===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -c -r1.72 -r1.73
*** www/69.html 2021/04/24 11:53:35 1.72
--- www/69.html 2021/04/24 19:57:08 1.73
***************
*** 217,223 ****
Added trace points for malloc(9) and free(9), making them
! traceabe via dt(4) and btrace(8).
Added btrace(8) -n
(no action) mode, which parses the program and then exits.
--- 217,223 ----
Added trace points for malloc(9) and free(9), making them
! traceable via dt(4) and btrace(8).
Added btrace(8) -n
(no action) mode, which parses the program and then exits.
***************
*** 228,234 ****
Added a barrier between reading the cqe flags and the command ID
! to prevent completion of the wrong scsi io for nvme(4) drives.
Prevented attachment of nvme(4)
devices of zero size.
--- 228,234 ----
Added a barrier between reading the cqe flags and the command ID
! to prevent completion of the wrong SCSI I/O for nvme(4) drives.
Prevented attachment of nvme(4)
devices of zero size.
***************
*** 403,418 ****
from adding authorizations for TCP connections by default and added
"listenTCP" to explicitly add authorizations for existing IP addresses
on startup.
! Skip xenodm(1)
! from adding the IPv6 link local addresses for TCP listener
! authorizations, matching what is done by startx(1).
Fixed -s option for cmp(1).
Improve pledge in doas(1), specifically added
pledge to the "-C" code path.
! Inproved performance of malloc(3)'s cache.
Made editing GPT in fdisk(8) safer by
--- 403,418 ----
from adding authorizations for TCP connections by default and added
"listenTCP" to explicitly add authorizations for existing IP addresses
on startup.
! Skip adding the IPv6 link local addresses for TCP listener
! authorizations in xenodm(1),
! matching what is done by
! startx(1).
Fixed -s option for cmp(1).
Improve pledge in doas(1), specifically added
pledge to the "-C" code path.
! Improved performance of malloc(3)'s cache.
Made editing GPT in fdisk(8) safer by
***************
*** 429,435 ****
command line.
Added a "batch" mode to mg(1) via the "-b" command
! line option which will initialize a pty, run the specified file of mg
commands and then exit.
Inverted the mg(1) "R"
indicator to mean that a "*" next to a file's name indicates that it
--- 429,435 ----
command line.
Added a "batch" mode to mg(1) via the "-b" command
! line option, which will initialize a pty, run the specified file of mg
commands and then exit.
Inverted the mg(1) "R"
indicator to mean that a "*" next to a file's name indicates that it
***************
*** 632,639 ****
href="https://man.openbsd.org/ifconfig.8">ifconfig(8) to refer to
"temporary address extensions" rather than the former "privacy
extensions," including the addition of an AUTOCONF6TEMP flag (to
! replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy
! option if ifconfig(8)
has been deprecated.
Made it possible to disable the "autoconf" flag but keep
"temporary" enabled in ifconfig(8) to refer to
"temporary address extensions" rather than the former "privacy
extensions," including the addition of an AUTOCONF6TEMP flag (to
! replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy
! option in ifconfig(8)
has been deprecated.
Made it possible to disable the "autoconf" flag but keep
"temporary" enabled in Prevented kernel reuse of mbuf memory when generating the ICMP6
response to an IPv6 packet.
! Use the toeplitz hash algorithm to a flowid for tcp packets,
which in turn is used to choose the tx ring on network cards with
multiple rings.
Fixed wg(4) on macppc
--- 644,650 ----
Prevented kernel reuse of mbuf memory when generating the ICMP6
response to an IPv6 packet.
! Use the toeplitz hash algorithm to set a flowid for tcp packets,
which in turn is used to choose the tx ring on network cards with
multiple rings.
Fixed wg(4) on macppc
***************
*** 734,740 ****
error".
No longer allow configuration of the same neighbor multiple
times in bgpd(8).
! pf(4) tables track now
prefixes correctly even when received by multiple sessions.
Fixed a memory leak when parsing bgpd(8) roa-set lists.
--- 734,740 ----
error".
No longer allow configuration of the same neighbor multiple
times in bgpd(8).
! pf(4) tables now track
prefixes correctly even when received by multiple sessions.
Fixed a memory leak when parsing bgpd(8) roa-set lists.
***************
*** 742,752 ****
The ospfd(8) and ospf6d(8) routing
! daemons saw various internal refactoring to keep the code similar to
! changes in other routing daemons and improve maintainability.
Additionally, support for point-to-point interfaces in ospf6d(8)was fixed and ospfd(8) now works with
point-to-point interfaces which use a common IP address.
--- 742,752 ----
The ospfd(8) and ospf6d(8) routing
! daemons were refactored to keep the code similar to
! changes in other routing daemons and to improve maintainability.
Additionally, support for point-to-point interfaces in ospf6d(8) was fixed and ospfd(8) now works with
point-to-point interfaces which use a common IP address.
***************
*** 913,919 ****
Fixed dig(1) EDNS
Client Subnet option (+subnet=).
Fixed IPv6 link-local address handling for nameservers to talk to
! and address to bind to in dig(1).
Implemented ZONEMD (RFC 8976) in dig(1) to convey a message
--- 913,919 ----
Fixed dig(1) EDNS
Client Subnet option (+subnet=).
Fixed IPv6 link-local address handling for nameservers to talk to
! and for address to bind to in dig(1).
Implemented ZONEMD (RFC 8976) in dig(1) to convey a message
***************
*** 979,996 ****
snmpd.conf(5) no
longer accepts the old listen on address [tcp|udp]
syntax. Only the new listen on [tcp|udp] address
! sytanx is now supported.
snmpd(8) now fully
! implements RFC3584 Trapv1 to Trapv2 conversion for
! "trap handle".
sysUpTime and snmpTrapOID now respect
! snmpd(8)' -N flag,
! similar to the other values send by trap handle.
snmpd.conf(5) now
accepts the read, write, and
! notify keywords. Allowing for request type
filtering per listen on statement and custom
! trap handle ports.
snmp(1) now has initial
support for SMI enums. For now only TruthValue is implemented
on ifPromiscuousMode and ifConnectorPresent.
--- 979,996 ----
snmpd.conf(5) no
longer accepts the old listen on address [tcp|udp]
syntax. Only the new listen on [tcp|udp] address
! syntax is now supported.
snmpd(8) now fully
! implements RFC3584 Trapv1 to Trapv2 conversion for the
! trap handle.
sysUpTime and snmpTrapOID now respect
! snmpd(8)'s -N flag,
! similar to the other values sent by the trap handle.
snmpd.conf(5) now
accepts the read, write, and
! notify keywords. This allows for request type
filtering per listen on statement and custom
! trap handle ports.
snmp(1) now has initial
support for SMI enums. For now only TruthValue is implemented
on ifPromiscuousMode and ifConnectorPresent.
***************
*** 1010,1016 ****
to ldapd(8).
Changed ping(8) to
! drain the raw socket of packets received before we were fully setup to
avoid reporting ICMP responses intended for other instances of ping(8)
running in parallel.
Added ping(8) -g
--- 1010,1016 ----
to ldapd(8).
Changed ping(8) to
! drain the raw socket of packets received before it is fully set up to
avoid reporting ICMP responses intended for other instances of ping(8)
running in parallel.
Added ping(8) -g
***************
*** 1118,1125 ****
machine.
Switch to libtls internally.
Change the way SNI works in smtpd.conf(5).
! TLS listeners may be configured with multiple certificates,
! the matching is based on the names included in these certificates.
Allow to specify tls protocols and ciphers per listener and relay action.
--- 1118,1125 ----
machine.
Switch to libtls internally.
Change the way SNI works in smtpd.conf(5).
! TLS listeners may be configured with multiple certificates.
! The matching is based on the names included in these certificates.
Allow to specify tls protocols and ciphers per listener and relay action.
***************
*** 1465,1472 ****
Destroy the mutex in a tls_config object on tls_config_free().
! Free alert_data and phh_data in tls13_record_layer_free()
! these could leak if
SSL_shutdown(3)
or tls_close(3)
were called after closing the underlying socket().
--- 1465,1472 ----
Destroy the mutex in a tls_config object on tls_config_free().
! Free alert_data and phh_data in tls13_record_layer_free().
! These could leak if
SSL_shutdown(3)
or tls_close(3)
were called after closing the underlying socket().
***************
*** 1783,1789 ****
ssh(1): make
hostbased authentication send the signature algorithm in its
! SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make
HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.
--- 1783,1789 ----
ssh(1): make
hostbased authentication send the signature algorithm in its
! SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This makes
HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.