NetBSD-5.0.2/doc/CHANGES-5.0.1

# $NetBSD: CHANGES-5.0.1,v 1.1.2.46 2010/01/18 18:52:24 bouyer Exp $

A complete list of changes from the NetBSD 5.0 release to the NetBSD 5.0.1
release:

gnu/usr.bin/groff/tmac/mdoc.local		patched by hand
sys/sys/param.h					patched by hand

	Welcome to 5.0.0_PATCH.
	[snj]

sys/kern/uipc_socket.c				1.189

	PR kern/41311: Mutex error: mutex_vector_enter: locking against myself
	[ad, ticket #731]

sys/dev/ic/ncr53c9x.c				1.138

	Add missing braces - patch from Kurt Lidl in PR port-vax/41314.
	[martin, ticket #734]

sys/netinet6/ip6_input.c			1.127

	Add missing paranthesis - from Kurt Lidl in PR port-vax/41316
	[martin, ticket #733]

gnu/dist/binutils/bfd/elf32-vax.c		1.9

	Allocate relocation section using bfd_zalloc() to ensure no garbage
	relocations when not all the entries are used.
	Fixes PR port-vax/39182.
	[mhitch, ticket #738]

sys/ufs/ffs/ffs_alloc.c				1.123 via patch

	Fix random 'filesystem full' messages by trapping a couple of
	32-bit overflow areas missed in rev 1.110 and switching cgbase().
	[sborrill, ticket #726]

usr.sbin/racoonctl/Makefile			1.5 via patch

	Adjust the ADMINPORTDIR to match that of racoon (with which it'll
	want to talk).  Fixes PR 41376.
	[spz, ticket #740]

sys/arch/hp700/include/intr.h			1.14

	Add __insn_barrier after updating cpl in splraise. PR/41369.
	[skrll, ticket #741]

sys/arch/m68k/include/psl.h			1.14

	Add memory clobber to the instructions that change the IPL in the
	status register.  See also kern/38637.
	[mhitch, ticket #743]

sys/netinet/in_pcb.c				patch

	Fix compilation with IPNOPRIVPORTS option.
	[sborrill, ticket #745]

share/man/man8/afterboot.8			1.39

	Fix typo, from Shannon -jj Behrens in PR 41375.
	[dholland, ticket #746]

sys/dist/ipf/netinet/ip_fil_netbsd.c		1.50

	Don't call callout_stop() without callout_init()
	Fixes PR/41364
	[kefren, ticket #748]

sys/arch/sparc/include/math.h			1.5
sys/arch/sparc64/include/math.h			1.7

	merge these two files, makes sparc64 sparc/libc work again.
	only provide __HAVE_LONG_DOUBLE if _LP64.
	[mrg, ticket #750]

sys/arch/amd64/amd64/lock_stubs.S		1.22, 1.23
sys/arch/i386/i386/lock_stubs.S			1.23
sys/arch/x86/include/mutex.h			1.6
sys/arch/x86/x86/patch.c			1.18
sys/kern/kern_rwlock.c				1.30

	Add a workaround for a bug with some Opteron revisions where
	locked operations sometimes do not serve as memory barriers,
	allowing memory references to bleed outside of critical sections.
	[ad, ticket #725]

usr.sbin/postinstall/postinstall		1.95

	Teach postinstall about /etc/dhcpcd.conf.
	[jnemeth, ticket #752]

usr.sbin/postinstall/postinstall		1.97

	Fetch /etc/dhcpcd.conf from the correct place when building the
	system from source.
	[jnemeth, ticket #756]

sys/kern/sys_mqueue.c				1.17

	sys_mq_open: remove broken access flag check.
	Noted by Stathis Kamperis.
	[rmind, ticket #762]

usr.sbin/schedctl/schedctl.c			1.14

	Skip LSIDL and LSZOMB threads when retrieving info.
	[rmind, ticket #763]

sys/arch/sparc/include/psl.h			1.45

	Add memory clobbers to the inline assembler modifying/testing the %psr
	register, to avoid the compiler reordering instructions out of critical
	sections. Should fix PR port-sparc/41372.
	[martin, ticket #764]

share/man/man7/sysctl.7				1.22 via patch

	Document PROC_PID_LIMIT_SBSIZE.  From Greg A. Woods in PR lib/36463.
	Wording is taken from getrlimit(2).
	[snj, ticket #765]

sys/arch/vax/include/mtpr.h			1.21, 1.22

	Add "memory" clobber to mtpr for barrier.  See also kern/38637.
	[mhitch, ticket #767]

dist/ntp/ntpd/ntp_crypto.c			1.15

	Fix CVE-2009-1252: Buffer overflow in ntpd crypto code. A remote
	attacker can send a specially constructed request packet that
	would overflow the sprintf()'ed buffer causing ntpd to crash.
	[dholland, ticket #777]

sys/arch/sparc64/sparc64/vm_machdep.c		1.88

	When preparing the initial trap frame for a new forked lwp,
	explicitly clear condition code. Otherwise we might catch a signal
	(handlers are inherited from the parent) before we ever return to
	userland. The current trapframe is converted into a ucontext and
	after the signal handler returns, the lwp stays in userland and
	directly uses the ucontext to return to the fork call.
	Fixes PR 41302.
	[martin, ticket #774]

sys/kern/sys_mqueue.c				1.18

	- Slightly rework the way permissions are checked. Neither
	mq_receive() nor mq_send() should fail due to permissions.
	- Check for empty message queue name (POSIX does not allow this
	for regular files, and it's weird), check for DTYPE_MQUEUE, fix
	permission check in mq_unlink(), clean up.
	[rmind, ticket #779]

sys/kern/kern_physio.c				1.91

	Remove a race where physio_done() may use memory already
	freed.  Fixes PR kern/39536.
	[hannken, ticket #781]

src/external/bsd/fetch/dist/libfetch/common.c	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/common.h	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/errlist.sh	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/fetch.3	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/fetch.c	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/fetch.cat3	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/fetch.h	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/file.c	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/ftp.c	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/ftp.errors	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/http.c	libfetch-2-23
src/external/bsd/fetch/dist/libfetch/http.errors libfetch-2-23

	Pull up libfetch-2.23:
	- if-not-modified support
	- document that struct URL is not part of the ABI
	- fetchRestartCalls cleanup for signal handlers
	- allow HTTP basic auth to be specified in the URL, allow : as part of
	  the cleartext password
	- fix a file descriptor leak in the file:// iteration code
	[joerg, ticket #670]

UPDATING					patch
distrib/sets/lists/base/mi			patch
distrib/sets/lists/etc/mi			patch
distrib/sets/lists/man/mi			patch
external/bsd/pkg_install/Makefile.inc		patch
external/bsd/pkg_install/prepare-import.sh	patch
external/bsd/pkg_install/dist/add/add.h		pkg_install-20090528
external/bsd/pkg_install/dist/add/main.c	pkg_install-20090528
external/bsd/pkg_install/dist/add/perform.c	pkg_install-20090528
external/bsd/pkg_install/dist/add/pkg_add.1	pkg_install-20090528
external/bsd/pkg_install/dist/admin/admin.h	pkg_install-20090528
external/bsd/pkg_install/dist/admin/audit.c	pkg_install-20090528
external/bsd/pkg_install/dist/admin/check.c	pkg_install-20090528
external/bsd/pkg_install/dist/admin/main.c	pkg_install-20090528
external/bsd/pkg_install/dist/admin/pkg_admin.1	pkg_install-20090528
external/bsd/pkg_install/dist/bpm/bpm.1		pkg_install-20090528
external/bsd/pkg_install/dist/create/build.c	pkg_install-20090528
external/bsd/pkg_install/dist/create/create.h	pkg_install-20090528
external/bsd/pkg_install/dist/create/main.c	pkg_install-20090528
external/bsd/pkg_install/dist/create/perform.c	pkg_install-20090528
external/bsd/pkg_install/dist/create/pkg_create.1 pkg_install-20090528
external/bsd/pkg_install/dist/create/pl.c	pkg_install-20090528
external/bsd/pkg_install/dist/create/util.c	pkg_install-20090528
external/bsd/pkg_install/dist/delete/pkg_delete.1 pkg_install-20090528
external/bsd/pkg_install/dist/info/info.h	pkg_install-20090528
external/bsd/pkg_install/dist/info/main.c	pkg_install-20090528
external/bsd/pkg_install/dist/info/perform.c	pkg_install-20090528
external/bsd/pkg_install/dist/info/pkg_info.1	pkg_install-20090528
external/bsd/pkg_install/dist/info/show.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/automatic.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/config.h.in	pkg_install-20090528
external/bsd/pkg_install/dist/lib/conflicts.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/decompress.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/dewey.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/fexec.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/file.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/global.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/iterate.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/lib.h		pkg_install-20090528
external/bsd/pkg_install/dist/lib/lpkg.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/opattern.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkg_io.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkg_summary.5	pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkgdb.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/plist.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/str.c		pkg_install-20090528
external/bsd/pkg_install/dist/lib/var.c		pkg_install-20090528
external/bsd/pkg_install/dist/lib/version.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/version.h	pkg_install-20090528
external/bsd/pkg_install/dist/lib/vulnerabilities-file.c pkg_install-20090528
external/bsd/pkg_install/dist/admin/audit-packages.sh.in pkg_install-20090528
external/bsd/pkg_install/dist/admin/download-vulnerability-list.sh.in pkg_install-20090528
external/bsd/pkg_install/dist/delete/pkg_delete.c pkg_install-20090528
external/bsd/pkg_install/dist/lib/gpgsig.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/license.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/parse-config.c pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkcs7.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in pkg_install-20090528
external/bsd/pkg_install/dist/lib/pkg_signature.c: pkg_install-20090528
external/bsd/pkg_install/dist/lib/remove.c	pkg_install-20090528
external/bsd/pkg_install/dist/lib/xwrapper.c	pkg_install-20090528
external/bsd/pkg_install/dist/x509/pkgsrc.cnf	pkg_install-20090528
external/bsd/pkg_install/dist/x509/pkgsrc.sh	pkg_install-20090528
external/bsd/pkg_install/dist/x509/signing.txt	pkg_install-20090528
external/bsd/pkg_install/lib/Makefile		patch
external/bsd/pkg_install/sbin/Makefile		patch
external/bsd/pkg_install/sbin/Makefile.inc	patch
external/bsd/pkg_install/sbin/pkg_add/Makefile	patch
external/bsd/pkg_install/sbin/pkg_admin/Makefile patch
external/bsd/pkg_install/sbin/pkg_create/Makefile patch
external/bsd/pkg_install/sbin/pkg_delete/Makefile patch
external/bsd/pkg_install/sbin/pkg_info/Makefile	patch
external/bsd/pkg_install/dist/add/extract.c	removed
external/bsd/pkg_install/dist/add/futil.c	removed
external/bsd/pkg_install/dist/add/verify.c	removed
external/bsd/pkg_install/dist/add/verify.h	removed
external/bsd/pkg_install/dist/admin/config.c	removed
external/bsd/pkg_install/dist/audit-packages/AUTHORS removed
external/bsd/pkg_install/dist/audit-packages/COPYING removed
external/bsd/pkg_install/dist/audit-packages/README removed
external/bsd/pkg_install/dist/audit-packages/audit-packages.1.in removed
external/bsd/pkg_install/dist/audit-packages/audit-packages.c removed
external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.5.in removed
external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.in removed
external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.1.in removed
external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.sh.in removed
external/bsd/pkg_install/dist/delete/delete.h	removed
external/bsd/pkg_install/dist/delete/main.c	removed
external/bsd/pkg_install/dist/delete/perform.c	removed
external/bsd/pkg_install/dist/lib/ftpio.c	removed
external/bsd/pkg_install/dist/lib/path.c	removed
external/bsd/pkg_install/dist/lib/path.h	removed
external/bsd/pkg_install/dist/lib/pen.c		removed
external/bsd/pkg_install/dist/lib/pexec.c	removed
external/bsd/pkg_install/dist/view/linkfarm.1	removed
external/bsd/pkg_install/dist/view/linkfarm.sh.in removed
external/bsd/pkg_install/dist/view/pkg_view.1	removed
external/bsd/pkg_install/dist/view/pkg_view.sh.in removed
external/bsd/pkg_install/sbin/audit-packages/Makefile removed
external/bsd/pkg_install/sbin/pkg_view/Makefile	removed

	Merge pkg_install-20090528 from HEAD.
	[joerg, ticket #784]

usr.sbin/puffs/mount_sysctlfs/sysctlfs.c	1.11

	Fix a crash while trying to read nodes on amd64, reported in
	PR/41494.
	[njoly, ticket #783]

sys/arch/sparc64/include/cpu.h			1.86
sys/arch/sparc64/sparc64/locore.s		1.291
sys/arch/sparc64/sparc64/vm_machdep.c		1.89

	cpu_setfunc() can not use lwp_trampoline, as that has additional
	lwp startup semantics. Use a simpler setfunc_trampoline instead.
	[martin, ticket #786]

sys/arch/m68k/include/m68k.h			1.14
sys/arch/m68k/m68k/switch_subr.s		1.22
sys/arch/m68k/m68k/vm_machdep.c			1.28

	Do not use lwp_trampoline for cpu_setfunc, we do not want to call
	lwp_startup() after a setfunc. Grow a simplified setfunc_trampoline
	instead.
	[martin, ticket #787]

sys/arch/hp700/hp700/locore.S			1.35
sys/arch/hp700/include/cpu.h			1.34
sys/arch/hppa/hppa/vm_machdep.c			1.36

	Do not use lwp_trampoline for cpu_setfunc, but a simplified
	setfunc_trampoline that does not call lwp_startup().
	[skrll, ticket #793]

distrib/common/parselist.awk			1.16
distrib/sets/maketars				1.66
share/dict/Makefile				1.17
share/mk/bsd.README				1.249
share/mk/bsd.hostprog.mk			1.55
share/mk/bsd.kmodule.mk				1.19
share/mk/bsd.lib.mk				1.298
share/mk/bsd.links.mk				1.34
share/mk/bsd.man.mk				1.100
share/mk/bsd.prog.mk				1.241
share/zoneinfo/Makefile				1.43
usr.bin/xinstall/xinstall.c			1.106 - 1.108 via patch

	Various METALOG fixes, including entries sorting to
	fix inconsistent shared sets among builds as seen in
	/pub/NetBSD-daily/netbsd-5/200904010000Z/shared/ and
	/pub/NetBSD-daily/netbsd-5/200904010002Z/shared/ dirs.
	Should fix PR 24457 and PR 41155.
	[snj, ticket #790]

sys/kern/sched_4bsd.c				1.25

	sched_pstats_hook: fix estcpu decay.
	this makes my desktop usable when running "make -j4".
	[rmind, ticket #791]

external/mit/xorg/server/drivers/xf86-video-s3/Makefile patch

	Add missing object file to build a properly working s3 module.
	Fixes PR xsrc/41206.
	[ahoka, ticket #795]

sys/arch/alpha/alpha/locore.s			1.114
sys/arch/alpha/alpha/vm_machdep.c		1.100
sys/arch/alpha/include/alpha.h			1.24

	Do not use lwp_trampoline for cpu_setfunc, but a simplified
	setfunc_trampoline that does not call lwp_startup() instead.
	[martin, ticket #798]

sys/arch/mips/include/locore.h			1.79
sys/arch/mips/mips/locore_mips1.S		1.65
sys/arch/mips/mips/mipsX_subr.S			1.28
sys/arch/mips/mips/mips_machdep.c		1.211
sys/arch/mips/mips/vm_machdep.c			1.123

	Do not use the same trampoline for cpu_lwp_fork and
	cpu_setfunc - only the former needs to call lwp_startup().
	[martin, ticket #799]

sys/arch/sparc/dev/zs.c				1.116

	Properly initialize child attach args to zero - we could end
	up with various devices having different ideas about being
	console otherwise.
	[martin, ticket #800]

sys/arch/powerpc/powerpc/locore_subr.S		1.38
sys/arch/powerpc/powerpc/vm_machdep.c		1.77

	Do not use the same trampoline for cpu_setfunc and
	cpu_lwp_fork, the latter does a lot more work.
	[martin, ticket #801]

share/man/man8/afterboot.8			1.40

	Make some updates (most notably syncing the Postfix section
	with reality). inspired by PR misc/39168.
	[snj, ticket #804]

sys/arch/sh3/sh3/locore_subr.S			1.52

	Fix logic error in copyinstr() when deciding whether to return EFAULT
	or ENAMETOOLONG.
	[uwe, ticket #802]

distrib/sets/lists/xbase/mi			1.76
external/mit/xorg/bin/xvidtune/Makefile		1.2

	fix xsrc/41577: install the Xvidtune app-defaults file, after the
	necessary preprocessing and sed processing it needs.
	[mrg, ticket #805]

sys/compat/linux/common/linux_socket.c		1.100

	In sendmsg(2), do copy the msghdr structure before trying to use it.
	[njoly, ticket #806]

sys/kern/subr_kobj.c				1.35

	Fix a crash observed when trying to load a corrupted ELF kernel module.
	[rmind, ticket #809]

sys/netinet/tcp_usrreq.c			1.155

	sysctl_inpcblist: fix a lock leak in error path
	[rmind, ticket #812]

sys/dev/pci/ehci_pci.c				1.45

	Apply hw workaround required for all SB600 revisions and SB700
	revisions A12 and A13 to avoid USB subsystem hang symptom.
	The USB subsystem hang symptom is observed when the system has
	multiple USB devices connected to it or one USB device is often
	re-connected.
	[cegger, ticket #814]

lib/libpam/modules/pam_unix/pam_unix.c		1.13

	Restore the good old UNIX behavior of root password changing: only root
	may change the root password.
	[tonnerre, ticket #817]

sys/kern/sys_generic.c				1.122 via patch

	Updates to f_flag need to be made with atomics.
	[rmind, ticket #811]

sys/kern/tty_pty.c				1.117

	Writes on the controlling tty were not being awoken from blocks,
	use the correct condvar to make this happen.
	this fixes PR/41566
	[plunky, ticket #807]

distrib/hp300/miniroot/install.md		1.14

	Make hp300's install.md script probe cd(4) devices properly.
	[tsutsui, ticket #820]

sys/compat/linux/common/linux_sched.c		1.59

	In linux_sys_sched_getaffinity(), do not leak memory on error.
	[njoly, ticket #822]

external/bsd/pkg_install/dist/admin/pkg_admin.1:	1.1.1.7
external/bsd/pkg_install/dist/lib/license.c: 		1.1.1.3
external/bsd/pkg_install/dist/lib/version.h:		1.1.1.16

	Merge pkg_install-20090610 from HEAD
	[joerg, ticket #815]

games/hunt/huntd/answer.c			1.10

	Fix possible remote DoS of a running hunt game, and prevent
	a possible theoretical attack involving >= 1 billion ammo.
	[dholland, ticket #834]

crypto/dist/ssh/cipher.c			1.22
crypto/dist/ssh/cipher.h			1.3
crypto/dist/ssh/packet.c			1.32

	Add special handling for CBC cipher modes to make them appear
	less favorable than CTR modes. Also, in order to avoid creating
	oracles unnecessarily, change behavior in various situations
	from "Drop connection" to "Ignore packets up to 256kB". This
	affects CBC mode ciphers only.
	[tonnerre, ticket #843]

games/hack/extern.h				1.11
games/hack/hack.do_name.c			1.9, 1.10
games/hack/hack.eat.c				1.8
games/hack/hack.end.c				1.12 via patch
games/hack/hack.fight.c				1.10
games/hack/hack.h				1.13 via patch
games/hack/hack.invent.c			1.12, 1.13
games/hack/hack.main.c				1.12, 1.13
games/hack/hack.objnam.c			1.9
games/hack/hack.options.c			1.9
games/hack/hack.pri.c				1.11
games/hack/hack.rip.c				1.10, 1.11
games/hack/hack.shk.c				1.10
games/hack/hack.topl.c				1.10, 1.11
games/hack/hack.unix.c				1.12, 1.13

	sprintf -> snprintf, plus some use of strlcpy/strlcat where
	appropriate.
	Fix two serious string-handling bugs (one exploitable, one
	probably exploitable) and also add proper checking/paranoia in
	several other places.
	[dholland, ticket #844]

sys/kern/init_sysctl.c				1.161

	sysctl_doeproc: fix a bug in rev.1.135.  Don't forget to mark
	our marker process PK_MARKER.  This fixes crashes in
	sched_pstats, etc.
	[rmind, ticket #835]

sys/kern/kern_exit.c				1.221

	exit1: fix a race with do_sys_wait/proc_free.
	[rmind, ticket #836]

sys/kern/kern_rwlock.c				1.31

	lockdebug fixes for rw_tryupgrade/rw_downgrade.
	[rmind, ticket #837]

sys/kern/init_sysctl.c				1.162
sys/kern/vfs_trans.c				1.25

	Don't forget to skip marker processes.
	[rmind, ticket #838]

sys/kern/init_sysctl.c				1.163

	sysctl_doeproc:
		- simplify.
	        - KERN_PROC: fix possible stale proc pointer dereference.
	        - KERN_PROC: don't do copyout with proc_lock held.
	[rmind, ticket #839]

sys/kern/vfs_lockf.c				1.70

	lf_split: cv_destroy a condvar before clobbering it.
	[rmind, ticket #840]

sys/kern/vfs_syscalls.c				1.392

	do_sys_utimes: fix a bug introduced by rev.1.367.
	VA_UTIMES_NULL is in va_vaflags, not va_flags.
	[rmind, ticket #841]

sys/kern/vfs_lockf.c				1.71

	Don't make F_GETLK or the common case of F_UNLCK fail for
	per-user limit.
	[rmind, ticket #842]

lib/libc/sys/getrlimit.2			1.31, 1.32

	Document RLIMIT_AS.  Fixes PR#41517.
	[mrg, ticket #846]

xsrc/external/mit/freetype/dist/src/cff/cffload.c 1.2
xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c 1.2
xsrc/external/mit/freetype/dist/src/sfnt/ttcmap.c 1.2
xsrc/external/mit/freetype/dist/src/smooth/ftsmooth.c 1.2

	Apply fixes from CVE-2009-0946.
	[mrg, ticket #848]

crypto/dist/openssl/crypto/pqueue/pqueue.c	1.2
crypto/dist/openssl/crypto/pqueue/pqueue.h	1.2
crypto/dist/openssl/ssl/d1_both.c		1.4
crypto/dist/openssl/ssl/d1_pkt.c		1.2
crypto/dist/openssl/ssl/s3_pkt.c		1.10
crypto/dist/openssl/ssl/ssl.h			1.19
crypto/dist/openssl/ssl/ssl_err.c		1.13

	Fix various vulnerabilities in OpenSSL which have not previously
	been addressed: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
	CVE-2009-1386 and CVE-2009-1387.
	[tonnerre, ticket #850]

crypto/dist/openssl/ssl/d1_both.c		1.5

	Fix build problem from ticket 850 on non-64bit systems.
	[spz, ticket #851]

sys/netinet/ip_output.c				1.203

	Fix PR kern/41659: add missing splx() in FAST_IPSEC code.
	[martin, ticket #847]

common/lib/libc/hash/sha2/sha2.c		1.8-1.18 via patch
crypto/dist/openssl/crypto/evp/m_sha1.c		1.2-1.3 via patch
distrib/sets/lists/base/md.amd64		1.51 via patch
distrib/sets/lists/base/md.sparc64		1.46 via patch
distrib/sets/lists/base/shl.mi			1.474 via patch
distrib/sets/lists/comp/mi			1.1263 via patch
lib/libc/hash/sha2/Makefile.inc			1.4 via patch
lib/libc/hash/sha2/sha2.3			1.5 via patch
lib/libc/hash/sha2/sha224hl.c			1.1 via patch
lib/libc/include/namespace.h			1.138 via patch
lib/libc/shlib_version				patch
lib/libcrypto/libc-sha256.c			1.1 via patch
lib/libcrypto/libc-sha512.c			1.1 via patch
lib/libcrypto/sha.inc				1.10 via patch
lib/libcrypto/shlib_version			patch
sys/sys/sha2.h					1.3 via patch

	Add SHA224 implementation to libc.
	Make libcrypto use the SHA2 implementation of libc.
	Bump minor versions of libc and libcrypto.
	[joerg, ticket #855]

dist/dhcp/client/dhclient.c			1.20

	Limit the length of the address mask before we copy it.
	Fixes CVE-2009-0692.
	[tonnerre, ticket #856]

dist/dhcp/server/dhcp.c				1.11

	Fix behavior of dhcpd in the case where clientid and hardware
	ethernet definitions are mixed. Fixes a refcount assertion.
	[tonnerre, ticket #860]

sys/netinet/tcp_input.c				1.296

	Follow exactly the recommendation of
	draft-ietf-tcpm-tcpsecure-11.txt: Don't check gainst the last
	ack received, but the expected sequence number.  This makes RST
	handling independent of delayed ACK.
	[is, ticket #859]

sys/dev/pci/if_wm.c				1.168, 1.170 and 1.173 via patch
sys/dev/pci/if_wmreg.h				1.27

	1) On i82563, the em driver says that the ready bit in the MDIC
	register may be incorrectly set. Insert delay(200) like the em driver.
	Fixes PR#41014
	2) Add workaround for 82543GC. We need to force speed and duplex on
	the MAC equal to what the PHY speed and duplex configuration is.
	Fixes PR#36430.
	3) Fix many problems and panic on TBI's cards (includes PR#32009).
	[msaitoh, ticket #862]

sys/kern/sys_mqueue.c				1.21 via patch

	mq_send/mq_receive: while permission may allow that, return EBADF
	if sending to read-only queue, or receiving from write-only queue.
	[rmind, ticket #857]

sys/kern/vfs_subr.c				1.379
sys/sys/vnode.h					1.207

	Put a flag bit into v_usecount to prevent vtryget during
	getcleanvnode.  Fixes PR/41374.
	[rmind, ticket #863]

sys/arch/amd64/amd64/trap.c			1.56, 1.57

	Handle protection fault properly.
	[rmind, ticket #865]

sys/dev/ic/ciss.c				1.15
sys/dev/ic/tcic2.c				1.31
sys/dev/isa/if_ntwoc_isa.c			1.18
sys/dev/isa/isadma.c				1.59
sys/dev/pci/if_sk.c				1.57
sys/dev/pcmcia/if_cnw.c				1.46
sys/dev/usb/ulpt.c				1.82

	printf format fixes.
	[dholland, ticket #874]

lib/libc/sys/intro.2				1.53, 1.54

	Mention, along with the behavior of succeeding system calls, the
	normal behavior of succeeding library functions regarding errno.
	(That is, they may leave arbitrary nonzero values in errno.)
	[dholland, ticket #867]

lib/libc/stdlib/strtol.3			1.25, 1.26
lib/libc/stdlib/strtoul.3			1.22, 1.23

	Clarify the description of the errno behavior, based on the recent
	thread in tech-userlevel.
	[dholland, ticket #868]

sys/arch/pmax/pmax/machdep.c			1.233

	Fix an #ifdef botch in rev 1.214 that causes
	[ Kernel symbol table invalid! ] message at boot,
	which means no ksyms(4) support even on GENERIC kernel.
	[tsutsui, ticket #869]

lib/libc/sys/intro.2				1.50 via patch

	PR/40060 - Bug Hunting -- grammar fix
	[dholland, ticket #872]

sbin/wsconsctl/wsconsctl.8			1.26

	PR/40059 - Bug Hunting -- add Xref to wscons.conf(5)
	[dholland, ticket #873]

external/bsd/pkg_install/dist/info/perform.c	pkg_install-20090724
external/bsd/pkg_install/dist/lib/license.c	pkg_install-20090724
external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in pkg_install-20090724
external/bsd/pkg_install/dist/lib/version.h	pkg_install-20090724

	Import pkg_install-20070724:
	- license handling: accept upper case letters. Keep license checks
	 case-sensitive as done in the older pkgsrc logic. Document this.
	- pkg_info:
	 - fix handling of non-packages, that are valid archives
	 - invert order of pkg_info -r to better match the expectations of
	   make update.
	[joerg, ticket #877]

dist/bind/bin/named/update.c			patch

	Fix CVE-2009-0696.
	[christos, ticket #881]

sys/conf/copyright				1.6

	Update copyright notice for 2009.
	[rmind, ticket #882]

distrib/notes/common/main			patch

	Update for 5.0.1.
	[snj]

gnu/usr.bin/groff/tmac/mdoc.local		patch
sys/sys/param.h					patch

	Welcome to 5.0.1!
	[snj]