* Default to use VLANID>0 for IAID instead of MAC address
* Stop sharing the DHCPv6 port in master mode with other processes
* Fix some prefix delegation issues when the carrier drops or
addresses become stale
* Fix a crash when starting dhcpcd with -n
* Fix test for preferring a fake lease over a real one
* Show to real address lifetimes being added when adding IPv6
addresses
* Restore the -G, --nogateway option
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
dispatcher when the required service function could not be found.
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
NULL in API functions that have a NULL check.
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
PAM_BAD_CONSTANT error codes for situations where we previously
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
had been passed to an API function.
- ENHANCE: Improve the RETURN VALUES section in API man pages,
especially for functions that cannot fail, which were incorrectly
documented as returning -1 on failure.
============================================================================
OpenPAM Radula 2017-02-19
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
pam_get_user(3) from using application-provided custom prompts.
- BUGFIX: Plug a memory leak in pam_set_item(3).
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
- BUGFIX: In openpam_readword(3), support line continuations within
whitespace.
- ENHANCE: Add a feature flag to control fallback to "other" policy.
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
code specified in the module options.
- ENHANCE: More and better unit tests.
Incompatible Changes
====================
* Key tables have undergone major changes. Mode key tables are no longer
separate from the main key tables. All mode key tables have been removed,
together with the -t flag to bind-key and unbind-key.
The emacs-edit, vi-edit, emacs-choose and vi-choose tables have been replaced
by fixed key bindings in the command prompt and choose modes. The mode-keys
and status-keys options remain.
The emacs-copy and vi-copy tables have been replaced by the copy-mode and
copy-mode-vi tables. Commands are sent using the -X and -N flags to
send-keys. So the following:
bind -temacs-copy C-Up scroll-up
bind -temacs-copy -R5 WheelUpPane scroll-up
Becomes:
bind -Tcopy-mode C-Up send -X scroll-up
bind -Tcopy-mode WheelUpPane send -N5 -X scroll-up
This changes allows the full command parser (including command sequences) and
command set to be used - for example, the normal command prompt with editing
and history is now used for searching, jumping, and so on instead of a custom
one. The default C-r binding is now:
bind -Tcopy-mode C-r command-prompt -p'search up' "send -X search-backward '%%'"
There are also some new commmands available with send -X, such as
copy-pipe-and-cancel.
* set-remain-on-exit has gone -- can be achieved with hooks instead.
* Hooks: before hooks have been removed and only a selection of commands now
have after hooks (they are no longer automatic). Additional hooks have been
added.
* The xterm-keys option now defaults to on.
Normal Changes
==============
* Support for mouse double and triple clicks.
* BCE (Background Colour Erase) is now supported.
* All occurrences of a search string in copy mode are now highlighted;
additionally, the number of search results is displayed. The highlighting
updates interactively with the default emacs key bindings (incremental
search).
* source-file now understands glob patterns.
* Formats now have simple comparisons:
#{==:a,b}
#{!=:a,b}
* There are the following new formats:
- #{version} -- the tmux server version;
- #{client_termtype} -- the terminal type of the client;
- #{client_name} -- the name of a client;
- #{client_written} -- the number of bytes written to the client.
* The configuration file now accepts %if/%endif conditional blocks which are
processed when it is parsed; the argument is a format string (useful with the
new format comparison options).
* detach-client now has -E to execute a command replacing the client instead of
exiting.
* Add support for custom command aliases, this is an array option which
contains items of the form "alias=command". This is consulted when an
unknown command is parsed.
* break-pane now has -n to specify the new window name.
* OSC 52 support has been added for programs inside tmux to set a tmux buffer.
* The mouse "all event" mode (1003) is now supported.
* Palette setting is now possible (OSC 4 and 104).
* Strikethrough support (a recent terminfo is required).
* Grouped sessions can now be named (new -t).
* terminal-overrides and update-environment are now array options (the previous
set -ag syntax should work without change).
* There have been substantial performance improvements.
CHANGES FROM 2.2 to 2.3 29 September 2016
Incompatible Changes
====================
None.
Normal Changes
==============
* New option 'pane-border-status' to add text in the pane borders.
* Support for hooks on commands: 'after' and 'before' hooks.
* 'source-file' understands '-q' to suppress errors for nonexistent files.
* Lots of UTF8 improvements, especially on MacOS.
* 'window-status-separator' understands #[] expansions.
* 'split-window' understands '-f' for performing a full-width split.
* Allow report count to be specified when using 'bind-key -R'.
* 'set -a' for appending to user options (@foo) is now supported.
* 'display-panes' can now accept a command to run, rather than always
selecting the pane.
* restored --logfile support as a few people complained it vanished
The new logging code even makes the overall binary size smaller
on most platforms.
* BPF filter now trims garbage trailing the payload
OK, it's not garbage, but userland doesn't know some drivers append
FCS to it.
* support NetBSD's RO_MSGFILTER socket option to reduce avoid context
switching for route(4) messages that don't interest us.
* Don't open sockets if just sending signals.
* HMAC-MD5 test's now check expectations in code rather than relying
on visual confirmation.
* added eloop-bench to test performance of eloop with available
polling mechanisms.
(4.2.8p10)
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn
* [Sec 3384] NTP-01-009: Privileged execution of User Library code
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3382] NTP-01-007: Data Structure terminated insufficiently
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send()
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist
(Pentest report 01.2017) <perlinger@ntp.org
* [Sec 3376] Support build "hardening" flags. stenn@ntp.org
* [Sec 3361] 0rigin (zero origin) DoS. HStenn.
* [Bug 3393] clang scan-build findings <perlinger@ntp.org>
* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
- rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
* [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>
* [Bug 3216] libntp audio ioctl() args incorrectly cast to int
on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
- original patch by Majdi S. Abbas
* [Bug 3215] 'make distcheck' fails with new BK repo format <perlinger@ntp.org>
* [Bug 3173] forking async worker: interrupted pipe I/O <perlinger@ntp.org>
- initial patch by Christos Zoulas
* [Bug 3139] (...) time_pps_create: Exec format error <perlinger@ntp.org>
- move loader API from 'inline' to proper source
- augment pathless dlls with absolute path to NTPD
- use 'msyslog()' instead of 'printf() 'for reporting trouble
* [Bug 3107] Incorrect Logic for Peer Event Limiting <perlinger@ntp.org>
- applied patch by Matthew Van Gundy
* [Bug 3065] Quiet warnings on NetBSD <perlinger@ntp.org>
- applied some of the patches provided by Havard. Not all of them
still match the current code base, and I did not touch libopt.
* [Bug 3062] Change the process name of forked DNS worker <perlinger@ntp.org>
- applied patch by Reinhard Max. See bugzilla for limitations.
* [Bug 2923] Trap Configuration Fail <perlinger@ntp.org>
- fixed dependency inversion from [Bug 2837]
* [Bug 2896] Nothing happens if minsane < maxclock < minclock
- produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
* [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
- applied patch by Miroslav Lichvar for ntp4.2.6 compat
* [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
- Fixed these and some more locations of this pattern.
Probably din't get them all, though. <perlinger@ntp.org>
* Update copyright year.
* bk-7 trigger updates
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.10.4-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
