Annotation of www/62.html, Revision 1.90
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.2</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.2">
7: <meta name="copyright" content="This document copyright 2017 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/62.html">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">6.2</font>
19: </h2>
20:
1.75 deraadt 21: <a href="images/MoBSD-l.gif">
22: <img align="left" width="227" height="343" hspace="24" src="images/MoBSD.gif"></a>
23: Released October 9, 2017<br>
1.1 deraadt 24: Copyright 1997-2017, Theo de Raadt.<br>
25: <br>
26: <br>
1.89 deraadt 27: 6.2 Song:
28: <a href="lyrics.html#62">"A 3 line diff"</a>.
1.1 deraadt 29:
30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <font color="#e00000">pub/OpenBSD/6.2/</font> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata62.html">the 6.2 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus62.html">detailed log of changes</a> between the
39: 6.1 and 6.2 releases.
40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
1.90 ! deraadt 42: pubkeys for this release:<p>
! 43:
! 44: <table cellspacing=0 style='font-family:monospace'><tr>
! 45: <td>
! 46: openbsd-62-base.pub:
! 47: </td><td>
! 48: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
! 49: </td></tr><tr><td>
! 50: openbsd-62-fw.pub:
! 51: </td><td>
! 52: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
! 53: </td></tr><tr><td>
! 54: openbsd-62-pkg.pub:
! 55: </td><td>
! 56: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
! 57: </td></tr>
! 58: </table>
! 59:
1.1 deraadt 60: <p>
61: All applicable copyrights and credits are in the src.tar.gz,
62: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
63: files fetched via ports.tar.gz.
64: </ul>
65: <br clear=all>
66:
67: <hr>
68:
69: <h3 id="new"><font color="#0000e0">What's New</font></h3>
70:
71: This is a partial list of new features and systems included in OpenBSD 6.2.
72: For a comprehensive list, see the <a href="plus62.html">changelog</a> leading
73: to 6.2.
74:
75: <ul>
76:
77: <li>Improved hardware support, including:
78: <ul>
1.61 jsing 79: <li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
80: for the Rockchip RK3399/RK3288 register file.
81: <li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
82: driver for Rockchip RK3399/RK3288 clocks.
83: <li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
84: driver for controlling Rockchip RK3399/RK3288 pins.
85: <li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
86: for GPIO on Rockchip SoCs.
87: <li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
88: for Rockchip RK3399 temperature sensors.
89: <li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
90: for Rockchip RK3399 I2C controllers.
91: <li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
92: for the RK808 Power Management IC.
93: <li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
94: for Synopsis DesignWare SD/MMC controllers.
95: <li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
96: for the Synopsys DesignWare watchdog timer.
97: <li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
98: for the Synopsys DesignWare Ethernet controller.
99: <li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
100: for the two-wire bus on Allwinner SoCs.
101: <li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
102: driver for the AXP209 I2C PMIC.
103: <li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
104: for clocks and interrupts on the auxilliary UART on BCM2835 devices.
105: <li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
106: driver for an interrupt controller on Marvell ARMADA 38x.
107: <li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
108: driver for the SD Host Controller on Marvell ARMADA 38x.
109: <li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
110: driver to configure pins on Marvell ARMADA 38x.
111: <li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
112: the Ethernet controller on Marvell ARMADA 38x.
113: <li>arm: New <a
114: href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &
115: <a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
116: for the Texas Instruments AM335x LCD controller.
117: <li>octeon: New <a
118: href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
119: the interrupt bus widget on CN70xx/CN71xx.
120: <li>octeon: New <a
121: href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
122: the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
123: <li>octeon: New <a
124: href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
125: for the OCTEON SATA controller bridge.
126: <li>octeon: New <a
127: href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
128: for the OCTEON USB3 controller bridge.
129: <li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
130: and 6 are now supported.
131: <li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
132: Hyper-V storage.
133: <li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
134: the NXP PCF8563 Real Time Clock.
135: <li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
136: random number generator devices.
137: <li>Intel 8265 and 3168 support was added to the
138: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
139: <li>RTL8192CE support was added to the
140: <a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
141: <li>RT5360 support was added to the
142: <a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
143: <li>RTS525A support was added to the
144: <a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
145: <li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
146: now supports _BIX entries from ACPI 4.0.
147: <li>ACPI hibernate support was added to the
148: <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
149: <li>Substantially improved ACPI hibernate performance in the
150: <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
151: <li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
152: was updated to code based on Linux 4.4.70 - it now supports Skylake,
153: Kaby Lake, and Cherryview devices and has better support for Broadwell
154: and Valleyview devices.
155: <li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
156: supports ASIX AX99100 devices.
157: <li>Xen platform support and the
158: <a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
159: have been substantially improved.
160: <li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
161: correct last sector address to SCSI, allowing a valid GPT to be created.
162: <li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
1.1 deraadt 163: </ul>
164:
165: <p>
1.36 pd 166: <li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
167: <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
1.1 deraadt 168: <ul>
1.63 jsing 169: <li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports
170: paused VM migration and memory snapshotting using send and receive commands.
171: <li>VPID/ASID reuse/rollover in <a
172: href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
173: <li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial
1.66 rob 174: console redirection).
1.63 jsing 175: <li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the
176: guest VM RTC (real time clock) on host resume from suspend/hibernate
1.66 rob 177: (OpenBSD guests only).
1.63 jsing 178: <li>Allow guest VMs access to AVX/AVX2 host CPU features.
179: <li>Support for AMD SVM/RVI hosts.
180: <li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - e.g.
1.66 rob 181: 32GB on amd64 hosts).
1.63 jsing 182: <li>Better handling of guest VM MONITOR/MWAIT and HLT instructions.
183: <li>Various device emulation improvements in <a
184: href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
185: <li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a>
186: queue size provided by <a
187: href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
188: <li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a>
189: and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
1.1 deraadt 190: </ul>
191: <p>
192:
193: <li>IEEE 802.11 wireless stack improvements:
194: <ul>
1.63 jsing 195: <li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers
196: of Tx and Rx streams. Fixes 11n mode for some
1.87 schwarze 197: <a href="https://man.openbsd.org/athn.4">athn(4)</a> devices.
198: <li>The <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> and
199: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> drivers will now start
1.63 jsing 200: scanning for a new access point if they no longer receive beacons from
201: the current AP.
1.8 stsp 202: <li>Prefer the 5GHz band over the 2GHz band during access point selection.
1.63 jsing 203: <li>Improved debug output in
204: <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless
205: interface is put into debug mode with
206: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.1 deraadt 207: </ul>
208: <p>
209:
210: <li>Generic network stack improvements:
211: <ul>
1.63 jsing 212: <li>Incoming and forwarded IP packets are now processed without
213: KERNEL_LOCK, resulting in better performances and reduced latency.
214: <li>The kernel no longer handles IPv6 Stateless Address
215: Autoconfiguration (RFC 4862), allowing cleanup and simplification
216: of the IPv6 network stack.
217: <li>The kernel sends IPv6 router solicitations for link local addresses
218: with a link local source address.
219: <li>FQ-CoDel algorithm has been implemented for use with <a
220: href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
221: <li>Improved IPv6 checks for IPsec policies and made them consistent
1.31 bluhm 222: with IPv4.
1.63 jsing 223: <li>Refactored local IP delivery to process IPsec packets in a flow and
224: avoid enqueueing a second time.
1.31 bluhm 225: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
1.63 jsing 226: now inspects AH packets and matches on the inner protocol.
1.31 bluhm 227: This makes IPv4 authentication headers work like IPv6.
228: <li>The length of extension header chains in pf(4) is limited.
1.63 jsing 229: This prevents spending excessive CPU time on crafted packets.
230: <li>Block IPv6 packets in
231: <a href="https://man.openbsd.org/pf.4">pf(4)</a>
232: that have a hop-by-hop options header or a destination options header.
233: Such packets can be passed by adding "allow-opts" to the rule.
234: This makes IPv6 option handling consistent with IPv4.
1.38 jca 235: <li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
1.31 bluhm 236: uses a smarter strategy to drop packets.
1.63 jsing 237: <li>Enabled the use of per-CPU caches in the network packet allocators.
1.1 deraadt 238: </ul>
239: <p>
240:
241: <li>Installer improvements:
242: <ul>
1.63 jsing 243: <li>The installer now uses the Allotment Routing Table (ART).
244: <li>A unique kernel is now created by the installer to boot from after
245: install/upgrade.
246: <li>On release installs of architectures supported by syspatch,
247: "syspatch -c" is now added to rc.firsttime.
248: <li>Backwards compatibility code to support the 'rtsol' keyword in
249: <a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a>
250: has been removed.
251: <li>The <tt>install.site</tt> and <tt>upgrade.site</tt> scripts are now
252: executed at the end of the install/upgrade process.
253: <li>More detailed information is shown to identify disks.
254: <li>The IPv6 default router selection has been fixed.
255: <li>On the amd64 platform, AES-NI is used if present.
1.1 deraadt 256: </ul>
257: <p>
258:
259: <li>Routing daemons and other userland network improvements:
260: <ul>
1.63 jsing 261: <li>A new daemon, <a
262: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
263: Stateless Address Autoconfiguration (RFC 4862).
264: <li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
265: "Reducing Energy Consumption of Router Advertisements" (RFC 7772).
1.37 jca 266: <li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
1.66 rob 267: been fixed to quickly handle IPv6 prefix changes on the system.
1.31 bluhm 268: <li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
1.63 jsing 269: can now show SA bundles and the "bundle" keyword allows them to be
270: explicitly created. This avoids confusion as they were previously
271: used implicitly.
1.31 bluhm 272: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
1.63 jsing 273: now has a <tt>-W recvlimit</tt> option to terminate netcat after
274: receiving the specified number of packets. This allows for a UDP
275: request to be sent, a reply to be received and the result checked on
276: the command line.
1.58 jsing 277: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
1.63 jsing 278: now has a <tt>-Z</tt> option, allowing the peer certificate and chain to be
1.58 jsing 279: saved to a file in PEM format.
1.63 jsing 280: <li>A new <tt>-T tlscompat</tt> option was added to
1.58 jsing 281: <a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
282: of all TLS protocols and libtls "compat" ciphers.
1.63 jsing 283: <li>Various races have been fixed in
284: <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
1.31 bluhm 285: expecially in HTTP chunked mode.
1.63 jsing 286: <li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> now shows the
287: relevant NDP information when run in a non-default routing
288: domain.
1.40 jca 289: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
1.63 jsing 290: copes with interface departures/arrivals.
1.51 benno 291: <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
1.63 jsing 292: be started multiple times in different
293: <a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
294: this provides virtual router functionality.
1.1 deraadt 295: </ul>
296: <p>
297:
298: <li>Security improvements:
299: <ul>
1.9 otto 300: <li>A new function
301: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
302: to easily clear and free memory holding sensitive data has been added.
303: <li>Double free detection has been improved when the F
304: <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
305: The existing S option now includes F.
1.24 anton 306: <li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
1.19 deraadt 307: tty ioctl has been removed. The I/O-loops in the last two consumers
1.24 anton 308: <a href="https://man.openbsd.org/csh.1">csh(1)</a> and
309: <a href="https://man.openbsd.org/mail.1">mail(1)</a>
1.19 deraadt 310: were rewritten to cope with the removal.
1.29 brynet 311: <li>Trapsleds, a new mitigation that significantly reduces the amount of
1.53 deraadt 312: nops in the instruction stream, replacing them with trap instructions
313: or jump-over-trap sequences, thereby requiring greater accuracy for
314: targetting potential gadgets.
1.29 brynet 315: <li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
316: files of the kernel to be relinked in a random order, creating a unique
1.53 deraadt 317: kernel for each boot. /bsd is now non-readable to users, to try to
318: keep the secret.
1.29 brynet 319: <li>Like with libc previously,
320: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
321: startup, placing the objects in a random order.
322: <li>In addition to libcrypto, to deter code reuse exploits,
323: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
324: <a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
325: startup, placing the objects in a random order.
1.31 bluhm 326: <li>If process accounting is activated with
327: <a href="https://man.openbsd.org/accton.8">accton(8)</a>,
328: the daily mail shows pledge violations and program crashes.
1.70 rob 329: <a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
1.31 bluhm 330: uses the flags P and T for such processes.
1.34 brynet 331: <li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
332: fork+exec model.
333: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
334: fork+exec model.
1.39 jca 335: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
336: uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
337: <li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
1.71 rob 338: <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> now use
1.39 jca 339: <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
1.45 tb 340: <li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
341: <li>Fixed and simplified pledge logic for
342: <a href="https://man.openbsd.org/nc.1">nc(1)</a>.
1.77 espie 343: <li>More application of
344: <a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>
345: in userland, and tracked sizes to
346: <a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel.
1.53 deraadt 347: <li>Achieve higher levels of paranoia regarding structure packing, and
348: clear many kernel objects before passing to userland.
1.77 espie 349: <li>Disable some optimizations in
350: <a href="https://man.openbsd.org/clang.1">clang(1)</a>
351: due to incompatibility with security.
352: <li>For instance, cope with
353: <a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption
354: that static or const
1.53 deraadt 355: objects placed in unknown sections (such as .openbsd.randomdata)
356: are surely always 0, and therefore such memory accesses can be
1.66 rob 357: optimized away.
1.53 deraadt 358: <li>In kernel, randomly bias down the top-of-stack per kthread.
1.1 deraadt 359: </ul>
360: <p>
361:
1.32 krw 362: <li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
1.1 deraadt 363: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
364: <ul>
1.32 krw 365: <li>Add support for echo-client-id statement to
1.78 krw 366: <a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
1.35 krw 367: <li>Take greater care to process all data read, and only data read, from the
368: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
369: socket.
370: <li>Use /dev/bpf instead of /dev/bpf0.
371: <li>Handle DHCPINFORM messages from clients behind a DHCP relay.
372: <li>Fix handling of
373: <a href="https://man.openbsd.org/carp.4">carp(4)</a>
374: interfaces in
375: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
376: <li>Don't stop
377: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
378: logging to stderr when it is started with the -d option.
1.32 krw 379: </ul>
380: <p>
381:
382: <li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
383: <ul>
384: <li>Log messages reworked and clarified, in particular by prefixing
385: the name of the relevant network interface.
386: <li>Treat SSID as 0 to 32 bytes of binary data, not a string.
387: <li>Use RTM_PROPOSAL to take control of an interface rather than flipping
388: interface down and up in the hope that other
389: <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
390: instances notice.
391: <li>Reduce file operations needed by -L option by opening file at
392: startup and using it throughout process lifetime.
393: <li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
394: handling by reducing writes and more reliably determining which interface
395: has the current default route.
396: <li>Take greater care to process all data read, and only data read, from the
397: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
398: socket.
399: <li>Improve the determination of the link state of an interface.
400: <li>Decline inappropriate lease offers as soon as they are deemed
401: inappropriate.
402: <li>Drop support for the timestamp formats used in lease files created
403: more than four years ago.
404: <li>Accept an offer from the server that sent the first copy of
405: the offer, not the server that sent the last copy.
406: <li>Don't delete addresses and routes when exiting.
407: <li>Ensure IPv6 packets are not read from sockets.
408: <li>Don't silently ignore obsolete keywords in
1.69 rob 409: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
1.32 krw 410: <li>Reduce memory footprint by shrinking oversized static buffers.
411: <li>Eliminate repeated socket opens by opening the required sockets during
412: startup.
413: <li>Fix construction of unicast UDP packets, broken in 5.6.
414: <li>Improve determination of when a renewed lease requires interface
415: configuration changes.
416: <li>Don't exit when addresses are manually added or deleted from an
417: interface.
418: <li>Don't support option 33, classfull IP addresses.
419: <li>Fix configuration of default routes supplied by classless route options.
420: <li>Consider
421: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
422: contents when determining what MTU value to configure.
423: <li>Consider
424: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
425: contents when creating the content of
426: <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
427: <li>Delete direct routes when routes are flushed.
428: <li>Don't label routes with "DHCLIENT nnnn".
429: <li>Don't delete addresses or routes that will be immediately added back.
430: <li>Delete addresses and routes only when a renewal request is NAK'ed.
431: <li>Don't wait forever for requested information on the default route.
432: <li>Don't exit when an attempt to send a packet fails.
433: <li>Don't log a packet send when the send fails.
434: <li>Remove the -u option, broken since 2013 without complaints.
1.35 krw 435: <li>Use /dev/bpf instead of /dev/bpf0.
1.1 deraadt 436: </ul>
437: <p>
438:
439: <li>Assorted improvements:
440: <ul>
1.53 deraadt 441: <li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
442: <a href="https://www.openbsd.org/amd64.html">amd64</a>
443: platforms have switched to using
444: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
445: as the base system compiler.
1.14 anton 446: <li>Improved UTF-8 line editing support for
1.24 anton 447: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
1.14 anton 448: Emacs and Vi input mode.
1.22 tb 449: <li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
450: a plain text format. Support for the
451: <a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
452: environment variable was added.
1.37 jca 453: <li>The performance of the memory deallocator used by
454: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
455: <li>The <tt>emacs-usemeta</tt> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
456: flag is no longer needed and is now deprecated.
1.41 schwarze 457: <li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
458: <li>New pthread
459: <a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
460: <a href="https://man.openbsd.org/pthread_cond_init">condition
461: variable</a> implementations improving latency
462: of threaded applications.
463: <li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
464: implementation written from scratch, complete in the sense that
465: all POSIX *locale(3) and *_l(3) functions are included, but in
466: OpenBSD, we of course only really care about <code>LC_CTYPE</code>
467: and we only support ASCII and UTF-8.
1.62 tedu 468: <li>Automatic hibernation and suspend by
469: <a href="https://man.openbsd.org/apmd">apmd</a>
470: when battery is low.
1.44 mpi 471: <li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
472: <a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
1.41 schwarze 473: tools to manipulate CTF (Compact C Type Format).
1.31 bluhm 474: <li>The error handling in
475: <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
476: has been improved.
1.38 jca 477: Even if internal errors occur, the daemon tries to keep
1.31 bluhm 478: unaffected subsystems active.
479: So as many messages as possible are logged.
480: They can be filtered by severity and facility "syslog".
481: <li>syslogd(8) can now suppress "last message repeated" which is
482: useful for remote logging.
483: <li>syslogd(8) can listen on multiple TLS sockets.
484: <li>syslogd(8) closes the *.514 UDP sockets when they are not
485: needed.
1.54 bluhm 486: <li>Truncate log messages at 8192 bytes everywhere.
1.37 jca 487: <li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
488: now skips and logs invalid config lines.
1.31 bluhm 489: <li>Nested mount points are umounted in correct order.
1.33 krw 490: <li>Fix creation of
491: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
492: CONCAT volumes.
493: <li>Include
494: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
495: volume and backing disk information in i/o error messages.
496: <li>Make
497: <a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
498: a normal
499: <a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
500: device by eliminating its use of the obsolete XS_NO_CCB mechanism.
1.38 jca 501: <li>Remove last vestiges of now unused XS_NO_CCB mechanism.
1.43 visa 502: <li>Userspace can now get the address of the thread control block
503: without a system call on OCTEON II and later.
504: <li>FPU is enabled on OCTEON III.
1.66 rob 505: <li>GENERIC kernels now include a .SUNW_ctf section containing CTF data.
1.44 mpi 506: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>kill</tt>
507: command, send an uncatchable SIGABRT to a process.
508: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>pprint</tt>
509: command, using CTF information to "pretty print" global symbols.
510: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
511: <tt>show struct</tt> command, using CTF information to display the content
512: of in memory C structures.
513: <li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
1.66 rob 514: to display the correct number of function arguments in backtraces.
1.45 tb 515: <li>Power off all codecs in
516: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
517: noise in speakers and headphones on reboot.
1.46 mlarkin 518: <li>Fix i386 boot regression seen on very old 486DX CPUs.
1.49 visa 519: <li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
520: for debugging lock order issues in the kernel.
521: The tool is not built in by default, and only amd64, hppa and i386
522: are supported.
1.53 deraadt 523: <li>Modernize some bizzare tty behaviours of getty(8).
524: <li>Some subtle changes to pledge(2) to satisfy requirements observed
525: in real life.
526: <li>Prefer use of waitpid(2) rather than wait(3) where possible, to
527: avoid problems with pre-existing children.
528: <li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
529: in a more portable fashion.
1.52 dlg 530: <li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
1.66 rob 531: caches</a> implemented in pools.
1.72 guenther 532: <li><a href="https://man.openbsd.org/pthread_mutex_lock.3">Mutex</a>,
533: <a href="https://man.openbsd.org/pthread_cond_wait.3">condition-variable</a>,
534: <a href="https://man.openbsd.org/pthread_getspecific.3">thread-specific data</a>,
535: <a href="https://man.openbsd.org/pthread_once.3">pthread_once(3)</a>,
536: and <a href="https://man.openbsd.org/pthread_exit.3">pthread_exit(3)</a>
537: routines moved to libc from libpthread for ease of library
538: use and compatibility with other OSes.
539: <li>Added <a href="https://man.openbsd.org/openpty.3">getptmfd(3)</a>,
540: <a href="https://man.openbsd.org/openpty.3">fdopenpty(3)</a>, and
541: <a href="https://man.openbsd.org/openpty.3">fdforkpty(3)</a>
542: to simplify privilege separation and use of pledge(2).
543: <li>Improved computational complexity in various cases of
544: <a href="https://man.openbsd.org/strstr.3">strstr(3)</a>,
545: <a href="https://man.openbsd.org/qsort.3">qsort(3)</a>,
546: and <a href="https://man.openbsd.org/glob.3">glob(3)</a>.
547: <li>Added support for <tt>EV_RECEIPT</tt> and <tt>EV_DISPATCH</tt> to
548: <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>.
1.73 guenther 549: <li>Added <a href="https://man.openbsd.org/ktrace.2">fktrace(2)</a>.
1.46 mlarkin 550: </ul>
1.1 deraadt 551: <p>
552:
1.64 eric 553: <li>OpenSMTPD 6.0.0
1.1 deraadt 554: <ul>
1.66 rob 555: <li>Fix an off-by-one in the config parser that made 65535 an invalid port.
556: <li>Fix a fd leak in the session congestion mechanism.
557: <li>Fix a possible crash when relaying with smtps.
558: <li>Remove support for the "listen secure" syntax (expicitely define two listeners for tls and smtps instead).
559: <li>Remove experimental support for filters.
560: <li>Assorted code and documentation cleanups and improvements.
1.1 deraadt 561: </ul>
562: <p>
563:
1.57 deraadt 564: <li>OpenSSH 7.6
1.1 deraadt 565: <ul>
566: <li>Security:
567: <ul>
1.56 djm 568: <li>sftp-server(8): in read-only mode, sftp-server was incorrectly
569: permitting creation of zero-length files.
1.1 deraadt 570: </ul>
571: <li>New/changed features:
572: <ul>
1.31 bluhm 573: <li>Add RemoteCommand option to specify a command in the
574: <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
575: config file instead of giving it on the client's command
576: line.
577: The feature allows to automate tasks using ssh config.
1.56 djm 578: <li>sshd(8): add ExposeAuthInfo option that enables writing details of
579: the authentication methods used (including public keys where
580: applicable) to a file that is exposed via a $SSH_USER_AUTH
581: environment variable in the subsequent session.
582: <li>ssh(1): add support for reverse dynamic forwarding. In this mode,
583: ssh will act as a SOCKS4/5 proxy and forward connections
584: to destinations requested by the remote SOCKS client. This mode
585: is requested using extended syntax for the -R and RemoteForward
586: options and, because it is implemented solely at the client,
587: does not require the server be updated to be supported.
588: <li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
589: <li>ssh-keygen(1): allow inclusion of arbitrary string or flag
1.67 rob 590: certificate extensions and critical options.
1.56 djm 591: <li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
592: a CA when signing certificates.
593: <li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
594: ToS/DSCP value and just use the operating system default.
595: <li>ssh-add(1): added -q option to make ssh-add quiet on success.
596: <li>ssh(1): expand the StrictHostKeyChecking option with two new
597: settings. The first "accept-new" will automatically accept
598: hitherto-unseen keys but will refuse connections for changed or
599: invalid hostkeys. This is a safer subset of the current behaviour
600: of StrictHostKeyChecking=no. The second setting "off", is a synonym
601: for the current behaviour of StrictHostKeyChecking=no: accept new
602: host keys, and continue connection for hosts with incorrect
603: hostkeys. A future release will change the meaning of
604: StrictHostKeyChecking=no to the behaviour of "accept-new".
605: <li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
606: option in sshd(8).
1.1 deraadt 607: </ul>
608: <li>The following significant bugs have been fixed in this release:
609: <ul>
1.56 djm 610: <li>ssh(1): use HostKeyAlias if specified instead of hostname for
1.69 rob 611: matching host certificate principal names.
1.56 djm 612: <li>sftp(1): implement sorting for globbed ls.
613: <li>ssh(1): add a user@host prefix to client's "Permission denied"
614: messages, useful in particular when using "stacked" connections
615: (e.g. ssh -J) where it's not clear which host is denying.
616: <li>ssh(1): accept unknown EXT_INFO extension values that contain \0
617: characters. These are legal, but would previously cause fatal
618: connection errors if received.
619: <li>ssh(1)/sshd(8): repair compression statistics printed at
620: connection exit.
621: <li>sftp(1): print '?' instead of incorrect link count (that the
622: protocol doesn't provide) for remote listings.
623: <li>ssh(1): return failure rather than fatal() for more cases during
624: session multiplexing negotiations. Causes the session to fall back
625: to a non-mux connection if they occur.
626: <li>ssh(1): mention that the server may send debug messages to explain
627: public key authentication problems under some circumstances.
628: <li>Translate OpenSSL error codes to better report incorrect passphrase
629: errors when loading private keys.
630: <li>sshd(8): adjust compatibility patterns for WinSCP to correctly
631: identify versions that implement only the legacy DH group exchange
632: scheme.
633: <li>ssh(1): print the "Killed by signal 1" message only at LogLevel
634: verbose so that it is not shown at the default level; prevents it
635: from appearing during ssh -J and equivalent ProxyCommand configs.
636: <li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
637: existing keys if they exist but are zero length. zero-length keys
638: could previously be made if ssh-keygen failed or was interrupted part
639: way through generating them.
640: <li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
641: place the current session in the background.
642: <li>ssh-keyscan(1): avoid double-close() on file descriptors.
643: <li>sshd(8): avoid reliance on shared use of pointers shared between
644: monitor and child sshd processes.
645: <li>sshd_config(8): document available AuthenticationMethods.
646: <li>ssh(1): avoid truncation in some login prompts.
647: <li>ssh(1): make "--" before the hostname terminate argument processing
648: after the hostname too.
649: <li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
650: new-style private keys. Fixes problems related to private key
651: handling for no-OpenSSL builds.
652: <li>ssh(1): warn and do not attempt to use keys when the public and
653: private halves do not match.
654: <li>sftp(1): don't print verbose error message when ssh disconnects
655: from under sftp.
656: <li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
657: port from preventing the keepalive from being sent.
658: <li>sshd(8): when started without root privileges, don't require the
659: privilege separation user or path to exist. Makes running the
660: regression tests easier without touching the filesystem.
661: <li>Make integrity.sh regression tests more robust against timeouts.
662: <li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
663: channel IDs greater than 0x7FFFFFFF.
1.1 deraadt 664: </ul>
665: </ul>
666: <p>
667:
1.58 jsing 668: <li>LibreSSL 2.6.3
1.1 deraadt 669: <ul>
1.60 jsing 670: <li>Added support for providing CRLs to libtls - once a CRL is provided via
671: <a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
672: or
673: <a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
674: CRL checking is enabled and required for the full certificate chain.
1.58 jsing 675: <li>Reworked TLS certificate name verification code to more strictly
676: follow RFC 6125.
677: <li>Cleaned up and simplified server key exchange EC point handling.
678: <li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
679: simplified BIO_get_host_ip() and BIO_accept().
680: <li>Added definitions for three OIDs used in EV certificates.
681: <li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
682: IP addresses with SNI to connect to a libtls-based TLS server.
683: <li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
684: validation callbacks such as those in relayd.
685: <li>Converted explicit clear/free sequences to use
686: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
687: <li>Fixed the
688: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
1.68 rob 689: ca command so that it generates certificates with RFC 5280-conformant time.
1.58 jsing 690: <li>Added
691: <a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
692: to set an ASN.1 time from a struct tm *.
693: <li>Added
694: <a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
695: functions.
696: <li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
697: <li>Provided a
698: <a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
699: function that frees the memory returned from a
700: <a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
1.68 rob 701: call, ensuring that the contents become inaccessible.
1.58 jsing 702: <li>Implemented reference counting for libtls tls_config, allowing
703: <a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
704: to be called as soon as it has been passed to the final
705: <a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
706: call, simplifying lifetime tracking for the application.
707: <li>Dropped cipher suites using DSS authentication.
708: <li>Removed support for DSS/DSA from libssl.
709: <li>Distinguish between self-issued certificates and self-signed
710: certificates. The certificate verification code has special cases
711: for self-signed certificates and without this change, self-issued
712: certificates (which it seems are common place with
713: openvpn/easyrsa) were also being included in this category.
714: <li>Added a new TLS extension handling framework and converted all
715: TLS extensions to use it.
716: <li>Improved and added many new manpages. Updated
717: <a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
718: manpages with additional cautions regarding their use.
719: <li>Cleaned up and simplified EC key/curve configuration handling.
720: <li>Added
721: <a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
722: to libtls, which allows the names of the elliptical curves that may
723: be used during client and server key exchange to be specified.
724: <li>Converted more code paths to use CBB/CBS.
725: <li>Removed NPN support - NPN was never standardised and the last draft
726: expired in October 2012.
727: <li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
728: CryptoPro clients.
729: <li>Removed support for the TLS padding extension, which was added as a
1.60 jsing 730: workaround for an old bug in F5's TLS termination.
1.65 rob 731: <li>Added ability to clamp notafter values in certificates for systems
1.58 jsing 732: with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
733: <li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
734: <li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
735: <li>Provide a useful error with libtls if there are no OCSP URLs in a
736: peer certificate.
737: <li>Keep track of which keypair is in use by a TLS context, fixing a bug
738: where a TLS server with SNI would only return the OCSP staple for the
739: default keypair.
740: <li>If
741: <a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
742: is called with a NULL pointer it now
743: returns the default protocols.
1.1 deraadt 744: </ul>
745: <p>
746:
1.41 schwarze 747: <li>mandoc 1.14.3
1.1 deraadt 748: <ul>
1.41 schwarze 749: <li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
750: databases are now enabled by default, allowing semantic searching
751: with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
752: without any local configuration changes.
753: <li>Full integration of the former
1.88 bentley 754: <a href="https://cvsweb.openbsd.org/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
1.41 schwarze 755: utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
756: <code>-Wall</code>, new <code>-Wstyle</code> and
757: <code>-Wopenbsd</code> message levels, and many new messages,
758: for example about typos in <code>.Sh</code> lines,
759: unknown <code>.Xr</code> targets, and links to self.
760: <li>Additional steps unifying the
761: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
762: <a href="https://man.openbsd.org/man.7">man(7)</a>, and
763: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
764: use one common data type and
765: <a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
766: for all requests and macros and support creation of syntax tree
767: nodes in the roff(7) parser, allowing support for many new
768: low-level roff(7) features.
769: Only about 25 ports still need <code>USE_GROFF</code> now.
770: <li>Many improvements to
771: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
772: parsing and formatting,
773: including automatic line wrapping inside table columns.
774: <li>Many improvements to
775: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
776: parsing and formatting, including better font selection,
777: recognition of well-known mathematical function names, and writing
778: of <code><mn></code> and <code><mo></code> HTML tags.
779: <li>Intelligible rendering of mathematical symbols in
780: <code>-Tascii</code> output.
781: <li>Several parsing and rendering improvements for the
782: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
783: <code>.Lk</code> macro.
784: <li>Some CSS improvements in HTML output, in particular for the
785: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
786: <code>.Bl</code> macro.
1.1 deraadt 787: </ul>
788: <p>
789:
790: <li>Ports and packages:
791: <dl>
1.10 espie 792: <dt>A massive amount of clang-related fixes happened between 6.1 and 6.2.
1.1 deraadt 793: <dt>Many pre-built packages for each architecture:
794: </dl>
795: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
796: <table border=0 cellspacing=0 cellpadding=2 width="95%">
797: <tr>
798: <td valign="top" width="25%">
799: <ul>
1.76 phessler 800: <li>aarch64: 7942
1.82 phessler 801: <li>alpha: 7426
1.53 deraadt 802: <li>amd64: 9728
1.76 phessler 803: </ul></td><td valign=top width="25%"><ul>
1.79 phessler 804: <li>arm: 7939
1.80 pirofti 805: <li>hppa: 6260
1.74 sobrado 806: <li>i386: 9685
1.76 phessler 807: </ul></td><td valign=top width="25%"><ul>
1.81 visa 808: <li>mips64: 7972
1.84 naddy 809: <li>mips64el: 7984
1.83 landry 810: <li>powerpc: 8133
1.76 phessler 811: </ul></td><td valign=top width="25%"><ul>
1.83 landry 812: <li>sparc64: 8281
1.1 deraadt 813: </ul></td></tr></table>
814: <p>
815:
816: <dl>
817: <dt>Some highlights:
818: </dl>
819: <table border=0 cellspacing=0 cellpadding=2 width="95%">
820: <tr>
821: <td valign="top" width="50%"><ul>
1.3 jasper 822: <li>AFL 2.51b
1.47 dcoppa 823: <li>CMake 3.9.3
1.3 jasper 824: <li>Chromium 61.0.3163.100
825: <li>Emacs 21.4 and 25.3
1.1 deraadt 826: <li>GCC 4.9.4
827: <li>GHC 7.10.3
1.3 jasper 828: <li>Gimp 2.8.22
829: <li>GNOME 3.24.2
830: <li>Go 1.9
1.1 deraadt 831: <li>Groff 1.22.3
1.3 jasper 832: <li>JDK 8u144
1.18 lteo 833: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
1.3 jasper 834: <li>LLVM/Clang 5.0.0
835: <li>LibreOffice 5.2.7.2
1.1 deraadt 836: <li>Lua 5.1.5, 5.2.4, and 5.3.4
1.3 jasper 837: <li>MariaDB 10.0.32
838: <li>Mozilla Firefox 52.4.0esr and 56.0.0
839: <li>Mozilla Thunderbird 52.2.1
1.1 deraadt 840: </ul></td><td valign=top width="50%"><ul>
1.3 jasper 841: <li>Mutt 1.9.1 and NeoMutt 20170912
842: <li>Node.js 6.11.2
1.1 deraadt 843: <li>Ocaml 4.03.0
1.3 jasper 844: <li>OpenLDAP 2.3.43 and 2.4.45
1.18 lteo 845: <li>PHP 5.6.31 and 7.0.23
1.3 jasper 846: <li>Postfix 3.2.2 and 3.3-20170910
847: <li>PostgreSQL 9.6.5
848: <li>Python 2.7.14 and 3.6.2
849: <li>R 3.4.1
850: <li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
851: <li>Rust 1.20.0
852: <li>Sendmail 8.16.0.21
853: <li>SQLite3 3.20.1
854: <li>Sudo 1.8.21.2
855: <li>Tcl/Tk 8.5.19 and 8.6.6
856: <li>TeX Live 2016
857: <li>Vim 8.0.0987
1.1 deraadt 858: <li>Xfce 4.12
859: </ul></td></tr></table>
860: <p>
861:
862: <li>As usual, steady improvements in manual pages and other documentation.
863: <p>
864:
865: <li>The system includes the following major components from outside suppliers:
866: <ul>
1.13 matthieu 867: <li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
868: freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
1.1 deraadt 869: xkeyboard-config 2.20 and more)
870: <li>LLVM/Clang 4.0.0 (+ patches)
871: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.18 lteo 872: <li>Perl 5.24.2 (+ patches)
1.2 florian 873: <li>NSD 4.1.17
874: <li>Unbound 1.6.6
1.1 deraadt 875: <li>Ncurses 5.7
876: <li>Binutils 2.17 (+ patches)
877: <li>Gdb 6.3 (+ patches)
878: <li>Awk Aug 10, 2011 version
1.31 bluhm 879: <li>Expat 2.2.4
1.1 deraadt 880: </ul>
881: </ul>
882:
883: <hr>
884:
885: <h3 id="install"><font color="#0000e0">How to install</font></h3>
886:
887: Please refer to the following files on the mirror site for
888: extensive details on how to install OpenBSD 6.2 on your machine:
889:
890: <ul>
891: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/alpha/INSTALL.alpha">
892: .../OpenBSD/6.2/alpha/INSTALL.alpha</a>
893: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/amd64/INSTALL.amd64">
894: .../OpenBSD/6.2/amd64/INSTALL.amd64</a>
895: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/arm64/INSTALL.arm64">
896: .../OpenBSD/6.2/arm64/INSTALL.arm64</a>
897: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/armv7/INSTALL.armv7">
898: .../OpenBSD/6.2/armv7/INSTALL.armv7</a>
899: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/hppa/INSTALL.hppa">
900: .../OpenBSD/6.2/hppa/INSTALL.hppa</a>
901: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/i386/INSTALL.i386">
902: .../OpenBSD/6.2/i386/INSTALL.i386</a>
903: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/landisk/INSTALL.landisk">
904: .../OpenBSD/6.2/landisk/INSTALL.landisk</a>
905: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/loongson/INSTALL.loongson">
906: .../OpenBSD/6.2/loongson/INSTALL.loongson</a>
907: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/luna88k/INSTALL.luna88k">
908: .../OpenBSD/6.2/luna88k/INSTALL.luna88k</a>
909: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/macppc/INSTALL.macppc">
910: .../OpenBSD/6.2/macppc/INSTALL.macppc</a>
911: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/octeon/INSTALL.octeon">
912: .../OpenBSD/6.2/octeon/INSTALL.octeon</a>
913: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sgi/INSTALL.sgi">
914: .../OpenBSD/6.2/sgi/INSTALL.sgi</a>
915: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sparc64/INSTALL.sparc64">
916: .../OpenBSD/6.2/sparc64/INSTALL.sparc64</a>
917: </ul>
918:
919: <hr>
920:
921: <p>
922: Quick installer information for people familiar with OpenBSD, and the use of
923: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
924: If you are at all confused when installing OpenBSD, read the relevant
925: INSTALL.* file as listed above!
926:
927: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
928:
929: <ul style="list-style-type: none">
930: <li>
931: Write <i>floppy62.fs</i> or <i>floppyB62.fs</i> (depending on your machine)
932: to a diskette and enter <i>boot dva0</i>.
933: Refer to INSTALL.alpha for more details.
934: <p>
935: <li>
936: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
937: will most likely fail.
938: </ul>
939:
940: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
941:
942: <ul style="list-style-type: none">
943: <li>
944: If your machine can boot from CD, you can write <i>install62.iso</i> or
945: <i>cd62.iso</i> to a CD and boot from it.
946: You may need to adjust your BIOS options first.
947: <p>
948: <li>
949: If your machine can boot from USB, you can write <i>install62.fs</i> or
950: <i>miniroot62.fs</i> to a USB stick and boot from it.
951: <p>
952: <li>
953: If you can't boot from a CD, floppy disk, or USB,
954: you can install across the network using PXE as described in the included
955: INSTALL.amd64 document.
956: <p>
957: <li>
958: If you are planning to dual boot OpenBSD with another OS, you will need to
959: read INSTALL.amd64.
960: </ul>
961:
962: <h3><font color="#e00000">OpenBSD/arm64:</font></h3>
963:
964: <ul style="list-style-type: none">
965: <li>
966: Write <i>miniroot62.fs</i> to a disk and boot from it after connecting
967: to the serial console. Refer to INSTALL.arm64 for more details.
968: <p>
969: </ul>
970:
971: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
972:
973: <ul style="list-style-type: none">
974: <li>
975: Write a system specific miniroot to an SD card and boot from it after connecting
976: to the serial console. Refer to INSTALL.armv7 for more details.
977: <p>
978: </ul>
979:
980: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
981:
982: <ul style="list-style-type: none">
983: <li>
984: Boot over the network by following the instructions in INSTALL.hppa or the
985: <a href="hppa.html#install">hppa platform page</a>.
986: </ul>
987:
988: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
989:
990: <ul style="list-style-type: none">
991: <li>
992: If your machine can boot from CD, you can write <i>install62.iso</i> or
993: <i>cd62.iso</i> to a CD and boot from it.
994: You may need to adjust your BIOS options first.
995: <p>
996: <li>
997: If your machine can boot from USB, you can write <i>install62.fs</i> or
998: <i>miniroot62.fs</i> to a USB stick and boot from it.
999: <p>
1000: <li>
1001: If you can't boot from a CD, floppy disk, or USB,
1002: you can install across the network using PXE as described in
1003: the included INSTALL.i386 document.
1004: <p>
1005: <li>
1006: If you are planning on dual booting OpenBSD with another OS, you will need to
1007: read INSTALL.i386.
1008: </ul>
1009:
1010: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
1011:
1012: <ul style="list-style-type: none">
1013: <li>
1014: Write <i>miniroot62.fs</i> to the start of the CF
1015: or disk, and boot normally.
1016: </ul>
1017:
1018: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
1019:
1020: <ul style="list-style-type: none">
1021: <li>
1022: Write <i>miniroot62.fs</i> to a USB stick and boot bsd.rd from it
1023: or boot bsd.rd via tftp.
1024: Refer to the instructions in INSTALL.loongson for more details.
1025: </ul>
1026:
1027: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
1028:
1029: <ul style="list-style-type: none">
1030: <li>
1031: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1032: from the PROM, and then bsd.rd from the bootloader.
1033: Refer to the instructions in INSTALL.luna88k for more details.
1034: </ul>
1035:
1036: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
1037:
1038: <ul style="list-style-type: none">
1039: <li>
1040: Burn the image from a mirror site to a CDROM, and power on your machine
1041: while holding down the <i>C</i> key until the display turns on and
1042: shows <i>OpenBSD/macppc boot</i>.
1043: <p>
1044: <li>
1045: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1046: /6.2/macppc/bsd.rd</i>
1047: </ul>
1048:
1049: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
1050:
1051: <ul style="list-style-type: none">
1052: <li>
1053: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1054: Refer to the instructions in INSTALL.octeon for more details.
1055: </ul>
1056:
1057: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
1058:
1059: <ul style="list-style-type: none">
1060: <li>
1061: To install, burn cd62.iso on a CD-R, put it in the CD drive of your
1062: machine and select <i>Install System Software</i> from the System Maintenance
1063: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
1064: CD-ROM, and need a proper invocation from the PROM prompt.
1065: Refer to the instructions in INSTALL.sgi for more details.
1066:
1067: <p>
1068: <li>
1069: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
1070: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
1071: system type. Refer to the instructions in INSTALL.sgi for more details.
1072: </ul>
1073:
1074: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
1075:
1076: <ul style="list-style-type: none">
1077: <li>
1078: Burn the image from a mirror site to a CDROM, boot from it, and type
1079: <i>boot cdrom</i>.
1080: <p>
1081: <li>
1082: If this doesn't work, or if you don't have a CDROM drive, you can write
1083: <i>floppy62.fs</i> or <i>floppyB62.fs</i>
1084: (depending on your machine) to a floppy and boot it with <i>boot
1085: floppy</i>. Refer to INSTALL.sparc64 for details.
1086: <p>
1087: <li>
1088: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1089: will most likely fail.
1090: <p>
1091: <li>
1092: You can also write <i>miniroot62.fs</i> to the swap partition on
1093: the disk and boot with <i>boot disk:b</i>.
1094: <p>
1095: <li>
1096: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1097: </ul>
1098:
1099: <hr>
1100:
1101: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
1102:
1103: If you already have an OpenBSD 6.1 system, and do not want to reinstall,
1104: upgrade instructions and advice can be found in the
1105: <a href="faq/upgrade62.html">Upgrade Guide</a>.
1106: <p>
1107:
1108: <hr>
1109:
1110: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
1111:
1112: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
1113: This file contains everything you need except for the kernel sources,
1114: which are in a separate archive.
1115: To extract:
1116:
1117: <blockquote><pre>
1118: # <b>mkdir -p /usr/src</b>
1119: # <b>cd /usr/src</b>
1120: # <b>tar xvfz /tmp/src.tar.gz</b>
1121: </pre></blockquote>
1122:
1123: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
1124: This file contains all the kernel sources you need to rebuild kernels.
1125: To extract:
1126:
1127: <blockquote><pre>
1128: # <b>mkdir -p /usr/src/sys</b>
1129: # <b>cd /usr/src</b>
1130: # <b>tar xvfz /tmp/sys.tar.gz</b>
1131: </pre></blockquote>
1132:
1133: Both of these trees are a regular CVS checkout. Using these trees it
1134: is possible to get a head-start on using the anoncvs servers as
1135: described <a href="anoncvs.html">here</a>.
1136: Using these files
1137: results in a much faster initial CVS update than you could expect from
1138: a fresh checkout of the full OpenBSD source tree.
1139: <p>
1140:
1141: <hr>
1142:
1143: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
1144:
1145: A ports tree archive is also provided. To extract:
1146:
1147: <blockquote><pre>
1148: # <b>cd /usr</b>
1149: # <b>tar xvfz /tmp/ports.tar.gz</b>
1150: </pre></blockquote>
1151:
1152: Go read the <a href="faq/ports/index.html">ports</a> page
1153: if you know nothing about ports
1154: at this point. This text is not a manual of how to use ports.
1155: Rather, it is a set of notes meant to kickstart the user on the
1156: OpenBSD ports system.
1157: <p>
1158: The <i>ports/</i> directory represents a CVS checkout of our ports.
1159: As with our complete source tree, our ports tree is available via
1160: <a href="anoncvs.html">AnonCVS</a>.
1.85 tj 1161: So, in order to keep up to date with the -stable branch, you must make
1.1 deraadt 1162: the <i>ports/</i> tree available on a read-write medium and update the tree
1163: with a command like:
1164:
1165: <blockquote><pre>
1166: # <b>cd /usr/ports</b>
1.15 phessler 1167: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_2</b>
1.1 deraadt 1168: </pre></blockquote>
1169:
1170: [Of course, you must replace the server name here with a nearby anoncvs
1171: server.]
1172: <p>
1173: Note that most ports are available as packages on our mirrors. Updated
1174: ports for the 6.2 release will be made available if problems arise.
1175: <p>
1176: If you're interested in seeing a port added, would like to help out, or just
1177: would like to know more, the mailing list
1178: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1179: <p>
1180: </body>
1181: </html>