version 1.44, 2018/03/27 01:03:34 |
version 1.45, 2018/03/27 01:49:19 |
|
|
href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>. |
href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>. |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> no longer |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> no longer |
creates an underlying bridge interface for virtual switches defined in |
creates an underlying bridge interface for virtual switches defined in |
<a href="https://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a> |
<a href="https://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a>. |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> receives |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> receives |
switch information (rdomain, etc) from underlying switch interface in |
switch information (rdomain, etc) from underlying switch interface in |
conjunction of settings in <a |
conjunction of settings in <a |
href="https://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a> |
href="https://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a>. |
<li>Time Stamp Counter (TSC) support in guest VMs |
<li>Time Stamp Counter (TSC) support in guest VMs. |
<li>Support ukvm/Solo5 unikernels in |
<li>Support ukvm/Solo5 unikernels in |
<a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a> |
<a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>. |
<li>Handle valid (but uncommon) instruction encodings better |
<li>Handle valid (but uncommon) instruction encodings better. |
<li>Better PAE paging support for 32-bit Linux guest VMs |
<li>Better PAE paging support for 32-bit Linux guest VMs. |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> now allows up |
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> now allows up |
to four network interfaces in each VM |
to four network interfaces in each VM. |
<li>Add paused migration and snapshotting support to <a |
<li>Add paused migration and snapshotting support to <a |
href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a> for AMD SVM/RVI |
href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a> for AMD SVM/RVI |
hosts. |
hosts. |
|
|
<a href="https://man.openbsd.org/pty.4">pty(4)</a> are now understood by |
<a href="https://man.openbsd.org/pty.4">pty(4)</a> are now understood by |
<a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
<a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
<li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> |
<li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> |
and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling |
and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling. |
</ul> |
</ul> |
<p> |
<p> |
|
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> has a new |
<li><a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> has a new |
<b>ssv</b> option which outputs rib entries as a single semicolon-seperated |
<b>ssv</b> option which outputs rib entries as a single semicolon-separated |
like for selection before output. |
like for selection before output. |
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> generates |
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> generates |
random but stable IPv6 stateless autoconfiguration addresses according |
random but stable IPv6 stateless autoconfiguration addresses according |
|
|
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> has a new |
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> has a new |
<b>staticarp</b> option to make interfaces reply to ARP requests only. |
<b>staticarp</b> option to make interfaces reply to ARP requests only. |
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> can now |
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> can now |
collapse flow outputs having the same source or destination |
collapse flow outputs having the same source or destination. |
<li>The <tt>-n</tt> option in the |
<li>The <tt>-n</tt> option in the |
<a href="https://man.openbsd.org/netstart.8">netstart(8)</a> no longer |
<a href="https://man.openbsd.org/netstart.8">netstart(8)</a> no longer |
messes with the default route. |
messes with the default route. |
|
|
number generator as entropy at startup. |
number generator as entropy at startup. |
<li>Put a small random gap at the top of thread stacks, so that attackers |
<li>Put a small random gap at the top of thread stacks, so that attackers |
have yet another calculation to perform for their ROP work. |
have yet another calculation to perform for their ROP work. |
<li>Mitigation for Meltdown vulnerability for Intel brand amd64 CPUs |
<li>Mitigation for Meltdown vulnerability for Intel brand amd64 CPUs. |
<li>OpenBSD/arm64 now uses kernel page table isolation to mitigate |
<li>OpenBSD/arm64 now uses kernel page table isolation to mitigate |
Spectre variant 3 (Meltdown) attacks. |
Spectre variant 3 (Meltdown) attacks. |
<li>OpenBSD/armv7 and OpenBSD/arm64 now flush the branch target |
<li>OpenBSD/armv7 and OpenBSD/arm64 now flush the Branch Target |
cache (BTB) on processors that do speculative execution to |
Cache (BTB) on processors that do speculative execution to |
mitigate Spectre variant 2 attacks. |
mitigate Spectre variant 2 attacks. |
<li>... |
<li>... |
</ul> |
</ul> |
|
|
to perform <a href="https://man.openbsd.org/fsck.8">fsck(8)</a>. |
to perform <a href="https://man.openbsd.org/fsck.8">fsck(8)</a>. |
<li><a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> |
<li><a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> |
autodetects the agreement URL and follows 30x HTTP redirects. |
autodetects the agreement URL and follows 30x HTTP redirects. |
<li>Added __cxa_thread_atexit() to support modern C++ tool chains |
<li>Added __cxa_thread_atexit() to support modern C++ tool chains. |
<li>Added EVFILT_DEVICE support to |
<li>Added EVFILT_DEVICE support to |
<a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> for |
<a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> for |
monitoring changes to |
monitoring changes to |
|
|
validates the requested partition size against the size of the largest free |
validates the requested partition size against the size of the largest free |
chunk instead of the total free space. |
chunk instead of the total free space. |
<li>Support for dumping USB transfers via |
<li>Support for dumping USB transfers via |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a> |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>. |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> can now |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> can now |
understand dumps of USB transfers in the |
understand dumps of USB transfers in the |
<a href="http://desowin.org/usbpcap/captureformat.html">USBPcap</a> |
<a href="http://desowin.org/usbpcap/captureformat.html">USBPcap</a> |
|
|
<ul> |
<ul> |
<li> Fixed a bug in int_x509_param_set_hosts, calling strlen() if name |
<li> Fixed a bug in int_x509_param_set_hosts, calling strlen() if name |
length provided is 0 to match the OpenSSL behaviour. Issue noticed |
length provided is 0 to match the OpenSSL behaviour. Issue noticed |
by Christian Heimes <christian@python.org> |
by Christian Heimes <christian@python.org>. |
<li> Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on |
<li> Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on |
observations of real-world usage in applications. These are |
observations of real-world usage in applications. These are |
implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility |
implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility |