===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1483
retrieving revision 1.1484
diff -u -r1.1483 -r1.1484
--- www/plus.html 2020/09/23 13:01:55 1.1483
+++ www/plus.html 2020/11/14 00:38:00 1.1484
@@ -92,5 +92,107 @@
-- None yet.
+
+
- Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
+
+
- Corrected an issue where openssl(1) verify might not error on expired certificates.
+
- Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software.
+
- Changed crypto(3) to call its get_issuer() callback to try and find a suitable certificate in cases where it has failed to find a print certificate from the supplied roots and intermediates.
+
- Added the 'any' keyword to iked.conf(5) for requests to allow "request address any".
+
+
- Enabled brightness keys on powerbooks where the keyboard attaches as ukbd(4).
+
- Set initial default display brightness on macppc via of_setbrightness() to ensure wscons(4) and ofw are in sync.
+
+
- Added 'dynamic' keyword to iked.conf(5) to allow configuration of flows to dynamically assigned addresses.
+
- Implemented RFC 8914 Extended DNS Errors for dig(1).
+
- Added tracking of address proposal creation times to be able to establish total lifetime. This information is used to renew pltime/vltime of privacy addresse per RFC 4941.
+
- Changed slaacd(8) Duplicate Address Detection (DAD) to only generate a new address if we are using Semantically Opaque Interface Identifiers.
+
+
- Added a directive to httpd(8) to check if a path is accessible.
+
- Fixed detection of duplicate locations in httpd(8).
+
- Added support for passing a bootmac command line argument to RAMDISK on powerpc64.
+
+
- Make iked(8) accept ANY dynamic address with 'request addr 0.0.0.0'.
+
- Fixed the "entry point at 0x10010000" hang reported on amd64 machines by using a 64MB block to load the kernel.
+
- Changed astfb(4) to allow it to become the console on powerpc64.
+
+
- Added support to request IP addresses as IKEv2 initiator to iked(8). If 'request addr 0.0.0.0' is configured, any address will be accepted.
+
- Added the ability to force the selection of source IP address via route(8).
+
- Created a new "location (found|notfound)" option for httpd.conf(5) to allow testing for resource path existence.
+
+
- Prevented kernel reuse of mbuf memory when generating the ICMP6 response to an IPv6 packet.
+
- Updated unbound(8) to 1.12.0.
+
+
- Added notices to syslog whenever the "%n" format string component of printf(3) is used.
+
- Stopped allowing configuration of the same neighbor multiple times in bgpd(8).
+
- Edited syspatch(8) to ensure SHA256.sig has at least three lines.
+
- Added limited emulation of unaligned access in the powerpc64 kernel.
+
+
- Added AMD Vi and Intel VTD IOMMU support. This creates separate domains for each PCI device and can provide protection against invalid memory access.
+
- Fixed wsconsctl(8) display commands when using drm(4) drivers on macppc.
+
- Fixed a deadlock between uvn_io() and uvn_flush().
+
- Added a top-level 'reboot' command to ddb(4).
+
- Added a -legacy_verify flag to openssl(1) to force use of the old validator.
+
- Fixed a memory leak when parsing bgpd(8) roa-set lists.
+
+
- Added a workaround for PCIO devices that cannot address the full 64-bit PCI address space to powerpc64. Needed for radeondrm(4) and amdgpu(4) since Radeon GPUs only implement 36, 40, or 44 bits of address space.
+
- Introduced a system-wide mutex that serializes msgbuf operations.
+
- Fixed brightness setting on MacBooks.
+
+
+
- Updated to fonttosfnt(1) 1.2.0.
+
+
+
- Added retguard macros to powerpc64 locore functions.
+
- Changed ping(8) to drain the raw socket of packets received before we were fully setup to avoid reporting ICMP responses intended for other instances of ping(8) running in parallel.
+
- Made sysupgrade(8) specify a version when it uses fw_update(1) to avoid the situation where upgrading a pre-6.8 snapshot to 6.8 release with "-r" would install firmware packages from snapshots.
+
+
- Ensured copyout(9), copyinstr(9) and copyoutstr(9) bail out properly if called with a length of 0 on arm64, hppa and mips64.
+
- Modified daily(8) to stop reporting disk status and networking statistics.
+
- Released OpenBGPD portable 6.8p0.
+
- Released rpki-client(8) 6.8p0.
+
+
+
- Added powerpc64 retguard macros for setjmp/longjmp.
+
- Released LibreSSL 3.2.2.
+
+
+
- Implemented linux interval tree functions for drm(4).
+
+
- Added basic support for kclock timeouts to timeout(9).
+
+
+
- Updated nsd(8) to 4.3.3.
+
+
- Added RETGUARD implementation for powerpc and powerpc64.
+
+
- Stopped exempting file systems from security(8) on the basis of nodev and nosuid options, which may not be used for file systems mounted beneath.
+
- Supported use of more than one URI in the TAL file for rpki-client(8), sorting with a preference for https.
+
+
- Prevented a crash due to httpd(8) listening on port 443 with missing TLS certificates.
+
+
- Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing 16-byte copies if possible.
+
- Added doas.conf(5) "nolog" option to avoid syslog(3).
+
+
+
+
- Added Intel 495 Series LP PCH and Ice Lake graphics pci(4) ids.
+
+
- Fixed a pledge violation in csh(1) where redirecting input from a file containing ^T would cause csh(1) to perform a tty ioctl operation against a non-tty.
+
+
- Fixed a write hang-up on file system in vnd(4).
+
+
- Enabled ssh_config(5) UpdateHostkeys by default when the configuration has not overridden UserKnownHostFile.
+
- Added bsd.mp to powerpc64's installXX.{img,iso}.
+
+
- Preferred ed25519 signature algorithm variants over ECDSA in ssh_config(5) and sshd_config(5).
+
- Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions.
+
+
- Added astfb(4), a driver for the framebuffer of the Aspeed BMC found on many POWER8 and POWER9 systems.
+
- Added Intel 400-series chipsets to dwiic(4).
+
- Relaxed checks in pfctl(8) and pf(4) to accept any valid routing domain, even if it does not yet exist.
+
+
- Moved mfokclock(4) from loongson to make it available for other platforms and renamed it to mfokrtc(4).
+
- Removed osrelease from system.fvwmrc, as the version string matches the kernel of the fvwm(1) build machine, not the user's kernel.
+
- Moved to 6.8-current.