version 1.48, 2013/02/27 13:34:35 |
version 1.49, 2013/02/28 13:36:44 |
|
|
<li>A stratum can now be assigned to hardware sensors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a>. |
<li>A stratum can now be assigned to hardware sensors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". |
<!-- relayd, iked --> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a> has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays). |
|
<li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iked&sektion=8">iked(8)</a> IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time). |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iked&sektion=8">iked(8)</a> blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in <a href="http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages">draft-gont-opsec-vpn-leakages</a>. |
</ul> |
</ul> |
<p> |
<p> |
|
|
|
|
<li>HUP signals cause dhclient to restart; making it re-read the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease. |
<li>HUP signals cause dhclient to restart; making it re-read the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease. |
<li>INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured. |
<li>INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. |
<li>inteface hardware address changes are detected and cause dhclient to restart. |
<li>interface hardware address changes are detected and cause dhclient to restart. |
<li>dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server. |
<li>dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server. |
<li>'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease. |
<li>'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease. |
<li>rejected offers no longer prevent dhclient from trying recorded leases and going daemon. |
<li>rejected offers no longer prevent dhclient from trying recorded leases and going daemon. |
|
|
<li>incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST. |
<li>incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST. |
<li>resolv.conf.tail read only once, at startup. |
<li>resolv.conf.tail read only once, at startup. |
<li>both OFFER and ACK packets that lack required options are rejected. |
<li>both OFFER and ACK packets that lack required options are rejected. |
<li>file names passed to '-L' and '-l' are contrained to be regular files. |
<li>file names passed to '-L' and '-l' are constrained to be regular files. |
<li>bind success reported after binding complete, not when it is started. |
<li>bind success reported after binding complete, not when it is started. |
<li>privileged process daemonizes, eliminating its controlling terminal. |
<li>privileged process daemonizes, eliminating its controlling terminal. |
<li>STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified. |
<li>STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified. |
|
|
<li>leases which would cause routing problems because another interface is already configured with the same subnet are rejected. |
<li>leases which would cause routing problems because another interface is already configured with the same subnet are rejected. |
<li>premature and repeated DISCOVER and/or REQUEST messages at startup are avoided. |
<li>premature and repeated DISCOVER and/or REQUEST messages at startup are avoided. |
<li>permanent ARP cache entries are no longer deleted during binding. |
<li>permanent ARP cache entries are no longer deleted during binding. |
<li>allow empty lists of option names for 'ignore', 'request', and'require' dhclient.conf directives, so lists can be reset in interface declarations. |
<li>allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options. |
<li>hand-rolled IMSG implementation replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions.. |
<li>hand-rolled IMSG implementation replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions.. |
<li>hand-rolled date string construction replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a> invocations. |
<li>hand-rolled date string construction replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a> invocations. |
|
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>trace</i> supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more, |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>trace</i> supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more, |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>monitor</i> can now be used to monitor in real-time an instance of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8">smtpd(8)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>monitor</i> can now be used to monitor in real-time an instance of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8">smtpd(8)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>show queue</i> now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> <i>show queue</i> now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. |
<li>virtual domains support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings. |
<li>virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings. |
<li>new table API replaces the map API: better handling of transient errors, improved performances and a much better interface. |
<li>new table API replaces the map API: better handling of transient errors, improved performances and a much better interface. |
<li>the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table. |
<li>the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table. |
<li>each listener may advertise a different banner hostname. |
<li>each listener may advertise a different banner hostname. |
|
|
<li>incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool. |
<li>incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool. |
<li>intermediate bounces are now sent at configurable rates. |
<li>intermediate bounces are now sent at configurable rates. |
<li>rules can now check for a sender email address or domain. |
<li>rules can now check for a sender email address or domain. |
<li><b>experimental</b> (yet functionnal) support for aldap and sqlite as table backends. |
<li><b>experimental</b> (yet functional) support for aldap and sqlite as table backends. |
</ul> |
</ul> |
|
|
|
|
<li>Improvements: |
<li>Improvements: |
<ul> |
<ul> |
<li>improved logging format to make it both easier to read and parse. |
<li>improved logging format to make it both easier to read and parse. |