===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- www/69.html 2021/04/04 23:08:33 1.2
+++ www/69.html 2021/04/05 21:59:13 1.3
@@ -80,7 +80,26 @@
New/extended platforms:
- - ...
+
+
- Added astfb(4), a
+ driver for the framebuffer of the Aspeed BMC found on many POWER8 and
+ POWER9 systems.
+
- Added bsd.mp to powerpc64's installXX.{img,iso}.
+
- Added RETGUARD implementation for powerpc and powerpc64.
+
- Added powerpc64 retguard macros for setjmp/longjmp.
+
- Added retguard macros to powerpc64 locore functions.
+
- Added a workaround for PCIO devices that cannot address the full
+ 64-bit PCI address space to powerpc64. Needed for radeondrm(4) and amdgpu(4) since Radeon
+ GPUs only implement 36, 40, or 44 bits of address space.
+
- Added limited emulation of unaligned access in the powerpc64 kernel.
+
- Changed astfb(4) to
+ allow it to become the console on powerpc64.
+
- Added support for passing a bootmac command line argument to
+ RAMDISK on powerpc64.
+
+
Improvements to time measurements, mostly in the kernel:
@@ -90,32 +109,149 @@
Various kernel improvements:
- - ...
+
- Added basic support for kclock timeouts to timeout(9).
+
- Added a top-level 'reboot' command to ddb(4).
+
- Fixed the "entry point at 0x10010000" hang reported on amd64 machines by using a 64MB block to load the kernel.
+
- Added witness(4) check for uninitialized (or zeroed) lock usage.
+
+
+
- Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions.
+
- Introduced a system-wide mutex that serializes msgbuf operations.
+
+
+
+
- Implemented linux interval tree functions for drm(4).
+
- Fixed wsconsctl(8) display commands when using drm(4) drivers on macppc.
+
- Changed from rwlock(9) to mutex(9) for linux rwlocks.
+
- Fixed a panic associated with locks and drm(4) on macppc with Powerbook5,6 and RV350.
+
- Revised the initialization of the drm(4) Linux emulation layer to call it only when the first drm instance attaches.
+
+
Various new userland features:
- - ...
+
- Added doas.conf(5) "nolog"
+ option to avoid syslog(3).
+
- Allowed specific sndio(7) devices to be used
+ for play-only and rec-only modes.
+
Various bugfixes and tweaks in userland:
- - ...
+
- Fixed a pledge violation in csh(1) where redirecting
+ input from a file containing ^T would cause csh(1) to perform a tty
+ ioctl operation against a non-tty.
+
- Prevented a crash due to httpd(8) listening on port
+ 443 with missing TLS certificates.
+
- Stopped exempting file systems from security(8) on the basis
+ of nodev and nosuid options, which may not be used for file systems
+ mounted beneath.
+
- Modified daily(8)
+ to stop reporting disk status and networking statistics.
+
- Made sysupgrade(8) specify
+ a version when it uses fw_update(1) to avoid
+ the situation where upgrading a pre-6.8 snapshot to 6.8 release with
+ "-r" would install firmware packages from snapshots.
+
- Increased speed of the dependency check pass for pkg_add(1).
+
+
- Prevented process exit in multithreaded programs from reporting
+ the wrong error code.
+
+
Improved hardware support and driver bugfixes, including:
- - ...
+
+
- Moved mfokclock(4) from loongson to make it available for other
+ platforms and renamed it to mfokrtc(4).
+
- Fixed brightness setting on MacBooks.
+
- Added AMD Vi and Intel VTD IOMMU support. This creates separate
+ domains for each PCI device and can provide protection against invalid
+ memory access.
+
- Enabled brightness keys on powerbooks where the keyboard attaches
+ as ukbd(4).
+
- Set initial default display brightness on macppc via
+ of_setbrightness() to ensure wscons(4) and ofw are in
+ sync.
+
- Added the ClearFog GT 8K to mvclock(4).
+
- Added support for the PL2303HXN series chips to uplcom(4).
+
- Added support for the PCA9547 I2C mux to pcamux(4).
+
- Extended pcamux(4)
+ with ACPI support.
+
- Added acpige(4), a
+ driver for ACPI generic event devices, used on te HoneyComb LX2K to
+ implement power button handling.
+
- Added pchgpio(4),
+ a driver for the GPIO controllers found on modern Intel PCHs.
+
- Added ACPI support to imxiic(4).
+
- Fixed panics on the HoneyComb LX2K with amdgpu(4).
+
- Fixed very old umass(4) devices where the
+ INQUIRY command succeeds but with a residue equal to the requested
+ bytes.
+
+
+
- Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing 16-byte
+ copies if possible.
+
- Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
+
- Added clock support for i.MX8MP.
+
- Added support for the VF610 I2C controller to imxiic(4).
+
- Fixed a panic seen with mbuf chains on arm64.
+
+
New or improved network hardware support:
- - ...
+
- Fixed link state change behavior in 82598 ix(4) chips.
+
- Fixed issues with network stopping after the first down/up cycle
+ in mvpp(4) Marvel Armada
+ Ethernet device.
+
- Added SFP+ support to ofw, including support for direct attach cables.
+
- Added 10G media support to mvpp(4).
+
- Added support for 1000base-x and 2500base-x connections to mvneta(4).
+
- Added mvsw(4), a
+ driver for Marvel "SOHO" switches.
+
Added or improved wireless network drivers:
- - ...
+
- Fixed athn(4) in
+ client mode against APs that use WPA1/TKIP as the group cipher.
+
- Fixed urtwn(4)
+ against access points using WPA1/TKIP as the group cipher.
+
- Added multicast support to bwfm(4) to allow IPv6.
+
- Fixed urtwn(4)
+ repeated DEAUTH and loss/restoration of link.
+
IEEE 802.11 wireless stack improvements and bugfixes:
@@ -125,7 +261,18 @@
Generic network stack improvements and bugfixes:
- - ...
+
- Prevented kernel reuse of mbuf memory when generating the ICMP6
+ response to an IPv6 packet.
+
- Added the ability to force the selection of source IP address for
+ programs that do not specify a source IP, configurable via route(8).
+
- For IPv6 addresses, added tracking of address proposal creation
+ times to be able to establish total lifetime. This information is used
+ to renew pltime/vltime of privacy addresse per RFC 4941.
+
- Fixed wg(4) on macppc
+ by keeping track of allowed ips pointer correctly.
+
+
Installer improvements:
@@ -140,12 +287,102 @@
Security improvements:
- - ...
+
- Added notices to syslog whenever the "%n" format string component of printf(3) is used.
Routing daemons and other userland network improvements:
- - ...
+
+
- Fixed a memory leak when parsing bgpd(8) roa-set lists.
+
- Stopped allowing configuration of the same neighbor multiple
+ times in bgpd(8).
+
+
- Created a new "location (found|notfound)" option for httpd.conf(5) to allow
+ testing for resource path existence.
+
- Added a directive to httpd(8) to check if a path
+ is accessible.
+
- Fixed detection of duplicate locations in httpd(8).
+
+
+
+
- Added support to request IP addresses as IKEv2 initiator to iked(8). If 'request addr
+ 0.0.0.0' is configured, any address will be accepted.
+
- Make iked(8) accept
+ ANY dynamic address with 'request addr 0.0.0.0'.
+
- Added 'dynamic' keyword to iked.conf(5) to allow
+ configuration of flows to dynamically assigned addresses.
+
- Added the 'any' keyword to iked.conf(5) for
+ requests to allow "request address any".
+
- Enabled iked(8)
+ support for ASN1_DN ipsec identifiers.
+
- Implemented iked(8)
+ "from dynamic," installing flows where "dynamic" is replaced by the
+ received dynamic IP address.
+
- Made sure not to replace 0.0.0.0 with a dynamic address in iked(8) if it is a network
+ address.
+
- Added iked(8) -s
+ socket option to specify a control socket.
+
- Used a counter instead of random IV for AES-GCM in iked(8), eliminating the
+ risk of random collisions.
+
- Added iked(8)
+ support for multiple address pools.
+
- Added the iked(8)
+ "set stickyaddress" option, which attempts to assign the same "config
+ address" when an IKESA is negotiated with the DSTID of an existing
+ IKESA.
+
- Ensured rekeying of every child SA in iked(8).
+
+
+
+
- Fixed ldapd(8) cert
+ and key path inference for absolute paths.
+
+
+
+
- Relaxed checks in pfctl(8) and pf(4) to accept any valid
+ routing domain, even if it does not yet exist.
+
+
+
- Changed ping(8) to
+ drain the raw socket of packets received before we were fully setup to
+ avoid reporting ICMP responses intended for other instances of ping(8)
+ running in parallel.
+
+
- Implemented RFC 8914 Extended DNS Errors for dig(1).
+
+
- Changed slaacd(8)
+ Duplicate Address Detection (DAD) to only generate a new address if we
+ are using Semantically Opaque Interface Identifiers.
+
- Handled an autoconf interface changing its rdomain in slaacd(8).
+
- Fixed rare crashes of unwind(8) when DNS answers
+ are larger than the maximum imsg size.
+
- Removed the -L option from dhclient(8).
+
- Fixed incorrect behavior when using dhclient.conf(5) to
+ change the lease renew/rebind/expiry timing.
+
- Added a simple --timeout implementation to openrsync(1).
+
- Added support for the use of !command to mygate(5), so that
+ netstart has a late opportunity to perform network configuration.
+
+
tmux(1) improvements and bug fixes:
@@ -162,7 +399,18 @@
- New Features
- - ...
+
+
- Added a -legacy_verify flag to openssl(1) to force use of the old validator.
+
- Changed crypto(3)
+ to call its get_issuer() callback to try and find a suitable
+ certificate in cases where it has failed to find a print certificate
+ from the supplied roots and intermediates.
+
- Corrected an issue where openssl(1) verify might not error on expired certificates.
+
- Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software.
+
- Implemented auto chain for the TLSv1.3 server.
+
- Implemented the key material exporter for TLSv1.3.
+
+
- API and Documentation Enhancements
@@ -197,7 +445,33 @@
OpenSSH 8.4
+
+
+
+ - Preferred ed25519 signature algorithm variants over ECDSA in ssh_config(5) and sshd_config(5).
+
- Enabled ssh_config(5)
+ UpdateHostkeys by default when the configuration has not overridden
+ UserKnownHostFile.
+
- Prefixed ssh(1)
+ keyboard interactive prompts with "user@host" for easier
+ identification of connections.
+
- Displayed any other hostnames/addresses associated with a new
+ hostkey when ssh(1)
+ prompts the user to accept it.
+
- When doing an sftp(1)
+ recursive upload or download of a read-only directory, ensured that
+ the directory was created with write and execute permissions in the
+ interim to allow the transfer.
+
- Set the specified TOS/DSCP for interactive use prior to TCP
+ connect in ssh(1).
+
- CLeaned up passing of struct passwd from monitor to preauth
+ privsep process in ssh(1).
+
+
- Potentially incompatible changes.
- ...
@@ -232,13 +506,13 @@
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches,
- freetype 2.10.2, fontconfig 2.12.4, Mesa 20.0.8, xterm 351,
- xkeyboard-config 2.20 and more)
+ freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 351,
+ xkeyboard-config 2.20, fonttosfnt 1.2.0 and more)
- LLVM/Clang 10.0.1 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.30.3 (+ patches)
-
- NSD 4.3.2
-
- Unbound 1.11.0
+
- NSD 4.3.3
+
- Unbound 1.12.0
- Ncurses 5.7
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)