=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1350 retrieving revision 1.1351 diff -c -r1.1350 -r1.1351 *** www/plus.html 2014/08/13 11:13:53 1.1350 --- www/plus.html 2014/08/20 08:48:56 1.1351 *************** *** 74,79 **** --- 74,125 ----

Fixed ssl(8) to avoid allocating and then leaking a fresh fragment structure when a zero-length fragment is received (CVE-2014-3507). +
Fixed ssl(8): made sure the output buffer is always NUL terminated if buf_len was initially greater than zero; reject OIDs that are too long, too short, or not in proper base-127 (CVE-2014-3508). +
Corrected ssl(8) test (reversed during merge of fix for CVE-2014-3509). +
Fixed ssl(8) DTLS handshake message size checks (CVE-2014-3506). +
Stopped httpd(8) trying to output FCGI_STDERR into error.log if there is no data. +
Try to parse "Status: $code" in the first response from the httpd(8) fcgi daemon, use that code as HTTP response code (fallback to 200). Possible fix for redirects in cvsweb. + +
Fixed ssl(8) TLS downgrade (CVE-2014-3511). +
Fixed DTLS anonymous EC(DH) denial of service in ssl(8) (CVE-2014-3510). +
Made httpd(8) correctly report "internal server error" if the very first fcgi STDOUT record has length 0. +
Changed httpd.conf(5) grammar to remove a shift/reduce conflict. "listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443". +
Added support for NOTE_EOF (for kqueue(2) EVFILT_READ filters) on NFS files. +
Limit the body size in client requests (eg. POST data) to 1M by default in httpd.conf(5); added a configuration option to change the limit. +
Prevented X(7) server crash on zaurus (and possibly other architectures) where there is no pci(4). +
Provided httpd.conf(5) configuration options that allow the SSL certificate, key and ciphers to be specified for each server. +
Clear the httpd(8) public key when it is no longer needed. +
Configured the default ssl(8) ciphers as HIGH:!aNULL in httpd(8). +
Restored previous ssl(8) behaviour that allows a PEM block to be fed through the base64 decoder. +
Corrected some dma cleanup error paths in qe(4/vax). +
POST support added to httpd(8). +
Added CONTENT_TYPE environment variables (without the HTTP_prefix) to httpd(8), for use with cgi scripts . +
Fixed bug in server_write that broke httpd(8) keep-alive support. +
httpd(8) now adjusts read/write watermarks according to the TCP send buffer. Fixes sending of large files. + +
Load the httpd(8) ssl(8) public/private keys in the parent process, then provide them to the privsep process via imsg. Allows keys to be moved out of chroot(8). +
Added ssl(8) support for loading the public/private key from memory, rather than directly from file. +
If a driver (eg umct(4)) opens an interrupt pipe without callback function, made sure the correct transfer is aborted. +
Added httpd.conf(5) options for max requests per connection and timeout limit. +
Brought back httpd.conf(5) TCP/IP configuration options. +
Limited the number of Keep-Alive requests per httpd(8) connection to 100. +
Improved httpd(8) logging to allow per-server/location log files; log files can now be owned by root. +
Added httpd.conf(5) option to specify the chroot(8) directory. + +
Enabled httpd(8) in rc.d(8) for wider testing. +
Temporarily moved default location of the httpd(8) SSL/TLS server key and certificate from /var/www/ to /var/www/conf/. +
Added "HTTPS = on" CGI variable to httpd(8). +
Redirect httpd(8) to https:// if SSL/TLS is enabled. +
Added TLS/SSL support to httpd(8), based on the recent ssl(8) commits. +
Changed httpd.conf(5) grammar from "log [style]" to "log style [style]". +
Provided an ssl(8) function that returns a server connection context. +
Provided an ssl(8) utility function for loading a private/public keypair. +
httpd(8) will now print error message if the log files cannot be opened. +
Improved ressl_{read,write} handling of non-blocking reads/writes in ssl(8) +
Added initial httpd(8) support for log files in /var/www/logs/. +
Implemented httpd(8) PATH_INFO and added DOCUMENT_ROOT.
httpd(8) now also writes log messages (eg 404 Not Found) on error.
Extended httpd(8) to dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables. *************** *** 126,132 ****
Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
Made pkg_add(1) log libraries in a proper way. !
Stopped mandoc(1) assuming that a non-breaking space character has width 0.
Fixed hangs during suspend when stopping secondary cpu.
Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines. --- 172,178 ----
Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
Made pkg_add(1) log libraries in a proper way. !
Stopped mandoc(1) assuming in -Tutf8 output mode that a non-breaking space character has width 0.
Fixed hangs during suspend when stopping secondary cpu.
Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines. *************** *** 143,155 ****
Added "root" configuration option to httpd.conf(5).
Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4). !
Made man.cgi(8) sort result pages first by section number, then by name.
Provide eeprom(8) on the sparc installation media.
Build machinery added to build eeprom(8) for the installation media on relevant arches.
Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection. !
Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
When httpd(8) is canonicalising the path, fail on truncation.
Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash. --- 189,201 ----
Added "root" configuration option to httpd.conf(5).
Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4). !
Made man.cgi(8) sort result pages first by section number, then by name.
Provide eeprom(8) on the sparc installation media.
Build machinery added to build eeprom(8) for the installation media on relevant arches.
Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection. !
Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
When httpd(8) is canonicalising the path, fail on truncation.
Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash. *************** *** 164,170 ****
Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs). !
man.cgi(8) security fixes, to prevent XSS attacks.
In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
Enable httpd(8) in the builds for more testing (not finished but can serve static files).
Added initial httpd.conf(5) example for httpd(8). --- 210,216 ----
Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs). !
man.cgi(8) security fixes, to prevent XSS attacks.
In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
Enable httpd(8) in the builds for more testing (not finished but can serve static files).
Added initial httpd.conf(5) example for httpd(8). *************** *** 175,181 ****
Made mandoc(1) preserve manpath and arch in .Xr links.
Reverted tmux(1) up/down wheel emulation.
Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept. !
Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
Stopped kprintf in gcc(1) accepting the $ flags (as printf(9) doesn't support them). --- 221,227 ----
Made mandoc(1) preserve manpath and arch in .Xr links.
Reverted tmux(1) up/down wheel emulation.
Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept. !
Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
Stopped kprintf in gcc(1) accepting the $ flags (as printf(9) doesn't support them). *************** *** 198,204 ****
Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2). !
Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
Fixed pkg_add(1) sorted output.
When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way. --- 244,250 ----
Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2). !
Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
Fixed pkg_add(1) sorted output.
When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way. *************** *** 261,267 ****
Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
Use imsg(3) between the privileged and the non-privileged npppd(8) processes. !
Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
Removed qli(4) (never enabled and was unfinished).
Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
Updated to libICE 1.0.9 and libXft 2.3.2. --- 307,313 ----
Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
Use imsg(3) between the privileged and the non-privileged npppd(8) processes. !
Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
Removed qli(4) (never enabled and was unfinished).
Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
Updated to libICE 1.0.9 and libXft 2.3.2. *************** *** 481,487 ****
Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be. !
More tweaking of mandoc(1) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock. --- 527,533 ----
Fixed incorrect bounds check in amd64 assembly version of ssl(8) bn_mul_mont().
Made tcpdump(8) -v display any bad checksums contained in the header and what the checksum should be. !
More tweaking of makaewhatis(8) set_basedir(): do not error out when getcwd(3) fails; fixed the man-root-dir indicator in say().
In arc4random(3), hard fail with SIGKILL if getentropy(2) returns -1.
Converted CRYPTO_memcmp to timingsafe_memcmp in ssl(8).
Improved error checking in ssl(3) by_dir.c: set error code on error; check malloc(3) return; added missing unlock. *************** *** 493,499 ****
Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process. !
Stopped mandoc(1) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
Fixed off by one in msdosfs pm_inusemap().
Fixed the use of 16384-bit RSA keys by ssh(1). --- 539,545 ----
Fixed black screen on lenovo ideapad yoga 2 pro using when using intel(4).
Restored previous arc4random(3) behaviour, where fork(2) children would mix in some randomness from the parent process. !
Stopped makewhatis(8) displaying "unable to open mandoc.db" error messages when updating/deleting individual files.
Ensured fsck_msdos(8) will always keep length of cluster chain up to date. Avoids out of boundary accesses.
Fixed off by one in msdosfs pm_inusemap().
Fixed the use of 16384-bit RSA keys by ssh(1). *************** *** 952,960 ****
If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
Removed obsolete altq bandwidth shaping from pf(4). !
Allow mandoc(1) to properly handle symlinks .
Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail. !
In mandoc(1) update mode, when opening the database fails, just rebuild it from scratch.
Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
Updated unifdef(1) to version 2.10. --- 998,1006 ----
If user+tag@ exceeds SMTPD_MAXPATHLEN smtpd(8) now fails instead of creating a ".truncated" tag dir.
Removed obsolete altq bandwidth shaping from pf(4). !
Allow makewhatis(8) to properly handle symlinks .
Disable the ssh(1) curve25519-sha256@libssh.org KEX method when the other party's connection will fail. !
In makewhatis(8) update mode, when opening the database fails, just rebuild it from scratch.
Removed RAND_seed(3) calls in iked(8), ikectl(8), relayd(8) and snmpd(8).
For wscons(4) WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to the process, not just the thread.
Updated unifdef(1) to version 2.10. *************** *** 1031,1037 ****
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions. !
Better mandoc(1) error reporting in case of SQL errors: mention dir and file.
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex. --- 1077,1083 ----
Confirm passwords when signify(1) is generating keys.
Fixed SQL_STEP failures for man(7) pages lacking descriptions. !
Better makewhatis(8) error reporting in case of SQL errors: mention dir and file.
Major ssl(8) cleanup to remove: MacOS, Netware, OS/2, VMS and Windows build machinery and shared libraries; openssl(1) engines and code that were not properly licensed; vms support; various horrible socket syscall wrappers; insecure use of time as a random seed in the TLS engine.
In qla(4) debug output, print loop ids as decimals and port ids as 24bit hex. *************** *** 1057,1063 ****
Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database. !
Moved descriptions from mandoc(1) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
Reverted r1.93 of mg(1) file.c, which broke permission checks.
5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5. --- 1103,1109 ----
Revived fix for perl(1) RT bug 116441 (null dereference affecting mod_perl).
Split manual names out of the common "keys" table into their own "names" table. Reduces standard apropos(1) search times 70% for the full /usr/share/man database. !
Moved descriptions from mandoc.db(5) keys table to mpages table: reduces typical apropos(1) search times by about 40%; reduces database size.
In less(1) "more" mode, made command specified by -p option apply to every edited file, as per POSIX.
Reverted r1.93 of mg(1) file.c, which broke permission checks.
5.5 SECURITY FIX: Make ftp(1) client check the server hostname, to avoid false validation when connecting to an https website.
A source code patch is available for 5.5. *************** *** 1105,1118 ****
Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases. !
Made mandoc(1) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)). !
Instead of silently doing nothing, made mandoc(1) warn and return non-zero when the manpath is empty.
Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory. --- 1151,1164 ----
Added the -t ktrace(1) option to ltrace(1). Allows triggering library function call trace and other kernel events trace simultaneously.
Fixed smtpd(8) header parsing issue in enqueuer, which was stripping the "From:" header in some cases. !
Made makewhatis(8) warn about missing mlinks when the -p (picky) option is given, and not overridden by: -Q, -d, -u, or -t.
Merged the mda, mta and smtp smtpd(8) processes into a single unprivileged process.
Start the smtpd(8) purge task after events are set, so we don't miss a SIGCHLD.
Reworked qla(4) command polling loop so it can handle multiple responses in a single interrupt. Allows talking to Hitachi disk arrays.
Fixed pppx kernel panic when using npppd(8) with multiple pppx devices.
When the -n or -t flag is given to makewhatis(8), write names and descriptions to stdout (format similar to apropos(1)). !
Instead of silently doing nothing, made makewhatis(8) warn and return non-zero when the manpath is empty.
Added a uvm_yield function to uvm(9) and use it to prevent the reaper from hogging the cpu.
Reworked wait/kernel lock heuristics to give interrupts on other CPUs to a chance to run, for reduced latency.
When mg(1) discovers a directory is non-existent, offer a "y" option to make the directory. *************** *** 1160,1166 ****
Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10. !
Allow leading and trailing vertical lines in mandoc(1), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections. --- 1206,1212 ----
Speed-up overlapping copy operations in gio(4/sgi) by attempting to perform them in larger chunks whenever possible.
Removed pflowproto 9 (unfixable post-2038). Better option is pflowproto 10. !
Allow leading and trailing vertical lines in tbl(7), format them in the same way as groff; do not require whitespace before vertical lines in layout specifications.
Properly initialise malloc(3)ed memory in mandoc(1), to fix crashes when using apropos(1).
Made sure the command TRB is reset if a command is submitted when the usb(4) hardware is already gone.
Reverted "retire kernel support for SO_DONTROUTE" diff, which caused problems in localhost connections. *************** *** 1223,1229 ****
On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
Retired the rarely used hp300, mvme68k and mvme88k ports. !
Allow checking mandoc(1) databases are up to date even when you don't have write permissions.
Notify userland (via the routing socket) when ARP resolution completes.
Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
Made bgpctl(8) correctly parse attribute length form imsg. --- 1269,1275 ----
On sgi machines, fixed clipping bounds in "fill" and "blt" graphics operations; added colormap support.
Removed timeout logic from the polling loop in qlw(4). Stops devices timing out before attaching.
Retired the rarely used hp300, mvme68k and mvme88k ports. !
Allow makewhatis(8) to check mandoc.db(5) databases are up to date even when you don't have write permissions.
Notify userland (via the routing socket) when ARP resolution completes.
Put the AF_ROUTE socket that arp(8) operates on into the appropriate rdomain. Stops "arp -V 1 -d 10.0.0.1" hanging forever.
Made bgpctl(8) correctly parse attribute length form imsg. *************** *** 1307,1311 **** - --- 1353,1356 ----