===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/62.html,v
retrieving revision 1.30
retrieving revision 1.31
diff -c -r1.30 -r1.31
*** www/62.html 2017/10/02 21:03:57 1.30
--- www/62.html 2017/10/02 22:31:09 1.31
***************
*** 136,141 ****
--- 136,158 ----
with a link local source address.
FQ-CoDel algorithm has been implemented for use with pf(4) queueing.
+ Improve IPv6 checks for IPsec policies and make them consistent
+ with IPv4.
+ Refactor local IP delivery to process IPsec packets in a flow.
+ Avoid that they are enqueued a second time.
+ pf(4)
+ looks into AH packets and matches on the inner protocol.
+ This makes IPv4 authentication headers work like IPv6.
+ The length of extension header chains in pf(4) is limited.
+ This prevents spending excessive cpu time on crafted packets.
+ Block IPv6 packets in pf(4) that have hop-by-hop options
+ header or destination options header.
+ Such packets can be passed by adding "allow-opts" to the
+ rule.
+ So IPv6 options are handled like their counterpart in IPv4
+ now.
+ If the IPv4 ID gets reused to fast, pf(4) fragment reassembly
+ uses a smarter strategy to drop packets.
...
***************
*** 156,165 ****
Routing daemons and other userland network improvements:
- A new daemon, slaacd(8) handles IPv6
Stateless Address Autoconfiguration (RFC 4862).
!
- rtadvd(8) now supports
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
- ...
--- 173,194 ----
Routing daemons and other userland network improvements:
- A new daemon, slaacd(8) handles IPv6
Stateless Address Autoconfiguration (RFC 4862).
!
- rtadvd(8) now supports
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
+
- ipsecctl(8)
+ can show SA bundles now.
+ The keyword "bundle" allows to create them explicitly.
+ This avoids confusion as they were used implicitly before.
+
- nc(1)
+ has got the option -W "recvlimit" to terminate netcat after
+ receiving a number of packets.
+ This allows to send a UDP request, receive a reply and check
+ the result on the command line.
+
- Fix a bunch of races in
+ relayd(8)
+ expecially in HTTP chunked mode.
- ...
***************
*** 190,195 ****
--- 219,229 ----
rc(8) re-links
ld.so on
startup, placing the objects in a random order.
+
If process accounting is activated with
+ accton(8),
+ the daily mail shows pledge violations and program crashes.
+ lastcomm(8)
+ uses the flags P and T for such processes.
***************
*** 217,222 ****
--- 251,270 ----
New ctfdump
and ctfconv tools to manipulate
CTF (Compact C Type Format).
+ The error handling in
+ syslogd(8)
+ has been improved.
+ Even if internal errors occur, the deamon tries to keep
+ unaffected subsystems active.
+ So as many messages as possible are logged.
+ They can be filtered by severity and facility "syslog".
+ syslogd(8) can now suppress "last message repeated" which is
+ useful for remote logging.
+ syslogd(8) can listen on multiple TLS sockets.
+ syslogd(8) closes the *.514 UDP sockets when they are not
+ needed.
+ Truncate log messates at 8192 bytes everywhere.
+ Nested mount points are umounted in correct order.
***************
*** 234,239 ****
--- 282,292 ----
New/changed features:
+ - Add RemoteCommand option to specify a command in the
+ ssh(1)
+ config file instead of giving it on the client's command
+ line.
+ The feature allows to automate tasks using ssh config.
- ...
The following significant bugs have been fixed in this release:
***************
*** 341,347 ****
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
! Expat 2.1.1
--- 394,400 ----
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
! Expat 2.2.4