===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/50.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -c -r1.1 -r1.2
*** www/50.html 2011/09/07 03:07:11 1.1
--- www/50.html 2011/10/26 20:55:48 1.2
***************
*** 73,80 ****
! Improvement list coming soon.
--- 73,343 ----
! - Improved hardware support, including:
!
! - MSI interrupts for many devices, on those architectures which can
! support them (amd64, i386, sparc64 only so far).
!
- A new dma_alloc(9) API makes it easier for kernel code to allocate
! dma-safe memory. Many drivers (especially network drivers) and
! subsystems (in particular scsi and the buffer cache) were adapted
! to use this.
!
- As a result, big-memory support has been enabled on all possible
! architectures.
!
- The rather rare bce(4) driver now copies mbufs all the time, to cope
! with the hardware having a 1GB limit.
!
- Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
!
- Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
!
- Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
! systems.
!
- cardbus(4) and pcmcia(4) support on sgi.
!
- Suspend/resume support on Loongson Yeelong laptops.
!
!
+
- Generic network stack improvements:
+
+ - Added support for sending Wake on Lan packets using arp(8).
+
- Permit turning Wake on Lan support on/off using ifconfig(8).
+
- Added Wake on Lan support to xl(4), re(4), and vr(4).
+
- Allow ftp-proxy to proxy across rdomains.
+
- The IPv4 stack will no longer accept ICMP redirects when
+ acting as a router.
+
- By default the IPv6 stack will not process ICMP6 redirects.
+ rtsol(8) will turn it back if -F is used.
+
- Reworked large parts of the dhclient(8) options processing for better
+ interoperability.
+
- Fixed carp(4) to work in IPv6 only setups.
+
- Make it possible to bind(2) to the local network broadcast address
+ on datagram and raw sockets.
+
- The default multicast reject route is now ignored if the UDP socket
+ uses the IP_MULTICAST_IF socket option.
+
- Make gre(4) work between systems in the same LAN.
+
- Removed the link1 mode special addressing mode on lo(4).
+
- Kernel randomization speed and quality improved substantially.
+
+
+
+
- Routing daemons and other userland network improvements:
+
+ - bgpd(8) no longer bumps the rlimits: the rc.d framework respects
+ login classes which is a much better solution.
+
- Correctly set the network filtersets on reload in bgpd(8).
+
- The routing socket is now sending RTM_DESYNC messages if the
+ socketbuffer overflows.
+
- Allow ospfd(8) to send out LS updates and other messages
+ larger than the MTU.
+
- Fixed nexthop calculation in ospfd(8) for directly connected P2P links.
+
- First bits to support opaque LSA in ospfd(8). Only basic redistribute
+ logic and LSDB handling for now.
+
- Creating new interfaces will no longer cause a fatal error in ospf6d(8).
+
- ospf6d(8) handles link-state changes better.
+
- Better loopback handling in ospf6d(8).
+
- No longer install extra multicast routes in ripd(8) and ldpd(8).
+
- Make kqueue(2) work with sosplice(9).
+
- Enabled sosplice(9) in relayd(8) for TCP.
+
- Added support for divert-to which provides some benefits over
+ rdr-to in relayd(8).
+
- Fixed trap sending in snmpd(8).
+
- Make ping6(8) compare minimum amount of bytes between what
+ was received and what was sent out.
+
- Make traceroute(8) with type-of-service setted (-t) display
+ a message if the returned packet has a different tos type.
+
- Added the socket splicing fields of struct socket to netstat -vP output.
+
+
+
+
- pf(4) improvements:
+
+ - Make pf(4) reassemble IPv6 fragments. In the forward case, pf
+ refragments the packets with the same maximum size.
+
- Allow pf(4) to filter on the rdomain a packet belongs to.
+
- Make pf(4) allow userland proxies to establish cross rdomain
+ proxy sessions.
+
- Added IPv6 ACK prioritization in pf(4).
+
- Change 'set skip on <...>' to work with interface groups.
+
- pfsync(4) supports IPv6 as network protocol.
+
- Switched ftp-proxy(8) over to divert-to instead of rdr-to.
+
- tftp-proxy(8) uses 'divert-to' as well.
+
+
+
+
- SCSI improvements:
+
+ - most SCSI hardware drivers now use the new iopools infrastructure.
+
- scsi(4) devices are now all provided with a unique devid, which
+ is displayed during the probe process.
+
- ASC/ASCQ error codes and verbiage now in sync with
+ http://www.t10.org/lists/asc-num.txt.
+
- progress on iSCSI includes better login, better logout, preliminary
+ FSM support in iscsid(8), and improved logging and debug information.
+
- uk(4) can now safely and reliably detach an unknown SCSI device.
+
- mpath(4) device and kernel support is improved.
+
- vscsi(4) now ensures output always goes to the correct connection.
+
- vscsi(4) connections can now be reset gracefully.
+
- scsi(4) devices on fibre channel fabrics no longer inherit the adapter's
+ address.
+
+
+
+
- Assorted improvements:
+
+ - For additional security, security(8) was rewritten in Perl.
+
- Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
+ and supports -Tutf8 output (but no utf8 input yet).
+
- Removed a variety of OS-compat emulation code, leaving just the Linux
+ support.
+
- Small improvements to Linux compat (only available on i386).
+
- Improved our own pkg-config(1) implementation with extended comparison
+ scheme and implementing various new options.
+
- The math library, libm, was fully fleshed out to support all C99 required
+ parts. Many bugs for various architectures were fixed along the way.
+
- malloc(3) is a lot faster and has a few further security features (more
+ randomization, as well as the 'S' flag to enable all paranoia checks).
+
- 'make depend' is no longer neccessary in kernel compilation directories
+ since the dependencies are calculated automatically.
+
- Increased the default size of the buffer cache.
+
- kqueue(2) now works on /dev/random and spliced sockets
+
- On MBR-based disks, scan through up to 256 extended partition tables
+ when looking for an OpenBSD partition table.
+
- Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
+ O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
+
- Improved lint format string checks and added a few other checks.
+
- kdump(8) now dumps stat and sockaddr structures, sysctl mib
+ strings, and decodes syscall flags and operation bits.
+
- Improved kernel pool debug checking.
+
- Improved correctness of signals and various syscalls when rthreads
+ are in use.
+
- Kernel malloc(9) space and stacks moved to non-dma memory.
+
- Fixed some shutdown/reboot hangs on NFS clients.
+
- UNIX-domain socket paths are now guaranteed to be NUL-terminated.
+
- Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
+
- NULL is now a (void *).
+
+
+
+
- Install/Upgrade process changes:
+
+ - Completed support for DUID disk installs, and enabled it fully.
+
- Tried to make sysmerge(8) work in the installer, but ran into small
+ problems and decided to disable it.
+
- Install non-free firmwares from the internet upon first boot, based on a
+ question in the installer.
+
- svnd(4)-like behaviour became the default for vnd(4) devices. This is
+ what is used to build the media.
+
+
+
+
- rc.d(8) framework improvements:
+
+ - rc.d(8) is now also used the base system daemons.
+
- Backward compatible with the historic way of starting daemons.
+
- Notify the user by appending (ok) or (failed) in interactive mode.
+
- Better diagnostics with the introduction of RC_DEBUG.
+
+
+
+
- OpenSSH 6.0:
+
+ - New features:
+
+ - Allow cancellation of port forwardings via the multiplexing socket
+ (e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host")
+
- Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*")
+
- A new "ssh-add -k" option to load only plain keys and not
+ certificates into the agent.
+
- ssh-add now supports loading keys from stdin ("program | ssh-add -")
+
- Allow graceful shutdown of the multiplexing socket (stop listening,
+ but don't interrupt existing connections), using "ssh -O stop".
+
- "ssh-keygen -A" will now automatically generate host keys of every
+ supported type
+
- Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and
+ AuthorizedKeysFile2 options. Instead, the corresponding
+ GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile
+ options now all accept multiple arguments.
+
- Add a RequestTTY option to ssh(1) to allow control over TTY
+ requests similar to the -t/-tt/-T commandline options.
+
- ssh_config(5) now supports negated host matching. E.g.
+ "Host *.example.org !c.example.org" will match "a.example.org",
+ "b.example.org", but not "c.example.org"
+
- Add experimental systrace(4) sandboxing of pre-auth sshd(8),
+ enabled using "UsePrivilegeSeparation=sandbox".
+
- Add new SHA-2 based HMAC modes for the SSH transport layer from
+ http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+
+ - The following significant bugs have been fixed in this release:
+
+ - Fix hostbased authentication for hosts using ECDSA keys.
+
- Fix corruption of file information in sftp(1)'s ls display.
+
- Fix remote portforwarding with dynamically allocated listen ports.
+
+
+
+
+
- Over 7,200 ports, major robustness and speed improvements in package tools.
+
- Many pre-built packages for each architecture:
+
+
+
+
+ - i386: 7008
+
- sparc64: 6456
+
- alpha: 6046
+
|
+ - sh: 3721
+
- amd64: 6960
+
- powerpc: 6691
+
|
+ - sparc: 3277
+
- arm: 2963
+
- hppa: 6125
+
|
+ - vax: 1409
+
- mips64: 5689
+
- mips64el: 5709
+
|
+
+
+
- Some highlights:
+
+ - Gnome 2.32.2
- KDE 3.5.10
+
- Xfce 4.8.0
- MySQL 5.1.54
+
- PostgreSQL 9.0.5
- Postfix 2.8.4
+
- OpenLDAP 2.3.43 and 2.4.25
- Mozilla Firefox 3.5.19, 3.6.18 and 5.0
+
- Mozilla Thunderbird 5.0
- GHC 7.0.4
+
- LibreOffice 3.4.1.3
- Emacs 21.4, 22.3 and 23.3
+
- Vim 7.3.154
- PHP 5.2.17 and 5.3.6
+
- Python 2.4.6, 2.5.4 and 2.7.1
- Ruby 1.8.7.352 and 1.9.2.200
+
- Mono 2.10.2
- Chromium 12.0.742.122
+
- Groff 1.21
+
+
+
+
- As usual, steady improvements in manual pages and other documentation.
+
- Base system and Xenocara manuals are now installed as source code,
+ making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
+
- If both formatted and source versions of manuals are installed,
+ man(1) automatically displays the newer version of each page.
+
+ - The system includes the following major components from outside suppliers:
+
- Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
+ freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
+ xkeyboard-config 2.3 and more)
+
- Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
+
- Perl 5.12.2 (+ patches)
+
- Our improved and secured version of Apache 1.3, with
+ SSL/TLS and DSO support
+
- OpenSSL 1.0.0a (+ patches)
+
- Sendmail 8.14.5, with libmilter
+
- Bind 9.4.2-P2 (+ patches)
+
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
+
- Sudo 1.7.2p8
+
- Ncurses 5.7
+
- Heimdal 0.7.2 (+ patches)
+
- Arla 0.35.7
+
- Binutils 2.15 (+ patches)
+
- Gdb 6.3 (+ patches)
+
+
***************
*** 462,468 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 50.html,v 1.1 2011/09/07 03:07:11 deraadt Exp $