There is also a reference to smu(4) that appears to be broken, as well as an unreferenced pkg(5) and cupid(6) that I couldn't resolve.
Index: plus58.html =================================================================== RCS file: /cvs/www/plus58.html,v retrieving revision 1.7 diff -u -p -r1.7 plus58.html --- plus58.html 2 Sep 2015 20:30:03 -0000 1.7 +++ plus58.html 4 Sep 2015 04:24:15 -0000 @@ -108,7 +108,7 @@ For changes in other releases, click bel <li>Fix a potential out-of-bounds read in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fnmatch.3";>fnmatch(3)</a>. <!-- 2015-07-30 --> <li>On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations. -<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>. +<li><font color="#e00000">5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1";>ed(1)</a>-style diffs.</font><br>A source code patch exists for <a href="errata56.html#030_patch">5.6</a> and <a href="errata57.html#013_execve">5.7</a>. <li>Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1";>patch(1)</a> about the state of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1";>ed(1)</a> child process is in. <li>Turn off POOL_DEBUG for release. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a>, repair HSTS header output. @@ -222,7 +222,7 @@ For changes in other releases, click bel <li>Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2";>tame(2)</a>. This allows threaded programs to work. <li>Avoid a possible NULL dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1";>openssl(1)</a> s_server (Coverity CID 78873). <li>Add a quirk for Cirrus Logic PD6729: earlier silicon versions of this chip would advertize themselves as multi-function devices while they are not. -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8)</a>, don't accept sockets when syslogd reaches the file descriptor limit. Instead disable the listen event and wait for a second. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8)</a>, don't accept sockets when <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8)</a> reaches the file descriptor limit. Instead disable the listen event and wait for a second. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1";>openssl(1)</a>, avoid dereferencing NULL (Coverity CID 21746). <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2";>tame(2)</a>: <ul> @@ -263,7 +263,7 @@ For changes in other releases, click bel <li>Add label withdraw/release wildcard support. <li>Implement MD5 authentication support. </ul> -<li>In the installer, use the %c and %a fields in pkg.conf. +<li>In the installer, use the %c and %a fields in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg.conf&sektion=5&format=html";>pkg.conf(5)</a>. <li>Show the tame flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ps.1";>ps(1)</a>. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8";>ldpd(8)</a>: <ul> @@ -332,7 +332,7 @@ For changes in other releases, click bel <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8";>sshd(8)</a>, only query each keyboard-interactive device once per authentication request regardless of how many times it is listed. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1";>doas(1)</a>, add -s as a shorthand for "doas $SHELL". <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a>, allow to change the default media type globally or per-location. -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, insist that manual page file name extensions must begin with a digit lest pkg.conf(5) be shown when pkg(5) is asked for. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, insist that manual page file name extensions must begin with a digit lest <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg.conf&sektion=5&format=html";>pkg.conf(5)</a> be shown when pkg(5) is asked for. <!-- 2015-07-17 --> <li>Support HTTP Strict Transport Security (HSTS) in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a>. <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tftpd.8";>tftpd(8)</a> provide a block of random data when clients request the file /etc/random.seed. @@ -466,7 +466,7 @@ For changes in other releases, click bel <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cwm.1";>cwm(1)</a>, introduce "groupsearch" for group menu search. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/xhci.4";>xhci(4)</a>, do not trust the hardware when it says that the number of remaining bytes to transfer is superior to the length of the transfer. <!-- 2015-07-10 --> -<li>On i386, amd64 and sparc64, don't call <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/pool_put.9";>pool_put(9)</a> while holding a mutex to prevent lock ordering problems between the per-pmap mutexes and the kernel lock. This happens because pool_put(9) may grab the kernel lock when it decides to free a pool page. +<li>On i386, amd64 and sparc64, don't call <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/pool_put.9";>pool_put(9)</a> while holding a mutex to prevent lock ordering problems between the per-pmap mutexes and the kernel lock. This happens because <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/pool_put.9";>pool_put(9)</a> may grab the kernel lock when it decides to free a pool page. <li>In ssh, turn off DSA by default. Add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side so it can be turned back on. <!-- 2015-07-09 --> <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8)</a>, ensure the privsep parent and syslogd child are kept in sync if the fd limit is reached. @@ -475,7 +475,7 @@ For changes in other releases, click bel <li>On amd64, prevent possible interrupt recursion before unwinding the stack. <li>In ssh, re-enable ed25519-certs if compiled without OpenSSL. <!-- 2015-07-08 --> -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8";>fdisk(8)</a>, do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows fdisk(8) to work on 4096-byte disks again. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8";>fdisk(8)</a>, do not attempt to read a disk sector worth of data from the file containing the MBR template. This allows <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8";>fdisk(8)</a> to work on 4096-byte disks again. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/file.1";>file(1)</a>, properly handle files >= 4 GB on 32-bit architectures. <li>Switch "openssl dhparam" default from 512 to 2048 bits. <li>Fix a use-after-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/et.4";>et(4)</a>. @@ -651,7 +651,7 @@ For changes in other releases, click bel <!-- 2015-06-13 --> <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/armv7/plrtc.4";>plrtc(4)</a>, a driver for the ARM PrimeCell PL031 RTC. <li>Parse _CST objects and use the C-states they describe when they're sane. -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtwn.4";>rtwn(4)</a>, busy-wait a short while after sending a command to rtwn(4) firmware. This fixes selection of initial TX rate. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtwn.4";>rtwn(4)</a>, busy-wait a short while after sending a command to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtwn.4";>rtwn(4)</a> firmware. This fixes selection of initial TX rate. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/glob.3";>glob(3)</a>, initialize the glob_t before the first failure check. <li>In binutils 2.17, add more encodings of options for the armv7 barrier instructions and allow non "sy"/0xf options for dmb. This omits the *ld options available in armv8 running in a32 mode. <li>In LibreSSL, reject long-form tags in CBS_peek_asn1_tag. Currently, CBS only handles short-form tags. @@ -1124,7 +1124,7 @@ For changes in other releases, click bel <li>Rewrite of tmux mouse support which was a mess. <li>Honour renumber-windows when unlinking a window. </ul> -<li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in smtpd handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>. +<li><font color="#e00000">5.5, 5.6 and 5.7 SECURITY FIX: logic error in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8";>smtpd(8)</a> handling of SNI.</font><br>A source patch is available for <a href="errata55.html#025_smtpd">5.5</a>, <a href="errata56.html#021_smtpd">5.6</a> and <a href="errata57.html#004_smtpd">5.7</a>. <li>Fix incorrect logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8";>smtpd(8)</a> that could lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. <li>Add support for x2apic mode. This is currently only enabled on hypervisors. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, if an explicit line break request (.br or .sp) occurs within an .HP block, the next line doesn't hang, but is simply indented. @@ -1248,7 +1248,7 @@ on them. <li>Show the full LIB in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpctl.8";>ldpctl(8)</a> "show lib" command. <li>Add support for commit ids to "opencvs status". <li>Fix the modified timestamp in the output of "opencvs status". -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves tic(1), sxpm(1) and a few Perl manuals. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, don't allow breaking the output line after hyphens following escape sequences. Improves <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tic.1";>tic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sxpm.1";>sxpm(1)</a> and a few Perl manuals. <li>Use config_suspend() instead of dereferencing ca_activate directly to support drivers that do not need any specific suspend/resume magic and do not have an activate function. This is needed at least by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/macppc/kauaiata.4";>kauaiata(4)</a>. <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1)</a>, fix a quirk with respect to an empty .HP. <!-- 2015-04-03 --> @@ -1274,7 +1274,7 @@ on them. </ul> <li>Run most of the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/sparc64/vnet.4";>vnet(4)</a> interrupt handler without holding the kernel lock. <!-- 2015-03-31 --> -<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a>, zero the tls cert/key length variables when inheriting a server configuration for multiple listen statements in a server block. Otherwise httpd(8) will crash when a listen statement with tls is followed by a listen statement without tls. +<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a>, zero the tls cert/key length variables when inheriting a server configuration for multiple listen statements in a server block. Otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8)</a> will crash when a listen statement with tls is followed by a listen statement without tls. <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh.1";>ssh(1)</a> from warning about SSH1 keys present when compiled without SSH1 support. Also identify SSH1 keys when scanning, even when compiled without SSH1 support. <li>Fix an fd leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh.1";>ssh(1)</a>. <li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/sort.1";>sort(1)</a> ignore $TMPDIR if setuid or setgid. @@ -1365,7 +1365,7 @@ and NPROCESSORS_ONLN to <a href="http:// <li>Support jumbo frames on <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/re.4";>re(4)</a>. <li>Rather than disabling checksum offload in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/re.4";>re(4)</a> for all packets, let it advertise checksum offload to the stack for small (normal-sized) packets and do the checksum itself in software for large packets. <li>Reintroduce r1.173 of src/sys/kern/subr_pool.c (try and place at least 8 items on a page if we're able to use large page allocators). This was backed out because of fallout on landisk which has since been fixed. -<li>Unbreak WEP/WPA on AR5211 <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ath.4";>ath(4)</a> devices by setting hardware WEP keytable entry types to NULL, as done for AR5212 devices. ath(4) uses software crypto. +<li>Unbreak WEP/WPA on AR5211 <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ath.4";>ath(4)</a> devices by setting hardware WEP keytable entry types to NULL, as done for AR5212 devices. <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/uath.4";>uath(4)</a> uses software crypto. <li>Re-apply r1.115 of src/sys/dev/pci/if_ix.c (when setting up advanced TX descriptor, use m_getptr to locate the IP or IPv6 header instead of assuming contiguousness of the target buffer across Ethernet and IP/IPv6 headers) that got accidentally reverted. <!-- 2015-03-19 --> <li>Fix a memory leak in an error path in LibreSSL (from OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f).
