| version 1.64, 2019/05/27 22:55:18 |
version 1.65, 2019/05/31 13:15:31 |
|
|
| <li>Improved hardware support, including: |
<li>Improved hardware support, including: |
| <ul> |
<ul> |
| <li>New <a href="https://man.openbsd.org/vte.4">vte(4)</a> |
<li>New <a href="https://man.openbsd.org/vte.4">vte(4)</a> |
| driver for RDC R6040 10/100 Ethernet devices.</li> |
driver for RDC R6040 10/100 Ethernet devices. |
| <li>New <a href="https://man.openbsd.org/rdcphy.4">rdcphy(4)</a> |
<li>New <a href="https://man.openbsd.org/rdcphy.4">rdcphy(4)</a> |
| driver for RDC Semiconductor R6040 10/100 Ethernet PHY. |
driver for RDC Semiconductor R6040 10/100 Ethernet PHY. |
| <li>New <a href="https://man.openbsd.org/rsu.4">rsu(4)</a> |
<li>New <a href="https://man.openbsd.org/rsu.4">rsu(4)</a> |
|
|
| <li>Generic network stack improvements: |
<li>Generic network stack improvements: |
| <ul> |
<ul> |
| <li>Reworking of the MCLGETI livelock algorithm to improve |
<li>Reworking of the MCLGETI livelock algorithm to improve |
| forwarding and host performance under high network load.</li> |
forwarding and host performance under high network load. |
| <li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> in the next release. |
<li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> in the next release. |
| <li>Added AES-GCM support for IPsec. |
<li>Added AES-GCM support for IPsec. |
| <li>Added automatic send and receive buffer scaling for TCP. |
<li>Added automatic send and receive buffer scaling for TCP. |
|
|
| improvements to IPsec performance under certain conditions. |
improvements to IPsec performance under certain conditions. |
| <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic. |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic. |
| <li>Wake on Lan support has been added to <a href="https://man.openbsd.org/arp.8">arp(8)</a>. |
<li>Wake on Lan support has been added to <a href="https://man.openbsd.org/arp.8">arp(8)</a>. |
| <li>Enabled MPLS and <a href="https://man.openbsd.org/mpe.4">mpe(4)</a> by default on GENERIC kernels.</li> |
<li>Enabled MPLS and <a href="https://man.openbsd.org/mpe.4">mpe(4)</a> by default on GENERIC kernels. |
| <li>Added a mpls option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob.</li> |
<li>Added a mpls option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob. |
| </ul> |
</ul> |
| <p> |
<p> |
| |
|
| <li>OpenBGPD, OpenOSPFD and other routing daemon improvements: |
<li>OpenBGPD, OpenOSPFD and other routing daemon improvements: |
| <ul> |
<ul> |
| <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> handles various message encoding errors more gracefully now.</li> |
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> handles various message encoding errors more gracefully now. |
| <li>Notification messages are now logged in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.</li> |
<li>Notification messages are now logged in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
| <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> will now correctly redistribute overlapping routes.</li> |
<li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> will now correctly redistribute overlapping routes. |
| <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.</li> |
<li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync. |
| <li>Fixed <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented.</li> |
<li>Fixed <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented. |
| <li>Various improvements in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.</li> |
<li>Various improvements in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>. |
| </ul> |
</ul> |
| <p> |
<p> |
| <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> improvements: |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> improvements: |
|
|
| <li>SCSI improvements: |
<li>SCSI improvements: |
| <ul> |
<ul> |
| <li>Improved safety when detaching SCSI devices by waiting for |
<li>Improved safety when detaching SCSI devices by waiting for |
| the completion of pending commands.</li> |
the completion of pending commands. |
| <li>Improved hotplug support on <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> and |
<li>Improved hotplug support on <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> and |
| <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.</li> |
<a href="https://man.openbsd.org/mpii.4">mpii(4)</a>. |
| <li>Continued iopoolification of SCSI drivers, notably on |
<li>Continued iopoolification of SCSI drivers, notably on |
| <a href="https://man.openbsd.org/umass.4">umass(4)</a> which improves the |
<a href="https://man.openbsd.org/umass.4">umass(4)</a> which improves the |
| reliability and performance of multi-LUN devices.</li> |
reliability and performance of multi-LUN devices. |
| <li>Added <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>, a driver for |
<li>Added <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>, a driver for |
| userland handling of SCSI device commands. |
userland handling of SCSI device commands. |
| <li>Added <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>, an iSCSI initiator. |
<li>Added <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>, an iSCSI initiator. |
|
|
| <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH) |
<li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH) |
| and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA |
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA |
| offer better performance than plain DH and DSA at the same |
offer better performance than plain DH and DSA at the same |
| equivalent symmetric key length, as well as much shorter keys.</li> |
equivalent symmetric key length, as well as much shorter keys. |
| <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
| and |
and |
| <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
| add a protocol extension to support a hard link operation. It is |
add a protocol extension to support a hard link operation. It is |
| available through the "ln" command in the client. The old "ln" |
available through the "ln" command in the client. The old "ln" |
| behaviour of creating a symlink is available using its "-s" option |
behaviour of creating a symlink is available using its "-s" option |
| or through the preexisting "symlink" command.</li> |
or through the preexisting "symlink" command. |
| <li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
| Add a new -3 option to scp: Copies between two remote hosts are |
Add a new -3 option to scp: Copies between two remote hosts are |
| transferred through the local host. Without this option the data is |
transferred through the local host. Without this option the data is |
| copied directly between the two remote hosts.</li> |
copied directly between the two remote hosts. |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| automatically order the hostkeys requested by the client based on |
automatically order the hostkeys requested by the client based on |
| which hostkeys are already recorded in known_hosts. This avoids |
which hostkeys are already recorded in known_hosts. This avoids |
| hostkey warnings when connecting to servers with new ECDSA keys, |
hostkey warnings when connecting to servers with new ECDSA keys, |
| since these are now preferred when learning hostkeys for the first |
since these are now preferred when learning hostkeys for the first |
| time.</li> |
time. |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
| and |
and |
| <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values |
add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values |
| instead of hardcoding lowdelay/throughput. (bz#1733)</li> |
instead of hardcoding lowdelay/throughput. (bz#1733) |
| <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
| the sftp client is now significantly faster at performing directory |
the sftp client is now significantly faster at performing directory |
| listings, using OpenBSD glob(3) extensions to preserve the results |
listings, using OpenBSD glob(3) extensions to preserve the results |
| of stat(3) operations performed in the course of its execution |
of stat(3) operations performed in the course of its execution |
| rather than performing expensive round trips to fetch them again |
rather than performing expensive round trips to fetch them again |
| afterwards.</li> |
afterwards. |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| "atomically" create the listening mux socket by binding it on a |
"atomically" create the listening mux socket by binding it on a |
| temporary name and then linking it into position after listen() has |
temporary name and then linking it into position after listen() has |
| succeeded. This allows the mux clients to determine that the server |
succeeded. This allows the mux clients to determine that the server |
| socket is either ready or stale without races. Stale server sockets |
socket is either ready or stale without races. Stale server sockets |
| are now automatically removed. (also fixes bz#1711)</li> |
are now automatically removed. (also fixes bz#1711) |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
| and |
and |
| <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
|
|
| <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
| and |
and |
| <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a> |
| and their order of preference.</li> |
and their order of preference. |
| <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
| and |
and |
| <a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
|
|
| <em>atomicio</em> callback mechanism and use it to add a bandwidth |
<em>atomicio</em> callback mechanism and use it to add a bandwidth |
| limit option to |
limit option to |
| <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. |
| (bz#1147)</li> |
(bz#1147) |
| </ul> |
</ul> |
| <li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
| <ul> |
<ul> |
|
|
| and |
and |
| <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
| honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary |
honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary |
| directories. (bz#1809)</li> |
directories. (bz#1809) |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| avoid <em>NULL</em> deref on receiving a channel request on an |
avoid <em>NULL</em> deref on receiving a channel request on an |
| unknown or invalid channel. (bz#1842)</li> |
unknown or invalid channel. (bz#1842) |
| <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| remove a <em>debug()</em> that pollutes stderr on client connecting |
remove a <em>debug()</em> that pollutes stderr on client connecting |
| to a server in debug mode. (bz#1719)</li> |
to a server in debug mode. (bz#1719) |
| <li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
| pass through ssh command-line flags and options when doing |
pass through ssh command-line flags and options when doing |
| remote-remote transfers, e.g. to enable agent forwarding which is |
remote-remote transfers, e.g. to enable agent forwarding which is |
| particularly useful in this case. (bz#1837)</li> |
particularly useful in this case. (bz#1837) |
| <li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
<li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: |
| <em>umask</em> should be parsed as octal.</li> |
<em>umask</em> should be parsed as octal. |
| <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: |
| escape '[' in filename tab-completion.</li> |
escape '[' in filename tab-completion. |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| Typo in confirmation message. (bz#1827)</li> |
Typo in confirmation message. (bz#1827) |
| <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| prevent <em>free()</em> of string in <em>.rodata</em> when |
prevent <em>free()</em> of string in <em>.rodata</em> when |
| overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li> |
overriding <em>AuthorizedKeys</em> in a <em>Match</em> block. |
| <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "".</li> |
Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "". |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| kill proxy command on <em>fatal()</em> (we already killed it on |
kill proxy command on <em>fatal()</em> (we already killed it on |
| clean exit).</li> |
clean exit). |
| <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| install a <em>SIGCHLD</em> handler to reap expired child process. |
install a <em>SIGCHLD</em> handler to reap expired child process. |
| (bz#1812)</li> |
(bz#1812) |
| <li>Support building against openssl-1.0.0a</li> |
<li>Support building against openssl-1.0.0a |
| <li>Fix vulnerability in legacy certificate signing introduced in |
<li>Fix vulnerability in legacy certificate signing introduced in |
| OpenSSH-5.6 and found by Mateusz Kocielski.</li> |
OpenSSH-5.6 and found by Mateusz Kocielski. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 49.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www