===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1345
retrieving revision 1.1346
diff -u -r1.1345 -r1.1346
--- www/plus.html 2014/06/25 09:26:44 1.1345
+++ www/plus.html 2014/07/05 08:59:02 1.1346
@@ -75,6 +75,37 @@
+
+- Major cleanup in roff(7) .de parsing routine, to correctly handle names terminated by escape sequences.
+
+
- Fixed loading of private keys by ssh(1).
+
- Move to a smaller rbytes buffer and skip a random part in malloc(3), to introduce noise in the arc4random(3) calling pattern.
+
- Fixed remote forwarding in sshd(8) with same listen port but different listen address.
+
- Avoid buffer overflow when there are too many boot arguments, and on reaching maximum line length.
+
+
- Do not redirect STDERR of security(8) to /dev/null, so errors in the security(8) script are seen.
+
- Fully remove relevant carp(4) addresses when IFXF_NOINET6 is set or when the rdomain is changed.
+
+
- Workaround compatibility problems between Intel ahci(4) and Intel SSDs, by retrying device detection.
+
- pfctl(8) now disallows translation rules containing addresses of { inet(4) inet6(4) } when the rule doesn't specify one.
+
- When the nsd(8) daemon is launched via rc.d(8), use a correct exit code (per rc.subr(8)).
+
+
- Improved messages with roff(7) ".so": show the filename argument that was passed; on failure, report the file/line number.
+
- If an ssl(8) chacha operation does not consume all of the generated key stream, save it for subsequent writes.
+
- Made TCP_NODELAY work in ssl(8).
+
+
- Removed the noaccesstime synonym for noatime in mount(8).
+
- When scp(1) is copying local to remote and it fails during read, don't send uninitialised heap to the remote end.
+
- Don't fatal() ssh(1) when hostname canonicalisation fails with a ProxyCommand in use.
+
- New ssh(1) key API: refactored key-related functions to be more library-like (existing API now a set of wrappers).
+
- Fixed bug in ssh(1) KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format.
+
- Made gcc(1) version 4 emit warning when it is ignoring alignment constraints.
+
- Fixed possible crash on encountering invalid msdosfs filesystems.
+
- Disabled IPv6 on interfaces by default (a link-local address is no longer assigned by default).
+
- Use bus_space(9) on acpi(4) SystemMemory, to correctly access memory mapped registers.
+
- Made "ifconfig(8) inet6 eui64" reset the NOINET6 flag (unconditionally), to ensure link-local address is assigned.
+
- Allow tmux(1) keys and send-keys to send to invisible panes.
+
- Fixed tmux(1) so it counts mouse clicks correctly.
- Stopped building procfs on i386.
- In ssl(8) BIO_get_port(), only accept valid port numbers.
@@ -916,8 +947,5 @@