===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1350
retrieving revision 1.1351
diff -c -r1.1350 -r1.1351
*** www/plus.html 2014/08/13 11:13:53 1.1350
--- www/plus.html 2014/08/20 08:48:56 1.1351
***************
*** 74,79 ****
--- 74,125 ----
+
+ - Fixed ssl(8) to avoid allocating and then leaking a fresh fragment structure when a zero-length fragment is received (CVE-2014-3507).
+
- Fixed ssl(8): made sure the output buffer is always NUL terminated if buf_len was initially greater than zero; reject OIDs that are too long, too short, or not in proper base-127 (CVE-2014-3508).
+
- Corrected ssl(8) test (reversed during merge of fix for CVE-2014-3509).
+
- Fixed ssl(8) DTLS handshake message size checks (CVE-2014-3506).
+
- Stopped httpd(8) trying to output FCGI_STDERR into error.log if there is no data.
+
- Try to parse "Status: $code" in the first response from the httpd(8) fcgi daemon, use that code as HTTP response code (fallback to 200). Possible fix for redirects in cvsweb.
+
+
- Fixed ssl(8) TLS downgrade (CVE-2014-3511).
+
- Fixed DTLS anonymous EC(DH) denial of service in ssl(8) (CVE-2014-3510).
+
- Made httpd(8) correctly report "internal server error" if the very first fcgi STDOUT record has length 0.
+
- Changed httpd.conf(5) grammar to remove a shift/reduce conflict. "listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
+
- Added support for NOTE_EOF (for kqueue(2) EVFILT_READ filters) on NFS files.
+
- Limit the body size in client requests (eg. POST data) to 1M by default in httpd.conf(5); added a configuration option to change the limit.
+
- Prevented X(7) server crash on zaurus (and possibly other architectures) where there is no pci(4).
+
- Provided httpd.conf(5) configuration options that allow the SSL certificate, key and ciphers to be specified for each server.
+
- Clear the httpd(8) public key when it is no longer needed.
+
- Configured the default ssl(8) ciphers as HIGH:!aNULL in httpd(8).
+
- Restored previous ssl(8) behaviour that allows a PEM block to be fed through the base64 decoder.
+
- Corrected some dma cleanup error paths in qe(4/vax).
+
- POST support added to httpd(8).
+
- Added CONTENT_TYPE environment variables (without the HTTP_prefix) to httpd(8), for use with cgi scripts .
+
- Fixed bug in server_write that broke httpd(8) keep-alive support.
+
- httpd(8) now adjusts read/write watermarks according to the TCP send buffer. Fixes sending of large files.
+
+
- Load the httpd(8) ssl(8) public/private keys in the parent process, then provide them to the privsep process via imsg. Allows keys to be moved out of chroot(8).
+
- Added ssl(8) support for loading the public/private key from memory, rather than directly from file.
+
- If a driver (eg umct(4)) opens an interrupt pipe without callback function, made sure the correct transfer is aborted.
+
- Added httpd.conf(5) options for max requests per connection and timeout limit.
+
- Brought back httpd.conf(5) TCP/IP configuration options.
+
- Limited the number of Keep-Alive requests per httpd(8) connection to 100.
+
- Improved httpd(8) logging to allow per-server/location log files; log files can now be owned by root.
+
- Added httpd.conf(5) option to specify the chroot(8) directory.
+
+
- Enabled httpd(8) in rc.d(8) for wider testing.
+
- Temporarily moved default location of the httpd(8) SSL/TLS server key and certificate from /var/www/ to /var/www/conf/.
+
- Added "HTTPS = on" CGI variable to httpd(8).
+
- Redirect httpd(8) to https:// if SSL/TLS is enabled.
+
- Added TLS/SSL support to httpd(8), based on the recent ssl(8) commits.
+
- Changed httpd.conf(5) grammar from "log [style]" to "log style [style]".
+
- Provided an ssl(8) function that returns a server connection context.
+
- Provided an ssl(8) utility function for loading a private/public keypair.
+
- httpd(8) will now print error message if the log files cannot be opened.
+
- Improved ressl_{read,write} handling of non-blocking reads/writes in ssl(8)
+
- Added initial httpd(8) support for log files in /var/www/logs/.
+
- Implemented httpd(8) PATH_INFO and added DOCUMENT_ROOT.
- httpd(8) now also writes log messages (eg 404 Not Found) on error.
- Extended httpd(8) to dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables.
***************
*** 126,132 ****
- Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
- Made pkg_add(1) log libraries in a proper way.
!
- Stopped mandoc(1) assuming that a non-breaking space character has width 0.
- Fixed hangs during suspend when stopping secondary cpu.
- Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines.
--- 172,178 ----
- Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
- Made pkg_add(1) log libraries in a proper way.
!
- Stopped mandoc(1) assuming in -Tutf8 output mode that a non-breaking space character has width 0.
- Fixed hangs during suspend when stopping secondary cpu.
- Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines.
***************
*** 143,155 ****
- Added "root" configuration option to httpd.conf(5).
- Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4).
!
- Made man.cgi(8) sort result pages first by section number, then by name.
- Provide eeprom(8) on the sparc installation media.
- Build machinery added to build eeprom(8) for the installation media on relevant arches.
- Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
- Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
- Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
!
- Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
- When httpd(8) is canonicalising the path, fail on truncation.
- Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash.
--- 189,201 ----
- Added "root" configuration option to httpd.conf(5).
- Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4).
!
- Made man.cgi(8) sort result pages first by section number, then by name.
- Provide eeprom(8) on the sparc installation media.
- Build machinery added to build eeprom(8) for the installation media on relevant arches.
- Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
- Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
- Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
!
- Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
- When httpd(8) is canonicalising the path, fail on truncation.
- Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash.
***************
*** 164,170 ****
- Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
- Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
!
- man.cgi(8) security fixes, to prevent XSS attacks.
- In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
- Enable httpd(8) in the builds for more testing (not finished but can serve static files).
- Added initial httpd.conf(5) example for httpd(8).
--- 210,216 ----
- Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
- Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
!
- man.cgi(8) security fixes, to prevent XSS attacks.
- In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
- Enable httpd(8) in the builds for more testing (not finished but can serve static files).
- Added initial httpd.conf(5) example for httpd(8).
***************
*** 175,181 ****
- Made mandoc(1) preserve manpath and arch in .Xr links.
- Reverted tmux(1) up/down wheel emulation.
- Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
!
- Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
- Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
- Stopped kprintf in gcc(1) accepting the $ flags (as printf(9) doesn't support them).
--- 221,227 ----
- Made mandoc(1) preserve manpath and arch in .Xr links.
- Reverted tmux(1) up/down wheel emulation.
- Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
!
- Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
- Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
- Stopped kprintf in gcc(1) accepting the $ flags (as printf(9) doesn't support them).
***************
*** 198,204 ****
- Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
- Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2).
!
- Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
- Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
- Fixed pkg_add(1) sorted output.
- When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way.
--- 244,250 ----
- Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
- Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2).
!
- Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
- Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
- Fixed pkg_add(1) sorted output.
- When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way.
***************
*** 261,267 ****
- Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
- Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
- Use imsg(3) between the privileged and the non-privileged npppd(8) processes.
!
- Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
- Removed qli(4) (never enabled and was unfinished).
- Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
- Updated to libICE 1.0.9 and libXft 2.3.2.
--- 307,313 ----
- Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
- Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
- Use imsg(3) between the privileged and the non-privileged npppd(8) processes.
!
- Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
- Removed qli(4) (never enabled and was unfinished).
- Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
- Updated to libICE 1.0.9 and libXft 2.3.2.
***************
*** 481,487 ****
- Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
- Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be.
!
- More tweaking of mandoc(1) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
- In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
- Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
- Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock.
--- 527,533 ----
- Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
- Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be.
!
- More tweaking of makaewhatis(8) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
- In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
- Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
- Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock.
***************
*** 493,499 ****
- Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
- Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process.
!
- Stopped mandoc(1) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
- Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
- Fixed off by one in msdosfs pm_inusemap().
- Fixed the use of 16384-bit RSA keys by ssh(1).
--- 539,545 ----
- Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
- Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process.
!
- Stopped makewhatis(8) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
- Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
- Fixed off by one in msdosfs pm_inusemap().
- Fixed the use of 16384-bit RSA keys by ssh(1).
***************
*** 952,960 ****
- If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
- Removed obsolete altq bandwidth shaping from pf(4).
!
- Allow mandoc(1) to properly handle symlinks .
- Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
!
- In mandoc(1) update mode, when opening the database fails, just rebuild it from scratch.
- Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
- For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
- Updated unifdef(1) to version 2.10.
--- 998,1006 ----
- If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
- Removed obsolete altq bandwidth shaping from pf(4).
!
- Allow makewhatis(8) to properly handle symlinks .
- Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail.
!
- In makewhatis(8) update mode, when opening the database fails, just rebuild it from scratch.
- Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
- For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
- Updated unifdef(1) to version 2.10.
***************
*** 1031,1037 ****
- Confirm passwords when signify(1) is generating keys.
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
!
- Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
--- 1077,1083 ----
- Confirm passwords when signify(1) is generating keys.
- Fixed SQL_STEP failures for man(7) pages lacking descriptions.
!
- Better makewhatis(8) error reporting in case of SQL errors: mention dir and file.
- Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
- In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex.
***************
*** 1057,1063 ****
- Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
- Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
!
- Moved descriptions from mandoc(1) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
- In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
- Reverted r1.93 of mg(1) file.c, which broke permission checks.
- 5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
--- 1103,1109 ----
- Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
- Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database.
!
- Moved descriptions from mandoc.db(5) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
- In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
- Reverted r1.93 of mg(1) file.c, which broke permission checks.
- 5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5.
***************
*** 1105,1118 ****
- Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
- Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
!
- Made mandoc(1) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
- Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
- Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
- Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
- Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
- When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
!
- Instead of silently doing nothing, made mandoc(1) warn and return non-zero when the manpath is empty.
- Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
- Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
- When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
--- 1151,1164 ----
- Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
- Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases.
!
- Made makewhatis(8) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
- Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
- Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
- Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
- Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
- When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)).
!
- Instead of silently doing nothing, made makewhatis(8) warn and return non-zero when the manpath is empty.
- Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
- Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
- When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory.
***************
*** 1160,1166 ****
- Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
- Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
!
- Allow leading and trailing vertical lines in mandoc(1), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
- Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
- Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
- Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
--- 1206,1212 ----
- Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
- Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10.
!
- Allow leading and trailing vertical lines in tbl(7), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
- Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
- Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
- Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections.
***************
*** 1223,1229 ****
- On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
- Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
- Retired the rarely used hp300, mvme68k and mvme88k ports.
!
- Allow checking mandoc(1) databases are up to date even when you don't have write permissions.
- Notify userland (via the routing socket) when ARP resolution completes.
- Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
- Made bgpctl(8) correctly parse attribute length form imsg.
--- 1269,1275 ----
- On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
- Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
- Retired the rarely used hp300, mvme68k and mvme88k ports.
!
- Allow makewhatis(8) to check mandoc.db(5) databases are up to date even when you don't have write permissions.
- Notify userland (via the routing socket) when ARP resolution completes.
- Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
- Made bgpctl(8) correctly parse attribute length form imsg.
***************
*** 1307,1311 ****