===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1445
retrieving revision 1.1446
diff -c -r1.1445 -r1.1446
*** www/plus.html 2019/06/26 19:31:23 1.1445
--- www/plus.html 2019/07/31 19:43:48 1.1446
***************
*** 89,94 ****
--- 89,165 ----
+
+ - Made realpath(3) posixly correct by changing the kernel implementation not to succeed on final path components which do not exist.
+
- Added support for PKCS8 as an optional format for storage of private ssh(1) keys, enabled via
ssh-keygen -m PKCS8
.
+ - Added tls-cert-bundle option to unbound.conf(5). TLS connections are not reused by unbound(8), so TCP and TLS handshakes will disproportionately increase latency compared to UDP.
+
- Fixed a direct map bug affecting amd64 machines with greater than 1023GB physical memory.
+
+
- Provided a notification to stderr to indicate messages have been shown when mandoc(1) output is printed without a pager, to indicate messages may have preceded the output.
+
- Added an interface to set/update a data property to ldomctl(8).
+
+
+
- Ensured that sndiod(8) will not lose track of which volume controls belong to different instances of the same program upon disconnection and reconnection.
+
- Included SHA2-variant RSA key algorithms in KEX proposal, allowing ssh-keyscan(1) to harvest keys from servers that disable SHA1 ssh-rsa.
+
+
- Added access to timeout(9) status and statistics to sysctl(2), allowing throughput tracking of the timeout layer from userspace.
+
- Restricted filesystem access for dhclient(8) using unveil(2).
+
+
- Enforced a per connection limit of 128 SACK holes managed at the tcp(4) socket, further preventing an unlikely attack where the lists of SACK options grow due to an attacker attaching all sack holes to a limited number of TCP connections, consuming CPU.
+
- Added the missing openssl(1) option
dsa -modulus
.
+ - Ensured that uvideo(4) devices are allowed sufficient probe buffer size for the given version.
+
- Implemented Linux kthread(9) drm(4) interfaces.
+
+
- Added OpenBSD::Unveil, a perl interface to unveil(2).
+
+
- Fixed a vfs(9) unlinking failure due to unveil(2), which led to a file system which could not be unmounted.
+
+
- Added support for version 3.0 of the 'mdstore' protocol to ldomctl(8).
+
- Fixed a race condition in mpii(4) devices by waiting for ports to finish scanning.
+
- Added user instructions to manually run
/usr/libexec/reorder_kernel
in case of syspatch(8) kernel update failure.
+ - Handled unreliable ntp peers by removing them from the pool upon non-response in ntpd(8), preserving good peers and re-resolving to find a replacement.
+
+
+
- Modified octeon to allow all network interfaces for root device selection when there is no explicit device class match for a given boot device.
+
- Improved file cleanup code for syslogd(8) that had been blocked by unveil(2), preserving the ability to remove a stale
/var/run/syslog.pid
file.
+ - Prevented a panic with bwfm(4) devices due to an overflowing async ring buffer.
+
+
- Added aggr(4), a dedicated driver to implement 802.1AX link aggregration.
+
- Fixed a free(3) size panic when detaching a crypto softraid(4) volume on i386.
+
- Updated the mac/vlan filters appropriately when the mac address changes on an ixl(4) device.
+
- Added server time.cloudflare.com to ntpd.conf(5).
+
+
- Improved handling of Raven, Raven2 and Picasso amdgpu(4) devices.
+
- Added tsleep_nsec(9), msleep_nsec(9) and rwsleep_nsec(9), which take timeouts in nanoseconds and use INFSLP to indicate a timeout should not be set.
+
- Stopped a segfault in mandoc(1) when /tmp is not writable.
+
- Locked the kernel when removing file descriptors from the descriptor table, preventing a race with kevent(2).
+
+
- Fixed a bug in pf(4) where the next hop interface configured with 'route-to' was not used when using source address tracking.
+
- Added thermal zone handling code to link together thermal sensors and cooling devices to actively or passively cool devices. Registered cpu(4) as a cooling device to support passive cooling and rktemp(4) as a thermal sensor.
+
+
- Switched the default compiler on octeon to clang(1).
+
- Merged Mesa 19.0.8.
+
- Stored the current filter parameter in the smtpd(8) session, fixing a bug where filters in a chain received a null parameter.
+
+
- Reintroduced ifiq_input counting backpressure by counting the number of times a nic has tried to queue packets before the stack processes them as a measure of load on the network stack, and beginning to drop packets when the load is too high.
+
- Implemented proper HDMI audio support for serial DVO.
+
+
+
- Updated libexpat to 2.2.7, including a fix for a potential denial-of-service attack (CVE-2018-20843).
+
- Modified amd64 and i386 to write back and invalidate caches before updating CPU microcode and added a compiler-level memory barrier to the instruction.
+
- Merged Unbound 1.9.2.
+
- Fixed a problem with the bgpd(8) session engine which caused it to spin with a poll timeout of 0.
+
+
- Enabled MSI-X interrupts.
+
+
- Allowed additional video(4) ioctls for the video pledge needed by chromium.
+
- Fixed sign handling in emulated floating point operations on sparc64.
+
- Added support for OCSP stapling to bgpd(8) due to an uninitialized peer id.
+
- Removed irrfilter from bgpctl(8). Other tools can be used to generate AS and prefix sets based on IRR data, such as bgpq3 (in ports).
- Added the glkgpio(4) driver for the gpio controllers on Intel's Gemini Lake SoC.
- Stopped retrying to get the usb descriptor in usbd_new_device() when the call times out, making reattaching USB at resume happen more quickly.