===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1348
retrieving revision 1.1349
diff -u -r1.1348 -r1.1349
--- www/plus.html 2014/07/24 09:28:13 1.1348
+++ www/plus.html 2014/08/04 11:52:20 1.1349
@@ -74,6 +74,107 @@
+
+- Fixed ssl(8) so RSA, DH, and ECDH temporary key callbacks are correctly passed the number of keybits for the key.
+
- Made pkg_add(1) log libraries in a proper way.
+
- Stopped mandoc(1) assuming that a non-breaking space character has width 0.
+
+
- Fixed hangs during suspend when stopping secondary cpu.
+
- Reverted "adjust -C algorithm" from apmd(8/amd64), which broke suspend/resume on some machines.
+
- Fixed (very hard to reach) DoS attack vector against dhcpd(8).
+
+
- Differentiate httpd(8) servers by address and port, not just by address.
+
- Use a URL in the Location header of httpd(8) 3xx responses.
+
- Append mandatory Date header to each httpd(8) response.
+
- In httpd(8), canonicalise the request path once without the docroot; prepend the docroot only only when it's needed.
+
- Prevent ssh-agent(1) keys remaining in memory after they have been expired or deleted.
+
- Stopped httpd(8) leaking the docroot in the error message if the default index file is missing.
+
- Fixed httpd(8) address matching of multiple server blocks with non-virtual hosts.
+
- Added support to httpd(8) for "virtual hosts" (aka. server blocks).
+
- Added "root" configuration option to httpd.conf(5).
+
+
- Sped up boot sequence by deferring scan of xt keyboard code set by pckbd(4).
+
- Made man.cgi(8) sort result pages first by section number, then by name.
+
- Provide eeprom(8) on the sparc installation media.
+
- Build machinery added to build eeprom(8) for the installation media on relevant arches.
+
- Unbreak route(4) flush: skip local (RTF_LOCAL) routes when flushing.
+
- Reverted ssp-strong from gcc(1) on arm, which exposed too many bugs in ports(7).
+
- Plugged httpd(8) memleak, to free the HTTP descriptor containing all the headers etc. of a connection.
+
- Provided a dropdown entry "All Architectures" to man.cgi(8) and made it the default.
+
+
- When httpd(8) is canonicalising the path, fail on truncation.
+
- Made httpd(8) redirect with 301 if a directory name was requested without the trailing slash.
+
- First attempt at having httpd(8) verify request path and access permissions.
+
- In getaddrinfo_async(3) and similar, made queries fail when the hostname param is an empty string.
+
- In ssl(8) level_add_node(), do not free objects on cleanup which are still being referenced by other objects.
+
- Made sure ssl(3) PEM_def_callback() correctly handles negative buffer sizes.
+
- Removed lynx from the base system (available in packages(7) instead).
+
- Mandoc(1) security fix: after decoding numeric or one-character escape sequences, HTML-encode resulting character.
+
- Correctly shutdown the servers when the httpd(8) process is terminating. Prevents a crash on exit.
+
- On octeon, correctly drain and destroy the bufq upon detach.
+
+
- Adjusted apmd(8) -C algorithm to be more aggressive in scaling up cpu speed.
+
- Reverted recent "memory poison" commit until after release (triggering too many use-after-free bugs).
+
- man.cgi(8) security fixes, to prevent XSS attacks.
+
- In ssl(8) DES_random_key(), force the generated key to the correct parity; use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers.
+
- Enable httpd(8) in the builds for more testing (not finished but can serve static files).
+
- Added initial httpd.conf(5) example for httpd(8).
+
+
- Added the X(7) "aperture needed" test to vgafb(4), to match vga@pci.
+
- Corrected the initialiser for tunnconf_default_pptp in npppd(8).
+
- Reduced amount of messages from key_load_private_pem during ssh(1) hostbased auth.
+
- Made mandoc(1) preserve manpath and arch in .Xr links.
+
- Reverted tmux(1) up/down wheel emulation.
+
- Stopped the installer setting (obsolete) sysctl(8) net.inet6.ip6.accept_rtadv and net.inet6.icmp6.rediraccept.
+
- Made man.cgi(8) match RFC 2616, so the "Location: response-header" field is an absolute URI.
+
- Dropped explicit tmux(1) support for F13-F20; match the xterm(1) terminfo(5) entry.
+
+
- Stopped kprintf in gcc(1) accepting the $ flags (as printf(9) doesn't support them).
+
- When amd64/i386/loongson hibernate, look up correct device when using softraid(4).
+
- Updated to pixman 0.32.6
+
- Support hibernating to softraid(4) crypto volumes on amd64/i386/loongson.
+
- Fix tcpdump(8) display of logical link control data in IEEE802 frames.
+
- acpi(4) now ignores region marked as "Preserve" if all bits will be modified. Fixes hang on some Sony and Asus laptops.
+
- Always allocate bwi(4) ring descriptors below the 1GB boundary. Fixes "intr fatal TX/RX" errors.
+
- On bwi(4), make bwi_dma_mbuf_create() use the correct loop counter in error case.
+
- Load bwi(4) firmware once, not every time the interface is brought up. Fixes a panic.
+
- Fixed array overflow in telnet(1) command line handling
+
- When spamd(8) is started by rc.d(8): no longer start in background mode; return from rc_start() if spamd(8) failed to start; execute spamd-setup(8) without explicitly waiting for spamd(8).
+
- Fixed auto-upgradable file detection by sysmerge(8).
+
+
- Aligned telnet(1) with the manpage by making the "-a" use getlogin(2); ignore value if it returns a nonexistent user.
+
- Flensed the telnet(1) code base of support for ancient protocols and systems.
+
- On loongson, fixed Lemote reboot issue and usb(4) problems on Gdium models.
+
- mandoc(1) security fixes: validate name of file before opening; only allow relative filenames starting with "man" or "cat" and not containing "/.." or "../"; validate the manpath up front, report a Bad Request if it is not listed in manpath.conf; in case of configuration errors, only report "Internal Server Error".
+
+
- Fixed strtonum(3) range, to unbreak "-pass fd:0" in ssl(8).
+
- Cleaned up portable arc4random(3) fork detection code; let it take advantage of systems with healthy getentropy(2).
+
- Stopped man.cgi(8) using the HTTP_HOST CGI variable (made HTTP redirect Location: relative). Reduces attack surface.
+
- Removed dev/log AF_UNIX sockets from various chroot(2) spaces, since syslog(3) messages are now sent via sendsyslog(2).
+
- Fixed pkg_add(1) sorted output.
+
- When mandoc(1) MAN_DIR or manpath.conf do not exist or are empty, exit(3) in a controlled way.
+
- Fixed privilege separation in npppd(8).
+
- In bnx(4), implemented EFBIG handling for heavily fragmented packets on the tx path.
+
+
- In dump(8), allow files-to-dump to be a duid.
+
- On sgi, optimised use of external L2 cache handling on the few Indy/Indigo2 systems which have it.
+
- Unbroke rc.d(8) script for smapd(8) after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
+
- Zero out the random buffer for sysctl(3) and the entropy buffer.
+
- Made sure the biglock is held on i386 when running interrupt handlers (which rely on it).
+
- Reflect stdio-forward ("ssh -W host:port ...") failures in ssh(1) exit status (bz#2255).
+
- In x509_vfy.c, free sktmp when it's no longer needed. Fixes many memory leaks in ssl(3).
+
+
- Added mpbios(4) to RAMDISK_CD on i386/amd64, so bsd.mp is selected when installing to Soekris net6501.
+
- Implemented file descriptor accounting in httpd(8) for single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests.
+
+
- Added sshd(8) support for unix domain socket forwarding.
+
+
- Updated to xf86-video-neomagic 1.2.8.
+
- Enable ext2fs support on RAMDISK_CD.
+
- Converted ftp(1) to libressl.
+
- Removed securelevel(7) variable from rc(8).
+
- powerdown=YES removed from reboot(8).
+
- Updated to xterm(1) version 309.
- Fixed timeouts in relayd(8) when one connection is spliced and one non-spliced.
- Added configuration handling for certificate and key files to libressl.
@@ -1157,8 +1258,6 @@