===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- www/60.html 2016/10/16 19:11:29 1.73
+++ www/60.html 2017/06/26 17:18:57 1.74
@@ -46,7 +46,7 @@
See a detailed log of changes between the
5.9 and 6.0 releases.
-
signify(1)
+signify(1)
pubkeys for this release:
base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8
@@ -90,33 +90,33 @@
Improved hardware support, including:
- - New bytgpio(4)
+
- New bytgpio(4)
driver for the Intel Bay Trail GPIO controller.
-
- New chvgpio(4)
+
- New chvgpio(4)
driver for the Intel Cherry View GPIO controller.
-
- New maxrtc(4)
+
- New maxrtc(4)
driver for the Maxim DS1307 real time clock.
-
- New nvme(4)
+
- New nvme(4)
driver for the Non-Volatile Memory Express (NVMe) host controller interface.
-
- New pcfrtc(4)
+
- New pcfrtc(4)
driver for the NXP PCF8523 real time clock.
-
- New umb(4)
+
- New umb(4)
driver for the Mobile Broadband Interface Model (MBIM).
-
- New ure(4)
+
- New ure(4)
driver for RealTek RTL8152 based 10/100 USB Ethernet devices.
-
- New utvfu(4)
+
- New utvfu(4)
driver for audio/video capture devices based on the Fushicai USBTV007.
-
- The iwm(4) driver
+
- The iwm(4) driver
now supports Intel Wireless 3165 and 8260 devices, and works more
reliably in RAMDISK kernels.
- Support for I2C HID devices with GPIO signalled interrupts has
- been added to dwiic(4).
+ been added to dwiic(4).
- Support for larger bus widths, high speed modes, and DMA
transfers has been added to
- sdmmc(4),
- rtsx(4),
- sdhc(4), and
- imxesdhc(4).
+ sdmmc(4),
+ rtsx(4),
+ sdhc(4), and
+ imxesdhc(4).
- Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs.
- Many USB device drivers have been enabled on OpenBSD/octeon.
- Improved support for hardware-reduced ACPI implementations.
@@ -124,37 +124,37 @@
- AES-NI crypto is now done without holding the kernel lock.
- Improved AGP support on PowerPC G5 machines.
- Added support for the SD card slot in Intel Bay Trail SoCs.
-
- The ichiic(4) driver
+
- The ichiic(4) driver
now ignores the SMBALERT# interrupt to prevent an interrupt storm
with buggy BIOS implementations.
- Device attachment problems with the
- axen(4) driver have
+ axen(4) driver have
been fixed.
-
- The ral(4) driver
+
- The ral(4) driver
is more stable under load with RT2860 devices.
- Problems with dead keyboards after resume have been fixed in the
- pckbd(4) driver.
-
- The rtsx(4) driver
+ pckbd(4) driver.
+
- The rtsx(4) driver
now supports RTS522A devices.
- Initial support for MSI-X has been added.
- Support MSI-X in the
- virtio(4) driver.
+ virtio(4) driver.
- Added a workaround for hardware DMA overruns to the
- dc(4) driver.
-
- The acpitz(4) driver
+ dc(4) driver.
+
- The acpitz(4) driver
now spins the fan down after cooling if ACPI uses hysteresis for
active cooling.
-
- The xhci(4) driver
+
- The xhci(4) driver
now performs handoff from an xHCI-capable BIOS correctly.
- Support for multi-touch input has been added to the
- wsmouse(4) driver.
-
- The uslcom(4) driver
+ wsmouse(4) driver.
+
- The uslcom(4) driver
now supports the serial console of Aruba 7xxx wireless controllers.
-
- The re(4) driver
+
- The re(4) driver
now works around broken LED configurations in APU1 EEPROMs.
-
- The ehci(4) driver
+
- The ehci(4) driver
now works around problems with ATI USB controllers (e.g. SB700).
-
- The xen(4) driver
+
- The xen(4) driver
now supports domU configuration under Qubes OS.
@@ -163,15 +163,15 @@
- The HT block ack receive buffer logic follows the algorithm given
in the 802.11-2012 spec more closely.
-
- The iwn(4) driver now
+
- The iwn(4) driver now
keeps track of HT protection changes while associated to an 11n AP.
- The wireless stack and several drivers make more aggressive use
of RTS/CTS to avoid interference from legacy devices and hidden nodes.
-
- The netstat(1) -W
+
- The netstat(1) -W
command now shows information about 802.11n events.
- In hostap mode, do not reuse association IDs of nodes which are
still cached. Fixes a problem where an access point using the
- ral(4) driver
+ ral(4) driver
would get stuck at 1 Mbps because Tx rate accounting happened
on the wrong node object.
@@ -186,13 +186,13 @@
forwarding path.
The prio field on VLAN headers is now correctly set on each fragment
of an IPv4 packet going out on a
- vlan(4) interface.
+ vlan(4) interface.
Enabled device cloning for
- bpf(4).
+ bpf(4).
This allows the system to have just one bpf device node in /dev
that services all bpf consumers (up to 1024).
The Tx queue of the
- cnmac(4)
+ cnmac(4)
driver can now be processed in parallel of the rest of the kernel.
Network input path is now run in thread context.
@@ -202,12 +202,12 @@
- updated list of restricted usercodes
- install.sh and upgrade.sh merged into install.sub
-
- update automatically runs sysmerge(8)
+
- update automatically runs sysmerge(8)
in batch mode before
- fw_update(1)
+ fw_update(1)
- questions and answers are logged in a format that can be used as a
response file for use by
- autoinstall(8)
+ autoinstall(8)
- /usr/local is set to wxallowed during install
@@ -215,36 +215,36 @@
Routing daemons and other userland network improvements:
- Add routing table support to
- rc.d(8) and
- rcctl(8).
-
- Let nc(1)
+ rc.d(8) and
+ rcctl(8).
+
- Let nc(1)
support service names in addition to port numbers.
- Add -M and -m TTL flags to
- nc(1).
+ nc(1).
- Add AF_UNIX support to
- tcpbench(1).
+ tcpbench(1).
- Fixed a regression in
- rarpd(8).
+ rarpd(8).
The daemon could hang if it was idle for a long time.
- Added the llprio option in
- ifconfig(8).
+ ifconfig(8).
- Multiple programs that use
- bpf(4)
+ bpf(4)
have been modified to take advantage of
- bpf(4)
+ bpf(4)
device cloning by opening /dev/bpf0 instead of looping
through /dev/bpf* devices. These programs include
- arp(8),
- dhclient(8),
- dhcpd(8),
- dhcrelay(8),
- hostapd(8),
- mopd(8),
- npppd(8),
- rarpd(8),
- rbootd(8), and
- tcpdump(8).
- The libpcap library
+ arp(8),
+ dhclient(8),
+ dhcpd(8),
+ dhcrelay(8),
+ hostapd(8),
+ mopd(8),
+ npppd(8),
+ rarpd(8),
+ rbootd(8), and
+ tcpdump(8).
+ The libpcap library
has also been modified accordingly.
@@ -255,27 +255,27 @@
a program can only violate it if the executable is marked with
PT_OPENBSD_WXNEEDED and is located on a filesystem
mounted with the wxallowed
- mount(8) option.
+ mount(8) option.
Because there are still too many ports which violate W^X, the
installer mounts the /usr/local filesystem with
wxallowed. This allows the base system to be more
secure as long as /usr/local is a separate filesystem.
If you use no W^X violating programs, consider manually
revoking that option.
-
The setjmp(3)
+ The setjmp(3)
family of functions now apply XOR cookies to stack and return-address
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
- SROP mitigation: sigreturn(2)
+ SROP mitigation: sigreturn(2)
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
- To deter code reuse exploits, rc(8)
+ To deter code reuse exploits, rc(8)
re-links libc.so on startup, placing the objects in a random order.
- In the getpwnam(3)
+ In the getpwnam(3)
family of functions, stop opening the shadow database by default.
- Allow tcpdump(8)
+ Allow tcpdump(8)
-r to be started without root privileges.
Remove
- systrace.
+ systrace.
Remove Linux emulation support.
Remove support for the usermount option.
The TCP SYN cache reseeds its random hash function from
@@ -284,19 +284,19 @@
of the hash function with a timing attack.
To work against SYN flooding attacks the administrator can
change the size of the hash array now.
- netstat(1)
+ netstat(1)
-s -p tcp shows the relevant information to tune
the SYN cache with
- sysctl(8)
+ sysctl(8)
net.inet.tcp.
The administrator can require root privileges for binding to some TCP
and UDP ports with
- sysctl(8)
+ sysctl(8)
net.inet.tcp.rootonly and
- sysctl(8)
+ sysctl(8)
net.inet.udp.rootonly.
Remove a function pointer from the
- mbuf(9) data structure
+ mbuf(9) data structure
and use an index into an array of acceptable functions instead.
@@ -307,58 +307,58 @@
Improved symbol handling and standards compliance in libc.
For example, defining an open() function will no longer
interfere with the operation of
- fopen(3).
+ fopen(3).
PT_TLS sections are now supported in initially loaded object.
Improved handling of "no paths" and "empty path" in
- fts(3).
- In pcap(3),
+ fts(3).
+ In pcap(3),
provide the functions pcap_free_datalinks()
and pcap_offline_filter().
Many bugfixes and structural cleanup in the
- editline(3) library.
+ editline(3) library.
Remove ancient
- dbm(3)
+ dbm(3)
functions;
- ndbm(3) remains.
+ ndbm(3) remains.
Add setenv keyword for more powerful environment handling in
- doas.conf(5).
+ doas.conf(5).
Add -g and -p options to
- aucat.1
+ aucat.1
for time positioning.
- Rewrite audioctl(1)
+ Rewrite audioctl(1)
with a simpler user interface.
Add -F option to
- install(1)
- to fsync(2)
+ install(1)
+ to fsync(2)
the file before closing it.
- kdump(1)
+ kdump(1)
now dumps pollfd structures.
Improve various details of
- ksh(1) POSIX compliance.
- mknod(8) rewritten in a
- pledge(2)-friendly
+ ksh(1) POSIX compliance.
+ mknod(8) rewritten in a
+ pledge(2)-friendly
style and to support creating multiple devices at once.
- Implement rcctl(8)
+ Implement rcctl(8)
get all and getdef all.
- Implement the rcs(1)
+ Implement the rcs(1)
-I (interactive) flag.
- In rcs(1),
+ In rcs(1),
implement Mdocdate keyword substitution.
- In top(1),
+ In top(1),
allow to filter process arguments if they are being displayed.
Added UTF-8 support to
- fold(1) and
- rev(1).
+ fold(1) and
+ rev(1).
Enable UTF-8 by default in
- xterm(1) and
- pod2man(1).
+ xterm(1) and
+ pod2man(1).
Filter out non-ASCII characters in
- wall(1).
- Handle the COLUMNS
+ wall(1).
+ Handle the COLUMNS
environment variable consistently across many programs.
The options -c and -k allow to provide
TLS client certificates for
- syslogd(8)
+ syslogd(8)
on the sending side.
With that the receiving side can verify log messages
are authentic.
@@ -367,69 +367,69 @@
message to show that some entries is missing.
On OpenBSD/octeon, CPU cache write buffering is enabled
to improve performance.
- pkg_add(1) and
- pkg_info(1) now
+ pkg_add(1) and
+ pkg_info(1) now
understand a notion of branch to ease selection of some popular
packages such as python or php, e.g., say
pkg_add python%3.4 to select the 3.4 branch,
and use pkg_info -zm to get a fuzzy listing with branch
selection suitable for pkg_add -l.
- fdisk(8) and
- pdisk(8)
+ fdisk(8) and
+ pdisk(8)
immediately exit unless passed a character special device
- st(4)
+ st(4)
correctly tracks the current block count for variable sized blocks
- fsck_ext2fs(8)
+ fsck_ext2fs(8)
works again
- softraid(4) volumes
+ softraid(4) volumes
can be constructed with disks that have a sector size other than 512 bytes
- dhclient(8)
+ dhclient(8)
DECLINE's and discards unused OFFER's.
- dhclient(8)
+ dhclient(8)
immediately exits if its interface (e.g. a
- bridge(4))
+ bridge(4))
returns EAFNOSUPPORT when a packet is sent.
- httpd(8) returns
+ httpd(8) returns
400 Bad Request for HTTP v0.9 requests.
ffs2's lazy node initialization avoids treating random disk data as
an inode
- fcntl(2) invocations
+ fcntl(2) invocations
in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0)
- socket(2) and
- accept4(2) invocations
+ socket(2) and
+ accept4(2) invocations
in base programs use SOCK_NONBLOCK to eliminate the need for a separate
- fcntl(2).
+ fcntl(2).
tmpfs not enabled by default
the in-kernel semantics of
- pledge(2)
+ pledge(2)
were improved in numerous ways.
Highlights include:
a new chown promise that allows pledged programs to set
setugid attributes,
a stricter enforcement of the recvfd promise and
- chroot(2) is no longer
+ chroot(2) is no longer
allowed for pledged programs.
a number of
- pledge(2)-related bugs
+ pledge(2)-related bugs
(missing promises, unintended changes of behavior, crashes) were fixed,
notably in
- gzip(1),
- nc(1),
- sed(1),
- skeyinit(1),
- stty(1),
+ gzip(1),
+ nc(1),
+ sed(1),
+ skeyinit(1),
+ stty(1),
and various disk-related utilities, such as
- disklabel(8) and
- fdisk(8).
+ disklabel(8) and
+ fdisk(8).
Block size calculation errors in the
- audio(4) driver
+ audio(4) driver
have been fixed.
- The usb(4) driver
+ The usb(4) driver
now caches vendor and product IDs. Fixes an issue where
- usbdevs(8) called
+ usbdevs(8) called
in a loop would cause a USB mass storage device to halt operation.
- The rsu(4) and
- ural(4) drivers
+ The rsu(4) and
+ ural(4) drivers
are now working again after they were accidentally broken in 5.9.
@@ -439,7 +439,7 @@
Security:
- Implement the fork+exec pattern in
- smtpd(8).
+ smtpd(8).
- Fix a logic issue in the SMTP state machine that can lead to
an invalid state and result in a crash.
- Plug a file-pointer leak that can lead to resource exhaustion
@@ -451,7 +451,7 @@
- The following improvements were brought in this release:
- Add the -r option to the
- smtpd(8)
+ smtpd(8)
enqueuer for compatibility with mailx.
- Add missing date or message-id when listening on the submit
port.
@@ -475,29 +475,29 @@
- Code improvements:
@@ -629,20 +629,20 @@
- Fixed an nginx compatibility issue by adding an
'install_sw' build target.
- Changed default
- EVP_aead_chacha20_poly1305(3)
+ EVP_aead_chacha20_poly1305(3)
implementation to the IETF version, which is now the default.
- Reworked error handling in libtls so that configuration
errors are more visible.
- Added missing error handling around
- bn_wexpand(3)
+ bn_wexpand(3)
calls.
- Added
- explicit_bzero(3)
+ explicit_bzero(3)
calls for freed ASN.1 objects.
- Fixed X509_*set_object functions to return 0 on allocation
failure.
- Deprecated internal use of
- EVP_[Cipher|Encrypt|Decrypt]_Final.
+ EVP_[Cipher|Encrypt|Decrypt]_Final.
- Fixed a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
- Fixed several issues in the OCSP code that could result in the
@@ -811,7 +811,7 @@
Quick installer information for people familiar with OpenBSD, and the use of
-the "disklabel -E" command.
+the "disklabel -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!