=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1415 retrieving revision 1.1416 diff -u -r1.1415 -r1.1416 --- www/plus.html 2019/03/01 13:42:51 1.1415 +++ www/plus.html 2019/03/01 16:04:12 1.1416 @@ -441,7 +441,99 @@
  • Implemented an if_enqueue handler for vlan(4), bypassing the ifq handling for a performance improvement in particular configurations.
  • Disabled ret-protector and retpoline protections in the clang(1) compiler to regain build performance. -
  • Adjusted httpd(8) to start when TLS is configured. +
  • Adjusted httpd(8) to start when TLS is configured but keys and certificates are not yet present. + +
  • Changed smtpd(8) to log tls events as 'tls' and not 'starttls'. +
  • Increased max frame size and hard MTU to allow use of vlan(4) and jumbo frames on ure(4). +
  • Added unveil(2) support to htpasswd(1) and ifstated(8). + +
  • Added C11's timespec_get(3) to libc. +
  • Relaxed unveil(2) restrictions for shells needed to run shell scripts that starts with a '#!' line. + +
  • Added unveil(2) support to ospfd(8) and ospf6d(8). +
  • Changed mbufs and mbuf(9) clusters to be backed by large pools and relaxed the oversubscribe limit of socket buffers. +
  • Fixed route collector mode in bgpd(8). + +
  • Updated libtool(1) to handle both DT_RUNPATH and the older DT_RPATH elements. +
  • Corrected handling of symlinks in syspatch(8). + +
  • Changed ieee80211(9) to avoid joining a network where crypto is found but cleartext was expected. + +
  • Added acpipci(4) on amd64. +
  • Added tracking of memory usage for sets and tries in bgpd(8) and display of memory usage to bgpctl(8). +
  • Fixed memory leak in csh(1). +
  • Changed nc(1) to show what went wrong with a unix domain socket rather than failing silently. +
  • Added unveil(2) support to rebound(8), getconf(1), kvm_mkdb(8) and bdftopcf(1). + +
  • Disabled setuid on Xserver(1) in response to recent disclosure of vulnerabilities. +
  • Fixed calculation of ASPATH_HEADER_SIZE by using offsetof() instead of the sizeof calculation in bgpd(8). +
  • Disabled -logfile and -modulepath when running Xserver(1) with elevated privileges, as these could cause arbitrary overwriting of files (CVE-2018-14665). +
  • Fixed a kernel resource leak in doaccept(). +
  • Added a 'terminal' colour which can be used instead of 'default' in style options for tmux(1). +
  • Added unveil(2) support to Xserver(1), passwd(1), spamlogd(8) and spamd(8). +
  • Implemented constant width font escape sequences for html output in mandoc(1). + +
  • Incremented major versions for crypto(3), ssl(3) and libtls due to libcrypto symbol removals and libssl changes to struct visibility/sizes. +
  • Further restricted the pledge(2) in switchctl(8). +
  • Fixed bgplg(8) show ip bgp out/in, updated usage message and added missing neighbor argument. Added 'show ip bgp ovs' and 'show ip bgp ext-community' commands. +
  • Fixed minor issues in csh(1) found by coverity. +
  • Fixed qcow2 disk images larger than 4GB in vmd(8). + +
  • Adjusted mandoc(1) handling of tags containing whitespace to better interoperate with ctags(1). +
  • Fixed a bug in mandoc(1) when handling blank lines inside preformatted html sections. +
  • Adjusted join(1) to allow joining on NULL columns. +
  • Fixed an off-by-one error in ldap(1) when wrapping long LDIF lines. +
  • Imported Mesa 17.3.9. + +
  • Corrected HFSC so it no longer forces packet priority to the highest setting when enabled. +
  • Switched amd64 to ld.lld(1) as the default linker. +
  • Added unveil(2) support to sensorsd(8). +
  • Removed instances of #ifdef INET6 from tcpdump(8) code. +
  • Set ipsec(4) to use a monotonic clock for SA creation and lookup timestamps. +
  • Adjusted ld.lld(1) to accept both '--foo bar' and '--foo=bar' style options in the manner of GNU linkers. +
  • Fixed cvs(1) handling of checking out commits by date when there is a vendor branch with a commit on top of it. +
  • Adjusted the bgpd(8) RDE to act on XON/XOFF messages to properly throttle dumping of prefixes to peers. + +
  • Added the ability to query a switch(4) instance via its control device to switchctl(8). +
  • Set kdump(1) to display the errno returned by futex(2). +
  • Fixed mail.lmtp(8) to not consider connect(2) errors a permanent failure. +
  • Switched alpha to futex(2)-based condvars, mutexes and semaphores. +
  • Added missing unveil(2) of /etc/shells to su(1) for -m option. +
  • Backported llvm's libunwind hardware floating point handling and added quad-precision floating-point support routines for mips64. +
  • Enabled the integrated llvm assembler on mips64. + +
  • Adjusted CPU identification in amd64 to take the 'package' into account when calculating the 'smt' ID on modern AMD CPUs to avoid knocking out too many processor threads. +
  • Copied the root check from ping(8) into traceroute(8). +
  • Updated X(7) to libX11 1.6.7 and libSM 1.2.3. + +
  • Added vmctl(8) support for creating and converting disk images from existing images. +
  • Fixed slowcgi(8) calculation of the file descriptor limit before accepting a new connection. This prevents a failure when slowcgi is close to the file descriptor limit. + +
  • Changed ssh-keygen(1) to include the signing algorithm used by the CA when printing certificate contents. +
  • Removed potential for a spurious end-of-RIB being sent by bgpd(8). +
  • Corrected wrong results produced by join(1) during full and outer join operations. +
  • Added support for windows larger than are visible on the attached client to tmux(1). +
  • Improved tmux(1) clipboard handling. +
  • Added tmux(1) support for extended underline styles on terminals offering them. +
  • Fixed fmt(1) accounting of NUL for allocation size and moved to use of reallocarray(3). +
  • Reworked processing of gre(4) keep alive packets. + +
  • Adjusted time scheduler statistics so time spent spinning in interrupts is no longer accounted for within the system time of a process. + +
  • Fixed regression in pf(4) that caused quick on anchor rules to be ignored. +
  • Adjusted bitmap tables and output routines of banner(6). +
  • Added a linker script to assist lld with building biosboot(8). +
  • Added traffic class of ipv6 headers to gre(4) encapsulation. + +
  • Addressed crashes when checking for duplicate bgpd(8). Removes one additional full RIB tree walker. +
  • Rate-limited the interval over which a VM can reboot, preventing VM reboot loops in vmd(8). Three VM restarts less than six seconds apart are assumed to be unintentional, and the VM is stopped. +
  • Made httpd(8) omit HSTS headers for unencrypted connections per RFC 6797. + + +
  • Fixed mrt table dumps in bgpd(8). +
  • Linked libc++.so against libc++abi.so to allow linking of C binaries against C++ shared libraries. +
  • Exposed net.inet.ip.arpq.drops to sysctl(8) to aid debugging of dropped packets without counter increases.