===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1334
retrieving revision 1.1335
diff -c -r1.1334 -r1.1335
*** www/plus.html 2014/04/08 02:10:04 1.1334
--- www/plus.html 2014/04/17 01:51:07 1.1335
***************
*** 74,79 ****
--- 74,211 ----
+
+ - Stopped mandoc(1) crashing when processing macros in .Sh header lines, or having .Sm off or .Bk -words open.
+
- Stopped leaking socketpair file descriptors if tmux(1) fork(2) fails.
+
- Fixed potential race in UFS where an allocated inode could fail to get added.
+
- Removed o_dir.c from openssl(1) now that OPENSSL_DIR_XXX has been removed from the build.
+
- Removed nonstandard and unsafe DES support from ed(1).
+
- Switched pkg_mklocatedb(1) to using common SetList code, renaming -x into -X.
+
- Updated xcb-utils to 0.3.9.
+
- Allow slowcgi(8) QUERY_STRING to be longer than 127 bytes.
+
- Update libxcb to version 1.10.
+
- Made OPENSSL_NO_HEARTBLEED the default and only option in ssl(8) code.
+
- Adapted snmpctl(8), relayd(8) and snmpd(8) to use AgentX protocol to send traps.
+
+
- Confirm passwords when signify(1) is generating keys.
+
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
+
- Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
+
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
+
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
+
+
- Update to xtrans 1.3.4.
+
- Updated to xextproto 7.3.0.
+
- Added presentproto 1.0.
+
- Bring back r1.16 of protector.c in gcc(1) version 2.95. Fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
+
- 5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) read buffer to stop an attacker injecting data from one connection into another.
A source code patch is available for 5.3, 5.4 and 5.5.
+ - Made sure cu(1) -l overrides HOST.
+
+
- Avoid sshd(8) crash at exit, by checking that pmonitor!=NULL before dereferencing (bz#2225).
+
- Fixed more(1) to use basic regular expressions (unlike less(1)).
+
- Clamp offsets to the available memory space. Fixes tmux(1) crash.
+
- Further apropos(1) speed optimisation, with mmap(3) MAP_ANON SQLITE_CONFIG_PAGECACHE.
+
- Updated to libdrm 2.4.53
+
+
- Disabled Segglemann's RFC520 heartbeat from ssl(8).
+
- Don't release the ssl(8) read buffer if we're not done reading from it; disabled buf freelists.
+
- Added validation routines to iked(8): overall header structure is checked for sanity before copying the header; avoid overflow by passing down the number of remaining bytes.
+
- Notify userland when an arp(4) entry is removed.
+
- Fixed fd leaks in mg(1) error paths.
+
- Retired rtinit() and switched to using rt_ifa_add(9) and rt_ifa_del(9) to manage connected routes to prefixes/hosts.
+
- Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
+
+
- Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
+
- Moved descriptions from mandoc(1) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
+
- In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
+
- Reverted r1.93 of mg(1) file.c, which broke permission checks.
+
- 5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
+ - Updated to xf86-video-ati 7.3.0.
+
- Made smtpd(8) display correct imsg when profiling is on and if the type was changed.
+
- Zapped the smtpd(8) mfa process. Content filtering will be done at session level.
+
- Removed CA certificates from ssl(8) which are not listed in Mozilla's certdata.txt.
+
- Use root CAs in ssl(8) used by TeleSec (Deutsche Telekom AG): Baltimore CyberTrust Root, Deutsche Telekom Root CA, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3.
+
- If TLS validation is on, make ftp(1) fetch TLS certificate and check the server hostname against the subjectAltName and/or CommonName.
+
+
- Build libgcc without SSP. Unbreaks landisk bootblocks.
+
- Updated to xorg-macros 1.19.0.
+
- Ensure that we free buffers written out by the page daemon rather than caching them.
+
- Fixed error in bcrypt_pbkdf(3) stride calculations.
+
- Added error detection mechanism to detect when sudo(8) configuration is incorrect for building ports.
+
- Zero-fill smtpd(8) mta static buffer before use in DSN code.
+
- Added term_flushln() flag to control indentation of continuation lines in TERMP_NOBREAK mode. Reduces groff-mandoc differences in base by more than 15%.
+
+
- Added rgephy(4) for axe(4) and axen(4) on hppa and zaurus.
+
- Fully implemented roff(7) \B (validate numerical expression) and partially implemented \w (measure text width) escape sequence.
+
- 5.3, 5.4, 5.5 and -current SECURITY FIX: Fixed openssl(1) CVE-2014-0160 "heartbleed" vulnerability.
A source code patch is available for 5.3, 5.4 and 5.5.
+ - Added MSI support for xhci(4).
+
- Enable upd(4) on archs where uhidev(4) is present.
+
- Do not attach when no upd(4) sensors can be allocated; made device querying smarter.
+
- Added roff(7) support for indirect references to user-defined strings.
+
- Made iscsid(8) listen to the control socket, so the connect() call from iscsictl(8) will not fail.
+
- In udp_output(), use the correct source address in case of an unbound socket.
+
- Accept arbitrary argument delimiters for various roff(7) escape sequences.
+
- Increased MSGBUFSIZE on macppc.
+
- Exit on error or HUP when poll()ing the keyboard. Otherwise, top(1) may spin when its tty goes away.
+
- Added implementation of roff(7) numerical expressions.
+
- Retired kernel support for SO_DONTROUTE, this time without breaking localhost connections.
+
- Updated termtypes.master to upstream terminfo-20140329.src.
+
- When qla(4) is iterating through fabric ports, start at our own port ID, to simplify tracking.
+
+
- Added axen(4) wherever axe(4) is found.
+
- qla(4) ISP2322 chips need a different firmware image to other 2300s, don't load firmware for them.
+
- Removed (expensive) temporary connect in udp_output(). Also fixes possible memory leak.
+
- Added missing addressing modes for the fucomip instruction on i386. Unbreaks webkit port.
+
+
- Fixed smtpd(8) when writing multi-line "To" and "Cc" headers.
+
- Implemented the roff(7) .rr (remove register) request.
+
- Fixed uvm(9) logic error (and prevented theoretical infinite loop) in uvm_pmr_rootupdate().
+
- mandoc(1) bugfix: make sure all variables are properly initialised when rendering .ll (line length) requests.
+
+
- Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
+
- Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
+
- Made mandoc(1) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
+
- Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
+
- Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
+
- Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
+
+
- Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
+
- When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
+
- Instead of silently doing nothing, made mandoc(1) warn and return non-zero when the manpath is empty.
+
- Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
+
- Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
+
- When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
+
- Renamed the makewhatis(8) -W option to -p. Matches flag introduced in OpenBSD 2.7.
+
- Proper validation and computation of bsize now occurs in the disklabel(8) expert mode.
+
- Renamed -v option of mandocdb(8) to -D, to avoid a clash with the -v option of makewhatis(8).
+
- Reduced the tmux(4) mouse wheel scroll size to 3; allow shift to reduce it to 1; allow meta and ctrl to multiply by 3; support wheel in "choose" mode.
+
- Fixed npppctl(8) calculation of response message size.
+
+
- Added the "#" character as a comment character in the mg(1) startup file.
+
- Support UTF-8 with tmux(4) choose-buffer; made buffer_sample bigger to let it trim at window right edge.
+
- Enabled hds(4) on hppa.
+
- Enabled mpath(4) on macppc.
+
+
+
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents server from forcing a new-hostkey dialog.
+
- Include fingerprint of key not found by ssh-keysign(8); use arc4random_buf() instead of loop+arc4random().
+
- In four byte UTF-8 sequences, make sure tmux(1) only uses three bits of the first byte.
+
- Stopped tmux(1) crashing when a zero-length argument is passed to setb.
+
- Made tmux(1) message-limit a server option.
+
- Stopped tmux(1) segfaulting when the parent of the layout cell is NULL.
+
- Added setb -a to tmux(1) append; added a copy mode append command.
+
- Made session_attached a count; added session_many_attached flag to tmux(1).
+
- Added start-of-list, end-of-list, top-line and bottom-line in tmux(1) choice mode.
+
- Stopped tmux(1) writing into the buffer if there are no arguments.
+
- Changed secondary device attributes response to "\033[>84;0;0c" which is unique for tmux(1).
+
- Made bus_dmamap_load(9) and bus_dmamap_unload(9) mpsafe on alpha.
+
- Restored behaviour of ls(1) -f implying -a (lost in commit made in 1989). Conforms to IEEE 1003.1-2008 ("POSIX.1").
+
- On loongson, mips and octeon, stopped whole L1 cache being flushed unnecessarily.
+
- Again allow more than one level of directories to be created via mg(1) make-directory.
+
- Force detach of all usb(4) devices by disconnecting root hubs before suspending machine. Avoids races.
+
- libtool(1) now properly add -rpath to the linker when linking libraries. Matches GNU libtool.
+
- Increased Xtranssock.c send buffer for UNIX sockets. Makes Firefox usable again when viewing large images.
+
- If HOST or the host argument starts with a "/", cu(1) will now treat it as a device name.
+
- Fixed REMOTE on cu(1) to work like tip(1); added support for HOST.
- Added SNI support to ftp(1).
- Allow roff(7) to support relative arguments to .ll (increase or decrease line length).
***************
*** 233,238 ****