=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.1416 retrieving revision 1.1417 diff -u -r1.1416 -r1.1417 --- www/plus.html 2019/03/01 16:04:12 1.1416 +++ www/plus.html 2019/03/03 03:52:29 1.1417 @@ -97,7 +97,7 @@
  • Updated the en_US.UTF-8 locale(1) to Unicode 10.
  • Improved the clang(1) X86FixupGadgets pass to further reduce ROP gadgets produced during compilation. Added a command line switch to disable this functionality. -
  • Changed ssdfb(4) to allow usage of mmap(2) so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed. +
  • Changed ssdfb(4) to allow usage of mmap(2) so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed.
  • Fixed an issue with xhci(4) transfers that could cause an "invalid CSW" error.
  • Changed rsync(1) --delete behavior to better interoperate with GPL rsync.
  • Implemented --numeric-ids in rsync(1). @@ -168,7 +168,7 @@
  • Removed the implicit RTF_MPATH flag that rt_ifa_add() set on new routes.
  • Simplified check for whether /usr/share is on an NFS filesystem in reorder_kernel.sh.
  • Corrected PPC target in llvm to reflect that a long double is the same as a double on OpenBSD/powerpc. -
  • Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during ssh-keygen(1) with -D. +
  • Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during ssh-keygen(1) with -D.
  • Adjusted pfctl(8) parser to insist anchor names must not be empty.
  • Further simplifed trust anchor handling in unwind(8), allowing removal of wpath and cpath pledges from the parent process.
  • Set logging of x509 peers' certificate subject names during tls client authentication in httpd(8). @@ -209,7 +209,7 @@
  • Fixed a potential mbuf double free in the out-of-band soreceive() path.
  • Added support for defining variables through the environment in pkg-config(1).
  • Implemented as-override in bgpd(8), a feature where the neighbor AS is replaced by the local AS in AS paths. -
  • Added --validate flag to pkg-config(1) and updated version to 0.29.0. +
  • Added --validate flag to pkg-config(1) and updated version to 0.29.0.
  • Added a pthread_get_name_np(3) to match pthread_set_name_np(3) in pthreads(3).
  • Fixed an undefined case when neither -msave-args or -mno-save-args are specified in LLVM.
  • Imported libc++, libc++abi and libunwind version 7.0.1. @@ -220,13 +220,13 @@
  • Allowed tun(4) access to AF_MPLS packets from userland.
  • Converted openssl(1) rsautl to the newer style of option handling. -
  • Improved support for Marvell wi-fi microcontroller SoCs with the creation of the mvgicp(4) driver. +
  • Improved support for Marvell wi-fi microcontroller SoCs with the creation of the mvgicp(4) driver.
  • Fixed exception handling issues with clang++(1) on platforms not using ld.lld(1) as the default linker.
  • Added captive portal detection for unwind(8).
  • Enabled -msave-args when building an amd64 kernel with clang(1).
  • Increased datasize in login.conf(5) for sparc64 to accommodate Mesa. -
  • Adjusted pfctl(8) to show the routing address selected by "route-to" when "pfctl -s states" is used. +
  • Adjusted pfctl(8) to show the routing address selected by "route-to" when "pfctl -s states" is used.
  • Improved stack trace saving on amd64 and i386.
  • Added retries to acme-client(1) when not all challenges are validated. @@ -276,12 +276,12 @@
  • Added a kernel fix for a potential panic when a negative value is used to index an array, validating in wscons(4) the user-supplied device index given to WSMXUIO_ADD_DEVICE.
  • Adjusted mpe(4) mpls rtable behaviour to match mpw(4), removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6. -
  • Added 'uselease' statement to dhclient(8) to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values. -
  • Improved support for nmea(4) devices, providing altitude and ground speed values as sensors. -
  • Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files. +
  • Added 'uselease' statement to dhclient(8) to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values. +
  • Improved support for nmea(4) devices, providing altitude and ground speed values as sensors. +
  • Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.
  • Made ssh-keyscan(1) return a non-zero exit status if it finds no keys.
  • Added a delay to fix pms(4) touchpad driver issue on ThinkPad X1 Gen6. -
  • Tagged the start of witness(4) output with prefix "witness:" to allow easier data extraction. +
  • Tagged the start of witness(4) output with prefix "witness:" to allow easier data extraction.
  • Changed an abort(3) call to an _exit(2) in crypto(3) to guarantee termination of the running program without potentially leaving key material in core files.
  • Fixed a double free in ldap(1).
  • Eliminated a bug wherein the ttl 0 could be incorrectly decremented to ttl 255 for incoming mpls packets. @@ -303,40 +303,40 @@
  • Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support.
  • Added the apm(4) subsystem to arm64.
  • Taught ldpd(8) to ask if a potential pseudowire interface is pwe3-capable. -
  • Changed scp(1)/sftp(1) to sanitize scp filenames via snmprintf. +
  • Changed scp(1)/sftp(1) to sanitize scp filenames via snmprintf.
  • Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for ssh-keygen(1).
  • Reworked how tcp(4) md5 signatures are configured in ldpd(8). Now configuration is allowed against a prefix in addition to a neighbour.
  • Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a diskless(8) host.
  • Pledged video(1) in response to the newly-added promise. -
  • Reordered PCI device assignment in vmd(8) to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions. +
  • Reordered PCI device assignment in vmd(8) to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions. IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis.
  • Increased maximum MTU of bnxt(4) to match the linux driver.
  • Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API). -
  • Added support to crypto(3) for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces. +
  • Added support to crypto(3) for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces.
  • Modified syspatch not to return an error if a rollback is attempted when no patches have been installed. -
  • Syspatch(8) now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine. +
  • Syspatch(8) now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine.
  • Removed undocumented 24 hour limits for timeouts from select(2), pselect(2), poll(2) and ppoll(2).
  • Added a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
  • Switched sntrup implementation source from supercop to libpqcrypto in ssh(1).
  • Added the ability to parse epoch seconds to strptime(3). Added a -f pformat flag to parse the given time with strptime to date(1). -
  • Fixed problem where unveil(2) system call can leak memory. +
  • Fixed problem where unveil(2) system call can leak memory.
  • Added video promise to pledge(2), allowing ioctls on video(4) devices selected from video(1) and firefox wbrtc implementation.
  • Introduced a dedicated entry point data structure for file locks.
  • Provided the initial TLSv1.3 client implementation in LibreSSL.
  • Introduced -v flags for ssh-add and ssh-pkcs11-helper in ssh(1). -
  • Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using ntpd(8) constraints. +
  • Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using ntpd(8) constraints.
  • Factored out several functions duplicated between client and server for ssh(1).
  • Removed obsolete SSH v.1 functions in ssh(1).
  • Enables manual validity checking for constraints in the X.509 certificate in ntpd(8). This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.
  • AMD64 machines will now support 2TB of physical memory, extendable in the future.
  • Improved handling of CPUID[1].ECX[OSXSAVE] bit.
  • Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage. -
  • Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in vmm(4). These will now generategeneral protection fault as per spec. +
  • Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in vmm(4). These will now generategeneral protection fault as per spec.
  • Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4). -
  • Added refresh for arp(8) entries that are about to expire. +
  • Added refresh for arp(8) entries that are about to expire.
  • Added support in bgpd(8) and bgpctl(8) for group descriptions in control messages that accept a neighbor description.
  • Added support for ECDSA keys in PKCS#11 tokens.
  • Added a -T option to test whether ssh(1) keys in an agent are usable. @@ -354,39 +354,37 @@
  • Improved join error handling inifconfig(8).
  • Added a pwraction sysctl(8) that allows conversion of a power button into a sleep button if desired.
  • Set an ssh(1) password prompt to begin with a carriage return to obscure portions of a password entered too early. -
  • Enabled myx(4) on the large ramdisk for amd64. +
  • Enabled myx(4) on the large ramdisk for amd64.
  • Finished randomizing remaining layers of pmap_kernel.
  • Enabled ixl(4) on amd64. -
  • Added a TLS record handling implementation. +
  • Added a TLS record handling implementation.
  • Moved boottime into the timehands.
  • Added a partial port of EC_KEY_METHOD from OpenSSL 1.1 to libcrypto. Added various apis from OpenSSL 1.1 to LibreSSL. -
  • Set removal of a currently active network from the join list to disconnect as well. +
  • Set removal of a currently active network from the join list to disconnect as well.
  • Added "join any" option to allow users to automatically connect via join() to any open wifi network. Known networks are preferred.
  • Increased the socket buffer size for sendsyslog(2) to 1 MB for fewer messages dropped by syslogd(8).
  • Updated to libpixman 0.36.0 in xenocara.
  • Added protective check for negative length integers in nfs clients and servers, as well as negative length NFS strings. -
  • Reconnected bfd(4) to the build after updating for sounlock() api change. +
  • Reconnected bfd(4) to the build after updating for sounlock() api change.
  • Set dhclient(8) to ignore HUP signals. Starting a new dhclient will handle this use case by killing and executing a new copy.
  • Began validating relative timeout before sleeping for futex(2).
  • Began validating inputs to adjtime(2), settimeofday(2) and clock_settime(2).
  • Changed the default digest type to sha256 for openssl(1). Added support for pbkdf2 with OpenSSL-compatible flags. -
  • Removed vmm(4) and disabled vmd(8) and vmctl(8) for i386 systems. +
  • Removed vmm(4) and disabled vmd(8) and vmctl(8) for i386 systems.
  • Renamed TLS extension-handling functions to better fit TLSv1.3.
  • Enabled use of a 64-bit register when required for inline assembly on sparc64, correcting sparc64 kernels compiled with clang(1).
  • Continued work to prepare the network stack for fine-grained locking. -
  • Added support for the SSD1306 OLED display. +
  • Added support for the SSD1306 OLED display.
  • Modified signify(1) and doas(1) to prevent passwords from being retained in memory when errors are encountered.
  • Prevented users from specifying multiple join or nwid arguments in one ifconfig(8) call. -
  • Fixed crash conditions in unveil(2), along with some cases where unveil would return ENOENT instead of EACCESS. +
  • Fixed crash conditions in unveil(2), along with some cases where unveil would return ENOENT instead of EACCESS.
  • Enabled bwfm(4) in RAMDISK_CD for amd64, allowing use during installs.
  • Laid groundwork for TLSv1.3. -
  • Added a -h flag to sftp(1) chown(8), chgrp(1), and chmod(1) commands to request they not follow symlinks. -
  • Added support for a "lsetstat@openssh.com" extension. This replicates the -functionality of the existing SSH2_FXP_SETSTAT operation but does not -follow symlinks. +
  • Added a -h flag to sftp(1) chown(8), chgrp(1), and chmod(1) commands to request they not follow symlinks. +
  • Added support for a "lsetstat@openssh.com" extension. This replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks.
  • Updated to exit syspatch(8) correctly after updating itself. Improvement to readability of patches to install on first boot.
  • For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where ospfd(8) and ospf6d(8) overwrite this information when "depend on" is used and the specified interface is down. @@ -394,7 +392,7 @@
  • Repaired inter-word spacing of postscript and pdf outputting by mandoc(1).
  • Corrected setting of default colours in tmux(1).
  • "No data" frames will no longer be processed in ieee80211_input(9) before decryption and incorrectly counted as decryption failures. -
  • Characters that will not be copied are no longer highlightable in tmux(1). +
  • Characters that will not be copied are no longer highlightable in tmux(1).
  • Allowed programs to set the Checking Disabled flag on DNS requests.
  • Prevented ntpd(8) from starting when an instance is already running. @@ -416,7 +414,7 @@
  • Set clang(1) to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.
  • Enabled uhci(4) USB support for ARMv7. -
  • Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily. +
  • Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.
  • Bug fixes for otus(4) devices based on the Atheros AR9001U chipset.
  • Changed mandoc(1) html output to display tooltips using css exclusively.
  • Clarified in documentation that OpenBSD ignores the LC_NUMERIC category as a safety practice, and outlined best practices for portable programs.