=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus58.html,v retrieving revision 1.6 retrieving revision 1.7 diff -c -r1.6 -r1.7 *** www/plus58.html 2015/09/01 22:29:36 1.6 --- www/plus58.html 2015/09/02 20:30:03 1.7 *************** *** 75,80 **** --- 75,111 ----

In sshd_config(5), add prohibit-password as a synonymn for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only. +
In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password". + +
In em(4), fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed. + +
Skip C2 and C3 states from the FADT if the cpu doesn't have ARAT. +
Do not save and restore a read-only capability register in acpihpet(4). +
Fix clct(4) which was stuttering to the point of being useless. +
In identd(8), don't die on socket operation errors. + +
In acpicpu(4), provide the fallback C1-via-halt even when _CST can't be evaluated. This fixes systems that only provide _CST for a subset of the CPUs. +
Fix incorrect register offsets in acpihpet(4). +
In binutils 2.17, work around a NULL dereference when a plt entry is not found. +
In netstat(1), show TCP states that were hidden after netstat's conversion from kvm to sysctl. +
In rarpd(8), fix a a regression introduced with the support of multiple connected routes. +
In pf(4), avoid a panic triggered for a reply-to rule. +
On mips64, avoid a potential deadlock by enabling IPIs before calling refreshcreds() in trap(). +
In httpd(8), fix a problem caused by r1.70 of server.c by re-enabling the buffer event only if it was disabled previously. +
Enable the xdm installer question on macppc. + +
In radiusd(8): +
- Allow to start without -d. +
- Use syslog(3) instead of stderr. +
- Fix radiusd_module to stop when the daemon stops. +
- Fire pending events when the module starts. +
- Check the received packet length properly. +
+ +
Fix a potential out-of-bounds read in fnmatch(3).
On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations.
5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.
A source code patch exists for 5.6 and 5.7. *************** *** 444,450 ****
On amd64, prevent possible interrupt recursion before unwinding the stack.
In ssh, re-enable ed25519-certs if compiled without OpenSSL. !
In fdisk(8), dDo not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
In file(1), properly handle files >= 4 GB on 32-bit architectures.
Switch "openssl dhparam" default from 512 to 2048 bits.
Fix a use-after-free in et(4). --- 475,481 ----
On amd64, prevent possible interrupt recursion before unwinding the stack.
In ssh, re-enable ed25519-certs if compiled without OpenSSL. !
In fdisk(8), do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
In file(1), properly handle files >= 4 GB on 32-bit architectures.
Switch "openssl dhparam" default from 512 to 2048 bits.
Fix a use-after-free in et(4). *************** *** 1170,1176 ****
Let vi(1) use resizeterm(3) instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
In tmux(1), add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
Replace the use of ifqueues for most input queues serviced by netisr with niqueues. !
In ehci(4), implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this let people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
Add support for CRC-enabled elantech v3 touchpads to pms(4).
In ssh(1), don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK. --- 1201,1207 ----
Let vi(1) use resizeterm(3) instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
In tmux(1), add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
Replace the use of ifqueues for most input queues serviced by netisr with niqueues. !
In ehci(4), implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this lets people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
Add support for CRC-enabled elantech v3 touchpads to pms(4).
In ssh(1), don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.