=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/56.html,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- www/56.html 2016/10/16 19:11:29 1.67 +++ www/56.html 2017/06/26 17:18:57 1.68 @@ -38,7 +38,7 @@
  • See a detailed log of changes between the 5.5 and 5.6 releases.

    -

  • signify(1) pubkeys for this release:
    +
  • signify(1) pubkeys for this release:
     base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
 fw:   RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw
@@ -96,31 +96,31 @@
 
 
  • Improved hardware support, including:
     
      
-    
    • SCSI Multipathing support via mpath(4) and associated path drivers on several architectures.
-    
    • New qlw(4) driver for QLogic ISP SCSI HBAs.
-    
    • New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
-    
    • New upd(4) sensor driver for USB Power Devices (UPS).
-    
    • New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs.
-    
    • New uscom(4) driver for simple USB serial adapters.
-    
    • New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices.
-    
    • The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support.
-    
    • The userland interface for the agp(4) driver has been removed.
-    
    • The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets.
-    
    • The firmware for the run(4) driver has been updated to version 0.33.
-    
    • The run(4) driver now supports devices based on the RT3900E chipset.
-    
    • The zyd(4) driver, which was broken for some time, has been fixed.
-    
    • The bwi(4) driver now works in systems with more than 1GB of RAM.
-    
    • The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
+    
    • SCSI Multipathing support via mpath(4) and associated path drivers on several architectures.
+    
    • New qlw(4) driver for QLogic ISP SCSI HBAs.
+    
    • New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
+    
    • New upd(4) sensor driver for USB Power Devices (UPS).
+    
    • New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs.
+    
    • New uscom(4) driver for simple USB serial adapters.
+    
    • New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices.
+    
    • The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support.
+    
    • The userland interface for the agp(4) driver has been removed.
+    
    • The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets.
+    
    • The firmware for the run(4) driver has been updated to version 0.33.
+    
    • The run(4) driver now supports devices based on the RT3900E chipset.
+    
    • The zyd(4) driver, which was broken for some time, has been fixed.
+    
    • The bwi(4) driver now works in systems with more than 1GB of RAM.
+    
    • The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
     
    
 
    
 
 
  • Generic network stack improvements:
     
      
-    
    • divert(4) now supports checksum offload.
+    
    • divert(4) now supports checksum offload.
     
    • IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface.
     
    • Support for RFC4620 IPv6 Node Information Queries has been removed.
     
    • The kernel no longer supports the SO_DONTROUTE socket option.
-    
    • The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493.
+    
    • The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493.
     
    • Include router alert option (RAO) in IGMP packets, as required by RFC2236.
     
    • ALTQ has been removed.
     
    • The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load.
@@ -132,42 +132,42 @@
     
    • Remove ftp and tape as install methods.
     
    • Preserve the disklabel (and next 6 blocks) when installing boot block on
 4k-sector disk drives.
-    
    • Change the "Server?" question to "HTTP Server?" to allow unambiguous autoinstall(8) handling.
-    
    • Allow autoinstall(8) to fetch and install sets from multiple locations.
+    
    • Change the "Server?" question to "HTTP Server?" to allow unambiguous autoinstall(8) handling.
+    
    • Allow autoinstall(8) to fetch and install sets from multiple locations.
     
    • Many sample configuration files have moved from /etc to /etc/examples.
     
    
 
    
 
 
  • Routing daemons and other userland network improvements:
     
      
-    
    • When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be.
-    
    • ftp(1) now allows its User-Agent to be changed via the -U command-line option.
-    
    • The -r option of ping(8) and traceroute(8) has been removed.
-    
    • ifconfig(8) can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off.
-    
    • ifconfig(8) has been made smarter about parsing WEP keys on the command line.
-    
    • ifconfig(8) scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x).
-    
    • MS-CHAPv1 (RFC2433) support has been removed from pppd(8).
-    
    • traceroute6(8)
+    
    • When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be.
+    
    • ftp(1) now allows its User-Agent to be changed via the -U command-line option.
+    
    • The -r option of ping(8) and traceroute(8) has been removed.
+    
    • ifconfig(8) can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off.
+    
    • ifconfig(8) has been made smarter about parsing WEP keys on the command line.
+    
    • ifconfig(8) scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x).
+    
    • MS-CHAPv1 (RFC2433) support has been removed from pppd(8).
+    
    • traceroute6(8)
         has been merged into
-        traceroute(8).
-    
    • The asr API
+        traceroute(8).
+    
    • The asr API
         for asynchronous address resolution and nameserver querying is now public.
-    
    • pflow(4)'s
+    
    • pflow(4)'s
         pflowproto 9 has been removed.
     
    • The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed.
-    
    • snmpd(8),
-        snmpctl(8), and
-        relayd(8)
+    
    • snmpd(8),
+        snmpctl(8), and
+        relayd(8)
         now communicate via the AgentX protocol.
-    
    • relayd(8)
+    
    • relayd(8)
         has a new filtering subsystem, where the new configuration language uses last-matching pf-like rules.
     
    • The new
-        relayd(8)
+        relayd(8)
         filter rules now support URL-based relaying.
-    
    • relayd(8)
+    
    • relayd(8)
         now uses privilege separation for private keys.  This acts as an additional mitigation to
         prevent leakage of the private keys from the processes doing SSL/TLS.
-    
    • New httpd(8)
+    
    • New httpd(8)
         HTTP server with FastCGI and SSL support.
     
    
 
    
@@ -181,7 +181,7 @@
       
  • Merged MDA, MTA and SMTP processes into a single unprivileged process.
       
  • Killed the MFA process, it is no longer needed.
       
  • Added support for email addresses lookups in the
-	table_db backend.
+	table_db backend.
       
  • Added RSA privilege separation support to prevent possible private key leakage.
       
     
  • The following significant bugs have been fixed in this release:
@@ -205,18 +205,18 @@
     
  • Remove md5crypt support.
     
  • Improved easier to use bcrypt API is now available.
     
  • Increase randomness of random mmap mappings.
-    
  • Added getentropy(2).
-    
  • Added timingsafe_memcmp(3).
+    
  • Added getentropy(2).
+    
  • Added timingsafe_memcmp(3).
     
  • Removed the MD4 hash algorithm and functions from
-        cksum(1),
-        S/Key,
+        cksum(1),
+        S/Key,
         and libc.
     
  • gets(3) has been removed.
-    
  • Added reallocarray(3),
+    
  • Added reallocarray(3),
         which allows multiple sized objects to be allocated without the cost of
         clearing memory while avoiding possible integer overflows.
-    
  • Extended fread(3) and
-        fwrite(3)
+    
  • Extended fread(3) and
+        fwrite(3)
         to check for integer overflows.
     
 
    
@@ -229,57 +229,57 @@
     
  • Much faster package updates, due to package contents reordering that
     precludes re-downloading unchanged files.
     
  • Fix many programs that failed when accessing disks having sector sizes other than 512 bytes, including
-badsect(8),
-df(1),
-dump(8),
-dumpfs(8),
-fsck_ext2fs(8),
-fsck_ffs(8),
-fsdb(8),
-growfs(8),
-ncheck_ffs(8),
-quotacheck(8),
-tunefs(8).
+badsect(8),
+df(1),
+dump(8),
+dumpfs(8),
+fsck_ext2fs(8),
+fsck_ffs(8),
+fsdb(8),
+growfs(8),
+ncheck_ffs(8),
+quotacheck(8),
+tunefs(8).
     
  • Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107.  64-bit
 time_t values outside that range are stored as 1/1/1980.
-    
  • bs(6) now prints a battleship splash screen.
+    
  • bs(6) now prints a battleship splash screen.
     
  • rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page, spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been removed.
     
  • rmail(8) and uucpd(8) have been removed from the base system and added to the ports tree.
     
  • Lynx has been removed from the base system and added to the ports tree.
     
  • TCP Wrappers have been removed.
-    
  • Fix atexit(3) recursive handlers.
+    
  • Fix atexit(3) recursive handlers.
     
  • Enhance
-disklabel(8) to recover filesystem mountpoint information when reading saved ascii labels.
+disklabel(8) to recover filesystem mountpoint information when reading saved ascii labels.
     
  • Properly handle
-msgbuf_write(3) EOF conditions, including uses in
-tmux(1),
-dvmrpd(8),
-ldapd(8),
-ldpd(8),
-ospf6d(8),
-ospfd(8),
-relayd(8),
-ripd(8),
-smtpd(8),
-ypldap(8).
-    
  • Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more.
-    
  • Sync fdisk(8) built-in MBR with current /usr/mdec/mbr.
-    
  • Quiet dhclient(8) '-q' even more.
-    
  • Log less redundant dhclient(8) info.
-    
  • New leases, lease renewals, cable state changes more obvious to applications monitoring dhclient(8) files.
-    
  • Preserve chronological order of leases in the dhclient.leases(5) leases files.
-    
  • Use 'lease {}' statements in dhclient.conf(5), allowing interfaces to get an address when no dynamic lease is available.
-    
  • Improve dhclient(8) parsing and printing of classess static routes.
-    
  • Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8).
-    
  • Added sendsyslog(2): syslog(3) now works even when out of file descriptors or in a chroot.
+msgbuf_write(3) EOF conditions, including uses in
+tmux(1),
+dvmrpd(8),
+ldapd(8),
+ldpd(8),
+ospf6d(8),
+ospfd(8),
+relayd(8),
+ripd(8),
+smtpd(8),
+ypldap(8).
+    
  • Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more.
+    
  • Sync fdisk(8) built-in MBR with current /usr/mdec/mbr.
+    
  • Quiet dhclient(8) '-q' even more.
+    
  • Log less redundant dhclient(8) info.
+    
  • New leases, lease renewals, cable state changes more obvious to applications monitoring dhclient(8) files.
+    
  • Preserve chronological order of leases in the dhclient.leases(5) leases files.
+    
  • Use 'lease {}' statements in dhclient.conf(5), allowing interfaces to get an address when no dynamic lease is available.
+    
  • Improve dhclient(8) parsing and printing of classess static routes.
+    
  • Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8).
+    
  • Added sendsyslog(2): syslog(3) now works even when out of file descriptors or in a chroot.
     
  • Added
-errc(3),
-verrc(3),
-warnc(3) and
-vwarnc(3).
+errc(3),
+verrc(3),
+warnc(3) and
+vwarnc(3).
     
  • Faster hibernate/unhibernate performance on amd64 and i386 platforms.
-    
  • Support hibernating to softraid(4) crypto volumes.
-    
  • Improved performance of seekdir(3) to start of current buffer.
+    
  • Support hibernating to softraid(4) crypto volumes.
+    
  • Improved performance of seekdir(3) to start of current buffer.
     
  • Added <endian.h> per the revision of the POSIX spec in progress.
     
  • Apache has been removed.
     
  • Read support for ext4 filesystems.
@@ -291,11 +291,11 @@
     
      
     
    • Potentially-incompatible changes:
       
        
-      
      • sshd(8):
+      
      • sshd(8):
         The default set of ciphers and MACs has been altered to remove
         unsafe algorithms.  In particular, CBC ciphers and
         arcfour* are disabled by default.
-      
      • sshd(8):
+      
      • sshd(8):
         Support for tcpwrappers/libwrap has been removed.
       
      • OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
         using the "curve25519-sha256@libssh.org" KEX exchange method
@@ -309,36 +309,36 @@
         as a library.  So far the wire parsing, key handling and KRL code
         has been refactored.  Please note that we do not consider the API
         stable yet, nor do we offer the library in separable form.
-      
      • ssh(1),
-        sshd(8):
+      
      • ssh(1),
+        sshd(8):
         Add support for Unix domain socket forwarding.  A remote TCP
         port may be forwarded to a local Unix domain socket and vice versa or
         both ends may be a Unix domain socket.
-      
      • ssh(1),
-        ssh-keygen(1):
+      
      • ssh(1),
+        ssh-keygen(1):
         Add support for SSHFP DNS records for Ed25519 key types.
-      
      • sftp(1):
+      
      • sftp(1):
         Allow resumption of interrupted uploads.
-      
      • ssh(1):
+      
      • ssh(1):
         When rekeying, skip file/DNS lookups of the hostkey if it is the same
         as the one sent during initial key exchange.  (bz#2154)
-      
      • sshd(8):
+      
      • sshd(8):
         Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
         GatewayPorts=no; allows client to choose address family.
         (bz#2222)
-      
      • sshd(8):
+      
      • sshd(8):
         Add a
-        sshd_config(5)
+        sshd_config(5)
         PermitUserRC option to control whether ~/.ssh/rc is
         executed, mirroring the no-user-rc authorized_keys option.
         (bz#2160)
-      
      • ssh(1):
+      
      • ssh(1):
         Add a %C escape sequence for LocalCommand and
         ControlPath that expands to a unique identifer based on a
         hash of the tuple of (local host, remote user, hostname, port).  Helps
         avoid exceeding miserly pathname limits for Unix domain sockets in
         multiplexing control paths.  (bz#2220)
-      
      • sshd(8):
+      
      • sshd(8):
         Make the "Too many authentication failures" message include the user,
         source address, port and protocol in a format similar to the
         authentication success/failure messages.  (bz#2199)
@@ -346,59 +346,59 @@
       
      
     
    • The following significant bugs have been fixed in this release:
       
        
-      
      • sshd(8):
+      
      • sshd(8):
         Fix remote forwarding with same listen port but different listen
         address.
-      
      • ssh(1):
+      
      • ssh(1):
         Fix inverted test that caused PKCS#11 keys that were explicitly
         listed in
-        ssh_config(5)
+        ssh_config(5)
         or on the commandline not to be preferred.
-      
      • ssh-keygen(1):
+      
      • ssh-keygen(1):
         Fix bug in KRL generation: multiple consecutive revoked certificate
         serial number ranges could be serialised to an invalid format.
         Readers of a broken KRL caused by this bug will fail closed, so no
         should-have-been-revoked key will be accepted.
-      
      • ssh(1):
+      
      • ssh(1):
         Reflect stdio-forward ("ssh -W host:port ...") failures in
         exit status.  Previously we were always returning 0.  (bz#2255)
-      
      • ssh(1),
-        ssh-keygen(1):
+      
      • ssh(1),
+        ssh-keygen(1):
         Make Ed25519 keys' title fit properly in the randomart border.
         (bz#2247)
-      
      • ssh-agent(1):
+      
      • ssh-agent(1):
         Only cleanup agent socket in the main agent process and not in any
         subprocesses it may have started (e.g. forked askpass).  Fixes agent
         sockets being zapped when askpass processes fatal().  (bz#2236)
-      
      • ssh-add(1):
+      
      • ssh-add(1):
         Make stdout line-buffered; saves partial output getting lost when
-        ssh-add(1)
+        ssh-add(1)
         fatal()s part-way through (e.g. when listing keys from an
         agent that supports key types that
-        ssh-add(1)
+        ssh-add(1)
         doesn't).  (bz#2234)
-      
      • ssh-keygen(1):
+      
      • ssh-keygen(1):
         When hashing or removing hosts, don't choke on "@revoked" markers and
         don't remove "@cert-authority" markers.  (bz#2241)
-      
      • ssh(1):
+      
      • ssh(1):
         Don't fatal when hostname canonicalisation fails and a
         ProxyCommand is in use; continue and allow the
         ProxyCommand to connect anyway (e.g. to a host with a name
         outside the DNS behind a bastion).
-      
      • scp(1):
+      
      • scp(1):
         When copying local->remote fails during read, don't send uninitialised
         heap to the remote end.
-      
      • sftp(1):
+      
      • sftp(1):
         Fix fatal "el_insertstr failed" errors when tab-completing filenames
         with a single quote char somewhere in the string.  (bz#2238)
-      
      • ssh-keyscan(1):
+      
      • ssh-keyscan(1):
         Scan for Ed25519 keys by default.
-      
      • ssh(1):
+      
      • ssh(1):
         When using VerifyHostKeyDNS with a DNSSEC resolver,
         down-convert any certificate keys to plain keys and attempt SSHFP
         resolution.  Prevents a server from skipping SSHFP lookup and forcing
         a new-hostkey dialog by offering only certificate keys.
-      
      • sshd(8):
+      
      • sshd(8):
         Avoid crash at exit via NULL pointer reference.  (bz#2225)
       
      • Fix some strict-alignment errors.
       
      
@@ -406,11 +406,11 @@
 
      
 
    • mandoc 1.13.0:
     
        
-    
      • New implementation of apropos(1),
-      whatis(1),
-      and makewhatis(8) based on SQLite3 databases.
-    
      • Substantial improvements of mandoc(1) error and warning messages.
-    
      • Almost complete implementation of roff(7) numerical expressions.
+    
      • New implementation of apropos(1),
+      whatis(1),
+      and makewhatis(8) based on SQLite3 databases.
+    
      • Substantial improvements of mandoc(1) error and warning messages.
+    
      • Almost complete implementation of roff(7) numerical expressions.
     
      • About a dozen minor new features and numerous bug fixes.
     
      
 
@@ -589,9 +589,9 @@
 To make a boot floppy under MS-DOS, use the "rawrite" utility located
 at CD1:5.6/tools/rawrite.exe. To make the boot floppy under a Unix OS,
 use the
-dd(1)
+dd(1)
 utility. The following is an example usage of
-dd(1),
+dd(1),
 where the device could be "floppy", "rfd0c", or
 "rfd0a".
 
@@ -869,7 +869,7 @@
 OpenBSD ports system.
 
      
 The ports/ directory represents a CVS (see the manpage for
-
+
 cvs(1) if
 you aren't familiar with CVS) checkout of our ports.  As with our complete
 source tree, our ports tree is available via