=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1517 retrieving revision 1.1518 diff -c -r1.1517 -r1.1518 *** www/plus.html 2024/03/10 18:46:16 1.1517 --- www/plus.html 2024/03/11 04:07:54 1.1518 *************** *** 100,106 **** --- 100,362 ----

Fixed ssh-keygen(1) find-principals on allowed_signers files with blank lines. + +
Disabled LRO in ix(4) on sparc64 by default for stability for the 7.5 release. + +
Enabled dwxe(4) on riscv64. +
Added Allwinner D1 ethernet controller clocks and reset support to sxiccmu(4). +
Added SPI clocks for other 64-bit Rockchip SoCs in rkclock(4). + +
Added backup of disklabel for softraid(4) chunks to security(8). +
Converted 't_lock', 'r_keypair_lock' and 'c_lock' rwlock(9)s to corresponding mutex(9)es. +
Switched to using whois.internic.net for whois(1) -i. +
Added validation for IPv4 packet options in divert(4). + +
Fixed detection of qcpas0 driver on x13s when booted in ACPI mode. + +
Separated ssh(1) parsing of string array options from applying them to the active configuration. Fixed some cases where the config parser improperly rejected valid configuration. +
Started flushing the D-cache before disabling the cache on armv7 in efiboot. +
Added a workaround for an 88100 errata where FPU imprevise exceptions could be raised in error. + +
Fixed awacs(4) audio on some iMac G3 models. +
Bumped smtpd(8) version to 7.5.0. +
Added support for attaching rkpmic(4) to an SPI bus. Added support for the RK806 PMIC which can attach to both I2C and SPI. +
Added rkspi(4), a driver for the SPI controller found on various Rockchip SoCs. +
Added clocks for the RK3588 SPI controller to rkclock(4). +
Made iked(8) trigger retransmission only for fragment 1/x to prevent each received fragment triggering retransmission of the full fragment queue. +
Bumped OpenIKED to 7.4. +
Bumped libressl to 3.9.0. +
Removed GOST and STREEBOG support from libressl. + +
Added mktemp(1) suffix support for compatibility with the GNU version. It is now possible to use templates where the Xs are not at the end. +
Added mkdtemps(3), identical to mkdtemp(3) except that it permits a suffix to exist in the template. +
Allowed fdisk(8) to add GPT partitions of protected types, making it possible to provision virtual machine images that need a "BIOS Boot" partition. +
Bumped rpki-client(8) to 9.0. +
Bumped bgpd(8) to 8.4. +
Prevented arm64 printing of CPU feature flags in dmesg(8) unless they differ from the previous entry. +
Protected pool_get() with kernel lock in sys_ypconnect(). +
Added rpki-client(8) -x to enable processing of experimental file formats (currently only the Signed Prefix list). + +
Moved from 7.5-beta to 7.5. + +
Enabled IPv6 AF for ppp(4). + + +
Enabled MSIs on RK3588 in dwpcie(4). +
Added GMAC related RK3588 clocks to rkclock(4). +
Added RK3588 support to dwqe(4). +
Fixed Tx rate selection for management frames in iwx(4). +
Made rpki-client(8) track the number of new files moving from 'staging' to 'validated cache'. + + +
Added new accounting flag ABTCFI to acct(5) to indicate SIGILL + code ILL_BTCFI has occurred in the process. +
Explicitly disabled MSR_CET_NO_TRACK_EN in MSR_S_CET to prevent accidentally allowing "notrack" indirect branches. + +
Changed the system uptime clock to start at 0.0 rather than 1.0, fixing a problem in sdmmc(4) during boot. + +
Added rpki-client(8) support for RPKI Signed Prefix Lists. +
Added suspend/resume support to qwx(4). + +
Imported mwx(4), a driver for Mediatek MT7921 and MT7922 802.11ax devices. + +
Handled /reserved-memory nodes from device trees on arm64. +
Added multithreading to vmd(8)'s vionet, allowing RX and TX to operate independently to reduce overall network latency for guests and alleviate the TX side dominating cpu time. +
Added the 7.6 fw key. +
Implemented disassociation (RUN->AUTH/INIT) in the qwx(4) driver state machine. + +
Made bwfm(4) work with MAC addresses set via ifconfig lladdr. +
Fixed a deadlock in openrsync(1) when big files are synced using the hash algorithm. +
Fixed pthread errors which could lead to crashes on sparc64. + +
Prevented ioctl(WSKBDIO_GETENCODINGS) NULL dereference when sysctl machdep.forceukbd is enabled with no USB keyboard attached. + +
Removed dt(4) clock interrupt staggering to reduce profiling overhead. +
Moved to 7.5-beta. +
Added JH7100 I2C clocks to stfclock(4). + +
Added TCP Segmentation Offload (TSO) support to em(4). +
Fixed issues in intel wifi drivers where only a subset of channels were scanned. + +
Enabled qwx(4) on arm64 and amd64. +
Added TCP/UDP Checksum Offloading for IPv4/6 to vmx(4). +
Fixed bogus packet length calculation in the ix(4) RX/LRO path, which could lead to TSO tagging forwarded packets incorrectly. + +
Made qwx(4) work with custom MAC addresses set via ifconfig(8). + +
Enabled the pool gc thread on m88k MULTIPROCESSOR kernels. +
Synced with unbound(8) to fix CVE-2023-50387 and CVE-2023-50868, usable to cause high CPU load and potentially denial of service with specifically crafted DNSSEC responses. +
Added two new values for the tmux(1) destroy-unattached option to destroy sessions only if they are not members of sessions groups. + +
Disabled hardclock() on secondary CPUs, reducing every system's normal clock interrupt rate by (HZ - HZ/10) per secondary CPU. +
Added Allwinner H616 support to ehci(4). +
Added vi(1) showfilename set option to display the file name in the lower left corner. + +
Enabled disk encryption in unattended installations using a plaintext passphrase or keydisk. +
Used 'sb_mtx' instead of 'inp_mtx' in the receive path for inet sockets. + +
Made pkg-config(1) accept both "CFlags:" and "Cflags:". +
Updated libexpat to 2.6.0. +
Grew arm64 iso media. +
Stopped 'sysctl hw.ucomnames' from returning an error on systems without ucom(4) support. + +
Fixed locked address interfaces in vmd(8). +
Moved dt(4) interval/profile entry points from the fixed-frequency hardclock() to a dedicated clock interrupt callback so probes can fire at arbitrary frequencies. +
Enabled igc(4) on sparc64. +
Made ifconfig(8) display the Tx rate selected by qwx(4) firmware. +
Added nochroot parameter to radiusd(8) module_drop_privilege() so that modules can use unveil(2) instead of chroot(2) if needed. + +
Marked full qwx(4) Tx queues, such that the OACTIVE mechanism will be used. + +
Added Allwinner H616 support to sxiccmu(4), sximmc(4) and sxipio(4). +
Added and installed the zonenow.tab file, a table where each row stands for a timezone where civil timestamps are predicted to agree from now on. + +
Implemented basic bpf(4) support for qwx(4). + +
Added risc-v support code for clang -msave-restore. +
Added a netstat counter for route cache. +
Used the 'sb-mtx' mutex(9) to protect 'sb_timeo_nsecs'. +
Stopped sending route messages while rebooting after a panic, to prevent an additional panic in the knote(9) layer. +
Update timezone info to include Kazakhstan's switch to unified UTC+5 and Palestine time change after Ramadan. +
Made btrace(8) print statistics on stderr to be able to redirect bt(5) script output. + +
Added a DMA constraint for the x13s. + +
Reworked socket buffers locking for shared netlock, introducing 'sb_mtx' mutex(9) to protect sockbuf. +
Prevented cpu spinning when a vio(4) device would be activated by a driver but before virtqueues were provided. +
Removed Softdep. +
Added new amd64-only sysctl machdep.retpoline which says whether the cpu requires retpoline. +
Implemented Multiple Message MSI support on arm64, currently working only on systems that use agintcmsi(4) as the MSI controller combined with the dwpcie(4) Hots/PCIe bridge. +
Implemented qwx_tx() in qwx(4), enabling the 4-way handshake. + +
Ensured that smtpd(8) only processes the .forward file of the alternate delivery user provided in a dispatcher, and no other recipient .forward file. +
Disallowed custom commands and file reading in a .forward file, allowing only forwarding addresses and users, so that smtpd(8) can't execute custom commands set by root in a .forward. +
Reverted smtpd(8) to running lmtp deliveries as the recipient user, not SMTPD_USER (_smtpd). +
Implemented the basics of the qwx(4) data frame Rx path, allowing our net80211 stack to see the initial WPA handshake packet sent by the AP. +
Made vmd(8) explain missing agentx group on getgrnam(3) failure. + +
Added sximmc(4) Allwinner D1 support and enabled it on riscv64. + +
In aucat(1), fixed MIDI control of the levels of individual files. +
Added a route generation number that is updated whenever the routing table changes, allowing discarding of older cached routes without waiting for socket closure or invalidation. + +
Added MediaTek UART support. +
Rewrote vmd(8)'s vionet to be zero-copy. +
Increased macppc and arm maximum text segment size to accommodate clang. +
Fixed a race in rpki-client(8) between scheduling a new request onto an idle connection and closing the same connection. + +
Updated to libdrm 2.4.120. +
Changed TCP timers to run without kernel lock. +
Handled qwx(4) association state transitions from ASSOC to RUN, allowing successful completion of the association sequence with the AP. +
Prevented a kernel panic in the case that apldrm(4) fails to create a framebuffer without propagating an error to its callers. + +
Added qwx(4) support for sending management frames. +
Allowed escaping inside quotes in smtpd(8). +
Updated to xbiff 1.0.5. +
Updated to xeyes 1.3.0. +
Updated to fonttosfnt 1.2.3. +
Updated to xserver 21.1.11. + +
Forced -fno-stack-protector on "boot block" that can't have a stack protector (alpha and sparc64). +
Set -fno-stack-protector in NORMAL_C_NOP, used to compile mcount.c, ensuring there is never a stack protector prologue/epilogue in the functions in that file. +
Enabled the openssl(1) command line tool to generate ECDSA certificates and CMS products. +
Added the sxitimer(4) driver to riscv64 to be able to trigger external interrupts on the Allwinner D1. +
Added sxirtc(4) support for newer SoCs that store the data as number of days since the Unix epoch instead of a calendar date. +
Implemented an initial SMIv2 parser in snmpd(8). + +
Put checksum flags in bpf_hdr to use them in userland dhcpleased(8) so it can accept non-calculatred checksums verified by hardware/hypervisor. +
Added Allwinner D1 support to sxidog(4), support for the USB PHY to ehci(4) and initial clock support to sxiccmu(4). +
Unlocked listen(2). +
Added bgplgd(8) -V to list version. +
Implemented T-Head cache management operations needed to handle SoCs like the Allwinner D1 on riscv64. +
Updated libcxx, libcxxabi and libunwind to 16.0.6. + +
Made btrace(8) return 0 when accessing an argument not defined in a probe. +
Updated awk(1) to the Jan 22, 2024 version. +
Fixed various NULL dereferences in PKCS #12. +
Implemented RFC7606 treat-as-withdraw for ORIGIN attributes with an invalid value in bgpd(8). +
Implemented qwx(4) qwx_auth() to move the device from SCAN into AUTH state. +
Added processing for scan results to qwx(4). +
Implemented multi-vector MSI interrupts in qwx(4). + +
Switched clockintr(9) from callee- to caller-allocated clockintr structs to remove dt(4)-incompatible behavior. +
Implemented a per connection peerid for iked(8) control replies. +
Added iwm(4) to arm64 GENERIC. + +
Tagged packets going out a sec(4) interface to prevent route/encap loops. +
Implemented a workaround to a T-Head page attribute extension violating the RISC-V specification. This is designed to make use of the Svpbmt extension and gets us closer to booting OpenBSD on an Allwinner D1 SoC. +
Introduced pipex_iterator() to perform 'pipex_session_list' for each walkthrough with 'pipex_list_mtx' mutex(9) relocking. +
Forced Apple backlight update after resume. +
Updated to zlib 1.3.1. +
Explicitly disabled eephy(4) Energy-Efficient Ethernet (EEE) on Marvell E151x. +
Changed igc(4) default duplex setting and simplied the setup of srrctl.BSIZEPKT. + +
Made login.conf(5) and crypt_newhash(3) and the underlying code consistent regarding bcrypt,a instead of blowfish,a. +
Added apldcp(4), a driver to control the display coprocessor integrated on Apple SoCs. +
Added apldrm(4), a driver providing kernel mode setting (KMS) functionality for the graphics hardware integrated on Apple SoCs. +
Reduced static binary size by switching to use of libc-private __hash_open() in /etc files cases where the dbopen(3) function otherwise pulls in all three database backends. +
Increased buffer size to avoid truncating styles in tmux(1). +
Created a new libc-private function for when getpwnam(3) reaches out to yp(8) which can skip socket/address work which isn't needed. Reduces text segment by ~100k in most static binaries and removes 5-7 system call stubs, which might matter for non-pledged binaries which otherwise lack socket(2). +
Rewrote assorted imsg code to use new ibuf API. + +
Disallowed madvise(2) and msync(2) memory/mapping destructive ops on immutable memory regions for these operationS, instead returning EPERM. + +
Increased max VM mem size to 128GB by removing vmd(8) limit. +
Improved formatting for pax(1) extended header times. + +
Replaced pinsyscall(2) with the new pinsyscalls(2) which handles all system calls. +
Made mktemp(3) callback-driven and split into multiple files so only the necessary system calls will be reachable from the binary. +
Implemented Multiple Message MSI support on amd64 to aid qwx(4) development. + +
Added iwn(4) to arm64 GENERIC. +
Added TSO support to bnxt(4). +
Unified inpcb API for inet and inet6. +
Completed base program conversion to use imsg_get_fd() in place of imsg.fd. +
Used solock() instead of netlock within fill_ifile(), making all socket types protected. + +
Fixed core file writing when a file map into memory has later been truncated to be smaller than the mapping. + +
Updated drm to linux 6.6.12. +
Made the kernel read pinsyscall tables out of PT_OPENBSD_SYSCALLS in the main program or ld.so, and accept a submission of that information for libc.so from ld.so via pinsyscalls(2). At system call invocation, the syscall number is matched to the specific address from which it must come. +
Patched X server and Xwayland vulnerabilities CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409. + +
Added an iked(8) debug message when no policy is found. +
Ensured a proper string is returned by getaddrinfo(3) when AI_CANONNAME or AI_FQDN is set. +
Added arm64 support for bringing up RTKit while !cold. +
Implemented 'pfctl(8) -a "*" -sT' behavior to print all tables attached to every anchor loaded to pf(4) (to join the existing "" -sr, which shows the rules found in every anchor). + +
Prevented vio(4) panics by polling device status after issuing device reset to avoid a potential race condition. +
Changed ld.so to only load the first libc version encountered requested and substituting it for all further loads, ensuring that the libc version requested by an executable itself is the one loaded. + +
Provided a more complete implementation of the drm "component" APIs. + +
Switched to sending UDP packets in parallel now that sending UDP packets via datagram socket is MP safe. + +
Fixed Linux NFS clients freezing after five minutes of inactivity. +
Extended rpki-client(8) -P to work for Trust Anchor certificates. +
Improved bgpd(8) RTR version negotiation. +
Made qwx(4) handle MHI M1->M2 state transitions. + +
Made DSA key support compile-time optional, defaulting to on. +
Split UDP PCB table into IPv4 and IPv6 tables, reducing contention on the per table lock. + +
Prevented a potential bnxt(4) crash after failure to bring up a queue. +
Added instruction length to vm exit information to allow vmd(8) to manipulate the instruction pointer after io emulation, preparation for emulating string-based io instructions. +
Added a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. +
Converted bgpd(8) parent processing imsg handling over to new imsg API. + +
Deleted support for FFS filesystems before the in-inode symlink optimization. +
Implemented acpi(4) RootPathString support in the LoadTable() AML function, fixing OpenBSD boot on an older version of Hyper-V. + +
Made syscalls error out if taking more than six arguments. +
Updated xserver to 21.1.10. +
Added certificate revocation timestamps to rpki-client(8) filemode warning messages. + +
Prevented use after free of TLS context at syslogd(8) shutdown. + +
Improved httpd(8) auto-index, adding human-readable file sizes and allowing per-column sorting.
Fixed smtpd(8) IPv6 addresses table lookups.
Added axen(4) support for AX88179A and prevented incorrect recording of dummy headers as dropped frames.