Annotation of www/66.html, Revision 1.54
1.7 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.1 beck 5: <title>OpenBSD 6.6</title>
6: <meta name="description" content="OpenBSD 6.6">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/66.html">
10:
1.7 bentley 11: <h2 id=OpenBSD>
1.1 beck 12: <a href="index.html">
1.7 bentley 13: <i>Open</i><b>BSD</b></a>
14: 6.6
1.1 beck 15: </h2>
16:
1.7 bentley 17: <table>
18: <tr>
19: <td>
1.21 benno 20: <a href="images/Puffystock.gif"><!-- XXX -->
21: <img alt="XXX" width="227" height="343" src="images/Puffystock-s.gif"></a>
1.7 bentley 22: <td>
1.1 beck 23: Released XXX, 2019<br>
24: Copyright 1997-2019, Theo de Raadt.<br>
25: <br>
26: <br>
1.21 benno 27: Artwork by XXX Y Z.<!-- XXX -->
1.1 beck 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
1.7 bentley 32: <li>Go to the <code class=reldir>pub/OpenBSD/6.6/</code> directory on
1.1 beck 33: one of the mirror sites.
34: <li>Have a look at <a href="errata66.html">the 6.6 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus66.html">detailed log of changes</a> between the
37: 6.5 and 6.6 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
1.7 bentley 42: <table class=signify>
43: <tr><td>
44: openbsd-66-base.pub:
1.1 beck 45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/openbsd-66-base.pub">
1.21 benno 47: RWSvK/c+cFe24BIalifKnqoqdvLlXfeZ9MIj3MINndNeKgyYw5PpcWGn</a>
1.7 bentley 48: <tr><td>
1.1 beck 49: openbsd-66-fw.pub:
1.7 bentley 50: <td>
1.21 benno 51: RWSKyzM3wogTrgHkO88MnRiK/yuu8xy2OeIqhnP/uGL/j2IF4I5djMIM
1.7 bentley 52: <tr><td>
1.1 beck 53: openbsd-66-pkg.pub:
1.7 bentley 54: <td>
1.21 benno 55: RWSS4lqHZ5ayOFMBPj3leAkE9tCsSWG9OxD6MmAIS5Y3H3tD6F4vP/eF
1.7 bentley 56: <tr><td>
1.1 beck 57: openbsd-66-syspatch.pub:
1.7 bentley 58: <td>
1.21 benno 59: RWRQMmZg6mMlSTfHsJH9czeLAvf9e+ViLvkQ4id4dxaQqWU3aX9Cl/W1
1.1 beck 60: </table>
1.7 bentley 61: </ul>
1.1 beck 62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
1.9 deraadt 65: files fetched via <code>ports.tar.gz</code>.
1.7 bentley 66: </table>
1.1 beck 67:
68: <hr>
69:
1.7 bentley 70: <section id=new>
71: <h3>What's New</h3>
72: <p>
1.1 beck 73: This is a partial list of new features and systems included in OpenBSD 6.6.
74: For a comprehensive list, see the <a href="plus66.html">changelog</a> leading
75: to 6.6.
76:
77: <ul>
78:
1.21 benno 79: <li>General improvements and bugfixes::
80: <ul>
81: <li>Fixed support for amd64 machines with greater than 1023GB
82: physical memory.
83: <li><a href="https://man.openbsd.org/drm.4">drm(4)</a> updates.
1.31 brynet 84: <li>The octeon platform is now using
85: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
86: as the base system compiler.
87: <li>The powerpc architecture is now provided with
1.21 benno 88: <a href="https://man.openbsd.org/clang.1">clang(1)</a>, in
1.42 benno 89: addition to aarch64, amd64, armv7, i386, mips64el, sparc64.
1.21 benno 90: <li>Disabled <a href="https://man.openbsd.org/gcc.1">gcc</a> in
1.34 fcambus 91: base on armv7 and i386.
1.21 benno 92: <li>Prevented <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
93: from repeatedly obtaining a new lease when the mtu is given in a
94: lease.
95: <li>Prevented more than one thread from opening a
96: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> device in
97: read/write mode.
98: <li>Allowed non-root users to become owner of the
99: <a href="https://man.openbsd.org/drm.4">drm(4)</a> device when they are
100: the first to open it.
101: <li>Added regular expression support for the format search, match
102: and substitute modifiers in
103: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
104: <li>Added a -v flag to source-file in
105: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to show the commands
106: and line numbers.
107: <li>Added simple menus usable with mouse or keyboard in
108: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
109: Introduced the command "display-menu" to show a menu bound to
110: the mouse on status line by default, and added menus in tree,
1.23 fcambus 111: client and buffer modes.
1.21 benno 112: <li>Changed the behavior of swap-window -d in
113: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to match
114: swap-pane.
115: <li>Allow panes to be empty in
116: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>, and
117: enabling output to be piped to them with split-window or
118: display-message -I.
119: <li>Adjusted <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
120: to automatically scroll when dragging to create a selection with
121: the mouse when the cursor reaches the top or bottom line.
122: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
123: crash when killing the current window, and other bugfixes.
124: </ul>
125:
126: <li>SMP-Improvements, System call unlocking: ... <!-- XXX -->
127: <ul>
128: <li>Unlocked <a href="https://man.openbsd.org/getrlimit.2">getrlimit(2)</a>
129: and <a href="https://man.openbsd.org/setrlimit.2">setrlimit(2)</a>
1.34 fcambus 130: syscalls.
1.21 benno 131: <li>Unlocked <a href="https://man.openbsd.org/read.2">read(2)</a> and
132: <a href="https://man.openbsd.org/write.2">write(2)</a> syscalls.
133: <li>Removed the KERNEL_LOCK from
134: the <a href="https://man.openbsd.org/bridge.4">bridge(4)</a>
1.23 fcambus 135: output fast-path.
1.21 benno 136: <li>Made resource limit access MP-safe.
1.37 anton 137: <li>Made
138: <a href="https://man.openbsd.org/file.9">file(9)</a>
139: offset access MP-safe.
1.21 benno 140: </ul>
141:
1.1 beck 142: <li>Improved hardware support, including:
1.21 benno 143: <ul>
1.25 jsg 144: <li>Added support for Ethernet on Lenovo USB-C docks.
1.21 benno 145: <li>Implemented Linux compatibility
146: <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>
147: interfaces and enabled the ACPI support code in
148: <a href="https://man.openbsd.org/radeon.4">radeon(4)</a> and
149: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
150: <li>Implemented backlight control for
151: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, allowing setting
152: of the backlight using
153: <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
154: <li>Speakers now work on the ThinkPad X1C7.
155: <li>Added <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, an AMD
1.25 jsg 156: Radeon GPU video driver.
1.21 benno 157: <li>Added TSC synchronization for multiprocessor machines and re-enabled TSC
158: as the default amd64 time source.
159: <li>Added support of Realtek ALC285 in
160: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
161: <li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support
162: for the KSMedia 8-bit IR format and for dual functions on integrated USB
163: cameras.
1.41 solene 164: <li>Added the <a href="https://man.openbsd.org/aplgpio.4">aplgpio(4)</a>
1.45 fcambus 165: driver for the GPIO controllers on Intel's Apollo Lake SoC.
1.21 benno 166: <li>Implemented MSI-X support on sparc64.
167: <li>Skipped PCI host bridges and devices not present with
168: <a href="https://man.openbsd.org/acpi.1">acpi(1)</a> when establishing
169: the mapping between ACPI device nodes and PCI devices.
170: <li>Added the <a href="https://man.openbsd.org/ukspan.4">ukspan(4)</a>
171: driver for the Keyspan USA19HS USB serial adapter.
1.43 jmatthew 172: <li>Improved support for SAS3 controllers, made device enumeration during
173: boot more reliable, and enabled 64bit DMA for io in
1.21 benno 174: <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
175: <li>Fixed MSI/MSI-X on arm64 machines with
176: <a href="https://man.openbsd.org/agintc.4">agintc(4)</a>.
177: <li>Added MSI-X support in
178: <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>, pciecam,
179: <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> and
180: <a href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
181: <li>Improved support for type4 devices in the
182: <a href="https://man.openbsd.org/ubcmtp.4">ubcmtp(4)</a> multi-touch
183: trackpad driver.
184: <li>Support for <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> 1.0
185: specification for PCI devices.
186: <li>Improved support for the AR9271 chipset
187: in <a href="https://man.openbsd.org/athn.4">athn(4)</a> .
188: <li>Support for the trackpad and trackpoint of the Dell Precision 7520
189: laptop in the <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>
190: driver.
191: <li>Added the colemak keyboard layout.
192: <li>New <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
193: driver for the Fairchild FUSB302 USB Type-C controller.
194: <li>Added a fallback to
195: <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>
196: which enables the USB ports on the RockPro64.
197: <li>Added support for more Intel 300 Series PCH devices to
198: <a href="https://man.openbsd.org/ichiic.4">ichiic(4)</a>.
199: <li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> driver for
1.34 fcambus 200: Mellanox ConnectX-4 (and later) Ethernet controllers.
1.21 benno 201: <li>Added support for the cryptographic coprocessor found on newer
202: AMD Ryzen CPUs/APUs.
203: <li>Improved the <a href="https://man.openbsd.org/envy.4">envy(4)</a> codec
204: API and used it on ESI Juli@ cards.
205: <li>Enabled EnvyHT-specific sample rates (above 96kHz) on the host
206: controller for <a href="https://man.openbsd.org/envy.4">envy(4)</a>
207: devices.
208: <li>Added support for the USB serial adapter found in Juniper SRX 300 to
209: <a href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
210: <li>Updated shared drm code,
211: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>
212: and <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
1.50 jsg 213: to linux 4.19.78. This adds support for Intel Broxton/Apollo
1.25 jsg 214: Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake,
1.34 fcambus 215: and Comet Lake hardware.
1.21 benno 216: <li>Made <a href="https://man.openbsd.org/startx.1">startx(1)</a> and
217: <a href="https://man.openbsd.org/xinit.1">xinit(1)</a> work again on
218: modern systems using
219: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>,
220: <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
221: and <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
222: <li>Added <a href="https://man.openbsd.org/mcprtc.4">mcprtc(4)</a>, a driver
223: for the Microchip MCP79400 RTC and similar.
224: <li>Added I2C clock gates to <a href="https://man.openbsd.org/mvclock.4">
225: mvclock(4)</a>.
1.40 jmatthew 226: <li>Added support for MSI-X to <a href="https://man.openbsd.org/bnxt.4">
1.21 benno 227: bnxt(4)</a>.
228: <li>Added <a href="https://man.openbsd.org/octpip.4">octpip(4)</a>, a driver
1.34 fcambus 229: for the Octeon packet input processing unit.
1.21 benno 230: <li>Added the <a href="https://man.openbsd.org/octiic.4">octiic(4)</a>
231: driver for OCTEON two-wire serial interfaces.
232: <li>Enabled <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> on octeon.
233: <li>Added <a href="https://man.openbsd.org/octpcie.4">octpcie(4)</a>, a
234: driver for the PCIe controller found on OCTEON II and OCTEON III.
235: <li>Fixed random kernel hangs on
236: some <a href="https://www.openbsd.org/sparc64.html">sparc64</a>
237: machines by blocking interrupts while sending an IPI on sunv4
238: (as on sun4u).
1.40 jmatthew 239: <li><a href="https://man.openbsd.org/ure.4">ure(4)</a> now supports
240: RTL8153B devices.
1.51 brynet 241: <li>Added new <a href="http://man.openbsd.org/ksmn.4">ksmn(4)</a> driver
242: for temperature sensor on AMD Family 17h CPUs.
1.21 benno 243: </ul>
244:
245: <li>Improved <a href="https://www.openbsd.org/arm64.html">arm64</a> hardware
246: support, including:
1.23 fcambus 247: <ul>
1.21 benno 248: <li>Added support for Ampere eMAG CPU based systems.
249: <li>Added support to <a href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>
250: for obtaining CPU clock frequency.
251: <li>Enabled <a href="https://man.openbsd.org/amlmmc.4">amlmmc(4)</a>, a
252: driver for the SD/MMC controller found on various Amlogic SoCs.
253: <li>Implemented setting the CPU clock for Allwinner A64 SoCs in
254: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
255: <li>Added <a href="https://man.openbsd.org/amldwusb.4">amldwusb(4)</a>,
256: <a href="https://man.openbsd.org/amlusbphy.4">amlusbphy(4)</a> and
257: <a href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>, drivers
258: for the USB controller and PHYs on the Amlogic G12A/B SoCs.
259: <li>Added <a href="https://man.openbsd.org/imxtmu.4">imxtmu(4)</a>, a driver
1.23 fcambus 260: to support the temperature sensors on i.MX8M SoCs.
1.21 benno 261: <li>Added <a href="https://man.openbsd.org/amlrng.4">amlrng(4)</a>, a simple
262: random number generator driver for Amlogic SoCs.
263: <li>Added <a href="https://man.openbsd.org/amclock.4">amclock(4)</a>,
264: a driver for the Amlogic SoC clocks.
265: <li>Added <a href="https://man.openbsd.org/amluart.4">amluart(4)</a>, a
266: driver for the UARTs found on various Amlogic SoCs.
267: <li>Added support for the SMBus System Interfaces (SSIF) to
1.34 fcambus 268: <a href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
1.21 benno 269: <li>PXE booting using U-Boot works now.
270: <li>Added clock support
271: to <a href="https://man.openbsd.org/sxisyscon.4">sxisyscon(4)</a>,
272: a driver for the system controller found on various Allwinner
273: SoCs.
274: <li>Implemented <a href="https://man.openbsd.org/smbios.4">smbios(4)</a>
275: support on arm64.
276: <li>Added <a href="https://man.openbsd.org/ucrcom.4">ucrcom(4)</a>, a driver
277: for the serial console of chromebooks.
278: <li>Enabled <a href="https://man.openbsd.org/mvmdio.4">mvmdio(4)</a> and
279: <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> on arm64.
280: <li>Added <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a>
281: support for 'pinconf-single' devices and support for
1.23 fcambus 282: bias and drive-strength properties, needed for HiSilicon SoCs.
1.32 fcambus 283: <li>Added <a href="https://man.openbsd.org/mvdog.4">mvdog(4)</a>, a driver
1.21 benno 284: to support the watchdog on the Armada 3700 SoC.
285: <li>Added support for the Allwinner H6 to
286: <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a> and
287: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
288: <li>Added <a href="https://man.openbsd.org/mviic.4">mviic(4)</a>, a driver
289: to support the I2C controller on the Armada 3700 SoC.
290: <li>Added <a href="https://man.openbsd.org/mvuart.4">mvuart(4)</a> to
1.34 fcambus 291: support the Armada 3720's serial console.
1.21 benno 292: <li>Added support for the Armada 3720 clocks to
1.33 fcambus 293: <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
1.21 benno 294: <li>Added support for the Armada 3720 pinctrl controller to
295: <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>. This
296: controller also includes GPIO controller functionality.
297: <li>Added the RK3328 and RK3399 GMAC clocks to
1.34 fcambus 298: <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.21 benno 299: <li>Increased MAXCPUs to 32 in arm64, allowing use of all cores on the Ampere
300: eMAG.
301: <li>Added support for the Cortex-A65 CPU.
302: <li>Implemented interrupt controller functionality in
303: <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a>,
304: allowing use of the
305: <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
306: interrupt on the RockPro64.
307: </ul>
1.1 beck 308:
309: <li>IEEE 802.11 wireless stack improvements:
310: <ul>
1.21 benno 311: <li>Made net80211 expose reasons for association failures to have
312: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
313: display them in "scan" output and on the
314: <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>
1.34 fcambus 315: status line.
1.21 benno 316: <li>Added support for 802.11n Tx aggregation to net80211 and
317: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
318: <li>... <!-- XXX -->
1.1 beck 319: </ul>
320:
321: <li>Generic network stack improvements:
1.21 benno 322: <ul>
323: <li>Enabled TCP and UDP checksum offloading by default for
324: <a href="https://man.openbsd.org/ix.4">ix(4)</a>.
325: <li>Added <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a>, a 802.1Q
326: two-port MAC relay implementation.
1.38 fcambus 327: <li>Added <a href="https://man.openbsd.org/iavf.4">iavf(4)</a>, a driver for
1.34 fcambus 328: Intel SR-IOV Virtual Functions of Intel 700 series Ethernet controllers.
1.21 benno 329: <li>Added <a href="https://man.openbsd.org/aggr.4">aggr(4)</a>, a
330: dedicated driver to implement 802.1AX link aggregration.
331: <li>Added port protection support
332: to <a href="https://man.openbsd.org/switch.4">switch(4)</a>. Domain
333: membership is checked for unicast, flooded (broadcast) and local
1.34 fcambus 334: (host-network-bound, e.g. trunk) traffic.
1.21 benno 335: <li>Disabled <a href="https://man.openbsd.org/mobileip.4">mobileip(4)</a>.
336: <li>Added support
337: to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
338: for getting and setting rxprio, finishing support for RFC
339: 2983. Implemented configuring rxprio
340: in <a href="https://man.openbsd.org/vlan.4">vlan(4)</a>,
341: <a href="https://man.openbsd.org/gre.4">gre(4)</a>,
342: <a href="https://man.openbsd.org/mpw.4">mpw(4)</a>,
343: <a href="https://man.openbsd.org/mpe.4">mpe(4)</a>,
344: <a href="https://man.openbsd.org/mpip.4">mpip(4)</a>,
345: <a href="https://man.openbsd.org/etherip.4">etherip(4)</a>
1.23 fcambus 346: and <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>.
1.45 fcambus 347: <li>Implemented Tx mitigation by calling the hardware transmit
1.21 benno 348: routine per several packets rather than for individual
349: packets. Defers calls to the transmit routine to a network taskq,
350: or until a backlog of packets has built up.
351: <li>Stopped using <a href="https://man.openbsd.org/splnet.9">splnet(9)</a> when
352: running the network stack now
353: that it is using the NET_LOCK for protection, reducing latency spikes.
1.29 deraadt 354: <li>Added support for reading SFPs to some ethernet cards.
1.21 benno 355: </ul>
1.1 beck 356:
357: <li>Installer improvements:
1.21 benno 358: <ul>
359: <li>Allowed quoted SSIDs in the installer, rather than ignoring
360: those containing whitespace.
361: <li>Introduced <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
1.44 deraadt 362: that can be used to upgrade OpenBSD unattended.
363: <li><a href="errata65.html#p012_sysupgrade">A syspatch was provided which adds</a>
364: <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
365: to 6.5, so unattended upgrades to 6.6 can be
366: performed on amd64/arm64/i386 with <b># syspatch && sysupgrade</b>.
1.29 deraadt 367: <li>Created an <a href="https://www.openbsd.org/octeon.html">octeon</a>
368: bootloader which is a modified kernel. To use this bootloader, the
369: firmware must be configured to load file "boot" instead of "bsd".
1.21 benno 370: <li>Included <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a>
371: on the amd64 CD ramdisk.
372: <li>Added <a href="https://man.openbsd.org/tee.1">tee(1)</a> to the ramdisk, and
373: display a moving progress bar
374: during auto upgrade/install.
375: <li>Repaired and improved v6 default route selection, fixing autoinstalls.
376: <li>Added <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
377: support to the sparc64 bootloader.
1.45 fcambus 378: <li>The DHCP configuration is now preserved when restarting an install.
1.21 benno 379: <li>The installer now remembers 'autoconf' when restarting an install.
380: <li>Stopped prompting for disks that do not contain a root
381: partition during upgrades. This defaults to the correct disk
382: when full disk encryption is in use, and will be useful for
383: future unattended upgrades.
384: </ul>
1.1 beck 385:
386: <li>Security improvements:
387: <ul>
1.21 benno 388: <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
1.28 deraadt 389: now used in 77 userland programs to redact filesystem access.
1.21 benno 390: <li>Various changes
391: in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
1.23 fcambus 392: to improve application behavior when encountering hidden
1.21 benno 393: filesystem paths.
1.28 deraadt 394: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which
395: processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
396: with the <b>u</b> and <b>U</b> flags in STATE field.
397: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list
398: of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options
399: processes use with the <b>-o pledge</b> option.
1.22 benno 400: <li>Further and improved mitigations against Spectre side-channel
1.21 benno 401: vulnerability in Intel CPUs built since 2012.
402: <li>Mitigations for Intel's Microarchitectural Data Sampling
403: vulnerability, using the new CPU VERW behavior if available or
404: by using the proper sequence from Intel's "Deep Dive" doc in the
405: return-to-userspace and enter-VMM-guest
406: paths. Updated <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
407: to pass through the MSR bits so that guests can apply the
408: optimal mitigation.
409: <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
410: environment inheritance not to inherit, and instead reset to the
411: target user's values by default.
1.28 deraadt 412: <li>Prepare
1.41 solene 413: the <a href="https://www.openbsd.org/amd64.html">amd64</a> BIOS
1.28 deraadt 414: bootloader for loading the kernel at a random virtual address (future work).
1.21 benno 415: <li>Introduced
416: <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
417: and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,
418: which return memory in pages marked MAP_CONCEAL and call
419: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
420: on <a href="https://man.openbsd.org/free.3">free(3)</a>.
421: <li>Make 'systat pf' not require root permissions
422: (<a href="https://man.openbsd.org/systat.8">systat(8)</a>).
423: <li>Added support for the EFI Random Number Generator Protocol,
424: using it to XOR random data into the buffer we feed the kernel for
425: <a href="https://www.openbsd.org/amd64.html">amd64</a>.
426: <li>Added information about system call memory write protection
1.23 fcambus 427: and stack mapping violations to system
1.21 benno 428: accounting. Now <a href="https://man.openbsd.org/daily.8">daily(8)</a>
429: will print a list of affected processes
1.41 solene 430: and <a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
1.21 benno 431: will flag violations with 'M'.
1.1 beck 432: </ul>
433:
434: <li>Routing daemons and other userland network improvements:
1.21 benno 435: <ul>
436: <li>The <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
437: daemon now gets and sets the clock in a secure way when booting
438: even when a battery-backed clock is absent.
439: <li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> now
440: removes IPv6 addresses when it detects a link-state change but
441: no new router advertisement is received.
442: <li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
1.29 deraadt 443: now reports SFP, SFP+ and QSFP module information when using
444: the <b>sff</b> option.
1.21 benno 445: <li>Imported <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>,
1.45 fcambus 446: a new SNMP client which aims to be netsnmp-compatible for
1.21 benno 447: supported features, and
448: removed <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a>.
449: <li>Improvements
1.45 fcambus 450: in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> DNS
1.21 benno 451: resoving and constraints checking, especially during
1.45 fcambus 452: startup. Unreliable NTP peers are removed from the pool and
453: DNS resolving is repeated to add replacements.
1.21 benno 454: <li>Changed the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
455: Adj-RIB-Out to a per-peer set of RB trees, improving speed.
456: <li>Rewrote <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
457: community matching and handling code and improved performance
458: for setups using many communities.
459: <li>Checked the type of a network statement when looking for
460: duplicates
461: in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. This
462: fixes added network 0.0.0.0/0 after 'network inet static'.
463: <li>Made improvements
464: to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> speed when
465: configuring many peers.
466: <li>Implemented <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
467: 'show mrt neighbors', to print the neighbor table of MRT
468: TABLE_DUMP_V2 dumps.
469: <li>Moved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
470: pfkey socket to the parent process. The refreshing of the keys
471: for MD5 and IPSEC is done whenever the session state changes to
472: IDLE or ACTIVE, which should behave better when reloading
473: configs with auth changes.
474: <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, fixed
475: reloading of network statements that have no fixed prefix
476: specification.
477: <li>Extended the maximum size of
478: the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
479: shutdown communication message to 255 bytes.
480: <li>Improvements
481: in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, to
482: always check for namespace collisions on table
483: commands. Introduced 'pfctl -FR' to reset pfctl(8) settings to
484: defaults.
485: <li>Imported Kristaps Dzonsons' RPKI
486: validator, <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
487: <li> <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports
488: binary protocol health checking. See
489: <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
490: <li>Added support for OCSP stapling
491: to <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
492: <li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
493: support for SNI with new 'tls keypair' option to load additional
494: certificates.
495: <li>Added support for 'from/to address[/prefix]'
496: in <a href="https://man.openbsd.org/.8">relayd(8)</a> filter rules.
497: <li>Implemented RFC 8555 "Automatic Certificate Management
498: Environment (ACME)" to
499: enable <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
500: to communicate with the v02 Let's Encrypt API. Read the
501: <a href="faq/upgrade66.html">upgrade guide</a> for more information.
502: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
503: support for '-T erspan' and
504: arbitrary <a href="https://man.openbsd.org/gre.4">gre(4)</a>
505: protocols.
506: <li>Allowed specifying area by number as well as id
507: in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.
508: <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now
509: accepts both address and number format for 'ospfctl show
510: database area XXX'.
511: <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> reload
512: improvements.
513: <li>Added a check
514: to <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>
515: and <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>
516: that any "depend on" interfaces are in the same rdomain.
517: <li>Make 'passive' (announce a network configured on an interface
518: as a stub network) work with P2P interfaces
519: in <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>.
520: <li>Shutdown the service port when behind a captive portal
521: with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
522: allowing bypass of captive portals that correctly answer SOA
523: queries for the root zone and return NXDOMAIN for the captive
524: portal redirect domain if edns0 is present.
525: <li>Implemented DNS block lists
526: in <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
527: <li>Added support for IKEv2 Message Fragmentation (RFC 7383)
528: to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
529: <li>Enabled switching between wireless and wired interfaces in
530: dhclient(8), setting the default route with the interface
531: address and allowing two default routes in the routing table. A
1.23 fcambus 532: wired interface will be preferred when connected.
1.21 benno 533: <li>Added consistent use of 'ifconfig $_if [-inet| -inet6]' to clear existing
534: configurations completely after restarting an install.
535: <li>Added 'forwarded' log format extending the 'combined' log
536: format in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
537: </ul>
1.23 fcambus 538:
539: <li>Assorted improvements:
1.1 beck 540: <ul>
541: <li> The filesystem buffer cache now more aggressively uses memory
542: outside the DMA region, to improve cache performance on amd64
543: machines.
1.5 rob 544: <li> The BER API previously internal to
1.21 benno 545: <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>,
546: <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
547: <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>, and
548: <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> has been moved into
549: libutil.
550: See <a href="https://man.openbsd.org/ber_read_elements.3">ber_read_elements(3)</a>.
551: <li>Removed the old
552: userland <a href="https://man.openbsd.org/realpath.3">realpath(3)</a>
553: and replaced it with __realpath(2), a kernel
554: implementation. This will prevent
555: calling <a href="https://man.openbsd.org/readlink.2">readlink(2)</a>
556: on every component of a path and improve performance for
557: <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
558: <li><a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> speedups,
559: improving dynamic linker performance for large objects.
560: <li>Modified <a href="https://man.openbsd.org/systat.1">systat(1)</a>
561: to allow the use of 'b' to switch to stats since boot.
562: </ul>
563:
564: <li>VMM/VMD improvements ... <!-- XXX -->
565: <ul>
566: <li>Added support for 'boot device'
1.37 anton 567: to <a href="https://man.openbsd.org/vm.conf.5#boot_device">vm.conf(5)</a>
1.21 benno 568: grammar, the '-B device' counterpart
569: from <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
570: <li>Emulated kvm pvclock
571: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, compatible
572: with <a href="https://man.openbsd.org/pvclock.4">pvclock(4)</a> in
573: OpenBSD.
574: <li>Enabled reporting of the vm state through use of
575: the <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
576: 'status' command.
577: <li>Synced vm state
578: in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when
579: (un)pausing a vm to ensure
580: both <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
581: and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> processes
582: know the vm is paused.
583: <li>Handled some unhandled instructions for SVM which led
584: to <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> guest
585: termination, as well as RDTSCP and INVLPGA instructions.
586: <li>Modified <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> to
587: flush guest TLB entries if the guest disables paging.
1.1 beck 588: </ul>
589:
590: <li>OpenSMTPD 6.6.0
591: <ul>
1.18 gilles 592: <li>New Features
593: <ul>
594: <li>Introduced support for ECDSA certificates with an ECDSA privsep engine.
1.21 benno 595: <li>Introduced builtin filters to allow basic filtering of incoming sessions
596: in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
597: <li>Introduced option to deliver junk to a Junk folder
598: in <a href="https://man.openbsd.org/mail.maildir.8">mail.maildir(8)</a>.
1.18 gilles 599: </ul>
600: <li>Bug fixes
601: <ul>
1.21 benno 602: <li>Fixed the <a href="https://man.openbsd.org/smtp.1">smtp(1)</a> client
603: so it uses correct default port for SMTPS.
604: <li>Fixed an <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash on
605: excessively large input.
1.18 gilles 606: <li>Ensured mail rejected by an LMTP server will stay queued rather than bouncing.
607: </ul>
608: <li>Experimental Features
609: <ul>
1.21 benno 610: <li>Introduced a filters API to allow writing standalone filters
611: for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
1.18 gilles 612: with multiple filters made available in ports.
1.21 benno 613: <li>Introduced support for proxy-v2 protocol
614: allowing <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> to
615: operate behind proxy.
1.18 gilles 616: </ul>
1.1 beck 617: </ul>
618:
619: <li>LibreSSL 3.0.X
620: <ul>
621: <li>API and Documentation Enhancements
622: <ul>
1.11 tb 623: <li>Completed the port of RSA_METHOD accessors from the
1.13 tb 624: OpenSSL 1.1 API.
1.21 benno 625: <li>Documented undescribed options and removed unfunctional
626: options description
627: in <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
628: manual.
1.1 beck 629: </ul>
630:
631: <li>Compatibility Changes
632: <ul>
633: </ul>
634:
635: <li>Testing and Proactive Security
636: <ul>
637: <li>
1.2 tb 638: A plethora of small fixes due to regular oss-fuzz testing.
1.13 tb 639: <li>
1.21 benno 640: Various side channels in DSA and ECDSA were addressed. These
641: are some of the many issues found in an extensive systematic
642: analysis of bignum usage by Samuel Weiser, David Schrammel et
643: al.
1.20 tb 644: <li>
1.21 benno 645: Try to compute the cofactor if a nonsensical value was
646: provided for ECC parameters. Fix from Billy Brumley.
1.1 beck 647: </ul>
648:
649: <li>Internal Improvements
1.21 benno 650: <ul>
651: </ul>
1.1 beck 652:
653: <li>Portable Improvements
654: <ul>
1.21 benno 655: <li>Enabled performance optimizations when building with Visual
656: Studio on Windows.
1.12 inoguchi 657: <li>Enabled openssl(1) speed subcommand on Windows platform.
1.1 beck 658: </ul>
659:
660: <li>Bug Fixes
661: <ul>
1.21 benno 662: <li>Fixed issue where SRTP extension would not be sent by
663: server.
664: <li>Fixed incorrect carry operation in 512 addition for
665: Streebog.
1.12 inoguchi 666: <li>Fixed -modulus option with openssl(1) dsa subcommand.
1.21 benno 667: <li>Fixed PVK format output issue with openssl(1) dsa and rsa
668: subcommand.
1.46 tb 669: <li>Fixed a padding oracle attack in <code>PKCS7_dataDecode()</code>
670: and <code>CMS_decrypt_set1_pkey()</code> (<code>CMS</code>
671: is currently disabled). From Bernd Edlinger.
1.1 beck 672: </ul>
673: </ul>
674:
1.52 benno 675: <li>OpenSSH 8.1
1.1 beck 676: <ul>
1.21 benno 677: <li>New Features
678: <ul>
1.52 benno 679: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: Allow %n to be
680: expanded in ProxyCommand strings
681: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
682: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: Allow
683: prepending a list of algorithms to the default set by
684: starting the list with the '^' character, E.g.
685: "HostKeyAlgorithms ^ssh-ed25519"
686: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
687: add an experimental lightweight signature and verification
688: ability. Signatures may be made using regular ssh keys held
689: on disk or stored in a ssh-agent and verified against an
690: authorized_keys-like list of allowed keys. Signatures embed
691: a namespace that prevents confusion and attacks between
692: different usage domains (e.g. files vs email).
693: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
694: print key comment when extracting public key from a private
695: key. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3052'>bz#3052</a>
696: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
697: accept the verbose flag when searching for host keys in
698: known hosts (i.e. "ssh-keygen -vF host") to print the
699: matching host's random-art signature
700: too. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3003'>bz#3003</a>
701: <li>All: support PKCS8 as an optional format for storage of
702: private keys to disk. The OpenSSH native key format remains
703: the default, but PKCS8 is a superior format to PEM if
704: interoperability with non-OpenSSH software is required, as
705: it may use a less insecure key derivation function than
706: PEM's.
1.21 benno 707: </ul>
708: <li>Bugfixes
709: <ul>
1.52 benno 710: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: if a
711: PKCS#11 token returns no keys then try to login and
712: refetch them. Based on patch from Jakub
713: Jelen; <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2430'>bz#2430</a>
714: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
715: produce a useful error message if the user's shell is set
716: incorrectly during "match exec"
717: processing. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2791'>bz#2791</a>
718: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
719: allow the maximum uint32 value for the argument passed to
720: -b which allows better error messages from later
721: validation.
722: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3050'>bz#3050</a>
723: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
724: avoid pledge sandbox violations in some combinations of
725: remote forwarding, connection multiplexing and
726: ControlMaster.
727: <li><a href='https://man.openbsd.org/ssh-keyscan.1'>ssh-keyscan(1)</a>:
728: include SHA2-variant RSA key algorithms in KEX proposal;
729: allows ssh-keyscan to harvest keys from servers that
730: disable old SHA1
731: ssh-rsa. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3029'>bz#3029</a>
732: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
733: print explicit "not modified" message if a file was
734: requested for resumed download but was considered already
735: complete.
736: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2978'>bz#2978</a>
737: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
738: fix a typo and make <esc><right> move right to the
739: closest end of a word just like <esc><left> moves
740: left to the closest beginning of a word.
741: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
742: cap the number of permitopen/permitlisten directives
743: allowed to appear on a single authorized_keys line.
744: <li>All: fix a number of memory leaks (one-off or on exit paths).
745: <li>Regression tests: a number of fixes and improvements,
746: including fixes to the interop tests, adding the ability
747: to run most tests on builds that disable OpenSSL support,
748: better support for running tests under Valgrind and a
749: number of bug-fixes.
750: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
751: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
752: check for convtime() refusing to accept times that resolve
753: to LONG_MAX Reported by Kirk Wolf bz2977
754: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
755: slightly more instructive error message when the user
756: specifies multiple -J options on the command-line. bz3015
757: <li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>:
758: process agent requests for RSA certificate private keys
759: using correct signature algorithm when requested. bz3016
760: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
761: check for user@host when parsing sftp target. This allows
762: user@[1.2.3.4] to work without a
763: path. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2999'>bz#2999</a>
764: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
765: enlarge format buffer size for certificate serial number
766: so the log message can record any 64-bit integer without
767: truncation. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3012'>bz#3012</a>
768: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
769: for PermitOpen violations add the remote host and port to
770: be able to more easily ascertain the source of the
771: request. Add the same logging for PermitListen violations
772: which where not previously logged at all.
773: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>,
774: <a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
775: use the correct POSIX format style for left justification
776: for the transfer progress
777: meter. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3002'>bz#3002</a>
778: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>
779: when examining a configuration using sshd -T, assume any
780: attribute not provided by -C does not match, which allows
781: it to work when sshd_config contains a Match directive
782: with or without -C.
783: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2858'>bz#2858</a>
784: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
785: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
786: downgrade PKCS#11 "provider returned no slots" warning
787: from log level error to debug. This is common when
788: attempting to enumerate keys on smartcard readers with no
789: cards plugged
790: in. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3058'>bz#3058</a>
791: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
792: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
793: do not unconditionally log in to PKCS#11 tokens. Avoids
794: spurious PIN prompts for keys not selected for
795: authentication
796: in <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> and
797: when listing public keys available in a token
798: using <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>.
799: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3006'>bz#3006</a>
1.21 benno 800: </ul>
1.1 beck 801: </ul>
802: <li>Mandoc XXX
803: <ul>
1.21 benno 804: <li>Provided a notification to stderr to indicate messages have been shown when
805: mandoc(1) output is printed without a pager, to indicate messages may have
806: preceded the output.
807: <li>Fixed a segfault
808: in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when
809: /tmp is not writable.
810: <li>Added <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
811: support for 'prefers-color-scheme: dark'.
812: <li>Improved <a href="https://man.openbsd.org/man.1">man(1)</a>
813: matching for requests for a specific section.
1.1 beck 814: </ul>
815:
1.54 ! benno 816: <li>Xenocara <!-- XXX -->
1.1 beck 817: <ul>
1.21 benno 818: <li>
1.1 beck 819: </ul>
820:
1.7 bentley 821: <li><p>Ports and packages:
1.1 beck 822: <ul>
823: </ul>
1.7 bentley 824: <p>Many pre-built packages for each architecture:
1.1 beck 825: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1.7 bentley 826: <ul style="column-count: 3">
1.1 beck 827: <li>aarch64: XXXX
828: <li>amd64: XXXX
1.42 benno 829: <li>armv7: XXXX
1.1 beck 830: <li>i386: XXXX
831: <li>mips64: XXXX
832: <li>mips64el: XXXX
833: <li>powerpc: XXXX
834: <li>sparc64: XXXX
1.7 bentley 835: </ul>
1.1 beck 836:
1.53 benno 837: <p>Some highlights: <!-- XXX -->
1.7 bentley 838: <ul style="column-count: 3">
1.53 benno 839: <li>gzdoom was updated to 4.1.2
840: <li>
841: <li>
842: <li>
843: <li>
844: <li>
1.7 bentley 845: </ul>
1.1 beck 846:
847: <li>As usual, steady improvements in manual pages and other documentation.
848:
849: <li>The system includes the following major components from outside suppliers:
1.21 benno 850: <ul>
1.25 jsg 851: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.5 + patches,
852: freetype 2.10.1, fontconfig 2.12.4, Mesa 19.0.8, xterm 344,
853: xkeyboard-config 2.20 and more)
854: <li>LLVM/Clang 8.0.1 (+ patches)
855: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
856: <li>Perl 5.28.2 (+ patches)
1.21 benno 857: <li>NSD 4.2.2.
1.48 fcambus 858: <li>Unbound 1.9.4
1.25 jsg 859: <li>Ncurses 5.7
860: <li>Binutils 2.17 (+ patches)
861: <li>Gdb 6.3 (+ patches)
862: <li>Awk Aug 10, 2011 version
863: <li>Expat 2.2.8
1.21 benno 864: </ul>
1.1 beck 865: </ul>
1.7 bentley 866: </section>
1.1 beck 867:
868: <hr>
869:
1.7 bentley 870: <section id=install>
871: <h3>How to install</h3>
872: <p>
1.1 beck 873: Please refer to the following files on the mirror site for
874: extensive details on how to install OpenBSD 6.6 on your machine:
875:
876: <ul>
877: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/alpha/INSTALL.alpha">
878: .../OpenBSD/6.6/alpha/INSTALL.alpha</a>
879: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/amd64/INSTALL.amd64">
880: .../OpenBSD/6.6/amd64/INSTALL.amd64</a>
881: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/arm64/INSTALL.arm64">
882: .../OpenBSD/6.6/arm64/INSTALL.arm64</a>
883: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/armv7/INSTALL.armv7">
884: .../OpenBSD/6.6/armv7/INSTALL.armv7</a>
885: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/hppa/INSTALL.hppa">
886: .../OpenBSD/6.6/hppa/INSTALL.hppa</a>
887: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/i386/INSTALL.i386">
888: .../OpenBSD/6.6/i386/INSTALL.i386</a>
889: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/landisk/INSTALL.landisk">
890: .../OpenBSD/6.6/landisk/INSTALL.landisk</a>
891: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/loongson/INSTALL.loongson">
892: .../OpenBSD/6.6/loongson/INSTALL.loongson</a>
893: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/luna88k/INSTALL.luna88k">
894: .../OpenBSD/6.6/luna88k/INSTALL.luna88k</a>
895: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc">
896: .../OpenBSD/6.6/macppc/INSTALL.macppc</a>
897: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/octeon/INSTALL.octeon">
898: .../OpenBSD/6.6/octeon/INSTALL.octeon</a>
899: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/sparc64/INSTALL.sparc64">
900: .../OpenBSD/6.6/sparc64/INSTALL.sparc64</a>
901: </ul>
1.8 deraadt 902: </section>
1.1 beck 903:
904: <hr>
905:
1.7 bentley 906: <section id=quickinstall>
1.1 beck 907: <p>
908: Quick installer information for people familiar with OpenBSD, and the use of
909: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
910: If you are at all confused when installing OpenBSD, read the relevant
911: INSTALL.* file as listed above!
912:
1.7 bentley 913: <h3>OpenBSD/alpha:</h3>
1.1 beck 914:
1.7 bentley 915: <p>
1.1 beck 916: Write <i>floppy66.fs</i> or <i>floppyB66.fs</i> (depending on your machine)
917: to a diskette and enter <i>boot dva0</i>.
918: Refer to INSTALL.alpha for more details.
1.7 bentley 919:
1.1 beck 920: <p>
921: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
922: will most likely fail.
923:
1.7 bentley 924: <h3>OpenBSD/amd64:</h3>
1.1 beck 925:
1.7 bentley 926: <p>
1.1 beck 927: If your machine can boot from CD, you can write <i>install66.iso</i> or
928: <i>cd66.iso</i> to a CD and boot from it.
929: You may need to adjust your BIOS options first.
1.7 bentley 930:
1.1 beck 931: <p>
932: If your machine can boot from USB, you can write <i>install66.fs</i> or
933: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 934:
1.1 beck 935: <p>
936: If you can't boot from a CD, floppy disk, or USB,
937: you can install across the network using PXE as described in the included
938: INSTALL.amd64 document.
1.7 bentley 939:
1.1 beck 940: <p>
941: If you are planning to dual boot OpenBSD with another OS, you will need to
942: read INSTALL.amd64.
943:
1.7 bentley 944: <h3>OpenBSD/arm64:</h3>
1.1 beck 945:
1.7 bentley 946: <p>
1.1 beck 947: Write <i>miniroot66.fs</i> to a disk and boot from it after connecting
948: to the serial console. Refer to INSTALL.arm64 for more details.
949:
1.7 bentley 950: <h3>OpenBSD/armv7:</h3>
1.1 beck 951:
1.7 bentley 952: <p>
1.1 beck 953: Write a system specific miniroot to an SD card and boot from it after connecting
954: to the serial console. Refer to INSTALL.armv7 for more details.
955:
1.7 bentley 956: <h3>OpenBSD/hppa:</h3>
1.1 beck 957:
1.7 bentley 958: <p>
1.1 beck 959: Boot over the network by following the instructions in INSTALL.hppa or the
960: <a href="hppa.html#install">hppa platform page</a>.
961:
1.7 bentley 962: <h3>OpenBSD/i386:</h3>
1.1 beck 963:
1.7 bentley 964: <p>
1.1 beck 965: If your machine can boot from CD, you can write <i>install66.iso</i> or
966: <i>cd66.iso</i> to a CD and boot from it.
967: You may need to adjust your BIOS options first.
1.7 bentley 968:
1.1 beck 969: <p>
970: If your machine can boot from USB, you can write <i>install66.fs</i> or
971: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 972:
1.1 beck 973: <p>
974: If you can't boot from a CD, floppy disk, or USB,
975: you can install across the network using PXE as described in
976: the included INSTALL.i386 document.
1.7 bentley 977:
1.1 beck 978: <p>
979: If you are planning on dual booting OpenBSD with another OS, you will need to
980: read INSTALL.i386.
981:
1.7 bentley 982: <h3>OpenBSD/landisk:</h3>
1.1 beck 983:
1.7 bentley 984: <p>
1.1 beck 985: Write <i>miniroot66.fs</i> to the start of the CF
986: or disk, and boot normally.
987:
1.7 bentley 988: <h3>OpenBSD/loongson:</h3>
1.1 beck 989:
1.7 bentley 990: <p>
1.1 beck 991: Write <i>miniroot66.fs</i> to a USB stick and boot bsd.rd from it
992: or boot bsd.rd via tftp.
993: Refer to the instructions in INSTALL.loongson for more details.
994:
1.7 bentley 995: <h3>OpenBSD/luna88k:</h3>
1.1 beck 996:
1.7 bentley 997: <p>
998: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1.1 beck 999: from the PROM, and then bsd.rd from the bootloader.
1000: Refer to the instructions in INSTALL.luna88k for more details.
1001:
1.7 bentley 1002: <h3>OpenBSD/macppc:</h3>
1.1 beck 1003:
1.7 bentley 1004: <p>
1.1 beck 1005: Burn the image from a mirror site to a CDROM, and power on your machine
1006: while holding down the <i>C</i> key until the display turns on and
1007: shows <i>OpenBSD/macppc boot</i>.
1.7 bentley 1008:
1.1 beck 1009: <p>
1010: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1011: /6.6/macppc/bsd.rd</i>
1012:
1.7 bentley 1013: <h3>OpenBSD/octeon:</h3>
1.1 beck 1014:
1.7 bentley 1015: <p>
1.1 beck 1016: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1017: Refer to the instructions in INSTALL.octeon for more details.
1018:
1.7 bentley 1019: <h3>OpenBSD/sparc64:</h3>
1.1 beck 1020:
1.7 bentley 1021: <p>
1.1 beck 1022: Burn the image from a mirror site to a CDROM, boot from it, and type
1023: <i>boot cdrom</i>.
1.7 bentley 1024:
1.1 beck 1025: <p>
1026: If this doesn't work, or if you don't have a CDROM drive, you can write
1027: <i>floppy66.fs</i> or <i>floppyB66.fs</i>
1028: (depending on your machine) to a floppy and boot it with <i>boot
1029: floppy</i>. Refer to INSTALL.sparc64 for details.
1.7 bentley 1030:
1.1 beck 1031: <p>
1032: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1033: will most likely fail.
1.7 bentley 1034:
1.1 beck 1035: <p>
1036: You can also write <i>miniroot66.fs</i> to the swap partition on
1037: the disk and boot with <i>boot disk:b</i>.
1.7 bentley 1038:
1.1 beck 1039: <p>
1040: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1.7 bentley 1041: </section>
1.1 beck 1042:
1043: <hr>
1044:
1.7 bentley 1045: <section id=upgrade>
1046: <h3>How to upgrade</h3>
1047: <p>
1.1 beck 1048: If you already have an OpenBSD 6.5 system, and do not want to reinstall,
1049: upgrade instructions and advice can be found in the
1050: <a href="faq/upgrade66.html">Upgrade Guide</a>.
1.7 bentley 1051: </section>
1.1 beck 1052:
1053: <hr>
1054:
1.7 bentley 1055: <section id=sourcecode>
1056: <h3>Notes about the source code</h3>
1057: <p>
1058: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1.1 beck 1059: This file contains everything you need except for the kernel sources,
1060: which are in a separate archive.
1061: To extract:
1062: <blockquote><pre>
1.7 bentley 1063: # <kbd>mkdir -p /usr/src</kbd>
1064: # <kbd>cd /usr/src</kbd>
1065: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1.1 beck 1066: </pre></blockquote>
1.7 bentley 1067: <p>
1068: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1.1 beck 1069: This file contains all the kernel sources you need to rebuild kernels.
1070: To extract:
1071: <blockquote><pre>
1.7 bentley 1072: # <kbd>mkdir -p /usr/src/sys</kbd>
1073: # <kbd>cd /usr/src</kbd>
1074: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1.1 beck 1075: </pre></blockquote>
1.7 bentley 1076: <p>
1.1 beck 1077: Both of these trees are a regular CVS checkout. Using these trees it
1078: is possible to get a head-start on using the anoncvs servers as
1079: described <a href="anoncvs.html">here</a>.
1080: Using these files
1081: results in a much faster initial CVS update than you could expect from
1082: a fresh checkout of the full OpenBSD source tree.
1.7 bentley 1083: </section>
1.1 beck 1084:
1085: <hr>
1086:
1.7 bentley 1087: <section id=ports>
1088: <h3>Ports Tree</h3>
1089: <p>
1.1 beck 1090: A ports tree archive is also provided. To extract:
1091: <blockquote><pre>
1.7 bentley 1092: # <kbd>cd /usr</kbd>
1093: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1.1 beck 1094: </pre></blockquote>
1.7 bentley 1095: <p>
1.1 beck 1096: Go read the <a href="faq/ports/index.html">ports</a> page
1097: if you know nothing about ports
1098: at this point. This text is not a manual of how to use ports.
1099: Rather, it is a set of notes meant to kickstart the user on the
1100: OpenBSD ports system.
1101: <p>
1102: The <i>ports/</i> directory represents a CVS checkout of our ports.
1103: As with our complete source tree, our ports tree is available via
1104: <a href="anoncvs.html">AnonCVS</a>.
1105: So, in order to keep up to date with the -stable branch, you must make
1106: the <i>ports/</i> tree available on a read-write medium and update the tree
1107: with a command like:
1108: <blockquote><pre>
1.7 bentley 1109: # <kbd>cd /usr/ports</kbd>
1.15 jsg 1110: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_6</kbd>
1.1 beck 1111: </pre></blockquote>
1.7 bentley 1112: <p>
1.1 beck 1113: [Of course, you must replace the server name here with a nearby anoncvs
1114: server.]
1115: <p>
1116: Note that most ports are available as packages on our mirrors. Updated
1117: ports for the 6.6 release will be made available if problems arise.
1118: <p>
1119: If you're interested in seeing a port added, would like to help out, or just
1120: would like to know more, the mailing list
1121: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1.7 bentley 1122: </section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 66.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www