plus56.html

<!doctype html>
<html lang=en id=plus>
<meta charset=utf-8>
<title>OpenBSD 5.6 Changelog</title>
<meta name="description" content="OpenBSD 5.6 changes">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/plus56.html">
<style>
strong {
	color: var(--red);
	font-weight: normal;
}

h3 {
	color: var(--blue);
}
</style>

<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
5.6 Changelog
</h2>
<hr>

<p>
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the <a href="https://marc.info/?l=openbsd-cvs">archives</a>,
or use <a href="anoncvs.html#CVS">CVS</a>.

<p>
Note: <strong>Problems for which patches exist are marked in red</strong>.

<p>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>,
<a href="plus35.html">3.5</a>,
<a href="plus36.html">3.6</a>,
<br>
<a href="plus37.html">3.7</a>,
<a href="plus38.html">3.8</a>,
<a href="plus39.html">3.9</a>,
<a href="plus40.html">4.0</a>,
<a href="plus41.html">4.1</a>,
<a href="plus42.html">4.2</a>,
<a href="plus43.html">4.3</a>,
<a href="plus44.html">4.4</a>,
<a href="plus45.html">4.5</a>,
<a href="plus46.html">4.6</a>,
<a href="plus47.html">4.7</a>,
<a href="plus48.html">4.8</a>,
<a href="plus49.html">4.9</a>,
<a href="plus50.html">5.0</a>,
<a href="plus51.html">5.1</a>,
<a href="plus52.html">5.2</a>,
<a href="plus53.html">5.3</a>,
<br>
<a href="plus54.html">5.4</a>,
<a href="plus55.html">5.5</a>,
<a href="plus57.html">5.7</a>,
<a href="plus58.html">5.8</a>,
<a href="plus59.html">5.9</a>,
<a href="plus60.html">6.0</a>,
<a href="plus61.html">6.1</a>,
<a href="plus62.html">6.2</a>,
<a href="plus63.html">6.3</a>,
<a href="plus64.html">6.4</a>,
<a href="plus65.html">6.5</a>,
<a href="plus66.html">6.6</a>,
<a href="plus67.html">6.7</a>,
<a href="plus68.html">6.8</a>,
<a href="plus69.html">6.9</a>,
<a href="plus70.html">7.0</a>,
<a href="plus71.html">7.1</a>,
<br>
<a href="plus72.html">7.2</a>,
<a href="plus73.html">7.3</a>,
<a href="plus74.html">7.4</a>,
<a href="plus75.html">7.5</a>,
<a href="plus76.html">7.6</a>,
<a href="plus77.html">7.7</a>,
<a href="plus.html">current</a>.
<br>

<p>
<h3>Changes made between OpenBSD 5.5 and 5.6</h3>
<p>

<ul>
<!-- 2014/08/07 -->
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> to avoid allocating and then leaking a fresh fragment structure when a zero-length fragment is received (CVE-2014-3507).
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>: made sure the output buffer is always NUL terminated if buf_len was initially greater than zero; reject OIDs that are too long, too short, or not in proper base-127 (CVE-2014-3508).
<li>Corrected <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> test (reversed during merge of fix for CVE-2014-3509).
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> DTLS handshake message size checks (CVE-2014-3506).
<li>Stopped <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> trying to output FCGI_STDERR into error.log if there is no data.
<li>Try to parse "Status: $code" in the first response from the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> fcgi daemon, use that code as HTTP response code (fallback to 200). Possible fix for redirects in cvsweb.
<!-- 2014/08/06 -->
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> TLS downgrade (CVE-2014-3511).
<li>Fixed DTLS anonymous EC(DH) denial of service in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> (CVE-2014-3510).
<li>Made <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> correctly report "internal server error" if the very first fcgi STDOUT record has length 0.
<li>Changed <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> grammar to remove a shift/reduce conflict. "listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
<li>Added support for NOTE_EOF (for <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> EVFILT_READ filters) on NFS files.
<li>Limit the body size in client requests (eg. POST data) to 1M by default in <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>; added a configuration option to change the limit.
<li>Prevented <a href="https://man.openbsd.org/X.7">X(7)</a> server crash on zaurus (and possibly other architectures) where there is no <a href="https://man.openbsd.org/pci.4">pci(4)</a>.
<li>Provided <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> configuration options that allow the SSL certificate, key and ciphers to be specified for each server.
<li>Clear the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> public key when it is no longer needed.
<li>Configured the default <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ciphers as HIGH:!aNULL in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Restored previous <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> behaviour that allows a PEM block to be fed through the base64 decoder.
<li>Corrected some dma cleanup error paths in <a href="https://man.openbsd.org/vax/qe.4">qe(4/vax)</a>.
<li>POST support added to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Added CONTENT_TYPE environment variables (without the HTTP_prefix) to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, for use with cgi scripts .
<li>Fixed bug in server_write that broke <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> keep-alive support.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> now adjusts read/write watermarks according to the TCP send buffer. Fixes sending of large files.
<!-- 2014/08/05 -->
<li>Load the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> public/private keys in the parent process, then provide them to the privsep process via imsg. Allows keys to be moved out of <a href="https://man.openbsd.org/chroot.8">chroot(8)</a>.
<li>Added <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> support for loading the public/private key from memory, rather than directly from file.
<li>If a driver (eg <a href="https://man.openbsd.org/umct.4">umct(4)</a>) opens an interrupt pipe without callback function, made sure the correct transfer is aborted.
<li>Added <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> options for max requests per connection and timeout limit.
<li>Brought back <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> TCP/IP configuration options.
<li>Limited the number of Keep-Alive requests per <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> connection to 100.
<li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> logging to allow per-server/location log files; log files can now be owned by root.
<li>Added <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> option to specify the <a href="https://man.openbsd.org/chroot.8">chroot(8)</a> directory.
<!-- 2014/08/04 -->
<li>Enabled <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> in <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for wider testing.
<li>Temporarily moved default location of the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> SSL/TLS server key and certificate from /var/www/ to /var/www/conf/.
<li>Added "HTTPS = on" CGI variable to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Redirect <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> to https:// if SSL/TLS is enabled.
<li>Added TLS/SSL support to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, based on the recent <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> commits.
<li>Changed <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> grammar from "log [style]" to "log style [style]".
<li>Provided an <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> function that returns a server connection context.
<li>Provided an <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> utility function for loading a private/public keypair.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> will now print error message if the log files cannot be opened.
<li>Improved ressl_{read,write} handling of non-blocking reads/writes in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>
<li>Added initial <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> support for log files in /var/www/logs/.
<li>Implemented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> PATH_INFO and added DOCUMENT_ROOT.
<!-- 2014/08/03 -->
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> now also writes log messages (eg 404 Not Found) on error.
<li>Extended <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> to dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables.
<li>Add <a href="https://man.openbsd.org/ral.4">ral(4)</a> to GENERIC and RAMDISK on macppc.
<li>Fixed sys/dev/usb/ehci.c r1.162 to stop returning initialised memory on error in ehci_alloc_sqtd().
<li>Fixed sys/dev/ic/bwi.c r1.106. Prevents packet loss.
<li>Split <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> fastcgi socket path and document root options; added the SCRIPT_FILENAME CGI param with a prepended root. Fixes php-fpm that expects SCRIPT_FILENAME.
<li>Added missing <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> log call for fastcgi requests.
<li>Added another <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> log mode "connection" for a <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>-style log entry after each connection.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> now prefers getnameinfo() with NI_NUMERICHOST over inet_ntop (to include IPv6 scope ID).
<!-- 2014/08/02 -->
<li><a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> locations now inherit access log settings from the server.
<li>Made sure <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> reads fcgi padding data if any is received.
<li>Made <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> properly read from the fcgi bufferevent until it is empty.
<li>Allow <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> to specify a fastcgi TCP socket on localhost.
<li>Fixed <a href="https://man.openbsd.org/scandir.3">scandir(3)</a>-based directory auto index on NFS in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<!-- 2014/08/01 -->
<li>Use the log buffer to defer <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> logging until the connection is closed or the request completed.
<li>Added common and combined access logging to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Rewrote <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> fcgi_add_param and hand over a lot more http headers etc. to the cgi script.
<li>Correctly parse fastcgi records if <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> doesn't get the whole record in one bufferevent_read().
<!-- 2014/07/31 -->
<li>Allow <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> rebuilds to work correctly when the volume metadata has a different data offset to that currently in use.
<li>Unbroke <a href="https://man.openbsd.org/aac.4">aac(4)</a>, by re-adding uvm_extern.h for ptoa().
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> now only writes the HTTP header for the first fastcgi chunk.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> fastcgi improvements: submit QUERY_STRING, if it exists; use a proper function to create an HTTP header; use server_file_error() to detect EOF and fastcgi stream errors; disable keep-alive/persist until there is a reliable way to get the content length.
<li>Use exact on-disk inode size with ext2 filesystems.
<li>Properly evaluate <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> values only after running _rc_quirks(), because these can modify flags.
<li>In <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> debug mode, properly sort and drop duplicate entries to make output less confusing.
<li>Allow <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to specify a non-default fastcgi socket.
<li>Renamed <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> "docroot" variable to "path" (as it will be used for either files or the fastcgi socket).
<li>Added <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> configuration variable "fastcgi" to enable it per server or location.
<li>Initial fastcgi implementation for <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<!-- 2014/07/30 -->
<li>Made <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a> properly warn when an example changes and the corresponding file is found under /etc.
<li>Add <a href="https://man.openbsd.org/tradcpp.1">tradcpp(1)</a> version 0.4, a standalone traditional whitespace-preserving <a href="https://man.openbsd.org/cpp.1">cpp(1)</a>.
<li>Added <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> "location" keyword, to specify path-specific configuration in servers; made it work with name-based virtual servers.
<li>Reserve an extra file descriptor per <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> connection, instead of per request. Fixes fd accounting with persistent connections.
<!-- 2014/07/29 -->
<li>Added extended directory index options "[no] index" and "[no] auto index" to <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>.
<li>Reverted checks about RTF_LOCAL <a href="https://man.openbsd.org/route.4">route(4)</a> (userland tools are not yet ready for this).
<!-- 2014/07/28 -->
<li>Last (known) <a href="https://man.openbsd.org/msgbuf_write.3">msgbuf_write(3)</a> vs EOF fix incorporated into <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<li>Fixed I/O <a href="https://man.openbsd.org/ktrace.1">ktrace(1)</a> of <a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
<li>Pass a default media to the <a href="https://man.openbsd.org/sparc/le.4">le(4/sparc)</a> child. Allows SPARCbook system default to AUI without requiring a manual media change.
<li>Removed buggy <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> SRP code (never enabled in OpenBSD).
<li><strong>5.4, 5.5 and -current RELIABILITY FIX: Fixed possible memory exhaustion in <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> and <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, occurring on DHCP options with 0 length.</strong><br>A source code patch is available for <a href="errata54.html#013_dhcp">5.4</a> and <a href="errata55.html#009_dhcp">5.5</a>.
<li>Merged <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> packet.c r1.7 into <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> and <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>, to remove DoS attack vector.
<li>Match any relevant driver (not just whitelist) for <a href="https://man.openbsd.org/X.7">X(7)</a> "aperture needed" detection.
<!-- 2014/07/27 -->
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
<li>Made <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> log libraries in a proper way.
<li>Stopped <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> assuming in -Tutf8 output mode that a non-breaking space character has width 0.
<!-- 2014/07/26 -->
<li>Fixed hangs during suspend when stopping secondary cpu.
<li>Reverted "adjust -C algorithm" from <a href="https://man.openbsd.org/amd64/apmd.8">apmd(8/amd64)</a>, which broke suspend/resume on some machines.
<li>Fixed (very hard to reach) DoS attack vector against <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>.
<!-- 2014/07/25 -->
<li>Differentiate <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> servers by address and port, not just by address.
<li>Use a URL in the Location header of <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 3xx responses.
<li>Append mandatory Date header to each <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> response.
<li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, canonicalise the request path once without the docroot; prepend the docroot only only when it's needed.
<li>Prevent <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> keys remaining in memory after they have been expired or deleted.
<li>Stopped <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> leaking the docroot in the error message if the default index file is missing.
<li>Fixed <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> address matching of multiple server blocks with non-virtual hosts.
<li>Added support to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> for "virtual hosts" (aka. server blocks).
<li>Added "root" configuration option to <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>.
<!-- 2014/07/24 -->
<li>Sped up boot sequence by deferring scan of xt keyboard code set by <a href="https://man.openbsd.org/pckbd.4">pckbd(4)</a>.
<li>Made <a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a> sort result pages first by section number, then by name.
<li>Provide <a href="https://man.openbsd.org/eeprom.8">eeprom(8)</a> on the sparc installation media.
<li>Build machinery added to build <a href="https://man.openbsd.org/eeprom.8">eeprom(8)</a> for the installation media on relevant arches.
<li>Unbreak <a href="https://man.openbsd.org/route.4">route(4)</a> flush: skip local (RTF_LOCAL) routes when flushing.
<li>Reverted ssp-strong from <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> on arm, which exposed too many bugs in <a href="https://man.openbsd.org/ports.7">ports(7)</a>.
<li>Plugged <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
<li>Provided a dropdown entry "All Architectures" to <a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a> and made it the default.
<!-- 2014/07/23 -->
<li>When <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> is canonicalising the path, fail on truncation.
<li>Made <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> redirect with 301 if a directory name was requested without the trailing slash.
<li>First attempt at having <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> verify request path and access permissions.
<li>In <a href="https://man.openbsd.org/getaddrinfo_async.3">getaddrinfo_async(3)</a> and similar, made queries fail when the hostname param is an empty string.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> level_add_node(), do not free objects on cleanup which are still being referenced by other objects.
<li>Made sure <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> PEM_def_callback() correctly handles negative buffer sizes.
<li>Removed lynx from the base system (available in <a href="https://man.openbsd.org/packages.7">packages(7)</a> instead).
<li><a href="https://man.openbsd.org/Mandoc.1">Mandoc(1)</a> security fix: after decoding numeric or one-character escape sequences, HTML-encode resulting character.
<li>Correctly shutdown the servers when the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> process is terminating. Prevents a crash on exit.
<li>On octeon, correctly drain and destroy the bufq upon detach.
<!-- 2014/07/22 -->
<li>Adjusted <a href="https://man.openbsd.org/apmd.8">apmd(8)</a> -C algorithm to be more aggressive in scaling up cpu speed.
<li>Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
<li><a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a> security fixes, to prevent XSS attacks.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
<li>Enable <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> in the builds for more testing (not finished but can serve static files).
<li>Added initial <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> example for <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<!-- 2014/07/21 -->
<li>Added the <a href="https://man.openbsd.org/X.7">X(7)</a> "aperture needed" test to <a href="https://man.openbsd.org/vgafb.4">vgafb(4)</a>, to match vga@pci.
<li>Corrected the initialiser for tunnconf_default_pptp in <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>.
<li>Reduced amount of messages from key_load_private_pem during <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> hostbased auth.
<li>Made <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> preserve manpath and arch in .Xr links.
<li>Reverted <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> up/down wheel emulation.
<li>Stopped the installer setting (obsolete) <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
<li>Made <a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a> match RFC 2616, so the "Location: response-header" field is an absolute URI.
<li>Dropped explicit <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> support for F13-F20; match the <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> <a href="https://man.openbsd.org/terminfo.5">terminfo(5)</a> entry.
<!-- 2014/07/20 -->
<li>Stopped kprintf in <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> accepting the &lt;number>$ flags (as <a href="https://man.openbsd.org/printf.9">printf(9)</a> doesn't support them).
<li>When amd64/i386/loongson hibernate, look up correct device when using <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>.
<li>Updated to pixman 0.32.6
<li>Support hibernating to <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> crypto volumes on amd64/i386/loongson.
<li>Fix <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> display of logical link control data in IEEE802 frames.
<li><a href="https://man.openbsd.org/acpi.4">acpi(4)</a> now ignores region marked as "Preserve" if all bits will be modified. Fixes hang on some Sony and Asus laptops.
<li>Always allocate <a href="https://man.openbsd.org/bwi.4">bwi(4)</a> ring descriptors below the 1GB boundary. Fixes "intr fatal TX/RX" errors.
<li>On <a href="https://man.openbsd.org/bwi.4">bwi(4)</a>, make bwi_dma_mbuf_create() use the correct loop counter in error case.
<li>Load <a href="https://man.openbsd.org/bwi.4">bwi(4)</a> firmware once, not every time the interface is brought up. Fixes a panic.
<li>Fixed array overflow in <a href="https://man.openbsd.org/telnet.1">telnet(1)</a> command line handling
<li>When <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> is started by <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>: no longer start in background mode; return from rc_start() if <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> failed to start; execute <a href="https://man.openbsd.org/spamd-setup.8">spamd-setup(8)</a> without explicitly waiting for <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>.
<li>Fixed auto-upgradable file detection by <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>.
<!-- 2014/07/19 -->
<li>Aligned <a href="https://man.openbsd.org/telnet.1">telnet(1)</a> with the manpage by making the "-a" use <a href="https://man.openbsd.org/getlogin.2">getlogin(2)</a>; ignore value if it returns a nonexistent user.
<li>Flensed the <a href="https://man.openbsd.org/telnet.1">telnet(1)</a> code base of support for ancient protocols and systems.
<li>On loongson, fixed Lemote reboot issue and <a href="https://man.openbsd.org/usb.4">usb(4)</a> problems on Gdium models.
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> security fixes: validate name of file before opening; only allow relative filenames starting with "man" or "cat" and not containing "/.." or "../"; validate the manpath up front, report a Bad Request if it is not listed in manpath.conf; in case of configuration errors, only report "Internal Server Error".
<!-- 2014/07/18 -->
<li>Fixed <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a> range, to unbreak "-pass fd:0" in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Cleaned up portable <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> fork detection code; let it take advantage of systems with healthy <a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a>.
<li>Stopped <a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a> using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
<li>Removed dev/log AF_UNIX sockets from various <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> spaces, since <a href="https://man.openbsd.org/syslog.3">syslog(3)</a> messages are now sent via <a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
<li>Fixed <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> sorted output.
<li>When <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> MAN_DIR or manpath.conf do not exist or are empty, <a href="https://man.openbsd.org/exit.3">exit(3)</a> in a controlled way.
<li>Fixed privilege separation in <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>.
<li>In <a href="https://man.openbsd.org/bnx.4">bnx(4)</a>, implemented EFBIG handling for heavily fragmented packets on the tx path.
<!-- 2014/07/17 -->
<li>In <a href="https://man.openbsd.org/dump.8">dump(8)</a>, allow files-to-dump to be a duid.
<li>On sgi, optimised use of external L2 cache handling on the few Indy/Indigo2 systems which have it.
<li>Unbroke <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> script for <a href="https://man.openbsd.org/smapd.8">smapd(8)</a> after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
<li>Zero out the random buffer for <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a> and the entropy buffer.
<li>Made sure the biglock is held on i386 when running interrupt handlers (which rely on it).
<li>Reflect stdio-forward ("ssh -W host:port ...") failures in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> exit status (bz#2255).
<li>In x509_vfy.c, free sktmp when it's no longer needed. Fixes many memory leaks in <a href="https://man.openbsd.org/ssl.3">ssl(3)</a>.
<!-- 2014/07/16 -->
<li>Added <a href="https://man.openbsd.org/mpbios.4">mpbios(4)</a> to RAMDISK_CD on i386/amd64, so bsd.mp is selected when installing to Soekris net6501.
<li>Implemented file descriptor accounting in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> for single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests.
<!-- 2014/07/15 -->
<li>Added <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> support for unix domain socket forwarding.
<!-- 2014/07/14 -->
<li>Updated to xf86-video-neomagic 1.2.8.
<li>Enable ext2fs support on RAMDISK_CD.
<li>Converted <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to libressl.
<li>Removed <a href="https://man.openbsd.org/securelevel.7">securelevel(7)</a> variable from <a href="https://man.openbsd.org/rc.8">rc(8)</a>.
<li>powerdown=YES removed from <a href="https://man.openbsd.org/reboot.8">reboot(8)</a>.
<li>Updated to <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> version 309.
<!-- 2014/07/13 -->
<li>Fixed timeouts in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> when one connection is spliced and one non-spliced.
<li>Added configuration handling for certificate and key files to libressl.
<li><a href="https://man.openbsd.org/KASSERTMSG.9">KASSERTMSG(9)</a>: new function for a kernel assertion with message.
<li>Fixed sched_stop_secondary_cpus() to properly drain run queues from CPUs.
<li>Display zero page hit and miss counters in <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a> -s.
<li>Show an error if cmd_find_session can't find the current <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> session.
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> close a connection when it receives an EOF.
<li>If a client is killed while suspended with ^Z, <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> will no longer try to resume it.
<li>Removed all crypt choices other than bcrypt from <a href="https://man.openbsd.org/adduser.8">adduser(8)</a>.
<li>When using NAT or redirects, recalculate the checksum of reassembled IPv6 fragments before the packet is refragmented.
<li>Fixed path MTU discovery with <a href="https://man.openbsd.org/ping6.8">ping6(8)</a> through <a href="https://man.openbsd.org/pf.4">pf(4)</a> using nat or rdr.
<li>Introduced the PS_NOBROADCASTKILL flag that excludes processes from receiving <a href="https://man.openbsd.org/kill.1">kill(1)</a> -1 broadcast signals.
<li><a href="https://man.openbsd.org/KERNEL_ASSERT_LOCKED.9">KERNEL_ASSERT_LOCKED(9)</a> function added, working towards removal of the kernel lock.
<li>Initial support to read GPT partition tables in the kernel on i386/amd64 (requires option GPT).
<li>Ensured <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> finishes writing the output before closing the connection.
<li>Fixed tight renew loop regression in <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> will now close the connection after the response is completed (no Keepalive yet).
<li>Added <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> support for media types (compatible with <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> mime.types file).
<li>Added ext4 read support.
<li>Brought man.cgi default mode closer to what <a href="https://man.openbsd.org/man.1">man(1)</a> does.
<li>Close connection/remove event handler when <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a> msgbuf_write() hits an EOF.
<li>Introduced <a href="https://man.openbsd.org/mount.8">mount(8)</a> -N option and a "net" mount option, and matching <a href="https://man.openbsd.org/fsck.8">fsck(8)</a> -N flag.
<li>Updated <a href="https://man.openbsd.org/glxinfo.1">glxinfo(1)</a> and <a href="https://man.openbsd.org/glxgears.1">glxgears(1)</a> to version in mesa demos 8.2.0.
<li>Better <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> error messages.
<!-- 2014/07/12 -->
<li>Added <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, a simple web server (preliminary version).
<li><a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> now indicates if aperture driver is required by <a href="https://man.openbsd.org/X.7">X(7)</a>. Used by installer for <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> machdep.allowaperture setting.
<li>Fixed <a href="https://man.openbsd.org/usb.4">usb(4)</a> connect freeze on octeon, by clearing the host port interrupt.
<li>Resize inpcb hashtable automatically.
<li>Removed <a href="https://man.openbsd.org/udfu.4">udfu(4)</a>.
<li>Updated to xf86-video-modesetting 0.9.0.
<li>On octeon, fixed root hub descriptors by matching <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>'s descriptors.
<li>In <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, use <a href="https://man.openbsd.org/sha256.1">sha256(1)</a> for compared files.
<li>Rework <a href="https://man.openbsd.org/zyd.4">zyd(4)</a>'s register read/write methods to eliminate race conditions.
<li>Fixed <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> after autoconf6 change so "rtsol" lines in <a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> work again.
<li>Always create a local <a href="https://man.openbsd.org/route.4">route(4)</a> for every configured IPv4 address on the machine; made sure the local <a href="https://man.openbsd.org/route.4">route(4)</a> is removed during an address change (stops <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
<li>Use <a href="https://man.openbsd.org/imsg.3">imsg(3)</a> between the privileged and the non-privileged <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> processes.
<li>Fixed <a href="https://man.openbsd.org/whatis.1">whatis(1)</a>, to correctly match words instead of any substrings; provide an internal mode for <a href="https://man.openbsd.org/mandoc/man8/man.cgi.8">man.cgi(8)</a>.
<li>Removed <a href="https://man.openbsd.org/qli.4">qli(4)</a> (never enabled and was unfinished).
<li>Made <a href="https://man.openbsd.org/rc.conf.8">rc.conf(8)</a> a parsed configuration file; stop sourcing it as a shell script.
<li>Updated to libICE 1.0.9 and libXft 2.3.2.
<li>Add a function to drop all clean pages on the <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> page daemon queues; call it when we hibernate.
<li>Moved macppc <a href="https://man.openbsd.org/abtn.4">abtn(4)</a> driver from workq to taskq.
<li>Only detach the <a href="https://man.openbsd.org/usb.4">usb(4)</a> device that has been disconnected, to fix a regression.
<!-- 2014/07/11 -->
<li>Implemented checksum offload for <a href="https://man.openbsd.org/divert.4">divert(4)</a>.
<li>Allowed <a href="https://man.openbsd.org/acpitz.4">acpitz(4)</a> to accept a temperature reading of 0 degC (fixes some machines with "failed to read _TMP" errors).
<li>Stopped <a href="https://man.openbsd.org/acpitz.4">acpitz(4)</a> reporting bogus temperature values (temperatures > 4,000 degC) and therefore shutting down the machine.
<li>Initial version of libressl; provide LIBRESSL_VERSION_NUMBER to detect versions distinct from OPENSSL_XXX.
<li>Limit <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> HTTP header length to 8K (based on the default of 4-8K common in web servers).
<li>In <a href="https://man.openbsd.org/boot.9">boot(9)</a>, purged curproc-overriding hacks.
<li><a href="https://man.openbsd.org/bluetooth.4">bluetooth(4)</a> support removed (code did not work properly anyway).
<li>Better <a href="https://man.openbsd.org/m4.1">m4(1)</a> error handling in mkstemp/unlink/fdopen logic.
<li>Started reducing the attack surface of <a href="https://man.openbsd.org/lynx.1">lynx(1)</a> (gopher, news, and dired left enabled for now).
<li>Enabled interrupt routines on octeon.
<li>Added <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a> options for disallowing client-initiated renegotiations and to prefer the server's cipher list.
<li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> support for EDH to provide perfect forward secrecy for older <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> clients.
<li>Stopped DHCPINFORM in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> looking up the lease database, filling the yiaddr field, or including lease time parameters.
<li>Introduced IFXF_AUTOCONF6 interface and removed net.inet6.ip6.accept_rtadv from <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>.
<li>Allow IFXF_AUTOCONF6 to be set and cleared via <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>On <a href="https://man.openbsd.org/rtsold.8">rtsold(8)</a>, turned AFXF_AUTOCONF6 on.
<li>Placed the first examples into the new /etc/examples directory.
<li>Documentation update for libcrypto and <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Prevent infinite loop during <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> configuration file parsing (PR #2985).
<li>In ssl3_get_cert_verify(), accommodate <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> RSA keys larger than 4096-bit (PR #319).
<li>Fixed copy for CCM, GCM and XTS (<a href="https://man.openbsd.org/ssl.8">ssl(8)</a> PR #3272).
<li>Added machine independent <a href="https://man.openbsd.org/reboot.9">reboot(9)</a> function.
<li>Removed redundant check and wrong fix from <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a>: fat.c checks already take care of cluster chains.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> asn1_get_length(), tolerate leading zeroes in BER encoding (PR #2746).
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> EVP_PBE_alg_add don't use the underlying NID for the cipher, as it may have a non-standard key size (PR #3206).
<li>By popular demand, added back hamc-sha1 to <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> protocols (still used by many clients).
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> OID encoding for single components (PR #2556).
<li>More <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> memory leaks and unchecked allocations fixed (PR #3403).
<li>Made sure BN_sqr never returns negative numbers (<a href="https://man.openbsd.org/ssl.8">ssl(8)</a> PR #3400).
<li>Let <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> accept CCS again after "finished" has been sent by the client. Avoids failed renegotiations (PR #3400).
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> dtls1_clear_queues(), free buffered_add_data.q correctly (PR #3286).
<li>Fixed version number processing in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> cms_sd_set_version() (PR #3249).
<li>Removed <a href="https://man.openbsd.org/rdist.1">rdist(1)</a>.
<li>Avoid panic on alpha when using network card with a small number of tx descriptors per packet, a lot of memory, and a heavily fragmented packets.
<li>When looking for the issuer of a <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> X.509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359).
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ssl3_get_client_key_exchange() parsing a GOST session key, invoke the regular ASN.1 parser (PR #3335).
<li>Removed RFC4620 Node Information Query support from the kernel.
<li>Made <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> CMS_decrypt_set1_pkey() return an error if no recipient type matches, instead of returning a random key (PR #3348).
<li>Fixed missing initialisation in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> (PR#3289 and #3345).
<li>Simplified <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> code that handles the HTTP headers. Fixes some issues (e.g. handling of multiple "Set-Cookie" headers).
<li>Don't hold the kernel lock while halting a processor.
<li>New CPU_BUSY_CYCLE() function, so the CPU can reduce power consumption in busy loops.
<li>Synchronised zaurus's <a href="https://man.openbsd.org/boot.9">boot(9)</a> with all others by having it call if_downall().
<li>Added -u option to <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>. Binds UDP port to answer DHCPINFORM from clients on non-ethernet interfaces (eg. <a href="https://man.openbsd.org/tun.4">tun(4)</a> or <a href="https://man.openbsd.org/pppx.4">pppx(4)</a>).
<li>Converted <a href="https://man.openbsd.org/bus_dmamem_map.9">bus_dmamem_map(9)</a> to <a href="https://man.openbsd.org/km_alloc.9">km_alloc(9)</a>, to fail (not sleep) if the allocator cannot obtain a lock when BUS_DMA_NOWAIT is specified.
<li>Updated to <a href="https://man.openbsd.org/Xserver.1">Xserver(1)</a> version 1.15.2.
<li>Corrected readlink termination in <a href="https://man.openbsd.org/csh.1">csh(1)</a>.
<!-- 2014/07/10 -->
<li>Using -U command-line option, allow <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to change its user agent for HTTP(S) URL requests.
<li>Flush the buffercache to 16MB on hibernate and restore its previous max size (kern.bufcachepercent) on resume. Better hibernate performance.
<li>Set cold to 1 before executing the DVACT_POWERDOWN handlers when halting or rebooting a machine. Avoids panic on macppc with <a href="https://man.openbsd.org/uhci.4">uhci(4)</a> cardbus.
<li>Fixed panic seen when unplugging a cardbus <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>, <a href="https://man.openbsd.org/ohci.4">ohci(4)</a> or <a href="https://man.openbsd.org/uhci.4">uhci(4)</a>.
<li>Taught <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> that uninitialised values (-1) in FSInfo are valid.
<li><a href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a> fixes: always put boot signature at end of 512 byte sector, even on disks with larger sector sizes; do not point at a cluster that is in use; avoid out of boundary access when checking invalid long filenames; validate number of FATs; validate critical file system info.
<li>Improved <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> scheduler: can now return envelopes of different types in a single run (interlaced to avoid batch effects); send envelopes at a rate that the queue can sustain; limit the number of envelopes in a holdq (excess returned to pending queue).
<li>Return RSN (WPA) information to userland during <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> wireless scan; show whether a wireless network uses WEP or WPA.
<li><a href="https://man.openbsd.org/m4.1">m4(1)</a> will now annotate regexp error messages with the source string.
<li>Stop using a shutdown hook for <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> and explicitly shutdown the disciplines right after vfs_shutdown().
<li>Added bus and root hub routines to octeon, to prevent panic at attach.
<li>Made <a href="https://man.openbsd.org/usbdevs.8">usbdevs(8)</a> correctly report devices connected to <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
<li>Fixed missing allocation checks and potential NULL pointer dereference in the error path in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> PEM_X509_INFO_read_bio().
<li><a href="https://man.openbsd.org/vic.4">vic(4)</a> now records the size of the rx rings so we can wrap around them correctly. Fixed a panic.
<li>Added internal buffering for <a href="https://man.openbsd.org/dump.8">dump(8)</a>. Ensures all requested data is actually read from the device when they have non-512 byte sectors.
<li>Removed bogus preprocessor statements (trying to pick the largest integer type for BF_LONG, MD[45]_LONG and SHA_LONG) from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Removed compression from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/07/09 -->
<li>Simplified the way <a href="https://man.openbsd.org/divert.4">divert(4)</a> sends packets to userspace.
<li>When <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> is copying structures via imsg, ensured contents do not contain bogus pointer values.
<li>Merged in mesa 10.2.3.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ocsp_lib.c, reset host, port and path to null after freeing so the caller doesn't accidentally free them again.
<li>Removed <a href="https://man.openbsd.org/mkstr.1">mkstr(1)</a> and <a href="https://man.openbsd.org/xstr.1">xstr(1)</a>.
<li>Replace <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> protocol directives for HTTP with a new generic filtering language (grammar inspired by <a href="https://man.openbsd.org/pf.4">pf(4)</a>).
<li>Fixed resume time page table issue on amd64 if the piglet was located above 1GB physical (caused by using an incorrect page size mask).
<li>Cleaned up and simplified <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> SSL_CIPHER_description by always using <a href="https://man.openbsd.org/asprintf.3">asprintf(3)</a>.
<li>Added daemon_timeout variable to <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> and <a href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a> (sets maximum time to wait for actions to return).
<li>Fixed crash in <a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a> while loading more than one key.
<li>Fixed classless-{ms-,}static-routes in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> to comply RFC 3442.
<li>Added "no-dsn" listener option <a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>, which disables DSN extension.
<li>Suspend kernel's stack smash guard to avoid panicking during unpack.
<li>Fixed i386/amd64 hibernate issue where kernel lock acquisition was started but not completed.
<li>Removed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> "export" cipher handling.
<li><a href="https://man.openbsd.org/ncheck_ffs.8">ncheck_ffs(8)</a> now accepts duid for the filesystem argument.
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> config parser improvements: fail if the same option is specified multiple times on a listener; prompt for queue encryption key after (not during) <a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a> parsing; added ip addresses to localnames table.
<li><a href="https://man.openbsd.org/bpf.4">bpf(4)</a> code simplification.
<li>Set <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> default of net.inet6.icmp6.nodeinfo to 0, disabling responses to RFC4620 IPv6 Node Information Queries.
<li>Fixed <a href="https://man.openbsd.org/boot.8">boot(8)</a> -d on amd64 and i386.
<!-- 2014/07/08 -->
<li>Updated to <a href="https://man.openbsd.org/lynx.1">lynx(1)</a> version 2.8.8rel2, keeping local changes.
<li>Downgraded more <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> error() to debug(). Suppresses spurious errors with hostbased authentication enabled.
<li>More useful <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> error message when GLOB_NOSPACE occurs (bz#2254).
<li>While filling the rx ring, stopped <a href="https://man.openbsd.org/bnx.4">bnx(4)</a> and <a href="https://man.openbsd.org/msk.4">msk(4)</a> being too smart in avoiding overuse of file descriptors.
<li>Marked the weakened <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> 40-bit export ciphers as invalid.
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> now sends correct imsg when enabling profiling at runtime.
<li>Removed <a href="https://man.openbsd.org/asa.1">asa(1)</a>.
<li>Fixed a double free bug in parsing <a href="https://man.openbsd.org/npppd.conf.5">npppd.conf(5)</a>.
<li>Stopped <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> accessing freed memory when it is exiting.
<li>Define SMALL_REGISTER_BANK in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> on arm and vax. Generates faster code (vax 30% faster).
<li>Various <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> queue improvements.
<li>Made sure to clear the WAIT flag when cancelling the <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> MTA connector timeout.
<li>Pulled the rx ring accounting out of the <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> layer. Simplifies the allocation paths.
<!-- 2014/07/07 -->
<li>On <a href="https://man.openbsd.org/em.4">em(4)</a>, bus_dmamap_sync the rx ring once per em_rxeof call, rather than for every rx descriptor.
<li>Stopped <a href="https://man.openbsd.org/em.4">em(4)</a> stalling the entire tx path when it encounters a heavily fragmented packet.
<li>Cleaned up <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> ERROR messages related to document structure and macros.
<li>Run <a href="https://man.openbsd.org/getuid.2">getuid(2)</a>, <a href="https://man.openbsd.org/getgid.2">getgid(2)</a>, <a href="https://man.openbsd.org/getresuid.2">getresuid(2)</a>, <a href="https://man.openbsd.org/setreuid.2">setreuid(2)</a> and <a href="https://man.openbsd.org/setuid.2">setuid(2)</a> without the kernel lock.
<li>Stopped <a href="https://man.openbsd.org/pckbc.1">pckbc(1)</a> printing warnings for mouse interrupts when running bsd.rd.
<li>In <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, restored the progress meter for large files.
<li>Stopped <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> unnecessarily deleting any content from .Rs blocks.
<li>Implemented .dei and .ami in <a href="https://man.openbsd.org/roff.7">roff(7)</a>.
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> now allows enabling profiling at runtime.
<!-- 2014/07/06 -->
<li>If <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> finds a bogus interrupt, don't panic but print a message, to workaround dodgy BIOS.
<li>Marked <a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a> with NOLOCK (it doesn't need the kernel lock).
<li>After <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> skips an escape sequence with incomplete arguments, stop it discarding the rest of the string.
<li>Fixed expansion of escape sequences with incomplete arguments by <a href="https://man.openbsd.org/roff.7">roff(7)</a>.
<li>Fixed handling of escape sequences taking numeric arguments by <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Avoid <a href="https://man.openbsd.org/radeon.4">radeon(4)</a> segfault on device open when accel is not working.
<!-- 2014/07/05 -->
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> remote-forward cancel regression.
<li><a href="https://man.openbsd.org/ftp.1">ftp(1)</a> fixes: URL-decode user and password info before base64 encoding it for the Authorization header; eliminated COOKIE_MAX_LEN constant; renamed the "user:pass" variable from "cookie" to "credentials"; empty password is no longer an error; fixed leak of username/password memory.
<!-- 2014/07/04 -->
<li>Cleaned up -offset and -width in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>: bugfix so last one wins; do not ignore ".Bl -width" without argument.
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> will now always attempt to use tls for relaying to the primary server when acting as a backup mx.
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now always prints the OSPF router id.
<!-- 2014/07/03 -->
<li>Changed <a href="https://man.openbsd.org/kvm_getprocs.3">kvm_getprocs(3)</a> (<a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a> and <a href="https://man.openbsd.org/kvm.3">kvm(3)</a> backends) to report thread's "most active" scheduler state.
<li>Fixed <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> formatting of empty .Bl -inset item heads; show the list type in the error message.
<li>Added a <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> PermitUserRC option to control whether ~/.ssh/rc is executed (bz#2160).
<li>Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no. Allows client to choose address family (bz#2222).
<li>When <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> is rekeying, skip file/DNS lookups if it is the same as the key sent during initial key exchange (bz#2154).
<li><a href="https://man.openbsd.org/radeon.4">radeon(4)</a> now gets clocks from Open Firmware on macppc and sparc64.
<li><a href="https://man.openbsd.org/bge.4">bge(4)</a> can now cope with heavily fragmented packets when the DMA map lacks space.
<li>Stopped <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> releasing the kernel lock between issuing a wakeup and clearing the PG_BUSY and PG_WANTED flags.
<li>Made <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> "too many authentication failures" message format similar to other authentication messages (bz#2199).
<li>Reverted to r1.129 of sys/kern/subr_pool.c, as pool_init() is called before rwlocks can be used on some archs.
<li><a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> LocalCommand and ControlPath variables now expand to unique identifers (bz#2220).
<!-- 2014/07/02 -->
<li>When hashing or removing hosts using <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>, no longer choke on @revoked markers or remove @cert-authority markers (bz#2241).
<li>Standardised <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> on NI_MAXHOST for <a href="https://man.openbsd.org/gethostname.3">gethostname(3)</a> string lengths. Fixes bz#2239.
<li>Use EVP_Digest() for one-shot hash instead of creating, updating, finalising and destroying a context in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> (bz#2231).
<li>Made stdout line-buffered; saves partial output getting lost when <a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a> fatal()s part-way through (bz#2234).
<li>Only cleanup agent socket in the main <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> process, not in any subprocesses (bz#2236).
<li>Made ed25519 key titles fit properly in the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> randomart border (bz#2247).
<li>Be more careful when recreating single-precision (float) argument to service precise exceptions on m88k.
<li>Improved <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> messages about empty macros (reporting the macro names involved).
<li>Fixed fpu_compare() on m88k, so <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> correctly compare numbers to infinity.
<li>Hold kernel lock when invoking process_domem() on alpha and m88k. Fixes <a href="https://man.openbsd.org/ptrace.2">ptrace(2)</a> operation on MP kernels.
<li>Added support for adjusting the receive filter to allow for promiscuous mode/multicast traffic by <a href="https://man.openbsd.org/armv7/imx.4">imx(4/armv7)</a>.
<li>Revised change made in pk7_doit.c r1.20 in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>. Fixes detached signature processing.
<li>Made sure <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> session sockets are not cleared in the <a href="https://man.openbsd.org/daily.8">daily(8)</a> tmp cleanup.
<li>Fixed the column numbers associated with in_line_argn() macros in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li><a href="https://man.openbsd.org/kdump.1">kdump(1)</a> now properly processes <a href="https://man.openbsd.org/minherit.2">minherit(2)</a> flags.
<!-- 2014/07/01 -->
<li>Improved "skipping paragraph macro" messages in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Fixed regression in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> protocol 1 to avoid fatal(); more useful status codes.
<li>Implemented obsolete <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> macros .En .Es .Fr and .Ot for backward compatibility.
<li>Clean up the warnings related to <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> document structure.
<li>Allow link-local address to be configured by "ifconfig up" if the <a href="https://man.openbsd.org/inet6.4">inet6(4)</a> address was configured beforehand.
<li>Fixed panic seen when trying to remove a <a href="https://man.openbsd.org/route.4">route(4)</a> with a 0.0.0.0 destination.
<li>Turned <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> out-of-order extraction back on; activated out-of-order archives based on history.
<!-- 2014/06/30 -->
<li><a href="https://man.openbsd.org/scsi.8">scsi(8)</a> io can now run through the midlayer without the kernel biglock.
<li>Fixed <a href="https://man.openbsd.org/roff.7">roff(7)</a> control flow keywords \{ and \} when they immediately follow a request or macro name.
<li><a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> af-to rules no longer need to specify the address family after "pass".
<li>Suppressed spurious <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> error message when loading key with a passphrase.
<li>Attach HFSC only after it's been initialised. Fixes the "integer divide fault trap" bug.
<!-- 2014/06/29 -->
<li>Major cleanup in <a href="https://man.openbsd.org/roff.7">roff(7)</a> .de parsing routine, to correctly handle names terminated by escape sequences.
<!-- 2014/06/27 -->
<li>Fixed loading of private keys by <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Move to a smaller rbytes buffer and skip a random part in <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>, to introduce noise in the <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> calling pattern.
<li>Fixed remote forwarding in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> with same listen port but different listen address.
<li>Avoid buffer overflow when there are too many boot arguments, and on reaching maximum line length.
<!-- 2014/06/26 -->
<li>Do not redirect STDERR of <a href="https://man.openbsd.org/security.8">security(8)</a> to /dev/null, so errors in the <a href="https://man.openbsd.org/security.8">security(8)</a> script are seen.
<li>Fully remove relevant <a href="https://man.openbsd.org/carp.4">carp(4)</a> addresses when IFXF_NOINET6 is set or when the rdomain is changed.
<!-- 2014/06/25 -->
<li>Workaround compatibility problems between Intel <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> and Intel SSDs, by retrying device detection.
<li><a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> now disallows translation rules containing addresses of { <a href="https://man.openbsd.org/inet.4">inet(4)</a> <a href="https://man.openbsd.org/inet6.4">inet6(4)</a> } when the rule doesn't specify one.
<li>When the <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> daemon is launched via <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>, use a correct exit code (per <a href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>).
<!-- 2014/06/24 -->
<li>Improved messages with <a href="https://man.openbsd.org/roff.7">roff(7)</a> ".so": show the filename argument that was passed; on failure, report the file/line number.
<li>If an <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> chacha operation does not consume all of the generated key stream, save it for subsequent writes.
<li>Made TCP_NODELAY work in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/06/23 -->
<li>Removed the noaccesstime synonym for noatime in <a href="https://man.openbsd.org/mount.8">mount(8)</a>.
<li>When <a href="https://man.openbsd.org/scp.1">scp(1)</a> is copying local to remote and it fails during read, don't send uninitialised heap to the remote end.
<li>Don't fatal() <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> when hostname canonicalisation fails with a ProxyCommand in use.
<li>New <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> key API: refactored key-related functions to be more library-like (existing API now a set of wrappers).
<li>Fixed bug in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format.
<li>Made <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> version 4 emit warning when it is ignoring alignment constraints.
<li>Fixed possible crash on encountering invalid msdosfs filesystems.
<li>Disabled IPv6 on interfaces by default (a link-local address is no longer assigned by default).
<li>Use <a href="https://man.openbsd.org/bus_space.9">bus_space(9)</a> on <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> SystemMemory, to correctly access memory mapped registers.
<li>Made "<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> &lt;if> inet6 eui64" reset the NOINET6 flag (unconditionally), to ensure link-local address is assigned.
<li>Allow <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> keys and send-keys to send to invisible panes.
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> so it counts mouse clicks correctly.
<!-- 2014/06/22 -->
<li>Stopped building procfs on i386.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> BIO_get_port(), only accept valid port numbers.
<!-- 2014/06/21 -->
<li>Made sure <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> kmthread never loops without making progress.
<li><a href="https://man.openbsd.org/kill.2">kill(2)</a> an untraced process (instead of looping) if the kernel generates a deadly trap signal and it is ignored.
<li>Specify the correct strength bits for 3DES cipher suites in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/06/20 -->
<li>Protect <a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> from a link-time optimisation.
<li>In <a href="https://man.openbsd.org/ssl.3">ssl(3)</a>, wrap <a href="https://man.openbsd.org/getenv.3">getenv(3)</a> OPENSSL_ALLOW_PROXY_CERTS in an <a href="https://man.openbsd.org/issetugid.2">issetugid(2)</a> check. Stops <a href="https://man.openbsd.org/setuid.2">setuid(2)</a> applications from being fooled.
<li>Prefix error messages from <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> with "mandoc: ", so users know where messages came from.
<li>Made "S" and "E" mean the start and end to capture-pane in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Fixed incorrect bounds check in amd64 assembly version of <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> bn_mul_mont().
<!-- 2014/06/19 -->
<li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> -v display any bad checksums contained in the header and what the checksum should be.
<li>More tweaking of <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> set_basedir(): do not error out when <a href="https://man.openbsd.org/getcwd.3">getcwd(3)</a> fails; fixed the man-root-dir indicator in say().
<li>In <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>, hard fail with SIGKILL if <a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a> returns -1.
<li>Converted CRYPTO_memcmp to timingsafe_memcmp in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Improved error checking in <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> by_dir.c: set error code on error; check <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> return; added missing unlock.
<li>Fixed memory leak in <a href="https://man.openbsd.org/md5.1">md5(1)</a> digest_file() on <a href="https://man.openbsd.org/ferror.3">ferror(3)</a>.
<li>Implemented the <a href="https://man.openbsd.org/membar.9">membar(9)</a> API for powerpc.
<li>Copy newline when at EOL when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> is in <a href="https://man.openbsd.org/vi.1">vi(1)</a> mode.
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> reset the mouse buttons when the mouse wheel is used.
<li>Some terminals send spurious releases for mouse wheel in SGR mouse mode, <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> now suppresses these.
<li>Fixed black screen on lenovo ideapad yoga 2 pro using when using <a href="https://man.openbsd.org/intel.4">intel(4)</a>.
<!-- 2014/06/18 -->
<li>Restored previous <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> behaviour, where <a href="https://man.openbsd.org/fork.2">fork(2)</a> children would mix in some randomness from the parent process.
<li>Stopped <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
<li>Ensured <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> will always keep length of cluster chain up to date. Avoids out of boundary accesses.
<li>Fixed off by one in msdosfs pm_inusemap().
<li>Fixed the use of 16384-bit RSA keys by <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<!-- 2014/06/17 -->
<li>Changed SSL_COMP_add_compression_method() in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, so error cases actually return "error" rather than "success".
<li>Disallow __sysctl() in the <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> <a href="https://man.openbsd.org/systrace.1">systrace(1)</a> sandbox (as there is now a dedicated <a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a> system call for <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>).
<li>Implemented the <a href="https://man.openbsd.org/membar.9">membar(9)</a> API for hppa.
<li>Added configuration bit in <a href="https://man.openbsd.org/vio.4">vio(4)</a> flags, to workaround qemu &lt; 2.0 bug that prevented VLANs from working.
<li>Be more aggressive flushing L2 cache entries on mips64 RM7000 systems.
<!-- 2014/06/16 -->
<li>Set uart based on the io clock rate on octeon II (CN6xxx), as the rate differs from the cpu clock.
<li>Use MAP_INHERIT_ZERO in <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>, to zero out the RNG state if the process forks.
<li>Enabled <a href="https://man.openbsd.org/pci.4">pci(4)</a> power management on lemote.
<li>Reverted "Always create a local route for every configured IPv4 address" (caused regressions).
<li>Allow the autoinstaller to fetch sets from multiple locations.
<!-- 2014/06/15 -->
<li>Fixed vnode leak in <a href="https://man.openbsd.org/systrace.4">systrace(4)</a>.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> aes_gcm_cleanup(), clean the entire context (no longer leaving AES key untouched).
<li>Fixed hang with virtio event_idx feature, to cure occasional network freeze in <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
<li>Updated to xcb-util-renderutil 0.3.9.
<!-- 2014/06/14 -->
<li>Avoid infinite loop in <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> if cluster chain is a cyclic list.
<li>Fixed memory leaks in <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> bootblock handling.
<li>Fixed <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> regression in r1.16 of boot.c: write fsinfo, not block into FSInfo region.
<li>Fixed <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> regression in r1.20 of fat.c by properly incrementing a pointer.
<li>Added more bounded attributes to the buffer and md5/sha headers in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/06/13 -->
<li>Removed <a href="https://man.openbsd.org/wait.2">wait(2)</a> support for "union wait" (deprecated since 4.3BSD) and WSTOPPED (means something else now in POSIX).
<li>Stopped <a href="https://man.openbsd.org/vax/ze.4">ze(4/vax)</a> rx ring pointer stalling when running "all multicast" or <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> in promiscuous mode.
<li>Switched <a href="https://man.openbsd.org/dump.8">dump(8)</a> "blockswritten" to int64_t, so it won't wrap at 2TB.
<li>Correctly calculate the key block length in t1_enc.c and s3_enc.c when using <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> "export" ciphers.
<li>Added ChaCha20-Poly1305 based ciphersuites to <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li><a href="https://man.openbsd.org/ssl.8">ssl(8)</a> can now change cipher state with an EVP_AEAD, encrypt/decrypt TLS using the EVP_AEAD.
<li>Added <a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a> system call.
<li>Indicate in the <a href="https://man.openbsd.org/sysctl.1">sysctl(1)</a> LIVELOCKS column if there is a pending (deferred) <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> update.
<li>Fixed tcp-mss-adjust in <a href="https://man.openbsd.org/pipex.4">pipex(4)</a> and <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>.
<!-- 2014/06/12 -->
<li>Removed support for the "opaque PRF input" extension from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> (draft expired 7 years ago and never became an RFC).
<li>Added timingsafe_memcmp() to <a href="https://man.openbsd.org/memcmp.3">memcmp(3)</a>.
<li>Added MAP_INHERIT_ZERO support to <a href="https://man.openbsd.org/minherit.2">minherit(2)</a>. Provides child process with fresh, zero-initialised anonymous memory.
<li>Fixed <a href="https://man.openbsd.org/ptrace.2">ptrace(2)</a> hanging hppa and mips64 MP systems, by grab the kernel lock before cleaning up single-step breakpoints.
<li>Updated to <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> version 1.6.0 (including syslog support backported from the 1.7 branch).
<li>Disable the "switch to insertion sort" optimisation in <a href="https://man.openbsd.org/qsort.3">qsort(3)</a>. Avoids quadratic behaviour for certain inputs.
<li>Changed <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to display the full url (if possible) for unsigned packages.
<!-- 2014/06/11 -->
<li>Fixed memory leak in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> d1_lib.c.
<li>Restored the original behaviour of RTM_ADD and RTM_DELETE by always generating one message per locally configured <a href="https://man.openbsd.org/ip.4">ip(4)</a> address.
<li>Always create a local <a href="https://man.openbsd.org/route.4">route(4)</a> for every configured IPv4 address on the machine.
<li>Flag any local <a href="https://man.openbsd.org/route.4">route(4)</a> as such and make them use the highest possible priority.
<li>Created (currently unused) system taskq ("systqmp") which runs without the kernel lock (see <a href="https://man.openbsd.org/task_add.9">task_add(9)</a>).
<!-- 2014/06/10 -->
<li>Raised the low water mark in <a href="https://man.openbsd.org/em.4">em(4)</a> so the internal buffers can hold at least two jumbo frames.
<li>On i386/amd64 hibernate, don't map phys pages &lt; 64KB in the resume page table. Matches recent kernel change.
<li>Fixed off by one in <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> when writing the FAT for FAT12 filesystems.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, check return value of EVP_MD_CTX_copy_ex(). Avoids potential null pointer dereference.
<li>In <a href="https://man.openbsd.org/mtree.8">mtree(8)</a>, added ed25519 ssh host keys to /etc/mtree/special.
<li>Lowered <a href="https://man.openbsd.org/nc.1">nc(1)</a> buffers back to 16k for now, to avoid bufferbloat.
<li>Increased <a href="https://man.openbsd.org/nc.1">nc(1)</a> buffer size to 64k, and actually use the buffer.
<li>Abandoned the <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> "auto-ENGINE" /dev/crypto interface.
<li>In <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> tls1_cert_verify_mac(), avoid a possible NULL function call on ctx.final().
<li>Implemented <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> -u (user to drop privs to) and -p (path to <a href="https://man.openbsd.org/chroot.8">chroot(8)</a> to). Allows <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> to run non-chrooted.
<li>Cleaned up <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> socket creation.
<li>Multiple fixes for <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ssl3_digest_cached_records().
<li>Ensured <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ssl3_final_finish_mac() returns failure if either the MD5 or SHA1 handshake MAC calculation fails.
<!-- 2014/06/09 -->
<li>Changed <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> file copying process, to make it less likely that the PBR will change upon update.
<li>Fixed possible out of boundary access by <a href="https://man.openbsd.org/fsck_msdos.8">fsck_msdos(8)</a> if the filesystem is full or corrupt.
<!-- 2014/06/08 -->
<li>Updated to xf86-video-modesetting 0.8.1 and xf86-video-geode 2.11.15.
<!-- 2014/06/07 -->
<li>Further cleanup of context handling in <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> tls1_change_cipher_state().
<li>In <a href="https://man.openbsd.org/run.4">run(4)</a>, fixed TXWI and RXWI offset calculations so RT5592 devices function.
<!-- 2014/06/06 -->
<li>When relying on the local enqueuer, let <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> cope with long To/Cc lines. Avoids broken headers and confusing some MUAs.
<!-- 2014/06/05 -->
<li>Fixed inverted test in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> so PKCS#11 keys that are explicitly listed are preferred.
<li>Reset properly when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> c0-change-trigger is increased from zero, so panes don't get stuck.
<li><strong>5.4 and 5.5 and -current SECURITY FIXES in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> for: buffer overflow with crafted DTLS fragments (CVE-2014-0195); DTLS infinite recursion flaw with "Hello Request" (CVE-2014-0221); SSL/TLS MITM vulnerability (CVE-2014-0224); anonymous ECDH denial of service (CVE-2014-3470).</strong><br>A source code patch is available for <a href="errata54.html#012_openssl">5.4</a> and <a href="errata55.html#008_openssl">5.5</a>.
<li>Reduced amount of <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> code running as root; only error out if the creation of a needed socket failed.
<li>Moved <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> to a (slightly stripped) version of libc <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>.
<li><strong>5.4 and 5.5 and -current SECURITY FIX: improper close-on-exec flag handling by <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a>  (CVE-2014-3956).</strong><br>A source code patch is available for <a href="errata54.html#011_sendmail">5.4</a> and <a href="errata55.html#007_sendmail">5.5</a>.
<li>Added support for COLUMNS env variable to <a href="https://man.openbsd.org/ps.1">ps(1)</a>.
<li>Included work-around in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>, as <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> expects its current dir to not be /.
<!-- 2014/06/04 -->
<li><a href="https://man.openbsd.org/vflush.9">vflush(9)</a> now works for <a href="https://man.openbsd.org/fuse.4">fuse(4)</a>.
<li>Do not skip or add a byte for the report ID when <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> is manipulating data.
<li>Made <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> properly compare endpoint addresses by ignoring the direction bit.
<!-- 2014/06/03 -->
<li>Accept -C as an alias for -c in <a href="https://man.openbsd.org/tr.1">tr(1)</a>.
<li>Made <a href="https://man.openbsd.org/zyd.4">zyd(4)</a> compile with ZYD_DEBUG.
<li>Fix <a href="https://man.openbsd.org/zyd.4">zyd(4)</a> frame length adjustment in the RX path.
<!-- 2014/06/02 -->
<li>In libm math code, made sure STRICT_ASSIGN handles double as well.
<li>Stripped <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> functions called when "-rand" is specified (underlying code long gone).
<li>Removed easy access to the unsafe intel RDRAND instruction from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>When checking for unicast and broadcast addresses, do one lookup instead of two.
<li>Fixed uninitialised variable, which caused <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> crashes when handling errors.
<!-- 2014/06/01 -->
<li>In <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> tls1_setup_key_block(), use the correct IV length for GCM mode. Fixes key block length calculation.
<!-- 2014/05/31 -->
<li>Removed real mode <a href="https://man.openbsd.org/vga.4">vga(4)</a> repost option.
<li>Change the actual default for returned asn1 strings to utf8 in the <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> code.
<li>Reverted previous diff setting cold to 1 on shutdown (broken with <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> disks).
<!-- 2014/05/30 -->
<li>Added <a href="https://man.openbsd.org/dump.8">dump(8)</a> -S option, to only estimate backup size and number of tapes required.
<li>Avoid panics on macppc with an <a href="https://man.openbsd.org/uhci.4">uhci(4)</a> cardbus when halting/rebooting.
<li>Fixed segfault seen on <a href="https://man.openbsd.org/Xorg.1">Xorg(1)</a> startup when using the <a href="https://man.openbsd.org/nv.4">nv(4)</a> or <a href="https://man.openbsd.org/savage.4">savage(4)</a> drivers.
<!-- 2014/05/29 -->
<li>Converted many <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> to <a href="https://man.openbsd.org/reallocarray.3">reallocarray(3)</a>. Avoids 53 potential integer overflows in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>In <a href="https://man.openbsd.org/envy.4">envy(4)</a>, use the same convention for mixer control names as in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
<li>Added an enc_flags field to ssl3_enc_method. Helps identify <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> protocol version requirements.
<li>Made <a href="https://man.openbsd.org/fsck.8">fsck(8)</a> use the same values in checking as <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> does in creating a <a href="https://man.openbsd.org/fs.5">fs(5)</a>.
<li>Fixed two more cases where ssl_replace_hash() return value was not checked by <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/05/28 -->
<li>To give <a href="https://man.openbsd.org/perl.1">perl(1)</a> a random seed, call <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> rather than read /dev/arandom. Makes it work in <a href="https://man.openbsd.org/chroot.8">chroot(8)</a> environments.
<li>Enabled writing per-commit commitid tokens to <a href="https://man.openbsd.org/rcs.1">rcs(1)</a> ",v" files.
<li>When <a href="https://man.openbsd.org/less.1">less(1)</a> is invoked as <a href="https://man.openbsd.org/more.1">more(1)</a>, made behaviour for "-i" match "less -I" (per POSIX).
<li>When suspending/resuming, avoid hangs by detaching/attaching <a href="https://man.openbsd.org/usb.4">usb(4)</a> devices (avoids <a href="https://man.openbsd.org/uhub.4">uhub(4)</a> interrupt races).
<li>On <a href="https://man.openbsd.org/mg.1">mg(1)</a> delete-window, display the correct line number when revisiting the buffer.
<li>Added -L option to <a href="https://man.openbsd.org/pwd.1">pwd(1)</a> (required by POSIX).
<!-- 2014/05/27 -->
<li>Fixed <a href="https://man.openbsd.org/mount.8">mount(8)</a> -ur for msdosfs: allow sync after more than one rw -> ro cycle; sync data (not only metadata).
<li>Fixed instance of the Y2038 problem in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Refactored radix code. Solves issues with failed deletes of down routes.
<li>Enable strong stack protector by default for architectures running <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> version 3.
<li>Allow <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to handle the top bit of <a href="https://man.openbsd.org/xterm.1">xterm(1)</a>-style modifier keys.
<li>Added some formats for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> pane bounds.
<li>Prevented userland from altering the local and broadcast flags in <a href="https://man.openbsd.org/route.4">route(4)</a>.
<li>Reserved the highest <a href="https://man.openbsd.org/route.4">route(4)</a> priority for kernel-managed routes.
<!-- 2014/05/26 -->
<li>Fixed memory leak and un-cleaned EVP_CIPHER_CTX upon error in <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> tls_decrypt_ticket().
<li>Removed /usr/src from <a href="https://man.openbsd.org/mtree.8">mtree(8)</a> to avoid useless warning from daily <a href="https://man.openbsd.org/security.8">security(8)</a> mail.
<li>Implemented improved <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> EVP AEAD API.
<li>Made sure <a href="https://man.openbsd.org/utpms.4">utpms(4)</a> only matches mouse interface, so <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a> works on more Powerbooks.
<!-- 2014/05/25 -->
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> resource descriptor leaks (CID: 966576 & 966577).
<li>Allow <a href="https://man.openbsd.org/tty.4">tty(4)</a> to handle threaded processes correctly with kerninfo status requests (a.k.a. ^T).
<li>Fixed <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> format mistakes when AZALIA_DEBUG is defined.
<li>Pass DVACT_QUIESCE to <a href="https://man.openbsd.org/usb.4">usb(4)</a> to stop "new" <a href="https://man.openbsd.org/uhub.4">uhub(4)</a> device reattaching at every resume.
<!-- 2014/05/24 -->
<li>Fixed off-by-one in index validation before accessing arrays in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ssl_cipher_get_evp().
<li>In <a href="https://man.openbsd.org/ssl.3">ssl(3)</a>, enabled three brainpool elliptic curves for TLS (per RFC 7027).
<li>Made <a href="https://man.openbsd.org/fsck_ext2fs.8">fsck_ext2fs(8)</a> and <a href="https://man.openbsd.org/fsck_ffs.8">fsck_ffs(8)</a> output verbiage more consistent.
<li>Added support for newer <a href="https://man.openbsd.org/run.4">run(4)</a> hardware.
<!-- 2014/05/23 -->
<li>Made <a href="https://man.openbsd.org/fsck_ext2fs.8">fsck_ext2fs(8)</a> initialise newent.e2d_type to EXT2_FT_UNKNOWN (a.k.a. 0).
<li>Reverted <a href="https://man.openbsd.org/pax.1">pax(1)</a> ar_io.c r1.45 to stop showing archives written with a non-standard blocksize as truncated reads.
<li>Stopped <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> "weird flag" warning for DNS NOTIFY messages which should have "AA" set.
<li>Permit <a href="https://man.openbsd.org/less.1">less(1)</a> searches to work past/across NUL bytes.
<li>Made the <a href="https://man.openbsd.org/pax.1">pax(1)</a> signal handler safe.
<li>Expose bif_capacity in <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a>, to report the design capacity of the battery.
<li>Clean up after the <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> traphandler children, to avoid leaving zombie processes.
<!-- 2014/05/22 -->
<li>Marked <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> wrapper functions as deprecated.
<li>Fixed <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash when running the pki lookup code.
<li>On sgi, converted the PS/2 keyboard layouts to sgi serial keyboard layouts.
<li>Let sgi <a href="https://man.openbsd.org/keyboard.7">keyboard(7)</a> work in polling mode; fixed "international" ("GERlessthan") key.
<!-- 2014/05/21 -->
<li>Made <a href="https://man.openbsd.org/qle.4">qle(4)</a> less likely to get stuck looping when the firmware behaves inconsistently.
<li>Fixed file size reported by <a href="https://man.openbsd.org/lpq.1">lpq(1)</a> -l by giving <a href="https://man.openbsd.org/stat.2">stat(2)</a> privileges on the spool file.
<li>Fixed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -u on sparc64.
<li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> route addition, broken since the removal of the link-layer addresses from the per-ifp list.
<li>Made <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> handle the stall condition like the bable condition.
<!-- 2014/05/20 -->
<li><a href="https://man.openbsd.org/pax.1">pax(1)</a> now exits with non-zero status if a read is truncated.
<li>Added support for -o XXX or -oXXX options, and -o max_read=XXX to <a href="https://man.openbsd.org/fuse.4">fuse(4)</a>.
<li>When sending <a href="https://man.openbsd.org/icmp.4">icmp(4)</a> messages, assign the queue ID to the correct packet header.
<li>Fixed eui64 address generation, broken upon removal of the link-layer address from the per-ifp list.
<!-- 2014/05/19 -->
<li>No more (obsolete) 5- and 6-byte or surrogate pair code point encodings in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> UTF8_{getc,putc}.
<li>Upon HTTPS <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> redirects, don't reinitialise <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, and reuse SSL_CTX.
<li>Plugged memory leak in <a href="https://man.openbsd.org/rcs.1">rcs(1)</a>.
<li>More consistency in <a href="https://man.openbsd.org/fuse.4">fuse(4)</a> error handling.
<li>Made <a href="https://man.openbsd.org/fuse.4">fuse(4)</a> use realpath for more reliable <a href="https://man.openbsd.org/mount.8">mount(8)</a> operations.
<li>On armv7, loongson and socppc use <a href="https://man.openbsd.org/autoconf.9">autoconf(9)</a> to track <a href="https://man.openbsd.org/usb.4">usb(4)</a> host controller's children.
<li>Stopped <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> trying to update file when none has been specified by -L flag.
<li>Added H_SAVE_FP operation to <a href="https://man.openbsd.org/editline.3">editline(3)</a>, to save history to an open file pointer.
<li>Fixed <a href="https://man.openbsd.org/uhci.4">uhci(4)</a>. Unbreaks the build when DIAGNOSTIC is not defined.
<!-- 2014/05/18 -->
<li>Updated <a href="https://man.openbsd.org/run.4">run(4)</a> firmware to version 0.33.
<li>Made <a href="https://man.openbsd.org/mkuboot.8">mkuboot(8)</a> correctly handle files smaller than an <a href="https://man.openbsd.org/elf.5">elf(5)</a> header.
<li>In <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> ssl3_send_certificate_request(), properly adjust for payload size.
<li>Upon error, made sure <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> ssl3_setup_buffers() frees pqueue before returning.
<li>Fixed tail packet check in <a href="https://man.openbsd.org/pms.4">pms(4)</a> elantech v3 touchpad code.
<li>Stopped <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> adding a lease to the leases TAILQ more than once. Avoids infinite loop.
<li>Updated to libXfont 1.4.8.
<li>Check <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> bio_err initialisation succeeds before using it.
<li>Updated to fontconfig 2.11.1.
<!-- 2014/05/17 -->
<li>Updated to xf86-input-synaptics 1.8.0.
<li>Fixed kernel build when <a href="https://man.openbsd.org/ehci.4">ehci(4)</a> uses EHCI_DEBUG.
<li>Switched <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> RSA key generation default to 2048 bits (matching <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>).
<li>Made <a href="https://man.openbsd.org/qla.4">qla(4)</a> less likely to get stuck looping when the firmware behaves inconsistently.
<li>Change interrupt handler's return value to 0 when nothing is processed on <a href="https://man.openbsd.org/luna88k/pcexmem.4">pcexmem(4/luna88k)</a>.
<li>When <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> is parsing a numerical value for the TOS bits, ensure it is in a valid range.
<!-- 2014/05/16 -->
<li>Fixed <a href="https://man.openbsd.org/mountd.8">mountd(8)</a>: when a host in a netgroup is unresolvable, don't ignore entire netgroup.
<li>Sped up <a href="https://man.openbsd.org/signify.1">signify(1)</a> -C.
<li>Made <a href="https://man.openbsd.org/df.1">df(1)</a> do calculations of available space the same way as ffs_statfs() does.
<li>Improved logging messages and style for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>Don't put a link-layer address on the per-ifp lists or RB-Tree. Improves address lookups.
<!-- 2014/05/15 -->
<li>Fixed memory leaks in <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> asn1 upon failure.
<li>Replaced <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> ASN1_GENERALIZEDTIME_adj(), ASN1_UTCTIME_adj() and ASN1_TIME_to_generalizedtime() with wrappers.
<li>Added a ChaCha20-Poly1305 AEAD EVP implementation to <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> libcrypto.
<li>Added an AEAD EVP interface to <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> libcrypto, along with AES-GCM AEAD implementations.
<li>Made <a href="https://man.openbsd.org/signify.1">signify(1)</a> -C mode work again.
<!-- 2014/05/14 -->
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now ignores route info messages on the listening side.
<li>Stopped flushing streams on <a href="https://man.openbsd.org/abort.3">abort(3)</a>, which was unsafe.
<li>Removed arch-specific <a href="https://man.openbsd.org/lo.4">lo(4)</a> MTU and set to 32768 everywhere.
<li>Made <a href="https://man.openbsd.org/signify.1">signify(1)</a> recode base64 hashes if necessary; spell out base64 in error messages.
<li>Better use of <a href="https://man.openbsd.org/realloc.3">realloc(3)</a>, to speed up <a href="https://man.openbsd.org/signify.1">signify(1)</a> checksum verification.
<li>Added poly1305 to <a href="https://man.openbsd.org/ssl.3">ssl(3)</a>, utilising Andrew Moon's public domain implementation.
<!-- 2014/05/13 -->
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> no longer allows multiple buffers with the same name.
<li><strong>5.4, 5.5 and -current SECURITY FIX: integer, memory and buffer overflows in libXfont (CVE-2014-0209; CVE-2014-0210 and CVE-2014-0211)</strong>.
<li>Fixed regression in r1.285 of sys/net/if.c (TAILQ corruption where rdomain was not switched).
<li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>, pass SA initiator (not the exchange initiator) to sa_address().
<li>The resolver now skips incomplete entries in /etc/hosts and /etc/networks (rather than crash).
<li>Pass multi-argument <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> commands directly to <a href="https://man.openbsd.org/execvp.3">execvp(3)</a>. Helps avoid quoting problems.
<li>Added a copy mode key binding to copy to a named <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> buffer.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> support for named buffers.
<!-- 2014/05/12 -->
<li>Fixed multiple bugs in <a href="https://man.openbsd.org/ncheck_ffs.8">ncheck_ffs(8)</a> handling of indirect blocks.
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a> to libdrm 2.4.54.
<li>Fixed <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> format strings involving time_t arguments. Fixes <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> -d on sparc.
<li>Moved GTT management for Sandy Bridge into <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>.
<li>Removed AES_bi_ige_encrypt() from <a href="https://man.openbsd.org/ssl.3">ssl(3)</a>.
<li>Removed md5crypt from <a href="https://man.openbsd.org/crypt.3">crypt(3)</a>.
<li>Moved the ohash functions into libutil.
<li>Stopped <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> exiting when sent RTM_NEWADDR or RTM_DELADDR routing messages lacking appropriate address info.
<li>Altered <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> parsers to keep in sync with the kernel HID parser.
<li>Fixed possible <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> double free when tls is required but not advertised by the server.
<li>Updated the HID parser to properly parse modern input device descriptors.
<li>Added router alert option (RAO) in IGMP packets (per RFC2236), needed by some L3 switches.
<li>More intelligent parsing of WEP keys by <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<!-- 2014/05/11 -->
<li>Make sure <a href="https://man.openbsd.org/uhub.4">uhub(4)</a> root hub is re-attached before interrupts get enabled. Unbreaks resume.
<li>Stop ignoring "lease" statements in <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
<li>Reworked/restored <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> recorded lease handling.
<li>Fixed the installer's configuration of a static IPv6 default gateway.
<!-- 2014/05/10 -->
<li>Various format string fixes on mips64 and octeon.
<li>Fixed recently-occurring <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> breakage in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<li>On i386/amd64, disable speedstep instead of panicking if high and low speeds are the same.
<li>Allow <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> to <a href="https://man.openbsd.org/chroot.8">chroot(8)</a> to a directory other than /var/www.
<li>Many string format fixes on sparc64.
<li>Losing TCP connection no longer results in an unrecoverable stop in <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>.
<!-- 2014/05/09 -->
<li>Stopped <a href="https://man.openbsd.org/cribbage.6">cribbage(6)</a> ignoring words which followed two or more blank characters.
<li>Print interface name with queues in <a href="https://man.openbsd.org/systat.1">systat(1)</a> q.
<li>Updated to: <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> version 304; libXi 1.7.2 and xf86-input-synaptics 1.7.5.
<li>Fixed <a href="https://man.openbsd.org/fsck_ffs.8">fsck_ffs(8)</a> -b to work with the superblock locations on 4096-byte sector disks.
<li>Use the highest possible priority for any <a href="https://man.openbsd.org/route.4">route(4)</a> to local addresses.
<!-- 2014/05/08 -->
<li>Stopped <a href="https://man.openbsd.org/cribbage.6">cribbage(6)</a> choking on one-letter card names which followed three-letter card names.
<li>Fixed potential <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> integer overflows.
<li>Made <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> fail when encountering unsupported combinations.
<li>Only attach <a href="https://man.openbsd.org/luna88k/pcexmem.4">pcexmem(4/luna88k)</a> and <a href="https://man.openbsd.org/luna88k/pcexio.4">pcexio(4/luna88k)</a> on luna88k2 (not luna88k).
<li>Brought back restricted sockets to <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, inadvertently removed in recent update.
<!-- 2014/05/07 -->
<li>Made <a href="https://man.openbsd.org/zmore.1">zmore(1)</a> call <a href="https://man.openbsd.org/more.1">more(1)</a> and <a href="https://man.openbsd.org/zless.1">zless(1)</a> call <a href="https://man.openbsd.org/less.1">less(1)</a>.
<li>Repaired the termination condition of a <a href="https://man.openbsd.org/write.2">write(2)</a> loop in <a href="https://man.openbsd.org/vipw.8">vipw(8)</a>.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ec_asn1.c, don't free memory unless we allocated it (RT#3338).
<li>Improved code to clear all bignums from bn_lib.c in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> BN_clear_free(), don't cleanse the data if the static data flag is set.
<li>Render <a href="https://man.openbsd.org/roff.7">roff(7)</a> escape sequences in man page descriptions prior to insertion into <a href="https://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a>.
<li>Fixed two memory leaks in <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> -n.
<li>Fixed segfault in <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> -Q if the next .SH after .SH NAME does not have any arguments.
<li>Backed out the previous ICMP simplifying diff from <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, which caused livelocks.
<li>Try postponed requests first, so <a href="https://man.openbsd.org/iked.8">iked(8)</a> does in-order processing.
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> authentication work with X.509 certificates not containing a subject-altname.
<li>Removed the undocumented and ineffective <a href="https://man.openbsd.org/ln.1">ln(1)</a> -F option.
<li>Removed <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> {nd6_,}useloopback options.
<!-- 2014/05/06 -->
<li>Fixed recently broken ext2fs atime and mtime.
<li>Introduced <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> -fstack-shuffle, which randomises local stack variables.
<li>Make sure <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> PKCS7_get_octet_string() return values are checked for NULL (PR#3339).
<li>Enabled <a href="https://man.openbsd.org/octeon/brswphy.4">brswphy(4/octeon)</a>.
<li>Allow <a href="https://man.openbsd.org/iked.8">iked(8)</a> to initiate a create-child-SA and process requests for the peer simultaneously.
<li>Explicitly zero ibufs before releasing memory. Ensures <a href="https://man.openbsd.org/iked.8">iked(8)</a> crypto parameters are cleaned.
<li>Fixed memory leaks in the <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> and <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> code.
<li>Re-queue pfkey events while <a href="https://man.openbsd.org/iked.8">iked(8)</a> is busy initiating child-SAs.
<li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>, initiate ike SA rekeying ("ikesalifetime" keyword).
<li>Fixed <a href="https://man.openbsd.org/iked.8">iked(8)</a> memleak when SA lookup fails while forwarding encrypted <a href="https://man.openbsd.org/ip6.4">ip6(4)</a> packets.
<li>Plugged two <a href="https://man.openbsd.org/ucom.4">ucom(4)</a> xfer leaks and a buffer leak.
<li>Encrypt some <a href="https://man.openbsd.org/iked.8">iked(8)</a> notify payloads.
<li>Initial <a href="https://man.openbsd.org/iked.8">iked(8)</a> support for PFS.
<!-- 2014/05/05 -->
<li>Cleanse old <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> memory when expanding a bignum; clear all bignums when freed.
<li>Updated xkeyboard-config to version 2.11.
<li>Workaround overoptimistic <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> alignment expectation on dos_partition fields.
<li>Enhanced reading of saved ascii labels when using <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> -R.
<li>Stopped <a href="https://man.openbsd.org/iked.8">iked(8)</a> leaking on pid mismatch.
<li>Validate the attribute length in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Removed SRP and Kerberos support from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<!-- 2014/05/04 -->
<li>On sparc, enabled <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> assembler code for DES.
<li>On vax, enabled the <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> assembler code for BN.
<li>In <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> and <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>, fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine.
<!-- 2014/05/03 -->
<li>Added <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> kern.nosuidcoredump=3, to dump <a href="https://man.openbsd.org/core.5">core(5)</a> into the /var/crash/progname/ directory.
<li>Enabled <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64.
<li>Enabled <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm.
<li>Updated to: <a href="https://man.openbsd.org/xauth.1">xauth(1)</a> version 1.0.9; <a href="https://man.openbsd.org/xbacklight.1">xbacklight(1)</a> version 1.2.1; <a href="https://man.openbsd.org/xrandr.1">xrandr(1)</a> version 1.4.2 and <a href="https://man.openbsd.org/xinput.1">xinput(1)</a> version 1.6.1.
<li>Updated to libFS 1.0.6.
<li>Unbroke <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> compression.
<li>Switched to generating <a href="https://man.openbsd.org/bcrypt.3">bcrypt(3)</a> 2b hashes by default.
<li>Added checks for invalid base64 encoded data in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> padding. Fixes a crash (RT#2608).
<li>Provide extended-precision math constants (required by POSIX).
<li>Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid).
<!-- 2014/05/02 -->
<li><a href="https://man.openbsd.org/drm.4">drm(4)</a> i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out.
<li>Updated <a href="https://man.openbsd.org/Xserver.1">Xserver(1)</a> to version 1.15.1.
<li>On hppa, fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> assembler version of SHA512 to output correct results.
<li>Make <a href="https://man.openbsd.org/acpiprt.4">acpiprt(4)</a> correctly handle interrupts with non-standard polarity.
<li>In <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>, made acpi_mutex_acquire/release actually grab the global lock when called.
<li>Fixed occasional <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> crashes when altering mount points.
<!-- 2014/05/01 -->
<li>Reverted __bounded code in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Stopped <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> <a href="https://man.openbsd.org/perl.1">perl(1)</a> scripts outputting SOM-specific directives.
<li>Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Extended <a href="https://man.openbsd.org/fread.3">fread(3)</a> and <a href="https://man.openbsd.org/fwrite.3">fwrite(3)</a> to check for integer overflows.
<li>Moved <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> RSA key handling from "lka" to a new dedicated "ca" process.
<li><strong>5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> alert, which could cause a null pointer dereference.</strong><br>A source code patch is available for <a href="errata54.html#009_openssl">5.4</a> and <a href="errata55.html#005_openssl">5.5</a>.
<li>Fixed <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> on i386, to detect overflows and properly align arrays &gt; 16 bytes.
<li>Added ChaCha cypher to <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, and provided it with an EVP implementation.
<li>Added Brainpool and ANSSI FRP256v1 elliptic curves to <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> (RT#2239).
<li>Corrected <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> test when passing data to a keynote.
<!-- 2014/04/30 -->
<li>Improved <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s ability to pick a free chunk at random.
<li><a href="https://man.openbsd.org/uvm.9">uvm(9)</a> now correctly flush discarded pages even if the number of hash buckets doesn't change.
<li>When <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> isn't available, <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> now uses local fallback implementation of AES for UMAC.
<li>Preserve the intended chronological order of leases in <a href="https://man.openbsd.org/dhclient.leases.5">dhclient.leases(5)</a> files.
<li>Fixed <a href="https://man.openbsd.org/growfs.8">growfs(8)</a> on 4K-sector disks.
<li>First pass at removing win64 support from the assembly-generating <a href="https://man.openbsd.org/perl.1">perl(1)</a> scripts in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Stopped <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> trying to create folders that already exist when using maildir.
<li>Improved imsg handling with many concurrent connections in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<!-- 2014/04/29 -->
<li>New buffer API, to eventually make <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> usable as a standalone library.
<li>Improved enforcing of proper alignment of stack variables on sparc.
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> RSA private key privsep will now only load keys after forking the separated process.
<li>Stopped <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> attempting to append a nul quote character to filenames (bz#2238).
<li>Implemented RSA privilege separation for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. Prevents possible private key leakage.
<li>Made compiling <a href="https://man.openbsd.org/ssh.8">ssh(8)</a> and <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> against <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> optional.
<li>When <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> fails to relay via TLS (and <a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a> doesn't require security), try plain; also downgrade if a TLS error happens during the session.
<li>Constrain bytes read/written to positive values in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> s3_pkt.c code.
<li>Re-added local aesctr implementation to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Moved <a href="https://man.openbsd.org/traceroute6.8">traceroute6(8)</a> to the attic, fully merged into <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>.
<li>Removed large memory leak from <a href="https://man.openbsd.org/usb.4">usb(4)</a>.
<li>Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> to keep attack mitigations enabled.
<li>Stopped <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> sending success/failure replies when channels have sent a close already (bz#1818).
<li>Removed <a href="https://man.openbsd.org/less.1">less(1)</a> support for the obsolete (non-POSIX) "more -d" prompt.
<li>Made sure the <a href="https://man.openbsd.org/iked.8">iked(8)</a> state machine only advances if the AUTH payload has been verified.
<li>Use <a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> instead of <a href="https://man.openbsd.org/memset.3">memset(3)</a> to clear out sensitive <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> data.
<!-- 2014/04/28 -->
<li>Implemented AI_ADDRCONFIG in <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a>, as per RFC 3493.
<li>Removed more WIN32, WIN64 and MINGW32 tentacles from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Use the correct algorithm mask in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> t1_enc.c.
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, stopped SSL_OP_ALL disabling attack mitigations against CBC modes.
<li>Let <a href="https://man.openbsd.org/nm.1">nm(1)</a> -w correctly return 0 for valid archives.
<li>Stopped <a href="https://man.openbsd.org/ping.8">ping(8)</a> and <a href="https://man.openbsd.org/ping6.8">ping6(8)</a> sleeping after <a href="https://man.openbsd.org/poll.2">poll(2)</a> returns an error.
<li>Added <a href="https://man.openbsd.org/fuse.4">fuse(4)</a> support for 255 character file names.
<li><a href="https://man.openbsd.org/m4.1">m4(1)</a> now checks for integer overflows in custom allocs.
<li>Added support to <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> for exporting ARP table via "ipNetToMediaTable" OID.
<li>Fixed a loop so that waiting for <a href="https://man.openbsd.org/i386/wds.4">wds(4/i386)</a> hardware actually happens.
<!-- 2014/04/27 -->
<li>Improved error handling when using <a href="https://man.openbsd.org/dbopen.3">dbopen(3)</a> in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Fixed library search order in <a href="https://man.openbsd.org/libtool.1">libtool(1)</a>.
<li>Updated to xproto 7.0.26.
<li>On i386, <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> no longer overwrites disklabel and nearby blocks on 4k-sector disk drives.
<li>Stopped <a href="https://man.openbsd.org/bluetooth.4">bluetooth(4)</a> HID device grabbing the console.
<li>Re-added "_ppp" user and "_ppp" group, to be solely used by <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> going forward.
<!-- 2014/04/26 -->
<li>Stopped <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> using random stack memory as addresses of strings.
<li>Removed support for building <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> on 16-bit Windows.
<!-- 2014/04/25 -->
<li>Filter excess data from autoinstall output, to avoid filling the ramdisk.
<li>Made <a href="https://man.openbsd.org/more.1">more(1)</a> POSIX compliant with respect to the -e option.
<li>Merged <a href="https://man.openbsd.org/less.1">less(1)</a> version 458, including local changes.
<li>Reduced the verbosity of <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> -t.
<li>Do not re-probe <a href="https://man.openbsd.org/pms.4">pms(4)</a> unnecessarily. Fixes 12 seconds <a href="https://man.openbsd.org/Xorg.1">Xorg(1)</a> delay on some laptops.
<li>Stopped <a href="https://man.openbsd.org/iked.8">iked(8)</a> and <a href="https://man.openbsd.org/mpii.4">mpii(4)</a> accessing pointers prior to a null check.
<li>Allow <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> to set user-defined actions on receipt of snmp traps.
<!-- 2014/04/24 -->
<li>Removed <a href="https://man.openbsd.org/kinit.1">kinit(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/sudo.8">sudo(8)</a> when checking command line environment variables against the blacklist (CVE 2014-0106).
<li>Fixed copied text in the <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> error string.
<!-- 2014/04/23 -->
<li>Stopped <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> do_ssl3_write() being called recursively; don't release buffer meant for use.
<li>Audited <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>/<a href="https://man.openbsd.org/calloc.3">calloc(3)</a>/<a href="https://man.openbsd.org/realloc.3">realloc(3)</a> usage in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> to be safe from overflows.
<li>Fixes in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> kssl.c to prevent double frees and removed a use-after-free.
<li>Fixed leak in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> BIO_accept which could have caused the caller to crash.
<li>Audited <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a>/<a href="https://man.openbsd.org/strlcat.3">strlcat(3)</a> usage in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Removed "Z" option from <a href="https://man.openbsd.org/malloc.conf.5">malloc.conf(5)</a>; by default always junk small chunks now.
<li>In <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>, use <a href="https://man.openbsd.org/arc4random.9">arc4random(9)</a> as PRNG backend, instead of the libcrypto RAND.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> now fills all required fields after clearing. Avoids consistency check failures.
<!-- 2014/04/22 -->
<li>Improved <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> hash functions that compute the same on big-endian and little-endian archs.
<li>Removed OPENSSL_indirect_call() from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> for reduced attack surface.
<li>Fixed a missing <a href="https://man.openbsd.org/splbio.9">splbio(9)</a> in sys/ufs/ffs/ffs_softdep.c which caused crashes.
<li>Remove useless RX checksum offloading support from <a href="https://man.openbsd.org/gem.4">gem(4)</a> and <a href="https://man.openbsd.org/hme.4">hme(4)</a>.
<li>Removed Apache from base (replaced by <a href="https://man.openbsd.org/nginx.8">nginx(8)</a>).
<li>On <a href="https://man.openbsd.org/bge.4">bge(4)</a> when VLAN_HWTAGGING is disabled, stopped tagging the packet twice.
<li>Prepend ether_vlan_header rather than regular ethernet header for more efficient vlan tagging.
<li>Kerberos disabled and removed from base, possibly to be moved to <a href="https://man.openbsd.org/ports.7">ports(7)</a> later.
<li>Support the CA key for <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> inspection in the <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> CA process.
<!-- 2014/04/21 -->
<li>Avoid a loop during autoinstall when the path in the responsefile does not exist.
<li>Made <a href="https://man.openbsd.org/iscsictl.8">iscsictl(8)</a> print bytes read and written in human-readable form.
<li>Allow the installer to configure dhcp for an interface without an active network connection.
<li>Bind <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> to localAddr if it is specified.
<li>Print the target and initiator name in <a href="https://man.openbsd.org/iscsictl.8">iscsictl(8)</a> show command.
<li>Verify permissions are correct on the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> id_ed25519 file.
<li>Fixed msdosfs to cope with 64-bit time_t. Set unrepresentable dates to 1/1/1980.
<li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> delete discarded offered leases from the correct TAILQ. Avoids infinite loop.
<li>Implemented <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> upload resume support.
<li>Reverted r1.101 of <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>, which broke source port selection.
<li>Added <a href="https://man.openbsd.org/mallocarray.3">mallocarray(3)</a> function (like <a href="https://man.openbsd.org/calloc.3">calloc(3)</a> but without the cleared-memory guarantee).
<li>Backed out parts of sys/nfs/nfs_serv.c r1.47, which computed wrong block sizes.
<li>Added <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> support for reading/writing long paths and linkpaths as extended headers.
<li>Allow <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> to send data immediately for write commands, for 20% performance boost.
<li>Stopped <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> leaking mountpoint info. Fixes mysterious crashes.
<!-- 2014/04/20 -->
<li><strong>5.5 RELIABILITY FIX: Disable the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> curve25519-sha256@libssh.org KEX method when the other party's connection will fail.</strong>
<li>Prevent <a href="https://man.openbsd.org/lpd.8">lpd(8)</a> from looking into <a href="https://man.openbsd.org/hosts.equiv.5">hosts.equiv(5)</a>. Access control is now done only using hosts.lpd.
<li>Introduced basic stats for the <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a> layer; added <a href="https://man.openbsd.org/iscsictl.8">iscsictl(8)</a> controls.
<li>In <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> debug messages, truncate strings of excessive lengths.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> -L now preserves the fd being monitored after new leases, lease renewals and cable unplugs.
<li>Fixed unchecked <a href="https://man.openbsd.org/snprintf.3">snprintf(3)</a> in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> page header printing.
<li>In <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>, made sure static buffers for <a href="https://man.openbsd.org/snprintf.3">snprintf(3)</a> are large enough.
<li>Removed more unused <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> tools and docs.
<li>Moved <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> session params initialisation to session start, so config parameters stick.
<li><a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> now does proper LoginOperational negotiation.
<li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> check for <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> overflow when expanding HTTP input value.
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> will now fail if <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> overflows the socket path.
<li>When installing OpenBSD, ensure that the hostname information is in the <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> lease db.
<li>Reimplemented arrays in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> used to set up process-to-process imsg communication.
<li>Use <a href="https://man.openbsd.org/calloc.3">calloc(3)</a> instead of <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> + <a href="https://man.openbsd.org/memset.3">memset(3)</a> across <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>, to avoid integer overflows.
<li>Rearranged <a href="https://man.openbsd.org/qle.4">qle(4)</a> update processing loop to attach and detach targets last; handle fabric port login errors better.
<li>Fixed leak in the <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> agentx error paths.
<li>Added support for SSHFP DNS records for ED25519 key types to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<!-- 2014/04/19 -->
<li>In <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> ts_rsp_verify.c, reset imprint to NULL to avoid double free.
<li>Added a canonical 6.6+ curve25519 fake version to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, to be recommended with openssh-6.7.
<li>Use get/put_u32 to load values and unbreak <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> on strict-alignment architectures.
<li>Removed checksum offloading from <a href="https://man.openbsd.org/sk.4">sk(4)</a>, faulty on this hardware.
<li>Added <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> check. Stops <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> fatal at startup if truncation occurred with filters enabled.
<li>Added missing <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> check when parsing the "backup hostname" section in <a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>.
<li>Removed "disable pmtud" and "increased window size" options from <a href="https://man.openbsd.org/sysctl.conf.5">sysctl.conf(5)</a> to discourage their use.
<li>Removed <a href="https://man.openbsd.org/rsh.1">rsh(1)</a>. Deprecated in favor of <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Fixed display of destination IP when host is an IP address in <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>.
<li>Added checks to <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> when <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> is copying envelope "destination" buffer to the mda delivery buffer.
<li>If user+tag@ exceeds SMTPD_MAXPATHLEN <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> now fails instead of creating a ".truncated" tag dir.
<li>Removed obsolete altq bandwidth shaping from <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
<!-- 2014/04/18 -->
<li>Allow <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> to properly handle symlinks .
<li>Disable the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
<li>In <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> update mode, when opening the database fails, just rebuild it from scratch.
<li>Removed <a href="https://man.openbsd.org/RAND_seed.3">RAND_seed(3)</a> calls in <a href="https://man.openbsd.org/iked.8">iked(8)</a>, <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a>, <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>For <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
<li>Updated <a href="https://man.openbsd.org/unifdef.1">unifdef(1)</a> to version 2.10.
<li>Raised <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> file limits, but lower number of connections (leaving files to spare for other programs).
<li>Removed <a href="https://man.openbsd.org/bdes.1">bdes(1)</a>, so as to not encourage its use.
<li>Removed dead KAME code that dealt with IPv4-mapped IPv6 addresses; added check for IPv4-mapped IPv6 destination addresses for non-connected sockets.
<li>Use <a href="https://man.openbsd.org/arc4random_buf.3">arc4random_buf(3)</a> instead of harmful RAND_xxx in <a href="https://man.openbsd.org/kerberos.8">kerberos(8)</a>.
<li>Sync <a href="https://man.openbsd.org/traceroute6.8">traceroute6(8)</a> to <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>: don't print source IP if "-s" is not given.
<li>In <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> client-only mode when no RSA private key is needed.
<li>Neuter the -legacy_renegotiation option to the <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> "openssl s_{client,server}"; added support for "-starttls lmtp" to openssl s_client.
<li>When parsing a new cert into memory occupied by a previously verified cert, <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> will no longer bypass verification checks.
<li>Introduced privsep for <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> private keys.
<li>Use <a href="https://man.openbsd.org/asprintf.3">asprintf(3)</a> for generating path. Eliminates many unsafe uses of <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> and <a href="https://man.openbsd.org/strlcat.3">strlcat(3)</a> in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>If nfs rpc requests on a stream socket are already being processed, don't panic, just return.
<li>Cleanup of <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> code tracking of socketpair between different privsep processes.
<li>Have each thread keeps its own reference to the process's ucreds. Avoids possible use-after-free.
<li>Allow <a href="https://man.openbsd.org/printf.1">printf(1)</a> to handle passing zero as a fieldwidth or precision variable.
<li>Switched to the new <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>/<a href="https://man.openbsd.org/apropos.1">apropos(1)</a>/<a href="https://man.openbsd.org/whatis.1">whatis(1)</a> (described in <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>).
<li>Added support for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> mailaddr lookup in the table_db.
<!-- 2014/04/17 -->
<li>Reworked <a href="https://man.openbsd.org/qle.4">qle(4)</a> command polling loop to handle multiple responses in one interrupt, like <a href="https://man.openbsd.org/qla.4">qla(4)</a>.
<li>Fully kill <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> FIPS API.
<li>Added some UTF-8 utility functions to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>, to stop splitting UTF-8 characters improperly.
<li>Ensure parent thread is blocked until any others are detached before letting it exit. Avoids panic.
<li>Only scroll by one line at a time in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> choose mode (as lists are generally short).
<li>Fixed <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> DHCPDISCOVERY and DHCPDECLINE (as INADDR_ANY != INADDR_BROADCAST).
<li>Changed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers.
<li>Set <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> PATH explicitly, either from the client or session environment.
<li>Don't limit the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> DCS buffer to 256 bytes, expand it as needed.
<li>No longer allow <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> to feed RSA private key information to the random subsystem as entropy.
<li><a href="https://man.openbsd.org/openssl.1">openssl(1)</a> PR#3309: when looking for an extension, properly search all extensions.
<li>Removed the monitor-content option from <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> to call the correct decrypt function in aes_cbc_cipher().
<li>Execute the active path checks when <a href="https://man.openbsd.org/mpath.4">mpath(4)</a> asks for it (rather than on attach).
<!-- 2014/04/16 -->
<li>Skip leading zero bytes in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> buffer_put_bignum2_from_string() function.
<li>Add ufs2 support in libsa/ufs2.c. One step closer being able to boot from ffs2 filesystems.
<li>Cleaned up dangerous <a href="https://man.openbsd.org/strncpy.3">strncpy(3)</a> use in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Added missing parens so that <a href="https://man.openbsd.org/rshd.8">rshd(8)</a> errorhost gets properly initialised.
<li>Gave mlinks and keys tables a <a href="https://man.openbsd.org/sqlite3.1">sqlite3(1)</a> pageid index. Speeds basic <a href="https://man.openbsd.org/apropos.1">apropos(1)</a> searches by 30%.
<li>Make <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> -q even quieter.
<li>Removed programs from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> code which don't work with current <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> releases.
<li>Fixed <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> bugs listed at http://www.viva64.com/en/b/0250/.
<li><a href="https://man.openbsd.org/ssl.8">ssl(8)</a> now ignores setting which allowed the connection to negotiate insecurely.
<li>Zero-pad <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> "usec" format to handle values less than 100,000 correctly.
<li>Killed bogus "send an SSLv3/TLS hello in SSLv2 format" code from the <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> client.
<li>Stubbed some functions in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> mem_dbg.c, to avoid all possibility of using them.
<li>Always return 1 in the <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> <a href="https://man.openbsd.org/arc4random.9">arc4random(9)</a> backend. Unbreaks <a href="https://man.openbsd.org/lynx.1">lynx(1)</a> and git.
<li>Added generic driver for "NEC PC-9801 extension board slot" on luna88k.
<li>Made directory ordering in our libtool stable.
<li>Closed memory leaks in <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> client code.
<!-- 2014/04/15 -->
<li>Removed md2, seed and jpake cyphers from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Removed approx 30 unused makefiles and more vestiges of ssl2 support from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>In <a href="https://man.openbsd.org/ssh.8">ssh(8)</a> EC_POINT_invert(), check the correct function pointer before attempting to invoke it (<a href="https://man.openbsd.org/openssl.1">openssl(1)</a> RT #2569).
<li>RotIBM stream cipher (ebcdic), FIPS mode support and GOST engine removed from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Replaced <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> PRNG with arc4random_buf(), keeping existing RAND interfaces unchanged.
<li>Added -s (two-byte signed decimal display) to <a href="https://man.openbsd.org/od.1">od(1)</a>, as mandated by POSIX.
<li><a href="https://man.openbsd.org/ssl.8">ssl(8)</a> fixes: corrected cases where code occurred directly after goto/break/return; removed pentium specific benchmark code; removed more vms and windows specific code.
<li>Unbroke xcb-util-cursor.
<li>Made <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> reply with correct imsg when using non-system authentication.
<!-- 2014/04/14 -->
<li>Stopped <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> crashing when processing macros in .Sh header lines, or having .Sm off or .Bk -words open.
<li>Stopped leaking socketpair file descriptors if <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> <a href="https://man.openbsd.org/fork.2">fork(2)</a> fails.
<li>Fixed potential race in UFS where an allocated inode could fail to get added.
<li>Removed o_dir.c from <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> now that OPENSSL_DIR_XXX has been removed from the build.
<li>Removed nonstandard and unsafe DES support from <a href="https://man.openbsd.org/ed.1">ed(1)</a>.
<li>Switched <a href="https://man.openbsd.org/pkg_mklocatedb.1">pkg_mklocatedb(1)</a> to using common SetList code, renaming -x into -X.
<li>Updated xcb-utils to 0.3.9.
<li>Allow <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> QUERY_STRING to be longer than 127 bytes.
<li>Update libxcb to version 1.10.
<li>Made OPENSSL_NO_HEARTBLEED the default and only option in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> code.
<li>Adapted <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a>, <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to use AgentX protocol to send traps.
<!-- 2014/04/13 -->
<li>Confirm passwords when <a href="https://man.openbsd.org/signify.1">signify(1)</a> is generating keys.
<li>Fixed SQL_STEP failures for <a href="https://man.openbsd.org/man.7">man(7)</a> pages lacking descriptions.
<li>Better <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> error reporting in case of SQL errors: mention dir and file.
<li>Major <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
<li>In <a href="https://man.openbsd.org/qla.4">qla(4)</a> debug output, print loop ids as decimals and port ids as 24bit hex.
<!-- 2014/04/12 -->
<li>Update to xtrans 1.3.4.
<li>Updated to xextproto 7.3.0.
<li>Added presentproto 1.0.
<li>Bring back r1.16 of protector.c in <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> version 2.95. Fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
<li><strong>5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> read buffer to stop an attacker injecting data from one connection into another.</strong><br>A source code patch is available for <a href="errata53.html#015_openssl">5.3</a>, <a href="errata54.html#008_openssl">5.4</a> and <a href="errata55.html#004_openssl">5.5</a>.
<li>Made sure <a href="https://man.openbsd.org/cu.1">cu(1)</a> -l overrides HOST.
<!-- 2014/04/11 -->
<li>Avoid <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> crash at exit, by checking that pmonitor!=NULL before dereferencing (bz#2225).
<li>Fixed <a href="https://man.openbsd.org/more.1">more(1)</a> to use basic regular expressions (unlike <a href="https://man.openbsd.org/less.1">less(1)</a>).
<li>Clamp offsets to the available memory space. Fixes <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> crash.
<li>Further <a href="https://man.openbsd.org/apropos.1">apropos(1)</a> speed optimisation, with <a href="https://man.openbsd.org/mmap.3">mmap(3)</a> MAP_ANON SQLITE_CONFIG_PAGECACHE.
<li>Updated to libdrm 2.4.53
<!-- 2014/04/10 -->
<li>Disabled Segglemann's RFC520 heartbeat from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Don't release the <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> read buffer if we're not done reading from it; disabled buf freelists.
<li>Added validation routines to <a href="https://man.openbsd.org/iked.8">iked(8)</a>: overall header structure is checked for sanity before copying the header; avoid overflow by passing down the number of remaining bytes.
<li>Notify userland when an <a href="https://man.openbsd.org/arp.4">arp(4)</a> entry is removed.
<li>Fixed fd leaks in <a href="https://man.openbsd.org/mg.1">mg(1)</a> error paths.
<li>Retired rtinit() and switched to using <a href="https://man.openbsd.org/rt_ifa_add.9">rt_ifa_add(9)</a> and <a href="https://man.openbsd.org/rt_ifa_del.9">rt_ifa_del(9)</a> to manage connected routes to prefixes/hosts.
<li>Revived fix for <a href="https://man.openbsd.org/perl.1">perl(1)</a> RT bug 116441 (null dereference affecting mod_perl).
<!-- 2014/04/09 -->
<li>Split manual names out of the common "keys" table into their own "names" table. Reduces standard <a href="https://man.openbsd.org/apropos.1">apropos(1)</a> search times 70% for the full /usr/share/man database.
<li>Moved descriptions from <a href="https://man.openbsd.org/OpenBSD-current/man5/mandoc.db.5mandoc%2edb">mandoc.db(5)</a> keys table to mpages table: reduces typical <a href="https://man.openbsd.org/apropos.1">apropos(1)</a> search times by about 40%; reduces database size.
<li>In <a href="https://man.openbsd.org/less.1">less(1)</a> "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
<li>Reverted r1.93 of <a href="https://man.openbsd.org/mg.1">mg(1)</a> file.c, which broke permission checks.
<li><strong>5.5 SECURITY FIX: Make <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> client check the server hostname, to avoid false validation when connecting to an https website.</strong><br>A source code patch is available for <a href="errata55.html#003_ftp">5.5</a>.
<li>Updated to xf86-video-ati 7.3.0.
<li>Made <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> display correct imsg when profiling is on and if the type was changed.
<li>Zapped the <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> mfa process. Content filtering will be done at session level.
<li>Removed CA certificates from <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> which are not listed in Mozilla's certdata.txt.
<li>Use root CAs in <a href="https://man.openbsd.org/ssl.8">ssl(8)</a> used by TeleSec (Deutsche Telekom AG): Baltimore CyberTrust Root, Deutsche Telekom Root CA, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3.
<li>If TLS validation is on, make <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> fetch TLS certificate and check the server hostname against the subjectAltName and/or CommonName.
<!-- 2014/04/08 -->
<li>Build libgcc without SSP. Unbreaks landisk bootblocks.
<li>Updated to xorg-macros 1.19.0.
<li>Ensure that we free buffers written out by the page daemon rather than caching them.
<li>Fixed error in <a href="https://man.openbsd.org/bcrypt_pbkdf.3">bcrypt_pbkdf(3)</a> stride calculations.
<li>Added error detection mechanism to detect when <a href="https://man.openbsd.org/sudo.8">sudo(8)</a> configuration is incorrect for building ports.
<li>Zero-fill <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> mta static buffer before use in DSN code.
<li>Added term_flushln() flag to control indentation of continuation lines in TERMP_NOBREAK mode. Reduces groff-mandoc differences in base by more than 15%.
<!-- 2014/04/07 -->
<li>Added <a href="https://man.openbsd.org/rgephy.4">rgephy(4)</a> for <a href="https://man.openbsd.org/axe.4">axe(4)</a> and <a href="https://man.openbsd.org/axen.4">axen(4)</a> on hppa and zaurus.
<li>Fully implemented <a href="https://man.openbsd.org/roff.7">roff(7)</a> \B (validate numerical expression) and partially implemented \w (measure text width) escape sequence.
<li><strong>5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> CVE-2014-0160 "heartbleed" vulnerability.</strong><br>A source code patch is available for <a href="errata53.html#014_openssl">5.3</a>, <a href="errata54.html#007_openssl">5.4</a> and <a href="errata55.html#002_openssl">5.5</a>.
<li>Added MSI support for <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
<li>Enable <a href="https://man.openbsd.org/upd.4">upd(4)</a> on archs where <a href="https://man.openbsd.org/uhidev.4">uhidev(4)</a> is present.
<li>Do not attach when no <a href="https://man.openbsd.org/upd.4">upd(4)</a> sensors can be allocated; made device querying smarter.
<li>Added <a href="https://man.openbsd.org/roff.7">roff(7)</a> support for indirect references to user-defined strings.
<li>Made <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> listen to the control socket, so the connect() call from <a href="https://man.openbsd.org/iscsictl.8">iscsictl(8)</a> will not fail.
<li>In udp_output(), use the correct source address in case of an unbound socket.
<li>Accept arbitrary argument delimiters for various <a href="https://man.openbsd.org/roff.7">roff(7)</a> escape sequences.
<li>Increased MSGBUFSIZE on macppc.
<li>Exit on error or HUP when poll()ing the keyboard. Otherwise, <a href="https://man.openbsd.org/top.1">top(1)</a> may spin when its tty goes away.
<li>Added implementation of <a href="https://man.openbsd.org/roff.7">roff(7)</a> numerical expressions.
<li>Retired kernel support for SO_DONTROUTE, this time without breaking localhost connections.
<li>Updated termtypes.master to upstream terminfo-20140329.src.
<li>When <a href="https://man.openbsd.org/qla.4">qla(4)</a> is iterating through fabric ports, start at our own port ID, to simplify tracking.
<!-- 2014/04/06 -->
<li>Added <a href="https://man.openbsd.org/axen.4">axen(4)</a> wherever <a href="https://man.openbsd.org/axe.4">axe(4)</a> is found.
<li><a href="https://man.openbsd.org/qla.4">qla(4)</a> ISP2322 chips need a different firmware image to other 2300s, don't load firmware for them.
<li>Removed (expensive) temporary connect in udp_output(). Also fixes possible memory leak.
<li>Added missing addressing modes for the fucomip instruction on i386. Unbreaks webkit port.
<!-- 2014/04/05 -->
<li>Fixed <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> when writing multi-line "To" and "Cc" headers.
<li>Implemented the <a href="https://man.openbsd.org/roff.7">roff(7)</a> .rr (remove register) request.
<li>Fixed <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> logic error (and prevented theoretical infinite loop) in uvm_pmr_rootupdate().
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> bugfix: make sure all variables are properly initialised when rendering .ll (line length) requests.
<!-- 2014/04/04 -->
<li>Added the -t <a href="https://man.openbsd.org/ktrace.1">ktrace(1)</a> option to <a href="https://man.openbsd.org/ltrace.1">ltrace(1)</a>. Allows triggering library function call trace and other kernel events trace simultaneously.
<li>Fixed <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
<li>Made <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
<li>Merged the mda, mta and smtp <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> processes into a single unprivileged process.
<li>Start the <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> purge task after events are set, so we don't miss a SIGCHLD.
<li>Reworked <a href="https://man.openbsd.org/qla.4">qla(4)</a> command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
<!-- 2014/04/03 -->
<li>Fixed pppx kernel panic when using <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> with multiple pppx devices.
<li>When the -n or -t flag is given to <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>, write names and descriptions to stdout (format similar to <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>).
<li>Instead of silently doing nothing, made <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8">makewhatis(8)</a> warn and return non-zero when the manpath is empty.
<li>Added a uvm_yield function to <a href="https://man.openbsd.org/uvm.9">uvm(9)</a> and use it to prevent the reaper from hogging the cpu.
<li>Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
<li>When <a href="https://man.openbsd.org/mg.1">mg(1)</a> discovers a directory is non-existent, offer a "y" option to make the directory.
<li>Renamed the <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> -W option to -p. Matches flag introduced in OpenBSD 2.7.
<li>Proper validation and computation of bsize now occurs in the <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> expert mode.
<li>Renamed -v option of <a href="https://man.openbsd.org/mandocdb.8">mandocdb(8)</a> to -D, to avoid a clash with the -v option of <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>.
<li>Reduced the <a href="https://man.openbsd.org/tmux.4">tmux(4)</a> mouse wheel scroll size to 3; allow shift to reduce it to 1; allow meta and ctrl to multiply by 3; support wheel in "choose" mode.
<li>Fixed <a href="https://man.openbsd.org/npppctl.8">npppctl(8)</a> calculation of response message size.
<!-- 2014/04/02 -->
<li>Added the "#" character as a comment character in the <a href="https://man.openbsd.org/mg.1">mg(1)</a> startup file.
<li>Support UTF-8 with <a href="https://man.openbsd.org/tmux.4">tmux(4)</a> choose-buffer; made buffer_sample bigger to let it trim at window right edge.
<li>Enabled <a href="https://man.openbsd.org/hds.4">hds(4)</a> on hppa.
<li>Enabled <a href="https://man.openbsd.org/mpath.4">mpath(4)</a> on macppc.
<!-- 2014/04/01 -->
<!-- 2014/03/31 -->
<li>When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents server from forcing a new-hostkey dialog.
<li>Include fingerprint of key not found by <a href="https://man.openbsd.org/ssh-keysign.8">ssh-keysign(8)</a>; use arc4random_buf() instead of loop+arc4random().
<li>In four byte UTF-8 sequences, make sure <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> only uses three bits of the first byte.
<li>Stopped <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> crashing when a zero-length argument is passed to setb.
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> message-limit a server option.
<li>Stopped <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> segfaulting when the parent of the layout cell is NULL.
<li>Added setb -a to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> append; added a copy mode append command.
<li>Made session_attached a count; added session_many_attached flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added start-of-list, end-of-list, top-line and bottom-line in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> choice mode.
<li>Stopped <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> writing into the buffer if there are no arguments.
<li>Changed secondary device attributes response to "\033[>84;0;0c" which is unique for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Made <a href="https://man.openbsd.org/bus_dmamap_load.9">bus_dmamap_load(9)</a> and <a href="https://man.openbsd.org/bus_dmamap_unload.9">bus_dmamap_unload(9)</a> mpsafe on alpha.
<li>Restored behaviour of <a href="https://man.openbsd.org/ls.1">ls(1)</a> -f implying -a (lost in commit made in 1989). Conforms to IEEE 1003.1-2008 ("POSIX.1").
<li>On loongson, mips and octeon, stopped whole L1 cache being flushed unnecessarily.
<li>Again allow more than one level of directories to be created via <a href="https://man.openbsd.org/mg.1">mg(1)</a> make-directory.
<li>Force detach of all <a href="https://man.openbsd.org/usb.4">usb(4)</a> devices by disconnecting root hubs before suspending machine. Avoids races.
<li><a href="https://man.openbsd.org/libtool.1">libtool(1)</a> now properly add -rpath to the linker when linking libraries. Matches GNU libtool.
<li>Increased Xtranssock.c send buffer for UNIX sockets. Makes Firefox usable again when viewing large images.
<li>If HOST or the host argument starts with a "/", <a href="https://man.openbsd.org/cu.1">cu(1)</a> will now treat it as a device name.
<li>Fixed REMOTE on <a href="https://man.openbsd.org/cu.1">cu(1)</a> to work like <a href="https://man.openbsd.org/tip.1">tip(1)</a>; added support for HOST.
<!-- 2014/03/30 -->
<li>Added SNI support to <a href="https://man.openbsd.org/ftp.1">ftp(1)</a>.
<li>Allow <a href="https://man.openbsd.org/roff.7">roff(7)</a> to support relative arguments to .ll (increase or decrease line length).
<li>Repaired boot.net operation on (at least) sparc SS5 PROM v2.21
<li>Implement the <a href="https://man.openbsd.org/roff.7">roff(7)</a> .ll (line length) request.
<li><strong>5.5 RELIABILITY FIX: Memory corruption occurring during <a href="https://man.openbsd.org/icmp.4">icmp(4)</a> reflection handling (ICMP reflection is disabled by default).</strong><br>A source code patch is available for <a href="errata55.html#001_icmp">5.5</a>.
<!-- 2014/03/29 -->
<li>Recognise so-called "EFI-like" interface provided by newer PMON firmware on Loongson 2Gq and Loongson 3A.
<li>Bugfix and security update to <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> version 1.4.7 (note: CVE-2014-0133 does not affect OpenBSD).
<li>Speed-up overlapping copy operations in <a href="https://man.openbsd.org/sgi/gio.4">gio(4/sgi)</a> by attempting to perform them in larger chunks whenever possible.
<li>Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
<!-- 2014/03/28 -->
<li>Allow leading and trailing vertical lines in <a href="https://man.openbsd.org/OpenBSD-current/man7/tbl.7">tbl(7)</a>, format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
<li>Properly initialise <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>ed memory in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>, to fix crashes when using <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>.
<li>Made sure the command TRB is reset if a command is submitted when the <a href="https://man.openbsd.org/usb.4">usb(4)</a> hardware is already gone.
<li>Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
<!-- 2014/03/27 -->
<li>On loongson, made sure the HIBERNATE pages get reserved regardless of the memory layout.
<li>Program the colormap correctly on <a href="https://man.openbsd.org/sgi/grtwo.4">grtwo(4/sgi)</a>; added a simple screen burner accessop.
<li>When enforcing TOS (Traffic Class), made <a href="https://man.openbsd.org/pf.4">pf(4)</a> preserve the ECN bits (as with IPv4 packets).
<li>Adjusted (commented-out) <a href="https://man.openbsd.org/nginx.conf.5">nginx.conf(5)</a> sample blocks for PHP and SSL configurations.
<!-- 2014/03/26 -->
<li>Made <a href="https://man.openbsd.org/mg.1">mg(1)</a> C-t (transpose two chars) behave like emacs.
<li>Ended experimental machine-independent <a href="https://man.openbsd.org/login.conf.5">login.conf(5)</a> template support.
<li>Made <a href="https://man.openbsd.org/cu.1">cu(1)</a> handle REMOTE in the environment as either a separate <a href="https://man.openbsd.org/remote.5">remote(5)</a> file or a host.
<li>Added <a href="https://man.openbsd.org/cu.1">cu(1)</a> support for retrieving the line and speed from the /etc/remote "dv" and "br" capabilities like <a href="https://man.openbsd.org/tip.1">tip(1)</a>.
<!-- 2014/03/25 -->
<li>Fixed handling of the <a href="https://man.openbsd.org/kill.1">kill(1)</a> "-1" option from a thread other than the original thread.
<li>Permit generating of NAMI and CSW records inside <a href="https://man.openbsd.org/ktrace.2">ktrace(2)</a>.
<li>Ignore the -b option if <a href="https://man.openbsd.org/cksum.1">cksum(1)</a> is called as-is (e.g. "cksum -b /bsd"), to match man page.
<li>Removed <a href="https://man.openbsd.org/file2c.1">file2c(1)</a>. <a href="https://man.openbsd.org/hexdump.1">hexdump(1)</a> works as well for most use cases.
<li><a href="https://man.openbsd.org/usb.4">usb(4)</a> root hubs can now happily be detached and reattached.
<li>When <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> is locally enqueuing messages without specifying a domain, update headers to show the local domain.
<li>Strengthened <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: removed weaker pre-SHA2 hashes, broken cipher (arcfour), and the broken mode (CBC) from the default configuration.
<!-- 2014/03/24 -->
<li><a href="https://man.openbsd.org/skey.1">skey(1)</a> bugfixes: default algorithm switched back to md5; do not let skey_set_algorithm() cause a segfault if an unsupported algorithm is specified.
<li>Added <a href="https://man.openbsd.org/acpithinkpad.4">acpithinkpad(4)</a> support for aux button strip on newer thinkpads missing regular F1-F12 keys.
<li><a href="https://man.openbsd.org/dd.1">dd(1)</a> now supports g for gigabytes.
<li>Reworked the way <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a> fetches and verifies sets, to simplify the process.
<li>Merged <a href="https://man.openbsd.org/perl.1">perl(1)</a> version 5.18.2 (including local patches).
<li>Stopped calling <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> purge_task every 10 secs (only needed once at startup).
<li>Removed "-r" option from <a href="https://man.openbsd.org/ping.8">ping(8)</a>, <a href="https://man.openbsd.org/traceroute6.8">traceroute6(8)</a> and <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>.
<!-- 2014/03/23 -->
<li>Enabled SQLITE_ENABLE_FTS3_PARENTHESIS in <a href="https://man.openbsd.org/sqlite3.1">sqlite3(1)</a>.
<li>Removed the MD4 functions (highly susceptible to collision attacks).
<li>Skip leading escape sequences in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> man_deroff(), for better indexing.
<li>Gave powerpc PIE.
<li>Initialise additional BATs (IBAT4-IBAT7 and DBAT4-IBAT7) on socppc. Stops memory corruption on devices with rb600.
<li>Fix uhidev_detach() when detaching a device which did not claim all reported IDs.
<li>Reverted audio key handling.
<!-- 2014/03/22 -->
<li>Make sure <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a> adds missing users/groups before running the target; otherwise <a href="https://man.openbsd.org/mtree.8">mtree(8)</a> can fail.
<li>Let <a href="https://man.openbsd.org/mg.1">mg(1)</a> users input a tag to find, even if no default tag is defined.
<li>Disabled <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> imsg buffers profiling code, to stop processes waking up each second.
<!-- 2014/03/21 -->
<li><a href="https://man.openbsd.org/npppd.8">npppd(8)</a> tunnels can now have multiple listen addresses.
<li>Reimplemented control part of <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> with imsg; added "monitor" command for <a href="https://man.openbsd.org/npppctl.8">npppctl(8)</a> to monitor PPP session start/stop events.
<li>Fixed <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> bug which caused segfaults when <a href="https://man.openbsd.org/npppd.conf.5">npppd.conf(5)</a> had "username-suffix" and "strip-atmark-realm" as yes.
<li>Made <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> keep listening on 1723/tcp when accept() is failed.
<li>Removed tape as a method for fetching install sets.
<li>Attempt to workaround the R4000 end-of-page errata on sgi and mips64, triggered by TLB misses when the code flow crosses a page boundary.
<li>Disabled MS-CHAPv1 (RFC 2433) support in <a href="https://man.openbsd.org/pppd.8">pppd(8)</a>.
<li>Fixed <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a> regression when not using a full path to sets; make it use <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> -D.
<!-- 2014/03/20 -->
<li>Installed /var/unbound/db directory for DNSSEC root key; added (commented-out) options for DNSSEC to <a href="https://man.openbsd.org/unbound.conf.5">unbound.conf(5)</a>.
<li>Removed insecure MD4 checksum algorithm from <a href="https://man.openbsd.org/cksum.1">cksum(1)</a>.
<li>Removed ftp method for obtaining installation sets when running the installer.
<!-- 2014/03/19 -->
<li>Enabled <a href="https://man.openbsd.org/upd.4">upd(4)</a> on amd64, sparc64 and macppc archs for testing.
<!-- 2014/03/18 -->
<li>Sync timestamp changes for inodes of special files to disk as late as possible to avoid useless disk i/o.
<li>Include support in <a href="https://man.openbsd.org/pstat.8">pstat(8)</a> -v to display the IN_LAZYMOD flag.
<li>On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
<li>Removed timeout logic from the polling loop in <a href="https://man.openbsd.org/qlw.4">qlw(4)</a>. Stops devices timing out before attaching.
<li>Retired the rarely used hp300, mvme68k and mvme88k ports.
<li>Allow <a href="https://man.openbsd.org/OpenBSD-current/man8/makewhatis.8makewhatis">makewhatis(8)</a> to check <a href="https://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> databases are up to date even when you don't have write permissions.
<li>Notify userland (via the routing socket) when ARP resolution completes.
<li>Put the AF_ROUTE socket that <a href="https://man.openbsd.org/arp.8">arp(8)</a> operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
<li>Made <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> correctly parse attribute length form imsg.
<li>Exit from <a href="https://man.openbsd.org/traceroute6.8">traceroute6(8)</a> if there is at least one unreachable and sum of unreachables and timeouts are >= number of probes.
<!-- 2014/03/17 -->
<li>Unbroke <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> monitoring mode, which was shifted in time by 1 block.
<li>Userland <a href="https://man.openbsd.org/ppp.9">ppp(9)</a> removed.
<li>In <a href="https://man.openbsd.org/apropos.1">apropos(1)</a> output, sort names and avoid multiple section numbers.
<li>In <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a>, use SCRIPT_FILENAME (can be an absolute filesystem path). Fallback to SCRIPT_NAME if this is not present.
<li>Reimplemented <a href="https://man.openbsd.org/htpasswd.1">htpasswd(1)</a> from scratch.
<!-- 2014/03/16 -->
<li>Don't use volume keys when in raw-mode. Stops simultaneous volume changes by <a href="https://man.openbsd.org/X.7">X(7)</a> and <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>.
<!-- 2014/03/15 -->
<li>Enable <a href="https://man.openbsd.org/qlw.4">qlw(4)</a> at <a href="https://man.openbsd.org/sbus.4">sbus(4)</a> on sparc64.
<li>Enabled <a href="https://man.openbsd.org/unbound.8">unbound(8)</a> in base.
<!-- 2014/03/14 -->
<li>Updated to xcb-proto version 1.10.
<li>Updated to libdrm 2.4.52.
<li>Removed the unused userland <a href="https://man.openbsd.org/agp.4">agp(4)</a> interface.
<li>Reverted to the freetype2.pc we had before to bring back local changes.
<li>More informative <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> log message on unknown SNI.
<li>Provide an MI api for byteswapping loads and stores, especially beneficial for sparc64 and powerpc.
<li>Updated to freetype-2.5.3. Fixes vulnerability in the CFF driver (CVE-2014-2240).
<!-- 2014/03/13 -->
<li>Enabled <a href="https://man.openbsd.org/qla.4">qla(4)</a> and <a href="https://man.openbsd.org/qle.4">qle(4)</a> in ramdisks (except on sgi).
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> now prints the correct user name if SMTPD_QUEUE_USER is missing.
<li>Use ticket locks (not spinlocks) on i386/amd64/sparc64. Provides fairer access to the kernel lock.
<li>Added a few more instruction patterns to binutils that are needed by <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> version 4.8.
<li>In <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> -Tutf8 mode, count hyphens against the output line length even when they are breakable.
<li>Stopped the <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> enqueue utility adding a User-Agent header to emails.
<li>Block userland from entering <a href="https://man.openbsd.org/drm.4">drm(4)</a> code during suspend/resume. Fixes <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> bugs.
<li>Unhooked <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from build: use of <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> is encouraged now.
<li>No more <a href="https://man.openbsd.org/spray.8">spray(8)</a> in base.
<!-- 2014/03/12 -->
<li>Fixed buffer overflows in <a href="https://man.openbsd.org/icmp.4">icmp(4)</a> redirect handling (introduced in rev 1.106).
<li>Switched over from <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> to <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> by default.
<li>Fixed <a href="https://man.openbsd.org/iked.8">iked(8)</a> config-address w/o pool.
<li>Unbroke <a href="https://man.openbsd.org/nc.1">nc(1)</a> "-6 -l" and apply correct fix for previous commit.
<!-- 2014/03/11 -->
<li>Removed <a href="https://man.openbsd.org/rmail.8">rmail(8)</a>.
<li>Made <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> scan for ed25519 keys by default.
<li>For <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> CA generation, set the correct certificate extensions so more SSL implementations will trust this as a CA cert. Matches <a href="https://man.openbsd.org/ssl.8">ssl(8)</a>.
<li>Bugfix update to <a href="https://man.openbsd.org/nginx.8">nginx(8)</a> version 1.4.6.
<!-- 2014/03/10 -->
<li>When <a href="https://man.openbsd.org/pf.4">pf(4)</a> is translating packets from one address family to another, pass the TOS/Traffic Class field of the original packet.
<li>When <a href="https://man.openbsd.org/pf.4">pf(4)</a> is setting packet description, also retrieve the Traffic Class field of IPv6 packets.
<li>Fixed the <a href="https://man.openbsd.org/octeon/cnmac.4">cnmac(4/octeon)</a> mediastatus when the interface is not configured.
<li>Optimisation of <a href="https://man.openbsd.org/opendir.3">opendir(3)</a>, <a href="https://man.openbsd.org/rewinddir.3">rewinddir(3)</a> and related functions. 2000x speedup of <a href="https://man.openbsd.org/seekdir.3">seekdir(3)</a> in some tests.
<!-- 2014/03/09 -->
<li>Fixed <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64, to avoid reboot and stack corruption problems when resuming.
<li>Reworked per-cpu cache information, to avoid using hardcoding data based on processor type on mips, octeon, and sgi.
<!-- 2014/03/08 -->
<li>In <a href="https://man.openbsd.org/re.4">re(4)</a>, fixed operation and made reception of packets work on the 8168G controllers.
<li>Made <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> user-defined macros wrapping ".TP" work correctly; preserve line breaks contained in user-defined macros called in ".nf" mode.
<li>Enable DMA bursting and tagged queueing in <a href="https://man.openbsd.org/qlw.4">qlw(4)</a>; enable <a href="https://man.openbsd.org/qlw.4">qlw(4)</a> on alpha/amd64/i386/macppc/sgi/sparc64; only attempt to load firmware if we actually have some.
<li>Initial <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> implementation: USB 3.0 <a href="https://man.openbsd.org/umass.4">umass(4)</a> devices get reasonable read/write speed.
<!-- 2014/03/07 -->
<li>Improved <a href="https://man.openbsd.org/roff.7">roff(7)</a>'s .if/.ie condition handling.
<li>Fixed <a href="https://man.openbsd.org/env.1">env(1)</a> diagnostic messages to stderr, so failure of <a href="https://man.openbsd.org/env.1">env(1)</a> and failure of the specified utility can be distinguished.
<li>Allow <a href="https://man.openbsd.org/signify.1">signify(1)</a> to read input messages on a pipe.
<li>Added usbd_get_hub_descriptor(), to clean up <a href="https://man.openbsd.org/uhub.4">uhub(4)</a> and deal with hub device descriptors in high speed devices.
<!-- 2014/03/06 -->
<li>With <a href="https://man.openbsd.org/md5.1">md5(1)</a> -C, exit with exit status of 1 if any of the files specified do not exist.
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> bugfixes related to the closing of conditional blocks: handle more than one '\}' on macro lines; do not treat '\}' as a macro invocation after a dot at the beginning of a line; do not complain about characters following '\}'.
<li>Makes the "cleartoggle" function in HC drivers optional (upcoming <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> driver doesn't use it).
<li>Allow <a href="https://man.openbsd.org/signify.1">signify(1)</a> to accept a password on stdin, as long as it is not a <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
<li>On <a href="https://man.openbsd.org/qlw.4">qlw(4)</a>, set the correct clock rate for ISP1020/1020A.
<li>When running <a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>, always print the key <a href="https://man.openbsd.org/signify.1">signify(1)</a> is using.
<!-- 2014/03/05 -->
<li>Fix the return values of <a href="https://man.openbsd.org/getpwnam_r.3">getpwnam_r(3)</a>, <a href="https://man.openbsd.org/getpwuid_r.3">getpwuid_r(3)</a>, <a href="https://man.openbsd.org/getgrnam_r.3">getgrnam_r(3)</a>, and <a href="https://man.openbsd.org/getgrgid_r.3">getgrgid_r(3)</a> to agree with POSIX.
<li>Altered <a href="https://man.openbsd.org/qlw.4">qlw(4)</a> so it can compile on sparc64 too.
<li>In -Tutf8 mode, make <a href="https://man.openbsd.org/mandoc_char.7">mandoc_char(7)</a> named accent character escape sequences render as non-combining accents (lets mandoc behave like groff); made \' and \` equivalent to \(aa and \(ga, respectively.
<li>Introduced <a href="https://man.openbsd.org/qlw.4">qlw(4)</a>, a new driver for QLogic ISP SCSI HBAs (currently only supports the <a href="https://man.openbsd.org/pci.4">pci(4)</a> variants).
<li>Raised the delay before initialising <a href="https://man.openbsd.org/sdmmc.4">sdmmc(4)</a>. Lets the reader on X220 work reliably.
<li>Fixed: <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> read/write position tracking; incorrect delta propagated after xruns in play-only and rec-only modes; crashes seen after a few days of continuous playback.
<li>Fixed incorrect position reporting with <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when using tiny block sizes on busy machines.
<li>Made <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> check that the socket is writable before attempting to write data packets.
<li>On armv7, removed TIMEZONE and DST options from GENERIC-* kernels; added option USBVERBOSE to all kernels.
</ul>