=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus58.html,v retrieving revision 1.3 retrieving revision 1.4 diff -c -r1.3 -r1.4 *** www/plus58.html 2015/08/09 00:39:22 1.3 --- www/plus58.html 2015/08/09 17:53:34 1.4 *************** *** 87,97 ****
  • In sshd(8), add getpid to sandbox (bz#2419).
  • Get jumbo frames working in oce(4). !
  • Allow to re-plug USB3 devices on the root hub withtout going through a suspend/resume cycle (or rebooting) with Intel ICH7 xHCI.
  • In ps(1), remove the calculation that includes the process lifetime and just use the p_pctcpu value as %cpu time.
  • In cwm(1), show an empty "ssh to" menu if the known_hosts file is missing. !
  • In syslogd(8), add the possiblity to store all syslog messages received from a specific host into a single log file. !
  • Never cache a RTF_GATEWAY route as next hop for a gateway route. This prevents rtentry loops when rt→rt_gwroute points to rt leading to an infamous "rtentry leak" panic.
  • Enable vexpress(4) on armv7.
  • Implement membar_* for armv7 with the dmb instruction. --- 87,97 ----
  • In sshd(8), add getpid to sandbox (bz#2419).
  • Get jumbo frames working in oce(4). !
  • Allow to re-plug USB3 devices on the root hub without going through a suspend/resume cycle (or rebooting) with Intel ICH7 xHCI.
  • In ps(1), remove the calculation that includes the process lifetime and just use the p_pctcpu value as %cpu time.
  • In cwm(1), show an empty "ssh to" menu if the known_hosts file is missing. !
  • In syslogd(8), add the possibility to store all syslog messages received from a specific host into a single log file. !
  • Never cache an RTF_GATEWAY route as next hop for a gateway route. This prevents rtentry loops when rt→rt_gwroute points to rt leading to an infamous "rtentry leak" panic.
  • Enable vexpress(4) on armv7.
  • Implement membar_* for armv7 with the dmb instruction. *************** *** 152,158 ****
  • In npppd(8), properly handle zero-length 1701/udp and GRE packets.
  • In ssh, don't count successful partial authentication as failures in monitor. This may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed. !
  • On amd64 and i386, make it possible to create write combing mappings through /dev/mem.
  • In pf(4), increment rule counters only after successful state insertion.
  • In ssh, don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer.
  • In httpd(8), URL-encode $SERVER_NAME and $REMOTE_USER before using them in the Location header. --- 152,158 ----
  • In npppd(8), properly handle zero-length 1701/udp and GRE packets.
  • In ssh, don't count successful partial authentication as failures in monitor. This may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed. !
  • On amd64 and i386, make it possible to create write combining mappings through /dev/mem.
  • In pf(4), increment rule counters only after successful state insertion.
  • In ssh, don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer.
  • In httpd(8), URL-encode $SERVER_NAME and $REMOTE_USER before using them in the Location header. *************** *** 186,192 ****
  • On vax, make kernel text read-only and unreadable from userland.
  • Add four new sensors to upd(4). !
  • On mips64, let alloc_contiguous_pages() round the allocation size to a page boundary, not to an u area boundary.
  • On sgi, clear the PIC `write request' memory at initialization time. There is apparently a risk of spurious parity errors if we don't.
  • Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. This will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. --- 186,192 ----
  • On vax, make kernel text read-only and unreadable from userland.
  • Add four new sensors to upd(4). !
  • On mips64, let alloc_contiguous_pages() round the allocation size to a page boundary, not to a u-area boundary.
  • On sgi, clear the PIC `write request' memory at initialization time. There is apparently a risk of spurious parity errors if we don't.
  • Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. This will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. *************** *** 282,288 ****
  • In from(1), treat a missing mail spool the same as a zero-length mail spool unless the -f option was specified.
  • In pf(4), avoid division by 0 and using a 0 upper bound for arc4random_uniform(3).
  • Fix audio interrupts on U4 systems. !
  • In arp(8) and ndp(8), dont 'assume that the sockaddr_dl will be in the gateway sa. This fixes a regression introduced with the support of multiple connected routes.
  • Rework the ppp handling in the tty layer so it has its own private pool to allocate packet memory out of. This fixes a long standing issue in ppp on a tty/serial line where it allocates mbufs at IPL_SOFTTTY, which is above the IPL_NET the mbuf layer protects itself at.
  • Fix a memory leak in sensorsd(8). --- 282,288 ----
  • In from(1), treat a missing mail spool the same as a zero-length mail spool unless the -f option was specified.
  • In pf(4), avoid division by 0 and using a 0 upper bound for arc4random_uniform(3).
  • Fix audio interrupts on U4 systems. !
  • In arp(8) and ndp(8), don't assume that the sockaddr_dl will be in the gateway sa. This fixes a regression introduced with the support of multiple connected routes.
  • Rework the ppp handling in the tty layer so it has its own private pool to allocate packet memory out of. This fixes a long standing issue in ppp on a tty/serial line where it allocates mbufs at IPL_SOFTTTY, which is above the IPL_NET the mbuf layer protects itself at.
  • Fix a memory leak in sensorsd(8). *************** *** 294,300 ****
  • Enable secureplt by default on alpha.
  • Allow gcc(1) to produce more precise relocation information on alpha. This will be necessary to enable secureplt by default.
  • Switch m88k ports to binutils 2.17. !
  • In relayd8, fix a memory leak in an error path.
  • In mandoc(1), implement the roff(7) "r" conditional. --- 294,300 ----
  • Enable secureplt by default on alpha.
  • Allow gcc(1) to produce more precise relocation information on alpha. This will be necessary to enable secureplt by default.
  • Switch m88k ports to binutils 2.17. !
  • In relayd(8), fix a memory leak in an error path.
  • In mandoc(1), implement the roff(7) "r" conditional. *************** *** 373,379 ****
  • Switch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.
  • In ssh-keygen(1), support -lF hostname to find search known_hosts and print key hashes.
  • Correctly state the link state to INVALID when creating a carp interface. !
  • Fix an unintialized variable in ix(4).
  • In sshd_config(5): !
  • In upd(4), make the "Battery Present" sensor a dependency of all the battery-related sensors only if it is present.
  • Update to font-util 1.3.1.
  • Extend autoinstall(8) to allow for hostname-mode.conf response files and to put response files in a subdir of the webserver's document root. *************** *** 434,440 ****
  • In smtpd(8), avoid multiple "From " and "Return-Path" headers.
  • Translate the fec parameters from the novena dtb to set a different clock skew to the same micrel phy used on sabre lite. This change resolves the stability problems with imxenet on novena. !
  • In tmux(1), to replace c0-*, add a high watermark to the pty event, and also backoff when the any of the ttys the pane is going to write to has buffered enough data.
  • Revert r1.3 of src/gnu/usr.bin/binutils-2.17/bfd/elflink.c. It introduces bogus failures when inter-library dependencies are present.
  • In em(4), make sure the rx ring lwm is set to at least 4. As far as we know, all hardware variants need at least 4 descriptors on the rx ring to be able to receive packets.
  • In tmux(1): --- 434,440 ----
  • In smtpd(8), avoid multiple "From " and "Return-Path" headers.
  • Translate the fec parameters from the novena dtb to set a different clock skew to the same micrel phy used on sabre lite. This change resolves the stability problems with imxenet on novena. !
  • In tmux(1), to replace c0-*, add a high watermark to the pty event, and also backoff when any of the ttys the pane is going to write to has buffered enough data.
  • Revert r1.3 of src/gnu/usr.bin/binutils-2.17/bfd/elflink.c. It introduces bogus failures when inter-library dependencies are present.
  • In em(4), make sure the rx ring lwm is set to at least 4. As far as we know, all hardware variants need at least 4 descriptors on the rx ring to be able to receive packets.
  • In tmux(1): *************** *** 540,551 ****
  • 5.6 and 5.7 SECURITY FIX: malformed binaries could trigger kernel panics or view kernel memory
    A source code patch exists for 5.6 and 5.7.
  • 5.6 and 5.7 SECURITY FIX: multiple issues in cpio(1)/pax(1)/tar(1).
    A source code patch exists for 5.6 and 5.7.
  • Don't add a separate .got.plt section as it would result in a partially writable GOT. ld.so(1) will properly write-protect the single .got. !
  • Prevent a user after free in tun(4).
  • In ix(4), set the correct media type for 1000baseLX SFPs.
  • In grep(1), warn when the user specifies -R but no files, like GNU grep.
  • Allow use of 1Gb 1000baseLX SFPs in 82599 ix(4) SFP+ port.
  • Optimise sensor I/O in upd(4). !
  • Indroduce fd_getfile_mode() and use it were fd_getfile() is directly followed by a mode check.
  • Fix two assertion failures in mandoc(1).
  • Add the tmux and tmux-256color entries to termcap(5) and terminfo. This can be used inside tmux for correct italics support. --- 540,551 ----
  • 5.6 and 5.7 SECURITY FIX: malformed binaries could trigger kernel panics or view kernel memory
    A source code patch exists for 5.6 and 5.7.
  • 5.6 and 5.7 SECURITY FIX: multiple issues in cpio(1)/pax(1)/tar(1).
    A source code patch exists for 5.6 and 5.7.
  • Don't add a separate .got.plt section as it would result in a partially writable GOT. ld.so(1) will properly write-protect the single .got. !
  • Prevent a use after free in tun(4).
  • In ix(4), set the correct media type for 1000baseLX SFPs.
  • In grep(1), warn when the user specifies -R but no files, like GNU grep.
  • Allow use of 1Gb 1000baseLX SFPs in 82599 ix(4) SFP+ port.
  • Optimise sensor I/O in upd(4). !
  • Introduce fd_getfile_mode() and use it where fd_getfile() is directly followed by a mode check.
  • Fix two assertion failures in mandoc(1).
  • Add the tmux and tmux-256color entries to termcap(5) and terminfo. This can be used inside tmux for correct italics support. *************** *** 573,582 ****
  • Use a systrace(4) sandbox with a short whitelist of allowed syscalls for the file(1) child process.
  • In upd(4), parse the HID descriptor multiple times to find sensors. This avoid lookups in the hot path for sensors that depend on the value of others. !
  • In tmux(1), if the requested pane is already active, do not unzoom the window (or doanything else). This prevents mouse clicking when zoomed causing unzoom.
  • Correctly write the 64bits of the HID 1, 4 and 5 registers on powerpc. !
  • Allow "sshd -f none" to skip reading the config file, much like"ssh -F none" does.
  • In file(1), don't support -s on FIFOs.
  • Let bgpd(8) check the length of the control socket path to make sure it fits -- just like bgpctl(8) does.
  • Fix a typo in sndiod(8): the buffer size should be 7680 rather than 7860. --- 573,582 ----
  • Use a systrace(4) sandbox with a short whitelist of allowed syscalls for the file(1) child process.
  • In upd(4), parse the HID descriptor multiple times to find sensors. This avoid lookups in the hot path for sensors that depend on the value of others. !
  • In tmux(1), if the requested pane is already active, do not unzoom the window (or do anything else). This prevents mouse clicking when zoomed causing unzoom.
  • Correctly write the 64bits of the HID 1, 4 and 5 registers on powerpc. !
  • Allow "sshd -f none" to skip reading the config file, much like "ssh -F none" does.
  • In file(1), don't support -s on FIFOs.
  • Let bgpd(8) check the length of the control socket path to make sure it fits -- just like bgpctl(8) does.
  • Fix a typo in sndiod(8): the buffer size should be 7680 rather than 7860. *************** *** 603,609 ****
  • In file(1), fail if a \ appears at EOL of a magic(5) file rather than continuing off the end of the buffer.
  • In LibreSSL, don't ignore the reference count in X509_STORE_free.
  • In tmux(1), explicitly cancel mouse "button" mode. This happens implicitly with some of the other things we send with xterm, but not with urxvt. !
  • In m4(1) and make(1), adda check for overflow while doubling.
  • In LibreSSL, check for invalid leading zeros in CBS_get_asn1_uint64.
  • In bgpd(8), allow rules that match directly on the peer AS. Also adjust the IRR ruleset output to include the declared peer AS instead of hoping they listed their neighbor IP address.
  • In httpd(8), prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986. --- 603,609 ----
  • In file(1), fail if a \ appears at EOL of a magic(5) file rather than continuing off the end of the buffer.
  • In LibreSSL, don't ignore the reference count in X509_STORE_free.
  • In tmux(1), explicitly cancel mouse "button" mode. This happens implicitly with some of the other things we send with xterm, but not with urxvt. !
  • In m4(1) and make(1), add a check for overflow while doubling.
  • In LibreSSL, check for invalid leading zeros in CBS_get_asn1_uint64.
  • In bgpd(8), allow rules that match directly on the peer AS. Also adjust the IRR ruleset output to include the declared peer AS instead of hoping they listed their neighbor IP address.
  • In httpd(8), prepend files or directories containing ":" with "./" in directory indexes as per RFC 3986. *************** *** 665,671 ****
  • In tmux(1), add support for multiple key tables to commands to be bound to sequences of keys.
  • In the installer, fix asking for list of http servers via "?". This should fix scanning for wireless networks too.
  • In mandoc(1), avoid out-of-bounds read access. This sometimes prevented proper warnings about text nodes preceding the first section header. !
  • In tmux(1), make jump-to-backward/jump-to-forward repeatable withjump-reverse/jump-again.
  • Remove a typo introduced in r1.185 of src/sys/net/route.c. Because of this typo, a local route was always created.
  • Do not treat loopback interfaces as p2p interfaces and create only one route to ::1.
  • Always call rt_ifa_dellocal(9) when removing an IPv6 address. --- 665,671 ----
  • In tmux(1), add support for multiple key tables to commands to be bound to sequences of keys.
  • In the installer, fix asking for list of http servers via "?". This should fix scanning for wireless networks too.
  • In mandoc(1), avoid out-of-bounds read access. This sometimes prevented proper warnings about text nodes preceding the first section header. !
  • In tmux(1), make jump-to-backward/jump-to-forward repeatable with jump-reverse/jump-again.
  • Remove a typo introduced in r1.185 of src/sys/net/route.c. Because of this typo, a local route was always created.
  • Do not treat loopback interfaces as p2p interfaces and create only one route to ::1.
  • Always call rt_ifa_dellocal(9) when removing an IPv6 address. *************** *** 693,699 ****
  • Remove emulation of OSS audio ioctls from Linux emulation.
  • Implement binary code patching on i386. !
  • Enable th REG_READ ioctl.
  • Don't lock the file for "vi -R" or "view".
  • Work around what appear to be CPUID lies about the monitor-line size. This makes the mwait-based idle loop actually work.
  • Convert many atoi() calls to strtonum() in userland, adding range checks and failure handling along the way. --- 693,699 ----
  • Remove emulation of OSS audio ioctls from Linux emulation.
  • Implement binary code patching on i386. !
  • Enable the REG_READ ioctl.
  • Don't lock the file for "vi -R" or "view".
  • Work around what appear to be CPUID lies about the monitor-line size. This makes the mwait-based idle loop actually work.
  • Convert many atoi() calls to strtonum() in userland, adding range checks and failure handling along the way. *************** *** 965,971 ****
  • The RTL8411 is supported by rtsx(4).
  • Rewrite the sh(1) manual page and confine it to document features supported by POSIX-compliant shells. !
  • In ospfd(8), wen removing interfaces in the RDE, also remove all the RDE neighbors that are part of that interface. This prevents use-after-free situations.
  • Make wi(4) on PCMCIA work on luna88k.
  • In makewhatis(8), fix hardlink detection on platforms having padding in struct inodev, typically 64-bit platforms. --- 965,971 ----
  • The RTL8411 is supported by rtsx(4).
  • Rewrite the sh(1) manual page and confine it to document features supported by POSIX-compliant shells. !
  • In ospfd(8), when removing interfaces in the RDE, also remove all the RDE neighbors that are part of that interface. This prevents use-after-free situations.
  • Make wi(4) on PCMCIA work on luna88k.
  • In makewhatis(8), fix hardlink detection on platforms having padding in struct inodev, typically 64-bit platforms. *************** *** 979,985 ****
  • Remove setgid kmem support from systat(1). As a result, the netstat view of systat is slightly different.
  • In ping(8), bump the size of the time types on the wire to 64 bit.
  • Remove tcopy(1). !
  • Remove setgid kmem support from eeprom(8). As a result, groot privileges are generally needed to run this.
  • Remove setgid kmem support from pstat(8). As a result, root privileges are needed to use the -d and -v options.
  • In man(1), when interpreting the -O argument as a macro name fails, fall back to showing Nd rather than not showing anything.
  • The 3160 should work with iwm(4). --- 979,985 ----
  • Remove setgid kmem support from systat(1). As a result, the netstat view of systat is slightly different.
  • In ping(8), bump the size of the time types on the wire to 64 bit.
  • Remove tcopy(1). !
  • Remove setgid kmem support from eeprom(8). As a result, root privileges are generally needed to run this.
  • Remove setgid kmem support from pstat(8). As a result, root privileges are needed to use the -d and -v options.
  • In man(1), when interpreting the -O argument as a macro name fails, fall back to showing Nd rather than not showing anything.
  • The 3160 should work with iwm(4).