===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1347
retrieving revision 1.1348
diff -u -r1.1347 -r1.1348
--- www/plus.html 2014/07/11 03:00:53 1.1347
+++ www/plus.html 2014/07/24 09:28:13 1.1348
@@ -1,4 +1,3 @@
-
@@ -75,6 +74,161 @@
+
+- Fixed timeouts in relayd(8) when one connection is spliced and one non-spliced.
+
- Added configuration handling for certificate and key files to libressl.
+
- KASSERTMSG(9): new function for a kernel assertion with message.
+
- Fixed sched_stop_secondary_cpus() to properly drain run queues from CPUs.
+
- Display zero page hit and miss counters in vmstat(8) -s.
+
- Show an error if cmd_find_session can't find the current tmux(1) session.
+
- Made tmux(1) close a connection when it receives an EOF.
+
- If a client is killed while suspended with ^Z, tmux(1) will no longer try to resume it.
+
- Removed all crypt choices other than bcrypt from adduser(8).
+
- When using NAT or redirects, recalculate the checksum of reassembled IPv6 fragments before the packet is refragmented.
+
- Fixed path MTU discovery with ping6(8) through pf(4) using nat or rdr.
+
- Introduced the PS_NOBROADCASTKILL flag that excludes processes from receiving kill(1) -1 broadcast signals.
+
- KERNEL_ASSERT_LOCKED(9) function added, working towards removal of the kernel lock.
+
- Initial support to read GPT partition tables in the kernel on i386/amd64 (requires option GPT).
+
- Ensured httpd(8) finishes writing the output before closing the connection.
+
- Fixed tight renew loop regression in dhclient(8).
+
- httpd(8) will now close the connection after the response is completed (no Keepalive yet).
+
- Added httpd(8) support for media types (compatible with nginx(8) mime.types file).
+
- Added ext4 read support.
+
- Brought man.cgi default mode closer to what man(1) does.
+
- Close connection/remove event handler when ypldap(8) msgbuf_write() hits an EOF.
+
- Introduced mount(8) -N option and a "net" mount option, and matching fsck(8) -N flag.
+
- Updated glxinfo(1) and glxgears(1) to version in mesa demos 8.2.0.
+
- Better httpd(8) error messages.
+
+
- Added httpd(8), a simple web server (preliminary version).
+
- dmesg(8) now indicates if aperture driver is required by X(7). Used by installer for sysctl(8) machdep.allowaperture setting.
+
- Fixed usb(4) connect freeze on octeon, by clearing the host port interrupt.
+
- Removed udfu(4).
+
- Updated to xf86-video-modesetting 0.9.0.
+
- On octeon, fixed root hub descriptors by matching ehci(4)'s descriptors.
+
- In sysmerge(8), use sha256(1) for compared files.
+
- Rework zyd(4)'s register read/write methods to eliminate race conditions.
+
- Fixed netstart(8) after autoconf6 change so "rtsol" lines in hostname.if(5) work again.
+
- Always create a local route(4) for every configured IPv4 address on the machine; made sure the local route(4) is removed during an address change (stops pppoe(4) corrupting the routing tree); do not add a local route if the specified address is 0.0.0.0 (prevents tree corruption).
+
- Use imsg(3) between the privileged and the non-privileged npppd(8) processes.
+
- Fixed whatis(1), to correctly match words instead of any substrings; provide an internal mode for man.cgi(8).
+
- Removed qli(4) (never enabled and was unfinished).
+
- Made rc.conf(8) a parsed configuration file; stop sourcing it as a shell script.
+
- Updated to libICE 1.0.9 and libXft 2.3.2.
+
- Add a function to drop all clean pages on the uvm(9) page daemon queues; call it when we hibernate.
+
- Moved macppc abtn(4) driver from workq to taskq.
+
- Only detach the usb(4) device that has been disconnected, to fix a regression.
+
+
- Implemented checksum offload for divert(4).
+
- Allowed acpitz(4) to accept a temperature reading of 0 degC (fixes some machines with "failed to read _TMP" errors).
+
- Stopped acpitz(4) reporting bogus temperature values (temperatures > 4,000 degC) and therefore shutting down the machine.
+
- Initial version of libressl; provide LIBRESSL_VERSION_NUMBER to detect versions distinct from OPENSSL_XXX.
+
- Limit relayd(8) HTTP header length to 8K (based on the default of 4-8K common in web servers).
+
- In boot(9), purged curproc-overriding hacks.
+
- bluetooth(4) support removed (code did not work properly anyway).
+
- Better m4(1) error handling in mkstemp/unlink/fdopen logic.
+
- Started reducing the attack surface of lynx(1) (gopher, news, and dired left enabled for now).
+
- Enabled interrupt routines on octeon.
+
- Added relayd.conf(5) options for disallowing client-initiated renegotiations and to prefer the server's cipher list.
+
- Added relayd(8) support for EDH to provide perfect forward secrecy for older ssl(8) clients.
+
- Stopped DHCPINFORM in dhcpd(8) looking up the lease database, filling the yiaddr field, or including lease time parameters.
+
- Introduced IFXF_AUTOCONF6 interface and removed net.inet6.ip6.accept_rtadv from sysctl(8).
+
- Allow IFXF_AUTOCONF6 to be set and cleared via ifconfig(8).
+
- On rtsold(8), turned AFXF_AUTOCONF6 on.
+
- Placed the first examples into the new /etc/examples directory.
+
- Documentation update for libcrypto and ssl(8).
+
- Prevent infinite loop during ssl(8) configuration file parsing (PR #2985).
+
- In ssl3_get_cert_verify(), accommodate ssl(8) RSA keys larger than 4096-bit (PR #319).
+
- Fixed copy for CCM, GCM and XTS (ssl(8) PR #3272).
+
- Added machine independent reboot(9) function.
+
- Removed redundant check and wrong fix from fsck_msdos(8): fat.c checks already take care of cluster chains.
+
- In ssl(8) asn1_get_length(), tolerate leading zeroes in BER encoding (PR #2746).
+
- In ssl(8) EVP_PBE_alg_add don't use the underlying NID for the cipher, as it may have a non-standard key size (PR #3206).
+
- By popular demand, added back hamc-sha1 to sshd(8) protocols (still used by many clients).
+
- Fixed ssl(8) OID encoding for single components (PR #2556).
+
- More ssl(8) memory leaks and unchecked allocations fixed (PR #3403).
+
- Made sure BN_sqr never returns negative numbers (ssl(8) PR #3400).
+
- Let ssl(8) accept CCS again after "finished" has been sent by the client. Avoids failed renegotiations (PR #3400).
+
- In ssl(8) dtls1_clear_queues(), free buffered_add_data.q correctly (PR #3286).
+
- Fixed version number processing in ssl(8) cms_sd_set_version() (PR #3249).
+
- Removed rdist(1).
+
- Avoid panic on alpha when using network card with a small number of tx descriptors per packet, a lot of memory, and a heavily fragmented packets.
+
- When looking for the issuer of a ssl(8) x509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359).
+
- In ssl(8) ssl3_get_client_key_exchange() parsing a GOST session key, invoke the regular ASN.1 parser (PR #3335).
+
- Removed RFC4620 Node Information Query support from the kernel.
+
- Made ssl(8) CMS_decrypt_set1_pkey() return an error if no recipient type matches, instead of returning a random key (PR #3348).
+
- Fixed missing initialisation in ssl(8) (PR#3289 and #3345).
+
- Simplified relayd(8) code that handles the HTTP headers. Fixes some issues (e.g. handling of multiple "Set-Cookie" headers).
+
- Don't hold the kernel lock while halting a processor.
+
- New CPU_BUSY_CYCLE() function, so the CPU can reduce power consumption in busy loops.
+
- Synchronised zaurus's boot(9) with all others by having it call if_downall().
+
- Added -u option to dhcpd(8). Binds UDP port to answer DHCPINFORM from clients on non-ethernet interfaces (eg. tun(4) or pppx(4)).
+
- Converted bus_dmamem_map(9) to km_alloc(9), to fail (not sleep) if the allocator cannot obtain a lock when BUS_DMA_NOWAIT is specified.
+
- Updated to Xserver(1) version 1.15.2.
+
- Corrected readlink termination in csh(1).
+
+
- Using -U command-line option, allow ftp(1) to change its user agent for HTTP(S) URL requests.
+
- Flush the buffercache to 16MB on hibernate and restore its previous max size (kern.bufcachepercent) on resume. Better hibernate performance.
+
- Set cold to 1 before executing the DVACT_POWERDOWN handlers when halting or rebooting a machine. Avoids panic on macppc with uhci(4) cardbus.
+
- Fixed panic seen when unplugging a cardbus ehci(4), ohci(4) or uhci(4).
+
- Taught fsck_msdos(8) that uninitialised values (-1) in FSInfo are valid.
+
- newfs_msdos(8) fixes: always put boot signature at end of 512 byte sector, even on disks with larger sector sizes; do not point at a cluster that is in use; avoid out of boundary access when checking invalid long filenames; validate number of FATs; validate critical file system info.
+
- Improved smtpd(8) scheduler: can now return envelopes of different types in a single run (interlaced to avoid batch effects); send envelopes at a rate that the queue can sustain; limit the number of envelopes in a holdq (excess returned to pending queue).
+
- Return RSN (WPA) information to userland during ifconfig(8) wireless scan; show whether a wireless network uses WEP or WPA.
+
- m4(1) will now annotate regexp error messages with the source string.
+
- Stop using a shutdown hook for softraid(4) and explicitly shutdown the disciplines right after vfs_shutdown().
+
- Added bus and root hub routines to octeon, to prevent panic at attach.
+
- Made usbdevs(8) correctly report devices connected to xhci(4).
+
- Fixed missing allocation checks and potential NULL pointer dereference in the error path in ssl(8) PEM_X509_INFO_read_bio().
+
- vic(4) now records the size of the rx rings so we can wrap around them correctly. Fixed a panic.
+
- Added internal buffering for dump(8). Ensures all requested data is actually read from the device when they have non-512 byte sectors.
+
- Removed bogus preprocessor statements (trying to pick the largest integer type for BF_LONG, MD[45]_LONG and SHA_LONG) from ssl(8).
+
- Removed compression from ssl(8).
+
+
- Simplified the way divert(4) sends packets to userspace.
+
- When relayd(8) is copying structures via imsg, ensured contents do not contain bogus pointer values.
+
- Merged in mesa 10.2.3.
+
- In ssl(8) ocsp_lib.c, reset host, port and path to null after freeing so the caller doesn't accidentally free them again.
+
- Removed mkstr(1) and xstr(1).
+
- Replace relayd(8) protocol directives for HTTP with a new generic filtering language (grammar inspired by pf(4)).
+
- Fixed resume time page table issue on amd64 if the piglet was located above 1GB physical (caused by using an incorrect page size mask).
+
- Cleaned up and simplified ssl(8) SSL_CIPHER_description by always using asprintf(3).
+
- Added daemon_timeout variable to rc.d(8) and rc.subr(8) (sets maximum time to wait for actions to return).
+
- Fixed crash in ssh-add(1) while loading more than one key.
+
- Fixed classless-{ms-,}static-routes in dhcpd(8) to comply RFC 3442.
+
- Added "no-dsn" listener option smtpd.conf(5), which disables DSN extension.
+
- Suspend kernel's stack smash guard to avoid panicking during unpack.
+
- Fixed i386/amd64 hibernate issue where kernel lock acquisition was started but not completed.
+
- Removed ssl(8) "export" cipher handling.
+
- ncheck_ffs(8) now accepts duid for the filesystem argument.
+
- smtpd(8) config parser improvements: fail if the same option is specified multiple times on a listener; prompt for queue encryption key after (not during) smtpd.conf(5) parsing; added ip addresses to localnames table.
+
- bpf(4) code simplification.
+
- Set sysctl(8) default of net.inet6.icmp6.nodeinfo to 0, disabling responses to RFC4620 IPv6 Node Information Queries.
+
- Fixed boot(8) -d on amd64 and i386.
+
+
- Updated to lynx(1) version 2.8.8rel2, keeping local changes.
+
- Downgraded more ssh(1) error() to debug(). Suppresses spurious errors with hostbased authentication enabled.
+
- More useful sftp(1) error message when GLOB_NOSPACE occurs (bz#2254).
+
- While filling the rx ring, stopped bnx(4) and msk(4) being too smart in avoiding overuse of file descriptors.
+
- Marked the weakened ssl(8) 40-bit export ciphers as invalid.
+
- smtpd(8) now sends correct imsg when enabling profiling at runtime.
+
- Removed asa(1).
+
- Fixed a double free bug in parsing npppd.conf(5).
+
- Stopped npppd(8) accessing freed memory when it is exiting.
+
- Define SMALL_REGISTER_BANK in ssl(8) on arm and vax. Generates faster code (vax 30% faster).
+
- Various smtpd(8) queue improvements.
+
- Made sure to clear the WAIT flag when cancelling the smtpd(8) MTA connector timeout.
+
- Pulled the rx ring accounting out of the mbuf(9) layer. Simplifies the allocation paths.
+
+
- On em(4), bus_dmamap_sync the rx ring once per em_rxeof call, rather than for every rx descriptor.
+
- Stopped em(4) stalling the entire tx path when it encounters a heavily fragmented packet.
+
- Cleaned up mandoc(1) ERROR messages related to document structure and macros.
+
- Run getuid(2), getgid(2), getresuid(2), setreuid(2) and setuid(2) without the kernel lock.
+
- Stopped pckbc(1) printing warnings for mouse interrupts when running bsd.rd.
+
- In pkg_add(1), restored the progress meter for large files.
+
- Stopped mandoc(1) unnecessarily deleting any content from .Rs blocks.
+
- Implemented .dei and .ami in roff(7).
+
- smtpd(8) now allows enabling profiling at runtime.
- If acpi(4) finds a bogus interrupt, don't panic but print a message, to workaround dodgy BIOS.
- Marked getentropy(2) with NOLOCK (it doesn't need the kernel lock).
@@ -1003,4 +1157,8 @@
+
+
+
+