry times.
No longer nag about underscores in names violating RFC 952.
Unconditionally send host-name information when requesting a lease, eliminating the need for dhclient.conf(5) in the default installation.
Be quiet by default. '-q' has been removed and '-v' added to enable verbose logging.
Decline duplicate offers for the requested address.
Unconditionally go into the background after link-timeout seconds.
Significantly reduce logging when being quiet, but make '-v' log all debug information without needing to compile a custom executable.
Ignore 'interface' statements in dhclient.leases(5) and assume all leases in the file are for the interface being configured.
Display the source of the lease bound to the interface.
'ignore', 'request' and 'require' declarations in dhclient.conf(5) now add the specified options to the relevant list rather than replacing the list.
Eliminate a startup race that could result in dhclient(8) exiting without configuring the interface.
Assorted improvements:
Code reorganization and other improvements to malloc(3) and friends to make them more efficient.
When performing suspend or hibernate operations, ensure all filesystems are properly synchronized and marked clean, or if they cannot be put into perfectly clean state on disk (due to open+unlinked files) then mark them dirty, so that a failed resume/unhibernate is guaranteed to perform fsck(8).
acme-client(1) autodetects the agreement URL and follows 30x HTTP redirects.
Added __cxa_thread_atexit() to support modern C++ tool chains.
Added EVFILT_DEVICE support to kqueue(2) for monitoring changes to drm(4) devices.
ldexp(3) now handles the sign of denormal numbers correctly on mips64.
New sincos(3) functions in libm.
fdisk(8) now ensures the validity of MBR partition offsets entered while editing.
fdisk(8) now ensures that default values lie within the valid range.
less(1) now splits only the environment variable LESS on '$'.
less(1) no longer creates a spurious file when encountering '$' in the initial command.
softraid(4) now validates the number of chunks when assembling a volume, ensuring the on-disk and in-memory metadata are in sync.
disklabel(8) now always offers to edit an FFS partition's fragment size before offering to edit the blocksize.
disklabel(8) now allows editing the cylinders/group (cpg) attribute whenever the partition blocksize can be edited.
disklabel(8) now detects ^D and invalid input during (R)esize commands.
disklabel(8) now detects underflows and overflows when -/+ operators are used.
disklabel(8) now avoids an off-by-one when calculating the number of cylinders in a free chunk.
disklabel(8) now validates the requested partition size against the size of the largest free chunk instead of the total free space.
Support for dumping USB transfers via bpf(4).
tcpdump(8) can now understand dumps of USB transfers in the USBPcap format.
The default prompts of csh(1), ksh(1) and sh(1) now include the hostname.
Memory allocation in ksh(1) was switched from calloc(3) back to malloc(3), making it easier to recognize uninitialized memory. As a result, a history-related bug in emacs editing mode was discovered and fixed.
New script(1) -c option to run a command instead of a shell.
New grep(1) -m option to limit the number of matches.
New uniq(1) -i option for case-insensitive comparison.
The printf(3) format string is no longer validated when looking for % formats. Based on a commit by android and following most other operating systems.
Improved error checking in vfwprintf(3).
Many base programs have been audited and fixed for stale file descriptors, including cron(8), ftp(1), mandoc(1), openssl(1), ssh(1) and sshd(8).
Various bug fixes and improvements in jot(1):
Arbitrary length limits for the arguments for the -b, -s, -w options were removed.
The %F format specifier is now supported and a bug in the %D format was fixed.
Better code coverage in regression tests.
Several buffer overruns were fixed.
The patch(1) utility now copes better with git diffs that create or delete files.
pkg_add(1) now has improved support for HTTP(S) redirectors such as cdn.openbsd.org.
ftp(1) and pkg_add(1) now support HTTPS session resumption for improved speed.
mandoc(1) -T ps output file size reduced by more than 50%.
syslogd(8) logs if there were warnings during startup.
syslogd(8) stopped logging to files in a full filesystem. Now it writes a warning and continues after space has been made available.
vmt(4) now allows cloning and taking disk-only snapshots of running guests.
OpenSMTPD 6.0.4
Add spf walk option to smtpctl(8).
Assorted cleanups and improvements.
Numerous manual page fixes and improvements.
OpenSSH 7.7
New/changed features:
All: Add experimental support for PQC XMSS keys (Extended Hash- Based Signatures) based on the algorithm described in https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 The XMSS signature code is experimental and not compiled in by default.
sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux).
sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow listening on different routing domains. This is supported only on OpenBSD and Linux at present.
sshd_config(5): Add RDomain directive to allow the authenticated session to be placed in an explicit routing domain. This is only supported on OpenBSD at present.
sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys.
ssh(1): Add a BindInterface option to allow binding the outgoing connection to an interface's address (basically a more usable BindAddress).
ssh(1): Expose device allocated for tun/tap forwarding via a new %T expansion for LocalCommand. This allows LocalCommand to be used to prepare the interface.
sshd(8): Expose the device allocated for tun/tap forwarding via a new SSH_TUNNEL environment variable. This allows automatic setup of the interface and surrounding network configuration automatically on the server.
ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g. ssh://user@host or sftp://user@host/path. Additional connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses the deprecated MD5 hash with no way to specify the any other algorithm.
ssh-keygen(1): Allow certificate validity intervals that specify only a start or stop time (instead of both or neither).
sftp(1): Allow "cd" and "lcd" commands with no explicit path argument. lcd will change to the local user's home directory as usual. cd will change to the starting directory for session (because the protocol offers no way to obtain the remote user's home directory). bz#2760
sshd(8): When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria.
The following significant bugs have been fixed in this release:
ssh(1)/sshd(8): More strictly check signature types during key exchange against what was negotiated. Prevents downgrade of RSA signatures made with SHA-256/512 to SHA-1.
sshd(8): Fix support for client that advertise a protocol version of "1.99" (indicating that they are prepared to accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1 support. bz#2810
ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when a rsa-sha2-256/512 signature was requested. This condition is possible when an old or non-OpenSSH agent is in use. bz#2799
ssh-agent(1): Fix regression introduce in 7.6 that caused ssh-agent to fatally exit if presented an invalid signature request message.
sshd_config(5): Accept yes/no flag options case-insensitively, as has been the case in ssh_config(5) for a long time. bz#2664
ssh(1): Improve error reporting for failures during connection. Under some circumstances misleading errors were being shows. bz#2814
ssh-keyscan(1): Add -D option to allow printing of results directly in SSHFP format. bz#2821
regress tests: fix PuTTY interop test broken in last release's SSHv1 removal. bz#2823
ssh(1): Compatibility fix for some servers that erroneously drop the connection when the IUTF8 (RFC8160) option is sent.
scp(1): Disable RemoteCommand and RequestTTY in the ssh session started by scp (sftp was already doing this.)
ssh-keygen(1): Refuse to create a certificate with an unusable number of principals.
ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the public key during key generation. Previously it would silently ignore errors writing the comment and terminating newline.
ssh(1): Do not modify hostname arguments that are addresses by automatically forcing them to lower-case. Instead canonicalise them to resolve ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts. bz#2763
ssh(1): Don't accept junk after "yes" or "no" responses to hostkey prompts. bz#2803
sftp(1): Have sftp print a warning about shell cleanliness when decoding the first packet fails, which is usually caused by shells polluting stdout of non-interactive startups. bz#2800
ssh(1)/sshd(8): Switch timers in packet code from using wall-clock time to monotonic time, allowing the packet layer to better function over a clock step and avoiding possible integer overflows during steps.
Numerous manual page fixes and improvements.
LibreSSL 2.7.2
Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on observations of real-world usage in applications. These are implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility changes have not been made to existing structs, allowing code written for older OpenSSL APIs to continue working.
Extensive corrections, improvements, and additions to the API documentation, including new public APIs from OpenSSL that had no pre-existing documentation.
Added support for automatic library initialization in libcrypto, libssl, and libtls. Support for pthread_once or a compatible equivalent is now required of the target operating system. As a side-effect, minimum Windows support is Vista or higher.
Converted more packet handling methods to CBB, which improves resiliency when generating TLS messages.
Completed TLS extension handling rewrite, improving consistency of checks for malformed and duplicate extensions.
Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1. This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist.
Added support for client-side session resumption in libtls. A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes.
Improved support for strict alignment on ARMv7 architectures, conditionally enabling assembly in those cases.
Fixed a memory leak in libtls when reusing a tls_config.
Merged more DTLS support into the regular TLS code path, removing duplicated code.
Ports and packages:
dpb(1) and normal ports(7) can now enjoy the same privilege separated model by setting PORTS_PRIVSEP=Yes
Many pre-built packages for each architecture:
aarch64: 7990
alpha: 1
amd64: 9912
arm: XXXX
hppa: XXXX
i386: 9861
mips64: 8149
mips64el: XXXX
powerpc: XXXX
sh: 1
sparc64: XXXX
Some highlights:
AFL 2.52b
CMake 3.10.2
Chromium 65.0.3325.181
Emacs 21.4 and 25.3
GCC 4.9.4
GHC 8.2.2
Gimp 2.8.22
GNOME 3.26.2
Go 1.10
Groff 1.22.3
JDK 8u144
KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
LLVM/Clang 5.0.1
LibreOffice 6.0.2.1
Lua 5.1.5, 5.2.4 and 5.3.4
MariaDB 10.0.34
Mozilla Firefox 52.7.3esr and 59.0.2
Mozilla Thunderbird 52.7.0
Mutt 1.9.4 and NeoMutt 20180223
Node.js 8.9.4
Ocaml 4.03.0
OpenLDAP 2.3.43 and 2.4.45
PHP 5.6.34 and 7.0.28
Postfix 3.3.0 and 3.4-20180203
PostgreSQL 10.3
Python 2.7.14 and 3.6.4
R 3.4.4
Ruby 2.3.6, 2.4.3 and 2.5.0
Rust 1.24.0
Sendmail 8.16.0.21
SQLite3 3.22.0
Sudo 1.8.22
Tcl/Tk 8.5.19 and 8.6.8
TeX Live 2017
Vim 8.0.1589
Xfce 4.12
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.19.6 + patches, freetype 2.8.1, fontconfig 2.12.4, Mesa 13.0.6, xterm 330, xkeyboard-config 2.20 and more)
LLVM/Clang 5.0.1 (+ patches)
GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.24.3 (+ patches)
NSD 4.1.20
Unbound 1.6.8
Ncurses 5.7
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
Expat 2.2.5

New in OpenBSD 6.0 (Sep 2, 2016)

New/extended platforms:
armv7:
EFI bootloader added, kernels are now loaded from FFS instead of FAT or EXT filesystems, without U-Boot headers.
A single kernel and ramdisk are now used for all SoCs.
Hardware is dynamically enumerated via Flattened Device Tree (FDT) instead of via static tables based on board id numbers.
Miniroot installer images include U-Boot 2016.07 with support for EFI payloads.
vax:
Removed.
Improved hardware support, including:
New bytgpio(4) driver for the Intel Bay Trail GPIO controller.
New chvgpio(4) driver for the Intel Cherry View GPIO controller.
New maxrtc(4) driver for the Maxim DS1307 real time clock.
New nvme(4) driver for the Non-Volatile Memory Express (NVMe) host controller interface.
New pcfrtc(4) driver for the NXP PCF8523 real time clock.
New umb(4) driver for the Mobile Broadband Interface Model (MBIM).
New ure(4) driver for RealTek RTL8152 based 10/100 USB Ethernet devices.
New utvfu(4) driver for audio/video capture devices based on the Fushicai USBTV007.
The iwm(4) driver now supports Intel Wireless 3165 and 8260 devices, and works more reliably in RAMDISK kernels.
Support for I2C HID devices with GPIO signalled interrupts has been added to dwiic(4).
Support for larger bus widths, high speed modes, and DMA transfers has been added to sdmmc(4), rtsx(4), sdhc(4), and imxesdhc(4).
Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs.
Many USB device drivers have been enabled on OpenBSD/octeon.
Improved support for hardware-reduced ACPI implementations.
Improved support for ACPI 5.0 implementations.
AES-NI crypto is now done without holding the kernel lock.
Improved AGP support on PowerPC G5 machines.
Added support for the SD card slot in Intel Bay Trail SoCs.
The ichiic(4) driver now ignores the SMBALERT# interrupt to prevent an interrupt storm with buggy BIOS implementations.
Device attachment problems with the axen(4) driver have been fixed.
The ral(4) driver is more stable under load with RT2860 devices.
Problems with dead keyboards after resume have been fixed in the pckbd(4) driver.
The rtsx(4) driver now supports RTS522A devices.
Initial support for MSI-X has been added.
Support MSI-X in the virtio(4) driver.
Added a workaround for hardware DMA overruns to the dc(4) driver.
The acpitz(4) driver now spins the fan down after cooling if ACPI uses hysteresis for active cooling.
The xhci(4) driver now performs handoff from an xHCI-capable BIOS correctly.
Support for multi-touch input has been added to the wsmouse(4) driver.
The uslcom(4) driver now supports the serial console of Aruba 7xxx wireless controllers.
The re(4) driver now works around broken LED configurations in APU1 EEPROMs.
The ehci(4) driver now works around problems with ATI USB controllers (e.g. SB700).
The xen(4) driver now supports domU configuration under Qubes OS.
IEEE 802.11 wireless stack improvements:
The HT block ack receive buffer logic follows the algorithm given in the 802.11-2012 spec more closely.
The iwn(4) driver now keeps track of HT protection changes while associated to an 11n AP.
The wireless stack and several drivers make more aggressive use of RTS/CTS to avoid interference from legacy devices and hidden nodes.
The netstat(1) -W command now shows information about 802.11n events.
In hostap mode, do not reuse association IDs of nodes which are still cached. Fixes a problem where an access point using the ral(4) driver would get stuck at 1 Mbps because Tx rate accounting happened on the wrong node object.
Generic network stack improvements:
The routing table is now based on ART offering a faster lookup.
The number of route lookup per packet has been reduced to 1 in the forwarding path.
The prio field on VLAN headers is now correctly set on each fragment of an IPv4 packet going out on a vlan(4) interface.
Enabled device cloning for bpf(4). This allows the system to have just one bpf device node in /dev that services all bpf consumers (up to 1024).
The Tx queue of the cnmac(4) driver can now be processed in parallel of the rest of the kernel.
Network input path is now run in thread context.
Installer improvements:
updated list of restricted usercodes
install.sh and upgrade.sh merged into install.sub
update automatically runs sysmerge(8) in batch mode before fw_update(1)
questions and answers are logged in a format that can be used as a response file for use by autoinstall(8)
/usr/local is set to wxallowed during install
Routing daemons and other userland network improvements:
Add routing table support to rc.d(8) and rcctl(8).
Let nc(1) support service names in addition to port numbers.
Add -M and -m TTL flags to nc(1).
Add AF_UNIX support to tcpbench(1).
Fixed a regression in rarpd(8). The daemon could hang if it was idle for a long time.
Added the llprio option in ifconfig(8).
Multiple programs that use bpf(4) have been modified to take advantage of bpf(4) device cloning by opening /dev/bpf0 instead of looping through /dev/bpf* devices. These programs include arp(8), dhclient(8), dhcpd(8), dhcrelay(8), hostapd(8), mopd(8), npppd(8), rarpd(8), rbootd(8), and tcpdump(8). The libpcap library has also been modified accordingly.
Security improvements:
W^X is now strictly enforced by default; a program can only violate it if the executable is marked with PT_OPENBSD_WXNEEDED and is located on a filesystem mounted with the wxallowed mount(8) option. Because there are still too many ports which violate W^X, the installer mounts the /usr/local filesystem with wxallowed. This allows the base system to be more secure as long as /usr/local is a separate filesystem. If you use no W^X violating programs, consider manually revoking that option.
The setjmp(3) family of functions now apply XOR cookies to stack and return-address values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
SROP mitigation: sigreturn(2) can now only be used by the kernel-provided signal trampoline, with a cookie to detect attempts to reuse it.
To deter code reuse exploits, rc(8) re-links libc.so on startup, placing the objects in a random order.
In the getpwnam(3) family of functions, stop opening the shadow database by default.
Allow tcpdump(8) -r to be started without root privileges.
Remove systrace.
Remove Linux emulation support.
Remove support for the usermount option.
The TCP SYN cache reseeds its random hash function from time to time. This prevents an attacker from calculating the distribution of the hash function with a timing attack.
To work against SYN flooding attacks the administrator can change the size of the hash array now. netstat(1) -s -p tcp shows the relevant information to tune the SYN cache with sysctl(8) net.inet.tcp.
The administrator can require root privileges for binding to some TCP and UDP ports with sysctl(8) net.inet.tcp.rootonly and sysctl(8) net.inet.udp.rootonly.
Remove a function pointer from the mbuf(9) data structure and use an index into an array of acceptable functions instead.
Assorted improvements:
The thread library can now be loaded into a single-threaded process.
Improved symbol handling and standards compliance in libc. For example, defining an open() function will no longer interfere with the operation of fopen(3).
PT_TLS sections are now supported in initially loaded object.
Improved handling of "no paths" and "empty path" in fts(3).
In pcap(3), provide the functions pcap_free_datalinks() and pcap_offline_filter().
Many bugfixes and structural cleanup in the editline(3) library.
Remove ancient dbm(3) functions; ndbm(3) remains.
Add setenv keyword for more powerful environment handling in doas.conf(5).
Add -g and -p options to aucat.1 for time positioning.
Rewrite audioctl(1) with a simpler user interface.
Add -F option to install(1) to fsync(2) the file before closing it.
kdump(1) now dumps pollfd structures.
Improve various details of ksh(1) POSIX compliance.
mknod(8) rewritten in a pledge(2)-friendly style and to support creating multiple devices at once.
Implement rcctl(8) get all and getdef all.
Implement the rcs(1) -I (interactive) flag.
In rcs(1), implement Mdocdate keyword substitution.
In top(1), allow to filter process arguments if they are being displayed.
Added UTF-8 support to fold(1) and rev(1).
Enable UTF-8 by default in xterm(1) and pod2man(1).
Filter out non-ASCII characters in wall(1).
Handle the COLUMNS environment variable consistently across many programs.
The options -c and -k allow to provide TLS client certificates for syslogd(8) on the sending side. With that the receiving side can verify log messages are authentic. Note that syslogd does not have this check feature yet.
When the klog buffer overflows, syslogd will write a log message to show that some entries is missing.
On OpenBSD/octeon, CPU cache write buffering is enabled to improve performance.
pkg_add(1) and pkg_info(1) now understand a notion of branch to ease selection of some popular packages such as python or php, e.g., say pkg_add python%3.4 to select the 3.4 branch, and use pkg_info -zm to get a fuzzy listing with branch selection suitable for pkg_add -l.
fdisk(8) and pdisk(8) immediately exit unless passed a character special device
st(4) correctly tracks the current block count for variable sized blocks
fsck_ext2fs(8) works again
softraid(4) volumes can be constructed with disks that have a sector size other than 512 bytes
dhclient(8) DECLINE's and discards unused OFFER's.
dhclient(8) immediately exits if its interface (e.g. a bridge(4)) returns EAFNOSUPPORT when a packet is sent.
httpd(8) returns 400 Bad Request for HTTP v0.9 requests.
ffs2's lazy node initialization avoids treating random disk data as an inode
fcntl(2) invocations in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0)
socket(2) and accept4(2) invocations in base programs use SOCK_NONBLOCK to eliminate the need for a separate fcntl(2).
tmpfs not enabled by default
the in-kernel semantics of pledge(2) were improved in numerous ways. Highlights include: a new chown promise that allows pledged programs to set setugid attributes, a stricter enforcement of the recvfd promise and chroot(2) is no longer allowed for pledged programs.
a number of pledge(2)-related bugs (missing promises, unintended changes of behavior, crashes) were fixed, notably in gzip(1), nc(1), sed(1), skeyinit(1), stty(1), and various disk-related utilities, such as disklabel(8) and fdisk(8).
Block size calculation errors in the audio(4) driver have been fixed.
The usb(4) driver now caches vendor and product IDs. Fixes an issue where usbdevs(8) called in a loop would cause a USB mass storage device to halt operation.
The rsu(4) and ural(4) drivers are now working again after they were accidentally broken in 5.9.
OpenSMTPD 6.0.0
Security:
Implement the fork+exec pattern in smtpd(8).
Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.
Plug a file-pointer leak that can lead to resource exhaustion and result in a crash.
Use automatic DH parameters instead of fixed ones.
Disable DHE by default since it is computationally expensive and a potential DoS vector.
The following improvements were brought in this release:
Add the -r option to the smtpd(8) enqueuer for compatibility with mailx.
Add missing date or message-id when listening on the submit port.
Fix "smtpctl show queue" reporting "invalid" envelope state.
Rework the format of the "Received" header so that the TLS part does not violate the RFC.
Increase the number of connections a local address is allowed to establish, and decrease the delay between transactions in the same session.
Fix LMTP delivery to servers returning continuation lines.
Further improve the still experimental filter API and fix various related issues.
Start improving and unifying the format of log messages.
Fix several documentation discrepancies and typos in the man pages.
OpenSSH 7.3
Security:
sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters.
sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210.
ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Note that CBC ciphers are disabled by default and only included for legacy compatibility.
ssh(1), sshd(8): Improve ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This removes the possibility of timing differences leaking facts about the plaintext, though no such leakage is known.
New/changed features:
ssh(1): Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts".
ssh(1): Add an IdentityAgent option to allow specifying specific agent sockets instead of accepting one from the environment.
ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be optionally overridden when using ssh -W. (bz#2577)
ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per draft-sgtatham-secsh-iutf8-00.
ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA signatures in certificates.
ssh(1): Add an Include directive for ssh_config(5) files.
ssh(1): Permit UTF-8 characters in pre-authentication banners sent from the server. (bz#2058)
The following significant bugs have been fixed in this release:
In scp(1) and sftp(1), prevent screwing up terminal settings by escaping bytes not forming ASCII or UTF-8 characters.
ssh(1), sshd(8): Reduce the syslog level of some relatively common protocol events from LOG_CRIT. (bz#2585)
sshd(8): Refuse AuthenticationMethods="" in configurations and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication. (bz#2398)
sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!" message when forward and reverse DNS don't match. (bz#2585)
ssh(1): Close ControlPersist background process stderr except in debug mode or when logging to syslog. (bz#1988)
misc: Make PROTOCOL description for [email protected] channel open messages match deployed code. (bz#2529)
ssh(1): Deduplicate LocalForward and RemoteForward entries to fix failures when both ExitOnForwardFailure and hostname canonicalisation are enabled. (bz#2562)
sshd(8): Remove fallback from moduli to obsolete "primes" file that was deprecated in 2001. (bz#2559)
sshd_config(5): Correct description of UseDNS: it affects ssh hostname processing for authorized_keys, not known_hosts. (bz#2554)
ssh(1): Fix authentication using lone certificate keys in an agent without corresponding private keys on the filesystem. (bz#2550)
sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit is set; previously keepalive packets were not being sent. (bz#2252)
OpenNTPD 6.0
When a single "constraint" is specified, try all returned addresses until one succeeds, rather than the first returned address.
Relaxed the constraint error margin to be proportional to the number of NTP peers, avoid constant reconnections when there is a bad NTP peer.
Removed disabled hotplug(4) sensor support.
Added support for detecting crashes in constraint subprocesses.
Moved the execution of constraints from the ntp process to the parent process, allowing for better privilege separation since the ntp process can be further restricted.
Fixed high CPU usage when the network is down.
Fixed various memory leaks.
Switched to RMS for jitter calculations.
Unified logging functions with other OpenBSD base programs.
Set MOD_MAXERROR to avoid unsynced time status when using ntp_adjtime.
Fixed HTTP Timestamp header parsing to use strptime(3) in a more portable fashion.
Hardened TLS for ntpd(8) constraints, enabling server name verification.
LibreSSL 2.4.2
User-visible features:
Fixed some broken manpage links in the install target.
cert.pem has been reorganized and synced with Mozilla's certificate store.
Reliability fix, correcting an error when parsing certain ASN.1 elements over 16k in size.
Implemented the IETF ChaCha20-Poly1305 cipher suites.
Fixed password prompts from openssl(1) to properly handle ^C.
Code improvements:
Fixed an nginx compatibility issue by adding an 'install_sw' build target.
Changed default EVP_aead_chacha20_poly1305(3) implementation to the IETF version, which is now the default.
Reworked error handling in libtls so that configuration errors are more visible.
Added missing error handling around bn_wexpand(3) calls.
Added explicit_bzero(3) calls for freed ASN.1 objects.
Fixed X509_*set_object functions to return 0 on allocation failure.
Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
Fixed a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
Fixed several issues in the OCSP code that could result in the incorrect generation and parsing of OCSP requests. This remediates a lack of error checking on time parsing in these functions, and ensures that only GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.
The following CVEs have been fixed:
CVE-2016-2105—EVP_EncodeUpdate overflow.
CVE-2016-2106—EVP_EncryptUpdate overflow.
CVE-2016-2107—padding oracle in AES-NI CBC MAC check.
CVE-2016-2108—memory corruption in the ASN.1 encoder.
CVE-2016-2109—ASN.1 BIO excessive memory allocation.
Ports and packages:
New proot(1) tool in the ports tree for building packages in a chroot.
Many pre-built packages for each architecture:
alpha: 7422
amd64: 9433
hppa: 6346
i386: 9394
mips64: 7921
mips64el: 7767
powerpc: 8318
sparc64: 8570
Some highlights:
Afl 2.19b
Chromium 51.0.2704.106
Emacs 21.4 and 24.5
GCC 4.9.3
GHC 7.10.3
Gimp 2.8.16
GNOME 3.20.2
Go 1.6.3
Groff 1.22.3
JDK 7u80 and 8u72
KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
LLVM/Clang 3.8.0
LibreOffice 5.1.4.2
Lua 5.1.5, 5.2.4, and 5.3.3
MariaDB 10.0.25
Mono 4.4.0.182
Mozilla Firefox 45.2.0esr and 47.0.1
Mozilla Thunderbird 45.2.0
Mutt 1.6.2
Node.js 4.4.5
Ocaml 4.3.0
OpenLDAP 2.3.43 and 2.4.44
PHP 5.5.37, 5.6.23, and 7.0.8
Postfix 3.1.1 and 3.2-20160515
PostgreSQL 9.5.3
Python 2.7.12, 3.4.5, and 3.5.2
R 3.3.1
Ruby 1.8.7.374, 2.0.0.648, 2.1.9, 2.2.5, and 2.3.1
Rust 1.9.0-20160608
Sendmail 8.15.2
Sudo 1.8.17.1
Tcl/Tk 8.5.18 and 8.6.4
TeX Live 2015
Vim 7.4.1467
Xfce 4.12
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches, freetype 2.6.3, fontconfig 2.11.1, Mesa 11.2.2, xterm 322, xkeyboard-config 2.18 and more)
GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.20.3 (+ patches)
SQLite 3.9.2 (+ patches)
NSD 4.1.10
Unbound 1.5.9
Ncurses 5.7
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
Expat 2.1.1

New in OpenBSD 5.9 (Mar 29, 2016)

When doing a lookup in the routing table, account for the fact that L2 entries are always in the first table of a routing domain. This fixes a regression introduced during 5.7 and 5.8.
Fix ECMP routing by passing the correct destination address to the hash routine.
On hppa, hppa64, macppc and sgi, restore validity checks for the disklabels read from disk. This fixes a problem when reading CDROM disklabels.
In pkg_add(1), sanitize the environment thru a whitelist. Only pass what is relevant for ftp(1) and similar programs.
In pdisk(8/macppc), fix display of pdisk partition sizes.
In the installer, fix macppc installs to HFS-partitioned disks.
Ensure the IP header is aligned correctly in the copies of multicast/broadcast packets received by a physical interface with carp(4) interfaces on it.
In ssh(1), fix a spurious error message when an incorrect passphrase is entered for keys.
In patch(1), properly handle ed-files which fully replace input file content.
In smtpd(8), avoid overriding the user-provided address family for a listener.
In eigrpd(8):
Filter RTM_GET messages which are not from us.
Make eigrpd(8) work against newer IOS routers.
Add scope id only for unicast IPv6 packets.
Skip redistributed routes when updating the FIB.
In tcpdump(8), show details of beacon country elements in verbose mode only.
On i386, fix a boot issue on non-ACPI i386 machines that need X permissions on the BIOS region in the ISA hole.
On alpha, re-enable OpenGL.
On alpha, avoid an ICE generated when building mesa with -O2.
In azalia(4), enable snooping on Intel C610.
In random subsystem, avoid a undefined behaviour when using right shift operation.
In em(4), add support for the Intel I219 network chip.
On arm, disable the stack protector when building libstdc++.
In ssh, unbreak SSHv1.
In syslogd(8), prevent an integer overflow in syslogd when parsing the priority.
In /etc/ssl/cert.pem, add a few root certificates from Mozilla's cert store.
In sshd(8), make sandboxed privilege separation the default.
In tar(1), ignore trailing slashes and skip over duplicate slashes in chk_path() to avoid infinite loop when creating intermediate directories.
In ssh(1), add a "Close session" log entry (at loglevel=verbose) to correspond to the existing "Starting session" one.
In tar(1), fix archiving a 101-character absolute path in ustar format.
In httpd(8), fix a double free in the patterns code.
In softraid(4), avoid using uninitialized variables in two corner cases.
In smtpd(8), add the "listen on socket" smtpd.conf(5) rule.
In iwm(4), initialize net80211 callback pointers at attach time. This fixes a crash.
In makemap(8), remove support for "dbm".
Remove the "GenuineIntel" check from x86 mdrandom(). This enables the use of RDRAND and TSC fallback on CPUs from other vendors, notably AMD.
In ssh(1), avoid fatal error for PKCS11 tokens that present empty key IDs (bz#1773).
In ieee80211(9), don't pass QoS "no data" frames to the A-MPDU reordering logic. This avoids major confusion.
In ipmi(4), check the sensor name length more carefully. This avoids a panic on the Dell R210 II.
In sftp(1), fix a regression where existing destination directories would incorrectly terminate recursive uploads (bz#2528).
In wsconsctl(8), hidms and uts(4), permit negative x and y coordinates in mouse.scale.
On hppa64, make __cpu_simple_lock provide serialisation of the critical section. This makes atomic sequences actually atomic.
In 5.8, fix a bug in vlan(4) and carp(4) refcounting. This will cause a panic when root does an "ifconfig destroy" of a the parent interface. (5.7 and -current are not affected.)
In ieee80211(9), log frames which fall outside the BlockAack window in dmesg(8) if the interface debug flag is set.
In pkg_add(1), drop privileges prior to running ftp(1).
On hppa, make __cpu_simple_lock provide serialisation of the critical section. This makes atomic sequences actually atomic.
In ssh(1), turn off more old crypto: hmac-md5, ripemd, truncated HMACs, RC4 and blowfish.
In ssh(1), do not attempt to percent-expand an already-canonicalised addresses. This avoids unnecessary failures when attempting to connect to scoped IPv6 addresses.
In hexdump(1), fix a bug that caused nothing to be skipped when skipping exactly the number of bytes present in a regular file was requested.
In 5.8, fix a kernel crash when root creates, changes or destroys carp(4) interfaces multiple times with ifconfig(8). (5.7 and -current are not affected.)
In ssh(1), make application of rekey limits more accurate (related to bz#2521).
In ieee80211(9):
Work around buggy APs which occasionally emit sequence numbers much higher than the current 11n BlockAck window.
Stop requiring a BlockAck session timeout. Just use it if the AP is asking for it.
In iwn(4), fix off-by-one in a loop termination condition.
In dhcpd(8), avoid a use-after-free when parsing address ranges from a config.
In vmd(8), avoid a double free in an error path.
Update to xkeyboard-config 2.17.
In pchtemp(4), add support for the Intel 9 Series.
In radeondrm(4), enable the code that reads the BIOS from the ACPI VFCT table on platforms with ACPI.
Fix iwn(4) CCMP replay detection so it does not drop out-of-order A-MPDU subframes. This helps 11n mode with WPA.
In the msdosfs code, guard against integer overflow when checking whether writing to a file stays within the maximum file size.
Make write(1) explicitly ASCII only. This prevents sending of potentially harmful bytes to terminals that do not support UTF-8.
In iwm(4) and iwn(4), set max A-MPDU length to 64k instead of 4k and tell the firmware about A-MPDU spacing.
In ieee80211(9), store ADDBA request and response parameters in the block ack record. Now it is possible keep track of the ACK policy and echo it back to the AP. This fixes Apple Airport APs.
On mips64, re-enable OpenGL.
In ssh(1), fix a problem where the mux master would sporadically fail to notice that the client had exited.
In tmux(1), do not wrap cursor at start or end of history.
Use pledge(2) in talk(1) and talkd(8).
On amd64 and i386, add /dev/ipmi0.
In ipmi(4), implement FreeBSD-compatible IOCTL to access BMC.
In iwn(4):
Restore the CCMP key to firmware after HT protection setting updates. This unbreaks WPA in 11n mode.
Pass 802.11 control frames in monitor mode.
In ieee80211(9), restore the BlockAck session timer.
In smtpd(8), when deleting a message, remove associated envelopes from the cache.
In the ext2fs and ufs code, prevent a signed overflow.
In tcpdump(8), fix an infinite loop when printing a country element in a management frame in case we hit channel Tx power limits that cannot be pretty-printed.
In efiboot, work around peculiarities of (buggy) UEFI implementations: always call SetMode(), but don't report an error if the current mode is the same as the desired mode.
In radeondrm(4), prevent a panic when the ROM size is 0.
In sd(4), avoid a possible use-after-free.
In pkg_add(1), update the font cache after removing packages with @fontdir markers.
In tcpdump(8), show 802.11 control frames.
In dhclient(8), dhcpd(8) and dhcrelay(8), be very careful accepting packets via bpf(4).
Enable hostctl(8) on amd64 and i386.
In tail(1), fix off-by-one in argument parsing.
Prevent efifb(4/amd64) from attaching if we are the console.
In smtpd(8), fixe a mismatch between DSN's subject line and its content.
On amd64 and i386, correct signal delivery on systems where the AVX leaf is disabled.
On amd64 RAMDISK_CD, enable pvbus(4), xen(4), xnf(4) and xspd(4).
In libxcb, make sure the socket send buffer is at least 64KB. This should speed up applications that send images to the X server, like Firefox.
In xen(4) and xenstore(4), make a few reliability improvements in the power management interface.
Stop setting the process title in bgpd(8), dvmrpd(8), eigrpd(8), hostapd(8), httpd(8), ldpd(8), npppd(8), ntpd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), snmpd(8), smtpd(8) and vmd(8). This makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name.
Use pledge(2) in pdisk(8/macppc).
Implement "ldapctl -r datadir".
On armv7, add A20 support to sxirtc.
In sxitimer(4/armv7), remove A20 support; agtimer is now used instead.
Move to -release mode.
In ldapd(8), add -r to specify an alternative directory to store/read the database.
In ieee80211(9), stop requiring a BlockAck session timeout, but still honour the timeout if the AP requests it.
In tcpdump(8), show 802.11 QoS frames properly.
On armv7, fix the encoding of AP bits for large page second-level short-descriptors.
Revamp /etc/ssl/cert.pem certificate information formatting and sort certificates in a more useful way.
In pdisk(8/macppc), set lblock_start and lblocks to 0 in free space entries like Apple does.
In tmux(1):
Fix new-session with -t after command flags changes.
Support negative trim values in formats to trim from the end.
Add RGB escape sequences for capture-pane -e.
On armv7:
Allow the kernel to boot from a u-boot without the OLD_SUNXI_KERNEL_COMPAT option.
Use ARM Generic Timer (agtimer) instead of sxitimer(4/armv7) on Allwinner sun7i/A20.
Hook OPENBSD-RELAYD-MIB into OPENBSD-SNMPD-CONF.
Sync libedit with NetBSD.
In pkg_add(1), extend URL abbreviation support from pkg.conf(5) so that every URL can be abbreviated.
In ping(8) and ping6(8), fix a regression in -E.
In xen(4), add support for the "control/shutdown" power management facility. At the moment only "poweroff" and "reboot" actions are supported.
In xenstore(4), add support for XS_WATCH, a XenStore notification facility.
In pdisk(8/macppc):
Tweak printing of partitions: always show the pblock and lblock info in the "p" and "P" commands, respectively.
Warn of partitions extending past the end of the media.
Support only base 10 for partition IDs.
In aucat(1), fix unsupported parameters not being detected if compiled in 24-bit mode and sndiod is not running.
In pdisk(8/macppc), improve conformance to OS X's behaviour.
In tmux(1), add support for RGB colour.
In audioctl(1), display play and record parameters that are not independent as a single variable.
Install the relayd(8) SNMP MIB.
In ssh, allow RekeyLimits in excess of 4G up to 2**63 bits (part of bz#2521).
In ftp(1), fix a crash when a server sends a non-standard newline.
In daily(8), run "rcctl ls faulty".
In pdisk(8/macppc), make "r" (reorder, a.k.a. swap) command work with any two existing partitions. Do not allow partition 1 to be moved.
In pkg.conf(5), allow installpath to be set to a bare hostname which implies "http://hostname/pub/OpenBSD/[snapshots-or-version]/packages/[arch]".
In pdisk(8/macppc):
Check block 0 signature, physical block size and physical block count when reading partition map.
Check for unmapped physical blocks and overlapping partitions when reading partition map.
Remove "v" command.
Add hostctl(8), a tool to access key-value stores on the host, currently for hypervisor information stores on pvbus(4). It is not enabled yet.
On amd64 and i386, add /dev/pvbus0.
In pvbus(4), add a key-value interface that allows to get or set values in the underlying information store of the host from the OpenBSD-VM's userspace.
In libpthread, replace the malloc spinlock with a mutex. This makes ports like Firefox significantly more usable.
In mg(1), ensure the backup file has the same mtime as the original file.
In xnf(4), rewrite tx path to use flat transmit ring without fragment chains. This gives a transmit performance improvement and taxes grant table references much less than before.
In xen(4), do not take a grant table entry mutex in xen_grant_table_{enter,remove} since it is unnecessary. This provides a performance improvement as well.
In malloc(3), fix a possible crash when dumping malloc stats.
In xen(4), ensure use of locked atomic operations even on the SP kernel.
In fputwc(3), when encoding fails set the error indicator as required by POSIX and as done by FreeBSD, SunOS 10/11 and glibc.
In vr(4), fix an mbuf leak on encapsulation failure.
In tail(1), fix a crash.
In pf(4), fix a pf_state_key leak.
In ieee80211(9), honour ERP protection on 2 GHz channels in 11n mode.
In vmm(4/amd64), zero the buffer to be copied out to userland to avoid information leak.
In 5.8, fix a kernel crash when root creates, changes or destroys vlan(4) interfaces multiple times with ifconfig(8). (5.7 and -current are not affected.)
In ieee80211(9), iwm(4) and iwn(4), keep track of HT protection settings in beacons and have 11n-capable drivers update hardware configuration accordingly.
In xnf(4), revert the minimum number of rx ring slots back to 32.
In vmx(4), do not send the mbuf to bpf(4) after passing it to the hardware. This could have resulted in a page fault.
In snmpd(8), avoid a potential double free.
In etherip(4), do not return an uninitialised value for the SIOCGLIFPHYRTABLE case.
In ypldap(8):
Implement the "master" request.
Set argument encode / result decode call backs for "maplist".
Set argument encode / result decode callbacks for "all".
In ld.so(1), make a nodelete object lock down the entire load group, not just the specific object.
Update to Mesa 11.0.9.
On arm and armv7, switch to SVC mode when machines with virtualisation extensions boot into a HYP processor mode that has different memory management and register behaviour among other things. This prevents an early crash.
In pdisk(8/macppc), avoid double prompt after creating default map on startup.
In dwiic(4), avoid reading uninitialised memory when expected value types are not present.
In xnf(4), set up interface features based on capabilities provided by the backend.
In xnf(4), set minimum number of slots on the receive ring to 18 as most versions of Xen require at least this number of slots.
Always check destination MAC address of received unicast packets, not only when in promiscuous mode. This is necessary for NICs like virtio(4).
In vxlan(4), drop packets whose VNI flag is not set and VNI is not zero.
In etherip(4), support tunnel VRF.
In pdisk(8/macppc):
Remove "expert" mode and the -d flag. Instead make all commands available all the time.
Change the "P" command: it now shows map data structures.
Stop accepting uppercase aliases for commands documented as lower case.
Eliminate the 'written' field and just use the 'changed' field to mediate when it is appropriate to ask whether changes should be discarded.
Repair creation of initial partition table on a blank disk.
In ieee80211 stack, fix the timeout value sent in ADDBA request and response frames.
In socpcic(4/socppc), avoid use of an uninitialised variable.
In ieee80211(9), fix the timeout value sent in ADDBA request and response frames.
In pdisk(8/macppc), do not silently open a disk read-only when read/write access was requested.
In calendar(1), add a calendar for New Zealand.
On sparc64, check for disks deeper than 4 levels down in the Open Firmware device tree. This makes softraid(4) boot possible on more sparc64 machines.
In xnf(4), do not bump output errors when when tx ring is full.
Add hidmt(4) (a HID-layer driver for multitouch touchpads that conform to the "Windows Precision Touchpad" standard) and imt(4) (an i2c-HID driver that sits between ihidev(4) and hidmt(4)).
In ihidev(4), add the ability to set and get reports and establish interrupt before probing for devices to handle each report ID.
In morse(6), use the prosign as "@". Support decoding only of other prosigns, including as we were previously using for "@".
In unbound(8), suppress "cannot assign requested address" log messages unless verbosity is high.
On sparc, fix a race causing hardclock(9) to be sometimes invoked between the end of cpu_configure() and initclocks().
In xnf(4):
Fix a few issues in the transmit path.
Mask interrupts on boot, masking/unmasking is handled by stop/init.
In pdisk(8/macppc), remove the "expert" mode "d"/"D" command.
In mg(1) cscope, skip empty entries in $PATH instead of erroneously interpreting them as ".".
In pdisk(8/macppc), remove the "debugging" mode command to examine the Apple_Patches partition contents.
Add UTF-8 support to colrm(1).
In xen(4), provide a Xen v3 API compatible fallback for event channel hypercalls.
In ls(1), fix a regression (and POSIX violation) introduced with UTF-8 support.
In xenstore(4), fixup a hang while performing a read operation on XenStore.
Add UTF-8 support to ul(1).
In sndiod(8):
Load pki keys before daemonising. Passphrase-protected keys require access to stdin.
Allow time differences between two clock_gettime() calls to be up to 60s without logging a warning.
In morse(6), use distinct codes for left and right parentheses.
In dwiic(4), fix an off-by-one that could result in read operations not reading the last byte.
On the amd64 RAMDISK_CD, enable ikbd(4).
In ldapd(8), properly remove unix sockets upon exit of the parent process.
In mandoc(1), unbreak reading from stdin.
In pdisk(8/macppc), remove support for 1024- and 2048-byte sector devices.
On octeon, attach secondary CPUs by coremask. This fixes a crash that happened if the MP kernel was booted with coremask=1.
On octeon, panic if booting the kernel without CPU 0.
Fix two issues in the systat(1) state view:
Fix peak and rate computations for states that transferred more than 4 GB.
Prevent a possible in the rate and peak when creating new cache entries for existing states.
In pflogd(8), remove broken interface status printing support.
In tmux(1), add hooks for alerts (bell, silence, activity).
On the amd64 RAMDISK_CD, enable sdhc(4) at acpi(4) so eMMC will be available at install time.
In dwiic(4), prevent attach the driver if the device is not present.
In puc(4), add Moxa CP-168U support.
Implement intr_barrier(9) for sh/landisk.
In xspd(4), if the xnf(4) driver is enabled, detach emulated network devices.
In eigrpctl(8), introduce the "eigrpctl clear neighbors" command.
In eigrpd(8):
Do not set the EoT flag in the last startup update.
Add support for manually clearing neighbors.
Fix bug that happened when a passive interface was shut down and then reactivated.
Several fixes in the Conditionally Received (CR) mode.
Fix detection of the Stuck-in-Active (SIA) state.
If an explicit nexthop was advertised for a route, show it in the "eigrpctl show topology".
For each prefix, order routes by their nexthop.
In eigrpctl(8), in the "show" commands, order the routing instances by AF and then by AS.
In ddb(4), add a "show socket" command.
In rpcgen(1), add support for parsing "hyper" and "quad" types, as per RFC 4506.
When enabling a non-volatile memory express controller, wait till CSTS.RDY lights up.
In ssh(1), fix some file descriptor leaks.
In which(1):
Use the default path if there is no PATH in the environment.
Avoid potential read of one byte before the start of a buffer.
Attach dwiic(4) on the Intel Bay Trail i2c controllers.
In dwiic(4), fix several issues:
Properly map bus space
Properly implement the iic(4) operations.
Keep timings set up by the firmware if the SSCN and FMCN methods aren't available.
Add ikbd(4), a driver for HID-over-i2c keyboards.
In calendar(1), add a calendar file for the United Kingdom.
Prevent a NULL dereference when detaching a USB device with ugen(4) disabled or if allocating memory during the attachment process failed.
On octeon, add support for a variety of USB devices.
In ssh, remove roaming support altogether.
5.7 and 5.8 SECURITY FIX: experimental roaming code in the ssh client could be tricked by a hostile sshd server, potentially leaking key material (CVE-2016-0777 and CVE-0216-0778).
A source code patch and workaround is available for 5.7 and 5.8.
In ssh(1), disable experimental client-side roaming support.
Grab the kernel lock before delivering a message to the routing socket when an ARP resolution has been done. This should fix the "receive 1" panic.
In pfctl(8), print an error message when detecting multiple root queues on a single interface.
In acpi(4), fix a bug in dwiic(4) where it would try to access i2c devices on busses they're not attached to.
In ssh(1), eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension.
In luit(1), properly disable LNEXT (^V) processing.
Update to xterm 322.
On amd64, enable xen(4), xnf(4) and xspd(4) in GENERIC kernels.
In ihidev(4), fix hid packet length calculation.
In dhcrelay(8), check UDP length for short as well as long values.
Implement VFS read clustering for MSDOSFS.
Make "ifconfig $if mode" a valid subcommand that works independently of the "media" subcommand.
In iwn(4), tell the firmware to retry failed Tx at 1Mbit/s instead of MCS 0. This seems to make tx rate scaling go up faster and helps rx performance.
In vlan(4), do not propagate any of the parent interfaces offload features on svlan(4).
On amd64 and i386, in the TSC fallback code, perturbance is biased towards the lower bytes of a word. Compensate for this with a bit-spreading operation which applies a result byte by byte.
Let smtpd(8) start on machines without a FQDN as hostname.
In pdisk(8/macppc), remove -i.
In ndp(8), do not print an error if the list of prefixes is empty.
Remove wireless turbo mode support. It is a non-standard extension supported only by obsolete devices.
In carp(4), prevent a NULL dereference if SIOCGVH is issued without carpdev argument.
In acpi(4), improve emulation of PM registers on Hardware-reduced ACPI. This makes the transition into S5 (powerdown) work on the ASUS X205TA.
In pdisk(8/macppc), remove -c and -d.
Add dwiic(4) (a driver for the Synopsys DesignWare i2c controller), ihidev(4) (a HID-over-i2c driver) and ims(4) (a HID-over-i2c mouse/trackpad driver).
In the installer validate the data for CGI_{METHOD,TIME,TZ} since it comes from an external source.
In em(4), avoid a use-after-free when posting the packet on 82547 chips after bpf(4).
Make sdhc(4) attach to hardware IDs 80860F14 and PNP0FFF.
Make sure the keyboard mux gets picked up by the primary (console) display and that USB keyboards get paired with the console even if they are not marked as the console keyboard.
In relayd(8), add the host_error output and the http code (when available) to the host-check log.
On amd64 and i386, ensure the keyboard mux gets picked up by the primary (console) display and that USB keyboards get paired with the console even if they are not marked as the console keyboard.
In pdisk(8/macppc), remove -v.
In perl(1), fix "XS File::Spec::canonpath loses taint" (CVE-2015-8607).
In xenstore(4):
Handle zero-length messages.
Prevent infinite loop when receiving and empty reply or directory node.
Fix a bug where cron(8) could skip re-reading the spool after two consecutive changes.
In ipmi(4), if possible, read values from disabled sensors.
Make sdhc(4) attach to acpi(4). This is neede to support the SD host controllers integrated on Intel's Bay Trail SoCs.
In sdmmc(4), add limited support for controllers that implement version 3.0 of the SD host controller standard.
In pdisk(8/macppc), use the device's default disklabel to determine a disk size.
In acpithinkpad(4), add ThinkPad tablet dock/undock ACPI events.
In ipmi(4):
When stopping the watchdog, clear DONTSTOP bits. Without this, BMC records a watchdog timer expiration event.
Print a message to console when the watchdog is enabled or disabled.
Make the eMMC on the ASUS X205TA work.
Add UTF-8 support to ps(1).
On mips64, revert the MP pmap diff. It does not work on non-PMAP_DIRECT systems due to lock recursion.
In jot(1), when generating random sequences, fix the bias at both ends of the specified interval.
In audio(4), fix a bug when closing /dev/audioctl and /dev/mixer they wrongly return ENXIO.
In acpi(4), initial support for Hardware-Reduced ACPI.
In fdisk(8), revamp the display of GPT information, hiding less important information under the -v flag.
In ipmi(4), correct sensor threshold handling by properly checking the response of the Get Sensor Reading Command.
In ftp(1), handle redirects to relative URIs containing "://".
Remove the arp and revarp input queues. Packets of these types are now processed in the softnet task without holding the kernel lock.
In sndiod(8), unbreak support for multiple -L options.
Improve UTF-8 support in ksh(1):
Allow non-ASCII characters to be part of words.
Allow insertion of non-ASCII characters without screwing up the display.
Fix forward movement.
In sis(4), work around buggy zero-length packets produced by the DP83816A.
Enable uonerng(4) in kernels where ualea(4) is already present.
Add uonerng(4), a driver for the Moonbase Otago OneRNG.
On octeon, avoid rendezvous from failing if buffering is enabled.
In Mesa, disable reading of drirc files by default. This allows for a stronger pledge(2) in chromium.
In ieee80211(9), make the A-MPDU reordering buffer more resilient against APs which drop some subframes or let the sequence number jump up by more than 1. This should fix network stalls seen in 11n mode.
In iwn(4) and iwm(4), fix A-MPDU parameters in link quality firmware commands.
In mandoc(1), detect recursive "define" in eqn(7) which avoids infinite loops.
In hack(6), read ^Z as a normal character. This fixes suspend/resume.
In fmt(1), add UTF-8 support for -c.
In ifconfig(8), sync displayed interface flags to reality.
In acpibtn(4), fix the lid sensor for machines that do not generate an event when the lid opens.
Add xnf(4), a Xen virtual networking interface (Netfront) driver.
In cpsw(4/armv7), properly handle the receive queue being full condition instead of hanging.
In em(4), mark the driver MP-safe.
In ipmi(4), fix a panic in odd situations.
On i386, when booting from softraid, get the first, not the last, OpenBSD partition in the MBR.
In vi(1), remove the message catalogs.
In iwm(4), initialize the A-MPDU parameters field in HT capability elements.
In malloc(3), remove the "a" option.
In expr(1), use 64-bit integers for arithmetic.
On amd64, when booting from softraid, get the first, not the last, OpenBSD partition in the MBR.
Prevent integer overflows in sosend(9) and soreceive(9).
In iwn(4), always use a CCK rate as last fallback in the firmware's tx rate retry table. This may make 11n mode work in very noisy environments.
In acpi(4), fix systems that don't implement legacy mode.
Revert sys/dev/pci/if_oce.c r1.87 (which unlocked the interrupt handler rx path).
On mips64, make POWER Indigo2 R8000 boot multiuser again.
In fgetws(3), fix a bug when errno is EILSEQ upon function entry or when the file ends without a terminating L'\n' character.
Fix lots of bugs in the fprintf(3) family of functions.
In mandoc(1), improve handling of .Va and .Vt macros.
In iwn(4), add initial support for 11n mode to the iwn(4) driver. Only MCS 0 to 7 are supported for now.
In ieee80211(9):
Skip over 11n mode during scanning to avoid scanning channels more than once.
Allow switching into 11a and 11b/g mode correctly when the driver supports 11n.
Fix manual scan while associated in 11a mode.
Fix negotiating A-MPDUs with some APs.
Use pledge(2) in spamd-setup(8).
In re(4), mark the driver MP-safe.
In nc(1), use the correct values for TLS certificate and private key flags.
On vmm(4/amd64), do proper termination of VMs by doing proper VCPU run state management. This should fix some of the odd termination errors.
In mg(1), allow macro execution to continue without delay in the event of a visible bell call.
Fix problems with EFI installs involving many disks.
Update to randrproto 1.5.0.
Update to x11proto 7.0.28.
In pchtemp(4):
Add support for Intel 100 Series.
Enable on i386.
Update to freetype-doc 2.6.2.
In mg(1), add dired-find-alternate-file.
In iec(4/sgi), take the PHY out of reset before attaching the interface. This allows for disabling some checks on reboot, making reboots faster especially on IP27.
In sendsyslog2(2), avoid a panic that could occur when writing to the console.
In ix(4), do not grab the kernel lock in the rx and tx paths.
In trunk(4), fix the "lacp_compose_key protection fault trap" when removing a port from a lacp trunk.
Add pchtemp(4), a driver for the thermal sensor on recent Intel PCHs.
In inteldrm(4), unconditionally set the "switchcookie". This fixes synchronous VT switching.
Use pledge(2) in tokenadm(8).
In malloc(3), fix a NULL dereference in case the abort option is disabled.
In nlist(3), avoid out-of-bounds access and excessive memory allocation on a malformed ELF header.
In mg(1), add transpose-words. It is limited to one iteration until "undo" is looked into.
In wscons(4), change keyboard configuration detection to work even when a kbd(8) setting has multiple bits set (e.g. us.dvorak.swapctrlcaps).
In bge(4), mark the start routine as MP-safe.
Set the UltraDMA transfer mode for SATA drives. Some of these drives, such as the Maxtor 7Y250M0, refuse to do DMA unless the transfer mode has been set. This causes reads (and presumably writes) to time out.
In the installer, do not insist on EFISYS partitions on non-root disks and prevent an autoinstall loop.
In re(4), mark the interrupt handler as MP-safe.
Add GENERIC-IP27.MP for MP support on the SGI Octane 350.
Import libdrm 2.4.65.
On amd64 and i386, if available, prefer the rdseed instruction over rdrand when adding entropy to the kernel random number generator.
In puc(4), add the Perle Speed8 LE.
In cp(1), set the times, mode and flags on symlinks when doing cp -p (or mv across filesystems).
In ukbd(4), enable the iso keyboard munge fix for MacBookAir6,2.
In libevent, revert the change to call kevent(2) immediately (which was done to prevent the dispatch loop from bringing down the entire process). tcpbench(1) relies on the old behaviour.
On sgi, add a timecounter for MP, make interrupt masking MP-aware, add launch logic for secondary CPUs and add IPI logic.
In kdump(1), implement basic kevent(2) printing.
In fgetwc(3), set the error indicator when an encoding error occurs, as specified by both the manual page and POSIX.
In file(1), add --brief and --dereference. These are used by xdg-open and xdg-mime.
In mg(1), add -R to open the specified files read-only.
Implement privsep and use pledge(2) in mountd(8).
Use pledge(2) in sndiod(8).
Update to sqlite3 3.9.2.
In rdate(8), expand the size of messages between processes to accommodate larger messages.
Import Mesa 11.0.8. This seems to fix some of the problems with clutter/gnome reported to occur on r600 with Mesa 11.0.6.
Ensure the installer asks for the IPv4 default route in case an interface has been configured via dhcp and then again manually.
Find the OpenBSD disklabel on GPT partitioned softraid volumes in order to allow booting from such volumes.
In asmc(4), make communication with the Apple SMC chip more reliable.
Add viocon(4), the VirtIO console device.
In smtpd.conf(5), switch to "file" backend for the aliases table by default.
In smtpctl(8), support some sendmail-compatible command-line arguments.
In tmux(1), fix a bug where the "attach-session -d" detached the wrong session.
In Xserver(1), default to using the modesetting(4) driver on Broadwell. It works better than the intel(4) driver.
In drm(4), advertise support for DRM version 1.4. This makes the PCI-based probe method in the modesetting(4) driver work.
In Mesa:
Set the configure option to enable floating point textures. This is required by drivers such as r600 to support OpenGL 3.x.
Build the gallium software rasteriser (softpipe). This fixes loading the r300 driver on macppc.
In sndiod(8), implement initial privilege separation and reenable networking.
In uvideo(4), do not delay video(4) attachment if the device does not need to load firmware.
Use pledge(2) in mtree(8).
On alpha, disable pcn(4) on ramdisk kernels.
Move to 5.9-beta.
In dhclient(8), do not exit if a route can not be added.
In rc.d(8), don't report that the daemon has succesfully started if it actually failed because of a config error.
Prevent GPU lockups with KMS and AGP-enable on Uninorth (G4) machines. KMS is now usable on Uninorth machines but X11 output is still corrupted.
Do not match Uninorth bridges until we have a working KMS with AGP support for G4 machines. This allows us to enable agp(4) again for G5 machines which makes X11 usable on the Dual G5 with radeondrm(4).
Make carp_output() MP-safe.
Add UTF-8 support to uniq(1). Let -f recognize non-ASCII blank characters and let -s count characters rather than bytes.
In tmux(1), make input off flag (selectp -d) apply to synchronize-panes too.
Fix urtwn(4) on big-endian architectures.
Make ix(4) MP-safer.
Use pledge(2) in mknod(8).
In casin(3), casinf(3), and casinl(3), give correct results if the imaginary part is zero.
Fix the behaviour of csqrt(3): we should have csqrt(conj(z)) == conj(csqrt(z)).
Avoid modulo bias in the IPv6 stack.
In the scheduler, make the cost of moving a process to the primary CPU a bit higher. This is the CPU that handles most hardware interrupts, so by making it less likely that the softnet taskq runs on that CPU, most of the performance lost by "unlocking" network drivers is restored.
In acpithinkpad(4), add display brightness support, available on the last few ThinkPad generations. This fixes surprising brightness changes that would sometimes happen if you used the brightness keys or if the firmware decided to reset the brightness level for some other reason.
Update to xf86-input-synaptics 1.8.3.
Update to xf86-input-keyboard 1.8.1.
In libevent, prevent the dispatch loop from bringing down the entire process because of incomplete kqueue(2) support for various types of files and filesystems.
In awk(1) and npppd(8), remove modulo bias in the random number generator.
Add the _sndiop user and group in preparation of the sndiod(8) privsep.
In resolver(3), remove support for HOSTALIASES. It is incompatible with pledge(2).
In acpithinkpad(4), avoid panics on older ThinkPads when pressing the ThinkLight key.
In nc(1), print the certificate validity to the verbose output when using TLS.
Avoid grabbing the kernel lock in uvm_unmap() if we have an interrupt-safe map.
In syslogd(8), unbreak adding mark messages to log files.
Remove the Class 3 Public Primary Certification Authority root certificate from /etc/ssl/cert.pem, per recommendation of Symantec/VeriSign.
In asmc(4), add more temperature keys found in MacBook Airs (6,1 and 7,2) and MacBook Pro (10,2).
Update to unbound 1.5.7.
In mountd(8), fix issues with adding and deleting exports when (re)reading the exports(5) file.
Add UTF-8 support to fmt(1). The -c option is not yet handled.
Do not panic when trying to delete an non-existing route with ART.
In relayd(8), handle the HTTP PATCH request correctly.
In tmux(1), allow list-keys and list-commands to be run without a running server.
In acpithinkpad(4), handle the keyboard backlight found on newer Thinkpads.
Add initial 802.11n support to iwm(4).
In mailwrapper(8), update the default MTA reference to smtpd(8).
Use pledge(2) in dhcpd(8).
In acpithinkpad(4), support ThinkLight.
In eigrpd(8), introduce a new command to show traffic statistics.
In tmux(1):
Allow prefix and prefix2 to be set to None to disable.
Add the key-table option to set the default key table for a session.
In smtpd(8):
Bump Diffie-Hellman parameterss to 2048.
Allow overriding the default cipher-suite in smtpd.conf(5).
Remove CA from pki and no longer allow specifying a CA with "pki" keyword. Introduce "ca" keyword to smtpd.conf(5) allow specifying a custom CA.
On sgi, adjust IPI numbers to get the interrupts working.
Avoid dhclient(8) from hanging during boot when the attempt to configure the address fails without dhclient(8) realizing it.
In asmc(4), enable keyboard backlight support.
In wsconsctl(8), add the keyboard backlight variable.
In wscons(4), add new ioctls to control keyboard backlights.
In smtpd(8), implement senders map.
In ieee80211(9):
Finish support for receiving 11n A-MPDUs.
Add 11n/HT negotiation fixes.
Makes 11n negotiation with Linux iwlwifi AP succeed.
In smtpd(8), prepare for support of wildcard CA and DANE.
In fdisk(8), open the disk read-only if none of -i, -e or -u are specified.
Fix a bug where exhausting a tmpfs filesystem leads to kernel panic.
In fdisk(8), add -v to force the display of both GPTs and the MBR.
In libevent, do not print to stderr.
Use pledge(2) in spamlogd(8).
In dhcpd(8), fix a bug where the default-lease-time, max-lease-time, bootp-lease-length statements specified in dhcpd.conf(5) were being ignored.
In nsd(8), disable the database file by default.
Update to nsd 4.1.7.
In ehci(4), work around Nvidia EHCI controllers bugs.
In vmctl(8), allow the "id" argument to be a number or a VM name.
In smtpd(8), add -F to run in foreground while logging to syslog.
In makemap(8), add -U, like the sendmail makemap.
In ssh(1), do not try to load an SSHv1 private key when compiled without SSHv1 support (bz#2505).
Remove now unused plain DES from the kernel crypto framework, including the crypto accelerator drivers.
Use pledge(2) in dhclient(8).
In bnx(4), mark the start routine as MP-safe.
In ksh(1), fix moving trough and deleting multibyte characters in emacs command-line editing mode.
Install the OpenBSD::Pledge Perl module.
Remove plain DES encryption: remove support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakpmd(8), ipsecctl(8) and iked(8).
In libcrypto, change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms. This avoids truncation of the counter on 32-bit platforms.
Do not trigger a KASSERT() if the route we're trying to remove does not exist and we get another matching one instead.
Do not trigger a KASSERT() when destroying/detaching an interface with RTF_CLONED routes attached.
In inteldrm(4), enable support for 3840x2160 60Hz SST.
Rework the if_start MP-safe serialisation so it can serialise arbitrary work.
In malloc(3):
Add random "canaries" to the end of an allocation. This option is enabled with the malloc.conf(5) "C" flag.
When writing junk to freed chunks (current default behavior), check that the junk is still intact when freeing the delayed chunk in order to catch a potential use-after-free.
Add xenstore(4), a driver for XenStore, the configuration storage.
Add xspd(4), a driver for the XenSource Platform Device.
Add xen(4).
In iwm(4), avoid synchronization issues with the firmware that might cause association to be aborted or stop the interface from working until reboot.
Rewrite getusershell(3) to avoid the possibility of overflow.
In doas(1), add -a to specify a non-default authentication style.
In vmctl(8), add the "console" subcommand to connect to a specified VM console by id.
Use pledge(2) in spamd(8).
In tmux(1), add a hooks infrastructure, basic commands, and a couple of client hooks.
Add UTF-8 support to wc(1): amongst other things, add -m for character counting.
Add the root certificate for COMODO RSA Certification Authority to /etc/ssl/cert.pem.
In calendar(1), add -w to display the day of week.
In vmd(8), fix reloading after a previous load error.
In vm.conf(5), allow unquoted slashes in strings. This also allows pathnames to be concatenated with macros.
Merge makemap(8) into smtpctl(8).
In tmux(1), fix bell indicators across detach.
Update to freetype 2.6.2.
In azalia(4), enable snooping on Intel 100 Series HDA.
In ichiic(4), attach on Intel 100 series.
In nc(1), make the random sequence of ports less biased.
In vmm(4), prevent panics caused by opening /dev/vmm in the case of an unsupported configuration or in case vmm0 did not attach.
In ifconfig(8), remove the "txpower" option. It is not relevant anymore.
In newfs(8) and newfs_ext2fs(8), avoid out-of-boundary access on illegal command line arguments.
In the libc locale code, validate input files to prevent out of boundary accesses.
In vmctl(8), print the TTY in the status output.
In vmm(4), restore VMM mode after resume from suspend/hibernate.
In vmd(8), terminate all running VMs on startup: it is not possible to pick up state of "zombie" VMs yet.
In as(1), implement the .inst assembler directive for arm. Ensure the same CPU numbering is used for the kern.cptime2 sysctl as for kern.proc. This fixes an issue in top(1) where a CPU would seem to be idle even though a thread was reported to be running on it.
In ssh(1), prefer rsa-sha2-512 over -256 for hostkeys.
Update termtypes.master to upstream terminfo-20151128.
In rc.conf(8), merge "multicast_router" and "multicast_host" into a single "multicast" configuration variable.
In bnx(4), make the interrupt handler MP-safe, and perform RX and TX completion outside the kernel lock.
Make pppx(4) packets with npppd(8) through the device. This makes pppx(4) work with pipex.enable=0. Also fix tun(4) not to pass the packets to pipex(4) when pipex.enable=0.
Do not loop on EAGAIN in imsg_read(3); return the error instead. This fixes spinning relayd(8) processes seen on busy TLS relays. Adjust all imsg_read(3) consumers accordingly.
Use pledge(2) in ospfd(8).
Let acpicpu(4) enable the deeper C-states for AMD Family 12h and later processors.
Add an rc(8) script for vmd(8).
In cap_mkdb(1), remove -i.
In ssh, implement SHA2-256 and SHA2-512 for RSASSA-PKCS1-v1_5 signatures for user and host auth.
In vmctl(8), add -c to the "start" subcommand to automatically connect to the VM console after startup.
Add a few kernel lock improvements in the network stack.
5.7 and 5.8 RELIABILITY FIX: a NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections.
A source code patch is available for 5.7 and 5.8.
Add a fix for OpenSSL CVE-2015-3195 and one for OpenSSL CVE-2015-3195.
In vmctl(8), re-add the "load" and "reload" commands.
Re-enable acceleration on Broadwell.
Revert xenocara/driver/xf86-video-intel/src/sna/sna_accel.c r1.6 that partly disabled acceleration on Broadwell. The "blt" codepath is not tested well and makes X crash.
Replace vmmctl(8) with vmctl(8).
In smtpd.conf(5), introduce the "limit session" keyword instead of using fixed values in smtpd(8).
In pppx(4), avoid a kernel panic when enqueueing an mbuf chain.
Use pledge(2) in ssh(1).
In vmd(8), add -D and -f.
Add support for an optional vm.conf(5) file in vmd(8). This file will replace vmm.conf(5) in vmmctl(8).
In netstat(1), print the interface index; its name is no longer available.
In myx(4), use an MP-safe start routine.
Add etherip(4).
Add UTF-8 support to rs(1).
Allow network interfaces to provide an MP-safe start routine.
Use the ncurses files in /usr/share/terminfo/* instead of using the custom BDB terminfo(5) databases.
In rebound(8), when running without net, prevent the resolver from having to wait for timeout when queries cannot be forwarded.
In vi(1), after inserting a backslash, don't treat ^H ^? or ^U as special cases.
In doas(1), provide a custom password prompt that includes username and host.
In route(8), print the interface index which is part of the route msg header.
Add privsep and pledge(2) to vmd(8).
In relayd(8), improve the algorithm distributing client sessions over hosts.
In spamd(8), fix STARTTLS support.
In rc(8), fix a bug where it was no longer possible to add shlib_dirs using rc.conf.local(8).
In the installer, improve GPT handling.
On octeon, enable the DR1 region even with 32-bit page table entries.
In azalia(4), fix the speaker audio on IDT 92HD75B3/4 codecs with HP subids.
In cut(1), add UTF-8 support. Implement -c and -n options, and let -d option accept a multibyte delimiter character.
In unbound(8), fix a file descriptor leak in the parent process.
In azalia(4), add an unmute quirk for IDT 92HD75B3/4 codecs with HP subids. This is required to get speaker audio on the HP Elitebook 2540p.
Use pledge(2) to ssh-agent(1).
In Xserver(1):
Make DRI2 work on OpenBSD where we don't have support for DRI3 yet.
Enable glamor on architectures where we have OpenGL.
In ppb(4), properly condigure bridges left unconfigured by the system firmware. This makes the Apple Thunderbolt Giabit Ethernet adapter work when inserted at boot time.
Enable the GSE interrupt on Broadwell. This fixes ACPI brightness control on the MacBookPro12,1 and 3rd generation Lenovo X1 Carbon.
In pcidump(8), print PME# state together with the PCI power state when enabled/asserted.
Add UTF-8 support to cut(1) and ls(1).
In smtpd(8), add received-auth parameter to listener to identify authenticated sessions in locally appended "Received" header when enabled.
Fix an issue with gcc(1) on i386 which in turn fixes the Mesa i965 dri module on i386.
Fix bridge(4) to forward broadcast/multicast frames from gif(4).
In bgpd(8), fix rdomain setups.
Remove the aviion and the solbourne platforms.
Add separate users and groups for tftp-proxy(8) and ftp-proxy(8) so that they don't share the same ones.
In fdisk(8), make -i zap any undesirable GPT hanging around, just like the reinit command does.
In rtadvd(8), fix dynamic prefix tracking.
In smtpd(8):
Support user+tag expansion in aliases.
While delivering to lmtp or mda, accept the optional "as user" parameter in smtpd.conf(5).
Fix IPv6 address parsing in smtpd.conf(5).
Allow the use of the tls+backup:// schema in smtpd.conf(5).
Remove table-passwd, table-sqlite and table-ldap.
In ubcmtp(4), add support for the touchpad found on the MacBookPro12,1.
Use pledge(2) in adventure(6), backgammon(6), boggle(6), bs(6), canfield(6), fish(6), gomoku(6), grdc(6), mille(6), prime(6), ssh-keysign(8), trek(6) and wump(6).
Make it possible to detach bge(4).
Add OpenBSD::Pledge, a Perl interface to pledge(2).
In xhci(4):
Make the integrated SD card reader in the MacBookPro12,1 attach.
Make hotplugging USB 3.0 devices work on the MacBookPro12,1.
Convert the simple list of multipath route entries used by ART kernels to a SRP list. This makes the rtable_* layer MP-safe.
Remove stdethers(8) and stdhosts(8).
In atc(6), battlestar(6) and robots(6), use pledge(2) and move the score file to the user's home directory.
Use pledge(2) in cribbage(6).
In make(1), fix duplicate targets in target list.
In skeyinit(1):
Use pledge(2).
Allow the -n flag to work in -s mode.
In installboot(8), back out pledge(2).
Mark the interrupt handler for pci (but not sbus) attached gem(4) as MP-safe.
In ssh-keygen(1), do not leak a temporary file if there is no known_hosts file.
In sshd(8), don't include port number in tcpip-forward replies for requests that don't allocate a port (bz#2509).
In doas(1), don't write past the end of a buffer after reading too long a line from the configuration file.
On sparc64, don't panic in pmap_enter() if we deplete the pool of pv entries and the PMAP_CANFAIL flag is set.
In pci(4), do not report a bus conflict for bridges that are left (partly) unconfigured by the system firmware.
In df(1), avoid reading past the end of a buffer.
In ugen(4), attach the iPhone 6.
In snake(6), use pledge(2) and move the score file into the user's home directory.
Change the command-line syntax of vmmctl(8).
In efiboot, avoid setting mode to GOP if the mode is unchanged. Also don't panic if the setting mode is failed.
Remove rpc.yppasswdd(8).
Use pledge(2) in installboot(8), login_radius(8) and scp(1).
In chpass(1), login_chpass(8) and passwd(1), delete YP password related code.
In rpc.bootparamd(8), delete YP lookup code.
In syslog.conf(5), disable the *.emerg block by default.
Automatically start vmm(4) when the first VM is created and after the last VM is terminated. This removes the explicit enable and disable cmmands from vmmctl(8) and vmm.conf(5).
In fdisk(8), when prompting for a GPT partition type, use the partition's current type as default; and when prompting for an LBA, show the minimum and maximum values in the prompt.
In ifconfig(8), fix breakage when re-configuring an IPv6 static address.
Stop building Mesa on alpha on mips64 because of gcc and binutils issues.
Replace IFF_OACTIVE manipulation with MP-safe operations.
Add sendsyslog2(2). This makes it possible to remove the direct /dev/console opening code from libc.
On libc, use reentrant versions of getpwnam(3), getpwuid(3), getgrnam(3), and getgrgid(3) within libc to avoid reusing the static buffers returned by the non-reentrant versions.
In tmux(1):
Show libevent version in showmsgs -I.
All kill-session -C to clear alerts in all windows.
Remove the -I part of show-messages.The server start time can be accessed with a new start_time format.
In pciide(4), allow to reliably found disks on Xserve G5 by increasing the delay between the PHY reset and the status check for ServerWorks SATA.
In vi(1), turn on filename tab completion by default.
In telnet(1), don't support repeated connections. This avoids problems with pledge(2).
In atc(6), battlestar(6), hack(6), phantasia(6), robots(6), sail(6), and snake(6), remove the setgid bit.
In canfield(6), remove the setgid bit and move score files into the user's home directory.
Use pledge(2) in fdisk(8) and mount(8).
Remove support for "lookup yp" in resolv.conf(5). It is incompatible with pledge(2).
In vmd(8), add the -d and -v flags.
In vmd(8), add support for logging to stderr or syslog, and to run it in foreground with -d option.
In sndiod(8):
Ensure the /tmp/aucat directory gets the right permissions.
Exit cleanly in the case where the clock is ticking because of a MMC start message.
Remove the unused -M option.
Attach zs(4/macppc) as "zs" rather than "zsc".
In bc(1), fix printing of non-ASCII characters in an error message and fix a number of problems caused by invalid input.
In vmmctl(8), add support for vmm.conf(5).
Add vmd(8) and vmmctl(8).
In tmux(1), if display-time is set to 0, show status messages until a key is pressed.
In ospfctl(8), print what ospfd(8) thinks is connected by adding a "C" to the nexthop output.
In ospfd(8), improve ABR support especially for self-originated stub networks. This solves the last issues when using ospfd(8) in multiple areas.
Import mesa 11.0.6.
Use pledge(2) in nsd(8).
In pcidump(8), print the PCI power state when -v is given.
In fdisk(8), bring GPT partition editing into line with MBR partition editing.
Fix inteldrm(4) on recent Apple hardware.
Make sdhc(4) work with 64-bit memory BARs such as those found on the new PC Engines apu.
In tail(1), improve fixes for running without -f.
In vmm(4), do not create a VM if vmm mode hasn't been enabled.
In fdisk(8), fix several nits in editing partitions.
In mandoc(1), fix multiple issues regarding process group and signal mask handling.
Remove login_tis(8).
In the installer, do not auto-skip X sets on systems without wscons(4).
In em(4), revert all the changes to run the tx completion path without holding the kernel lock. It causes "watchdog timeout" problems.
In cvs(1), disable server-side pserver support.
In sppp(4), remove support for SPPP with framing. It is no longer used.
In ed(1), restore the user-defined prompt (specified with -p) when it was turned off and then on again with "P".
Use pledge(2) in monop(6), skeyinit(1), tetris(6), trpt(8), worm(6) and worms(6).
Repair most cases of "tail +n" usage.
In tmux(1), only assume pasting with at least two characters.
Update to flex(1) 2.5.39 and add various improvements including use of pledge(2).
In fdisk(8), when an existing partition is modified in LBA mode, ensure that the partition table is marked dirty so that it gets written when "quit" is issued.
In tail(1), allow tailing multiple files.
Use pledge(2) in OpenCVS.
In the kernel, don't try and wakeup other threads to handle pending work when it is known there's only one thread in the taskq.
In newsyslog(8), back out pledge(2).
In ssh(1), disallow ConnectionAttempts=0.
In vi(1), remove cscope support.
In the installer, set "prohibit-password" in sshd_config(5) instead of "without-password".
Use pledge(2) in fvwm(1), FvwmPager(1), hotplugd(8), locale(1), sensorsd(8).
Add icdb, the Internal C Database: a simpler replacement for the old Berkeley DB code.
Add getpwnam_shadow(3) and getpwuid_shadow(3). These functions will always open the secure/shadow/master password files.
In cnmac(4/octeon), fix the reception of short non-IP packets by accounting of padding with dynamic short packets.
In tmux(1), add the "s/foo/bar/:" prefix for formats to substitute bar for foo.
Fix a regression introduced by the rtalloc(9) rewrite where only the first route of a multipath chain had a valid next hop and could be used.
In ssh-keygen(1), fix -l for private keys. This was broken in support for multiple plain keys on stdin.
In sndiod(8), disable -L (networking) until privilege separation is implemented.
In fdisk(8), since -e edits the on-disk information, remove GPT and re-read it from disk if appropriate.
In crontab(1), check for setgid(2) failure before executing editor and warn if the exec of shell + editor fails.
In ntpd(8), fix memory leak in remove a constraint code path.
In trpt(8), remove the setgid bit.
In tetris(6), remove the setgid bit and move score files into the user's home directory.
Remove lptest(1), pac(8) and yptest(8),
In bge(4), clear the interface timer when shutting down the interface so the watchdog timer doesn't fire a few seconds later.
In snmpd(8), exclude sensors marked as invalid from the sensors MIB.
Use pledge(2) in cvs(1), getconf(1), newsyslog(8), sa(8) and showmount(8).
Unbreak next-hop caching on multipath setups: when multiple gateways are in use, the next-hop entry might not be on the same interface.
In bgpd(8), in the session engine, handle loss of the pipe with a normal shutdown of sessions and exit.
In ssh-keygen(1), allow fingerprinting from standard input and support fingerprinting multiple plain keys in a file and authorized_keys files (bz#1319).
Use pledge(2) in calendar(1), gprof(1), mail(1), and shutdown(8).
In at(1), make -l comply with POSIX.
Fix a panic that happens when radeomdrm(4) detaches because the hardware couldn't be initialized properly.
In pvbus(4), fix a panic on i386 under VMware.
Add the QuoVadis root certificates to /etc/ssl/cert.pem.
In sshd(8), add a new authorized_keys option "restrict" that includes all current and future key restrictions. Also add permissive versions of the existing restrictions.
In ssh_config(5), add the AddKeysToAgent option.
In intel(4), partly disable acceleration on Broadwell. This avoids use of the render ring which gets stuck after resume.
In ieee80211(9):
Add 11n HT support.
Expose 11n mode to the ifmedia layer and introduce the concept of MCS. Make sure 11n features are enabled only if media type is autoselect or 11n.
Add support for 11n mode to the rate adaptation (AMRR) code.
In Xorg(1), remove the -configure option. It has been broken for a long time.
Use pledge(2) in locate(1), tput(1), tset(1), and user(8).
In rdistd(1), support hardlinked symlinks.
In the binutils tools:
Don't try to preserve setuid bits.
Always strip off setuid/setgid bits when creating copies of files.
In ieee80211(9), fix CCMP (WPA2) in preparation for 11n.
Remove libocurses. It is no longer used.
In mandoc(1), fix a bug where hitting Ctrl-Backslash (= SIGQUIT) in the less(1) process spawned by man(1) causes man(1) to die uncleanly leaving behind its temp files, and kill less(1) uncleanly leaving the terminal in the wrong state.
Use pledge(2) in ar(1), info(1), infokey(1), install-info(1), ldconfig(8), ldd(1), makeinfo(1), objcopy(1), texindex(1), vi(1), xconsole(1) and ypldap(8).
In rs(1), fix a bug with -z where every column was at least as wide as the previous one.
Update to xkeyboard-config 2.16.
In telnet(1):
Remove S/Key support.
Remove support for !shell.
Remove the tracefile command.
Remove the debug command.
Set rtable(4) on the whole process, not only in the socket.
Use pledge(2).
Use pledge(2) in as(1), fdisk(8), gcc(1), ld(1), nm(1), rarpd(8), tcpbench(1) and tftp-proxy(8).
In crypto(9):
Remove unused non-HMAC versions of MD5 and SHA1.
Remove unused ARC4.
In tmux(1) add the window_visible_layout format.
In file(1), with -L, make links actually be followed.
Add vmm(4). It is disabled by default.
In ssh, send SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during KEX (bz#2949).
In sshd_config(5), support "none" as an argument for ForceCommand and ChrootDirectory (bz#2486).
In ssh-keygen(1), for -L, support multiple certificates (one per line) and reading from standard input.
In nc(1), with -V, set rtable(4) on the whole process, not only in the socket.
Revert sys/dev/pci/if_bge.c r1.372. It causes regressions on some models.
In dhclient(8), when link loss is reported, cancel any active timeout and wait for link to return.
Use pledge(2) in cwm(1) and fingerd(8).
In fdisk(8):
Avoid problems with pathological input during edit operations by never attempting to use data past the end of the input.
Refresh the in-kernel copy of the disklabel from the disk after writing the new GPT.
Let "reinit mbr" zero existing MBR and GPT partition information before constructing default MBR.
In cron(8), move the socket to /var/run/cron.sock.
In tmux(1):
Remove the mouse-utf8 option. Instead, always turn on UTF-8 mouse if the client says it supports UTF-8.
Support UTF-8 key bindings.
Remove the mouse_utf8_flag.
Remove the utf8 and status-utf8 options. Make tmux only a UTF-8 terminal.
In fdisk(8), display the full disk size when editing GPT, not the truncated MBR size. Display the "disk too large" message only when no GPT is found.
Use pledge(2) in mg(1), spamdb(8), xclock(1) and Xserver(1).
In mg(1), clear the mini buffer once a question has been displayed.
In ehci(4), mark the interrupt handler IPL_MPSAFE.
Add /dev/vmm.
In bge(4), unbreak the BCM5704 A3 found on some Xserve G5 (RackMac3,1).
In fdisk(8), make GPT on large disks work.
In rs(1):
With -H, do not overrun a static buffer on files longer than 4 kB.
With -K, do not print bogus blank lines in case of premature EOF.
Reduce the memory overhead of our ART routing table from 80M to 70M compared to the existing radix-tree when loading ~550K IPv4 routes.
In newfs(8), remove TMPDIR support.
Install ikeca.cnf by default as ikectl(8) now requires CA-specific sections not present in the general openssl(1) cnf files.
In libc:
Exclude the hidden atexit(3) and pthread_atfork(3) stubs from static links that don't use them.
Split the intra-thread functionality from kill(2) into its own system call thrkill(2). This eliminates the need for locking in pthread_kill(3) and simplifies pthread_cancel(3).
5.7 and 5.8 RELIABILITY FIX: insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
A source code patch is available for 5.7 and 5.8.
Use pledge(2) in less(1) and nohup(1).
In less(1), do not save history in secure mode.
Use the correct rdomain(4) when sending gre(4) keepalive packets.
In ehci(4), fix a NULL dereference in case a Root Port Hub interrupt is handled before the soft-interrupt has been established.
In efiboot, avoid a crash when attempting to calculate the header checksum.
Make HFSC work on age(4) and vr(4).
Add the _vmd user and group for the forthcoming vmd(8) daemon.
Revert gnu/usr.bin/gcc/gcc/cp/g++spec.c r1.2 and r.13 in order to go back to the default upstream behaviour when linking a shared library with c++. It is no longer necessary to behave the same as g++ 2.95.
In ssh-keyscan(1), add -c to allow fetching certificates instead of plain keys.
In ncr53c9x, when issuing a non-dma command, set a length variable to 0 upfront to avoid problems on command completition interrupt.
In ssh(1), fix an OOB read in the packet code.
Fix possible system panics due insufficient validation of RSN element group cipher values in 802.11 stack.
Fix a use-after-free in fwvm(1).
In sdmmc(4), always claim to support sector mode for eMMC. This allows BeagleBone Black boards with Micron eMMC to work.
In less(1), remove LESSGLOBALTAGS support.
In efiboot, make "machine disk" show EFI info instead of BIOS info.
In restore(8), make hardlinks of symlinks work.
In efiboot, disable red-zone since EFI is running with a different ABI. This may fix an issue when loading a compressed kernel on MacBooks.
Update to xserver 1.17.4.
Use input handlers for bridge(4). This allows more flexible configurations with vlan(4) and bridge(4) on top of the same physical interface.
Use pledge(2) in xterm(1).
In hypotf(3), fix wrong magic numbers in scaling causing incorrect results for large and small values.
In getty(8), remove ppplogin support.
Radically improve the performance of bgpd(8) filters.
In less(1):
Remove support for "!" to run a shell command.
Remove LESSCHARDEF support.
Remove unused charsets and LESSCHARSET support.
Make HFSC work on de(4) and ie(4/sparc).
In ld.so(1), fix unloading of load groups when the last reference was not on the load_object but rather some descendent.
On i386, fix a regression by reading/writing to CR4 register only if the processor has this capability.
Stop creating the directory /usr/share/nls. If the user does not specify a NLS path, fail early in catopen(3).
In res_init(3), restrict the number, size and address family of nameservers. This fixes a crash in sendmail. Only programs that use the bind resolver internals directly are affected.
Replace less(1) with the cleaned-up fork of less 458 maintained by Garrett D'Amore.
Update to unbound 1.5.6.
Update to nsd 4.1.6.
In the loongson installer, ensure that the partition containing the boot blocks is recognized on the eBenton EBT700.
Use pledge(2) in httpd(8), ikectl(8), slowcgi(8) and wall(1).
For USB mice with wheels, check for the W direction at AC Pan input.
In pkg_add(8), tweak dependencies handling. This might fix some infrequent bugs.
In tcpdump(8), fix a segmentation fault by capping the GRE packet len to tcpdump's snap len.
In tmux(1), pass through right click if mouse is on.
In smtpctl(8), implement the "uncorrupt" subcommand.
In smtpd(8), correctly handle messages that consist solely of headers and do not end with an empty line.
In km(4), match the temperature sensor in GX-412TC SOC.
In ipsecctl(8), decode Chacha20-Poly1305 when dumping SAs.
In iked(8), support Chacha20-Poly1305 for Child SAs.
Fix a potential use-after-free in pf(4).
Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains IP options or if an IPv6 packet contains header extensions.
In rtadvd(8), recognize carp(4) interfaces in order to send the src lladdr option.
In fdisk(8), don't allow the user to enter GPT partition names too large to fit in the GPT partition structure. Also avoid running off the end of the name buffer.
Prevent a panic caused by an infinite recursion in the network stack.
In efiboot, use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" to find the boot device since the MacBook does not support the latter protocol.
In snmpd(8), don't lose the ARP entries when updating an interface.
Add Chacha20-Poly1305 to the OpenBSD Cryptographic Framework and enable it in the software crypto driver and the IPsec/ESP and PF_KEY frameworks.
In whois(1), add -I to use whois.iana.org (root zone database).
In tcpdump(8), print RDNSS nameserver addresses and option names for some other known options that are not otherwise decoded yet (DNSSL, route information).
In libssl, add EVP_aead_chacha20_poly1305_ietf(3), a ChaCha20 with a Poly1305 authenticator for IETF protocols.
Remove ARP load-balacing in order to simplify making ARP MP-safe.
In xhci(4), mark the interrupt handler as IPL_MPSAFE since it only schedules a soft-interrupt.
In ikectl(8):
Accept an "ocsp" option when creating certificates to set the extended key usage for OCSP signing.
Let openssl(1) add valid signed certs to the index file which is required to use the builtin openssl OCSP server.
Switch from SHA-1 to SHA-256.
Introduce ml_purge(9) and mq_purge(9) to free all mbufs on an mbuf list or queue.
In intel(4), fix rendering problems on Broadwell GT3 (Iris 6100/Iris Pro 6200).
In re(4), expand the rx and tx rings so that deviced needing more packets per interrupt can use them.
Rework the netstart(8) script.
In inteldrm(4):
Prevent the desktop "Iris Pro Graphics 6200" from being misidentified as ULT.
Make the mobile "Iris Graphics 6100" be correctly identified as being a ULT part.
Use pledge(2) in bgpctl(8), ldapctl(8), ldapd(8), m4(1), skeyaudit(1) and skeyinfo(1)

New in OpenBSD 5.8 (Oct 18, 2015)

Improved hardware support, including:
New rtwn(4) driver for Realtek RTL8188CE wifi cards.
New hpb(4) driver for HyperTransport bridges as found in the IBM CPC945.
The ugold(4) driver now supports TEMPerHUMV1.x temperature and humidity sensors.
Improved sensor support for the upd(4) driver for USB Power Devices (UPS).
Support for jumbo frames on re(4) devices using RTL8168C/D/E/F/G and RTL8411, including PC Engines APU.
re(4) now works with newer devices e.g. RTL8111GU.
Partial support has been added for full-speed isochronous devices in ehci(4), allowing USB 1.1 audio devices to be used on EHCI-only systems in some cases.
Improved macppc stability and G5 performances with MP kernels.
acpicpu(4) uses ACPI C-state information to reduce power consumption of idle CPUs.
Kernel supports x86 AVX instructions on CPUs that have them.
Avoid assigning low address to PCI BARs, fixing various issues on machines whose BIOSes neglect to claim low memory.
wscons(4) works with even more odd trackpads.
Added pvbus(4) paravirtual device tree root on virtual machines that are running on hypervisors.
New octdwctwo(4) driver for USB support on OpenBSD/octeon.
New amdcf(4) driver for embedded flash on OpenBSD/octeon.
Support for RTL8188EU devices was added to the urtwn(4) driver.
Removed hardware support:
The lmc(4) driver for Lan Media Corporation SSI/T1/DS1/HSSI/DS3 devices has been removed.
The san(4) driver for Sangoma Technologies AFT T1/E1 devices has been removed.
Generic network stack improvements:
MTU of vlan(4) devices can now be set independently from the parent interface's MTU.
The same network range can now be assigned to multiple interfaces, using interface priorities to choose between them.
New MPLS pseudowire driver mpw(4).
Much preparatory work for MP unlocking of the network stack.
Installer improvements:
The logic of the 'Allow root ssh login?' question has been changed. The default answer is now 'no'. 'prohibit-password' has been added to the list of possible answers.
autoinstall(8) has been extended to allow hostname-mode.conf response file names. response files to be placed in a subdir of the webserver's document root. passing a template file to disklabel(8) to automatically partition the disk.
ntpd(8) is now enabled by default at install time.
DUID support has improved enough that new installs now use them unconditionally.
Installing sets from CD-ROM has been fixed if more than one CD-ROM drive is present.
The 'Which CD-ROM contains the install media?' question has been removed. Available cdrom devices are now shown directly in the 'Location of sets?' prompt.
Routing daemons and other userland network improvements:
Many improvements and simplifications in ldpd(8), including configuration reload and support for mpw(4) pseudowire interfaces.
bgpd(8) now allows rules to match on the peer AS number.
For terminated BGP sessions, bgpctl(8) now displays the number of prefixes received on the last session.
ospfd(8) now correctly handles carp(4) interfaces in "backup" mode at startup.
Log messages in bgpd(8) and ospfd(8) have been made more specific.
The default Diffie-Hellman group for VPNs configured by ipsec.conf(5) has been changed to modp3072.
New radiusd(8), Remote Authentication Dial In User Service (RADIUS) daemon.
Security improvements:
sudo in base has been replaced with doas(1), sudo is available as a package.
file(1) has been replaced with a new modern implementation, including sandbox and privilege separation.
pax(1) (and tar(1) and cpio(1)) now prevent archive extraction from escaping the current directory via symlinks; tar(1) without -P option now strips up through any ".." path components.
Static PIE support for sparc.
Alpha switched to secure PLT.
Improved kernel checks of ELF headers.
Support for the NX (No-eXecute) bit on i386, resulting in much better W^X enforcement in userland for hardware that has this feature.
Enforcement of W^X in the kernel address space on i386 when using processors with the NX bit.
Work started on a new process-containment facility called tame(2).
Assorted improvements:
The worm(6) now grows at a rate proportional to terminal size.
dlclose(3) now unregisters handlers registered by a pthread_atfork(3) call from the unloaded libraries.
cp(1), mv(1), and pax(1) with the -rw option now preserve timestamps with full nanosecond precision.
pax(1) now detects failure to decompress an archive when reading it and errors out immediately.
nm(1) now supports the -D option for displaying the dynamic symbol table.
dump(8) now uses DUIDs in /etc/dumpdates when present and the -U option has thus been removed.
Corrected kdump(1) reporting of lseek(2) return value on ILP32 archs and getsockopt/setsockopt(2) level and optname arguments. iovec, msghdr, and cmsghdr structures are now dumped.
sed(1) -i option added.
New, much simpler man.conf(5) configuration file format for man(1), apropos(1), and makewhatis(8).
When using man(1) with the less(1) pager, support the :t internal command to search for definitions of keywords similar to what ctags(1) provides.
Improvements in checking of numeric option values in many utilities.
Upgraded to binutils version 2.17 with additional fixes.
Improved correctness of poll(2) and poll(2) of O_RDONLY FIFO fds.
Restored reporting of closed sockets by netstat(1) and systat(1).
fdisk(8) now zeros correct GPT sector at end of disk.
fdisk(8) now accepts 'T' sizes for terabytes.
fdisk(8) repaired to work on 4K sector disks again.
dhcpd(8) now logs correct giaddr and ciaddr information even when DHCP relays are present.
dhcpd(8) now accommodates Linux and MS clients by not sending routers or static routes info when classless static routes are sent.
dhcpd(8) and dhclient(8) now accept hostnames beginning with a digit.
dhclient(8) no longer rejects leases with addresses overlapping existing subnets on other interfaces. Kernel routing logic now just works.
Improvements to realloc(3) decrease system calls and increase efficiency.
The reaper now tears down dead processes without holding on to the kernel lock. This greatly reduces latency and increases performance on multi-processor systems.
OpenBSD httpd(8):
New features: Added support for matching and redirections with Lua patterns(7). Implemented If-Modified-Since for conditional GET or HEAD requests (RFC 7232). Added byte-range support for range requests (RFC 7233). Allowing to specify a global or per-location default media type instead of application/octet-stream. Added support for HTTP Strict Transport Security (HSTS; RFC 6797). Added initial regression test suite based on relayd(8)'s implementation.
Fixes and improvements: TLS in httpd(8) and relayd(8) now defaults to TLSv1.2-only. Fixed support for large TLS keys or certificate bundles with up to 16KB each. Fixed the Content-Length header for files larger than 2 GB on 32-bit architectures. Fixed translation of CGI environment variables in accordance with RFCs 7230 and 3875. Improved memory usage and fixed possible memory exhaustion on large file transfers. Added URL-encoding of specific CGI variables before using them in the Location header. Prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986. Allowing to specify characters like "?" in the Location URI. Various other bug fixes and improvements.
OpenSMTPD 5.4.4
smtpd(8) reliability and bug fixes.
NOTE: Some security risks were discovered and fixed after the OpenBSD 5.8 release. See 5.8 errata 004.
OpenSSH 7.0:
Security: ssh(1): when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with "fail open" behaviour in the X11 server when clients attempted connections with expired credentials. This problem was reported by Jann Horn. ssh-agent(1): fix weakness of agent locking (ssh-add -x) to password guessing by implementing an increasing failure delay, storing a salted hash of the password rather than the password itself and using a timing-safe comparison function for verifying unlock attempts. This problem was reported by Ryan Castellucci. sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. sshd(8): fix circumvention of MaxAuthTries using keyboard-interactive authentication. By specifying a long, repeating keyboard-interactive "devices" string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied.
Potentially-incompatible changes: Support for the legacy SSH version 1 protocol is disabled by default at compile time. Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html. Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html. Support for the legacy v00 cert format has been removed. The default for the sshd_config(5) PermitRootLogin option has changed from "yes" to "prohibit-password" (but the OpenBSD installer defaults to "no"). NOTE: 'PermitRootLogin prohibit-password' is subtly broken in the OpenBSD 5.8 / OpenSSH 7.0; see 5.8 errata 001.
New/changed features: ssh(1), sshd(8): promote [email protected] to be the default cipher. sshd(8): support admin-specified arguments to AuthorizedKeysCommand. (bz#2081) sshd(8): add AuthorizedPrincipalsCommand that allows retrieving authorized principals information from a subprocess rather than a file. ssh(1), ssh-add(1): support PKCS#11 devices with external PIN entry devices. (bz#2240) sshd(8): allow GSSAPI host credential check to be relaxed for multihomed hosts via GSSAPIStrictAcceptorCheck option. (bz#928) ssh-keygen(1): support ssh-keygen -lF hostname to search known_hosts and print key hashes rather than full keys. ssh-agent(1): add -D flag to leave ssh-agent(1) in foreground without enabling debug mode. (bz#2381) ssh_config(5): add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication. sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications. ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes options to allow appending to the default set of algorithms instead of replacing it. Options may now be prefixed with a + to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss".
The following significant bugs have been fixed in this release: ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use it against some 3rd-party SSH implementations that use it (older PuTTY, WinSCP). Many fixes for problems caused by compile-time deactivation of SSH1 support. (including bz#2369) ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes greater than 4K. (bz#2209) ssh(1): fix out-of-bound read in EscapeChar configuration option parsing. (bz#2396) sshd(8): fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks. ssh(1), sshd(8): improve disconnection message on TCP reset. (bz#2257) ssh(1): remove failed remote forwards established by multiplexing from the list of active forwards. (bz#2363) sshd(8): make parsing of authorized_keys "environment=" options independent of PermitUserEnv being enabled. (bz#2329) sshd(8): fix post-auth crash with permitopen=none. (bz#2355) ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private keys to be encrypted with AEAD ciphers. (bz#2366) ssh(1): allow ListenAddress, Port and AddressFamily configuration options to appear in any order. (bz#86) sshd(8): check for and reject missing arguments for VersionAddendum and ForceCommand. (bz#2281) ssh(1), sshd(8): don't treat unknown certificate extensions as fatal. (bz#2387) ssh-keygen(1): make stdout and stderr output consistent. (bz#2325) ssh(1): mention missing DISPLAY environment in debug log when X11 forwarding requested. (bz#1682) sshd(8): correctly record login when UseLogin is set. (bz#378) sshd(8): add some missing options to sshd -T output and fix output of VersionAddendum and HostCertificate. (bz#2346) Document and improve consistency of options that accept a "none" argument: TrustedUserCAKeys, RevokedKeys (bz#2382), AuthorizedPrincipalsFile (bz#2288). ssh(1): include remote username in debug output. (bz#2368) sshd(8): avoid compatibility problem with some versions of Tera Term, which would crash when they received the hostkeys notification message ([email protected]). sshd(8): mention ssh-keygen -E as useful when comparing legacy MD5 host key fingerprints. (bz#2332) ssh(1): clarify pseudo-terminal request behaviour and use make manual language consistent. (bz#1716) ssh(1): document that the TERM environment variable is not subject to SendEnv and AcceptEnv. (bz#2386) ssh(1), sshd(8): add compatability workarounds for Cisco and more PuTTY versions. (bz#2424) Fix some omissions and errors in the PROTOCOL and PROTCOL.mux documentation relating to Unix domain socket forwarding. (bz#2421, bz#2422) ssh(1): Improve the ssh(1) manual page to include a better desciption of Unix domain socket forwarding. (bz#2423) ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing failures to load keys when they are present. (bz#2427) ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth empty CKA_ID. (bz#2429) sshd(8): clarify documentation for UseDNS option. (bz#2045)
LibreSSL
User-visible features: Reject all server DH keys smaller than 1024 bits. Multiple CVEs fixed including CVE-2015-0207, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-1788, CVE-2015-1789, CVE-2015-1792. Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API. Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL. Removed Dynamic Engine support. Removed MDC-2DES support. Switched openssl dhparam default from 512 to 2048 bits. Fixed openssl pkeyutl -verify to exit with a 0 on success. Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more. Ensure that openssl(1) restores terminal echo state after reading a password. Incorporated fix for OpenSSL issue #3683. Removed SSLv3 support from openssl(1). Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. Removed RSAX engine. Tested SSLv3 removal with the OpenBSD ports tree and found several applications that were not ready to build without SSLv3 yet. For now, building a program that intentionally uses SSLv3 will result in a linker warning. Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. Default cert.pem, openssl.cnf, and x509v3.cnf files are now installed under $sysconfdir/ssl or the directory specified by --with-openssldir. Previous versions of LibreSSL left these empty. NOTE: LibreSSL 2.2.2 in OpenBSD 5.8 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. see 5.8 errata 002.
Code improvements: Fix incorrect comparison function in openssl(1) certhash command. Thanks to Christian Neukirchen / Void Linux. Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables for changing library behavior. OPENSSL_CONF and SSLEAY_CONF are still supported with the openssl(1) command, but note that $ENV:: is no longer supported in .cnf files. libtls API and documentation additions. Various bug fixes and simplifications to libssl and libcrypto. Reworked openssl(1) option handling. LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped for each portable release. Removed workarounds for TLS client padding bugs. Removed IE 6 SSLv3 workarounds. --with-enginesdir is removed as a configuration parameter.
Syslogd:
OpenBSD syslogd(8) can bind to explicitly given UDP or TCP sockets to receive messages. TCP streams are accepted with the octet counting or the non transparent framing method.
Blocks in syslog.conf(5) started with +host process messages created by certain hosts specifically.
Handle situations when the file descriptor limit is exhausted gracefully.
Since libtls handles short writes smarter, syslogd(8) can use the complete output buffer to save messages, coping with longer TLS server down times without losing messages.
Ports and packages:
Many pre-built packages for each architecture:
alpha: 7093 powerpc: 8114
amd64: 8866 sh: 133
hppa: 5813 sparc: 3655
i386: 8839 sparc64: 7851
mips64: 4267 vax: 1959
mips64el: 5922
Some highlights:
Chromium 44.0.2403.125 Mozilla Thunderbird 38.1.0
Emacs 21.4 and 24.5 Node.js 0.10.35
GCC 4.8.4 and 4.9.3 OpenLDAP 2.3.43 and 2.4.41
GHC 7.8.4 PHP 5.4.43, 5.5.27 and 5.6.11
GNOME 3.14.2 Postfix 2.11.4
Go 1.4.2 PostgreSQL 9.4.1
Groff 1.22.3 Python 2.7.9 and 3.4.2
JDK 1.7.0.80 and 1.8.0.45 R 3.1.2
KDE 3.5.10 and 4.14.3 (plus Ruby 1.8.7.374, 1.9.3.551, KDE4 core updates) 2.0.0.598, 2.1.5, and 2.2.0
LLVM/Clang 3.5 (20140228) Sendmail 8.15.2
LibreOffice 4.4.4.3 Tcl/Tk 8.5.18 and 8.6.4
MariaDB 10.0.20 TeX Live 2014
Mono 3.12.1 Vim 7.4.769
Mozilla Firefox 38.1.1esr and o Xfce 4.12 39.0.3
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches, freetype 2.6, fontconfig 2.11.1, Mesa 10.2.9, xterm 314, xkeyboard-config 2.14 and more)
Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.20.2 (+ patches)
SQLite 3.8.9 (+ patches)
NSD 4.1.3
Unbound 1.5.4
Ncurses 5.7
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Less 458 (+ patches)
Awk Aug 10, 2011 version

New in OpenBSD 5.7 (May 1, 2015)

Improved hardware support, including:
New xhci(4) driver for USB 3.0 host controllers.
New umcs(4) driver for MosChip Semiconductor 78x0 USB multiport serial adapters.
New skgpio(4) driver for Soekris net6501 GPIO and LEDs.
New uslhcom(4) driver for Silicon Labs CP2110 USB HID based UART.
New nep(4) driver for Sun Neptune 10Gb Ethernet devices.
New iwm(4) driver for Intel 7260, 7265, and 3160 wifi cards.
The rtsx(4) driver now supports RTS5227 and RTL8411B card readers.
The bge(4) driver now supports jumbo frames on various additional BCM57xx chipsets.
The ciss(4) driver now supports HP Gen9 Smart Array/Smart HBA devices.
The mpi(4) and mfi(4) drivers now have mpsafe interrupt handlers running without the big lock.
The ppb(4) driver now supports PCI bridges that support subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI bridge), and devices with 64-bit BARs behind PCI-PCI bridges as seen on SPARC T5-2 systems.
The puc(4) driver now supports Winchiphead CH382 devices.
The sdmmc(4) driver now supports eMMC storage devices larger than 2GB.
The sdhc(4) driver can properly resume on Ricoh controllers.
The sdhc(4) driver now supports Ricoh R5U822 and R5U823 card readers.
The mfii(4) driver now supports the Megaraid 3008 (Fury) and 3108 (Invader) cards.
The myx(4) driver runs less code under the big lock.
The msk(4) driver now supports Yukon Prime, Yukon Optima 2, Yukon 88E8079, and various EC U and Supreme chipsets.
The umass(4) driver now supports Archos 24y Vision devices.
The athn(4) driver now supports Atheros UB94 devices.
The azalia(4) driver now supports Realtek ALC885 codecs and Bay Trail HD Audio devices.
The ix(4) driver now supports onboard Ethernet devices in SPARC T5 machines.
The upd(4) driver now handles UPSes with broken report descriptors.
The ums(4) driver now supports the USB Tablet device emulated by Qemu.
The umsm(4) driver now supports MEDION S4222 devices.
The pciide(4) driver now supports Intel C610 chipsets.
The ukbd(4) driver now supports "wellspring" Apple keyboards.
The pms(4) driver now supports click-and-drag with Elantech v4 touchpads.
The umodem(4) driver now supports Arduino Leonardo devices.
The sk(4) driver now supports receive ring scaling.
Replaced custom jumbo allocators in sk(4), nge(4), lge(4), and ti(4) with MCLGETI(9).
Wireless network scanning problems with the iwn(4) driver have been fixed.
Support for RS* IGP Radeon devices in the radeondrm(4) driver has been fixed.
PowerMac7,2 and PowerMac7,3 can now boot with a multiprocessor kernel.
Removed hardware support:
The lofn(4) and nofn(4) drivers for Hifn crypto accelerator devices have been removed.
The art(4) driver for Accoom Networks Artery T1/E1 devices has been removed.
The urio(4) driver for Diamond Multimedia Rio MP3 players has been removed.
Generic network stack improvements:
The routing table is now used for most of the address lookup operations superseding the RB-tree and IPv4 address list.
The SipHash algorithm is now used for PCB hashing, trunk(4) loadbalancing, pf(4) and bridge(4).
Traffic destinated to link-local IPv6 addresses can now be seen with tcpdump(8).
A carp(4) now needs to be configured with an explicit carpdev parent interface.
The mbuf(9) layer has been made mpsafe.
Introduce mbuf_list and mbuf_queue structures and APIs.
Support changing the IPv6 input queue length via sysctl(1) and net.inet6.ip6.ifq.
Installer improvements:
The etc and xetc sets are now part of base and xbase and are not distributed separately anymore. They are extracted from base and xbase during installation and upgrades.
Note that this includes the rc and rc.conf files!
The installer now supports trunk(4) interfaces during upgrades.
The discovery of the responsefile location for unattended installation and upgrades has been extended to be more flexible.
Ask for the location if DHCP discovery fails for location or mode.
Provide a default URL if the 'next-server' DHCP option is found.
Use /auto_install.conf or /auto_upgrade.conf if present.
Automatically start the installer in unattended mode if either one of these files is present when the system boots.
Ignore hostname.if.* files when upgrading.
Configure all physical interfaces before any dynamic interface types (e.g. trunks, vlans) when upgrading.
fdisk(8) now zeros out GPT signatures found when writing out an MBR that has been re-initialized and has no EFI or EFISYS partition.
Fixed manipulation of 'ro' and 'rw' fstab options to avoid damage to other options that happen to contain 'ro' or 'rw'.
The ramdisk binary (one binary contains all the commands) is now compiled without optimization and security features. The benefit is a substantial saving in space, allowing more features in the future.
Routing daemons and other userland network improvements:
nginx has been removed from base -- use the package if you need it.
sliplogin has been removed.
Sendmail has been removed from base -- use the package if you need it.
IPv6 router solicitations are now sent by the kernel ("inet6 autoconf"); rtsol(8) and rtsold(8) are no longer necessary and have been removed.
Enhancements and bugfixes in arp(8) and ndp(8)
The effects of the AI_ADDRCONFIG flag on getaddrinfo(3) results are limited to DNS queries. This avoids erratic behavior with transient network problems, "raw" addresses and localhost entries in /etc/hosts.
gethostbyname(3) now no longer fails when more than 16 addresses/aliases are returned. The original pre-asr limit of 35 has been restored, with additional results being truncated.
tftp(1) now supports sending or receiving files larger than 65536 blocks in size.
Security improvements:
Stricter enforcement of W^X in the kernel address space, especially on architectures with the right featureset (amd64, in particular, has seen substantial improvements).
Support for loadable kernel modules has been removed.
procfs has been removed.
Comprehensive audit of the tree to use the reallocarray(3) idiom throughout.
Many conversions from select(2) to poll(2).
/var/tmp is now a symbolic link to /tmp, as a first step towards reducing the "fill it up" attack surface against the /var partition.
memcpy(3) with overlapping arguments now aborts a program (with a syslog report), allowing these problems to be found. Overlapping copies should use memmove(3). Sometime after 5.7 release, having learned more about the situation and repairing instances that are discovered by users during release use, we will go back to the optimized version.
Change rand(3), random(3), drand48(3), lrand48(3), mrand48(3), srand48(3) to return non-deterministic strong random values by default, sourced from arc4random(3). New functions srand_deterministic(3), srandom_deterministic(3), seed48_deterministic(3) and lcong48_deterministic(3) are added for cases where determinism needs to be requested.
At resume (or unhibernate) time, use a variety of methods to reseed the random number generator. This also works on VMs which wake up (if a wakeup event is seen).
All architectures have been transitioned to static PIE, meaning the statically linked binaries in /bin and /sbin now have randomly located text segments.
Allow larger .openbsd.randomdata ELF segments.
Sync kernel AES code and ssh(1) AES code to the one shipped with OpenSSL/LibreSSL.
Removed passwd(1) support for all password ciphers except blowfish(3).
Use sha512 instead of md5 for tcp(4) initial sequence number.
Use sha512 instead of md5 in the random number generator.
Delete secret or secret-derived data in many base utilities with explicit_bzero(3).
Assorted improvements:
New rcctl(8) utility to control daemons.
fw_update(1) has been rewritten to be faster and smarter.
Cleanup libevent(3), the compatibility layer for other operating systems has been removed. The API is still compatible with upstream libevent 1.4.15-stable.
openssl(1) s_client now supports a -proxy parameter for connecting over an HTTP proxy.
gzsig has been removed.
Switch to fast assembly versions of some libc functions on amd64.
Frequency scaling has been moved from apmd(8) to the kernel with an improved algorithm.
Switch last workq API uses to taskq API and remove all traces of workq.
Use services(5) names in the default pf rules in force during startup.
what(1) now correctly displays $OpenBSD$ expansions.
dhcpd(8) now removes addresses from its pf table a single time when they expire, rather than at every timeout after the expiry.
dhcpd(8) now ensures that the pf table process exits when the main process does.
dhcpd(8) has more informative log entries for DHCPACKs issued in response to DHCPINFORM messages.
Added POSIX types blkcnt_t (int64) and blksize_t (int32), and used them for st_blocks (formerly int64_t) and st_blksize (formerly u_int32_t) in struct stat.
Improved typography for banner(6).
dhclient(8) adjusts MTU when the interface-mtu DHCP option is provided.
Various memory leaks in dhclient(8) plugged, providing more stability for long running (in terms of time or renewals) instances.
The dhclient(8) command line options -q (quiet) and -d (don't daemonize) are now mutually exclusive.
The communication between the privileged and unprivileged dhclient(8) processes was reworked to further minimize information sharing.
dhclient(8) ensures lease timeouts (renew, rebind, expire) are sane and uses default values closer to RFC suggestions.
dhclient(8) no longer crashes when a lease expires and cannot be renewed or replaced.
dhclient(8) improved tracking network interface link states.
Improved network error tracking and accounting in dhclient(8).
Private number conversion functions in dhclient(8) eliminated in favour of standard library functions.
Further signal race cleanups in ftp(1).
BIND has been retired, encouraging use of nsd(8) and unbound(8).
Significant namespace cleanup in the /usr/include files, especially related to and .
softraid(4) RAID1 and CRYPTO volumes are now bootable on the sparc64 platform.
relayd(8) now uses "TLS" rather than "SSL" terminology to reflect the deprecation of the latter.
relayd(8) now supports the random and source-hash modes with redirections.
relayd(8) now supports the OPENBSD-RELAYD-MIB via agentx with snmpd(8).
Added interfaces for setting the close-on-exec flag and/or non-blocking mode on new file descriptors: pipe2(2), dup3(2), accept4(2), mkostemp(3), mkostemps(3), the SOCK_CLOEXEC and SOCK_NONBLOCK flags for socket(2) and socketpair(2), and the MSG_CMSG_CLOEXEC flag for recvmsg(2). In addition, posix_spawn_file_actions_adddup2(3) now always clears the close-on-exec flag.
Added interfaces for setting the close-on-exec flag on new FILE handles and for requesting exclusive creation via the the 'e' and 'x' mode letters for fopen(3), fdopen(3), freopen(3), and popen(3).
Many library functions and programs changed to use the above for safety or simplicity.
Added chflagsat(2), sockatmark(3), and stravis(3).
Merged performance and safety fixes for fts(3) from FreeBSD.
Merged fixes for file descriptor leaks in various rpc(3) functions from NetBSD.
Added a kern.global_ptrace sysctl(1) to disable, by default, the ability to ptrace(2) processes that aren't your descendent.
kdump(1) now always displays both the numeric and the textual forms for users, groups, timestamps, and sysctl ids, eliminating the -r option. It also auto-selects between decimal and hex format for arguments, renders more types of flags, and is more robust when parsing corrupt ktrace files.
chmod(1)/chgrp(1)/chown(8) now comply with POSIX's requirements when they encounter symlinks when the -R option is used, and are safe from race conditions when doing so.
The dmesg(8) utility can now display the console message buffer in addition to the system message buffer.
inetd(8) now uses libevent instead of select(3).
Reworking of the kernel pool(9) implementation to provide mpsafety and pave the way for performance improvements.
Removed the workq API after replacing it with the task API.
Add support for creating kernel threads that cannot sleep to taskq_create(9).
Completed the implementation of the atomic (eg, atomic_cas_uint(9), atomic_swap_uint(9), atomic_add_int(9), atomic_sub_int(9), atomic_inc_int(9), and atomic_dec_int(9)) and membar (membar_sync(9)) APIs across all supported architectures.
OpenBSD httpd(8):
SSLv2/3 is not supported anymore; renamed all occurrences of "SSL" to "TLS".
Various TLS improvements with better support for ECDHE/DHE forward secrecy.
Improved support for virtual hosts by supporting name- and IP- based aliases.
Added support for basic authentication by checking against files created with htpasswd(1).
Added support for custom error codes, blocking and dropping of connections.
Added support for redirections and macros in specified target URLs.
Added the "root strip" option to sanitize PATH_INFO for some CGI scripts.
Added an option to specify an alternative log directory instead of /var/www/logs.
Various FastCGI improvements; httpd(8) is now compatible with many well-known web applications.
Various other fixes and improvements.
OpenSMTPD 5.4.4:
SSLv3 is not supported anymore.
Added support for a new message and headers parser.
Added support for append-domain.
Restricted address lookups to configured address families.
Domain is no longer required when mailing a local user.
Various other fixes and improvements.
OpenSSH 6.8
Potentially-incompatible changes:
sshd(8): UseDNS now defaults to 'no'. Configurations that match against the client host name (via sshd_config(5) or authorized_keys) may need to re-enable it or convert to matching against addresses.
New/changed features:
Much of OpenSSH's internal code has been re-factored to be more library-like. These changes are mostly not user-visible, but have greatly improved OpenSSH's testability and internal layout.
Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64. Fingerprints now have the hash algorithm prepended. Please note that visual host keys will also be different.
ssh(1), sshd(8): Experimental host key rotation support. Add a protocol extension for a server to inform a client of all its available host keys after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default off).
ssh(1): Add a ssh_config(5) HostbasedKeyType option to control which host public key types are tried during host-based authentication.
ssh(1), sshd(8): fix connection-killing host key mismatch errors when sshd(8) offers multiple ECDSA keys of different lengths.
ssh(1): when host name canonicalisation is enabled, try to parse host names as addresses before looking them up for canonicalisation. Fixes bz#2074 and avoiding needless DNS lookups in some cases.
ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer require OpenSSH to be compiled with OpenSSL support.
ssh(1), ssh-keysign(8): Make ed25519 keys work for host based authentication.
sshd(8): SSH protocol v.1 workaround for the Meyer, et al., Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA decryption.
sshd(8): Remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two different public keys.
sshd(8): add sshd_config(5) HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd(8) to control what public key types will be accepted. Currently defaults to all.
sshd(8): Don't count partial authentication success as a failure against MaxAuthTries.
ssh(1): Add RevokedHostKeys option for the client to allow text-file or KRL-based revocation of host keys.
ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA.
ssh(1): Add a "Match canonical" criteria that allows ssh_config(5) Match blocks to trigger only in the second config pass.
ssh(1): Add a -G option to ssh(1) that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T".
ssh(1): Allow Match criteria to be negated (e.g. "Match !host").
The regression test suite has been extended to cover more OpenSSH features. The unit tests have been expanded and now cover key exchange.
The following significant bugs have been fixed in this release:
ssh-keyscan(1): ssh-keyscan(1) has been made much more robust again servers that hang or violate the SSH protocol.
ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were being lost as comment fields.
ssh(1): Allow ssh_config(5) Port options set in the second config parse phase to be applied (they were being ignored). (bz#2286)
ssh(1): Tweak config re-parsing with host canonicalisation—make the second pass through the config files always run when host name canonicalisation is enabled (and not whenever the host name changes). (bz#2267)
ssh(1): Fix passing of wildcard forward bind addresses when connection multiplexing is in use. (bz#2324)
ssh-keygen(1): Fix broken private key conversion from non-OpenSSH formats. (bz#2345)
ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
Various fixes to manual pages. (bz#2273, bz#2288 and bz#2316)
LibreSSL
User-visible features:
Reluctantly add server-side support for TLS_FALLBACK_SCSV.
Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.
Jettison DTLS over SCTP.
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl.
Two important cipher suites, GOST and Camellia, have been reworked or reenabled, providing better interoperability with systems around the world.
libtls: New API for loading CA chains directly from memory instead of a file, allowing verification with privilege separation in a chroot(8) without direct access to CA certificate files.
libtls: Ciphers default to TLSv1.2 with AEAD and PFS.
libtls: Improved error handling and message generation.
Added X509_STORE_load_mem API for loading certificates from memory. This facilitates accessing certificates from a chrooted environment.
New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by using 'TLSv1.2+AEAD' as the cipher selection string.
New openssl(1) command 'certhash' replaces the c_rehash script.
Application-Layer Protocol Negotiation (ALPN) support.
Code improvements:
Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.
The ASN1 macros are expanded to aid readability and maintainability.
Various NULL pointer asserts removed in favor of letting the OS/signal handler catch them.
Dozens of issues found with the Coverity scanner fixed.
Security updates:
Fix a Bleichenbacher style timing oracle with bad PKCS padding.
Fix memory leaks.
Address POODLE attack by disabling SSLv3 by default.
SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
Earlier libtls support for non-blocking sockets and randomized session ID contexts.
Ensure the stack is marked non-executable for assembly sections.
Multiple CVEs fixed including CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205 and CVE-2015-0206.
mandoc 1.13.3:
man(1), apropos(1), and mandoc(1) now have a unified user interface, all with the same options, and are in fact all implemented by the same binary program.
For man(1), this implies new options -l and -IKOTW, and it now finds manual pages by the names in their NAME sections even if they lack matching file names.
For apropos(1), this implies new options -acfhklw and -IKOTW.
For mandoc(1), this implies new options -acfhkl.
mandoc(1) now automatically detects and transparently accepts input encoded in utf-8 and iso-8859-1, and provides a new option -K to explicitly specify the input encoding.
The mandoc(1) default output mode now is -Tlocale rather than -Tascii.
eqn(7) now supports in-line equations, and terminal rendering of equations is considerably improved.
mandoc(1) -Thtml now generates polyglot HTML5 and renders eqn(7) using MathML.
mandoc(1) can no longer fail with fatal errors, no matter how broken the input file may be, and the -Wfatal message level no longer has any effect. A new diagnostic level -Wunsupp is provided. Besides, many diagnostic messages are now more specific.
Many crashes were fixed that Jonathan Gray found with the American Fuzzy Lop (afl).
Syslogd:
OpenBSD syslogd(8) is based on libevent now.
Sending and receiving UDP messages works with both IPv4 and IPv6.
Syslog messages can also be sent over TCP or TLS. The syntax to specify the loghost is documented in syslog.conf(5).
Sending over TCP and TLS is reliable. If a connection terminates, syslogd tries to reconnect. When the message buffer in memory gets full, the number of dropped messages is counted and logged.
With TLS, the x509 certificate of the syslog server is verified.
The maximum message size has been increased according to newer RFC.
Ports and packages:
Over 9,000 ports.
Many pre-built packages for each architecture:
i386: 8722
sparc64: 8184
alpha: 6811
sh: 0
amd64: 8745
powerpc: 8286
m88k: 1148
sparc: 4026
arm: 0
hppa: 6718
vax: 1550
mips64: 1595
mips64el: 6914
Some highlights:
Chromium 40.0.2214.115
Emacs 21.4 and 24.4
GCC 4.8.4 and 4.9.2
GHC 7.8.4
GNOME 3.14.2
Go 1.4.1
Groff 1.22.3
JDK 1.7.0.71
KDE 3.5.10 and 4.14.3
LLVM/Clang 3.5 (20140228)
LibreOffice 4.3.5.2
MariaDB 10.0.16
Mono 3.12.0
Mozilla Firefox 31.4.0esr and 35.0.1
Mozilla Thunderbird 31.4.0
Node.js 0.10.35
OpenLDAP 2.3.43 and 2.4.40
PHP 5.3.29, 5.4.38, 5.5.22 and 5.6.5
Postfix 2.11.4
PostgreSQL 9.4.1
Python 2.7.9 and 3.4.2
R 3.1.2
Ruby 1.8.7.374, 1.9.3.551, 2.0.0.598, 2.1.5, and 2.2.0
Sendmail 8.15.1
Tcl/Tk 8.5.16 and 8.6.2
TeX Live 2013
Vim 7.4.475
Xfce 4.10
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches, freetype 2.5.5, fontconfig 2.11.1, Mesa 10.2.9, xterm 314, xkeyboard-config 2.13 and more)
Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.20.1 (+ patches)
SQLite 3.8.6 (+ patches)
NSD 4.1.1
Unbound 1.5.2
Sudo 1.7.2p8
Ncurses 5.7
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)
Less 458 (+ patches)
Awk Aug 10, 2011 version

New in OpenBSD 5.6 (Nov 1, 2014)

LibreSSL:
This release forks OpenSSL into LibreSSL, a version of the TLS/crypto stack with goals of modernizing the codebase, improving security, and applying best practice development processes.
No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, as well as antique compilers.
Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is irrelevant, or because they require external non-free libraries to work.
No support for FIPS-140 compliance.
No EBCDIC support.
No support for big-endian i386 and amd64 platforms.
Use standard routines from the C library (malloc, strdup, snprintf...) instead of rolling our own, sometimes badly.
Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for all the entropy needs.
Remove the MD2 and SEED algorithms.
Remove J-PAKE, PSK and SRP (mis)features.
Aggressive cleaning of BN memory when no longer used.
No support for Kerberos.
No support for SSLv2.
No support for the questionable DTLS heartbeat extension.
No support for TLS compression.
No support for US-Export SSL ciphers.
Do not use the current time as a random seed in libssl.
Support for ChaCha and Poly1305 algorithm.
Support for Brainpool and ANSSI elliptic curves.
Support for AES-GCM and ChaCha20-Poly1305 AEAD modes.
Improved hardware support, including:
SCSI Multipathing support via mpath(4) and associated path drivers on several architectures.
New qlw(4) driver for QLogic ISP SCSI HBAs.
New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
New upd(4) sensor driver for USB Power Devices (UPS).
New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs.
New uscom(4) driver for simple USB serial adapters.
New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices.
The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support.
The userland interface for the agp(4) driver has been removed.
The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets.
The firmware for the run(4) driver has been updated to version 0.33.
The run(4) driver now supports devices based on the RT3900E chipset.
The zyd(4) driver, which was broken for some time, has been fixed.
The bwi(4) driver now works in systems with more than 1GB of RAM.
The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
Generic network stack improvements:
divert(4) now supports checksum offload.
IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface.
Support for RFC4620 IPv6 Node Information Queries has been removed.
The kernel no longer supports the SO_DONTROUTE socket option.
The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493.
Include router alert option (RAO) in IGMP packets, as required by RFC2236.
ALTQ has been removed.
The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load.
Installer improvements:
Remove ftp and tape as install methods.
Preserve the disklabel (and next 6 blocks) when installing boot block on 4k-sector disk drives.
Change the "Server?" question to "HTTP Server?" to allow unambiguous autoinstall(8) handling.
Allow autoinstall(8) to fetch and install sets from multiple locations.
Many sample configuration files have moved from /etc to /etc/examples.
Routing daemons and other userland network improvements:
When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be.
ftp(1) now allows its User-Agent to be changed via the -U command-line option.
The -r option of ping(8) and traceroute(8) has been removed.
ifconfig(8) can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off.
ifconfig(8) has been made smarter about parsing WEP keys on the command line.
ifconfig(8) scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x).
MS-CHAPv1 (RFC2433) support has been removed from pppd(8).
traceroute6(8) has been merged into traceroute(8).
The asr API for asynchronous address resolution and nameserver querying is now public.
pflow(4)'s pflowproto 9 has been removed.
The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed.
snmpd(8), snmpctl(8), and relayd(8) now communicate via the AgentX protocol.
relayd(8) has a new filtering subsystem, where the new configuration language uses last-matching pf-like rules.
The new relayd(8) filter rules now support URL-based relaying.
relayd(8) now uses privilege separation for private keys. This acts as an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS.
New httpd(8) HTTP server with FastCGI and SSL support.
OpenSMTPD 5.4.3 (includes changes to 5.4.2):
New/changed features:
OpenSMTPD replaces Sendmail as the default MTA.
Queue process now runs under a different user for better isolation.
Merged MDA, MTA and SMTP processes into a single unprivileged process.
Killed the MFA process, it is no longer needed.
Added support for email addresses lookups in the table_db backend.
Added RSA privilege separation support to prevent possible private key leakage.
The following significant bugs have been fixed in this release:
Minor bug fixes in some corner cases of the routing logic.
The enqueuer no longer adds its own User-Agent.
Disabled profiling code, allowing all processes to rest rather than waking up every second.
Reworked the purge task to avoid disk-hits unless necessary... only once at startup.
Fix various header parsing bugs in the local enqueuer.
Assorted minor fixes and code cleanups.
Security improvements:
Changed the heuristics of the stack protector to also protect functions with local array definitions and references to local frame addresses. This matches the -fstack-protector-strong option of upstream GCC.
Position-independent executables (PIE) are now used by default on powerpc.
Removed Kerberos.
Default bcrypt hash type is now $2b$.
Remove md5crypt support.
Improved easier to use bcrypt API is now available.
Increase randomness of random mmap mappings.
Added getentropy(2).
Added timingsafe_memcmp(3).
Removed the MD4 hash algorithm and functions from cksum(1), S/Key, and libc.
gets(3) has been removed.
Added reallocarray(3), which allows multiple sized objects to be allocated without the cost of clearing memory while avoiding possible integer overflows.
Extended fread(3) and fwrite(3) to check for integer overflows.
Assorted improvements:
locate databases for both base and xenocara, as /usr/lib/locate/src.db and /usr/X11R6/lib/locate/xorg.db.
Much faster package updates, due to package contents reordering that precludes re-downloading unchanged files.
Fix many programs that failed when accessing disks having sector sizes other than 512 bytes, including badsect(8), df(1), dump(8), dumpfs(8), fsck_ext2fs(8), fsck_ffs(8), fsdb(8), growfs(8), ncheck_ffs(8), quotacheck(8), tunefs(8).
Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107. 64-bit time_t values outside that range are stored as 1/1/1980.
bs(6) now prints a battleship splash screen.
rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page, spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been removed.
rmail(8) and uucpd(8) have been removed from the base system and added to the ports tree.
Lynx has been removed from the base system and added to the ports tree.
TCP Wrappers have been removed.
Fix atexit(3) recursive handlers.
Enhance disklabel(8) to recover filesystem mountpoint information when reading saved ascii labels.
Properly handle msgbuf_write(3) EOF conditions, including uses in tmux(1), dvmrpd(8), ldapd(8), ldpd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), smtpd(8), ypldap(8).
Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more.
Sync fdisk(8) built-in MBR with current /usr/mdec/mbr.
Quiet dhclient(8) '-q' even more.
Log less redundant dhclient(8) info.
New leases, lease renewals, cable state changes more obvious to applications monitoring dhclient(8) files.
Preserve chronological order of leases in the dhclient.leases(5) leases files.
Use 'lease {}' statements in dhclient.conf(5), allowing interfaces to get an address when no dynamic lease is available.
Improve dhclient(8) parsing and printing of classess static routes.
Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8).
Added sendsyslog(2): syslog(3) now works even when out of file descriptors or in a chroot.
Added errc(3), verrc(3), warnc(3) and vwarnc(3).
Faster hibernate/unhibernate performance on amd64 and i386 platforms.
Support hibernating to softraid(4) crypto volumes.
Improved performance of seekdir(3) to start of current buffer.
Added per the revision of the POSIX spec in progress.
Apache has been removed.
Read support for ext4 filesystems.
Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems.
OpenSSH 6.7:
Potentially-incompatible changes:
sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default.
sshd(8): Support for tcpwrappers/libwrap has been removed.
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the "[email protected]" KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions.
New/changed features:
Major internal refactoring to begin to make part of OpenSSH usable as a library. So far the wire parsing, key handling and KRL code has been refactored. Please note that we do not consider the API stable yet, nor do we offer the library in separable form.
ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket.
ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for Ed25519 key types.
sftp(1): Allow resumption of interrupted uploads.
ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. (bz#2154)
sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. (bz#2222)
sshd(8): Add a sshd_config(5) PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. (bz#2160)
ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. (bz#2220)
sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success/failure messages. (bz#2199)
Added unit and fuzz tests for refactored code.
The following significant bugs have been fixed in this release:
sshd(8): Fix remote forwarding with same listen port but different listen address.
ssh(1): Fix inverted test that caused PKCS#11 keys that were explicitly listed in ssh_config(5) or on the commandline not to be preferred.
ssh-keygen(1): Fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in exit status. Previously we were always returning 0. (bz#2255)
ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the randomart border. (bz#2247)
ssh-agent(1): Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(). (bz#2236)
ssh-add(1): Make stdout line-buffered; saves partial output getting lost when ssh-add(1) fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add(1) doesn't). (bz#2234)
ssh-keygen(1): When hashing or removing hosts, don't choke on "@revoked" markers and don't remove "@cert-authority" markers. (bz#2241)
ssh(1): Don't fatal when hostname canonicalisation fails and a ProxyCommand is in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion).
scp(1): When copying local->remote fails during read, don't send uninitialised heap to the remote end.
sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing filenames with a single quote char somewhere in the string. (bz#2238)
ssh-keyscan(1): Scan for Ed25519 keys by default.
ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys.
sshd(8): Avoid crash at exit via NULL pointer reference. (bz#2225)
Fix some strict-alignment errors.
mandoc 1.13.0:
New implementation of apropos(1), whatis(1), and makewhatis(8) based on SQLite3 databases.
Substantial improvements of mandoc(1) error and warning messages.
Almost complete implementation of roff(7) numerical expressions.
About a dozen minor new features and numerous bug fixes.
Ports and packages:
Over 8,800 ports.
Many pre-built packages for each architecture:
i386: 8588
sparc64: 7965
alpha: 6278
sh: 2626
amd64: 8588
powerpc: 8049
m88k: 2475
sparc: 3394
arm: 5633
hppa: 6143
vax: 1995
mips64: 4686
mips64el: 6697
Some highlights:
GNOME 3.12.2
KDE 3.5.10
KDE 4.13.3
Xfce 4.10
MySQL 5.1.73
PostgreSQL 9.3.4
Postfix 2.11.1
OpenLDAP 2.3.43 and 2.4.39
Mozilla Firefox 31.0
Mozilla Thunderbird 31.0
GHC 7.6.3
LibreOffice 4.1.6.2
Emacs 21.4 and 24.3
Vim 7.4.135
PHP 5.3.28, 5.4.30 and 5.5.14
Python 2.7.8, 3.3.5 and 3.4.1
Ruby 1.8.7.374, 1.9.3.545, 2.0.0.481 and 2.1.2
Tcl/Tk 8.5.15 and 8.6.1
JDK 1.6.0.32 and 1.7.0.55
Mono 3.4.0
Chromium 36.0.1985.125
Groff 1.22.2
Go 1.3
GCC 4.6.4, 4.8.3 and 4.9.0
LLVM/Clang 3.5 (20140228)
Node.js 0.10.28
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.15.2 + patches, freetype 2.5.3, fontconfig 2.11.1, Mesa 10.2.3, xterm 309, xkeyboard-config 2.11 and more)
Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.18.2 (+ patches)
Nginx 1.6.0 (+ patches)
SQLite 3.8.4.3 (+ patches)
Sendmail 8.14.8, with libmilter
Bind 9.4.2-P2 (+ patches)
NSD 4.0.3
Unbound 1.4.22
Sudo 1.7.2p8
Ncurses 5.7
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)
Less 458 (+ patches)
Awk Aug 10, 2011 version

New in OpenBSD 5.5 (May 1, 2014)

time_t is now 64 bits on all platforms.
From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
Userland programs that were changed include arp(8), bgpd(8), calendar(8), cron(8), find(1), fsck_ffs(8), ifconfig(8), ksh(1), ld(1), ld.so(1), netstat(1), pfctl(8), ping(8), rtadvd(8), ssh(1), tar(1), tmux(1), top(1), and many others, including games!
Removed time_t from network, on-disk, and database formats.
Removed as many (time_t) casts as possible.
Format strings were converted to use %lld and (long long) casts.
Uses of timeval were converted to timespec where possible.
Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106.
Numerous ports throughout the ports tree received time_t fixes.
Releases and packages are now cryptographically signed with the signify(1) utility.
The installer will verify all sets before installing.
Installing without verification works, but is discouraged.
Users are advised to verify the installer (bsd.rd, install55.iso, etc.) ahead of time using the signify(1) tool if available.
pkg_add(1) now only trusts signed packages by default.
Installer improvements:
The installer now supports a scriptable auto-installation method that enables unattended installation and upgrades using a response file.
Disk images which can be written to a USB flash drive (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets]) are now provided for amd64 and i386.
Rewritten installboot(8) utility aiming for a unified implementation across platforms (currently used by amd64 and i386 only).
The installer now parses nwids with embedded blanks correctly.
New/extended platforms:
OpenBSD/alpha:
Multiprocessor support.
OpenBSD/aviion:
First self-hosting release for 88100-based AViiON systems.
OpenBSD/armv7 replaces OpenBSD/beagle.
Improved hardware support, including:
New vmx(4) driver for VMware VMXNET3 Virtual Interface Controller devices.
New vmwpvs(4) driver for VMware Paravirtual SCSI.
New vioscsi(4) driver for VirtIO SCSI adapters.
New viornd(4) driver for VirtIO random number devices.
New ubcmtp(4) driver for Broadcom multi-touch trackpads found on newer Apple MacBook, MacBook Pro, and MacBook Air laptops.
New ugold(4) driver for TEMPer gold HID thermometers.
New ugl(4) driver for Genesys Logic based USB host-to-host adapters.
New qla(4) driver for Qlogic fibre channel HBAs.
radeondrm(4) has been overhauled, including:
New port of the Radeon code in Linux 3.8.13.19.
Support for Kernel Mode Setting (KMS) including support for additional output types such as DisplayPort.
wsdisplay(4) now attaches to radeondrm(4) and provides a framebuffer console.
inteldrm(4) has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
Support for Intel 8 Series Ethernet with i217/i218 PHYs, and i210/i211/i354 has been added to em(4).
Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to iwn(4).
Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to arc(4).
Support for Elantech v2 touchpads in pms(4) has been fixed.
Support for 802.11a (5Ghz) has been added to wpi(4).
Workarounds for firmware stability issues have been added to wpi(4), iwi(4), and iwn(4).
Support for RT3572 chips has been added to the ral(4) driver.
Support for RTL8106E chips has been added to the re(4) driver.
Support for RTS5229 card readers has been added to rtsx(4).
Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver.
Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
Further reliability improvements regarding suspend/resume and hibernation.
Enabled IPv6 transmit TCP/UDP checksum offload in jme(4).
Generic network stack improvements:
Added vxlan(4), a virtual extensible local area network tunnel interface.
pflow(4) now sends 64 bit time values for pflowproto 10. The changed templates / flows for pflowproto 10 are now parsable by existing receivers.
Continued improvement of the checksum offload framework to streamline the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
Enabled IPv6 routing domain support.
Routing daemons and other userland network improvements:
The popa3d POP3 server has been removed.
Added ntpctl(8), a program to control the Network Time Protocol daemon.
slowcgi(8) now works with a high number of concurrent connections.
The inetd-based identd has been replaced by a new libevent-based identd(8).
tcpdump(8) can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
Added rdomain support to IPv6 configuration tools ndp(8), rtsold(8), ping6(8), and traceroute6(8).
Added SNMPv2 client support to snmpctl(8) ("get", "walk", and "bulkwalk").
relayd(8) now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default.
pf(4) improvements:
New queueing system with new syntax.
The "received-on" parameter can now be used with the "any" keyword to match any existing interface except loopback ones.
The block policy in the default pf.conf(5) is now "block return".
dhcpd(8) and dhclient(8) improvements:
No longer create a route to the bound address via 127.0.0.1.
The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
'next-server' (a.k.a. siaddr) info now saved in lease files.
Fall back to broadcasting when unicast renewal fails, as specified in RFC 2131 and friends.
Fix various problems in communications between privileged and non-privileged processes.
Fix many abuses of memcpy.
Stop pretending we still support FDDI or token ring hardware types.
Fix classless static routes option handling and add syntax to parse human-readable forms.
Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
Fix handling of non-printable characters in lease file strings.
Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line.
dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'.
Fix parsing of dhclient.conf(5) statements 'fixed-address' and 'next-server'.
Log failures to fchmod() or fchown() files being written.
Create lease files with permissions 0640.
Fix possible failure to write resolv.conf(5) when -L is used.
'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
iked(8) improvements:
Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL".
Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys.
Support for DPD ("Dead Peer Detection") similar to the implementation in isakmpd(8).
Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix".
Initial support for IPComp.
Various improvements and a thorough audit of the network input path.
OpenSMTPD 5.4.2 (includes changes to 5.4.1):
Introduce initial support for DSN extension:
NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER
RET=HDRS, RET=FULL
Introduce initial support for ENHANCEDSTATUSCODES extension:
smtp process returns Enhanced Status Codes for most commands.
other processes now have an API to return more precise codes ...
... which will be improved further with each version.
Improved smtpctl(8):
sendmail mode now supports DSN parameters
Can now pause/resume a source address -> destination domain route.
Can now display status of processes with smtpctl show status.
show relays: displays list of currently active relays.
show routes: displays status of routes currently known by smtpd.
show hosts: displays list of known remote MX.
show hoststats: display status of last delivery for active domains.
resume route: resumes route temporarily disable by the MTA.
pause/resume envelope: allows pausing individual envelopes.
pause/resume message: allows pausing individual messages.
encrypt: allows generating credentials suitable for authentication.
show message/envelope is now compression/encryption aware.
Introduced SNI support.
Improved configuration file:
Removed last known ambiguity in grammar.
Much simpler configuration for TLS-enabled hosts.
Most parameters are now swappable in listen and accept rules.
Conditions may be negated (ie: accept from ! ...)
Forward-only rules can be declared to impose ~/.forward files.
New "recipient" keyword allows accept rule to provide a whitelist.
Sender and recipient tables accept wildcard in their domains.
TLS generic improvements:
Support for TLS Perfect Forward Secrecy.
Support for providing custom CA certificates.
MTA improvements:
mta may now require remote hosts to present valid certificates.
Always attempt TLS before falling back to plaintext.
Always present certificate if one is available.
AUTH LOGIN now supported.
MTA can now specify a EHLO-hostname when relaying.
SMTP server improvements:
IPv4-only and IPv6-only listeners are now possible.
Listeners may now hide the From part in a Received-line.
Listeners may require clients to provide a valid certificate.
Banner hostname can now be dynamically fetched from a table.
Queue improvements:
Introduce an envelope cache in the queue to improve disk-IO pattern.
Documentation:
table(5) describes format for static, file and db backends.
sendmail(8) describes our "sendmail" interface.
Reduced memory usage in both general and stressed cases.
OpenSMTPD now automagically upgrades queue if the format changes!
Support Qmail-like "sticky home".
Support for authenticating users from a credentials table.
Introduce passwd(5) table backend for user and credentials lookup.
Expansion variables in ~/.forward now support modifiers.
Much more efficient scheduler!
Many documentation fixes and improvements.
And a lot of minor bug fixes and internal cleanup!
Security improvements:
Position-independent executables (PIE) are now used by default on i386.
The arc4random(3) functions now use the ChaCha20 cipher.
The kernel random number system is initially seeded by the bootloader, providing better random very early.
Kernel stack protector is also seeded via the same mechanism, providing protection earlier.
-Wbounded is now enabled in GCC by default.
Added explicit_bzero(3).
Performance improvements:
Relations between the buffer cache and swap daemon have been improved.
Threading improvements:
Interprocess semaphores via sem_open(3).
Running threaded processes under a debugger no longer causes panics.
SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
Thread stacks now have a random bias.
fork(2) no longer changes the pthread_t of the forking thread in the child.
Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
Assorted improvements:
New in-memory file system, tmpfs.
Many fuse(4) improvements and stability fixes.
Added POSIX-required nl(1) utility.
OpenBSD/vax has switched to GCC 3.
Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
Added support for CLOCK_UPTIME.
Added tcgetsid(3).
clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
ino_t is now a 64 bit type, mostly to support large NFS filesystems.
Corrected handling of UTIME_OMIT.
pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
Corrected handling of shared library destructors when libc is statically linked.
Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
All CIRCLEQ uses replaced with TAILQ.
Preserve and honour changes to the OpenBSD bounds in a disklabel.
fdisk(8) now always writes a good signature when the MBR is written to disk.
disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices.
Fix athn(4) tick calculations to eliminate excessive timeouts.
Allow disklabel(8) to set any partition, including 'C', to type UNUSED.
New sha512(1) tool to calculate and verify the SHA-512 checksums of files.
sha256(1) and related tools (cksum(1), md5(1), sha1(1), and sha512(1)) now support a new -h flag to place the checksum into a specified hash file instead of stdout.
sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist.
sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist.
i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes.
Allow softraid(4) to work with partitions larger than 2TB.
Removed experimental RAID 4 support from softraid(4).
Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
The uhts(4) driver has been merged into ums(4).
Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years.
OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
Security:
sshd(8): when using environment passing with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be tricked into accepting any enviornment variable that contains the characters before the wildcard character.
New/changed features:
ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it.
ssh(1), sshd(8): Add support for ED25519 as a public key type. ED25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys.
Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for ED25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new format are in the PROTOCOL.key file.
ssh(1), sshd(8): Add a new transport cipher "[email protected]" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.
ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release.
ssh(1), sshd(8): Refuse old proprietary clients and servers that use a weaker key exchange hash calculation.
ssh(1): Increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC 4419.
ssh(1), ssh-agent(1): Support PKCS#11 tokens that only provide X.509 certs instead of raw public keys. (requested as bz#1908)
ssh(1): Add a ssh_config(5) Match keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands.
ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names.
sftp-server(8): Add the ability to whitelist and/or blacklist sftp protocol requests by name.
sftp-server(8): Add a sftp "[email protected]" to support calling fsync(2) on an open file handle.
sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option.
ssh(1): Add a ssh_config(5) ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data.
ssh(1), sshd(8): this release removes the J-PAKE authentication code. This code was experimental, never enabled and had been unmaintained for some time.
ssh(1): when processing Match blocks, skip 'exec' clauses other clauses predicates failed to match.
ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse ssh_config(5) files using the new destination hostname. This gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied.
The following significant bugs have been fixed in this release:
ssh(1), sshd(8): Fix potential stack exhaustion caused by nested certificates.
ssh(1): make BindAddress work with UsePrivilegedPort. (bz#1211)
sftp(1): fix the progress meter for resumed transfer. (bz#2137)
ssh-add(1): do not request smartcard PIN when removing keys from ssh-agent(1). (bz#2187)
sshd(8): fix re-exec fallback when original sshd(8) binary cannot be executed. (bz#2139)
ssh-keygen(1): Make relative-specified certificate expiry times relative to current time and not the validity start time.
sshd(8): fix AuthorizedKeysCommand inside a Match block. (bz#2161)
sftp(1): symlinking a file would incorrectly canonicalise the target path. (bz#2129)
ssh-agent(1): fix a use-after-free in the PKCS#11 agent helper executable. (bz#2175)
sshd(8): Improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any).
sshd(8): tell the client (via a debug message) when their preferred listen address has been overridden by the server's GatewayPorts setting. (bz#1297)
sshd(8): include report port in bad protocol banner message. (bz#2162)
sftp(1): fix memory leak in error path in do_readdir(). (bz#2163)
sftp(1): don't leak file descriptor on error. (bz#2171)
sshd(8): include the local address and port in "Connection from ..." message. (only shown at loglevel>=verbose)
ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. (bz#2200, debian#738692)
sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase.
ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions.
sshd_config(5) clarify behaviour of a keyword that appears in multiple matching Match blocks. (bz#2184)
ssh(1): avoid unnecessary hostname lookups when canonicalisation is disabled. (bz#2205)
sshd(8): avoid sandbox violation crashes in GSSAPI code by caching the supported list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption that the SOCKS username is nul-terminated.
ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is not specified.
ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
ssh(1): fix matching of 'Host' directives in ssh_config(5) files to be case-insensitive again. (regression in 6.5)
Ports and packages:
Over 8,700 ports.
Major overhaul of the package tools, resulting in much better memory usage.
pkg_add(1) now only trusts signed packages by default.
The build process now allows some limited capability for building conflicting packages, yielding KDE 4 packages as a result, along with KDE 3 ones.
Some highlights:
GNOME 3.10.2
KDE 3.5.10
KDE 4.11.5
Xfce 4.10
MySQL 5.1.73
PostgreSQL 9.3.2
Postfix 2.11.0
OpenLDAP 2.3.43 and 2.4.38
Mozilla Firefox 24.3 and 26.0
Mozilla Thunderbird 24.3.0
GHC 7.6.3
LibreOffice 4.1.4.2
Emacs 21.4 and 24.3
Vim 7.4.135
PHP 5.3.28 and 5.4.24
Python 2.7.6 and 3.3.2
Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
Tcl/Tk 8.5.15 and 8.6.1
JDK 1.6.0.32 and 1.7.0.21
Mono 2.10.9
Chromium 32.0.1700.102
Groff 1.22.2
Go 1.2
GCC 4.6.4 and 4.8.2
LLVM/Clang 3.3
Node.js 0.10.24
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches, freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301, xkeyboard-config 2.10.1 and more)
Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.16.3 (+ patches)
Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
Nginx 1.4.4 (+ patches)
OpenSSL 1.0.1c (+ patches)
SQLite 3.8.0.2 (+ patches)
Sendmail 8.14.8, with libmilter
Bind 9.4.2-P2 (+ patches)
NSD 4.0.1
Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
Sudo 1.7.2p8
Ncurses 5.7
Heimdal 1.5.2 (+ patches)
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)
Less 444 (+ patches)
Awk Aug 10, 2011 version

New in OpenBSD 5.4 (Nov 1, 2013)

New/extended platforms:
OpenBSD/octeon
New platform for systems based on the Cavium Octeon MIPS-compatible processors. Supported machines include:
Portwell CAM-0100
Ubiquiti Networks EdgeRouter LITE (no local storage)
OpenBSD/beagle
New platform for OMAP3/4 and AM335x systems using an ARM Cortex-A8 or Cortex-A9 CPU. Supported boards include:
BeagleBoard C4 / xM
BeagleBone and BeagleBone Black
PandaBoard and PandaBoard ES
Improved hardware support, including:
inteldrm(4) has been overhauled, including:
Now mostly in sync with Linux 3.8.13.
Support for Kernel Mode Setting (KMS) including support for additional output types such as DisplayPort.
Sandy Bridge and newer parts which previously had only ShadowFB acceleration now have full hardware acceleration including use of the 3D rings.
wsdisplay(4) now attaches to inteldrm(4) and providers a framebuffer console.
vgafb(4/macppc) now supports multiple virtual consoles.
Support for Elantech touchpads version 4 (clickpad) added to pms(4).
Fixed st(4) EOM handling, enabling much better Bacula support.
Support for vdsk(4) disks larger than 2TB.
Generic network stack improvements:
Reworked checksum handling for network protocols.
divert(4) now recalculates the IP and protocol checksums of reinjected packets.
No longer attempt to delete the undeletable RNF_ROOT route.
Routing daemons and other userland network improvements:
Support SSL inspection in relayd(8).
Added slowcgi(8), a libevent-based FastCGI implementation.
Enabled ECDHE support in httpd(8).
Do not start inetd(8) by default any more.
Many ldpd(8) improvements, including a speed-up of the session establishment process, support for adjacencies and targeted hellos, support for multiple addresses per interface, and more.
dhcpd(8) improvements:
Improved compliance with RFC 2131 strictures on client-identifiers.
Fixed synchronization of leases.
Replaced manual date parsing and printing with strftime and strptime.
Explicitly label dates in leases files as being UTC dates.
dhclient(8) improvements:
Delete routes added by defunct dhclient processes.
Improved handling of client-identifier option.
Increased ip_ttl on packets to 128, allowing more distant servers to provide leases.
Replaced manual date parsing and printing with strftime and strptime.
Explicitly label dates in leases files as being UTC dates.
Improved interactions between dhclient processes to make the most recent dhclient started the most likely to persist.
Support for static routes and classless static routes options.
Fixed log messages to print correct addresses.
Reduced log verbosity by emitting debug messages only when debugging.
Eliminated unnecessary address and route churn during lease renewal by not binding leases identical to the current one.
OpenSMTPD 5.3.3:
New features:
Add support for LMTP local deliveries
Add SECURE and AUTH transmission types
Add support for transparent queue compression
helo names can now be looked up in a db(3) table
New "error:" alias kind allows aliasing a user-part to an error
Traces can be (de)activated at runtime
Improvements:
More robust queue can cope with runtime errors
Improved routing strategies
Assorted minor bug fixes and cleanups
Performance improvements:
Don't require the kernel lock when processing audio interrupts.
Improved kernel bcopy/memmove/memcpy implementations and made more careful choices between them.
Implemented symbol caching and RELCOUNT/RELACOUNT optimizations in ld.so(1).
Threading improvements:
Closed various race conditions between exit/fork/execve/__tfork/__threxit/ptrace in both the kernel and libpthread.
Assorted improvements:
Added a locale(1) utility.
Added ltrace(1), a tool to trace PLT calls.
Added a new implementation of cu(1).
Added shm_open(3)/shm_unlink(3).
Added getprogname(3)/setprogname(3).
Added clock_getcpuclockid(3) and pthread_getcpuclockid(3).
Added fmemopen(3).
Added open_memstream(3)/open_wmemstream(3).
Added memmem(3).
Added fdatasync(2).
Added ppoll(2).
Added pselect(2).
Added utrace(2).
Switched the VAX platform to ELF.
Fixed kernel profiling on multiprocessor systems.
Experimental support for fuse(4).
Added support for write_opt=nodir and the 'path' and 'linkpath' extended headers to pax(1) (aka tar(1)).
Brought getconf(1) up to date with recent POSIX updates.
Added -L and -P options to ln(1).
More structures and symbolic values displayed by kdump(1).
pkill(1) now accepts an -I option to ask for confirmation on killing processes.
New vmx(4) driver provides support for the VMXNET3 virtual NIC available in VMware.
OpenSSH 6.3:
New features:
sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards.
ssh(1) and sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config(5) as well as on the client.
sshd(8): standardise logging of information during user authentication.
ssh(1): add the ability to query supported ciphers, MAC algorithms, key types and key exchange methods.
ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy.
ssh(1): allow IdentityFile=none.
ssh(1) and sshd(8): add -E option to ssh(1) and sshd(8) to append debugging logs to a specified file instead of stderr or syslog.
sftp(1): add support for resuming partial downloads using the reget command and on the sftp(1) commandline or on the get commandline using the -a (append) option.
ssh(1): add an IgnoreUnknown configuration option to selectively suppress errors arising from unknown configuration directives.
sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods.
The following significant bugs have been fixed in this release:
sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key.
ssh(1), ssh-agent(1) and sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps.
sftp(1): update progressmeter when data is acknowledged, not when it's sent. (bz#2108)
ssh(1) and ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd. (bz#2125)
ssh(1): reset the order in which public keys are tried after partial authentication success.
ssh-agent(1): clean up socket files after SIGINT when in debug mode. (bz#2120)
ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations. (bz#2122)
ssh(1): set TCP nodelay for connections started with -N. (bz#2124)
ssh(1): correct manual for permission requirements on ~/.ssh/config. (bz#2078)
ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. (bz#1917)
ssh(1): properly detach a ControlPersist master from its controlling terminal.
sftp(1): avoid crashes in libedit when it has been compiled with multi-byte character support. (bz#1990)
sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. (bz#1976)
ssh(1): fix incomplete bzero. (bz#2100)
sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges.
Many improvements to the regression test suite. In particular log files are now saved from ssh(1) and sshd(8) after failures.
Fix a number of memory leaks. (bz#1967, bz#2096 and others)
sshd(8): fix public key authentication when a :style is appended to the requested username.
ssh(1): do not fatally exit when attempting to cleanup multiplexing-created channels that are incompletely opened. (bz#2079)
Over 7,800 ports, major stability improvements in the package build process
The parallel ports builder is better at catching up errors on older slower platforms, thus allowing release engineers to better concentrate on real errors.
Many pre-built packages for each architecture:
i386: 7976
sparc64: 6959
alpha: 6062
m68k: 3862
sh: 989
amd64: 7941
powerpc: 7483
m88k: 3951
sparc: 4823
arm: 5582
hppa: 6607
vax: 2226
mips64: 6739
mips64el: 6306
Some highlights:
GNOME 3.8.3
KDE 3.5.10
Xfce 4.10
MySQL 5.1.70
PostgreSQL 9.2.4
Postfix 2.10.1
OpenLDAP 2.3.43 and 2.4.35
Mozilla Firefox 3.6.28 and 22.0
Mozilla Thunderbird 17.0.7
GHC 7.6.3
LibreOffice 4.0.4.2
Emacs 21.4 and 24.3
Vim 7.3.850
PHP 5.2.17 and 5.3.27
Python 2.7.5 and 3.3.2
Ruby 1.8.7.374, 1.9.3.448 and 2.0.0.247
Tcl/Tk 8.4.20, 8.5.14 and 8.6.0
JDK 1.6.0.32 and 1.7.0.21
Mono 2.10.9
Chromium 28.0.1500.45
Groff 1.22.2
Go 1.1.1
GCC 4.6.4 and 4.8.1
LLVM/Clang 3.3
Node.js 0.10.12
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.14.1 + patches, freetype 2.4.12, fontconfig 2.10.91, Mesa 7.11.2, xterm 293, xkeyboard-config 2.7 and more)
Gcc 4.2.1 (+patches), 3.3.6 (+ patches) and 2.95.3 (+ patches)
Perl 5.16.3 (+ patches)
Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
Nginx 1.4.1 (+ patches)
OpenSSL 1.0.1c (+ patches)
SQLite 3.7.17 (+ patches)
Sendmail 8.14.7, with libmilter
Bind 9.4.2-P2 (+ patches)
NSD 3.2.15
Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
Sudo 1.7.2p8
Ncurses 5.7
Heimdal 1.5.2 (+ patches)
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)
Less 444 (+ patches)
Awk Aug 10, 2011 version

New in OpenBSD 5.3 (May 1, 2013)

Improved hardware support, including:
New driver oce(4) for Emulex OneConnect 10Gb Ethernet adapters.
New driver rtsx(4) for the Realtek RTS5209 card reader.
New driver mfii(4) for the LSI Logic MegaRAID SAS Fusion controllers.
New driver smsc(4) for SMSC LAN95xx 10/100 USB Ethernet adapters.
New drivers for Toradex OAK USB sensors: uoaklux(4) (illuminance), uoakrh(4) (temperature and relative humidity) and uoakv(4) (+/- 10V 8channel ADC).
New drivers for virtio(4) devices: vio(4) (network), vioblk(4) (block devices, attaching as SCSI disks) and viomb(4) (memory ballooning).
Support for Adaptec 39320LPE added to ahd(4).
Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in bge(4).
Intel X540-based 10Gb Ethernet devices supported in ix(4).
Support for SFP+ hot-plug (82599) and various other improvements in ix(4).
TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in vr(4).
Baby jumbo frames supported in vr(4) and sis(4) useful for e.g. MPLS, vlan(4) tag stacking (QinQ) and RFC4638 pppoe(4).
TCP RX Checksum offload in gem(4).
Improvements for NICs using 82579/pch2 in em(4).
Flow control is now supported on bnx(4) 5708S/5709S adapters, gem(4) and jme(4).
Power-saving clients supported in hostap mode with acx(4) and athn(4).
A cause of RT2661 ral(4) wedging in hostap mode was fixed.
iwn(4) supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).
Improvements to ahci(4).
Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters.
Elantech touchpads supported in pms(4) and synaptics(4).
Support for "physical devices" on skinny mfi(4) controllers.
VMware emulated SAS adapters supported by mpi(4).
Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.
Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors.
amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100.
ulpt(4) can now upload firmware to certain HP LaserJet printers.
Added stat clock to Loongson machines, improving accuracy of CPU usage statistics.
CPU throttling supported on Loongson 2F.
Support for Apple UniNorth and U3 AGP added to agp(4).
DRM support for macppc.
Generic network stack improvements:
Restriction on writing to trunk(4) member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).
UDP support added to sosplice(9) (zero-copy socket splicing).
IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an ifconfig(8) flag).
ifconfig(8) hwfeatures displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).
Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes.
Routing daemons and other userland network improvements:
OpenBSD now includes npppd(8), a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.
New standalone tftp-proxy(8) to replace the old inetd(8)-based implementation.
SNMPv3 supported in snmpd(8).
bgpd(8) is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).
bgpd(8) now handles client side of "graceful restart".
bgpd(8) can now filter based on the NEXTHOP attribute.
A stratum can now be assigned to hardware sensors in ntpd(8).
authpf(8) now supports the use of per-group rules files.
ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".
ftp(1) client's mput command allows to upload a directory tree recursively using the -r switch.
relayd(8) has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).
The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).
iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in draft-gont-opsec-vpn-leakages.
dhclient(8) improvements:
dhclient-script eliminated, all configuration is done with ioctl's and routing sockets.
interface configuration is much faster.
HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.
interface hardware address changes are detected and cause dhclient to restart.
dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
rejected offers no longer prevent dhclient from trying recorded leases and going daemon.
cleanup of routing tables when starting and exiting is more complete.
log messages cleaned up and reduced.
dhclient is automatically placed in the routing domain of the interface.
incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST.
resolv.conf.tail read only once, at startup.
both OFFER and ACK packets that lack required options are rejected.
file names passed to '-L' and '-l' are constrained to be regular files.
bind success reported after binding complete, not when it is started.
privileged process daemonizes, eliminating its controlling terminal.
STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified.
all existing addresses on the interface are deleted when binding a new lease.
leases which would cause routing problems because another interface is already configured with the same subnet are rejected.
premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
permanent ARP cache entries are no longer deleted during binding.
allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.
dhcpd(8) and dhclient recognize the same list of dhcp options.
hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
hand-rolled date string construction replaced with strftime(3) invocations.
hand-rolled '%m' option replaced with strerror(3) invocations.
many other internal code improvements.
pf(4) improvements:
The divert(4) socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction.
Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP.
PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters.

New in OpenBSD 4.9 (May 1, 2011)

New/extended platforms:
OpenBSD/amd64 and OpenBSD/i386:
Enabled NTFS by default (read-only) on GENERIC kernels.
Enabled the vmt(4) driver by default for VMWare tools support as a guest.
SMP kernels can now boot on machines with up to 64 cores.
Maximum allocation size for i386 bumped to 2G.
Handle >16 disks when searching for kernel boot device.
Added support for AES-NI instructions found in recent Intel processors.
Further improvements in suspend and resume.
Processes are now switched to TSS per cpu on the amd64 platform, resulting in removal of the old limit of ~4000 processes.
OpenBSD/hppa:
Multiprocessor support.
OpenBSD/loongson and OpenBSD/sgi:
All MIPS64 based platforms now use MI softfloat code, which implements all MIPS IV specified floating point operations.
OpenBSD/sparc64:
The vdsp(4) driver now supports the vDisk 1.1 protocol, allowing Solaris to run on top of an OpenBSD control domain.
Improved hardware support, including:
New vte(4) driver for RDC R6040 10/100 Ethernet devices.
New rdcphy(4) driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
New rsu(4) driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n wireless devices.
New urtwn(4) driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n wireless devices.
New utwitch(4) driver for YUREX USB twitch/jiggle of knee sensor.
Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n wireless adapters has been added to athn(4).
Support for 82583V has been added to em(4).
Support for Yukon 88E8059 has been added to msk(4).
Support for SiS191 has been added to se(4).
Support for SAS2004 has been added to mpii(4).
Support for NVIDIA MCP89 SATA has been added to pciide(4).
Support for Mobility Radeon HD 4200 has been added to radeondrm(4).
pms(4) support has been significantly reworked and expanded.
MCLGETI support has been added to xl(4).
Support for low latency interrupt modulation has been added to ix(4).
Port multiplier support has been added to ahci(4) and sili(4).
Support for Sun XVR-300 graphics has been added to radeonfb(4).
Added workaround for BCM5906 A0/1/2 controller silicon bug in bge(4).
ugen(4) can now be attached along with other drivers to multifunction devices.
umodem(4) now supports more devices.
umsm(4) now supports more mobile broadband devices.
Support for more image processing controls was added to uvideo(4).
Generic network stack improvements:
Reworking of the MCLGETI livelock algorithm to improve forwarding and host performance under high network load.
Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by relayd(8) in the next release.
Added AES-GCM support for IPsec.
Added automatic send and receive buffer scaling for TCP.
Added wpakey option to ifconfig(8) replacing wpa-psk(8).
TCP acknowledgments are no longer delayed on the loopback interface.
Network livelock counters are now exported via sysctl(3).
A radix tree sorting bug was fixed, which results in significant improvements to IPsec performance under certain conditions.
tcpdump(8) now decodes Multicast DNS (mDNS) traffic.
Wake on Lan support has been added to arp(8).
Enabled MPLS and mpe(4) by default on GENERIC kernels.
Added a mpls option to ifconfig(8) to enable MPLS on a per interface basis replacing the global sysctl knob.
OpenBGPD, OpenOSPFD and other routing daemon improvements:
bgpd(8) handles various message encoding errors more gracefully now.
Notification messages are now logged in bgpd(8).
ospfd(8) will now correctly redistribute overlapping routes.
ospfctl(8) now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.
Fixed ldpd(8)'s message parser to work on all architectures and more LDP messages are now implemented.
Various improvements in ospf6d(8).
pf(4) improvements:
The logging subsystem has been largely rewritten, now logging the translated addresses again instead of the original ones.
match log rules cause a log on the fly, showing the packet exactly as pf(4) sees it at the moment of evaluating that rule. A packet can also be logged more than once now.
match log(matches) rules allow the further rule matching to be traced.
pflog(4) now includes the original addresses and ports for packets that have been rewritten. This is also displayed by tcpdump(8).
IPsec stack audit was performed, resulting in:
Several potential security problems have been identified and fixed.
ARC4 based PRNG code was audited and revamped.
New explicit_bzero kernel function was introduced to prevent a compiler from optimizing bzero calls away.
SCSI improvements:
Improved safety when detaching SCSI devices by waiting for the completion of pending commands.
Improved hotplug support on mpi(4) and mpii(4).
Continued iopoolification of SCSI drivers, notably on umass(4) which improves the reliability and performance of multi-LUN devices.
Added vscsi(4), a driver for userland handling of SCSI device commands.
Added iscsid(8), an iSCSI initiator.
Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
Discover and honour read-only status of sd(4) devices.
Improve st(4) handling of I/O residual information.
sd(4) devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
cd(4) will now attach CDROM devices identified as non-removable.
Assorted improvements:
Enabled wide character support in ncurses(3).
Added nsd(8), an authoritative name server implementation.
Disklabel UID support improved and added to more utilities.
rarpd(8) now accepts a list of interfaces to listen on.
dhclient(8) now accepts 'egress' as an interface name, meaning whichever interface is marked as being in the 'egress' group.
dhcpd(8) no longer listens on interfaces without a broadcast address (e.g. pflog(4)).
who(1) now displays as much of the hostname as fits on the line.
tcpdump(8) now correctly handles 'net' primitives when processing pflog(4) traffic.
fdisk(8) now respects failure to read the MBR.
fdisk(8) will no longer infinitely loop when encountering an improperly constructed EBR.
disklabel(8) no longer reuses information from a failed partition addition on the next addition of the same partition.
Many unused and obsolete disktab(5) entries removed.
Enabled X11 autoconfiguration on sparc and sparc64.
Implement attribute syntax from RFC4517 and support bsdauth in ldapd(8).
New video(1) utility which can record or display images from video(4).
httpd(8) mod_headers now handles apache2 style RequestHeader directives.
UNIX-domain datagram socket support has been added to nc(1) (-uU option).
Added support for terabyte units in disklabel(8).
loongson and sgi platforms have been switched over to gcc4.
ddb cpu support was added to the sgi platform.
Fast path TLB miss handling was added to the landisk platform, resulting in a 44-50% gain in performance.
PCIe extended configuration space can now be viewed using pcidump(8) (-xxx option).
The number of spurious IPIs has been decreased on the amd64 platform, resulting in improved performance.
Numerous improvements and bug fixes to tmux(1).
Considerable robustness and interoperability improvements in the IKEv2 daemon iked(8).
Skipjack and libdes were retired from the system. CAST-128 implementation was also removed from libc.
Removed some races in the USB subsystem, substantially increasing reliability.
Added a few more compat_linux(8) system calls to make it possible for newer versions of applications, such as Skype, to execute.
OpenBSD-specific package documentation is now centralised in /usr/local/share/doc/pkg-readmes.
Install/Upgrade process changes:
Fixed the hppa CD installation process.
Added some more free firmwares to the CD media that could fit them.
Make the macppc upgrade script update the boot blocks (oddly, this had been broken a very long time and no one noticed).
Teach the install script about the configuration of 802.11 interfaces. Visible networks can be listed, and even configured for WPA.
The install script now passes collected entropy better to the system which is booted next.
Upgrade now defaults to checking only the root filesystem.
Upgrade no longer checks filesystems with a fs_passno of 0.
Upgrade now asks if it should proceed even if one or more filesystem mounts fail.
Installer now configures ntpd(8) to use all provided time source IPs.
New rc.d(8) for starting, stopping and reconfiguring package daemons:
The rc.subr(8) framework allows for easy creation of rc scripts. This framework is still evolving.
Only a handful of packages have migrated for now.
rc.local can still be used instead of or in addition to rc.d(8).
OpenSSH 5.8:
New features:
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys.
sftp(1) and sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command.
scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts.
ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys, since these are now preferred when learning hostkeys for the first time.
ssh(1) and sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. (bz#1733)
sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards.
ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races. Stale server sockets are now automatically removed. (also fixes bz#1711)
ssh(1) and sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference.
sftp(1) and scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). (bz#1147)
The following significant bugs have been fixed in this release:
ssh(1) and ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories. (bz#1809)
ssh(1): avoid NULL deref on receiving a channel request on an unknown or invalid channel. (bz#1842)
sshd(8): remove a debug() that pollutes stderr on client connecting to a server in debug mode. (bz#1719)
scp(1): pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case. (bz#1837)
sftp-server(8): umask should be parsed as octal.
sftp(1): escape '[' in filename tab-completion.
ssh(1): Typo in confirmation message. (bz#1827)
sshd(8): prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block.
sshd(8): Use default shell /bin/sh if $SHELL is "".
ssh(1): kill proxy command on fatal() (we already killed it on clean exit).
ssh(1): install a SIGCHLD handler to reap expired child process. (bz#1812)
Support building against openssl-1.0.0a
Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski.
Mandoc 1.10.9:
New integrated tbl(7) parser and renderer.
Support the roff(7) .de, .rm, and .so requests.
Support all roff code used in the standard pod2man(1) preamble.
Fully support roff quoting in man(7) documents.
Mandoc now copes with most formatting errors that used to be fatal.
Much simplified and improved reporting of errors and warnings.
Significantly improved -Thtml output quality.
The ports tree now allows ports to use either mandoc or groff to render manuals.
Over 6,800 ports, major robustness and speed improvements in package tools.
Many pre-built packages for each architecture:
i386: 6620
sparc64: 6225
alpha: 6000
sh: 3656
amd64: 6570
powerpc: 6272
sparc: 4184
arm: 5679
hppa: 5838
vax: 1068
mips64: 5492
mips64el: 5499
Some highlights:
Gnome 2.32.1.
KDE 3.5.10.
Xfce 4.8.0.
MySQL 5.1.54.
PostgreSQL 9.0.3.
Postfix 2.7.2.
OpenLDAP 2.3.43 and 2.4.23.
Mozilla Firefox 3.5.16 and 3.6.13.
Mozilla Thunderbird 3.1.7.
OpenOffice.org 3.3.0rc9.
LibreOffice 3.3.0.4.
Emacs 21.4 and 22.3.
Vim 7.3.3.
PHP 5.2.16.
Python 2.4.6, 2.5.4 and 2.6.6.
Ruby 1.8.7.330 and 1.9.2.136.
Mono 2.8.2.
Chromium 9.0.597.94.
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, freetype 2.4.4, fontconfig 2.8.0, Mesa 7.8.2, xterm 267 and more)
Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+ patches)
Perl 5.12.2 (+ patches)
Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
OpenSSL 1.0.0a (+ patches)
Sendmail 8.14.3, with libmilter
Bind 9.4.2-P2 (+ patches)
Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
Sudo 1.7.2p8
Ncurses 5.7
Heimdal 0.7.2 (+ patches)
Arla 0.35.7
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)

New in OpenBSD 4.5 (May 2, 2009)

New/extended platforms:
Initial ports to the xscale based gumstix platform and the ARM based OpenMoko
OpenBSD/sparc64
o New vdsk(4) and vnet(4) drivers provide support for virtual I/O between logical domains on Sun's CoolThreads servers, including UltraSPARC T2+ machines.
o Workstations and laptops with UltraSPARC IIe CPUs can now scale down the CPU frequency to save power.
Improved hardware support, including:
Several new/improved drivers for sensors, including:
o The cac(4) driver now has bio and sensor support.
o The mpi(4) driver now has bio and sensor support.
o New gpiodcf(4) driver for DCF77/HBG timedelta sensors through GPIO pins.
o New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
o The it(4) driver now supports IT8720F chips.
o The it(4) driver now supports FAN4 and FAN5 sensors for IT8716F/IT8718F/IT8720F/IT8726F chips.
o The owtemp(4) driver now supports Maxim/Dallas DS18B20 and DS1822 temperature sensors.
o The km(4) driver now supports AMD Family 11h processors (Turion X2 Ultra et al).
o The lm(4) driver now supports W83627DHG attachment on the I²C bus.
o The lmenv(4) driver now has better support for the fan sensors on lm81, adm9240 and ds1780 chips.
o The sdtemp(4) driver now supports ST STTS424 chips.
The em(4) driver now supports ICH9 IGP M and IGP M AMT chips, and link status detection has improved.
The sdmmc(4) driver now supports SDHC cards.
The msk(4) driver now supports Yukon-2 FE+ (88E8040, 88E8042) based devices.
The iwn(4) driver now supports Intel WiFi Link 5100/5300 devices.
The wpi(4) and iwn(4) drivers now support hardware CCMP cryptography.
The ath(4) driver now has WPA-PSK support.
age(4), a driver for Attansic L1 gigabit Ethernet devices was added.
ale(4), a driver for Atheros AR81xx (aka Attansic L1E) Ethernet devices was added.
mos(4), a driver for Moschip MCS7730/7830 10/100 USB Ethernet devices was added.
jme(4), a driver for JMicron JMC250/JMC260 10/100 and Gigabit Ethernet devices was added.
run(4), a driver for Ralink USB IEEE 802.11a/b/g/Draft-N devices was added.
auacer(4), a driver for Acer Labs M5455 audio devices was added.
ifb(4), a driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (accelerated).
wildcatfb(4), an X driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (unaccelerated).
sunffb(4), an accelerated X driver for Sun Creator, Creator 3D and Elite 3D framebuffers.
vdsk(4), a driver for virtual disks of sun4v logical domains.
vnet(4), a driver for virtual network adapters of sun4v logical domains.
vrng(4), a driver for the random number generator on Sun UltraSPARC T2/T2+ CPUs.
The vcons(4) driver is now interrupt driven.
ips(4), a driver for IBM SATA/SCSI ServeRAID controllers was added.
udfu(4), a driver for device firmware upgrade (DFU) was added.
Many improvements were made to the acpi(4) subsystem.
The umsm(4) driver supports several new EVDO/UMTS devices.
The mfi(4) driver now supports the next generation of MegaRAID SAS controllers.
New vsbic(4) driver for the MVME327A SCSI and floppy controller on mvme68k and mvme88k machines.
The re(4) driver now supports 8168D/8111D-based devices, and multicast reception on 8110SB/SC-based devices.
The ehci(4) driver now supports isochronous transfers.
S/PDIF output support has been added to the ac97(4), auich(4), auvia(4) and azalia(4) drivers.
azalia(4) mixer has been clarified and simplified, support for 20-bit and 24-bit encodings has been added.
The gbe(4) frame buffer driver now supports acceleration.
New tools:
ypldap(8), an YP server using LDAP as a backend.
xcompmgr(1) was added to xenocara.
New functionality:
The libc resolver(3) may now be forced to perform lookups by TCP only using a new resolv.conf(5) option. The nameserver declaration in resolv.conf(5) has also been extended to allow specification of non-default nameserver ports.
apropos(1) has two new options (-S and -s) to allow searching by machine architecture and manual section.
aucat(1) now has audio server capability. Audio devices can be shared between multiple applications. Applications can run natively on fixed sample rate devices or on devices with unusual encodings. Multi-channel audio devices can be split into smaller independent subdevices.
aucat(1) now has a deviceless mode, in which it can be used as a general purpose audio file format conversion utility (to mix, demultiplex, resample or reencode files).
ifconfig(8) can now list channels supported by an IEEE 802.11 device.
New views were added to systat(8): malloc, bucket and pool. Improvements were made to existing views.
vnconfig(8) can now create devices with arbitrary geometry with the new -t option.
FFS filesystems are now supported on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
Disklabels are now correctly placed and found on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
Assorted improvements and code cleanup:
malloc(3) has gained new attack mitigation measures; critical bookkeeping structures are protected at runtime using mprotect(2) and allocated at random addresses where possible.
A new version of the gdtoa code has been integrated, bringing better C99 support to printf(3) and friends.
Vastly improved C99 support in libm, including complex math support.
The sppp(4) layer and thus kernel pppoe(4) now support usernames and passwords of up to 255 characters.
Recognize and spoof disklabel entries for more FAT and FAT32 variants.
Automatically recognize tapes with 64K records.
Improve option handling in dhcpd(8).
When booting from a cd the root file system is now assumed to be on the cd, rather than always asking for the location.
Disklabels constructed from native disklabels are now subject to the same consistancy checks as all other disklabels.
No longer display geometry information for sd(4) disk drives, since it was mostly fictitious these days.
Fix handling of tftp ERROR frames so OpenBSD pxeboot can be loaded from picky tftp servers.
Many scsi(4) drivers now retry operations that can't be immediately started rather than giving up.
MBR and DPME disklabels are no longer written out with invalid checksum information in some circumstances.
Install/Upgrade process changes:
crunchgen(1) and crunchide(1) have been merged into crunchgen(8), which is now built and installed by default.
mksuncd(1) now lives in base and is installed by default.
CD-ROM installs are now supported on SGI.
Accept initial root passwords containing backslash characters.
Install now allows multiple interfaces to be configured with dhcp(8).
Upgrades now use the minimal protocols(5) and services(5) files provided on the install media.
The install media no longer contain a disktab(5) file.
Serial console speed is correctly determined on macppc.
OpenSSH 5.2:
New features:
o Added an option to ssh(1) to force logging to syslog rather than stderr.
o The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server.
o The ssh(1) ~C escape commandline now support runtime creation of dynamic port forwards.
o Support the SOCKS4A protocol in ssh(1) dynamic forwards.
o Support remote port forwarding with a listen port of '0'.
o sshd(8) now supports setting PermitEmptyPasswords and AllowAgentForwarding in Match blocks.
The following significant bugs have been fixed in this release:
o Repair a ssh(1) crash introduced in openssh-5.1 when the client is sent a zero-length banner.
o The [email protected] and [email protected] protocol extensions are now only sent to peers that identify themselves as OpenSSH.
o Avoid printing "Non-public channel" warnings in sshd(8), since ssh(1) has sent incorrect channel numbers since ~2004; make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE.
o Avoid double-free in ssh(1) ~C escape -L handler.
o Correct fail-on-error behaviour in sftp(1) batchmode for remote stat operations.
o Avoid hang in ssh(1) when attempting to connect to a server that has MaxSessions set to zero.
Over 5500 ports, minor robustness improvements in package tools.
Many pre-built packages for each architecture:
i386: 5379
sparc64: 5174
alpha: 5132
sh: 1543
amd64: 5312
powerpc: 5162
sparc: 2651
arm: 4120
hppa: 4689
vax: 1718
mips64: 3278
Some highlights:
Gnome 2.24.3.
GNUstep 1.18.0.
KDE 3.5.10.
Mozilla Firefox 3.0.6.
Mozilla Thunderbird 2.0.0.19.
MySQL 5.0.77.
OpenOffice.org 2.4.2 and 3.0.1.
PostgreSQL 8.3.6.
Xfce 4.4.3.
OpenArena 0.8.1 (only for amd64, i386 and macppc)
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.4 + patches, freetype 2.3.7, fontconfig 2.4.2, Mesa 7.2, xterm 239 and more)
Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
Perl 5.10.0 (+ patches)
Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
OpenSSL 0.9.8j (+ patches)
Groff 1.15
Sendmail 8.14.3, with libmilter
Bind 9.4.2-P2 (+ patches)
Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
Sudo 1.7
Ncurses 5.2
Latest KAME IPv6
Heimdal 0.7.2 (+ patches)
Arla 0.35.7
Binutils 2.15 (+ patches)
Gdb 6.3 (+ patches)