www/plus.html - diff

Return to plus.html CVS log

Up to [local] / www

Diff for /www/plus.html between version 1.1368 and 1.1369

-version 1.1368, 2015/05/25 17:07:36
+version 1.1369, 2015/05/28 18:02:24
 Line 77
 Line 77
 Line 77
  <p>
  <ul>
+ <!-- 2015-04-30 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>, prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods.
+ <li>Pass fflag to VOP_POLL so vfs fifo functions can get at the file flags to check FREAD/FWRITE if needed.
+ <li>Avoid a NULL dereference in fd_getfile_mode().
+ <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: a remote user can crash <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd.8</a>.</font><br>A source code patch exists for <a href="errata56.html#022_httpd">5.6</a> and <a href="errata57.html#005_httpd">5.7</a>.
+ <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: malformed binaries could trigger kernel panics or view kernel memory</font><br>A source code patch exists for <a href="errata56.html#023_elf">5.6</a> and <a href="errata57.html#006_elf">5.7</a>.
+ <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: multiple issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cpio.1">cpio(1)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tar.1">tar(1)</a>.</font><br>A source code patch exists for <a href="errata56.html#024_tar">5.6</a> and <a href="errata57.html#007_tar">5.7</a>.
+ <li>Don't add a separate .got.plt section as it would result in a partially writable GOT. <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ld.so.1">ld.so(1)</a> will properly write-protect the single .got.
+ <li>Prevent a user after free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/tun.4">tun(4)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ix.4">ix(4)</a>, set the correct media type for 1000baseLX SFPs.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/grep.1">grep(1)</a>, warn when the user specifies -R but no files, like GNU grep.
+ <li>Allow use of 1Gb 1000baseLX SFPs in 82599 <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ix.4">ix(4)</a> SFP+ port.
+ <li>Optimise sensor I/O in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/upd.4">upd(4)</a>.
+ <li>Indroduce fd_getfile_mode() and use it were fd_getfile() is directly followed by a mode check.
+ <!-- 2015-04-29 -->
+ <li>Fix two assertion failures in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
+ <li>Add the tmux and tmux-256color entries to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/termcap.5">termcap(5)</a> and terminfo. This can be used inside tmux for correct italics support.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, if default-terminal is set to "screen" or "screen-*", follow historic screen(1) behaviour and send smso (standout) instead of sitm (italics) for SGR 3.
+ <li>Fix a use after free and a NULL pointer access in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
+ <li>Support passing a template file for the auto-allocation to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/disklabel.8">disklabel(8)</a>.
+ <li>Fix an fd leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
+ <!-- 2015-04-28 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5">sshd_config(5)</a>, allow ListenAddress, Port and AddressFamily in any order (bz#68).
+ <li>Avoid a NULL dereference in CBS_get_any_asn1_element().
+ <li>In libtls, reject a dNSName of " " for the subjectAltName extension, per RFC 5280.
+ <li>Explicitly include .codepatch and .codepatchend in .rodata such that the binutils 2.17 linker doesn't make them disappear.
+ <li>Protect the per-process itimerval structs with a mutex.
+ <li>On hppa, don't grab the kernel lock for clock interrupts. The way we use mutexes these days is incompatible with that practice and leads to deadlocks.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/sf.4">sf(4)</a>, fix a memory leak in an error path.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add select-layout -o to undo the last layout change.
+ <!-- 2015-04-27 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, fix a memory leak in an error path.
+ <li>In the installer, rework sshd enable root login questions in light of sshd PermitRootLogin default change. The new default is not to ask to enable root logins when a non-root user has been added.
+ <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a> default to PermitRootLogin=no.
+ <li>Do not call nd6_purge() before purging the IPv6 addresses of a detached interface. This fixes a use after free introduced in r1.98 of src/sys/netinet6/in6.c.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>:
+ <ul>
+ <li>Add simple privilege separation.
+ <li>Use a <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4">systrace(4)</a> sandbox with a short whitelist of allowed syscalls for the file(1) child process.
+ </ul>
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/upd.4">upd(4)</a>, parse the HID descriptor multiple times to find sensors. This avoid lookups in the hot path for sensors that depend on the value of others.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, if the requested pane is already active, do not unzoom the window (or doanything else). This prevents mouse clicking when zoomed causing unzoom.
+ <li>Correctly write the 64bits of the HID 1, 4 and 5 registers on powerpc.
+ <!-- 2015-04-26 -->
+ <li>Allow "sshd -f none" to skip reading the config file, much like"ssh -F none" does.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, don't support -s on FIFOs.
+ <li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpd.8">bgpd(8)</a> check the length of the control socket path to make sure it fits -- just like <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a> does.
+ <li>Fix a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sndiod.8">sndiod(8)</a>: the buffer size should be 7680 rather than 7860.
+ <li>Get dwc2 working on octeon:
+ <ul>
+ <li>Transplant the clock setup code from octhci.
+ <li>Add a bus space tag to deal with dwc2 using little endian addressing.
+ <li>ump up the rx fifo size, necessary for umass/sd to work.
+ </ul>
+ <li>Support checksum offloading for IPv4 TX on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/vio.4">vio(4)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, for every policy we write out, flush the output so we don't get a partially written line.
+ <li>On i386, disable PAE when switching to the hibernate resume pagetables. This makes (un)hibernate work with the new PAE pmap.
+ <li>On i386, enable NX support in the resume path. This makes suspend/resume work with the PAE pmap.
+ <li>On i386, only enable PAE if the CPU we're running on has NX support.
+ <li>Bump i386 MAXDSIZ to 3 GB.
+ <li>Make the Belkin Components F5U109 Serial work at 115200 baud in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/umct.4">umct(4)</a>.
+ <!-- 2015-04-25 -->
+ <li>Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.
+ <li>In the IRR parser of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, ignore case when reading the tokens.
+ <li>We are now following the ABI and always clear cld on function entry, so remove the extra CLD instructions from when that wasn't true.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, only print MIME warnings when warnings are enabled.
+ <li>Repair boot device detection when booting off the second SCSI controller on AV530.
+ <li>Update to perl 5.20.2.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>, fail if a \ appears at EOL of a <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/magic.5">magic(5)</a> file rather than continuing off the end of the buffer.
+ <li>In LibreSSL, don't ignore the reference count in X509_STORE_free.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, explicitly cancel mouse "button" mode. This happens implicitly with some of the other things we send with xterm, but not with urxvt.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/m4.1">m4(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/make.1">make(1)</a>, adda check for overflow while doubling.
+ <li>In LibreSSL, check for invalid leading zeros in CBS_get_asn1_uint64.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, allow rules that match directly on the peer AS. Also adjust the IRR ruleset output to include the declared peer AS instead of hoping they listed their neighbor IP address.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a>, handle an IRR record of "export ... action X" the same way we handle "import ... action X".
+ <!-- 2015-04-24 -->
+ <li>Add a quirk to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/azalia.4">azalia(4)</a> for the Cirrus Logic CS4208 which is needed for MacBookAir6,1.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
+ <ul>
+ <li>Set up the signal handler earlier so that we don't get zombies.
+ <li>Allow choice options (multiple states) to be toggled between states 0 and 1.
+ <li>Set the working directory for run-shell and if-shell.
+ </ul>
+ <li>Enable PAE mode for those CPUs that support it. This allows us to use the NX bit for userland and kernel W^X. Unlike the previous c.2008 PAE experiment, this does not provide &gt; 4GB phys ram on i386 -- PAE is solely being used for NX capability this time. If you need &gt; 4GB phys, use amd64.
+ <li>Make sure we keep the whole recursive mapping of the PDP instead of just the mapping for the first page when tearing things down.
+ <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man1/tip.1">tip(1)</a>: it has been superseded by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cu.1">cu(1)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>:
+ <ul>
+ <li>If ~/.magic exists but can't be used, fail rather than silently falling back to /etc/magic.
+ <li>Do not attempt to use ~/.magic if running as root (or issetugid()).
+ </ul>
+ <li>Add a new implementation of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1">file(1)</a>. This is a simplified, modernised version with a nearly complete <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/magic.5">magic(5)</a> parser but omits some of the complex builtin tests (notably ELF) and has a reduced set of options.
+ <li>Revert r1.7 of src/sys/arch/powerpc/include/atomic.h (implement the MI atomic API for PowerPC). This code triggers an off by one in device_unref().
+ <li>Enable the NX bit and use it in the PAE pmap code. PAE is still disabled while we're chasing at least one remaining bug.
+ <li>Fix a segfault in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/user.8">user(8)</a>.
+ <!-- 2015-04-23 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-agent.1">ssh-agent(1)</a>, add the -D option to leave ssh-agent in foreground without enabling debug mode (bz#2381).
+ <li>Use "softintr_pic0" instead of "softintr_fakepic" when faking a struct device so there is enough space in the buffer for a NUL and the unit is included in the string.
+ <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-askpass.1">ssh-askpass(1)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/xlock.1">xlock(1)</a>, don't read past the end of an array.
+ <li>Fix a crash in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>: we cannot log errors with server_close() before allocating clt_log evbuffer.
+ <li>Fix a 13 year old typo that should be responsible for the unhappiness of UVM on PowerPC architectures.
+ <li>Replace the use of struct ifqueue in pipex with mbuf_queues.
+ <!-- 2015-04-22 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>, check for and reject missing arguments for VersionAddendum and ForceCommand (bz#2281)
+ <li>Implement the MI atomic API for PowerPC to avoid using gcc builtins that include extra sync operations.
+ <!-- 2015-04-21 -->
+ <li>Unknown certificate extensions are non-fatal in ssh, so don't fatal when they are encountered (bz#2387).
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
+ <ul>
+ <li>Fix moving windows to nonexistent indexes when renumber-windows is off.
+ <li>Do not die on USR1 if any of the socket parent directories are missing.
+ <li>Always format real layout even when zoomed.
+ <li>Look up indexes as number before name. This makes more sense if windows are named starting with numbers.
+ </ul>
+ <li>Remove an extra lcr3 that snuck into pmap_switch, responsible for various reaper panics.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/rtadvd.8">rtadvd(8)</a>, don't let rltime exceed 9000 seconds, per RFC 4861.
+ <li>Avoid a use after free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
+ <ul>
+ <li>Pass mouse events through to commands for if-shell.
+ <li>Pass mouse events triggering a drag on to the application inside the pane.
+ <li>Bind mouse dragging so that it is passed through to applications if they want it.
+ </ul>
+ <li>Revert r1.182 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators) again. Incoherent architectures aren't having much fun with it.
+ <!-- 2015-04-20 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ntpd.8">ntpd(8)</a>, fix a memory leak if tls_read() fails.
+ <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>.
+ <li>Rework sgi mutexes to use the owner pointer as the lock (similar to r1.14 of src/sys/arch/alpha/alpha/mutex.c).
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add support for multiple key tables to commands to be bound to sequences of keys.
+ <li>In the installer, fix asking for list of http servers via "?". This should fix scanning for wireless networks too.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, avoid out-of-bounds read access. This sometimes prevented proper warnings about text nodes preceding the first section header.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, make jump-to-backward/jump-to-forward repeatable withjump-reverse/jump-again.
+ <li>Remove a typo introduced in r1.185 of src/sys/net/route.c. Because of this typo, a local route was <em>always</em> created.
+ <li>Do not treat loopback interfaces as p2p interfaces and create only one route to ::1.
+ <li>Always call <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/rt_ifa_dellocal.9">rt_ifa_dellocal(9)</a> when removing an IPv6 address.
+ <!-- 2015-04-19 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ping6.8">ping6(8)</a>, add a mac to the timestamp payload and calculate it with siphash (r1.119 and r1.121 from src/sbin/ping/ping.c).
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ping.8">ping(8)</a>, fold the icmp seq number into the mac.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>:
+ <ul>
+ <li>Support setting the default window and pane background colours.
+ <li>Rewrite of tmux mouse support which was a mess.
+ <li>Honour renumber-windows when unlinking a window.
+ </ul>
+ <li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in smtpd handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>.
+ <li>Fix incorrect logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8">smtpd(8)</a> that could lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash.
+ <li>Add support for x2apic mode. This is currently only enabled on hypervisors.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, if an explicit line break request (.br or .sp) occurs within an .HP block, the next line doesn't hang, but is simply indented.
+ <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/apropos.1">apropos(1)</a> finds no match, print "nothing appropriate" to stderr similar to what the old apropos did.
+ <li>Update to sqlite3 3.8.9.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ping.8">ping(8)</a>:
+ <ul>
+ <li>Add a mac to the timestamp payload and calculate it with siphash.
+ <li>By default fill the ping payload with a chacha stream instead of an unvarying payload. By aggressively varying the payload we hope to generate more opportunities for dodgy network equipment to show errors.
+ </ul>
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/xhci.4">xhci(4)</a>, do not truncate possible remaining transfer length.
+ <li>Remove emulation of OSS audio ioctls from Linux emulation.
+ <li>Implement binary code patching on i386.
+ <!-- 2015-04-18 -->
+ <li>Enable th REG_READ ioctl.
+ <li>Don't lock the file for "vi -R" or "view".
+ <li>Work around what appear to be CPUID lies about the monitor-line size. This makes the mwait-based idle loop actually work.
+ <li>Convert many atoi() calls to strtonum() in userland, adding range checks and failure handling along the way.
+ <li>Remove kdriver/wscons code from <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/Xserver.1">Xserver(1)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1">systat(1)</a> avoid calling freeifaddrs() uninitialised pointer in an error path.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, strictly accept CRLF for newlines.
+ <!-- 2015-04-17 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/install.1">install(1)</a>, use futimens() to preserve timestamps with subsec precision.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pf.4">pf(4)</a>, do not include padding of Ethernet packets in reassembled fragmented packets.
+ <li>In ssh, don't try to cleanup NULL KEX proposals in kex_prop_free().
+ <li>Change alpha mutexes so they record which cpu owns the lock rather than just if the lock is held or not.
+ <li>Remove the unsupported SADB_X_IDENTTYPE_CONNECTION, unused ipsp_parse_headers, and stubs and support code for NIC-enabled IPsec.
+ <li>Fix a crash in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bgpctl.8">bgpctl(8)</a> "network bulk" command.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ualea.4">ualea(4)</a>, crank the timeout and decrease the buffer size to not end up dropping all the entropy provided by the device. Also make sure we match the right endpoint.
+ <!-- 2015-04-16 -->
+ <li>Tweaks in utimensat/futimens handling:
+ <ul>
+ <li>Always update ctime, even when both atime and mtime are UTIME_OMIT (at least for ufs, tmpfs, and ext2fs).
+ <li>Correctly handle a timestamp of -1.
+ </ul>
+ <li>Don't call record_login() in monitor when UseLogin is enabled (bz#378).
+ <li>Add some missing options to sshd -T and fix the output of VersionAddendum HostCertificate (bz#2346).
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, restore the page headers and page footers in the HTML output.
+ <li>Remove unfinished and unused support for socket-attached ipsec-policies.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>, expand the %a, %c, %m and %v sequences in PKG_PATH.
+ <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ualea.4">ualea(4)</a> to support the Araneus Alea II TRNG.
+ <!-- 2015-04-15 -->
+ <li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8">sshd(8)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, fix some issues in bright colour handling.
+ <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/tls_close.3">tls_close(3)</a> more robust.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, fix setting old-style window -fg/-bg/-attr options that aren't global.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/tun.4">tun(4)</a>, fix a typo introduced in the niq_enqueue() conversion. This should fix a panic reported by many.
+ <li>Import libepoxy 1.2, a library for handling gl/glx/egl function pointer management. This is needed by glamor egl in the xserver which is in turn needed to get acceleration with some hardware on xf86-video-ati.
+ <!-- 2015-04-14 -->
+ <li>Update to xf86-video-ati 7.5.0.
+ <li>Make ipsp_address thread safe.
+ <li>Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/uchcom.4">uchcom(4)</a>, make sure we close the interrupt pipe when the device is detached.
+ <!-- 2015-04-13 -->
+ <li>Initialize RX/TX on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/re.4">re(4)</a> slightly later. It appears that newer chips don't set up DMA correctly until more configuration has been done -- enabling RX too soon causes DMA to bad places.
+ <li>Perform IPsec bypass check on a socket before performing TDB lookups.
+ <!-- 2015-04-12 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sed.1">sed(1)</a>, correct a multiplication idiom during xreallocarray() and avoid an integer overflow.
+ <li>In ssh, deprecate the ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message.
+ <li>Prevent use after free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mg.1">mg(1)</a>.
+ <li>Let nl_langinfo(CODESET) return "US-ASCII" as the name of the character codeset for the POSIX/C default locale. This is the preferred IANA name and also used by FreeBSD.
+ <li>Update to xf86-video-intel 2.99.916. This fixes a display bug. Newer X.Org (2.99.917 or master) versions cause corruption on older machines (X40, i965), probably caused by a bug in our kernel. This is under investigation by kettenis@.
+ <li>Bring PAE code back to life on i386. More specifically, bring the PAE pmap on i386 closer to the current non-PAE pmap. This allows us to take a big next step toward better i386 W^X in the kernel (similar to what we did a few months ago on amd64). Unlike the original PAE pmap, this diff will not be supporting more than 4 GB physical memory on i386 -- this effort is specifically geared toward providing W^X (via NX) only. There still seems to be a bug removing certain pmap entries when PAE is enabled, so PAE mode is left disabled for the moment.
+ <li>Switch example NSD config to splitting master and slave zones into different subdirectories and create these in mtree.
+ <li>Disable the pool garbage collector. There are reports of strange lockups on various multiprocessor architectures and this is the only interesting diff in the window.
+ <!-- 2015-04-11 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4">softraid(4)</a>, directly handle ioctls issued to a SCSI device associated with a softraid volume, ignoring any device name specified in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bio.4">bio(4)</a> ioctl struct. Amongst other things, this makes bioctl -d now work with DUIDs.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4">softraid(4)</a>, re-enable the RAID 5 discipline and add support for restarting rebuilds on it.
+ <li>Remove OPENSSL_issetugid() from LibreSSL. By default on systems lacking true issetugid(), OPENSSL_issetugid() returns 0, falsely indicating safety. This means OPENSSL_issetugid() fails to make any sort of promise about safety, in fact it is just the opposite.
+ <li>Update to xf86-input-synaptics 1.8.2.
+ <li>Remove all getenv() calls in LibreSSL, especially those wrapped by issetugid(). getenv()'s wrapped by issetugid() are safe, but issetugid() is difficult to implement on many operating systems.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, always check the return value of proc_composev_imsg() and handle failures appropriately. Otherwise imsg construction can silently fail, resulting in non-obvious problems.
+ <!-- 2015-04-10 -->
+ <li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/vi.1">vi(1)</a> use <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/resizeterm.3">resizeterm(3)</a> instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
+ <li>Replace the use of ifqueues for most input queues serviced by netisr with niqueues.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ehci.4">ehci(4)</a>, implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this let people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
+ <li>Add support for CRC-enabled elantech v3 touchpads to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pms.4">pms(4)</a>.
+ <!-- 2015-04-09 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh.1">ssh(1)</a>, don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/vlan.4">vlan(4)</a>, don't inherit the parent interface's hardmtu as the vlan interface's mtu when it gets set up. Instead, allow the vlan interface's mtu to be raised to the parent's hardmtu in SIOCSIFMTU handling.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/zmore.1">zmore(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/zless.1">zless(1)</a>, accept options starting with "+".
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/whois.1">whois(1)</a>, improve the lookup of gTLDs.
+ <li>Make the sparc64 pmap (more) mpsafe by protecting both the pmap itself and the pv lists with a mutex.
+ <li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pf.4">pf(4)</a>.
+ <!-- 2015-04-08 -->
+ <li>Fix a regression on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/re.4">re(4)</a> chips that have 7k jumbo support.
+ <li>Move vmap back to kernel_map/uvm_km_valloc as it's allowed to fail. This should fix the Dell 2950 when it gets stuck during boot.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/socppc/tsec.4">tsec(4)</a>, prevent the watchdog from firing when no cable is plugged in but the interface is brought up.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/iwn.4">iwn(4)</a>, don't leak the chip's hardware address during scans when a randomized address is set by the user.
+ <!-- 2015-04-07 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>, when replacing, don't free the old paste until after the new one's name has been copied. This fixes a use-after-free in window-copy.c.
+ <li>Introduce a garbage collector for (very) idle pool pages.
+ <!-- 2015-04-06 -->
+ <li>Remove the obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man3/timezone.3">timezone(3)</a> function.
+ <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/pthread_atfork.3">pthread_atfork(3)</a> track the DSO that called it like <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/atexit.3">atexit(3)</a> does, unregistering callbacks if the DSO is unloaded. Move the callback handling from libpthread to libc, though libpthread still overrides the inner call to handle locking and thread-library reinitialization.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, do not mistreat empty arguments to font alternating macros as vertical spacing requests.
+ <li>Remove DES support from <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/crypt.3">crypt(3)</a>.
+ <li>Add support for an efi-app-x86_64 target to binutils. This is needed for UEFI bootloader work.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, use the default width for .RS without arguments. This reduces groff-mandoc differences in base and Xenocara by about 4%.
+ <li>Update to xcb-util 0.4.0, xcb-util-image 0.4.0, xcb-util-keysyms 0.4.0, libXxf86vm 1.1.4, libXvMC 1.0.9, libXdmcp 1.1.2 and libX11 1.6.3.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_info.1">pkg_info(1)</a>, check that the info of distant packages is signed.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>,
+ mark installed locations as "trusted" so that pkg_info does not check sigs
+ on them.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/realloc.3">realloc(3)</a>, when expanding a region, actually use the free page cache instead of simply zapping it. This can save many syscalls in a program that repeatedly grows and shrinks a buffer.
+ <!-- 2015-04-05 -->
+ <li>Work-in-progress support for non-accelerated X11 on <em>some</em> <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/sti.4">sti(4)</a> frame buffers; based upon the old HP ngle X11 driver. Currently limited to CRX (720/735/750), Timber (710, old 715), Artist (712, 715) and EG (B-series). However, the colormap isn't set up correctly on Timber and EG yet.
+ <li>Various improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a>:
+ <ul>
+ <li>Do not permute command line arguments, but still support the obsolescent "-o outfile" after input files syntax.
+ <li>The -b flag should only apply when key fields are specified. If -b follows -k it has no effect.
+ <li>For the -g flag, treat non-floating point keys as 0, similar to -n. This makes "sort -gu" and "sort -nu" behave similarly and passes our sort regress tests.
+ </ul>
+ <!-- 2015-04-04 -->
+ <li>Update to sqlite3 3.8.8.3.
+ <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man7/man.7">man(7)</a> section and subsection headers hanging indentation. This reduces groff-mandoc differences in base by about 2.5%.
+ <li>Better implementation of rounding rules in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>.
+ <li>Show the remote labels in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command even if they are not installed in the FIB.
+ <li>Remove lo protection in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>. There's no need to protect the 127/8 network since it is filtered before being sent to lde.
+ <li>Show the full LIB in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpctl.8">ldpctl(8)</a> "show lib" command.
+ <li>Add support for commit ids to "opencvs status".
+ <li>Fix the modified timestamp in the output of "opencvs status".
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves tic(1), sxpm(1) and a few Perl manuals.
+ <li>Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/kauaiata.4">kauaiata(4)</a>.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, fix a quirk with respect to an empty .HP.
+ <!-- 2015-04-03 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/sti.4">sti(4)</a>, fix an unsigned vs signed comparison causing an infinite loop for the WSDISPLAYIO_PUTCMAP ioctl.
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a>:
+ <ul>
+ <li>If -S has been supplied multiple times, only take last one into account.
+ <li>If -c (or -C) has been specified, only perform that action and ignore -o among other arguments.
+ <li>Allow only one input file with the -c and -C flags.
+ </ul>
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/apropos.1">apropos(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/man.1">man(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1">mandoc(1)</a>, don't hardcode /usr/bin/ as the path to more(1).
+ <!-- 2015-04-02 -->
+ <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a>, prevent an integer overflow when parsing the -S argument as percentage. Also make sure that the parsed memory amount won't be larger than SIZE_MAX to properly support 32-bit systems.
+ <li>Change gcc and ld semantics to make static PIE the default when invoking "cc -static".
+ <!-- 2015-04-01 -->
+ <li>Many improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a>, including:
+ <ul>
+ <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/strtonum.3">strtonum(3)</a> to parse the argument to --batch-size.
+ <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/mkstemp.3">mkstemp(3)</a> to generate a new temporary file name.
+ <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/reallocarray.3">reallocarray(3)</a> where appropriate.
+ <li>Prevent a tiny signal race by blocking signals when inserting into the tmp_files list.
+ <li>Check for overflow when handling buffer size suffixes.
+ </ul>
+ <li>Run most of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/sparc64/vnet.4">vnet(4)</a> interrupt handler without holding the kernel lock.
  <!-- 2015-03-31 -->
  <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>, zero the tls cert/key length variables when inheriting a server configuration for multiple listen statements in a server block. Otherwise httpd(8) will crash when a listen statement with tls is followed by a listen statement without tls.
  <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh.1">ssh(1)</a> from warning about SSH1 keys present when compiled without SSH1 support. Also identify SSH1 keys when scanning, even when compiled without SSH1 support.
-Line 138
+Line 433
 Line 138
 Line 433
  <!-- 2015-03-24 -->
  <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man1/ssh.1">ssh(1)</a>.
  <li>Work around broken device-tree in PowerMac7,2 and PowerMac7,3 (K2 systems) and get the correct offsets from the "i2s" node.
- <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man4/lmc.4">lmc(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man4/san.4">san(4)</a>.
+ <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man4/lmc.4">lmc(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man4/san.4">san(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man8/lmccontrol.8">lmccontrol(8)</a>.
  <li>Use chacha20-poly1305@openssh.com as the default cipher in ssh.
  <!-- 2015-03-23 -->
  <li>Disable SSH protocol 1 in ssh.
-Line 174
+Line 469
 Line 174
 Line 469
  <!-- 2015-03-19 -->
  <li>Fix a memory leak in an error path in LibreSSL (from OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f).
  <li>Fix a small memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a>.
+ <li><font color="#e00000">5.6 and 5.7 SECURITY FIX: several crash causing defects in OpenSSL (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288 and CVE-2015-0289.</font><br>A source code patch is available for <a href="errata56.html#020_openssl">5.6</a> and <a href="errata57.html#003_openssl">5.7</a>.
+ <li><font color="#e00000">5.5 SECURITY FIX: two possible crash causing defects in OpenSSL (CVE-2015-0286 and CVE-2015-0292).</font><br>A source code patch is available for <a href="errata55.html#024_openssl">5.5</a>.
  <li>Fix CVE-2015-0209, CVE-2015-0286, CVE-2015-0287 and CVE-2015-0289 in LibreSSL.
  <li>Deal with half-configured control pipes in dwc2, using the same workaround as in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ehci.4">ehci(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ohci.4">ohci(4)</a>.
  <!-- 2015-03-18 -->
-Line 187
+Line 484
 Line 187
 Line 484
  <!-- 2015-03-17 -->
  <li>Reenable the pa1.1 fallback code for sha256 on hppa.
  <li>"Handle" wccp2 packets if net.inet.gre.wccp is set to 2 by truncating skipping the wccp 2 header.
+ <li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: buffer overflows in libXfont (CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804).</font><br>A source code patch is available for <a href="errata55.html#023_libxfont">5.5</a>, <a href="errata56.html#019_libxfont">5.6</a> and <a href="errata57.html#002_libxfont">5.7</a>.
  <li>Update to libXfont 1.5.1 which contains fixes for CVE-2015-1802, CVE-2015-1803 and CVE-2015-1804.
  <li>Fix swap auto-allocation in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/disklabel.8">disklabel(8)</a> for machines with very little memory.
  <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1">sort(1)</a> with the implementation from FreeBSD.
-Line 253
+Line 551
 Line 253
 Line 551
  <li>Make -DSHORTENED the default in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pkg_add.1">pkg_add(1)</a>.
  <li>Move i386 pvlists to pool backed, and improve the locking using mutexes.
  <!-- 2015-03-08 -->
- <li>Various fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tar.1">tar(1)</a>:
+ <li>Various fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cpio.1">cpio(1)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/pax.1">pax(1)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tar.1">tar(1)</a>:
  <ul>
  <li>Prevent an archive from escaping the current directory by itself.
  <li>For tar without -P, if a path in the archive has any ".." components, then strip everything up to and including the last of them (if it ends in ".." then it becomes ".").