version 1.5, 2016/07/21 10:48:03 |
version 1.6, 2016/07/21 11:56:18 |
|
|
<li>See a <a href="plus60.html">detailed log of changes</a> between the |
<li>See a <a href="plus60.html">detailed log of changes</a> between the |
5.9 and 6.0 releases. |
5.9 and 6.0 releases. |
<p> |
<p> |
<li><a href="http://man.openbsd.org/?query=signify">signify(1)</a> |
<li><a href="http://man.openbsd.org/signify.1">signify(1)</a> |
pubkeys for this release:<br> |
pubkeys for this release:<br> |
<pre> |
<pre> |
base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
|
|
<li><tt>W^X</tt> is now strictly enforced by default; |
<li><tt>W^X</tt> is now strictly enforced by default; |
a program can only violate it if the executable is marked with |
a program can only violate it if the executable is marked with |
<tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem |
<tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem |
mounted with the <tt>wxallowed</tt> <a href="http://man.openbsd.org/?query=mount&sec=8">mount(8)</a> option. |
mounted with the <tt>wxallowed</tt> |
<li>The <a href="http://man.openbsd.org/?query=setjmp&sec=3">setjmp(3)</a> |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
|
<li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a> |
family of functions now apply XOR cookies to stack and return-address |
family of functions now apply XOR cookies to stack and return-address |
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc. |
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc. |
<li><a href="http://man.openbsd.org/?query=sigreturn&sec=2">sigreturn(2)</a> |
<li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
<li>... |
<li>... |
|
|
<li>Improved symbol handling and standards compliance in libc. |
<li>Improved symbol handling and standards compliance in libc. |
For example, defining an <tt>open()</tt> function will no longer |
For example, defining an <tt>open()</tt> function will no longer |
interfere with the operation of |
interfere with the operation of |
<a href="http://man.openbsd.org/?query=fopen&sec=3">fopen(3)</a>. |
<a href="http://man.openbsd.org/fopen.3">fopen(3)</a>. |
<li><tt>PT_TLS</tt> sections are now supported in initially loaded object. |
<li><tt>PT_TLS</tt> sections are now supported in initially loaded object. |
<li>Improved handling of "no paths" and "empty path" in |
<li>Improved handling of "no paths" and "empty path" in |
<a href="http://man.openbsd.org/?query=fts&sec=3">fts(3)</a>. |
<a href="http://man.openbsd.org/fts.3">fts(3)</a>. |
<li><a href="http://man.openbsd.org/?query=kdump&sec=1">kdump(1)</a> |
<li><a href="http://man.openbsd.org/kdump.1">kdump(1)</a> |
now dumps pollfd structures. |
now dumps <tt>pollfd</tt> structures. |
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
of NTP peers, avoid constant reconnections when there is a bad NTP |
of NTP peers, avoid constant reconnections when there is a bad NTP |
peer. |
peer. |
<li>Removed disabled |
<li>Removed disabled |
<a href="http://man.openbsd.org/?query=hotplug">hotplug(4)</a> |
<a href="http://man.openbsd.org/hotplug.4">hotplug(4)</a> |
sensor support. |
sensor support. |
<li>Added support for detecting crashes in constraint subprocesses. |
<li>Added support for detecting crashes in constraint subprocesses. |
<li>Moved the execution of constraints from the ntp process to the |
<li>Moved the execution of constraints from the ntp process to the |
parent process, allowing for better privilege separation since the |
parent process, allowing for better privilege separation since the |
ntp process can be further restricted. |
ntp process can be further restricted. |
<li>Added |
<li>Added |
<a href="http://man.openbsd.org/?query=pledge">pledge(2)</a> |
<a href="http://man.openbsd.org/pledge.2">pledge(2)</a> |
support. |
support. |
<li>Fixed high CPU usage when the network is down. |
<li>Fixed high CPU usage when the network is down. |
<li>Fixed various memory leaks. |
<li>Fixed various memory leaks. |
|
|
<li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using |
<li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using |
ntp_adjtime. |
ntp_adjtime. |
<li>Fixed HTTP Timestamp header parsing to use |
<li>Fixed HTTP Timestamp header parsing to use |
<a href="http://man.openbsd.org/?query=strptime">strptime(3)</a> |
<a href="http://man.openbsd.org/strptime.3">strptime(3)</a> |
in a more portable fashion. |
in a more portable fashion. |
<li>Hardened TLS for |
<li>Hardened TLS for |
<a href="http://man.openbsd.org/?query=ntpd">ntpd(8)</a> |
<a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a> |
constraints, enabling server name verification. |
constraints, enabling server name verification. |
</ul> |
</ul> |
<p> |
<p> |
|
|
elements over 16k in size. |
elements over 16k in size. |
<li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites. |
<li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites. |
<li>Fixed password prompts from |
<li>Fixed password prompts from |
<a href="http://man.openbsd.org/?query=openssl">openssl(1)</a> |
<a href="http://man.openbsd.org/openssl.1">openssl(1)</a> |
to properly handle ^C. |
to properly handle ^C. |
</ul> |
</ul> |
<li>Code improvements: |
<li>Code improvements: |
|
|
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
'<tt>install_sw</tt>' build target. |
'<tt>install_sw</tt>' build target. |
<li>Changed default |
<li>Changed default |
<a href="http://man.openbsd.org/?query=EVP_AEAD_CTX_init">EVP_aead_chacha20_poly1305(3)</a> |
<a href="http://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a> |
implementation to the IETF version, which is now the default. |
implementation to the IETF version, which is now the default. |
<li>Reworked error handling in <tt>libtls</tt> so that configuration |
<li>Reworked error handling in <tt>libtls</tt> so that configuration |
errors are more visible. |
errors are more visible. |
<li>Added missing error handling around |
<li>Added missing error handling around |
<a href="http://man.openbsd.org/?query=bn_dump">bn_wexpand(3)</a> |
<a href="http://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a> |
calls. |
calls. |
<li>Added |
<li>Added |
<a href="http://man.openbsd.org/?query=bzero">explicit_bzero(3)</a> |
<a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> |
calls for freed ASN.1 objects. |
calls for freed ASN.1 objects. |
<li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
<li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
failure. |
failure. |
<li>Deprecated internal use of |
<li>Deprecated internal use of |
<a href="http://man.openbsd.org/?query=EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
<li>Fixed several issues in the OCSP code that could result in the |
<li>Fixed several issues in the OCSP code that could result in the |
|
|
<hr> |
<hr> |
|
|
<p> |
<p> |
Quick installer information for people familiar with OpenBSD, and the |
Quick installer information for people familiar with OpenBSD, and the use of |
use of the "disklabel -E" command. If you are at all confused when |
the "<a href="http://man.openbsd.org/disklabel.8">disklabel</a> -E" command. |
installing OpenBSD, read the relevant INSTALL.* file as listed above! |
If you are at all confused when installing OpenBSD, read the relevant |
|
INSTALL.* file as listed above! |
|
|
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
|
|
|
|
|
|
<h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
<h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
|
|
src.tar.gz contains a source archive starting at /usr/src. This file |
<tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>. |
contains everything you need except for the kernel sources, which are |
This file contains everything you need except for the kernel sources, |
in a separate archive. To extract: |
which are in a separate archive. |
|
To extract: |
|
|
<blockquote><pre> |
<blockquote><pre> |
# <b>mkdir -p /usr/src</b> |
# <b>mkdir -p /usr/src</b> |
|
|
# <b>tar xvfz /tmp/src.tar.gz</b> |
# <b>tar xvfz /tmp/src.tar.gz</b> |
</pre></blockquote> |
</pre></blockquote> |
|
|
sys.tar.gz contains a source archive starting at /usr/src/sys. |
<tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>. |
This file contains all the kernel sources you need to rebuild kernels. |
This file contains all the kernel sources you need to rebuild kernels. |
To extract: |
To extract: |
|
|
|
|
Rather, it is a set of notes meant to kickstart the user on the |
Rather, it is a set of notes meant to kickstart the user on the |
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS checkout of our ports. |
<a href="http://man.openbsd.org/?query=cvs"> |
As with our complete source tree, our ports tree is available via |
cvs(1)</a> if |
|
you aren't familiar with CVS) checkout of our ports. As with our complete |
|
source tree, our ports tree is available via |
|
<a href="anoncvs.html">AnonCVS</a>. |
<a href="anoncvs.html">AnonCVS</a>. |
So, in order to keep up to date with the <i>-stable</i> branch, you must make |
So, in order to keep up to date with the <i>-stable</i> branch, you must make |
the <i>ports/</i> tree available on a read-write medium and update the tree |
the <i>ports/</i> tree available on a read-write medium and update the tree |