===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- www/75.html 2024/03/30 19:38:42 1.29
+++ www/75.html 2024/03/31 00:57:03 1.30
@@ -104,21 +104,33 @@
href="https://man.openbsd.org/bio.4">bio(4) will tunnel for other
devices, allowing bio to be used with other (non-raid) related
devices.
+
On msdos filesystems, ensure that a complete struct fsinfo is read
+ even if the filesystem sectors are smaller.
+ Made malloc(3) save
+ backtraces to show in leak dump with depth of backtrace set via malloc
+ option D (aka 1), 2, 3 or 4.
+ Implemented per-CPU caching for the page table page (vp) pool and
+ the PTE descriptor (pted) pool in the arm64 pmap implementation. This
+ significantly reduces the side-effects of lock contention on the
+ kernel map lock and leads to significant speedups on machines with
+ many CPU scores.
+
+
SMP Improvements
- - Some network timers run without kernel lock.
-
- TCP syn cache timer runs with shared net lock.
-
- bind(2)
- and connect(2)
- system calls can run in parallel.
-
- Packet counter for lo(4) loopback
- interface are MP safe.
-
- Split protocol control block table for UDP into IPv4
- and IPv6 tables to allow concurrent access.
-
- UDP packets can be sent in parallel by multiple threads.
+
- Some network timers run without kernel lock.
+
- TCP syn cache timer runs with shared net lock.
+
- bind(2)
+ and connect(2)
+ system calls can run in parallel.
+
- Packet counter for lo(4) loopback
+ interface are MP safe.
+
- Split protocol control block table for UDP into IPv4
+ and IPv6 tables to allow concurrent access.
+
- UDP packets can be sent in parallel by multiple threads.
Direct Rendering Manager and graphics drivers
@@ -158,6 +170,8 @@
Corrected handling of CPUID 0xd subleaves
Added additional use of VERW and register clobbering to mitigate RFDS
vulnerabilities on Intel Atom cores.
+ Added recv TCP/UDP checksum offloading to vio(4).
Various new userland features:
@@ -168,6 +182,19 @@
Added kdump(1) [-p
program] to filter dumps by basename.
Made ps(1) accept numerical user IDs.
+ Built and provide the tzdata.zi and leap-seconds.list files from
+ zoneinfo. Some third-party software now expects these files to be
+ installed.
+ Added basic write support for pax(1) format archives.
+ Added 'pax' format support for files over 8GB to tar(1).
+ Added 'pax' format support for mtime and atime to tar(1).
+
+ Extended imsg
+ and the ibuf buffer
+ manipulation API with useful getter methods.
Various bugfixes and tweaks in userland:
@@ -187,6 +214,35 @@
partition as the only bootable partition.
Added group handling matching fbtab(5) to xenodm.
+ Made grep(1) -m behavior match GNU grep.
+ Tweaked the default memory limits in /etc/login.conf on several
+ architectures to account for increased memeory requirements, for
+ example when compiling or linking under user pbuild.
+ Initialize all terminals with "tset -I", thereby avoiding extra
+ newlines to be printed.
+ Added mkhybrid(8)
+ '-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot
+ image, in addition to or instead of the x86 boot image, to the output
+ file.
+ Added openrsync(1)
+ --omit-dir-times (-O) to omit directories from --times, as well as
+ --no-O and --no-omit-dir-times options for compatibility.
+ Implemented openrsync(1)
+ --omit-link-times (-J) option to omit symlinks from --times.
+ Added accounting flag and lastcomm(1) report for
+ syscall pinning violations.
+ Added ktrace(1) and
+ kdump(1) support to
+ observe pinsyscall(2)
+ violations.
+ Changed ftp(1) to
+ avoid use of the interactive shell if -o is given.
+ Moved non-daemon services to run in a different rc(8) process group to avoid
+ SIGHUP at boot.
Improved hardware support and driver bugfixes, including:
@@ -217,6 +273,17 @@
to use backing store devices with 4K-byte sectors.
Added fanpwr(4)
support for the Rockchip RK8602 and RK8603 voltage regulators.
+ Support keyboard backlights on Apple Powerbooks.
+ Added operating performance point info about each arm64 cpu and
+ expose the states of thermal zones as kstats(1).
+ Overhauled ugold(4) temperature sensor
+ identification logic and added support for additional devices.
+ Made uthum(4)
+ TEMPer{1,2} devices display negative degC.
+ Improve support for audio devices that via attach multiple uaudio(4) drivers.
@@ -228,6 +295,8 @@
TCP Segmentation Offload (TSO) is also used in
bnxt(4) and
em(4).
+ Enabled TCP Segmentation Offload (TSO) in ixl(4).
The Synopsys Ethernet Quality-of-Service Controller
(dwqe(4)) is enabled for
amd64.
@@ -241,10 +310,12 @@
Allwinner EMAC Ethernet Controller
dwxe(4) enabled for
riscv64.
- Enabled TCP Segmentation Offload (TSO) for ixl(4).
Corrected wrong register offset macros for dwqe(4) DMA burst length.
+ Fixed Tx watchdog trigger and freeze in dwqe(4).
+ Updated rge(4)
+ microcode, initialization and reset behavior.
Added or improved wireless network drivers:
@@ -288,16 +359,21 @@
Made fw_update(8) verify but
not overwrite SHA256.sig.
+ Improved fw_update(1) output on
+ errors and improved ftp error handling.
Added support in the installer to encrypt the root disk with a key disk.
Prevent re-starting the automatic upgrade on octeon and
powerpc64, as is already done on other platforms.
Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting.
+ Make the amd64 cdXX.iso and installXX.iso CD images bootable in
+ EFI mode (by creating an EFI system partition containing the EFI boot
+ loaders to be installed as an El Torito boot image).
+
Security improvements:
- - BTI and PAC on arm64?
-
- Added pledge(2)
stdio before parsing pfkey messages to ipsecctl(8) -m and -s.
@@ -307,7 +383,15 @@
- Created __OpenBSD versions of llvm cxa guard implementation using
futex() with the correct number of arguments and without using syscall(2).
+
- Removed support for syscall(2), the
+ "indirection system call," a dangerous alternative entry point for all
+ system calls and incompatible with the precision system call entry
+ point scheme a.k.a. pinsyscalls(2)
+
- Enable BTI and PAC again on arm64.
+
- pinsyscalls(2)
+
Changes in the network stack:
@@ -333,6 +417,10 @@
default for bpe(4), nvgre(4) and vxlan(4).
+ Fixed race between ifconfig(8) destroy of
+ an interface and the ARP timer.
+
The following changes were made to the
Routing daemons and other userland network improvements:
-
+
- IPsec support was improved:
- Made iked(8) always
prefer group from the initial KE payload as responder if supported.
+
- Corrected renewal of expired certificates in iked(8).
- In bgpd(8),
@@ -443,9 +533,10 @@
- Allow to use table(5)
mappings on various match constraints.
-
+
- Many other changes in various network programs and libraries:
+
- If a DNS name is configured as remote syslog server,
syslogd(8)
retries to resolve the loghost name periodically until it succeeds.
@@ -453,13 +544,50 @@
logged later.
- Added counting of dropped UDP packets to syslogd(8).
+
- Prevented use after free of TLS context at syslogd(8) shutdown.
+
- Introduced dhcpd(8)
log output to stderr and '-v' option to make this output more verbose.
+
- In dhcpd(8), made dhcp-options(5)
+ recognize option ipv6-only-preferred (RFC8925).
+
- Allowed dhcpleased(8) to
+ request "IPv6-only preferred" and deconfigure IPv4 on the interface if
+ the server replies with this option.
+
- Fixed radiusd(8)
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the
response.
+
- Ensured correct denominators when converting NTP fixed point
+ values to double and vice-versa in ntpd(8).
+
- Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set.
+
- Added ifconfig(8)
+ support for specifying ports on the src address in tunnel endpoints of
+ gif(4), gre(4) and related
+ tunnel interfaces.
+
- Added an ifconfig(8) endpoint
+ command for "bridges" that use addresses as endpoints, usable to add
+ static entries on interfaces like vxlan(4).
+
- Tightened up relayd(8) HTTP eader parsing.
+
- Deferred relayd(8)
+ relay_read_http header parsing until after line continuation,
+ preventing potential request smuggling attacks.
+
- Improved httpd(8)
+ auto-index, adding human-readable file sizes and allowing per-column
+ sorting.
+
+
+
+
-
+
tmux(1) improvements and bug fixes:
@@ -468,6 +596,12 @@
layout has been freed.
- Prevented tmux(1) use
of combined UTF-8 characters that are too long.
+
- Corrected tmux(1)
+ handling of window ops with no pane.
+
- Removed flags from the prefix before comparing with the received
+ key so that tmux(1)
+ modifier keys with flags work correctly.
+
LibreSSL version 3.9.0