===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1314
retrieving revision 1.1315
diff -u -r1.1314 -r1.1315
--- www/plus.html 2013/11/30 00:22:38 1.1314
+++ www/plus.html 2013/12/09 00:56:07 1.1315
@@ -75,6 +75,62 @@
+
+- Corrected ssh(1) bzero of chacha20+poly1305 key context (bz#2177).
+
- Made ssh(1) key_to_blob() return a NULL blob on failure (part of bz#2175).
+
- Fixed use-after-free in ssh(1) ssh-pkcs11-helper.c (bz#2175).
+
- Switched mvme68k to the MI zs(4/mvme68k) driver.
+
- More robust parsing of the DHCP lease file for autoinstall.
+
- Updated to pixman 0.32.4.
+
- Fixed intel(4) write-read race with multiple rings.
+
- Brightness quirk for Acer Aspire 4736Z added to intel(4)
+
- Prevent "bogus xmit rate %d setup" panics in wireless IBSS mode.
+
- Made ifconfig(8) scan show the nwid, channel, and bssid for IBSS networks (not just access points).
+
+
- Allow the autoinstaller to pass a public ssh(1) key for inclusion in the user's .ssh/authorized_keys.
+
- Fixed nsd(8) bug#534: IXFR query loop over UDP for zones that are unchanged, to stop query flood from the slave.
+
- Use arc4random(3) instead of srand(3) and rand(3) in kerberos(8).
+
- Restore radeon(4) frame buffer upon last close; makes sure we we have a usable console after exiting X(7).
+
- Do not send the smtpd(8) holdq release message if no envelope was held for a relay.
+
- Do not hard-code smtpd(8) scheduler batch size; reduced default limit to avoid hammering effects.
+
+
- Reverted sys/net/bpf.c back to r1.85, as panics are still being reported.
+
- For pthread_main_np(3), use a new flag, THREAD_ORIGINAL, to indicate the original thread for this process. Fixes some ConsoleKit failures.
+
+
- Made the installer's ask_which bail out on a missing response in the autoinstall case rather than looping endlessly.
+
- Re-enabled radeon(4) RADEON_INFO_VA_START and RADEON_INFO_IB_VM_MAX_SIZE.
+
- Mark replaced iked(8) flows as "not loaded".
+
- Don't let iked(8) leak duplicate flows.
+
- iked(8) now drops duplicate requests, to avoid corrupt child-SA tables.
+
- Made iked(8) discard & free duplicate IKESAs; made sure new SAs are not created that cannot be inserted in the SA tree.
+
- Include hexdump in iked(8) debug output only for -vvv.
+
- Support raw pubkey authentication w/o x509 certificates in iked(8).
+
- When wpi(4) has a fatal firmware error, reset the chip, reload the firmware and bring the interface up again.
+
- Limit the number of envelopes to recall in the smtpd(8) hoststat cache.
+
- Removed some double frees in fuse(4).
+
- Fixed smtpd(8) loading of passphrase-protected keys.
+
- Allow subdomain matching in smtpd(8) mailaddr table(5).
+
- Changed the way multicast(4) addresses are linked to an interface.
+
+
- Now the auto installer supports both install and upgrade, use "non-interactive mode" instead of installation.
+
- Fixed a more(1) read loop, subtly broken on big-endian machines for some time.
+
- Like "gap", made cwm(1) "snapdist" per-screen.
+
- Let cwm(1) deal with clients that don't have WM_NORMAL_HINTS.
+
- Removed cwmrc(5) option to bind a key by keycode with brackets, which never worked. Users should be using keysym names not keycodes.
+
+
- Made timeout_add(9) return whether the timeout(9) was scheduled in this call (by returning 1), or a previous call (by returning 0).
+
- Grow nfsd(8) request cache for the server side from 64 to 2048 entries. Avoids "file already exists" errors.
+
- Fixed a possible double-free/NULL dereference in vi(1) msg_print.
+
- Updated nsd(8) to version 4.0.0; use nsd-control to signal; generate keys for nsd-control if they don't exist.
+
- Copy some entries from Apache's httpd(8) mime.types file to the one used by nginx(8).
+
+
- Only set the IFF_ALLMULTI flag if there is at least one real multicast(4) address.
+
- Added some logic to the autoinstaller, to select an interface for the initial dhcp request.
+
- Allow autoinstall/upgrade even when not netbooted.
+
- Reworked install.sub _autorespond(): better line parsing; treat empty/missing/multiple answers as an error and exit; ensure $RESPONSEFILE exists.
+
- Vax can now compress/decompress .xz files.
+
- Many utilities adjusted to use u_char for buffers in "yylex for ctype" calls.
+
- Stopped netstat(1) -Ar leaking kernel pointers to unprivileged users.
- Disable %n in printf(9), to avoid making any format-string vulnerabilities exploitable.
- Reworked pmap(9) on vax to allow the kernel to use much less memory for page tables.
@@ -815,7 +871,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.1314 2013/11/30 00:22:38 brett Exp $
+
$OpenBSD: plus.html,v 1.1315 2013/12/09 00:56:07 brett Exp $