version 1.22, 2016/03/21 05:46:19 |
version 1.23, 2016/03/22 10:54:42 |
|
|
<ul> |
<ul> |
<li>MSI interrupts for many devices, on those architectures which can |
<li>MSI interrupts for many devices, on those architectures which can |
support them (amd64, i386, sparc64 only so far). |
support them (amd64, i386, sparc64 only so far). |
<li>A new <a href="http://man.openbsd.org?query=dma_alloc&sektion=9">dma_alloc(9)</a> API makes it easier for kernel code to allocate |
<li>A new <a href="http://man.openbsd.org/?query=dma_alloc&sektion=9">dma_alloc(9)</a> API makes it easier for kernel code to allocate |
dma-safe memory. Many drivers (especially network drivers) and |
dma-safe memory. Many drivers (especially network drivers) and |
subsystems (in particular scsi and the buffer cache) were adapted |
subsystems (in particular scsi and the buffer cache) were adapted |
to use this. |
to use this. |
<li>As a result, big-memory support has been enabled on all possible |
<li>As a result, big-memory support has been enabled on all possible |
architectures. |
architectures. |
<li>The rather rare <a href="http://man.openbsd.org?query=bce&sektion=4">bce(4)</a> driver now copies mbufs all the time, to cope |
<li>The rather rare <a href="http://man.openbsd.org/?query=bce&sektion=4">bce(4)</a> driver now copies mbufs all the time, to cope |
with the hardware having a 1GB limit. |
with the hardware having a 1GB limit. |
<li>Added <a href="http://man.openbsd.org?query=hds&sektion=4">hds(4)</a>, a driver for Hitachi Modular Storage SCSI devices. |
<li>Added <a href="http://man.openbsd.org/?query=hds&sektion=4">hds(4)</a>, a driver for Hitachi Modular Storage SCSI devices. |
<li>Added <a href="http://man.openbsd.org?query=myx&sektion=4">myx(4)</a>, a driver for the Myricom Myri-10G 10GB Ethernet devices. |
<li>Added <a href="http://man.openbsd.org/?query=myx&sektion=4">myx(4)</a>, a driver for the Myricom Myri-10G 10GB Ethernet devices. |
<li>Added <a href="http://man.openbsd.org?query=dfs&sektion=4&arch=macppc">dfs(4)</a>, a driver for Dynamic Frequency Switching on some macppc |
<li>Added <a href="http://man.openbsd.org/?query=dfs&sektion=4&arch=macppc">dfs(4)</a>, a driver for Dynamic Frequency Switching on some macppc |
systems. |
systems. |
<li><a href="http://man.openbsd.org?query=cardbus&sektion=4">cardbus(4)</a> and <a href="http://man.openbsd.org?query=pcmcia&sektion=4">pcmcia(4)</a> support on sgi. |
<li><a href="http://man.openbsd.org/?query=cardbus&sektion=4">cardbus(4)</a> and <a href="http://man.openbsd.org/?query=pcmcia&sektion=4">pcmcia(4)</a> support on sgi. |
<li>Suspend/resume support on Loongson Yeelong laptops. |
<li>Suspend/resume support on Loongson Yeelong laptops. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li>Added support for sending Wake on Lan packets using <a href="http://man.openbsd.org?query=arp&sektion=8">arp(8)</a>. |
<li>Added support for sending Wake on Lan packets using <a href="http://man.openbsd.org/?query=arp&sektion=8">arp(8)</a>. |
<li>Permit turning Wake on Lan support on/off using <a href="http://man.openbsd.org?query=ifconfig&sektion=8">ifconfig(8)</a>. |
<li>Permit turning Wake on Lan support on/off using <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a>. |
<li>Added Wake on Lan support to <a href="http://man.openbsd.org?query=xl&sektion=4">xl(4)</a>, <a href="http://man.openbsd.org?query=re&sektion=4">re(4)</a>, and <a href="http://man.openbsd.org?query=vr&sektion=4">vr(4)</a>. |
<li>Added Wake on Lan support to <a href="http://man.openbsd.org/?query=xl&sektion=4">xl(4)</a>, <a href="http://man.openbsd.org/?query=re&sektion=4">re(4)</a>, and <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>. |
<li>Allow <a href="http://man.openbsd.org?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> to proxy across rdomains. |
<li>Allow <a href="http://man.openbsd.org/?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> to proxy across rdomains. |
<li>The IPv4 stack will no longer accept ICMP redirects when |
<li>The IPv4 stack will no longer accept ICMP redirects when |
acting as a router. |
acting as a router. |
<li>By default the IPv6 stack will not process ICMP6 redirects. |
<li>By default the IPv6 stack will not process ICMP6 redirects. |
<a href="http://man.openbsd.org?query=rtsol&sektion=8">rtsol(8)</a> will turn it back if -F is used. |
<a href="http://man.openbsd.org/?query=rtsol&sektion=8">rtsol(8)</a> will turn it back if -F is used. |
<li>Reworked large parts of the <a href="http://man.openbsd.org?query=dhclient&sektion=8">dhclient(8)</a> options processing for better |
<li>Reworked large parts of the <a href="http://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> options processing for better |
interoperability. |
interoperability. |
<li>Fixed <a href="http://man.openbsd.org?query=carp&sektion=4">carp(4)</a> to work in IPv6 only setups. |
<li>Fixed <a href="http://man.openbsd.org/?query=carp&sektion=4">carp(4)</a> to work in IPv6 only setups. |
<li>Make it possible to <a href="http://man.openbsd.org?query=bind&sektion=2">bind(2)</a> to the local network broadcast address |
<li>Make it possible to <a href="http://man.openbsd.org/?query=bind&sektion=2">bind(2)</a> to the local network broadcast address |
on datagram and raw sockets. |
on datagram and raw sockets. |
<li>The default multicast reject route is now ignored if the UDP socket |
<li>The default multicast reject route is now ignored if the UDP socket |
uses the IP_MULTICAST_IF socket option. |
uses the IP_MULTICAST_IF socket option. |
<li>Make <a href="http://man.openbsd.org?query=gre&sektion=4">gre(4)</a> work between systems in the same LAN. |
<li>Make <a href="http://man.openbsd.org/?query=gre&sektion=4">gre(4)</a> work between systems in the same LAN. |
<li>Removed the link1 mode special addressing mode on <a href="http://man.openbsd.org?query=lo&sektion=4">lo(4)</a>. |
<li>Removed the link1 mode special addressing mode on <a href="http://man.openbsd.org/?query=lo&sektion=4">lo(4)</a>. |
<li>Kernel randomization speed and quality improved substantially. |
<li>Kernel randomization speed and quality improved substantially. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org?query=bgpd&sektion=8">bgpd(8)</a> no longer bumps the rlimits: the rc.d framework respects |
<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> no longer bumps the rlimits: the rc.d framework respects |
login classes which is a much better solution. |
login classes which is a much better solution. |
<li>Correctly set the network filtersets on reload in <a href="http://man.openbsd.org?query=bgpd&sektion=8">bgpd(8)</a>. |
<li>Correctly set the network filtersets on reload in <a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a>. |
<li>The routing socket is now sending RTM_DESYNC messages if the |
<li>The routing socket is now sending RTM_DESYNC messages if the |
socketbuffer overflows. |
socketbuffer overflows. |
<li>Allow <a href="http://man.openbsd.org?query=ospfd&sektion=8">ospfd(8)</a> to send out LS updates and other messages |
<li>Allow <a href="http://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a> to send out LS updates and other messages |
larger than the MTU. |
larger than the MTU. |
<li>Fixed nexthop calculation in <a href="http://man.openbsd.org?query=ospfd&sektion=8">ospfd(8)</a> for directly connected P2P links. |
<li>Fixed nexthop calculation in <a href="http://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a> for directly connected P2P links. |
<li>First bits to support opaque LSA in <a href="http://man.openbsd.org?query=ospfd&sektion=8">ospfd(8)</a>. Only basic redistribute |
<li>First bits to support opaque LSA in <a href="http://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a>. Only basic redistribute |
logic and LSDB handling for now. |
logic and LSDB handling for now. |
<li>Creating new interfaces will no longer cause a fatal error in <a href="http://man.openbsd.org?query=ospf6d&sektion=8">ospf6d(8)</a>. |
<li>Creating new interfaces will no longer cause a fatal error in <a href="http://man.openbsd.org/?query=ospf6d&sektion=8">ospf6d(8)</a>. |
<li><a href="http://man.openbsd.org?query=ospf6d&sektion=8">ospf6d(8)</a> handles link-state changes better. |
<li><a href="http://man.openbsd.org/?query=ospf6d&sektion=8">ospf6d(8)</a> handles link-state changes better. |
<li>Better loopback handling in <a href="http://man.openbsd.org?query=ospf6d&sektion=8">ospf6d(8)</a>. |
<li>Better loopback handling in <a href="http://man.openbsd.org/?query=ospf6d&sektion=8">ospf6d(8)</a>. |
<li>No longer install extra multicast routes in <a href="http://man.openbsd.org?query=ripd&sektion=8">ripd(8)</a> and <a href="http://man.openbsd.org?query=ldpd&sektion=8">ldpd(8)</a>. |
<li>No longer install extra multicast routes in <a href="http://man.openbsd.org/?query=ripd&sektion=8">ripd(8)</a> and <a href="http://man.openbsd.org/?query=ldpd&sektion=8">ldpd(8)</a>. |
<li>Make <a href="http://man.openbsd.org?query=kqueue&sektion=2">kqueue(2)</a> work with <a href="http://man.openbsd.org?query=sosplice&sektion=9">sosplice(9)</a>. |
<li>Make <a href="http://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> work with <a href="http://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a>. |
<li>Enabled <a href="http://man.openbsd.org?query=sosplice&sektion=9">sosplice(9)</a> in <a href="http://man.openbsd.org?query=relayd&sektion=8">relayd(8)</a> for TCP. |
<li>Enabled <a href="http://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a> in <a href="http://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> for TCP. |
<li>Added support for divert-to which provides some benefits over |
<li>Added support for divert-to which provides some benefits over |
rdr-to in <a href="http://man.openbsd.org?query=relayd&sektion=8">relayd(8)</a>. |
rdr-to in <a href="http://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a>. |
<li>Fixed trap sending in <a href="http://man.openbsd.org?query=snmpd&sektion=8">snmpd(8)</a>. |
<li>Fixed trap sending in <a href="http://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>. |
<li>Make <a href="http://man.openbsd.org?query=ping6&sektion=8">ping6(8)</a> compare minimum amount of bytes between what |
<li>Make <a href="http://man.openbsd.org/?query=ping6&sektion=8">ping6(8)</a> compare minimum amount of bytes between what |
was received and what was sent out. |
was received and what was sent out. |
<li>Make <a href="http://man.openbsd.org?query=traceroute&sektion=8">traceroute(8)</a> with type-of-service setted (-t) display |
<li>Make <a href="http://man.openbsd.org/?query=traceroute&sektion=8">traceroute(8)</a> with type-of-service setted (-t) display |
a message if the returned packet has a different tos type. |
a message if the returned packet has a different tos type. |
<li>Added the socket splicing fields of struct socket to netstat -vP output. |
<li>Added the socket splicing fields of struct socket to netstat -vP output. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> improvements: |
<li><a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements: |
<ul> |
<ul> |
<li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> reassemble IPv6 fragments. In the forward case, pf |
<li>Make <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> reassemble IPv6 fragments. In the forward case, pf |
refragments the packets with the same maximum size. |
refragments the packets with the same maximum size. |
<li>Allow <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> to filter on the rdomain a packet belongs to. |
<li>Allow <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> to filter on the rdomain a packet belongs to. |
<li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> allow userland proxies to establish cross rdomain |
<li>Make <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> allow userland proxies to establish cross rdomain |
proxy sessions. |
proxy sessions. |
<li>Added IPv6 ACK prioritization in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>. |
<li>Added IPv6 ACK prioritization in <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>. |
<li>Change 'set skip on <...>' to work with interface groups. |
<li>Change 'set skip on <...>' to work with interface groups. |
<li><a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a> supports IPv6 as network protocol. |
<li><a href="http://man.openbsd.org/?query=pfsync&sektion=4">pfsync(4)</a> supports IPv6 as network protocol. |
<li>Switched <a href="http://man.openbsd.org?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> over to divert-to instead of rdr-to. |
<li>Switched <a href="http://man.openbsd.org/?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> over to divert-to instead of rdr-to. |
<li><a href="http://man.openbsd.org?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> uses 'divert-to' as well. |
<li><a href="http://man.openbsd.org/?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> uses 'divert-to' as well. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>SCSI improvements: |
<li>SCSI improvements: |
<ul> |
<ul> |
<li>most SCSI hardware drivers now use the new iopools infrastructure. |
<li>most SCSI hardware drivers now use the new iopools infrastructure. |
<li><a href="http://man.openbsd.org?query=sci&sektion=4">scsi(4)</a> devices are now all provided with a unique devid, which |
<li><a href="http://man.openbsd.org/?query=sci&sektion=4">scsi(4)</a> devices are now all provided with a unique devid, which |
is displayed during the probe process. |
is displayed during the probe process. |
<li>ASC/ASCQ error codes and verbiage now in sync with |
<li>ASC/ASCQ error codes and verbiage now in sync with |
http://www.t10.org/lists/asc-num.txt. |
http://www.t10.org/lists/asc-num.txt. |
<li>progress on iSCSI includes better login, better logout, preliminary |
<li>progress on iSCSI includes better login, better logout, preliminary |
FSM support in <a href="http://man.openbsd.org?query=iscsid&sektion=8">iscsid(8)</a>, and improved logging and debug information. |
FSM support in <a href="http://man.openbsd.org/?query=iscsid&sektion=8">iscsid(8)</a>, and improved logging and debug information. |
<li><a href="http://man.openbsd.org?query=uk&sektion=4">uk(4)</a> can now safely and reliably detach an unknown SCSI device. |
<li><a href="http://man.openbsd.org/?query=uk&sektion=4">uk(4)</a> can now safely and reliably detach an unknown SCSI device. |
<li><a href="http://man.openbsd.org?query=mpath&sektion=4">mpath(4)</a> device and kernel support is improved. |
<li><a href="http://man.openbsd.org/?query=mpath&sektion=4">mpath(4)</a> device and kernel support is improved. |
<li><a href="http://man.openbsd.org?query=vscsi&sektion=4">vscsi(4)</a> now ensures output always goes to the correct connection. |
<li><a href="http://man.openbsd.org/?query=vscsi&sektion=4">vscsi(4)</a> now ensures output always goes to the correct connection. |
<li><a href="http://man.openbsd.org?query=vscsi&sektion=4">vscsi(4)</a> connections can now be reset gracefully. |
<li><a href="http://man.openbsd.org/?query=vscsi&sektion=4">vscsi(4)</a> connections can now be reset gracefully. |
<li><a href="http://man.openbsd.org?query=scsi&sektion=4">scsi(4)</a> devices on fibre channel fabrics no longer inherit the adapter's |
<li><a href="http://man.openbsd.org/?query=scsi&sektion=4">scsi(4)</a> devices on fibre channel fabrics no longer inherit the adapter's |
address. |
address. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
<li>For additional security, <a href="http://man.openbsd.org?query=security&sektion=8">security(8)</a> was rewritten in Perl. |
<li>For additional security, <a href="http://man.openbsd.org/?query=security&sektion=8">security(8)</a> was rewritten in Perl. |
<li>Mandoc 1.11.4: Now accepts <a href="http://man.openbsd.org?query=eqn&sektion=7">eqn(7)</a> input (no fancy formatting yet) |
<li>Mandoc 1.11.4: Now accepts <a href="http://man.openbsd.org/?query=eqn&sektion=7">eqn(7)</a> input (no fancy formatting yet) |
and supports -Tutf8 output (but no utf8 input yet). |
and supports -Tutf8 output (but no utf8 input yet). |
<li>Removed a variety of OS-compat emulation code, leaving just the Linux |
<li>Removed a variety of OS-compat emulation code, leaving just the Linux |
support. |
support. |
<li>Small improvements to Linux compat (only available on i386). |
<li>Small improvements to Linux compat (only available on i386). |
<li>Improved our own <a href="http://man.openbsd.org?query=pkg-config&sektion=1">pkg-config(1)</a> implementation with extended comparison |
<li>Improved our own <a href="http://man.openbsd.org/?query=pkg-config&sektion=1">pkg-config(1)</a> implementation with extended comparison |
scheme and implementing various new options. |
scheme and implementing various new options. |
<li>The math library, libm, was fully fleshed out to support all C99 required |
<li>The math library, libm, was fully fleshed out to support all C99 required |
parts. Many bugs for various architectures were fixed along the way. |
parts. Many bugs for various architectures were fixed along the way. |
<li><a href="http://man.openbsd.org?query=malloc&sektion=3">malloc(3)</a> is a lot faster and has a few further security features (more |
<li><a href="http://man.openbsd.org/?query=malloc&sektion=3">malloc(3)</a> is a lot faster and has a few further security features (more |
randomization, as well as the 'S' flag to enable all paranoia checks). |
randomization, as well as the 'S' flag to enable all paranoia checks). |
<li>'make depend' is no longer neccessary in kernel compilation directories |
<li>'make depend' is no longer neccessary in kernel compilation directories |
since the dependencies are calculated automatically. |
since the dependencies are calculated automatically. |
<li>Increased the default size of the buffer cache. |
<li>Increased the default size of the buffer cache. |
<li><a href="http://man.openbsd.org?query=kqueue&sektion=2">kqueue(2)</a> now works on /dev/random and spliced sockets |
<li><a href="http://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> now works on /dev/random and spliced sockets |
<li>On MBR-based disks, scan through up to 256 extended partition tables |
<li>On MBR-based disks, scan through up to 256 extended partition tables |
when looking for an OpenBSD partition table. |
when looking for an OpenBSD partition table. |
<li>Added POSIX 2008 <a href="http://man.openbsd.org?query=fdopendir&sektion=3">fdopendir(3)</a> and <a href="http://man.openbsd.org?query=opennat&sektion=2">openat(2)</a> functions, as well as the |
<li>Added POSIX 2008 <a href="http://man.openbsd.org/?query=fdopendir&sektion=3">fdopendir(3)</a> and <a href="http://man.openbsd.org/?query=opennat&sektion=2">openat(2)</a> functions, as well as the |
O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags. |
O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags. |
<li>Improved lint format string checks and added a few other checks. |
<li>Improved lint format string checks and added a few other checks. |
<li><a href="http://man.openbsd.org?query=kdump&sektion=1">kdump(1)</a> now dumps stat and sockaddr structures, sysctl mib |
<li><a href="http://man.openbsd.org/?query=kdump&sektion=1">kdump(1)</a> now dumps stat and sockaddr structures, sysctl mib |
strings, and decodes syscall flags and operation bits. |
strings, and decodes syscall flags and operation bits. |
<li>Improved kernel pool debug checking. |
<li>Improved kernel pool debug checking. |
<li>Improved correctness of signals and various syscalls when rthreads |
<li>Improved correctness of signals and various syscalls when rthreads |
are in use. |
are in use. |
<li>Kernel <a href="http://man.openbsd.org?query=malloc&sektion=9">malloc(9)</a> space and stacks moved to non-dma memory. |
<li>Kernel <a href="http://man.openbsd.org/?query=malloc&sektion=9">malloc(9)</a> space and stacks moved to non-dma memory. |
<li>Fixed some shutdown/reboot hangs on NFS clients. |
<li>Fixed some shutdown/reboot hangs on NFS clients. |
<li>UNIX-domain socket paths are now guaranteed to be NUL-terminated. |
<li>UNIX-domain socket paths are now guaranteed to be NUL-terminated. |
<li>Added support for <a href="http://man.openbsd.org?query=wprintf&sektion=3">*wprintf(3)</a>, <a href="http://man.openbsd.org?query=wcscasecmp&sektion=3">wcs{,n}casecmp(3)</a>, and <a href="http://man.openbsd.org?query=wcsdup&sektion=3">wcsdup(3)</a>. |
<li>Added support for <a href="http://man.openbsd.org/?query=wprintf&sektion=3">*wprintf(3)</a>, <a href="http://man.openbsd.org/?query=wcscasecmp&sektion=3">wcs{,n}casecmp(3)</a>, and <a href="http://man.openbsd.org/?query=wcsdup&sektion=3">wcsdup(3)</a>. |
<li>NULL is now a (void *). |
<li>NULL is now a (void *). |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Install/Upgrade process changes: |
<li>Install/Upgrade process changes: |
<ul> |
<ul> |
<li>Completed support for DUID disk installs, and enabled it fully. |
<li>Completed support for DUID disk installs, and enabled it fully. |
<li>Tried to make <a href="http://man.openbsd.org?query=sysmerge&sektion=8">sysmerge(8)</a> work in the installer, but ran into small |
<li>Tried to make <a href="http://man.openbsd.org/?query=sysmerge&sektion=8">sysmerge(8)</a> work in the installer, but ran into small |
problems and decided to disable it. |
problems and decided to disable it. |
<li>Install non-free firmwares from the internet upon first boot, based on a |
<li>Install non-free firmwares from the internet upon first boot, based on a |
question in the installer. |
question in the installer. |
<li><a href="http://man.openbsd.org?query=svnd&sektion=4">svnd(4)</a>-like behaviour became the default for <a href="http://man.openbsd.org?query=vnd&sektion=4">vnd(4)</a> devices. This is |
<li><a href="http://man.openbsd.org/?query=svnd&sektion=4">svnd(4)</a>-like behaviour became the default for <a href="http://man.openbsd.org/?query=vnd&sektion=4">vnd(4)</a> devices. This is |
what is used to build the media. |
what is used to build the media. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li><a href="http://man.openbsd.org?query=rc.d&sektion=8">rc.d(8)</a> framework improvements: |
<li><a href="http://man.openbsd.org/?query=rc.d&sektion=8">rc.d(8)</a> framework improvements: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org?query=rc.d&sektion=8">rc.d(8)</a> is now also used for the base system daemons. |
<li><a href="http://man.openbsd.org/?query=rc.d&sektion=8">rc.d(8)</a> is now also used for the base system daemons. |
<li>Backward compatible with the historic way of starting daemons. |
<li>Backward compatible with the historic way of starting daemons. |
<li>Notify the user by appending (ok) or (failed) in interactive mode. |
<li>Notify the user by appending (ok) or (failed) in interactive mode. |
<li>Better diagnostics with the introduction of RC_DEBUG. |
<li>Better diagnostics with the introduction of RC_DEBUG. |
|
|
<li>New features: |
<li>New features: |
<ul> |
<ul> |
<li>Introduce sandboxing of the pre-auth privsep child using an optional |
<li>Introduce sandboxing of the pre-auth privsep child using an optional |
<a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
"UsePrivilegeSeparation=sandbox" mode that enables mandatory |
"UsePrivilegeSeparation=sandbox" mode that enables mandatory |
restrictions on the syscalls the privsep child can perform. |
restrictions on the syscalls the privsep child can perform. |
<li>Add new SHA256-based HMAC transport integrity modes from |
<li>Add new SHA256-based HMAC transport integrity modes from |
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt |
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt |
These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, |
These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, |
and hmac-sha2-512-96, and are available by default in |
and hmac-sha2-512-96, and are available by default in |
<a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> |
<a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
and |
and |
<a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>. |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>. |
<li>The pre-authentication |
<li>The pre-authentication |
<a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a> |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
privilege separation slave process now logs via a socket shared with |
privilege separation slave process now logs via a socket shared with |
the master process, avoiding the need to maintain /dev/log inside the |
the master process, avoiding the need to maintain /dev/log inside the |
chroot. |
chroot. |
<li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
now warns when a server refuses X11 forwarding. |
now warns when a server refuses X11 forwarding. |
<li><a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
<li><a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
AuthorizedKeysFile now accepts multiple paths, separated by whitespace. |
AuthorizedKeysFile now accepts multiple paths, separated by whitespace. |
The undocumented AuthorizedKeysFile2 option is deprecated (though the |
The undocumented AuthorizedKeysFile2 option is deprecated (though the |
default for AuthorizedKeysFile includes .ssh/authorized_keys2). |
default for AuthorizedKeysFile includes .ssh/authorized_keys2). |
<li><a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>: |
similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by |
similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by |
making UserKnownHostsFile and GlobalKnownHostsFile accept multiple |
making UserKnownHostsFile and GlobalKnownHostsFile accept multiple |
options and default to include known_hosts2. |
options and default to include known_hosts2. |
<li><a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
<li><a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
ControlPath option now expands %L to the host portion of the |
ControlPath option now expands %L to the host portion of the |
destination host name. |
destination host name. |
<li><a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a> |
<li><a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
"Host" options now support negated Host matching. |
"Host" options now support negated Host matching. |
<li><a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>: |
a new RequestTTY option provides control over when a TTY is requested |
a new RequestTTY option provides control over when a TTY is requested |
for a connection, similar to the existing -t/-tt/-T |
for a connection, similar to the existing -t/-tt/-T |
<a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> |
<a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
commandline options. |
commandline options. |
<li><a href="http://man.openbsd.org?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for |
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for |
which host keys do not exist, generate the host keys with the default |
which host keys do not exist, generate the host keys with the default |
key file path, an empty passphrase, default bits for the key type, and |
key file path, an empty passphrase, default bits for the key type, and |
default comment. This is useful for system initialisation scripts. |
default comment. This is useful for system initialisation scripts. |
<li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
Allow graceful shutdown of multiplexing: request that a mux server |
Allow graceful shutdown of multiplexing: request that a mux server |
removes its listener socket and refuse future multiplexing requests but |
removes its listener socket and refuse future multiplexing requests but |
don't kill existing connections. This may be requested using |
don't kill existing connections. This may be requested using |
"ssh -O stop ...". |
"ssh -O stop ...". |
<li><a href="http://man.openbsd.org?query=ssh-add&sektion=1">ssh-add(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>: |
now accepts keys piped from standard input. |
now accepts keys piped from standard input. |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
<li>Retain key comments when loading v.2 keys. These will be visible in |
<li>Retain key comments when loading v.2 keys. These will be visible in |
"ssh-add -l" and other places. (bz#439) |
"ssh-add -l" and other places. (bz#439) |
<li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
and |
and |
<a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855) |
set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855) |
<li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
allow GSSAPI authentication to detect when a server-side failure causes |
allow GSSAPI authentication to detect when a server-side failure causes |
authentication failure and don't count such failures against |
authentication failure and don't count such failures against |
MaxAuthTries. (bz#1244) |
MaxAuthTries. (bz#1244) |
<li><a href="http://man.openbsd.org?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>: |
now signs hostbased authentication challenges correctly using ECDSA |
now signs hostbased authentication challenges correctly using ECDSA |
keys. (bz#1858) |
keys. (bz#1858) |
<li><a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a>: |
<li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>: |
document that sftp accepts square brackets to delimit addresses |
document that sftp accepts square brackets to delimit addresses |
(useful for IPv6). (bz#1847a) |
(useful for IPv6). (bz#1847a) |
<li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
when using session multiplexing, the master process will change its |
when using session multiplexing, the master process will change its |
process title to reflect the control path in use and when a |
process title to reflect the control path in use and when a |
ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911) |
ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911) |
|
|
|
|
<li>As usual, steady improvements in manual pages and other documentation. |
<li>As usual, steady improvements in manual pages and other documentation. |
<li>Base system and Xenocara manuals are now installed as source code, |
<li>Base system and Xenocara manuals are now installed as source code, |
making <a href="http://man.openbsd.org?query=grep&sektion=1">grep(1)</a> more useful in /usr/share/man/ and /usr/X11R6/man/. |
making <a href="http://man.openbsd.org/?query=grep&sektion=1">grep(1)</a> more useful in /usr/share/man/ and /usr/X11R6/man/. |
<li>If both formatted and source versions of manuals are installed, |
<li>If both formatted and source versions of manuals are installed, |
<a href="http://man.openbsd.org?query=man&sektion=1">man(1)</a> automatically displays the newer version of each page. |
<a href="http://man.openbsd.org/?query=man&sektion=1">man(1)</a> automatically displays the newer version of each page. |
|
|
- The system includes the following major components from outside suppliers: |
- The system includes the following major components from outside suppliers: |
<li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, |
<li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, |
|
|
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
at <i>CD1:5.0/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
at <i>CD1:5.0/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
use the |
use the |
<a href="http://man.openbsd.org?query=dd&sektion=1">dd(1)</a> |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> |
utility. The following is an example usage of |
utility. The following is an example usage of |
<a href="http://man.openbsd.org?query=dd&sektion=1">dd(1)</a>, |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, |
where the device could be "floppy", "rfd0c", or |
where the device could be "floppy", "rfd0c", or |
"rfd0a". |
"rfd0a". |
|
|
|
|
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
<a href="http://man.openbsd.org?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386"> |
<a href="http://man.openbsd.org/?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386"> |
cvs(1)</a> if |
cvs(1)</a> if |
you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
source tree, our ports tree is available via anoncvs. So, in |
source tree, our ports tree is available via anoncvs. So, in |