===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus58.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -r1.6 -r1.7
*** www/plus58.html 2015/09/01 22:29:36 1.6
--- www/plus58.html 2015/09/02 20:30:03 1.7
***************
*** 75,80 ****
--- 75,111 ----
+
+ - In sshd_config(5), add prohibit-password as a synonymn for without-password. Harden the option by allowing pubkey, hostbased, and GSSAPI authentication only.
+
- In the installer, change the ssh root login question to use the "pubkeys-only" answer instead of "without-password".
+
+
- In em(4), fix i217 PHY initialization. This fixes a problem where the receipt of packets would stop until the laptop battery is removed.
+
+
- Skip C2 and C3 states from the FADT if the cpu doesn't have ARAT.
+
- Do not save and restore a read-only capability register in acpihpet(4).
+
- Fix clct(4) which was stuttering to the point of being useless.
+
- In identd(8), don't die on socket operation errors.
+
+
- In acpicpu(4), provide the fallback C1-via-halt even when _CST can't be evaluated. This fixes systems that only provide _CST for a subset of the CPUs.
+
- Fix incorrect register offsets in acpihpet(4).
+
- In binutils 2.17, work around a NULL dereference when a plt entry is not found.
+
- In netstat(1), show TCP states that were hidden after netstat's conversion from kvm to sysctl.
+
- In rarpd(8), fix a a regression introduced with the support of multiple connected routes.
+
- In pf(4), avoid a panic triggered for a reply-to rule.
+
- On mips64, avoid a potential deadlock by enabling IPIs before calling refreshcreds() in trap().
+
- In httpd(8), fix a problem caused by r1.70 of server.c by re-enabling the buffer event only if it was disabled previously.
+
- Enable the xdm installer question on macppc.
+
+
- In radiusd(8):
+
+ - Allow to start without -d.
+
- Use syslog(3) instead of stderr.
+
- Fix radiusd_module to stop when the daemon stops.
+
- Fire pending events when the module starts.
+
- Check the received packet length properly.
+
+
+ - Fix a potential out-of-bounds read in fnmatch(3).
- On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations.
- 5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.
A source code patch exists for 5.6 and 5.7.
***************
*** 444,450 ****
- On amd64, prevent possible interrupt recursion before unwinding the stack.
- In ssh, re-enable ed25519-certs if compiled without OpenSSL.
!
- In fdisk(8), dDo not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
- In file(1), properly handle files >= 4 GB on 32-bit architectures.
- Switch "openssl dhparam" default from 512 to 2048 bits.
- Fix a use-after-free in et(4).
--- 475,481 ----
- On amd64, prevent possible interrupt recursion before unwinding the stack.
- In ssh, re-enable ed25519-certs if compiled without OpenSSL.
!
- In fdisk(8), do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again.
- In file(1), properly handle files >= 4 GB on 32-bit architectures.
- Switch "openssl dhparam" default from 512 to 2048 bits.
- Fix a use-after-free in et(4).
***************
*** 1170,1176 ****
- Let vi(1) use resizeterm(3) instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
- In tmux(1), add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
- Replace the use of ifqueues for most input queues serviced by netisr with niqueues.
!
- In ehci(4), implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this let people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
- Add support for CRC-enabled elantech v3 touchpads to pms(4).
- In ssh(1), don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.
--- 1201,1207 ----
- Let vi(1) use resizeterm(3) instead of reinitializing curses on window resizes, which was leaking massive amounts of memory.
- In tmux(1), add a -x flag to copy-selection, append-selection and start-named-buffer to prevent it exiting copy mode after copying.
- Replace the use of ifqueues for most input queues serviced by netisr with niqueues.
!
- In ehci(4), implement full-speed isochronous transfers support with opportunistic micro-frames scheduling. More work is required to properly budget and schedule micro-frames, most of it at the HUB level. But this lets people use USB1.1 uaudio(4) devices on ehci(4)-only systems.
- Add support for CRC-enabled elantech v3 touchpads to pms(4).
- In ssh(1), don't send hostkey advertisments (hostkeys-00@openssh.com) to current versions of Tera Term as they can't handle them. Newer versions should be OK.