===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/62.html,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- www/62.html 2017/10/02 21:03:57 1.30
+++ www/62.html 2017/10/02 22:31:09 1.31
@@ -136,6 +136,23 @@
with a link local source address.
FQ-CoDel algorithm has been implemented for use with pf(4) queueing.
+ Improve IPv6 checks for IPsec policies and make them consistent
+ with IPv4.
+ Refactor local IP delivery to process IPsec packets in a flow.
+ Avoid that they are enqueued a second time.
+ pf(4)
+ looks into AH packets and matches on the inner protocol.
+ This makes IPv4 authentication headers work like IPv6.
+ The length of extension header chains in pf(4) is limited.
+ This prevents spending excessive cpu time on crafted packets.
+ Block IPv6 packets in pf(4) that have hop-by-hop options
+ header or destination options header.
+ Such packets can be passed by adding "allow-opts" to the
+ rule.
+ So IPv6 options are handled like their counterpart in IPv4
+ now.
+ If the IPv4 ID gets reused to fast, pf(4) fragment reassembly
+ uses a smarter strategy to drop packets.
...
@@ -156,10 +173,22 @@
Routing daemons and other userland network improvements:
- A new daemon, slaacd(8) handles IPv6
+ href="https://man.openbsd.org/slaacd.8">slaacd(8) handles IPv6
Stateless Address Autoconfiguration (RFC 4862).
-
- rtadvd(8) now supports
+
- rtadvd(8) now supports
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
+
- ipsecctl(8)
+ can show SA bundles now.
+ The keyword "bundle" allows to create them explicitly.
+ This avoids confusion as they were used implicitly before.
+
- nc(1)
+ has got the option -W "recvlimit" to terminate netcat after
+ receiving a number of packets.
+ This allows to send a UDP request, receive a reply and check
+ the result on the command line.
+
- Fix a bunch of races in
+ relayd(8)
+ expecially in HTTP chunked mode.
- ...
@@ -190,6 +219,11 @@
rc(8) re-links
ld.so on
startup, placing the objects in a random order.
+
If process accounting is activated with
+ accton(8),
+ the daily mail shows pledge violations and program crashes.
+ lastcomm(8)
+ uses the flags P and T for such processes.
@@ -217,6 +251,20 @@
New ctfdump
and ctfconv tools to manipulate
CTF (Compact C Type Format).
+ The error handling in
+ syslogd(8)
+ has been improved.
+ Even if internal errors occur, the deamon tries to keep
+ unaffected subsystems active.
+ So as many messages as possible are logged.
+ They can be filtered by severity and facility "syslog".
+ syslogd(8) can now suppress "last message repeated" which is
+ useful for remote logging.
+ syslogd(8) can listen on multiple TLS sockets.
+ syslogd(8) closes the *.514 UDP sockets when they are not
+ needed.
+ Truncate log messates at 8192 bytes everywhere.
+ Nested mount points are umounted in correct order.
@@ -234,6 +282,11 @@
New/changed features:
+ - Add RemoteCommand option to specify a command in the
+ ssh(1)
+ config file instead of giving it on the client's command
+ line.
+ The feature allows to automate tasks using ssh config.
- ...
The following significant bugs have been fixed in this release:
@@ -341,7 +394,7 @@
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
- Expat 2.1.1
+ Expat 2.2.4