version 1.12, 2019/04/08 16:14:56 |
version 1.13, 2019/05/27 22:55:26 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=plus> |
<head> |
<meta charset=utf-8> |
<title>OpenBSD 6.0 Changelog</title> |
<title>OpenBSD 6.0 Changelog</title> |
<meta name="description" content="OpenBSD 6.0 changes"> |
<meta name="description" content="OpenBSD 6.0 changes"> |
<meta name="copyright" content="This document copyright 1996-2016 by OpenBSD."> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/plus60.html"> |
<link rel="canonical" href="https://www.openbsd.org/plus60.html"> |
</head> |
<style> |
|
strong { |
|
color: var(--red); |
|
font-weight: normal; |
|
} |
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238e"> |
h3 { |
|
color: var(--blue); |
|
} |
|
</style> |
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">6.0 Changelog</font> |
6.0 Changelog |
</h2> |
</h2> |
<hr> |
<hr> |
|
|
|
|
or use <a href="anoncvs.html#CVS">CVS</a>. |
or use <a href="anoncvs.html#CVS">CVS</a>. |
|
|
<p> |
<p> |
Note: <font color="#e00000">Problems for which patches exist are marked in red</font>. |
Note: <strong>Problems for which patches exist are marked in red</strong>. |
|
|
<p> |
<p> |
For changes in other releases, click below:<br> |
For changes in other releases, click below:<br> |
|
|
<br> |
<br> |
|
|
<p> |
<p> |
<h3><font color="#0000e0">Changes made between OpenBSD 5.9 and 6.0</font></h3> |
<h3>Changes made between OpenBSD 5.9 and 6.0</h3> |
<p> |
<p> |
|
|
<ul> |
<ul> |
|
|
<!-- 2016-07-24 --> |
<!-- 2016-07-24 --> |
<li>In <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> when run as root. |
<li>In <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> when run as root. |
<!-- 2016-07-23 --> |
<!-- 2016-07-23 --> |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.</font><br>A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.</strong><br>A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>. |
<li>In the installer, back out the automatic <a href="https://man.openbsd.org/pkg.conf.5">pkg.conf(5)</a> installpath changes. |
<li>In the installer, back out the automatic <a href="https://man.openbsd.org/pkg.conf.5">pkg.conf(5)</a> installpath changes. |
<li>In <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers send frames to the ethernet broadcast address. |
<li>In <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers send frames to the ethernet broadcast address. |
<li>In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach. |
<li>In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach. |
|
|
<!-- 2016-07-14 --> |
<!-- 2016-07-14 --> |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585). |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585). |
<li>Add a ProxyJump <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> option and a corresponding -J <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> command-line flag to allow simplified indirection through a SSH bastion or "jump host". |
<li>Add a ProxyJump <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> option and a corresponding -J <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> command-line flag to allow simplified indirection through a SSH bastion or "jump host". |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin.</font><br>A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin.</strong><br>A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>. |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. </font><br>A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. </strong><br>A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>. |
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.</font><br>A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>. |
<li><strong>5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.</strong><br>A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>. |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash.</strong><br>A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>. |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash.</font><br>A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash.</strong><br>A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>. |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.</font><br>A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.</strong><br>A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>. |
<li><font color="#e00000">5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.</font><br>A source code patch is available for <a href="errata59.html#014_unp">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.</strong><br>A source code patch is available for <a href="errata59.html#014_unp">5.9</a>. |
<li><font color="#e00000">5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</font><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.</strong><br>A source code patch is available for <a href="errata59.html#017_arp">5.9</a>. |
<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots. |
<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots. |
<li>Ignore the kern.usermount <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1. |
<li>Ignore the kern.usermount <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1. |
<li>In <a href="https://man.openbsd.org/ip6.4">ip6(4)</a>, drop received packets with an IPv4-compatible address as source or destination as per RFC4213. |
<li>In <a href="https://man.openbsd.org/ip6.4">ip6(4)</a>, drop received packets with an IPv4-compatible address as source or destination as per RFC4213. |
|
|
<li>On <a href="https://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a panic when CPUs fail to spin up for other reasons during boot. |
<li>On <a href="https://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a panic when CPUs fail to spin up for other reasons during boot. |
<li>On amd64 and i386, enable the UMIP feature if present. |
<li>On amd64 and i386, enable the UMIP feature if present. |
<li>Enable <a href="https://man.openbsd.org/ure.4">ure(4)</a> on the architectures where <a href="https://man.openbsd.org/url.4">url(4)</a> already is. |
<li>Enable <a href="https://man.openbsd.org/ure.4">ure(4)</a> on the architectures where <a href="https://man.openbsd.org/url.4">url(4)</a> already is. |
<li><font color="#e00000">5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.</font><br>A source code patch is available for <a href="errata59.html#012_crypto">5.9</a>. |
<li><strong>5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.</strong><br>A source code patch is available for <a href="errata59.html#012_crypto">5.9</a>. |
<li>Repair <a href="https://man.openbsd.org/kill.2">kill(2)</a> on zombie processes. |
<li>Repair <a href="https://man.openbsd.org/kill.2">kill(2)</a> on zombie processes. |
<li>In <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>, fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected. |
<li>In <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>, fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected. |
<li>In <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips. |
<li>In <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips. |
|
|
<!-- 2016-05-29 --> |
<!-- 2016-05-29 --> |
<li>In libc on i386, do setjmp cookies for eip, esp, and ebp. |
<li>In libc on i386, do setjmp cookies for eip, esp, and ebp. |
<li>In libc on mips64, do setjmp cookies for gp, sp, and ra. |
<li>In libc on mips64, do setjmp cookies for gp, sp, and ra. |
<li><font color="#e00000">5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements.</font><br>A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>. |
<li><strong>5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements.</strong><br>A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>. |
<li>Update to xserver 1.18.3. |
<li>Update to xserver 1.18.3. |
<li>Update to freetype 2.6.3. |
<li>Update to freetype 2.6.3. |
<li>In <a href="https://man.openbsd.org/macppc/smu.4">smu(4/macppc)</a>, add support for new smu-firmware fan commands. |
<li>In <a href="https://man.openbsd.org/macppc/smu.4">smu(4/macppc)</a>, add support for new smu-firmware fan commands. |
|
|
<li>On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions. |
<li>On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions. |
<li>Remove the net.inet6.ip6.v6only <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>. |
<li>Remove the net.inet6.ip6.v6only <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>. |
<!-- 2016-05-18 --> |
<!-- 2016-05-18 --> |
<li><font color="#e00000">5.9 RELIABILITY FIX: Possible data corruption in <a href="https://man.openbsd.org/bnx.4">bnx(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: Possible data corruption in <a href="https://man.openbsd.org/bnx.4">bnx(4)</a>.</strong><br>A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>. |
<li>In <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice. |
<li>In <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice. |
<!-- 2016-05-17 --> |
<!-- 2016-05-17 --> |
<li>Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy. |
<li>Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy. |
|
|
<li>In <a href="https://man.openbsd.org/regex.3">regex(3)</a>, fix a one-byte buffer underflow (read access only). |
<li>In <a href="https://man.openbsd.org/regex.3">regex(3)</a>, fix a one-byte buffer underflow (read access only). |
<li>Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events. |
<li>Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events. |
<li>Fix "<a href="https://man.openbsd.org/skeyinit.1">skeyinit</a> username" run as root. |
<li>Fix "<a href="https://man.openbsd.org/skeyinit.1">skeyinit</a> username" run as root. |
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user.</font><br>A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>. |
<li><strong>5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user.</strong><br>A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>. |
<li>Completely skip link-layer address resolution and NUD on <a href="https://man.openbsd.org/gif.4">gif(4)</a>. |
<li>Completely skip link-layer address resolution and NUD on <a href="https://man.openbsd.org/gif.4">gif(4)</a>. |
<!-- 2016-05-16 --> |
<!-- 2016-05-16 --> |
<li>In <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, plug some holes in the V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue. |
<li>In <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, plug some holes in the V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue. |
<li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, fix some file-descriptor leaks. |
<li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, fix some file-descriptor leaks. |
<li>Enable the pcf8523 RTC on Hummingboard and CuBox-i. |
<li>Enable the pcf8523 RTC on Hummingboard and CuBox-i. |
<li><font color="#e00000">5.9 RELIABILITY FIX: Issues in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.</font><br>A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: Issues in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.</strong><br>A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>. |
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>: |
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>: |
<ul> |
<ul> |
<li>Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash. |
<li>Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash. |
|
|
<!-- 2016-05-03 --> |
<!-- 2016-05-03 --> |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks. |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks. |
<li>Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code. |
<li>Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code. |
<li><font color="#e00000">5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>.</font><br>A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>. |
<li><strong>5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>.</strong><br>A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>. |
<li>In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types. |
<li>In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types. |
<li>Reduce the number of lookups to 1 for non-multicast traffic when <a href="https://man.openbsd.org/pf.4">pf(4)</a> is disabled. |
<li>Reduce the number of lookups to 1 for non-multicast traffic when <a href="https://man.openbsd.org/pf.4">pf(4)</a> is disabled. |
<li>In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. |
<li>In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. |
|
|
<li>In <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>, fix the DMA issues on Bay Trail. |
<li>In <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>, fix the DMA issues on Bay Trail. |
<li>Add support for changing the bus width to the <a href="https://man.openbsd.org/sdmmc.4">sdmmc(4)</a> subsystem and the <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controller. Use this to switch SD cards to a 4-bit bus if they support it. |
<li>Add support for changing the bus width to the <a href="https://man.openbsd.org/sdmmc.4">sdmmc(4)</a> subsystem and the <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controller. Use this to switch SD cards to a 4-bit bus if they support it. |
<li>In <a href="https://man.openbsd.org/sppp.4">sppp(4)</a>, fix a bug causing breakage with LCP echoes. |
<li>In <a href="https://man.openbsd.org/sppp.4">sppp(4)</a>, fix a bug causing breakage with LCP echoes. |
<li><font color="#e00000">5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="https://man.openbsd.org/carp.4">carp(4)</a>.</font><br>A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="https://man.openbsd.org/carp.4">carp(4)</a>.</strong><br>A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>. |
<!-- 2016-04-30 --> |
<!-- 2016-04-30 --> |
<li>Convert <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> to use the libtls API. |
<li>Convert <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> to use the libtls API. |
<li>In <a href="https://man.openbsd.org/file.1">file(1)</a>, fix the default type to work properly. |
<li>In <a href="https://man.openbsd.org/file.1">file(1)</a>, fix the default type to work properly. |
|
|
<li>Update to tzdata2016b from ftp.iana.org. |
<li>Update to tzdata2016b from ftp.iana.org. |
<li>Allocate amap slots for a virtual memory range reserved with <a href="https://man.openbsd.org/sbrk.2">sbrk(2)</a> lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory. |
<li>Allocate amap slots for a virtual memory range reserved with <a href="https://man.openbsd.org/sbrk.2">sbrk(2)</a> lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory. |
<li>For amaps with only a few slots, allocate the slots via <a href="https://man.openbsd.org/pool.9">pool(9)</a>. This saves some memory and reduces kmem pressure. |
<li>For amaps with only a few slots, allocate the slots via <a href="https://man.openbsd.org/pool.9">pool(9)</a>. This saves some memory and reduces kmem pressure. |
<li><font color="#e00000">5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d programs.</font><br>A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>. |
<li><strong>5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d programs.</strong><br>A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>. |
<li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.</font><br>A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>. |
<li><strong>5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.</strong><br>A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>. |
<li>In <a href="https://man.openbsd.org/puc.4">puc(4)</a>, add support for the Exar XR17V354 device. |
<li>In <a href="https://man.openbsd.org/puc.4">puc(4)</a>, add support for the Exar XR17V354 device. |
<!-- 2016-03-14 --> |
<!-- 2016-03-14 --> |
<li>Remove the legacy <a href="https://man.openbsd.org/OpenBSD-5.9/uiomovei.9">uiomovei(3)</a> function. It has been replaced by <a href="https://man.openbsd.org/uiomove.9">uiomove(9)</a>. |
<li>Remove the legacy <a href="https://man.openbsd.org/OpenBSD-5.9/uiomovei.9">uiomovei(3)</a> function. It has been replaced by <a href="https://man.openbsd.org/uiomove.9">uiomove(9)</a>. |
|
|
<li>In <a href="https://man.openbsd.org/sd.4">sd(4)</a>, avoid a kernel panic when unplugging an USB umass stick because of a use after free. |
<li>In <a href="https://man.openbsd.org/sd.4">sd(4)</a>, avoid a kernel panic when unplugging an USB umass stick because of a use after free. |
<li>Avoid corrupt mount points without a valid device when unmounting. |
<li>Avoid corrupt mount points without a valid device when unmounting. |
<!-- 2016-03-10 --> |
<!-- 2016-03-10 --> |
<li><font color="#e00000">5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>.</font><br>A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>. |
<li><strong>5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>.</strong><br>A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>. |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, sanitise characters destined for <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>. |
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, sanitise characters destined for <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>. |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, don't retransmit responses for unauthenticated messages. |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, don't retransmit responses for unauthenticated messages. |
<!-- 2016-03-09 --> |
<!-- 2016-03-09 --> |
|
|
<!-- 2016-02-25 --> |
<!-- 2016-02-25 --> |
<li>On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037. |
<li>On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037. |
</ul> |
</ul> |
<p> |
|
|
|
</body> |
|
</html> |
|