Annotation of www/plus.html, Revision 1.1414
1.1092 jj 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.14 deraadt 2: <html>
3: <head>
1.1384 tj 4: <title>OpenBSD -current Changelog</title>
1.1045 david 5: <meta name="description" content="OpenBSD -current changes">
1.1384 tj 6: <meta name="copyright" content="This document copyright 1996-2016 by OpenBSD.">
1.1383 deraadt 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.1400 tb 9: <link rel="canonical" href="https://www.openbsd.org/plus.html">
1.14 deraadt 10: </head>
11:
1.728 horacio 12: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.14 deraadt 13:
1.1383 deraadt 14: <h2>
15: <a href="index.html">
1.1386 tim 16: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
1.1384 tj 17: <font color="#e00000">-current Changelog</font>
18: </h2>
1.863 naddy 19: <hr>
1.14 deraadt 20:
21: <p>
1.1216 schwarze 22: This selection is intended to include all important
23: and all user-visible changes.
24: For a complete record of all changes, please see the "source-changes"
25: mailing list, called "OpenBSD CVS"
26: in the <a href="mail.html#Archives">archives</a>,
27: or use <a href="anoncvs.html#CVS">CVS</a>.
28:
29: <p>
1.846 deraadt 30: For changes in other releases, click below:<br>
31: <a href="plus20.html">2.0</a>,
32: <a href="plus21.html">2.1</a>,
33: <a href="plus22.html">2.2</a>,
34: <a href="plus23.html">2.3</a>,
35: <a href="plus24.html">2.4</a>,
36: <a href="plus25.html">2.5</a>,
37: <a href="plus26.html">2.6</a>,
38: <a href="plus27.html">2.7</a>,
39: <a href="plus28.html">2.8</a>,
40: <a href="plus29.html">2.9</a>,
41: <a href="plus30.html">3.0</a>,
42: <a href="plus31.html">3.1</a>,
1.868 deraadt 43: <a href="plus32.html">3.2</a>,
1.889 david 44: <a href="plus33.html">3.3</a>,
1.916 david 45: <a href="plus34.html">3.4</a>,
1.935 miod 46: <a href="plus35.html">3.5</a>,
1.941 deraadt 47: <a href="plus36.html">3.6</a>,
1.1118 deraadt 48: <br>
1.963 deraadt 49: <a href="plus37.html">3.7</a>,
1.999 deraadt 50: <a href="plus38.html">3.8</a>,
1.1028 deraadt 51: <a href="plus39.html">3.9</a>,
1.1044 deraadt 52: <a href="plus40.html">4.0</a>,
1.1069 deraadt 53: <a href="plus41.html">4.1</a>,
1.1097 deraadt 54: <a href="plus42.html">4.2</a>,
1.1118 deraadt 55: <a href="plus43.html">4.3</a>,
1.1140 deraadt 56: <a href="plus44.html">4.4</a>,
1.1152 deraadt 57: <a href="plus45.html">4.5</a>,
1.1163 deraadt 58: <a href="plus46.html">4.6</a>,
1.1177 deraadt 59: <a href="plus47.html">4.7</a>,
1.1194 deraadt 60: <a href="plus48.html">4.8</a>,
1.1198 nick 61: <a href="plus49.html">4.9</a>,
1.1212 schwarze 62: <a href="plus50.html">5.0</a>,
1.1242 lum 63: <a href="plus51.html">5.1</a>,
1.1276 deraadt 64: <a href="plus52.html">5.2</a>,
1.1300 brett 65: <a href="plus53.html">5.3</a>,
1.1330 deraadt 66: <br>
67: <a href="plus54.html">5.4</a>,
1.1352 brett 68: <a href="plus55.html">5.5</a>,
1.1365 deraadt 69: <a href="plus56.html">5.6</a>,
1.1372 deraadt 70: <a href="plus57.html">5.7</a>,
1.1382 deraadt 71: <a href="plus58.html">5.8</a>,
1.1392 deraadt 72: <a href="plus59.html">5.9</a>,
1.1401 deraadt 73: <a href="plus60.html">6.0</a>,
1.1403 deraadt 74: <a href="plus61.html">6.1</a>,
75: <a href="plus62.html">6.2</a>,
1.1406 deraadt 76: <a href="plus63.html">6.3</a>,
77: <a href="plus64.html">6.4</a>.
1.422 deraadt 78: <br>
1.186 deraadt 79:
80: <p>
1.1406 deraadt 81: <h3><font color="#0000e0">Changes made between OpenBSD 6.4 and -current</font></h3>
1.847 deraadt 82: <p>
1.1316 brett 83:
1.422 deraadt 84: <ul>
1.1414 ! pamela 85: <!-- 2019/02/17 -->
! 86: <li>Added <a href="https://man.openbsd.org/rsync">rsync(1)</a> support for --port=PORT and ":port" in the rsync:// URL. Unlike in the original rsync, service names are supported.
! 87: <li>Corrected <a href="https://man.openbsd.org/usb">usb(4)</a> to publish a new attached device only once it is fully initialized, preventing a race condition.
! 88: <li>Converted <a href="https://man.openbsd.org/openssl">openssl(1)</a> pkeyutl to the newer style of option handling.
! 89: <li>Adjusted <a href="https://man.openbsd.org/unwind">unwind(8)</a> to restart the DoT resolver alongside the other resolvers when log verbosity changes.
! 90: <!-- 2019/02/16 -->
! 91: <li>Improved time interpretation for <a href="https://man.openbsd.org/at">at(1)</a> by assuming that a time that is already past refers to the next day.
! 92: <li>Implemented the conv=fsync feature in <a href="https://man.openbsd.org/dd">dd(1)</a> (mirroring GNU dd), performing an <a href="https://man.openbsd.org/fsync">fsync(2)</a> after the final write to output.
! 93: <li>Added chown <a href="https://man.openbsd.org/pledge">pledge(2)</a> to <a href="https://man.openbsd.org/rsync">rsync(1)</a>, allowing root to gift files to other uids.
! 94: <li>Adjusted <a href="https://man.openbsd.org/rsync">rsync(1)</a> to set access time information with sub-second resolution.
! 95: <li>Changed <a href="https://man.openbsd.org/vmm">vmm(4)</a> to allow guests to see PA bits in CPUID, removing an unintentional guest memory size limit of 64GB.
! 96: <!-- 2019/02/15 -->
! 97: <li>Fixed a case where <a href="https://man.openbsd.org/ddb">ddb(4)</a> would modify two variables instead of one on 64-bit architectures.
! 98: <li>Relaxed userland stack pointer checking to allow PROT_NONE permissions on a page in addition to MAP_STACK.
! 99: <!-- 2019/02/14 -->
! 100: <li>Added support for -o, -D and -a in <a href="https://man.openbsd.org/rsync">rsync(1)</a>.
! 101: <li>Changed dpath <a href="https://man.openbsd.org/pledge">pledge(2)</a> to allow <a href="https://man.openbsd.org/mkfifoat.2">mkfifoat(2)</a> and <a href="https://man.openbsd.org/mknodat.2">mknodat(2)</a>.
! 102: <li>Allowed configuration of the rdomain for <a href="https://man.openbsd.org/mpe">mpe(4)</a> and <a href="https://man.openbsd.org/mpw">mpw(4)</a> interfaces.
! 103: <!-- 2019/02/13 -->
! 104: <li>Removed casts to (unsigned) to avoid range reduction bugs from parse.y based parsers.
! 105: <li>Updated <a href="https://man.openbsd.org/perl">perl(1)</a> to 5.28.1.
! 106: <li>Added support for server and client finished messages in <a href="https://man.openbsd.org/man3/ssl.3">ssl(3)</a> TLSv1.3 client implementation.
! 107: <li>Added a new <a href="https://man.openbsd.org/futex">futex(2)</a>-based <a href="https://man.openbsd.org/rwlock">rwlock(9)</a> implementation. The existing rwlock implementation will be used for architectures lacking atomic primitives.
! 108: <li>Changed <a href="https://man.openbsd.org/socket">socket(2)</a> options to allow calling of SO_PEERCRED on sockets created with <a href="https://man.openbsd.org/socketpair">socketpair(2)</a>.
! 109: <li>Adapted <a href="https://man.openbsd.org/rsync">rsync(1)</a> to use md4 from <a href="https://man.openbsd.org/crypto">crypto(3)</a>.
! 110: <!-- 2019/02/12 -->
! 111: <li> Integrated group ID send/receive and remapping into <a href="https://man.openbsd.org/rsync">rsync(1)</a>.
! 112: <li> Added -g option and associated getpw pledge to <a href="https://man.openbsd.org/rsync">rsync(1)</a>.
! 113: <li>Simplified imsg communications and improved privilege separation of <a href="https://man.openbsd.org/dhclient">dhclient(8)</a>. <a href="https://man.openbsd.org/resolv.conf.tail">resolv.conf.tail(5)</a> will now be read (allowing additional details to be supplied) with each proposal.
! 114: <li>Implemented support for -e and --rsh=name options in <a href="https://man.openbsd.org/rsync">rsync(1)</a>.
! 115: <li>Added long-opts aliases for single-letter options present in <a href="https://man.openbsd.org/rsync">rsync(1)</a>. Added missing -no-OPT long options.
! 116: <li>Adjusted <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a> show requests to handle the case where no neighbors are defined in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a>.
! 117: <!-- 2019/02/11 -->
! 118: <li>Implemented handling of Certificate and CertificateVerify messages in TLSv1.3.
! 119: <li>Began explicitly supporting VPNs in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a>, redefining and changing the syntax of <a href="https://man.openbsd.org/bgpd.conf">bgpd.conf(5)</a>. IMPORTANT NOTE: If MPLS VPNs are used, configuration will need to be adjusted.
! 120: <li>Moved the on-disk trust anchor for <a href="https://man.openbsd.org/unwind">unwind(8)</a> to /var/db/unwind.key, as it doesn't need to be in a directory writable by group _unwind. Additionally, began tracking it in <a href="https://man.openbsd.org/changelist">changelist(5)</a>.
1.1413 pamela 121: <!-- 2019/02/10 -->
1.1414 ! pamela 122: <li>Imported Kristaps' openrsync into the tree and began adjustment to match <a href="https://man.openbsd.org/style">style(9)</a> guidelines.
! 123: <li>Removed the implicit RTF_MPATH flag that rt_ifa_add() set on new routes.
! 124: <li>Simplified check for whether /usr/share is on an NFS filesystem in reorder_kernel.sh.
! 125: <li>Corrected PPC target in llvm to reflect that a long double is the same as a double on OpenBSD/powerpc.
1.1413 pamela 126: <li>Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> with -D.
127: <li>Adjusted <a href="https://man.openbsd.org/pfctl">pfctl(8)</a> parser to insist anchor names must not be empty.
128: <li>Further simplifed trust anchor handling in <a href="https://man.openbsd.org/unwind">unwind(8)</a>, allowing removal of wpath and cpath pledges from the parent process.
129: <li>Set logging of x509 peers' certificate subject names during tls client authentication in <a href="https://man.openbsd.org/httpd">httpd(8)</a>.
130: <li>Added Allwinner V3s support.
131: <li>Adjusted <a href="https://man.openbsd.org/scp">scp(1)</a> to accept shell-style brace alternations (e.g. "{foo,bar}") when verifying that filenames sent by the server match client requests.
132: <li>Changed <a href="https://man.openbsd.org/ssh">ssh(1)</a> to log when a connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect.
133: <li>Updated to xf86-video-apm 1.3.0, xf86-video-s3virge 1.11.0, xf86-video-chips 1.3.0, xf86-video-i128 1.4.0, xf86-video-neomagic 1.3.0 and xf86-video-i740 1.4.0.
134: <!-- 2019/02/09 -->
135: <!-- 2019/02/08 -->
136: <li>Fixed ipv4 checksum calculation for mpls_input.c that was being performed in memory half the necessary size.
137: <li>Fixed a race condition for <a href="https://man.openbsd.org/install">install(1)</a>. This patch makes the -S option a no-op, its functionality becoming the default behavior.
138: <li>Fixed stack info leak in <a href="https://man.openbsd.org/execve">execve(2)</a>.
139: <li>Made clear in the documentation that <a href="https://man.openbsd.org/httpd">httpd(8)</a> supports fastcgi over TCP.
140: <li>Imported <a href="https://man.openbsd.org/unbound">unbound(8)</a> 1.9.0 and updated unwind's copy of libunbound.
141: <!-- 2019/02/07 -->
142: <li>Removed rpath from the pledge in <a href="https://man.openbsd.org/cut">cut(1)</a> when only stdin is used.
143: <li>Rewrote trust anchor handling in <a href="https://man.openbsd.org/unwind">unwind(8)</a> to stop using libunbound's auto trust anchor feature, allowing tightening of the resolver process pledges.
144: <li>Implemented processing of EncryptedExtensions in the <a href="https://man.openbsd.org/ssl">ssl(3)</a> TLSv1.3 client.
145: <li>Added lock stack trace saving for <a href="https://man.openbsd.org/witness">witness(4)</a>. This setting is not enabled by default.
146: <li>Adjusted <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> to correct possible memory leaks by changing it to consistently use <a href="https://man.openbsd.org/m_freem">m_freem(9)</a> and adding an assert to identify overruns of the task ring queue.
147: <!-- 2019/02/06 -->
148: <li>Reworked <a href="https://man.openbsd.org/fec">fec(4)</a> handling of descriptors and buffers. Added recovery in the case of a full transmission queue.
149: <li>Improved handling of roff identifiers that end with a tab character in <a href="https://man.openbsd.org/mandoc">mandoc(1)</a>.
150: <li>Fixed a possible memory leak in tcp_usrreq().
151: <li>Replaced overlapping <a href="memcpy">memcpy(3)</a> with <a href="https://man.openbsd.org/memmove">memmove(3)</a> in getpathname() for <a href="https://man.openbsd.org/fsck_ffs">fsck_ffs(8)</a> and <a href="https://man.openbsd.org/fsck_ext2fs">fsck_ext2fs(8)</a>.
152: <li>Added display of rcpt address for RCPT errors in <a href="https://man.openbsd.org/smtpd">smtpd(8)</a>.
153: <li>Added -b to display-panes like run-shell in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.
154: <!-- 2019/02/05 -->
155: <li>Fixed addend handling for relaxing R-PPC-PLTREL24 relocations in <a href="https://man.openbsd.org/ld.bfd">ld.bfd(1)</a>, making -Wl and -relax work well enough to link base clang on macppc.
156: <li>Fixed a potential out-of-bounds read when <a href="https://man.openbsd.org/regcomp">regcomp(3)</a> is passed a bad expression.
157: <li>Adjusted <a href="https://man.openbsd.org/ps">ps(1)</a> to work in single user mode where /var/run is unavailable or in cases where /dev does not exist.
158: <li>Added an example <a href="https://man.openbsd.org/unwind.conf">unwind.conf(5)</a>. (Note that <a href="https://man.openbsd.org/unwind">unwind(8)</a> works without a config file in many cases).
159: <li>Converted <a href="https://man.openbsd.org/openssl">openssl(1)</a> pkey to the newer style of option handling.
160: <li>Added handling of Cisco's Encapsulated Remote Switch Port Analyzer (ERSPAN) protocol to <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>.
161: <!-- 2019/02/04 -->
162: <li>Fixed printing of major and minor from dev_t in various parts of the tree.
163: <li>Fixed NULL-deference crash in <a href="https://man.openbsd.org/ssh">ssh(1)</a> in the PKCS#11 code.
164: <li>Fixed a potential mbuf double free in the out-of-band soreceive() path.
165: <li>Added support for defining variables through the environment in <a href="https://man.openbsd.org/pkg-config">pkg-config(1)</a>.
166: <li>Implemented as-override in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a>, a feature where the neighbor AS is replaced by the local AS in AS paths.
167: <li>Added --validate flag to <a href="https://man.openbsd.org/pkg-config">pkg-config(1)</a> and updated version to 0.29.0.
168: <li>Added a <a href="https://man.openbsd.org/pthread_get_name_np">pthread_get_name_np(3)</a> to match <a href="https://man.openbsd.org/pthread_set_name_np">pthread_set_name_np(3)</a> in <a href="https://man.openbsd.org/pthreads">pthreads(3)</a>.
169: <li>Fixed an undefined case when neither -msave-args or -mno-save-args are specified in LLVM.
170: <li>Imported libc++, libc++abi and libunwind version 7.0.1.
171: <li>Adjusted members of glob_t to match POSIX in <a href="https://man.openbsd.org/glob">glob(3)</a>. IMPORTANT NOTE: This required a libc major version bump.
172: <li>Implementing parsing and processing of TLSv1.3 ServerHello messages in <a href="https://man.openbsd.org/ssl">ssl(4)</a>.
173: <li>Fixed a panic caused by <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> by handling control messages that exceed MLEN.
174: <li>Applied a fix to update the caller-supplied pointer in semundo_adjust() to prevent a potential use-after-free panic.
1.1412 florian 175: <!-- 2019/02/03 -->
176: <li>Allowed <a href="https://man.openbsd.org/tun">tun(4)</a> access to AF_MPLS packets from userland.
177: <li>Converted <a href="https://man.openbsd.org/openssl">openssl(1)</a> rsautl to the newer style of option handling.
178: <li>Improved support for Marvell wi-fi microcontroller SoCs with the creation of the mvgicp(4) driver.
179: <li>Fixed exception handling issues with <a href="https://man.openbsd.org/clang%2B%2B">clang++(1)</a> on platforms not using <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a> as the default linker.
180: <li>Added captive portal detection for <a href="https://man.openbsd.org/unwind">unwind(8)</a>.
181: <!-- 2019/02/02 -->
182: <li>Enabled -msave-args when building an amd64 kernel with <a href="https://man.openbsd.org/clang">clang(1)</a>.
183: <li>Increased datasize in <a href="https://man.openbsd.org/login.conf">login.conf(5)</a> for sparc64 to accommodate Mesa.
184: <li>Adjusted <a href="https://man.openbsd.org/pfctl">pfctl(8)</a> to show the routing address selected by "route-to" when "pfctl -s states" is used.
185: <li>Improved stack trace saving on amd64 and i386.
186: <!-- 2019/02/01 -->
187: <li>Added retries to <a href="https://man.openbsd.org/acme-client">acme-client(1)</a> when not all challenges are validated.
188: <li>Fixed <a href="https://man.openbsd.org/wscons">wscons(4)</a> to remove a potential use-after-free panic involving wskbclose().
189: <li>Fixed <a href="https://man.openbsd.org/ixl">ixl(4)</a> calculation of physical function ID, improving the function of the second port on dual port cards.
190: <li>Added libelf to allow future use by Mesa.
191: <li>Applied connection timeouts from an initial <a href="https://man.openbsd.org/ssh">ssh(1)</a> attempt to subsequent attempts.
192: <li>Fixed lost interrupts in <a href="https://man.openbsd.org/fec">fec(4)</a> which could lead to full TX queues.
193: <!-- 2019/01/31 -->
194: <li>Incremented efiboot version to 0.14. This is the first version to support <a href="https://man.openbsd.org/softraid">softraid(4)</a>.
195: <li>Added kernel locking for clocks in clock_gettime.
196: <li>Adjusted <a href="https://man.openbsd.org/pf.conf">pf.conf(5)</a> to allow non-numerical port specifications in line with other rules and added an error message regarding ranges without start values.
197: <li>Fixed compilation of amd64 kernel when optimization is disabled.
198: <li>Improved <a href="https://man.openbsd.org/mandoc">mandoc(1)</a> <a href="https://man.openbsd.org/tbl">tbl(7)</a> centering in <a href="https://man.openbsd.org/mdoc">mdoc(7)</a> documents.
199: <li>Implemented booting from <a href="https://man.openbsd.org/softraid">softraid</a> on arm64.
200: <li>Modified <a href="https://man.openbsd.org/unwind">unwind(8)</a> to grant non-privileged users access to status information. Use of reload and logging commands requires root.
201: <li>Enabled unused IQ/ADC calibration code in the <a href="https://man.openbsd.org/athn">athn(4)</a> driver. Complete and enable noisefloor calibration code.
202: <li>Adjusted tc_setclock not to rewind the system uptime during resume/unhibernate.
203: <!-- 2019/01/30 -->
204: <li>Corrected handling of TLS sigalgs extensions for TLSv1.0/TLSv1.1 for <a href="https://man.openbsd.org/man3/ssl.3">ssl(3)</a>.
205: <li>Modified <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> to query firmware for RSSI levels and current transmit rate on behalf of <a href="https://man.openbsd.org/ifconfig">ifconfig(1)</a>.
206: <li>Implemented -msave-args in <a href="https://man.openbsd.org/clang">clang(1)</a>/llvm.
207: <!-- 2019/01/29 -->
208: <li>Updated compiler-rt to 7.0.1.
209: <li>Enabled CRYPTO for arm64 RAMDISK to allow use of <a href="https://man.openbsd.org/softraid">softraid(4)</a> crypto during installation.
210: <li>Fixed a bug in <a href="https://man.openbsd.org/calendar">calendar(1)</a> that led to duplicate display of events when -B was used.
211: <li>Improved imsg processing in <a href="https://man.openbsd.org/unwind">unwind(8)</a> to be more paranoid, excepting the control socket (so users can't bring down unwind).
212: <li>Adjusted <a href="https://man.openbsd.org/pckbc">pckbc(4)</a> to discard unwanted mouse events from the keyboard input channel while on the console.
213: <li>Modified <a href="https://man.openbsd.org/mail.lmtp">mail.lmtp(8)</a> to strip carriage returns from lmtp responses.
214: <li>Added a dedicated <a href="https://man.openbsd.org/man2/sysctl.2">sysctl(2)</a> node for <a href="https://man.openbsd.org/witness">witness(4)</a>.
215: <li>Imported Mesa 18.3.2.
216: <li>Modified <a href="https://man.openbsd.org/rtwn">rtwn(4)</a> to accept control frames in monitor mode.
217: <li>Made -N and -r mutually exclusive in <a href="https://man.openbsd.org/pfctl">pfctl(8)</a>, allowing either disabling DNS or enabling additional reverse lookups, not both.
218: <li>Enabled <a href="https://man.openbsd.org/ixl">ixl(4)</a> on sparc64.
1.1411 florian 219: <!-- 2019/01/28 -->
1.1412 florian 220: <li>Implemented -a ("archive" mode, synonymous with -RpP) for <a href="https://man.openbsd.org/cp">cp(1)</a>.
221: <li>Adjusted <a href="https://man.openbsd.org/fstat">fstat(1)</a> to filter multiple pids and multiple users at the same time.
222: <li>Switched i386 to use lld as the default linker.
223: <li>Stopped accounting/updating priorities for idle threads, fixing an accounting bug where <a href="https://man.openbsd.org/top">top(1)</a> would report high CPU usage for idle threads of secondary CPUs right after booting.
224: <li>Implemented the ability to break into <a href="https://man.openbsd.org/ddb">ddb(4)</a> using <a href="https://man.openbsd.org/imxuart">imxuart(4)</a>.
225: <li>Modified <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a> to produce binaries compatible with the W^X implementation on i386.
226: <li>Unveiled _PATH_DEVDB in <a href="https://man.openbsd.org/su">su(1)</a> and <a href="https://man.openbsd.org/wall">wall(1)</a> due to the use of <a href="https://man.openbsd.org/ttyname">ttyname(3)</a>.
1.1411 florian 227: <!-- 2019/01/27 -->
228: <li>Added domain-s (DNS over TLS) to <a href="https://man.openbsd.org/services">services(5)</a>.
229: <li>Imported LLVM 7.0.1 release.
230: <li>Implemented DNS over TLS (DoT) in <a href="https://man.openbsd.org/unwind">unwind(8)</a>.
231: <li>Added a kernel fix for a potential panic when a negative value is used to index an array, validating in <a href="https://man.openbsd.org/wscons">wscons(4)</a> the user-supplied device index given to WSMXUIO_ADD_DEVICE.
232: <li>Adjusted <a href="https://man.openbsd.org/mpe">mpe(4)</a> mpls rtable behaviour to match <a href="https://man.openbsd.org/mpw">mpw(4)</a>, removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6.
233: <!-- 2019/01/26 -->
234: <li>Added 'uselease' statement to <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values.
235: <li>Improved support for <a href="https://man.openbsd.org/nmea">nmea(4)</a> devices, providing altitude and ground speed values as sensors.
236: <li>Added an <a href="https://man.openbsd.org/scp">scp(1)</a> client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.
237: <li>Made <a href="https://man.openbsd.org/ssh-keyscan">ssh-keyscan(1)</a> return a non-zero exit status if it finds no keys.
238: <li>Added a delay to fix <a href="https://man.openbsd.org/pms">pms(4)</a> touchpad driver issue on ThinkPad X1 Gen6.
239: <li>Tagged the start of <a href="https://man.openbsd.org/witness">witness(4)</a> output with prefix "witness:" to allow easier data extraction.
240: <li>Changed an <a href="https://man.openbsd.org/abort">abort(3)</a> call to an <a href="https://man.openbsd.org/_exit">_exit(2)</a> in <a href="https://man.openbsd.org/crypto">crypto(3)</a> to guarantee termination of the running program without potentially leaving key material in core files.
241: <li>Fixed a double free in <a href="https://man.openbsd.org/ldap">ldap(1)</a>.
242: <li>Eliminated a bug wherein the ttl 0 could be incorrectly decremented to ttl 255 for incoming mpls packets.
243: <!-- 2019/01/25 -->
244: <li>Fixed microsecond output of timestamp deltas (-tttt) for <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>.
245: <li>Enabled <a href="https://man.openbsd.org/ccp">ccp(4)</a> on arm64 and armv7 ramdisks.
246: <!-- 2019/01/24 -->
247: <li>Set <a href="https://man.openbsd.org/ssh">ssh(1)</a> to accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key, allowing pasting of fingerprints obtained through other means to have the client perform the comparison for you.
248: <li>Forced progressmeter to update at the beginning and end of a transfer, fixing a bug where it wouldn't display on quick <a href="https://man.openbsd.org/scp">scp(1)</a>/<a href="https://man.openbsd.org/sftp">sftp(1)</a> transfers.
249: <li>Fixed a crash on long lines when switching to another file in <a href="https://man.openbsd.org/vi">vi(1)</a>.
250: <li>Increased default datasize on arm64 to 768M to prepare for building clang 7.
251: <li>Removed SHA224 and GOST-based signature algorithms from use in TLS 1.2.
252: <!-- 2019/01/23 -->
253: <li>Set <a href="https://man.openbsd.org/route">route(8)</a> to display the same flags in RTM_IFINFO messages as <a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a>.
254: <li>Reworked <a href="https://man.openbsd.org/mpw">mpw(4)</a> to be an actual ethernet interface.
255: <li>Removed support for obsolete "host/port" syntax in <a href="https://man.openbsd.org/ssh">ssh(1)</a>. This is no longer commonly used and may be confused with CIDR notation.
256: <li>Changed <a href="https://man.openbsd.org/bridge">bridge(4)</a> to only copy packets for span ports if the bridge is up.
257: <li>Imported <a href="https://man.openbsd.org/unwind">unwind(8)</a>, a hybrid validating stub and recursive resolver. It actively observes the local net to decide how best to resolve names.
258: <li>Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support.
259: <li>Added the <a href="https://man.openbsd.org/man4/arm64/apm.4">apm(4)</a> subsystem to arm64.
260: <li>Taught <a href="https://man.openbsd.org/ldpd">ldpd(8)</a> to ask if a potential pseudowire interface is pwe3-capable.
261: <li>Changed <a href="https://man.openbsd.org/scp">scp(1)</a>/<a href="https://man.openbsd.org/sftp">sftp(1)</a> to sanitize scp filenames via snmprintf.
262: <li>Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>.
263: <!-- 2019/01/22 -->
264: <li>Reworked how <a href="https://man.openbsd.org/tcp">tcp(4)</a> md5 signatures are configured in <a href="https://man.openbsd.org/ldpd">ldpd(8)</a>. Now configuration is allowed against a prefix in addition to a neighbour.
265: <li>Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a <a href="https://man.openbsd.org/diskless">diskless(8)</a> host.
266: <li>Pledged <a href="https://man.openbsd.org/video">video(1)</a> in response to the newly-added promise.
267: <li>Reordered PCI device assignment in <a href="https://man.openbsd.org/vmd">vmd(8)</a> to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions.
268: IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis.
269: <li>Increased maximum MTU of <a href="https://man.openbsd.org/bnxt">bnxt(4)</a> to match the linux driver.
270: <li>Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API).
271: <li>Added support to <a href="https://man.openbsd.org/crypto">crypto(3)</a> for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces.
1.1407 florian 272: <!-- 2019/01/21 -->
1.1411 florian 273: <li>Modified <a href="https://man.openbsd.org/syspatch">syspatch</a> not to return an error if a rollback is attempted when no patches have been installed.
274: <li><a href="https://man.openbsd.org/syspatch">Syspatch(8)</a> now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine.
275: <li>Removed undocumented 24 hour limits for timeouts from <a href="https://man.openbsd.org/select">select(2)</a>, <a href="https://man.openbsd.org/pselect">pselect(2)</a>, <a href="https://man.openbsd.org/poll">poll(2)</a> and <a href="https://man.openbsd.org/ppoll">ppoll(2)</a>.
276: <li>Added a -J option as a shortcut for -o Proxyjump= to <a href="https://man.openbsd.org/scp">scp(1)</a> and <a href="https://man.openbsd.org/sftp">sftp(1)</a> to match <a href="https://man.openbsd.org/ssh">ssh(1)</a>'s interface.
277: <li>Switched sntrup implementation source from supercop to libpqcrypto in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.
278: <li>Added the ability to parse epoch seconds to <a href="https://man.openbsd.org/strptime">strptime(3)</a>. Added a -f pformat flag to parse the given time with strptime to <a href="https://man.openbsd.org/date">date(1)</a>.
279: <li>Fixed problem where <a href="https://man.openbsd.org/unveil">unveil(2)</a> system call can leak memory.
280: <li>Added video promise to <a href="https://man.openbsd.org/pledge">pledge(2)</a>, allowing ioctls on <a href="https://man.openbsd.org/man4/video.4">video(4)</a> devices selected from <a href="https://man.openbsd.org/video">video(1)</a> and firefox wbrtc implementation.
281: <li>Introduced a dedicated entry point data structure for file locks.
282: <li>Provided the initial TLSv1.3 client implementation in LibreSSL.
283: <li>Introduced -v flags for ssh-add and ssh-pkcs11-helper in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.
284: <li>Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using <a href="https://man.openbsd.org/ntpd">ntpd(8)</a> constraints.
285: <li>Factored out several functions duplicated between client and server for <a href="https://man.openbsd.org/ssh">ssh(1)</a>.
286: <li>Removed obsolete SSH v.1 functions in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.
287: <li>Enables manual validity checking for constraints in the X.509 certificate in <a href="https://man.openbsd.org/ntpd">ntpd(8)</a>. This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.
288: <li>AMD64 machines will now support 2TB of physical memory, extendable in the future.
289: <li>Improved handling of CPUID[1].ECX[OSXSAVE] bit.
1.1407 florian 290: <li>Adjusted <a href="https://man.openbsd.org/bgpd">bgpd(8)</a> to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage.
1.1411 florian 291: <li>Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in <a href="https://man.openbsd.org/vmm">vmm(4)</a>. These will now generategeneral protection fault as per spec.
1.1407 florian 292: <!-- 2019/01/20 -->
293: <li>Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in <a href="https://man.openbsd.org/ixl">ixl(4)</a>.
294: <li>Added refresh for <a href="https://man.openbsd.org/arp">arp(8)</a> entries that are about to expire.
295: <li>Added support in <a href="https://man.openbsd.org/bgpd">bgpd(8)</a> and <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a> for group descriptions in control messages that accept a neighbor description.
296: <li>Added support for ECDSA keys in PKCS#11 tokens.
297: <li>Added a -T option to test whether <a href="https://man.openbsd.org/ssh">ssh(1)</a> keys in an agent are usable.
298: <li>Imported xorgproto 2018.4.
299: <li>Added support for a new <a href="https://man.openbsd.org/kcov">kcov(4)</a> trace mode called KCOV_MODE_TRACE_CMP to trace comparison instructions and switch statements, usable during fuzzing to generate even more coverage.
1.1410 florian 300: <li>Set the shell to strip quotation marks from daemon_flags when starting a daemon with <a href="https://man.openbsd.org/rc.d">rc.d(8)</a>, making the details in pexp match what appears in the process list.
1.1407 florian 301: <li>Restored correct display of treasure when snake runs over the money in <a href="https://man.openbsd.org/snake">snake(6)</a>. Adjusted cursor location during space warp and display of the pinball bonus.
302: <li>Changed imsg header definitions to use standard types.
303: <!-- 2019/01/19 -->
304: <li>Fixed BN_is_prime_* calls in <a href="https://man.openbsd.org/crypto">libcrypto(3)</a>, <a href="https://man.openbsd.org/openssl">openssl(1)</a>, <a href="https://man.openbsd.org/ssh">ssh(1)</a> and <a href="https://man.openbsd.org/sshd">sshd(8)</a>.
305: <li>Handled link state change interrupts in <a href="https://man.openbsd.org/ixl">ixl(4)</a>.
306: <li>Serialized tc_windup() calls and modified some timehands.
307: <li>Committed refactored <a href="https://man.openbsd.org/ssh">ssh(1)</a> packet parsing API.
308: <li>Changes to <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> now handle changes to SSID or LLADDR by retrieving a new lease. This mproves performance when join connects to new networks.
309: <li>Improved join error handling in<a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a>.
310: <li>Added a pwraction <a href="https://man.openbsd.org/sysctl">sysctl(8)</a> that allows conversion of a power button into a sleep button if desired.
1.1410 florian 311: <li>Set an <a href="https://man.openbsd.org/ssh">ssh(1)</a> password prompt to begin with a carriage return to obscure portions of a password entered too early.
1.1407 florian 312: <li>Enabled <a href="https://man.openbsd.org/myx">myx(4)</a> on the large ramdisk for amd64.
313: <li>Finished randomizing remaining layers of pmap_kernel.
314: <li>Enabled <a href="https://man.openbsd.org/ixl">ixl(4)</a> on amd64.
315: <li>Added a TLS record handling implementation.
316: <li>Moved boottime into the timehands.
317: <li>Added a partial port of EC_KEY_METHOD from OpenSSL 1.1 to libcrypto. Added various apis from OpenSSL 1.1 to LibreSSL.
318: <!-- 2019/01/18 -->
319: <li>Set removal of a currently active network from the join list to disconnect as well.
320: <li>Added "join any" option to allow users to automatically connect via join() to any open wifi network. Known networks are preferred.
321: <li>Increased the socket buffer size for <a href="https://man.openbsd.org/sendsyslog">sendsyslog(2)</a> to 1 MB for fewer messages dropped by <a href="https://man.openbsd.org/syslogd">syslogd(8)</a>.
322: <li>Updated to libpixman 0.36.0 in xenocara.
323: <li>Added protective check for negative length integers in nfs clients and servers, as well as negative length NFS strings.
324: <li>Reconnected bfd(4) to the build after updating for sounlock() api change.
325: <li>Set <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> to ignore HUP signals. Starting a new dhclient will handle this use case by killing and executing a new copy.
326: <li>Began validating relative timeout before sleeping for <a href="https://man.openbsd.org/futex">futex(2)</a>.
327: <li>Began validating inputs to <a href="https://man.openbsd.org/adjtime">adjtime(2)</a>, <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> and <a href="https://man.openbsd.org/clock_settime">clock_settime(2)</a>.
328: <li>Changed the default digest type to sha256 for <a href="https://man.openbsd.org/openssl">openssl(1)</a>. Added support for pbkdf2 with OpenSSL-compatible flags.
329: <li>Removed <a href="https://man.openbsd.org/vmm">vmm(4)</a> and disabled <a href="https://man.openbsd.org/vmd">vmd(8)</a> and <a href="https://man.openbsd.org/vmctl">vmctl(8)</a> for i386 systems.
330: <!-- 2019/01/17 -->
331: <li>Renamed TLS extension-handling functions to better fit TLSv1.3.
332: <li>Enabled use of a 64-bit register when required for inline assembly on sparc64, correcting sparc64 kernels compiled with <a href="https://man.openbsd.org/clang">clang(1)</a>.
333: <li>Continued work to prepare the network stack for fine-grained locking.
334: <li>Added support for the SSD1306 OLED display.
1.1410 florian 335: <li>Modified <a href="https://man.openbsd.org/signify">signify(1)</a> and <a href="https://man.openbsd.org/doas">doas(1)</a> to prevent passwords from being retained in memory when errors are encountered.
1.1407 florian 336: <li>Prevented users from specifying multiple join or nwid arguments in one <a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> call.
337: <li>Fixed crash conditions in <a href="https://man.openbsd.org/unveil">unveil(2)</a>, along with some cases where unveil would return ENOENT instead of EACCESS.
338: <li>Enabled <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> in RAMDISK_CD for amd64, allowing use during installs.
339: <li>Laid groundwork for TLSv1.3.
340: <!-- 2019/01/16 -->
341: <li>Added a -h flag to <a href="https://man.openbsd.org/sftp">sftp(1)</a> <a href="https://man.openbsd.org/chown">chown(8)</a>, <a href="https://man.openbsd.org/chgrp" >chgrp(1)</a>, and <a href="https://man.openbsd.org/chmod">chmod(1)</a> commands to request they not follow symlinks.
342: <li>Added support for a "lsetstat@openssh.com" extension. This replicates the
343: functionality of the existing SSH2_FXP_SETSTAT operation but does not
344: follow symlinks.
345: <li>Updated to exit <a href="https://man.openbsd.org/syspatch">syspatch(8)</a> correctly after updating itself. Improvement to readability of patches to install on first boot.
346: <!-- 2019/01/15 -->
347: <li>For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where <a href="https://man.openbsd.org/ospfd">ospfd(8)</a> and <a href="https://man.openbsd.org/ospf6d">ospf6d(8)</a> overwrite this information when "depend on" is used and the specified interface is down.
348: <li>Added Allwinner H3/H5 <a href="https://man.openbsd.org/ohci">ohci(4)</a> clocks.
349: <li>Repaired inter-word spacing of postscript and pdf outputting by <a href="https://man.openbsd.org/mandoc">mandoc(1)</a>.
350: <li>Corrected setting of default colours in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.
351: <li>"No data" frames will no longer be processed in <a href="https://man.openbsd.org/ieee80211_input">ieee80211_input(9)</a> before decryption and incorrectly counted as decryption failures.
352: <li>Characters that will not be copied are no longer highlightable in <a href="https://man.openbsd.org/tmux">tmux(1).</a>
353: <!-- 2019/01/14 -->
354: <li>Allowed programs to set the Checking Disabled flag on DNS requests.
355: <li>Prevented <a href="https://man.openbsd.org/ntpd">ntpd(8)</a> from starting when an instance is already running.
356: <li>Added support for building sparc64 kernels with <a href="https://man.openbsd.org/clang">clang(1)</a>.
357: <li>Fixed <a href="https://man.openbsd.org/mailq">mailq(8)</a> output for <a href="https://man.openbsd.org/smtpctl">smtpctl(8)</a>.
358: <li>Code review and clean up of <a href="https://man.openbsd.org/locate">locate(1)</a>.
359: <li>Fixed minor issues in <a href="https://man.openbsd.org/ksh">ksh(1)</a>.
360: <li>Modified <a href="https://man.openbsd.org/ttyflags">ttyflags(8)</a> to improve memory usage.
361: <li>Cleanup and improvement of <a href="https://man.openbsd.org/dhclient">dhclient(8).</a>
362: <!-- 2019/01/13 -->
363: <li>Redundant debug message removed for <a href="https://man.openbsd.org/iwn">iwn(4)</a>.
364: <li>Added support for <a href="https://man.openbsd.org/gpio">gpio(4)</a> bus and improved card detection on Octeon systems.
365: <li>Fixed an off-by-one error in pfkeyv2_sysctl_policydumper().
366: <li>Improved support for Broadcom trackpad mouse <a href="https://man.openbsd.org/ubcmtp">ubcmtp(4)</a> by validating interfaces and claiming them during *attach().
367: <li>Validated interfaces for if_ral passed to *match().
368: <li>Improved <a href="https://man.openbsd.org/syslog">syslog(3)</a> to support program names including "." and "_".
369: <li>Updated xf86-video-ati to 18.1.0.
370: <!-- 2019/01/12 -->
371: <li>Set <a href="https://man.openbsd.org/clang">clang(1)</a> to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.
372: <li>Enabled <a href="https://man.openbsd.org/uhci">uhci(4)</a> USB support for ARMv7.
373: <!-- 2019/01/11 -->
374: <li>Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.
375: <li>Bug fixes for <a href="https://man.openbsd.org/otus">otus(4)</a> devices based on the Atheros AR9001U chipset.
376: <li>Changed <a href="https://man.openbsd.org/mandoc">mandoc(1)</a> html output to display tooltips using css exclusively.
377: <li>Clarified in documentation that OpenBSD ignores the LC_NUMERIC category as a safety practice, and outlined best practices for portable programs.
378: <li>Addition of the <a href="https://man.openbsd.org/imxsrc">imxsrc(4)</a> i.MX system reset controller driver, used to assert the reset pins for the PCIe controller, etc.
379: <!-- 2019/01/10 -->
380: <li>Bug fixes in <a href="https://man.openbsd.org/pfctl">pfctl(8)</a>.
381: <li>Added <a href="https://man.openbsd.org/abcrtc">abcrtc(4)</a> Abracon AB1805 real-time clock driver.
382: <li>Eliminated <a href="https://man.openbsd.org/alloca">alloca(3)</a> call from vioqcow2.c and replaced with <a href="https://man.openbsd.org/malloc">malloc(3)</a> to prevent known-location object placement by an attacker.
383: <li>Implemented Event()/Signal()/Wait() AML operations for <a href="https://man.openbsd.org/acpi">acpi(4)</a>.
384: <li>Improved the "not my pool" searching loop in <a href="https://man.openbsd.org/malloc">malloc(3)</a> and made the number of pools variable. Optimization of multi-threaded case by adjusting default number of pools to 8.
385: <li>Hacking on <a href="https://man.openbsd.org/virtio">virtio(4)</a>, including defines, bug fixing and pci device list.
386: <li>kern_time.c will not allow cancellation of ongoing <a href="https://man.openbsd.org/adjtime">adjtime(2)</a> until after full permission checks.
387: <li>Adjusted <a href="https://man.openbsd.org/nc">nc(1)</a> to use <a href="https://man.openbsd.org/memset">memset(3)</a> instead of <a href="https://man.openbsd.org/bzero">bzero(3)</a> for portability and POSIX compliance.
388: <li><a href="https://man.openbsd.org/pledge">Pledge(2)</a> and <a href="https://man.openbsd.org/unveil">unveil(2)</a> <a href="https://man.openbsd.org/unbound-anchor">unbound-anchor(8)</a>.
389: <li>Improved portability of <a href="https://man.openbsd.org/mandoc">mandoc(1)</a> to other operating systems. Improved html and css used for html generation.
390: <li>Prevented <a href="https://man.openbsd.org/radeondrm">radeondrm(4)</a> from using aperture memory to overlap the framebuffer.
391: <!-- 2019/01/09 -->
392: <li>Improved <a href="https://man.openbsd.org/ddb">ddb(4)</a> readability by printing right-aligned hex values.
1.1408 kn 393: <li>Fix for <a href="https://man.openbsd.org/rcs">rcs(1)</a> to allow correct lock resolution before expansion of keywords, so expansion can happen with the correct values and files don't show up as modified.
1.1407 florian 394: <li>Added the ability for arm64 efiboot to boot from partitions other than "a".
395: <li>Spleen font enabled in <a href="https://man.openbsd.org/man8/wsfontload.8">wsfontload(8)</a>, along with font selection logic to allow selecting larger fonts when available at runtime in <a href="https://man.openbsd.org/rasops">rasops(9)</a>.
396: <li>Implemented an if_enqueue handler for <a href="https://man.openbsd.org/vlan">vlan(4)</a>, bypassing the ifq handling for a performance improvement in particular configurations.
397: <!-- 2019/01/08 -->
398: <li>Disabled ret-protector and retpoline protections in the <a href="https://man.openbsd.org/clang">clang(1)</a> compiler to regain build performance.
399: <li>Adjusted <a href=https://man.openbsd.org/httpd>httpd(8)</a> to start when TLS is configured.
1.1164 deraadt 400: </ul>
1.422 deraadt 401: <p>
1.203 deraadt 402:
1.14 deraadt 403: </body>
1.1328 deraadt 404: </html>