version 1.7, 2015/09/02 20:30:03 |
version 1.8, 2015/09/04 15:59:50 |
|
|
|
|
<ul> |
<ul> |
<!-- 2015-08-06 --> |
<!-- 2015-08-06 --> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>, add prohibit-password as a synonymn for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>, add prohibit-password as a synonym for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only. |
<li>In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password". |
<li>In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password". |
<!-- 2015-08-05 --> |
<!-- 2015-08-05 --> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/em.4">em(4)</a>, fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/em.4">em(4)</a>, fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed. |
|
|
<li>Fix a potential out-of-bounds read in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fnmatch.3">fnmatch(3)</a>. |
<li>Fix a potential out-of-bounds read in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fnmatch.3">fnmatch(3)</a>. |
<!-- 2015-07-30 --> |
<!-- 2015-07-30 --> |
<li>On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations. |
<li>On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations. |
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>. |
<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1">ed(1)</a>-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>. |
<li>Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1">patch(1)</a> about the state of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1">ed(1)</a> child process is in. |
<li>Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1">patch(1)</a> about the state of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1">ed(1)</a> child process is in. |
<li>Turn off POOL_DEBUG for release. |
<li>Turn off POOL_DEBUG for release. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, repair HSTS header output. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, repair HSTS header output. |
|
|
<li>Add label withdraw/release wildcard support. |
<li>Add label withdraw/release wildcard support. |
<li>Implement MD5 authentication support. |
<li>Implement MD5 authentication support. |
</ul> |
</ul> |
<li>In the installer, use the %c and %a fields in pkg.conf. |
<li>In the installer, use the %c and %a fields in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pkg.conf.5">pkg.conf(5)</a>. |
<li>Show the tame flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ps.1">ps(1)</a>. |
<li>Show the tame flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ps.1">ps(1)</a>. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>: |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>: |
<ul> |
<ul> |
|
|
<!-- 2015-05-30 --> |
<!-- 2015-05-30 --> |
<li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>. |
<li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>. |
<li>Introduce native atomic operations for i386. |
<li>Introduce native atomic operations for i386. |
<li>Acquire/release the i2c bus before/after reading the temperature register. This prevents concurrent access to the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/macppc/smu.4">smu(4)</a> microcontroller on Apple G5 machines, which would result in errors reading the RTC. |
<li>Acquire/release the i2c bus before/after reading the temperature register. This prevents concurrent access to the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/smu.4">smu(4)</a> microcontroller on Apple G5 machines, which would result in errors reading the RTC. |
<li>On armv7, set the usb otg port on the cubox to host mode and attach ehci to it. |
<li>On armv7, set the usb otg port on the cubox to host mode and attach ehci to it. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, support - to read from stdin. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, support - to read from stdin. |
<!-- 2015-05-29 --> |
<!-- 2015-05-29 --> |
|
|
<li>Rewrite of tmux mouse support which was a mess. |
<li>Rewrite of tmux mouse support which was a mess. |
<li>Honour renumber-windows when unlinking a window. |
<li>Honour renumber-windows when unlinking a window. |
</ul> |
</ul> |
<li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in smtpd handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>. |
<li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>. |
<li>Fix incorrect logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> that could lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. |
<li>Fix incorrect logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> that could lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. |
<li>Add support for x2apic mode. This is currently only enabled on hypervisors. |
<li>Add support for x2apic mode. This is currently only enabled on hypervisors. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, if an explicit line break request (.br or .sp) occurs within an .HP block, the next line doesn't hang, but is simply indented. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, if an explicit line break request (.br or .sp) occurs within an .HP block, the next line doesn't hang, but is simply indented. |
|
|
<li>Show the full LIB in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command. |
<li>Show the full LIB in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command. |
<li>Add support for commit ids to "opencvs status". |
<li>Add support for commit ids to "opencvs status". |
<li>Fix the modified timestamp in the output of "opencvs status". |
<li>Fix the modified timestamp in the output of "opencvs status". |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves tic(1), sxpm(1) and a few Perl manuals. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tic.1">tic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sxpm.1">sxpm(1)</a> and a few Perl manuals. |
<li>Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/kauaiata.4">kauaiata(4)</a>. |
<li>Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/kauaiata.4">kauaiata(4)</a>. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, fix a quirk with respect to an empty .HP. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, fix a quirk with respect to an empty .HP. |
<!-- 2015-04-03 --> |
<!-- 2015-04-03 --> |
|
|
<li>Check for write access on the original file before creating the temporary one. |
<li>Check for write access on the original file before creating the temporary one. |
</ul> |
</ul> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen(1)</a>, if a user tries to add a comment to a non-RSA1 key and has entered their passphrase, explicitly clear it before exit. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-keygen.1">ssh-keygen(1)</a>, if a user tries to add a comment to a non-RSA1 key and has entered their passphrase, explicitly clear it before exit. |
<li>Tell the firmware to shut down the fan management thread on the last generation of G5s. Without this mpi@'s PowerMac11,2 hang when smu(4) attaches. |
<li>Tell the firmware to shut down the fan management thread on the last generation of G5s. Without this mpi@'s PowerMac11,2 hang when <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/smu.4">smu(4)</a> attaches. |
<li>Move the default font path from /usr/local/lib/X11/fonts to /usr/local/share/fonts to match XDG_DATA_DIR (where Desktop tools will look for by default). |
<li>Move the default font path from /usr/local/lib/X11/fonts to /usr/local/share/fonts to match XDG_DATA_DIR (where Desktop tools will look for by default). |
<!-- 2015-03-30 --> |
<!-- 2015-03-30 --> |
<li>Fix the repeating keys/delay problem that occurs on newer ThinkPads when touching the trackpad/trackstick while typing during the installer in a less invasive way. |
<li>Fix the repeating keys/delay problem that occurs on newer ThinkPads when touching the trackpad/trackstick while typing during the installer in a less invasive way. |