===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- www/75.html 2024/03/31 12:44:40 1.33
+++ www/75.html 2024/03/31 21:47:37 1.34
@@ -111,8 +111,21 @@
significantly reduces the side-effects of lock contention on the
kernel map lock and leads to significant speedups on machines with
many CPU cores.
-
-
+ Implemented acpi(4)
+ RootPathString support in the LoadTable() AML function, fixing OpenBSD
+ boot on an older version of Hyper-V.
+ Fixed Linux NFS clients freezing after five minutes of inactivity.
+ Fixed core file writing when a file map into memory has later been
+ truncated to be smaller than the mapping.
+ Disallowmadvise(2) and msync(2) memory/mapping
+ destructive operations on immutable memory regions. Innstead return EPERM.
+ Added new amd64-only sysctl machdep.retpoline which says whether
+ the cpu requires the retpoline branch target injection mitigation.
+ Added new accounting flag ABTCFI to acct(5) to indicate SIGILL +
+ code ILL_BTCFI has occurred in the process.
SMP Improvements
@@ -167,8 +180,6 @@
Corrected handling of CPUID 0xd subleaves
Added additional use of VERW and register clobbering to mitigate RFDS
vulnerabilities on Intel Atom cores.
- Added recv TCP/UDP checksum offloading to vio(4).
Various new userland features:
@@ -184,17 +195,27 @@
Made ps(1) accept numerical user IDs.
Built and provide the tzdata.zi and leap-seconds.list files from
zoneinfo. Some third-party software now expects these files to be
- installed.
+ installed. Provide the zonenow.tab file, a table where each row
+ stands for a timezone where civil timestamps are predicted to agree
+ from now on.
Added basic write support for pax(1) format archives.
Added 'pax' format support for files over 8GB to tar(1).
Added 'pax' format support for mtime and atime to tar(1).
-
Extended imsg
and the ibuf buffer
- manipulation API with useful getter methods.
+ manipulation API with useful getter methods. Unified file descriptior
+ passing in all imsg using programs with the use of the imsg_get_fd()
+ function.
+ Added mkdtemps(3), identical
+ to mkdtemp(3) except
+ that it permits a suffix to exist in the template.
+ Added mktemp(1)
+ suffix support for compatibility with the GNU version. It is now
+ possible to use templates where the Xs are not at the end.
Various bugfixes and tweaks in userland:
@@ -212,6 +233,10 @@
Prevented fdisk(8)
'flag' from altering other GPT partition attributes when flagging a
partition as the only bootable partition.
+ Allow fdisk(8) to
+ add GPT partitions of protected types, making it possible to provision
+ virtual machine images that need a "BIOS Boot" partition.
+
Added group handling matching fbtab(5) to xenodm.
Made grep(1) -m behavior match GNU grep.
@@ -243,6 +268,23 @@
Moved non-daemon services to run in a different rc(8) process group to avoid
SIGHUP at boot.
+ Changed ld.so(1) to only load the first libc version encountered
+ requested and substituting it for all further loads, ensuring that the
+ libc version requested by an executable itself is the one loaded.
+ Significantly (for small programs) reduce the size of statically
+ linked binaries by splitting several libc internal functions into
+ seperate compilation and thus linkage units. Specifically getpwnam(3) does not
+ need the full YP socket setup and does not use all possible dbopen(3) databease
+ backends.
+ Added vi(1)
+ showfilename set option to display the file name in the lower left
+ corner.
+ Added backup of disklabel for softraid(4) chunks to security(8).
Improved hardware support and driver bugfixes, including:
@@ -284,7 +326,6 @@
TEMPer{1,2} devices display negative degC.
Improve support for audio devices that via attach multiple uaudio(4) drivers.
-
New or improved network hardware support:
@@ -316,6 +357,9 @@
href="https://man.openbsd.org/dwqe.4">dwqe(4).
Updated rge(4)
microcode, initialization and reset behavior.
+ Prevented a potential bnxt(4) crash after failure
+ to bring up a queue.
Added or improved wireless network drivers:
@@ -353,6 +397,9 @@
Installer, upgrade and bootloader improvements:
+ - Add support for disk encryption in unattended installations with
+ autoinstall(8),
+ both with a plaintext passphrase or a keydisk.
- Removed default sets answer in autoinstall(8)
response file such that it now populates only with non-defaults.
@@ -365,11 +412,10 @@
- Added support in the installer to encrypt the root disk with a key disk.
- Prevent re-starting the automatic upgrade on octeon and
powerpc64, as is already done on other platforms.
-
- Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting.
+
- Added CD install images to arm64.
- Make the amd64 cdXX.iso and installXX.iso CD images bootable in
EFI mode (by creating an EFI system partition containing the EFI boot
loaders to be installed as an El Torito boot image).
-
Security improvements:
@@ -420,7 +466,10 @@
Fixed race between ifconfig(8) destroy of
an interface and the ARP timer.
-
+ Added statistics counters for the route cache, reporting cache
+ hits and misses. This is shown in netstat(1) with
+ netstat -s.
The following changes were made to the Added check to ensure pfctl(8) -f won't accept a
directory and install an empty ruleset.
+ Added validation for IPv4 packet options in divert(4).
Routing daemons and other userland network improvements:
-
- IPsec support was improved:
@@ -453,6 +503,15 @@
prefer group from the initial KE payload as responder if supported.
- Corrected renewal of expired certificates in iked(8).
+
- Added an iked(8)
+ debug message when no policy is found.
+
- Implemented a per connection peerid for iked(8) control replies.
+
- Made iked(8)
+ trigger retransmission only for fragment 1/x to prevent each received
+ fragment triggering retransmission of the full fragment queue.
+
- Prevent routing loops by droping already encrypted packets that are going through sec(4) again.
- In bgpd(8),
@@ -560,10 +619,18 @@
- Fixed radiusd(8)
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the
response.
+
- Added nochroot parameter to radiusd(8)
+ module_drop_privilege() so that modules can use unveil(2) instead of chroot(2) if needed.
- Ensured correct denominators when converting NTP fixed point
values to double and vice-versa in ntpd(8).
-
- Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set.
+
- In the resolver, do not short-circuit resolution of localhost
+ when AI_NUMERICHOST is set. Ensure that a proper string is returned by getaddrinfo(3) when
+ AI_CANONNAME or AI_FQDN is set.
- Added ifconfig(8)
support for specifying ports on the src address in tunnel endpoints of
gif(4), Improved httpd(8)
auto-index, adding human-readable file sizes and allowing per-column
sorting.
-
-
-
-
+
- Switched to using whois.internic.net for whois(1) -i.
@@ -601,7 +666,12 @@
Removed flags from the prefix before comparing with the received
key so that tmux(1)
modifier keys with flags work correctly.
-
+ Increased buffer size to avoid truncating styles in tmux(1).
+ Added two new values for the tmux(1) destroy-unattached
+ option to destroy sessions only if they are not members of sessions
+ groups.
LibreSSL version 3.9.0