version 1.1337, 2014/05/05 00:27:09 |
version 1.1338, 2014/05/10 11:37:50 |
|
|
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<html> |
<head> |
<head> |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- 2014/05/04 --> |
|
<li>On sparc, enabled <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> assembler code for DES. |
|
<li>On vax, enabled the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> assembler code for BN. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&manpath=OpenBSD%20Current&sektion=8&format=html">relayd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a>, fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine. |
|
<!-- 2014/05/03 --> |
|
<li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&manpath=OpenBSD%20Current&sektion=8&format=html">sysctl(8)</a> kern.nosuidcoredump=3, to dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=core&manpath=OpenBSD%20Current&sektion=5&format=html">core(5)</a> into the /var/crash/progname/ directory. |
|
<li>Enabled <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64. |
|
<li>Enabled <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm. |
|
<li>Updated to: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xauth&manpath=OpenBSD%20Current&sektion=1&format=html">xauth(1)</a> version 1.0.9; <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xbacklight&manpath=OpenBSD%20Current&sektion=1&format=html">xbacklight(1)</a> version 1.2.1; <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xrandr&manpath=OpenBSD%20Current&sektion=1&format=html">xrandr(1)</a> version 1.4.2 and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xinput&manpath=OpenBSD%20Current&sektion=1&format=html">xinput(1)</a> version 1.6.1. |
|
<li>Updated to libFS 1.0.6. |
|
<li>Unbroke <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> compression. |
|
<li>Switched to generating <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bcrypt&manpath=OpenBSD%20Current&sektion=3&format=html">bcrypt(3)</a> 2b hashes by default. |
|
<li>Added checks for invalid base64 encoded data in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> padding. Fixes a crash (RT#2608). |
|
<li>Provide extended-precision math constants (required by POSIX). |
|
<li>Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid). |
|
<!-- 2014/05/02 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=drm&manpath=OpenBSD%20Current&sektion=4&format=html">drm(4)</a> i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out. |
|
<li>Updated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=Xserver&manpath=OpenBSD%20Current&sektion=1&format=html">Xserver(1)</a> to version 1.15.1. |
|
<li>On hppa, fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> assembler version of SHA512 to output correct results. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpiprt&manpath=OpenBSD%20Current&sektion=4&format=html">acpiprt(4)</a> correctly handle interrupts with non-standard polarity. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpi&manpath=OpenBSD%20Current&sektion=4&format=html">acpi(4)</a>, made acpi_mutex_acquire/release actually grab the global lock when called. |
|
<li>Fixed occasional <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&manpath=OpenBSD%20Current&sektion=8&format=html">disklabel(8)</a> crashes when altering mount points. |
|
<!-- 2014/05/01 --> |
|
<li>Reverted __bounded code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a>. |
|
<li>Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&manpath=OpenBSD%20Current&sektion=1&format=html">perl(1)</a> scripts outputting SOM-specific directives. |
|
<li>Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>. |
|
<li>Extended <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fread&manpath=OpenBSD%20Current&sektion=3&format=html">fread(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fwrite&manpath=OpenBSD%20Current&sektion=3&format=html">fwrite(3)</a> to check for integer overflows. |
|
<li>Moved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a> RSA key handling from "lka" to a new dedicated "ca" process. |
|
<li><font color="#e00000">5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> alert, which could cause a null pointer dereference.</font><br>A source code patch is available for <a href="errata54.html#009_openssl">5.4</a> and <a href="errata55.html#005_openssl">5.5</a>. |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&manpath=OpenBSD%20Current&sektion=1&format=html">gcc(1)</a> on i386, to detect overflows and properly align arrays > 16 bytes. |
|
<li>Added ChaCha cypher to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>, and provided it with an EVP implementation. |
|
<li>Added Brainpool and ANSSI FRP256v1 elliptic curves to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> (RT#2239). |
|
<li>Corrected <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&manpath=OpenBSD%20Current&sektion=8&format=html">isakmpd(8)</a> test when passing data to a keynote. |
|
<!-- 2014/04/30 --> |
|
<li>Improved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&manpath=OpenBSD%20Current&sektion=3&format=html">malloc(3)</a>'s ability to pick a free chunk at random. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&manpath=OpenBSD%20Current&sektion=9&format=html">uvm(9)</a> now correctly flush discarded pages even if the number of hash buckets doesn't change. |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&manpath=OpenBSD%20Current&sektion=1&format=html">openssl(1)</a> isn't available, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> now uses local fallback implementation of AES for UMAC. |
|
<li>Preserve the intended chronological order of leases in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.leases&manpath=OpenBSD%20Current&sektion=5&format=html">dhclient.leases(5)</a> files. |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs&manpath=OpenBSD%20Current&sektion=8&format=html">growfs(8)</a> on 4K-sector disks. |
|
<li>First pass at removing win64 support from the assembly-generating <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&manpath=OpenBSD%20Current&sektion=1&format=html">perl(1)</a> scripts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a> trying to create folders that already exist when using maildir. |
|
<li>Improved imsg handling with many concurrent connections in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a>. |
|
<!-- 2014/04/29 --> |
|
<li>New buffer API, to eventually make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> usable as a standalone library. |
|
<li>Improved enforcing of proper alignment of stack variables on sparc. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a> RSA private key privsep will now only load keys after forking the separated process. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&manpath=OpenBSD%20Current&sektion=1&format=html">sftp(1)</a> attempting to append a nul quote character to filenames (bz#2238). |
|
<li>Implemented RSA privilege separation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a>. Prevents possible private key leakage. |
|
<li>Made compiling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=8&format=html">ssh(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&manpath=OpenBSD%20Current&sektion=8&format=html">sshd(8)</a> against <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> optional. |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a> fails to relay via TLS (and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd.conf&manpath=OpenBSD%20Current&sektion=5&format=html">smtpd.conf(5)</a> doesn't require security), try plain; also downgrade if a TLS error happens during the session. |
|
<li>Constrain bytes read/written to positive values in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> s3_pkt.c code. |
|
<li>Re-added local aesctr implementation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a>. |
|
<li>Moved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&manpath=OpenBSD%20Current&sektion=8&format=html">traceroute6(8)</a> to the attic, fully merged into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&manpath=OpenBSD%20Current&sektion=8&format=html">traceroute(8)</a>. |
|
<li>Removed large memory leak from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&manpath=OpenBSD%20Current&sektion=4&format=html">usb(4)</a>. |
|
<li>Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&manpath=OpenBSD%20Current&sektion=8&format=html">nginx(8)</a> to keep attack mitigations enabled. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> sending success/failure replies when channels have sent a close already (bz#1818). |
|
<li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&manpath=OpenBSD%20Current&sektion=1&format=html">less(1)</a> support for the obsolete (non-POSIX) "more -d" prompt. |
|
<li>Made sure the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iked&manpath=OpenBSD%20Current&sektion=8&format=html">iked(8)</a> state machine only advances if the AUTH payload has been verified. |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=explicit_bzero&manpath=OpenBSD%20Current&sektion=3&format=html">explicit_bzero(3)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=memset&manpath=OpenBSD%20Current&sektion=3&format=html">memset(3)</a> to clear out sensitive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&manpath=OpenBSD%20Current&sektion=8&format=html">smtpd(8)</a> data. |
|
<!-- 2014/04/28 --> |
|
<li>Implemented AI_ADDRCONFIG in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&manpath=OpenBSD%20Current&sektion=3&format=html">getaddrinfo(3)</a>, as per RFC 3493. |
|
<li>Removed more WIN32, WIN64 and MINGW32 tentacles from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>. |
|
<li>Use the correct algorithm mask in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> t1_enc.c. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>, stopped SSL_OP_ALL disabling attack mitigations against CBC modes. |
|
<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nm&manpath=OpenBSD%20Current&sektion=1&format=html">nm(1)</a> -w correctly return 0 for valid archives. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&manpath=OpenBSD%20Current&sektion=8&format=html">ping(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&manpath=OpenBSD%20Current&sektion=8&format=html">ping6(8)</a> sleeping after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&manpath=OpenBSD%20Current&sektion=2&format=html">poll(2)</a> returns an error. |
|
<li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fuse&manpath=OpenBSD%20Current&sektion=4&format=html">fuse(4)</a> support for 255 character file names. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&manpath=OpenBSD%20Current&sektion=1&format=html">m4(1)</a> now checks for integer overflows in custom allocs. |
|
<li>Added support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&manpath=OpenBSD%20Current&sektion=8&format=html">snmpd(8)</a> for exporting ARP table via "ipNetToMediaTable" OID. |
|
<li>Fixed a loop so that waiting for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wds&manpath=OpenBSD%20Current&sektion=4&arch=i386&format=html">wds(4/i386)</a> hardware actually happens. |
<!-- 2014/04/27 --> |
<!-- 2014/04/27 --> |
<li>Improved error handling when using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dbopen&manpath=OpenBSD%20Current&sektion=3&format=html">dbopen(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a>. |
<li>Improved error handling when using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dbopen&manpath=OpenBSD%20Current&sektion=3&format=html">dbopen(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a>. |
<li>Fixed library search order in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=libtool&manpath=OpenBSD%20Current&sektion=1&format=html">libtool(1)</a>. |
<li>Fixed library search order in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=libtool&manpath=OpenBSD%20Current&sektion=1&format=html">libtool(1)</a>. |
|
|
<li>Confirm passwords when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&manpath=OpenBSD%20Current&sektion=1&format=html">signify(1)</a> is generating keys. |
<li>Confirm passwords when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&manpath=OpenBSD%20Current&sektion=1&format=html">signify(1)</a> is generating keys. |
<li>Fixed SQL_STEP failures for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man&manpath=OpenBSD%20Current&sektion=7&format=html">man(7)</a> pages lacking descriptions. |
<li>Fixed SQL_STEP failures for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man&manpath=OpenBSD%20Current&sektion=7&format=html">man(7)</a> pages lacking descriptions. |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> error reporting in case of SQL errors: mention dir and file. |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> error reporting in case of SQL errors: mention dir and file. |
<li>Major <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&manpath=OpenBSD%20Current&sektion=1&format=html">openssl(1)</a> engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine. |
<li>Major <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&manpath=OpenBSD%20Current&ssektion=1&format=html">openssl(1)</a> engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=qla&manpath=OpenBSD%20Current&sektion=4&format=html">qla(4)</a> debug output, print loop ids as decimals and port ids as 24bit hex. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=qla&manpath=OpenBSD%20Current&sektion=4&format=html">qla(4)</a> debug output, print loop ids as decimals and port ids as 24bit hex. |
<!-- 2014/04/12 --> |
<!-- 2014/04/12 --> |
<li>Update to xtrans 1.3.4. |
<li>Update to xtrans 1.3.4. |