version 1.30, 2017/10/02 21:03:57 |
version 1.31, 2017/10/02 22:31:09 |
|
|
with a link local source address. |
with a link local source address. |
<li> FQ-CoDel algorithm has been implemented for use with <a |
<li> FQ-CoDel algorithm has been implemented for use with <a |
href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>. |
href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>. |
|
<li>Improve IPv6 checks for IPsec policies and make them consistent |
|
with IPv4. |
|
<li>Refactor local IP delivery to process IPsec packets in a flow. |
|
Avoid that they are enqueued a second time. |
|
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> |
|
looks into AH packets and matches on the inner protocol. |
|
This makes IPv4 authentication headers work like IPv6. |
|
<li>The length of extension header chains in pf(4) is limited. |
|
This prevents spending excessive cpu time on crafted packets. |
|
<li>Block IPv6 packets in pf(4) that have hop-by-hop options |
|
header or destination options header. |
|
Such packets can be passed by adding "allow-opts" to the |
|
rule. |
|
So IPv6 options are handled like their counterpart in IPv4 |
|
now. |
|
<li>If the IPv4 ID gets reused to fast, pf(4) fragment reassembly |
|
uses a smarter strategy to drop packets. |
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li> A new daemon, <a |
<li> A new daemon, <a |
href="https://man.openbsd.org/slaacd">slaacd(8)</a> handles IPv6 |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6 |
Stateless Address Autoconfiguration (RFC 4862). |
Stateless Address Autoconfiguration (RFC 4862). |
<li> <a href="https://man.openbsd.org/rtadvd">rtadvd(8)</a> now supports |
<li> <a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports |
"Reducing Energy Consumption of Router Advertisements" (RFC 7772). |
"Reducing Energy Consumption of Router Advertisements" (RFC 7772). |
|
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> |
|
can show SA bundles now. |
|
The keyword "bundle" allows to create them explicitly. |
|
This avoids confusion as they were used implicitly before. |
|
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a> |
|
has got the option -W "recvlimit" to terminate netcat after |
|
receiving a number of packets. |
|
This allows to send a UDP request, receive a reply and check |
|
the result on the command line. |
|
<li>Fix a bunch of races in |
|
<a href="https://man.openbsd.org/relayd.8">relayd(8)</a> |
|
expecially in HTTP chunked mode. |
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links |
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links |
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on |
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on |
startup, placing the objects in a random order. |
startup, placing the objects in a random order. |
|
<li>If process accounting is activated with |
|
<a href="https://man.openbsd.org/accton.8">accton(8)</a>, |
|
the daily mail shows pledge violations and program crashes. |
|
<a href="https://man.openbsd.org/lastcomm.8">lastcomm(8)</a> |
|
uses the flags P and T for such processes. |
</ul> |
</ul> |
<p> |
<p> |
|
|
|
|
<li>New <a href="https://man.openbsd.org/ctfdump">ctfdump</a> |
<li>New <a href="https://man.openbsd.org/ctfdump">ctfdump</a> |
and <a href="https://man.openbsd.org/ctfconv">ctfconv</a> tools to manipulate |
and <a href="https://man.openbsd.org/ctfconv">ctfconv</a> tools to manipulate |
CTF (Compact C Type Format). |
CTF (Compact C Type Format). |
|
<li>The error handling in |
|
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
|
has been improved. |
|
Even if internal errors occur, the deamon tries to keep |
|
unaffected subsystems active. |
|
So as many messages as possible are logged. |
|
They can be filtered by severity and facility "syslog". |
|
<li>syslogd(8) can now suppress "last message repeated" which is |
|
useful for remote logging. |
|
<li>syslogd(8) can listen on multiple TLS sockets. |
|
<li>syslogd(8) closes the *.514 UDP sockets when they are not |
|
needed. |
|
<li>Truncate log messates at 8192 bytes everywhere. |
|
<li>Nested mount points are umounted in correct order. |
</ul> |
</ul> |
<p> |
<p> |
|
|
|
|
</ul> |
</ul> |
<li>New/changed features: |
<li>New/changed features: |
<ul> |
<ul> |
|
<li>Add RemoteCommand option to specify a command in the |
|
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
|
config file instead of giving it on the client's command |
|
line. |
|
The feature allows to automate tasks using ssh config. |
<li>... |
<li>... |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
|
|
<li>Binutils 2.17 (+ patches) |
<li>Binutils 2.17 (+ patches) |
<li>Gdb 6.3 (+ patches) |
<li>Gdb 6.3 (+ patches) |
<li>Awk Aug 10, 2011 version |
<li>Awk Aug 10, 2011 version |
<li>Expat 2.1.1 |
<li>Expat 2.2.4 |
</ul> |
</ul> |
</ul> |
</ul> |
|
|