=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1337 retrieving revision 1.1338 diff -c -r1.1337 -r1.1338 *** www/plus.html 2014/05/05 00:27:09 1.1337 --- www/plus.html 2014/05/10 11:37:50 1.1338 *************** *** 1,3 **** --- 1,4 ---- + *************** *** 74,79 **** --- 75,151 ----

On sparc, enabled ssl(8) assembler code for DES. +
On vax, enabled the ssl(8) assembler code for BN. +
In relayd(8) and smtpd(8), fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine. + +
Added sysctl(8) kern.nosuidcoredump=3, to dump core(5) into the /var/crash/progname/ directory. +
Enabled ssl(8) assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64. +
Enabled ssl(8) assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm. +
Updated to: xauth(1) version 1.0.9; xbacklight(1) version 1.2.1; xrandr(1) version 1.4.2 and xinput(1) version 1.6.1. +
Updated to libFS 1.0.6. +
Unbroke ssh(1) compression. +
Switched to generating bcrypt(3) 2b hashes by default. +
Added checks for invalid base64 encoded data in ssl(8) padding. Fixes a crash (RT#2608). +
Provide extended-precision math constants (required by POSIX). +
Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid). + +
drm(4) i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out. +
Updated Xserver(1) to version 1.15.1. +
On hppa, fixed ssl(8) assembler version of SHA512 to output correct results. +
Make acpiprt(4) correctly handle interrupts with non-standard polarity. +
In acpi(4), made acpi_mutex_acquire/release actually grab the global lock when called. +
Fixed occasional disklabel(8) crashes when altering mount points. + +
Reverted __bounded code in ssh(1). +
Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in ssl(8). +
Stopped ssl(8) perl(1) scripts outputting SOM-specific directives. +
Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from ssl(8). +
Extended fread(3) and fwrite(3) to check for integer overflows. +
Moved smtpd(8) RSA key handling from "lka" to a new dedicated "ca" process. +
5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an ssl(8) alert, which could cause a null pointer dereference.
A source code patch is available for 5.4 and 5.5. +
Fixed gcc(1) on i386, to detect overflows and properly align arrays > 16 bytes. +
Added ChaCha cypher to ssl(8), and provided it with an EVP implementation. +
Added Brainpool and ANSSI FRP256v1 elliptic curves to ssl(8) (RT#2239). +
Corrected isakmpd(8) test when passing data to a keynote. + +
Improved malloc(3)'s ability to pick a free chunk at random. +
uvm(9) now correctly flush discarded pages even if the number of hash buckets doesn't change. +
When openssl(1) isn't available, ssh(1) now uses local fallback implementation of AES for UMAC. +
Preserve the intended chronological order of leases in dhclient.leases(5) files. +
Fixed growfs(8) on 4K-sector disks. +
First pass at removing win64 support from the assembly-generating perl(1) scripts in ssl(8). +
Stopped smtpd(8) trying to create folders that already exist when using maildir. +
Improved imsg handling with many concurrent connections in smtpd(8). + +
New buffer API, to eventually make ssh(1) usable as a standalone library. +
Improved enforcing of proper alignment of stack variables on sparc. +
smtpd(8) RSA private key privsep will now only load keys after forking the separated process. +
Stopped sftp(1) attempting to append a nul quote character to filenames (bz#2238). +
Implemented RSA privilege separation for smtpd(8). Prevents possible private key leakage. +
Made compiling ssh(8) and sshd(8) against ssl(8) optional. +
When smtpd(8) fails to relay via TLS (and smtpd.conf(5) doesn't require security), try plain; also downgrade if a TLS error happens during the session. +
Constrain bytes read/written to positive values in ssl(8) s3_pkt.c code. +
Re-added local aesctr implementation to ssh(1). +
Moved traceroute6(8) to the attic, fully merged into traceroute(8). +
Removed large memory leak from usb(4). +
Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from nginx(8) to keep attack mitigations enabled. +
Stopped ssh(1) sending success/failure replies when channels have sent a close already (bz#1818). +
Removed less(1) support for the obsolete (non-POSIX) "more -d" prompt. +
Made sure the iked(8) state machine only advances if the AUTH payload has been verified. +
Use explicit_bzero(3) instead of memset(3) to clear out sensitive smtpd(8) data. + +
Implemented AI_ADDRCONFIG in getaddrinfo(3), as per RFC 3493. +
Removed more WIN32, WIN64 and MINGW32 tentacles from ssl(8). +
Use the correct algorithm mask in ssl(8) t1_enc.c. +
In ssl(8), stopped SSL_OP_ALL disabling attack mitigations against CBC modes. +
Let nm(1) -w correctly return 0 for valid archives. +
Stopped ping(8) and ping6(8) sleeping after poll(2) returns an error. +
Added fuse(4) support for 255 character file names. +
m4(1) now checks for integer overflows in custom allocs. +
Added support to snmpd(8) for exporting ARP table via "ipNetToMediaTable" OID. +
Fixed a loop so that waiting for wds(4/i386) hardware actually happens.
Improved error handling when using dbopen(3) in mandoc(1).
Fixed library search order in libtool(1). *************** *** 244,250 ****
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions.
Better mandoc(1) error reporting in case of SQL errors: mention dir and file. !
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
Update to xtrans 1.3.4. --- 316,322 ----
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions.
Better mandoc(1) error reporting in case of SQL errors: mention dir and file. !
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
Update to xtrans 1.3.4.