This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
Changes made between OpenBSD 6.3 and 6.4
- Many changes not listed here.
- Fix "heap full" errors in the amd64 boot loader when loading microcode.
- Add support in com(4) for Exar XR17V354 4-port devices.
- Add TCP support to snmpd(8). Apart from processing multiple requests in parallel, this implements RFC 3430.
- Make relayd(8) set destination host state to HOST_DOWN in case of TCP read timeout.
- 6.1, 6.2 and 6.3 SECURITY FIX: Correct heap overflow bugs in perl(1).
A source code patch is available for 6.1, 6.2 and 6.3.
- Make ENGINE_finish() succeed on NULL in LibreSSL, simplifies caller code.
- Make ksh(1) count $SECONDS using monotonic clock.
- Fix for mg(1) when trying to write backups in home dir when run under a different effective user.
- Remove hfsc support from pfctl(8).
- Don't panic if ipmi_sendcmd() fails.
- Make sshd(8) more resilient against user enumeration timing attacks.
- Implemented MAP_STACK option for mmap(2). At pagefaults and syscalls the kernel will check that the SP points to MAP_STACK memory.
- Stop using the PID in ping(8).
- Make httpd(8) listen on all IPv4 and IPv6 addresses for "listen on *".
- More steps for i386 Meltdown fixes, will trigger some performance issues.
- Make re(4) handle newer devices with only 64bit BARs, and map 32bit BAR as a fallback.
- Add mixer save/restore capability to the audio(4) driver for use during suspend/resume.
- Add support in umsm(4) for Huawei k3772-based devices.
- Make sasyncd(8) schedule events against the monotonic clock so it fires punctually even if system clock is changed.
- Have fstat(1) print rtable for internet sockets unless it's the default.
- In tmux(1), add x and X to choose-tree to kill an item.
- Make sure the kernel doesn't call logwakeup() while holding a mutex to prevent lock ordering issues.
- Make mandoc(1) define a previously undefined integer as being zero.
- Make ksh(1) support 64bit integer operations on 32bit arches too.
- Added octcrypto(4), a driver for the octeon cryptographic unit, providing hardware-accelerated implementations for several encryption and authentication algorithms for ipsec(4). Disabled for now.
- Make smtpd(8) spfwalk check for legitimate IPv4 and IPv6 addresses before printing.
- Make headers, manpages and kernel prefer and recommend AF_UNIX name rather than AF_LOCAL.
- In kqueue, test for preexisting conditions when re-enabling events.
- Make pcidump(8) print BARs for bridges as well.
- On amd64, add support for EFI Random Number Generator and use it to XOR random data into the kernel.
- Add a hook to the standalone boot code to use a firmware-supplied random function in addition of the machine dependent random function to insert entropy into the booted kernel.
- IPv6 fix for gif(4).
- Attach the mbuf tag on output gif(4) packets to suppress loops over the interface and avoid leak of the tag on every packet.
- For certain arm devices, if the PHY address isn't specified, only attach a single PHY. Makes Theobrama Systems RK3399-Q7 SoM network interfaces work.
- Make shutdown(8) print deadline estimates in the local timezone.
- Simplify dd(1) SIGINFO output routines so the summary printout becomes atomic.
- Enable islrtc(4) on arm64 GENERIC and RAMDISK kernels.
- Added islrtc(4), a driver for the ISL208 real time clock.
- Work around libtool exec limitations.
- Correct libtls tls_config_clear_keys(3) behaviour, leaving other configuration data intact.
- In libtls, switch to OPENSSL_init_ssl(3) to prevent an openssl configuration file from being loaded behind our backs.
- Add support in dwmmc(4) for GPIO card detection.
- Increase em(4) delay after reset to 20ms and add a fix for i219 based devices.
- In UEFI, respect the parts where mappings indicate they can be made non-readable, non-executable or read-only.
- Fixed tmpfs(4) to not attempt calling copyin(9) itself.
- Patch binutils 2.17 so it passes option -Wno-null-pointer-arithmetic when compiled with LLVM 6.0.0.
- Updated llvm to 6.0.0.
- Make fstat(1) print a p flag for file descriptors opened after pledge(2).
- Better rounding to cylinder boundaries in disklabel(8).
- In ssh(1), allow "Sendenv -PATTERN" to clear environment previously labeled for sending.
- Fix file descriptor leak in httpd(8) after processing ranged requests.
- Use existing pf state to speed up UDP socket lookup.
- Fix memory leak in libcrypto if EVP_Digest() fails.
- In libcrypto, tighten up various checks for X509_VERIFY_PARAM functions.
- In ssh(1), relax checking of authorized_keys environment="..." options to allow underscores in variable names
- Stop using a non-portable .R man(7) macro in mandoc(1).
- Update mandoc(1) to use documented and portable character escape sequences for .Do/.Dq.
- Import pcap_set_immediate_mode() from mainline libpcap which allows a libpcap-based program to process packets as soon as they arrive.
- Remove obsolete PF_TRANS_ALTQ from pf(4). Note the required steps in the update guide if updating from source.
- Update default IPQoS in ssh(1) and sshd(8).
- Libcrypto fixes in X509_NAME_add_entry().
- Fix crash in dig(1) when +trace option is enabled and a truncated reply forces fallback to TCP.
- Deactivate WITNESS checks in ddb(4), when db_active is set.
- On vlan(4) interfaces, use link0 to use llprio in transmitted packets.
- Imported regenerated moduli files for ssh(1).
- Tweak vlan printing in tcpdump(8) to properly decode priority field.
- OpenSSH 7.7 released.
- Enabled mvrng(4) for arm64 GENERIC and RAMDISK kernels.
- Fix in bgpd(8) for aspath_verify() regarding 2-byte vs 4-byte AS path entries.
- Enabled imxiomuxc(4) on arm64 GENERIC and RAMDISK kernels.
- Unhook libXfont from xenocara builds, obsoleted by libXfont2.
- Enabled dwpcie(4), fec(4) and imxccm(4) on arm64 GENERIC and RAMDISK kernels.
- Add minimal driver dwpcie(4) for the Synopsys Designware PCIe core.
- Added support for more Intel Apollo Lake devices found on some NUC and Celeron based systems.
- In com(4), add support for register shift/IO-width to allow UARTs using 32-bit registers instead of 8-bit, found on some armv7, arm64 and amd64 SoCs.
- Add support for arbitrary-length integers in test(1).
- Fix binutils 2.17 to build without warnings on LLVM 6.0.0.
- Enabled imxanatop(4) on armv7 RAMDISK kernels.
- Fix for previously incorrect MII speed setting on armv7 fec(4).
- Fixes in apply(1) for realloc(3) noticed when malloc.conf(5) had the J option enabled.
- LibreSSL 2.7.2 released.
- Fixes for UFS2 with softdep enabled.
- Implemented an EFI driver to allow PXE boot over EFIs Simple Network Protocol, allowing TFTP boot on U-Boot based armv7 and arm64 machines.
- Fix '-v' option to procmap(1) when using -a to help show holes in the process map.
- Enabled mvtemp(4) on arm64 GENERIC kernels.
- Added mvtemp(4) a driver for temperature sensors found on Marvell Armada SoCs.
- Fix mbuf reuse when sending ARP responses to prevent stale mbuf state affecting the ARP reply packet.
- Fix 64bit integer overflows in expr(1).
- Fix a hang in i386 vmware guests in /sbin/init.
- Recommit of the i386 Meltdown fix.
- Fix '-i' on dhclient(8) to discard previously defined values.
- Enable imxiic(4) and imxanatop(4) on arm64 GENERIC and RAMDISK kernels.
- Enable imxgpc(4), imxgpio(4) and imxesdhc(4) on GENERIC and RAMDISK kernels for the arm64 platform.
- Also move imxgpc(4), imxgpio(4) and imxesdhc(4) drivers so they can be shared between arm64 and armv7.
- Fix potential overflow in cut(1) for 64bit systems.
- Updated bdftopcf to version 1.1.
- Moved driver for imxuart(4) so it can be shared by arm64 and armv7.
- Updated xterm(1) to version 331.
- Updated unbound(8) to 1.7.0.
- Enable mvclock(4), mvicu(4), mvpinctrl(4), mvgpio(4) and mvrtc(4) on GENERIC and RAMDISK kernels for arm64 platforms.
- Added support for mvrtc(4), a real time clock integrated on various Marvell Armada SoCs.
- Fixed some setlocale(3) bugs.
- Add support in the flattened device tree code for legacy binding of Marvell devices for "usb-nop-xceiv" PHYs.
- Fix memory leak in sparc64 ofwboot when booting softraid(4) crypto devices.
- Prevent tmux(1) from crashing in certain cases with empty windows.
- Fixed network locking in pppx(4).
- Fix in libcrypto for CVS-2018-0739 regarding ASN.1 recursive definition depth.
- Remove RDTSCP from CPUID flags reported to vmm(4) guests.
- Fix remaining external file system locking so VOP_LOCKs are done in accordance with how WITNESS wants it.
- Fix memory leak in pf(4) when adding same table twice.
- Check for possible NFS race after sleeping to prevent future lock ordering problem.
- Mark ext2fs inode recursive lock as RWL_IS_VNODE to help when WITNESS is enabled.
- Configure dwxe(4) TX and RX chain delay based on device tree properties.
- In the X.org DRM code, defer disabling the vblank IRQ until next interrupt.
- Updated time zone data to tzdata2018d.
- Added acpicmos(4), a driver that implements SystemCMOS access support.
- SSLeay history from 0.4 to 0.8.1b added to SSL manpages.
- Make sure nc(1) clears password buffers in non-terminating cases.
- Fix wrong execution and out of boundary writes in apply(1).
- Make sure programs violating a pledge(2) promise cannot block the final SIGABRT.
- Try harder to execute code protected by mutexes after entering ddb(4).
- Exclude SIGKILL from ptrace(2) interception to prevent deadlock when parent waits for the traced process.