version 1.51, 2022/10/03 20:41:40 |
version 1.52, 2022/10/03 21:30:58 |
|
|
locked ypbinding file, thereby removing a horrible hack to support YP |
locked ypbinding file, thereby removing a horrible hack to support YP |
lookups in programs using strong |
lookups in programs using strong |
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a> rules. |
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a> rules. |
<li>Restrict pledge("vminfo") callers to read-only <a |
<li>Processes that pledge("vminfo") may only use the <a |
href="https://man.openbsd.org/swapctl.2">swapctl(2)</a> operations. |
href="https://man.openbsd.org/swapctl.2">swapctl(2)</a> operations |
|
SWAP_NSWAP and SWAP_STATS providing information on swap devices. |
<li>Randomized the rekey interval of <a |
<li>Randomized the rekey interval of <a |
href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>. |
href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>. |
<li>Added local bind mode to <a |
<li>Reduce the attack surface by introducing a 'local bind' mode to <a |
href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>. In this mode |
href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>. In this mode |
ypldap binds its RPC sockets to loopback, so YP services are only |
ypldap binds its RPC sockets to loopback, so YP services are only |
available to the host ypldap is running on. In local bind mode one |
available to the host it's running on. ypldap replaces <a |
does not need to run <a |
href="https://man.openbsd.org/ypbind.8">ypbind(8)</a> and writes the |
href="https://man.openbsd.org/portmap.8">portmap(8)</a>. |
YP binding file in /var/yp/binding itself. This also implies that <a |
|
href="https://man.openbsd.org/portmap.8">portmap(8)</a> doesn't need |
|
to be running anymore when local bind mode is used. |
<li>Changed the /sbin daemons <a |
<li>Changed the /sbin daemons <a |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>, <a |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>, <a |
href="https://man.openbsd.org/mountd.8">mountd(8)</a>, <a |
href="https://man.openbsd.org/mountd.8">mountd(8)</a>, <a |
|
|
<li>Relax IP address limitation by allowing prefixes in 240/4. |
<li>Relax IP address limitation by allowing prefixes in 240/4. |
<li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles |
<li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles |
in UPDATE and OPEN Messages. |
in UPDATE and OPEN Messages. |
<li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP. |
<li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP (ADD-PATH). |
<li>Improve FIB code, handle IPv6 scoped addresses properly. |
<li>Improve FIB code, handle IPv6 scoped addresses properly. |
<li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>, |
<li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>, |
a FastCGI server providing a REST API to execute |
a FastCGI server providing a REST API to execute |
|
|
<li>Fix race between a neighbor session reset and its update message |
<li>Fix race between a neighbor session reset and its update message |
backlog |
backlog |
<li>Improve handling of nexthop reachability state changes |
<li>Improve handling of nexthop reachability state changes |
<li>Added send side RFC 7911 (ADD-PATH) support to <a |
|
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
|
<li>Made sure only one <a |
<li>Made sure only one <a |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa softreconfig |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa softreconfig |
runner is run at any time. |
runner is run at any time. |