version 1.1348, 2014/07/24 09:28:13 |
version 1.1349, 2014/08/04 11:52:20 |
|
|
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- 2014/07/27 --> |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key. |
|
<li>Made <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&manpath=OpenBSD%20Current&sektion=1&format=html">pkg_add(1)</a> log libraries in a proper way. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> assuming that a non-breaking space character has width 0. |
|
<!-- 2014/07/26 --> |
|
<li>Fixed hangs during suspend when stopping secondary cpu. |
|
<li>Reverted "adjust -C algorithm" from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apmd&manpath=OpenBSD%20Current&sektion=8&arch=amd64&format=html">apmd(8/amd64)</a>, which broke suspend/resume on some machines. |
|
<li>Fixed (very hard to reach) DoS attack vector against <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&manpath=OpenBSD%20Current&sektion=8&format=html">dhcpd(8)</a>. |
|
<!-- 2014/07/25 --> |
|
<li>Differentiate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> servers by address and port, not just by address. |
|
<li>Use a URL in the Location header of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> 3xx responses. |
|
<li>Append mandatory Date header to each <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> response. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a>, canonicalise the request path once without the docroot; prepend the docroot only only when it's needed. |
|
<li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&manpath=OpenBSD%20Current&sektion=1&format=html">ssh-agent(1)</a> keys remaining in memory after they have been expired or deleted. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> leaking the docroot in the error message if the default index file is missing. |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> address matching of multiple server blocks with non-virtual hosts. |
|
<li>Added support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> for "virtual hosts" (aka. server blocks). |
|
<li>Added "root" configuration option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd.conf&manpath=OpenBSD%20Current&sektion=5&format=html">httpd.conf(5)</a>. |
|
<!-- 2014/07/24 --> |
|
<li>Sped up boot sequence by deferring scan of xt keyboard code set by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbd&manpath=OpenBSD%20Current&sektion=4&format=html">pckbd(4)</a>. |
|
<li>Made <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man.cgi&manpath=OpenBSD%20Current&sektion=8&format=html">man.cgi(8)</a> sort result pages first by section number, then by name. |
|
<li>Provide <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eeprom&manpath=OpenBSD%20Current&sektion=8&format=html">eeprom(8)</a> on the sparc installation media. |
|
<li>Build machinery added to build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eeprom&manpath=OpenBSD%20Current&sektion=8&format=html">eeprom(8)</a> for the installation media on relevant arches. |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&manpath=OpenBSD%20Current&sektion=4&format=html">route(4)</a> flush: skip local (RTF_LOCAL) routes when flushing. |
|
<li>Reverted ssp-strong from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&manpath=OpenBSD%20Current&sektion=1&format=html">gcc(1)</a> on arm, which exposed too many bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ports&manpath=OpenBSD%20Current&sektion=7&format=html">ports(7)</a>. |
|
<li>Plugged <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> memleak, to free the HTTP descriptor containing all the headers etc. of a connection. |
|
<li>Provided a dropdown entry "All Architectures" to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man.cgi&manpath=OpenBSD%20Current&sektion=8&format=html">man.cgi(8)</a> and made it the default. |
|
<!-- 2014/07/23 --> |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> is canonicalising the path, fail on truncation. |
|
<li>Made <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> redirect with 301 if a directory name was requested without the trailing slash. |
|
<li>First attempt at having <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> verify request path and access permissions. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo_async&manpath=OpenBSD%20Current&sektion=3&format=html">getaddrinfo_async(3)</a> and similar, made queries fail when the hostname param is an empty string. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> level_add_node(), do not free objects on cleanup which are still being referenced by other objects. |
|
<li>Made sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=3&format=html">ssl(3)</a> PEM_def_callback() correctly handles negative buffer sizes. |
|
<li>Removed lynx from the base system (available in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=packages&manpath=OpenBSD%20Current&sektion=7&format=html">packages(7)</a> instead). |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=Mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">Mandoc(1)</a> security fix: after decoding numeric or one-character escape sequences, HTML-encode resulting character. |
|
<li>Correctly shutdown the servers when the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> process is terminating. Prevents a crash on exit. |
|
<li>On octeon, correctly drain and destroy the bufq upon detach. |
|
<!-- 2014/07/22 --> |
|
<li>Adjusted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apmd&manpath=OpenBSD%20Current&sektion=8&format=html">apmd(8)</a> -C algorithm to be more aggressive in scaling up cpu speed. |
|
<li>Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs). |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man.cgi&manpath=OpenBSD%20Current&sektion=8&format=html">man.cgi(8)</a> security fixes, to prevent XSS attacks. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers. |
|
<li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> in the builds for more testing (not finished but can serve static files). |
|
<li>Added initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd.conf&manpath=OpenBSD%20Current&sektion=5&format=html">httpd.conf(5)</a> example for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a>. |
|
<!-- 2014/07/21 --> |
|
<li>Added the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=X&manpath=OpenBSD%20Current&sektion=7&format=html">X(7)</a> "aperture needed" test to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&manpath=OpenBSD%20Current&sektion=4&format=html">vgafb(4)</a>, to match vga@pci. |
|
<li>Corrected the initialiser for tunnconf_default_pptp in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=npppd&manpath=OpenBSD%20Current&sektion=8&format=html">npppd(8)</a>. |
|
<li>Reduced amount of messages from key_load_private_pem during <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> hostbased auth. |
|
<li>Made <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> preserve manpath and arch in .Xr links. |
|
<li>Reverted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmux&manpath=OpenBSD%20Current&sektion=1&format=html">tmux(1)</a> up/down wheel emulation. |
|
<li>Stopped the installer setting (obsolete) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&manpath=OpenBSD%20Current&sektion=8&format=html">sysctl(8)</a> net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept. |
|
<li>Made <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man.cgi&manpath=OpenBSD%20Current&sektion=8&format=html">man.cgi(8)</a> match RFC 2616, so the "Location: response-header" field is an absolute URI. |
|
<li>Dropped explicit <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmux&manpath=OpenBSD%20Current&sektion=1&format=html">tmux(1)</a> support for F13-F20; match the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&manpath=OpenBSD%20Current&sektion=1&format=html">xterm(1)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=terminfo&manpath=OpenBSD%20Current&sektion=5&format=html">terminfo(5)</a> entry. |
|
<!-- 2014/07/20 --> |
|
<li>Stopped kprintf in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&manpath=OpenBSD%20Current&sektion=1&format=html">gcc(1)</a> accepting the <number>$ flags (as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=printf&manpath=OpenBSD%20Current&sektion=9&format=html">printf(9)</a> doesn't support them). |
|
<li>When amd64/i386/loongson hibernate, look up correct device when using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&manpath=OpenBSD%20Current&sektion=4&format=html">softraid(4)</a>. |
|
<li>Updated to pixman 0.32.6 |
|
<li>Support hibernating to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&manpath=OpenBSD%20Current&sektion=4&format=html">softraid(4)</a> crypto volumes on amd64/i386/loongson. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&manpath=OpenBSD%20Current&sektion=8&format=html">tcpdump(8)</a> display of logical link control data in IEEE802 frames. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpi&manpath=OpenBSD%20Current&sektion=4&format=html">acpi(4)</a> now ignores region marked as "Preserve" if all bits will be modified. Fixes hang on some Sony and Asus laptops. |
|
<li>Always allocate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwi&manpath=OpenBSD%20Current&sektion=4&format=html">bwi(4)</a> ring descriptors below the 1GB boundary. Fixes "intr fatal TX/RX" errors. |
|
<li>On <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwi&manpath=OpenBSD%20Current&sektion=4&format=html">bwi(4)</a>, make bwi_dma_mbuf_create() use the correct loop counter in error case. |
|
<li>Load <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwi&manpath=OpenBSD%20Current&sektion=4&format=html">bwi(4)</a> firmware once, not every time the interface is brought up. Fixes a panic. |
|
<li>Fixed array overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&manpath=OpenBSD%20Current&sektion=1&format=html">telnet(1)</a> command line handling |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&manpath=OpenBSD%20Current&sektion=8&format=html">spamd(8)</a> is started by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&manpath=OpenBSD%20Current&sektion=8&format=html">rc.d(8)</a>: no longer start in background mode; return from rc_start() if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&manpath=OpenBSD%20Current&sektion=8&format=html">spamd(8)</a> failed to start; execute <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd-setup&manpath=OpenBSD%20Current&sektion=8&format=html">spamd-setup(8)</a> without explicitly waiting for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&manpath=OpenBSD%20Current&sektion=8&format=html">spamd(8)</a>. |
|
<li>Fixed auto-upgradable file detection by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysmerge&manpath=OpenBSD%20Current&sektion=8&format=html">sysmerge(8)</a>. |
|
<!-- 2014/07/19 --> |
|
<li>Aligned <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&manpath=OpenBSD%20Current&sektion=1&format=html">telnet(1)</a> with the manpage by making the "-a" use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getlogin&manpath=OpenBSD%20Current&sektion=2&format=html">getlogin(2)</a>; ignore value if it returns a nonexistent user. |
|
<li>Flensed the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&manpath=OpenBSD%20Current&sektion=1&format=html">telnet(1)</a> code base of support for ancient protocols and systems. |
|
<li>On loongson, fixed Lemote reboot issue and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&manpath=OpenBSD%20Current&sektion=4&format=html">usb(4)</a> problems on Gdium models. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> security fixes: validate name of file before opening; only allow relative filenames starting with "man" or "cat" and not containing "/.." or "../"; validate the manpath up front, report a Bad Request if it is not listed in manpath.conf; in case of configuration errors, only report "Internal Server Error". |
|
<!-- 2014/07/18 --> |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtonum&manpath=OpenBSD%20Current&sektion=3&format=html">strtonum(3)</a> range, to unbreak "-pass fd:0" in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a>. |
|
<li>Cleaned up portable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&manpath=OpenBSD%20Current&sektion=3&format=html">arc4random(3)</a> fork detection code; let it take advantage of systems with healthy <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getentropy&manpath=OpenBSD%20Current&sektion=2&format=html">getentropy(2)</a>. |
|
<li>Stopped <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man.cgi&manpath=OpenBSD%20Current&sektion=8&format=html">man.cgi(8)</a> using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface. |
|
<li>Removed dev/log AF_UNIX sockets from various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&manpath=OpenBSD%20Current&sektion=2&format=html">chroot(2)</a> spaces, since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&manpath=OpenBSD%20Current&sektion=3&format=html">syslog(3)</a> messages are now sent via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendsyslog&manpath=OpenBSD%20Current&sektion=2&format=html">sendsyslog(2)</a>. |
|
<li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&manpath=OpenBSD%20Current&sektion=1&format=html">pkg_add(1)</a> sorted output. |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&manpath=OpenBSD%20Current&sektion=1&format=html">mandoc(1)</a> MAN_DIR or manpath.conf do not exist or are empty, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&manpath=OpenBSD%20Current&sektion=3&format=html">exit(3)</a> in a controlled way. |
|
<li>Fixed privilege separation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=npppd&manpath=OpenBSD%20Current&sektion=8&format=html">npppd(8)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bnx&manpath=OpenBSD%20Current&sektion=4&format=html">bnx(4)</a>, implemented EFBIG handling for heavily fragmented packets on the tx path. |
|
<!-- 2014/07/17 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&manpath=OpenBSD%20Current&sektion=8&format=html">dump(8)</a>, allow files-to-dump to be a duid. |
|
<li>On sgi, optimised use of external L2 cache handling on the few Indy/Indigo2 systems which have it. |
|
<li>Unbroke <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&manpath=OpenBSD%20Current&sektion=8&format=html">rc.d(8)</a> script for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smapd&manpath=OpenBSD%20Current&sektion=8&format=html">smapd(8)</a> after the rc_do->_rc_do and rc_wait->_rc_wait renaming. |
|
<li>Zero out the random buffer for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&manpath=OpenBSD%20Current&sektion=3&format=html">sysctl(3)</a> and the entropy buffer. |
|
<li>Made sure the biglock is held on i386 when running interrupt handlers (which rely on it). |
|
<li>Reflect stdio-forward ("ssh -W host:port ...") failures in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&manpath=OpenBSD%20Current&sektion=1&format=html">ssh(1)</a> exit status (bz#2255). |
|
<li>In x509_vfy.c, free sktmp when it's no longer needed. Fixes many memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=3&format=html">ssl(3)</a>. |
|
<!-- 2014/07/16 --> |
|
<li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpbios&manpath=OpenBSD%20Current&sektion=4&format=html">mpbios(4)</a> to RAMDISK_CD on i386/amd64, so bsd.mp is selected when installing to Soekris net6501. |
|
<li>Implemented file descriptor accounting in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&manpath=OpenBSD%20Current&sektion=8&format=html">httpd(8)</a> for single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests. |
|
<!-- 2014/07/15 --> |
|
<li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&manpath=OpenBSD%20Current&sektion=8&format=html">sshd(8)</a> support for unix domain socket forwarding. |
|
<!-- 2014/07/14 --> |
|
<li>Updated to xf86-video-neomagic 1.2.8. |
|
<li>Enable ext2fs support on RAMDISK_CD. |
|
<li>Converted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&manpath=OpenBSD%20Current&sektion=1&format=html">ftp(1)</a> to libressl. |
|
<li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=securelevel&manpath=OpenBSD%20Current&sektion=7&format=html">securelevel(7)</a> variable from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&manpath=OpenBSD%20Current&sektion=8&format=html">rc(8)</a>. |
|
<li>powerdown=YES removed from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=reboot&manpath=OpenBSD%20Current&sektion=8&format=html">reboot(8)</a>. |
|
<li>Updated to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&manpath=OpenBSD%20Current&sektion=1&format=html">xterm(1)</a> version 309. |
<!-- 2014/07/13 --> |
<!-- 2014/07/13 --> |
<li>Fixed timeouts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&manpath=OpenBSD%20Current&sektion=8&format=html">relayd(8)</a> when one connection is spliced and one non-spliced. |
<li>Fixed timeouts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&manpath=OpenBSD%20Current&sektion=8&format=html">relayd(8)</a> when one connection is spliced and one non-spliced. |
<li>Added configuration handling for certificate and key files to libressl. |
<li>Added configuration handling for certificate and key files to libressl. |
|
|
|
|
</body> |
</body> |
</html> |
</html> |
|
|
|
|
|
|
|
|
|
|