[BACK]Return to 74.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/74.html between version 1.58 and 1.59

version 1.58, 2023/10/14 11:46:50 version 1.59, 2023/10/14 12:54:13
Line 222 
Line 222 
         a random offset less than the step value.  This can be used to avoid          a random offset less than the step value.  This can be used to avoid
         thundering herd problems where multiple machines contact a server all          thundering herd problems where multiple machines contact a server all
         at the same time via cron jobs.          at the same time via cron jobs.
     <li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>,
           add button mappings for two- and three-finger clicks on clickpads.
   </ul>    </ul>
   
 <li>Various bugfixes and tweaks in userland:  <li>Various bugfixes and tweaks in userland:
Line 312 
Line 314 
       always uses the current media type provided by the kernel.        always uses the current media type provided by the kernel.
   <li>Ensure <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> handles    <li>Ensure <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> handles
       the case where a GPT partition name is not a valid C string.        the case where a GPT partition name is not a valid C string.
     <li>When creating new crypto volumes with
         <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>,
         by default use a hardware based number of KDF rounds for passphrases.
     <li>Let <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>
         gracefully prompt again during interactive creation and
         passphrase change on CRYPTO and 1C volumes.
     <li>Let <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>
         read passphrases without prompts or confirmation
         in <code>-s</code> mode.
     <li>Allow the <a href="https://man.openbsd.org/atactl.8">atactl(8)</a>
         command <a href="https://man.openbsd.org/atactl.8#readattr">readattr</a>
         to succeed even for disks where <code>ATA_SMART_READ</code> and
         <code>ATA_SMART_THRESHOLD</code> revisions mismatch, as long as
         checksums are OK.
   <li>In <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a>,    <li>In <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a>,
         avoid an overflow in the ELF SYSV ABI hash function.          avoid an overflow in the ELF SYSV ABI hash function.
   <li>Make sure <a href="https://man.openbsd.org/modf.3">modf(3)</a> and    <li>Make sure <a href="https://man.openbsd.org/modf.3">modf(3)</a> and
Line 489 
Line 505 
       requested allocation size.        requested allocation size.
   <li>In <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>,    <li>In <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>,
       check all chunks in the delayed free list for write-after-free.        check all chunks in the delayed free list for write-after-free.
     <li>The <a href="https://man.openbsd.org/shutdown.8">shutdown(8)</a>
         program can now only be executed by members of the
         <code>_shutdown</code> group.  The idea is that system
         administrators can now remove most users from the excessively
         powerful <code>operator</code> group, which in particular
         provides read access to disk device nodes.
   <li>Restrict <a href="https://man.openbsd.org/patch.1">patch(1)</a>    <li>Restrict <a href="https://man.openbsd.org/patch.1">patch(1)</a>
       to the current directory including subdirectories, TMPDIR,        to the current directory including subdirectories, TMPDIR,
       and file names given on the command line using        and file names given on the command line using
Line 554 
Line 576 
   <ul>    <ul>
   <li>IPsec support was improved:    <li>IPsec support was improved:
   <ul>    <ul>
         <li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>,  
             avoid a double free in ec_init() when using the OpenSSL API.  
         <li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>,          <li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>,
             do not treat the return value of              support route-based
               <a href="https://man.openbsd.org/sec.4">sec(4)</a> tunnels.
           <li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>,
               add support to verify X.509 chain from CERT payloads.
           <li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>,
               do not leak memory when receiving a CERT payload for pubkey auth
               or for an invalid CERT Encoding.
           <li>In <a href="https://man.openbsd.org/iked.8">iked(8)</a>,
               do not leak a file descriptor if
               <a href="https://man.openbsd.org/open_memstream.3"
               >open_memstream(3)</a> fails while trying to enable a child SA.
           <li>While trying to verify an ECDSA signature in
               <a href="https://man.openbsd.org/iked.8">iked(8)</a>,
               correctly detect failure of DER encoding with
             <a href="https://man.openbsd.org/i2d_ECDSA_SIG.3"              <a href="https://man.openbsd.org/i2d_ECDSA_SIG.3"
             >i2d_ECDSA_SIG(3)</a> as a length as it can be negative.              >i2d_ECDSA_SIG(3)</a>.
         <li>Prepare <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>          <li>In <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>,
             for a libcrypto library that is lacking binary field support.              support route-based IPSec VPN negotiation with
               <a href="https://man.openbsd.org/sec.4">sec(4)</a>.
         <li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>,          <li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>,
             avoid a potential crash by adding a missing NULL check.              support configuring interface SAs for route-based IPSec VPNs.
           <li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>
               quick mode, do not crash with a <code>NULL</code> pointer
               access when a group description is specified but it is invalid,
               unsupported, or memory allocation or key generation fails.
           <li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>,
               avoid a double free in the unlikely event that
               <a href="https://man.openbsd.org/EC_KEY_check_key.3"
               >EC_KEY_check_key(3)</a> fails right after generating
               a new key pair.
           <li>Allow building
               <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>
               with a libcrypto library that has
               <a href="https://man.openbsd.org/OpenBSD-7.3/EC_GROUP_new.3"
               >binary field support</a> ("GF2m") removed.
   </ul>    </ul>
   <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,    <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
   <ul>    <ul>
Line 683 
Line 730 
         found with <code>ndp -d</code>.          found with <code>ndp -d</code>.
   <li>Improved error handling in the <a    <li>Improved error handling in the <a
         href="https://man.openbsd.org/asr_run.3">asr</a> resolver.          href="https://man.openbsd.org/asr_run.3">asr</a> resolver.
   <li>In unwind(8), handle SERVFAIL results on name resolution better.    <li>In <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
           handle SERVFAIL results on name resolution better.
     <li>In <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
           fix a use-after-free bug triggered by fatal write errors
           while sending TCP responses.
   <li>In the router advertisement daemon rad(8), update the default    <li>In the router advertisement daemon rad(8), update the default
         timers for prefix preferred and valid lifetimes to use the values from          timers for prefix preferred and valid lifetimes to use the values from
         RFC 9096.          RFC 9096.
Line 692 
Line 743 
   <li>In ypldap(8), make ypldap more resilient when some servers are    <li>In ypldap(8), make ypldap more resilient when some servers are
         misbehaving: keep trying LDAP servers until we get full results from          misbehaving: keep trying LDAP servers until we get full results from
         one, rather than just until one accepts the TCP connection.          one, rather than just until one accepts the TCP connection.
   <li>Add support for wireguard (wg(4)) peer descriptions, which can    <li>In <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>,
         now be added with ifconfig(8).        display separate
   <li>The ifconfig(8) option <code>tcprecvoffload</code> has been        <a href="https://man.openbsd.org/ifconfig.8#hwfeatures">hwfeatures</a>
         renamed <code>tcplro</code>.  It is shorter and more consistent.        for TCP segmentation offload (TSOv4, TSOv6)
         and TCP large receive offload (LRO) and provide a
         <a href="https://man.openbsd.org/ifconfig.8#tcplro">-tcplro</a>
         parameter to disable LRO.
     <li>New <a href="https://man.openbsd.org/ifconfig.8#wgdescription"
         >wgdescription</a> parameter to
         <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
         to set a string describing the
         <a href="https://man.openbsd.org/wg.4">wg(4)</a> peer.
     <li>Let <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
         prefix the interface name to many error and warning messages.
   <li>Make the <code>tlsv1.0</code> and <code>tlsv1.1</code> options    <li>Make the <code>tlsv1.0</code> and <code>tlsv1.1</code> options
         in relayd(8) do nothing, as one should use the default <code>tlsv1.2</code>          in relayd(8) do nothing, as one should use the default <code>tlsv1.2</code>
         instead.          instead.
Legend:
Removed from v.1.58  
changed lines
  Added in v.1.59