version 1.93, 2019/04/24 15:54:54 |
version 1.94, 2019/05/27 22:55:18 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=release> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 5.9</title> |
<title>OpenBSD 5.9</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
|
<meta name="description" content="OpenBSD 5.9"> |
<meta name="description" content="OpenBSD 5.9"> |
<meta name="copyright" content="This document copyright 2016 by OpenBSD."> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/59.html"> |
<link rel="canonical" href="https://www.openbsd.org/59.html"> |
</head> |
|
|
|
<body bgcolor="#ffffff" text="#000000" link="#24248E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">5.9</font> |
5.9 |
</h2> |
</h2> |
|
|
|
<table> |
|
<tr> |
|
<td> |
<a href="images/drwxorx.jpg"> |
<a href="images/drwxorx.jpg"> |
<img alt="Dr W^X" align="left" width="227" height="343" hspace="24" src="images/drwxorx.jpg"></a> |
<img alt="Dr W^X" width="227" height="343" src="images/drwxorx.jpg"></a> |
|
<td> |
Released March 29, 2016<br> |
Released March 29, 2016<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
<font color="#e00000">ISBN 978-0-9881561-7-3</font> |
<cite class=isbn>ISBN 978-0-9881561-7-3</cite> |
<br> |
<br> |
5.9 Songs: <a href="lyrics.html#59a">"Doctor W^X"</a>, |
5.9 Songs: <a href="lyrics.html#59a">"Doctor W^X"</a>, |
<a href="lyrics.html#59b">"Systemagic (Anniversary Edition)"</a> |
<a href="lyrics.html#59b">"Systemagic (Anniversary Edition)"</a> |
|
|
<ul> |
<ul> |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
a list of mirror machines. |
a list of mirror machines. |
<li>Go to the <font color="#e00000">pub/OpenBSD/5.9/</font> directory on |
<li>Go to the <code class=reldir>pub/OpenBSD/5.9/</code> directory on |
one of the mirror sites. |
one of the mirror sites. |
<li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list |
<li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list |
of bugs and workarounds. |
of bugs and workarounds. |
<li>See a <a href="plus59.html">detailed log of changes</a> between the |
<li>See a <a href="plus59.html">detailed log of changes</a> between the |
5.8 and 5.9 releases. |
5.8 and 5.9 releases. |
<p> |
<p> |
<li><a href="https://man.openbsd.org/?query=signify">signify(1)</a> |
<li><a href="https://man.openbsd.org/signify">signify(1)</a> |
pubkeys for this release:<p> |
pubkeys for this release: |
|
|
<table cellspacing=0 style='font-family:monospace'><tr> |
<p> |
<td> |
<table class=signify> |
|
<tr><td> |
openbsd-59-base.pub: |
openbsd-59-base.pub: |
</td><td> |
<td> |
RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn |
RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn |
</td></tr><tr><td> |
<tr><td> |
openbsd-59-fw.pub: |
openbsd-59-fw.pub: |
</td><td> |
<td> |
RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1 |
RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1 |
</td></tr><tr><td> |
<tr><td> |
openbsd-59-pkg.pub: |
openbsd-59-pkg.pub: |
</td><td> |
<td> |
RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP |
RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP |
</td></tr> |
|
</table> |
</table> |
|
|
<p> |
<p> |
|
|
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
files fetched via ports.tar.gz. |
files fetched via ports.tar.gz. |
</ul> |
</ul> |
<br clear=all> |
</table> |
|
|
<hr> |
<hr> |
|
|
<h3 id="new"><font color="#0000e0">What's New</font></h3> |
<section id=new> |
|
<h3>What's New</h3> |
|
|
|
<p> |
This is a partial list of new features and systems included in OpenBSD 5.9. |
This is a partial list of new features and systems included in OpenBSD 5.9. |
For a comprehensive list, see the <a href="plus59.html">changelog</a> leading |
For a comprehensive list, see the <a href="plus59.html">changelog</a> leading |
to 5.9. |
to 5.9. |
|
|
<ul> |
<ul> |
<li>W^X policy enforced in the i386 kernel address space. |
<li>W^X policy enforced in the i386 kernel address space. |
</ul> |
</ul> |
<p> |
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/?query=asmc">asmc(4)</a> |
<li>New <a href="https://man.openbsd.org/asmc">asmc(4)</a> |
driver for the Apple System Management Controller. |
driver for the Apple System Management Controller. |
<li>New <a href="https://man.openbsd.org/?query=pchtemp">pchtemp(4)</a> |
<li>New <a href="https://man.openbsd.org/pchtemp">pchtemp(4)</a> |
driver for the thermal sensor found on Intel X99, C610 series, 9 series |
driver for the thermal sensor found on Intel X99, C610 series, 9 series |
and 100 series PCH. |
and 100 series PCH. |
<li>New <a href="https://man.openbsd.org/?query=uonerng">uonerng(4)</a> |
<li>New <a href="https://man.openbsd.org/uonerng">uonerng(4)</a> |
driver for the Moonbase Otago OneRNG. |
driver for the Moonbase Otago OneRNG. |
<li>New <a href="https://man.openbsd.org/?query=dwiic">dwiic(4)</a> |
<li>New <a href="https://man.openbsd.org/dwiic">dwiic(4)</a> |
driver for the Synopsys DesignWare I2C controller. |
driver for the Synopsys DesignWare I2C controller. |
<li>New <a href="https://man.openbsd.org/?query=ikbd">ikbd(4)</a>, |
<li>New <a href="https://man.openbsd.org/ikbd">ikbd(4)</a>, |
<a href="https://man.openbsd.org/?query=ims">ims(4)</a>, and |
<a href="https://man.openbsd.org/ims">ims(4)</a>, and |
<a href="https://man.openbsd.org/?query=imt">imt(4)</a> |
<a href="https://man.openbsd.org/imt">imt(4)</a> |
drivers for HID-over-i2c keyboards, mice and multitouch touchpads. |
drivers for HID-over-i2c keyboards, mice and multitouch touchpads. |
<li>New <a href="https://man.openbsd.org/?query=efifb">efifb(4)</a> |
<li>New <a href="https://man.openbsd.org/efifb">efifb(4)</a> |
driver for EFI frame buffer. |
driver for EFI frame buffer. |
<li>New <a href="https://man.openbsd.org/?query=viocon">viocon(4)</a> |
<li>New <a href="https://man.openbsd.org/viocon">viocon(4)</a> |
driver for the |
driver for the |
<a href="https://man.openbsd.org/?query=virtio">virtio(4)</a> |
<a href="https://man.openbsd.org/virtio">virtio(4)</a> |
console interface provided by KVM, QEMU, and others. |
console interface provided by KVM, QEMU, and others. |
<li>New <a href="https://man.openbsd.org/?query=xen">xen(4)</a> |
<li>New <a href="https://man.openbsd.org/xen">xen(4)</a> |
driver implementing Xen domU initialization and PVHVM device attachment. |
driver implementing Xen domU initialization and PVHVM device attachment. |
<li>New <a href="https://man.openbsd.org/?query=xspd">xspd(4)</a> |
<li>New <a href="https://man.openbsd.org/xspd">xspd(4)</a> |
driver for the XenSource Platform Device providing guests with |
driver for the XenSource Platform Device providing guests with |
additional capabilities. |
additional capabilities. |
<li>New <a href="https://man.openbsd.org/?query=xnf">xnf(4)</a> |
<li>New <a href="https://man.openbsd.org/xnf">xnf(4)</a> |
driver for Xen paravirtualized networking interface. |
driver for Xen paravirtualized networking interface. |
<li>amd64 can now boot from 32 bit and 64 bit EFI. |
<li>amd64 can now boot from 32 bit and 64 bit EFI. |
<li>Initial support for hardware reduced ACPI added to |
<li>Initial support for hardware reduced ACPI added to |
<a href="https://man.openbsd.org/?query=acpi">acpi(4)</a>. |
<a href="https://man.openbsd.org/acpi">acpi(4)</a>. |
<li>Support for ACPI configured SD host controllers has been added to |
<li>Support for ACPI configured SD host controllers has been added to |
<a href="https://man.openbsd.org/?query=sdhc">sdhc(4)</a>. |
<a href="https://man.openbsd.org/sdhc">sdhc(4)</a>. |
<li>The <a href="https://man.openbsd.org/?query=puc">puc(4)</a> |
<li>The <a href="https://man.openbsd.org/puc">puc(4)</a> |
driver now supports Moxa CP-168U, Perle Speed8 LE and QEMU PCI serial |
driver now supports Moxa CP-168U, Perle Speed8 LE and QEMU PCI serial |
devices. |
devices. |
<li>Intel 100 Series PCH Ethernet MAC with i219 PHY support has been added |
<li>Intel 100 Series PCH Ethernet MAC with i219 PHY support has been added |
to the |
to the |
<a href="https://man.openbsd.org/?query=em">em(4)</a> driver. |
<a href="https://man.openbsd.org/em">em(4)</a> driver. |
<li>RTL8168H/RTL8111H support has been added to |
<li>RTL8168H/RTL8111H support has been added to |
<a href="https://man.openbsd.org/?query=re&sec=4">re(4)</a>. |
<a href="https://man.openbsd.org/re&sec=4">re(4)</a>. |
<li><a href="https://man.openbsd.org/?query=inteldrm">inteldrm(4)</a> |
<li><a href="https://man.openbsd.org/inteldrm">inteldrm(4)</a> |
has been updated to Linux 3.14.52, adding initial support for Bay Trail |
has been updated to Linux 3.14.52, adding initial support for Bay Trail |
and Broadwell graphics. |
and Broadwell graphics. |
<li>Support for audio in Thinkpad docks has been added to the |
<li>Support for audio in Thinkpad docks has been added to the |
<a href="https://man.openbsd.org/?query=azalia">azalia(4)</a> |
<a href="https://man.openbsd.org/azalia">azalia(4)</a> |
driver. |
driver. |
<li>Support for Synaptic touchpads without W mode has been added to the |
<li>Support for Synaptic touchpads without W mode has been added to the |
<a href="https://man.openbsd.org/?query=pms">pms(4)</a> |
<a href="https://man.openbsd.org/pms">pms(4)</a> |
driver. |
driver. |
<li>Support for tap-and-drag detection with ALPS touchpads in the |
<li>Support for tap-and-drag detection with ALPS touchpads in the |
<a href="https://man.openbsd.org/?query=pms">pms(4)</a> |
<a href="https://man.openbsd.org/pms">pms(4)</a> |
driver has been improved. |
driver has been improved. |
<li>The <a href="https://man.openbsd.org/?query=sdmmc">sdmmc(4)</a> |
<li>The <a href="https://man.openbsd.org/sdmmc">sdmmc(4)</a> |
driver now supports sector mode for eMMC devices, such as those found on |
driver now supports sector mode for eMMC devices, such as those found on |
some BeagleBone Black boards. |
some BeagleBone Black boards. |
<li>The <a href="https://man.openbsd.org/?query=cnmac">cnmac(4)</a> |
<li>The <a href="https://man.openbsd.org/cnmac">cnmac(4)</a> |
driver now supports checksum offloading. |
driver now supports checksum offloading. |
<li>The <a href="https://man.openbsd.org/?query=ipmi">ipmi(4)</a> |
<li>The <a href="https://man.openbsd.org/ipmi">ipmi(4)</a> |
driver now supports OpenIPMI compatible character device. |
driver now supports OpenIPMI compatible character device. |
<li>Support for ST-506 disks has been removed. |
<li>Support for ST-506 disks has been removed. |
</ul> |
</ul> |
<p> |
|
|
|
<li><a href="https://man.openbsd.org/?query=pledge">pledge(2)</a> |
<li><a href="https://man.openbsd.org/pledge">pledge(2)</a> |
support integrated: |
support integrated: |
<ul> |
<ul> |
<li>The tame(2) system call was renamed to pledge(2). |
<li>The tame(2) system call was renamed to pledge(2). |
|
|
<ul> |
<ul> |
<li><a href="https://cvsweb.openbsd.org/src/lib/libc/asr/asr.c?rev=1.50&content-type=text/x-cvsweb-markup"> |
<li><a href="https://cvsweb.openbsd.org/src/lib/libc/asr/asr.c?rev=1.50&content-type=text/x-cvsweb-markup"> |
support for HOSTALIASES</a> in the |
support for HOSTALIASES</a> in the |
<a href="https://man.openbsd.org/?query=asr_run"> |
<a href="https://man.openbsd.org/asr_run"> |
resolver</a>. |
resolver</a>. |
<li><a href="https://cvsweb.openbsd.org/src/lib/libc/asr/asr.c?rev=1.49&content-type=text/x-cvsweb-markup"> |
<li><a href="https://cvsweb.openbsd.org/src/lib/libc/asr/asr.c?rev=1.49&content-type=text/x-cvsweb-markup"> |
support for <tt>lookup yp</tt></a> |
support for <code>lookup yp</code></a> |
in |
in |
<a href="https://man.openbsd.org/?query=resolv.conf"> |
<a href="https://man.openbsd.org/resolv.conf"> |
resolv.conf(5)</a>. |
resolv.conf(5)</a>. |
<li><a href="https://cvsweb.openbsd.org/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&content-type=text/x-cvsweb-markup"> |
<li><a href="https://cvsweb.openbsd.org/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&content-type=text/x-cvsweb-markup"> |
setuid-preserving code</a> |
setuid-preserving code</a> |
|
|
<li>handling of |
<li>handling of |
<a href="https://cvsweb.openbsd.org/src/usr.bin/patch/ed.c?rev=1.1&content-type=text/x-cvsweb-markup"> |
<a href="https://cvsweb.openbsd.org/src/usr.bin/patch/ed.c?rev=1.1&content-type=text/x-cvsweb-markup"> |
ed-style diffs</a> via proc/exec in |
ed-style diffs</a> via proc/exec in |
<a href="https://man.openbsd.org/?query=patch"> |
<a href="https://man.openbsd.org/patch"> |
patch(1)</a>. |
patch(1)</a>. |
</ul> |
</ul> |
<li>Userland programs were audited so that they could be properly annotated |
<li>Userland programs were audited so that they could be properly annotated |
|
|
addition of |
addition of |
<a href="https://cvsweb.openbsd.org/src/usr.sbin/rdate/rdate.c?rev=1.33&content-type=text/x-cvsweb-markup"> |
<a href="https://cvsweb.openbsd.org/src/usr.sbin/rdate/rdate.c?rev=1.33&content-type=text/x-cvsweb-markup"> |
privilege separation</a> to |
privilege separation</a> to |
<a href="https://man.openbsd.org/?query=rdate"> |
<a href="https://man.openbsd.org/rdate"> |
rdate(8)</a> |
rdate(8)</a> |
<li> |
<li> |
addition of |
addition of |
<a href="https://cvsweb.openbsd.org/src/usr.bin/sndiod/sndiod.c?rev=1.18&content-type=text/x-cvsweb-markup"> |
<a href="https://cvsweb.openbsd.org/src/usr.bin/sndiod/sndiod.c?rev=1.18&content-type=text/x-cvsweb-markup"> |
privilege separation</a> to |
privilege separation</a> to |
<a href="https://man.openbsd.org/?query=sndiod"> |
<a href="https://man.openbsd.org/sndiod"> |
sndiod(8)</a> |
sndiod(8)</a> |
<li>the introduction of the <tt>SOCK_DNS</tt> |
<li>the introduction of the <code>SOCK_DNS</code> |
<a href="https://man.openbsd.org/?query=socket"> |
<a href="https://man.openbsd.org/socket"> |
socket(2)</a> flag that makes an <tt>SS_DNS</tt> tagged socket |
socket(2)</a> flag that makes an <code>SS_DNS</code> tagged socket |
conceptually different from a plain socket. |
conceptually different from a plain socket. |
</ul> |
</ul> |
<li>pledge(2) is also used to constrain programs that handle untrusted data |
<li>pledge(2) is also used to constrain programs that handle untrusted data |
to a very limited subset of POSIX. |
to a very limited subset of POSIX. |
For example, |
For example, |
<a href="https://man.openbsd.org/?query=strings"> |
<a href="https://man.openbsd.org/strings"> |
strings(1)</a> or |
strings(1)</a> or |
<a href="https://man.openbsd.org/?query=objdump"> |
<a href="https://man.openbsd.org/objdump"> |
objdump(1)</a> from <a href="https://cvsweb.openbsd.org/src/gnu/usr.bin/binutils-2.17/binutils/objdump.c?rev=1.2&content-type=text/x-cvsweb-markup"> |
objdump(1)</a> from <a href="https://cvsweb.openbsd.org/src/gnu/usr.bin/binutils-2.17/binutils/objdump.c?rev=1.2&content-type=text/x-cvsweb-markup"> |
binutils</a> or the <a href="https://cvsweb.openbsd.org/src/usr.sbin/smtpd/ca.c?rev=1.15&content-type=text/x-cvsweb-markup"> |
binutils</a> or the <a href="https://cvsweb.openbsd.org/src/usr.sbin/smtpd/ca.c?rev=1.15&content-type=text/x-cvsweb-markup"> |
RSA-privsep process</a> in |
RSA-privsep process</a> in |
<a href="https://man.openbsd.org/?query=smtpd"> |
<a href="https://man.openbsd.org/smtpd"> |
smtpd(8)</a>. |
smtpd(8)</a>. |
</ul> |
</ul> |
<p> |
|
|
|
<li>SMP network stack improvements: |
<li>SMP network stack improvements: |
<ul> |
<ul> |
<li>The task processing incoming packets can now run mostly in parallel |
<li>The task processing incoming packets can now run mostly in parallel |
of the rest of the kernel. This includes: |
of the rest of the kernel. This includes: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=carp">carp(4)</a>, |
<li><a href="https://man.openbsd.org/carp">carp(4)</a>, |
<a href="https://man.openbsd.org/?query=trunk">trunk(4)</a>, |
<a href="https://man.openbsd.org/trunk">trunk(4)</a>, |
<a href="https://man.openbsd.org/?query=vlan">vlan(4)</a> |
<a href="https://man.openbsd.org/vlan">vlan(4)</a> |
and other pseudo-drivers, with the exception of |
and other pseudo-drivers, with the exception of |
<a href="https://man.openbsd.org/?query=bridge">bridge(4)</a>. |
<a href="https://man.openbsd.org/bridge">bridge(4)</a>. |
<li>Ethernet decapsulation, ARP processing and MPLS forwarding path. |
<li>Ethernet decapsulation, ARP processing and MPLS forwarding path. |
<li><a href="https://man.openbsd.org/?query=bpf">bpf(4)</a> |
<li><a href="https://man.openbsd.org/bpf">bpf(4)</a> |
filter matching. |
filter matching. |
</ul> |
</ul> |
<li>The Rx and Tx rings of the |
<li>The Rx and Tx rings of the |
<a href="https://man.openbsd.org/?query=ix">ix(4)</a>, |
<a href="https://man.openbsd.org/ix">ix(4)</a>, |
<a href="https://man.openbsd.org/?query=myx">myx(4)</a>, |
<a href="https://man.openbsd.org/myx">myx(4)</a>, |
<a href="https://man.openbsd.org/?query=em">em(4)</a>, |
<a href="https://man.openbsd.org/em">em(4)</a>, |
<a href="https://man.openbsd.org/?query=bge">bge(4)</a>, |
<a href="https://man.openbsd.org/bge">bge(4)</a>, |
<a href="https://man.openbsd.org/?query=bnx">bnx(4)</a>, |
<a href="https://man.openbsd.org/bnx">bnx(4)</a>, |
<a href="https://man.openbsd.org/?query=vmx">vmx(4)</a>, |
<a href="https://man.openbsd.org/vmx">vmx(4)</a>, |
<a href="https://man.openbsd.org/?query=gem">gem(4)</a>, |
<a href="https://man.openbsd.org/gem">gem(4)</a>, |
<a href="https://man.openbsd.org/?query=re">re(4)</a> and |
<a href="https://man.openbsd.org/re">re(4)</a> and |
<a href="https://man.openbsd.org/?query=cas">cas(4)</a> |
<a href="https://man.openbsd.org/cas">cas(4)</a> |
drivers can now be processed in parallel of the rest of the kernel. |
drivers can now be processed in parallel of the rest of the kernel. |
<li>The Rx ring of the |
<li>The Rx ring of the |
<a href="https://man.openbsd.org/?query=cnmac">cnmac(4)</a> |
<a href="https://man.openbsd.org/cnmac">cnmac(4)</a> |
driver can now be processed in parallel of the rest of the kernel. |
driver can now be processed in parallel of the rest of the kernel. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Initial IEEE 802.11n wireless support: |
<li>Initial IEEE 802.11n wireless support: |
<ul> |
<ul> |
<li>The <a href="https://man.openbsd.org/?query=ieee80211">ieee80211(9)</a> |
<li>The <a href="https://man.openbsd.org/ieee80211">ieee80211(9)</a> |
subsystem now supports HT data rates up to 65 Mbit/s (802.11n MCS 0-7). |
subsystem now supports HT data rates up to 65 Mbit/s (802.11n MCS 0-7). |
<li>The input path of |
<li>The input path of |
<a href="https://man.openbsd.org/?query=ieee80211">ieee80211(9)</a> |
<a href="https://man.openbsd.org/ieee80211">ieee80211(9)</a> |
now supports receiving A-MPDU and A-MSDU aggregated frames. |
now supports receiving A-MPDU and A-MSDU aggregated frames. |
<li>The <a href="https://man.openbsd.org/?query=iwm">iwm(4)</a> |
<li>The <a href="https://man.openbsd.org/iwm">iwm(4)</a> |
and <a href="https://man.openbsd.org/?query=iwn">iwn(4)</a> |
and <a href="https://man.openbsd.org/iwn">iwn(4)</a> |
drivers make use of the above features. |
drivers make use of the above features. |
<li>802.11n mode is used by default if supported by the OpenBSD wireless |
<li>802.11n mode is used by default if supported by the OpenBSD wireless |
driver and the access point. |
driver and the access point. |
Operation in 802.11a, 802.11b, and 802.11g modes can be forced with |
Operation in 802.11a, 802.11b, and 802.11g modes can be forced with |
the new <a href="https://man.openbsd.org/?query=ifconfig">ifconfig(8)</a> |
the new <a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> |
<tt>mode</tt> subcommand. |
<code>mode</code> subcommand. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/?query=etherip">etherip(4)</a> |
<li>New <a href="https://man.openbsd.org/etherip">etherip(4)</a> |
pseudo-device for tunneling Ethernet frames across IP[46] networks |
pseudo-device for tunneling Ethernet frames across IP[46] networks |
using RFC 3378 EtherIP encapsulation. |
using RFC 3378 EtherIP encapsulation. |
<li>New <a href="https://man.openbsd.org/?query=pair">pair(4)</a> |
<li>New <a href="https://man.openbsd.org/pair">pair(4)</a> |
pseudo-device for creating paired virtual Ethernet interfaces. |
pseudo-device for creating paired virtual Ethernet interfaces. |
<li>New <a href="https://man.openbsd.org/?query=tap">tap(4)</a> |
<li>New <a href="https://man.openbsd.org/tap">tap(4)</a> |
pseudo-device, split up from |
pseudo-device, split up from |
<a href="https://man.openbsd.org/?query=tun">tun(4)</a>, |
<a href="https://man.openbsd.org/tun">tun(4)</a>, |
providing a layer 3 interface with userland tools. |
providing a layer 3 interface with userland tools. |
<li>Support for obsolete IPv6 socket options has been removed. |
<li>Support for obsolete IPv6 socket options has been removed. |
<li>The <a href="https://man.openbsd.org/?query=iwn">iwn(4)</a> |
<li>The <a href="https://man.openbsd.org/iwn">iwn(4)</a> |
driver now passes IEEE 802.11 control frames in monitor mode, allowing |
driver now passes IEEE 802.11 control frames in monitor mode, allowing |
full capture of traffic on a particular wireless channel. |
full capture of traffic on a particular wireless channel. |
<li><a href="https://man.openbsd.org/?query=pflow">pflow(4)</a> |
<li><a href="https://man.openbsd.org/pflow">pflow(4)</a> |
now supports IPv6 for transport. |
now supports IPv6 for transport. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Installer improvements: |
<li>Installer improvements: |
<ul> |
<ul> |
|
|
<li>Installing to a disk partitioned with a GPT is now supported (amd64 only). |
<li>Installing to a disk partitioned with a GPT is now supported (amd64 only). |
<li>When initializing a GPT, the required EFI System partition is automatically created. |
<li>When initializing a GPT, the required EFI System partition is automatically created. |
<li>When installing to a GPT disk, |
<li>When installing to a GPT disk, |
<a href="https://man.openbsd.org/?query=installboot"> |
<a href="https://man.openbsd.org/installboot"> |
installboot(8)</a> |
installboot(8)</a> |
now formats the EFI System partition, creates the appropriate directory |
now formats the EFI System partition, creates the appropriate directory |
structure and copies the required UEFI boot files into place. |
structure and copies the required UEFI boot files into place. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/?query=eigrpd">eigrpd(8)</a> |
<li>New <a href="https://man.openbsd.org/eigrpd">eigrpd(8)</a> |
routing daemon for the Enhanced Interior Gateway Routing Protocol. |
routing daemon for the Enhanced Interior Gateway Routing Protocol. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
now supports multiple domain names provided via DHCP option 15 (Domain Name). |
now supports multiple domain names provided via DHCP option 15 (Domain Name). |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
now supports search domains provided via DHCP option 119 (Domain Search). |
now supports search domains provided via DHCP option 119 (Domain Search). |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
no longer continually checks for a change to the routing domain of the |
no longer continually checks for a change to the routing domain of the |
interface it controls. It now relies on the appropriate routing socket |
interface it controls. It now relies on the appropriate routing socket |
messages. |
messages. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
now issues DHCP DECLINE responses to lease offers found to be inadequate, |
now issues DHCP DECLINE responses to lease offers found to be inadequate, |
and restarts the DISCOVER/RENEW process rather than waiting indefinitely |
and restarts the DISCOVER/RENEW process rather than waiting indefinitely |
for a better lease to appear. |
for a better lease to appear. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
no longer exits if a desired route cannot be added. It now just reports |
no longer exits if a desired route cannot be added. It now just reports |
the fact. |
the fact. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
now takes a much more careful approach to received packets to ensure |
now takes a much more careful approach to received packets to ensure |
only received data is used to process the packet. |
only received data is used to process the packet. |
Packets with incorrect length information or lacking appropriate header |
Packets with incorrect length information or lacking appropriate header |
information are now dropped. |
information are now dropped. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
again disables pending timeouts if the interface link is lost, |
again disables pending timeouts if the interface link is lost, |
preventing endless retries at obtaining a lease. |
preventing endless retries at obtaining a lease. |
<li><a href="https://man.openbsd.org/?query=dhcpd">dhcpd(8)</a> |
<li><a href="https://man.openbsd.org/dhcpd">dhcpd(8)</a> |
again properly utilizes <tt>default-lease-time</tt>, |
again properly utilizes <code>default-lease-time</code>, |
<tt>max-lease-time</tt> and <tt>bootp-lease-time</tt> options. |
<code>max-lease-time</code> and <code>bootp-lease-time</code> options. |
<li><a href="https://man.openbsd.org/?query=tcpdump">tcpdump(8)</a> |
<li><a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a> |
now displays more information about IEEE 802.11 frames when run with |
now displays more information about IEEE 802.11 frames when run with |
the <tt>-y IEEE802_11_RADIO</tt> and <tt>-v</tt> options. |
the <code>-y IEEE802_11_RADIO</code> and <code>-v</code> options. |
<li>Several interoperability issues in |
<li>Several interoperability issues in |
<a href="https://man.openbsd.org/?query=iked">iked(8)</a> |
<a href="https://man.openbsd.org/iked">iked(8)</a> |
have been fixed, including EAP auth with OS X El Capitan. |
have been fixed, including EAP auth with OS X El Capitan. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
|
|
IPsec stack for the ESP protocol. |
IPsec stack for the ESP protocol. |
<li>Support for looking up hosts via YP has been removed from libc. |
<li>Support for looking up hosts via YP has been removed from libc. |
The 'yp' lookup method in |
The 'yp' lookup method in |
<a href="https://man.openbsd.org/?query=resolv.conf"> |
<a href="https://man.openbsd.org/resolv.conf"> |
resolv.conf</a> |
resolv.conf</a> |
is no longer available. |
is no longer available. |
<li>Support for the HOSTALIASES environment variable has been removed from libc. |
<li>Support for the HOSTALIASES environment variable has been removed from libc. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=doas">doas(1)</a> |
<li><a href="https://man.openbsd.org/doas">doas(1)</a> |
is a little friendlier to use. |
is a little friendlier to use. |
<li>Updated |
<li>Updated |
<a href="https://man.openbsd.org/?query=flex">flex(1)</a>. |
<a href="https://man.openbsd.org/flex">flex(1)</a>. |
<li>Forked <a href="https://man.openbsd.org/?query=less">less(1)</a> |
<li>Forked <a href="https://man.openbsd.org/less">less(1)</a> |
from upstream, then proceeded to clean it up substantially. |
from upstream, then proceeded to clean it up substantially. |
<li><a href="https://man.openbsd.org/?query=pdisk">pdisk(8)</a> |
<li><a href="https://man.openbsd.org/pdisk">pdisk(8)</a> |
was largely rewritten and pledged. |
was largely rewritten and pledged. |
<li>Renaming files in the root directory of a MSDOS filesystem was fixed. |
<li>Renaming files in the root directory of a MSDOS filesystem was fixed. |
<li>Many obsolete |
<li>Many obsolete |
<a href="https://man.openbsd.org/?query=disktab">disktab(5)</a> |
<a href="https://man.openbsd.org/disktab">disktab(5)</a> |
attributes and entries were removed. |
attributes and entries were removed. |
<li><a href="https://man.openbsd.org/?query=softraid">softraid(4)</a> |
<li><a href="https://man.openbsd.org/softraid">softraid(4)</a> |
volumes now correctly look for the disklabel in the first OpenBSD disk |
volumes now correctly look for the disklabel in the first OpenBSD disk |
partition, not the last. |
partition, not the last. |
<li><a href="https://man.openbsd.org/?query=softraid">softraid(4)</a> |
<li><a href="https://man.openbsd.org/softraid">softraid(4)</a> |
volumes can now be partitioned with a GPT. |
volumes can now be partitioned with a GPT. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> |
now creates a default GPT as well as the protective MBR when the |
now creates a default GPT as well as the protective MBR when the |
<tt>-g</tt> flag is used. |
<code>-g</code> flag is used. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> |
now has a <tt>-b</tt> flag that specifies the size of the EFI System |
now has a <code>-b</code> flag that specifies the size of the EFI System |
partition to create. |
partition to create. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> |
now has a <tt>-v</tt> flag that causes a verbose display of both MBR |
now has a <code>-v</code> flag that causes a verbose display of both MBR |
and GPT information. |
and GPT information. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> |
now provides full interactive GPT editing. |
now provides full interactive GPT editing. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> |
was pledged. |
was pledged. |
<li>Disks with sector sizes other than 512 bytes can now be partitioned with |
<li>Disks with sector sizes other than 512 bytes can now be partitioned with |
a GPT. |
a GPT. |
|
|
and GENERIC derived kernels. |
and GENERIC derived kernels. |
<li>Many improvements were made to the GPT kernel support to ensure safe and |
<li>Many improvements were made to the GPT kernel support to ensure safe and |
reliable operation of GPT and MBR processing. |
reliable operation of GPT and MBR processing. |
<li><a href="https://man.openbsd.org/?query=disklabel">disklabel(8)</a> |
<li><a href="https://man.openbsd.org/disklabel">disklabel(8)</a> |
no longer supports boot code installation, with the <tt>-B</tt> and |
no longer supports boot code installation, with the <code>-B</code> and |
<tt>-b</tt> flags being removed. |
<code>-b</code> flags being removed. |
The associated fields in the disklabel were also removed. |
The associated fields in the disklabel were also removed. |
These functions are now all performed by |
These functions are now all performed by |
<a href="https://man.openbsd.org/?query=installboot"> |
<a href="https://man.openbsd.org/installboot"> |
installboot(8)</a>. |
installboot(8)</a>. |
<li>PowerPC converted to secure-PLT ABI variant. |
<li>PowerPC converted to secure-PLT ABI variant. |
<li>Perform lazy binding updates in |
<li>Perform lazy binding updates in |
<a href="https://man.openbsd.org/?query=ld.so">ld.so(1)</a> |
<a href="https://man.openbsd.org/ld.so">ld.so(1)</a> |
using |
using |
<a href="https://man.openbsd.org/?query=kbind">kbind(2)</a> |
<a href="https://man.openbsd.org/kbind">kbind(2)</a> |
to improve security and reduce overhead in threaded processes. |
to improve security and reduce overhead in threaded processes. |
<li>Over 100 internal or obsolete interfaces have been deleted or are no |
<li>Over 100 internal or obsolete interfaces have been deleted or are no |
longer exported by libc, reducing symbol conflicts and process size. |
longer exported by libc, reducing symbol conflicts and process size. |
|
|
symbol overriding, improve standards compliance, increase speed, |
symbol overriding, improve standards compliance, increase speed, |
and reduce dynamic linking overhead. |
and reduce dynamic linking overhead. |
<li>Handle intra-thread kills via new |
<li>Handle intra-thread kills via new |
<a href="https://man.openbsd.org/?query=thrkill">thrkill(2)</a> |
<a href="https://man.openbsd.org/thrkill">thrkill(2)</a> |
system call to tighten |
system call to tighten |
<a href="https://man.openbsd.org/?query=pledge">pledge(2)</a> |
<a href="https://man.openbsd.org/pledge">pledge(2)</a> |
restrictions and improve |
restrictions and improve |
<a href="https://man.openbsd.org/?query=pthread_kill">pthread_kill(3)</a> |
<a href="https://man.openbsd.org/pthread_kill">pthread_kill(3)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=pthread_cancel">pthread_cancel(3)</a> |
<a href="https://man.openbsd.org/pthread_cancel">pthread_cancel(3)</a> |
compliance. |
compliance. |
<li>Added <a href="https://man.openbsd.org/?query=getpwnam_shadow"> |
<li>Added <a href="https://man.openbsd.org/getpwnam_shadow"> |
getpwnam_shadow(3)</a> |
getpwnam_shadow(3)</a> |
and <a href="https://man.openbsd.org/?query=getpwuid_shadow"> |
and <a href="https://man.openbsd.org/getpwuid_shadow"> |
getpwuid_shadow(3)</a> |
getpwuid_shadow(3)</a> |
to permit tighter |
to permit tighter |
<a href="https://man.openbsd.org/?query=pledge">pledge(2)</a> |
<a href="https://man.openbsd.org/pledge">pledge(2)</a> |
restrictions. |
restrictions. |
<li>Added support to |
<li>Added support to |
<a href="https://man.openbsd.org/?query=ktrace">ktrace(1)</a> |
<a href="https://man.openbsd.org/ktrace">ktrace(1)</a> |
the arguments to |
the arguments to |
<a href="https://man.openbsd.org/?query=execve">execve(2)</a> |
<a href="https://man.openbsd.org/execve">execve(2)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=pledge">pledge(2)</a>. |
<a href="https://man.openbsd.org/pledge">pledge(2)</a>. |
Removed support for tracing context switch points. |
Removed support for tracing context switch points. |
<tt>kevent</tt> structures are now dumped. |
<code>kevent</code> structures are now dumped. |
<li>Disabled support for loading locales other than UTF-8. |
<li>Disabled support for loading locales other than UTF-8. |
<li>UTF-8 character locale data has been updated to Unicode 7.0.0. |
<li>UTF-8 character locale data has been updated to Unicode 7.0.0. |
<li>Added UTF-8 support to several utilities, including |
<li>Added UTF-8 support to several utilities, including |
<a href="https://man.openbsd.org/?query=calendar">calendar(1)</a>, |
<a href="https://man.openbsd.org/calendar">calendar(1)</a>, |
<a href="https://man.openbsd.org/?query=colrm">colrm(1)</a>, |
<a href="https://man.openbsd.org/colrm">colrm(1)</a>, |
<a href="https://man.openbsd.org/?query=cut">cut(1)</a>, |
<a href="https://man.openbsd.org/cut">cut(1)</a>, |
<a href="https://man.openbsd.org/?query=fmt">fmt(1)</a>, |
<a href="https://man.openbsd.org/fmt">fmt(1)</a>, |
<a href="https://man.openbsd.org/?query=ls">ls(1)</a>, |
<a href="https://man.openbsd.org/ls">ls(1)</a>, |
<a href="https://man.openbsd.org/?query=ps">ps(1)</a>, |
<a href="https://man.openbsd.org/ps">ps(1)</a>, |
<a href="https://man.openbsd.org/?query=rs">rs(1)</a>, |
<a href="https://man.openbsd.org/rs">rs(1)</a>, |
<a href="https://man.openbsd.org/?query=ul">ul(1)</a>, |
<a href="https://man.openbsd.org/ul">ul(1)</a>, |
<a href="https://man.openbsd.org/?query=uniq">uniq(1)</a> |
<a href="https://man.openbsd.org/uniq">uniq(1)</a> |
and <a href="https://man.openbsd.org/?query=wc">wc(1)</a>. |
and <a href="https://man.openbsd.org/wc">wc(1)</a>. |
<li>Partial support for inserting and deleting UTF-8 characters in |
<li>Partial support for inserting and deleting UTF-8 characters in |
<a href="https://man.openbsd.org/?query=ksh">ksh(1)</a> |
<a href="https://man.openbsd.org/ksh">ksh(1)</a> |
emacs command line editing mode. |
emacs command line editing mode. |
<li>Native language support (NLS) has been removed from libc. |
<li>Native language support (NLS) has been removed from libc. |
<li><a href="https://man.openbsd.org/?query=ddb">ddb(4)</a> |
<li><a href="https://man.openbsd.org/ddb">ddb(4)</a> |
now automatically shows a stack trace upon panic. |
now automatically shows a stack trace upon panic. |
</ul> |
</ul> |
<p> |
|
|
|
<li>OpenSMTPD 5.9.1 |
<li>OpenSMTPD 5.9.1 |
<ul> |
<ul> |
<li>Security: |
<li>Security: |
<ul> |
<ul> |
<li>Both |
<li>Both |
<a href="https://man.openbsd.org/?query=smtpd">smtpd(8)</a> |
<a href="https://man.openbsd.org/smtpd">smtpd(8)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=smtpctl">smtpctl(8)</a> |
<a href="https://man.openbsd.org/smtpctl">smtpctl(8)</a> |
have been pledged. |
have been pledged. |
<li>The offline enqueue mode of |
<li>The offline enqueue mode of |
<a href="https://man.openbsd.org/?query=smtpctl">smtpctl(8)</a> |
<a href="https://man.openbsd.org/smtpctl">smtpctl(8)</a> |
has been redesigned to remove the need for a publicly writable directory |
has been redesigned to remove the need for a publicly writable directory |
which was a vector of multiple attacks in the Qualys Security audit. |
which was a vector of multiple attacks in the Qualys Security audit. |
</ul> |
</ul> |
|
|
<li>Assume messages are 8-bit bytes by default. |
<li>Assume messages are 8-bit bytes by default. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>OpenSSH 7.2 |
<li>OpenSSH 7.2 |
<ul> |
<ul> |
<li>Security: |
<li>Security: |
<ul> |
<ul> |
<li>Qualys Security identified vulnerabilities in the |
<li>Qualys Security identified vulnerabilities in the |
<a href="https://man.openbsd.org/?query=ssh">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh">ssh(1)</a> |
client experimental support for resuming SSH-connections (roaming). |
client experimental support for resuming SSH-connections (roaming). |
In the default configuration, this could potentially leak client keys |
In the default configuration, this could potentially leak client keys |
to a hostile server. The authentication of the server host key |
to a hostile server. The authentication of the server host key |
prevents exploitation by a man-in-the-middle, so this information leak |
prevents exploitation by a man-in-the-middle, so this information leak |
is restricted to connections to malicious or compromised servers. |
is restricted to connections to malicious or compromised servers. |
This feature has been disabled in the |
This feature has been disabled in the |
<a href="https://man.openbsd.org/?query=ssh">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh">ssh(1)</a> |
client, and it has been removed from the source tree. The matching |
client, and it has been removed from the source tree. The matching |
server code has never been shipped. |
server code has never been shipped. |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
OpenSSH 7.0 contained a logic error in |
OpenSSH 7.0 contained a logic error in |
<tt>PermitRootLogin=prohibit-password/without-password</tt> that could, |
<code>PermitRootLogin=prohibit-password/without-password</code> that could, |
depending on compile-time configuration, permit password authentication |
depending on compile-time configuration, permit password authentication |
to root while preventing other forms of authentication. |
to root while preventing other forms of authentication. |
<li>Fix an out of-bound read access in the packet handling code. |
<li>Fix an out of-bound read access in the packet handling code. |
<li>Further use of |
<li>Further use of |
<a href="https://man.openbsd.org/?query=bzero">explicit_bzero(3)</a> |
<a href="https://man.openbsd.org/bzero">explicit_bzero(3)</a> |
has been added in various buffer handling code paths to guard against |
has been added in various buffer handling code paths to guard against |
compilers aggressively doing dead-store removal. |
compilers aggressively doing dead-store removal. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
remove unfinished and unused roaming code. |
remove unfinished and unused roaming code. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
eliminate fallback from untrusted X11 forwarding to trusted forwarding |
eliminate fallback from untrusted X11 forwarding to trusted forwarding |
when the X server disables the <tt>SECURITY</tt> extension. |
when the X server disables the <code>SECURITY</code> extension. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
increase the minimum modulus size supported for |
increase the minimum modulus size supported for |
<tt>diffie-hellman-group-exchange</tt> to 2048 bits. |
<code>diffie-hellman-group-exchange</code> to 2048 bits. |
</ul> |
</ul> |
<li>Potentially-incompatible changes: |
<li>Potentially-incompatible changes: |
<ul> |
<ul> |
<li>This release disables a number of legacy cryptographic algorithms |
<li>This release disables a number of legacy cryptographic algorithms |
by default in |
by default in |
<a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
<ul> |
<ul> |
<li>Several ciphers: <tt>blowfish-cbc</tt>, <tt>cast128-cbc</tt>, |
<li>Several ciphers: <code>blowfish-cbc</code>, <code>cast128-cbc</code>, |
all <tt>arcfour</tt> variants and the <tt>rijndael-cbc</tt> aliases |
all <code>arcfour</code> variants and the <code>rijndael-cbc</code> aliases |
for AES. |
for AES. |
<li>MD5-based and truncated HMAC algorithms. |
<li>MD5-based and truncated HMAC algorithms. |
</ul> |
</ul> |
|
|
<li>New/changed features: |
<li>New/changed features: |
<ul> |
<ul> |
<li>all: add support for RSA signatures using SHA-256/512 hash algorithms |
<li>all: add support for RSA signatures using SHA-256/512 hash algorithms |
based on <tt>draft-rsa-dsa-sha2-256-03.txt</tt> and |
based on <code>draft-rsa-dsa-sha2-256-03.txt</code> and |
<tt>draft-ssh-ext-info-04.txt</tt>. |
<code>draft-ssh-ext-info-04.txt</code>. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
add an <tt>AddKeysToAgent</tt> client option which can be set to |
add an <code>AddKeysToAgent</code> client option which can be set to |
<tt>yes</tt>, <tt>no</tt>, <tt>ask</tt>, or <tt>confirm</tt>, and |
<code>yes</code>, <code>no</code>, <code>ask</code>, or <code>confirm</code>, and |
defaults to <tt>no</tt>. When enabled, a private key that is used |
defaults to <code>no</code>. When enabled, a private key that is used |
during authentication will be added to |
during authentication will be added to |
<a href="https://man.openbsd.org/?query=ssh-agent">ssh-agent(1)</a> |
<a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a> |
if it is running (with confirmation enabled if set to <tt>confirm</tt>). |
if it is running (with confirmation enabled if set to <code>confirm</code>). |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
add a new <tt>authorized_keys</tt> option <tt>restrict</tt> that |
add a new <code>authorized_keys</code> option <code>restrict</code> that |
includes all current and future key restrictions |
includes all current and future key restrictions |
(<tt>no-*-forwarding</tt>, etc.). |
(<code>no-*-forwarding</code>, etc.). |
Also add permissive versions of the existing restrictions, e.g. |
Also add permissive versions of the existing restrictions, e.g. |
<tt>no-pty</tt> -> <tt>pty</tt>. This simplifies the task of setting up |
<code>no-pty</code> -> <code>pty</code>. This simplifies the task of setting up |
restricted keys and ensures they are maximally-restricted, |
restricted keys and ensures they are maximally-restricted, |
regardless of any permissions we might implement in the future. |
regardless of any permissions we might implement in the future. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
add |
add |
<a href="https://man.openbsd.org/?query=ssh_config">ssh_config(5)</a> |
<a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a> |
CertificateFile option to explicitly list certificates. (bz#2436) |
CertificateFile option to explicitly list certificates. (bz#2436) |
<li><a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>: |
allow |
allow |
<a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a> |
<a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> |
to change the key comment for all supported formats. |
to change the key comment for all supported formats. |
<li><a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>: |
allow fingerprinting from standard input, e.g. "ssh-keygen -lf -". |
allow fingerprinting from standard input, e.g. "ssh-keygen -lf -". |
<li><a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>: |
allow fingerprinting multiple public keys in a file, e.g. |
allow fingerprinting multiple public keys in a file, e.g. |
<tt>ssh-keygen -lf ~/.ssh/authorized_keys</tt>. (bz#1319) |
<code>ssh-keygen -lf ~/.ssh/authorized_keys</code>. (bz#1319) |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
support <tt>none</tt> as an argument for |
support <code>none</code> as an argument for |
<a href="https://man.openbsd.org/?query=sshd_config">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config">sshd_config(5)</a> |
<tt>Foreground</tt> and <tt>ChrootDirectory</tt>. Useful inside |
<code>Foreground</code> and <code>ChrootDirectory</code>. Useful inside |
<tt>Match</tt> blocks to override a global default. (bz#2486) |
<code>Match</code> blocks to override a global default. (bz#2486) |
<li><a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>: |
support multiple certificates (one per line) and reading from standard |
support multiple certificates (one per line) and reading from standard |
input (using "<tt>-f -</tt>") for <tt>ssh-keygen -L</tt>. |
input (using "<code>-f -</code>") for <code>ssh-keygen -L</code>. |
<li><a href="https://man.openbsd.org/?query=ssh-keyscan">ssh-keyscan(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keyscan">ssh-keyscan(1)</a>: |
add <tt>ssh-keyscan -c ...</tt> flag to allow fetching certificates |
add <code>ssh-keyscan -c ...</code> flag to allow fetching certificates |
instead of plain keys. |
instead of plain keys. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
better handle anchored FQDNs (e.g. <tt>cvs.openbsd.org.</tt>) in |
better handle anchored FQDNs (e.g. <code>cvs.openbsd.org.</code>) in |
hostname canonicalisation - treat them as already canonical and |
hostname canonicalisation - treat them as already canonical and |
trailing '<tt>.</tt>' before matching |
trailing '<code>.</code>' before matching |
<a href="https://man.openbsd.org/?query=ssh_config">ssh_config(5)</a>. |
<a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a>. |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
add compatibility workarounds for FuTTY. |
add compatibility workarounds for FuTTY. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
refine compatibility workarounds for WinSCP. |
refine compatibility workarounds for WinSCP. |
<li>Fix a number of memory faults (double-free, free of uninitialised |
<li>Fix a number of memory faults (double-free, free of uninitialised |
memory, etc.) in |
memory, etc.) in |
<a href="https://man.openbsd.org/?query=ssh">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh">ssh(1)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>. |
<a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>. |
<li>Correctly interpret the <tt>first_kex_follows</tt> option during the |
<li>Correctly interpret the <code>first_kex_follows</code> option during the |
initial key exchange. |
initial key exchange. |
<li><a href="https://man.openbsd.org/?query=sftp">sftp(1)</a>: |
<li><a href="https://man.openbsd.org/sftp">sftp(1)</a>: |
existing destination directories should not terminate recursive uploads |
existing destination directories should not terminate recursive uploads |
(regression in openssh 6.8). (bz#2528) |
(regression in openssh 6.8). (bz#2528) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
correctly send back <tt>SSH2_MSG_UNIMPLEMENTED</tt> replies to |
correctly send back <code>SSH2_MSG_UNIMPLEMENTED</code> replies to |
unexpected messages during key exchange. (bz#2949) |
unexpected messages during key exchange. (bz#2949) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
refuse attempts to set <tt>ConnectionAttempts=0</tt>, which does not |
refuse attempts to set <code>ConnectionAttempts=0</code>, which does not |
make sense and would cause ssh to print an uninitialised stack |
make sense and would cause ssh to print an uninitialised stack |
variable. (bz#2500) |
variable. (bz#2500) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
fix errors when attempting to connect to scoped IPv6 addresses with |
fix errors when attempting to connect to scoped IPv6 addresses with |
hostname canonicalisation enabled. |
hostname canonicalisation enabled. |
<li><a href="https://man.openbsd.org/?query=sshd_config">sshd_config(5)</a>: |
<li><a href="https://man.openbsd.org/sshd_config">sshd_config(5)</a>: |
list a couple more options usable in <tt>Match</tt> blocks. (bz#2489) |
list a couple more options usable in <code>Match</code> blocks. (bz#2489) |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix <tt>PubkeyAcceptedKeyTypes +...</tt> inside a <tt>Match</tt> block. |
fix <code>PubkeyAcceptedKeyTypes +...</code> inside a <code>Match</code> block. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
expand tilde characters in filenames passed to <tt>-i</tt> options |
expand tilde characters in filenames passed to <code>-i</code> options |
before checking whether or not the identity file exists. Avoids |
before checking whether or not the identity file exists. Avoids |
confusion for cases where shell doesn't expand (e.g. |
confusion for cases where shell doesn't expand (e.g. |
<tt>-i ~/file</tt> vs. <tt>-i~/file</tt>). (bz#2481) |
<code>-i ~/file</code> vs. <code>-i~/file</code>). (bz#2481) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
do not prepend "exec" to the shell command run by <tt>Match exec</tt> |
do not prepend "exec" to the shell command run by <code>Match exec</code> |
in a config file, which could cause some commands to fail in certain |
in a config file, which could cause some commands to fail in certain |
environments. (bz#2471) |
environments. (bz#2471) |
<li><a href="https://man.openbsd.org/?query=ssh-keyscan">ssh-keyscan(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keyscan">ssh-keyscan(1)</a>: |
fix output for multiple hosts/addrs on one line when host hashing or |
fix output for multiple hosts/addrs on one line when host hashing or |
a non standard port is in use. (bz#2479) |
a non standard port is in use. (bz#2479) |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
skip "Could not chdir to home directory" message when |
skip "Could not chdir to home directory" message when |
<tt>ChrootDirectory</tt> is active. (bz#2485) |
<code>ChrootDirectory</code> is active. (bz#2485) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
include <tt>PubkeyAcceptedKeyTypes</tt> in <tt>ssh -G</tt> config dump. |
include <code>PubkeyAcceptedKeyTypes</code> in <code>ssh -G</code> config dump. |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
avoid changing <tt>TunnelForwarding</tt> device flags if they are |
avoid changing <code>TunnelForwarding</code> device flags if they are |
already what is needed; makes it possible to use |
already what is needed; makes it possible to use |
<a href="https://man.openbsd.org/?query=tun">tun(4)</a>/ |
<a href="https://man.openbsd.org/tun">tun(4)</a>/ |
<a href="https://man.openbsd.org/?query=tap">tap(4)</a> |
<a href="https://man.openbsd.org/tap">tap(4)</a> |
networking as non-root user if device permissions and interface flags |
networking as non-root user if device permissions and interface flags |
are pre-established. |
are pre-established. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
<tt>RekeyLimits</tt> could be exceeded by one packet. (bz#2521) |
<code>RekeyLimits</code> could be exceeded by one packet. (bz#2521) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
fix multiplexing master failure to notice client exit. |
fix multiplexing master failure to notice client exit. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-agent">ssh-agent(1)</a>: |
<a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a>: |
avoid <tt>fatal()</tt> for PKCS11 tokens that present empty key IDs. |
avoid <code>fatal()</code> for PKCS11 tokens that present empty key IDs. |
(bz#1773) |
(bz#1773) |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
avoid |
avoid |
<a href="https://man.openbsd.org/?query=printf&sec=3">printf(3)</a> |
<a href="https://man.openbsd.org/printf&sec=3">printf(3)</a> |
of NULL argument. (bz#2535) |
of NULL argument. (bz#2535) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
allow <tt>RekeyLimits</tt> larger than 4GB. (bz#2521) |
allow <code>RekeyLimits</code> larger than 4GB. (bz#2521) |
<li><a href="https://man.openbsd.org/?query=ssh-agent">ssh-agent(1)</a>, |
<li><a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix several bugs in (unused) KRL signature support. |
fix several bugs in (unused) KRL signature support. |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix connections with peers that use the key exchange guess feature of |
fix connections with peers that use the key exchange guess feature of |
the protocol. (bz#2515) |
the protocol. (bz#2515) |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
include remote port number in log messages. (bz#2503) |
include remote port number in log messages. (bz#2503) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
don't try to load SSHv1 private key when compiled without SSHv1 |
don't try to load SSHv1 private key when compiled without SSHv1 |
support. (bz#2505) |
support. (bz#2505) |
<li><a href="https://man.openbsd.org/?query=ssh-agent">ssh-agent(1)</a>, |
<li><a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
fix incorrect error messages during key loading and signing errors. |
fix incorrect error messages during key loading and signing errors. |
(bz#2507) |
(bz#2507) |
<li><a href="https://man.openbsd.org/?query=ssh-keygen">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>: |
don't leave empty temporary files when performing <tt>known_hosts</tt> |
don't leave empty temporary files when performing <code>known_hosts</code> |
file edits when <tt>known_hosts</tt> doesn't exist. |
file edits when <code>known_hosts</code> doesn't exist. |
<li><a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
correct packet format for tcpip-forward replies for requests that |
correct packet format for tcpip-forward replies for requests that |
don't allocate a port. (bz#2509) |
don't allocate a port. (bz#2509) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix possible hang on closed output. (bz#2469) |
fix possible hang on closed output. (bz#2469) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
expand <tt>%i</tt> in <tt>ControlPath</tt> to UID. (bz#2449) |
expand <code>%i</code> in <code>ControlPath</code> to UID. (bz#2449) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix return type of <tt>openssh_RSA_verify</tt>. (bz#2460) |
fix return type of <code>openssh_RSA_verify</code>. (bz#2460) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd">sshd(8)</a>: |
fix some option parsing memory leaks. (bz#2182) |
fix some option parsing memory leaks. (bz#2182) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
add some debug output before DNS resolution; it's a place where |
add some debug output before DNS resolution; it's a place where |
ssh could previously silently stall in cases of unresponsive DNS |
ssh could previously silently stall in cases of unresponsive DNS |
servers. (bz#2433) |
servers. (bz#2433) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
remove spurious newline in visual hostkey. (bz#2686) |
remove spurious newline in visual hostkey. (bz#2686) |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
fix printing (<tt>ssh -G ...</tt>) of <tt>HostKeyAlgorithms=+...</tt> |
fix printing (<code>ssh -G ...</code>) of <code>HostKeyAlgorithms=+...</code> |
<li><a href="https://man.openbsd.org/?query=ssh">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>: |
fix expansion of <tt>HostkeyAlgorithms=+...</tt> |
fix expansion of <code>HostkeyAlgorithms=+...</code> |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
<li>LibreSSL 2.3.2 |
<li>LibreSSL 2.3.2 |
<ul> |
<ul> |
<li>User-visible features: |
<li>User-visible features: |
<ul> |
<ul> |
<li>This release corrects the handling of <tt>ClientHello</tt> messages |
<li>This release corrects the handling of <code>ClientHello</code> messages |
that do not include TLS extensions, resulting in such handshakes being |
that do not include TLS extensions, resulting in such handshakes being |
aborted. |
aborted. |
<li>When loading a DSA key from a raw (without DH parameters) ASN.1 |
<li>When loading a DSA key from a raw (without DH parameters) ASN.1 |
serialization, perform some consistency checks on its `p' and `q' |
serialization, perform some consistency checks on its 'p' and 'q' |
values, and return an error if the checks failed. |
values, and return an error if the checks failed. |
<li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent |
<li>Fixed a bug in <code>ECDH_compute_key</code> that can lead to silent |
truncation of the result key without error. A coding error could cause |
truncation of the result key without error. A coding error could cause |
software to use much shorter keys than intended. |
software to use much shorter keys than intended. |
<li>Removed support for <tt>DTLS_BAD_VER</tt>. Pre-DTLSv1 implementations |
<li>Removed support for <code>DTLS_BAD_VER</code>. Pre-DTLSv1 implementations |
are no longer supported. |
are no longer supported. |
<li>The <tt>engine</tt> command and parameters are removed from |
<li>The <code>engine</code> command and parameters are removed from |
<a href="https://man.openbsd.org/?query=openssl"> |
<a href="https://man.openbsd.org/openssl"> |
openssl(1)</a>. |
openssl(1)</a>. |
Previous releases removed dynamic and built-in engine support already. |
Previous releases removed dynamic and built-in engine support already. |
<li>SHA-0 is removed, which was withdrawn shortly after publication |
<li>SHA-0 is removed, which was withdrawn shortly after publication |
twenty years ago. |
twenty years ago. |
<li>Added <tt>Certplus CA</tt> root certificate to the default |
<li>Added <code>Certplus CA</code> root certificate to the default |
<tt>cert.pem</tt> file. |
<code>cert.pem</code> file. |
<li>Fixed a leak in |
<li>Fixed a leak in |
<a href="https://man.openbsd.org/?query=SSL_new"> |
<a href="https://man.openbsd.org/SSL_new"> |
SSL_new(3)</a> |
SSL_new(3)</a> |
in the error path. |
in the error path. |
<li>Fixed a memory leak and out-of-bounds access in |
<li>Fixed a memory leak and out-of-bounds access in |
<a href="https://man.openbsd.org/?query=OBJ_nid2obj"> |
<a href="https://man.openbsd.org/OBJ_nid2obj"> |
OBJ_obj2txt(3)</a>. |
OBJ_obj2txt(3)</a>. |
<li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of |
<li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of |
<tt>sizeof(RC4_CHUNK)</tt>. |
<code>sizeof(RC4_CHUNK)</code>. |
<li>Added |
<li>Added |
<a href="https://man.openbsd.org/?query=EVP_AEAD_CTX_init"> |
<a href="https://man.openbsd.org/EVP_AEAD_CTX_init"> |
EVP_aead_chacha20_poly1305_ietf(3)</a> |
EVP_aead_chacha20_poly1305_ietf(3)</a> |
which matches the |
which matches the |
<tt>AEAD</tt> construction introduced in RFC 7539, which is different |
<code>AEAD</code> construction introduced in RFC 7539, which is different |
than that already used in TLS with |
than that already used in TLS with |
<a href="https://man.openbsd.org/?query=EVP_AEAD_CTX_init"> |
<a href="https://man.openbsd.org/EVP_AEAD_CTX_init"> |
EVP_aead_chacha20_poly1305(3)</a>. |
EVP_aead_chacha20_poly1305(3)</a>. |
<li>More man pages converted from pod to |
<li>More man pages converted from pod to |
<a href="https://man.openbsd.org/?query=mdoc">mdoc(7)</a> |
<a href="https://man.openbsd.org/mdoc">mdoc(7)</a> |
format. |
format. |
<li>Added <tt>COMODO RSA Certification Authority</tt> and |
<li>Added <code>COMODO RSA Certification Authority</code> and |
<tt>QuoVadis</tt> root certificates to <tt>cert.pem</tt>. |
<code>QuoVadis</code> root certificates to <code>cert.pem</code>. |
<li>Removed "<tt>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority</tt>" |
<li>Removed "<code>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority</code>" |
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) |
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) |
root certificate from <tt>cert.pem</tt>. |
root certificate from <code>cert.pem</code>. |
<li>Fixed incorrect TLS certificate loading by |
<li>Fixed incorrect TLS certificate loading by |
<a href="https://man.openbsd.org/?query=nc">nc(1)</a>. |
<a href="https://man.openbsd.org/nc">nc(1)</a>. |
<li>The |
<li>The |
<a href="https://man.openbsd.org/?query=openssl"> |
<a href="https://man.openbsd.org/openssl"> |
openssl(1)</a> |
openssl(1)</a> |
<tt>s_time</tt> command now performs a proper shutdown which allows a |
<code>s_time</code> command now performs a proper shutdown which allows a |
full TLS connection to be benchmarked more accurately. A new |
full TLS connection to be benchmarked more accurately. A new |
<tt>-no_shutdown</tt> flag |
<code>-no_shutdown</code> flag |
makes <tt>s_time</tt> adopt the previous behavior so that comparisons |
makes <code>s_time</code> adopt the previous behavior so that comparisons |
can still be made with OpenSSL's version. |
can still be made with OpenSSL's version. |
<li>Removed support for the <tt>SSLEAY_CONF</tt> backwards compatibility |
<li>Removed support for the <code>SSLEAY_CONF</code> backwards compatibility |
environment variable in |
environment variable in |
<a href="https://man.openbsd.org/?query=openssl"> |
<a href="https://man.openbsd.org/openssl"> |
openssl(1)</a>. |
openssl(1)</a>. |
<li>The following CVEs had been fixed: |
<li>The following CVEs had been fixed: |
<ul> |
<ul> |
<li><tt>CVE-2015-3194</tt>—NULL pointer dereference in client |
<li><code>CVE-2015-3194</code>—NULL pointer dereference in client |
side certificate validation. |
side certificate validation. |
<li><tt>CVE-2015-3195</tt>—memory leak in PKCS7, not reachable |
<li><code>CVE-2015-3195</code>—memory leak in PKCS7, not reachable |
from TLS/SSL. |
from TLS/SSL. |
</ul> |
</ul> |
<li>Note: The following OpenSSL CVEs did not apply to LibreSSL: |
<li>Note: The following OpenSSL CVEs did not apply to LibreSSL: |
<ul> |
<ul> |
<li><tt>CVE-2015-3193</tt>—carry propagating bug in the x86_64 |
<li><code>CVE-2015-3193</code>—carry propagating bug in the x86_64 |
Montgomery squaring procedure. |
Montgomery squaring procedure. |
<li><tt>CVE-2015-3196</tt>—double free race condition of the |
<li><code>CVE-2015-3196</code>—double free race condition of the |
identify hint data. |
identify hint data. |
</ul> |
</ul> |
</ul> |
</ul> |
<li>Code improvements: |
<li>Code improvements: |
<ul> |
<ul> |
<li>Added install target for <tt>cmake</tt> builds. |
<li>Added install target for <code>cmake</code> builds. |
<li>Updated <tt>pkgconfig</tt> files to correctly report the release |
<li>Updated <code>pkgconfig</code> files to correctly report the release |
version number, not the individual library ABI version numbers. |
version number, not the individual library ABI version numbers. |
<li>SSLv3 is now permanently removed from the tree. |
<li>SSLv3 is now permanently removed from the tree. |
<li>The <tt>libtls</tt> API is changed from the 2.2.x series: |
<li>The <code>libtls</code> API is changed from the 2.2.x series: |
<ul> |
<ul> |
<li>The |
<li>The |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_read(3)</a> |
tls_read(3)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_write(3)</a> |
tls_write(3)</a> |
functions now work better with external event libraries. |
functions now work better with external event libraries. |
<li>Client-side verification is now supported, with the client |
<li>Client-side verification is now supported, with the client |
supplying the certificate to the server. |
supplying the certificate to the server. |
<li>Also, when using |
<li>Also, when using |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_connect_fds(3)</a>, |
tls_connect_fds(3)</a>, |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_connect_socket(3)</a> or |
tls_connect_socket(3)</a> or |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_accept_fds(3)</a>, |
tls_accept_fds(3)</a>, |
<tt>libtls</tt> no longer implicitly closes the passed in sockets. |
<code>libtls</code> no longer implicitly closes the passed in sockets. |
The caller is responsible for closing them in this case. |
The caller is responsible for closing them in this case. |
</ul> |
</ul> |
<li>New interface <tt>OPENSSL_cpu_caps</tt> is provided that does not |
<li>New interface <code>OPENSSL_cpu_caps</code> is provided that does not |
allow software to inadvertently modify cpu capability flags. |
allow software to inadvertently modify cpu capability flags. |
<tt>OPENSSL_ia32cap</tt> and <tt>OPENSSL_ia32cap_loc</tt> are removed. |
<code>OPENSSL_ia32cap</code> and <code>OPENSSL_ia32cap_loc</code> are removed. |
<li>The <tt>out_len</tt> argument of <tt>AEAD</tt> changed from |
<li>The <code>out_len</code> argument of <code>AEAD</code> changed from |
<tt>ssize_t</tt> to <tt>size_t</tt>. |
<code>ssize_t</code> to <code>size_t</code>. |
<li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS. |
<li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS. |
<li>Converted |
<li>Converted |
<a href="https://man.openbsd.org/?query=nc">nc(1)</a> |
<a href="https://man.openbsd.org/nc">nc(1)</a> |
to use <tt>libtls</tt> for client and server operations; it is |
to use <code>libtls</code> for client and server operations; it is |
included in the libressl-portable distribution as an example of how |
included in the libressl-portable distribution as an example of how |
to use the <tt>libtls</tt> library. This is intended to be a simpler |
to use the <code>libtls</code> library. This is intended to be a simpler |
and more robust replacement for <tt>openssl s_client</tt> and |
and more robust replacement for <code>openssl s_client</code> and |
<tt>openssl s_server</tt> for day-to-day operations. |
<code>openssl s_server</code> for day-to-day operations. |
<li>ASN.1 cleanups and RFC5280 compliance fixes. |
<li>ASN.1 cleanups and RFC5280 compliance fixes. |
<li>Time representations switched from <tt>unsigned long</tt> to |
<li>Time representations switched from <code>unsigned long</code> to |
<tt>time_t</tt>. LibreSSL now checks if the host OS supports 64-bit |
<code>time_t</code>. LibreSSL now checks if the host OS supports 64-bit |
<tt>time_t</tt>. |
<code>time_t</code>. |
<li>Support always extracting the peer cipher and version with |
<li>Support always extracting the peer cipher and version with |
<tt>libtls</tt>. |
<code>libtls</code>. |
<li>Added ability to check certificate validity times with |
<li>Added ability to check certificate validity times with |
<tt>libtls</tt>, |
<code>libtls</code>, |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_peer_cert_notbefore(3)</a> |
tls_peer_cert_notbefore(3)</a> |
and |
and |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_peer_cert_notafter(3)</a>. |
tls_peer_cert_notafter(3)</a>. |
<li>Changed |
<li>Changed |
<a href="https://man.openbsd.org/?query=tls_init"> |
<a href="https://man.openbsd.org/tls_init"> |
tls_connect_servername(3)</a> |
tls_connect_servername(3)</a> |
to use the first address that resolves with |
to use the first address that resolves with |
<a href="https://man.openbsd.org/?query=getaddrinfo"> |
<a href="https://man.openbsd.org/getaddrinfo"> |
getaddrinfo(3)</a>. |
getaddrinfo(3)</a>. |
<li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code |
<li>Remove broken conditional <code>EVP_CHECK_DES_KEY</code> code |
(non-functional since initial commit in 2004). |
(non-functional since initial commit in 2004). |
<li>Reject too small bits value in |
<li>Reject too small bits value in |
<a href="https://man.openbsd.org/?query=BN_generate_prime"> |
<a href="https://man.openbsd.org/BN_generate_prime"> |
BN_generate_prime(3)</a>, |
BN_generate_prime(3)</a>, |
so that it does not risk becoming negative in |
so that it does not risk becoming negative in |
<tt>probable_prime_dh_safe()</tt>. |
<code>probable_prime_dh_safe()</code>. |
<li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of |
<li>Changed format of <code>LIBRESSL_VERSION_NUMBER</code> to match that of |
<tt>OPENSSL_VERSION_NUMBER</tt>. |
<code>OPENSSL_VERSION_NUMBER</code>. |
<li>Avoid a potential undefined C99+ behavior due to shift overflow in |
<li>Avoid a potential undefined C99+ behavior due to shift overflow in |
<tt>AES_decrypt</tt>. |
<code>AES_decrypt</code>. |
<li>Deprecated the <tt>SSL_OP_SINGLE_DH_USE</tt> flag. |
<li>Deprecated the <code>SSL_OP_SINGLE_DH_USE</code> flag. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>Ports and packages: |
<li>Ports and packages: |
<dl> |
<p>Many pre-built packages for each architecture: |
<dt>Many pre-built packages for each architecture: |
|
</dl> |
|
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
<ul style="column-count: 4"> |
<tr> |
|
<td valign="top" width="25%"> |
|
<ul> |
|
<li>alpha: 7450 |
<li>alpha: 7450 |
<li>amd64: 9295 |
<li>amd64: 9295 |
<li>hppa: 6304 |
<li>hppa: 6304 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>i386: 9290 |
<li>i386: 9290 |
<li>mips64: 7094 |
<li>mips64: 7094 |
<li>mips64el: 7846 |
<li>mips64el: 7846 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>powerpc: 8383 |
<li>powerpc: 8383 |
<li>sh: 111 |
<li>sh: 111 |
<li>sparc: 1105 |
<li>sparc: 1105 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>sparc64: 8528 |
<li>sparc64: 8528 |
</ul></td></tr></table> |
</ul> |
<p> |
|
|
|
<dl> |
<p>Some highlights: |
<dt>Some highlights: |
<ul style="column-count: 2"> |
</dl> |
|
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
|
<tr> |
|
<td valign="top" width="33%"><ul> |
|
<li>Chromium 48.0.2564.116 |
<li>Chromium 48.0.2564.116 |
<li>Emacs 21.4 and 24.5 |
<li>Emacs 21.4 and 24.5 |
<li>GCC 4.9.3 |
<li>GCC 4.9.3 |
|
|
<li>Mono 4.2.1.102 |
<li>Mono 4.2.1.102 |
<li>Mozilla Firefox 38.6.1esr and 44.0.2 |
<li>Mozilla Firefox 38.6.1esr and 44.0.2 |
<li>Mozilla Thunderbird 38.6.0 |
<li>Mozilla Thunderbird 38.6.0 |
</ul></td><td valign=top width="33%"><ul> |
|
<li>Node.js 4.3.0 |
<li>Node.js 4.3.0 |
<li>OpenLDAP 2.3.43 and 2.4.43 |
<li>OpenLDAP 2.3.43 and 2.4.43 |
<li>PHP 5.4.45, 5.5.32 and 5.6.18 |
<li>PHP 5.4.45, 5.5.32 and 5.6.18 |
|
|
<li>TeX Live 2014 |
<li>TeX Live 2014 |
<li>Vim 7.4.900 |
<li>Vim 7.4.900 |
<li>Xfce 4.12 |
<li>Xfce 4.12 |
</ul></td><td valign=top width="34%"> |
</ul> |
</td></tr></table> |
|
<p> |
|
|
|
<li>As usual, steady improvements in manual pages and other documentation. |
<li>As usual, steady improvements in manual pages and other documentation. |
<p> |
|
|
|
<li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
<ul> |
<ul> |
|
|
<li>Gdb 6.3 (+ patches) |
<li>Gdb 6.3 (+ patches) |
<li>Awk Aug 10, 2011 version |
<li>Awk Aug 10, 2011 version |
</ul> |
</ul> |
|
|
</ul> |
</ul> |
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="install"><font color="#0000e0">How to install</font></h3> |
<section id=install> |
|
<h3>How to install</h3> |
|
|
|
<p> |
Following this are the instructions which you would have on a piece of |
Following this are the instructions which you would have on a piece of |
paper if you had purchased a CDROM set instead of doing an alternate |
paper if you had purchased a CDROM set instead of doing an alternate |
form of install. The instructions for doing an HTTP (or other style |
form of install. The instructions for doing an HTTP (or other style |
of) install are very similar; the CDROM instructions are left intact |
of) install are very similar; the CDROM instructions are left intact |
so that you can see how much easier it would have been if you had |
so that you can see how much easier it would have been if you had |
purchased a CDROM instead. |
purchased a CDROM instead. |
<p> |
|
|
|
<hr> |
<hr> |
<p> |
<p> |
|
|
.../OpenBSD/5.9/zaurus/INSTALL.zaurus</a> |
.../OpenBSD/5.9/zaurus/INSTALL.zaurus</a> |
</ul> |
</ul> |
|
|
|
|
<hr> |
<hr> |
|
|
|
<section id=quickinstall> |
<p> |
<p> |
Quick installer information for people familiar with OpenBSD, and the |
Quick installer information for people familiar with OpenBSD, and the |
use of the "disklabel -E" command. If you are at all confused when |
use of the "disklabel -E" command. If you are at all confused when |
installing OpenBSD, read the relevant INSTALL.* file as listed above! |
installing OpenBSD, read the relevant INSTALL.* file as listed above! |
|
|
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
<h3>OpenBSD/i386:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
read INSTALL.i386. |
read INSTALL.i386. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/amd64:</font></h3> |
<h3>OpenBSD/amd64:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
read INSTALL.amd64. |
read INSTALL.amd64. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/macppc:</font></h3> |
<h3>OpenBSD/macppc:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
/5.9/macppc/bsd.rd</i> |
/5.9/macppc/bsd.rd</i> |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/sparc64:</font></h3> |
<h3>OpenBSD/sparc64:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/alpha:</font></h3> |
<h3>OpenBSD/alpha:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
will most likely fail. |
will most likely fail. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/hppa:</font></h3> |
<h3>OpenBSD/hppa:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
<a href="hppa.html#install">hppa platform page</a>. |
<a href="hppa.html#install">hppa platform page</a>. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/landisk:</font></h3> |
<h3>OpenBSD/landisk:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
or disk, and boot normally. |
or disk, and boot normally. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/loongson:</font></h3> |
<h3>OpenBSD/loongson:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
Refer to the instructions in INSTALL.loongson for more details. |
Refer to the instructions in INSTALL.loongson for more details. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/luna88k:</font></h3> |
<h3>OpenBSD/luna88k:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
from the PROM, and then bsd.rd from the bootloader. |
from the PROM, and then bsd.rd from the bootloader. |
Refer to the instructions in INSTALL.luna88k for more details. |
Refer to the instructions in INSTALL.luna88k for more details. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/octeon:</font></h3> |
<h3>OpenBSD/octeon:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
Refer to the instructions in INSTALL.octeon for more details. |
Refer to the instructions in INSTALL.octeon for more details. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/sgi:</font></h3> |
<h3>OpenBSD/sgi:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
system type. Refer to the instructions in INSTALL.sgi for more details. |
system type. Refer to the instructions in INSTALL.sgi for more details. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/socppc:</font></h3> |
<h3>OpenBSD/socppc:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
Refer to the instructions in INSTALL.socppc for more details. |
Refer to the instructions in INSTALL.socppc for more details. |
</ul> |
</ul> |
|
|
<h3><font color="#e00000">OpenBSD/zaurus:</font></h3> |
<h3>OpenBSD/zaurus:</h3> |
|
|
<ul style="list-style-type: none"> |
<ul style="list-style-type: none"> |
<li> |
<li> |
|
|
openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
for a few important details. |
for a few important details. |
</ul> |
</ul> |
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3> |
<section id=upgrade> |
|
<h3>How to upgrade</h3> |
|
|
If you already have an OpenBSD 5.8 system, and do not want to reinstall, |
If you already have an OpenBSD 5.8 system, and do not want to reinstall, |
upgrade instructions and advice can be found in the |
upgrade instructions and advice can be found in the |
<a href="faq/upgrade59.html">Upgrade Guide</a>. |
<a href="faq/upgrade59.html">Upgrade Guide</a>. |
<p> |
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
<section id=sourcecode> |
|
<h3>Notes about the source code</h3> |
|
|
src.tar.gz contains a source archive starting at /usr/src. This file |
src.tar.gz contains a source archive starting at /usr/src. This file |
contains everything you need except for the kernel sources, which are |
contains everything you need except for the kernel sources, which are |
|
|
Using these files |
Using these files |
results in a much faster initial CVS update than you could expect from |
results in a much faster initial CVS update than you could expect from |
a fresh checkout of the full OpenBSD source tree. |
a fresh checkout of the full OpenBSD source tree. |
<p> |
</section> |
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="ports"><font color="#0000e0">Ports Tree</font></h3> |
<section id=ports> |
|
<h3>Ports Tree</h3> |
|
|
A ports tree archive is also provided. To extract: |
A ports tree archive is also provided. To extract: |
|
|
|
|
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
<a href="https://man.openbsd.org/?query=cvs"> |
<a href="https://man.openbsd.org/cvs"> |
cvs(1)</a> if |
cvs(1)</a> if |
you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
source tree, our ports tree is available via |
source tree, our ports tree is available via |
|
|
If you're interested in seeing a port added, would like to help out, or just |
If you're interested in seeing a port added, would like to help out, or just |
would like to know more, the mailing list |
would like to know more, the mailing list |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<p> |
</section> |
</body> |
|
</html> |
|