Annotation of www/63.html, Revision 1.1
1.1 ! deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
! 2: <html>
! 3: <head>
! 4: <title>OpenBSD 6.3</title>
! 5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
! 6: <meta name="description" content="OpenBSD 6.3">
! 7: <meta name="copyright" content="This document copyright 2018 by OpenBSD.">
! 8: <meta name="viewport" content="width=device-width, initial-scale=1">
! 9: <link rel="stylesheet" type="text/css" href="openbsd.css">
! 10: <link rel="canonical" href="https://www.openbsd.org/63.html">
! 11: </head>
! 12:
! 13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
! 14:
! 15: <h2>
! 16: <a href="index.html">
! 17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
! 18: <font color="#e00000">6.3</font>
! 19: </h2>
! 20:
! 21: <a href="images/XXX.gif">
! 22: <img align="left" width="227" height="343" hspace="24" src="images/XXX.gif"></a>
! 23: Released Apr 15, 2018<br>
! 24: Copyright 1997-2018, Theo de Raadt.<br>
! 25: <br>
! 26: <br>
! 27: 6.3 Song: XXX.
! 28:
! 29: <br>
! 30: <ul>
! 31: <li>See the information on <a href="ftp.html">the FTP page</a> for
! 32: a list of mirror machines.
! 33: <li>Go to the <font color="#e00000">pub/OpenBSD/6.3/</font> directory on
! 34: one of the mirror sites.
! 35: <li>Have a look at <a href="errata63.html">the 6.3 errata page</a> for a list
! 36: of bugs and workarounds.
! 37: <li>See a <a href="plus63.html">detailed log of changes</a> between the
! 38: 6.2 and 6.3 releases.
! 39: <p>
! 40: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
! 41: pubkeys for this release:<br>
! 42: <pre>
! 43: base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
! 44: fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
! 45: pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
! 46: </pre>
! 47: <p>
! 48: All applicable copyrights and credits are in the src.tar.gz,
! 49: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
! 50: files fetched via ports.tar.gz.
! 51: </ul>
! 52: <br clear=all>
! 53:
! 54: <hr>
! 55:
! 56: <h3 id="new"><font color="#0000e0">What's New</font></h3>
! 57:
! 58: This is a partial list of new features and systems included in OpenBSD 6.3.
! 59: For a comprehensive list, see the <a href="plus63.html">changelog</a> leading
! 60: to 6.3.
! 61:
! 62: <ul>
! 63:
! 64: <li>Improved hardware support, including:
! 65: <ul>
! 66: <li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
! 67: for the Rockchip RK3399/RK3288 register file.
! 68: <li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
! 69: driver for Rockchip RK3399/RK3288 clocks.
! 70: <li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
! 71: driver for controlling Rockchip RK3399/RK3288 pins.
! 72: <li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
! 73: for GPIO on Rockchip SoCs.
! 74: <li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
! 75: for Rockchip RK3399 temperature sensors.
! 76: <li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
! 77: for Rockchip RK3399 I2C controllers.
! 78: <li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
! 79: for the RK808 Power Management IC.
! 80: <li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
! 81: for Synopsis DesignWare SD/MMC controllers.
! 82: <li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
! 83: for the Synopsys DesignWare watchdog timer.
! 84: <li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
! 85: for the Synopsys DesignWare Ethernet controller.
! 86: <li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
! 87: for the two-wire bus on Allwinner SoCs.
! 88: <li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
! 89: driver for the AXP209 I2C PMIC.
! 90: <li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
! 91: for clocks and interrupts on the auxilliary UART on BCM2835 devices.
! 92: <li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
! 93: driver for an interrupt controller on Marvell ARMADA 38x.
! 94: <li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
! 95: driver for the SD Host Controller on Marvell ARMADA 38x.
! 96: <li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
! 97: driver to configure pins on Marvell ARMADA 38x.
! 98: <li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
! 99: the Ethernet controller on Marvell ARMADA 38x.
! 100: <li>arm: New <a
! 101: href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &
! 102: <a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
! 103: for the Texas Instruments AM335x LCD controller.
! 104: <li>octeon: New <a
! 105: href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
! 106: the interrupt bus widget on CN70xx/CN71xx.
! 107: <li>octeon: New <a
! 108: href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
! 109: the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
! 110: <li>octeon: New <a
! 111: href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
! 112: for the OCTEON SATA controller bridge.
! 113: <li>octeon: New <a
! 114: href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
! 115: for the OCTEON USB3 controller bridge.
! 116: <li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
! 117: and 6 are now supported.
! 118: <li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
! 119: Hyper-V storage.
! 120: <li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
! 121: the NXP PCF8563 Real Time Clock.
! 122: <li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
! 123: random number generator devices.
! 124: <li>Intel 8265 and 3168 support was added to the
! 125: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
! 126: <li>RTL8192CE support was added to the
! 127: <a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
! 128: <li>RT5360 support was added to the
! 129: <a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
! 130: <li>RTS525A support was added to the
! 131: <a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
! 132: <li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
! 133: now supports _BIX entries from ACPI 4.0.
! 134: <li>ACPI hibernate support was added to the
! 135: <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
! 136: <li>Substantially improved ACPI hibernate performance in the
! 137: <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
! 138: <li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
! 139: was updated to code based on Linux 4.4.70 - it now supports Skylake,
! 140: Kaby Lake, and Cherryview devices and has better support for Broadwell
! 141: and Valleyview devices.
! 142: <li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
! 143: supports ASIX AX99100 devices.
! 144: <li>Xen platform support and the
! 145: <a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
! 146: have been substantially improved.
! 147: <li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
! 148: correct last sector address to SCSI, allowing a valid GPT to be created.
! 149: <li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
! 150: </ul>
! 151:
! 152: <p>
! 153: <li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
! 154: <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
! 155: <ul>
! 156: <li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports
! 157: paused VM migration and memory snapshotting using send and receive commands.
! 158: <li>VPID/ASID reuse/rollover in <a
! 159: href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
! 160: <li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial
! 161: console redirection).
! 162: <li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the
! 163: guest VM RTC (real time clock) on host resume from suspend/hibernate
! 164: (OpenBSD guests only).
! 165: <li>Allow guest VMs access to AVX/AVX2 host CPU features.
! 166: <li>Support for AMD SVM/RVI hosts.
! 167: <li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - e.g.
! 168: 32GB on amd64 hosts).
! 169: <li>Better handling of guest VM MONITOR/MWAIT and HLT instructions.
! 170: <li>Various device emulation improvements in <a
! 171: href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
! 172: <li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a>
! 173: queue size provided by <a
! 174: href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
! 175: <li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a>
! 176: and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
! 177: </ul>
! 178: <p>
! 179:
! 180: <li>IEEE 802.11 wireless stack improvements:
! 181: <ul>
! 182: <li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers
! 183: of Tx and Rx streams. Fixes 11n mode for some
! 184: <a href="https://man.openbsd.org/athn.8">athn(8)</a> devices.
! 185: <li>The <a href="https://man.openbsd.org/iwn.8">iwn(8)</a> and
! 186: <a href="https://man.openbsd.org/iwm.8">iwm(8)</a> drivers will now start
! 187: scanning for a new access point if they no longer receive beacons from
! 188: the current AP.
! 189: <li>Prefer the 5GHz band over the 2GHz band during access point selection.
! 190: <li>Improved debug output in
! 191: <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless
! 192: interface is put into debug mode with
! 193: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
! 194: </ul>
! 195: <p>
! 196:
! 197: <li>Generic network stack improvements:
! 198: <ul>
! 199: <li>Incoming and forwarded IP packets are now processed without
! 200: KERNEL_LOCK, resulting in better performances and reduced latency.
! 201: <li>The kernel no longer handles IPv6 Stateless Address
! 202: Autoconfiguration (RFC 4862), allowing cleanup and simplification
! 203: of the IPv6 network stack.
! 204: <li>The kernel sends IPv6 router solicitations for link local addresses
! 205: with a link local source address.
! 206: <li>FQ-CoDel algorithm has been implemented for use with <a
! 207: href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
! 208: <li>Improved IPv6 checks for IPsec policies and made them consistent
! 209: with IPv4.
! 210: <li>Refactored local IP delivery to process IPsec packets in a flow and
! 211: avoid enqueueing a second time.
! 212: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
! 213: now inspects AH packets and matches on the inner protocol.
! 214: This makes IPv4 authentication headers work like IPv6.
! 215: <li>The length of extension header chains in pf(4) is limited.
! 216: This prevents spending excessive CPU time on crafted packets.
! 217: <li>Block IPv6 packets in
! 218: <a href="https://man.openbsd.org/pf.4">pf(4)</a>
! 219: that have a hop-by-hop options header or a destination options header.
! 220: Such packets can be passed by adding "allow-opts" to the rule.
! 221: This makes IPv6 option handling consistent with IPv4.
! 222: <li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
! 223: uses a smarter strategy to drop packets.
! 224: <li>Enabled the use of per-CPU caches in the network packet allocators.
! 225: </ul>
! 226: <p>
! 227:
! 228: <li>Installer improvements:
! 229: <ul>
! 230: <li>The installer now uses the Allotment Routing Table (ART).
! 231: <li>A unique kernel is now created by the installer to boot from after
! 232: install/upgrade.
! 233: <li>On release installs of architectures supported by syspatch,
! 234: "syspatch -c" is now added to rc.firsttime.
! 235: <li>Backwards compatibility code to support the 'rtsol' keyword in
! 236: <a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a>
! 237: has been removed.
! 238: <li>The <tt>install.site</tt> and <tt>upgrade.site</tt> scripts are now
! 239: executed at the end of the install/upgrade process.
! 240: <li>More detailed information is shown to identify disks.
! 241: <li>The IPv6 default router selection has been fixed.
! 242: <li>On the amd64 platform, AES-NI is used if present.
! 243: </ul>
! 244: <p>
! 245:
! 246: <li>Routing daemons and other userland network improvements:
! 247: <ul>
! 248: <li>A new daemon, <a
! 249: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
! 250: Stateless Address Autoconfiguration (RFC 4862).
! 251: <li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
! 252: "Reducing Energy Consumption of Router Advertisements" (RFC 7772).
! 253: <li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
! 254: been fixed to quickly handle IPv6 prefix changes on the system.
! 255: <li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
! 256: can now show SA bundles and the "bundle" keyword allows them to be
! 257: explicitly created. This avoids confusion as they were previously
! 258: used implicitly.
! 259: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
! 260: now has a <tt>-W recvlimit</tt> option to terminate netcat after
! 261: receiving the specified number of packets. This allows for a UDP
! 262: request to be sent, a reply to be received and the result checked on
! 263: the command line.
! 264: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
! 265: now has a <tt>-Z</tt> option, allowing the peer certificate and chain to be
! 266: saved to a file in PEM format.
! 267: <li>A new <tt>-T tlscompat</tt> option was added to
! 268: <a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
! 269: of all TLS protocols and libtls "compat" ciphers.
! 270: <li>Various races have been fixed in
! 271: <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
! 272: expecially in HTTP chunked mode.
! 273: <li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> now shows the
! 274: relevant NDP information when run in a non-default routing
! 275: domain.
! 276: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
! 277: copes with interface departures/arrivals.
! 278: <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
! 279: be started multiple times in different
! 280: <a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
! 281: this provides virtual router functionality.
! 282: </ul>
! 283: <p>
! 284:
! 285: <li>Security improvements:
! 286: <ul>
! 287: <li>A new function
! 288: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
! 289: to easily clear and free memory holding sensitive data has been added.
! 290: <li>Double free detection has been improved when the F
! 291: <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
! 292: The existing S option now includes F.
! 293: <li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
! 294: tty ioctl has been removed. The I/O-loops in the last two consumers
! 295: <a href="https://man.openbsd.org/csh.1">csh(1)</a> and
! 296: <a href="https://man.openbsd.org/mail.1">mail(1)</a>
! 297: were rewritten to cope with the removal.
! 298: <li>Trapsleds, a new mitigation that significantly reduces the amount of
! 299: nops in the instruction stream, replacing them with trap instructions
! 300: or jump-over-trap sequences, thereby requiring greater accuracy for
! 301: targetting potential gadgets.
! 302: <li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
! 303: files of the kernel to be relinked in a random order, creating a unique
! 304: kernel for each boot. /bsd is now non-readable to users, to try to
! 305: keep the secret.
! 306: <li>Like with libc previously,
! 307: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
! 308: startup, placing the objects in a random order.
! 309: <li>In addition to libcrypto, to deter code reuse exploits,
! 310: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
! 311: <a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
! 312: startup, placing the objects in a random order.
! 313: <li>If process accounting is activated with
! 314: <a href="https://man.openbsd.org/accton.8">accton(8)</a>,
! 315: the daily mail shows pledge violations and program crashes.
! 316: <a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
! 317: uses the flags P and T for such processes.
! 318: <li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
! 319: fork+exec model.
! 320: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
! 321: fork+exec model.
! 322: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
! 323: uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
! 324: <li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
! 325: <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> now use
! 326: <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
! 327: <li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
! 328: <li>Fixed and simplified pledge logic for
! 329: <a href="https://man.openbsd.org/nc.1">nc(1)</a>.
! 330: <li>More application of
! 331: <a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>
! 332: in userland, and tracked sizes to
! 333: <a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel.
! 334: <li>Achieve higher levels of paranoia regarding structure packing, and
! 335: clear many kernel objects before passing to userland.
! 336: <li>Disable some optimizations in
! 337: <a href="https://man.openbsd.org/clang.1">clang(1)</a>
! 338: due to incompatibility with security.
! 339: <li>For instance, cope with
! 340: <a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption
! 341: that static or const
! 342: objects placed in unknown sections (such as .openbsd.randomdata)
! 343: are surely always 0, and therefore such memory accesses can be
! 344: optimized away.
! 345: <li>In kernel, randomly bias down the top-of-stack per kthread.
! 346: </ul>
! 347: <p>
! 348:
! 349: <li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
! 350: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
! 351: <ul>
! 352: <li>Add support for echo-client-id statement to
! 353: <a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
! 354: <li>Take greater care to process all data read, and only data read, from the
! 355: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
! 356: socket.
! 357: <li>Use /dev/bpf instead of /dev/bpf0.
! 358: <li>Handle DHCPINFORM messages from clients behind a DHCP relay.
! 359: <li>Fix handling of
! 360: <a href="https://man.openbsd.org/carp.4">carp(4)</a>
! 361: interfaces in
! 362: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
! 363: <li>Don't stop
! 364: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
! 365: logging to stderr when it is started with the -d option.
! 366: </ul>
! 367: <p>
! 368:
! 369: <li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
! 370: <ul>
! 371: <li>Log messages reworked and clarified, in particular by prefixing
! 372: the name of the relevant network interface.
! 373: <li>Treat SSID as 0 to 32 bytes of binary data, not a string.
! 374: <li>Use RTM_PROPOSAL to take control of an interface rather than flipping
! 375: interface down and up in the hope that other
! 376: <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
! 377: instances notice.
! 378: <li>Reduce file operations needed by -L option by opening file at
! 379: startup and using it throughout process lifetime.
! 380: <li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
! 381: handling by reducing writes and more reliably determining which interface
! 382: has the current default route.
! 383: <li>Take greater care to process all data read, and only data read, from the
! 384: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
! 385: socket.
! 386: <li>Improve the determination of the link state of an interface.
! 387: <li>Decline inappropriate lease offers as soon as they are deemed
! 388: inappropriate.
! 389: <li>Drop support for the timestamp formats used in lease files created
! 390: more than four years ago.
! 391: <li>Accept an offer from the server that sent the first copy of
! 392: the offer, not the server that sent the last copy.
! 393: <li>Don't delete addresses and routes when exiting.
! 394: <li>Ensure IPv6 packets are not read from sockets.
! 395: <li>Don't silently ignore obsolete keywords in
! 396: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
! 397: <li>Reduce memory footprint by shrinking oversized static buffers.
! 398: <li>Eliminate repeated socket opens by opening the required sockets during
! 399: startup.
! 400: <li>Fix construction of unicast UDP packets, broken in 5.6.
! 401: <li>Improve determination of when a renewed lease requires interface
! 402: configuration changes.
! 403: <li>Don't exit when addresses are manually added or deleted from an
! 404: interface.
! 405: <li>Don't support option 33, classfull IP addresses.
! 406: <li>Fix configuration of default routes supplied by classless route options.
! 407: <li>Consider
! 408: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
! 409: contents when determining what MTU value to configure.
! 410: <li>Consider
! 411: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
! 412: contents when creating the content of
! 413: <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
! 414: <li>Delete direct routes when routes are flushed.
! 415: <li>Don't label routes with "DHCLIENT nnnn".
! 416: <li>Don't delete addresses or routes that will be immediately added back.
! 417: <li>Delete addresses and routes only when a renewal request is NAK'ed.
! 418: <li>Don't wait forever for requested information on the default route.
! 419: <li>Don't exit when an attempt to send a packet fails.
! 420: <li>Don't log a packet send when the send fails.
! 421: <li>Remove the -u option, broken since 2013 without complaints.
! 422: <li>Use /dev/bpf instead of /dev/bpf0.
! 423: </ul>
! 424: <p>
! 425:
! 426: <li>Assorted improvements:
! 427: <ul>
! 428: <li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
! 429: <a href="https://www.openbsd.org/amd64.html">amd64</a>
! 430: platforms have switched to using
! 431: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
! 432: as the base system compiler.
! 433: <li>Improved UTF-8 line editing support for
! 434: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
! 435: Emacs and Vi input mode.
! 436: <li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
! 437: a plain text format. Support for the
! 438: <a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
! 439: environment variable was added.
! 440: <li>The performance of the memory deallocator used by
! 441: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
! 442: <li>The <tt>emacs-usemeta</tt> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
! 443: flag is no longer needed and is now deprecated.
! 444: <li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
! 445: <li>New pthread
! 446: <a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
! 447: <a href="https://man.openbsd.org/pthread_cond_init">condition
! 448: variable</a> implementations improving latency
! 449: of threaded applications.
! 450: <li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
! 451: implementation written from scratch, complete in the sense that
! 452: all POSIX *locale(3) and *_l(3) functions are included, but in
! 453: OpenBSD, we of course only really care about <code>LC_CTYPE</code>
! 454: and we only support ASCII and UTF-8.
! 455: <li>Automatic hibernation and suspend by
! 456: <a href="https://man.openbsd.org/apmd">apmd</a>
! 457: when battery is low.
! 458: <li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
! 459: <a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
! 460: tools to manipulate CTF (Compact C Type Format).
! 461: <li>The error handling in
! 462: <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
! 463: has been improved.
! 464: Even if internal errors occur, the daemon tries to keep
! 465: unaffected subsystems active.
! 466: So as many messages as possible are logged.
! 467: They can be filtered by severity and facility "syslog".
! 468: <li>syslogd(8) can now suppress "last message repeated" which is
! 469: useful for remote logging.
! 470: <li>syslogd(8) can listen on multiple TLS sockets.
! 471: <li>syslogd(8) closes the *.514 UDP sockets when they are not
! 472: needed.
! 473: <li>Truncate log messages at 8192 bytes everywhere.
! 474: <li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
! 475: now skips and logs invalid config lines.
! 476: <li>Nested mount points are umounted in correct order.
! 477: <li>Fix creation of
! 478: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
! 479: CONCAT volumes.
! 480: <li>Include
! 481: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
! 482: volume and backing disk information in i/o error messages.
! 483: <li>Make
! 484: <a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
! 485: a normal
! 486: <a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
! 487: device by eliminating its use of the obsolete XS_NO_CCB mechanism.
! 488: <li>Remove last vestiges of now unused XS_NO_CCB mechanism.
! 489: <li>Userspace can now get the address of the thread control block
! 490: without a system call on OCTEON II and later.
! 491: <li>FPU is enabled on OCTEON III.
! 492: <li>GENERIC kernels now include a .SUNW_ctf section containing CTF data.
! 493: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>kill</tt>
! 494: command, send an uncatchable SIGABRT to a process.
! 495: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>pprint</tt>
! 496: command, using CTF information to "pretty print" global symbols.
! 497: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
! 498: <tt>show struct</tt> command, using CTF information to display the content
! 499: of in memory C structures.
! 500: <li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
! 501: to display the correct number of function arguments in backtraces.
! 502: <li>Power off all codecs in
! 503: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
! 504: noise in speakers and headphones on reboot.
! 505: <li>Fix i386 boot regression seen on very old 486DX CPUs.
! 506: <li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
! 507: for debugging lock order issues in the kernel.
! 508: The tool is not built in by default, and only amd64, hppa and i386
! 509: are supported.
! 510: <li>Modernize some bizzare tty behaviours of getty(8).
! 511: <li>Some subtle changes to pledge(2) to satisfy requirements observed
! 512: in real life.
! 513: <li>Prefer use of waitpid(2) rather than wait(3) where possible, to
! 514: avoid problems with pre-existing children.
! 515: <li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
! 516: in a more portable fashion.
! 517: <li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
! 518: caches</a> implemented in pools.
! 519: <li><a href="https://man.openbsd.org/pthread_mutex_lock.3">Mutex</a>,
! 520: <a href="https://man.openbsd.org/pthread_cond_wait.3">condition-variable</a>,
! 521: <a href="https://man.openbsd.org/pthread_getspecific.3">thread-specific data</a>,
! 522: <a href="https://man.openbsd.org/pthread_once.3">pthread_once(3)</a>,
! 523: and <a href="https://man.openbsd.org/pthread_exit.3">pthread_exit(3)</a>
! 524: routines moved to libc from libpthread for ease of library
! 525: use and compatibility with other OSes.
! 526: <li>Added <a href="https://man.openbsd.org/openpty.3">getptmfd(3)</a>,
! 527: <a href="https://man.openbsd.org/openpty.3">fdopenpty(3)</a>, and
! 528: <a href="https://man.openbsd.org/openpty.3">fdforkpty(3)</a>
! 529: to simplify privilege separation and use of pledge(2).
! 530: <li>Improved computational complexity in various cases of
! 531: <a href="https://man.openbsd.org/strstr.3">strstr(3)</a>,
! 532: <a href="https://man.openbsd.org/qsort.3">qsort(3)</a>,
! 533: and <a href="https://man.openbsd.org/glob.3">glob(3)</a>.
! 534: <li>Added support for <tt>EV_RECEIPT</tt> and <tt>EV_DISPATCH</tt> to
! 535: <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>.
! 536: <li>Added <a href="https://man.openbsd.org/ktrace.2">fktrace(2)</a>.
! 537: </ul>
! 538: <p>
! 539:
! 540: <li>OpenSMTPD 6.0.0
! 541: <ul>
! 542: <li>Fix an off-by-one in the config parser that made 65535 an invalid port.
! 543: <li>Fix a fd leak in the session congestion mechanism.
! 544: <li>Fix a possible crash when relaying with smtps.
! 545: <li>Remove support for the "listen secure" syntax (expicitely define two listeners for tls and smtps instead).
! 546: <li>Remove experimental support for filters.
! 547: <li>Assorted code and documentation cleanups and improvements.
! 548: </ul>
! 549: <p>
! 550:
! 551: <li>OpenSSH 7.6
! 552: <ul>
! 553: <li>Security:
! 554: <ul>
! 555: <li>sftp-server(8): in read-only mode, sftp-server was incorrectly
! 556: permitting creation of zero-length files.
! 557: </ul>
! 558: <li>New/changed features:
! 559: <ul>
! 560: <li>Add RemoteCommand option to specify a command in the
! 561: <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
! 562: config file instead of giving it on the client's command
! 563: line.
! 564: The feature allows to automate tasks using ssh config.
! 565: <li>sshd(8): add ExposeAuthInfo option that enables writing details of
! 566: the authentication methods used (including public keys where
! 567: applicable) to a file that is exposed via a $SSH_USER_AUTH
! 568: environment variable in the subsequent session.
! 569: <li>ssh(1): add support for reverse dynamic forwarding. In this mode,
! 570: ssh will act as a SOCKS4/5 proxy and forward connections
! 571: to destinations requested by the remote SOCKS client. This mode
! 572: is requested using extended syntax for the -R and RemoteForward
! 573: options and, because it is implemented solely at the client,
! 574: does not require the server be updated to be supported.
! 575: <li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
! 576: <li>ssh-keygen(1): allow inclusion of arbitrary string or flag
! 577: certificate extensions and critical options.
! 578: <li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
! 579: a CA when signing certificates.
! 580: <li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
! 581: ToS/DSCP value and just use the operating system default.
! 582: <li>ssh-add(1): added -q option to make ssh-add quiet on success.
! 583: <li>ssh(1): expand the StrictHostKeyChecking option with two new
! 584: settings. The first "accept-new" will automatically accept
! 585: hitherto-unseen keys but will refuse connections for changed or
! 586: invalid hostkeys. This is a safer subset of the current behaviour
! 587: of StrictHostKeyChecking=no. The second setting "off", is a synonym
! 588: for the current behaviour of StrictHostKeyChecking=no: accept new
! 589: host keys, and continue connection for hosts with incorrect
! 590: hostkeys. A future release will change the meaning of
! 591: StrictHostKeyChecking=no to the behaviour of "accept-new".
! 592: <li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
! 593: option in sshd(8).
! 594: </ul>
! 595: <li>The following significant bugs have been fixed in this release:
! 596: <ul>
! 597: <li>ssh(1): use HostKeyAlias if specified instead of hostname for
! 598: matching host certificate principal names.
! 599: <li>sftp(1): implement sorting for globbed ls.
! 600: <li>ssh(1): add a user@host prefix to client's "Permission denied"
! 601: messages, useful in particular when using "stacked" connections
! 602: (e.g. ssh -J) where it's not clear which host is denying.
! 603: <li>ssh(1): accept unknown EXT_INFO extension values that contain \0
! 604: characters. These are legal, but would previously cause fatal
! 605: connection errors if received.
! 606: <li>ssh(1)/sshd(8): repair compression statistics printed at
! 607: connection exit.
! 608: <li>sftp(1): print '?' instead of incorrect link count (that the
! 609: protocol doesn't provide) for remote listings.
! 610: <li>ssh(1): return failure rather than fatal() for more cases during
! 611: session multiplexing negotiations. Causes the session to fall back
! 612: to a non-mux connection if they occur.
! 613: <li>ssh(1): mention that the server may send debug messages to explain
! 614: public key authentication problems under some circumstances.
! 615: <li>Translate OpenSSL error codes to better report incorrect passphrase
! 616: errors when loading private keys.
! 617: <li>sshd(8): adjust compatibility patterns for WinSCP to correctly
! 618: identify versions that implement only the legacy DH group exchange
! 619: scheme.
! 620: <li>ssh(1): print the "Killed by signal 1" message only at LogLevel
! 621: verbose so that it is not shown at the default level; prevents it
! 622: from appearing during ssh -J and equivalent ProxyCommand configs.
! 623: <li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
! 624: existing keys if they exist but are zero length. zero-length keys
! 625: could previously be made if ssh-keygen failed or was interrupted part
! 626: way through generating them.
! 627: <li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
! 628: place the current session in the background.
! 629: <li>ssh-keyscan(1): avoid double-close() on file descriptors.
! 630: <li>sshd(8): avoid reliance on shared use of pointers shared between
! 631: monitor and child sshd processes.
! 632: <li>sshd_config(8): document available AuthenticationMethods.
! 633: <li>ssh(1): avoid truncation in some login prompts.
! 634: <li>ssh(1): make "--" before the hostname terminate argument processing
! 635: after the hostname too.
! 636: <li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
! 637: new-style private keys. Fixes problems related to private key
! 638: handling for no-OpenSSL builds.
! 639: <li>ssh(1): warn and do not attempt to use keys when the public and
! 640: private halves do not match.
! 641: <li>sftp(1): don't print verbose error message when ssh disconnects
! 642: from under sftp.
! 643: <li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
! 644: port from preventing the keepalive from being sent.
! 645: <li>sshd(8): when started without root privileges, don't require the
! 646: privilege separation user or path to exist. Makes running the
! 647: regression tests easier without touching the filesystem.
! 648: <li>Make integrity.sh regression tests more robust against timeouts.
! 649: <li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
! 650: channel IDs greater than 0x7FFFFFFF.
! 651: </ul>
! 652: </ul>
! 653: <p>
! 654:
! 655: <li>LibreSSL 2.6.3
! 656: <ul>
! 657: <li>Added support for providing CRLs to libtls - once a CRL is provided via
! 658: <a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
! 659: or
! 660: <a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
! 661: CRL checking is enabled and required for the full certificate chain.
! 662: <li>Reworked TLS certificate name verification code to more strictly
! 663: follow RFC 6125.
! 664: <li>Cleaned up and simplified server key exchange EC point handling.
! 665: <li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
! 666: simplified BIO_get_host_ip() and BIO_accept().
! 667: <li>Added definitions for three OIDs used in EV certificates.
! 668: <li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
! 669: IP addresses with SNI to connect to a libtls-based TLS server.
! 670: <li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
! 671: validation callbacks such as those in relayd.
! 672: <li>Converted explicit clear/free sequences to use
! 673: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
! 674: <li>Fixed the
! 675: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
! 676: ca command so that it generates certificates with RFC 5280-conformant time.
! 677: <li>Added
! 678: <a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
! 679: to set an ASN.1 time from a struct tm *.
! 680: <li>Added
! 681: <a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
! 682: functions.
! 683: <li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
! 684: <li>Provided a
! 685: <a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
! 686: function that frees the memory returned from a
! 687: <a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
! 688: call, ensuring that the contents become inaccessible.
! 689: <li>Implemented reference counting for libtls tls_config, allowing
! 690: <a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
! 691: to be called as soon as it has been passed to the final
! 692: <a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
! 693: call, simplifying lifetime tracking for the application.
! 694: <li>Dropped cipher suites using DSS authentication.
! 695: <li>Removed support for DSS/DSA from libssl.
! 696: <li>Distinguish between self-issued certificates and self-signed
! 697: certificates. The certificate verification code has special cases
! 698: for self-signed certificates and without this change, self-issued
! 699: certificates (which it seems are common place with
! 700: openvpn/easyrsa) were also being included in this category.
! 701: <li>Added a new TLS extension handling framework and converted all
! 702: TLS extensions to use it.
! 703: <li>Improved and added many new manpages. Updated
! 704: <a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
! 705: manpages with additional cautions regarding their use.
! 706: <li>Cleaned up and simplified EC key/curve configuration handling.
! 707: <li>Added
! 708: <a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
! 709: to libtls, which allows the names of the elliptical curves that may
! 710: be used during client and server key exchange to be specified.
! 711: <li>Converted more code paths to use CBB/CBS.
! 712: <li>Removed NPN support - NPN was never standardised and the last draft
! 713: expired in October 2012.
! 714: <li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
! 715: CryptoPro clients.
! 716: <li>Removed support for the TLS padding extension, which was added as a
! 717: workaround for an old bug in F5's TLS termination.
! 718: <li>Added ability to clamp notafter values in certificates for systems
! 719: with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
! 720: <li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
! 721: <li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
! 722: <li>Provide a useful error with libtls if there are no OCSP URLs in a
! 723: peer certificate.
! 724: <li>Keep track of which keypair is in use by a TLS context, fixing a bug
! 725: where a TLS server with SNI would only return the OCSP staple for the
! 726: default keypair.
! 727: <li>If
! 728: <a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
! 729: is called with a NULL pointer it now
! 730: returns the default protocols.
! 731: </ul>
! 732: <p>
! 733:
! 734: <li>mandoc 1.14.3
! 735: <ul>
! 736: <li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
! 737: databases are now enabled by default, allowing semantic searching
! 738: with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
! 739: without any local configuration changes.
! 740: <li>Full integration of the former
! 741: <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
! 742: utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
! 743: <code>-Wall</code>, new <code>-Wstyle</code> and
! 744: <code>-Wopenbsd</code> message levels, and many new messages,
! 745: for example about typos in <code>.Sh</code> lines,
! 746: unknown <code>.Xr</code> targets, and links to self.
! 747: <li>Additional steps unifying the
! 748: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
! 749: <a href="https://man.openbsd.org/man.7">man(7)</a>, and
! 750: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
! 751: use one common data type and
! 752: <a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
! 753: for all requests and macros and support creation of syntax tree
! 754: nodes in the roff(7) parser, allowing support for many new
! 755: low-level roff(7) features.
! 756: Only about 25 ports still need <code>USE_GROFF</code> now.
! 757: <li>Many improvements to
! 758: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
! 759: parsing and formatting,
! 760: including automatic line wrapping inside table columns.
! 761: <li>Many improvements to
! 762: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
! 763: parsing and formatting, including better font selection,
! 764: recognition of well-known mathematical function names, and writing
! 765: of <code><mn></code> and <code><mo></code> HTML tags.
! 766: <li>Intelligible rendering of mathematical symbols in
! 767: <code>-Tascii</code> output.
! 768: <li>Several parsing and rendering improvements for the
! 769: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
! 770: <code>.Lk</code> macro.
! 771: <li>Some CSS improvements in HTML output, in particular for the
! 772: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
! 773: <code>.Bl</code> macro.
! 774: </ul>
! 775: <p>
! 776:
! 777: <li>Ports and packages:
! 778: <dl>
! 779: <dt>Many pre-built packages for each architecture:
! 780: </dl>
! 781: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
! 782: <table border=0 cellspacing=0 cellpadding=2 width="95%">
! 783: <tr>
! 784: <td valign="top" width="25%">
! 785: <ul>
! 786: <li>aarch64: XXXX
! 787: <li>amd64: XXXX
! 788: <li>arm: XXXX
! 789: </ul></td><td valign=top width="25%"><ul>
! 790: <li>hppa: XXXX
! 791: <li>i386: XXXX
! 792: <li>mips64: XXXX
! 793: </ul></td><td valign=top width="25%"><ul>
! 794: <li>mips64el: XXXX
! 795: <li>powerpc: XXXX
! 796: <li>sparc64: XXXX
! 797: </ul></td></tr></table>
! 798: <p>
! 799:
! 800: <dl>
! 801: <dt>Some highlights:
! 802: </dl>
! 803: <table border=0 cellspacing=0 cellpadding=2 width="95%">
! 804: <tr>
! 805: <td valign="top" width="50%"><ul>
! 806: <li>AFL 2.51b
! 807: <li>CMake 3.9.3
! 808: <li>Chromium 61.0.3163.100
! 809: <li>Emacs 21.4 and 25.3
! 810: <li>GCC 4.9.4
! 811: <li>GHC 7.10.3
! 812: <li>Gimp 2.8.22
! 813: <li>GNOME 3.24.2
! 814: <li>Go 1.9
! 815: <li>Groff 1.22.3
! 816: <li>JDK 8u144
! 817: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
! 818: <li>LLVM/Clang 5.0.0
! 819: <li>LibreOffice 5.2.7.2
! 820: <li>Lua 5.1.5, 5.2.4, and 5.3.4
! 821: <li>MariaDB 10.0.32
! 822: <li>Mozilla Firefox 52.4.0esr and 56.0.0
! 823: <li>Mozilla Thunderbird 52.2.1
! 824: </ul></td><td valign=top width="50%"><ul>
! 825: <li>Mutt 1.9.1 and NeoMutt 20170912
! 826: <li>Node.js 6.11.2
! 827: <li>Ocaml 4.03.0
! 828: <li>OpenLDAP 2.3.43 and 2.4.45
! 829: <li>PHP 5.6.31 and 7.0.23
! 830: <li>Postfix 3.2.2 and 3.3-20170910
! 831: <li>PostgreSQL 9.6.5
! 832: <li>Python 2.7.14 and 3.6.2
! 833: <li>R 3.4.1
! 834: <li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
! 835: <li>Rust 1.20.0
! 836: <li>Sendmail 8.16.0.21
! 837: <li>SQLite3 3.20.1
! 838: <li>Sudo 1.8.21.2
! 839: <li>Tcl/Tk 8.5.19 and 8.6.6
! 840: <li>TeX Live 2016
! 841: <li>Vim 8.0.0987
! 842: <li>Xfce 4.12
! 843: </ul></td></tr></table>
! 844: <p>
! 845:
! 846: <li>As usual, steady improvements in manual pages and other documentation.
! 847: <p>
! 848:
! 849: <li>The system includes the following major components from outside suppliers:
! 850: <ul>
! 851: <li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
! 852: freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
! 853: xkeyboard-config 2.20 and more)
! 854: <li>LLVM/Clang 4.0.0 (+ patches)
! 855: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
! 856: <li>Perl 5.24.2 (+ patches)
! 857: <li>NSD 4.1.17
! 858: <li>Unbound 1.6.6
! 859: <li>Ncurses 5.7
! 860: <li>Binutils 2.17 (+ patches)
! 861: <li>Gdb 6.3 (+ patches)
! 862: <li>Awk Aug 10, 2011 version
! 863: <li>Expat 2.2.4
! 864: </ul>
! 865: </ul>
! 866:
! 867: <hr>
! 868:
! 869: <h3 id="install"><font color="#0000e0">How to install</font></h3>
! 870:
! 871: Please refer to the following files on the mirror site for
! 872: extensive details on how to install OpenBSD 6.3 on your machine:
! 873:
! 874: <ul>
! 875: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/alpha/INSTALL.alpha">
! 876: .../OpenBSD/6.3/alpha/INSTALL.alpha</a>
! 877: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/INSTALL.amd64">
! 878: .../OpenBSD/6.3/amd64/INSTALL.amd64</a>
! 879: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/arm64/INSTALL.arm64">
! 880: .../OpenBSD/6.3/arm64/INSTALL.arm64</a>
! 881: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/armv7/INSTALL.armv7">
! 882: .../OpenBSD/6.3/armv7/INSTALL.armv7</a>
! 883: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/hppa/INSTALL.hppa">
! 884: .../OpenBSD/6.3/hppa/INSTALL.hppa</a>
! 885: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/i386/INSTALL.i386">
! 886: .../OpenBSD/6.3/i386/INSTALL.i386</a>
! 887: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/landisk/INSTALL.landisk">
! 888: .../OpenBSD/6.3/landisk/INSTALL.landisk</a>
! 889: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/loongson/INSTALL.loongson">
! 890: .../OpenBSD/6.3/loongson/INSTALL.loongson</a>
! 891: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/luna88k/INSTALL.luna88k">
! 892: .../OpenBSD/6.3/luna88k/INSTALL.luna88k</a>
! 893: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/macppc/INSTALL.macppc">
! 894: .../OpenBSD/6.3/macppc/INSTALL.macppc</a>
! 895: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/octeon/INSTALL.octeon">
! 896: .../OpenBSD/6.3/octeon/INSTALL.octeon</a>
! 897: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/sgi/INSTALL.sgi">
! 898: .../OpenBSD/6.3/sgi/INSTALL.sgi</a>
! 899: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/sparc64/INSTALL.sparc64">
! 900: .../OpenBSD/6.3/sparc64/INSTALL.sparc64</a>
! 901: </ul>
! 902:
! 903: <hr>
! 904:
! 905: <p>
! 906: Quick installer information for people familiar with OpenBSD, and the use of
! 907: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
! 908: If you are at all confused when installing OpenBSD, read the relevant
! 909: INSTALL.* file as listed above!
! 910:
! 911: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
! 912:
! 913: <ul style="list-style-type: none">
! 914: <li>
! 915: Write <i>floppy63.fs</i> or <i>floppyB63.fs</i> (depending on your machine)
! 916: to a diskette and enter <i>boot dva0</i>.
! 917: Refer to INSTALL.alpha for more details.
! 918: <p>
! 919: <li>
! 920: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! 921: will most likely fail.
! 922: </ul>
! 923:
! 924: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
! 925:
! 926: <ul style="list-style-type: none">
! 927: <li>
! 928: If your machine can boot from CD, you can write <i>install63.iso</i> or
! 929: <i>cd63.iso</i> to a CD and boot from it.
! 930: You may need to adjust your BIOS options first.
! 931: <p>
! 932: <li>
! 933: If your machine can boot from USB, you can write <i>install63.fs</i> or
! 934: <i>miniroot63.fs</i> to a USB stick and boot from it.
! 935: <p>
! 936: <li>
! 937: If you can't boot from a CD, floppy disk, or USB,
! 938: you can install across the network using PXE as described in the included
! 939: INSTALL.amd64 document.
! 940: <p>
! 941: <li>
! 942: If you are planning to dual boot OpenBSD with another OS, you will need to
! 943: read INSTALL.amd64.
! 944: </ul>
! 945:
! 946: <h3><font color="#e00000">OpenBSD/arm64:</font></h3>
! 947:
! 948: <ul style="list-style-type: none">
! 949: <li>
! 950: Write <i>miniroot63.fs</i> to a disk and boot from it after connecting
! 951: to the serial console. Refer to INSTALL.arm64 for more details.
! 952: <p>
! 953: </ul>
! 954:
! 955: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
! 956:
! 957: <ul style="list-style-type: none">
! 958: <li>
! 959: Write a system specific miniroot to an SD card and boot from it after connecting
! 960: to the serial console. Refer to INSTALL.armv7 for more details.
! 961: <p>
! 962: </ul>
! 963:
! 964: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
! 965:
! 966: <ul style="list-style-type: none">
! 967: <li>
! 968: Boot over the network by following the instructions in INSTALL.hppa or the
! 969: <a href="hppa.html#install">hppa platform page</a>.
! 970: </ul>
! 971:
! 972: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
! 973:
! 974: <ul style="list-style-type: none">
! 975: <li>
! 976: If your machine can boot from CD, you can write <i>install63.iso</i> or
! 977: <i>cd63.iso</i> to a CD and boot from it.
! 978: You may need to adjust your BIOS options first.
! 979: <p>
! 980: <li>
! 981: If your machine can boot from USB, you can write <i>install63.fs</i> or
! 982: <i>miniroot63.fs</i> to a USB stick and boot from it.
! 983: <p>
! 984: <li>
! 985: If you can't boot from a CD, floppy disk, or USB,
! 986: you can install across the network using PXE as described in
! 987: the included INSTALL.i386 document.
! 988: <p>
! 989: <li>
! 990: If you are planning on dual booting OpenBSD with another OS, you will need to
! 991: read INSTALL.i386.
! 992: </ul>
! 993:
! 994: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
! 995:
! 996: <ul style="list-style-type: none">
! 997: <li>
! 998: Write <i>miniroot63.fs</i> to the start of the CF
! 999: or disk, and boot normally.
! 1000: </ul>
! 1001:
! 1002: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
! 1003:
! 1004: <ul style="list-style-type: none">
! 1005: <li>
! 1006: Write <i>miniroot63.fs</i> to a USB stick and boot bsd.rd from it
! 1007: or boot bsd.rd via tftp.
! 1008: Refer to the instructions in INSTALL.loongson for more details.
! 1009: </ul>
! 1010:
! 1011: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
! 1012:
! 1013: <ul style="list-style-type: none">
! 1014: <li>
! 1015: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
! 1016: from the PROM, and then bsd.rd from the bootloader.
! 1017: Refer to the instructions in INSTALL.luna88k for more details.
! 1018: </ul>
! 1019:
! 1020: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
! 1021:
! 1022: <ul style="list-style-type: none">
! 1023: <li>
! 1024: Burn the image from a mirror site to a CDROM, and power on your machine
! 1025: while holding down the <i>C</i> key until the display turns on and
! 1026: shows <i>OpenBSD/macppc boot</i>.
! 1027: <p>
! 1028: <li>
! 1029: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
! 1030: /6.3/macppc/bsd.rd</i>
! 1031: </ul>
! 1032:
! 1033: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
! 1034:
! 1035: <ul style="list-style-type: none">
! 1036: <li>
! 1037: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
! 1038: Refer to the instructions in INSTALL.octeon for more details.
! 1039: </ul>
! 1040:
! 1041: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
! 1042:
! 1043: <ul style="list-style-type: none">
! 1044: <li>
! 1045: To install, burn cd63.iso on a CD-R, put it in the CD drive of your
! 1046: machine and select <i>Install System Software</i> from the System Maintenance
! 1047: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
! 1048: CD-ROM, and need a proper invocation from the PROM prompt.
! 1049: Refer to the instructions in INSTALL.sgi for more details.
! 1050:
! 1051: <p>
! 1052: <li>
! 1053: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
! 1054: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
! 1055: system type. Refer to the instructions in INSTALL.sgi for more details.
! 1056: </ul>
! 1057:
! 1058: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
! 1059:
! 1060: <ul style="list-style-type: none">
! 1061: <li>
! 1062: Burn the image from a mirror site to a CDROM, boot from it, and type
! 1063: <i>boot cdrom</i>.
! 1064: <p>
! 1065: <li>
! 1066: If this doesn't work, or if you don't have a CDROM drive, you can write
! 1067: <i>floppy63.fs</i> or <i>floppyB63.fs</i>
! 1068: (depending on your machine) to a floppy and boot it with <i>boot
! 1069: floppy</i>. Refer to INSTALL.sparc64 for details.
! 1070: <p>
! 1071: <li>
! 1072: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! 1073: will most likely fail.
! 1074: <p>
! 1075: <li>
! 1076: You can also write <i>miniroot63.fs</i> to the swap partition on
! 1077: the disk and boot with <i>boot disk:b</i>.
! 1078: <p>
! 1079: <li>
! 1080: If nothing works, you can boot over the network as described in INSTALL.sparc64.
! 1081: </ul>
! 1082:
! 1083: <hr>
! 1084:
! 1085: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
! 1086:
! 1087: If you already have an OpenBSD 6.1 system, and do not want to reinstall,
! 1088: upgrade instructions and advice can be found in the
! 1089: <a href="faq/upgrade63.html">Upgrade Guide</a>.
! 1090: <p>
! 1091:
! 1092: <hr>
! 1093:
! 1094: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
! 1095:
! 1096: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
! 1097: This file contains everything you need except for the kernel sources,
! 1098: which are in a separate archive.
! 1099: To extract:
! 1100:
! 1101: <blockquote><pre>
! 1102: # <b>mkdir -p /usr/src</b>
! 1103: # <b>cd /usr/src</b>
! 1104: # <b>tar xvfz /tmp/src.tar.gz</b>
! 1105: </pre></blockquote>
! 1106:
! 1107: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
! 1108: This file contains all the kernel sources you need to rebuild kernels.
! 1109: To extract:
! 1110:
! 1111: <blockquote><pre>
! 1112: # <b>mkdir -p /usr/src/sys</b>
! 1113: # <b>cd /usr/src</b>
! 1114: # <b>tar xvfz /tmp/sys.tar.gz</b>
! 1115: </pre></blockquote>
! 1116:
! 1117: Both of these trees are a regular CVS checkout. Using these trees it
! 1118: is possible to get a head-start on using the anoncvs servers as
! 1119: described <a href="anoncvs.html">here</a>.
! 1120: Using these files
! 1121: results in a much faster initial CVS update than you could expect from
! 1122: a fresh checkout of the full OpenBSD source tree.
! 1123: <p>
! 1124:
! 1125: <hr>
! 1126:
! 1127: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
! 1128:
! 1129: A ports tree archive is also provided. To extract:
! 1130:
! 1131: <blockquote><pre>
! 1132: # <b>cd /usr</b>
! 1133: # <b>tar xvfz /tmp/ports.tar.gz</b>
! 1134: </pre></blockquote>
! 1135:
! 1136: Go read the <a href="faq/ports/index.html">ports</a> page
! 1137: if you know nothing about ports
! 1138: at this point. This text is not a manual of how to use ports.
! 1139: Rather, it is a set of notes meant to kickstart the user on the
! 1140: OpenBSD ports system.
! 1141: <p>
! 1142: The <i>ports/</i> directory represents a CVS checkout of our ports.
! 1143: As with our complete source tree, our ports tree is available via
! 1144: <a href="anoncvs.html">AnonCVS</a>.
! 1145: So, in order to keep up to date with the -stable branch, you must make
! 1146: the <i>ports/</i> tree available on a read-write medium and update the tree
! 1147: with a command like:
! 1148:
! 1149: <blockquote><pre>
! 1150: # <b>cd /usr/ports</b>
! 1151: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_3</b>
! 1152: </pre></blockquote>
! 1153:
! 1154: [Of course, you must replace the server name here with a nearby anoncvs
! 1155: server.]
! 1156: <p>
! 1157: Note that most ports are available as packages on our mirrors. Updated
! 1158: ports for the 6.3 release will be made available if problems arise.
! 1159: <p>
! 1160: If you're interested in seeing a port added, would like to help out, or just
! 1161: would like to know more, the mailing list
! 1162: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
! 1163: <p>
! 1164: </body>
! 1165: </html>