OpenBSD 6.4 Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives ,
or use CVS .
Note: Problems for which patches exist are marked in red .
For changes in other releases, click below:2.0 ,
2.1 ,
2.2 ,
2.3 ,
2.4 ,
2.5 ,
2.6 ,
2.7 ,
2.8 ,
2.9 ,
3.0 ,
3.1 ,
3.2 ,
3.3 ,
3.4 ,
3.5 ,
3.6 ,
3.7 ,
3.8 ,
3.9 ,
4.0 ,
4.1 ,
4.2 ,
4.3 ,
4.4 ,
4.5 ,
4.6 ,
4.7 ,
4.8 ,
4.9 ,
5.0 ,
5.1 ,
5.2 ,
5.3 ,
5.4 ,
5.5 ,
5.6 ,
5.7 ,
5.8 ,
5.9 ,
6.0 ,
6.1 ,
6.2 ,
6.3 ,
6.5 ,
6.6 ,
6.7 ,
6.8 ,
6.9 ,
7.0 ,
7.1 ,
7.2 ,
7.3 ,
7.4 ,
7.5 ,
7.6 ,
7.7 ,
current .
Changes made between OpenBSD 6.3 and 6.4
Many changes not listed here.
Fix "heap full" errors in the amd64 boot loader when loading microcode.
Add support in com(4) for Exar XR17V354 4-port devices.
Add TCP support to snmpd(8) . Apart from processing multiple requests in parallel, this implements RFC 3430.
Make relayd(8) set destination host state to HOST_DOWN in case of TCP read timeout.
6.1, 6.2 and 6.3 SECURITY FIX: Correct heap overflow bugs in perl(1) . 6.1 , 6.2 and 6.3 .
Make ENGINE_finish() succeed on NULL in LibreSSL, simplifies caller code.
Make ksh(1) count $SECONDS using monotonic clock.
Fix for mg(1) when trying to write backups in home dir when run under a different effective user.
Remove hfsc support from pfctl(8) .
Don't panic if ipmi_sendcmd() fails.
Make sshd(8) more resilient against user enumeration timing attacks.
Implemented MAP_STACK option for mmap(2) . At pagefaults and syscalls the kernel will check that the SP points to MAP_STACK memory.
Stop using the PID in ping(8) .
Make httpd(8) listen on all IPv4 and IPv6 addresses for "listen on *".
More steps for i386 Meltdown fixes, will trigger some performance issues.
Make re(4) handle newer devices with only 64bit BARs, and map 32bit BAR as a fallback.
Add mixer save/restore capability to the audio(4) driver for use during suspend/resume.
Add support in umsm(4) for Huawei k3772-based devices.
Make sasyncd(8) schedule events against the monotonic clock so it fires punctually even if system clock is changed.
Have fstat(1) print rtable for internet sockets unless it's the default.
In tmux(1) , add x and X to choose-tree to kill an item.
Make sure the kernel doesn't call logwakeup() while holding a mutex to prevent lock ordering issues.
Make mandoc(1) define a previously undefined integer as being zero.
Make ksh(1) support 64bit integer operations on 32bit arches too.
Added octcrypto(4) , a driver for the octeon cryptographic unit, providing hardware-accelerated implementations for several encryption and authentication algorithms for ipsec(4) . Disabled for now.
Make smtpd(8) spfwalk check for legitimate IPv4 and IPv6 addresses before printing.
Make headers, manpages and kernel prefer and recommend AF_UNIX name rather than AF_LOCAL.
In kqueue, test for preexisting conditions when re-enabling events.
Make pcidump(8) print BARs for bridges as well.
On amd64, add support for EFI Random Number Generator and use it to XOR random data into the kernel.
Add a hook to the standalone boot code to use a firmware-supplied random function in addition of the machine dependent random function to insert entropy into the booted kernel.
IPv6 fix for gif(4) .
Attach the mbuf tag on output gif(4) packets to suppress loops over the interface and avoid leak of the tag on every packet.
For certain arm devices, if the PHY address isn't specified, only attach a single PHY. Makes Theobrama Systems RK3399-Q7 SoM network interfaces work.
Make shutdown(8) print deadline estimates in the local timezone.
Enable islrtc(4) on arm64 GENERIC and RAMDISK kernels.
Added islrtc(4) , a driver for the ISL208 real time clock.
Work around libtool exec limitations.
Correct libtls tls_config_clear_keys(3) behaviour, leaving other configuration data intact.
In libtls, switch to OPENSSL_init_ssl(3) to prevent an openssl configuration file from being loaded behind our backs.
Add support in dwmmc(4) for GPIO card detection.
Increase em(4) delay after reset to 20ms and add a fix for i219 based devices.
In UEFI, respect the parts where mappings indicate they can be made non-readable, non-executable or read-only.
Fixed tmpfs(4) to not attempt calling copyin(9) itself.
Patch binutils 2.17 so it passes option -Wno-null-pointer-arithmetic when compiled with LLVM 6.0.0.
Updated llvm to 6.0.0.
Make fstat(1) print a p flag for file descriptors opened after pledge(2) .
Better rounding to cylinder boundaries in disklabel(8) .
In ssh(1) , allow "Sendenv -PATTERN" to clear environment previously labeled for sending.
Fix file descriptor leak in httpd(8) after processing ranged requests.
Use existing pf state to speed up UDP socket lookup.
Fix memory leak in libcrypto if EVP_Digest() fails.
In libcrypto, tighten up various checks for X509_VERIFY_PARAM functions.
In ssh(1) , relax checking of authorized_keys environment="..." options to allow underscores in variable names
Stop using a non-portable .R man(7) macro in mandoc(1) .
Update mandoc(1) to use documented and portable character escape sequences for .Do/.Dq.
Import pcap_set_immediate_mode() from mainline libpcap which allows a libpcap-based program to process packets as soon as they arrive.
Remove obsolete PF_TRANS_ALTQ from pf(4) . Note the required steps in the update guide if updating from source.
Update default IPQoS in ssh(1) and sshd(8) .
Libcrypto fixes in X509_NAME_add_entry().
Fix crash in dig(1) when +trace option is enabled and a truncated reply forces fallback to TCP.
Deactivate WITNESS checks in ddb(4) , when db_active is set.
On vlan(4) interfaces, use link0 to use llprio in transmitted packets.
Imported regenerated moduli files for ssh(1) .
Tweak vlan printing in tcpdump(8) to properly decode priority field.
OpenSSH 7.7 released.
Enabled mvrng(4) for arm64 GENERIC and RAMDISK kernels.
Fix in bgpd(8) for aspath_verify() regarding 2-byte vs 4-byte AS path entries.
Enabled imxiomuxc(4) on arm64 GENERIC and RAMDISK kernels.
Unhook libXfont from xenocara builds, obsoleted by libXfont2.
Enabled dwpcie(4) , fec(4) and imxccm(4) on arm64 GENERIC and RAMDISK kernels.
Add minimal driver dwpcie(4) for the Synopsys Designware PCIe core.
Added support for more Intel Apollo Lake devices found on some NUC and Celeron based systems.
In com(4) , add support for register shift/IO-width to allow UARTs using 32-bit registers instead of 8-bit, found on some armv7, arm64 and amd64 SoCs.
Add support for arbitrary-length integers in test(1) .
Fix binutils 2.17 to build without warnings on LLVM 6.0.0.
Enabled imxanatop(4) on armv7 RAMDISK kernels.
Fix for previously incorrect MII speed setting on armv7 fec(4) .
Fixes in apply(1) for realloc(3) noticed when malloc.conf(5) had the J option enabled.
LibreSSL 2.7.2 released.
Fixes for UFS2 with softdep enabled.
Implemented an EFI driver to allow PXE boot over EFIs Simple Network Protocol, allowing TFTP boot on U-Boot based armv7 and arm64 machines.
Fix '-v' option to procmap(1) when using -a to help show holes in the process map.
Enabled mvtemp(4) on arm64 GENERIC kernels.
Added mvtemp(4) a driver for temperature sensors found on Marvell Armada SoCs.
Fix mbuf reuse when sending ARP responses to prevent stale mbuf state affecting the ARP reply packet.
Fix 64bit integer overflows in expr(1) .
Fix a hang in i386 vmware guests in /sbin/init.
Recommit of the i386 Meltdown fix.
Fix '-i' on dhclient(8) to discard previously defined values.
Enable imxiic(4) and imxanatop(4) on arm64 GENERIC and RAMDISK kernels.
Enable imxgpc(4) , imxgpio(4) and imxesdhc(4) on GENERIC and RAMDISK kernels for the arm64 platform.
Also move imxgpc(4) , imxgpio(4) and imxesdhc(4) drivers so they can be shared between arm64 and armv7.
Fix potential overflow in cut(1) for 64bit systems.
Updated bdftopcf to version 1.1.
Moved driver for imxuart(4) so it can be shared by arm64 and armv7.
Updated xterm(1) to version 331.
Updated unbound(8) to 1.7.0.
Enable mvclock(4) , mvicu(4) , mvpinctrl(4) , mvgpio(4) and mvrtc(4) on GENERIC and RAMDISK kernels for arm64 platforms.
Added support for mvrtc(4) , a real time clock integrated on various Marvell Armada SoCs.
Fixed some setlocale(3) bugs.
Add support in the flattened device tree code for legacy binding of Marvell devices for "usb-nop-xceiv" PHYs.
Fix memory leak in sparc64 ofwboot when booting softraid(4) crypto devices.
Prevent tmux(1) from crashing in certain cases with empty windows.
Fixed network locking in pppx(4) .
Fix in libcrypto for CVS-2018-0739 regarding ASN.1 recursive definition depth.
Remove RDTSCP from CPUID flags reported to vmm(4) guests.
Fix remaining external file system locking so VOP_LOCKs are done in accordance with how WITNESS wants it.
Fix memory leak in pf(4) when adding same table twice.
Check for possible NFS race after sleeping to prevent future lock ordering problem.
Mark ext2fs inode recursive lock as RWL_IS_VNODE to help when WITNESS is enabled.
Configure dwxe(4) TX and RX chain delay based on device tree properties.
In the X.org DRM code, defer disabling the vblank IRQ until next interrupt.
Updated time zone data to tzdata2018d.
Added acpicmos(4) , a driver that implements SystemCMOS access support.
SSLeay history from 0.4 to 0.8.1b added to SSL manpages.
Make sure nc(1) clears password buffers in non-terminating cases.
Fix wrong execution and out of boundary writes in apply(1) .
Make sure programs violating a pledge(2) promise cannot block the final SIGABRT.
Try harder to execute code protected by mutexes after entering ddb(4) .
Exclude SIGKILL from ptrace(2) interception to prevent deadlock when parent waits for the traced process.