===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- www/74.html 2023/10/14 22:35:53 1.82
+++ www/74.html 2023/10/14 22:42:43 1.83
@@ -865,6 +865,7 @@
binary field support ("GF2m") removed.
+
In bgpd(8),
- Add first version of flowspec support. Right now only announcement
@@ -887,6 +888,7 @@
- Adjusted example
GRACEFUL_SHUTDOWN
filter rule in
the example config to only match on ebgp sessions.
+
rpki-client(8) saw some changes:
- A 30%-50% performance improvement was achieved through libcrypto's
@@ -965,77 +967,92 @@
- Allowed arguments on NOOP.
- Let pcap_fopen_offline(3) correctly interpret some
- LINKTYPE_*
values in pcap headers written
- on foreign operating systems.
- Make dig(1)
- use less deprecated LibreSSL API.
- In ypldap(8),
- reduce memory usage when updating larger directories.
- Remove stylistic differences between
- arp(8) and
- ndp(8) delete()
- function. This makes it easier to spot real changes in behavior.
- Make ndp(8)
- not remove cloning routes when no neighbor entry is
- found with ndp -d
.
- Improved error handling in the asr resolver.
- In unwind(8),
- handle SERVFAIL results on name resolution better.
- In unwind(8),
- fix a use-after-free bug triggered by fatal write errors
- while sending TCP responses.
- In the router advertisement daemon
- rad(8), update the default
- timers for prefix preferred and valid lifetimes to use the values from
- RFC 9096.
- In slaacd(8),
- remove artificial limit of 2 hours on a PIO lifetime.
- Make ypldap(8)
- more resilient when some servers are
- misbehaving: keep trying LDAP servers until full results arrive
- rather than just until one accepts the TCP connection.
- New wgdescription parameter to
- ifconfig(8)
- to set a string describing the
- wg(4) peer.
- Let ifconfig(8)
- prefix the interface name to many error and warning messages.
- Make the tlsv1.0
and tlsv1.1
options
- in relayd(8)
- do nothing, as one should use the default tlsv1.2
- instead.
- Fix IPv6 routes being changed by
- relayd(8)
- with Routers configuration.
- In dhcrelay6(8), do not
- ignore the AF_LINK entries of carp(4) interfaces.
- Allow libpcap to read files with some additional link-layer type values.
- Improve the config parser of radiusd(8) to better handle
- comments, improve error messages and plug a memory leak.
- In radiusd(8),
- add request or response decoration feature which is used through the
- radiusd module interface. This makes additional modules can modify
- RADIUS request or response messages. Also add new "radius_standard"
- module which uses this new feature, provides some generic features
- like "strip-atmark-realm" which removes the realm part from the
- User-Name attribute.
- Allow UDP for built-in inetd(8) services on
- 127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand
- mapped addresses. Nowadays our kernel does not support these IPv6
- features and blocks localhost addresses on non-loopback interfaces.
- Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide
- local services if configured.
- In spamd(8), log a
- dummy "" IP address in the unlikely event that getnameinfo(3)
- fails.
+ Many other changes in various network programms and libraries:
+
+ - Allow libpcap to read files with some additional link-layer type values.
+
- Let pcap_fopen_offline(3) correctly interpret some
+
LINKTYPE_*
values in pcap headers written
+ on foreign operating systems.
+ - Make dig(1)
+ use less deprecated LibreSSL API.
+
- Remove stylistic differences between
+ arp(8) and
+ ndp(8) delete()
+ function. This makes it easier to spot real changes in behavior.
+
- Make ndp(8)
+ not remove cloning routes when no neighbor entry is
+ found with
ndp -d
.
+
+
+ - Improved error handling in the asr resolver.
+
+
- In unwind(8),
+ handle SERVFAIL results on name resolution better.
+
- In unwind(8),
+ fix a use-after-free bug triggered by fatal write errors
+ while sending TCP responses.
+
+
- In the router advertisement daemon
+ rad(8), update the default
+ timers for prefix preferred and valid lifetimes to use the values from
+ RFC 9096.
+
- In slaacd(8),
+ remove artificial limit of 2 hours on a PIO lifetime.
+
+
- In ypldap(8),
+ reduce memory usage when updating larger directories.
+
- Make ypldap(8)
+ more resilient when some servers are
+ misbehaving: keep trying LDAP servers until full results arrive
+ rather than just until one accepts the TCP connection.
+
+
- New wgdescription parameter to
+ ifconfig(8)
+ to set a string describing the
+ wg(4) peer.
+
+
- Let ifconfig(8)
+ prefix the interface name to many error and warning messages.
+
+
- Make the
tlsv1.0
and tlsv1.1
options
+ in relayd(8)
+ do nothing, as one should use the default tlsv1.2
+ instead.
+ - Fix IPv6 routes being changed by
+ relayd(8)
+ with Routers configuration.
+
+
- In dhcrelay6(8), do not
+ ignore the AF_LINK entries of carp(4) interfaces.
+
+
- Improve the config parser of radiusd(8) to better handle
+ comments, improve error messages and plug a memory leak.
+
- In radiusd(8),
+ add request or response decoration feature which is used through the
+ radiusd module interface. This makes additional modules can modify
+ RADIUS request or response messages. Also add new "radius_standard"
+ module which uses this new feature, provides some generic features
+ like "strip-atmark-realm" which removes the realm part from the
+ User-Name attribute.
+
+
- Allow UDP for built-in inetd(8) services on
+ 127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand
+ mapped addresses. Nowadays our kernel does not support these IPv6
+ features and blocks localhost addresses on non-loopback interfaces.
+ Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide
+ local services if configured.
+
+
- In spamd(8), log a
+ dummy "" IP address in the unlikely event that getnameinfo(3)
+ fails.
+
tmux(1) improvements and bug fixes: