www/plus.html - diff

Return to plus.html CVS log

Up to [local] / www

Diff for /www/plus.html between version 1.1416 and 1.1417

version 1.1416, 2019/03/01 16:04:12

version 1.1417, 2019/03/03 03:52:29

Line 97

<li>Updated the en_US.UTF-8 <a href="https://man.openbsd.org/locale">locale(1)</a> to Unicode 10.

<li>Improved the <a href="https://man.openbsd.org/clang">clang(1)</a> X86FixupGadgets pass to further reduce ROP gadgets produced during compilation. Added a command line switch to disable this functionality.

<li>Changed ssdfb(4) to allow usage of <a href="https://man.openbsd.org/mmap">mmap(2)</a> so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed.

<li>Changed <a href="https://man.openbsd.org/ssdfb">ssdfb(4)</a> to allow usage of <a href="https://man.openbsd.org/mmap">mmap(2)</a> so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed.

<li>Fixed an issue with <a href="https://man.openbsd.org/xhci">xhci(4)</a> transfers that could cause an "invalid CSW" error.

<li>Changed <a href="https://man.openbsd.org/rsync">rsync(1)</a> --delete behavior to better interoperate with GPL rsync.

<li>Implemented --numeric-ids in <a href="https://man.openbsd.org/rsync">rsync(1)</a>.

Line 168

<li>Removed the implicit RTF_MPATH flag that rt_ifa_add() set on new routes.

<li>Simplified check for whether /usr/share is on an NFS filesystem in reorder_kernel.sh.

<li>Corrected PPC target in llvm to reflect that a long double is the same as a double on OpenBSD/powerpc.

<li>Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> with -D.

<li>Adjusted <a href="https://man.openbsd.org/pfctl">pfctl(8)</a> parser to insist anchor names must not be empty.

<li>Further simplifed trust anchor handling in <a href="https://man.openbsd.org/unwind">unwind(8)</a>, allowing removal of wpath and cpath pledges from the parent process.

<li>Set logging of x509 peers' certificate subject names during tls client authentication in <a href="https://man.openbsd.org/httpd">httpd(8)</a>.

Line 209

<li>Fixed a potential mbuf double free in the out-of-band soreceive() path.

<li>Added support for defining variables through the environment in <a href="https://man.openbsd.org/pkg-config">pkg-config(1)</a>.

<li>Implemented as-override in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a>, a feature where the neighbor AS is replaced by the local AS in AS paths.

<li>Added --validate flag to <a href="https://man.openbsd.org/pkg-config">pkg-config(1)</a> and updated version to 0.29.0.

<li>Added a <a href="https://man.openbsd.org/pthread_get_name_np">pthread_get_name_np(3)</a> to match <a href="https://man.openbsd.org/pthread_set_name_np">pthread_set_name_np(3)</a> in <a href="https://man.openbsd.org/pthreads">pthreads(3)</a>.

<li>Fixed an undefined case when neither -msave-args or -mno-save-args are specified in LLVM.

<li>Imported libc++, libc++abi and libunwind version 7.0.1.

Line 220

<li>Allowed <a href="https://man.openbsd.org/tun">tun(4)</a> access to AF_MPLS packets from userland.

<li>Converted <a href="https://man.openbsd.org/openssl">openssl(1)</a> rsautl to the newer style of option handling.

<li>Improved support for Marvell wi-fi microcontroller SoCs with the creation of the mvgicp(4) driver.

<li>Improved support for Marvell wi-fi microcontroller SoCs with the creation of the <a href="https://man.openbsd.org/mvgicp">mvgicp(4)</a> driver.

<li>Fixed exception handling issues with <a href="https://man.openbsd.org/clang%2B%2B">clang++(1)</a> on platforms not using <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a> as the default linker.

<li>Added captive portal detection for <a href="https://man.openbsd.org/unwind">unwind(8)</a>.

<li>Enabled -msave-args when building an amd64 kernel with <a href="https://man.openbsd.org/clang">clang(1)</a>.

<li>Increased datasize in <a href="https://man.openbsd.org/login.conf">login.conf(5)</a> for sparc64 to accommodate Mesa.

<li>Adjusted <a href="https://man.openbsd.org/pfctl">pfctl(8)</a> to show the routing address selected by "route-to" when "pfctl -s states" is used.

<li>Improved stack trace saving on amd64 and i386.

<li>Added retries to <a href="https://man.openbsd.org/acme-client">acme-client(1)</a> when not all challenges are validated.

Line 276

<li>Added a kernel fix for a potential panic when a negative value is used to index an array, validating in <a href="https://man.openbsd.org/wscons">wscons(4)</a> the user-supplied device index given to WSMXUIO_ADD_DEVICE.

<li>Adjusted <a href="https://man.openbsd.org/mpe">mpe(4)</a> mpls rtable behaviour to match <a href="https://man.openbsd.org/mpw">mpw(4)</a>, removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6.

<li>Added 'uselease' statement to <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values.

<li>Improved support for <a href="https://man.openbsd.org/nmea">nmea(4)</a> devices, providing altitude and ground speed values as sensors.

<li>Added an <a href="https://man.openbsd.org/scp">scp(1)</a> client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.

<li>Made <a href="https://man.openbsd.org/ssh-keyscan">ssh-keyscan(1)</a> return a non-zero exit status if it finds no keys.

<li>Added a delay to fix <a href="https://man.openbsd.org/pms">pms(4)</a> touchpad driver issue on ThinkPad X1 Gen6.

<li>Tagged the start of <a href="https://man.openbsd.org/witness">witness(4)</a> output with prefix "witness:" to allow easier data extraction.

<li>Changed an <a href="https://man.openbsd.org/abort">abort(3)</a> call to an <a href="https://man.openbsd.org/_exit">_exit(2)</a> in <a href="https://man.openbsd.org/crypto">crypto(3)</a> to guarantee termination of the running program without potentially leaving key material in core files.

<li>Fixed a double free in <a href="https://man.openbsd.org/ldap">ldap(1)</a>.

<li>Eliminated a bug wherein the ttl 0 could be incorrectly decremented to ttl 255 for incoming mpls packets.

Line 303

<li>Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support.

<li>Added the <a href="https://man.openbsd.org/man4/arm64/apm.4">apm(4)</a> subsystem to arm64.

<li>Taught <a href="https://man.openbsd.org/ldpd">ldpd(8)</a> to ask if a potential pseudowire interface is pwe3-capable.

<li>Changed <a href="https://man.openbsd.org/scp">scp(1)</a>/<a href="https://man.openbsd.org/sftp">sftp(1)</a> to sanitize scp filenames via snmprintf.

<li>Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>.

<li>Reworked how <a href="https://man.openbsd.org/tcp">tcp(4)</a> md5 signatures are configured in <a href="https://man.openbsd.org/ldpd">ldpd(8)</a>. Now configuration is allowed against a prefix in addition to a neighbour.

<li>Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a <a href="https://man.openbsd.org/diskless">diskless(8)</a> host.

<li>Pledged <a href="https://man.openbsd.org/video">video(1)</a> in response to the newly-added promise.

<li>Reordered PCI device assignment in <a href="https://man.openbsd.org/vmd">vmd(8)</a> to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions.

IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis.

<li>Increased maximum MTU of <a href="https://man.openbsd.org/bnxt">bnxt(4)</a> to match the linux driver.

<li>Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API).

<li>Added support to <a href="https://man.openbsd.org/crypto">crypto(3)</a> for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces.

<li>Modified <a href="https://man.openbsd.org/syspatch">syspatch</a> not to return an error if a rollback is attempted when no patches have been installed.

<li><a href="https://man.openbsd.org/syspatch">Syspatch(8)</a> now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine.

<li>Removed undocumented 24 hour limits for timeouts from <a href="https://man.openbsd.org/select">select(2)</a>, <a href="https://man.openbsd.org/pselect">pselect(2)</a>, <a href="https://man.openbsd.org/poll">poll(2)</a> and <a href="https://man.openbsd.org/ppoll">ppoll(2)</a>.

<li>Added a -J option as a shortcut for -o Proxyjump= to <a href="https://man.openbsd.org/scp">scp(1)</a> and <a href="https://man.openbsd.org/sftp">sftp(1)</a> to match <a href="https://man.openbsd.org/ssh">ssh(1)</a>'s interface.

<li>Switched sntrup implementation source from supercop to libpqcrypto in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.

<li>Added the ability to parse epoch seconds to <a href="https://man.openbsd.org/strptime">strptime(3)</a>. Added a -f pformat flag to parse the given time with strptime to <a href="https://man.openbsd.org/date">date(1)</a>.

<li>Fixed problem where <a href="https://man.openbsd.org/unveil">unveil(2)</a> system call can leak memory.

<li>Added video promise to <a href="https://man.openbsd.org/pledge">pledge(2)</a>, allowing ioctls on <a href="https://man.openbsd.org/man4/video.4">video(4)</a> devices selected from <a href="https://man.openbsd.org/video">video(1)</a> and firefox wbrtc implementation.

<li>Introduced a dedicated entry point data structure for file locks.

<li>Provided the initial TLSv1.3 client implementation in LibreSSL.

<li>Introduced -v flags for ssh-add and ssh-pkcs11-helper in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.

<li>Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using <a href="https://man.openbsd.org/ntpd">ntpd(8)</a> constraints.

<li>Factored out several functions duplicated between client and server for <a href="https://man.openbsd.org/ssh">ssh(1)</a>.

<li>Removed obsolete SSH v.1 functions in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.

<li>Enables manual validity checking for constraints in the X.509 certificate in <a href="https://man.openbsd.org/ntpd">ntpd(8)</a>. This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.

<li>AMD64 machines will now support 2TB of physical memory, extendable in the future.

<li>Improved handling of CPUID[1].ECX[OSXSAVE] bit.

<li>Adjusted <a href="https://man.openbsd.org/bgpd">bgpd(8)</a> to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage.

<li>Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in <a href="https://man.openbsd.org/vmm">vmm(4)</a>. These will now generategeneral protection fault as per spec.

<li>Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in <a href="https://man.openbsd.org/ixl">ixl(4)</a>.

<li>Added refresh for <a href="https://man.openbsd.org/arp">arp(8)</a> entries that are about to expire.

<li>Added support in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a> and <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a> for group descriptions in control messages that accept a neighbor description.

<li>Added support for ECDSA keys in PKCS#11 tokens.

<li>Added a -T option to test whether <a href="https://man.openbsd.org/ssh">ssh(1)</a> keys in an agent are usable.

Line 354

<li>Improved join error handling in<a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a>.

<li>Added a pwraction <a href="https://man.openbsd.org/sysctl">sysctl(8)</a> that allows conversion of a power button into a sleep button if desired.

<li>Set an <a href="https://man.openbsd.org/ssh">ssh(1)</a> password prompt to begin with a carriage return to obscure portions of a password entered too early.

<li>Enabled <a href="https://man.openbsd.org/myx">myx(4)</a> on the large ramdisk for amd64.

<li>Finished randomizing remaining layers of pmap_kernel.

<li>Enabled <a href="https://man.openbsd.org/ixl">ixl(4)</a> on amd64.

<li>Added a TLS record handling implementation.

<li>Moved boottime into the timehands.

<li>Added a partial port of EC_KEY_METHOD from OpenSSL 1.1 to libcrypto. Added various apis from OpenSSL 1.1 to LibreSSL.

<li>Set removal of a currently active network from the join list to disconnect as well.

<li>Added "join any" option to allow users to automatically connect via join() to any open wifi network. Known networks are preferred.

<li>Increased the socket buffer size for <a href="https://man.openbsd.org/sendsyslog">sendsyslog(2)</a> to 1 MB for fewer messages dropped by <a href="https://man.openbsd.org/syslogd">syslogd(8)</a>.

<li>Updated to libpixman 0.36.0 in xenocara.

<li>Added protective check for negative length integers in nfs clients and servers, as well as negative length NFS strings.

<li>Reconnected bfd(4) to the build after updating for sounlock() api change.

<li>Reconnected <a href="https://man.openbsd.org/bfd">bfd(4)</a> to the build after updating for sounlock() api change.

<li>Set <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> to ignore HUP signals. Starting a new dhclient will handle this use case by killing and executing a new copy.

<li>Began validating relative timeout before sleeping for <a href="https://man.openbsd.org/futex">futex(2)</a>.

<li>Began validating inputs to <a href="https://man.openbsd.org/adjtime">adjtime(2)</a>, <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> and <a href="https://man.openbsd.org/clock_settime">clock_settime(2)</a>.

<li>Changed the default digest type to sha256 for <a href="https://man.openbsd.org/openssl">openssl(1)</a>. Added support for pbkdf2 with OpenSSL-compatible flags.

<li>Removed <a href="https://man.openbsd.org/vmm">vmm(4)</a> and disabled <a href="https://man.openbsd.org/vmd">vmd(8)</a> and <a href="https://man.openbsd.org/vmctl">vmctl(8)</a> for i386 systems.

<li>Renamed TLS extension-handling functions to better fit TLSv1.3.

<li>Enabled use of a 64-bit register when required for inline assembly on sparc64, correcting sparc64 kernels compiled with <a href="https://man.openbsd.org/clang">clang(1)</a>.

<li>Continued work to prepare the network stack for fine-grained locking.

<li>Added support for the SSD1306 OLED display.

<li>Modified <a href="https://man.openbsd.org/signify">signify(1)</a> and <a href="https://man.openbsd.org/doas">doas(1)</a> to prevent passwords from being retained in memory when errors are encountered.

<li>Prevented users from specifying multiple join or nwid arguments in one <a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> call.

<li>Fixed crash conditions in <a href="https://man.openbsd.org/unveil">unveil(2)</a>, along with some cases where unveil would return ENOENT instead of EACCESS.

<li>Enabled <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> in RAMDISK_CD for amd64, allowing use during installs.

<li>Laid groundwork for TLSv1.3.

<li>Added a -h flag to <a href="https://man.openbsd.org/sftp">sftp(1)</a> <a href="https://man.openbsd.org/chown">chown(8)</a>, <a href="https://man.openbsd.org/chgrp" >chgrp(1)</a>, and <a href="https://man.openbsd.org/chmod">chmod(1)</a> commands to request they not follow symlinks.

<li>Added a -h flag to <a href="https://man.openbsd.org/sftp">sftp(1)</a> <a href="https://man.openbsd.org/chown">chown(8)</a>, <a href="https://man.openbsd.org/chgrp">chgrp(1)</a>, and <a href="https://man.openbsd.org/chmod">chmod(1)</a> commands to request they not follow symlinks.

<li>Added support for a "lsetstat@openssh.com" extension. This replicates the

<li>Added support for a "lsetstat@openssh.com" extension. This replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks.

functionality of the existing SSH2_FXP_SETSTAT operation but does not

follow symlinks.

<li>Updated to exit <a href="https://man.openbsd.org/syspatch">syspatch(8)</a> correctly after updating itself. Improvement to readability of patches to install on first boot.

<li>For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where <a href="https://man.openbsd.org/ospfd">ospfd(8)</a> and <a href="https://man.openbsd.org/ospf6d">ospf6d(8)</a> overwrite this information when "depend on" is used and the specified interface is down.

Line 394

Line 392

<li>Repaired inter-word spacing of postscript and pdf outputting by <a href="https://man.openbsd.org/mandoc">mandoc(1)</a>.

<li>Corrected setting of default colours in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.

<li>"No data" frames will no longer be processed in <a href="https://man.openbsd.org/ieee80211_input">ieee80211_input(9)</a> before decryption and incorrectly counted as decryption failures.

<li>Characters that will not be copied are no longer highlightable in <a href="https://man.openbsd.org/tmux">tmux(1).</a>

<li>Characters that will not be copied are no longer highlightable in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.

<li>Allowed programs to set the Checking Disabled flag on DNS requests.

<li>Prevented <a href="https://man.openbsd.org/ntpd">ntpd(8)</a> from starting when an instance is already running.

Line 416

Line 414

<li>Set <a href="https://man.openbsd.org/clang">clang(1)</a> to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.

<li>Enabled <a href="https://man.openbsd.org/uhci">uhci(4)</a> USB support for ARMv7.

<li>Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.

<li>Antiquated <a href="https://man.openbsd.org/OpenBSD-6.4/mincore.2">mincore(2)</a> will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.

<li>Bug fixes for <a href="https://man.openbsd.org/otus">otus(4)</a> devices based on the Atheros AR9001U chipset.

<li>Changed <a href="https://man.openbsd.org/mandoc">mandoc(1)</a> html output to display tooltips using css exclusively.

<li>Clarified in documentation that OpenBSD ignores the LC_NUMERIC category as a safety practice, and outlined best practices for portable programs.