===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- www/70.html 2021/10/02 14:39:31 1.40
+++ www/70.html 2021/10/02 15:03:11 1.41
@@ -123,8 +123,8 @@
Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
Increased the maximum data size on powerpc64 to 32GB.
+
-
Various kernel improvements:
- Enabled dt(4) for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64.
@@ -362,6 +362,8 @@
- Added GPT support to armv7 installboot(8).
- Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels.
- Use installboot(8) on arm64 ramdisks.
+
- XXX Made slaacd(8) send rDNS proposals on ramdisks, allowing resolvd(8) to learn nameservers and update /etc/resolv.conf with IPv6 resolvers.
+
Security improvements:
@@ -432,11 +434,6 @@
Fixed ipsec(4) NAT-T to work with pipex(4).
- The httpd(8) webserver saw numerous improvements:
-
-
rpki-client(8)
received the following new features and bugfixes:
@@ -477,54 +474,52 @@
the current depth seen in RPKI.
- add blurp about awesome traceroute changes!
+ traceroute(8) was improved:
- - Made traceroute(8) faster by sending probes and doing DNS lookups asynchronously.
+
- Probe packets are now sent in quick succession and responses handled asynchronously.
+ - DNS lookups are performed asynchronously.
+ This speeds up the time required to display results considerably.
- XXX Two new daemons, dhcpleased(8) and resolvd(8) were added.
- These work alongside with slaacd(8) and unwind(8) to provide a
- coherent and simple automatic configuration of network interfaces and
- DNS resolution.
- The two daemons are not enabled by default for now, but can be tested
- by enabling them with rcctl(8)
+ dhcpleased(8) was made
+ the default program for configuring IPv4 addresses via DHCP. resolvd(8) was activated
+ to handle concurrent changes to resolv.conf(5) by
+ both dhcpleased(8) and slaacd(8).
+ Additionally these programms saw the following improvements and bugfixes:
- Changed dhcpleased(8) client identifier transmission to match other dhcp client implementations.
- Simplified dhcpleasectl(8) and added syntax to match dhclient(8) (interface), allowing one to be aliased to the other.
- Retried broadcast with dhcpleased(8) when the dhcp server is unreachable via unicast UDP.
- Made resolvd(8) accept dns proposals for the loopback addresses.
- Added to dhcpleased.conf(5) the ability to ignore routes or nameservers from a lease and to ignore servers entirely.
-
- Added a new "nameserver" command to route(8), sending nameserver proposals to resolvd(8) using the dns proposal protocol over the route socket.
-
- Left resolv.conf(5) to resolvd(8) rather than recreating after finding nameservers.
+
- Left resolv.conf(5) to resolvd(8) rather than
+ recreating after finding nameservers.
- Made dhclient(8) defer to dhcpleased(8) when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself.
- Fixed potential races in slaacd(8) and dhcpleased(8) when two processes are configuring the same IP.
- Added the possibility to send vendor class identifier and client identifier using dhcpleased.conf(5).
- Made dhcpleased(8) always configure provided routes, regardless of whether the address received in the lease is already configured.
-
- Made slaacd(8) send rDNS proposals on ramdisks, allowing resolvd(8) to learn nameservers and update /etc/resolv.conf with IPv6 resolvers.
- Used exclusive locks under /dev/ to ensure single instances of resolvd(8), slaacd(8) and dhcpleased(8).
-
- Switched to dhcpleased(8) / resolvd(8) in base.
-
- Stopped attempting to install a default route with route(8) in netstart(8) if using inet autoconf.
- Implemented classless static routes dhcp option in dhcpleased(8).
+
- Added a new "nameserver" command to route(8), sending nameserver proposals to resolvd(8) using the dns proposal protocol over the route socket. This command is intended be used to integrate userland triggered nameserver changes, for example by VPN software.
Changes to snmp related tools:
-
- Other userland network changes:
-
- - Fixed acme-client(1) SAN generation for CSRs.
- Added the ability for snmpd(8) to send SNMPv3 traps.
- Changed the default snmp(1) version to -v3 and removed the default community.
- Allowed "any" to be used as a listen on address in snmpd.conf(5).
- Allowed setting of the engineid in snmpd(8).
- Switched default snmpd(8) and snmp(1) auth back to hmac-sha1.
- Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in snmpd(8). Changed default authentication to SHA-256 and privacy protocol to AES in snmpd(8) and snmp(1).
+
+
+ Other userland network changes:
+
+ - Fixed acme-client(1) SAN generation for CSRs.
- Fixed incorrect status code for expired mails resulting in a misleading bounce report in smtpd(8).
- Added TLS options cafile=(path), nosni, noverify and servername=(name) to smtp(1).
- Allowed specification of TLS ciphers and protocols in smtp(1).