=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/53.html,v retrieving revision 1.48 retrieving revision 1.49 diff -c -r1.48 -r1.49 *** www/53.html 2013/02/27 13:34:35 1.48 --- www/53.html 2013/02/28 13:36:44 1.49 *************** *** 137,143 ****
  • A stratum can now be assigned to hardware sensors in ntpd(8).
  • authpf(8) now supports the use of per-group rules files.
  • ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". !

    --- 137,145 ----

  • A stratum can now be assigned to hardware sensors in ntpd(8).
  • authpf(8) now supports the use of per-group rules files.
  • ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". !
  • relayd(8) has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays). !
  • The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time). !
  • iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in draft-gont-opsec-vpn-leakages.

    *************** *** 148,154 ****

  • HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
  • INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
  • resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. !
  • inteface hardware address changes are detected and cause dhclient to restart.
  • dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
  • '-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
  • rejected offers no longer prevent dhclient from trying recorded leases and going daemon. --- 150,156 ----
  • HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
  • INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
  • resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. !
  • interface hardware address changes are detected and cause dhclient to restart.
  • dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
  • '-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
  • rejected offers no longer prevent dhclient from trying recorded leases and going daemon. *************** *** 158,164 ****
  • incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST.
  • resolv.conf.tail read only once, at startup.
  • both OFFER and ACK packets that lack required options are rejected. !
  • file names passed to '-L' and '-l' are contrained to be regular files.
  • bind success reported after binding complete, not when it is started.
  • privileged process daemonizes, eliminating its controlling terminal.
  • STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified. --- 160,166 ----
  • incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST.
  • resolv.conf.tail read only once, at startup.
  • both OFFER and ACK packets that lack required options are rejected. !
  • file names passed to '-L' and '-l' are constrained to be regular files.
  • bind success reported after binding complete, not when it is started.
  • privileged process daemonizes, eliminating its controlling terminal.
  • STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified. *************** *** 166,172 ****
  • leases which would cause routing problems because another interface is already configured with the same subnet are rejected.
  • premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
  • permanent ARP cache entries are no longer deleted during binding. !
  • allow empty lists of option names for 'ignore', 'request', and'require' dhclient.conf directives, so lists can be reset in interface declarations.
  • dhcpd(8) and dhclient recognize the same list of dhcp options.
  • hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
  • hand-rolled date string construction replaced with strftime(3) invocations. --- 168,174 ----
  • leases which would cause routing problems because another interface is already configured with the same subnet are rejected.
  • premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
  • permanent ARP cache entries are no longer deleted during binding. !
  • allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.
  • dhcpd(8) and dhclient recognize the same list of dhcp options.
  • hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
  • hand-rolled date string construction replaced with strftime(3) invocations. *************** *** 190,196 ****
  • smtpctl(8) trace supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more,
  • smtpctl(8) monitor can now be used to monitor in real-time an instance of smtpd(8).
  • smtpctl(8) show queue now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. !
  • virtual domains support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings.
  • new table API replaces the map API: better handling of transient errors, improved performances and a much better interface.
  • the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table.
  • each listener may advertise a different banner hostname. --- 192,198 ----
  • smtpctl(8) trace supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more,
  • smtpctl(8) monitor can now be used to monitor in real-time an instance of smtpd(8).
  • smtpctl(8) show queue now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. !
  • virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings.
  • new table API replaces the map API: better handling of transient errors, improved performances and a much better interface.
  • the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table.
  • each listener may advertise a different banner hostname. *************** *** 199,208 ****
  • incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool.
  • intermediate bounces are now sent at configurable rates.
  • rules can now check for a sender email address or domain. !
  • experimental (yet functionnal) support for aldap and sqlite as table backends. -
  • Improvements:
  • Improvements: