===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/61.html,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- www/61.html 2017/04/11 13:23:37 1.90
+++ www/61.html 2017/06/26 17:18:57 1.91
@@ -38,7 +38,7 @@
See a detailed log of changes between the
6.0 and 6.1 releases.
-
signify(1)
+signify(1)
pubkeys for this release:
base: RWQEQa33SgQSEsMwwVV1+GjzdcQfRNV2Bgo48Ztd2KiZ9bAodz9c+Maa
@@ -64,7 +64,7 @@
New/extended platforms:
- New arm64 platform,
- using clang(1)
+ using clang(1)
as the base system compiler.
- The armv7 platform
has seen some major improvements, including a switch to EABI and
@@ -80,114 +80,114 @@
- Improved hardware support, including:
- - New acpials(4)
+
- New acpials(4)
driver for ACPI ambient light sensor devices.
-
- New acpihve(4)
+
- New acpihve(4)
driver for feeding Hyper-V entropy into the kernel pool.
-
- New acpisbs(4)
+
- New acpisbs(4)
driver for ACPI Smart Battery devices.
-
- New dwge(4)
+
- New dwge(4)
driver for Designware GMAC 10/100/Gigabit Ethernet devices.
-
- New htb(4)
+
- New htb(4)
driver for Loongson 3A PCI host bridges.
-
- New hvn(4)
+
- New hvn(4)
driver for Hyper-V networking interfaces.
-
- New hyperv(4)
+
- New hyperv(4)
driver for the Hyper-V guest nexus device.
-
- New iatp(4)
+
- New iatp(4)
driver for the Atmel maXTouch touchpad and touchscreen.
-
- New imxtemp(4)
+
- New imxtemp(4)
driver for Freescale i.MX6 temperature sensors.
-
- New leioc(4)
+
- New leioc(4)
driver for the Loongson 3A low-end IO controller.
-
- New octmmc(4)
+
- New octmmc(4)
driver for the OCTEON MMC host controller.
-
- New ompinmux(4)
+
- New ompinmux(4)
driver for OMAP pin multiplexing.
-
- New omwugen(4)
+
- New omwugen(4)
driver for OMAP wake-up generators.
-
- New psci(4)
+
- New psci(4)
driver for the ARM Power State Coordination Interface.
-
- New simplefb(4)
+
- New simplefb(4)
driver for the simple frame buffer on systems
using a device tree.
-
- New sximmc(4)
+
- New sximmc(4)
driver for Allwinner A1X/A20 MMC/SD/SDIO controllers.
-
- New tpm(4)
+
- New tpm(4)
driver for Trusted Platform Module devices.
-
- New uwacom(4)
+
- New uwacom(4)
driver for Wacom USB tablets.
-
- New vmmci(4)
+
- New vmmci(4)
VMM control interface.
-
- New xbf(4)
+
- New xbf(4)
driver for Xen Blkfront virtual disks.
-
- New xp(4)
+
- New xp(4)
driver for the LUNA-88K HD647180X I/O processor.
- Support for Kaby Lake and Lewisburg PCH Ethernet MACs with I219 PHYs
has been added to the
- em(4) driver.
+ em(4) driver.
- Support for RTL8153 USB 3.0 Gigabit Ethernet based devices
has been added to the
- ure(4) driver.
+ ure(4) driver.
- Improved ACPI support for modern Apple hardware, including S3 suspend
and resume.
- Support for X550 family of 10 Gigabit Ethernet based devices
has been added to the
- ix(4) driver.
+ ix(4) driver.
-
- New vmm(4)/
- vmd(8):
+
- New vmm(4)/
+ vmd(8):
- IEEE 802.11 wireless stack improvements:
- - The ral(4) driver
+
- The ral(4) driver
now supports Ralink RT3900E (RT5390, RT3292) devices.
-
- The iwm(4) and
- iwn(4) drivers
+
- The iwm(4) and
+ iwn(4) drivers
now support the short guard interval (SGI) in 11n mode.
- Added a new implementation of MiRa, a rate adapation algorithm
designed for 802.11n.
-
- The iwm(4) driver
+
- The iwm(4) driver
now supports 802.11n MIMO (MCS 0-15).
-
- The athn(4) driver
+
- The athn(4) driver
now supports 802.11n, featuring MIMO (MCS 0-15) and hostap mode.
-
- The iwn(4) driver
+
- The iwn(4) driver
now receives MIMO frames in monitor mode.
-
- The rtwn(4) and
- urtwn(4) drivers
+
- The rtwn(4) and
+ urtwn(4) drivers
now use AMRR rate adaptation (8188EU and 8188CE devices only).
- TKIP/WPA1 was disabled by default because of inherent weaknesses
in this protocol.
@@ -196,51 +196,51 @@
- Generic network stack improvements:
- - New switch(4)
+
- New switch(4)
pseudo-device together with new
- switchd(8) and
- switchctl(8)
+ switchd(8) and
+ switchctl(8)
programs.
-
- New mobileip(4)
+
- New mobileip(4)
operation mode for the
- gre(4)
+ gre(4)
pseudo-device.
- Multipoint-to-multipoint mode in
- vxlan(4).
-
- route(8)
+ vxlan(4).
+
- route(8)
and netstat -r display all routing flags correctly and they
are completely documented in the
- netstat(1)
+ netstat(1)
man page.
- When sending TCP streams they are locally stored in large
mbuf clusters to improve memory management.
The maximum TCP send and receive buffer size has been
increased from 256KB to 2MB.
Note that this results in a different
- pf(4)
+ pf(4)
OS fingerprint for OpenBSD.
The default limit for mbuf clusters has been increased.
You can check the values with
- netstat(1)
+ netstat(1)
-m and adjust them with
- sysctl(8)
+ sysctl(8)
kern.maxclusters.
- Make the TCP_NOPUSH flag work for
- listen(2)
+ listen(2)
sockets.
It is inherited by the socket returned from
- accept(2).
+ accept(2).
- A lot of code has been removed or simplified to make the
transition to multi-processor easier.
Redesign the interrupt and multi-processor locks in the
network stack.
- When passing packets from the network stack to the
interface layer, make sure that they have no pointers to
- pf(4)
+ pf(4)
which could result in a memory free operation at the wrong
protection level.
- Fix checksum calculation in
- pf(4)
+ pf(4)
af-to ICMP packet conversions.
Simplify af-to processing in and fix path MTU discovery in
some corner cases.
@@ -250,11 +250,11 @@
fragment headers.
Follow RFC 5722 "Handling of Overlapping IPv6 Fragments"
more strictly in
- pf(4).
+ pf(4).
RFC 8021 "IPv6 Atomic Fragments Considered Harmful" deprecates
generating atomic fragments, so do not send them anymore.
- Depending on the addresses,
- ipsecctl(8)
+ ipsecctl(8)
may automatically group SA bundles together.
To make clear what is going on, the kernel provides this
information and ipsecctl -s sa prints IPsec SA bundles.
@@ -279,31 +279,31 @@
- Routing daemons and other userland network improvements:
@@ -313,52 +313,52 @@
- Enforcement of userland W^X on OCTEON Plus and later.
- All shared libraries, all dynamic and static-PIE executables, and
- ld.so(1) itself use
+ ld.so(1) itself use
the RELRO ("read-only after relocation") design such that
more of the initial data is protected as read-only.
- The size of user virtual address space has been increased
from 2GB to 1TB on mips64.
- PIE and -static -pie on arm.
-
- route6d(8) now
+
- route6d(8) now
runs with fewer privileges.
- For incoming TLS connections
- syslogd(8)
+ syslogd(8)
can validate client certificates with a given CA file.
- The privileged parent process of
- syslogd(8)
+ syslogd(8)
calls
- exec(2)
+ exec(2)
to reshuffle its random memory layout.
- New function
- recallocarray(3)
+ recallocarray(3)
to reduce the risk of incorrect clearing of memory before and after
- reallocarray(3).
-
- SHA512_256 family
+ reallocarray(3).
+
- SHA512_256 family
of functions added to libc.
- arm added to the list of archs where the
- setjmp(3)
+ setjmp(3)
family of functions apply XOR cookies to stack and return-address
values in the jmpbuf.
-
- printf(3) family
+
- printf(3) family
of formatting functions now report to syslog when the %s
format is used with a NULL pointer.
- Heap buffer overflow detection has been improved when the C
- malloc(3) option is used.
+ malloc(3) option is used.
The existing S option now includes C.
- Support for permitting non-root users to
- mount(8) filesystems
+ mount(8) filesystems
has been removed.
-
- bioctl(8) now uses
- bcrypt PBKDF to
+
- bioctl(8) now uses
+ bcrypt PBKDF to
derive keys for
- softraid(4) crypto
+ softraid(4) crypto
volumes.
-
- dhclient(8)/
- dhcpd(8)/
- dhcrelay(8) improvements:
+
- dhclient(8)/
+ dhcpd(8)/
+ dhcrelay(8) improvements:
- Add DHO_BOOTFILE_NAME and DHO_TFTP_SERVER to the options requested by default.
- Add support for RFC 6842 (Client Identifier Option in DHCP Server Replies).
@@ -371,125 +371,125 @@
- Fix issues with redundant dhcpd servers and CARP'd interfaces.
- Switch to standard logging functions
- Fix vis/unvis of strings in
- dhclient(8) leases files.
+ dhclient(8) leases files.
- Assorted improvements:
- - New syspatch(8)
+
- New syspatch(8)
utility for security and reliability binary updates to the base
system.
-
- acme-client(1), a
+
- acme-client(1), a
privilege separated Automatic Certificate Management Environment
(ACME) client written by Kristaps Dzonsons has been imported.
- New, simplified
- xenodm(1)
+ xenodm(1)
X11 display manager forked from
- xdm(1).
+ xdm(1).
- Unicode version 8 character properties in the C library.
- Partial UTF-8 line editing support for
- ksh(1) Vi input mode.
+ ksh(1) Vi input mode.
- UTF-8 support in
- column(1).
+ column(1).
- The performance and concurrency of the
- malloc(3) family
+ malloc(3) family
in multi-threaded processes has been improved.
- Estonian keyboard support.
-
- read(2) on
+
- read(2) on
directories now fails instead of returning 0.
- Support for the RES_USE_EDNS0 and RES_USE_DNSSEC
flags has been added to the
- resolver(3)
+ resolver(3)
implementation.
-
- syslogd(8)
+
- syslogd(8)
limits the socket buffer for TCP and TLS connections to 64K
to avoid wasting kernel memory.
-
- syslogd(8)
+
- syslogd(8)
supports the option -Z to print the timestamp in RFC 5424
ISO format.
This logs everything in UTC including the year, timezone
and fractions of seconds.
The default is still RFC 3164 BSD syslog time format.
- When log files are rotated,
- newsyslog(8)
+ newsyslog(8)
writes the creation time in UTC ISO format into the first line.
- The
- syslogd(8)
+ syslogd(8)
options -a, -T, and -U can be given more than once to specify
multiple input sources.
- Improve the
- syslogd(8)
+ syslogd(8)
output and diagnostics in case the klog buffer
overflows.
- Make SIGHUP handling in
- syslogd(8)
+ syslogd(8)
more reliable.
-
- Let syslogd(8)
+
- Let syslogd(8)
tolerate most errors on startup.
Keep running and receive messages from all working subsystems,
but do not die.
-
- The syslog(3)
+
- The syslog(3)
priority of fatal and warning messages of various daemons
has been adjusted.
- An NMI sends the amd64 kernel into
- ddb(4)
+ ddb(4)
more reliably.
-
- ld.so(1) now
+
- ld.so(1) now
supports the DT_PREINITARRAY, DT_INITARRAY, DT_FINIARRAY, DT_FLAGS,
and DT_RUNPATH dynamic tags.
-
- kdump(1)
+
- kdump(1)
now dumps the fds returned by
- pipe(2) and
- socketpair(2).
-
- Added support to doas(1)
+ pipe(2) and
+ socketpair(2).
+
- Added support to doas(1)
for session-locked persistent authentication.
- Use a hardware register for the thread pointer on arm for improved
performance in multi-threaded processes.
- SGI boot blocks now consult the OpenBSD
- disklabel(5)
+ disklabel(5)
to locate the root filesystem.
This reduces constraints on disk partitioning.
-
- iec(4)
+
- iec(4)
no longer hangs when its transmit ring gets full.
-
- sq(4)
+
- sq(4)
has been fixed to accept broadcast frames in non-promiscuous mode
when no IP address is configured.
This lets the interface work with DHCP.
- Multiprocessor-safe PCI interrupt handlers are run
without the kernel lock on OpenBSD/sgi.
-
- fdisk(8) now unconditionally
+
- fdisk(8) now unconditionally
sets the size of the protective MBR's EFI GPT partition to UINT32_MAX.
-
- fdisk(8) now respects the
+
- fdisk(8) now respects the
current MBR or GPT format when initializing a disk.
-
- softraid(4) now uses
+
- softraid(4) now uses
sufficient parallel i/o's to efficiently rebuild RAID5 volumes.
-
- asr now accepts UDP
+
- asr now accepts UDP
packets of up to 4096 bytes to account for broken DNS servers.
-
- umass(4) no longer assumes
+
- umass(4) no longer assumes
that ATAPI or UFI devices have only 1 LUN.
-
- scsi(4) now correctly
+
- scsi(4) now correctly
detects end of tape on LTO5 devices.
-
- httpd(8) supports
+
- httpd(8) supports
SNI
- via libtls
+ via libtls
to allow for multiple https sites on a single IP address.
-
- ocspcheck(8)
+
- ocspcheck(8)
has been added, and can be used to check the OCSP status of
certificates. The corresponding responses can be saved for later use in OCSP stapling.
-
- httpd(8) supports
+
- httpd(8) supports
OCSP stapling
- via libtls
+ via libtls
to permit OCSP responses to be stapled to the tls handshake
-
- nc(1) now also
+
- nc(1) now also
supports OCSP stapling server side, and will show the stapling information
client side.
-
- Both relayd(8) and
- httpd(8) support now
+
- Both relayd(8) and
+ httpd(8) support now
TLS session resumption using TLS session tickets.
See the respective configuration man page for more information.
- With the -f option
- sensorsd(8)
+ sensorsd(8)
can use an alternative config file.
@@ -835,16 +835,16 @@
- mandoc 1.14.1
@@ -980,7 +980,7 @@
Quick installer information for people familiar with OpenBSD, and the use of
-the "disklabel -E" command.
+the "disklabel -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!