version 1.1396, 2016/08/05 00:26:30 |
version 1.1397, 2016/08/05 22:10:20 |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- 2016-07-26 --> |
|
<li>Unbreak <a href="http://man.openbsd.org/rsu.4">rsu(4)</a>. |
|
<li>In <a href="http://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a>, fix byteswap errors. This repairs <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a> on macppc. |
|
<!-- 2016-07-25 --> |
|
<li>In mesa, disable the code that allocates W|X memory. |
|
<li>Disable tmpfs. |
|
<li>In <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>, avoid a hang when the receive buffer of a route socket becomes full. |
|
<li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, revert the change to scale the default "density" value to create the same number of inodes. |
|
<li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, initialize the log subsytem in the SE like it is done in the RDE. This avoids all logging from going to /dev/null. |
|
<li>When closing <a href="http://man.openbsd.org/bpf.4">bpf(4)</a> devices, ensure the minor number becomes free for reuse by the device cloning code. This fixes a panic. |
|
<li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, patch CVE-2016-1238. |
|
<!-- 2016-07-24 --> |
|
<li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only <a href="http://man.openbsd.org/chroot.2">chroot(2)</a> when run as root. |
|
<!-- 2016-07-23 --> |
|
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.</font><br>A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>. |
|
<li>In the installer, back out the automatic <a href="http://man.openbsd.org/pkg.conf.5">pkg.conf(5)</a> installpath changes. |
|
<li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers sned frames to the ethernet broadcast address. |
|
<li>In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach. |
|
<li>Disable POOL_DEBUG. |
|
<li>In <a href="http://man.openbsd.org/newfs.8">newfs(8)</a>, scale the default "density" value so that on 4K disks the same number of inodes are creates as on DEV_BSIZE devices. |
|
<li>In <a href="http://man.openbsd.org/stty.1">stty(1)</a>, error out if the display and modify mode are combined on the command line. This avoids a <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation. |
|
<li><a href="http://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a few CPUID emulation issues. |
|
<!-- 2016-07-22 --> |
|
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, fix <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> violation with the -f option. |
|
<li>Attach <a href="http://man.openbsd.org/armv7/imx.4">imx(4/armv7)</a> on i.mx6 quad plus. |
|
<li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, actually DECLINE and delete unused offers. |
|
<li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, fallback to the known IRQ number on imx.6 if the fdt interrupts-extended property is missing or not the size that is expected. |
|
<li>In <a href="http://man.openbsd.org/rtable.4">rtable(4)</a>, prevent an infinite recursion when deleting routes inside rtable_walk(). |
|
<li>Prevent NULL-pointer call for filesystems that don't provide vfs_sysctl in their vfsops structs. |
|
<li>In <a href="http://man.openbsd.org/relayd.8">relayd(8)</a>, fix a crash when the connection is terminated prematurely. |
|
<li>Fix a double <a href="http://man.openbsd.org/rtfree.9">rtfree(9)</a> triggered when IPSEC inserts a more specific route because of PMTU. |
|
<!-- 2016-07-21 --> |
|
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: |
|
everse the order in which -J/JumpHost proxies are visited to be more intuitive. |
|
<li>In switchd(8), add basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT, no FLOW_MOD yet. |
|
<li>In <a href="http://man.openbsd.org/bgpd.8">bgpd(8)</a>, don't quit when the local addresses of a peer can't be figured out. Instead bring the session down. |
|
<li>In <a href="http://man.openbsd.org/tcpbench.1">tcpbench(1)</a>, add AF_UNIX support and also make it possible to randomize the write size in the client. |
|
<li>In <a href="http://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a href="http://man.openbsd.org/urtwn.4">urtwn(4)</a>, respect the RTS threshold set by net80211. |
|
<li>In <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, silently ignore <a href="http://man.openbsd.org/chroot.2">chroot(2)</a> setup failure, because <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> provides an even better sandbox. This regain -r support. |
|
<!-- 2016-07-20 --> |
|
<li>In <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>, skip passwords longer than 1024 characters in length, so clients can't easily DoS sshd by sending very long passwords. |
|
<li>Use <a href="http://man.openbsd.org/pledge.2">pledge(2)</a> in switchd(8) and switchctl(8). |
|
<li>In <a href="http://man.openbsd.org/softraid.4">softraid(4)</a>, plug potential leak of device list. |
|
<li>In switchd(8), parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match). |
|
<li>In <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>, print the relevant counters to tune the TCP SYN cache. |
|
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, disable the beacon filter. This make it possible to keep track of HT protection changes. |
|
<li>In net80211, enable RTS for frames above a particular size. This change allows for reasonable throughput on loaded 11g networks whereas before they were practically unusable. |
|
<li>In switchd(8), update OpenFlow 1.3 stub based on the 1.0 code. |
|
<li>In switchd(8), add the -n flag to check the configuration and exit. |
|
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>, properly keep track of HT protection changes while associated. |
|
<li>Unbreak <a href="http://man.openbsd.org/ural.4">ural(4)</a>, which had been dropping frames on Tx while the IFF_RUNNING flag was set. |
|
<li>In <a href="http://man.openbsd.org/ehci.4">ehci(4)</a>, use for ATI controllers the same workaround as for VIA controllers. This should hopefully help people reporting errors with SB700. |
|
<li>Add the tcp.synhashsize <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> to make the size for the syn cache hash array tunable. |
|
<!-- 2016-07-19 --> |
|
<li>In <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>, narrow the BPF read filter rules so only packets sent to the interface's LLADDR pass. This limits the number of packets that get dropped as a result of dhclient setting BIOCSFILDROP on the bpf descriptor. |
|
<li>Import switch(4), switchd(8) and switchctl(8), a basic work-in-progress OpenFlow implementation (not build by default). |
|
<li>In <a href="http://man.openbsd.org/carp.4">carp(4)</a>, fix the check supposed to prevent "ip" and "ip-stealth" balancing modes from leaking the multicast address. |
|
<li>In <a href="http://man.openbsd.org/sshd_config.5">sshd_config(5)</a>, allow wildcard for PermitOpen hosts as well as ports (bz#2582). |
|
<li>In "<a href="http://man.openbsd.org/rcctl.8">rcctl</a> ls", skip all files with a "." in the name, because <a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a> renames files in this way when the checksums don't match. |
|
<li>In <a href="http://man.openbsd.org/netstart.8">netstart(8)</a>, unbreak <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> on top of <a href="http://man.openbsd.org/tap.4">tap(4)</a>. |
|
<!-- 2016-07-18 --> |
|
<li>In virtio, always allow MSI/MSI-X. This enables MSI-X with qemu's old "82441FX" pci-bridge. |
|
<li>In <a href="http://man.openbsd.org/armv7/sxitimer.4">sxitimer(4/armv7)</a>, explicitly stop the timers before reloading them. This fixes a hang on the Olimex A10s boards. |
|
<li>In <a href="http://man.openbsd.org/doas.1">doas(1)</a>, copy the path to the shell from struct passwd to prevent it from being overridden by a <a href="http://man.openbsd.org/getpwuid.3">getpwuid(3)</a> call. This happens in a double doas call. |
|
<li>In <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>: |
|
<ul> |
|
<li>Retry Tx of management frames less often. |
|
<li>Fix inverted logic in iwm_tx(). |
|
<li>Explicitly set firmware Tx aggregation limit to one (which disables Tx aggregation). |
|
</ul> |
|
<li>In <a href="http://man.openbsd.org/pstat.8">pstat(8)</a>, fix VFLAG formatting. |
|
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data. |
|
<li>In <a href="http://man.openbsd.org/kdump.1">kdump(1)</a>, <a href="http://man.openbsd.org/ktrace.1">ktrace(1)</a> and <a href="http://man.openbsd.org/ltrace.1">ltrace(1)</a>, add "p" trace point for KTRFAC_PLEDGE, and fix handling of -t+ in <a href="http://man.openbsd.org/ltrace.1">ltrace(1)</a>. |
|
<!-- 2016-07-17 --> |
|
<li>Attach <a href="http://man.openbsd.org/armv7/sunxi.4">sunxi(4/armv7)</a> based on the compatible property of the root node of the device tree. |
|
<!-- 2016-07-16 --> |
|
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, support UTF-8 characters in ssh banners (bz#2058). |
|
<li>In <a href="http://man.openbsd.org/jot.1">jot(1)</a>, fix a bug causing values to be printed out of bounds if the precision is 0. |
|
<li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>: |
|
<ul> |
|
<li>Fix parsing of malformed optional TLVs/Sub-TLVs. |
|
<li>Remove potential overflow when validating message's length. |
|
</ul> |
|
<li>In <a href="http://man.openbsd.org/virtio.4">virtio(4)</a>, support MSI-X. This increases performance for interrupt heavy loads. |
<!-- 2016-07-15 --> |
<!-- 2016-07-15 --> |
<li>In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. |
<li>In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. |
<li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>: |
<li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>: |
|
|
<li><font color="#e00000">5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</font><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>. |
<li><font color="#e00000">5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</font><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>. |
<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots. |
<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots. |
<li>Ignore the kern.usermount <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1. |
<li>Ignore the kern.usermount <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1. |
<li>In <a href="http://man.openbsd.org/ip6.4">ip6(4)</a>, dDrop received packets with an IPv4-compatible address as source or destination as per RFC4213. |
<li>In <a href="http://man.openbsd.org/ip6.4">ip6(4)</a>, drop received packets with an IPv4-compatible address as source or destination as per RFC4213. |
<li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID. |
<li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7)</a>, do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID. |
<li>Prevent a use-after-free by not updating an ARP entry that has been removed from the table. |
<li>Prevent a use-after-free by not updating an ARP entry that has been removed from the table. |
<li>In <a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a>, properly handle poll timeout. |
<li>In <a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a>, properly handle poll timeout. |
|
|
<li>In <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>, add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages. |
<li>In <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>, add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages. |
<!-- 2016-07-11 --> |
<!-- 2016-07-11 --> |
<li>In tmpfs, don't allow mounting with noval owner. It causes a panic later on. |
<li>In tmpfs, don't allow mounting with noval owner. It causes a panic later on. |
<li>In <a href="http://man.openbsd.org/factor.6">factor(6)</a>, use an integer version of the Newton method instead of using the floating point square root. This fixes a rounding issue. |
<li>In <a href="http://man.openbsd.org/factor.6">factor(6)</a>, use an integer version of the Newton method instead of the floating point square root. This fixes a rounding issue. |
<li>In <a href="http://man.openbsd.org/armv7/imxesdhc.4">imxesdhc(4/armv7)</a> and <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7</a>, use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs. |
<li>In <a href="http://man.openbsd.org/armv7/imxesdhc.4">imxesdhc(4/armv7)</a> and <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7</a>, use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs. |
<li>Hook up imxgpio(4) to the FDT gpio framework. |
<li>Hook up imxgpio(4) to the FDT gpio framework. |
<li>Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route. |
<li>Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route. |