=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- www/60.html 2016/07/21 10:48:03 1.5 +++ www/60.html 2016/07/21 11:56:18 1.6 @@ -40,7 +40,7 @@
  • See a detailed log of changes between the 5.9 and 6.0 releases.

    -

  • signify(1) +
  • signify(1) pubkeys for this release:
     base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8
@@ -109,11 +109,12 @@
     
  • W^X is now strictly enforced by default;
 	a program can only violate it if the executable is marked with
 	PT_OPENBSD_WXNEEDED and its is located on a filesystem
-	mounted with the wxallowed mount(8) option.
-    
  • The setjmp(3)
+	mounted with the wxallowed
+	mount(8) option.
+    
  • The setjmp(3)
 	family of functions now apply XOR cookies to stack and return-address
 	values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
-    
  • sigreturn(2)
+    
  • sigreturn(2)
 	can now only be used by the kernel-provided signal trampoline,
 	with a cookie to detect attempts to reuse it.
     
  • ...
@@ -126,12 +127,12 @@
     
  • Improved symbol handling and standards compliance in libc.
 	For example, defining an open() function will no longer
 	interfere with the operation of
-	fopen(3).
+	fopen(3).
     
  • PT_TLS sections are now supported in initially loaded object.
     
  • Improved handling of "no paths" and "empty path" in
-	fts(3).
-    
  • kdump(1)
-	now dumps pollfd structures.
+	fts(3).
+    
  • kdump(1)
+	now dumps pollfd structures.
     
  • ...
     
 
    
@@ -171,14 +172,14 @@
         of NTP peers, avoid constant reconnections when there is a bad NTP
         peer.
     
  • Removed disabled
-        hotplug(4)
+        hotplug(4)
         sensor support.
     
  • Added support for detecting crashes in constraint subprocesses.
     
  • Moved the execution of constraints from the ntp process to the
         parent process, allowing for better privilege separation since the
         ntp process can be further restricted.
     
  • Added
-        pledge(2)
+        pledge(2)
         support.
     
  • Fixed high CPU usage when the network is down.
     
  • Fixed various memory leaks.
@@ -187,10 +188,10 @@
     
  • Set MOD_MAXERROR to avoid unsynced time status when using
         ntp_adjtime.
     
  • Fixed HTTP Timestamp header parsing to use
-        strptime(3)
+        strptime(3)
         in a more portable fashion.
     
  • Hardened TLS for
-        ntpd(8)
+        ntpd(8)
         constraints, enabling server name verification.
     
 
    
@@ -206,7 +207,7 @@
           elements over 16k in size.
       
  • Implemented the IETF ChaCha20-Poly1305 cipher suites.
       
  • Fixed password prompts from
-          openssl(1)
+          openssl(1)
           to properly handle ^C.
       
     
  • Code improvements:
@@ -214,20 +215,20 @@
       
  • Fixed an nginx compatibility issue by adding an
           'install_sw' build target.
       
  • Changed default
-          EVP_aead_chacha20_poly1305(3)
+          EVP_aead_chacha20_poly1305(3)
           implementation to the IETF version, which is now the default.
       
  • Reworked error handling in libtls so that configuration
           errors are more visible.
       
  • Added missing error handling around
-          bn_wexpand(3)
+          bn_wexpand(3)
           calls.
       
  • Added
-          explicit_bzero(3)
+          explicit_bzero(3)
           calls for freed ASN.1 objects.
       
  • Fixed X509_*set_object functions to return 0 on allocation
           failure.
       
  • Deprecated internal use of
-          EVP_[Cipher|Encrypt|Decrypt]_Final.
+          EVP_[Cipher|Encrypt|Decrypt]_Final.
       
  • Fixed a problem that prevents the DSA signing algorithm from running
           in constant time even if the flag BN_FLG_CONSTTIME is set. 
       
  • Fixed several issues in the OCSP code that could result in the
@@ -391,9 +392,10 @@
 
    
 
 
    
-Quick installer information for people familiar with OpenBSD, and the
-use of the "disklabel -E" command.  If you are at all confused when
-installing OpenBSD, read the relevant INSTALL.* file as listed above!
+Quick installer information for people familiar with OpenBSD, and the use of
+the "disklabel -E" command.
+If you are at all confused when installing OpenBSD, read the relevant
+INSTALL.* file as listed above!
 
 
    OpenBSD/i386:
    
 
@@ -586,9 +588,10 @@
 
 
    Notes about the source code
    
 
-src.tar.gz contains a source archive starting at /usr/src.  This file
-contains everything you need except for the kernel sources, which are
-in a separate archive.  To extract:
+src.tar.gz contains a source archive starting at /usr/src.
+This file contains everything you need except for the kernel sources,
+which are in a separate archive.
+To extract:
 
 
     # mkdir -p /usr/src
@@ -596,7 +599,7 @@
 # tar xvfz /tmp/src.tar.gz
 
    
 
-sys.tar.gz contains a source archive starting at /usr/src/sys.
+sys.tar.gz contains a source archive starting at /usr/src/sys.
 This file contains all the kernel sources you need to rebuild kernels.
 To extract:
 
@@ -631,11 +634,8 @@
 Rather, it is a set of notes meant to kickstart the user on the
 OpenBSD ports system.
 
    
-The ports/ directory represents a CVS (see the manpage for
-
-cvs(1) if
-you aren't familiar with CVS) checkout of our ports.  As with our complete
-source tree, our ports tree is available via
+The ports/ directory represents a CVS checkout of our ports.
+As with our complete source tree, our ports tree is available via
 AnonCVS.
 So, in order to keep up to date with the -stable branch, you must make
 the ports/ tree available on a read-write medium and update the tree