version 1.87, 2016/08/15 02:22:05 |
version 1.88, 2017/06/26 17:18:57 |
|
|
<ul> |
<ul> |
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>New driver <a href="http://man.openbsd.org/?query=oce&sektion=4">oce(4)</a> for Emulex OneConnect 10Gb Ethernet adapters. |
<li>New driver <a href="https://man.openbsd.org/?query=oce&sektion=4">oce(4)</a> for Emulex OneConnect 10Gb Ethernet adapters. |
<li>New driver <a href="http://man.openbsd.org/?query=rtsx&sektion=4">rtsx(4)</a> for the Realtek RTS5209 card reader. |
<li>New driver <a href="https://man.openbsd.org/?query=rtsx&sektion=4">rtsx(4)</a> for the Realtek RTS5209 card reader. |
<li>New driver <a href="http://man.openbsd.org/?query=mfii&sektion=4">mfii(4)</a> for the LSI Logic MegaRAID SAS Fusion controllers. |
<li>New driver <a href="https://man.openbsd.org/?query=mfii&sektion=4">mfii(4)</a> for the LSI Logic MegaRAID SAS Fusion controllers. |
<li>New driver <a href="http://man.openbsd.org/?query=smsc&sektion=4">smsc(4)</a> for SMSC LAN95xx 10/100 USB Ethernet adapters. |
<li>New driver <a href="https://man.openbsd.org/?query=smsc&sektion=4">smsc(4)</a> for SMSC LAN95xx 10/100 USB Ethernet adapters. |
<li>New drivers for Toradex OAK USB sensors: <a href="http://man.openbsd.org/?query=uoaklux&sektion=4">uoaklux(4)</a> (illuminance), <a href="http://man.openbsd.org/?query=uoakrh&sektion=4">uoakrh(4)</a> (temperature and relative humidity) and <a href="http://man.openbsd.org/?query=uoakv&sektion=4">uoakv(4)</a> (+/- 10V 8channel ADC). |
<li>New drivers for Toradex OAK USB sensors: <a href="https://man.openbsd.org/?query=uoaklux&sektion=4">uoaklux(4)</a> (illuminance), <a href="https://man.openbsd.org/?query=uoakrh&sektion=4">uoakrh(4)</a> (temperature and relative humidity) and <a href="https://man.openbsd.org/?query=uoakv&sektion=4">uoakv(4)</a> (+/- 10V 8channel ADC). |
<li>New drivers for <a href="http://man.openbsd.org/?query=virtio&sektion=4">virtio(4)</a> devices: <a href="http://man.openbsd.org/?query=vio&sektion=4">vio(4)</a> (network), <a href="http://man.openbsd.org/?query=vioblk&sektion=4">vioblk(4)</a> (block devices, attaching as SCSI disks) and <a href="http://man.openbsd.org/?query=viomb&sektion=4">viomb(4)</a> (memory ballooning). |
<li>New drivers for <a href="https://man.openbsd.org/?query=virtio&sektion=4">virtio(4)</a> devices: <a href="https://man.openbsd.org/?query=vio&sektion=4">vio(4)</a> (network), <a href="https://man.openbsd.org/?query=vioblk&sektion=4">vioblk(4)</a> (block devices, attaching as SCSI disks) and <a href="https://man.openbsd.org/?query=viomb&sektion=4">viomb(4)</a> (memory ballooning). |
<li>Support for Adaptec 39320LPE added to <a href="http://man.openbsd.org/?query=ahd&sektion=4">ahd(4)</a>. |
<li>Support for Adaptec 39320LPE added to <a href="https://man.openbsd.org/?query=ahd&sektion=4">ahd(4)</a>. |
<li>Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in <a href="http://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>. |
<li>Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in <a href="https://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>. |
<li>Intel X540-based 10Gb Ethernet devices supported in <a href="http://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>. |
<li>Intel X540-based 10Gb Ethernet devices supported in <a href="https://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>. |
<li>Support for SFP+ hot-plug (82599) and various other improvements in <a href="http://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>. |
<li>Support for SFP+ hot-plug (82599) and various other improvements in <a href="https://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>. |
<li>TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>. |
<li>TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in <a href="https://man.openbsd.org/?query=vr&sektion=4">vr(4)</a>. |
<li>Baby jumbo frames supported in <a href="http://man.openbsd.org/?query=vr&sektion=4">vr(4)</a> and <a href="http://man.openbsd.org/?query=sis&sektion=4">sis(4)</a> useful for e.g. MPLS, <a href="http://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> tag stacking (QinQ) and RFC4638 <a href="http://man.openbsd.org/?query=pppoe&sektion=4">pppoe(4)</a>. |
<li>Baby jumbo frames supported in <a href="https://man.openbsd.org/?query=vr&sektion=4">vr(4)</a> and <a href="https://man.openbsd.org/?query=sis&sektion=4">sis(4)</a> useful for e.g. MPLS, <a href="https://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> tag stacking (QinQ) and RFC4638 <a href="https://man.openbsd.org/?query=pppoe&sektion=4">pppoe(4)</a>. |
<li>TCP RX Checksum offload in <a href="http://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>. |
<li>TCP RX Checksum offload in <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>. |
<li>Improvements for NICs using 82579/pch2 in <a href="http://man.openbsd.org/?query=em&sektion=4">em(4)</a>. |
<li>Improvements for NICs using 82579/pch2 in <a href="https://man.openbsd.org/?query=em&sektion=4">em(4)</a>. |
<li>Flow control is now supported on <a href="http://man.openbsd.org/?query=bnx&sektion=4">bnx(4)</a> 5708S/5709S adapters, <a href="http://man.openbsd.org/?query=gem&sektion=4">gem(4)</a> and <a href="http://man.openbsd.org/?query=jme&sektion=4">jme(4)</a>. |
<li>Flow control is now supported on <a href="https://man.openbsd.org/?query=bnx&sektion=4">bnx(4)</a> 5708S/5709S adapters, <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a> and <a href="https://man.openbsd.org/?query=jme&sektion=4">jme(4)</a>. |
|
|
<li>Power-saving clients supported in hostap mode with <a href="http://man.openbsd.org/?query=acx&sektion=4">acx(4)</a> and <a href="http://man.openbsd.org/?query=athn&sektion=4">athn(4)</a>. |
<li>Power-saving clients supported in hostap mode with <a href="https://man.openbsd.org/?query=acx&sektion=4">acx(4)</a> and <a href="https://man.openbsd.org/?query=athn&sektion=4">athn(4)</a>. |
<li>A cause of RT2661 <a href="http://man.openbsd.org/?query=ral&sektion=4">ral(4)</a> wedging in hostap mode was fixed. |
<li>A cause of RT2661 <a href="https://man.openbsd.org/?query=ral&sektion=4">ral(4)</a> wedging in hostap mode was fixed. |
<li><a href="http://man.openbsd.org/?query=iwn&sektion=4">iwn(4)</a> supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030). |
<li><a href="https://man.openbsd.org/?query=iwn&sektion=4">iwn(4)</a> supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030). |
|
|
<li>Improvements to <a href="http://man.openbsd.org/?query=ahci&sektion=4">ahci(4)</a>. |
<li>Improvements to <a href="https://man.openbsd.org/?query=ahci&sektion=4">ahci(4)</a>. |
<li>Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters. |
<li>Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters. |
<li>Elantech touchpads supported in <a href="http://man.openbsd.org/?query=pms&sektion=4">pms(4)</a> and <a href="http://man.openbsd.org/?query=synaptics&sektion=4">synaptics(4)</a>. |
<li>Elantech touchpads supported in <a href="https://man.openbsd.org/?query=pms&sektion=4">pms(4)</a> and <a href="https://man.openbsd.org/?query=synaptics&sektion=4">synaptics(4)</a>. |
<li>Support for "physical devices" on skinny <a href="http://man.openbsd.org/?query=mfi&sektion=4">mfi(4)</a> controllers. |
<li>Support for "physical devices" on skinny <a href="https://man.openbsd.org/?query=mfi&sektion=4">mfi(4)</a> controllers. |
<li>VMware emulated SAS adapters supported by <a href="http://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a>. |
<li>VMware emulated SAS adapters supported by <a href="https://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a>. |
<li>Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64. |
<li>Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64. |
<li>Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors. |
<li>Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors. |
<li>amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100. |
<li>amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100. |
<li><a href="http://man.openbsd.org/?query=ulpt&sektion=4">ulpt(4)</a> can now upload firmware to certain HP LaserJet printers. |
<li><a href="https://man.openbsd.org/?query=ulpt&sektion=4">ulpt(4)</a> can now upload firmware to certain HP LaserJet printers. |
<li>Added stat clock to Loongson machines, improving accuracy of CPU usage statistics. |
<li>Added stat clock to Loongson machines, improving accuracy of CPU usage statistics. |
<li>CPU throttling supported on Loongson 2F. |
<li>CPU throttling supported on Loongson 2F. |
<li>Support for Apple UniNorth and U3 AGP added to <a href="http://man.openbsd.org/?query=agp&sektion=4">agp(4)</a>. |
<li>Support for Apple UniNorth and U3 AGP added to <a href="https://man.openbsd.org/?query=agp&sektion=4">agp(4)</a>. |
<li>DRM support for macppc. |
<li>DRM support for macppc. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li>Restriction on writing to <a href="http://man.openbsd.org/?query=trunk&sektion=4">trunk(4)</a> member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP). |
<li>Restriction on writing to <a href="https://man.openbsd.org/?query=trunk&sektion=4">trunk(4)</a> member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP). |
<li>UDP support added to <a href="http://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a> (zero-copy socket splicing). |
<li>UDP support added to <a href="https://man.openbsd.org/?query=sosplice&sektion=9">sosplice(9)</a> (zero-copy socket splicing). |
<li>IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> flag). |
<li>IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an <a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> flag). |
<li><a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> <tt>hwfeatures</tt> displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames). |
<li><a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> <tt>hwfeatures</tt> displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames). |
<li>Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes. |
<li>Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>OpenBSD now includes <a href="http://man.openbsd.org/?query=npppd&sektion=8">npppd(8)</a>, a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE. |
<li>OpenBSD now includes <a href="https://man.openbsd.org/?query=npppd&sektion=8">npppd(8)</a>, a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE. |
<li>New standalone <a href="http://man.openbsd.org/?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> to replace the old <a href="http://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>-based implementation. |
<li>New standalone <a href="https://man.openbsd.org/?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> to replace the old <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>-based implementation. |
<li>SNMPv3 supported in <a href="http://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>. |
<li>SNMPv3 supported in <a href="https://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>. |
<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails). |
<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails). |
<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> now handles client side of "graceful restart". |
<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> now handles client side of "graceful restart". |
<li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> can now filter based on the NEXTHOP attribute. |
<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> can now filter based on the NEXTHOP attribute. |
<li>A stratum can now be assigned to hardware sensors in <a href="http://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>. |
<li>A stratum can now be assigned to hardware sensors in <a href="https://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>. |
<li><a href="http://man.openbsd.org/?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files. |
<li><a href="https://man.openbsd.org/?query=authpf&sektion=8">authpf(8)</a> now supports the use of per-group rules files. |
<li><a href="http://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". |
<li><a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file". |
<li><a href="http://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client's mput command allows to upload a directory tree recursively using the -r switch. |
<li><a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> client's mput command allows to upload a directory tree recursively using the -r switch. |
<li><a href="http://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays). |
<li><a href="https://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays). |
<li>The <a href="http://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time). |
<li>The <a href="https://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time). |
<li><a href="http://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in <a href="http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages">draft-gont-opsec-vpn-leakages</a>. |
<li><a href="https://man.openbsd.org/?query=iked&sektion=8">iked(8)</a> blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in <a href="http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages">draft-gont-opsec-vpn-leakages</a>. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li><a href="http://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> improvements: |
<li><a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> improvements: |
<ul> |
<ul> |
<li>dhclient-script eliminated, all configuration is done with ioctl's and routing sockets. |
<li>dhclient-script eliminated, all configuration is done with ioctl's and routing sockets. |
<li>interface configuration is much faster. |
<li>interface configuration is much faster. |
<li>HUP signals cause dhclient to restart; making it re-read the <a href="http://man.openbsd.org/?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="http://man.openbsd.org/?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease. |
<li>HUP signals cause dhclient to restart; making it re-read the <a href="https://man.openbsd.org/?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> and <a href="https://man.openbsd.org/?query=resolv.conf.tail&sektion=5">resolv.conf.tail(5)</a> files, and obtain a new lease. |
<li>INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured. |
<li>INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured. |
<li><a href="http://man.openbsd.org/?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. |
<li><a href="https://man.openbsd.org/?query=resolv.conf&sektion=5">resolv.conf(5)</a> is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate. |
<li>interface hardware address changes are detected and cause dhclient to restart. |
<li>interface hardware address changes are detected and cause dhclient to restart. |
<li>dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server. |
<li>dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server. |
<li>'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease. |
<li>'-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease. |
|
|
<li>premature and repeated DISCOVER and/or REQUEST messages at startup are avoided. |
<li>premature and repeated DISCOVER and/or REQUEST messages at startup are avoided. |
<li>permanent ARP cache entries are no longer deleted during binding. |
<li>permanent ARP cache entries are no longer deleted during binding. |
<li>allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations. |
<li>allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations. |
<li><a href="http://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options. |
<li><a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> and dhclient recognize the same list of dhcp options. |
<li>hand-rolled IMSG implementation replaced with <a href="http://man.openbsd.org/?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions.. |
<li>hand-rolled IMSG implementation replaced with <a href="https://man.openbsd.org/?query=imsg_init&sektion=3">imsg_init(3)</a> and related functions.. |
<li>hand-rolled date string construction replaced with <a href="http://man.openbsd.org/?query=strftime&sektion=3">strftime(3)</a> invocations. |
<li>hand-rolled date string construction replaced with <a href="https://man.openbsd.org/?query=strftime&sektion=3">strftime(3)</a> invocations. |
<li>hand-rolled '%m' option replaced with <a href="http://man.openbsd.org/?query=strerror&sektion=3">strerror(3)</a> invocations. |
<li>hand-rolled '%m' option replaced with <a href="https://man.openbsd.org/?query=strerror&sektion=3">strerror(3)</a> invocations. |
<li>many other internal code improvements. |
<li>many other internal code improvements. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li><a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements: |
<li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements: |
<ul> |
<ul> |
<li> The <a href="http://man.openbsd.org/?query=divert&sektion=4">divert(4)</a> |
<li> The <a href="https://man.openbsd.org/?query=divert&sektion=4">divert(4)</a> |
socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction. |
socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction. |
<li>Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP. |
<li>Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP. |
<li>PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters. |
<li>PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters. |
|
|
<li>New features: |
<li>New features: |
<ul> |
<ul> |
<li>code is now considered stable and suitable for use in production. |
<li>code is now considered stable and suitable for use in production. |
<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>trace</i> supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more. |
<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>trace</i> supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more. |
<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>monitor</i> can now be used to monitor in real-time an instance of <a href="http://man.openbsd.org/?query=smtpd&sektion=8">smtpd(8)</a>. |
<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>monitor</i> can now be used to monitor in real-time an instance of <a href="https://man.openbsd.org/?query=smtpd&sektion=8">smtpd(8)</a>. |
<li><a href="http://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>show queue</i> now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. |
<li><a href="https://man.openbsd.org/?query=smtpctl&sektion=8">smtpctl(8)</a> <i>show queue</i> now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information. |
<li>virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings. |
<li>virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings. |
<li>new table API replaces the map API: better handling of transient errors, improved performances and a much better interface. |
<li>new table API replaces the map API: better handling of transient errors, improved performances and a much better interface. |
<li>the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table. |
<li>the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table. |
<li>each listener may advertise a different banner hostname. |
<li>each listener may advertise a different banner hostname. |
<li>an alternate user database may be provided instead of relying on <a href="http://man.openbsd.org/?query=getpwnam&sektion=3">getpwnam(3)</a>. |
<li>an alternate user database may be provided instead of relying on <a href="https://man.openbsd.org/?query=getpwnam&sektion=3">getpwnam(3)</a>. |
<li>users may now be authenticated using credentials from a table. |
<li>users may now be authenticated using credentials from a table. |
<li>incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool. |
<li>incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool. |
<li>intermediate bounces are now sent at configurable rates. |
<li>intermediate bounces are now sent at configurable rates. |
|
|
<li>improved memory use by scheduler, smtp, queue and transfer processes. |
<li>improved memory use by scheduler, smtp, queue and transfer processes. |
<li>more reliable and efficient disk-based queue. |
<li>more reliable and efficient disk-based queue. |
<li>improved scheduler, dns and relaying logic that optimizes transfers. |
<li>improved scheduler, dns and relaying logic that optimizes transfers. |
<li>simplified grammar for <a href="http://man.openbsd.org/?query=smtpd.conf&sektion=5">smtpd.conf(5)</a>. |
<li>simplified grammar for <a href="https://man.openbsd.org/?query=smtpd.conf&sektion=5">smtpd.conf(5)</a>. |
<li>initial support for client and server SSL peer certificates validation. |
<li>initial support for client and server SSL peer certificates validation. |
<li>SSL certificate tree is now isolated and network-facing processes request SSL information on-demand by imsg. |
<li>SSL certificate tree is now isolated and network-facing processes request SSL information on-demand by imsg. |
<li>improved and simplified SMTP and MTA engines. |
<li>improved and simplified SMTP and MTA engines. |
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>Position-independent executables (PIE) are now used <b>by default</b> on alpha, amd64, hppa, landisk, loongson, sgi and sparc64. |
<li>Position-independent executables (PIE) are now used <b>by default</b> on alpha, amd64, hppa, landisk, loongson, sgi and sparc64. |
<li><a href="http://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a> stack smashing protector added for Alpha and MIPS (enabled by default). |
<li><a href="https://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a> stack smashing protector added for Alpha and MIPS (enabled by default). |
<li>Shared libraries on GCC 4 platforms now each get their own stack protector cookies instead of sharing a single global cookie. |
<li>Shared libraries on GCC 4 platforms now each get their own stack protector cookies instead of sharing a single global cookie. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Switch default disk I/O sort algorithm to NSCAN for improved fairness and response times. |
<li>Switch default disk I/O sort algorithm to NSCAN for improved fairness and response times. |
<li>Softdep speedup improvements by the revert of a previously necessary workaround to prevent kva starvation. |
<li>Softdep speedup improvements by the revert of a previously necessary workaround to prevent kva starvation. |
<li>Large performance and reliability improvements in |
<li>Large performance and reliability improvements in |
<a href="http://man.openbsd.org/?query=make&sektion=1">make(1)</a>, |
<a href="https://man.openbsd.org/?query=make&sektion=1">make(1)</a>, |
especially in parallel mode. make no longer does any busy waiting, it handles |
especially in parallel mode. make no longer does any busy waiting, it handles |
concurrent targets correctly, and displays more accurate error messages. |
concurrent targets correctly, and displays more accurate error messages. |
<li>Increased stack alignment in constructor functions and new threads on i386 to meet requirements for SSE. |
<li>Increased stack alignment in constructor functions and new threads on i386 to meet requirements for SSE. |
|
|
<li>Threading improvements: |
<li>Threading improvements: |
<ul> |
<ul> |
<li>Threaded programs and libraries can now be linked with the POSIX-standard -lpthread flag instead of the OpenBSD-specific -pthread flag |
<li>Threaded programs and libraries can now be linked with the POSIX-standard -lpthread flag instead of the OpenBSD-specific -pthread flag |
<li><a href="http://man.openbsd.org/?query=abort&sektion=3">abort(3)</a> and <a href="http://man.openbsd.org/?query=raise&sektion=3">raise(3)</a> now direct the signal to the calling thread, as specified by POSIX. |
<li><a href="https://man.openbsd.org/?query=abort&sektion=3">abort(3)</a> and <a href="https://man.openbsd.org/?query=raise&sektion=3">raise(3)</a> now direct the signal to the calling thread, as specified by POSIX. |
<li>Whether a thread is currently executing on an alternate signal stack (c.f. <a href="http://man.openbsd.org/?query=sigaltstack&sektion=2">sigaltstack(2)</a>) is now determined dynamically, so the stack can be reused if <a href="http://man.openbsd.org/?query=siglongjmp&sektion=3">siglongjmp(3)</a> is used to exit the signal handler. |
<li>Whether a thread is currently executing on an alternate signal stack (c.f. <a href="https://man.openbsd.org/?query=sigaltstack&sektion=2">sigaltstack(2)</a>) is now determined dynamically, so the stack can be reused if <a href="https://man.openbsd.org/?query=siglongjmp&sektion=3">siglongjmp(3)</a> is used to exit the signal handler. |
<li>libpthread now caches automatically allocated, default size thread stacks. |
<li>libpthread now caches automatically allocated, default size thread stacks. |
<li>Improvements in the handling of profiling, tracing, and %cpu calculation of threaded processes. |
<li>Improvements in the handling of profiling, tracing, and %cpu calculation of threaded processes. |
</ul> |
</ul> |
|
|
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org/?query=ldomctl&sektion=8&arch=sparc64">ldomctl(8)</a> |
<li><a href="https://man.openbsd.org/?query=ldomctl&sektion=8&arch=sparc64">ldomctl(8)</a> |
was added to manage logical domains on sun4v systems through |
was added to manage logical domains on sun4v systems through |
<a href="http://man.openbsd.org/?query=ldomd&sektion=8&arch=sparc64">ldomd(8)</a>. |
<a href="https://man.openbsd.org/?query=ldomd&sektion=8&arch=sparc64">ldomd(8)</a>. |
<li>Support for WPA Enterprise was added to the wpa_supplicant package. |
<li>Support for WPA Enterprise was added to the wpa_supplicant package. |
<li>OpenBSD/luna88k and OpenBSD/mvme88k have switched to GCC 3, <a href="http://man.openbsd.org/?query=elf&sektion=5">elf(5)</a> and gained shared library support. |
<li>OpenBSD/luna88k and OpenBSD/mvme88k have switched to GCC 3, <a href="https://man.openbsd.org/?query=elf&sektion=5">elf(5)</a> and gained shared library support. |
<li>OpenBSD/hp300 and OpenBSD/mvme68k have switched to GCC 3 and <a href="http://man.openbsd.org/?query=elf&sektion=5">elf(5)</a>. |
<li>OpenBSD/hp300 and OpenBSD/mvme68k have switched to GCC 3 and <a href="https://man.openbsd.org/?query=elf&sektion=5">elf(5)</a>. |
<li><a href="http://man.openbsd.org/?query=softraid&sektion=4">softraid(4)</a> RAID1 and crypto volumes are now bootable on i386 and amd64 (full disk encryption). |
<li><a href="https://man.openbsd.org/?query=softraid&sektion=4">softraid(4)</a> RAID1 and crypto volumes are now bootable on i386 and amd64 (full disk encryption). |
<li>The <a href="http://man.openbsd.org/?query=mg&sektion=1">mg(1)</a> |
<li>The <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a> |
emacs-like editor now supports <tt>diff-buffer-with-file</tt>, <tt>make-directory</tt> and <tt>revert-buffer</tt>. |
emacs-like editor now supports <tt>diff-buffer-with-file</tt>, <tt>make-directory</tt> and <tt>revert-buffer</tt>. |
Column numbers have been made configurable and locale is respected for ctype purposes, like displaying ISO Latin 1 characters. |
Column numbers have been made configurable and locale is respected for ctype purposes, like displaying ISO Latin 1 characters. |
<li>Improved our own <a href="http://man.openbsd.org/?query=pkg-config&sektion=1">pkg-config(1)</a> |
<li>Improved our own <a href="https://man.openbsd.org/?query=pkg-config&sektion=1">pkg-config(1)</a> |
implementation to make it compatible with freedesktop.org's 0.27.1 release. |
implementation to make it compatible with freedesktop.org's 0.27.1 release. |
<li>A number of improvements to the buffer cache and page daemon interactions to avoid issues in low memory/low kva situations. |
<li>A number of improvements to the buffer cache and page daemon interactions to avoid issues in low memory/low kva situations. |
<li>Various bug fixes in uvm to avoid potential races and deadlock issues. |
<li>Various bug fixes in uvm to avoid potential races and deadlock issues. |
<li>Memory filesystem (mfs) switched to bufq, giving us queue limits and FIFO queueing (rather than the current LIFO queueing). |
<li>Memory filesystem (mfs) switched to bufq, giving us queue limits and FIFO queueing (rather than the current LIFO queueing). |
<li>Many improvements to the <a href="http://man.openbsd.org/?query=cwm&sektion=1">cwm(1)</a> window manager, |
<li>Many improvements to the <a href="https://man.openbsd.org/?query=cwm&sektion=1">cwm(1)</a> window manager, |
including tab completion and Xft support for menus, improved Xinerama support, and per-group vertical/horizontal manual tiling support. |
including tab completion and Xft support for menus, improved Xinerama support, and per-group vertical/horizontal manual tiling support. |
<li>Added <a href="http://man.openbsd.org/?query=dprintf&sektion=3">dprintf(3)</a>, <a href="http://man.openbsd.org/?query=grantpt&sektion=3">grantpt(3)</a>, <a href="http://man.openbsd.org/?query=posix_openpt&sektion=3">posix_openpt(3)</a>, <a href="http://man.openbsd.org/?query=ptsname&sektion=3">ptsname(3)</a>, <a href="http://man.openbsd.org/?query=unlockpt&sektion=3">unlockpt(3)</a>, and <a href="http://man.openbsd.org/?query=vdprintf&sektion=3">vdprintf(3)</a>. |
<li>Added <a href="https://man.openbsd.org/?query=dprintf&sektion=3">dprintf(3)</a>, <a href="https://man.openbsd.org/?query=grantpt&sektion=3">grantpt(3)</a>, <a href="https://man.openbsd.org/?query=posix_openpt&sektion=3">posix_openpt(3)</a>, <a href="https://man.openbsd.org/?query=ptsname&sektion=3">ptsname(3)</a>, <a href="https://man.openbsd.org/?query=unlockpt&sektion=3">unlockpt(3)</a>, and <a href="https://man.openbsd.org/?query=vdprintf&sektion=3">vdprintf(3)</a>. |
<li>Corrected the order of invocation of constructor and destruction functions. |
<li>Corrected the order of invocation of constructor and destruction functions. |
<li>Improved compliance and/or cleanliness of header files, particularly |
<li>Improved compliance and/or cleanliness of header files, particularly |
<dlfcn.h>, <netdb.h>, <net/if.h>, |
<dlfcn.h>, <netdb.h>, <net/if.h>, |
|
|
<ul> |
<ul> |
<li>New features: |
<li>New features: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
and |
and |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
Added support for AES-GCM authenticated encryption in SSH protocol 2. |
Added support for AES-GCM authenticated encryption in SSH protocol 2. |
The new cipher is available as "aes128-gcm@openssh.com" and |
The new cipher is available as "aes128-gcm@openssh.com" and |
"aes256-gcm@openssh.com". It uses an identical packet format to the |
"aes256-gcm@openssh.com". It uses an identical packet format to the |
AES-GCM mode specified in RFC 5647, but uses simpler and different |
AES-GCM mode specified in RFC 5647, but uses simpler and different |
selection rules during key exchange. |
selection rules during key exchange. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
and |
and |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2. |
Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2. |
These modes alter the packet format and compute the MAC over the |
These modes alter the packet format and compute the MAC over the |
packet length and encrypted packet rather than over the plaintext |
packet length and encrypted packet rather than over the plaintext |
data. These modes are considered more secure and are used by default |
data. These modes are considered more secure and are used by default |
when available. |
when available. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
and |
and |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
Added support for the UMAC-128 MAC as "umac-128@openssh.com" and |
Added support for the UMAC-128 MAC as "umac-128@openssh.com" and |
"umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode. |
"umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode. |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
Added support for multiple required authentication in SSH protocol 2 |
Added support for multiple required authentication in SSH protocol 2 |
via an <tt>AuthenticationMethods</tt> option. This option lists one |
via an <tt>AuthenticationMethods</tt> option. This option lists one |
or more comma-separated lists of authentication method names. |
or more comma-separated lists of authentication method names. |
|
|
authentication to complete. This allows, for example, requiring a |
authentication to complete. This allows, for example, requiring a |
user having to authenticate via public key or GSSAPI before they are |
user having to authenticate via public key or GSSAPI before they are |
offered password authentication. |
offered password authentication. |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
and |
and |
<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
Added support for Key Revocation Lists (KRLs), a compact binary |
Added support for Key Revocation Lists (KRLs), a compact binary |
format to represent lists of revoked keys and certificates that take |
format to represent lists of revoked keys and certificates that take |
as little as one bit per certificate when revoking by serial number. |
as little as one bit per certificate when revoking by serial number. |
KRLs may be generated using |
KRLs may be generated using |
<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> |
<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> |
and are loaded into |
and are loaded into |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
via the existing <tt>RevokedKeys</tt> |
via the existing <tt>RevokedKeys</tt> |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
option. |
option. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<tt>IdentitiesOnly</tt> now applies to keys obtained from a |
<tt>IdentitiesOnly</tt> now applies to keys obtained from a |
PKCS11Provider. This allows control of which keys are offered from |
PKCS11Provider. This allows control of which keys are offered from |
tokens using <tt>IdentityFile</tt>. |
tokens using <tt>IdentityFile</tt>. |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>'s |
AllowTcpForwarding now accepts "<tt>local</tt>" and "<tt>remote</tt>" |
AllowTcpForwarding now accepts "<tt>local</tt>" and "<tt>remote</tt>" |
in addition to its previous "<tt>yes</tt>"/"<tt>no</tt>" keywords to |
in addition to its previous "<tt>yes</tt>"/"<tt>no</tt>" keywords to |
allow the server to specify whether just local or remote TCP |
allow the server to specify whether just local or remote TCP |
forwarding is enabled. |
forwarding is enabled. |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
Added a |
Added a |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
option <tt>AuthorizedKeysCommand</tt> to support fetching |
option <tt>AuthorizedKeysCommand</tt> to support fetching |
authorized_keys from a command in addition to (or instead of) from |
authorized_keys from a command in addition to (or instead of) from |
the filesystem. The command is run under an account specified by an |
the filesystem. The command is run under an account specified by an |
<tt>AuthorizedKeysCommandUser</tt> |
<tt>AuthorizedKeysCommandUser</tt> |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
option. |
option. |
<li><a href="http://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>: |
<li><a href="https://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>: |
Now supports a <tt>-d</tt> option to allow the starting directory to |
Now supports a <tt>-d</tt> option to allow the starting directory to |
be something other than the user's home directory. |
be something other than the user's home directory. |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
Now allows fingerprinting of keys hosted in PKCS#11 tokens using |
Now allows fingerprinting of keys hosted in PKCS#11 tokens using |
"ssh-keygen -lD pkcs11_provider". |
"ssh-keygen -lD pkcs11_provider". |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
When SSH protocol 2 only is selected (the default), |
When SSH protocol 2 only is selected (the default), |
<a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
now immediately sends its SSH protocol banner to the server without |
now immediately sends its SSH protocol banner to the server without |
waiting to receive the server's banner, saving time when connecting. |
waiting to receive the server's banner, saving time when connecting. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
Added <tt>~v</tt> and <tt>~V</tt> escape sequences to raise and lower |
Added <tt>~v</tt> and <tt>~V</tt> escape sequences to raise and lower |
the logging level respectively. |
the logging level respectively. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
Made the escape command help (<tt>~?</tt>) context sensitive so that |
Made the escape command help (<tt>~?</tt>) context sensitive so that |
only commands that will work in the current session are shown. |
only commands that will work in the current session are shown. |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
When deleting host lines from known_hosts using "ssh-keygen -R host", |
When deleting host lines from known_hosts using "ssh-keygen -R host", |
<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> |
<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> |
now prints details of which lines were removed. |
now prints details of which lines were removed. |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
Force a clean shutdown of ControlMaster client sessions when the |
Force a clean shutdown of ControlMaster client sessions when the |
<tt>~.</tt> escape sequence is used. This means that <tt>~.</tt> |
<tt>~.</tt> escape sequence is used. This means that <tt>~.</tt> |
should now work in mux clients even if the server is no longer |
should now work in mux clients even if the server is no longer |
responding. |
responding. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
Correctly detect errors during local TCP forward setup in multiplexed |
Correctly detect errors during local TCP forward setup in multiplexed |
clients. (bz#2055) |
clients. (bz#2055) |
<li><a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>: |
Made deleting explicit keys "ssh-add -d" symmetric with adding keys |
Made deleting explicit keys "ssh-add -d" symmetric with adding keys |
with respect to certificates. It now tries to delete the |
with respect to certificates. It now tries to delete the |
corresponding certificate and respects the <tt>-k</tt> option to |
corresponding certificate and respects the <tt>-k</tt> option to |
allow deleting of the key only. |
allow deleting of the key only. |
<li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>: |
Fix a number of parsing and command-editing bugs, including bz#1956. |
Fix a number of parsing and command-editing bugs, including bz#1956. |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
When muxmaster is run with <tt>-N</tt>, ensure that it shuts down |
When muxmaster is run with <tt>-N</tt>, ensure that it shuts down |
gracefully when a client sends it "-O stop" rather than hanging |
gracefully when a client sends it "-O stop" rather than hanging |
around. (bz#1985) |
around. (bz#1985) |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
When screening moduli candidates, append to the file rather than |
When screening moduli candidates, append to the file rather than |
overwriting to allow resumption. (bz#1957) |
overwriting to allow resumption. (bz#1957) |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
Record "Received disconnect" messages at ERROR rather than INFO |
Record "Received disconnect" messages at ERROR rather than INFO |
priority. (bz#2057) |
priority. (bz#2057) |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
Loudly warn if explicitly-provided private key is unreadable. |
Loudly warn if explicitly-provided private key is unreadable. |
(bz#1981) |
(bz#1981) |
</ul> |
</ul> |
|
|
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
at <i>CD1:5.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
at <i>CD1:5.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
use the |
use the |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> |
<a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> |
utility. The following is an example usage of |
utility. The following is an example usage of |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, |
<a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, |
where the device could be "floppy", "rfd0c", or |
where the device could be "floppy", "rfd0c", or |
"rfd0a". |
"rfd0a". |
|
|
|
|
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
<a href="http://man.openbsd.org/?query=cvs&sektion=1&arch=i386"> |
<a href="https://man.openbsd.org/?query=cvs&sektion=1&arch=i386"> |
cvs(1)</a> if |
cvs(1)</a> if |
you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
source tree, our ports tree is available via |
source tree, our ports tree is available via |