www/53.html - diff

Return to 53.html CVS log

Up to [local] / www

Diff for /www/53.html between version 1.87 and 1.88

version 1.87, 2016/08/15 02:22:05

version 1.88, 2017/06/26 17:18:57

Line 58

<ul>

<li>Improved hardware support, including:

<ul>

<li>New driver <a href="http://man.openbsd.org/?query=oce&sektion=4">oce(4)</a> for Emulex OneConnect 10Gb Ethernet adapters.

<li>New driver <a href="https://man.openbsd.org/?query=oce&sektion=4">oce(4)</a> for Emulex OneConnect 10Gb Ethernet adapters.

<li>New driver <a href="http://man.openbsd.org/?query=rtsx&sektion=4">rtsx(4)</a> for the Realtek RTS5209 card reader.

<li>New driver <a href="https://man.openbsd.org/?query=rtsx&sektion=4">rtsx(4)</a> for the Realtek RTS5209 card reader.

<li>New driver <a href="http://man.openbsd.org/?query=mfii&sektion=4">mfii(4)</a> for the LSI Logic MegaRAID SAS Fusion controllers.

<li>New driver <a href="https://man.openbsd.org/?query=mfii&sektion=4">mfii(4)</a> for the LSI Logic MegaRAID SAS Fusion controllers.

<li>New driver <a href="http://man.openbsd.org/?query=smsc&sektion=4">smsc(4)</a> for SMSC LAN95xx 10/100 USB Ethernet adapters.

<li>New driver <a href="https://man.openbsd.org/?query=smsc&sektion=4">smsc(4)</a> for SMSC LAN95xx 10/100 USB Ethernet adapters.

<li>New drivers for Toradex OAK USB sensors: <a href="http://man.openbsd.org/?query=uoaklux&sektion=4">uoaklux(4)</a> (illuminance), <a href="http://man.openbsd.org/?query=uoakrh&sektion=4">uoakrh(4)</a> (temperature and relative humidity) and <a href="http://man.openbsd.org/?query=uoakv&sektion=4">uoakv(4)</a> (+/- 10V 8channel ADC).

<li>New drivers for Toradex OAK USB sensors: <a href="https://man.openbsd.org/?query=uoaklux&sektion=4">uoaklux(4)</a> (illuminance), <a href="https://man.openbsd.org/?query=uoakrh&sektion=4">uoakrh(4)</a> (temperature and relative humidity) and <a href="https://man.openbsd.org/?query=uoakv&sektion=4">uoakv(4)</a> (+/- 10V 8channel ADC).

<li>New drivers for <a href="http://man.openbsd.org/?query=virtio&sektion=4">virtio(4)</a> devices: <a href="http://man.openbsd.org/?query=vio&sektion=4">vio(4)</a> (network), <a href="http://man.openbsd.org/?query=vioblk&sektion=4">vioblk(4)</a> (block devices, attaching as SCSI disks) and <a href="http://man.openbsd.org/?query=viomb&sektion=4">viomb(4)</a> (memory ballooning).

<li>New drivers for <a href="https://man.openbsd.org/?query=virtio&sektion=4">virtio(4)</a> devices: <a href="https://man.openbsd.org/?query=vio&sektion=4">vio(4)</a> (network), <a href="https://man.openbsd.org/?query=vioblk&sektion=4">vioblk(4)</a> (block devices, attaching as SCSI disks) and <a href="https://man.openbsd.org/?query=viomb&sektion=4">viomb(4)</a> (memory ballooning).

<li>Support for Adaptec 39320LPE added to <a href="http://man.openbsd.org/?query=ahd&sektion=4">ahd(4)</a>.

<li>Support for Adaptec 39320LPE added to <a href="https://man.openbsd.org/?query=ahd&sektion=4">ahd(4)</a>.

<li>Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in <a href="http://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>.

<li>Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in <a href="https://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>.

<li>Intel X540-based 10Gb Ethernet devices supported in <a href="http://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>.

<li>Intel X540-based 10Gb Ethernet devices supported in <a href="https://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>.

<li>Support for SFP+ hot-plug (82599) and various other improvements in <a href="http://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>.

<li>Support for SFP+ hot-plug (82599) and various other improvements in <a href="https://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>.

<li>TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>.

<li>TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in <a href="https://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>.

<li>Baby jumbo frames supported in <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a> and <a href="http://man.openbsd.org/?query=sis&sektion=4">sis(4)</a> useful for e.g. MPLS, <a href="http://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> tag stacking (QinQ) and RFC4638 <a href="http://man.openbsd.org/?query=pppoe&sektion=4">pppoe(4)</a>.

<li>Baby jumbo frames supported in <a href="https://man.openbsd.org/?query=vr&sektion=4">vr(4)</a> and <a href="https://man.openbsd.org/?query=sis&sektion=4">sis(4)</a> useful for e.g. MPLS, <a href="https://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> tag stacking (QinQ) and RFC4638 <a href="https://man.openbsd.org/?query=pppoe&sektion=4">pppoe(4)</a>.

<li>TCP RX Checksum offload in <a href="http://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>.

<li>TCP RX Checksum offload in <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>.

<li>Improvements for NICs using 82579/pch2 in <a href="http://man.openbsd.org/?query=em&sektion=4">em(4)</a>.

<li>Improvements for NICs using 82579/pch2 in <a href="https://man.openbsd.org/?query=em&sektion=4">em(4)</a>.

<li>Flow control is now supported on <a href="http://man.openbsd.org/?query=bnx&sektion=4">bnx(4)</a> 5708S/5709S adapters, <a href="http://man.openbsd.org/?query=gem&sektion=4">gem(4)</a> and <a href="http://man.openbsd.org/?query=jme&sektion=4">jme(4)</a>.

<li>Flow control is now supported on <a href="https://man.openbsd.org/?query=bnx&sektion=4">bnx(4)</a> 5708S/5709S adapters, <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a> and <a href="https://man.openbsd.org/?query=jme&sektion=4">jme(4)</a>.

<li>Power-saving clients supported in hostap mode with <a href="http://man.openbsd.org/?query=acx&sektion=4">acx(4)</a> and <a href="http://man.openbsd.org/?query=athn&sektion=4">athn(4)</a>.

<li>Power-saving clients supported in hostap mode with <a href="https://man.openbsd.org/?query=acx&sektion=4">acx(4)</a> and <a href="https://man.openbsd.org/?query=athn&sektion=4">athn(4)</a>.

<li>A cause of RT2661 <a href="http://man.openbsd.org/?query=ral&sektion=4">ral(4)</a> wedging in hostap mode was fixed.

<li>A cause of RT2661 <a href="https://man.openbsd.org/?query=ral&sektion=4">ral(4)</a> wedging in hostap mode was fixed.

<li><a href="http://man.openbsd.org/?query=iwn&sektion=4">iwn(4)</a> supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).

<li><a href="https://man.openbsd.org/?query=iwn&sektion=4">iwn(4)</a> supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).

<li>Improvements to <a href="http://man.openbsd.org/?query=ahci&sektion=4">ahci(4)</a>.

<li>Improvements to <a href="https://man.openbsd.org/?query=ahci&sektion=4">ahci(4)</a>.

<li>Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters.

<li>Elantech touchpads supported in <a href="http://man.openbsd.org/?query=pms&sektion=4">pms(4)</a> and <a href="http://man.openbsd.org/?query=synaptics&sektion=4">synaptics(4)</a>.

<li>Elantech touchpads supported in <a href="https://man.openbsd.org/?query=pms&sektion=4">pms(4)</a> and <a href="https://man.openbsd.org/?query=synaptics&sektion=4">synaptics(4)</a>.

<li>Support for "physical devices" on skinny <a href="http://man.openbsd.org/?query=mfi&sektion=4">mfi(4)</a> controllers.

<li>Support for "physical devices" on skinny <a href="https://man.openbsd.org/?query=mfi&sektion=4">mfi(4)</a> controllers.

<li>VMware emulated SAS adapters supported by <a href="http://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a>.

<li>VMware emulated SAS adapters supported by <a href="https://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a>.

<li>Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.

<li>Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors.

<li>amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100.

<li><a href="http://man.openbsd.org/?query=ulpt&sektion=4">ulpt(4)</a> can now upload firmware to certain HP LaserJet printers.

<li><a href="https://man.openbsd.org/?query=ulpt&sektion=4">ulpt(4)</a> can now upload firmware to certain HP LaserJet printers.

<li>Added stat clock to Loongson machines, improving accuracy of CPU usage statistics.

<li>CPU throttling supported on Loongson 2F.

<li>Support for Apple UniNorth and U3 AGP added to <a href="http://man.openbsd.org/?query=agp&sektion=4">agp(4)</a>.

<li>Support for Apple UniNorth and U3 AGP added to <a href="https://man.openbsd.org/?query=agp&sektion=4">agp(4)</a>.

<li>DRM support for macppc.

</ul>

<li>Generic network stack improvements:

<ul>

<li>Restriction on writing to <a href="http://man.openbsd.org/?query=trunk&sektion=4">trunk(4)</a> member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).

<li>Restriction on writing to <a href="https://man.openbsd.org/?query=trunk&sektion=4">trunk(4)</a> member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).

<li>UDP support added to <a href="http://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a> (zero-copy socket splicing).

<li>UDP support added to <a href="https://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a> (zero-copy socket splicing).

<li>IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> flag).

<li>IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an <a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> flag).

<li><a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> <tt>hwfeatures</tt> displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).

<li><a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> <tt>hwfeatures</tt> displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).

<li>Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes.

</ul>

<li>Routing daemons and other userland network improvements:

<ul>

<li>OpenBSD now includes <a href="http://man.openbsd.org/?query=npppd&sektion=8">npppd(8)</a>, a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.

<li>OpenBSD now includes <a href="https://man.openbsd.org/?query=npppd&sektion=8">npppd(8)</a>, a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.

<li>New standalone <a href="http://man.openbsd.org/?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> to replace the old <a href="http://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>-based implementation.

<li>New standalone <a href="https://man.openbsd.org/?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> to replace the old <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>-based implementation.

<li>SNMPv3 supported in <a href="http://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>.

<li>SNMPv3 supported in <a href="https://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>.

<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).

<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).

<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> now handles client side of "graceful restart".

<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> now handles client side of "graceful restart".

<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> can now filter based on the NEXTHOP attribute.

<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> can now filter based on the NEXTHOP attribute.

<li>A stratum can now be assigned to hardware sensors in <a href="http://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>.

<li>A stratum can now be assigned to hardware sensors in <a href="https://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>.

<li><a href="http://man.openbsd.org/?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files.

<li><a href="https://man.openbsd.org/?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files.

<li><a href="http://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".

<li><a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".

<li><a href="http://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client's mput command allows to upload a directory tree recursively using the -r switch.

<li><a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client's mput command allows to upload a directory tree recursively using the -r switch.

<li><a href="http://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).

<li><a href="https://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).

<li>The <a href="http://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).

<li>The <a href="https://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).

<li><a href="http://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in <a href="http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages">draft-gont-opsec-vpn-leakages</a>.

<li><a href="https://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in <a href="http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages">draft-gont-opsec-vpn-leakages</a>.

</ul>

<li><a href="http://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> improvements:

<li><a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> improvements:

<ul>

<li>dhclient-script eliminated, all configuration is done with ioctl's and routing sockets.

<li>interface configuration is much faster.

<li>HUP signals cause dhclient to restart; making it re-read the <a href="http://man.openbsd.org/?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="http://man.openbsd.org/?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease.

<li>HUP signals cause dhclient to restart; making it re-read the <a href="https://man.openbsd.org/?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="https://man.openbsd.org/?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease.

<li>INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.

<li><a href="http://man.openbsd.org/?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.

<li><a href="https://man.openbsd.org/?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.

<li>interface hardware address changes are detected and cause dhclient to restart.

<li>dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.

<li>'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.

Line 148

<li>premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.

<li>permanent ARP cache entries are no longer deleted during binding.

<li>allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.

<li><a href="http://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options.

<li><a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options.

<li>hand-rolled IMSG implementation replaced with <a href="http://man.openbsd.org/?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions..

<li>hand-rolled IMSG implementation replaced with <a href="https://man.openbsd.org/?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions..

<li>hand-rolled date string construction replaced with <a href="http://man.openbsd.org/?query=strftime&sektion=3">strftime(3)</a> invocations.

<li>hand-rolled date string construction replaced with <a href="https://man.openbsd.org/?query=strftime&sektion=3">strftime(3)</a> invocations.

<li>hand-rolled '%m' option replaced with <a href="http://man.openbsd.org/?query=strerror&sektion=3">strerror(3)</a> invocations.

<li>hand-rolled '%m' option replaced with <a href="https://man.openbsd.org/?query=strerror&sektion=3">strerror(3)</a> invocations.

<li>many other internal code improvements.

</ul>

<li><a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements:

<li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements:

<ul>

<li> The <a href="http://man.openbsd.org/?query=divert&sektion=4">divert(4)</a>

<li> The <a href="https://man.openbsd.org/?query=divert&sektion=4">divert(4)</a>

socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction.

<li>Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP.

<li>PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters.

Line 170

<li>New features:

<ul>

<li>code is now considered stable and suitable for use in production.

<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> trace supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more.

<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> trace supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more.

<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> monitor can now be used to monitor in real-time an instance of <a href="http://man.openbsd.org/?query=smtpd&sektion=8">smtpd(8)</a>.

<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> monitor can now be used to monitor in real-time an instance of <a href="https://man.openbsd.org/?query=smtpd&sektion=8">smtpd(8)</a>.

<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> show queue now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information.

<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> show queue now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information.

<li>virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings.

<li>new table API replaces the map API: better handling of transient errors, improved performances and a much better interface.

<li>the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table.

<li>each listener may advertise a different banner hostname.

<li>an alternate user database may be provided instead of relying on <a href="http://man.openbsd.org/?query=getpwnam&sektion=3">getpwnam(3)</a>.

<li>an alternate user database may be provided instead of relying on <a href="https://man.openbsd.org/?query=getpwnam&sektion=3">getpwnam(3)</a>.

<li>users may now be authenticated using credentials from a table.

<li>incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool.

<li>intermediate bounces are now sent at configurable rates.

Line 191

<li>improved memory use by scheduler, smtp, queue and transfer processes.

<li>more reliable and efficient disk-based queue.

<li>improved scheduler, dns and relaying logic that optimizes transfers.

<li>simplified grammar for <a href="http://man.openbsd.org/?query=smtpd.conf&sektion=5">smtpd.conf(5)</a>.

<li>simplified grammar for <a href="https://man.openbsd.org/?query=smtpd.conf&sektion=5">smtpd.conf(5)</a>.

<li>initial support for client and server SSL peer certificates validation.

<li>SSL certificate tree is now isolated and network-facing processes request SSL information on-demand by imsg.

<li>improved and simplified SMTP and MTA engines.

Line 204

<li>Security improvements:

<ul>

<li>Position-independent executables (PIE) are now used by default on alpha, amd64, hppa, landisk, loongson, sgi and sparc64.

<li><a href="http://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a> stack smashing protector added for Alpha and MIPS (enabled by default).

<li><a href="https://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a> stack smashing protector added for Alpha and MIPS (enabled by default).

<li>Shared libraries on GCC 4 platforms now each get their own stack protector cookies instead of sharing a single global cookie.

</ul>

Line 214

<li>Switch default disk I/O sort algorithm to NSCAN for improved fairness and response times.

<li>Softdep speedup improvements by the revert of a previously necessary workaround to prevent kva starvation.

<li>Large performance and reliability improvements in

<a href="http://man.openbsd.org/?query=make&sektion=1">make(1)</a>,

<a href="https://man.openbsd.org/?query=make&sektion=1">make(1)</a>,

especially in parallel mode. make no longer does any busy waiting, it handles

concurrent targets correctly, and displays more accurate error messages.

<li>Increased stack alignment in constructor functions and new threads on i386 to meet requirements for SSE.

Line 225

<li>Threading improvements:

<ul>

<li>Threaded programs and libraries can now be linked with the POSIX-standard -lpthread flag instead of the OpenBSD-specific -pthread flag

<li><a href="http://man.openbsd.org/?query=abort&sektion=3">abort(3)</a> and <a href="http://man.openbsd.org/?query=raise&sektion=3">raise(3)</a> now direct the signal to the calling thread, as specified by POSIX.

<li><a href="https://man.openbsd.org/?query=abort&sektion=3">abort(3)</a> and <a href="https://man.openbsd.org/?query=raise&sektion=3">raise(3)</a> now direct the signal to the calling thread, as specified by POSIX.

<li>Whether a thread is currently executing on an alternate signal stack (c.f. <a href="http://man.openbsd.org/?query=sigaltstack&sektion=2">sigaltstack(2)</a>) is now determined dynamically, so the stack can be reused if <a href="http://man.openbsd.org/?query=siglongjmp&sektion=3">siglongjmp(3)</a> is used to exit the signal handler.

<li>Whether a thread is currently executing on an alternate signal stack (c.f. <a href="https://man.openbsd.org/?query=sigaltstack&sektion=2">sigaltstack(2)</a>) is now determined dynamically, so the stack can be reused if <a href="https://man.openbsd.org/?query=siglongjmp&sektion=3">siglongjmp(3)</a> is used to exit the signal handler.

<li>libpthread now caches automatically allocated, default size thread stacks.

<li>Improvements in the handling of profiling, tracing, and %cpu calculation of threaded processes.

</ul>

Line 234

<li>Assorted improvements:

<ul>

<li><a href="http://man.openbsd.org/?query=ldomctl&sektion=8&arch=sparc64">ldomctl(8)</a>

<li><a href="https://man.openbsd.org/?query=ldomctl&sektion=8&arch=sparc64">ldomctl(8)</a>

was added to manage logical domains on sun4v systems through

<a href="http://man.openbsd.org/?query=ldomd&sektion=8&arch=sparc64">ldomd(8)</a>.

<a href="https://man.openbsd.org/?query=ldomd&sektion=8&arch=sparc64">ldomd(8)</a>.

<li>Support for WPA Enterprise was added to the wpa_supplicant package.

<li>OpenBSD/luna88k and OpenBSD/mvme88k have switched to GCC 3, <a href="http://man.openbsd.org/?query=elf&sektion=5">elf(5)</a> and gained shared library support.

<li>OpenBSD/luna88k and OpenBSD/mvme88k have switched to GCC 3, <a href="https://man.openbsd.org/?query=elf&sektion=5">elf(5)</a> and gained shared library support.

<li>OpenBSD/hp300 and OpenBSD/mvme68k have switched to GCC 3 and <a href="http://man.openbsd.org/?query=elf&sektion=5">elf(5)</a>.

<li>OpenBSD/hp300 and OpenBSD/mvme68k have switched to GCC 3 and <a href="https://man.openbsd.org/?query=elf&sektion=5">elf(5)</a>.

<li><a href="http://man.openbsd.org/?query=softraid&sektion=4">softraid(4)</a> RAID1 and crypto volumes are now bootable on i386 and amd64 (full disk encryption).

<li><a href="https://man.openbsd.org/?query=softraid&sektion=4">softraid(4)</a> RAID1 and crypto volumes are now bootable on i386 and amd64 (full disk encryption).

emacs-like editor now supports <tt>diff-buffer-with-file</tt>, <tt>make-directory</tt> and <tt>revert-buffer</tt>.

Column numbers have been made configurable and locale is respected for ctype purposes, like displaying ISO Latin 1 characters.

<li>Improved our own <a href="http://man.openbsd.org/?query=pkg-config&sektion=1">pkg-config(1)</a>

<li>Improved our own <a href="https://man.openbsd.org/?query=pkg-config&sektion=1">pkg-config(1)</a>

implementation to make it compatible with freedesktop.org's 0.27.1 release.

<li>A number of improvements to the buffer cache and page daemon interactions to avoid issues in low memory/low kva situations.

<li>Various bug fixes in uvm to avoid potential races and deadlock issues.

<li>Memory filesystem (mfs) switched to bufq, giving us queue limits and FIFO queueing (rather than the current LIFO queueing).

<li>Many improvements to the <a href="http://man.openbsd.org/?query=cwm&sektion=1">cwm(1)</a> window manager,

<li>Many improvements to the <a href="https://man.openbsd.org/?query=cwm&sektion=1">cwm(1)</a> window manager,

including tab completion and Xft support for menus, improved Xinerama support, and per-group vertical/horizontal manual tiling support.

<li>Added <a href="http://man.openbsd.org/?query=dprintf&sektion=3">dprintf(3)</a>, <a href="http://man.openbsd.org/?query=grantpt&sektion=3">grantpt(3)</a>, <a href="http://man.openbsd.org/?query=posix_openpt&sektion=3">posix_openpt(3)</a>, <a href="http://man.openbsd.org/?query=ptsname&sektion=3">ptsname(3)</a>, <a href="http://man.openbsd.org/?query=unlockpt&sektion=3">unlockpt(3)</a>, and <a href="http://man.openbsd.org/?query=vdprintf&sektion=3">vdprintf(3)</a>.

<li>Added <a href="https://man.openbsd.org/?query=dprintf&sektion=3">dprintf(3)</a>, <a href="https://man.openbsd.org/?query=grantpt&sektion=3">grantpt(3)</a>, <a href="https://man.openbsd.org/?query=posix_openpt&sektion=3">posix_openpt(3)</a>, <a href="https://man.openbsd.org/?query=ptsname&sektion=3">ptsname(3)</a>, <a href="https://man.openbsd.org/?query=unlockpt&sektion=3">unlockpt(3)</a>, and <a href="https://man.openbsd.org/?query=vdprintf&sektion=3">vdprintf(3)</a>.

<li>Corrected the order of invocation of constructor and destruction functions.

<li>Improved compliance and/or cleanliness of header files, particularly

<dlfcn.h>, <netdb.h>, <net/if.h>,

Line 264

<ul>

<li>New features:

<ul>

and

<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

Added support for AES-GCM authenticated encryption in SSH protocol 2.

The new cipher is available as "aes128-gcm@openssh.com" and

"aes256-gcm@openssh.com". It uses an identical packet format to the

AES-GCM mode specified in RFC 5647, but uses simpler and different

selection rules during key exchange.

and

<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2.

These modes alter the packet format and compute the MAC over the

packet length and encrypted packet rather than over the plaintext

data. These modes are considered more secure and are used by default

when available.

and

<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

Added support for the UMAC-128 MAC as "umac-128@openssh.com" and

"umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode.

<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

Added support for multiple required authentication in SSH protocol 2

via an <tt>AuthenticationMethods</tt> option. This option lists one

or more comma-separated lists of authentication method names.

Line 293

authentication to complete. This allows, for example, requiring a

user having to authenticate via public key or GSSAPI before they are

offered password authentication.

and

<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

Added support for Key Revocation Lists (KRLs), a compact binary

format to represent lists of revoked keys and certificates that take

as little as one bit per certificate when revoking by serial number.

KRLs may be generated using

<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>

<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>

and are loaded into

via the existing <tt>RevokedKeys</tt>

<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

option.

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<tt>IdentitiesOnly</tt> now applies to keys obtained from a

PKCS11Provider. This allows control of which keys are offered from

tokens using <tt>IdentityFile</tt>.

<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s

<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s

AllowTcpForwarding now accepts "<tt>local</tt>" and "<tt>remote</tt>"

in addition to its previous "<tt>yes</tt>"/"<tt>no</tt>" keywords to

allow the server to specify whether just local or remote TCP

forwarding is enabled.

<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:

Added a

<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

option <tt>AuthorizedKeysCommand</tt> to support fetching

authorized_keys from a command in addition to (or instead of) from

the filesystem. The command is run under an account specified by an

<tt>AuthorizedKeysCommandUser</tt>

<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>

option.

<li><a href="http://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>:

<li><a href="https://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>:

Now supports a <tt>-d</tt> option to allow the starting directory to

be something other than the user's home directory.

<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

Now allows fingerprinting of keys hosted in PKCS#11 tokens using

"ssh-keygen -lD pkcs11_provider".

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

When SSH protocol 2 only is selected (the default),

now immediately sends its SSH protocol banner to the server without

waiting to receive the server's banner, saving time when connecting.

Added <tt>~v</tt> and <tt>~V</tt> escape sequences to raise and lower

the logging level respectively.

Made the escape command help (<tt>~?</tt>) context sensitive so that

only commands that will work in the current session are shown.

<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

When deleting host lines from known_hosts using "ssh-keygen -R host",

<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>

<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>

now prints details of which lines were removed.

</ul>

<li>The following significant bugs have been fixed in this release:

<ul>

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

Force a clean shutdown of ControlMaster client sessions when the

<tt>~.</tt> escape sequence is used. This means that <tt>~.</tt>

should now work in mux clients even if the server is no longer

responding.

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

Correctly detect errors during local TCP forward setup in multiplexed

clients. (bz#2055)

<li><a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>:

Made deleting explicit keys "ssh-add -d" symmetric with adding keys

with respect to certificates. It now tries to delete the

corresponding certificate and respects the <tt>-k</tt> option to

allow deleting of the key only.

<li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>:

<li><a href="https://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>:

Fix a number of parsing and command-editing bugs, including bz#1956.

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

When muxmaster is run with <tt>-N</tt>, ensure that it shuts down

gracefully when a client sends it "-O stop" rather than hanging

around. (bz#1985)

<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:

When screening moduli candidates, append to the file rather than

overwriting to allow resumption. (bz#1957)

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

Record "Received disconnect" messages at ERROR rather than INFO

priority. (bz#2057)

<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:

Loudly warn if explicitly-provided private key is unreadable.

(bz#1981)

</ul>

Line 534

To make a boot floppy under MS-DOS, use the "rawrite" utility located

at CD1:5.3/tools/rawrite.exe. To make the boot floppy under a Unix OS,

use the

utility. The following is an example usage of

<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>,

<a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>,

where the device could be "floppy", "rfd0c", or

"rfd0a".

Line 828

OpenBSD ports system.

The ports/ directory represents a CVS (see the manpage for

cvs(1)</a> if

you aren't familiar with CVS) checkout of our ports. As with our complete

source tree, our ports tree is available via