===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus59.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** www/plus59.html 2016/03/01 15:04:53 1.3
--- www/plus59.html 2016/03/01 22:10:17 1.4
***************
*** 76,81 ****
--- 76,258 ----
+
+ - In sshd(8), add a new authorized_keys option "restrict" that includes all current and future key restrictions. Also add permissive versions of the existing restrictions.
+
- In ssh_config(5), add the AddKeysToAgent option.
+
- In intel(4), partly disable acceleration on Broadwell. This avoids use of the render ring which gets stuck after resume.
+
- In ieee80211(9):
+
+ - Add 11n HT support.
+
- Expose 11n mode to the ifmedia layer and introduce the concept of MCS. Make sure 11n features are enabled only if media type is autoselect or 11n.
+
- Add support for 11n mode to the rate adaptation (AMRR) code.
+
+ - In Xorg(1), remove the -configure option. It has been broken for a long time.
+
- Use pledge(2) in
+ locate(1), tput(1), tset(1), and user(8).
+
+
- In rdistd(1), support hardlinked symlinks.
+
- In the binutils tools:
+
+ - Don't try to preserve setuid bits.
+
- Always strip off setuid/setgid bits when creating copies of files.
+
+ - In ieee80211(9), fix CCMP (WPA2) in preparation for 11n.
+
- Remove libocurses. It is no longer used.
+
- In mandoc(1), fix a bug where hitting Ctrl-Backslash (= SIGQUIT) in the less(1) process spawned by man(1) causes man(1) to die uncleanly leaving behind its temp files, and kill less(1) uncleanly leaving the terminal in the wrong state.
+
- Use pledge(2) in ar(1), info(1), infokey(1), install-info(1), ldconfig(8), ldd(1), makeinfo(1), objcopy(1), texindex(1), vi(1), xconsole(1) and ypldap(8).
+
- In rs(1), fix a bug with -z where every column was at least as wide as the previous one.
+
- Update to xkeyboard-config 2.16.
+
+
- In telnet(1):
+
+ - Remove S/Key support.
+
- Remove support for !shell.
+
- Remove the tracefile command.
+
- Remove the debug command.
+
- Set rtable(4) on the whole process, not only in the socket.
+
- Use pledge(2).
+
+ - Use pledge(2) in as(1), fdisk(8), gcc(1), ld(1), nm(1), rarpd(8), tcpbench(1) and tftp-proxy(8).
+
- In crypto(9):
+
+ - Remove unused non-HMAC versions of MD5 and SHA1.
+
- Remove unused ARC4.
+
+ - In tmux(1) add the window_visible_layout format.
+
- In file(1), with -L, make links actually be followed.
+
- Add vmm(4). It is disabled by default.
+
- In ssh, send SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during KEX (bz#2949).
+
+
- In sshd_config(5), support "none" as an argument for ForceCommand and ChrootDirectory (bz#2486).
+
- In ssh-keygen(1), for -L, support multiple certificates (one per line) and reading from standard input.
+
- In nc(1), with -V, set rtable(4) on the whole process, not only in the socket.
+
- Revert sys/dev/pci/if_bge.c r1.372. It causes regressions on some models.
+
- In dhclient(8), when link loss is reported, cancel any active timeout and wait for link to return.
+
- Use pledge(2) in cwm(1) and fingerd(8).
+
- In fdisk(8):
+
+ - Avoid problems with pathological input during edit operations by never attempting to use data past the end of the input.
+
- Refresh the in-kernel copy of the disklabel from the disk after writing the new GPT.
+
- Let "reinit mbr" zero existing MBR and GPT partition information before constructing default MBR.
+
+ - In cron(8), move the socket to /var/run/cron.sock.
+
+
- In tmux(1):
+
+ - Remove the mouse-utf8 option. Instead, always turn on UTF-8 mouse if the client says it supports UTF-8.
+
- Support UTF-8 key bindings.
+
- Remove the mouse_utf8_flag.
+
- Remove the utf8 and status-utf8 options. Make tmux only a UTF-8 terminal.
+
+ - In fdisk(8), display the full disk size when editing GPT, not the truncated MBR size. Display the "disk too large" message only when no GPT is found.
+
- Use pledge(2) in mg(1), spamdb(8), xclock(1) and Xserver(1).
+
- In mg(1), clear the mini buffer once a question has been displayed.
+
+
- In ehci(4), mark the interrupt handler IPL_MPSAFE.
+
- Add /dev/vmm.
+
- In bge(4), unbreak the BCM5704 A3 found on some Xserve G5 (RackMac3,1).
+
- In fdisk(8), make GPT on large disks work.
+
- In rs(1):
+
+ - With -H, do not overrun a static buffer on files longer than 4 kB.
+
- With -K, do not print bogus blank lines in case of premature EOF.
+
+ - Reduce the memory overhead of our ART routing table from 80M to 70M compared to the existing radix-tree when loading ~550K IPv4 routes.
+
- In newfs(8), remove TMPDIR support.
+
+
- Install ikeca.cnf by default as ikectl(8) now requires CA-specific sections not present in the general openssl(1) cnf files.
+
- In libc:
+
+
- 5.7 and 5.8 RELIABILITY FIX: insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
A source code patch is available for 5.7 and 5.8.
+ - Use pledge(2) in less(1) and nohup(1).
+
- In less(1), do not save history in secure mode.
+
- Use the correct rdomain(4) when sending gre(4) keepalive packets.
+
- In ehci(4), fix a NULL dereference in case a Root Port Hub interrupt is handled before the soft-interrupt has been established.
+
+
- In efiboot, avoid a crash when attempting to calculate the header checksum.
+
- Make HFSC work on age(4) and vr(4).
+
- Add the _vmd user and group for the forthcoming vmd(8) daemon.
+
- Revert gnu/usr.bin/gcc/gcc/cp/g++spec.c r1.2 and r.13 in order to go back to the default upstream behaviour when linking a shared library with c++. It is no longer necessary to behave the same as g++ 2.95.
+
- In ssh-keyscan(1), add -c to allow fetching certificates instead of plain keys.
+
- In ncr53c9x, when issuing a non-dma command, set a length variable to 0 upfront to avoid problems on command completition interrupt.
+
- In ssh(1), fix an OOB read in the packet code.
+
- Fix possible system panics due insufficient validation of RSN element group cipher values in 802.11 stack.
+
- Fix a use-after-free in fwvm(1).
+
- In sdmmc(4), always claim to support sector mode for eMMC. This allows BeagleBone Black boards with Micron eMMC to work.
+
- In less(1), remove LESSGLOBALTAGS support.
+
+
- In efiboot, make "machine disk" show EFI info instead of BIOS info.
+
- In restore(8), make hardlinks of symlinks work.
+
- In efiboot, disable red-zone since EFI is running with a different ABI. This may fix an issue when loading a compressed kernel on MacBooks.
+
- Update to xserver 1.17.4.
+
- Use input handlers for bridge(4). This allows more flexible configurations with vlan(4) and bridge(4) on top of the same physical interface.
+
- Use pledge(2) in xterm(1).
+
+
- In hypotf(3), fix wrong magic numbers in scaling causing incorrect results for large and small values.
+
- In getty(8), remove ppplogin support.
+
- Radically improve the performance of bgpd(8) filters.
+
- In less(1):
+
+ - Remove support for "!" to run a shell command.
+
- Remove LESSCHARDEF support.
+
- Remove unused charsets and LESSCHARSET support.
+
+ - Make HFSC work on de(4) and ie(4/sparc).
+
+
- In ld.so(1), fix unloading of load groups when the last reference was not on the load_object but rather some descendent.
+
- On i386, fix a regression by reading/writing to CR4 register only if the processor has this capability.
+
- Stop creating the directory /usr/share/nls. If the user does not specify a NLS path, fail early in catopen(3).
+
- In res_init(3), restrict the number, size and address family of nameservers. This fixes a crash in sendmail. Only programs that use the bind resolver internals directly are affected.
+
- Replace less(1) with the cleaned-up fork of less 458 maintained by Garrett D'Amore.
+
- Update to unbound 1.5.6.
+
- Update to nsd 4.1.6.
+
- In the loongson installer, ensure that the partition containing the boot blocks is recognized on the eBenton EBT700.
+
- Use pledge(2) in httpd(8), ikectl(8), slowcgi(8) and wall(1).
+
- For USB mice with wheels, check for the W direction at AC Pan input.
+
- In pkg_add(8), tweak dependencies handling. This might fix some infrequent bugs.
+
- In tcpdump(8), fix a segmentation fault by capping the GRE packet len to tcpdump's snap len.
+
- In tmux(1), pass through right click if mouse is on.
+
- In smtpctl(8), implement the "uncorrupt" subcommand.
+
- In smtpd(8), correctly handle messages that consist solely of headers and do not end with an empty line.
+
+
- In km(4), match the temperature sensor in GX-412TC SOC.
+
- In ipsecctl(8), decode Chacha20-Poly1305 when dumping SAs.
+
- In iked(8), support Chacha20-Poly1305 for Child SAs.
+
+
- Fix a potential use-after-free in pf(4).
+
- Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains IP options or if an IPv6 packet contains header extensions.
+
- In rtadvd(8), recognize carp(4) interfaces in order to send the src lladdr option.
+
- In fdisk(8), don't allow the user to enter GPT partition names too large to fit in the GPT partition structure. Also avoid running off the end of the name buffer.
+
- Prevent a panic caused by an infinite recursion in the network stack.
+
- In efiboot, use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" to find the boot device since the MacBook does not support the latter protocol.
+
- In snmpd(8), don't lose the ARP entries when updating an interface.
+
+
- Add Chacha20-Poly1305 to the OpenBSD Cryptographic Framework and enable it in the software crypto driver and the IPsec/ESP and PF_KEY frameworks.
+
- In whois(1), add -I to use whois.iana.org (root zone database).
+
- In tcpdump(8), print RDNSS nameserver addresses and option names for some other known options that are not otherwise decoded yet (DNSSL, route information).
+
- In libssl, add EVP_aead_chacha20_poly1305_ietf(3), a ChaCha20 with a Poly1305 authenticator for IETF protocols.
+
- Remove ARP load-balacing in order to simplify making ARP MP-safe.
+
- In xhci(4), mark the interrupt handler as IPL_MPSAFE since it only schedules a soft-interrupt.
+
- In ikectl(8):
+
+ - Accept an "ocsp" option when creating certificates to set the extended key usage for OCSP signing.
+
- Let openssl(1) add valid signed certs to the index file which is required to use the builtin openssl OCSP server.
+
- Switch from SHA-1 to SHA-256.
+
+ - Introduce ml_purge(9) and mq_purge(9) to free all mbufs on an mbuf list or queue.
+
+
- In intel(4), fix rendering problems on Broadwell GT3 (Iris 6100/Iris Pro 6200).
+
- In re(4), expand the rx and tx rings so that deviced needing more packets per interrupt can use them.
+
- Rework the netstart(8) script.
+
- In inteldrm(4):
+
+ - Prevent the desktop "Iris Pro Graphics 6200" from being misidentified as ULT.
+
- Make the mobile "Iris Graphics 6100" be correctly identified as being a ULT part.
+
+ - Use pledge(2) in bgpctl(8), ldapctl(8), ldapd(8), m4(1), skeyaudit(1) and skeyinfo(1).
- In ntpd(8), revert some parts introduced with the original server rtable support, so servers with numeric IP addresses won't be skipped.
- In mg(1), mark *Completions* buffer as read-only.