version 1.86, 2023/10/14 23:00:49 |
version 1.87, 2023/10/15 00:30:41 |
|
|
<li>Extend and improve the ibuf API in <a |
<li>Extend and improve the ibuf API in <a |
href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add |
href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add |
function for more specific data types, for modifying data at specific |
function for more specific data types, for modifying data at specific |
offsets, for getting and setting the filedescriptor stored on the ibuf |
offsets, for getting and setting the file descriptor stored on the ibuf |
and for efficient wrapping of ibufs into imesgs. The ibuf API is |
and for efficient wrapping of ibufs into imesgs. The ibuf API is |
mostly used in network daemons. |
mostly used in network daemons. |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
|
|
@weekly, @daily and @hourly entries. |
@weekly, @daily and @hourly entries. |
<li>Fix a bug in <a |
<li>Fix a bug in <a |
href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace |
href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace |
after usernames would not be completly skipped while parsing the |
after usernames would not be completely skipped while parsing the |
href="https://man.openbsd.org/crontab.5">crontab(5)</a> file. |
href="https://man.openbsd.org/crontab.5">crontab(5)</a> file. |
<li>In pax(1), safely escape characters when displaying messages |
<li>In pax(1), safely escape characters when displaying messages |
that may include file names, and truncate times to the correct maximum |
that may include file names, and truncate times to the correct maximum |
|
|
<li>Add support for TEMPerGold 3.4 temperature sensor to |
<li>Add support for TEMPerGold 3.4 temperature sensor to |
<a href="https://man.openbsd.org/ugold.4">ugold(4)</a>. |
<a href="https://man.openbsd.org/ugold.4">ugold(4)</a>. |
<li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>, |
<li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>, |
a driver for the Qualcomm RNG device found on the Thinkpad X13s. |
a driver for the Qualcomm RNG device found on the ThinkPad X13s. |
<li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>, |
<li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>, |
a driver for the usb2phy on Rockchip SoCs. |
a driver for the usb2phy on Rockchip SoCs. |
<li>Support AP806/CP110 SoCs in |
<li>Support AP806/CP110 SoCs in |
|
|
a driver for the PMIC Shared Direct Access Memory found on |
a driver for the PMIC Shared Direct Access Memory found on |
Qualcomm SoCs. |
Qualcomm SoCs. |
<li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
<li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
driver for the random number generator on the risc-v JH7110 SoC. |
driver for the random number generator on the StarFive JH7110 SoC. |
<li>Add support for the PCIe controller on the JH7110 SoC with <a |
<li>Add support for the PCIe controller on the JH7110 SoC with <a |
href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a> |
href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a> |
|
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>Enabled support for branch target identification (BTI) in both |
<li>Enabled support for branch target identification (BTI) in both |
the kernel and userland. On hardware that supports this feautre, it |
the kernel and userland. On hardware that supports this feature, it |
helps enforcing control flow integrety by making sure malicious code |
helps enforcing control flow integrity by making sure malicious code |
cannot jump into the middle of a function. |
cannot jump into the middle of a function. |
<li>Enabled support for pointer authentication (PAC) in userland. On |
<li>Enabled support for pointer authentication (PAC) in userland. On |
hardware that supports this feature it helps enforcing control flow |
hardware that supports this feature it helps enforcing control flow |
integrety by making sure malicious code cannot manipulate a |
integrity by making sure malicious code cannot manipulate a |
function's return address. |
function's return address. |
<li>On the amd64 architecture, enabled support for indirect |
<li>On the amd64 architecture, enabled support for indirect |
branch tracking (IBT) in both the kernel and userland. On hardware |
branch tracking (IBT) in both the kernel and userland. On hardware |
that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrity |
by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
function. |
function. |
<li>On the arm64 architecture, enabled support for branch target |
<li>On the arm64 architecture, enabled support for branch target |
identification (BTI) in both the kernel and userland. On hardware |
identification (BTI) in both the kernel and userland. On hardware |
that supports this feature, it helps enforcing control flow integrety |
that supports this feature, it helps enforcing control flow integrity |
by making sure malicious code cannot jump into the middle of a |
by making sure malicious code cannot jump into the middle of a |
function. |
function. |
<li>On the arm64 architecture, enabled support for pointer |
<li>On the arm64 architecture, enabled support for pointer |
authentication (PAC) in userland. On hardware that supports this |
authentication (PAC) in userland. On hardware that supports this |
feature it helps enforcing control flow integrety by making sure |
feature it helps enforcing control flow integrity by making sure |
malicious code cannot manipulate a function's return address. |
malicious code cannot manipulate a function's return address. |
</ul> |
</ul> |
|
|
|
|
<li>Allowed arguments on NOOP. |
<li>Allowed arguments on NOOP. |
</ul> |
</ul> |
|
|
<li>Many other changes in various network programms and libraries: |
<li>Many other changes in various network programs and libraries: |
<ul> |
<ul> |
<li>Allow libpcap to read files with some additional link-layer type values. |
<li>Allow libpcap to read files with some additional link-layer type values. |
<li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3" |
<li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3" |
|
|
|
|
<li>Allow UDP for built-in <a |
<li>Allow UDP for built-in <a |
href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand |
127.0.0.1. This restriction was added in year 2000 due to IPv6 compatible and |
mapped addresses. Nowadays our kernel does not support these IPv6 |
mapped addresses. Nowadays our kernel does not support these IPv6 |
features and blocks localhost addresses on non-loopback interfaces. |
features and blocks localhost addresses on non-loopback interfaces. |
Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |
Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |