===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1500
retrieving revision 1.1501
diff -u -r1.1500 -r1.1501
--- www/plus.html 2021/11/11 04:41:59 1.1500
+++ www/plus.html 2021/12/09 20:33:22 1.1501
@@ -94,7 +94,89 @@
+
+- When downloading resident keys from a FIDO token, made ssh(1) pass back the user ID that was used when the key was created and append it to the filename the key was written to (if not the default).
+
+
- Unlocked the kevent(2) system call.
+
- Updated to libfido2 1.8.0.
+
- Made iked.conf(5) proto config option accept a list to allow specifying multiple protocols for a single policy.
+
- Improved unhibernate performance by skipping attach of irrelevant devices.
+
- Enabled vmx(4) on arm64.
+
- Cleaned up irrelevant uses of 3rd mode_t parameter for open(2)/openat(2), unused when not creating files.
+
- Ensured armv7 and arm64 efiboot allocate fresh memory for the device tree with at least one page of free space to extend into. This fixes booting on VMWare Fusion.
+
- Added rejection of malformed Subject Alternative Names at certificate creation time to LibreSSL.
+
+
- Added a way to force a color to RGB in tmux(1) and a format to display it.
+
- Fixed pfctl(8) $nr incorrect macro expansion.
+
- Fixed vi(1) use after free with unsaved buffer.
+
- Added -s and -S to tmux(1) display-popup to set popup and border style.
+
- Fixed application-set fg and bg in tmux(1) panes.
+
+
- Added httpd(8) custom error page facility.
+
- Added mount -ur/uw support to tmpfs.
+
- Unlocked top part of UVM fault hander on mips64.
+
- Used unveil(2) for the possible btrace(8) script file, dt(4) and ksyms(4) nodes.
+
- Used ifconfig(8) "join" command by default in hostname.if(5) files, replacing the old "nwid".
+
- Switched nsd(8) to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
+
- Updated to nsd(8) 4.3.8.
+
- Implemented poll(2), select(2), ppoll(2) and pselect(2) on top of kqueue.
+
- Stopped prompting whether to fall back to HTTP in the installer, making the fallback automatic.
+
- Fixed a panic by prohibiting renames of tmpfs mount-points.
+
- Set klist lock for sockets to make socket event filters MP-safe.
+
- Made pipe event filters MP-safe.
+
+
- In httpd(8), stopped sending content alongside responses to HEAD requests.
+
- Stopped duplicating "Connection: close" headers in relayd(8), only adding it if it's not a websocket response.
+
- Provided common btrace(8) scripts kprofile.bt (to save kernel stackframes and produce flamegraphs) and runqlat.bt (to measure the latency of the scheduler runqueues).
+
- Added call to unveil(2) to restrict stty(1) -f filesystem access.
+
- Added support for tpm2 CRB interface to tpm(4), fixing recent S4 regressions on the Surface Go 2 caused by a firmware change.
+
- Retired asynchronous crypto API.
+
- Added new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex.
+
- Annotated an httpd(8) 413 error with "request body too large" in the error log.
+
- Fixed double free after allocation failure in bpf(4).
+
- Provided a way to determine our maximum legacy version for TLS in libssl, unbreaking RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1.
+
- Called pledge(2) later to prevent it from killing various games using ncurses when both stdout and stderr are redirected to a non-tty.
+
- Removed unusable route(8) -T and exec support from ramdisk.
+
- Reinstated the fips mode test functions to libcrypto.
+
- Added rcctl(8) "ls rogue" to show daemons which are running but not set as "enabled" in rc.conf.local(8).
+
- Fixed a potential buffer overflow in openssl(1) certhash.
+
+
- Renamed Pacific/Enderbury timezone to Pacific/Kanton.
+
- Fixed an interrupt storm on dwge(4) variants which support Energy Efficient Ethernet when connected to a switch which does so as well.
+
- Ensured enabled resolvers are honored by unwind(8) to keep unused forwarders disabled properly.
+
- Implemented rsync(1) --compare-dest, allowing specification of additional directories to check for files to be available.
+
- Prevented ssh(1) memory leak if getaddrinfo returns no addresses.
+
- Added protocol version checking to httpd(8).
+
+
- Ensured use of the correct encoding in xenocara when /etc/kbdtype is present with an attached ucc(4) keyboard.
+
- Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
+
- Removed fdisk(8) "disk" editing command.
+
- Fixed httpd(8) to respond with 400 Bad Request when a client sends header lines without a colon.
+
- Bumped to LibreSSL 3.5.0.
+
- Added -T to set a popup title in tmux(1).
+
+
- Stopped ignoring carp(4) interfaces in dhcpleased(8).
+
+
+
- Removed an unused decoding of c/h/s from the MBR read from disk by fdisk(8).
+
+
- Updated to xterm(1) 369.
+
+
- Corrected installer to use "inet autoconf" properly for hostname.if(5) files.
+
+
- Returned to use of the SFTP protocol for scp(1).
+
- Added initial 40MHz support to the iwx(4) driver.
+
- Fixed a problem with repeat in tmux(1) copy mode.
+
+
- Released LibreSSL 3.4.1.
+
- Replaced lrint(3), lrintf(3), llrint(3) and llrintf(3) implementations from NetBSD with the existing FreeBSD implementations we were already using for lrintl(3) and llrintl(3).
+
- Fixed a tmux(1) redraw problem on automargin terminals.
+
+
- Modified syslog.conf(5) examples to use TLS rather than the plaintext protocols.
+
- Fixed file descriptor leak of /dev/tty on doas(1) auth failure.
+
- Added realpath(1), a wrapper for realpath(3) for use in ports.
+
- Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
- Reverted to use iwm(4) firmware v17 on Intel AC 7265, fixing instability issues on X1 Carbon gen3.
- Cached the old BSSID when roaming with iwx(4).
- Explicitly stopped iwx(4) Rx block ack when roaming between access points.