===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1466
retrieving revision 1.1467
diff -u -r1.1466 -r1.1467
--- www/plus.html 2020/02/17 00:53:34 1.1466
+++ www/plus.html 2020/03/23 18:25:25 1.1467
@@ -90,6 +90,241 @@
+
+- Added the ikectl(8) "show sa" command to print information about the state of negotiated IKE SAs, their Child SAs and the resulting IPsec flows.
+
- Enabled backlight control use on the Pinebook Pro via wsconsctl(8).
+
- Fixed snmp(1) agent address parsing to allow IPv6 addresses to be used based on format, allow those without brackets to skip the port if it results in a nonsensical address (allowing use of ::1), and try to connect to the address immediately.
+
+
- Fixed a crash when no device ports have been registered in ofw.
+
- Taught i386 boot(8), cdboot(8) and pxeboot(8) about ffs2.
+
- Added clock support for i.MX8MM.
+
+
- Disabled apm(4) on the i386 floppy ramdisk.
+
- Added bdpmic(4), a driver for the ROHM BD71837 and BD71847 Power Management IC.
+
- Added support for reading the i.MX8MM temperature sensors to imxtmu(4).
+
- Fixed absolute timeout checking in __thrsleep(2).
+
+
- Added the MAXTSLP macro, the maximum sleep duration, to tsleep_nsec(9).
+
- Updated to unbound(8) 1.10.0.
+
- Switched USB to use non-coherent buffers for data transfers, dramatically improving performance on some ARM SoCs where the USB controller is not coherent with the caches.
+
+
- Added an ikectl(8) "reset id" command to reset all SAs from policies with matching destination IDs.
+
- Unlocked the flock(2) system call.
+
+
+
- Reworked AMD smt/core/package detection, helping prevent cores being misidentified as threads.
+
- Added panel support to rkanxdp(4).
+
- Aggregated duplicate bgpd(8) roa table prefix/source-as combos as a single entry with the longest maxlen length.
+
- Corrected iked(8) calculation of IPv6 address leases from small address pools.
+
- Taught macppc boot(8) about ffs2.
+
+
- Taught sparc64 boot(8) (but not the sparc64 bootblocks) about ffs2.
+
- Bumped nvme(4) max physio() i/o size to 128K.
+
+
+
- Resolved syscall speculation in armv7 cpus as in arm64, changing the system call ABI to skip two instructions and inserting speculation-blocking sequences.
+
- Blocked apmd(8) autoaction for 60 seconds after resume, preventing spurious suspend/resume cycles.
+
+
- Allowed hppa boot(8) to read from an ffs2 filesystem.
+
- Added /dev/drm[0-3] on arm64.
+
- Added a tmux(1) -d flag to run-shell to wait for delay before running the command (or delay with no command).
+
- Added a tmux(1) copy-mode -H flag to hide the position marker in the top right.
+
- Added tmux(1) C-g to cancel command prompt with vi(1) keys as well as emacs, and q in command mode.
+
- Modified tmux(1) -S server socket to be created with umask 177 rather than 117.
+
+
- Allowed alpha boot(8) to read from an ffs2 filesystem and adapted its custom installboot to deal with ffs2. Also fixed the partition read code to deal with offsets greater than 2G.
+
- Used lfence in place of stac/clac on pre-SMAP CPUs to protect against Load-Value-Injection attacks against the kernel.
+
- Fixed a kernel crash due to unlimited recursion caused by local outbound UDP broadcast/multicast packets sent by a spliced socket.
+
+
- Unlocked the fnctl(2) system call.
+
- Added a policy relookup to iked(8) to replace the default policy based on a received cryptographic parameter proposal.
+
+
- Added ure(4) support for Lenovo OneLine Plus Dock Ethernet.
+
- Prevented a panic due to missing sysctl(2) input validation.
+
- Prevented a kernel hang when no unlocked ffs_softdep worklist items could be processed.
+
- Adapted biosboot(8) so that it can read boot(8) from an ffs2 filesystem.
+
- Fixed "ipmi0: sendcmd fails" errors when there is an ipmi(4) sensor which is enumerated but has failed to be read.
+
+
- Improved ucom(4) to fix firmware upload on some microcontroller boards using DTR and RTS as signaling lines to reset the device and enter the bootloader.
+
+
+
- Generated three different BIRD outputs with rpki-client(8) -B: v1 with IPv4 and IPv6 routes, and v2.
+
- Added a PCI attachment driver for com(4) to support memory-mapped PCI devices which are part of a Low Power Subsystem (LPSS).
+
+
- Updated perl(1) Term::ReadKey to 2.38.
+
- Implemented microsecond resolution using microuptime(9) to avoid a hard hang when starting X on Intel Cherry Trail Atom processors.
+
- Allowed amd64 boot(8) to read from an ffs2 filesystem. Enabled ffs2 for floppy.
+
+
- Enabled the Rockchip video drivers.
+
- Implemented the page fault handler for CMA GEM buffers and made drm(4) attach to rkdrm(4), making KMS work on the RK3399 SoC.
+
- Stopped counting pages mapped as PROT_NONE against the RLIMIT_DATA limit, helping code which reserves large chunks of address space but populates it sparsely.
+
+
- Fixed MiRA's sub-frame error rate computation.
+
- Allowed loongson boot(8) to read from an ffs2 filesystem.
+
+
- Fixed endian swapping in xhci(4), allowing it to work again on octeon and other big endian architectures.
+
- Added rkdwhdmi(4), a driver for the HDMI transmitter found on the Rockchip RK3399 SoC.
+
+
- Added support for X553 controllers to ix(4).
+
- Introduced VPLL clock frequency setting to rkclock(4).
+
- Implemented support for read transfers larger than 32 bytes for rkiic(4) controllers and registered the i2c bus, allowing future HDMI support.
+
+
- Allowed arm64 and armv7 efiboot(8) to read from an ffs2 filesystem.
+
+
+
- Injected failure to fetch entropy with an rdrand() timeout as an entropic event, along with an additional rdtsc measuring the vmexit latency.
+
+
- Introduced mandoc(1) nodes which are semantically transparent, skipped when looking for previous or following high-level macros.
+
- Worked around a race condition in iwm(4) interrupt handling, and synced the fix to iwx(4).
+
- Introduced the sndioctl(1) utility to control audio parameters exposed by sndiod(8).
+
+
- Added a check in vmm(4) for pvclock(4) struct crossing of page boundaries, which could potentially corrupt host memory.
+
- Tightened rdmsr on svm in vmm(4).
+
- Added a workaround for delayed SMR dispatch, starting the SMR thread when all CPUs are ready for scheduling.
+
- Added the $REQUEST_SCHEME variable to httpd.conf(5), allowing preservation of the original connection type (http or https) for redirect locations.
+
- Increased throughput of the ifq pressure drop mechanism for bwfm(4).
+
+
- Fixed security vulnerabilities in smtpd(8). Corrected an out-of-bounds read in smtpd allowing an attacker to inject arbitrary commands into the envelope file to be executed as root, and ensured privilege revocation in smtpctl(8) to prevent arbitrary commands from being run with the _smtpq group. Released OpenSMTPD 6.6.4.
+
- Added retries and timeouts for test packets to radiusctl(8).
+
+
- Added usb(4) device support for an AMD hub on the APU2 and a Synaptics vendor id and two fingerprint readers.
+
+
- Fixed a tcpdump(8) crash when printing the contents of a malformed packet where the packet length was smaller than the size of the usbpcap header.
+
- Unlocked the ioctl(2) system call.
+
+
- Added support for devaliases for vnet in ldom.conf(5).
+
- Enforced that ksh(1) TMOUT is an integer literal to prevent command execution from the environment at shell initialization time.
+
- Added rkanxdp(4), an attachment driver for anxdp(4) on the RK3399.
+
- Added anxdp(4), a driver for the Analogix Display Port controller.
+
- Added rkvop(4), a driver for the RK3399's Video Output Processors.
+
- Added rkdrm(4), a driver providing kernel mode setting (KMS) functionality for the graphics hardware integrated on Rockchip SoCs.
+
- Added transport mode for child SAs to iked.conf(5).
+
+
- Worked around a panic when first accessing PCI config space on some rkpcie(4) cards by introducing a delay after link training.
+
- Added support for devaliases for vdisk in ldom.conf(5).
+
- Introduced a tmux(1) selection_active format for when the selection is present but not moving with the cursor.
+
+
- Updated en_US.UTF-8.src to Unicode 12.1.
+
- Ensured the first 2MB page of the amd64 kernel is correctly mapped read-only in the direct map.
+
- Corrected http auth combined with proxy auth in ftp(1).
+
- Corrected ftp(1) access to an https server with user/password through the "http_proxy" environment variable.
+
+
- Detected and prevented simple ssh(1) configuration loops when using ProxyJump.
+
- Fixed an mbuf corruption issue in net80211 hostap mode when overlarge SSIDs are used.
+
- Added IPv6 support to umb(4).
+
+
+
- Added openssl(1) s_client -tls1_3 and -notls1_3 options.
+
- Addressed an arm64 speculative execution issue by changing the arm64 system call ABI to skip two instructions and inserting a barrier after each system call.
+
+
- Fixed an issue where a vmm(4) guest could write to host memory by passing bogus addresses in pvclock(4).
+
- Added -a to the list-keys command in tmux(1) to also list keys without notes with -N.
+
- Introduced iwx(4), a driver for Intel AX200 WiFi devices.
+
+
- Prevented buffer overflows with uthum(4) by not assuming the report length given by the hardware is necessarily smaller than the length of the on-stack buffer.
+
- Pushed the KERNEL_LOCK() inside pgsigio() and selwakeup(), allowing separate addressing of the three subsystems: signal, poll/select and kqueue.
+
- Fixed host(1) to provide the correct name of the server to query.
+
+
- Released OpenSSH 8.2.
+
+
- Implemented a workaround for missing Tx completion interrupts in iwm(4) which could lead to failed decisions to roam to other APs.
+
- Checked battery life against autoaction level on power change events in apmd(8), making -z/-Z work with acpibat(4).
+
+
- Removed ~/.digrc support in dig(1).
+
- Added iwx(4) to fw_update(1).
+
+
- Fixed the Pinebook Pro's trackpad by ensuring only hid_input items are accepted when walking the HID descriptor.
+
- Added support for the RK3399's VOP clocks to rkclock(4).
+
+
- Implemented "strip" option in httpd.conf(5) for fastcgi to be able to have multiple chroots under /var/www for FastCGI servers.
+
+
- Moved dig(1) to /usr/bin.
+
+
- Allowed use of window-htile and window-vtile with the "empty" group clients in cwm(1).
+
- Extended the ipsecctl(8) parser to set the udpencap flag and port number of an SA.
+
+
- Added ssh(1) -Q key-sig option for all key and signature types, teaching ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query.
+
- Fixed PIN entry bugs on FIDO ssh-keygen(1).
+
- Updated to libfido2 780ad3c25.
+
- Added support for handling hello retry requests in the ssl(8) TLSv1.3 client.
+
+
- Added support for very old firmware umsm devices with umsm(4) rather than umb(4).
+
- Added additional Apollo Lake pci(4) ids.
+
- Added Pericom PI7C9X2G404EL PCIe packet switch pci(4) id.
+
- Added additional Gemini Lake pci(4) ids.
+
+
+
- Enabled rge(4).
+
+
- Allowed mail.local(8) to be run as non-root, opening a pipe to lockspool(1) for file locking.
+
+
+
- Added an sshd_config(5) "Include" directive to allow inclusion of files.
+
+
- Unlocked the close(2) and dup(2) system calls.
+
+
+
- Made acpivout(4) stop calling ACPI methods directly to allow changing brightness other ways on certain machines, including the x395.
+
- Fixed a security vulnerability in smtpd(8) which could lead to a privilege escalation on mbox deliveries and unprivileged code execution on lmtp deliveries. Released OpenSMTPD 6.6.2.
+
+
- Added support for the urtwn(4) tp-link tl-wn823n (TRL8192EU).
+
- Added tmux(1) support for adding a note to a key binding with bind-key -N and using this to add descriptions to the default key binding. Using list-keys -N shows key bindings with notes. Changed the default ? binding to show a readable summary of keys.
+
+
- Set the default brightness level on attachment for pwmbl(4).
+
- Fixed pwmbl(4) attachment on the Pinebook Pro.
+
- Updated to xserver 1.20.7.
+
- Updated to libepoxy 1.5.4.
+
- Added simplepanel(4), a driver for simple display panels. This allows enabling of the Pinebook Pro display panel.
+
- Fixed dig(1) support for queries not on port 53, enabling dig -p as well as "set port=" in nslookup(1).
+
+
- Added a new __tmfd __syscall(2) that creates a new, unnamed file in /tmp.
+
- Prevented an amdgpio(4) interrupt storm seen on the Matebook D.
+
- Added support for legacy message callbacks, making openssl(1) s_client -msg work for handshake messages.
+
- Enabled umt(4) on arm64.
+
+
- Completed the initial TLSv1.3 implementation.
+
- Extended bgpctl(8) 'show neighbor' to include the received and set prefix count, as well as the max-prefix out limit if set.
+
- Implemented bgpd.conf(5)
max-prefix NUM out
to limit the number of announced prefixes, avoiding leaks of full tables to upstreams and peers.
+
+ - Retired mesh(4).
+
- Switched to encrypted records in the TLSv1.3 server.
+
- Enabled processing and use of signature algorithms in TLSv1.3.
+
- Allowed dhclient(8) configuration of carp(4) interfaces.
+
- Removed ssh-rsa (SHA1) from the list of allowed CA signature algorithms.
+
- Implemented client hello processing in the TLSv1.3 server.
+
- Implemented sending client certificate requests for the TLSv1.3 server.
+
+
- Switched npppd.conf(5) to use pppac(4) instead of tun(4).
+
- Added ssh-keygen(1) "find-principals" to look up the principal associated with a signature from an allowed-signers file.
+
- Added pppac(4) code for a dedicated PPP Access Concentrator interface.
+
- Recognized BCM4345 rev 9 as shipped with the Pinebook Pro as an AMPAK AP6256 module in bwfm(4).
+
- Improved bwfm(4) on the Pinebook Pro by acking SDIO interrupts earlier on dwmmc(4).
+
- Enabled the TLSv1.3 client in libssl, making it available to clients using libtls, including ftp(1) and nc(1).
+
- Implemented support for SSL_peek() in the TLSv1.3 record layer.
+
- Prevented a panic when trying to map a zero-length framebuffer node in the Pinebook Pro's u-boot.
+
- Removed the rtfps(4) driver.
+
+
- Removed diffie-hellman-group14-sha1 from the default ssh(1) key exchange.
+
- Fixed cursor issues and suspend/resume on amdgpu(4) due to incomplete unmapping. This may help radeondrm(4) issues as well.
+
- Updated to Mesa 19.2.8.
+
- Allowed configuration of the ospfd(8) interface setting "type p2p" to be configured globally or per area.
+
- Imported dt(4), a driver and framework for Dynamic Profiling, and an accompanying bug tracer that speaks the bt(5) language.
+
- Made __thrsleep(2) and __thrwakeup(2) MP-safe.
+
- Enabled mmhub power gating on picasso within amdgpu(4).
+
- Fixed ftp(1) tls_handshake() usage, which would break ftp if an handshake wasn't successfully completed in one try.
+
+
- Fixed ssh-keygen(1) not displaying the authenticator touch prompt.
+
- Fixed support for additional I2C busses in piixpm(4) for older SB800 SMBus controllers. Prevented sensors from attaching four times on old AMD machines.
+
- Added support for TLSv1.3 as a protocol to libtls, making tls_config_set_protocols(3) recognize and handle "tlsv1.3".
+
+
- Introduced a new mdoc(7) macro .Tg ("tag") to explicitly mark a place as defining a term.
+
+
- Invalidated the knote(9) list of uhid(4) after device detach, preventing a crash that can happen when kqueue still holds references to knotes pointing to the device.
+
+
- Implemented ldomctl(8) "panic -c" to panic a guest domain (and enter ddb(4)).
+
- Renamed ssh-add(1) -O to -K to load resident keys from a FIDO authenticator.
+
- Implemented a df subcommand for snmp(1) which outputs disk and memory information in a df(1) format.
+
- Implemented a -Cs option in snmp(1) for snmp walk and bulkwalk, allowing subsections of a tree to be skipped.
- Added a -p command line option to iked(8) allowing configuration of the UDP encapsulation port.
- Implemented "start -c" in ldomctl(8) to automatically connect to the console.