===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1393
retrieving revision 1.1394
diff -c -r1.1393 -r1.1394
*** www/plus.html 2016/07/28 22:47:22 1.1393
--- www/plus.html 2016/08/02 21:20:46 1.1394
***************
*** 81,86 ****
--- 81,300 ----
+
+ - In sndiod(8), avoid triggering watchdog time-outs which prevent sndiod from resuming.
+
- Update perl Time::HiRes to 1.9739.
+
- Bump LibreSSL to 2.4.2.
+
- In rtadvd(8), prevent a NULL dereference.
+
- In malloc(3), adapt the S option: add C, and remove F and P.
+
- In inet6(4), restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
+
+
- In ssh(1), explicitly check for 100% completion in the progress meter. This avoids a potential floating point rounding error which could cause the progress meter to report 99% on completion.
+
- In vi(1), if /tmp/vi.recover doesn't exist, don't create it. Warn once that it doesn't exist, afterwards fail silently.
+
- In smtpd(8), explicitely enclose SMTP transactions between BEGIN and COMMIT/ROLLBACK filter events.
+
- In ioapic(4/amd64), don't write to the read-only RIRR bit in the IOAPIC redirection register. This may subsequently block interrupt delivery.
+
+
- In nc(1), add the -M and -m options to specify the outgoing and incoming minimum TTL.
+
- In fts_open(3):
+
+ - Do not return an error if one of the paths in argv is empty. This prevents programs using fts(3) from reporting an error if one of the paths is empty.
+
- When the list passed is empty, return EINVAL instead of pretending to succeed. This avoids a NULL pointer dereference in a later fts_read(3) call.
+
+ - Add the net.inet.ip.arptimeout and net.inet.ip.arpdown sysctl(8)'s for ARP timers.
+
- In bgpd(8), use IPV6_MINHOPCOUNT to finish implementing ttl-security for IPv6.
+
- Update to xkeyboard-config 2.18.
+
- In pkg_info(1), implement -z that uses is-branch info to produce "complete" stem--[flavor][%branch] listing.
+
- Add UDP unicast and multicast support for IP_MINTTL and IPV6_MINHOPCOUNT.
+
+
- On vmm(4/amd64), fix a panic when CPUs fail to spin up for other reasons during boot.
+
- On amd64 and i386, enable the UMIP feature if present.
+
- Enable ure(4) on the architectures where url(4) already is.
+
- 5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
A source code patch is available for 5.9.
+ - Repair kill(2) on zombie processes.
+
- In ldpd(8), fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected.
+
- In iwn(4), revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips.
+
- Restore the sys_o58_kill system call. This provides a clean transition for runtimes that make direct system calls.
+
- Make the IPV6_UNICAST_HOPS socket option usable for incoming TCP connections.
+
- In ip6(4), implement IPV6_MINHOPCOUNT support.
+
- In doas(1), revise environment handling. Add a "setenv" keyword to doas.conf(5) for manipulating the environment, the "keepenv" now means only retain everything.
+
- Add ure(4), a driver for Realtek RTL8152 10/100 USB Ethernet adapters.
+
- In pkg_add(1), make scp:// work with PKG_CACHE.
+
+
- In bcrypt(3), increase the minimum for auto rounds to 6.
+
- In login.conf(5), use auto rounds for bcrypt (on amd64, i386, macppc and sparc64).
+
- Dynamically attach cpsw(4/armv7) with the FDT.
+
- Dynamically attach tiiic(4/armv7) using the FDT. Only match on omap4 compatible controllers such as the one in the am335x on BeagleBone Black.
+
+
- Dynamically attach omdog(4/armv7) using the FDT.
+
- In pkg_add(1), recognize @option is-branch.
+
- Fix a pledge(2) issue with "fdisk /dev/tty".
+
- In libcrypto:
+
+ - Fix the ocsp code to actually check for errors when comparing time values. Ensure that it only compared GERNERALIZEDTIME values as per RFC6960.
+
- Ensure that OCSP uses Generalized Time on requests as per RFC6960.
+
+
+ - In pf(4), make nat-to usable by in rules and together with divert-to. Collisions with existing states are found and produce a "NAT proxy port allocation failed" message.
+
- Update to nsd 4.1.10.
+
+
- Log to syslogd(8) when the dmesg(8) buffer overflows and messages are lost.
+
- When pf_test() returns something but PF_PASS, set error to EACCES instead of EHOSTUNREACH. On the latter, ip_forward() can generate undesired ICMP errors.
+
- In pax(1), allow creation of devices or fifo without -p.
+
+
- In sshd(8), fix AuthenticationMethods during configuration re-parse.
+
- In fec(4/armv7), fetch MAC address from FDT.
+
- In unbound(8):
+
+ - Update to unbound 1.5.9.
+
- Fix a segfault in the -h option.
+
- Fix QNAME minimisation with various broken DNS servers, often found at CDNs.
+
+ - In cn30xxgmx(4/octeon), add support for the second GMX interface on the Octeon II. This enables ports eth[0-3] on 8-port EdgeRouters.
+
- In iwm(4):
+
+ - Explicitly send multicast frames at the lowest rate, instead of picking a rate from the firmware RS table.
+
- Pass the correct Tx rate to BPF (tcpdump(8)) for 5GHz.
+
- Don't loop over CCK rates when building the Link-Quality command's RS table for 5GHz.
+
- Let the firmware deal with DTIM and TSF information details by itself. Fixes some association issues with 8260 hardware.
+
- Clear the in_assoc flag when going down.
+
+
+ - Add hyperv(4), the main Hyper-V nexus driver (work in progress).
+
- On amd64, set up the Hyper-V hypercall page and an IDT vector.
+
- In bgpd(8), dvmrpd(8), eigrpd(8), hostapd(8), httpd(8), ifstated(8), iked(8), ipsecctl(8), iscsictl(8), ldapd(8), ldpd(8), ospf6d(8), ospfd(8), pfctl(8), relayd(8), ripd(8), smtpd(8), snmpd(8), vmd(8), ypldap(8), do not allow whitespace in macro names, i.e. "this is" = "a variable".
+
- In ld.so(1), when handling DT_TEXTREL only set the mapping to READ+WRITE, ignore possible EXEC permission for the section, because the proper permission is set late, and there are no thread concerns in this case. This avoids W^X issues.
+
- In efifb(4), add support for drawing a console on a coreboot framebuffer. This is useful on chromebooks that have no legacy vga device or, for newer chipsets, a full console and X with wsfb(4).
+
- In pf.conf(5), change the parser to make af-to on pass out rules an error. This fixes a bug where a nonworking configuration could be loaded.
+
- On m88k, add sc_cookie in sigcontext, as same as other ports.
+
- In audioctl(1):
+
+ - Reimplement it using new API in a simper way.
+
- Group all encoding parameters in a single string (ex. "s16le") so that we use the same naming scheme as aucat, sndiod and many ports.
+
- Remove "properties" as they are not used any longer.
+
- Remove the list of encodings as there's no benefit in having it.
+
- Add the -q option, to look like sysctl(8).
+
- Remove the unused -a option.
+
- Stop using symlinks in /dev.
+
+
+ - In libcrypto, disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.
+
- In openssl(1), fix a bug loading the default certificate path locations. The files would only be loaded if the CAfile or CApath locations were succesfully loaded first.
+
- In ld(1), make creation of text-relocations a fatal error by default, with -znotext to permit it and -ztext to reenable the default of forbidding it.
+
- In bgpd(8), show the "nexthop 1.2.3.4 now valid: via 192.168.0.1" message only in debug mode.
+
- Add ds1307(4), an I2C driver for the Maxim DS1307 Real Time Clock chip.
+
- In iwm(4), send PHY DB commands as async commands. This change makes it work better in RAMDISK kernels.
+
+
- Make umb(4) also work with devices that implement both NCM 1.0 and MBIM.
+
- Dynamically attach omap uart with FDT.
+
- Remove the lockmgr(9) API.
+
- In rcctl(8):
+
+ - Cache the result of often used functions.
+
- Implement "rcctl get|getdef all".
+
+
+ - In ldpd(8):
+
+ - Fix a use-after-free.
+
- Fix a memory leak.
+
- Fix removal of dual-stack neighbors.
+
+ - In cn30xxgmx(4), make the 1 Gbps SGMII settings the default to define a consistent set of parameters even if a link is down.
+
- Add the net.inet.tcp.rootonly and net.inet.udp.rootonly sysctl(8)'s, to mark which ports cannot be bound to by non-root users.
+
- In iwm(4), plug some memory leaks in error paths.
+
+
- Dynamically attach ommmc(4/armv7) with FDT.
+
- In ldpd(8):
+
+ - Fix a small LIB-LFIB synchronization issue.
+
- Do not allow configuring the same interface for both LDP and VPLS.
+
+ - In smtpd(8), also add missing date or message-id when listening on the submit port.
+
+
- In sshd_config(5), ban AuthenticationMethods="" and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication (bz#2398).
+
- In pfctl(8), allow "include" in inline anchors.
+
- In tmux(1), allow a command to be specified to display-panes rather than always just selecting the pane.
+
- In acpitoshiba(4), enable suspend/hibernate fn keys.
+
+
- In smtpd(8):
+
+ - Rework the format of the "Received" header so that the TLS part does not violate the RFC.
+
- Increase number of connections a local address is allowed to establish, and decrease the delay between transactions in the same session.
+
- Properly reset the transaction when a filter rejects a message.
+
+ - Add umb(4), a driver for the Mobile Broadband Interface Model (MBIM) to provide support for USB MBIM devices.
+
- In tmux(1):
+
+ - Add -F to list-commands.
+
- Automatically exit all modes after 180 seconds of inactivity and if there is pending output.
+
+
+ - In ssh(1), remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching (part of bz#2585).
+
- Update to tzdata2016e.
+
- In pkg_add(1), restrict %m and friends to "separate words" so they won't collide with branch specifiers.
+
- In pppoe(4) and sppp(4), don't hardcode vlan/queue priority for pppoe packets, but instead inherit it from the new "llprio" setting on the pppoe(4) interface.
+
- In the timeout_add_*(3), prevent a round to zero.
+
- In pkg_add(1), implement "pkgname%branch" which can be used to restrict matches to a branch matching the pkgpath(7).
+
+
- Dynamically attach imxdog(4) using the FDT.
+
- Avoid socket splicing loops: if the same mbuf is spliced 128 times, assume that there is a loop and abort the splicing.
+
- In ldpd(8):
+
+ - Rework the handling of Hello packets in order to improve IPv6 support.
+
- Implement a timeout for the session initialization FSM. This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
+
- Implement support for the Configuration Sequence Number TLV.
+
+ - In utvfu(4), start/stop the audio bulk thread as the consumer opens/closes device.
+
- In uvm_map(9), avoid grabbing the kernel lock for interrupt-safe pools.
+
- In uhidev(4), do not execute the callback if the device is beeing detached. This should prevent a race triggering a use-after-free.
+
- Correct the pledge for "disklabel(8) -R -[fF]".
+
+
- Dynamically fec(4/armv7) using the FDT.
+
- In sxie(4/armv7) and sxiuart(4/armv7), handle both the nintr 1 (allwinner a10/cortex a8) and nintr 3 (allwinner a20/cortex a7) cases.
+
+
- On armv7, ignore everything from ":" onward in stdout-path when finding the console node. Characters after this are device-specific settings.
+
- Dynamically attach imxuart using the FDT.
+
- In exuart(4/armv7), override the address found with FDT if the board ID is c210, because the qemu smdkc210 target uses serial0 for console while the exynos4210-universal_c210 dtb specifies stdout as serial2.
+
- Dynamically attach sxiuart using the FDT.
+
- Dynamically attach sxie(4/armv7) using the FDT.
+
+
- In ldpd(8):
+
+ - Fix parsing of multiple optional TLVs in label and notification messages. This fixes IxANVL LDP test 15.3.
+
- Make it possible to parse unknown TLVs in the future.
+
- Send an "Unknown FEC" Notification for unexpected wildcard FECs. This fixes ANVL LDP test 15.6.
+
- Add missing ntohl(3) when recording a label request. This fixes the following ANVL LDP tests: 1.5 and 9.4.
+
- Parse the whole Hello packet before processing it. This fixes a bug where we could create a dynamic targeted neighbor in response to a malformed packet.
+
+ - In ifconfig(8), add the "llprio" parameter to set the priority of packets that do not go through pf(4).
+
- In acpi(4), don't attempt to attach acpitimer(4) if the timer isn't present. The power management timer has been made optional in ACPI 5.0A.
+
- In tetris(6), when eliding a row, clear the invisible row zero, so that no columns can become unusable during game play.
+
+
- In ldpd(8):
+
+ - Send a fatal notification when the last hello adjacency is deleted. This fixes the following ANVL LDP tests: 7.17 and 23.3.
+
- Do not shut down the session upon receiving unknown messages. This fixes IxANVL LDP test 22.13.
+
- Set the Message ID for Hello messages too.
+
+ - Dynamically attach imxesdhc(4/armv7) using the FDT.
+
- Add SGMII support and PHY addresses for 8-port EdgeRouters. This makes plain RJ45 ports eth[4-7] usable.
+
- Dynamically attach i.MX6 ahci(4) using the FDT.
+
+
- In ldpd(8):
+
+ - Add one more safety check for Initialization messages. This fixes the following ANVL LDP tests: 6.5, 6.6 and 6.11.
+
- Change what is considered a NACK for our Initialization messages. This fixes the following ANVL LDP tests: 6.19, 6.21 and 6.22.
+
- Discard Hello packet if advertised transport address is of different AF. This fixes IxANVL LDP test 5.13.
+
- Fix quick reconnect when the transport address is changed.
+
+ - Remove octhci(4). It has been superseded by dwctwo(4).
+
- Do the full W^X check on hppa and mips64.
+
- On armv7, use FDT to find the console to initialise.
+
- Attach acpitoshiba(4) on Libretto, Dynabook and SPA40 laptops.
+
- Enforce W^X and map W|X segments without X permission initially. The dynamic linker will make these read-only and add back X permission after relocation processing.
+
- In ld.so(1), some ELF ABIs still require a PLT that is both writable and executable. To avoid W^X violations, initially map such segments as writable and non-executable, and change the mapping to non-writable and executable after initial relocation processing.
+
+
- In ld.so(1), accommodate ELF ABIs that require a PLT that is both writable and executable, without causing W^X violations.
- In sshd(8), revert src/usr.bin/ssh/kexgexs.c r1.28 ("Check min and max sizes sent by the client"). It caused "key_verify failed for server_host_key" in clients that send a DH-GEX min value less that DH_GRP_MIN.
- In doas.conf(5), revert the setenv feature.