version 1.78, 2019/04/24 15:54:54 |
version 1.79, 2019/05/27 22:55:18 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=release> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 6.0</title> |
<title>OpenBSD 6.0</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
|
<meta name="description" content="OpenBSD 6.0"> |
<meta name="description" content="OpenBSD 6.0"> |
<meta name="copyright" content="This document copyright 2016 by OpenBSD."> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/60.html"> |
<link rel="canonical" href="https://www.openbsd.org/60.html"> |
</head> |
|
|
|
<body bgcolor="#ffffff" text="#000000" link="#24248E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">6.0</font> |
6.0 |
</h2> |
</h2> |
|
|
|
<table> |
|
<tr> |
|
<td> |
<a href="images/puff.jpg"> |
<a href="images/puff.jpg"> |
<img alt="Puff" align="left" width="227" height="343" hspace="24" src="images/puff.jpg"></a> |
<img alt="Puff" width="227" height="343" src="images/puff.jpg"></a> |
|
<td> |
Released Sep 1, 2016<br> |
Released Sep 1, 2016<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
<font color="#e00000">ISBN 978-0-9881561-8-0</font> |
<cite class=isbn>ISBN 978-0-9881561-8-0</cite> |
<br> |
<br> |
6.0 Songs: |
6.0 Songs: |
<a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
<a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
|
|
<ul> |
<ul> |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
a list of mirror machines. |
a list of mirror machines. |
<li>Go to the <font color="#e00000">pub/OpenBSD/6.0/</font> directory on |
<li>Go to the <code class=reldir>pub/OpenBSD/6.0/</code> directory on |
one of the mirror sites. |
one of the mirror sites. |
<li>Have a look at <a href="errata60.html">the 6.0 errata page</a> for a list |
<li>Have a look at <a href="errata60.html">the 6.0 errata page</a> for a list |
of bugs and workarounds. |
of bugs and workarounds. |
|
|
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a> |
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a> |
pubkeys for this release:<p> |
pubkeys for this release:<p> |
|
|
<table cellspacing=0 style='font-family:monospace'><tr> |
<table class=signify> |
<td> |
<tr><td> |
openbsd-61-base.pub: |
openbsd-61-base.pub: |
</td><td> |
<td> |
RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8 |
</td></tr><tr><td> |
<tr><td> |
openbsd-61-fw.pub: |
openbsd-61-fw.pub: |
</td><td> |
<td> |
RWRWf7GJKFvJTWEMIaw9wld0DujiqL1mlrC6HisE6i78C+2SRArV1Iyo |
RWRWf7GJKFvJTWEMIaw9wld0DujiqL1mlrC6HisE6i78C+2SRArV1Iyo |
</td></tr><tr><td> |
<tr><td> |
openbsd-61-pkg.pub: |
openbsd-61-pkg.pub: |
</td><td> |
<td> |
RWQHIajRlT2mX7tmRgb6oN6mfJu3AgQ/TU38acrWABO8lz90dR3rNmey |
RWQHIajRlT2mX7tmRgb6oN6mfJu3AgQ/TU38acrWABO8lz90dR3rNmey |
</td></tr> |
|
</table> |
</table> |
|
|
<p> |
<p> |
|
|
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
files fetched via ports.tar.gz. |
files fetched via ports.tar.gz. |
</ul> |
</ul> |
<br clear=all> |
</table> |
|
|
<hr> |
<hr> |
|
|
<h3 id="new"><font color="#0000e0">What's New</font></h3> |
<section id=new> |
|
<h3>What's New</h3> |
|
|
|
<p> |
This is a partial list of new features and systems included in OpenBSD 6.0. |
This is a partial list of new features and systems included in OpenBSD 6.0. |
For a comprehensive list, see the <a href="plus60.html">changelog</a> leading |
For a comprehensive list, see the <a href="plus60.html">changelog</a> leading |
to 6.0. |
to 6.0. |
|
|
<li>Removed. |
<li>Removed. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/?query=bytgpio">bytgpio(4)</a> |
<li>New <a href="https://man.openbsd.org/bytgpio">bytgpio(4)</a> |
driver for the Intel Bay Trail GPIO controller. |
driver for the Intel Bay Trail GPIO controller. |
<li>New <a href="https://man.openbsd.org/?query=chvgpio">chvgpio(4)</a> |
<li>New <a href="https://man.openbsd.org/chvgpio">chvgpio(4)</a> |
driver for the Intel Cherry View GPIO controller. |
driver for the Intel Cherry View GPIO controller. |
<li>New <a href="https://man.openbsd.org/?query=maxrtc">maxrtc(4)</a> |
<li>New <a href="https://man.openbsd.org/maxrtc">maxrtc(4)</a> |
driver for the Maxim DS1307 real time clock. |
driver for the Maxim DS1307 real time clock. |
<li>New <a href="https://man.openbsd.org/?query=nvme">nvme(4)</a> |
<li>New <a href="https://man.openbsd.org/nvme">nvme(4)</a> |
driver for the Non-Volatile Memory Express (NVMe) host controller interface. |
driver for the Non-Volatile Memory Express (NVMe) host controller interface. |
<li>New <a href="https://man.openbsd.org/?query=pcfrtc">pcfrtc(4)</a> |
<li>New <a href="https://man.openbsd.org/pcfrtc">pcfrtc(4)</a> |
driver for the NXP PCF8523 real time clock. |
driver for the NXP PCF8523 real time clock. |
<li>New <a href="https://man.openbsd.org/?query=umb">umb(4)</a> |
<li>New <a href="https://man.openbsd.org/umb">umb(4)</a> |
driver for the Mobile Broadband Interface Model (MBIM). |
driver for the Mobile Broadband Interface Model (MBIM). |
<li>New <a href="https://man.openbsd.org/?query=ure">ure(4)</a> |
<li>New <a href="https://man.openbsd.org/ure">ure(4)</a> |
driver for RealTek RTL8152 based 10/100 USB Ethernet devices. |
driver for RealTek RTL8152 based 10/100 USB Ethernet devices. |
<li>New <a href="https://man.openbsd.org/?query=utvfu">utvfu(4)</a> |
<li>New <a href="https://man.openbsd.org/utvfu">utvfu(4)</a> |
driver for audio/video capture devices based on the Fushicai USBTV007. |
driver for audio/video capture devices based on the Fushicai USBTV007. |
<li>The <a href="https://man.openbsd.org/?query=iwm">iwm(4)</a> driver |
<li>The <a href="https://man.openbsd.org/iwm">iwm(4)</a> driver |
now supports Intel Wireless 3165 and 8260 devices, and works more |
now supports Intel Wireless 3165 and 8260 devices, and works more |
reliably in RAMDISK kernels. |
reliably in RAMDISK kernels. |
<li>Support for I2C HID devices with GPIO signalled interrupts has |
<li>Support for I2C HID devices with GPIO signalled interrupts has |
been added to <a href="https://man.openbsd.org/?query=dwiic">dwiic(4)</a>. |
been added to <a href="https://man.openbsd.org/dwiic">dwiic(4)</a>. |
<li>Support for larger bus widths, high speed modes, and DMA |
<li>Support for larger bus widths, high speed modes, and DMA |
transfers has been added to |
transfers has been added to |
<a href="https://man.openbsd.org/?query=sdmmc">sdmmc(4)</a>, |
<a href="https://man.openbsd.org/sdmmc">sdmmc(4)</a>, |
<a href="https://man.openbsd.org/?query=rtsx">rtsx(4)</a>, |
<a href="https://man.openbsd.org/rtsx">rtsx(4)</a>, |
<a href="https://man.openbsd.org/?query=sdhc">sdhc(4)</a>, and |
<a href="https://man.openbsd.org/sdhc">sdhc(4)</a>, and |
<a href="https://man.openbsd.org/?query=imxesdhc">imxesdhc(4)</a>. |
<a href="https://man.openbsd.org/imxesdhc">imxesdhc(4)</a>. |
<li>Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs. |
<li>Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs. |
<li>Many USB device drivers have been enabled on OpenBSD/octeon. |
<li>Many USB device drivers have been enabled on OpenBSD/octeon. |
<li>Improved support for hardware-reduced ACPI implementations. |
<li>Improved support for hardware-reduced ACPI implementations. |
|
|
<li>AES-NI crypto is now done without holding the kernel lock. |
<li>AES-NI crypto is now done without holding the kernel lock. |
<li>Improved AGP support on PowerPC G5 machines. |
<li>Improved AGP support on PowerPC G5 machines. |
<li>Added support for the SD card slot in Intel Bay Trail SoCs. |
<li>Added support for the SD card slot in Intel Bay Trail SoCs. |
<li>The <a href="https://man.openbsd.org/?query=ichiic">ichiic(4)</a> driver |
<li>The <a href="https://man.openbsd.org/ichiic">ichiic(4)</a> driver |
now ignores the SMBALERT# interrupt to prevent an interrupt storm |
now ignores the SMBALERT# interrupt to prevent an interrupt storm |
with buggy BIOS implementations. |
with buggy BIOS implementations. |
<li>Device attachment problems with the |
<li>Device attachment problems with the |
<a href="https://man.openbsd.org/?query=axen">axen(4)</a> driver have |
<a href="https://man.openbsd.org/axen">axen(4)</a> driver have |
been fixed. |
been fixed. |
<li>The <a href="https://man.openbsd.org/?query=ral">ral(4)</a> driver |
<li>The <a href="https://man.openbsd.org/ral">ral(4)</a> driver |
is more stable under load with RT2860 devices. |
is more stable under load with RT2860 devices. |
<li>Problems with dead keyboards after resume have been fixed in the |
<li>Problems with dead keyboards after resume have been fixed in the |
<a href="https://man.openbsd.org/?query=pckbd">pckbd(4)</a> driver. |
<a href="https://man.openbsd.org/pckbd">pckbd(4)</a> driver. |
<li>The <a href="https://man.openbsd.org/?query=rtsx">rtsx(4)</a> driver |
<li>The <a href="https://man.openbsd.org/rtsx">rtsx(4)</a> driver |
now supports RTS522A devices. |
now supports RTS522A devices. |
<li>Initial support for MSI-X has been added. |
<li>Initial support for MSI-X has been added. |
<li>Support MSI-X in the |
<li>Support MSI-X in the |
<a href="https://man.openbsd.org/?query=virtio">virtio(4)</a> driver. |
<a href="https://man.openbsd.org/virtio">virtio(4)</a> driver. |
<li>Added a workaround for hardware DMA overruns to the |
<li>Added a workaround for hardware DMA overruns to the |
<a href="https://man.openbsd.org/man4/dc.4">dc(4)</a> driver. |
<a href="https://man.openbsd.org/man4/dc.4">dc(4)</a> driver. |
<li>The <a href="https://man.openbsd.org/?query=acpitz">acpitz(4)</a> driver |
<li>The <a href="https://man.openbsd.org/acpitz">acpitz(4)</a> driver |
now spins the fan down after cooling if ACPI uses hysteresis for |
now spins the fan down after cooling if ACPI uses hysteresis for |
active cooling. |
active cooling. |
<li>The <a href="https://man.openbsd.org/?query=xhci">xhci(4)</a> driver |
<li>The <a href="https://man.openbsd.org/xhci">xhci(4)</a> driver |
now performs handoff from an xHCI-capable BIOS correctly. |
now performs handoff from an xHCI-capable BIOS correctly. |
<li>Support for multi-touch input has been added to the |
<li>Support for multi-touch input has been added to the |
<a href="https://man.openbsd.org/?query=wsmouse">wsmouse(4)</a> driver. |
<a href="https://man.openbsd.org/wsmouse">wsmouse(4)</a> driver. |
<li>The <a href="https://man.openbsd.org/?query=uslcom">uslcom(4)</a> driver |
<li>The <a href="https://man.openbsd.org/uslcom">uslcom(4)</a> driver |
now supports the serial console of Aruba 7xxx wireless controllers. |
now supports the serial console of Aruba 7xxx wireless controllers. |
<li>The <a href="https://man.openbsd.org/?query=re">re(4)</a> driver |
<li>The <a href="https://man.openbsd.org/re">re(4)</a> driver |
now works around broken LED configurations in APU1 EEPROMs. |
now works around broken LED configurations in APU1 EEPROMs. |
<li>The <a href="https://man.openbsd.org/?query=ehci">ehci(4)</a> driver |
<li>The <a href="https://man.openbsd.org/ehci">ehci(4)</a> driver |
now works around problems with ATI USB controllers (e.g. SB700). |
now works around problems with ATI USB controllers (e.g. SB700). |
<li>The <a href="https://man.openbsd.org/?query=xen">xen(4)</a> driver |
<li>The <a href="https://man.openbsd.org/xen">xen(4)</a> driver |
now supports domU configuration under Qubes OS. |
now supports domU configuration under Qubes OS. |
</ul> |
</ul> |
<p> |
|
|
|
<li>IEEE 802.11 wireless stack improvements: |
<li>IEEE 802.11 wireless stack improvements: |
<ul> |
<ul> |
<li>The HT block ack receive buffer logic follows the algorithm given |
<li>The HT block ack receive buffer logic follows the algorithm given |
in the 802.11-2012 spec more closely. |
in the 802.11-2012 spec more closely. |
<li>The <a href="https://man.openbsd.org/?query=iwn">iwn(4)</a> driver now |
<li>The <a href="https://man.openbsd.org/iwn">iwn(4)</a> driver now |
keeps track of HT protection changes while associated to an 11n AP. |
keeps track of HT protection changes while associated to an 11n AP. |
<li>The wireless stack and several drivers make more aggressive use |
<li>The wireless stack and several drivers make more aggressive use |
of RTS/CTS to avoid interference from legacy devices and hidden nodes. |
of RTS/CTS to avoid interference from legacy devices and hidden nodes. |
<li>The <a href="https://man.openbsd.org/?query=netstat">netstat(1)</a> -W |
<li>The <a href="https://man.openbsd.org/netstat">netstat(1)</a> -W |
command now shows information about 802.11n events. |
command now shows information about 802.11n events. |
<li>In hostap mode, do not reuse association IDs of nodes which are |
<li>In hostap mode, do not reuse association IDs of nodes which are |
still cached. Fixes a problem where an access point using the |
still cached. Fixes a problem where an access point using the |
<a href="https://man.openbsd.org/?query=ral">ral(4)</a> driver |
<a href="https://man.openbsd.org/ral">ral(4)</a> driver |
would get stuck at 1 Mbps because Tx rate accounting happened |
would get stuck at 1 Mbps because Tx rate accounting happened |
on the wrong node object. |
on the wrong node object. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
|
|
This allows the system to have just one bpf device node in /dev |
This allows the system to have just one bpf device node in /dev |
that services all bpf consumers (up to 1024). |
that services all bpf consumers (up to 1024). |
<li>The Tx queue of the |
<li>The Tx queue of the |
<a href="https://man.openbsd.org/?query=cnmac">cnmac(4)</a> |
<a href="https://man.openbsd.org/cnmac">cnmac(4)</a> |
driver can now be processed in parallel of the rest of the kernel. |
driver can now be processed in parallel of the rest of the kernel. |
<li>Network input path is now run in thread context. |
<li>Network input path is now run in thread context. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Installer improvements: |
<li>Installer improvements: |
<ul> |
<ul> |
|
|
<li>questions and answers are logged in a format that can be used as a |
<li>questions and answers are logged in a format that can be used as a |
response file for use by |
response file for use by |
<a href="https://man.openbsd.org/autoinstall">autoinstall(8)</a> |
<a href="https://man.openbsd.org/autoinstall">autoinstall(8)</a> |
<li><tt>/usr/local</tt> is set to <tt>wxallowed</tt> during install |
<li><code>/usr/local</code> is set to <code>wxallowed</code> during install |
</ul> |
</ul> |
<p> |
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
|
|
<a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>. |
<a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>. |
<li>Let <a href="https://man.openbsd.org/nc.1">nc(1)</a> |
<li>Let <a href="https://man.openbsd.org/nc.1">nc(1)</a> |
support service names in addition to port numbers. |
support service names in addition to port numbers. |
<li>Add <tt>-M</tt> and <tt>-m</tt> TTL flags to |
<li>Add <code>-M</code> and <code>-m</code> TTL flags to |
<a href="https://man.openbsd.org/nc.1">nc(1)</a>. |
<a href="https://man.openbsd.org/nc.1">nc(1)</a>. |
<li>Add <tt>AF_UNIX</tt> support to |
<li>Add <code>AF_UNIX</code> support to |
<a href="https://man.openbsd.org/tcpbench.1">tcpbench(1)</a>. |
<a href="https://man.openbsd.org/tcpbench.1">tcpbench(1)</a>. |
<li>Fixed a regression in |
<li>Fixed a regression in |
<a href="https://man.openbsd.org/rarpd.8">rarpd(8)</a>. |
<a href="https://man.openbsd.org/rarpd.8">rarpd(8)</a>. |
The daemon could hang if it was idle for a long time. |
The daemon could hang if it was idle for a long time. |
<li>Added the <tt>llprio</tt> option in |
<li>Added the <code>llprio</code> option in |
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>. |
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>. |
<li>Multiple programs that use |
<li>Multiple programs that use |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a> |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a> |
have been modified to take advantage of |
have been modified to take advantage of |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a> |
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a> |
device cloning by opening <tt>/dev/bpf0</tt> instead of looping |
device cloning by opening <code>/dev/bpf0</code> instead of looping |
through <tt>/dev/bpf*</tt> devices. These programs include |
through <code>/dev/bpf*</code> devices. These programs include |
<a href="https://man.openbsd.org/arp.8">arp(8)</a>, |
<a href="https://man.openbsd.org/arp.8">arp(8)</a>, |
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, |
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, |
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, |
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, |
|
|
The <a href="https://man.openbsd.org/pcap.3">libpcap</a> library |
The <a href="https://man.openbsd.org/pcap.3">libpcap</a> library |
has also been modified accordingly. |
has also been modified accordingly. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li><tt>W^X</tt> is now strictly enforced by default; |
<li><code>W^X</code> is now strictly enforced by default; |
a program can only violate it if the executable is marked with |
a program can only violate it if the executable is marked with |
<tt>PT_OPENBSD_WXNEEDED</tt> and is located on a filesystem |
<code>PT_OPENBSD_WXNEEDED</code> and is located on a filesystem |
mounted with the <tt>wxallowed</tt> |
mounted with the <code>wxallowed</code> |
<a href="https://man.openbsd.org/mount.8">mount(8)</a> option. |
<a href="https://man.openbsd.org/mount.8">mount(8)</a> option. |
Because there are still too many ports which violate W^X, the |
Because there are still too many ports which violate W^X, the |
installer mounts the <tt>/usr/local</tt> filesystem with |
installer mounts the <code>/usr/local</code> filesystem with |
<tt>wxallowed</tt>. This allows the base system to be more |
<code>wxallowed</code>. This allows the base system to be more |
secure as long as <tt>/usr/local</tt> is a separate filesystem. |
secure as long as <code>/usr/local</code> is a separate filesystem. |
If you use no W^X violating programs, consider manually |
If you use no W^X violating programs, consider manually |
revoking that option. |
revoking that option. |
<li>The <a href="https://man.openbsd.org/setjmp.3">setjmp(3)</a> |
<li>The <a href="https://man.openbsd.org/setjmp.3">setjmp(3)</a> |
|
|
<li>In the <a href="https://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
<li>In the <a href="https://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
family of functions, stop opening the shadow database by default. |
family of functions, stop opening the shadow database by default. |
<li>Allow <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<li>Allow <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<tt>-r</tt> to be started without root privileges. |
<code>-r</code> to be started without root privileges. |
<li>Remove |
<li>Remove |
<a href="https://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>. |
<a href="https://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>. |
<li>Remove Linux emulation support. |
<li>Remove Linux emulation support. |
|
|
<li>To work against SYN flooding attacks the administrator can |
<li>To work against SYN flooding attacks the administrator can |
change the size of the hash array now. |
change the size of the hash array now. |
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a> |
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a> |
<tt>-s -p tcp</tt> shows the relevant information to tune |
<code>-s -p tcp</code> shows the relevant information to tune |
the SYN cache with |
the SYN cache with |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<tt>net.inet.tcp</tt>. |
<code>net.inet.tcp</code>. |
<li>The administrator can require root privileges for binding to some TCP |
<li>The administrator can require root privileges for binding to some TCP |
and UDP ports with |
and UDP ports with |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<tt>net.inet.tcp.rootonly</tt> and |
<code>net.inet.tcp.rootonly</code> and |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> |
<tt>net.inet.udp.rootonly</tt>. |
<code>net.inet.udp.rootonly</code>. |
<li>Remove a function pointer from the |
<li>Remove a function pointer from the |
<a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> data structure |
<a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> data structure |
and use an index into an array of acceptable functions instead. |
and use an index into an array of acceptable functions instead. |
</ul> |
</ul> |
<p> |
|
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
<li>The thread library can now be loaded into a single-threaded process. |
<li>The thread library can now be loaded into a single-threaded process. |
<li>Improved symbol handling and standards compliance in libc. |
<li>Improved symbol handling and standards compliance in libc. |
For example, defining an <tt>open()</tt> function will no longer |
For example, defining an <code>open()</code> function will no longer |
interfere with the operation of |
interfere with the operation of |
<a href="https://man.openbsd.org/fopen.3">fopen(3)</a>. |
<a href="https://man.openbsd.org/fopen.3">fopen(3)</a>. |
<li><tt>PT_TLS</tt> sections are now supported in initially loaded object. |
<li><code>PT_TLS</code> sections are now supported in initially loaded object. |
<li>Improved handling of "no paths" and "empty path" in |
<li>Improved handling of "no paths" and "empty path" in |
<a href="https://man.openbsd.org/fts.3">fts(3)</a>. |
<a href="https://man.openbsd.org/fts.3">fts(3)</a>. |
<li>In <a href="https://man.openbsd.org/pcap.3">pcap(3)</a>, |
<li>In <a href="https://man.openbsd.org/pcap.3">pcap(3)</a>, |
provide the functions <tt>pcap_free_datalinks()</tt> |
provide the functions <code>pcap_free_datalinks()</code> |
and <tt>pcap_offline_filter()</tt>. |
and <code>pcap_offline_filter()</code>. |
<li>Many bugfixes and structural cleanup in the |
<li>Many bugfixes and structural cleanup in the |
<a href="https://man.openbsd.org/editline">editline(3)</a> library. |
<a href="https://man.openbsd.org/editline">editline(3)</a> library. |
<li>Remove ancient |
<li>Remove ancient |
<a href="https://man.openbsd.org/OpenBSD-5.9/dbm.3">dbm(3)</a> |
<a href="https://man.openbsd.org/OpenBSD-5.9/dbm.3">dbm(3)</a> |
functions; |
functions; |
<a href="https://man.openbsd.org/ndbm.3">ndbm(3)</a> remains. |
<a href="https://man.openbsd.org/ndbm.3">ndbm(3)</a> remains. |
<li>Add <tt>setenv</tt> keyword for more powerful environment handling in |
<li>Add <code>setenv</code> keyword for more powerful environment handling in |
<a href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a>. |
<a href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a>. |
<li>Add <tt>-g</tt> and <tt>-p</tt> options to |
<li>Add <code>-g</code> and <code>-p</code> options to |
<a href="https://man.openbsd.org/aucat.1">aucat.1</a> |
<a href="https://man.openbsd.org/aucat.1">aucat.1</a> |
for time positioning. |
for time positioning. |
<li>Rewrite <a href="https://man.openbsd.org/audioctl.1">audioctl(1)</a> |
<li>Rewrite <a href="https://man.openbsd.org/audioctl.1">audioctl(1)</a> |
with a simpler user interface. |
with a simpler user interface. |
<li>Add <tt>-F</tt> option to |
<li>Add <code>-F</code> option to |
<a href="https://man.openbsd.org/install.1">install(1)</a> |
<a href="https://man.openbsd.org/install.1">install(1)</a> |
to <a href="https://man.openbsd.org/fsync.2">fsync(2)</a> |
to <a href="https://man.openbsd.org/fsync.2">fsync(2)</a> |
the file before closing it. |
the file before closing it. |
<li><a href="https://man.openbsd.org/kdump.1">kdump(1)</a> |
<li><a href="https://man.openbsd.org/kdump.1">kdump(1)</a> |
now dumps <tt>pollfd</tt> structures. |
now dumps <code>pollfd</code> structures. |
<li>Improve various details of |
<li>Improve various details of |
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a> POSIX compliance. |
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a> POSIX compliance. |
<li><a href="https://man.openbsd.org/mknod.8">mknod(8)</a> rewritten in a |
<li><a href="https://man.openbsd.org/mknod.8">mknod(8)</a> rewritten in a |
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>-friendly |
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>-friendly |
style and to support creating multiple devices at once. |
style and to support creating multiple devices at once. |
<li>Implement <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
<li>Implement <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
<tt>get all</tt> and <tt>getdef all</tt>. |
<code>get all</code> and <code>getdef all</code>. |
<li>Implement the <a href="https://man.openbsd.org/rcs.1">rcs(1)</a> |
<li>Implement the <a href="https://man.openbsd.org/rcs.1">rcs(1)</a> |
<tt>-I</tt> (interactive) flag. |
<code>-I</code> (interactive) flag. |
<li>In <a href="https://man.openbsd.org/rcs.1">rcs(1)</a>, |
<li>In <a href="https://man.openbsd.org/rcs.1">rcs(1)</a>, |
implement Mdocdate keyword substitution. |
implement Mdocdate keyword substitution. |
<li>In <a href="https://man.openbsd.org/top.1">top(1)</a>, |
<li>In <a href="https://man.openbsd.org/top.1">top(1)</a>, |
|
|
<a href="https://man.openbsd.org/wall.1">wall(1)</a>. |
<a href="https://man.openbsd.org/wall.1">wall(1)</a>. |
<li>Handle the <a href="https://man.openbsd.org/?apropos=1&query=Ev%3DCOLUMNS">COLUMNS</a> |
<li>Handle the <a href="https://man.openbsd.org/?apropos=1&query=Ev%3DCOLUMNS">COLUMNS</a> |
environment variable consistently across many programs. |
environment variable consistently across many programs. |
<li>The options <tt>-c</tt> and <tt>-k</tt> allow to provide |
<li>The options <code>-c</code> and <code>-k</code> allow to provide |
TLS client certificates for |
TLS client certificates for |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
on the sending side. |
on the sending side. |
|
|
<a href="https://man.openbsd.org/pkg_info.1">pkg_info(1)</a> now |
<a href="https://man.openbsd.org/pkg_info.1">pkg_info(1)</a> now |
understand a notion of branch to ease selection of some popular |
understand a notion of branch to ease selection of some popular |
packages such as python or php, e.g., say |
packages such as python or php, e.g., say |
<tt>pkg_add python%3.4</tt> to select the <tt>3.4</tt> branch, |
<code>pkg_add python%3.4</code> to select the <code>3.4</code> branch, |
and use <tt>pkg_info -zm</tt> to get a fuzzy listing with branch |
and use <code>pkg_info -zm</code> to get a fuzzy listing with branch |
selection suitable for <tt>pkg_add -l</tt>. |
selection suitable for <code>pkg_add -l</code>. |
<li><a href="https://man.openbsd.org/?query=fdisk">fdisk(8)</a> and |
<li><a href="https://man.openbsd.org/fdisk">fdisk(8)</a> and |
<a href="https://man.openbsd.org/?query=pdisk">pdisk(8)</a> |
<a href="https://man.openbsd.org/pdisk">pdisk(8)</a> |
immediately exit unless passed a character special device |
immediately exit unless passed a character special device |
<li><a href="https://man.openbsd.org/?query=st">st(4)</a> |
<li><a href="https://man.openbsd.org/st">st(4)</a> |
correctly tracks the current block count for variable sized blocks |
correctly tracks the current block count for variable sized blocks |
<li><a href="https://man.openbsd.org/?query=fsck_ext2fs">fsck_ext2fs(8)</a> |
<li><a href="https://man.openbsd.org/fsck_ext2fs">fsck_ext2fs(8)</a> |
works again |
works again |
<li><a href="https://man.openbsd.org/?query=softraid">softraid(4)</a> volumes |
<li><a href="https://man.openbsd.org/softraid">softraid(4)</a> volumes |
can be constructed with disks that have a sector size other than 512 bytes |
can be constructed with disks that have a sector size other than 512 bytes |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
DECLINE's and discards unused OFFER's. |
DECLINE's and discards unused OFFER's. |
<li><a href="https://man.openbsd.org/?query=dhclient">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient">dhclient(8)</a> |
immediately exits if its interface (e.g. a |
immediately exits if its interface (e.g. a |
<a href="https://man.openbsd.org/?query=bridge">bridge(4)</a>) |
<a href="https://man.openbsd.org/bridge">bridge(4)</a>) |
returns EAFNOSUPPORT when a packet is sent. |
returns EAFNOSUPPORT when a packet is sent. |
<li><a href="https://man.openbsd.org/?query=httpd">httpd(8)</a> returns |
<li><a href="https://man.openbsd.org/httpd">httpd(8)</a> returns |
400 Bad Request for HTTP v0.9 requests. |
400 Bad Request for HTTP v0.9 requests. |
<li>ffs2's lazy node initialization avoids treating random disk data as |
<li>ffs2's lazy node initialization avoids treating random disk data as |
an inode |
an inode |
<li><a href="https://man.openbsd.org/?query=fcntl">fcntl(2)</a> invocations |
<li><a href="https://man.openbsd.org/fcntl">fcntl(2)</a> invocations |
in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0) |
in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0) |
<li><a href="https://man.openbsd.org/?query=socket">socket(2)</a> and |
<li><a href="https://man.openbsd.org/socket">socket(2)</a> and |
<a href="https://man.openbsd.org/?query=accept4">accept4(2)</a> invocations |
<a href="https://man.openbsd.org/accept4">accept4(2)</a> invocations |
in base programs use SOCK_NONBLOCK to eliminate the need for a separate |
in base programs use SOCK_NONBLOCK to eliminate the need for a separate |
<a href="https://man.openbsd.org/?query=fcntl">fcntl(2)</a>. |
<a href="https://man.openbsd.org/fcntl">fcntl(2)</a>. |
<li>tmpfs not enabled by default |
<li>tmpfs not enabled by default |
<li>the in-kernel semantics of |
<li>the in-kernel semantics of |
<a href="https://man.openbsd.org/pledge">pledge(2)</a> |
<a href="https://man.openbsd.org/pledge">pledge(2)</a> |
were improved in numerous ways. |
were improved in numerous ways. |
Highlights include: |
Highlights include: |
a new <tt>chown</tt> promise that allows pledged programs to set |
a new <code>chown</code> promise that allows pledged programs to set |
setugid attributes, |
setugid attributes, |
a stricter enforcement of the <tt>recvfd</tt> promise and |
a stricter enforcement of the <code>recvfd</code> promise and |
<a href="https://man.openbsd.org/chroot.2">chroot(2)</a> is no longer |
<a href="https://man.openbsd.org/chroot.2">chroot(2)</a> is no longer |
allowed for pledged programs. |
allowed for pledged programs. |
<li>a number of |
<li>a number of |
|
|
<a href="https://man.openbsd.org/disklabel">disklabel(8)</a> and |
<a href="https://man.openbsd.org/disklabel">disklabel(8)</a> and |
<a href="https://man.openbsd.org/fdisk">fdisk(8)</a>. |
<a href="https://man.openbsd.org/fdisk">fdisk(8)</a>. |
<li>Block size calculation errors in the |
<li>Block size calculation errors in the |
<a href="https://man.openbsd.org/?query=audio">audio(4)</a> driver |
<a href="https://man.openbsd.org/audio">audio(4)</a> driver |
have been fixed. |
have been fixed. |
<li>The <a href="https://man.openbsd.org/?query=usb">usb(4)</a> driver |
<li>The <a href="https://man.openbsd.org/usb">usb(4)</a> driver |
now caches vendor and product IDs. Fixes an issue where |
now caches vendor and product IDs. Fixes an issue where |
<a href="https://man.openbsd.org/?query=usbdevs">usbdevs(8)</a> called |
<a href="https://man.openbsd.org/usbdevs">usbdevs(8)</a> called |
in a loop would cause a USB mass storage device to halt operation. |
in a loop would cause a USB mass storage device to halt operation. |
<li>The <a href="https://man.openbsd.org/?query=rsu">rsu(4)</a> and |
<li>The <a href="https://man.openbsd.org/rsu">rsu(4)</a> and |
<a href="https://man.openbsd.org/?query=ural">ural(4)</a> drivers |
<a href="https://man.openbsd.org/ural">ural(4)</a> drivers |
are now working again after they were accidentally broken in 5.9. |
are now working again after they were accidentally broken in 5.9. |
</ul> |
</ul> |
<p> |
|
|
|
<li>OpenSMTPD 6.0.0 |
<li>OpenSMTPD 6.0.0 |
<ul> |
<ul> |
|
|
</ul> |
</ul> |
<li>The following improvements were brought in this release: |
<li>The following improvements were brought in this release: |
<ul> |
<ul> |
<li>Add the <tt>-r</tt> option to the |
<li>Add the <code>-r</code> option to the |
<a href="https://man.openbsd.org/smtpd">smtpd(8)</a> |
<a href="https://man.openbsd.org/smtpd">smtpd(8)</a> |
enqueuer for compatibility with mailx. |
enqueuer for compatibility with mailx. |
<li>Add missing date or message-id when listening on the submit |
<li>Add missing date or message-id when listening on the submit |
|
|
pages. |
pages. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>OpenSSH 7.3 |
<li>OpenSSH 7.3 |
<ul> |
<ul> |
|
|
<li>New/changed features: |
<li>New/changed features: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Add a <tt>ProxyJump</tt> option and corresponding <tt>-J</tt> |
Add a <code>ProxyJump</code> option and corresponding <code>-J</code> |
command-line flag to allow simplified indirection through a one or |
command-line flag to allow simplified indirection through a one or |
more SSH bastions or "jump hosts". |
more SSH bastions or "jump hosts". |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Add an <tt>IdentityAgent</tt> option to allow specifying specific |
Add an <code>IdentityAgent</code> option to allow specifying specific |
agent sockets instead of accepting one from the environment. |
agent sockets instead of accepting one from the environment. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Allow <tt>ExitOnForwardFailure</tt> and <tt>ClearAllForwardings</tt> |
Allow <code>ExitOnForwardFailure</code> and <code>ClearAllForwardings</code> |
to be optionally overridden when using <tt>ssh -W</tt>. (bz#2577) |
to be optionally overridden when using <code>ssh -W</code>. (bz#2577) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Implement support for the IUTF8 terminal mode as per |
Implement support for the IUTF8 terminal mode as per |
|
|
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
support SHA256 and SHA512 RSA signatures in certificates. |
support SHA256 and SHA512 RSA signatures in certificates. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Add an <tt>Include</tt> directive for |
Add an <code>Include</code> directive for |
<a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
<a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
files. |
files. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Reduce the syslog level of some relatively common protocol events |
Reduce the syslog level of some relatively common protocol events |
from <tt>LOG_CRIT</tt>. (bz#2585) |
from <code>LOG_CRIT</code>. (bz#2585) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Refuse <tt>AuthenticationMethods=""</tt> in configurations and accept |
Refuse <code>AuthenticationMethods=""</code> in configurations and accept |
<tt>AuthenticationMethods=any</tt> for the default behaviour of not |
<code>AuthenticationMethods=any</code> for the default behaviour of not |
requiring multiple authentication. (bz#2398) |
requiring multiple authentication. (bz#2398) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Remove obsolete and misleading <tt>"POSSIBLE BREAK-IN ATTEMPT!"</tt> |
Remove obsolete and misleading <code>"POSSIBLE BREAK-IN ATTEMPT!"</code> |
message when forward and reverse DNS don't match. (bz#2585) |
message when forward and reverse DNS don't match. (bz#2585) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Close <tt>ControlPersist</tt> background process stderr except in |
Close <code>ControlPersist</code> background process stderr except in |
debug mode or when logging to syslog. (bz#1988) |
debug mode or when logging to syslog. (bz#1988) |
<li>misc: Make PROTOCOL description for |
<li>misc: Make PROTOCOL description for |
<i>direct-streamlocal@openssh.com</i> channel open messages match |
<i>direct-streamlocal@openssh.com</i> channel open messages match |
deployed code. (bz#2529) |
deployed code. (bz#2529) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Deduplicate <tt>LocalForward</tt> and <tt>RemoteForward</tt> entries |
Deduplicate <code>LocalForward</code> and <code>RemoteForward</code> entries |
to fix failures when both <tt>ExitOnForwardFailure</tt> and |
to fix failures when both <code>ExitOnForwardFailure</code> and |
<tt>hostname</tt> canonicalisation are enabled. (bz#2562) |
<code>hostname</code> canonicalisation are enabled. (bz#2562) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Remove fallback from moduli to obsolete "primes" file that was |
Remove fallback from moduli to obsolete "primes" file that was |
deprecated in 2001. (bz#2559) |
deprecated in 2001. (bz#2559) |
<li><a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>: |
<li><a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>: |
Correct description of <tt>UseDNS</tt>: it affects ssh hostname |
Correct description of <code>UseDNS</code>: it affects ssh hostname |
processing for <tt>authorized_keys</tt>, not <tt>known_hosts</tt>. |
processing for <code>authorized_keys</code>, not <code>known_hosts</code>. |
(bz#2554) |
(bz#2554) |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Fix authentication using lone certificate keys in an agent without |
Fix authentication using lone certificate keys in an agent without |
corresponding private keys on the filesystem. (bz#2550) |
corresponding private keys on the filesystem. (bz#2550) |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
Send <tt>ClientAliveInterval</tt> pings when a time-based |
Send <code>ClientAliveInterval</code> pings when a time-based |
<tt>RekeyLimit</tt> is set; previously keepalive packets were not |
<code>RekeyLimit</code> is set; previously keepalive packets were not |
being sent. (bz#2252) |
being sent. (bz#2252) |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>OpenNTPD 6.0 |
<li>OpenNTPD 6.0 |
<ul> |
<ul> |
|
|
<li>Fixed various memory leaks. |
<li>Fixed various memory leaks. |
<li>Switched to RMS for jitter calculations. |
<li>Switched to RMS for jitter calculations. |
<li>Unified logging functions with other OpenBSD base programs. |
<li>Unified logging functions with other OpenBSD base programs. |
<li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using |
<li>Set <code>MOD_MAXERROR</code> to avoid unsynced time status when using |
ntp_adjtime. |
ntp_adjtime. |
<li>Fixed HTTP Timestamp header parsing to use |
<li>Fixed HTTP Timestamp header parsing to use |
<a href="https://man.openbsd.org/strptime.3">strptime(3)</a> |
<a href="https://man.openbsd.org/strptime.3">strptime(3)</a> |
|
|
<a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> |
<a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> |
constraints, enabling server name verification. |
constraints, enabling server name verification. |
</ul> |
</ul> |
<p> |
|
|
|
<li>LibreSSL 2.4.2 |
<li>LibreSSL 2.4.2 |
<ul> |
<ul> |
<li>User-visible features: |
<li>User-visible features: |
<ul> |
<ul> |
<li>Fixed some broken manpage links in the install target. |
<li>Fixed some broken manpage links in the install target. |
<li><tt>cert.pem</tt> has been reorganized and synced with Mozilla's |
<li><code>cert.pem</code> has been reorganized and synced with Mozilla's |
certificate store. |
certificate store. |
<li>Reliability fix, correcting an error when parsing certain ASN.1 |
<li>Reliability fix, correcting an error when parsing certain ASN.1 |
elements over 16k in size. |
elements over 16k in size. |
|
|
<li>Code improvements: |
<li>Code improvements: |
<ul> |
<ul> |
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
'<tt>install_sw</tt>' build target. |
'<code>install_sw</code>' build target. |
<li>Changed default |
<li>Changed default |
<a href="https://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a> |
<a href="https://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a> |
implementation to the IETF version, which is now the default. |
implementation to the IETF version, which is now the default. |
<li>Reworked error handling in <tt>libtls</tt> so that configuration |
<li>Reworked error handling in <code>libtls</code> so that configuration |
errors are more visible. |
errors are more visible. |
<li>Added missing error handling around |
<li>Added missing error handling around |
<a href="https://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a> |
<a href="https://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a> |
|
|
<li>Added |
<li>Added |
<a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> |
<a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a> |
calls for freed ASN.1 objects. |
calls for freed ASN.1 objects. |
<li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
<li>Fixed <code>X509_*set_object</code> functions to return 0 on allocation |
failure. |
failure. |
<li>Deprecated internal use of |
<li>Deprecated internal use of |
<a href="https://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<a href="https://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
in constant time even if the flag <code>BN_FLG_CONSTTIME</code> is set. |
<li>Fixed several issues in the OCSP code that could result in the |
<li>Fixed several issues in the OCSP code that could result in the |
incorrect generation and parsing of OCSP requests. This remediates |
incorrect generation and parsing of OCSP requests. This remediates |
a lack of error checking on time parsing in these functions, and |
a lack of error checking on time parsing in these functions, and |
ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for |
ensures that only <code>GENERALIZEDTIME</code> formats are accepted for |
OCSP, as per <i>RFC 6960</i>. |
OCSP, as per <i>RFC 6960</i>. |
</ul> |
</ul> |
<li>The following CVEs have been fixed: |
<li>The following CVEs have been fixed: |
<ul> |
<ul> |
<li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow. |
<li><code>CVE-2016-2105</code>—EVP_EncodeUpdate overflow. |
<li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow. |
<li><code>CVE-2016-2106</code>—EVP_EncryptUpdate overflow. |
<li><tt>CVE-2016-2107</tt>—padding oracle in AES-NI CBC MAC check. |
<li><code>CVE-2016-2107</code>—padding oracle in AES-NI CBC MAC check. |
<li><tt>CVE-2016-2108</tt>—memory corruption in the ASN.1 encoder. |
<li><code>CVE-2016-2108</code>—memory corruption in the ASN.1 encoder. |
<li><tt>CVE-2016-2109</tt>—ASN.1 BIO excessive memory allocation. |
<li><code>CVE-2016-2109</code>—ASN.1 BIO excessive memory allocation. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
|
|
|
<li>Ports and packages: |
<li><p>Ports and packages: |
<dl> |
<p>New proot(1) tool in the ports tree for building packages in a chroot. |
<dt>New proot(1) tool in the ports tree for building packages in a chroot. |
<p>Many pre-built packages for each architecture: |
</dl> |
|
<dl> |
|
<dt>Many pre-built packages for each architecture: |
|
</dl> |
|
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
<ul style="column-count: 3"> |
<tr> |
|
<td valign="top" width="25%"> |
|
<ul> |
|
<li>alpha: 7422 |
<li>alpha: 7422 |
<li>amd64: 9433 |
<li>amd64: 9433 |
<li>hppa: 6346 |
<li>hppa: 6346 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>i386: 9394 |
<li>i386: 9394 |
<li>mips64: 7921 |
<li>mips64: 7921 |
<li>mips64el: 7767 |
<li>mips64el: 7767 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>powerpc: 8318 |
<li>powerpc: 8318 |
<li>sparc64: 8570 |
<li>sparc64: 8570 |
</ul></td></tr></table> |
</ul> |
<p> |
|
|
|
<dl> |
<p>Some highlights: |
<dt>Some highlights: |
<ul style="column-count: 2"> |
</dl> |
|
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
|
<tr> |
|
<td valign="top" width="50%"><ul> |
|
<li>Afl 2.19b |
<li>Afl 2.19b |
<li>Chromium 51.0.2704.106 |
<li>Chromium 51.0.2704.106 |
<li>Emacs 21.4 and 24.5 |
<li>Emacs 21.4 and 24.5 |
|
|
<li>MariaDB 10.0.25 |
<li>MariaDB 10.0.25 |
<li>Mono 4.4.0.182 |
<li>Mono 4.4.0.182 |
<li>Mozilla Firefox 45.2.0esr and 47.0.1 |
<li>Mozilla Firefox 45.2.0esr and 47.0.1 |
</ul></td><td valign=top width="50%"><ul> |
|
<li>Mozilla Thunderbird 45.2.0 |
<li>Mozilla Thunderbird 45.2.0 |
<li>Mutt 1.6.2 |
<li>Mutt 1.6.2 |
<li>Node.js 4.4.5 |
<li>Node.js 4.4.5 |
|
|
<li>TeX Live 2015 |
<li>TeX Live 2015 |
<li>Vim 7.4.1467 |
<li>Vim 7.4.1467 |
<li>Xfce 4.12 |
<li>Xfce 4.12 |
</ul></td></tr></table> |
</ul> |
<p> |
|
|
|
<li>As usual, steady improvements in manual pages and other documentation. |
<li>As usual, steady improvements in manual pages and other documentation. |
<p> |
|
|
|
<li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
<ul> |
<ul> |
|
|
<li>Expat 2.1.1 |
<li>Expat 2.1.1 |
</ul> |
</ul> |
</ul> |
</ul> |
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="install"><font color="#0000e0">How to install</font></h3> |
<section id=install> |
|
<h3>How to install</h3> |
|
|
Following this are the instructions which you would have on a piece of |
Following this are the instructions which you would have on a piece of |
paper if you had purchased a CDROM set instead of doing an alternate |
paper if you had purchased a CDROM set instead of doing an alternate |
|
|
|
|
<hr> |
<hr> |
|
|
|
<section id=quickinstall> |
<p> |
<p> |
Quick installer information for people familiar with OpenBSD, and the use of |
Quick installer information for people familiar with OpenBSD, and the use of |
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command. |
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command. |
If you are at all confused when installing OpenBSD, read the relevant |
If you are at all confused when installing OpenBSD, read the relevant |
INSTALL.* file as listed above! |
INSTALL.* file as listed above! |
|
|
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
<h3>OpenBSD/i386:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
The OpenBSD/i386 release is on CD1. |
The OpenBSD/i386 release is on CD1. |
Boot from the CD to begin the install - you may need to adjust |
Boot from the CD to begin the install - you may need to adjust |
your BIOS options first. |
your BIOS options first. |
|
|
<p> |
<p> |
<li> |
|
If your machine can boot from USB, you can write <i>install60.fs</i> or |
If your machine can boot from USB, you can write <i>install60.fs</i> or |
<i>miniroot60.fs</i> to a USB stick and boot from it. |
<i>miniroot60.fs</i> to a USB stick and boot from it. |
|
|
<p> |
<p> |
<li> |
|
If you can't boot from a CD, floppy disk, or USB, |
If you can't boot from a CD, floppy disk, or USB, |
you can install across the network using PXE as described in |
you can install across the network using PXE as described in |
the included INSTALL.i386 document. |
the included INSTALL.i386 document. |
|
|
<p> |
<p> |
<li> |
|
If you are planning on dual booting OpenBSD with another OS, you will need to |
If you are planning on dual booting OpenBSD with another OS, you will need to |
read INSTALL.i386. |
read INSTALL.i386. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/amd64:</font></h3> |
<h3>OpenBSD/amd64:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
The OpenBSD/amd64 release is on CD2. |
The OpenBSD/amd64 release is on CD2. |
Boot from the CD to begin the install - you may need to adjust |
Boot from the CD to begin the install - you may need to adjust |
your BIOS options first. |
your BIOS options first. |
|
|
<p> |
<p> |
<li> |
|
If your machine can boot from USB, you can write <i>install60.fs</i> or |
If your machine can boot from USB, you can write <i>install60.fs</i> or |
<i>miniroot60.fs</i> to a USB stick and boot from it. |
<i>miniroot60.fs</i> to a USB stick and boot from it. |
|
|
<p> |
<p> |
<li> |
|
If you can't boot from a CD, floppy disk, or USB, |
If you can't boot from a CD, floppy disk, or USB, |
you can install across the network using PXE as described in the included |
you can install across the network using PXE as described in the included |
INSTALL.amd64 document. |
INSTALL.amd64 document. |
|
|
<p> |
<p> |
<li> |
|
If you are planning to dual boot OpenBSD with another OS, you will need to |
If you are planning to dual boot OpenBSD with another OS, you will need to |
read INSTALL.amd64. |
read INSTALL.amd64. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/macppc:</font></h3> |
<h3>OpenBSD/macppc:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Burn the image from a mirror site to a CDROM, and power on your machine |
Burn the image from a mirror site to a CDROM, and power on your machine |
while holding down the <i>C</i> key until the display turns on and |
while holding down the <i>C</i> key until the display turns on and |
shows <i>OpenBSD/macppc boot</i>. |
shows <i>OpenBSD/macppc boot</i>. |
|
|
<p> |
<p> |
<li> |
|
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot |
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot |
/6.0/macppc/bsd.rd</i> |
/6.0/macppc/bsd.rd</i> |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/sparc64:</font></h3> |
<h3>OpenBSD/sparc64:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Put CD3 in your CDROM drive and type <i>boot cdrom</i>. |
Put CD3 in your CDROM drive and type <i>boot cdrom</i>. |
|
|
<p> |
<p> |
<li> |
|
If this doesn't work, or if you don't have a CDROM drive, you can write |
If this doesn't work, or if you don't have a CDROM drive, you can write |
<i>CD3:6.0/sparc64/floppy60.fs</i> or <i>CD3:6.0/sparc64/floppyB60.fs</i> |
<i>CD3:6.0/sparc64/floppy60.fs</i> or <i>CD3:6.0/sparc64/floppyB60.fs</i> |
(depending on your machine) to a floppy and boot it with <i>boot |
(depending on your machine) to a floppy and boot it with <i>boot |
floppy</i>. Refer to INSTALL.sparc64 for details. |
floppy</i>. Refer to INSTALL.sparc64 for details. |
|
|
<p> |
<p> |
<li> |
|
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
will most likely fail. |
will most likely fail. |
|
|
<p> |
<p> |
<li> |
|
You can also write <i>CD3:6.0/sparc64/miniroot60.fs</i> to the swap partition on |
You can also write <i>CD3:6.0/sparc64/miniroot60.fs</i> to the swap partition on |
the disk and boot with <i>boot disk:b</i>. |
the disk and boot with <i>boot disk:b</i>. |
|
|
<p> |
<p> |
<li> |
|
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/alpha:</font></h3> |
<h3>OpenBSD/alpha:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Write <i>FTP:6.0/alpha/floppy60.fs</i> or |
Write <i>FTP:6.0/alpha/floppy60.fs</i> or |
<i>FTP:6.0/alpha/floppyB60.fs</i> (depending on your machine) to a diskette and |
<i>FTP:6.0/alpha/floppyB60.fs</i> (depending on your machine) to a diskette and |
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details. |
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details. |
|
|
<p> |
<p> |
<li> |
|
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
will most likely fail. |
will most likely fail. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/armv7:</font></h3> |
<h3>OpenBSD/armv7:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Write a system specific miniroot to an SD card and boot from it after connecting |
Write a system specific miniroot to an SD card and boot from it after connecting |
to the serial console. Refer to INSTALL.armv7 for more details. |
to the serial console. Refer to INSTALL.armv7 for more details. |
<p> |
|
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/hppa:</font></h3> |
<h3>OpenBSD/hppa:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Boot over the network by following the instructions in INSTALL.hppa or the |
Boot over the network by following the instructions in INSTALL.hppa or the |
<a href="hppa.html#install">hppa platform page</a>. |
<a href="hppa.html#install">hppa platform page</a>. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/landisk:</font></h3> |
<h3>OpenBSD/landisk:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Write <i>miniroot60.fs</i> to the start of the CF |
Write <i>miniroot60.fs</i> to the start of the CF |
or disk, and boot normally. |
or disk, and boot normally. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/loongson:</font></h3> |
<h3>OpenBSD/loongson:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Write <i>miniroot60.fs</i> to a USB stick and boot bsd.rd from it |
Write <i>miniroot60.fs</i> to a USB stick and boot bsd.rd from it |
or boot bsd.rd via tftp. |
or boot bsd.rd via tftp. |
Refer to the instructions in INSTALL.loongson for more details. |
Refer to the instructions in INSTALL.loongson for more details. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/luna88k:</font></h3> |
<h3>OpenBSD/luna88k:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
|
from the PROM, and then bsd.rd from the bootloader. |
from the PROM, and then bsd.rd from the bootloader. |
Refer to the instructions in INSTALL.luna88k for more details. |
Refer to the instructions in INSTALL.luna88k for more details. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/octeon:</font></h3> |
<h3>OpenBSD/octeon:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. |
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. |
Refer to the instructions in INSTALL.octeon for more details. |
Refer to the instructions in INSTALL.octeon for more details. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/sgi:</font></h3> |
<h3>OpenBSD/sgi:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
To install, burn cd60.iso on a CD-R, put it in the CD drive of your |
To install, burn cd60.iso on a CD-R, put it in the CD drive of your |
machine and select <i>Install System Software</i> from the System Maintenance |
machine and select <i>Install System Software</i> from the System Maintenance |
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from |
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from |
|
|
Refer to the instructions in INSTALL.sgi for more details. |
Refer to the instructions in INSTALL.sgi for more details. |
|
|
<p> |
<p> |
<li> |
|
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network |
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network |
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your |
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your |
system type. Refer to the instructions in INSTALL.sgi for more details. |
system type. Refer to the instructions in INSTALL.sgi for more details. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/socppc:</font></h3> |
<h3>OpenBSD/socppc:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
After connecting a serial port, boot over the network via DHCP/tftp. |
After connecting a serial port, boot over the network via DHCP/tftp. |
Refer to the instructions in INSTALL.socppc for more details. |
Refer to the instructions in INSTALL.socppc for more details. |
</ul> |
|
|
|
<h3><font color="#e00000">OpenBSD/zaurus:</font></h3> |
<h3>OpenBSD/zaurus:</h3> |
|
|
<ul style="list-style-type: none"> |
<p> |
<li> |
|
Using the Linux built-in graphical ipkg installer, install the |
Using the Linux built-in graphical ipkg installer, install the |
openbsd60_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
openbsd60_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
for a few important details. |
for a few important details. |
</ul> |
|
|
|
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3> |
<section id=upgrade> |
|
<h3>How to upgrade</h3> |
|
|
If you already have an OpenBSD 5.9 system, and do not want to reinstall, |
If you already have an OpenBSD 5.9 system, and do not want to reinstall, |
upgrade instructions and advice can be found in the |
upgrade instructions and advice can be found in the |
<a href="faq/upgrade60.html">Upgrade Guide</a>. |
<a href="faq/upgrade60.html">Upgrade Guide</a>. |
<p> |
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3> |
<section id=sourcecode> |
|
<h3>Notes about the source code</h3> |
|
|
<tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>. |
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>. |
This file contains everything you need except for the kernel sources, |
This file contains everything you need except for the kernel sources, |
which are in a separate archive. |
which are in a separate archive. |
To extract: |
To extract: |
|
|
# <b>tar xvfz /tmp/src.tar.gz</b> |
# <b>tar xvfz /tmp/src.tar.gz</b> |
</pre></blockquote> |
</pre></blockquote> |
|
|
<tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>. |
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>. |
This file contains all the kernel sources you need to rebuild kernels. |
This file contains all the kernel sources you need to rebuild kernels. |
To extract: |
To extract: |
|
|
|
|
Using these files |
Using these files |
results in a much faster initial CVS update than you could expect from |
results in a much faster initial CVS update than you could expect from |
a fresh checkout of the full OpenBSD source tree. |
a fresh checkout of the full OpenBSD source tree. |
<p> |
</section> |
|
</section> |
|
|
<hr> |
<hr> |
|
|
<h3 id="ports"><font color="#0000e0">Ports Tree</font></h3> |
<section id=ports> |
|
<h3>Ports Tree</h3> |
|
|
A ports tree archive is also provided. To extract: |
A ports tree archive is also provided. To extract: |
|
|
|
|
If you're interested in seeing a port added, would like to help out, or just |
If you're interested in seeing a port added, would like to help out, or just |
would like to know more, the mailing list |
would like to know more, the mailing list |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<p> |
</section> |
</body> |
|
</html> |
|