| version 1.5, 2016/07/21 10:48:03 |
version 1.6, 2016/07/21 11:56:18 |
|
|
| <li>See a <a href="plus60.html">detailed log of changes</a> between the |
<li>See a <a href="plus60.html">detailed log of changes</a> between the |
| 5.9 and 6.0 releases. |
5.9 and 6.0 releases. |
| <p> |
<p> |
| <li><a href="http://man.openbsd.org/?query=signify">signify(1)</a> |
<li><a href="http://man.openbsd.org/signify.1">signify(1)</a> |
| pubkeys for this release:<br> |
pubkeys for this release:<br> |
| <pre> |
<pre> |
| base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
|
|
| <li><tt>W^X</tt> is now strictly enforced by default; |
<li><tt>W^X</tt> is now strictly enforced by default; |
| a program can only violate it if the executable is marked with |
a program can only violate it if the executable is marked with |
| <tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem |
<tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem |
| mounted with the <tt>wxallowed</tt> <a href="http://man.openbsd.org/?query=mount&sec=8">mount(8)</a> option. |
mounted with the <tt>wxallowed</tt> |
| <li>The <a href="http://man.openbsd.org/?query=setjmp&sec=3">setjmp(3)</a> |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
| |
<li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a> |
| family of functions now apply XOR cookies to stack and return-address |
family of functions now apply XOR cookies to stack and return-address |
| values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc. |
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc. |
| <li><a href="http://man.openbsd.org/?query=sigreturn&sec=2">sigreturn(2)</a> |
<li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
| can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
| with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
| <li>... |
<li>... |
|
|
| <li>Improved symbol handling and standards compliance in libc. |
<li>Improved symbol handling and standards compliance in libc. |
| For example, defining an <tt>open()</tt> function will no longer |
For example, defining an <tt>open()</tt> function will no longer |
| interfere with the operation of |
interfere with the operation of |
| <a href="http://man.openbsd.org/?query=fopen&sec=3">fopen(3)</a>. |
<a href="http://man.openbsd.org/fopen.3">fopen(3)</a>. |
| <li><tt>PT_TLS</tt> sections are now supported in initially loaded object. |
<li><tt>PT_TLS</tt> sections are now supported in initially loaded object. |
| <li>Improved handling of "no paths" and "empty path" in |
<li>Improved handling of "no paths" and "empty path" in |
| <a href="http://man.openbsd.org/?query=fts&sec=3">fts(3)</a>. |
<a href="http://man.openbsd.org/fts.3">fts(3)</a>. |
| <li><a href="http://man.openbsd.org/?query=kdump&sec=1">kdump(1)</a> |
<li><a href="http://man.openbsd.org/kdump.1">kdump(1)</a> |
| now dumps pollfd structures. |
now dumps <tt>pollfd</tt> structures. |
| <li>... |
<li>... |
| </ul> |
</ul> |
| <p> |
<p> |
|
|
| of NTP peers, avoid constant reconnections when there is a bad NTP |
of NTP peers, avoid constant reconnections when there is a bad NTP |
| peer. |
peer. |
| <li>Removed disabled |
<li>Removed disabled |
| <a href="http://man.openbsd.org/?query=hotplug">hotplug(4)</a> |
<a href="http://man.openbsd.org/hotplug.4">hotplug(4)</a> |
| sensor support. |
sensor support. |
| <li>Added support for detecting crashes in constraint subprocesses. |
<li>Added support for detecting crashes in constraint subprocesses. |
| <li>Moved the execution of constraints from the ntp process to the |
<li>Moved the execution of constraints from the ntp process to the |
| parent process, allowing for better privilege separation since the |
parent process, allowing for better privilege separation since the |
| ntp process can be further restricted. |
ntp process can be further restricted. |
| <li>Added |
<li>Added |
| <a href="http://man.openbsd.org/?query=pledge">pledge(2)</a> |
<a href="http://man.openbsd.org/pledge.2">pledge(2)</a> |
| support. |
support. |
| <li>Fixed high CPU usage when the network is down. |
<li>Fixed high CPU usage when the network is down. |
| <li>Fixed various memory leaks. |
<li>Fixed various memory leaks. |
|
|
| <li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using |
<li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using |
| ntp_adjtime. |
ntp_adjtime. |
| <li>Fixed HTTP Timestamp header parsing to use |
<li>Fixed HTTP Timestamp header parsing to use |
| <a href="http://man.openbsd.org/?query=strptime">strptime(3)</a> |
<a href="http://man.openbsd.org/strptime.3">strptime(3)</a> |
| in a more portable fashion. |
in a more portable fashion. |
| <li>Hardened TLS for |
<li>Hardened TLS for |
| <a href="http://man.openbsd.org/?query=ntpd">ntpd(8)</a> |
<a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a> |
| constraints, enabling server name verification. |
constraints, enabling server name verification. |
| </ul> |
</ul> |
| <p> |
<p> |
|
|
| elements over 16k in size. |
elements over 16k in size. |
| <li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites. |
<li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites. |
| <li>Fixed password prompts from |
<li>Fixed password prompts from |
| <a href="http://man.openbsd.org/?query=openssl">openssl(1)</a> |
<a href="http://man.openbsd.org/openssl.1">openssl(1)</a> |
| to properly handle ^C. |
to properly handle ^C. |
| </ul> |
</ul> |
| <li>Code improvements: |
<li>Code improvements: |
|
|
| <li>Fixed an <i>nginx</i> compatibility issue by adding an |
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
| '<tt>install_sw</tt>' build target. |
'<tt>install_sw</tt>' build target. |
| <li>Changed default |
<li>Changed default |
| <a href="http://man.openbsd.org/?query=EVP_AEAD_CTX_init">EVP_aead_chacha20_poly1305(3)</a> |
<a href="http://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a> |
| implementation to the IETF version, which is now the default. |
implementation to the IETF version, which is now the default. |
| <li>Reworked error handling in <tt>libtls</tt> so that configuration |
<li>Reworked error handling in <tt>libtls</tt> so that configuration |
| errors are more visible. |
errors are more visible. |
| <li>Added missing error handling around |
<li>Added missing error handling around |
| <a href="http://man.openbsd.org/?query=bn_dump">bn_wexpand(3)</a> |
<a href="http://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a> |
| calls. |
calls. |
| <li>Added |
<li>Added |
| <a href="http://man.openbsd.org/?query=bzero">explicit_bzero(3)</a> |
<a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> |
| calls for freed ASN.1 objects. |
calls for freed ASN.1 objects. |
| <li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
<li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
| failure. |
failure. |
| <li>Deprecated internal use of |
<li>Deprecated internal use of |
| <a href="http://man.openbsd.org/?query=EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
| <li>Fixed a problem that prevents the DSA signing algorithm from running |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
| in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
| <li>Fixed several issues in the OCSP code that could result in the |
<li>Fixed several issues in the OCSP code that could result in the |
|
|
| <hr> |
<hr> |
| |
|
| <p> |
<p> |
| Quick installer information for people familiar with OpenBSD, and the |
Quick installer information for people familiar with OpenBSD, and the use of |
| use of the "disklabel -E" command. If you are at all confused when |
the "<a href="http://man.openbsd.org/disklabel.8">disklabel</a> -E" command. |
| installing OpenBSD, read the relevant INSTALL.* file as listed above! |
If you are at all confused when installing OpenBSD, read the relevant |
| |
INSTALL.* file as listed above! |
| |
|
| <h3><font color="#e00000">OpenBSD/i386:</font></h3> |
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
| |
|
|
|
| |
|
| <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
<h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
| |
|
| src.tar.gz contains a source archive starting at /usr/src. This file |
<tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>. |
| contains everything you need except for the kernel sources, which are |
This file contains everything you need except for the kernel sources, |
| in a separate archive. To extract: |
which are in a separate archive. |
| |
To extract: |
| |
|
| <blockquote><pre> |
<blockquote><pre> |
| # <b>mkdir -p /usr/src</b> |
# <b>mkdir -p /usr/src</b> |
|
|
| # <b>tar xvfz /tmp/src.tar.gz</b> |
# <b>tar xvfz /tmp/src.tar.gz</b> |
| </pre></blockquote> |
</pre></blockquote> |
| |
|
| sys.tar.gz contains a source archive starting at /usr/src/sys. |
<tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>. |
| This file contains all the kernel sources you need to rebuild kernels. |
This file contains all the kernel sources you need to rebuild kernels. |
| To extract: |
To extract: |
| |
|
|
|
| Rather, it is a set of notes meant to kickstart the user on the |
Rather, it is a set of notes meant to kickstart the user on the |
| OpenBSD ports system. |
OpenBSD ports system. |
| <p> |
<p> |
| The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS checkout of our ports. |
| <a href="http://man.openbsd.org/?query=cvs"> |
As with our complete source tree, our ports tree is available via |
| cvs(1)</a> if |
|
| you aren't familiar with CVS) checkout of our ports. As with our complete |
|
| source tree, our ports tree is available via |
|
| <a href="anoncvs.html">AnonCVS</a>. |
<a href="anoncvs.html">AnonCVS</a>. |
| So, in order to keep up to date with the <i>-stable</i> branch, you must make |
So, in order to keep up to date with the <i>-stable</i> branch, you must make |
| the <i>ports/</i> tree available on a read-write medium and update the tree |
the <i>ports/</i> tree available on a read-write medium and update the tree |
![[BACK]](/icons/back.gif){kind=icon}
Return to 60.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www