===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1396
retrieving revision 1.1397
diff -u -r1.1396 -r1.1397
--- www/plus.html 2016/08/05 00:26:30 1.1396
+++ www/plus.html 2016/08/05 22:10:20 1.1397
@@ -81,6 +81,90 @@
+
+- Unbreak rsu(4).
+
- In rtwn(4) and urtwn(4), fix byteswap errors. This repairs urtwn(4) on macppc.
+
+
- In mesa, disable the code that allocates W|X memory.
+
- Disable tmpfs.
+
- In rarpd(8), avoid a hang when the receive buffer of a route socket becomes full.
+
- In newfs(8), revert the change to scale the default "density" value to create the same number of inodes.
+
- In bgpd(8), initialize the log subsytem in the SE like it is done in the RDE. This avoids all logging from going to /dev/null.
+
- When closing bpf(4) devices, ensure the minor number becomes free for reuse by the device cloning code. This fixes a panic.
+
- In perl(1), patch CVE-2016-1238.
+
+
- In tcpdump(8), only chroot(2) when run as root.
+
+
- 5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
A source code patch exists which remedies this problem for 5.8 and 5.9.
+ - In the installer, back out the automatic pkg.conf(5) installpath changes.
+
- In dhclient(8), back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers sned frames to the ethernet broadcast address.
+
- In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach.
+
- Disable POOL_DEBUG.
+
- In newfs(8), scale the default "density" value so that on 4K disks the same number of inodes are creates as on DEV_BSIZE devices.
+
- In stty(1), error out if the display and modify mode are combined on the command line. This avoids a pledge(2) violation.
+
- vmm(4/amd64), fix a few CPUID emulation issues.
+
+
- In ssh(1), fix pledge(2) violation with the -f option.
+
- Attach imx(4/armv7) on i.mx6 quad plus.
+
- In dhclient(8), actually DECLINE and delete unused offers.
+
- In fec(4/armv7), fallback to the known IRQ number on imx.6 if the fdt interrupts-extended property is missing or not the size that is expected.
+
- In rtable(4), prevent an infinite recursion when deleting routes inside rtable_walk().
+
- Prevent NULL-pointer call for filesystems that don't provide vfs_sysctl in their vfsops structs.
+
- In relayd(8), fix a crash when the connection is terminated prematurely.
+
- Fix a double rtfree(9) triggered when IPSEC inserts a more specific route because of PMTU.
+
+
- In ssh(1):
+everse the order in which -J/JumpHost proxies are visited to be more intuitive.
+
- In switchd(8), add basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT, no FLOW_MOD yet.
+
- In bgpd(8), don't quit when the local addresses of a peer can't be figured out. Instead bring the session down.
+
- In tcpbench(1), add AF_UNIX support and also make it possible to randomize the write size in the client.
+
- In rtwn(4) and urtwn(4), respect the RTS threshold set by net80211.
+
- In tcpdump(8), silently ignore chroot(2) setup failure, because pledge(2) provides an even better sandbox. This regain -r support.
+
+
- In sshd(8), skip passwords longer than 1024 characters in length, so clients can't easily DoS sshd by sending very long passwords.
+
- Use pledge(2) in switchd(8) and switchctl(8).
+
- In softraid(4), plug potential leak of device list.
+
- In switchd(8), parse and print OpenFlow 1.3 PACKET_IN and OXM (Openflow eXtended Match).
+
- In netstat(1), print the relevant counters to tune the TCP SYN cache.
+
- In iwm(4), disable the beacon filter. This make it possible to keep track of HT protection changes.
+
- In net80211, enable RTS for frames above a particular size. This change allows for reasonable throughput on loaded 11g networks whereas before they were practically unusable.
+
- In switchd(8), update OpenFlow 1.3 stub based on the 1.0 code.
+
- In switchd(8), add the -n flag to check the configuration and exit.
+
- In iwm(4), properly keep track of HT protection changes while associated.
+
- Unbreak ural(4), which had been dropping frames on Tx while the IFF_RUNNING flag was set.
+
- In ehci(4), use for ATI controllers the same workaround as for VIA controllers. This should hopefully help people reporting errors with SB700.
+
- Add the tcp.synhashsize sysctl(8) to make the size for the syn cache hash array tunable.
+
+
- In dhclient(8), narrow the BPF read filter rules so only packets sent to the interface's LLADDR pass. This limits the number of packets that get dropped as a result of dhclient setting BIOCSFILDROP on the bpf descriptor.
+
- Import switch(4), switchd(8) and switchctl(8), a basic work-in-progress OpenFlow implementation (not build by default).
+
- In carp(4), fix the check supposed to prevent "ip" and "ip-stealth" balancing modes from leaking the multicast address.
+
- In sshd_config(5), allow wildcard for PermitOpen hosts as well as ports (bz#2582).
+
- In "rcctl ls", skip all files with a "." in the name, because pkg_add(1) renames files in this way when the checksums don't match.
+
- In netstart(8), unbreak vlan(4) on top of tap(4).
+
+
- In virtio, always allow MSI/MSI-X. This enables MSI-X with qemu's old "82441FX" pci-bridge.
+
- In sxitimer(4/armv7), explicitly stop the timers before reloading them. This fixes a hang on the Olimex A10s boards.
+
- In doas(1), copy the path to the shell from struct passwd to prevent it from being overridden by a getpwuid(3) call. This happens in a double doas call.
+
- In iwm(4):
+
+- Retry Tx of management frames less often.
+
- Fix inverted logic in iwm_tx().
+
- Explicitly set firmware Tx aggregation limit to one (which disables Tx aggregation).
+
+ - In pstat(8), fix VFLAG formatting.
+
- In ssh(1), reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data.
+
- In kdump(1), ktrace(1) and ltrace(1), add "p" trace point for KTRFAC_PLEDGE, and fix handling of -t+ in ltrace(1).
+
+
- Attach sunxi(4/armv7) based on the compatible property of the root node of the device tree.
+
+
- In ssh(1), support UTF-8 characters in ssh banners (bz#2058).
+
- In jot(1), fix a bug causing values to be printed out of bounds if the precision is 0.
+
- In ldpd(8):
+
+- Fix parsing of malformed optional TLVs/Sub-TLVs.
+
- Remove potential overflow when validating message's length.
+
+ - In virtio(4), support MSI-X. This increases performance for interrupt heavy loads.
- In libssl, limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled.
- In ldpd(8):
@@ -103,7 +187,7 @@
- 5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.
A source code patch is available for 5.9.
- Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots.
- Ignore the kern.usermount sysctl(8). It is unsafe, because it allows any non-pledge(2)'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1.
-
- In ip6(4), dDrop received packets with an IPv4-compatible address as source or destination as per RFC4213.
+
- In ip6(4), drop received packets with an IPv4-compatible address as source or destination as per RFC4213.
- In fec(4/armv7), do board-specific delay/skew corrections for the Micrel KSZ9021 and KSZ9031 PHYs based on device tree properties instead of the board ID.
- Prevent a use-after-free by not updating an ARP entry that has been removed from the table.
- In vioblk(4), properly handle poll timeout.
@@ -122,7 +206,7 @@
- In syslogd(8), add support for TLS client certificates in syslogd. This allows the remote server to verify the authenticity of received messages.
- In tmpfs, don't allow mounting with noval owner. It causes a panic later on.
-
- In factor(6), use an integer version of the Newton method instead of using the floating point square root. This fixes a rounding issue.
+
- In factor(6), use an integer version of the Newton method instead of the floating point square root. This fixes a rounding issue.
- In imxesdhc(4/armv7) and fec(4/armv7, use the gpio framework to implement card detect instead of hardcoding particular gpios based on board IDs.
- Hook up imxgpio(4) to the FDT gpio framework.
- Fix path MTU discovery which was slightly broken: it took two ICMP packets to create and change the dynamic route.