===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/72.html,v
retrieving revision 1.43
retrieving revision 1.44
diff -c -r1.43 -r1.44
*** www/72.html 2022/10/02 09:43:24 1.43
--- www/72.html 2022/10/02 19:48:50 1.44
***************
*** 82,88 ****
Added support for Apple M2
Added support for Lenovo ThinkPad x13s and other machines using
the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC.
- ...
Various kernel improvements:
--- 82,87 ----
***************
*** 91,99 ****
Added support for switching from glass console to serial console
on arm64 systems that default to glass console.
pf(4) automatically allows
! IGMP and ICMP6 MLD packets with router alert option.
! Special allow-opts rules are no longer needed for multicast
! discovery.
Fixed a pf(4) NULL
dereference panic triggered by relayd(8).
--- 90,98 ----
Added support for switching from glass console to serial console
on arm64 systems that default to glass console.
pf(4) automatically allows
! IGMP and ICMP6 MLD packets with router alert option.
! Special allow-opts rules are no longer needed for multicast
! discovery.
Fixed a pf(4) NULL
dereference panic triggered by relayd(8).
***************
*** 107,114 ****
href="https://man.openbsd.org/ddb.4">ddb(4).
Added a "show swap" command to ddb(4) to help debugging.
-
-
Count dropped network packets due to low memory in
netstat(1).
Simplified machine command handling in kqueue(2) wakeup, found by
a Go testcase hang.
Bumped the maximum number of supported CPUs to 256 on arm64.
!
!
Ensure uvm_swap_io() can succeed, even in out of memory
situations, by reserving a second segment for the page daemon.
Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region.
--- 128,134 ----
href="https://man.openbsd.org/kqueue.2">kqueue(2) wakeup, found by
a Go testcase hang.
Bumped the maximum number of supported CPUs to 256 on arm64.
!
Ensure uvm_swap_io() can succeed, even in out of memory
situations, by reserving a second segment for the page daemon.
Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region.
***************
*** 144,163 ****
returning an error. Previously an error could be returned to the fault
handler which would result in processes dying when a system was under
a lot of memory pressure.
!
!
Added support for using non-standard UARTs (such as the Synopsys
DesignWare UART) as an early console.
-
Remove NexGen CPU identification code as the kernel cannot run on these CPUs anyway.
Remove Rise CPU identification code.
Dropped detection code for 386sx/386dx CPUs. OpenBSD/i386 hasn't
actually supported running on either for some time.
Dropped detection code for Cyrix CPUs older than the Cyrix M2.
-
Implemented the fundamentals for suspend/resume on arm64.
Simplified TSC synchronization testing on amd64.
-
Corrected sparc64 ofwboot to default to the softraid(4) volume on the
boot device to make root on softraid work out of the box on sparc64
--- 140,155 ----
returning an error. Previously an error could be returned to the fault
handler which would result in processes dying when a system was under
a lot of memory pressure.
!
Added support for using non-standard UARTs (such as the Synopsys
DesignWare UART) as an early console.
Remove NexGen CPU identification code as the kernel cannot run on these CPUs anyway.
Remove Rise CPU identification code.
Dropped detection code for 386sx/386dx CPUs. OpenBSD/i386 hasn't
actually supported running on either for some time.
Dropped detection code for Cyrix CPUs older than the Cyrix M2.
Implemented the fundamentals for suspend/resume on arm64.
Simplified TSC synchronization testing on amd64.
Corrected sparc64 ofwboot to default to the softraid(4) volume on the
boot device to make root on softraid work out of the box on sparc64
***************
*** 165,171 ****
Added support for booting from RAID 1C softraid(4) volumes on
amd64, sparc64 and arm64.
-
Removed the obsolete kern.nselcoll sysctl(2).
Changed mips64, octeon, and loongson to trigger deferred clock
--- 157,162 ----
***************
*** 180,186 ****
switching between them depending on their quality properties. This
improves how timers backing delay(9) are managed.
-
SMP Improvements
--- 171,176 ----
***************
*** 218,225 ****
Made unix(4) domain
sockets locking per-socket rather than coarse locking of the entire
domain sockets layer.
-
- ...
Direct Rendering Manager and graphics drivers
--- 208,213 ----
***************
*** 466,472 ****
Added forest (-f) mode to ps(1).
Sped up wc(1) word counting.
-
Improved hardware support and driver bugfixes, including:
--- 454,459 ----
***************
*** 531,542 ****
out of the UNDEFINED state.
Added Wacom One S (CTL-472) support to uwacom(4).
-
New or improved network hardware support:
-
- Increased rx buffer size on uaq(4) to 62kB.
- Repaired rge(4)
--- 518,527 ----
***************
*** 575,581 ****
- Fixed integer overflows in the iwm(4) and iwx(4) firmware file parsers.
-
IEEE 802.11 wireless stack improvements and bugfixes:
--- 560,565 ----
***************
*** 603,616 ****
Added support for wildcards in fw_update(8) patterns.
!
Added NFS client support to the luna88k RAMDISK kernel.
Made the EFI bootloader provide the extra parameters necessary to
use non-standard UARTs on the AMD Ryzen Embedded V1000 SoCs as console.
Switched bootloaders to the extended BOOTARG_CONSDEV struct.
Added UFS2 support to landisk boot blocks.
-
-
Security improvements:
--- 587,598 ----
Added support for wildcards in fw_update(8) patterns.
!
Added NFS client support to the luna88k RAMDISK kernel.
Made the EFI bootloader provide the extra parameters necessary to
use non-standard UARTs on the AMD Ryzen Embedded V1000 SoCs as console.
Switched bootloaders to the extended BOOTARG_CONSDEV struct.
Added UFS2 support to landisk boot blocks.
Security improvements:
***************
*** 653,663 ****
dynamically linked to allow them to benefit from all the additional
mitigations that dynamically linked executables gain. NFS mounting of
/usr must now use statically configured IP addresses.
-
Changes in the network stack:
- Relaxed address availability check for multicast(4) binds so
processes listening for the same multicast address do not need to be
--- 635,649 ----
dynamically linked to allow them to benefit from all the additional
mitigations that dynamically linked executables gain. NFS mounting of
/usr must now use statically configured IP addresses.
Changes in the network stack:
+ - Added the recvmmsg(2) system call
+ that allows receiving multiple msghdrs at once, and the sendmmsg syscall that
+ allows sending multiple msghdrs at once.
- Relaxed address availability check for multicast(4) binds so
processes listening for the same multicast address do not need to be
***************
*** 677,704 ****
where a pool defined like "172.16.0.0/16" would count as a pool size
of one address. Also fixed random selection of source address to be
uniform across the whole pool.
!
- Allow forwarding to and from IPs in the 240/4 range.
- Corrected the Virtual Ethernet Bridge veb(4) to avoid calling
if_enqueue from an smr critical section.
!
- Fixed a kernel panic in pf(4) if IP options with an
! ICMP payload were truncated. Such packets will now be dropped instead.
!
- Reworked the rttimer code to fix icmp_pmtu_timeout crashes.
- Fixed an interrupt storm upon suspend on Amlogic arm64 boards.
-
- Fixed a race between pflow_output_process() and
pflow_clone_destroy() in pflow(4).
!
- Added a missing input validation step to pipex(4) mppe keylenbits.
!
- Added the recvmmsg(2) system call
! that allows receiving multiple msghdrs at once.
-
-
Routing daemons and other userland network improvements:
- IPsec support was improved:
--- 663,684 ----
where a pool defined like "172.16.0.0/16" would count as a pool size
of one address. Also fixed random selection of source address to be
uniform across the whole pool.
!
- Fixed a kernel panic in pf(4) if IP options with an
! ICMP payload were truncated. Such packets will now be dropped instead.
- Allow forwarding to and from IPs in the 240/4 range.
- Corrected the Virtual Ethernet Bridge veb(4) to avoid calling
if_enqueue from an smr critical section.
!
- Reworked the kroute rttimer code to fix icmp_pmtu_timeout crashes.
- Fixed an interrupt storm upon suspend on Amlogic arm64 boards.
- Fixed a race between pflow_output_process() and
pflow_clone_destroy() in pflow(4).
!
- Added a missing input validation step to pipex(4) mppe keylenbits.
!
Routing daemons and other userland network improvements:
- IPsec support was improved:
***************
*** 716,722 ****
- Added iked(8)
connection statistics for successful and failed connections, error
types, and other events that can be printed with "ikectl show stats".
-
In bgpd(8),
--- 696,701 ----
***************
*** 749,755 ****
- Made sure only one bgpd(8) roa softreconfig
runner is run at any time.
-
rpki-client(8) saw some changes:
--- 728,733 ----
***************
*** 771,779 ****
- Add support for validating Autonomous System Provider Authorization
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
Validated ASPA payloads are visible in JSON and filemode (-f) output.
!
- Set rsync connection I/O idle timeout to 15 seconds.
!
- Unify the maximum idle I/O and connect timeouts for rsync & HTTPS.
!
- rpki-client now performs stricter EE certificate validation:
- Disallow AS Resources extensions in ROA EE certificates.
- Disallow Subject Information Access (SIA) extensions in RPKI
--- 749,757 ----
- Add support for validating Autonomous System Provider Authorization
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
Validated ASPA payloads are visible in JSON and filemode (-f) output.
!
- Set rsync(1) connection I/O idle timeout to 15 seconds.
!
- Unify the maximum idle I/O and connect timeouts for rsync(1) & HTTPS.
!
- rpki-client(8) now performs stricter EE certificate validation:
- Disallow AS Resources extensions in ROA EE certificates.
- Disallow Subject Information Access (SIA) extensions in RPKI
***************
*** 799,807 ****
- Improve compliance with the HTTP protocol specification.
- - In ldapd(8),
- match password schemas case sensitive.
-
- In snmpd(8),
- Allow object names to be used in addition to OIDs in
--- 777,782 ----
***************
*** 817,822 ****
--- 792,799 ----
snmpd(8) metrics.
+ - In ldapd(8),
+ match password schemas case sensitive.
- In ospfd(8),
relax the limitations on what is an acceptable unicast IP. There are no
more experiments in IPv4 and so there is less reason for network
***************
*** 862,868 ****
instead of alarm(3).
This allows failing over to another IP address for hosts that have
more than one.
-
- tmux(1) improvements and bug fixes:
--- 839,844 ----
***************
*** 890,896 ****
href="https://man.openbsd.org/tmux.1">tmux(1).
- Fixed tmux(1) window
size reporting.
-
LibreSSL version 3.6.0
--- 866,871 ----