version 1.76, 2018/10/16 02:02:38 |
version 1.77, 2018/10/16 03:39:39 |
|
|
<ul> |
<ul> |
<li>ACPI support on OpenBSD/arm64 platforms. |
<li>ACPI support on OpenBSD/arm64 platforms. |
<li>The <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> |
<li>The <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> |
driver was updated to code based on Linux 4.4.155 adding modesetting |
driver was updated to code based on Linux 4.4.155, adding modesetting |
support for KAVERI/KABINI/MULLINS APUs and |
support for KAVERI/KABINI/MULLINS APUs and |
OLAND/BONAIRE/HAINAN/HAWAII GPUs. |
OLAND/BONAIRE/HAINAN/HAWAII GPUs. |
<li>Support for |
<li>Support for |
|
|
<a href="https://man.openbsd.org/mfii.4">mfii(4)</a>. |
<a href="https://man.openbsd.org/mfii.4">mfii(4)</a>. |
<li>On i386 Intel CPU microcode is loaded on boot. |
<li>On i386 Intel CPU microcode is loaded on boot. |
<li>On sparc64 <a href="https://man.openbsd.org/ldomctl.8">ldomctl(8)</a> |
<li>On sparc64 <a href="https://man.openbsd.org/ldomctl.8">ldomctl(8)</a> |
now supports more modern firmwares found on SPARC T2+ and T3 machines in |
now supports more modern firmware found on SPARC T2+ and T3 machines in |
particular such as T1000, T5120 and T5240. |
particular such as T1000, T5120 and T5240. |
NVRAM variables can now be set per logical domain. |
NVRAM variables can now be set per logical domain. |
<li><a href="https://man.openbsd.org/com.4">com(4)</a> |
<li><a href="https://man.openbsd.org/com.4">com(4)</a> |
|
|
<li>New <a href="https://man.openbsd.org/islrtc.4">islrtc</a> |
<li>New <a href="https://man.openbsd.org/islrtc.4">islrtc</a> |
driver for Intersil ISL1208 Real Time Clock. |
driver for Intersil ISL1208 Real Time Clock. |
<li>Support for the Huawei k3772 in |
<li>Support for the Huawei k3772 in |
<a href="https://man.openbsd.org/umsm.4">umsm</a>. |
<a href="https://man.openbsd.org/umsm.4">umsm(4)</a>. |
<li>Support for the VIA VX900 chipset in |
<li>Support for the VIA VX900 chipset in |
<a href="https://man.openbsd.org/viapm.4">viapm(4)</a>. |
<a href="https://man.openbsd.org/viapm.4">viapm(4)</a>. |
<li>Support for GNSS networks other than GPS in |
<li>Support for GNSS networks other than GPS in |
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/trunk.4">trunk(4)</a> |
<li><a href="https://man.openbsd.org/trunk.4">trunk(4)</a> |
now has LACP administrative knobs for: mode, timeout, system priority, |
now has LACP administrative knobs for mode, timeout, system priority, |
port priority, and ifq priority. |
port priority, and ifq priority. |
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
now has the ability to adjust LACP administrative knobs: |
now has the ability to adjust LACP administrative knobs |
<code>lacpmode</code> and <code>lacptimeout</code>. |
<code>lacpmode</code> and <code>lacptimeout</code>. |
<li><a href="https://man.openbsd.org/sendmsg.2">sendmsg(2)</a>, |
<li><a href="https://man.openbsd.org/sendmsg.2">sendmsg(2)</a>, |
<a href="https://man.openbsd.org/sendto.2">sendto(2)</a>, |
<a href="https://man.openbsd.org/sendto.2">sendto(2)</a>, |
|
|
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/installurl.5">installurl(5)</a> now |
<li><a href="https://man.openbsd.org/installurl.5">installurl(5)</a> now |
defaults to |
defaults to |
<a href="https://cdn.openbsd.org/pub/OpenBSD">cdn.openbsd.org</a> if it |
<a href="ftp.html">cdn.openbsd.org</a> if |
does not exist and no official mirror was used to get working |
no mirror was chosen during installation. |
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and |
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and |
<a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a> experience |
<a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a> |
out of the box. |
will thus work out of the box. |
<li>DUID can be used to answer the "Which disk is the root disk?" |
<li>DUID can be used to answer the "Which disk is the root disk?" |
question during upgrade. |
question during upgrade. |
<li>Installing a |
<li>Installing a |
|
|
use per-function random cookies to protect access to function |
use per-function random cookies to protect access to function |
return instructions, making them harder to use in ROP gadgets. |
return instructions, making them harder to use in ROP gadgets. |
<li><a href="https://man.openbsd.org/clang-local.1">clang(1)</a> |
<li><a href="https://man.openbsd.org/clang-local.1">clang(1)</a> |
includes a pass which identifies common instructions which |
includes a pass that identifies common instructions which |
may be useful in ROP gadgets and replaces them with safe |
may be useful in ROP gadgets and replaces them with safe |
alternatives on amd64 and i386. |
alternatives on amd64 and i386. |
<li>The Retpoline mitigation against Spectre Variant 2 has been |
<li>The Retpoline mitigation against Spectre Variant 2 has been |
|
|
<li>Meltdown mitigation was added to i386. |
<li>Meltdown mitigation was added to i386. |
<li>amd64 now uses eager-FPU switching to prevent FPU state |
<li>amd64 now uses eager-FPU switching to prevent FPU state |
information speculatively leaking across protection boundaries. |
information speculatively leaking across protection boundaries. |
<li>Because Simultaneous multithreading (SMT) uses core resources in |
<li>Because Simultaneous MultiThreading (SMT) uses core resources in |
a shared and unsafe manner, it is now disabled by default |
a shared and unsafe manner, it is now disabled by default. |
and can be enabled with the new <code>hw.smt</code> |
It and can be enabled with the new <code>hw.smt</code> |
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. |
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. |
<li>Audio recording is now disabled by default and can be enabled |
<li>Audio recording is now disabled by default and can be enabled |
with the new <code>kern.audio.record</code> |
with the new <code>kern.audio.record</code> |
|
|
<a href="https://man.openbsd.org/getpwnam.3">getpwuid(3)</a> no |
<a href="https://man.openbsd.org/getpwnam.3">getpwuid(3)</a> no |
longer return a pointer to static storage but a managed allocation |
longer return a pointer to static storage but a managed allocation |
which gets unmapped. This allows detection of access to stale entries. |
which gets unmapped. This allows detection of access to stale entries. |
<li><a href="https://man.openbsd.org/sshd.8">sshd</a> includes |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a> includes |
improved defence against user enumeration attacks. |
improved defence against user enumeration attacks. |
</ul> |
</ul> |
<p> |
<p> |
|
|
bound into an alternate routing domain. |
bound into an alternate routing domain. |
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> is |
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> is |
now pledged. |
now pledged. |
<li>Prevent ospfd(8) and ospf6d(8) to be started more than once |
<li>Prevent ospfd(8) and ospf6d(8) from being started more than once |
(in the same routing domain). |
(in the same routing domain). |
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> is now fully |
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> is now fully |
pledged. |
pledged. |
|
|
the kernel when Duplicate Address Detection (DAD) fails and generates |
the kernel when Duplicate Address Detection (DAD) fails and generates |
different addresses when possible. |
different addresses when possible. |
<li>When <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> detects |
<li>When <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> detects |
roaming between networks it deprecates all configured IPs. IPs from |
roaming between networks, it deprecates all configured IPs. IPs from |
newly advertised prefixes will be preferred. |
newly advertised prefixes will be preferred. |
<li>A new daemon, <a href="https://man.openbsd.org/rad.8">rad(8)</a> sends |
<li>A new daemon, <a href="https://man.openbsd.org/rad.8">rad(8)</a>, sends |
IPv6 Router Advertisement messages and replaces the old rtadvd(8) |
IPv6 Router Advertisement messages and replaces the old rtadvd(8) |
daemon from KAME. |
daemon from KAME. |
<li>The anachronistic |
<li>The anachronistic |
|
|
<a href="https://man.openbsd.org/dhclient.leases.5">dhclient.leases(5)</a>, |
<a href="https://man.openbsd.org/dhclient.leases.5">dhclient.leases(5)</a>, |
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>, |
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>, |
and any '-L' |
and any '-L' |
file before going daemon and returning control |
file before daemonizing and returning control |
to invoking scripts. |
to invoking scripts. |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>'s |
'-i' option now discards any previously defined values for the options |
'-i' option now discards any previously defined values for the options |
to be ignored. |
to be ignored. |
<li>Any change to any interface now causes |
<li>Any change to any interface now causes |
|
|
now always records the client identifier used to obtain a lease, |
now always records the client identifier used to obtain a lease, |
enabling better conformance to RFC 6842. |
enabling better conformance to RFC 6842. |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
now has the option '-r' to release the current lease and exit. |
now has the '-r' option to release the current lease and exit. |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
now avoids inappropriate changes to |
now avoids inappropriate changes to |
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> |
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> |
|
|
|
|
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> improvements: |
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> improvements: |
<ul> |
<ul> |
<li>The default filter actions was changed from allow to deny. |
<li>The default filter action was changed from allow to deny. |
<li>The config option 'announce (all|self|none|default-route)' |
<li>The config option 'announce (all|self|none|default-route)' |
has been deprecated and superseded by filter configuration. |
has been deprecated and superseded by filter configuration. |
<li>Improved prefix-sets both in speed and user experience. |
<li>Improved prefix-sets both in speed and user experience. |
<li>Introduced as-sets to match ASPATH against large lists of AS numbers. |
<li>Introduced as-sets to match ASPATH against large lists of AS numbers. |
<li>Support for BGP Origin Validation. |
<li>Support for BGP Origin Validation |
<a href="https://tools.ietf.org/html/rfc6811">RFC 6811</a> |
<a href="https://tools.ietf.org/html/rfc6811">RFC 6811</a> |
through the <code>roa-set</code> directive. |
through the <code>roa-set</code> directive. |
<li>Added origin-sets for matching prefix / origin AS pairs efficently. |
<li>Added origin-sets for matching prefix / origin AS pairs efficently. |
<li>Some syntax cleanups; newlines are optional inside expansion |
<li>Some syntax cleanups: newlines are optional inside expansion |
lists (previously newlines needed to be escaped), but in neighbor, |
lists (previously newlines needed to be escaped) but, in neighbor, |
group and rdomain blocks multiple statements have to be on new lines. |
group and rdomain blocks multiple statements have to be on new lines. |
<li>Reduce the amount of work done during a configuration reload. |
<li>Reduce the amount of work done during a configuration reload. |
<li>Make config reload not block other event handling in the |
<li>Config reloading no longer blocks other event handling in the |
route decision engine. |
route decision engine. |
<li>Better support and bugfixes for multiple bgpd processes |
<li>Better support and bugfixes for multiple bgpd processes |
running in different rdomains. |
running in different rdomains. |
|
|
<li><a href="https://man.openbsd.org/uid_from_user.3">uid_from_user(3)</a> |
<li><a href="https://man.openbsd.org/uid_from_user.3">uid_from_user(3)</a> |
and |
and |
<a href="https://man.openbsd.org/gid_from_group.3">gid_from_group(3)</a> |
<a href="https://man.openbsd.org/gid_from_group.3">gid_from_group(3)</a> |
were added to the C library and are now used in several programs, |
were added to the C library and are now used in several programs |
to speed up repeated lookups. |
to speed up repeated lookups. |
<li>New semaphore implementation making |
<li>New semaphore implementation making |
<a href="https://man.openbsd.org/sem_post.3">sem_post(3)</a> |
<a href="https://man.openbsd.org/sem_post.3">sem_post(3)</a> |
|
|
now changes partition information only when all user |
now changes partition information only when all user |
input is valid. |
input is valid. |
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> has |
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> has |
improved log directives in it's configuration file for finer |
improved log directives in its configuration file for finer |
grained control of what gets logged. |
grained control of what gets logged. |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
now handles terminfo colors greater than 256 correctly. |
now handles terminfo colors greater than 256 correctly. |
|
|
</ul> |
</ul> |
<p> |
<p> |
|
|
|
<!-- XXX should be 7.9 --> |
<li><a href="https://www.openssh.com/releasenotes.html#7.8">OpenSSH 7.8</a> |
<li><a href="https://www.openssh.com/releasenotes.html#7.8">OpenSSH 7.8</a> |
<ul> |
<ul> |
<li>New features: |
<li>New features: |
|
|
in <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> |
in <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> |
authentication log messages. |
authentication log messages. |
</ul> |
</ul> |
<li>Non-exhaustive list of Bugfixes: |
<li>Non-exhaustive list of bug fixes: |
<ul> |
<ul> |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>ssh(1), |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: |
<a href="http://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
<a href="http://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
avoid spurious "invalid format" errors when attempting to load |
avoid spurious "invalid format" errors when attempting to load |
PEM private keys while using an incorrect passphrase. |
PEM private keys while using an incorrect passphrase. |
|
|
<li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: do not |
<li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: do not |
fail closed when configured with a text key revocation list |
fail closed when configured with a text key revocation list |
that contains a too-short key. |
that contains a too-short key. |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:treat |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: treat |
connections with ProxyJump specified the same as ones with a |
connections with ProxyJump specified the same as ones with a |
ProxyCommand set with regards to hostname canonicalisation |
ProxyCommand set with regards to hostname canonicalisation |
(i.e. don't try to canonicalise the hostname unless |
(i.e. don't try to canonicalise the hostname unless |
|
|
has been entirely rewritten and now figures out MULTI_PACKAGES and |
has been entirely rewritten and now figures out MULTI_PACKAGES and |
variable substitution almost 100%. |
variable substitution almost 100%. |
<li>New packages now run maintenance database tools like |
<li>New packages now run maintenance database tools like |
update-desktop-database just once instead of after |
update-desktop-database just once instead of after |
every package addition/removal. |
every package addition/removal. |
</ul> |
</ul> |
<dl> |
<dl> |