===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus58.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- www/plus58.html 2015/09/04 15:59:50 1.8
+++ www/plus58.html 2015/10/12 18:36:15 1.9
@@ -123,7 +123,7 @@
Add linker warnings in case SSLv3_{,client,server}_method are referenced.
On macppc, powerpc and socppc, do not save the status register and restore it for machine check exceptions.
Revert r1.289 of src/sys/dev/acpi/acpi.c (respect the access size when reading or writing to pci config space). It is locking up suspend or boot on some laptops.
-Disable tame(2) with ENOSYS for upcoming release cycle.
+Disable tame(2) with ENOSYS for upcoming release cycle.
Acquire the kernel lock in pmap_remove(). The reasons for this can't be stated as the committer has been asked to be polite in his commit message.
In azalia(4), rework the buffer position reporting code.
@@ -143,10 +143,10 @@
Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), sendmsg(), and recvmsg().
In gcc(1), implement support for __builtin_complex() to construct complex values. This is required by the upcoming libm work.
In disktab(5) on i386, fix geometry of rdroot entry.
-Rather than disabling tame(2) to coredump, leave it enabled but flag that a coredump is happening. This improves behaviour while threaded.
+Rather than disabling tame(2) to coredump, leave it enabled but flag that a coredump is happening. This improves behaviour while threaded.
On mips64, allow coalescing of IPI requests on mips64, to make IPI sending non-blocking.
In sshd(8), permit kbind(2) use in the sandbox.
-Enforce tame(2) by disabling all TAME_ flags if tame_fail() is reached, not only if TAME_ABORT is set.
+Enforce tame(2) by disabling all TAME_ flags if tame_fail() is reached, not only if TAME_ABORT is set.
5.6 and 5.7 SECURITY FIX: the patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file.
A source code patch exists for 5.6 and 5.7. These patches remove the RCS support.
5.6 and 5.7 SECURITY FIX: a kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
A source code patch exists for 5.6 and 5.7.
In radiusd(8), make the modules priviledge-separated.
@@ -179,13 +179,13 @@
Implement quoting support in doas.conf(5).
In tail(1), fix a memory leak when -r is used with anything but regular files.
-Slam signal handlers harder in tame(2).
+Slam signal handlers harder in tame(2).
Plug a memory leak in execve(2) with systrace(4).
Generate new moduli for ssh.
In security(8), don't risk blocking when reading untrusted user files and for additional safety against race attacks, make sure they are regular files.
Switch pvbus(4) to fully dynamic autoconf.
Add mpw(4) support to ifconfig(8).
-In tame(2), always permit kbind (for dynamic linking) and add __thrsigdivert to the SELF list like the other threading calls.
+In tame(2), always permit kbind (for dynamic linking) and add __thrsigdivert to the SELF list like the other threading calls.
Add a -C option to doas(1) to check config files without running.
In acpi(4), respect the access size when reading or writing to pci config space. This fixes battery status passthrough in vmware.
Add argument matching support to doas(1).
@@ -217,20 +217,20 @@
Avoid NULL deref in openssl s_cb (Coverity CID 24956).
Don't try to run ECDH if ecdh_checks fails in openssl speed (Coverity CID 72744).
-In tame(2), crudely canonicalize paths before taming them.
+In tame(2), crudely canonicalize paths before taming them.
On octeon, add amdcf(4), a new flash driver that allows access to the internal memory on (at least) D-Link DSR500 machines.
-Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using tame(2). This allows threaded programs to work.
+Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using tame(2). This allows threaded programs to work.
Avoid a possible NULL dereference in openssl(1) s_server (Coverity CID 78873).
Add a quirk for Cirrus Logic PD6729: earlier silicon versions of this chip would advertize themselves as multi-function devices while they are not.
In syslogd(8), don't accept sockets when syslogd reaches the file descriptor limit. Instead disable the listen event and wait for a second.
In openssl(1), avoid dereferencing NULL (Coverity CID 21746).
-In tame(2):
+In tame(2):
- Don't dereference NULL FILE pointers.
- Don't let any ioctls through with invalid file descriptors.
In bgpd(8), execute the RDE and session engine process instead of just forking. This way ASLR and stack cookies are per process.
-Have tame(2) permit late calls to getpagesize() in programs.
+Have tame(2) permit late calls to getpagesize() in programs.
In tmux(1), add an option (history-file) for a file to save/restore command prompt history.
Plug various memory leaks in libssl.
Try to assign a secondary bus number if the BIOS left the CardBus bridge unconfigured.
@@ -299,7 +299,7 @@
In tcpdump(8), show 11n HTOP primary and secondary channel numbers for 40MHz BSS instead of showing just the primary one and "above" or "below" for secondary.
Rename the tps65090 driver to "tpspmic".
-Introduce tame(2), a subsystem which restricts programs into a "reduced feature operating model".
+Introduce tame(2), a subsystem which restricts programs into a "reduced feature operating model".
In libssl, remove the logic responsible for outputting most AES-NI instructions as raw byte sequences.
Revert the previous commit in ospfd(8) (properly handle carp interfaces in "backup" mode on start-up), because it breaks on systems without carp.
In doas(1), if execvpe fails with ENOENT, print "command not found", like sudo.