version 1.40, 2021/10/02 14:39:31 |
version 1.41, 2021/10/02 15:03:11 |
|
|
<li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc. |
<li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc. |
<li>Increased the maximum data size on powerpc64 to 32GB. |
<li>Increased the maximum data size on powerpc64 to 32GB. |
</ul> |
</ul> |
|
</ul> |
|
|
|
|
<li>Various kernel improvements: |
<li>Various kernel improvements: |
<ul> |
<ul> |
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64. |
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64. |
|
|
<li>Added GPT support to <a href="armv7.html">armv7</a> <a href="https://man.openbsd.org/installboot.8">installboot(8)</a>. |
<li>Added GPT support to <a href="armv7.html">armv7</a> <a href="https://man.openbsd.org/installboot.8">installboot(8)</a>. |
<li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels. |
<li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels. |
<li>Use <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> on arm64 ramdisks. |
<li>Use <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> on arm64 ramdisks. |
|
<li>XXX Made <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> send rDNS proposals on ramdisks, allowing <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> to learn nameservers and update /etc/resolv.conf with IPv6 resolvers. |
|
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
|
|
<li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>. |
<li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>. |
</ul> |
</ul> |
|
|
<li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements: |
|
<ul> |
|
<li>... |
|
</ul> |
|
|
|
<li><a |
<li><a |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> |
received the following new features and bugfixes: |
received the following new features and bugfixes: |
|
|
the current depth seen in RPKI. |
the current depth seen in RPKI. |
</ul> |
</ul> |
|
|
<li><span style="color:red;">add blurp about awesome traceroute changes!</span> |
<li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved: |
<ul> |
<ul> |
<li>Made <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> faster by sending probes and doing DNS lookups asynchronously. |
<li>Probe packets are now sent in quick succession and responses handled asynchronously.</li> |
|
<li>DNS lookups are performed asynchronously.</li> |
|
This speeds up the time required to display results considerably. |
</ul> |
</ul> |
|
|
<li>XXX Two new daemons, <a |
<li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a |
the default program for configuring IPv4 addresses via DHCP. <a |
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added. |
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated |
These work alongside with <a |
to handle concurrent changes to <a |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a |
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by |
href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a |
both dhcpleased(8) and <a |
coherent and simple automatic configuration of network interfaces and |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br> |
DNS resolution.<br> |
Additionally these programms saw the following improvements and bugfixes: |
The two daemons are not enabled by default for now, but can be tested |
|
by enabling them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
|
<ul> |
<ul> |
<li>Changed <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client identifier transmission to match other dhcp client implementations. |
<li>Changed <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client identifier transmission to match other dhcp client implementations. |
<li>Simplified <a href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and added syntax to match <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface), allowing one to be aliased to the other. |
<li>Simplified <a href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and added syntax to match <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface), allowing one to be aliased to the other. |
<li>Retried broadcast with <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the dhcp server is unreachable via unicast UDP. |
<li>Retried broadcast with <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the dhcp server is unreachable via unicast UDP. |
<li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> accept dns proposals for the loopback addresses. |
<li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> accept dns proposals for the loopback addresses. |
<li>Added to <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a> the ability to ignore routes or nameservers from a lease and to ignore servers entirely. |
<li>Added to <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a> the ability to ignore routes or nameservers from a lease and to ignore servers entirely. |
<li>Added a new "nameserver" command to <a href="https://man.openbsd.org/route.8">route(8)</a>, sending nameserver proposals to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the dns proposal protocol over the route socket. |
<li><!-- XXX what does this mean? -->Left <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> to <a |
<li>Left <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> rather than recreating after finding nameservers. |
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> rather than |
|
recreating after finding nameservers. |
<li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> defer to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself. |
<li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> defer to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself. |
<li>Fixed potential races in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two processes are configuring the same IP. |
<li>Fixed potential races in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two processes are configuring the same IP. |
<li>Added the possibility to send vendor class identifier and client identifier using <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>. |
<li>Added the possibility to send vendor class identifier and client identifier using <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>. |
<li>Made <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always configure provided routes, regardless of whether the address received in the lease is already configured. |
<li>Made <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always configure provided routes, regardless of whether the address received in the lease is already configured. |
<li>Made <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> send rDNS proposals on ramdisks, allowing <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> to learn nameservers and update /etc/resolv.conf with IPv6 resolvers. |
|
<li>Used exclusive locks under /dev/ to ensure single instances of <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
<li>Used exclusive locks under /dev/ to ensure single instances of <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
<li>Switched to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> / <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> in base. |
|
<li>Stopped attempting to install a default route with <a href="https://man.openbsd.org/route.8">route(8)</a> in <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> if using inet autoconf. |
|
<li>Implemented classless static routes dhcp option in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
<li>Implemented classless static routes dhcp option in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
|
<li>Added a new "nameserver" command to <a href="https://man.openbsd.org/route.8">route(8)</a>, sending nameserver proposals to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the dns proposal protocol over the route socket. This command is intended be used to integrate userland triggered nameserver changes, for example by VPN software. |
</ul> |
</ul> |
|
|
<li>Changes to snmp related tools: |
<li>Changes to snmp related tools: |
<ul> |
<ul> |
<li>... |
|
</ul> |
|
|
|
<li>Other userland network changes: |
|
<ul> |
|
<li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs. |
|
<li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps. |
<li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps. |
<li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community. |
<li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community. |
<li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>. |
<li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>. |
<li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
<li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
<li>Switched default <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth back to hmac-sha1. |
<li>Switched default <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth back to hmac-sha1. |
<li>Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. Changed default authentication to SHA-256 and privacy protocol to AES in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>. |
<li>Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. Changed default authentication to SHA-256 and privacy protocol to AES in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>. |
|
</ul> |
|
|
|
<li>Other userland network changes: |
|
<ul> |
|
<li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs. |
<li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
<li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
<li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |
<li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |
<li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |
<li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |