===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus35.html,v
retrieving revision 1.56
retrieving revision 1.57
diff -c -r1.56 -r1.57
*** www/plus35.html 2019/05/27 22:55:23 1.56
--- www/plus35.html 2019/06/01 23:12:50 1.57
***************
*** 125,131 ****
Fix ssl(3) rmd160 breakage on sparc64.
Teach tcpdump(8) how to display the new pfsync(4) bulk updates.
Make pfsync(4) stop carp(4) preempting to become master until the bulk state table sync has completed.
! Support best-efforts bulk transfers of states when a pfsync(4) syncif is first configured. This allows pfsync+carp clusters to come up gracefully without killing active connections.
Have rc(8) stop carp(4) interfaces on system shutdown.
Add pass rules for the pfsync and carp protocols to the default pf(4) rulebase installed by /etc/rc(8).
Make sure pfsync(4) interfaces are initialised before carp(4) interfaces in /etc/netstart(8).
--- 125,131 ----
Fix ssl(3) rmd160 breakage on sparc64.
Teach tcpdump(8) how to display the new pfsync(4) bulk updates.
Make pfsync(4) stop carp(4) preempting to become master until the bulk state table sync has completed.
! Support best-efforts bulk transfers of states when a pfsync(4) syncif is first configured. This allows pfsync+carp clusters to come up gracefully without killing active connections.
Have rc(8) stop carp(4) interfaces on system shutdown.
Add pass rules for the pfsync and carp protocols to the default pf(4) rulebase installed by /etc/rc(8).
Make sure pfsync(4) interfaces are initialised before carp(4) interfaces in /etc/netstart(8).
***************
*** 148,154 ****
More mpt(4) fixes, more to come.
When initialising the new state in pf(4) DIOCADDSTATE, point to the default rule instead of NULL.
! Merge parts of XFree86 4.4.0 Release not affected by the new license.
Allow a carp(4) device's state to be set explicitly with ifconfig(8).
Set permissions on the right files for the @owner, @group and @mode directives in pkg_add(1) when -B is in effect.
For wi(4) devices with Prism firmware version 1.6.3 or later, support an enhanced security mode for a hostap where the SSID can be hidden from snoopers.
--- 148,154 ----
More mpt(4) fixes, more to come.
When initialising the new state in pf(4) DIOCADDSTATE, point to the default rule instead of NULL.
! Merge parts of XFree86 4.4.0 Release not affected by the new license.
Allow a carp(4) device's state to be set explicitly with ifconfig(8).
Set permissions on the right files for the @owner, @group and @mode directives in pkg_add(1) when -B is in effect.
For wi(4) devices with Prism firmware version 1.6.3 or later, support an enhanced security mode for a hostap where the SSID can be hidden from snoopers.
***************
*** 467,473 ****
New driver, bce(4), for Broadcom 4401 10/100Mbps Ethernet devices.
Drop the osigaltstack() compatibility system call.
! Import and merge XFree86-current of 2004/02/13, minus files with the new XFree86 License which contains text developed by The XFree86 Project, Inc (http://www.xfree86.org/) and its contributors.
Make sure all pf(4) anchors get updated after an anchor is removed.
Better signal handling and other cleanup in pflogd(8).
Print textual service and protocol names properly in tcpdump(8) even when -n is specified.
--- 467,473 ----
New driver, bce(4), for Broadcom 4401 10/100Mbps Ethernet devices.
Drop the osigaltstack() compatibility system call.
! Import and merge XFree86-current of 2004/02/13, minus files with the new XFree86 License which contains text developed by The XFree86 Project, Inc (http://www.xfree86.org/) and its contributors.
Make sure all pf(4) anchors get updated after an anchor is removed.
Better signal handling and other cleanup in pflogd(8).
Print textual service and protocol names properly in tcpdump(8) even when -n is specified.
***************
*** 699,705 ****
Add dynamic bufq support to wd(4). Doesn't do very much for now.
In kernel main(), initialise timeouts much earlier.
! New spamd(8) configuration method, based around OpenBSD mirrors of common spammer lists.
Cleanup and fix tcpdump(8) pfsync protocol output.
Initialise the sftp(1) input file in main() rather than statically.
Some strncpy(3) -> strlcpy(3) in libpcap
--- 699,705 ----
Add dynamic bufq support to wd(4). Doesn't do very much for now.
In kernel main(), initialise timeouts much earlier.
! New spamd(8) configuration method, based around OpenBSD mirrors of common spammer lists.
Cleanup and fix tcpdump(8) pfsync protocol output.
Initialise the sftp(1) input file in main() rather than statically.
Some strncpy(3) -> strlcpy(3) in libpcap
***************
*** 1028,1034 ****
Don't accept absolute pathnames for module names in cvs(1). From CVS 1.11.10.
Cleanup and POSIXness for join(1). From FreeBSD.
! More POSIX type definitions (rlim_t now unsigned, RLIM_SAVED_{CUR,MAX} defined, id_t defined).
Kill annoying pf(4) assertion failure messages, and correct the underlying problem with NAT and table stats (PR#3587).
Fix sis(4) short cable problems properly. From Linux and the datasheets, via FreeBSD.
--- 1028,1034 ----
Don't accept absolute pathnames for module names in cvs(1). From CVS 1.11.10.
Cleanup and POSIXness for join(1). From FreeBSD.
! More POSIX type definitions (rlim_t now unsigned, RLIM_SAVED_{CUR,MAX} defined, id_t defined).
Kill annoying pf(4) assertion failure messages, and correct the underlying problem with NAT and table stats (PR#3587).
Fix sis(4) short cable problems properly. From Linux and the datasheets, via FreeBSD.
***************
*** 1439,1445 ****
Really really give xfs a poll(2) backend.
Fix a badly broken gcc(1) optimization when calculating structure offsets under certain conditions. See the commit log for details.
Unbreak lge(4) compile.
! Update timezone info files to tzcode2003c.
Stop em(4) stripping 802.1q headers from packets in a bridge(4).
Add vlan(4) support to em(4).
--- 1439,1445 ----
Really really give xfs a poll(2) backend.
Fix a badly broken gcc(1) optimization when calculating structure offsets under certain conditions. See the commit log for details.
Unbreak lge(4) compile.
! Update timezone info files to tzcode2003c.
Stop em(4) stripping 802.1q headers from packets in a bridge(4).
Add vlan(4) support to em(4).
***************
*** 1455,1461 ****
Print a more useful error message when a bad port number is given to whois(1).
Fix broken time parsing in kadmin(8) (PR#3292).
! Initialise environment variables in ld.so(1) before calling constructors and atexit(3) functions
Have inetd(8) exit if no config file is found.
In sendmail(8) submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly.
Teach netstat(1) how to deal with KAME embedded scope IDs for -f encap route dumps.
--- 1455,1461 ----
Print a more useful error message when a bad port number is given to whois(1).
Fix broken time parsing in kadmin(8) (PR#3292).
! Initialise environment variables in ld.so(1) before calling constructors and atexit(3) functions
Have inetd(8) exit if no config file is found.
In sendmail(8) submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly.
Teach netstat(1) how to deal with KAME embedded scope IDs for -f encap route dumps.
***************
*** 1485,1497 ****
Add a stack of missing switch break statements needed after the _dl_errno changes to ld.so(1).
Teach size(1) how to read ELF objects.
! POSIX and interoperability fixes for bc(1) and dc(1),
SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
A source code patch is available.
[Applied to stable]
Properly free resources on fxp(4) attach failures.
! Some reliability fixes in ahc(4) and siop(4).
Allow sensorsd(8) to daemon(3)ize itself.
Fix an unchecked strdup(3) in getnetgrent(3).
--- 1485,1497 ----
Add a stack of missing switch break statements needed after the _dl_errno changes to ld.so(1).
Teach size(1) how to read ELF objects.
! POSIX and interoperability fixes for bc(1) and dc(1),
SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
A source code patch is available.
[Applied to stable]
Properly free resources on fxp(4) attach failures.
! Some reliability fixes in ahc(4) and siop(4).
Allow sensorsd(8) to daemon(3)ize itself.
Fix an unchecked strdup(3) in getnetgrent(3).