=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus59.html,v retrieving revision 1.3 retrieving revision 1.4 diff -c -r1.3 -r1.4 *** www/plus59.html 2016/03/01 15:04:53 1.3 --- www/plus59.html 2016/03/01 22:10:17 1.4 *************** *** 76,81 **** --- 76,258 ----

In sshd(8), add a new authorized_keys option "restrict" that includes all current and future key restrictions. Also add permissive versions of the existing restrictions. +
In ssh_config(5), add the AddKeysToAgent option. +
In intel(4), partly disable acceleration on Broadwell. This avoids use of the render ring which gets stuck after resume. +
In ieee80211(9): +
- Add 11n HT support. +
- Expose 11n mode to the ifmedia layer and introduce the concept of MCS. Make sure 11n features are enabled only if media type is autoselect or 11n. +
- Add support for 11n mode to the rate adaptation (AMRR) code. +
+
In Xorg(1), remove the -configure option. It has been broken for a long time. +
Use pledge(2) in + locate(1), tput(1), tset(1), and user(8). + +
In rdistd(1), support hardlinked symlinks. +
In the binutils tools: +
- Don't try to preserve setuid bits. +
- Always strip off setuid/setgid bits when creating copies of files. +
+
In ieee80211(9), fix CCMP (WPA2) in preparation for 11n. +
Remove libocurses. It is no longer used. +
In mandoc(1), fix a bug where hitting Ctrl-Backslash (= SIGQUIT) in the less(1) process spawned by man(1) causes man(1) to die uncleanly leaving behind its temp files, and kill less(1) uncleanly leaving the terminal in the wrong state. +
Use pledge(2) in ar(1), info(1), infokey(1), install-info(1), ldconfig(8), ldd(1), makeinfo(1), objcopy(1), texindex(1), vi(1), xconsole(1) and ypldap(8). +
In rs(1), fix a bug with -z where every column was at least as wide as the previous one. +
Update to xkeyboard-config 2.16. + +
In telnet(1): +
- Remove S/Key support. +
- Remove support for !shell. +
- Remove the tracefile command. +
- Remove the debug command. +
- Set rtable(4) on the whole process, not only in the socket. +
- Use pledge(2). +
+
Use pledge(2) in as(1), fdisk(8), gcc(1), ld(1), nm(1), rarpd(8), tcpbench(1) and tftp-proxy(8). +
In crypto(9): +
- Remove unused non-HMAC versions of MD5 and SHA1. +
- Remove unused ARC4. +
+
In tmux(1) add the window_visible_layout format. +
In file(1), with -L, make links actually be followed. +
Add vmm(4). It is disabled by default. +
In ssh, send SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during KEX (bz#2949). + +
In sshd_config(5), support "none" as an argument for ForceCommand and ChrootDirectory (bz#2486). +
In ssh-keygen(1), for -L, support multiple certificates (one per line) and reading from standard input. +
In nc(1), with -V, set rtable(4) on the whole process, not only in the socket. +
Revert sys/dev/pci/if_bge.c r1.372. It causes regressions on some models. +
In dhclient(8), when link loss is reported, cancel any active timeout and wait for link to return. +
Use pledge(2) in cwm(1) and fingerd(8). +
In fdisk(8): +
- Avoid problems with pathological input during edit operations by never attempting to use data past the end of the input. +
- Refresh the in-kernel copy of the disklabel from the disk after writing the new GPT. +
- Let "reinit mbr" zero existing MBR and GPT partition information before constructing default MBR. +
+
In cron(8), move the socket to /var/run/cron.sock. + +
In tmux(1): +
- Remove the mouse-utf8 option. Instead, always turn on UTF-8 mouse if the client says it supports UTF-8. +
- Support UTF-8 key bindings. +
- Remove the mouse_utf8_flag. +
- Remove the utf8 and status-utf8 options. Make tmux only a UTF-8 terminal. +
+
In fdisk(8), display the full disk size when editing GPT, not the truncated MBR size. Display the "disk too large" message only when no GPT is found. +
Use pledge(2) in mg(1), spamdb(8), xclock(1) and Xserver(1). +
In mg(1), clear the mini buffer once a question has been displayed. + +
In ehci(4), mark the interrupt handler IPL_MPSAFE. +
Add /dev/vmm. +
In bge(4), unbreak the BCM5704 A3 found on some Xserve G5 (RackMac3,1). +
In fdisk(8), make GPT on large disks work. +
In rs(1): +
- With -H, do not overrun a static buffer on files longer than 4 kB. +
- With -K, do not print bogus blank lines in case of premature EOF. +
+
Reduce the memory overhead of our ART routing table from 80M to 70M compared to the existing radix-tree when loading ~550K IPv4 routes. +
In newfs(8), remove TMPDIR support. + +
Install ikeca.cnf by default as ikectl(8) now requires CA-specific sections not present in the general openssl(1) cnf files. +
In libc: +
- Exclude the hidden atexit(3) and pthread_atfork(3) stubs from static links that don't use them. +
- Split the intra-thread functionality from kill(2) into its own system call thrkill(2). This eliminates the need for locking in pthread_kill(3) and simplifies pthread_cancel(3). +
+
5.7 and 5.8 RELIABILITY FIX: insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
A source code patch is available for 5.7 and 5.8. +
Use pledge(2) in less(1) and nohup(1). +
In less(1), do not save history in secure mode. +
Use the correct rdomain(4) when sending gre(4) keepalive packets. +
In ehci(4), fix a NULL dereference in case a Root Port Hub interrupt is handled before the soft-interrupt has been established. + +
In efiboot, avoid a crash when attempting to calculate the header checksum. +
Make HFSC work on age(4) and vr(4). +
Add the _vmd user and group for the forthcoming vmd(8) daemon. +
Revert gnu/usr.bin/gcc/gcc/cp/g++spec.c r1.2 and r.13 in order to go back to the default upstream behaviour when linking a shared library with c++. It is no longer necessary to behave the same as g++ 2.95. +
In ssh-keyscan(1), add -c to allow fetching certificates instead of plain keys. +
In ncr53c9x, when issuing a non-dma command, set a length variable to 0 upfront to avoid problems on command completition interrupt. +
In ssh(1), fix an OOB read in the packet code. +
Fix possible system panics due insufficient validation of RSN element group cipher values in 802.11 stack. +
Fix a use-after-free in fwvm(1). +
In sdmmc(4), always claim to support sector mode for eMMC. This allows BeagleBone Black boards with Micron eMMC to work. +
In less(1), remove LESSGLOBALTAGS support. + +
In efiboot, make "machine disk" show EFI info instead of BIOS info. +
In restore(8), make hardlinks of symlinks work. +
In efiboot, disable red-zone since EFI is running with a different ABI. This may fix an issue when loading a compressed kernel on MacBooks. +
Update to xserver 1.17.4. +
Use input handlers for bridge(4). This allows more flexible configurations with vlan(4) and bridge(4) on top of the same physical interface. +
Use pledge(2) in xterm(1). + +
In hypotf(3), fix wrong magic numbers in scaling causing incorrect results for large and small values. +
In getty(8), remove ppplogin support. +
Radically improve the performance of bgpd(8) filters. +
In less(1): +
- Remove support for "!" to run a shell command. +
- Remove LESSCHARDEF support. +
- Remove unused charsets and LESSCHARSET support. +
+
Make HFSC work on de(4) and ie(4/sparc). + +
In ld.so(1), fix unloading of load groups when the last reference was not on the load_object but rather some descendent. +
On i386, fix a regression by reading/writing to CR4 register only if the processor has this capability. +
Stop creating the directory /usr/share/nls. If the user does not specify a NLS path, fail early in catopen(3). +
In res_init(3), restrict the number, size and address family of nameservers. This fixes a crash in sendmail. Only programs that use the bind resolver internals directly are affected. +
Replace less(1) with the cleaned-up fork of less 458 maintained by Garrett D'Amore. +
Update to unbound 1.5.6. +
Update to nsd 4.1.6. +
In the loongson installer, ensure that the partition containing the boot blocks is recognized on the eBenton EBT700. +
Use pledge(2) in httpd(8), ikectl(8), slowcgi(8) and wall(1). +
For USB mice with wheels, check for the W direction at AC Pan input. +
In pkg_add(8), tweak dependencies handling. This might fix some infrequent bugs. +
In tcpdump(8), fix a segmentation fault by capping the GRE packet len to tcpdump's snap len. +
In tmux(1), pass through right click if mouse is on. +
In smtpctl(8), implement the "uncorrupt" subcommand. +
In smtpd(8), correctly handle messages that consist solely of headers and do not end with an empty line. + +
In km(4), match the temperature sensor in GX-412TC SOC. +
In ipsecctl(8), decode Chacha20-Poly1305 when dumping SAs. +
In iked(8), support Chacha20-Poly1305 for Child SAs. + +
Fix a potential use-after-free in pf(4). +
Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains IP options or if an IPv6 packet contains header extensions. +
In rtadvd(8), recognize carp(4) interfaces in order to send the src lladdr option. +
In fdisk(8), don't allow the user to enter GPT partition names too large to fit in the GPT partition structure. Also avoid running off the end of the name buffer. +
Prevent a panic caused by an infinite recursion in the network stack. +
In efiboot, use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" to find the boot device since the MacBook does not support the latter protocol. +
In snmpd(8), don't lose the ARP entries when updating an interface. + +
Add Chacha20-Poly1305 to the OpenBSD Cryptographic Framework and enable it in the software crypto driver and the IPsec/ESP and PF_KEY frameworks. +
In whois(1), add -I to use whois.iana.org (root zone database). +
In tcpdump(8), print RDNSS nameserver addresses and option names for some other known options that are not otherwise decoded yet (DNSSL, route information). +
In libssl, add EVP_aead_chacha20_poly1305_ietf(3), a ChaCha20 with a Poly1305 authenticator for IETF protocols. +
Remove ARP load-balacing in order to simplify making ARP MP-safe. +
In xhci(4), mark the interrupt handler as IPL_MPSAFE since it only schedules a soft-interrupt. +
In ikectl(8): +
- Accept an "ocsp" option when creating certificates to set the extended key usage for OCSP signing. +
- Let openssl(1) add valid signed certs to the index file which is required to use the builtin openssl OCSP server. +
- Switch from SHA-1 to SHA-256. +
+
Introduce ml_purge(9) and mq_purge(9) to free all mbufs on an mbuf list or queue. + +
In intel(4), fix rendering problems on Broadwell GT3 (Iris 6100/Iris Pro 6200). +
In re(4), expand the rx and tx rings so that deviced needing more packets per interrupt can use them. +
Rework the netstart(8) script. +
In inteldrm(4): +
- Prevent the desktop "Iris Pro Graphics 6200" from being misidentified as ULT. +
- Make the mobile "Iris Graphics 6100" be correctly identified as being a ULT part. +
+
Use pledge(2) in bgpctl(8), ldapctl(8), ldapd(8), m4(1), skeyaudit(1) and skeyinfo(1).
In ntpd(8), revert some parts introduced with the original server rtable support, so servers with numeric IP addresses won't be skipped.
In mg(1), mark *Completions* buffer as read-only.