===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus59.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- www/plus59.html 2016/02/29 21:29:06 1.2
+++ www/plus59.html 2016/03/01 15:04:53 1.3
@@ -76,6 +76,172 @@
+
+- In ntpd(8), revert some parts introduced with the original server rtable support, so servers with numeric IP addresses won't be skipped.
+
- In mg(1), mark *Completions* buffer as read-only.
+
- In httpd(8), revert usr.sbin/httpd/httpd.c r1.42 (fix PATH_INFO for "/" requests). It breaks slowcgi(8) and php-fpm setups.
+
+
- In mandoc(1) do not access a NULL pointer when a .Bd macro has no arguments at all.
+
- In ntpd(8), remove support for sending status reports to syslog on SIGINFO.
+
- In cvs(1), fix a crash in pserver mode when CVSROOT/passwd contains an old DES password.
+
- Fix interaction between inteldrm(4) and efifb(4).
+
+
- In mg(1), fix opening dired from the command line.
+
- In libcrypto, add support for the Poly1305 Message Authentication Code.
+
- In asmc(4), enable the keyboard backlight led earlier to avoid a race.
+
- In ping(8), back out chacha.
+
- In rebound(8), print stats upon SIGUSR1.
+
- In smtpctl(8), implement the "discover" subcommand.
+
- In ssh(1), fix "PubkeyAcceptedKeyTypes +..." inside a Match block.
+
- Make inteldrm(4) attach to pci(4) instead of vga(4). This is needed for machines where Intel graphics isn't the primary graphics device and on systems with UEFI firmware that put the device in non-VGA mode.
+
+
- Use pledge(2) and privsep in rdate(8).
+
- Use pledge(2) in at(1), cap_mkdb(1), cron(8), crontab(1) and last(1).
+
- In cnmac(4), enable TCP/UDP checksum offloading on packet transmission.
+
- Support backspace in softraid(4) boot passphrase prompt.
+
- In lpd(8), remove pidfile support.
+
- Use pledge(2) in apm(8).
+
- In resolv.conf(5), remove support for "[addr]:port" syntax from the "nameserver" line.
+
- In smtpd(8), support aliases(5) entries resolving to maildir:/path.
+
+
- Add a rcpt-to paramater to smtpd.conf(5).
+
- In unbound(8), don't use a pidfile by default.
+
- In relayd(8), change cipher-server-preference to be on by default.
+
+
- Document eigrpd.conf(5).
+
- In eigrpd(8):
+
+- Print a missing "metric" before the actual metric when printing a redistribute line.
+
- Whenever a summary route is activated, install a respective blackhole route in the FIB.
+
+ - In pkg-config(1), do not reject properties with no whitespace after the colon.
+
- In repquota(8), don't allow -a together with specifying filesystems.
+
- Fix makemap(8) for values containing a "#".
+
- In dhclient(8), add the ability to use option 119 ("Domain Search") if supplied by the server.
+
- In fdisk(8), add GPT editing.
+
- Remove rip6query(8).
+
- In crontab(1), diff(1) and sendbug(1), remove TMPDIR support.
+
- In top(1), print the uptime too.
+
- In httpd(8), fix PATH_INFO for "/" requests.
+
- In mrouted(8), pppd(8), rarpd(8), rbootd(8), smtpd(8), wsmoused(8), ypserv(8), remove pidfile(3) support.
+
- In smtpd(8), avoid a potential double free.
+
+
- In ssh(1), expand tildes in filenames passed to -i before checking whether or not the identity file exists in case the shell doesn't do the expansion (bz#2481).
+
- In route6d(8), fix a memory leak.
+
- In ssh(1), do not prepend "exec" to the shell command run by "Match exec" in a config file (bz#2471).
+
- In tmux(1), extend the modifiers allowed before formats.
+
- Use pledge(2) in rtadvd(8).
+
- In cron(8), ftpd(8), route6d(8) and rtadvd(8), remove pidfile support.
+
- Fix installboot(8) on i386/amd64 when softraid is on top of GPT.
+
- Enable asmc(4) on i386.
+
- In asmc(4), fix seldomly seen "comm collision" errors.
+
- In disklabel(8), remove support for the "b0" and "b1" disktab(5) capabilities.
+
- Do not expose nd6 randomid's to userland via ioctl(2).
+
- In ping6(8), remove -g after IPV6_NEXTHOP removal.
+
- In ip6(4), remove IPV6_NEXTHOP implementation.
+
- In telnet(1), remove IP Source Route support.
+
- In ping6(8), implement ping(8)'s -L option.
+
- Remove the NLS support from libc messages.
+
- In tmux(1), remove TMPDIR support.
+
- Use pledge(2) in
+dig(1),
+host(1),
+nslookup(1),
+nslookup(1),
+
+
- In eigrpd(8), keep conversions between the real and composite bandwidth consistent with what Cisco does.
+
- In ssh(1), fix keyscan output for multiple hosts/addresses on one line when host hashing or a non standard port is in use (bz#2479).
+
- In tcpdump(8), avoid a segfault with malformed DECnet packets.
+
- In ping6(8), move the output of the src address to the -v option. This syncs the output with that of ping(8).
+
- Ignore Router Advertisment's current hop limit.
+
- Wait a short while between setting a USB device's address and reloading its descriptor. This fixes a flaky attach of USB devices on the Thinkpad Helix 2.
+
- In syslogd(8), stop the chrooted child from trying to load the default CA file.
+
- In bgpctl(8):
+
+- Print if a route is redistributed or not at least for static and connected.
+
- Allow other MRT message types to be parsed.
+
+ - Add pair(4), a vether-based virtual Ethernet driver to interconnect rdomains and bridges on the local system.
+
+
- In cnmac(4), make use of hardware RX checksum validation.
+
- In catopen(3), verify that an opened message catalog is valid. This avoids integer overflows and out-of-boundary accesses.
+
- Fix renaming in the root directory of FAT filesystems.
+
- In syslogd(8), if a write to a tty is blocked, use an event instead of forking.
+
- In tmux(1), add a format for scroll position.
+
- In ndp(8), don't do DNS lookups when -n is specified.
+
- Split up tun(4) into tun(4) and tap(4).
+
- In ntpd(8), no longer allow upstream NTP servers to be in multiple routing tables.
+
- Don't enable /etc/fonts/conf.d/10-autohint.conf by default. It causes problems with glyphs exceeding the cell size.
+
- Introduce a new sysctl(3) NET_RT_IFNAMES that returns only ifnames to ifindex mappings.
+
- Use pledge(2) in
+ldpctl(8),
+ldpd(8),
+route(8),
+
- Translate calendar files to UTF-8.
+
+
- On amd64 and i386, enable viornd(4) on RAMDISK_CD.
+
- In eigrpd(8), fix some bugs in the handling of the RTM_GET and RTM_CHANGE messages.
+
- In mandoc(1), avoid a NULL pointer dereference.
+
- Stop linking iked(8) statically. This has benefits like having full ASLR and taking take advantage of libcrypto updates.
+
- Use pledge(2) in addr2line(1), iked(8), login_yubikey(8), nc(1), objdump(1), ps(1), readelf(1), strings(1), su(1), top(1) and
+w(1).
+
- In bgpd(8), revert usr.sbin/bgpd/parse.y r1.282 that allowed for empty blocks for peers. It broke the grammar by introducing shift/reduce errors.
+
- In tmux(1), fix "tmux killw\; detach".
+
- In bgpd(8), log and ignore received empty route messages.
+
+
- Use pledge(2) in doas(1), hangman(6) and renice(8).
+
- In libssl:
+
+- Avoid a (harmless) read and write overrun in the RC4 code.
+
- Avoid a segfault in "openssl gendh 0".
+
+ - In ssh(1), fix a memory leak in an error path.
+
- In tmux(1), add a default binding for mouse wheel up to scroll into history.
+
- In ssh(1) and moduli(5), remove Diffie-Hellman moduli entries below 2048 bits.
+
+
- In eigrpd(8), add support for route summarization.
+
- Add a new getsockopt(2) option IP_IPDEFTTL to retrieve the default TTL.
+
- In write(1), fix writing to other user's tty.
+
- Use pledge(2) in rmt(8).
+
- Replace dnssocket() and dnsconnect() with a SOCK_DNS flag on socket(2).
+
- In vr(4), fix 802.1p VLAN priority code points for VLAN_HWTAGGING.
+
- In tcpdump(8), avoid division by zero by adding an explicit check for a malformed AS segment.
+
- In eigrpd(8), fix a use-after-free.
+
- In iked(8), unbreak OCSP support.
+
+
- Use pledge(2) in nice(1), radiusctl(8) and radiusd(8).
+
- In libssl, stop supporing legacy time formats that OpenSSL supports.
+
- In eigrpd(8), fix memory leaks in error paths.
+
- In iked(8), remove IKEv1 support.
+
- In radiusd(8), avoid a NULL dereference.
+
- Update to freetype 2.6.1.
+
+
- In bge(4), move rxeof and txeof outside the kernel lock.
+
- In drm(4), backport a fix to prevent machines from hanging or resetting.
+
- In crunchgen(8), avoid integer overflow with very large files.
+
- Use pledge(2) in bgplg(8) and inetd(8).
+
+
- Add two new system calls: dnssocket() and dnsconnect().
+
- In drm(4), don't poke registers on the wrong PCI device. This should fix machines such as the Asus EeePC 701.
+
- Use pledge(2) in csh(1), sort(1), savecore(8) and tmux(1).
+
- In ping6(8), implement -w like in ping(8).
+
- In bgpd(8), do not accept fds on the control socket.
+
- In snmpd(8), tighten up the control socket: do not allow users to terminate the daemon by sending corrupted imsgs.
+
- In xinit(1) and xdm(1), don't automatically launch dbus as part of the default user sessions.
+
+
- In ssh(1), increase the minimum modulus that will be sent or accepted in diffie-hellman-group-exchange to 2048 bits.
+
- Unbreak route6d(8): adding unneeded space to its cmsg item breaks sendmsg(2).
+
- In sysmerge(8), drop usage of TMPDIR.
+
- In ping6(8):
+
+- Move -t and -w functionality to -a.
+
- Remove RFC 4620 support.
+
+ - In iwm(4), fix occasional firmware errors while bringing the interface up or scanning.
+
- In nlist(3) and other nlist implementations, validate parsed ELF values to prevent out of boundary accesses.
+
- In hack(6), disable the "!" command to escape to a shell.
+
- In patch(1), add native support for ed(1)-style diffs. This allows for a stronger pledge(2).
+
- Use pledge(2) in cu(1), getty(8), pwd_mkdb(8), route6d(8), vipw(8) and zic(8).
- Add the _rebound user and group in order to improve privdrop for rebound(8).
- Use pledge(2) in ftp(1), identd(8), login_token(8), rebound(8) and sdiff(1).
@@ -220,6 +386,7 @@
- Make uid checking on ~/.forward files more strict. This avoids users from creating hardlink to root-owned files and leaking the first line.
- Fix a use-after-free and out-of-bounds memory reads in the (unprivileged) lookup process. This avoids crashes or potential arbitrary code execution.
+Revert src/sys/net/route.c r1.245. It breaks some NFS setups.
Update to tzdata2015g from ftp.iana.org.
In asmc(4), relax vendor comparison to match variations found in older models such as the MacMini1,1.
On alpha, make the pmap (more) MP-safe by protecting both the pmap itself and the pv lists with a mutex. This should make pmap_enter(9), pmap_remove(9) and pmap_page_protect(9) safe to use without holding the kernel lock.