version 1.79, 2023/10/14 19:53:05 |
version 1.80, 2023/10/14 21:13:43 |
|
|
<li>On arm64, use the deep idle state available on Apple M1/M2 cores |
<li>On arm64, use the deep idle state available on Apple M1/M2 cores |
in the idle loop and for suspend, resulting in power savings. |
in the idle loop and for suspend, resulting in power savings. |
<!-- reverted <li>In <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>, when |
<!-- reverted <li>In <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>, when |
detaching devices when we suspend, we need to continue processing |
detaching devices during suspend, must continue processing |
command completion events. This fixes USB suspend/resume in Apple |
command completion events. This fixes USB suspend/resume in Apple |
M1/M2. --> |
M1/M2. --> |
</ul> |
</ul> |
|
|
the RGMII interface before taking the PHY out of reset. |
the RGMII interface before taking the PHY out of reset. |
<li>Improve <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> and |
<li>Improve <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> and |
determine PHY mode and pass the appropriate flags down to the PHY when |
determine PHY mode and pass the appropriate flags down to the PHY when |
we attach it. |
attaching. |
<li>Report in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> on |
<li>Report in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> on |
which gmac the <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> |
which gmac the <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> |
driver is attaching to. |
driver is attaching to. |
|
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>We enabled support for branch target identification (BTI) in both |
<li>Enabled support for branch target identification (BTI) in both |
the kernel and userland. On hardware that supports this feautre, it |
the kernel and userland. On hardware that supports this feautre, it |
helps enforcing control flow integrety by making sure malicious code |
helps enforcing control flow integrety by making sure malicious code |
cannot jump into the middle of a function. |
cannot jump into the middle of a function. |
<li>We enabled support for pointer authentication (PAC) in userland. On |
<li>Enabled support for pointer authentication (PAC) in userland. On |
hardware that supports this feature it helps enforcing control flow |
hardware that supports this feature it helps enforcing control flow |
integrety by making sure malicious code cannot manipulate a |
integrety by making sure malicious code cannot manipulate a |
function's return address. |
function's return address. |
<li>On the amd64 architecture, we enabled support for indirect |
<li>On the amd64 architecture, enabled support for indirect |
branch tracking (IBT) in both the kernel and userland. On hardware |
branch tracking (IBT) in both the kernel and userland. On hardware |
that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrety |
by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
function. |
function. |
<li>On the arm64 architecture, we enabled support for branch target |
<li>On the arm64 architecture, enabled support for branch target |
identification (BTI) in both the kernel and userland. On hardware |
identification (BTI) in both the kernel and userland. On hardware |
that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrety |
by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
function. |
function. |
<li>On the arm64 architecture, we enabled support for pointer |
<li>On the arm64 architecture, enabled support for pointer |
authentication (PAC) in userland. On hardware that supports this |
authentication (PAC) in userland. On hardware that supports this |
feature it helps enforcing control flow integrety by making sure |
feature it helps enforcing control flow integrety by making sure |
malicious code cannot manipulate a function's return address. |
malicious code cannot manipulate a function's return address. |
|
|
remove artificial limit of 2 hours on a PIO lifetime. |
remove artificial limit of 2 hours on a PIO lifetime. |
<li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a> |
<li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a> |
more resilient when some servers are |
more resilient when some servers are |
misbehaving: keep trying LDAP servers until we get full results from |
misbehaving: keep trying LDAP servers until full results arrive |
one, rather than just until one accepts the TCP connection. |
rather than just until one accepts the TCP connection. |
<li>New <a href="https://man.openbsd.org/ifconfig.8#wgdescription" |
<li>New <a href="https://man.openbsd.org/ifconfig.8#wgdescription" |
>wgdescription</a> parameter to |
>wgdescription</a> parameter to |
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |