version 1.72, 2021/04/24 11:53:35 |
version 1.73, 2021/04/24 19:57:08 |
|
|
<li>Added trace points for <a |
<li>Added trace points for <a |
href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a |
href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a |
href="https://man.openbsd.org/free.9">free(9)</a>, making them |
href="https://man.openbsd.org/free.9">free(9)</a>, making them |
traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a |
traceable via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a |
href="https://man.openbsd.org/btrace.8">btrace(8)</a>. |
href="https://man.openbsd.org/btrace.8">btrace(8)</a>. |
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> -n |
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> -n |
(no action) mode, which parses the program and then exits. |
(no action) mode, which parses the program and then exits. |
|
|
|
|
|
|
<li>Added a barrier between reading the cqe flags and the command ID |
<li>Added a barrier between reading the cqe flags and the command ID |
to prevent completion of the wrong scsi io for <a |
to prevent completion of the wrong SCSI I/O for <a |
href="https://man.openbsd.org/nvme.4">nvme(4)</a> drives. |
href="https://man.openbsd.org/nvme.4">nvme(4)</a> drives. |
<li>Prevented attachment of <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> |
<li>Prevented attachment of <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> |
devices of zero size. |
devices of zero size. |
|
|
from adding authorizations for TCP connections by default and added |
from adding authorizations for TCP connections by default and added |
"listenTCP" to explicitly add authorizations for existing IP addresses |
"listenTCP" to explicitly add authorizations for existing IP addresses |
on startup. |
on startup. |
<li>Skip <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> |
<li>Skip adding the IPv6 link local addresses for TCP listener |
from adding the IPv6 link local addresses for TCP listener |
authorizations in <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>, |
authorizations, matching what is done by <a |
matching what is done by |
href="https://man.openbsd.org/startx.1">startx(1)</a>. |
<a href="https://man.openbsd.org/startx.1">startx(1)</a>. |
|
|
<li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>. |
<li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>. |
<li>Improve pledge in <a |
<li>Improve pledge in <a |
href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added |
href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added |
pledge to the "-C" code path. |
pledge to the "-C" code path. |
<li>Inproved performance of <a |
<li>Improved performance of <a |
href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s cache. |
href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s cache. |
<li>Made editing GPT in <a |
<li>Made editing GPT in <a |
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> safer by |
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> safer by |
|
|
command line. |
command line. |
<li>Added a "batch" mode to <a |
<li>Added a "batch" mode to <a |
href="https://man.openbsd.org/mg.1">mg(1)</a> via the "-b" command |
href="https://man.openbsd.org/mg.1">mg(1)</a> via the "-b" command |
line option which will initialize a pty, run the specified file of mg |
line option, which will initialize a pty, run the specified file of mg |
commands and then exit. |
commands and then exit. |
<li>Inverted the <a href="https://man.openbsd.org/mg.1">mg(1)</a> "R" |
<li>Inverted the <a href="https://man.openbsd.org/mg.1">mg(1)</a> "R" |
indicator to mean that a "*" next to a file's name indicates that it |
indicator to mean that a "*" next to a file's name indicates that it |
|
|
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to refer to |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to refer to |
"temporary address extensions" rather than the former "privacy |
"temporary address extensions" rather than the former "privacy |
extensions," including the addition of an AUTOCONF6TEMP flag (to |
extensions," including the addition of an AUTOCONF6TEMP flag (to |
replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy |
replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy |
option if <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
option in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
has been deprecated. |
has been deprecated. |
<li>Made it possible to disable the "autoconf" flag but keep |
<li>Made it possible to disable the "autoconf" flag but keep |
"temporary" enabled in <a |
"temporary" enabled in <a |
|
|
|
|
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
response to an IPv6 packet. |
response to an IPv6 packet. |
<li>Use the toeplitz hash algorithm to a flowid for tcp packets, |
<li>Use the toeplitz hash algorithm to set a flowid for tcp packets, |
which in turn is used to choose the tx ring on network cards with |
which in turn is used to choose the tx ring on network cards with |
multiple rings. |
multiple rings. |
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
|
|
error". |
error". |
<li>No longer allow configuration of the same neighbor multiple |
<li>No longer allow configuration of the same neighbor multiple |
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> tables track now |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> tables now track |
prefixes correctly even when received by multiple sessions. |
prefixes correctly even when received by multiple sessions. |
<li>Fixed a memory leak when parsing <a |
<li>Fixed a memory leak when parsing <a |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
|
|
|
|
<li>The <a |
<li>The <a |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and <a |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and <a |
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> routing |
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> routing |
daemons saw various internal refactoring to keep the code similar to |
daemons were refactored to keep the code similar to |
changes in other routing daemons and improve maintainability.<br> |
changes in other routing daemons and to improve maintainability.<br> |
Additionally, support for point-to-point interfaces in <a |
Additionally, support for point-to-point interfaces in <a |
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>was fixed and <a |
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> was fixed and <a |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> now works with |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> now works with |
point-to-point interfaces which use a common IP address. |
point-to-point interfaces which use a common IP address. |
|
|
|
|
<li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS |
<li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS |
Client Subnet option (+subnet=). |
Client Subnet option (+subnet=). |
<li>Fixed IPv6 link-local address handling for nameservers to talk to |
<li>Fixed IPv6 link-local address handling for nameservers to talk to |
and address to bind to in <a |
and for address to bind to in <a |
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
<li>Implemented ZONEMD (RFC 8976) in <a |
<li>Implemented ZONEMD (RFC 8976) in <a |
href="https://man.openbsd.org/dig.1">dig(1)</a> to convey a message |
href="https://man.openbsd.org/dig.1">dig(1)</a> to convey a message |
|
|
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> no |
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> no |
longer accepts the old <code>listen on address [tcp|udp]</code> |
longer accepts the old <code>listen on address [tcp|udp]</code> |
syntax. Only the new <code>listen on [tcp|udp] address</code> |
syntax. Only the new <code>listen on [tcp|udp] address</code> |
sytanx is now supported. |
syntax is now supported. |
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> now fully |
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> now fully |
implements RFC3584 Trapv1 to Trapv2 conversion for |
implements RFC3584 Trapv1 to Trapv2 conversion for the |
"trap handle". |
<code>trap handle</code>. |
<li>sysUpTime and snmpTrapOID now respect |
<li>sysUpTime and snmpTrapOID now respect |
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>' -N flag, |
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>'s -N flag, |
similar to the other values send by <code>trap handle</code>. |
similar to the other values sent by the <code>trap handle</code>. |
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> now |
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> now |
accepts the <code>read</code>, <code>write</code>, and |
accepts the <code>read</code>, <code>write</code>, and |
<code>notify</code> keywords. Allowing for request type |
<code>notify</code> keywords. This allows for request type |
filtering per <code>listen on</code> statement and custom |
filtering per <code>listen on</code> statement and custom |
<code>trap handle </code> ports. |
<code>trap handle</code> ports. |
<li><a href="https://man.openbsd.org/snmp.1">snmp(1)</a> now has initial |
<li><a href="https://man.openbsd.org/snmp.1">snmp(1)</a> now has initial |
support for SMI enums. For now only TruthValue is implemented |
support for SMI enums. For now only TruthValue is implemented |
on ifPromiscuousMode and ifConnectorPresent. |
on ifPromiscuousMode and ifConnectorPresent. |
|
|
to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
|
|
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
drain the raw socket of packets received before we were fully setup to |
drain the raw socket of packets received before it is fully set up to |
avoid reporting ICMP responses intended for other instances of ping(8) |
avoid reporting ICMP responses intended for other instances of ping(8) |
running in parallel. |
running in parallel. |
<li>Added <a href="https://man.openbsd.org/ping.8">ping(8)</a> -g |
<li>Added <a href="https://man.openbsd.org/ping.8">ping(8)</a> -g |
|
|
machine. |
machine. |
<li>Switch to libtls internally. |
<li>Switch to libtls internally. |
<li>Change the way SNI works in <a href="https://man.openbsd.org/smtpd.conf.5#pki~2">smtpd.conf(5)</a>. |
<li>Change the way SNI works in <a href="https://man.openbsd.org/smtpd.conf.5#pki~2">smtpd.conf(5)</a>. |
TLS listeners may be configured with multiple certificates, |
TLS listeners may be configured with multiple certificates. |
the matching is based on the names included in these certificates. |
The matching is based on the names included in these certificates. |
<li>Allow to specify tls protocols and ciphers per listener and relay action. |
<li>Allow to specify tls protocols and ciphers per listener and relay action. |
</ul> |
</ul> |
|
|
|
|
|
|
<li>Destroy the mutex in a tls_config object on tls_config_free(). |
<li>Destroy the mutex in a tls_config object on tls_config_free(). |
|
|
<li>Free alert_data and phh_data in tls13_record_layer_free() |
<li>Free alert_data and phh_data in tls13_record_layer_free(). |
these could leak if |
These could leak if |
<a href="https://man.openbsd.org/SSL_shutdown.3">SSL_shutdown(3)</a> |
<a href="https://man.openbsd.org/SSL_shutdown.3">SSL_shutdown(3)</a> |
or <a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a> |
or <a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a> |
were called after closing the underlying socket(). |
were called after closing the underlying socket(). |
|
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: make |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: make |
hostbased authentication send the signature algorithm in its |
hostbased authentication send the signature algorithm in its |
SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make |
SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This makes |
HostbasedAcceptedAlgorithms do what it is supposed to - filter on |
HostbasedAcceptedAlgorithms do what it is supposed to - filter on |
signature algorithm and not key type. |
signature algorithm and not key type. |
</ul> |
</ul> |