===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- www/69.html 2021/04/10 17:16:19 1.14
+++ www/69.html 2021/04/10 23:23:33 1.15
@@ -80,6 +80,8 @@
New/extended platforms:
+ - Support for the powerpc64 platform was improved:
+
- Added astfb(4), a
driver for the framebuffer of the Aspeed BMC found on many POWER8 and
POWER9 systems.
@@ -103,8 +105,9 @@
- Enabled floating-point exceptions on powerpc64.
- Added support for ipmi(4) on PowerNV systems.
-
-
+
+ - Support was added for devices using the Apple M1 SoC:
+
- Recognized Apple Icestorm cores on arm64.
- Added basic support for BCM4379, found on the Apple M1 SoCs, to
bwfm(4).
@@ -124,51 +127,79 @@
a driver for the IOMMU on Apple M1 SoCs.
- Added smmu(4), a
driver for the ARM System MMU.
-
-
-
-
-
- Made loongson kernels recognize Lynloong LM9002/9003 and LM9013.
-
- Use native display resolution 1368x768 for Lynloong all-in-one computers.
-
-
- Disabled base-gcc on loongson and octeon.
-
-
+
- Added an initial attempt to support 8-bit ASIDs such as those on
+ Apple's M1 SoC.
+
- Recognized Apple Firestorm cores on arm64.
+
- Added SMP support to aplintc(4), the interrupt
+ controller driver on Apple M1 SoCs.
+
+ - The arm64 platform support was improved with the following changes:
+
+ - Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing 16-byte
+ copies if possible.
+
- Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
+
- Added clock support for i.MX8MP.
+
- Added support for the VF610 I2C controller to imxiic(4).
+
- Fixed a panic seen with mbuf chains on arm64.
+
- Added dwgpio(4), a
+ driver for the Synopsys DesignWare GPIO controller.
+
- Added "amlogic,meson-g12a-dwmac" to dwge(4).
+
- Added amlpinctrl(4) support
+ for the "Always On" GPIOs.
+
- Added PCIe clocks to amlclock(4).
+
- Made large read and write transactions work in amliic(4).
+
- Added PCIe support to amlpciephy(4).
+
- Added support to dwpcie(4) for the PCIe
+ controller found on Amlogic G12A/G12B/SM1 SoCs.
+
- Implemented intx support in mvkpcie(4).
+
- Added cryptox(4),
+ a driver for armv8 cryptographic extensions.
+
- Added support for PCIe on the NanoPi R4S to rkpcie(4).
+
- Introduced an IOVA allocator, improving the way smmu(4) maps pages.
+
- Added support for rk809 to rkpmic(4), as seen on the
+ Rock Pi N10 with the rk3399pro.
+
- Added support for sdhc(4) on the Raspberry Pi
+ in ACPI mode.
+
- Enabled ixl(4) on arm64.
+
- Updated device-tree bindings for cwfg(4) battery capacity
+ driver to correct attaching and account for monitoring interval
+ change, making cwfg(4) export values under hw.sensors as expected when
+ using a Pinebook Pro.
+
- Added ARMv8-5 instruction set related CPU features to arm64.
+
-Improvements to time measurements, mostly in the kernel:
-
- - Changed the pool(9) timeouts to use the system uptime instead of ticks.
-
- Ensured sleep(3)
- calls nanosleep(2)
- if seconds is zero, now delegating all decisions about whether or not
- to yield the CPU.
-
Various kernel improvements:
- - Added basic support for kclock timeouts to timeout(9).
-
- Added a top-level 'reboot' command to ddb(4).
-
- Fixed the "entry point at 0x10010000" hang reported on amd64
- machines by using a 64MB block to load the kernel.
-
- Added witness(4)
- check for uninitialized (or zeroed) lock usage.
-
- Added fd close notification for kqueue-based poll(2) and select(2).
-
- Added a global "nowake" channel for threads avoiding wakeup(9) to tsleep(9).
-
- Corrected accounting of zero length Transfer Descriptors in xhci(4), preventing running
- out of free Transfer Ring Blocks.
-
- Used per-CPU counter for fault and stats counters reached in uvm_fault().
+
- Added the RAID1C (encrypted raid1) softraid(4) discipline,
+ encrypting data like the CRYPTO discipline and accepting multiple
+ chunks during creation and assembly like the RAID1 discipline.
+
- Corrected raidlevel verification specified by the -c option in bioctl(8).
+
- Introduced kern.video.record for video(4) devices, an analog
+ href="https://man.openbsd.org/video.4">video(4) devices, a privacy feature analog
to the kern.audio.record sysctl(8) parameter for audio(4) devices. By
@@ -181,24 +212,38 @@
- Enabled multiple opens of a video(4) device as
described in the V4L2 specification.
+
+
- Added basic support for kclock timeouts to timeout(9).
+
- Changed the pool(9)
+ timeouts to use the system uptime instead of ticks.
+
- Ensured sleep(3)
+ calls nanosleep(2)
+ if seconds is zero, now delegating all decisions about whether or not
+ to yield the CPU.
+
- Added a top-level 'reboot' command to ddb(4).
+
- Added witness(4)
+ check for uninitialized (or zeroed) lock usage.
+
- Added fd close notification for kqueue-based poll(2) and select(2).
+
- Added a global "nowake" channel for threads avoiding wakeup(9) to tsleep(9).
+
- Added trace points for malloc(9) and free(9), making them
traceabe via dt(4) and btrace(8).
+
- Added btrace(8) -n
+ (no action) mode, which parses the program and then exits.
- Fixed a boot-time crash on sparc64 due to mutex use during the
message buffer initialization.
-
- Prevented a panic in some acpi firmware that provided invalid
+
- Prevented a panic in some ACPI firmware that provided invalid
memory regions in their reserved memory region reporting table.
-
- Disabled com(4) on
- sparc64 for m3000s. Console i/o should fall back to ofw routines.
-
- In softraid(4), added the RAID1C (raid1 + crypto) softraid(4) discipline,
- encrypting data like the CRYPTO discipline and accepting multiple
- chunks during creation and assembly like the RAID1 discipline.
-
- Corrected raidlevel verification specified by the -c option in bioctl(8).
- Added a barrier between reading the cqe flags and the command ID
to prevent completion of the wrong scsi io for Added acpiiort(4), a driver
for the ACPI I/O Remapping Table.
+
- Updated clock interrupt count atomically on mips64.
+
- Prevented an amd64 kernel crash with protection fault due to an
+ invalid offset when reading /dev/kmem.
+
- Permitted access to kern.somaxconn sysctl information when the
+ unix pledge(2) is used,
+ allowing Go programs to use "unix" without also including "inet".
+
- Excluded the first page and added a guard page between I/O
+ virtual address space allocations on arm64.
@@ -222,6 +275,8 @@
- Unlocked getppid(2).
- Introduced locking for amaps and anons, improving build performance.
- Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" rwlock(9) as solock()'s backend to protect the whole layer.
+
- Unlocked sendsyslog(2).
+
- Used per-CPU counter for fault and stats counters reached in uvm_fault().
@@ -234,13 +289,29 @@
- Created /dev/ drm nodes with the same names as linux to simplify libdrm and negate the need for certain ports patches.
-
+
- Prevented memory corruption or improper page access in vmm(4) due to improper TLB
flushing for now by wiring the pages used by virtual machines.
+
- Removed the ability of vmd(8) to boot from kernels
+ in raw/qcow2 images.
+
- Made vmctl(8)
+ properly indicate VMs are stopped instead of "running" with "vmctl
+ status".
+
- Cleaned up events on vmd(8) pause or resume and
+ fixed an issue leading to broken serial console by cleanly tearing
+ down and restoring emulated device state on vm send/receive.
+
- Propagated host-side tap(4) lladdr to guest vm
+ process to allow unicast dhcp and bootp renewals with vmd(8)'s built-in dhcp
+ server.
+
Various new userland features:
@@ -264,6 +335,10 @@
capabilities in sndiod(8) by treating any
device as full-duplex.
+ Fixed visibility of sndioctl(1) output when
+ used through a pipe.
+
Enabled build and install of lldb(1).
Added logger(1)
support to rcctl(8), rc.d(8) for daemons logging
to stdout/stderr.
+ Added a configurable button mapping for tap gestures on touchpads
+ to wsconsctl(8).
+ Made wscons(4)
+ touchpad tap detection less restrictive for multi-finger taps and
+ improved tap detection.
+ Enable apm(4) on arm64 to
+ display meaningful information about battery use and capacity.
-
- Introduced dhcpleased(8), a dhcp
- daemon to acquire IPv4 address leases from servers.
- Added resolvd(8),
- a daemon to rewrite resolv.conf(5).
-
-
Various bugfixes and tweaks in userland:
@@ -316,10 +390,20 @@
When using the cat(1)
-n flag, correctly enumerate files with more than INT_MAX lines.
Fixed a memory leak in ld.so's malloc.
+
Added a "xenodm" login class for xenodm(1) and increased
openfiles to 512 to avoid running out of file descriptors with a busy
desktop.
+ Stopped xenodm(1)
+ from adding authorizations for TCP connections by default and added
+ "listenTCP" to explicitly add authorizations for existing IP addresses
+ on startup.
+ Skip xenodm(1)
+ from adding the IPv6 link local addresses for TCP listener
+ authorizations, matching what is done by startx(1).
+
Fixed -s option for cmp(1).
Improve pledge in doas(1), specifically added
@@ -339,13 +423,46 @@
Allow specification of a path to the mg(1) startup file on the
command line.
+ Added the ability to define single value variables in the mg(1) startup file and use
+ them with find-file.
+ Added a "batch" mode to mg(1) via the "-b" command
+ line option which will initialize a pty, run the specified file of mg
+ commands and then exit.
+ Added mg(1) quoted
+ strings capability in list values and limitation to characters allowed
+ in symbol names.
+ Inverted the mg(1) "R"
+ indicator to mean that a "*" next to a file's name indicates that it
+ is read-only. Made the active buffer indicator more visible by
+ changing it to ">".
+
+ Fixed ksh(1)
+ redrawing of a multiline PS1 prompt in vi mode and added support for
+ ^R (redraw) in insert mode.
+ Used unveil(2) to
+ restrict filesystem access in apmd(8).
+ Removed the 30s minimum delay for xlock(1) timeouts.
+ Stopped deleting the control socket on exit in apmd(8) exit, as deleting
+ the socket in process after calling unveil(2) would cause a
+ unveil restriction violation,
+
+
+
Improved hardware support and driver bugfixes, including:
-
+ - Corrected accounting of zero length Transfer Descriptors in xhci(4), preventing running
+ out of free Transfer Ring Blocks.
- Moved mfokclock(4) from loongson to make it available for other
platforms and renamed it to mfokrtc(4).
@@ -395,44 +512,18 @@
- Introduced uhidpp(4), a driver for
Logitech HID++ devices.
+
- Separated reading of general and touchpad-specific wsmouse(4) settings and
+ corrected identification of device type when reading touchpad
+ parameters fails.
+
- Added support for 30-bit color modes to simplefb(4).
+
- Added wsfb(4)
+ support for 30-bit color.
-
-
-
- Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing 16-byte
- copies if possible.
-
- Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
-
- Added clock support for i.MX8MP.
-
- Added support for the VF610 I2C controller to imxiic(4).
-
- Fixed a panic seen with mbuf chains on arm64.
-
- Added dwgpio(4), a
- driver for the Synopsys DesignWare GPIO controller.
-
- Added "amlogic,meson-g12a-dwmac" to dwge(4).
-
- Added amlpinctrl(4) support
- for the "Always On" GPIOs.
-
- Added PCIe clocks to amlclock(4).
-
- Made large read and write transactions work in amliic(4).
-
- Added PCIe support to amlpciephy(4).
-
- Added support to dwpcie(4) for the PCIe
- controller found on Amlogic G12A/G12B/SM1 SoCs.
-
- Implemented intx support in mvkpcie(4).
-
- Added cryptox(4),
- a driver for armv8 cryptographic extensions.
-
- Added support for PCIe on the NanoPi R4S to rkpcie(4).
-
-
+
- Made loongson kernels recognize Lynloong LM9002/9003 and LM9013 models.
+
- Use native display resolution 1368x768 for Lynloong all-in-one computers.
New or improved network hardware support:
@@ -449,7 +540,6 @@
href="https://man.openbsd.org/mvneta.4">mvneta(4).
Added mvsw(4), a
driver for Marvel "SOHO" switches.
-
Enabled auto-negotiation on the SerDes links, allowing
in-band-status to work between mvpp(4) and Raised the maximum number of queues/interrupts from 1 to 16 on mcx(4) devices.
Added support for the Netgear ProSecure UTM25 to octeon.
-
-
+ Added vid/pid table to umb(4) allowing matching to
+ alternate configurations.
Added or improved wireless network drivers:
@@ -484,7 +575,21 @@
Enabled athn(4) for arm64.
Added support for version 7 of the bwfm(4) PCIe interface.
-
+ Implemented RA (new 11nm Tx rate adaptation) in iwm(4) and iwn(4).
+ Prevented a WPA failure in ipw(4) due to a state
+ mismatch between firmware and net80211 during the association
+ sequence.
+ Ensured WEP and plaintext interface link state update by ipw(4).
+ Made iwx(4) attach to
+ AX201 devices with PCI ID 0x34f0. Needs fw_update(1).
+ Fixed a problem where iwn(4) firmware would
+ generate bogus block ack requests and stall traffic.
IEEE 802.11 wireless stack improvements and bugfixes:
@@ -499,27 +604,14 @@
Avoided spurious "input packet decapsulations failed" errors in
netstat(1) -W with
A-MSDU enabled.
-
-
+ Introduced RA, a new 11nm Tx rate adaptation module for net80211.
+ Unlike MiRa, RA does not attempt to precisely measure actual
+ throughput but simply deducts a loss percentage from the theoretical
+ throughput which can be achieved by a given MCS.
Generic network stack improvements and bugfixes:
- - Prevented kernel reuse of mbuf memory when generating the ICMP6
- response to an IPv6 packet.
-
- Added the ability to force the selection of source IP address for
- programs that do not specify a source IP, configurable via route(8).
-
- For IPv6 addresses, added tracking of address proposal creation
- times to be able to establish total lifetime. This information is used
- to renew pltime/vltime of privacy addresse per RFC 4941.
-
- Fixed wg(4) on macppc
- by keeping track of allowed ips pointer correctly.
-
- Use the toeplitz hash algorithm to a flowid for tcp packets,
- which in turn is used to choose the tx ring on network cards with
- multiple rings.
-
- Fixed wg(4) ioctl to
- handle multiple wgpeers.
- Removed the direct ACK on every other data segment. After
receiving a data segment, we were sending out two ACKs, the first one
in tcp_input() direct after receiving and the second ACK after the
@@ -538,18 +630,51 @@
mac learning bridge.
- Introduced veb(4), a
Virtual Ethernet Bridge driver.
-
- Added support for adding and deleting mac addr entries on nvgre(4).
-
- Added support for adding and deleting address table entries to bpe(4), veb(4) and etherbridge.
+
- Added the ability to force the selection of source IP address for
+ programs that do not specify a source IP, overriding the default
+ source IP selection algorithm. This is configurable via route(8)
+ sourceaddr command.
+
- Bring interfaces up when autoconfiguration for inetor inet6 is
+ enabled (AUTOCONF4 or AUTOCONF6 flags).
+
- Adjust terminology in ifconfig(8) to refer to
+ "temporary address extensions" rather than the former "privacy
+ extensions," including the addition of an AUTOCONF6TEMP flag (to
+ replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy
+ option if ifconfig(8)
+ has been deprecated.
+
- Made it possible to disable the "autoconf" flag but keep
+ "temporary" enabled in ifconfig(8).
+
- For IPv6 addresses, added tracking of address proposal creation
+ times to be able to establish total lifetime. This information is used
+ to renew pltime/vltime of privacy addresse per RFC 4941.
-
+
- Prevented kernel reuse of mbuf memory when generating the ICMP6
+ response to an IPv6 packet.
+
- Use the toeplitz hash algorithm to a flowid for tcp packets,
+ which in turn is used to choose the tx ring on network cards with
+ multiple rings.
+
- Fixed wg(4) on macppc
+ by keeping track of allowed ips pointer correctly.
+
- Fixed wg(4) ioctl to
+ handle multiple wgpeers.
+
- Fixed a race between tx/rx handshakes in wg(4).
+
- Prevented a potential hang when trying to remove a tun(4) interface.
+
- Used the correct rdomain when adding and deleting routes with mpip(4) and mpw(4).
+
- Made ifconfig(8)
+ "-mplslabel" work with mpw(4).
-Installer improvements:
+Installer and upgrade improvements:
- Prevented a race in dhclient(8) privsep
@@ -558,18 +683,36 @@
address.
- Fixed hangs on amd64 bsd.rd due to misreported core clock
frequency on newer Intel Comet Lake models.
-
- Began distributing the gzip'd version of bsd.rd on all platforms with boot methods supporting it.
+
- Began distributing the gzip'd version of bsd.rd on all platforms
+ with boot methods supporting it.
+
- Fixed a problem which prevented use of sysupgrade(8) when an
+ interface failed to come up and dhclient(8) didn't
+ notice link-timeout expiration.
+
- Prevented disklabel(8) from
+ adjusting the swap 'b' partition size if physmem is zero to keep the
+ auto-allocate code from putting a filesystem on that partition.
+
- Emulate "[inet] autoconf" hostname.if(5) lines
+ with "dhcp" so users testing dhcpleased(8) will
+ still be able to upgrade manually while the installer uses only dhclient(8).
Security improvements:
- Added notices to syslog whenever the "%n" format string component of printf(3) is used.
+
- Removed workaround permitting Go executables to do syscalls directly, forcing them to use shared libc like all other dynamic binaries.
Routing daemons and other userland network improvements:
-
+ - The bgpd(8) daemon saw the following changes:
+
- Fixed a memory leak when parsing bgpd(8) roa-set lists.
- Stopped allowing configuration of the same neighbor multiple
@@ -603,46 +746,47 @@
- Introduced bgpd(8)
rde evaluate all to work around path hiding in IXP
route-server environments.
+
+ - The ospfd(8) and ospf6d(8) routing
+ daemons saw various internal refactoring to keep the code similar to
+ changes in other routing daemons and improve maintainability.
+ Additionally, support was added in ospfd(8) for interfaces
+ that share the same IP.
+ - The pf(4) packet filter and it's userland utility:
+
+ - Relaxed checks in pfctl(8) and pf(4) to accept any valid
+ routing domain, even if it does not yet exist.
+
- Made pfctl(8)
+ detect and reject bogus ranges before loading the ruleset to prevent a
+ panic.
+
- Changed route-to in pf.conf(5) to send
+ packets to IPs instead of interfaces.
+
- Changed pf_route so pf(4) only runs when packets
+ enter and leave the stack. Running the same packet through pf multiple
+ times creates confusion for the state table. By default, pf states are
+ floating, meaning that packets are matched to states regardless of
+ which interface they're going over. This diff avoids multiple pf(4)
+ traversals of one packet causing confusion in the state table.
+
- Prevented the kernel from being stuck in an endless recursion
+ during TCP path MTU discovery when pf(4) changes the routing
+ table when sending packets.
+
- When cutting off the head of an overlapping fragment during pf(4) reassembly, reinserted
+ the fragment into the lookup table with the correct index.
+
- - Allowed use of ospfd(8) on interfaces that
- share the same IP.
-
-
-
- Prevented a crash due to
- httpd(8) listening on port
- 443 with missing TLS certificates.
-
- Created a new "location (found|notfound)" option for
- httpd.conf(5) to allow
- testing for resource path existence.
-
- Added a directive to httpd(8) to check if a path
- is accessible.
-
- Fixed detection of duplicate locations in httpd(8).
-
- Fixed leak of access and error log filenames on config reload in
- httpd(8).
-
- Avoid leaking the log message in
- httpd(8)'s
- server_sendlog.
-
- Incorrect order of
- close(2) and
- tls_close(3)
- together with a bug in LibSSL led to leaking memory in
- httpd(8)
- for each TLS connection.
-
- Fixed the httpd(8)
- example configuration not to generate errors when running without TLS
- keys already in place.
-
- Optimize disk reads of
- httpd(8)
- by using st_blocksize as high water mark instead of
- the socket buffer size.
-
-
-
+
- IPSEC support in the kernel and the iked(8) userland daemon:
+
- Added support to request IP addresses as IKEv2 initiator to iked(8). If 'request addr
0.0.0.0' is configured, any address will be accepted.
@@ -707,47 +851,69 @@
dynamic address configuration for roadwarrior clients, with a new
"iface" config option which can be used to specify an interface for
the virtual addresses received from the peer.
+
- Fixed an iked(8)
+ interop problem with strongswan if make-before-break is enabled.
+
+ - The httpd(8) webserver saw numberous improvements:
+
+ - Prevented a crash due to
+ httpd(8) listening on port
+ 443 with missing TLS certificates.
+
- Created a new "location (found|notfound)" option for
+ httpd.conf(5) to allow
+ testing for resource path existence.
+
- Added a directive to httpd(8) to check if a path
+ is accessible.
+
- Fixed detection of duplicate locations in httpd(8).
+
- Fixed leak of access and error log filenames on config reload in
+ httpd(8).
+
- Avoid leaking the log message in
+ httpd(8)'s
+ server_sendlog.
+
- Incorrect order of
+ close(2) and
+ tls_close(3)
+ together with a bug in LibSSL led to leaking memory in
+ httpd(8)
+ for each TLS connection.
+
- Fixed the httpd(8)
+ example configuration not to generate errors when running without TLS
+ keys already in place.
+
- Optimize disk reads of
+ httpd(8)
+ by using st_blocksize as high water mark instead of
+ the socket buffer size.
+
-
- - Fixed ldapd(8) cert
- and key path inference for absolute paths.
-
- Fixed incorrect cast in a
- vsnprintf(3)
- error check
- in ldapd(8).
-
- Applied unveil(2)
- to ldapd(8).
+
- rpki-client(8) received the following new features and bugfixes:
+
+ - Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support
+ to rpki-client(8).
+
- Supported use of more than one URI in the TAL file for rpki-client(8),
+ sorting with a preference for https.
+
- Validated ghostbuster records (RFC 6493) in rpki-client(8).
+
- Fixed rpki-client(8) checks
+ for the manifest validity interval.
+
- The connection is now killed when the rsync server stalls.
+
- Limited the URL embedded in .cer files in rpki-client(8) to
+ alphanumeric characters and punctuation.
+
- Added rpki-client(8) -V
+ option to show version.
+
- Included the default cert.pem file path in tls_load_file error
+ messages in rpki-client(8).
+
-
-
- - Relaxed checks in pfctl(8) and pf(4) to accept any valid
- routing domain, even if it does not yet exist.
-
- Made pfctl(8)
- detect and reject bogus ranges before loading the ruleset to prevent a
- panic.
-
- Changed route-to in pf.conf(5) to send
- packets to IPs instead of interfaces.
-
- Changed pf_route so pf(4) only runs when packets
- enter and leave the stack. Running the same packet through pf multiple
- times creates confusion for the state table. By default, pf states are
- floating, meaning that packets are matched to states regardless of
- which interface they're going over. This diff avoids multiple pf(4)
- traversals of one packet causing confusion in the state table.
-
- Prevented the kernel from being stuck in an endless recursion
- during TCP path MTU discovery when pf(4) changes the routing
- table when sending packets.
-
- When cutting off the head of an overlapping fragment during pf(4) reassembly, reinserted
- the fragment into the lookup table with the correct index.
-
-
-
+
- The dig(1) DNS utility received the following updates:
+
- Implemented RFC 8914 Extended DNS Errors for dig(1).
- Fixed dig(1) EDNS
@@ -755,8 +921,13 @@
- Fixed IPv6 link-local address handling for nameservers to talk to
and address to bind to in dig(1).
+
- Implemented ZONEMD (RFC 8976) in dig(1) to convey a message
+ digest of the content of a DNS zone.
+
-
+ - Changes to dhclient(8):
+
- Fixed incorrect behavior when using dhclient.conf(5) to
change the lease renew/rebind/expiry timing.
@@ -764,9 +935,41 @@
href="https://man.openbsd.org/dhclient.8">dhclient(8) options on
"dhcp" lines in hostname.if(5) files.
+
- Finished conversion of dhclient(8) timers to
+ allow monotonic accounting for the active lease.
+
+ - Two new daemons, dhcpleased(8) and resolvd(8) were added.
+ These work alongside with slaacd(8) and unwind(8) to provide a
+ coherent and simple automatic configration of network interfaces and
+ DNS resolution.
+ The two daemons are not enabled by default for now, but can be tested
+ by enableing them with rcctl(8).
+
+ - dhcpleased(8)
+ implements the DHCP protocol to acquire IPv4 address leases from
+ servers.
+
- resolvd(8)
+ manages the content of resolv.conf(5) based
+ on nameserver proposals from dhcpleased(8) and slaacd(8).
+
+ - Other userland network changes:
+
+ - Fixed ldapd(8) cert
+ and key path inference for absolute paths.
+
- Fixed incorrect cast in a
+ vsnprintf(3)
+ error check
+ in ldapd(8).
+
- Applied unveil(2)
+ to ldapd(8).
-
- Changed ping(8) to
drain the raw socket of packets received before we were fully setup to
avoid reporting ICMP responses intended for other instances of ping(8)
@@ -779,6 +982,10 @@
are using Semantically Opaque Interface Identifiers.
- Handled an autoconf interface changing its rdomain in slaacd(8).
+
- Completed slaacd(8) implementation
+ of RFC 8981 temporary address extensions.
+
- Do not leak the domains listed in
unwind(8)'s
blocklist file on each config reload.
@@ -802,6 +1009,9 @@
href="https://man.openbsd.org/dhclient.8">dhclient(8).
- Added a simple --timeout implementation to openrsync(1).
+
- Added the rsync(1)
+ option --no-motd to suppress the information output by the client at
+ the start of a daemon transfer.
- Added support for the use of !command to mygate(5), so that
netstart has a late opportunity to perform network configuration.
@@ -818,6 +1028,8 @@
http or https. Switched to using the timestamps from the remote
server's Last-Modified header if available when saving local files and
introduced the ftp "-u" flag to disable this behavior.
+
- Made ftp(1) set
+ timestamps only on files.
- Added requests for a new certificate without requiring -F when acme-client(1)
@@ -842,18 +1054,29 @@
- Avoid leaking the help text in
systat(8).
- Simplify argument parsing of
- vmctl(8) stop
+ vmctl(8) stop
thereby avoiding a
printf(3) "%s" NULL,
a use of uninitialized and a dead else branch.
-
-
-
+
- Increased the maximum length for CHAP challenges to 96 octets to
+ ensure npppd(8) can
+ handle longer challenges, such as those sent by Juniper.
+
tmux(1) improvements and bug fixes:
- Made tmux(1) synchronize-panes a pane option and added set-option -U flag to unset an option on all panes.
+
- Allowed use of ## and # in tmux(1) styles and added a "w" format modifier for width.
+
- Added a -C flag to tmux(1) run-shell to use a tmux command rather than a shell command.
+
- Added a tmux(1) -N flag to never start the server even if the command would normally do so.
+
- Added the new tmux(1) -S flag to new-window to select the existing window if one with the given name already exists, rather than failing.
+
- Added support for X11 color names and other variations for OSC 10/11 and added OSC 110 and 111 to tmux(1).
+
- Removed tmux(1) support for popups where the content is provided directly to tmux.
+
- Added a tmux(1) "absolute-centre" alignment to use the center of the total space instead of the available space.
+
- Added tmux(1) split-window -Z to start the pane zoomed.
+
- Added client-detached notification in tmux(1) control mode.
+
- Changed tmux(1) search-again with vi keys to work like vi(1).
OpenSMTPD 6.9.0
@@ -869,14 +1092,19 @@
TLS listeners may be configured with multiple certificates,
the matching is based on the names included in these certificates.
Allow to specify tls protocols and ciphers per listener and relay action.
+ Allowed smtpd.conf(5)
+ specification of tls protocols and ciphers on relay actions.
-LibreSSL 3.2.2
+LibreSSL 3.2.5
- New Features
@@ -923,7 +1153,7 @@
-OpenSSH 8.4
+OpenSSH 8.5
@@ -969,6 +1199,7 @@
- Added PermitRemoteOpen to ssh(1) for remote dynamic
forwarding with SOCKS.
+
- Released OpenSSH 8.5.
-->
- Potentially incompatible changes.