version 1.37, 2023/04/06 20:58:16 |
version 1.38, 2023/04/06 21:04:40 |
|
|
<li>Fixed <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> |
<li>Fixed <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> |
issues with suspend/resume and possible firmware crashes on the M2 |
issues with suspend/resume and possible firmware crashes on the M2 |
MacBook Air. |
MacBook Air. |
|
<li>Prevented an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> |
<li>Prevented an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware error when authentication to the AP times out. |
firmware error when authentication to the AP times out. |
|
<li>Fixed a crash in <a |
<li>Fixed a crash in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> when connecting to WEP networks via <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> join. |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> when connecting to WEP |
|
networks via <a |
<li>Fixed an alignment issue in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx descriptors. |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> join. |
|
<li>Fixed an alignment issue in <a |
<li>Avoided trying to remove keys while doing crypto in hardware if the station is not active in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware, fixing a firmware panic. |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx descriptors. |
|
<li>Avoided trying to remove keys while doing crypto in hardware if |
|
the station is not active in <a |
|
href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware, fixing a |
|
firmware panic. |
<li>Prevented potential panics by disallowing the <a |
<li>Prevented potential panics by disallowing the <a |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> init task from running |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> init task from running |
in parallel to wakeup code during resume. |
in parallel to wakeup code during resume. |
|
|
<li>Switched all <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> |
<li>Switched all <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> |
devices to -77 firmware images. |
devices to -77 firmware images. |
|
<li>Upgraded firmware images for <a |
<li>Upgraded firmware images for |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 devices. |
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 devices. |
|
|
|
<li>Made <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> get the |
<li>Made <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> get the |
primary channel number from AP beacon info, preventing problems on |
primary channel number from AP beacon info, preventing problems on |
40/80Mhz channels if there is a mismatch. |
40/80Mhz channels if there is a mismatch. |
|
|
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> session |
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> session |
protection event duration. |
protection event duration. |
|
|
</ul> |
</ul> |
|
|
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<ul> |
<ul> |
|
|
<li>Made net80211 drop beacons received on secondary HT/VHT |
<li>Made net80211 drop beacons received on secondary HT/VHT |
channels, preventing <a |
channels, preventing <a |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware panics and |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware panics and |
making association work with 11ac APs which transmit beacons on |
making association work with 11ac APs which transmit beacons on |
channels other than their primary. |
channels other than their primary. |
<li>Made WEP encryption work on <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>. |
<li>Made WEP encryption work on <a |
|
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>. |
</ul> |
</ul> |
|
|
<li>Installer, upgrade and bootloader improvements: |
<li>Installer, upgrade and bootloader improvements: |
|
|
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. keydisks. |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. keydisks. |
<li>Fixed passing explicit stages files to |
<li>Fixed passing explicit stages files to |
<a href="https://man.openbsd.org/installboot.8">installboot(8)</a>. |
<a href="https://man.openbsd.org/installboot.8">installboot(8)</a>. |
|
<!-- architecture specific --> |
|
|
<!-- architecture specific --> |
|
<li>Added <a |
<li>Added <a |
href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a> to the |
href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a> to the |
sparc64 installer, to fetch sets over NFS. |
sparc64 installer, to fetch sets over NFS. |
|
|
|
|
<li>Changes in the network stack: |
<li>Changes in the network stack: |
<ul> |
<ul> |
|
|
<li>Made /dev/pf a clonable device to better track kernel resources |
<li>Made /dev/pf a clonable device to better track kernel resources |
used by processes. |
used by processes. |
<li>Modified TCP receive buffer size auto-scaling to use the smoothed |
<li>Modified TCP receive buffer size auto-scaling to use the smoothed |
|
|
address space to further improve randomization of ASLR and stack |
address space to further improve randomization of ASLR and stack |
protector. |
protector. |
</ul> |
</ul> |
|
|
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, <a |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, <a |
href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> and <a |
href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> and <a |
href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>: |
href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>: |
|
|
based on draft-ietf-sidrops-aspa-verification-12 |
based on draft-ietf-sidrops-aspa-verification-12 |
<li>Introduce avs (ASPA validation state) filter and bgpctl |
<li>Introduce avs (ASPA validation state) filter and bgpctl |
filter argument |
filter argument |
<li>Add ASPA support for the RTR protocol based on |
<li>Add ASPA support for the RTR protocol based on |
draft-ietf-sidrops-8210bis-10 |
draft-ietf-sidrops-8210bis-10 |
<li>Improve open policy (RFC 9234) support and enable the capability |
<li>Improve open policy (RFC 9234) support and enable the capability |
automatically if a role is specified for the peer |
automatically if a role is specified for the peer |
<li>Introduce a per neighbor 'role' configuration option to specify |
<li>Introduce a per neighbor 'role' configuration option to specify |
the session role used by ASPA verification and the open policy |
the session role used by ASPA verification and the open policy |
capability. The 'announce policy' statement was simplified at |
capability. The 'announce policy' statement was simplified at |
the same time. |
the same time. |
<li>Improve startup behaviour by introducing a small delay before |
<li>Improve startup behaviour by introducing a small delay before |
opening the connection to a new peer |
opening the connection to a new peer |
<li>Support for aspa-set table config which can be provided by |
<li>Support for aspa-set table config which can be provided by |
<a |
<a |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> |
<li>Make it possible to filter the RIB by invalid and leaked prefixes |
<li>Make it possible to filter the RIB by invalid and leaked prefixes |
in bgpctl and bgplgd |
in bgpctl and bgplgd |
<li>Add OpenMetrics output to bgpctl for various BGP statistics and |
<li>Add OpenMetrics output to bgpctl for various BGP statistics and |
add /metrics endpoint to bgplgd |
add /metrics endpoint to bgplgd |
<li>Fix of incorrect length checks that allowed an out-of-bounds |
<li>Fix of incorrect length checks that allowed an out-of-bounds |
read in bgpd. |
read in bgpd. |
</ul> |
</ul> |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
|
|
possible piped into nc. |
possible piped into nc. |
</ul> |
</ul> |
|
|
|
<li>Further changes: |
|
<ul> |
<li>Added support for newlines inside the alternative names block in |
<li>Added support for newlines inside the alternative names block in |
<a |
<a |
href="https://man.openbsd.org/acme-client.conf.5">acme-client.conf</a>. |
href="https://man.openbsd.org/acme-client.conf.5">acme-client.conf</a>. |
|
|
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> from |
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> from |
leaking an http get request when receiving a redirect without a |
leaking an http get request when receiving a redirect without a |
location header. |
location header. |
|
|
<!-- smtpd --> |
<!-- smtpd --> |
<li>Prevented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> |
<li>Prevented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> |
abort due to a connection from a local, scoped ipv6 address. |
abort due to a connection from a local, scoped ipv6 address. |
<li>Fixed a potential NULL dereference in the unpriv child expanding |
<li>Fixed a potential NULL dereference in the unpriv child expanding |
%{mda} in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
%{mda} in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
|
|
<li>Corrected the order of arguments for calls to <a |
<li>Corrected the order of arguments for calls to <a |
href="https://man.openbsd.org/shutdown.2">shutdown(2)</a> on the route |
href="https://man.openbsd.org/shutdown.2">shutdown(2)</a> on the route |
socket of <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, <a |
socket of <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, <a |
|
|
<li>Fixed the DIOCIGETIFACES ioctl so all network interfaces and |
<li>Fixed the DIOCIGETIFACES ioctl so all network interfaces and |
interface groups are reported in <a |
interface groups are reported in <a |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>. |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>. |
|
|
|
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |