************************
* Support for new EAP (Extensible Authentication Protocol) methods:
- Support for EAP-TLS, from Jan Just Keijser and others
- Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
Van Buggenhout and others
* New pppd options:
- chap-timeout
- chapms-strip-domain
- replacedefaultroute
- noreplacedefaultroute
- ipv6cp-accept-remote
- lcp-echo-adaptive
- ip-up-script
- ip-down-script
- ca
- capath
- cert
- key
- crl-dir
- crl
- max-tls-version
- need-peer-eap
* Fixes for CVE-2020-8597 and CVE-2015-3310.
* libpcap is now required when compiling on Linux (previously, if
libpcap was not present, pppd would be compiled without packet
filtering support).
* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
from the upstream rp-pppoe code. Its options have changed names,
but the old names are kept as aliases.
* The configure script now supports cross-compilation.
* Many bug fixes and cleanups.
What was new in ppp-2.4.8.
**************************
* New pppd options have been added:
- ifname, to set the name for the PPP interface device
- defaultroute-metric, to set the metric for the default route
- defaultroute6, to add an IPv6 default route (with nodefaultroute6
to prevent adding an IPv6 default route)
- up_sdnotify, to have pppd notify systemd when the link is up.
* The rp-pppoe plugin has new options:
- host-uniq, to set the Host-Uniq value to send
- pppoe-padi-timeout, to set the timeout for discovery packets
- pppoe-padi-attempts, to set the number of discovery attempts.
* Added the CLASS attribute in radius packets.
* Sundry bug fixes.
* Fixed warnings and issues found by static analysis.
* Added Submitting-patches.md.
What was new in ppp-2.4.7.
**************************
* Fixed a potential security issue in parsing option files (CVE-2014-3158).
* There is a new "stop-bits" option, which takes an argument of 1 or 2,
indicating the number of stop bits to use for async serial ports.
* Various bug fixes.
What was new in ppp-2.4.6.
**************************
* Man page updates.
* Several bug fixes.
* Options files can now set and unset environment variables for
scripts.
* The timeout for chat scripts can now be taken from an environment
variable.
* There is a new option, master_detach, which allows pppd to detach
from the controlling terminal when it is the multilink bundle master
but its own link has terminated, even if the nodetach option has
been given.
Don't set BNF in all bold .Ic, instead use .Ar for "expr" and "var" so
that only the literal stuff that is being defined is bold. Arrange
for subscripts to actually be subscripted in PostScript. Make sure
meta-syntactic [] are set differently than literal (). Etc...
The length/scale example at the beginning is not all literal.
Fix remaining "quoted" words to use .Dq
Fix a few small inline code snippets to be literal.
While here, disable periodic scanning by default on NetBSD as it's
no longer needed.
The user can still enable it though with a positive number to the -U
option.
kardel@ So far I see no other issues from the pitfalls I know of
With the correct #defines mini_event.c and winsock_event.c are
compiled but practically unused.
What is exposed is not part of the public API, but appease the
peanut gallery.
Messages such as RTM_IFNFO or RTM_IFANNOUNCE could have been lost.
As such, sync the state of our internal driver to the state of the
system interfaces as reported by getifaddrs(2).
This change requires the routing socket be placed in non-blocking
mode. While here, set the routing and inet sockets to close on exec.
Release 2020f - 2020-12-29 00:17:46 -0800
No changes to tzdata, just to a part of the build procedure
not used on NetBSD
Release 2020e - 2020-12-22 15:14:34 -0800
Volgograd switched to Moscow time on 2020-12-27 at 02:00.
Correct many pre-1986 transitions, fixing entries originally
derived from Shanks. The fixes include changes to:
Australia, Bahamas, Bermuda, Belize, Ghana, Israel and Palestine,
Kenya and adjacent, Nigeria and adjacent, Seychelles, Vanuatu
Australia/Currie has been moved to the 'backward' file and its
corrected data moved to the 'backzone' file.
To better match legislation in Turks and Caicos, the 2015 shift to
year-round observance of -04 is now modeled as AST throughout before
returning to Eastern Time with US DST in 2018, rather than as
maintaining EDT until 2015-11-01.
* DHCP: For anonymous, just use a generic ClientID
* link: Split hardware address randomisation out of anonymous option
* link: Only report hardware changes for active interfaces
* link: Report errors obtaining recv buffer size on overflow
* hooks: Add NOCARRIER_ROAMING reason
* hooks: interface_order now reflects priorities again
- Support continuing to install to /var/db/pkg if it exists and the
new pkgdb doesn't.
In the future, we can warn about this once we have tested advice that
we can give to users who want to move the location of pkgdb.
- Don't do anything about /var/db/pkg on non-NetBSD-base.
This creates conflicts with other package managers that also install to
/var/db/pkg.
"nat/gdb_ptrace.h" defines PT_STEP as 9, if it is not defined. nat-ptrace.c
depends on this; inf_ptrace_target::resume() uses PT_STEP unconditionally
when its ``step'' argument is non-zero. Therefore,
- Add comment that nbsd-nat.c should include <sys/ptrace.h> directly,
instead of "nat/gdb_ptrace.h".
- Add gdb_assert(step == 0) in nbsd_nat_target::resume() ifndef PT_STEP,
before calling inf_ptrace_target::resume().
hid_linux: return FIDO_OK if no devices are found.
hid_osx:
repair communication with U2F tokens, gh#166;
reliability fixes.
fido2-{assert,cred}: new options to explicitly toggle UP, UV.
Support for configurable report lengths.
New API calls:
fido_cbor_info_maxcredcntlst;
fido_cbor_info_maxcredidlen;
fido_cred_aaguid_len;
fido_cred_aaguid_ptr;
fido_dev_get_touch_begin;
fido_dev_get_touch_status.
Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
Allow CTAP messages up to 2048 bytes; gh#171.
Ensure we only list USB devices by default.
Version 1.4.0 (2020-04-15)
hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
Fall back to U2F if the key claims to, but does not support FIDO2.
FIDO2 credential protection (credprot) support.
New API calls:
fido_cbor_info_fwversion;
fido_cred_prot;
fido_cred_set_prot;
fido_dev_set_transport_functions;
fido_set_log_handler.
Support for FreeBSD.
Support for C++.
Support for MSYS.
Fixed EdDSA and RSA self-attestation.
Version 1.3.1 (2020-02-19)
fix zero-ing of le1 and le2 when talking to a U2F device.
dropping sk-libfido2 middleware, please find it in the openssh tree.
- binary compatibility with earmv7{,hf}eb and later, as well as
COMPAT_NETBSD32 on aarch64eb
- unaligned memory access
whereas compatibility with earmv5{,hf}eb and prior is lost.
As we have never released kernel and userland for earmv6{,hf}eb yet,
this does not causes any compatibility problems.
Discussed on port-arm and tech-toolchain.
With the following changes:
* DHCP: If error adding the address in oneshot, exit with failure
* DHCP: Only listen to the address if we successfully added it
* DHCP6: Fix segfault introduced in dhcpcd-9.3.3
* DHCP6: Abort in test mode when an error is returned by server
* options: allow --ia_na=1 and --ia_pd=2 on the command line
* options: Allow duid to take a value
* dhcpcd: Don't create a launcher process if keeping in foreground
* dhcpcd: Add --noconfigure option
* control: Create an unpriv socket for non master mode
* options: Don't log unknown ones when printing pidfile location
Cherry-picked from upstream:
https://git.savannah.gnu.org/gitweb/?p=config.git;a=commit;h=1c4398015583eb77bc043234f5734be055e64bea
Everything except external/apache2/llvm/dist/llvm/cmake/config.guess
is patched, which is under vendor tag and cannot be modified. I expect
that this file is not actually used as we use hand-crafted version of
configure script instead of cmake for building LLVM.
Note that external/apache2/llvm/autoconf/autoconf/config.guess has
already been committed on Oct. 20, but commit message disappeared as
cvs aborted due to "permission denied" when trying to modify the file
mentioned above. Sorry for confusing you.
Also note that GMP uses its own config.guess Patch for
external/lgpl3/gmp/dist/config.guess is provided by ryo@. Thanks!
Move the handling of PG_PAGEOUT from uvm_aio_aiodone_pages() to
uvm_page_unbusy() so that all callers of uvm_page_unbusy() don't need to
handle this flag separately. Split out the pages part of uvm_aio_aiodone()
into uvm_aio_aiodone_pages() in rump just like in the real kernel.
In ZFS functions that can fail to copy data between the ARC and VM pages,
use uvm_aio_aiodone_pages() rather than uvm_page_unbusy() so that we can
handle these "I/O" errors. Fixes PR 55702.
For reproducible builds to work we need to have a consistent command
line (because the command line gets recorded in dwarf). So we can't
do:
-ffile-prefix-map=/joe/random/src=/usr/src
because then /joe/random/src gets recorded. We do instead:
-ffile-prefix-map=\$NETBSDSRCDIR=/usr/src
The patch restores the environment variable parsing that got lost
in the last 2 gcc upgrades.
at least a few pkgsrc packages avoid base sqlite because it fails
this check, and it's probably a surprising performance penalty for
unsuspecting users
