=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1410 retrieving revision 1.1411 diff -c -r1.1410 -r1.1411 *** www/plus.html 2019/01/28 14:01:02 1.1410 --- www/plus.html 2019/01/28 14:01:44 1.1411 *************** *** 82,90 ****

Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage. !
Improved handling of two SMM-related MSRs in vmm(4).
Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4).
Added refresh for arp(8) entries that are about to expire. --- 82,154 ----
- Unveiled _PATH_DEVDB in su(1) due to the use of ttyname(3). + +
- Added domain-s (DNS over TLS) to services(5). +
- Imported LLVM 7.0.1 release. +
- Implemented DNS over TLS (DoT) in unwind(8). +
- Added a kernel fix for a potential panic when a negative value is used to index an array, validating in wscons(4) the user-supplied device index given to WSMXUIO_ADD_DEVICE. +
- Adjusted mpe(4) mpls rtable behaviour to match mpw(4), removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6. + +
- Added 'uselease' statement to dhclient(8) to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values. +
- Improved support for nmea(4) devices, providing altitude and ground speed values as sensors. +
- Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files. +
- Made ssh-keyscan(1) return a non-zero exit status if it finds no keys. +
- Added a delay to fix pms(4) touchpad driver issue on ThinkPad X1 Gen6. +
- Tagged the start of witness(4) output with prefix "witness:" to allow easier data extraction. +
- Changed an abort(3) call to an _exit(2) in crypto(3) to guarantee termination of the running program without potentially leaving key material in core files. +
- Fixed a double free in ldap(1). +
- Eliminated a bug wherein the ttl 0 could be incorrectly decremented to ttl 255 for incoming mpls packets. + +
- Fixed microsecond output of timestamp deltas (-tttt) for tcpdump(8). +
- Enabled ccp(4) on arm64 and armv7 ramdisks. + +
- Set ssh(1) to accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key, allowing pasting of fingerprints obtained through other means to have the client perform the comparison for you. +
- Forced progressmeter to update at the beginning and end of a transfer, fixing a bug where it wouldn't display on quick scp(1)/sftp(1) transfers. +
- Fixed a crash on long lines when switching to another file in vi(1). +
- Increased default datasize on arm64 to 768M to prepare for building clang 7. +
- Removed SHA224 and GOST-based signature algorithms from use in TLS 1.2. + +
- Set route(8) to display the same flags in RTM_IFINFO messages as ifconfig(8). +
- Reworked mpw(4) to be an actual ethernet interface. +
- Removed support for obsolete "host/port" syntax in ssh(1). This is no longer commonly used and may be confused with CIDR notation. +
- Changed bridge(4) to only copy packets for span ports if the bridge is up. +
- Imported unwind(8), a hybrid validating stub and recursive resolver. It actively observes the local net to decide how best to resolve names. +
- Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support. +
- Added the apm(4) subsystem to arm64. +
- Taught ldpd(8) to ask if a potential pseudowire interface is pwe3-capable. +
- Changed scp(1)/sftp(1) to sanitize scp filenames via snmprintf. +
- Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for ssh-keygen(1). + +
- Reworked how tcp(4) md5 signatures are configured in ldpd(8). Now configuration is allowed against a prefix in addition to a neighbour. +
- Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a diskless(8) host. +
- Pledged video(1) in response to the newly-added promise. +
- Reordered PCI device assignment in vmd(8) to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions. + IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis. +
- Increased maximum MTU of bnxt(4) to match the linux driver. +
- Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API). +
- Added support to crypto(3) for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces. +
- Modified syspatch not to return an error if a rollback is attempted when no patches have been installed. +
- Syspatch(8) now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine. +
- Removed undocumented 24 hour limits for timeouts from select(2), pselect(2), poll(2) and ppoll(2). +
- Added a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface. +
- Switched sntrup implementation source from supercop to libpqcrypto in ssh(1). +
- Added the ability to parse epoch seconds to strptime(3). Added a -f pformat flag to parse the given time with strptime to date(1). +
- Fixed problem where unveil(2) system call can leak memory. +
- Added video promise to pledge(2), allowing ioctls on video(4) devices selected from video(1) and firefox wbrtc implementation. +
- Introduced a dedicated entry point data structure for file locks. +
- Provided the initial TLSv1.3 client implementation in LibreSSL. +
- Introduced -v flags for ssh-add and ssh-pkcs11-helper in ssh(1). +
- Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using ntpd(8) constraints. +
- Factored out several functions duplicated between client and server for ssh(1). +
- Removed obsolete SSH v.1 functions in ssh(1). +
- Enables manual validity checking for constraints in the X.509 certificate in ntpd(8). This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time. +
- AMD64 machines will now support 2TB of physical memory, extendable in the future. +
- Improved handling of CPUID[1].ECX[OSXSAVE] bit.
- Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage. !
- Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in vmm(4). These will now generategeneral protection fault as per spec.
- Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4).
- Added refresh for arp(8) entries that are about to expire.