===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- www/60.html 2016/07/21 10:48:03 1.5
+++ www/60.html 2016/07/21 11:56:18 1.6
@@ -40,7 +40,7 @@
See a detailed log of changes between the
5.9 and 6.0 releases.
-
signify(1)
+signify(1)
pubkeys for this release:
base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8
@@ -109,11 +109,12 @@
W^X is now strictly enforced by default;
a program can only violate it if the executable is marked with
PT_OPENBSD_WXNEEDED and its is located on a filesystem
- mounted with the wxallowed mount(8) option.
- The setjmp(3)
+ mounted with the wxallowed
+ mount(8) option.
+ The setjmp(3)
family of functions now apply XOR cookies to stack and return-address
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
- sigreturn(2)
+ sigreturn(2)
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
...
@@ -126,12 +127,12 @@
Improved symbol handling and standards compliance in libc.
For example, defining an open() function will no longer
interfere with the operation of
- fopen(3).
+ fopen(3).
PT_TLS sections are now supported in initially loaded object.
Improved handling of "no paths" and "empty path" in
- fts(3).
- kdump(1)
- now dumps pollfd structures.
+ fts(3).
+ kdump(1)
+ now dumps pollfd structures.
...
@@ -171,14 +172,14 @@
of NTP peers, avoid constant reconnections when there is a bad NTP
peer.
Removed disabled
- hotplug(4)
+ hotplug(4)
sensor support.
Added support for detecting crashes in constraint subprocesses.
Moved the execution of constraints from the ntp process to the
parent process, allowing for better privilege separation since the
ntp process can be further restricted.
Added
- pledge(2)
+ pledge(2)
support.
Fixed high CPU usage when the network is down.
Fixed various memory leaks.
@@ -187,10 +188,10 @@
Set MOD_MAXERROR to avoid unsynced time status when using
ntp_adjtime.
Fixed HTTP Timestamp header parsing to use
- strptime(3)
+ strptime(3)
in a more portable fashion.
Hardened TLS for
- ntpd(8)
+ ntpd(8)
constraints, enabling server name verification.
@@ -206,7 +207,7 @@
elements over 16k in size.
Implemented the IETF ChaCha20-Poly1305 cipher suites.
Fixed password prompts from
- openssl(1)
+ openssl(1)
to properly handle ^C.
Code improvements:
@@ -214,20 +215,20 @@
Fixed an nginx compatibility issue by adding an
'install_sw' build target.
Changed default
- EVP_aead_chacha20_poly1305(3)
+ EVP_aead_chacha20_poly1305(3)
implementation to the IETF version, which is now the default.
Reworked error handling in libtls so that configuration
errors are more visible.
Added missing error handling around
- bn_wexpand(3)
+ bn_wexpand(3)
calls.
Added
- explicit_bzero(3)
+ explicit_bzero(3)
calls for freed ASN.1 objects.
Fixed X509_*set_object functions to return 0 on allocation
failure.
Deprecated internal use of
- EVP_[Cipher|Encrypt|Decrypt]_Final.
+ EVP_[Cipher|Encrypt|Decrypt]_Final.
Fixed a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
Fixed several issues in the OCSP code that could result in the
@@ -391,9 +392,10 @@
-Quick installer information for people familiar with OpenBSD, and the
-use of the "disklabel -E" command. If you are at all confused when
-installing OpenBSD, read the relevant INSTALL.* file as listed above!
+Quick installer information for people familiar with OpenBSD, and the use of
+the "disklabel -E" command.
+If you are at all confused when installing OpenBSD, read the relevant
+INSTALL.* file as listed above!
OpenBSD/i386:
@@ -586,9 +588,10 @@
Notes about the source code
-src.tar.gz contains a source archive starting at /usr/src. This file
-contains everything you need except for the kernel sources, which are
-in a separate archive. To extract:
+src.tar.gz contains a source archive starting at /usr/src.
+This file contains everything you need except for the kernel sources,
+which are in a separate archive.
+To extract:
# mkdir -p /usr/src
@@ -596,7 +599,7 @@
# tar xvfz /tmp/src.tar.gz
-sys.tar.gz contains a source archive starting at /usr/src/sys.
+sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
@@ -631,11 +634,8 @@
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
-The ports/ directory represents a CVS (see the manpage for
-
-cvs(1) if
-you aren't familiar with CVS) checkout of our ports. As with our complete
-source tree, our ports tree is available via
+The ports/ directory represents a CVS checkout of our ports.
+As with our complete source tree, our ports tree is available via
AnonCVS.
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree