| version 1.86, 2023/10/14 23:00:49 |
version 1.87, 2023/10/15 00:30:41 |
|
|
| <li>Extend and improve the ibuf API in <a |
<li>Extend and improve the ibuf API in <a |
| href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add |
href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add |
| function for more specific data types, for modifying data at specific |
function for more specific data types, for modifying data at specific |
| offsets, for getting and setting the filedescriptor stored on the ibuf |
offsets, for getting and setting the file descriptor stored on the ibuf |
| and for efficient wrapping of ibufs into imesgs. The ibuf API is |
and for efficient wrapping of ibufs into imesgs. The ibuf API is |
| mostly used in network daemons. |
mostly used in network daemons. |
| <li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
|
|
| @weekly, @daily and @hourly entries. |
@weekly, @daily and @hourly entries. |
| <li>Fix a bug in <a |
<li>Fix a bug in <a |
| href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace |
href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace |
| after usernames would not be completly skipped while parsing the |
after usernames would not be completely skipped while parsing the |
| href="https://man.openbsd.org/crontab.5">crontab(5)</a> file. |
href="https://man.openbsd.org/crontab.5">crontab(5)</a> file. |
| <li>In pax(1), safely escape characters when displaying messages |
<li>In pax(1), safely escape characters when displaying messages |
| that may include file names, and truncate times to the correct maximum |
that may include file names, and truncate times to the correct maximum |
|
|
| <li>Add support for TEMPerGold 3.4 temperature sensor to |
<li>Add support for TEMPerGold 3.4 temperature sensor to |
| <a href="https://man.openbsd.org/ugold.4">ugold(4)</a>. |
<a href="https://man.openbsd.org/ugold.4">ugold(4)</a>. |
| <li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>, |
<li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>, |
| a driver for the Qualcomm RNG device found on the Thinkpad X13s. |
a driver for the Qualcomm RNG device found on the ThinkPad X13s. |
| <li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>, |
<li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>, |
| a driver for the usb2phy on Rockchip SoCs. |
a driver for the usb2phy on Rockchip SoCs. |
| <li>Support AP806/CP110 SoCs in |
<li>Support AP806/CP110 SoCs in |
|
|
| a driver for the PMIC Shared Direct Access Memory found on |
a driver for the PMIC Shared Direct Access Memory found on |
| Qualcomm SoCs. |
Qualcomm SoCs. |
| <li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
<li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
| driver for the random number generator on the risc-v JH7110 SoC. |
driver for the random number generator on the StarFive JH7110 SoC. |
| <li>Add support for the PCIe controller on the JH7110 SoC with <a |
<li>Add support for the PCIe controller on the JH7110 SoC with <a |
| href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a> |
href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a> |
| |
|
|
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li>Enabled support for branch target identification (BTI) in both |
<li>Enabled support for branch target identification (BTI) in both |
| the kernel and userland. On hardware that supports this feautre, it |
the kernel and userland. On hardware that supports this feature, it |
| helps enforcing control flow integrety by making sure malicious code |
helps enforcing control flow integrity by making sure malicious code |
| cannot jump into the middle of a function. |
cannot jump into the middle of a function. |
| <li>Enabled support for pointer authentication (PAC) in userland. On |
<li>Enabled support for pointer authentication (PAC) in userland. On |
| hardware that supports this feature it helps enforcing control flow |
hardware that supports this feature it helps enforcing control flow |
| integrety by making sure malicious code cannot manipulate a |
integrity by making sure malicious code cannot manipulate a |
| function's return address. |
function's return address. |
| <li>On the amd64 architecture, enabled support for indirect |
<li>On the amd64 architecture, enabled support for indirect |
| branch tracking (IBT) in both the kernel and userland. On hardware |
branch tracking (IBT) in both the kernel and userland. On hardware |
| that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrity |
| by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
| function. |
function. |
| <li>On the arm64 architecture, enabled support for branch target |
<li>On the arm64 architecture, enabled support for branch target |
| identification (BTI) in both the kernel and userland. On hardware |
identification (BTI) in both the kernel and userland. On hardware |
| that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrity |
| by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
| function. |
function. |
| <li>On the arm64 architecture, enabled support for pointer |
<li>On the arm64 architecture, enabled support for pointer |
| authentication (PAC) in userland. On hardware that supports this |
authentication (PAC) in userland. On hardware that supports this |
| feature it helps enforcing control flow integrety by making sure |
feature it helps enforcing control flow integrity by making sure |
| malicious code cannot manipulate a function's return address. |
malicious code cannot manipulate a function's return address. |
| </ul> |
</ul> |
| |
|
|
|
| <li>Allowed arguments on NOOP. |
<li>Allowed arguments on NOOP. |
| </ul> |
</ul> |
| |
|
| <li>Many other changes in various network programms and libraries: |
<li>Many other changes in various network programs and libraries: |
| <ul> |
<ul> |
| <li>Allow libpcap to read files with some additional link-layer type values. |
<li>Allow libpcap to read files with some additional link-layer type values. |
| <li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3" |
<li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3" |
|
|
| |
|
| <li>Allow UDP for built-in <a |
<li>Allow UDP for built-in <a |
| href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
| 127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand |
127.0.0.1. This restriction was added in year 2000 due to IPv6 compatible and |
| mapped addresses. Nowadays our kernel does not support these IPv6 |
mapped addresses. Nowadays our kernel does not support these IPv6 |
| features and blocks localhost addresses on non-loopback interfaces. |
features and blocks localhost addresses on non-loopback interfaces. |
| Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |
Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www