www/plus60.html - diff

Return to plus60.html CVS log

Up to [local] / www

Diff for /www/plus60.html between version 1.12 and 1.13

version 1.12, 2019/04/08 16:14:56

version 1.13, 2019/05/27 22:55:26

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 6.0 Changelog</title>

</head>

<style>

strong {

color: var(--red);

font-weight: normal;

}

h3 {

color: var(--blue);

}

</style>

<h2>

OpenBSD</a>

OpenBSD</a>

6.0 Changelog

6.0 Changelog

</h2>

<hr>

Line 27

Line 33

or use <a href="anoncvs.html#CVS">CVS</a>.

Note: Problems for which patches exist are marked in red.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:

Line 82

Line 88

<h3>Changes made between OpenBSD 5.9 and 6.0</h3>

<h3>Changes made between OpenBSD 5.9 and 6.0</h3>

<ul>

Line 100

Line 106

<li>In <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> when run as root.

<li>5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash. A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash. A source code patch exists which remedies this problem for <a href="errata58.html#024_relayd">5.8</a> and <a href="errata59.html#021_relayd">5.9</a>.

<li>In the installer, back out the automatic <a href="https://man.openbsd.org/pkg.conf.5">pkg.conf(5)</a> installpath changes.

<li>In <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers send frames to the ethernet broadcast address.

<li>In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach.

Line 182

Line 188

<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585).

<li>Add a ProxyJump <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> option and a corresponding -J <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> command-line flag to allow simplified indirection through a SSH bastion or "jump host".

<li>5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin. A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin. A source code patch is available for <a href="errata58.html#018_splice">5.8</a> and <a href="errata59.html#013_splice">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. A source code patch is available for <a href="errata58.html#019_dirent">5.8</a> and <a href="errata59.html#015_dirent">5.9</a>.

<li>5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system. A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>.

<li>5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system. A source code patch is available for <a href="errata58.html#020_mmap">5.8</a> and <a href="errata59.html#016_mmap">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash. A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash. A source code patch is available for <a href="errata58.html#021_timeout">5.8</a> and <a href="errata59.html#018_timeout">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash. A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash. A source code patch is available for <a href="errata58.html#022_kevent">5.8</a> and <a href="errata59.html#019_kevent">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic. A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic. A source code patch is available for <a href="errata58.html#023_amap">5.8</a> and <a href="errata59.html#020_amap">5.9</a>.

<li>5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system. A source code patch is available for <a href="errata59.html#014_unp">5.9</a>.

<li>5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system. A source code patch is available for <a href="errata59.html#014_unp">5.9</a>.

<li>5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference. A source code patch is available for <a href="errata59.html#017_arp">5.9</a>.

<li>5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference. A source code patch is available for <a href="errata59.html#017_arp">5.9</a>.

<li>Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots.

<li>Ignore the kern.usermount <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>. It is unsafe, because it allows any non-<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1.

<li>In <a href="https://man.openbsd.org/ip6.4">ip6(4)</a>, drop received packets with an IPv4-compatible address as source or destination as per RFC4213.

Line 293

Line 299

<li>On <a href="https://man.openbsd.org/amd64/vmm.4">vmm(4/amd64)</a>, fix a panic when CPUs fail to spin up for other reasons during boot.

<li>On amd64 and i386, enable the UMIP feature if present.

<li>Enable <a href="https://man.openbsd.org/ure.4">ure(4)</a> on the architectures where <a href="https://man.openbsd.org/url.4">url(4)</a> already is.

<li>5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages. A source code patch is available for <a href="errata59.html#012_crypto">5.9</a>.

<li>5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages. A source code patch is available for <a href="errata59.html#012_crypto">5.9</a>.

<li>Repair <a href="https://man.openbsd.org/kill.2">kill(2)</a> on zombie processes.

<li>In <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>, fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected.

<li>In <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips.

Line 575

Line 581

<li>In libc on i386, do setjmp cookies for eip, esp, and ebp.

<li>In libc on mips64, do setjmp cookies for gp, sp, and ra.

<li>5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements. A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>.

<li>5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements. A source code patch is available for <a href="errata58.html#015_crypto">5.8</a> and <a href="errata59.html#009_crypto">5.9</a>.

<li>Update to xserver 1.18.3.

<li>Update to freetype 2.6.3.

<li>In <a href="https://man.openbsd.org/macppc/smu.4">smu(4/macppc)</a>, add support for new smu-firmware fan commands.

Line 653

Line 659

<li>On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions.

<li>Remove the net.inet6.ip6.v6only <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>.

<li>5.9 RELIABILITY FIX: Possible data corruption in <a href="https://man.openbsd.org/bnx.4">bnx(4)</a>. A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>.

<li>5.9 RELIABILITY FIX: Possible data corruption in <a href="https://man.openbsd.org/bnx.4">bnx(4)</a>. A source code patch is available for <a href="errata59.html#008_bnx">5.9</a>.

<li>In <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>, in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice.

<li>Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy.

Line 662

Line 668

<li>In <a href="https://man.openbsd.org/regex.3">regex(3)</a>, fix a one-byte buffer underflow (read access only).

<li>Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events.

<li>Fix "<a href="https://man.openbsd.org/skeyinit.1">skeyinit</a> username" run as root.

<li>5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user. A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>.

<li>5.8 and 5.9 SECURITY FIX: Insufficient checks in the <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> handling leak kernel memory contents to a local user. A source code patch is available for <a href="errata58.html#014_uvideo">5.8</a> and <a href="errata59.html#007_uvideo">5.9</a>.

<li>Completely skip link-layer address resolution and NUD on <a href="https://man.openbsd.org/gif.4">gif(4)</a>.

<li>In <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, plug some holes in the V4L2 <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue.

<li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, fix some file-descriptor leaks.

<li>Enable the pcf8523 RTC on Hummingboard and CuBox-i.

<li>5.9 RELIABILITY FIX: Issues in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>.

<li>5.9 RELIABILITY FIX: Issues in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. A source code patch is available for <a href="errata59.html#006_smtpd">5.9</a>.

<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>:

<ul>

<li>Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.

Line 734

Line 740

<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks.

<li>Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code.

<li>5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>. A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>.

<li>5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the <a href="https://www.openssl.org/news/secadv/20160503.txt">advisory</a>. A source code patch is available for <a href="errata58.html#013_crypto">5.8</a> and <a href="errata59.html#005_crypto">5.9</a>.

<li>In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types.

<li>Reduce the number of lookups to 1 for non-multicast traffic when <a href="https://man.openbsd.org/pf.4">pf(4)</a> is disabled.

<li>In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.

Line 753

Line 759

<li>In <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>, fix the DMA issues on Bay Trail.

<li>Add support for changing the bus width to the <a href="https://man.openbsd.org/sdmmc.4">sdmmc(4)</a> subsystem and the <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controller. Use this to switch SD cards to a 4-bit bus if they support it.

<li>In <a href="https://man.openbsd.org/sppp.4">sppp(4)</a>, fix a bug causing breakage with LCP echoes.

<li>5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="https://man.openbsd.org/carp.4">carp(4)</a>. A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>.

<li>5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with <a href="https://man.openbsd.org/carp.4">carp(4)</a>. A source code patch is available for <a href="errata59.html#004_mbuf">5.9</a>.

<li>Convert <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> to use the libtls API.

<li>In <a href="https://man.openbsd.org/file.1">file(1)</a>, fix the default type to work properly.

Line 1006

Line 1012

<li>Update to tzdata2016b from ftp.iana.org.

<li>Allocate amap slots for a virtual memory range reserved with <a href="https://man.openbsd.org/sbrk.2">sbrk(2)</a> lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory.

<li>For amaps with only a few slots, allocate the slots via <a href="https://man.openbsd.org/pool.9">pool(9)</a>. This saves some memory and reduces kmem pressure.

<li>5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d programs. A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>.

<li>5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>'d programs. A source code patch is available for <a href="errata59.html#003_pledge">5.9</a>.

<li>5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user. A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>.

<li>5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user. A source code patch is available for <a href="errata57.html#024_in6bind">5.7</a>, <a href="errata58.html#012_in6bind">5.8</a> and <a href="errata59.html#002_in6bind">5.9</a>.

<li>In <a href="https://man.openbsd.org/puc.4">puc(4)</a>, add support for the Exar XR17V354 device.

<li>Remove the legacy <a href="https://man.openbsd.org/OpenBSD-5.9/uiomovei.9">uiomovei(3)</a> function. It has been replaced by <a href="https://man.openbsd.org/uiomove.9">uiomove(9)</a>.

Line 1022

Line 1028

<li>In <a href="https://man.openbsd.org/sd.4">sd(4)</a>, avoid a kernel panic when unplugging an USB umass stick because of a use after free.

<li>Avoid corrupt mount points without a valid device when unmounting.

<li>5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>. A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>.

<li>5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>. A source code patch is available for <a href="errata57.html#014_sshd">5.7</a>, <a href="errata58.html#011_sshd">5.8</a> and <a href="errata59.html#001_sshd">5.9</a>.

<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, sanitise characters destined for <a href="https://man.openbsd.org/xauth.1">xauth(1)</a>.

<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, don't retransmit responses for unauthenticated messages.

Line 1093

Line 1099

<li>On alpha and sh, now that time_t is 64-bit, no longer ignore the hardware clock when it reports a year after 2037.

</ul>

</body>

</html>