www/66.html - diff

Return to 66.html CVS log

Up to [local] / www

Diff for /www/66.html between version 1.20 and 1.21

-version 1.20, 2019/09/29 10:15:00
+version 1.21, 2019/09/29 18:44:10
 Line 17
 Line 17
 Line 17
  <table>
  <tr>
  <td>
- <a href="images/Puffystock.gif">
+ <a href="images/Puffystock.gif"><!-- XXX -->
- <img alt="Puffystock" width="227" height="343" src="images/Puffystock-s.gif"></a>
+ <img alt="XXX" width="227" height="343" src="images/Puffystock-s.gif"></a>
  <td>
  Released XXX, 2019<br>
  Copyright 1997-2019, Theo de Raadt.<br>
  <br>
  <br>
- Artwork by Hans Tseng, Efrain Farias, and Natasha Allegri.
+ Artwork by XXX Y Z.<!-- XXX -->
  <br>
  <ul>
  <li>See the information on <a href="ftp.html">the FTP page</a> for
 Line 44
 Line 44
 Line 44
  openbsd-66-base.pub:
  <td>
  <a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/openbsd-66-base.pub">
- RWSZaRmt1LEQT9CtPygf9CvONu8kYPTlVEJdysNoUR62/NkeWgdkc3zY</a>
+ RWSvK/c+cFe24BIalifKnqoqdvLlXfeZ9MIj3MINndNeKgyYw5PpcWGn</a>
  <tr><td>
  openbsd-66-fw.pub:
  <td>
- RWQYdGVtTv5IvpH2c+TLQAC4iV7RjoGZ/v75q8MCuC9Mca7nFVCXRefy
+ RWSKyzM3wogTrgHkO88MnRiK/yuu8xy2OeIqhnP/uGL/j2IF4I5djMIM
  <tr><td>
  openbsd-66-pkg.pub:
  <td>
- RWS5D4+188RI6jULDOFzga0Cm1zrXYUAHT6xu0mLrZidbn6xrMB5aZeR
+ RWSS4lqHZ5ayOFMBPj3leAkE9tCsSWG9OxD6MmAIS5Y3H3tD6F4vP/eF
  <tr><td>
  openbsd-66-syspatch.pub:
  <td>
- RWT8U2yd3Aq5DnetILjmSoCQxmyt3VqfGS7GBh19oh4Xre4ywc31PEpw
+ RWRQMmZg6mMlSTfHsJH9czeLAvf9e+ViLvkQ4id4dxaQqWU3aX9Cl/W1
  </table>
  </ul>
  <p>
 Line 76
 Line 76
 Line 76
  <ul>
+ <li>General improvements and bugfixes::
+   <ul>
+     <li>Fixed support for amd64 machines with greater than 1023GB
+       physical memory.
+     <li><a href="https://man.openbsd.org/drm.4">drm(4)</a> updates.
+     <li>The powerpc and octeon architectures are now build with
+       <a href="https://man.openbsd.org/clang.1">clang(1)</a>, in
+       addition to aarch64, amd64, arm, i386, mips64el, sparc64.
+     <li>Disabled <a href="https://man.openbsd.org/gcc.1">gcc</a> in
+       base on armv7 and i386.
+     <li>Prevented <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
+       from repeatedly obtaining a new lease when the mtu is given in a
+       lease.
+     <li>Prevented more than one thread from opening a
+       <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> device in
+       read/write mode.
+     <li>Allowed non-root users to become owner of the
+       <a href="https://man.openbsd.org/drm.4">drm(4)</a> device when they are
+       the first to open it.
+     <li>Added regular expression support for the format search, match
+       and substitute modifiers in
+       <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
+     <li>Added a -v flag to source-file in
+       <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to show the commands
+       and line numbers.
+     <li>Added simple menus usable with mouse or keyboard in
+       <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
+       Introduced the command "display-menu" to show a menu bound to
+       the mouse on status line by default, and added menus in tree,
+       client and buffer modes.
+     <li>Changed the behavior of swap-window -d in
+       <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to match
+       swap-pane.
+     <li>Allow panes to be empty in
+       <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>, and
+       enabling output to be piped to them with split-window or
+       display-message -I.
+     <li>Adjusted <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
+       to automatically scroll when dragging to create a selection with
+       the mouse when the cursor reaches the top or bottom line.
+     <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
+       crash when killing the current window, and other bugfixes.
+   </ul>
+ <li>SMP-Improvements, System call unlocking: ... <!-- XXX -->
+   <ul>
+     <li>Unlocked <a href="https://man.openbsd.org/getrlimit.2">getrlimit(2)</a>
+       and <a href="https://man.openbsd.org/setrlimit.2">setrlimit(2)</a>
+       syscalls.
+     <li>Unlocked <a href="https://man.openbsd.org/read.2">read(2)</a> and
+       <a href="https://man.openbsd.org/write.2">write(2)</a> syscalls.
+     <li>Removed the KERNEL_LOCK from
+       the <a href="https://man.openbsd.org/bridge.4">bridge(4)</a>
+       output fast-path.
+     <li>Made resource limit access MP-safe.
+   </ul>
  <li>Improved hardware support, including:
-     <ul>
+   <ul>
-       <li><a href="https://man.openbsd.org/clang.1">clang(1)</a>
+     <li>Added support for ethernet on Lenovo USB-C docks.
-           is now provided on powerpc.
+     <li>Implemented Linux compatibility
-     </ul>
+       <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>
+       interfaces and enabled the ACPI support code in
+       <a href="https://man.openbsd.org/radeon.4">radeon(4)</a> and
+       <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
+     <li>Implemented backlight control for
+       <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, allowing setting
+       of the backlight using
+       <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
+     <li>Speakers now work on the ThinkPad X1C7.
+     <li>Added <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, an AMD
+       RADEON GPU video driver.
+     <li>Added TSC synchronization for multiprocessor machines and re-enabled TSC
+       as the default amd64 time source.
+     <li>Added support of Realtek ALC285 in
+       <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support
+       for the KSMedia 8-bit IR format and for dual functions on integrated USB
+       cameras.
+     <li>Added the <a href="https://man.openbsd.org/aplgpi.4">aplgpio(4)</a>
+       driver for the gpio controllers on Intel's Apollo Lake SoC.
+     <li>Implemented MSI-X support on sparc64.
+     <li>Skipped PCI host bridges and devices not present with
+       <a href="https://man.openbsd.org/acpi.1">acpi(1)</a> when establishing
+       the mapping between ACPI device nodes and PCI devices.
+     <li>Added the <a href="https://man.openbsd.org/ukspan.4">ukspan(4)</a>
+       driver for the Keyspan USA19HS USB serial adapter.
+     <li>Supported 64BIT DMA for io in
+       <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
+     <li>Fixed MSI/MSI-X on arm64 machines with
+       <a href="https://man.openbsd.org/agintc.4">agintc(4)</a>.
+     <li>Added MSI-X support in
+       <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>, pciecam,
+       <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> and
+       <a href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
+     <li>Improved support for type4 devices in the
+       <a href="https://man.openbsd.org/ubcmtp.4">ubcmtp(4)</a> multi-touch
+       trackpad driver.
+     <li>Support for <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> 1.0
+       specification for PCI devices.
+     <li>Improved support for the AR9271 chipset
+       in <a href="https://man.openbsd.org/athn.4">athn(4)</a> .
+     <li>Support for the trackpad and trackpoint of the Dell Precision 7520
+       laptop in the <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>
+       driver.
+     <li>Added the colemak keyboard layout.
+     <li>New <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
+       driver for the Fairchild FUSB302 USB Type-C controller.
+     <li>Added a fallback to
+       <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>
+       which enables the USB ports on the RockPro64.
+     <li>Added support for more Intel 300 Series PCH devices to
+       <a href="https://man.openbsd.org/ichiic.4">ichiic(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> driver for
+       Mellanox ConnectX-4 (and later) Ethernet controllers.
+     <li>Added support for the cryptographic coprocessor found on newer
+       AMD Ryzen CPUs/APUs.
+     <li>Improved the <a href="https://man.openbsd.org/envy.4">envy(4)</a> codec
+       API and used it on ESI Juli@ cards.
+     <li>Enabled EnvyHT-specific sample rates (above 96kHz) on the host
+       controller for <a href="https://man.openbsd.org/envy.4">envy(4)</a>
+       devices.
+     <li>Added support for the USB serial adapter found in Juniper SRX 300 to
+       <a href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
+     <li>Updated shared drm code,
+       <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>
+       and <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
+       to linux 4.19.34. This adds support for Intel Broxton/Apollo
+       Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake, Cannon
+       Lake and Ice Lake hardware.
+     <li>Made <a href="https://man.openbsd.org/startx.1">startx(1)</a> and
+       <a href="https://man.openbsd.org/xinit.1">xinit(1)</a> work again on
+       modern systems using
+       <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>,
+       <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
+       and <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/mcprtc.4">mcprtc(4)</a>, a driver
+       for the Microchip MCP79400 RTC and similar.
+     <li>Added I2C clock gates to <a href="https://man.openbsd.org/mvclock.4">
+         mvclock(4)</a>.
+     <li>Added support for MSI-X to <a href="https://man.openbsd.org/bnx.4">
+         bnxt(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/octpip.4">octpip(4)</a>, a driver
+       for the Octeon packet input processing unit.
+     <li>Added the <a href="https://man.openbsd.org/octiic.4">octiic(4)</a>
+       driver for OCTEON two-wire serial interfaces.
+     <li>Enabled <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> on octeon.
+     <li>Added <a href="https://man.openbsd.org/octpcie.4">octpcie(4)</a>, a
+       driver for the PCIe controller found on OCTEON II and OCTEON III.
+     <li>Added the <a href="https://man.openbsd.org/octiic.4">octiic(4)</a>
+       driver for OCTEON two-wire serial interfaces.
+     <li>Fixed random kernel hangs on
+       some <a href="https://www.openbsd.org/sparc64.html">sparc64</a>
+       machines by blocking interrupts while sending an IPI on sunv4
+       (as on sun4u).
+   </ul>
+ <li>Improved <a href="https://www.openbsd.org/arm64.html">arm64</a> hardware
+   support, including:
+   <ul>
+     <li>Added support for Ampere eMAG CPU based systems.
+     <li>Added support to <a href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>
+       for obtaining CPU clock frequency.
+     <li>Enabled <a href="https://man.openbsd.org/amlmmc.4">amlmmc(4)</a>, a
+       driver for the SD/MMC controller found on various Amlogic SoCs.
+     <li>Implemented setting the CPU clock for Allwinner A64 SoCs in
+       <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/amldwusb.4">amldwusb(4)</a>,
+       <a href="https://man.openbsd.org/amlusbphy.4">amlusbphy(4)</a> and
+       <a href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>, drivers
+       for the USB controller and PHYs on the Amlogic G12A/B SoCs.
+     <li>Added <a href="https://man.openbsd.org/imxtmu.4">imxtmu(4)</a>, a driver
+       to upport the temperature sensors on i.MX8M SoCs.
+     <li>Added <a href="https://man.openbsd.org/amlrng.4">amlrng(4)</a>, a simple
+       random number generator driver for Amlogic SoCs.
+     <li>Added <a href="https://man.openbsd.org/amclock.4">amclock(4)</a>,
+       a driver for the Amlogic SoC clocks.
+     <li>Added <a href="https://man.openbsd.org/amluart.4">amluart(4)</a>, a
+       driver for the UARTs found on various Amlogic SoCs.
+     <li>Added support for the SMBus System Interfaces (SSIF) to
+       <a href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
+     <li>PXE booting using U-Boot works now.
+     <li>Added clock support
+       to <a href="https://man.openbsd.org/sxisyscon.4">sxisyscon(4)</a>,
+       a driver for the system controller found on various Allwinner
+       SoCs.
+     <li>Implemented <a href="https://man.openbsd.org/smbios.4">smbios(4)</a>
+       support on arm64.
+     <li>Added <a href="https://man.openbsd.org/ucrcom.4">ucrcom(4)</a>, a driver
+       for the serial console of chromebooks.
+     <li>Enabled <a href="https://man.openbsd.org/mvmdio.4">mvmdio(4)</a> and
+       <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> on arm64.
+     <li>Added <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a>
+       support for 'pinconf-single' devices and support for
+       bias and drive-strength properties, needed for HiSilicon SoCs.
+     <li>Added <a href="https://man.openbsd.org/mvdog.4">mvdog(4), a driver</a>
+       to support the watchdog on the Armada 3700 SoC.
+     <li>Added support for the Allwinner H6 to
+       <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a> and
+       <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
+     <li>Enabled <a href="https://man.openbsd.org/amlmmc.4">amlmmc(4)</a>, a
+       driverfor the SD/MMC controller found on various Amlogic SoCs.
+     <li>Added <a href="https://man.openbsd.org/mviic.4">mviic(4)</a>, a driver
+       to support the I2C controller on the Armada 3700 SoC.
+     <li>Added <a href="https://man.openbsd.org/mvuart.4">mvuart(4)</a> to
+       support the Armada 3720's serial console.
+     <li>Added support for the Armada 3720 clocks to
+       <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>
+       and added <a href="https://man.openbsd.org/mvuart.4">mvuart(4) to</a>
+       support the serial console.
+     <li>Added support for the Armada 3720 pinctrl controller to
+       <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>. This
+       controller also includes GPIO controller functionality.
+     <li>Added the RK3328 and RK3399 GMAC clocks to
+       <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
+     <li>Increased MAXCPUs to 32 in arm64, allowing use of all cores on the Ampere
+       eMAG.
+     <li>Added support for the Cortex-A65 CPU.
+     <li>Implemented interrupt controller functionality in
+       <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a>,
+       allowing use of the
+       <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
+       interrupt on the RockPro64.
+   </ul>
  <li>IEEE 802.11 wireless stack improvements:
    <ul>
+     <li>Made net80211 expose reasons for association failures to have
+       <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
+       display them in "scan" output and on the
+       <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>
+       status line.
+     <li><a href="https://man.openbsd.org/ure.4">ure(4)</a> now supports
+       RTL8153B devices.
+     <li>Added support for 802.11n Tx aggregation to net80211 and
+       <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
+     <li>... <!-- XXX -->
    </ul>
  <li>Generic network stack improvements:
-     <ul>
+   <ul>
-     </ul>
+     <li>Enabled TCP and UDP checksum offloading by default for
+       <a href="https://man.openbsd.org/ix.4">ix(4)</a>.
+     <li>Added <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a>, a 802.1Q
+       two-port MAC relay implementation.
+     <li>Added <a href="https://man.openbsd.org/iavf.4">iavf(4)</a> driver for
+       Intel SR-IOV Virtual Functions of Intel 700 series ethernet controllers.
+     <li>Added <a href="https://man.openbsd.org/aggr.4">aggr(4)</a>, a
+       dedicated driver to implement 802.1AX link aggregration.
+     <li>Added port protection support
+       to <a href="https://man.openbsd.org/switch.4">switch(4)</a>. Domain
+       membership is checked for unicast, flooded (broadcast) and local
+       (host-network-bound, e.g. trunk) traffic.
+     <li>Disabled <a href="https://man.openbsd.org/mobileip.4">mobileip(4)</a>.
+     <li>Added support
+       to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
+       for getting and setting rxprio, finishing support for RFC
+. Implemented configuring rxprio
+       in <a href="https://man.openbsd.org/vlan.4">vlan(4)</a>,
+       <a href="https://man.openbsd.org/gre.4">gre(4)</a>,
+       <a href="https://man.openbsd.org/mpw.4">mpw(4)</a>,
+       <a href="https://man.openbsd.org/mpe.4">mpe(4)</a>,
+       <a href="https://man.openbsd.org/mpip.4">mpip(4)</a>,
+       <a href="https://man.openbsd.org/etherip.4">etherip(4)</a>
+       and <a href="https://man.openbsd.org/bpe.4">bpe(4)</a> .
+     <li>Implemented tx mitigation by calling the hardware transmit
+       routine per several packets rather than for individual
+       packets. Defers calls to the transmit routine to a network taskq,
+       or until a backlog of packets has built up.
+     <li>Stopped using <a href="https://man.openbsd.org/splnet.9">splnet(9)</a> when
+         running the network stack now
+         that it is using the NET_LOCK for protection, reducing latency spikes.
+     <li>Added <a href="https://man.openbsd.org/sfp.4">sfp(4), a driver</a>
+       allowing communication with SFPs connected over
+       an I2C bus and reading pages over the SFP framework.
+     <li>Added SFP and I2C ofw frameworks.
+   </ul>
  <li>Installer improvements:
-     <ul>
+   <ul>
-     </ul>
+     <li>Allowed quoted SSIDs in the installer, rather than ignoring
+       those containing whitespace.
+     <li>Introduced <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
+       that can be used to upgrade OpenBSD from one release to the next
+       or from snapshot to snapshot without user input.
+     <li>Added octeon bootloader to files copied to the boot partition.
+       To use the bootloader, the firmware must be configured to load file "boot"
+       instead of "bsd."
+     <li>Included <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a>
+       on the amd64 CD ramdisk.
+     <li>Added <a href="https://man.openbsd.org/tee.1">tee(1)</a> to the ramdisk, and
+         display a moving progress bar
+         during auto upgrade/install.
+     <li>Repaired and improved v6 default route selection, fixing autoinstalls.
+     <li>Added <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
+       support to the sparc64 bootloader.
+     <li>The dhcp configuration is now preserved when restarting an install.
+     <li>The installer now remembers 'autoconf' when restarting an install.
+     <li>Stopped prompting for disks that do not contain a root
+       partition during upgrades. This defaults to the correct disk
+       when full disk encryption is in use, and will be useful for
+       future unattended upgrades.
+     <li>Added <a href="https://www.openbsd.org/octeon.html">octeon</a>
+       bootloader to files copied to the boot partition. To use the
+       bootloader, the firmware must be configured to load file "boot"
+       instead of "bsd."
+   </ul>
  <li>Security improvements:
    <ul>
+     <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
+       now used in 77 userland programs to restrict filesystem
+       access.
+     <li>Various changes
+       in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
+       to improve application behaiviour when encountering hidden
+       filesystem paths.
+     <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can now show
+       which processes have called unveil(2) to run with a restricted
+       filesystem view.
+     <li>Further and improved mittigations against Spectre side-channel
+       vulnerability in Intel CPUs built since 2012.
+     <li>Mitigations for Intel's Microarchitectural Data Sampling
+       vulnerability, using the new CPU VERW behavior if available or
+       by using the proper sequence from Intel's "Deep Dive" doc in the
+       return-to-userspace and enter-VMM-guest
+       paths. Updated <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
+       to pass through the MSR bits so that guests can apply the
+       optimal mitigation.
+     <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
+       environment inheritance not to inherit, and instead reset to the
+       target user's values by default.
+     <li>Make
+       the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS
+       bootloader load a kernel at a random virtual address.
+     <li>Introduced
+       <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
+       and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,
+       which return memory in pages marked MAP_CONCEAL and call
+       <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
+       on <a href="https://man.openbsd.org/free.3">free(3)</a>.
+     <li>Make 'systat pf' not require root permissions
+     (<a href="https://man.openbsd.org/systat.8">systat(8)</a>).
+     <li>Added support for the EFI Random Number Generator Protocol,
+       using it to XOR random data into the buffer we feed the kernel for
+       <a href="https://www.openbsd.org/amd64.html">amd64</a>.
+     <li>Added information about system call memory write protection
+       and stack mappion violations to system
+       accounting. Now <a href="https://man.openbsd.org/daily.8">daily(8)</a>
+       will print a list of affected processes
+       and <a href="https://man.openbsd.org/lastcom.1">lastcomm(1)</a>
+       will flag violations with 'M'.
    </ul>
  <li>Routing daemons and other userland network improvements:
-     <ul>
-       <li>The <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
-         daemon now gets and sets the clock in a secure way when booting
-         even when a battery-backed clock is absent.
-     </ul>
- <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> improvements:
-     <ul>
-     </ul>
- <li>Assorted improvements:
    <ul>
+     <li>The <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
+       daemon now gets and sets the clock in a secure way when booting
+       even when a battery-backed clock is absent.
+     <li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> now
+       removes IPv6 addresses when it detects a link-state change but
+       no new router advertisement is received.
+     <li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
+     now reports SFP, SFP+ and QSFP module information.
+     <li>Imported <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>,
+       a new snmp client which aims to be netsnmp-compatible for
+       supported features, and
+       removed <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a>.
+     <li>Improvements
+       in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>s dns
+       resoving and constraints checking, especially during
+       startup. Unreliable ntp peers are removed them from the pool and
+       dns resolving is repeated to add replacements.
+     <li>Changed the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
+     Adj-RIB-Out to a per-peer set of RB trees, improving speed.
+     <li>Rewrote <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
+       community matching and handling code and improved performance
+       for setups using many communities.
+     <li>Checked the type of a network statement when looking for
+       duplicates
+       in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.  This
+       fixes added network 0.0.0.0/0 after 'network inet static'.
+     <li>Made improvements
+     to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> speed when
+     configuring many peers.
+     <li>Implemented <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
+       'show mrt neighbors', to print the neighbor table of MRT
+       TABLE_DUMP_V2 dumps.
+     <li>Moved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
+       pfkey socket to the parent process. The refreshing of the keys
+       for MD5 and IPSEC is done whenever the session state changes to
+       IDLE or ACTIVE, which should behave better when reloading
+       configs with auth changes.
+     <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, fixed
+       reloading of network statements that have no fixed prefix
+       specification.
+     <li>Extended the maximum size of
+       the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
+       shutdown communication message to 255 bytes.
+     <li>Improvements
+       in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, to
+       always check for namespace collisions on table
+       commands. Introduced 'pfctl -FR' to reset pfctl(8) settings to
+       defaults.
+     <li>Added support
+       to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
+       and various network drivers to display SFP+, XFP, and d QSFP+
+       tranceiver information.
+     <li>Imported Kristaps Dzonsons' RPKI
+       validator, <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
+     <li> <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports
+       binary protocol health checking. See
+       <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
+     <li>Added support for OCSP stapling
+       to <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
+     <li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
+       support for SNI with new 'tls keypair' option to load additional
+       certificates.
+     <li>Added support for 'from/to address[/prefix]'
+       in <a href="https://man.openbsd.org/.8">relayd(8)</a> filter rules.
+     <li>Implemented RFC 8555 "Automatic Certificate Management
+       Environment (ACME)" to
+       enable <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
+       to communicate with the v02 Let's Encrypt API. Read the
+       <a href="faq/upgrade66.html">upgrade guide</a> for more information.
+     <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
+       support for '-T erspan' and
+       arbitrary <a href="https://man.openbsd.org/gre.4">gre(4)</a>
+       protocols.
+     <li>Allowed specifying area by number as well as id
+       in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.
+     <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now
+       accepts both address and number format for 'ospfctl show
+       database area XXX'.
+     <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> reload
+       improvements.
+     <li>Added a check
+       to <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>
+       and <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>
+       that any "depend on" interfaces are in the same rdomain.
+     <li>Make 'passive' (announce a network configured on an interface
+       as a stub network) work with P2P interfaces
+       in <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>.
+     <li>Shutdown the service port when behind a captive portal
+       with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
+       allowing bypass of captive portals that correctly answer SOA
+       queries for the root zone and return NXDOMAIN for the captive
+       portal redirect domain if edns0 is present.
+     <li>Implemented DNS block lists
+     in <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
+     <li>Added support for IKEv2 Message Fragmentation (RFC 7383)
+     to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
+     <li>Enabled switching between wireless and wired interfaces in
+       dhclient(8), setting the default route with the interface
+       address and allowing two default routes in the routing table. A
+       wired interface will be preferred when connected.
+     <li>Added consistent use of 'ifconfig $_if [-inet| -inet6]' to clear existing
+       configurations completely after restarting an install.
+     <li>Added 'forwarded' log format extending the 'combined' log
+     format in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
+   </ul>
+ <li>Assorted improvements:
+   <ul>
      <li> The filesystem buffer cache now more aggressively uses memory
        outside the DMA region, to improve cache performance on amd64
        machines.
      <li> The BER API previously internal to
- <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>,
+       <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>,
- <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
+       <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
- <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>, and
+       <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>, and
- <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> has been moved into
+       <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> has been moved into
- libutil.
+       libutil.
- See <a href="https://man.openbsd.org/ber_read_elements.3">ber_read_elements(3)</a>.
+       See <a href="https://man.openbsd.org/ber_read_elements.3">ber_read_elements(3)</a>.
      <li>Support for specifying boot device in
-         <a href="https://man.openbsd.org/vm.conf#boot_device">vm.conf(5)</a>.
+       <a href="https://man.openbsd.org/vm.conf#boot_device">vm.conf(5)</a>.
-       <li> <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports
+     <li>Removed the old
-            binary protocol health checking. See
+       userland <a href="https://man.openbsd.org/realpath.3">realpath(3)</a>
-            <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
+       and replaced it with __realpath(2), a kernel
+       implementation. This will prevent
+       calling <a href="https://man.openbsd.org/readlink.2">readlink(2)</a>
+       on every component of a path and improve performance for
+       <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
+     <li><a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> speedups,
+     improving dynamic linker performance for large objects.
+     <li>Modified <a href="https://man.openbsd.org/systat.1">systat(1)</a>
+     to allow the use of 'b' to switch to stats since boot.
    </ul>
+ <li>VMM/VMD improvements ... <!-- XXX -->
+   <ul>
+     <li>Added support for 'boot device'
+       to <a href="https://man.openbsd.org/vm.conf.5">vm.conf(5)</a>
+       grammar, the '-B device' counterpart
+       from <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
+     <li>Emulated kvm pvclock
+       in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, compatible
+         with <a href="https://man.openbsd.org/pvclock.4">pvclock(4)</a> in
+           OpenBSD.
+     <li>Enabled reporting of the vm state through use of
+       the <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
+       'status' command.
+     <li>Synced vm state
+       in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when
+       (un)pausing a vm to ensure
+       both <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
+       and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> processes
+       know the vm is paused.
+     <li>Handled some unhandled instructions for SVM which led
+       to <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> guest
+       termination, as well as RDTSCP and INVLPGA instructions.
+     <li>Modified <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> to
+     flush guest TLB entries if the guest disables paging.
+   </ul>
  <li>OpenSMTPD 6.6.0
    <ul>
      <li>New Features
        <ul>
          <li>Introduced support for ECDSA certificates with an ECDSA privsep engine.
-         <li>Introduced builtin filters to allow basic filtering of incoming sessions in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
+         <li>Introduced builtin filters to allow basic filtering of incoming sessions
-         <li>Introduced option to deliver junk to a Junk folder in <a href="https://man.openbsd.org/mail.maildir.8">mail.maildir(8)</a>.
+           in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
+         <li>Introduced option to deliver junk to a Junk folder
+           in <a href="https://man.openbsd.org/mail.maildir.8">mail.maildir(8)</a>.
        </ul>
      <li>Bug fixes
        <ul>
-         <li>Fixed the <a href="https://man.openbsd.org/smtp.1">smtp(1)</a> client so it uses correct default port for SMTPS.
+         <li>Fixed the <a href="https://man.openbsd.org/smtp.1">smtp(1)</a> client
-         <li>Fixed an <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash on excessively large input.
+           so it uses correct default port for SMTPS.
+         <li>Fixed an <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash on
+           excessively large input.
          <li>Ensured mail rejected by an LMTP server will stay queued rather than bouncing.
        </ul>
      <li>Experimental Features
        <ul>
-         <li>Introduced a filters API to allow writing standalone filters for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
+         <li>Introduced a filters API to allow writing standalone filters
+           for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
            with multiple filters made available in ports.
-         <li>Introduced support for proxy-v2 protocol allowing <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> to operate behind proxy.
+         <li>Introduced support for proxy-v2 protocol
+           allowing <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> to
+           operate behind proxy.
        </ul>
    </ul>
-Line 156
+Line 626
 Line 156
 Line 626
      <ul>
        <li>Completed the port of RSA_METHOD accessors from the
            OpenSSL 1.1 API.
-       <li>Documented undescribed options and
+       <li>Documented undescribed options and removed unfunctional
-           removed unfunctional options description in openssl(1) manual.
+           options description
+           in <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
+           manual.
      </ul>
      <li>Compatibility Changes
-Line 169
+Line 641
 Line 169
 Line 641
        <li>
          A plethora of small fixes due to regular oss-fuzz testing.
        <li>
-         Various side channels in DSA and ECDSA were addressed.
+         Various side channels in DSA and ECDSA were addressed.  These
-         These are some of the many issues found in an extensive systematic
+         are some of the many issues found in an extensive systematic
-         analysis of bignum usage by Samuel Weiser, David Schrammel et al.
+         analysis of bignum usage by Samuel Weiser, David Schrammel et
+         al.
        <li>
-         Try to compute the cofactor if a nonsensical value was provided
+         Try to compute the cofactor if a nonsensical value was
-         for ECC parameters.
+         provided for ECC parameters.  Fix from Billy Brumley.
-         Fix from Billy Brumley.
      </ul>
      <li>Internal Improvements
-     <ul>
+       <ul>
-     </ul>
+       </ul>
      <li>Portable Improvements
      <ul>
-       <li>Enabled performance optimizations when building with Visual Studio on Windows.
+       <li>Enabled performance optimizations when building with Visual
+         Studio on Windows.
        <li>Enabled openssl(1) speed subcommand on Windows platform.
      </ul>
      <li>Bug Fixes
      <ul>
-       <li>
+       <li>Fixed issue where SRTP extension would not be sent by
-         Fixed issue where SRTP extension would not be sent by server.
+         server.
-       <li>
+       <li>Fixed incorrect carry operation in 512 addition for
-         Fixed incorrect carry operation in 512 addition for Streebog.
+         Streebog.
        <li>Fixed -modulus option with openssl(1) dsa subcommand.
-       <li>Fixed PVK format output issue with openssl(1) dsa and rsa subcommand.
+       <li>Fixed PVK format output issue with openssl(1) dsa and rsa
+         subcommand.
      </ul>
    </ul>
  <li>OpenSSH 8.X
    <ul>
-   <li>New Features
+     <li>New Features
-   <li>Bugfixes
+       <ul>
+         <li>Added sshsig, a lightweight signature and verification
+           ability for OpenSSH,
+           to <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>.
+           Signatures can be made and verified using <code>ssh-keygen
+           -Y sign|verify</code>.
+         <li>Included SHA2-variant RSA key algorithms in KEX proposal,
+           allowing <a href="https://man.openbsd.org/ssh-keyscan.1">ssh-keyscan(1)</a>
+           to harvest keys from servers that disable SHA1 ssh-rsa.
+         <li>Encrypted
+           private <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
+           keys that are not in use as protection against speculation
+           and memory sidechannel attacks like Spectre, Meltdown,
+           Rowhammer and Rambleed.
+         <li>Adjusted <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
+           to default to using the rsa-sha2-512 signature algorith when
+           signing certificates with an RSA key. This will render these
+           certificates incompatible with OpenSSH 7.1 and earlier,
+           unless the default is overridden by use of the (1) -t flag.
+         <li>Added logging
+         of <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
+         PermitOpen and PermitListen violations.
+         <li>Allowed prepending a list of algorithms to the default set in ssh(1) by
+           starting the list with the ^ character.
+       </ul>
+       <li>Bugfixes
+         <ul>
+           <li>
+         </ul>
    </ul>
  <li>Mandoc XXX
    <ul>
+     <li>Provided a notification to stderr to indicate messages have been shown when
+       mandoc(1) output is printed without a pager, to indicate messages may have
+       preceded the output.
+     <li>Fixed a segfault
+       in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when
+       /tmp is not writable.
+     <li>Added <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
+       support for 'prefers-color-scheme: dark'.
+     <li>Improved <a href="https://man.openbsd.org/man.1">man(1)</a>
+       matching for requests for a specific section.
    </ul>
  <li>Xenocara
    <ul>
+     <li>
    </ul>
  <li><p>Ports and packages:
-Line 231
+Line 743
 Line 231
 Line 743
      <p>Some highlights:
      <ul style="column-count: 3">
+     <li>
+     <li>
+     <li>
+     <li>
+     <li>
+     <li>
      </ul>
  <li>As usual, steady improvements in manual pages and other documentation.
  <li>The system includes the following major components from outside suppliers:
-     <ul>
+   <ul>
-     </ul>
+     <li>ibexpat to 2.2.7
+     <li>unbound 1.9.3
+     <li>NSD 4.2.2.
+     <li>LLVM 8.0.0
+     <li>perl 5.28.2.
+     <li>Mesa 19.0.5.
+     <li>libdrm 2.4.98
+     <li>LLVM 8.0.1
+   </ul>
  </ul>
  </section>