| version 1.15, 2023/10/10 22:35:56 |
version 1.16, 2023/10/10 23:19:35 |
|
|
| <li>Replace strncpy() with strlcpy() in mg(1). |
<li>Replace strncpy() with strlcpy() in mg(1). |
| <li>Skip checking permissions of conffile with access(2). |
<li>Skip checking permissions of conffile with access(2). |
| </ul> |
</ul> |
| <li>On aarch64 architectures improve how BTI control flow integretry |
<li>On aarch64 architectures improve how BTI control flow integrity |
| enforcement is implemented in the executable entry point and enable |
enforcement is implemented in the executable entry point and enable |
| support for BTI control flow integrety checks in libc assembly |
support for BTI control flow integrity checks in libc assembly |
| functions. |
functions. |
| |
|
| </ul> |
</ul> |
|
|
| |
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li>Change malloc(3) chunk sizes to be fine grained. [needs better explaination] |
<li>Change malloc(3) chunk sizes to be fine grained. [needs better explanation] |
| <li>In malloc(3), check all chunks in the delayed free list for write-after-free. |
<li>In malloc(3), check all chunks in the delayed free list for write-after-free. |
| </ul> |
</ul> |
| |
|
|
|
| <ul> |
<ul> |
| <li>In isakmpd(8), avoid a double free in ec_init() when using the OpenSSL API. |
<li>In isakmpd(8), avoid a double free in ec_init() when using the OpenSSL API. |
| <li>In iked(8), do not treat the return value of i2d_ECDSA_SIG() as |
<li>In iked(8), do not treat the return value of i2d_ECDSA_SIG() as |
| lenght as it can be negative. |
length as it can be negative. |
| <li>Prepare isakmpd(8) for a libcrypto library that is lacking binary field |
<li>Prepare isakmpd(8) for a libcrypto library that is lacking binary field |
| support. |
support. |
| <li>In isakmpd(8), avoid a potential crash by addind a missing NULL check. |
<li>In isakmpd(8), avoid a potential crash by adding a missing NULL check. |
| |
|
| </ul> |
</ul> |
| <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
|
|
| <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, |
| <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
| <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
<a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
| remove vestigal support for KRL |
remove vestigial support for KRL |
| signatures When the KRL format was originally defined, it included |
signatures When the KRL format was originally defined, it included |
| support for signing of KRL objects. However, the code to sign KRLs |
support for signing of KRL objects. However, the code to sign KRLs |
| and verify KRL signatues was never completed in OpenSSH. This |
and verify KRL signatures was never completed in OpenSSH. This |
| release removes the partially-implemented code to verify KRLs. |
release removes the partially-implemented code to verify KRLs. |
| All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in |
All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in |
| KRL files. |
KRL files. |
|
|
| the resultant file would be erroneously truncated. |
the resultant file would be erroneously truncated. |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| don't incorrectly disable hostname canonicalization when |
don't incorrectly disable hostname canonicalization when |
| CanonicalizeHostname=yes and ProxyJump was expicitly set to |
CanonicalizeHostname=yes and ProxyJump was explicitly set to |
| "none". |
"none". |
| <li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
| when copying local to remote, check that the source file |
when copying local to remote, check that the source file |
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www