OpenBSD 6.4 Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0, 7.1,
7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, current.

Changes made between OpenBSD 6.3 and 6.4

• Many changes not listed here.
• Fix "heap full" errors in the amd64 boot loader when loading microcode.
• Add support in com(4) for Exar XR17V354 4-port devices.
• Add TCP support to snmpd(8). Apart from processing multiple requests in parallel, this implements RFC 3430.
• Make relayd(8) set destination host state to HOST_DOWN in case of TCP read timeout.
• 6.1, 6.2 and 6.3 SECURITY FIX: Correct heap overflow bugs in perl(1).
  A source code patch is available for 6.1, 6.2 and 6.3.
• Make ENGINE_finish() succeed on NULL in LibreSSL, simplifies caller code.
• Make ksh(1) count $SECONDS using monotonic clock.
• Fix for mg(1) when trying to write backups in home dir when run under a different effective user.
• Remove hfsc support from pfctl(8).
• Don't panic if ipmi_sendcmd() fails.
• Make sshd(8) more resilient against user enumeration timing attacks.
• Implemented MAP_STACK option for mmap(2). At pagefaults and syscalls the kernel will check that the SP points to MAP_STACK memory.
• Stop using the PID in ping(8).
• Make httpd(8) listen on all IPv4 and IPv6 addresses for "listen on *".
• More steps for i386 Meltdown fixes, will trigger some performance issues.
• Make re(4) handle newer devices with only 64bit BARs, and map 32bit BAR as a fallback.
• Add mixer save/restore capability to the audio(4) driver for use during suspend/resume.
• Add support in umsm(4) for Huawei k3772-based devices.
• Make sasyncd(8) schedule events against the monotonic clock so it fires punctually even if system clock is changed.
• Have fstat(1) print rtable for internet sockets unless it's the default.
• In tmux(1), add x and X to choose-tree to kill an item.
• Make sure the kernel doesn't call logwakeup() while holding a mutex to prevent lock ordering issues.
• Make mandoc(1) define a previously undefined integer as being zero.
• Make ksh(1) support 64bit integer operations on 32bit arches too.
• Added octcrypto(4), a driver for the octeon cryptographic unit, providing hardware-accelerated implementations for several encryption and authentication algorithms for ipsec(4). Disabled for now.
• Make smtpd(8) spfwalk check for legitimate IPv4 and IPv6 addresses before printing.
• Make headers, manpages and kernel prefer and recommend AF_UNIX name rather than AF_LOCAL.
• In kqueue, test for preexisting conditions when re-enabling events.
• Make pcidump(8) print BARs for bridges as well.
• On amd64, add support for EFI Random Number Generator and use it to XOR random data into the kernel.
• Add a hook to the standalone boot code to use a firmware-supplied random function in addition of the machine dependent random function to insert entropy into the booted kernel.
• IPv6 fix for gif(4).
• Attach the mbuf tag on output gif(4) packets to suppress loops over the interface and avoid leak of the tag on every packet.
• For certain arm devices, if the PHY address isn't specified, only attach a single PHY. Makes Theobrama Systems RK3399-Q7 SoM network interfaces work.
• Make shutdown(8) print deadline estimates in the local timezone.
• Enable islrtc(4) on arm64 GENERIC and RAMDISK kernels.
• Added islrtc(4), a driver for the ISL208 real time clock.
• Work around libtool exec limitations.
• Correct libtls tls_config_clear_keys(3) behaviour, leaving other configuration data intact.
• In libtls, switch to OPENSSL_init_ssl(3) to prevent an openssl configuration file from being loaded behind our backs.
• Add support in dwmmc(4) for GPIO card detection.
• Increase em(4) delay after reset to 20ms and add a fix for i219 based devices.
• In UEFI, respect the parts where mappings indicate they can be made non-readable, non-executable or read-only.
• Fixed tmpfs(4) to not attempt calling copyin(9) itself.
• Patch binutils 2.17 so it passes option -Wno-null-pointer-arithmetic when compiled with LLVM 6.0.0.
• Updated llvm to 6.0.0.
• Make fstat(1) print a p flag for file descriptors opened after pledge(2).
• Better rounding to cylinder boundaries in disklabel(8).
• In ssh(1), allow "Sendenv -PATTERN" to clear environment previously labeled for sending.
• Fix file descriptor leak in httpd(8) after processing ranged requests.
• Use existing pf state to speed up UDP socket lookup.
• Fix memory leak in libcrypto if EVP_Digest() fails.
• In libcrypto, tighten up various checks for X509_VERIFY_PARAM functions.
• In ssh(1), relax checking of authorized_keys environment="..." options to allow underscores in variable names
• Stop using a non-portable .R man(7) macro in mandoc(1).
• Update mandoc(1) to use documented and portable character escape sequences for .Do/.Dq.
• Import pcap_set_immediate_mode() from mainline libpcap which allows a libpcap-based program to process packets as soon as they arrive.
• Remove obsolete PF_TRANS_ALTQ from pf(4). Note the required steps in the update guide if updating from source.
• Update default IPQoS in ssh(1) and sshd(8).
• Libcrypto fixes in X509_NAME_add_entry().
• Fix crash in dig(1) when +trace option is enabled and a truncated reply forces fallback to TCP.
• Deactivate WITNESS checks in ddb(4), when db_active is set.
• On vlan(4) interfaces, use link0 to use llprio in transmitted packets.
• Imported regenerated moduli files for ssh(1).
• Tweak vlan printing in tcpdump(8) to properly decode priority field.
• OpenSSH 7.7 released.
• Enabled mvrng(4) for arm64 GENERIC and RAMDISK kernels.
• Fix in bgpd(8) for aspath_verify() regarding 2-byte vs 4-byte AS path entries.
• Enabled imxiomuxc(4) on arm64 GENERIC and RAMDISK kernels.
• Unhook libXfont from xenocara builds, obsoleted by libXfont2.
• Enabled dwpcie(4), fec(4) and imxccm(4) on arm64 GENERIC and RAMDISK kernels.
• Add minimal driver dwpcie(4) for the Synopsys Designware PCIe core.
• Added support for more Intel Apollo Lake devices found on some NUC and Celeron based systems.
• In com(4), add support for register shift/IO-width to allow UARTs using 32-bit registers instead of 8-bit, found on some armv7, arm64 and amd64 SoCs.
• Add support for arbitrary-length integers in test(1).
• Fix binutils 2.17 to build without warnings on LLVM 6.0.0.
• Enabled imxanatop(4) on armv7 RAMDISK kernels.
• Fix for previously incorrect MII speed setting on armv7 fec(4).
• Fixes in apply(1) for realloc(3) noticed when malloc.conf(5) had the J option enabled.
• LibreSSL 2.7.2 released.
• Fixes for UFS2 with softdep enabled.
• Implemented an EFI driver to allow PXE boot over EFIs Simple Network Protocol, allowing TFTP boot on U-Boot based armv7 and arm64 machines.
• Fix '-v' option to procmap(1) when using -a to help show holes in the process map.
• Enabled mvtemp(4) on arm64 GENERIC kernels.
• Added mvtemp(4) a driver for temperature sensors found on Marvell Armada SoCs.
• Fix mbuf reuse when sending ARP responses to prevent stale mbuf state affecting the ARP reply packet.
• Fix 64bit integer overflows in expr(1).
• Fix a hang in i386 vmware guests in /sbin/init.
• Recommit of the i386 Meltdown fix.
• Fix '-i' on dhclient(8) to discard previously defined values.
• Enable imxiic(4) and imxanatop(4) on arm64 GENERIC and RAMDISK kernels.
• Enable imxgpc(4), imxgpio(4) and imxesdhc(4) on GENERIC and RAMDISK kernels for the arm64 platform.
• Also move imxgpc(4), imxgpio(4) and imxesdhc(4) drivers so they can be shared between arm64 and armv7.
• Fix potential overflow in cut(1) for 64bit systems.
• Updated bdftopcf to version 1.1.
• Moved driver for imxuart(4) so it can be shared by arm64 and armv7.
• Updated xterm(1) to version 331.
• Updated unbound(8) to 1.7.0.
• Enable mvclock(4), mvicu(4), mvpinctrl(4), mvgpio(4) and mvrtc(4) on GENERIC and RAMDISK kernels for arm64 platforms.
• Added support for mvrtc(4), a real time clock integrated on various Marvell Armada SoCs.
• Fixed some setlocale(3) bugs.
• Add support in the flattened device tree code for legacy binding of Marvell devices for "usb-nop-xceiv" PHYs.
• Fix memory leak in sparc64 ofwboot when booting softraid(4) crypto devices.
• Prevent tmux(1) from crashing in certain cases with empty windows.
• Fixed network locking in pppx(4).
• Fix in libcrypto for CVS-2018-0739 regarding ASN.1 recursive definition depth.
• Remove RDTSCP from CPUID flags reported to vmm(4) guests.
• Fix remaining external file system locking so VOP_LOCKs are done in accordance with how WITNESS wants it.
• Fix memory leak in pf(4) when adding same table twice.
• Check for possible NFS race after sleeping to prevent future lock ordering problem.
• Mark ext2fs inode recursive lock as RWL_IS_VNODE to help when WITNESS is enabled.
• Configure dwxe(4) TX and RX chain delay based on device tree properties.
• In the X.org DRM code, defer disabling the vblank IRQ until next interrupt.
• Updated time zone data to tzdata2018d.
• Added acpicmos(4), a driver that implements SystemCMOS access support.
• SSLeay history from 0.4 to 0.8.1b added to SSL manpages.
• Make sure nc(1) clears password buffers in non-terminating cases.
• Fix wrong execution and out of boundary writes in apply(1).
• Make sure programs violating a pledge(2) promise cannot block the final SIGABRT.
• Try harder to execute code protected by mutexes after entering ddb(4).
• Exclude SIGKILL from ptrace(2) interception to prevent deadlock when parent waits for the traced process.