version 1.40, 2020/10/04 21:44:53 |
version 1.41, 2020/10/04 22:12:48 |
|
|
<li>Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot. |
<li>Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot. |
<li>Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it. |
<li>Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it. |
<li>Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with <a href="https://man.openbsd.org/security">security(8)</a>. |
<li>Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with <a href="https://man.openbsd.org/security">security(8)</a>. |
|
<li>Fixed two out-of-bounds array accesses in ioctl code pathways in |
|
<a href="https://man.openbsd.org/wscons">wscons(4)</a>. |
<li>The following security bugs were addressed: |
<li>Fixed information leak in semctl SEM_GET. |
<ul> |
<li>Prevented root from freezing the UTC clock with <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> at securelevel 2. |
<li>Fixed two out-of-bounds array accesses in ioctl code pathways in |
<li>Fixed performance problems relating to tty subsystem abuse.<!-- tty.c,v 1.158 2020/07/14 14:33:03 deraadt --> |
<a href="https://man.openbsd.org/wscons">wscons(4)</a>. |
<li>Fixed heap corruption in the X input method client in libX11. |
<li>Fixed information leak in semctl SEM_GET. |
<li>Fixed potential information leak via X server pixel data uninitialized memory. |
<li>Prevented root from freezing the UTC clock with <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> at securelevel 2. |
<li>Fixed a race condition for isoc devices during device close. |
<li>Fixed performance problems relating to tty subsystem abuse.<!-- tty.c,v 1.158 2020/07/14 14:33:03 deraadt --> |
<li>Fixed an integer overflow in libX11 which could lead to a double free. |
<li>Fixed heap corruption in the X input method client in libX11. |
<li>Corrected multiple input validation deficits in X server extensions. |
<li>Fixed potential information leak via X server pixel data uninitialized memory. |
|
<li>Fixed a race condition for isoc devices during device close. |
|
<li>Fixed an integer overflow in libX11 which could lead to a double free. |
|
<li>Corrected multiple input validation deficits in X server extensions. |
|
</ul> |
|
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |