===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1337
retrieving revision 1.1338
diff -c -r1.1337 -r1.1338
*** www/plus.html 2014/05/05 00:27:09 1.1337
--- www/plus.html 2014/05/10 11:37:50 1.1338
***************
*** 1,3 ****
--- 1,4 ----
+
***************
*** 74,79 ****
--- 75,151 ----
+
+ - On sparc, enabled ssl(8) assembler code for DES.
+
- On vax, enabled the ssl(8) assembler code for BN.
+
- In relayd(8) and smtpd(8), fixed SSL/TLS and a possible fatalx() on machines without a default RSA engine.
+
+
- Added sysctl(8) kern.nosuidcoredump=3, to dump core(5) into the /var/crash/progname/ directory.
+
- Enabled ssl(8) assembler code for AES, DES, GCM, SHA1, SHA256 and SHA512 on sparc64.
+
- Enabled ssl(8) assembler code for AES, BN, GCM128, SHA1, SHA256 and SHA512 on arm.
+
- Updated to: xauth(1) version 1.0.9; xbacklight(1) version 1.2.1; xrandr(1) version 1.4.2 and xinput(1) version 1.6.1.
+
- Updated to libFS 1.0.6.
+
- Unbroke ssh(1) compression.
+
- Switched to generating bcrypt(3) 2b hashes by default.
+
- Added checks for invalid base64 encoded data in ssl(8) padding. Fixes a crash (RT#2608).
+
- Provide extended-precision math constants (required by POSIX).
+
- Stopped citrus UTF-8 parser rejecting 0xFFFE and 0xFFFF (they do not render strings invalid).
+
+
- drm(4) i915 fixes: workaround inverted brightness for Acer Aspire 5336; fixed gen4 composite s-video tv-out.
+
- Updated Xserver(1) to version 1.15.1.
+
- On hppa, fixed ssl(8) assembler version of SHA512 to output correct results.
+
- Make acpiprt(4) correctly handle interrupts with non-standard polarity.
+
- In acpi(4), made acpi_mutex_acquire/release actually grab the global lock when called.
+
- Fixed occasional disklabel(8) crashes when altering mount points.
+
+
- Reverted __bounded code in ssh(1).
+
- Oh hppa, use assembly code for AES, BN (Montgomery), SHA1, SHA256 and SHA512 in ssl(8).
+
- Stopped ssl(8) perl(1) scripts outputting SOM-specific directives.
+
- Removed unreferenced OPENSSL_instrument_bus and OPENSSL_instrument_bus2 routines from ssl(8).
+
- Extended fread(3) and fwrite(3) to check for integer overflows.
+
- Moved smtpd(8) RSA key handling from "lka" to a new dedicated "ca" process.
+
- 5.4 and 5.5 RELIABILITY FIX: Stop attacker's ability to trigger an ssl(8) alert, which could cause a null pointer dereference.
A source code patch is available for 5.4 and 5.5.
+ - Fixed gcc(1) on i386, to detect overflows and properly align arrays > 16 bytes.
+
- Added ChaCha cypher to ssl(8), and provided it with an EVP implementation.
+
- Added Brainpool and ANSSI FRP256v1 elliptic curves to ssl(8) (RT#2239).
+
- Corrected isakmpd(8) test when passing data to a keynote.
+
+
- Improved malloc(3)'s ability to pick a free chunk at random.
+
- uvm(9) now correctly flush discarded pages even if the number of hash buckets doesn't change.
+
- When openssl(1) isn't available, ssh(1) now uses local fallback implementation of AES for UMAC.
+
- Preserve the intended chronological order of leases in dhclient.leases(5) files.
+
- Fixed growfs(8) on 4K-sector disks.
+
- First pass at removing win64 support from the assembly-generating perl(1) scripts in ssl(8).
+
- Stopped smtpd(8) trying to create folders that already exist when using maildir.
+
- Improved imsg handling with many concurrent connections in smtpd(8).
+
+
- New buffer API, to eventually make ssh(1) usable as a standalone library.
+
- Improved enforcing of proper alignment of stack variables on sparc.
+
- smtpd(8) RSA private key privsep will now only load keys after forking the separated process.
+
- Stopped sftp(1) attempting to append a nul quote character to filenames (bz#2238).
+
- Implemented RSA privilege separation for smtpd(8). Prevents possible private key leakage.
+
- Made compiling ssh(8) and sshd(8) against ssl(8) optional.
+
- When smtpd(8) fails to relay via TLS (and smtpd.conf(5) doesn't require security), try plain; also downgrade if a TLS error happens during the session.
+
- Constrain bytes read/written to positive values in ssl(8) s3_pkt.c code.
+
- Re-added local aesctr implementation to ssh(1).
+
- Moved traceroute6(8) to the attic, fully merged into traceroute(8).
+
- Removed large memory leak from usb(4).
+
- Deleted SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from nginx(8) to keep attack mitigations enabled.
+
- Stopped ssh(1) sending success/failure replies when channels have sent a close already (bz#1818).
+
- Removed less(1) support for the obsolete (non-POSIX) "more -d" prompt.
+
- Made sure the iked(8) state machine only advances if the AUTH payload has been verified.
+
- Use explicit_bzero(3) instead of memset(3) to clear out sensitive smtpd(8) data.
+
+
- Implemented AI_ADDRCONFIG in getaddrinfo(3), as per RFC 3493.
+
- Removed more WIN32, WIN64 and MINGW32 tentacles from ssl(8).
+
- Use the correct algorithm mask in ssl(8) t1_enc.c.
+
- In ssl(8), stopped SSL_OP_ALL disabling attack mitigations against CBC modes.
+
- Let nm(1) -w correctly return 0 for valid archives.
+
- Stopped ping(8) and ping6(8) sleeping after poll(2) returns an error.
+
- Added fuse(4) support for 255 character file names.
+
- m4(1) now checks for integer overflows in custom allocs.
+
- Added support to snmpd(8) for exporting ARP table via "ipNetToMediaTable" OID.
+
- Fixed a loop so that waiting for wds(4/i386) hardware actually happens.
- Improved error handling when using dbopen(3) in mandoc(1).
- Fixed library search order in libtool(1).
***************
*** 244,250 ****
- Confirm passwords when signify(1) is generating keys.
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
- Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
!
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
- Update to xtrans 1.3.4.
--- 316,322 ----
- Confirm passwords when signify(1) is generating keys.
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
- Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
!
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
- Update to xtrans 1.3.4.