version 1.64, 2019/05/27 22:55:18 |
version 1.65, 2019/05/31 13:15:31 |
|
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/vte.4">vte(4)</a> |
<li>New <a href="https://man.openbsd.org/vte.4">vte(4)</a> |
driver for RDC R6040 10/100 Ethernet devices.</li> |
driver for RDC R6040 10/100 Ethernet devices. |
<li>New <a href="https://man.openbsd.org/rdcphy.4">rdcphy(4)</a> |
<li>New <a href="https://man.openbsd.org/rdcphy.4">rdcphy(4)</a> |
driver for RDC Semiconductor R6040 10/100 Ethernet PHY. |
driver for RDC Semiconductor R6040 10/100 Ethernet PHY. |
<li>New <a href="https://man.openbsd.org/rsu.4">rsu(4)</a> |
<li>New <a href="https://man.openbsd.org/rsu.4">rsu(4)</a> |
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li>Reworking of the MCLGETI livelock algorithm to improve |
<li>Reworking of the MCLGETI livelock algorithm to improve |
forwarding and host performance under high network load.</li> |
forwarding and host performance under high network load. |
<li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> in the next release. |
<li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> in the next release. |
<li>Added AES-GCM support for IPsec. |
<li>Added AES-GCM support for IPsec. |
<li>Added automatic send and receive buffer scaling for TCP. |
<li>Added automatic send and receive buffer scaling for TCP. |
|
|
improvements to IPsec performance under certain conditions. |
improvements to IPsec performance under certain conditions. |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic. |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic. |
<li>Wake on Lan support has been added to <a href="https://man.openbsd.org/arp.8">arp(8)</a>. |
<li>Wake on Lan support has been added to <a href="https://man.openbsd.org/arp.8">arp(8)</a>. |
<li>Enabled MPLS and <a href="https://man.openbsd.org/mpe.4">mpe(4)</a> by default on GENERIC kernels.</li> |
<li>Enabled MPLS and <a href="https://man.openbsd.org/mpe.4">mpe(4)</a> by default on GENERIC kernels. |
<li>Added a mpls option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob.</li> |
<li>Added a mpls option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>OpenBGPD, OpenOSPFD and other routing daemon improvements: |
<li>OpenBGPD, OpenOSPFD and other routing daemon improvements: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> handles various message encoding errors more gracefully now.</li> |
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> handles various message encoding errors more gracefully now. |
<li>Notification messages are now logged in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.</li> |
<li>Notification messages are now logged in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
<li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> will now correctly redistribute overlapping routes.</li> |
<li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> will now correctly redistribute overlapping routes. |
<li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.</li> |
<li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync. |
<li>Fixed <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented.</li> |
<li>Fixed <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented. |
<li>Various improvements in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.</li> |
<li>Various improvements in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>. |
</ul> |
</ul> |
<p> |
<p> |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> improvements: |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> improvements: |
|
|
<li>SCSI improvements: |
<li>SCSI improvements: |
<ul> |
<ul> |
<li>Improved safety when detaching SCSI devices by waiting for |
<li>Improved safety when detaching SCSI devices by waiting for |
the completion of pending commands.</li> |
the completion of pending commands. |
<li>Improved hotplug support on <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> and |
<li>Improved hotplug support on <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> and |
<a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.</li> |
<a href="https://man.openbsd.org/mpii.4">mpii(4)</a>. |
<li>Continued iopoolification of SCSI drivers, notably on |
<li>Continued iopoolification of SCSI drivers, notably on |
<a href="https://man.openbsd.org/umass.4">umass(4)</a> which improves the |
<a href="https://man.openbsd.org/umass.4">umass(4)</a> which improves the |
reliability and performance of multi-LUN devices.</li> |
reliability and performance of multi-LUN devices. |
<li>Added <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>, a driver for |
<li>Added <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>, a driver for |
userland handling of SCSI device commands. |
userland handling of SCSI device commands. |
<li>Added <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>, an iSCSI initiator. |
<li>Added <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>, an iSCSI initiator. |
|
|
<li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH) |
<li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH) |
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA |
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA |
offer better performance than plain DH and DSA at the same |
offer better performance than plain DH and DSA at the same |
equivalent symmetric key length, as well as much shorter keys.</li> |
equivalent symmetric key length, as well as much shorter keys. |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
and |
and |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
add a protocol extension to support a hard link operation. It is |
add a protocol extension to support a hard link operation. It is |
available through the "ln" command in the client. The old "ln" |
available through the "ln" command in the client. The old "ln" |
behaviour of creating a symlink is available using its "-s" option |
behaviour of creating a symlink is available using its "-s" option |
or through the preexisting "symlink" command.</li> |
or through the preexisting "symlink" command. |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
Add a new -3 option to scp: Copies between two remote hosts are |
Add a new -3 option to scp: Copies between two remote hosts are |
transferred through the local host. Without this option the data is |
transferred through the local host. Without this option the data is |
copied directly between the two remote hosts.</li> |
copied directly between the two remote hosts. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
automatically order the hostkeys requested by the client based on |
automatically order the hostkeys requested by the client based on |
which hostkeys are already recorded in known_hosts. This avoids |
which hostkeys are already recorded in known_hosts. This avoids |
hostkey warnings when connecting to servers with new ECDSA keys, |
hostkey warnings when connecting to servers with new ECDSA keys, |
since these are now preferred when learning hostkeys for the first |
since these are now preferred when learning hostkeys for the first |
time.</li> |
time. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
and |
and |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values |
add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values |
instead of hardcoding lowdelay/throughput. (bz#1733)</li> |
instead of hardcoding lowdelay/throughput. (bz#1733) |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
the sftp client is now significantly faster at performing directory |
the sftp client is now significantly faster at performing directory |
listings, using OpenBSD glob(3) extensions to preserve the results |
listings, using OpenBSD glob(3) extensions to preserve the results |
of stat(3) operations performed in the course of its execution |
of stat(3) operations performed in the course of its execution |
rather than performing expensive round trips to fetch them again |
rather than performing expensive round trips to fetch them again |
afterwards.</li> |
afterwards. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
"atomically" create the listening mux socket by binding it on a |
"atomically" create the listening mux socket by binding it on a |
temporary name and then linking it into position after listen() has |
temporary name and then linking it into position after listen() has |
succeeded. This allows the mux clients to determine that the server |
succeeded. This allows the mux clients to determine that the server |
socket is either ready or stale without races. Stale server sockets |
socket is either ready or stale without races. Stale server sockets |
are now automatically removed. (also fixes bz#1711)</li> |
are now automatically removed. (also fixes bz#1711) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
and |
and |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
|
|
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
and |
and |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a> |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a> |
and their order of preference.</li> |
and their order of preference. |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
and |
and |
<a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
|
|
<em>atomicio</em> callback mechanism and use it to add a bandwidth |
<em>atomicio</em> callback mechanism and use it to add a bandwidth |
limit option to |
limit option to |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. |
(bz#1147)</li> |
(bz#1147) |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
|
|
and |
and |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary |
honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary |
directories. (bz#1809)</li> |
directories. (bz#1809) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
avoid <em>NULL</em> deref on receiving a channel request on an |
avoid <em>NULL</em> deref on receiving a channel request on an |
unknown or invalid channel. (bz#1842)</li> |
unknown or invalid channel. (bz#1842) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
remove a <em>debug()</em> that pollutes stderr on client connecting |
remove a <em>debug()</em> that pollutes stderr on client connecting |
to a server in debug mode. (bz#1719)</li> |
to a server in debug mode. (bz#1719) |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
pass through ssh command-line flags and options when doing |
pass through ssh command-line flags and options when doing |
remote-remote transfers, e.g. to enable agent forwarding which is |
remote-remote transfers, e.g. to enable agent forwarding which is |
particularly useful in this case. (bz#1837)</li> |
particularly useful in this case. (bz#1837) |
<li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
<li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
<em>umask</em> should be parsed as octal.</li> |
<em>umask</em> should be parsed as octal. |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
escape '[' in filename tab-completion.</li> |
escape '[' in filename tab-completion. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Typo in confirmation message. (bz#1827)</li> |
Typo in confirmation message. (bz#1827) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
prevent <em>free()</em> of string in <em>.rodata</em> when |
prevent <em>free()</em> of string in <em>.rodata</em> when |
overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li> |
overriding <em>AuthorizedKeys</em> in a <em>Match</em> block. |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "".</li> |
Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "". |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
kill proxy command on <em>fatal()</em> (we already killed it on |
kill proxy command on <em>fatal()</em> (we already killed it on |
clean exit).</li> |
clean exit). |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
install a <em>SIGCHLD</em> handler to reap expired child process. |
install a <em>SIGCHLD</em> handler to reap expired child process. |
(bz#1812)</li> |
(bz#1812) |
<li>Support building against openssl-1.0.0a</li> |
<li>Support building against openssl-1.0.0a |
<li>Fix vulnerability in legacy certificate signing introduced in |
<li>Fix vulnerability in legacy certificate signing introduced in |
OpenSSH-5.6 and found by Mateusz Kocielski.</li> |
OpenSSH-5.6 and found by Mateusz Kocielski. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |