===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1461
retrieving revision 1.1462
diff -c -r1.1461 -r1.1462
*** www/plus.html 2019/11/29 22:23:09 1.1461
--- www/plus.html 2019/12/05 10:41:13 1.1462
***************
*** 90,101 ****
! - Added uvm_objfree to uvm to efficiently free all pages from a uvm object, use in buffer cache for considerable speedup when freeing pages
!
- Modified buffer cache to use individual uvm_objs per buffer to speed page lookups
!
- Added support for TLS 1.3 post handshake handshake messages and key updates to LibreSSL
- Hooked rpki-client(8) up to the build.
- Enabled CMS in ssl(8).
--- 90,230 ----
+
+ - Added pwmfan(4), a driver for PWM-regulated fans.
+
- Added rkpwm(4), a driver for the RK3399's PWM controller.
+
- Added support for the RK3399's PWM clock to rkclock(4).
+
+
- Added tcpdump(8) support for printing RFC 8300 Network Service Header (NSH).
+
- Added tcpdump(8) support for VXLAN-GPE.
+
- Rewrote dhcpv6 parsing in tcpdump(8) to match the rfc, correctly handling dhcpv6 messages.
+
- Assumed grep(1) -R passed with "." rather than printing a warning by default.
+
- Reverted switch to tickless backend.
+
+
- Allowed forcing specific domains to be resolved by specific resolvers in unwind.conf(5), handling typical split-horizon setups.
+
- Simplified sysupgrade directory check and creation (/home/_syspatch). It can now be a symlink.
+
+
- Accepted netmask for IPv6 properly in ifconfig(8).
!
- Added a create-vdisk command to ldomctl(8) analogous to amd64's vmctl(8) create.
!
- Added uvm_objfree to uvm to efficiently free all pages from a uvm object, used in the buffer cache for considerable speedup when freeing pages.
!
- Added rkemmcphy(4), a driver for the RK3399's eMMC PHY.
!
- Added support for the RK3399's eMMC clock to rkclock(4).
!
- Introduced msyscall(2), permitting system calls from selected code regions only: the main program, ld.so(1), libc.so and sigtramp. This is intended to harden against a mixture of W^X failures and JIT bugs allowing syscall misinterpretation.
!
- Modified root's crontab(1) to run rpki-client(8) and reload bgpd(8) configuration, enabling RPKI ROA filtering.
!
- Modified buffer cache to use individual uvm_objs per buffer to speed page lookups.
!
- Decayed the unwind(8) resolver histogram data over time to reflect strategy performance.
!
- Removed the -r flag in rpki-client(8). CRLs will always be checked.
!
- Added the "console" command to ldomctl(8) which executes cu(1) on the domain's console.
!
- Printed guest domain vcctty(4) devices in status output in ldomctl(8).
!
- Removed km_mapblocks from kmemstats and its always-zero column from the ddb(4) "show malloc" output.
!
!
- Implemented a hexdump command in the bootloader, helping to inspect the memory layout created by the firmware and useful for UEFI debugging.
!
- Added list-io command to ldomctl(8), listing the available PCIe devices to be used with the iodevice parameter in ldom.conf(5).
!
- Measured performance of resolving strategies in unwind(8), sorting them and choosing the next best strategy when one fails.
!
- Removed captive portal detection from unwind(8).
!
- Reinstated support for monitor mode and multiple frames in iwm(4).
!
- Updated GLU to 9.0.1.
!
- Updated libdrm to 2.4.100.
!
- Added support for TLS 1.3 post handshake handshake messages and key updates to LibreSSL.
!
- Fixed scsi(8) softraid crypto volumes on 4K-sector disks.
!
- Faked disk info to match expected boot disk when EFI bootloader has been received via TFTP, fixing a hang during HP Elitebook UEFI boot.
!
- Fixed kernel crash in pf_ioctl with WITH_PF_LOCK and NET_TASKQ > 1.
!
- Switched to tickless backend in timeout(9), adding new interface timeout_at_ts(9) to avoid backwardly compatible behavior.
!
- Allowed use of 'auth' as an origin in smtpd.conf(5).
!
- Added support for MSI-X for iwm(4) devices.
!
!
- Allowed use of mail-from and rctp-to as for and from parameters in smtpd.conf(5).
!
- Computed RSSI on 9k iwm(4) devices as for previous generations, fixing spurious signal strength values of over 100%.
!
- Added a tmux(1) p format modifier for padding to width.
!
- Stored smtp(1) session usernames in an envelope, allowing the ruleset to match specific users or mailing addresses.
!
!
- Added "no-touch-required" options to ssh-keygen(1) and sshd(8) to disable touch requirement for authorized_keys and certificates.
!
- Added an sshd_config(5) PubkeyAuthOptions directive allowing specification of whether sshd(8) should check whether user presence was tested before a security key was made.
!
!
- Withdrew all proposals on slaacd(8) startup to prevent indefinite retention of nameservers on interfaces no longer flagged for autoconf.
!
!
!
- Prevented a timeout in ssh(1) when the server doesn't immediately send a banner, such as with multiplexers like sslh.
!
- Allowed rc.d(8) script to reload sndiod(8).
!
- Added tracking of which interfaces have learned nameservers to unwind(8).
!
!
- Improved ksmn(4) temperature conversion precision.
!
- Added a quirk to handle Apollo Lake, Gemini Lake and 100 Series Intel SD/MMC sdhc(4) controllers which should not have voltages set to 0V.
!
- Added Gemini Lake SD/MMC controller pci(4) ids.
!
- Ensured proper kernel stack alignment on mips64, fixing a panic on octeon related to pppoe(4).
!
!
- Adjusted on-wire signature encoding for ecdsh-sk ssh(1) keys to better match ec25519-sk keys.
!
!
- Fixed an off-by-one TRB issue in bulk transfers larger than 64k, making udl(4) work on xhci(4).
!
- Added iwm(4) support for 9260 and 9560 devices.
!
- Enabled ESP UDP-encapsulation with the iked(8) -t flag.
!
- Added -keyopt option to openssl(1) cms subcommand, providing rsa_padding_mode:oaep for cms -encrypt and rsa_padding_mode:pss for cms -sign.
!
- Added -f for full size to join-pane in tmux(1).
!
!
- Added rge(4), a new driver for Realtek 8125 PCI Express 2.5Gb ethernet devices.
!
- Repaired the "set delay" option for pf(4) to function as specified in pf.conf(5).
!
- Added the initial framework for the TLSv1.3 server.
!
- Used disable-bt overlay with raspberry pi to use pluart(4) as console, rather than the 'mini uart'.
!
!
- Added a -d option to pkg_add(1) to add debug packages if present alongside intended updates or additions.
!
!
- Fixed a segmentation fault in ncurses(3).
!
!
- Implemented HTTP/1.1 in ftp(1).
!
- Added direct support for U2F/FIDO2 security keys in ssh(1).
!
- Began resolving captive portal hosts internally in unwind(8).
!
- Changed tmux(1) new-session -A to attach to the best existing session when a session name is not specified, rather than creating a new session.
!
- Added an option to tmux(1) to set the key sent by backspace for systems using ^H.
!
!
- Prevented non-root users from using ioctl(2) to alter the address of a network interface.
!
- Prevented non-root users from setting the parameters of pppoe(4) interfaces.
!
- Prevented a local user from causing the system to hang by reading specific registers when Intel Gen8/Gen9 graphics hardware is in a low power state.
!
- Prevented writes to memory allowed by the Intel Gen9 graphics hardware.
!
!
- Notified the user via TTY or $SSH_ASKPASS when ssh(1) security keys must be tapped/touched in order to perform a signature operation.
!
- Enabled ed25519 support in ssh(1).
!
- Fixed iwm(4) support and loaded new firmware for 3168 devices.
!
!
- Enabled rpki-client(8).
!
- Printed the URL when sysupgrade(8) fetches new sets.
!
- Prevented a crash in ieee80211_node2req() which could be triggered by an ioctl(2) if the driver had not yet initialized the channel map.
!
- Implemented DNS proposals in unwind(8) to learn nameservers from network autoconfiguration daemons.
!
!
- Moved /usr and var remounting earlier to allow unwind(8) to start before pf(4) is configured.
!
- Added a Content-Security-Policy HTTP header to mandoc(1) that allows only CSS.
!
- Added an opportunistic run of fw_update(1) to sysupgrade(8) before rebooting to run the upgrade.
!
- Introduced a "trusted" modifier to ntpd(8), for peers which should be on a local net, used in situations where https constraints cannot be used but auto settime is desired.
!
- Stopped connecting to available open wifi networks when an interface is marked up. This behavior must now be explicitly enabled with ifconfig(8) join "".
!
!
- Added support for active scan to bwfm(4).
!
- Lowered the priority of APs which fail to connect in the ifconfig(8) join list, allowing switching wifi networks by moving between them without having to down/up the interface or suspend/resume.
!
!
- Triggered a background scan when root runs the ifconfig(8) scan command, updating the list of cached APs for future scans and forcing a search for a better AP to roam to.
!
- Switched 8260 and 8265 iwm(4) devices to -34 firmware.
!
!
- Added support for buttons 2 and 3 to imt(4).
!
- Enabled DNSSEC validation in unbound(8) by default.
!
- Prevented non-root users from setting the WEP key on an(4) wireless network devices.
!
- Added -F flag to tmux(1) send-keys to expand formats in search-backward and forward copy mode commands.
!
!
- Performed constraint validation against 9.9.9.9 and 2620:fe::fe by default in ntpd.conf(5).
!
- Fixed a bug where outstanding frames on the iwn(4) aggregation queue interfere with roaming to another AP.
!
- Raised net80211's "beacon miss" threshold to avoid frequent reconnects to APs suffering packet loss due to distance.
!
!
!
- Removed mobileip(4).
!
- Added ogx(4), a driver for the OCTEON III network processor.
!
- Reinstated OpenSSL(1) CMS.
!
- Switched iwm(4) 3160, 7260 and 7265 to -17 firmware images.
!
- Enabled DQA mode for iwm(4).
!
- Added support for iwm(4) firmware paging, required for newer 8k device firmware.
!
!
- Fixed a possible crash in smtpd(8) when combining "from rdns" with nested virtual aliases under a particular configuration.
!
- Released smtpd(8).
!
- Added opportunistic DoT support to unwind(8).
- Hooked rpki-client(8) up to the build.
- Enabled CMS in ssl(8).