version 1.69, 2007/03/09 23:08:51 |
version 1.70, 2007/03/09 23:12:23 |
|
|
<li>New tools: |
<li>New tools: |
<ul> |
<ul> |
<li>BSD-licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg-config&sektion=1">pkg-config(1)</a>, a complete rewrite of the GNU tool of |
<li>BSD-licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg-config&sektion=1">pkg-config(1)</a>, a complete rewrite of the GNU tool of |
the same name. |
the same name, significantly smaller and more maintainable. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hoststated&sektion=8">hoststated(8)</a>, a layer 3 and layer 7 server load balancing daemon with host monitoring capacities. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hoststated&sektion=8">hoststated(8)</a>, a layer 3 and layer 7 server load balancing daemon with host monitoring capacities. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgplg&sektion=8">bgplg(8)</a>, a CGI looking glass for OpenBGPD, is now available for use with the system httpd. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgplg&sektion=8">bgplg(8)</a>, a CGI looking glass for OpenBGPD, is now available for use with the system httpd. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgplgsh&sektion=8">bgplgsh(8)</a>, a looking glass shell for OpenBGPD, is now avalilable for use as a restricted read-only command line interface. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgplgsh&sektion=8">bgplgsh(8)</a>, a looking glass shell for OpenBGPD, is now avalilable for use as a restricted read-only command line interface. |
|
|
<ul> |
<ul> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> |
can now pipe logs directly to other programs, making real-time log analysis easier. |
can now pipe logs directly to other programs, making real-time log analysis easier. |
<li>the IP_RECVTTL |
<li>The IP_RECVTTL |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ip&sektion=4">ip(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ip&sektion=4">ip(4)</a> |
socket option allows programs to receive the incoming ttl on raw and udp sockets. |
socket option allows programs to receive the incoming ttl on raw and udp sockets. |
<li>the IP_MINTTL |
<li>The IP_MINTTL |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ip&sektion=4">ip(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ip&sektion=4">ip(4)</a> |
socket option allows programs to ask the kernel to discard any packets with a ttl |
socket option allows programs to ask the kernel to discard any packets with a ttl |
smaller than the given one, for implementing the IP TTL security hack aka the Generalized |
smaller than the given one, for implementing the IP TTL security hack aka the Generalized |
TTL Security Mechanism specified in RFC 3682. |
TTL Security Mechanism specified in RFC 3682. |
<li>multiple, independent routing tables, with |
<li>Multiple, independent routing tables, with |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
acting as selector. |
acting as selector. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> |
can be told which table to work with now, and routing daemons have been modified to |
can be told which table to work with now, and routing daemons have been modified to |
cope as well. |
cope as well. |
<li>the |
<li>The |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> |
interface is now clonable. |
interface is now clonable. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
|
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a> and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a> and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamlogd&sektion=8">spamlogd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamlogd&sektion=8">spamlogd(8)</a> |
can now be told which pflog interface to work with. |
can now be told which pflog interface to work with. |
<li>the |
<li>The |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> |
interface is now clonable as well, thus only there when actually needed. |
interface is now clonable as well, thus only there when actually needed. |
<li> |
<li> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> |
can now expire table entries. |
can now expire table entries. |
<li>allow |
<li>Allow |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
rules inside anchors to have their counters reset, and make counter read & reset an |
rules inside anchors to have their counters reset, and make counter read |
atomic operation. |
& reset an atomic operation. |
<li> |
<li> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> |
dampens status changes now, thus not alerting for a single wrong sensor read, since many |
dampens status changes now, thus not alerting for a single wrong sensor read, since many |
|
|
|
|
<li>Install/Upgrade process changes |
<li>Install/Upgrade process changes |
<ul> |
<ul> |
<li>more reliable detection of disk and cd devices |
<li>More reliable detection of disk and cd devices. |
<li>more reliable installation from MSDOS FAT partitions |
<li>More reliable installation from MSDOS FAT partitions. |
<li>new sanity check in case sets for the wrong architecture are selected |
<li>New sanity check in case sets for the wrong architecture are selected. |
<li>no need to specify the filesystem types of source partitions during disk |
<li>No need to specify the filesystem types of source partitions during disk |
or cd installs |
or cd installs. |
<li>no need to select a source partition during disk or cd installs when |
<li>No need to select a source partition during disk or cd installs when |
there is only one to choose from |
there is only one to choose from. |
|
<li>Use filesystem info in disklabel to automatically mount disk partition. |
|
<li>When using disk as a source for sets automatically mount the 'c' partition |
|
if it has a filesystem type, or any partition if it is the only one with |
|
a filesystem type. |
|
<li>Provide an extra sanity check by looking for INSTALL.xxx in the set source, |
|
and asking for confirmation if it is missing. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>OpenSSH 4.6: |
|
<ul> |
|
<li>... |
|
</ul> |
|
<p> |
|
|
|
<li>OpenBGPD 4.1: |
<li>OpenBGPD 4.1: |
<ul> |
<ul> |
<li>fixes for sessions with tcp md5sig and ipsec. now sessions can be migrated from and to any |
<li>Fixes for sessions with tcp md5sig and ipsec. now sessions can be migrated |
form of ipsec and tcpmd5 with just a simple <em>bgpctl reload</em>, and the session migrates |
from and to any form of ipsec and tcpmd5 with just a simple |
the next time it gets established. |
<em>bgpctl reload</em>, and the session migrates the next time it gets |
<li>include file support in the config parser |
established. |
<li>bgpd can use the new IP_MINTTL socket option to implement the ttl security mechanism |
<li>Include file support in the config parser. |
|
<li>Can now use the new IP_MINTTL socket option to implement the ttl security |
|
mechanism. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>OpenOSPFD 4.1: |
|
<ul> |
|
<li>... |
|
</ul> |
|
<p> |
|
|
|
<li>OpenDVMRPD 4.1: |
|
<ul> |
|
<li>use filesystem info in disklabel to automatically mount disk partition |
|
<li>when using disk as a source for sets automatically mount the 'c' partition if it has a filesystem type, or any partition if it is the only one with a filesystem type |
|
<li>provide an extra sanity check by looking for INSTALL.xxx in the set source, and asking for confirmation if it is missing |
|
</ul> |
|
<p> |
|
|
|
<li>OpenRIPD 4.1: |
|
<ul> |
|
<li>... |
|
</ul> |
|
<p> |
|
|
|
<li>OpenNTPD 4.1: |
<li>OpenNTPD 4.1: |
<ul> |
<ul> |
<li>greatly improved support for timedelta sensors |
<li>Greatly improved support for timedelta sensors. |
<li>ntpd now uses a strictly monotonically increasing time (uptime, basically) for its internal |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd</a> |
timers, so setting the system clock doesn't influence query rates, trust levels, etc. any more. |
now uses a strictly monotonically increasing time (uptime, basically) |
|
for its internal timers, so setting the system clock doesn't influence |
|
query rates, trust levels, etc. any more. |
</ul> |
</ul> |
<p> |
<p> |
|
|