===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1415
retrieving revision 1.1416
diff -u -r1.1415 -r1.1416
--- www/plus.html 2019/03/01 13:42:51 1.1415
+++ www/plus.html 2019/03/01 16:04:12 1.1416
@@ -441,7 +441,99 @@
Implemented an if_enqueue handler for vlan(4), bypassing the ifq handling for a performance improvement in particular configurations.
Disabled ret-protector and retpoline protections in the clang(1) compiler to regain build performance.
-Adjusted httpd(8) to start when TLS is configured.
+Adjusted httpd(8) to start when TLS is configured but keys and certificates are not yet present.
+
+Changed smtpd(8) to log tls events as 'tls' and not 'starttls'.
+Increased max frame size and hard MTU to allow use of vlan(4) and jumbo frames on ure(4).
+Added unveil(2) support to htpasswd(1) and ifstated(8).
+
+Added C11's timespec_get(3) to libc.
+Relaxed unveil(2) restrictions for shells needed to run shell scripts that starts with a '#!' line.
+
+Added unveil(2) support to ospfd(8) and ospf6d(8).
+Changed mbufs and mbuf(9) clusters to be backed by large pools and relaxed the oversubscribe limit of socket buffers.
+Fixed route collector mode in bgpd(8).
+
+Updated libtool(1) to handle both DT_RUNPATH and the older DT_RPATH elements.
+Corrected handling of symlinks in syspatch(8).
+
+Changed ieee80211(9) to avoid joining a network where crypto is found but cleartext was expected.
+
+Added acpipci(4) on amd64.
+Added tracking of memory usage for sets and tries in bgpd(8) and display of memory usage to bgpctl(8).
+Fixed memory leak in csh(1).
+Changed nc(1) to show what went wrong with a unix domain socket rather than failing silently.
+Added unveil(2) support to rebound(8), getconf(1), kvm_mkdb(8) and bdftopcf(1).
+
+Disabled setuid on Xserver(1) in response to recent disclosure of vulnerabilities.
+Fixed calculation of ASPATH_HEADER_SIZE by using offsetof() instead of the sizeof calculation in bgpd(8).
+Disabled -logfile and -modulepath when running Xserver(1) with elevated privileges, as these could cause arbitrary overwriting of files (CVE-2018-14665).
+Fixed a kernel resource leak in doaccept().
+Added a 'terminal' colour which can be used instead of 'default' in style options for tmux(1).
+Added unveil(2) support to Xserver(1), passwd(1), spamlogd(8) and spamd(8).
+Implemented constant width font escape sequences for html output in mandoc(1).
+
+Incremented major versions for crypto(3), ssl(3) and libtls due to libcrypto symbol removals and libssl changes to struct visibility/sizes.
+Further restricted the pledge(2) in switchctl(8).
+Fixed bgplg(8) show ip bgp out/in, updated usage message and added missing neighbor argument. Added 'show ip bgp ovs' and 'show ip bgp ext-community' commands.
+Fixed minor issues in csh(1) found by coverity.
+Fixed qcow2 disk images larger than 4GB in vmd(8).
+
+Adjusted mandoc(1) handling of tags containing whitespace to better interoperate with ctags(1).
+Fixed a bug in mandoc(1) when handling blank lines inside preformatted html sections.
+Adjusted join(1) to allow joining on NULL columns.
+Fixed an off-by-one error in ldap(1) when wrapping long LDIF lines.
+Imported Mesa 17.3.9.
+
+Corrected HFSC so it no longer forces packet priority to the highest setting when enabled.
+Switched amd64 to ld.lld(1) as the default linker.
+Added unveil(2) support to sensorsd(8).
+Removed instances of #ifdef INET6 from tcpdump(8) code.
+Set ipsec(4) to use a monotonic clock for SA creation and lookup timestamps.
+Adjusted ld.lld(1) to accept both '--foo bar' and '--foo=bar' style options in the manner of GNU linkers.
+Fixed cvs(1) handling of checking out commits by date when there is a vendor branch with a commit on top of it.
+Adjusted the bgpd(8) RDE to act on XON/XOFF messages to properly throttle dumping of prefixes to peers.
+
+Added the ability to query a switch(4) instance via its control device to switchctl(8).
+Set kdump(1) to display the errno returned by futex(2).
+Fixed mail.lmtp(8) to not consider connect(2) errors a permanent failure.
+Switched alpha to futex(2)-based condvars, mutexes and semaphores.
+Added missing unveil(2) of /etc/shells to su(1) for -m option.
+Backported llvm's libunwind hardware floating point handling and added quad-precision floating-point support routines for mips64.
+Enabled the integrated llvm assembler on mips64.
+
+Adjusted CPU identification in amd64 to take the 'package' into account when calculating the 'smt' ID on modern AMD CPUs to avoid knocking out too many processor threads.
+Copied the root check from ping(8) into traceroute(8).
+Updated X(7) to libX11 1.6.7 and libSM 1.2.3.
+
+Added vmctl(8) support for creating and converting disk images from existing images.
+Fixed slowcgi(8) calculation of the file descriptor limit before accepting a new connection. This prevents a failure when slowcgi is close to the file descriptor limit.
+
+Changed ssh-keygen(1) to include the signing algorithm used by the CA when printing certificate contents.
+Removed potential for a spurious end-of-RIB being sent by bgpd(8).
+Corrected wrong results produced by join(1) during full and outer join operations.
+Added support for windows larger than are visible on the attached client to tmux(1).
+Improved tmux(1) clipboard handling.
+Added tmux(1) support for extended underline styles on terminals offering them.
+Fixed fmt(1) accounting of NUL for allocation size and moved to use of reallocarray(3).
+Reworked processing of gre(4) keep alive packets.
+
+Adjusted time scheduler statistics so time spent spinning in interrupts is no longer accounted for within the system time of a process.
+
+Fixed regression in pf(4) that caused quick on anchor rules to be ignored.
+Adjusted bitmap tables and output routines of banner(6).
+Added a linker script to assist lld with building biosboot(8).
+Added traffic class of ipv6 headers to gre(4) encapsulation.
+
+Addressed crashes when checking for duplicate bgpd(8). Removes one additional full RIB tree walker.
+Rate-limited the interval over which a VM can reboot, preventing VM reboot loops in vmd(8). Three VM restarts less than six seconds apart are assumed to be unintentional, and the VM is stopped.
+Made httpd(8) omit HSTS headers for unencrypted connections per RFC 6797.
+
+
+Fixed mrt table dumps in bgpd(8).
+Linked libc++.so against libc++abi.so to allow linking of C binaries against C++ shared libraries.
+Exposed net.inet.ip.arpq.drops to sysctl(8) to aid debugging of dropped packets without counter increases.