| version 1.1394, 2016/08/02 21:20:46 |
version 1.1395, 2016/08/04 22:29:31 |
|
|
| <p> |
<p> |
| |
|
| <ul> |
<ul> |
| |
<!-- 2016-07-15 --> |
| |
<li>In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. |
| |
<li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>: |
| |
<ul> |
| |
<li>Update per-neighbor GTSM options on config reload. |
| |
<li>Explicitly ignore the Hop Count and Path Vector TLVs. |
| |
<li>Improve logging of reserved labels. |
| |
</ul> |
| |
<li>Disable acpicbkbd(4) by default until after the release. It causes the kernel to spin forever on certain Chromebooks. |
| |
<!-- 2016-07-14 --> |
| |
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585). |
| |
<li>Add a ProxyJump <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a> option and a corresponding -J <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> command-line flag to allow simplified indirection through a SSH bastion or "jump host". |
| |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin.</font><br>A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>. |
| |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. </font><br>A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>. |
| |
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.</font><br>A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>. |
| |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>. |
| |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>. |
| |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.</font><br>A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>. |
| |
<li><font color="#e00000">5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.</font><br>A source code patch is available for <a href="errata59.html#014_unp">5.9</a>. |
| |
<li><font color="#e00000">5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</font><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>. |
| |
<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots. |
| |
<li>Ignore the kern.usermount <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="http://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1. |
| |
<li>In <a href="http://man.openbsd.org/ip6.4">ip6(4)</a>, dDrop received packets with an IPv4-compatible address as source or destination as per RFC4213. |
| |
<li>In <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7</a>, do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID. |
| |
<li>Prevent a use-after-free by not updating an ARP entry that has been removed from the table. |
| |
<li>In <a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a>, properly handle poll timeout. |
| |
<!-- 2016-07-13 --> |
| |
<li>Avoid a panic caused by very big mallocs for the ufs_readdir() buffer which should have been limited to 64 kB. |
| |
<li>Avoid a panic caused by very big mallocs that result from uint64-to-int32 truncation when kevent does fd validation. |
| |
<li>On amd64, add hvn(4), a work-in-progress driver for the Hyper-V NetVSC. |
| |
<li>In <a href="http://man.openbsd.org/calendar.1">calendar(1)</a>, when matching a day in the month, ensure the date is still in the month we are interested in. This |
| |
fixes things like Sunday+5 for months where there is not a 5th Sunday. |
| |
<li>In <a href="http://man.openbsd.org/bpgd.8">bpgd(8)</a>, output the no-longer-so-new AS operators when printing the configuration. |
| |
<li>In libtls, split the existing TLS cipher suite groups into four: secure, compat, legacy and insecure. |
| |
<li>Check resource limits for mappings established using __MAP_NOFAULT. This prevents callers from triggering a kernel panic and a potential integer overflow in the amap code by forcing the allocation of too many slots. |
| |
<li>In imxehci(4), use the device tree voltage regulator information to supply power to the USB bus, because this only supports "fixed" regulators that are controlled through a gpio. |
| |
<!-- 2016-07-12 --> |
| |
<li>Fix a crash when MNT_DOOMED is passed in the flags to <a href="http://man.openbsd.org/unmount.2">unmount(2)</a>. |
| |
<li>In <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>, add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages. |
| |
<!-- 2016-07-11 --> |
| |
<li>In tmpfs, don't allow mounting with noval owner. It causes a panic later on. |
| |
<li>In <a href="http://man.openbsd.org/factor.6">factor(6)</a>, use an integer version of the Newton method instead of using the floating point square root. This fixes a rounding issue. |
| |
<li>In <a href="http://man.openbsd.org/armv7/imxesdhc.4">imxesdhc(4/armv7)</a> and <a href="http://man.openbsd.org/armv7/fec.4">fec(4/armv7</a>, use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs. |
| |
<li>Hook up imxgpio(4) to the FDT gpio framework. |
| |
<li>Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route. |
| |
<li>In <a href="http://man.openbsd.org/tcp.4">tcp(4)</a>, do not increase the size of the socket buffer under memory pressure. |
| |
<!-- 2016-07-10 --> |
| |
<li>In <a href="http://man.openbsd.org/tpcump.8">tcpdump(8)</a>, recognize MPLS pseudowire with control words. Also print encapsulated ethernet packets. |
| |
<li>In <a href="http://man.openbsd.org/acpimadt.4">acpimadt(4)</a>, properly handle Processor Local X2APIC structures. This makes secondary CPUs attach on the HP DL360 gen 9. |
| |
<li>Dynamically attach imxgpio(4) using the FDT. |
| |
<li>In <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a>, fix a bug causing .so links to gzipped manuals to fail in the absence of a <a href="http://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> database. |
| |
<!-- 2016-07-09 --> |
| |
<li>In <a href="http://man.openbsd.org/armv7/omap.4">omap(4/armv7)</a>, follow imx and match based on the compatible property of the root node in the fdt instead of attaching the device based on board IDs. |
| |
<li>Dynamically attach i.MX6 <a href="http://man.openbsd.org/ehci.4">ehci(4)</a> using the FDT. |
| |
<!-- 2016-07-07 --> |
| |
<li>In <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. This prevents the possibility of a side-channel oracle, though no such oracle has been identified. |
| |
<li>In <a href="http://man.openbsd.org/perl.1">perl(1)</a>, fix a bug where XSLoader could try to load from a subdir of the cwd when called via eval (CVE-2016-6185). |
| |
<!-- 2016-07-06 --> |
| |
<li>In <a href="http://man.openbsd.org/malloc.3">malloc(3)</a>, correctly implement the three-valued J/j option. |
| |
<li>In <a href="http://man.openbsd.org/syslogd.conf.5">syslogd.conf(5)</a>, allow space-deliminated fields in syslog.conf in addition to traditional tabs-deliminated fields. |
| |
<li>Various cleanups in <a href="http://man.openbsd.org/route6d.8">route6d(8)</a>. |
| |
<li>Fix several places where calculating ticks could overflow, because on arithmetic overflows the compiler may decide to do anything. |
| |
<!-- 2016-07-05 --> |
| |
<li>In libtls, correctly handle an EOF that occurs prior to the TLS handshake completing. |
| |
<li>Update to tzdata2016f. |
| |
<li>Build <a href="http://man.openbsd.org/eeprom.8">eeprom(8)</a> on octeon. |
| |
<li>On octeon, add <a href="http://man.openbsd.org/openprom.4">openprom(4)</a>. |
| |
<!-- 2016-07-04 --> |
| |
<li>In libcrypto, add several fixes to make OCSP work with intermediate certificates provided in the response. |
| |
<li>In <a href="http://man.openbsd.org/ld.so.1">ld.so(1)</a>, remove unfinished prebind support. |
| |
<li>Avoid an integer overflow of the thrsleep() timeout. This prevents a panic. |
| |
<li>On the Quad-G5, make <a href="http://man.openbsd.org/macppc/hpb.4">hpb(4)</a> attach first when iterating PCI buses to allow <a href="http://man.openbsd.org/macppc/openpic.4">openpic(4)</a> to properly map interrupt for the devices instead of possibly dereferencing garbage. |
| |
<li>In <a href="http://man.openbsd.org/rtable.4">rtable(4)</a> |
| |
<!-- 2016-07-03 --> |
| |
<li>In <a href="http://man.openbsd.org/savecore.8">savecore(8)</a>, drop support for the undocumented second argument. |
| |
<li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, implement the -I option. |
| |
<li>In <a href="http://man.openbsd.org/smptd.8">smtpd(8)</a>, add the -r option to the enqueuer for compatibility with mailx. |
| |
<!-- 2016-07-02 --> |
| |
<li>Introduce the "chown" <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>. |
| |
<li>Update to perl 5.20.3. |
| |
<li>In <a href="http://man.openbsd.org/rebound.8">rebound(8)</a>, avoid a crash by checking the cache tree for collisions when inserting replies. |
| |
<li>In <a href="http://man.openbsd.org/macppc/aoa.4">aoa(4/macppc)</a>, support the AOAShasta soundchip found on PowerMac9,1. |
| |
<!-- 2016-07-01 --> |
| |
<li>In <a href="http://man.openbsd.org/ldpd.8">ldpd(8)</a>: |
| |
<ul> |
| |
<li>Add GTSM support (RFC 6720). |
| |
<li>Decrease the initialization FSM timeout. This allows quicker recovery of a session with a neighbor. |
| |
<li>Improve RFC 4447 compliance. |
| |
</ul> |
| |
<li>In <a href="http://man.openbsd.org/cat.1">cat(1)</a>, indent the '$' on blank lines when the -ne options are used. |
| |
<li>Make accepted sockets inherit IP_TTL from the listening socket. |
| |
<li>Allow resetting the IP_TTL and IP_MINTTL sockopts. |
| |
<li>Fix an issue where <a href="http://man.openbsd.org/syslogd.8">syslogd.8</a> would print 15 NUL bytes followed by two blank spaces before the log message for warnings generated while parsing syslog.conf. |
| |
<li>Add acpicbkbd(4), a simple keyboard backlight driver for some Chromebooks. |
| |
<li>On armv7, allow booting on SolidRun's HummingBoards and CuBoxes. |
| <!-- 2016-06-30 --> |
<!-- 2016-06-30 --> |
| <li>In <a href="http://man.openbsd.org/sndiod.8">sndiod(8)</a>, avoid triggering watchdog time-outs which prevent sndiod from resuming. |
<li>In <a href="http://man.openbsd.org/sndiod.8">sndiod(8)</a>, avoid triggering watchdog time-outs which prevent sndiod from resuming. |
| <li>Update perl Time::HiRes to 1.9739. |
<li>Update perl Time::HiRes to 1.9739. |
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www