Annotation of www/66.html, Revision 1.60
1.7 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.1 beck 5: <title>OpenBSD 6.6</title>
6: <meta name="description" content="OpenBSD 6.6">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/66.html">
10:
1.7 bentley 11: <h2 id=OpenBSD>
1.1 beck 12: <a href="index.html">
1.7 bentley 13: <i>Open</i><b>BSD</b></a>
14: 6.6
1.1 beck 15: </h2>
16:
1.7 bentley 17: <table>
18: <tr>
19: <td>
1.21 benno 20: <a href="images/Puffystock.gif"><!-- XXX -->
21: <img alt="XXX" width="227" height="343" src="images/Puffystock-s.gif"></a>
1.7 bentley 22: <td>
1.1 beck 23: Released XXX, 2019<br>
24: Copyright 1997-2019, Theo de Raadt.<br>
25: <br>
26: <br>
1.21 benno 27: Artwork by XXX Y Z.<!-- XXX -->
1.1 beck 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
1.7 bentley 32: <li>Go to the <code class=reldir>pub/OpenBSD/6.6/</code> directory on
1.1 beck 33: one of the mirror sites.
34: <li>Have a look at <a href="errata66.html">the 6.6 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus66.html">detailed log of changes</a> between the
37: 6.5 and 6.6 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
1.7 bentley 42: <table class=signify>
43: <tr><td>
44: openbsd-66-base.pub:
1.1 beck 45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/openbsd-66-base.pub">
1.21 benno 47: RWSvK/c+cFe24BIalifKnqoqdvLlXfeZ9MIj3MINndNeKgyYw5PpcWGn</a>
1.7 bentley 48: <tr><td>
1.1 beck 49: openbsd-66-fw.pub:
1.7 bentley 50: <td>
1.21 benno 51: RWSKyzM3wogTrgHkO88MnRiK/yuu8xy2OeIqhnP/uGL/j2IF4I5djMIM
1.7 bentley 52: <tr><td>
1.1 beck 53: openbsd-66-pkg.pub:
1.7 bentley 54: <td>
1.21 benno 55: RWSS4lqHZ5ayOFMBPj3leAkE9tCsSWG9OxD6MmAIS5Y3H3tD6F4vP/eF
1.7 bentley 56: <tr><td>
1.1 beck 57: openbsd-66-syspatch.pub:
1.7 bentley 58: <td>
1.21 benno 59: RWRQMmZg6mMlSTfHsJH9czeLAvf9e+ViLvkQ4id4dxaQqWU3aX9Cl/W1
1.1 beck 60: </table>
1.7 bentley 61: </ul>
1.1 beck 62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
1.9 deraadt 65: files fetched via <code>ports.tar.gz</code>.
1.7 bentley 66: </table>
1.1 beck 67:
68: <hr>
69:
1.7 bentley 70: <section id=new>
71: <h3>What's New</h3>
72: <p>
1.1 beck 73: This is a partial list of new features and systems included in OpenBSD 6.6.
74: For a comprehensive list, see the <a href="plus66.html">changelog</a> leading
75: to 6.6.
76:
77: <ul>
78:
1.59 fcambus 79: <li>General improvements and bugfixes:
1.21 benno 80: <ul>
81: <li>Fixed support for amd64 machines with greater than 1023GB
82: physical memory.
83: <li><a href="https://man.openbsd.org/drm.4">drm(4)</a> updates.
1.31 brynet 84: <li>The octeon platform is now using
85: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
86: as the base system compiler.
87: <li>The powerpc architecture is now provided with
1.21 benno 88: <a href="https://man.openbsd.org/clang.1">clang(1)</a>, in
1.42 benno 89: addition to aarch64, amd64, armv7, i386, mips64el, sparc64.
1.21 benno 90: <li>Disabled <a href="https://man.openbsd.org/gcc.1">gcc</a> in
1.34 fcambus 91: base on armv7 and i386.
1.21 benno 92: <li>Prevented <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
93: from repeatedly obtaining a new lease when the mtu is given in a
94: lease.
95: <li>Prevented more than one thread from opening a
96: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> device in
97: read/write mode.
98: <li>Allowed non-root users to become owner of the
99: <a href="https://man.openbsd.org/drm.4">drm(4)</a> device when they are
100: the first to open it.
101: <li>Added regular expression support for the format search, match
102: and substitute modifiers in
103: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
104: <li>Added a -v flag to source-file in
105: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to show the commands
106: and line numbers.
107: <li>Added simple menus usable with mouse or keyboard in
108: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
109: Introduced the command "display-menu" to show a menu bound to
110: the mouse on status line by default, and added menus in tree,
1.23 fcambus 111: client and buffer modes.
1.21 benno 112: <li>Changed the behavior of swap-window -d in
113: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to match
114: swap-pane.
115: <li>Allow panes to be empty in
116: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>, and
117: enabling output to be piped to them with split-window or
118: display-message -I.
119: <li>Adjusted <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
120: to automatically scroll when dragging to create a selection with
121: the mouse when the cursor reaches the top or bottom line.
122: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
123: crash when killing the current window, and other bugfixes.
124: </ul>
125:
1.57 deraadt 126: <li>SMP-Improvements, System call unlocking:
1.21 benno 127: <ul>
128: <li>Unlocked <a href="https://man.openbsd.org/getrlimit.2">getrlimit(2)</a>
129: and <a href="https://man.openbsd.org/setrlimit.2">setrlimit(2)</a>
1.34 fcambus 130: syscalls.
1.21 benno 131: <li>Unlocked <a href="https://man.openbsd.org/read.2">read(2)</a> and
132: <a href="https://man.openbsd.org/write.2">write(2)</a> syscalls.
133: <li>Removed the KERNEL_LOCK from
134: the <a href="https://man.openbsd.org/bridge.4">bridge(4)</a>
1.23 fcambus 135: output fast-path.
1.21 benno 136: <li>Made resource limit access MP-safe.
1.37 anton 137: <li>Made
138: <a href="https://man.openbsd.org/file.9">file(9)</a>
139: offset access MP-safe.
1.21 benno 140: </ul>
141:
1.1 beck 142: <li>Improved hardware support, including:
1.21 benno 143: <ul>
1.25 jsg 144: <li>Added support for Ethernet on Lenovo USB-C docks.
1.21 benno 145: <li>Implemented Linux compatibility
146: <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>
147: interfaces and enabled the ACPI support code in
148: <a href="https://man.openbsd.org/radeon.4">radeon(4)</a> and
149: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
150: <li>Implemented backlight control for
151: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, allowing setting
152: of the backlight using
153: <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
154: <li>Speakers now work on the ThinkPad X1C7.
155: <li>Added <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, an AMD
1.25 jsg 156: Radeon GPU video driver.
1.21 benno 157: <li>Added TSC synchronization for multiprocessor machines and re-enabled TSC
158: as the default amd64 time source.
159: <li>Added support of Realtek ALC285 in
160: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
161: <li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support
162: for the KSMedia 8-bit IR format and for dual functions on integrated USB
163: cameras.
1.41 solene 164: <li>Added the <a href="https://man.openbsd.org/aplgpio.4">aplgpio(4)</a>
1.45 fcambus 165: driver for the GPIO controllers on Intel's Apollo Lake SoC.
1.21 benno 166: <li>Implemented MSI-X support on sparc64.
167: <li>Skipped PCI host bridges and devices not present with
168: <a href="https://man.openbsd.org/acpi.1">acpi(1)</a> when establishing
169: the mapping between ACPI device nodes and PCI devices.
170: <li>Added the <a href="https://man.openbsd.org/ukspan.4">ukspan(4)</a>
171: driver for the Keyspan USA19HS USB serial adapter.
1.43 jmatthew 172: <li>Improved support for SAS3 controllers, made device enumeration during
173: boot more reliable, and enabled 64bit DMA for io in
1.21 benno 174: <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
175: <li>Fixed MSI/MSI-X on arm64 machines with
176: <a href="https://man.openbsd.org/agintc.4">agintc(4)</a>.
177: <li>Added MSI-X support in
178: <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>, pciecam,
179: <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> and
180: <a href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
181: <li>Improved support for type4 devices in the
182: <a href="https://man.openbsd.org/ubcmtp.4">ubcmtp(4)</a> multi-touch
183: trackpad driver.
184: <li>Support for <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> 1.0
185: specification for PCI devices.
186: <li>Improved support for the AR9271 chipset
187: in <a href="https://man.openbsd.org/athn.4">athn(4)</a> .
1.58 stsp 188: <li>Repaired support for <a href="https://man.openbsd.org/athn.4">athn(4)</a>
189: 9280 1T2R devices (broken since OpenBSD 6.5).
1.21 benno 190: <li>Support for the trackpad and trackpoint of the Dell Precision 7520
191: laptop in the <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>
192: driver.
193: <li>Added the colemak keyboard layout.
194: <li>New <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
195: driver for the Fairchild FUSB302 USB Type-C controller.
196: <li>Added a fallback to
197: <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>
198: which enables the USB ports on the RockPro64.
199: <li>Added support for more Intel 300 Series PCH devices to
200: <a href="https://man.openbsd.org/ichiic.4">ichiic(4)</a>.
201: <li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> driver for
1.34 fcambus 202: Mellanox ConnectX-4 (and later) Ethernet controllers.
1.21 benno 203: <li>Added support for the cryptographic coprocessor found on newer
204: AMD Ryzen CPUs/APUs.
205: <li>Improved the <a href="https://man.openbsd.org/envy.4">envy(4)</a> codec
206: API and used it on ESI Juli@ cards.
207: <li>Enabled EnvyHT-specific sample rates (above 96kHz) on the host
208: controller for <a href="https://man.openbsd.org/envy.4">envy(4)</a>
209: devices.
210: <li>Added support for the USB serial adapter found in Juniper SRX 300 to
211: <a href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
212: <li>Updated shared drm code,
213: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>
214: and <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
1.50 jsg 215: to linux 4.19.78. This adds support for Intel Broxton/Apollo
1.25 jsg 216: Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake,
1.34 fcambus 217: and Comet Lake hardware.
1.21 benno 218: <li>Made <a href="https://man.openbsd.org/startx.1">startx(1)</a> and
219: <a href="https://man.openbsd.org/xinit.1">xinit(1)</a> work again on
220: modern systems using
221: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>,
222: <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
223: and <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
224: <li>Added <a href="https://man.openbsd.org/mcprtc.4">mcprtc(4)</a>, a driver
225: for the Microchip MCP79400 RTC and similar.
226: <li>Added I2C clock gates to <a href="https://man.openbsd.org/mvclock.4">
227: mvclock(4)</a>.
1.40 jmatthew 228: <li>Added support for MSI-X to <a href="https://man.openbsd.org/bnxt.4">
1.21 benno 229: bnxt(4)</a>.
230: <li>Added <a href="https://man.openbsd.org/octpip.4">octpip(4)</a>, a driver
1.34 fcambus 231: for the Octeon packet input processing unit.
1.21 benno 232: <li>Added the <a href="https://man.openbsd.org/octiic.4">octiic(4)</a>
233: driver for OCTEON two-wire serial interfaces.
234: <li>Enabled <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> on octeon.
235: <li>Added <a href="https://man.openbsd.org/octpcie.4">octpcie(4)</a>, a
236: driver for the PCIe controller found on OCTEON II and OCTEON III.
237: <li>Fixed random kernel hangs on
238: some <a href="https://www.openbsd.org/sparc64.html">sparc64</a>
239: machines by blocking interrupts while sending an IPI on sunv4
240: (as on sun4u).
1.40 jmatthew 241: <li><a href="https://man.openbsd.org/ure.4">ure(4)</a> now supports
242: RTL8153B devices.
1.51 brynet 243: <li>Added new <a href="http://man.openbsd.org/ksmn.4">ksmn(4)</a> driver
244: for temperature sensor on AMD Family 17h CPUs.
1.58 stsp 245: <li>Explicitly disable BCM4331 wifi chips present in 2011-2012 Apple Mac systems.
246: Fixes an interrupt storm that consumes about 50% of CPU0 on affected machines.
1.21 benno 247: </ul>
248:
249: <li>Improved <a href="https://www.openbsd.org/arm64.html">arm64</a> hardware
250: support, including:
1.23 fcambus 251: <ul>
1.21 benno 252: <li>Added support for Ampere eMAG CPU based systems.
253: <li>Added support to <a href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>
254: for obtaining CPU clock frequency.
255: <li>Enabled <a href="https://man.openbsd.org/amlmmc.4">amlmmc(4)</a>, a
256: driver for the SD/MMC controller found on various Amlogic SoCs.
257: <li>Implemented setting the CPU clock for Allwinner A64 SoCs in
258: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
259: <li>Added <a href="https://man.openbsd.org/amldwusb.4">amldwusb(4)</a>,
260: <a href="https://man.openbsd.org/amlusbphy.4">amlusbphy(4)</a> and
261: <a href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>, drivers
262: for the USB controller and PHYs on the Amlogic G12A/B SoCs.
263: <li>Added <a href="https://man.openbsd.org/imxtmu.4">imxtmu(4)</a>, a driver
1.23 fcambus 264: to support the temperature sensors on i.MX8M SoCs.
1.21 benno 265: <li>Added <a href="https://man.openbsd.org/amlrng.4">amlrng(4)</a>, a simple
266: random number generator driver for Amlogic SoCs.
267: <li>Added <a href="https://man.openbsd.org/amclock.4">amclock(4)</a>,
268: a driver for the Amlogic SoC clocks.
269: <li>Added <a href="https://man.openbsd.org/amluart.4">amluart(4)</a>, a
270: driver for the UARTs found on various Amlogic SoCs.
271: <li>Added support for the SMBus System Interfaces (SSIF) to
1.34 fcambus 272: <a href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
1.21 benno 273: <li>PXE booting using U-Boot works now.
274: <li>Added clock support
275: to <a href="https://man.openbsd.org/sxisyscon.4">sxisyscon(4)</a>,
276: a driver for the system controller found on various Allwinner
277: SoCs.
278: <li>Implemented <a href="https://man.openbsd.org/smbios.4">smbios(4)</a>
279: support on arm64.
280: <li>Added <a href="https://man.openbsd.org/ucrcom.4">ucrcom(4)</a>, a driver
281: for the serial console of chromebooks.
282: <li>Enabled <a href="https://man.openbsd.org/mvmdio.4">mvmdio(4)</a> and
283: <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> on arm64.
284: <li>Added <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a>
285: support for 'pinconf-single' devices and support for
1.23 fcambus 286: bias and drive-strength properties, needed for HiSilicon SoCs.
1.32 fcambus 287: <li>Added <a href="https://man.openbsd.org/mvdog.4">mvdog(4)</a>, a driver
1.21 benno 288: to support the watchdog on the Armada 3700 SoC.
289: <li>Added support for the Allwinner H6 to
290: <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a> and
291: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
292: <li>Added <a href="https://man.openbsd.org/mviic.4">mviic(4)</a>, a driver
293: to support the I2C controller on the Armada 3700 SoC.
294: <li>Added <a href="https://man.openbsd.org/mvuart.4">mvuart(4)</a> to
1.34 fcambus 295: support the Armada 3720's serial console.
1.21 benno 296: <li>Added support for the Armada 3720 clocks to
1.33 fcambus 297: <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
1.21 benno 298: <li>Added support for the Armada 3720 pinctrl controller to
299: <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>. This
300: controller also includes GPIO controller functionality.
301: <li>Added the RK3328 and RK3399 GMAC clocks to
1.34 fcambus 302: <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.21 benno 303: <li>Increased MAXCPUs to 32 in arm64, allowing use of all cores on the Ampere
304: eMAG.
305: <li>Added support for the Cortex-A65 CPU.
306: <li>Implemented interrupt controller functionality in
307: <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a>,
308: allowing use of the
309: <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
310: interrupt on the RockPro64.
311: </ul>
1.1 beck 312:
313: <li>IEEE 802.11 wireless stack improvements:
314: <ul>
1.60 ! stsp 315: <li>Repaired the
! 316: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
! 317: 'nwflag' command (broken since OpenBSD 6.4).
1.58 stsp 318: <li>Added a new 'stayauth' nwflag which can be set to ignore deauth frames.
319: This is useful when deauth frames are being spoofed by an attacker.
1.60 ! stsp 320: <li>Repaired the
! 321: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
! 322: 'mode' command to properly force a wireless interface into 11a/b/g/n mode.
1.58 stsp 323: <li>Made 11n Tx rate selection more sensitive to transmission failures.
324: <li>Fixed automatic use of HT protection in 11n hostap mode.
325: <li>Fixed WPA APs occasionally appearing as non-WPA APs during AP selection.
326: <li>Fixed some eligible APs being ignored during AP selection after a
327: roaming failure.
328: <li>Added support for 802.11n Tx aggregation to net80211 and the
329: <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> driver.
1.21 benno 330: <li>Made net80211 expose reasons for association failures to have
331: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
332: display them in "scan" output and on the
333: <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>
1.34 fcambus 334: status line.
1.58 stsp 335: <li>Made all wireless drivers submit a batch of received packets to the
336: network stack during one interrupt if possible, rather than submitting
337: each packet individually. Prevents packet loss under high load due to
338: backpressure from the network stack.
1.1 beck 339: </ul>
340:
341: <li>Generic network stack improvements:
1.21 benno 342: <ul>
343: <li>Enabled TCP and UDP checksum offloading by default for
344: <a href="https://man.openbsd.org/ix.4">ix(4)</a>.
345: <li>Added <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a>, a 802.1Q
346: two-port MAC relay implementation.
1.38 fcambus 347: <li>Added <a href="https://man.openbsd.org/iavf.4">iavf(4)</a>, a driver for
1.34 fcambus 348: Intel SR-IOV Virtual Functions of Intel 700 series Ethernet controllers.
1.21 benno 349: <li>Added <a href="https://man.openbsd.org/aggr.4">aggr(4)</a>, a
350: dedicated driver to implement 802.1AX link aggregration.
351: <li>Added port protection support
352: to <a href="https://man.openbsd.org/switch.4">switch(4)</a>. Domain
353: membership is checked for unicast, flooded (broadcast) and local
1.34 fcambus 354: (host-network-bound, e.g. trunk) traffic.
1.21 benno 355: <li>Disabled <a href="https://man.openbsd.org/mobileip.4">mobileip(4)</a>.
356: <li>Added support
357: to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
358: for getting and setting rxprio, finishing support for RFC
359: 2983. Implemented configuring rxprio
360: in <a href="https://man.openbsd.org/vlan.4">vlan(4)</a>,
361: <a href="https://man.openbsd.org/gre.4">gre(4)</a>,
362: <a href="https://man.openbsd.org/mpw.4">mpw(4)</a>,
363: <a href="https://man.openbsd.org/mpe.4">mpe(4)</a>,
364: <a href="https://man.openbsd.org/mpip.4">mpip(4)</a>,
365: <a href="https://man.openbsd.org/etherip.4">etherip(4)</a>
1.23 fcambus 366: and <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>.
1.45 fcambus 367: <li>Implemented Tx mitigation by calling the hardware transmit
1.21 benno 368: routine per several packets rather than for individual
369: packets. Defers calls to the transmit routine to a network taskq,
370: or until a backlog of packets has built up.
371: <li>Stopped using <a href="https://man.openbsd.org/splnet.9">splnet(9)</a> when
372: running the network stack now
373: that it is using the NET_LOCK for protection, reducing latency spikes.
1.29 deraadt 374: <li>Added support for reading SFPs to some ethernet cards.
1.21 benno 375: </ul>
1.1 beck 376:
377: <li>Installer improvements:
1.21 benno 378: <ul>
379: <li>Allowed quoted SSIDs in the installer, rather than ignoring
380: those containing whitespace.
381: <li>Introduced <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
1.44 deraadt 382: that can be used to upgrade OpenBSD unattended.
383: <li><a href="errata65.html#p012_sysupgrade">A syspatch was provided which adds</a>
384: <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
385: to 6.5, so unattended upgrades to 6.6 can be
386: performed on amd64/arm64/i386 with <b># syspatch && sysupgrade</b>.
1.29 deraadt 387: <li>Created an <a href="https://www.openbsd.org/octeon.html">octeon</a>
388: bootloader which is a modified kernel. To use this bootloader, the
389: firmware must be configured to load file "boot" instead of "bsd".
1.21 benno 390: <li>Included <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a>
391: on the amd64 CD ramdisk.
392: <li>Added <a href="https://man.openbsd.org/tee.1">tee(1)</a> to the ramdisk, and
393: display a moving progress bar
394: during auto upgrade/install.
395: <li>Repaired and improved v6 default route selection, fixing autoinstalls.
396: <li>Added <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
397: support to the sparc64 bootloader.
1.45 fcambus 398: <li>The DHCP configuration is now preserved when restarting an install.
1.21 benno 399: <li>The installer now remembers 'autoconf' when restarting an install.
400: <li>Stopped prompting for disks that do not contain a root
401: partition during upgrades. This defaults to the correct disk
402: when full disk encryption is in use, and will be useful for
403: future unattended upgrades.
404: </ul>
1.1 beck 405:
406: <li>Security improvements:
407: <ul>
1.21 benno 408: <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
1.28 deraadt 409: now used in 77 userland programs to redact filesystem access.
1.21 benno 410: <li>Various changes
411: in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
1.23 fcambus 412: to improve application behavior when encountering hidden
1.21 benno 413: filesystem paths.
1.28 deraadt 414: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which
415: processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
416: with the <b>u</b> and <b>U</b> flags in STATE field.
417: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list
418: of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options
419: processes use with the <b>-o pledge</b> option.
1.22 benno 420: <li>Further and improved mitigations against Spectre side-channel
1.21 benno 421: vulnerability in Intel CPUs built since 2012.
422: <li>Mitigations for Intel's Microarchitectural Data Sampling
423: vulnerability, using the new CPU VERW behavior if available or
424: by using the proper sequence from Intel's "Deep Dive" doc in the
425: return-to-userspace and enter-VMM-guest
426: paths. Updated <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
427: to pass through the MSR bits so that guests can apply the
428: optimal mitigation.
429: <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
430: environment inheritance not to inherit, and instead reset to the
431: target user's values by default.
1.28 deraadt 432: <li>Prepare
1.41 solene 433: the <a href="https://www.openbsd.org/amd64.html">amd64</a> BIOS
1.28 deraadt 434: bootloader for loading the kernel at a random virtual address (future work).
1.21 benno 435: <li>Introduced
436: <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
437: and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,
438: which return memory in pages marked MAP_CONCEAL and call
439: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
440: on <a href="https://man.openbsd.org/free.3">free(3)</a>.
441: <li>Make 'systat pf' not require root permissions
442: (<a href="https://man.openbsd.org/systat.8">systat(8)</a>).
443: <li>Added support for the EFI Random Number Generator Protocol,
444: using it to XOR random data into the buffer we feed the kernel for
445: <a href="https://www.openbsd.org/amd64.html">amd64</a>.
446: <li>Added information about system call memory write protection
1.23 fcambus 447: and stack mapping violations to system
1.21 benno 448: accounting. Now <a href="https://man.openbsd.org/daily.8">daily(8)</a>
449: will print a list of affected processes
1.41 solene 450: and <a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
1.21 benno 451: will flag violations with 'M'.
1.1 beck 452: </ul>
453:
454: <li>Routing daemons and other userland network improvements:
1.21 benno 455: <ul>
456: <li>The <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
457: daemon now gets and sets the clock in a secure way when booting
458: even when a battery-backed clock is absent.
459: <li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> now
460: removes IPv6 addresses when it detects a link-state change but
461: no new router advertisement is received.
462: <li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
1.29 deraadt 463: now reports SFP, SFP+ and QSFP module information when using
464: the <b>sff</b> option.
1.21 benno 465: <li>Imported <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>,
1.45 fcambus 466: a new SNMP client which aims to be netsnmp-compatible for
1.21 benno 467: supported features, and
468: removed <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a>.
469: <li>Improvements
1.45 fcambus 470: in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> DNS
1.59 fcambus 471: resolving and constraints checking, especially during
1.45 fcambus 472: startup. Unreliable NTP peers are removed from the pool and
473: DNS resolving is repeated to add replacements.
1.21 benno 474: <li>Changed the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
475: Adj-RIB-Out to a per-peer set of RB trees, improving speed.
476: <li>Rewrote <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
477: community matching and handling code and improved performance
478: for setups using many communities.
479: <li>Checked the type of a network statement when looking for
480: duplicates
481: in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. This
482: fixes added network 0.0.0.0/0 after 'network inet static'.
483: <li>Made improvements
484: to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> speed when
485: configuring many peers.
486: <li>Implemented <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
487: 'show mrt neighbors', to print the neighbor table of MRT
488: TABLE_DUMP_V2 dumps.
489: <li>Moved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
490: pfkey socket to the parent process. The refreshing of the keys
491: for MD5 and IPSEC is done whenever the session state changes to
492: IDLE or ACTIVE, which should behave better when reloading
493: configs with auth changes.
494: <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, fixed
495: reloading of network statements that have no fixed prefix
496: specification.
497: <li>Extended the maximum size of
498: the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
499: shutdown communication message to 255 bytes.
500: <li>Improvements
501: in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, to
502: always check for namespace collisions on table
503: commands. Introduced 'pfctl -FR' to reset pfctl(8) settings to
504: defaults.
505: <li>Imported Kristaps Dzonsons' RPKI
506: validator, <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
507: <li> <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports
508: binary protocol health checking. See
509: <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
510: <li>Added support for OCSP stapling
511: to <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
512: <li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
513: support for SNI with new 'tls keypair' option to load additional
514: certificates.
515: <li>Added support for 'from/to address[/prefix]'
516: in <a href="https://man.openbsd.org/.8">relayd(8)</a> filter rules.
517: <li>Implemented RFC 8555 "Automatic Certificate Management
518: Environment (ACME)" to
519: enable <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
520: to communicate with the v02 Let's Encrypt API. Read the
521: <a href="faq/upgrade66.html">upgrade guide</a> for more information.
522: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
523: support for '-T erspan' and
524: arbitrary <a href="https://man.openbsd.org/gre.4">gre(4)</a>
525: protocols.
526: <li>Allowed specifying area by number as well as id
527: in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.
528: <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now
529: accepts both address and number format for 'ospfctl show
530: database area XXX'.
531: <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> reload
532: improvements.
533: <li>Added a check
534: to <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>
535: and <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>
536: that any "depend on" interfaces are in the same rdomain.
537: <li>Make 'passive' (announce a network configured on an interface
538: as a stub network) work with P2P interfaces
539: in <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>.
540: <li>Shutdown the service port when behind a captive portal
541: with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
542: allowing bypass of captive portals that correctly answer SOA
543: queries for the root zone and return NXDOMAIN for the captive
544: portal redirect domain if edns0 is present.
545: <li>Implemented DNS block lists
546: in <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
547: <li>Added support for IKEv2 Message Fragmentation (RFC 7383)
548: to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
549: <li>Enabled switching between wireless and wired interfaces in
550: dhclient(8), setting the default route with the interface
551: address and allowing two default routes in the routing table. A
1.23 fcambus 552: wired interface will be preferred when connected.
1.21 benno 553: <li>Added consistent use of 'ifconfig $_if [-inet| -inet6]' to clear existing
554: configurations completely after restarting an install.
555: <li>Added 'forwarded' log format extending the 'combined' log
556: format in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
557: </ul>
1.23 fcambus 558:
559: <li>Assorted improvements:
1.1 beck 560: <ul>
561: <li> The filesystem buffer cache now more aggressively uses memory
562: outside the DMA region, to improve cache performance on amd64
563: machines.
1.5 rob 564: <li> The BER API previously internal to
1.21 benno 565: <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>,
566: <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
567: <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>, and
568: <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> has been moved into
569: libutil.
570: See <a href="https://man.openbsd.org/ber_read_elements.3">ber_read_elements(3)</a>.
571: <li>Removed the old
572: userland <a href="https://man.openbsd.org/realpath.3">realpath(3)</a>
573: and replaced it with __realpath(2), a kernel
574: implementation. This will prevent
575: calling <a href="https://man.openbsd.org/readlink.2">readlink(2)</a>
576: on every component of a path and improve performance for
577: <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
578: <li><a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> speedups,
579: improving dynamic linker performance for large objects.
580: <li>Modified <a href="https://man.openbsd.org/systat.1">systat(1)</a>
581: to allow the use of 'b' to switch to stats since boot.
582: </ul>
583:
1.56 benno 584: <li>VMM/VMD improvements
1.21 benno 585: <ul>
586: <li>Added support for 'boot device'
1.37 anton 587: to <a href="https://man.openbsd.org/vm.conf.5#boot_device">vm.conf(5)</a>
1.21 benno 588: grammar, the '-B device' counterpart
589: from <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
590: <li>Emulated kvm pvclock
591: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, compatible
592: with <a href="https://man.openbsd.org/pvclock.4">pvclock(4)</a> in
593: OpenBSD.
594: <li>Enabled reporting of the vm state through use of
595: the <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
596: 'status' command.
597: <li>Synced vm state
598: in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when
599: (un)pausing a vm to ensure
600: both <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
601: and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> processes
602: know the vm is paused.
603: <li>Handled some unhandled instructions for SVM which led
604: to <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> guest
605: termination, as well as RDTSCP and INVLPGA instructions.
606: <li>Modified <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> to
607: flush guest TLB entries if the guest disables paging.
1.1 beck 608: </ul>
609:
610: <li>OpenSMTPD 6.6.0
611: <ul>
1.18 gilles 612: <li>New Features
613: <ul>
614: <li>Introduced support for ECDSA certificates with an ECDSA privsep engine.
1.21 benno 615: <li>Introduced builtin filters to allow basic filtering of incoming sessions
616: in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
617: <li>Introduced option to deliver junk to a Junk folder
618: in <a href="https://man.openbsd.org/mail.maildir.8">mail.maildir(8)</a>.
1.18 gilles 619: </ul>
620: <li>Bug fixes
621: <ul>
1.21 benno 622: <li>Fixed the <a href="https://man.openbsd.org/smtp.1">smtp(1)</a> client
623: so it uses correct default port for SMTPS.
624: <li>Fixed an <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash on
625: excessively large input.
1.18 gilles 626: <li>Ensured mail rejected by an LMTP server will stay queued rather than bouncing.
627: </ul>
628: <li>Experimental Features
629: <ul>
1.21 benno 630: <li>Introduced a filters API to allow writing standalone filters
631: for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
1.18 gilles 632: with multiple filters made available in ports.
1.21 benno 633: <li>Introduced support for proxy-v2 protocol
634: allowing <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> to
635: operate behind proxy.
1.18 gilles 636: </ul>
1.1 beck 637: </ul>
638:
639: <li>LibreSSL 3.0.X
640: <ul>
641: <li>API and Documentation Enhancements
642: <ul>
1.11 tb 643: <li>Completed the port of RSA_METHOD accessors from the
1.13 tb 644: OpenSSL 1.1 API.
1.21 benno 645: <li>Documented undescribed options and removed unfunctional
646: options description
647: in <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
648: manual.
1.1 beck 649: </ul>
650:
651: <li>Compatibility Changes
652: <ul>
653: </ul>
654:
655: <li>Testing and Proactive Security
656: <ul>
657: <li>
1.2 tb 658: A plethora of small fixes due to regular oss-fuzz testing.
1.13 tb 659: <li>
1.21 benno 660: Various side channels in DSA and ECDSA were addressed. These
661: are some of the many issues found in an extensive systematic
662: analysis of bignum usage by Samuel Weiser, David Schrammel et
663: al.
1.20 tb 664: <li>
1.21 benno 665: Try to compute the cofactor if a nonsensical value was
666: provided for ECC parameters. Fix from Billy Brumley.
1.1 beck 667: </ul>
668:
669: <li>Internal Improvements
1.21 benno 670: <ul>
671: </ul>
1.1 beck 672:
673: <li>Portable Improvements
674: <ul>
1.21 benno 675: <li>Enabled performance optimizations when building with Visual
676: Studio on Windows.
1.55 fcambus 677: <li>Enabled <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
678: speed subcommand on Windows platform.
1.1 beck 679: </ul>
680:
681: <li>Bug Fixes
682: <ul>
1.21 benno 683: <li>Fixed issue where SRTP extension would not be sent by
684: server.
685: <li>Fixed incorrect carry operation in 512 addition for
686: Streebog.
1.55 fcambus 687: <li>Fixed -modulus option with
688: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
689: dsa subcommand.
690: <li>Fixed PVK format output issue with
691: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
692: dsa and rsa subcommand.
1.46 tb 693: <li>Fixed a padding oracle attack in <code>PKCS7_dataDecode()</code>
694: and <code>CMS_decrypt_set1_pkey()</code> (<code>CMS</code>
695: is currently disabled). From Bernd Edlinger.
1.1 beck 696: </ul>
697: </ul>
698:
1.52 benno 699: <li>OpenSSH 8.1
1.1 beck 700: <ul>
1.21 benno 701: <li>New Features
702: <ul>
1.52 benno 703: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: Allow %n to be
704: expanded in ProxyCommand strings
705: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
706: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: Allow
707: prepending a list of algorithms to the default set by
708: starting the list with the '^' character, E.g.
709: "HostKeyAlgorithms ^ssh-ed25519"
710: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
711: add an experimental lightweight signature and verification
712: ability. Signatures may be made using regular ssh keys held
713: on disk or stored in a ssh-agent and verified against an
714: authorized_keys-like list of allowed keys. Signatures embed
715: a namespace that prevents confusion and attacks between
716: different usage domains (e.g. files vs email).
717: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
718: print key comment when extracting public key from a private
719: key. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3052'>bz#3052</a>
720: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
721: accept the verbose flag when searching for host keys in
722: known hosts (i.e. "ssh-keygen -vF host") to print the
723: matching host's random-art signature
724: too. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3003'>bz#3003</a>
725: <li>All: support PKCS8 as an optional format for storage of
726: private keys to disk. The OpenSSH native key format remains
727: the default, but PKCS8 is a superior format to PEM if
728: interoperability with non-OpenSSH software is required, as
729: it may use a less insecure key derivation function than
730: PEM's.
1.21 benno 731: </ul>
732: <li>Bugfixes
733: <ul>
1.52 benno 734: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: if a
735: PKCS#11 token returns no keys then try to login and
736: refetch them. Based on patch from Jakub
737: Jelen; <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2430'>bz#2430</a>
738: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
739: produce a useful error message if the user's shell is set
740: incorrectly during "match exec"
741: processing. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2791'>bz#2791</a>
742: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
743: allow the maximum uint32 value for the argument passed to
744: -b which allows better error messages from later
745: validation.
746: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3050'>bz#3050</a>
747: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
748: avoid pledge sandbox violations in some combinations of
749: remote forwarding, connection multiplexing and
750: ControlMaster.
751: <li><a href='https://man.openbsd.org/ssh-keyscan.1'>ssh-keyscan(1)</a>:
752: include SHA2-variant RSA key algorithms in KEX proposal;
753: allows ssh-keyscan to harvest keys from servers that
754: disable old SHA1
755: ssh-rsa. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3029'>bz#3029</a>
756: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
757: print explicit "not modified" message if a file was
758: requested for resumed download but was considered already
759: complete.
760: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2978'>bz#2978</a>
761: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
762: fix a typo and make <esc><right> move right to the
763: closest end of a word just like <esc><left> moves
764: left to the closest beginning of a word.
765: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
766: cap the number of permitopen/permitlisten directives
767: allowed to appear on a single authorized_keys line.
768: <li>All: fix a number of memory leaks (one-off or on exit paths).
769: <li>Regression tests: a number of fixes and improvements,
770: including fixes to the interop tests, adding the ability
771: to run most tests on builds that disable OpenSSL support,
772: better support for running tests under Valgrind and a
773: number of bug-fixes.
774: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
775: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
776: check for convtime() refusing to accept times that resolve
777: to LONG_MAX Reported by Kirk Wolf bz2977
778: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
779: slightly more instructive error message when the user
780: specifies multiple -J options on the command-line. bz3015
781: <li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>:
782: process agent requests for RSA certificate private keys
783: using correct signature algorithm when requested. bz3016
784: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
785: check for user@host when parsing sftp target. This allows
786: user@[1.2.3.4] to work without a
787: path. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2999'>bz#2999</a>
788: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
789: enlarge format buffer size for certificate serial number
790: so the log message can record any 64-bit integer without
791: truncation. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3012'>bz#3012</a>
792: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
793: for PermitOpen violations add the remote host and port to
794: be able to more easily ascertain the source of the
795: request. Add the same logging for PermitListen violations
796: which where not previously logged at all.
797: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>,
798: <a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
799: use the correct POSIX format style for left justification
800: for the transfer progress
801: meter. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3002'>bz#3002</a>
802: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>
803: when examining a configuration using sshd -T, assume any
804: attribute not provided by -C does not match, which allows
805: it to work when sshd_config contains a Match directive
806: with or without -C.
807: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2858'>bz#2858</a>
808: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
809: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
810: downgrade PKCS#11 "provider returned no slots" warning
811: from log level error to debug. This is common when
812: attempting to enumerate keys on smartcard readers with no
813: cards plugged
814: in. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3058'>bz#3058</a>
815: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
816: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
817: do not unconditionally log in to PKCS#11 tokens. Avoids
818: spurious PIN prompts for keys not selected for
819: authentication
820: in <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> and
821: when listing public keys available in a token
822: using <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>.
823: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3006'>bz#3006</a>
1.21 benno 824: </ul>
1.1 beck 825: </ul>
1.57 deraadt 826: <li>Mandoc
1.1 beck 827: <ul>
1.55 fcambus 828: <li>Provided a notification to stderr to indicate messages have been
829: shown when <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
830: output is printed without a pager, to indicate messages may have
1.21 benno 831: preceded the output.
832: <li>Fixed a segfault
833: in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when
834: /tmp is not writable.
835: <li>Added <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
836: support for 'prefers-color-scheme: dark'.
837: <li>Improved <a href="https://man.openbsd.org/man.1">man(1)</a>
838: matching for requests for a specific section.
1.1 beck 839: </ul>
840:
1.7 bentley 841: <li><p>Ports and packages:
1.1 beck 842: <ul>
843: </ul>
1.7 bentley 844: <p>Many pre-built packages for each architecture:
1.1 beck 845: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1.7 bentley 846: <ul style="column-count: 3">
1.1 beck 847: <li>aarch64: XXXX
848: <li>amd64: XXXX
1.42 benno 849: <li>armv7: XXXX
1.1 beck 850: <li>i386: XXXX
851: <li>mips64: XXXX
852: <li>mips64el: XXXX
853: <li>powerpc: XXXX
854: <li>sparc64: XXXX
1.7 bentley 855: </ul>
1.1 beck 856:
857: <li>As usual, steady improvements in manual pages and other documentation.
858:
859: <li>The system includes the following major components from outside suppliers:
1.21 benno 860: <ul>
1.25 jsg 861: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.5 + patches,
862: freetype 2.10.1, fontconfig 2.12.4, Mesa 19.0.8, xterm 344,
863: xkeyboard-config 2.20 and more)
864: <li>LLVM/Clang 8.0.1 (+ patches)
865: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
866: <li>Perl 5.28.2 (+ patches)
1.59 fcambus 867: <li>NSD 4.2.2
1.48 fcambus 868: <li>Unbound 1.9.4
1.25 jsg 869: <li>Ncurses 5.7
870: <li>Binutils 2.17 (+ patches)
871: <li>Gdb 6.3 (+ patches)
872: <li>Awk Aug 10, 2011 version
873: <li>Expat 2.2.8
1.21 benno 874: </ul>
1.1 beck 875: </ul>
1.7 bentley 876: </section>
1.1 beck 877:
878: <hr>
879:
1.7 bentley 880: <section id=install>
881: <h3>How to install</h3>
882: <p>
1.1 beck 883: Please refer to the following files on the mirror site for
884: extensive details on how to install OpenBSD 6.6 on your machine:
885:
886: <ul>
887: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/alpha/INSTALL.alpha">
888: .../OpenBSD/6.6/alpha/INSTALL.alpha</a>
889: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/amd64/INSTALL.amd64">
890: .../OpenBSD/6.6/amd64/INSTALL.amd64</a>
891: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/arm64/INSTALL.arm64">
892: .../OpenBSD/6.6/arm64/INSTALL.arm64</a>
893: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/armv7/INSTALL.armv7">
894: .../OpenBSD/6.6/armv7/INSTALL.armv7</a>
895: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/hppa/INSTALL.hppa">
896: .../OpenBSD/6.6/hppa/INSTALL.hppa</a>
897: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/i386/INSTALL.i386">
898: .../OpenBSD/6.6/i386/INSTALL.i386</a>
899: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/landisk/INSTALL.landisk">
900: .../OpenBSD/6.6/landisk/INSTALL.landisk</a>
901: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/loongson/INSTALL.loongson">
902: .../OpenBSD/6.6/loongson/INSTALL.loongson</a>
903: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/luna88k/INSTALL.luna88k">
904: .../OpenBSD/6.6/luna88k/INSTALL.luna88k</a>
905: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc">
906: .../OpenBSD/6.6/macppc/INSTALL.macppc</a>
907: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/octeon/INSTALL.octeon">
908: .../OpenBSD/6.6/octeon/INSTALL.octeon</a>
909: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/sparc64/INSTALL.sparc64">
910: .../OpenBSD/6.6/sparc64/INSTALL.sparc64</a>
911: </ul>
1.8 deraadt 912: </section>
1.1 beck 913:
914: <hr>
915:
1.7 bentley 916: <section id=quickinstall>
1.1 beck 917: <p>
918: Quick installer information for people familiar with OpenBSD, and the use of
919: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
920: If you are at all confused when installing OpenBSD, read the relevant
921: INSTALL.* file as listed above!
922:
1.7 bentley 923: <h3>OpenBSD/alpha:</h3>
1.1 beck 924:
1.7 bentley 925: <p>
1.1 beck 926: Write <i>floppy66.fs</i> or <i>floppyB66.fs</i> (depending on your machine)
927: to a diskette and enter <i>boot dva0</i>.
928: Refer to INSTALL.alpha for more details.
1.7 bentley 929:
1.1 beck 930: <p>
931: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
932: will most likely fail.
933:
1.7 bentley 934: <h3>OpenBSD/amd64:</h3>
1.1 beck 935:
1.7 bentley 936: <p>
1.1 beck 937: If your machine can boot from CD, you can write <i>install66.iso</i> or
938: <i>cd66.iso</i> to a CD and boot from it.
939: You may need to adjust your BIOS options first.
1.7 bentley 940:
1.1 beck 941: <p>
942: If your machine can boot from USB, you can write <i>install66.fs</i> or
943: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 944:
1.1 beck 945: <p>
946: If you can't boot from a CD, floppy disk, or USB,
947: you can install across the network using PXE as described in the included
948: INSTALL.amd64 document.
1.7 bentley 949:
1.1 beck 950: <p>
951: If you are planning to dual boot OpenBSD with another OS, you will need to
952: read INSTALL.amd64.
953:
1.7 bentley 954: <h3>OpenBSD/arm64:</h3>
1.1 beck 955:
1.7 bentley 956: <p>
1.1 beck 957: Write <i>miniroot66.fs</i> to a disk and boot from it after connecting
958: to the serial console. Refer to INSTALL.arm64 for more details.
959:
1.7 bentley 960: <h3>OpenBSD/armv7:</h3>
1.1 beck 961:
1.7 bentley 962: <p>
1.1 beck 963: Write a system specific miniroot to an SD card and boot from it after connecting
964: to the serial console. Refer to INSTALL.armv7 for more details.
965:
1.7 bentley 966: <h3>OpenBSD/hppa:</h3>
1.1 beck 967:
1.7 bentley 968: <p>
1.1 beck 969: Boot over the network by following the instructions in INSTALL.hppa or the
970: <a href="hppa.html#install">hppa platform page</a>.
971:
1.7 bentley 972: <h3>OpenBSD/i386:</h3>
1.1 beck 973:
1.7 bentley 974: <p>
1.1 beck 975: If your machine can boot from CD, you can write <i>install66.iso</i> or
976: <i>cd66.iso</i> to a CD and boot from it.
977: You may need to adjust your BIOS options first.
1.7 bentley 978:
1.1 beck 979: <p>
980: If your machine can boot from USB, you can write <i>install66.fs</i> or
981: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 982:
1.1 beck 983: <p>
984: If you can't boot from a CD, floppy disk, or USB,
985: you can install across the network using PXE as described in
986: the included INSTALL.i386 document.
1.7 bentley 987:
1.1 beck 988: <p>
989: If you are planning on dual booting OpenBSD with another OS, you will need to
990: read INSTALL.i386.
991:
1.7 bentley 992: <h3>OpenBSD/landisk:</h3>
1.1 beck 993:
1.7 bentley 994: <p>
1.1 beck 995: Write <i>miniroot66.fs</i> to the start of the CF
996: or disk, and boot normally.
997:
1.7 bentley 998: <h3>OpenBSD/loongson:</h3>
1.1 beck 999:
1.7 bentley 1000: <p>
1.1 beck 1001: Write <i>miniroot66.fs</i> to a USB stick and boot bsd.rd from it
1002: or boot bsd.rd via tftp.
1003: Refer to the instructions in INSTALL.loongson for more details.
1004:
1.7 bentley 1005: <h3>OpenBSD/luna88k:</h3>
1.1 beck 1006:
1.7 bentley 1007: <p>
1008: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1.1 beck 1009: from the PROM, and then bsd.rd from the bootloader.
1010: Refer to the instructions in INSTALL.luna88k for more details.
1011:
1.7 bentley 1012: <h3>OpenBSD/macppc:</h3>
1.1 beck 1013:
1.7 bentley 1014: <p>
1.1 beck 1015: Burn the image from a mirror site to a CDROM, and power on your machine
1016: while holding down the <i>C</i> key until the display turns on and
1017: shows <i>OpenBSD/macppc boot</i>.
1.7 bentley 1018:
1.1 beck 1019: <p>
1020: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1021: /6.6/macppc/bsd.rd</i>
1022:
1.7 bentley 1023: <h3>OpenBSD/octeon:</h3>
1.1 beck 1024:
1.7 bentley 1025: <p>
1.1 beck 1026: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1027: Refer to the instructions in INSTALL.octeon for more details.
1028:
1.7 bentley 1029: <h3>OpenBSD/sparc64:</h3>
1.1 beck 1030:
1.7 bentley 1031: <p>
1.1 beck 1032: Burn the image from a mirror site to a CDROM, boot from it, and type
1033: <i>boot cdrom</i>.
1.7 bentley 1034:
1.1 beck 1035: <p>
1036: If this doesn't work, or if you don't have a CDROM drive, you can write
1037: <i>floppy66.fs</i> or <i>floppyB66.fs</i>
1038: (depending on your machine) to a floppy and boot it with <i>boot
1039: floppy</i>. Refer to INSTALL.sparc64 for details.
1.7 bentley 1040:
1.1 beck 1041: <p>
1042: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1043: will most likely fail.
1.7 bentley 1044:
1.1 beck 1045: <p>
1046: You can also write <i>miniroot66.fs</i> to the swap partition on
1047: the disk and boot with <i>boot disk:b</i>.
1.7 bentley 1048:
1.1 beck 1049: <p>
1050: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1.7 bentley 1051: </section>
1.1 beck 1052:
1053: <hr>
1054:
1.7 bentley 1055: <section id=upgrade>
1056: <h3>How to upgrade</h3>
1057: <p>
1.1 beck 1058: If you already have an OpenBSD 6.5 system, and do not want to reinstall,
1059: upgrade instructions and advice can be found in the
1060: <a href="faq/upgrade66.html">Upgrade Guide</a>.
1.7 bentley 1061: </section>
1.1 beck 1062:
1063: <hr>
1064:
1.7 bentley 1065: <section id=sourcecode>
1066: <h3>Notes about the source code</h3>
1067: <p>
1068: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1.1 beck 1069: This file contains everything you need except for the kernel sources,
1070: which are in a separate archive.
1071: To extract:
1072: <blockquote><pre>
1.7 bentley 1073: # <kbd>mkdir -p /usr/src</kbd>
1074: # <kbd>cd /usr/src</kbd>
1075: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1.1 beck 1076: </pre></blockquote>
1.7 bentley 1077: <p>
1078: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1.1 beck 1079: This file contains all the kernel sources you need to rebuild kernels.
1080: To extract:
1081: <blockquote><pre>
1.7 bentley 1082: # <kbd>mkdir -p /usr/src/sys</kbd>
1083: # <kbd>cd /usr/src</kbd>
1084: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1.1 beck 1085: </pre></blockquote>
1.7 bentley 1086: <p>
1.1 beck 1087: Both of these trees are a regular CVS checkout. Using these trees it
1088: is possible to get a head-start on using the anoncvs servers as
1089: described <a href="anoncvs.html">here</a>.
1090: Using these files
1091: results in a much faster initial CVS update than you could expect from
1092: a fresh checkout of the full OpenBSD source tree.
1.7 bentley 1093: </section>
1.1 beck 1094:
1095: <hr>
1096:
1.7 bentley 1097: <section id=ports>
1098: <h3>Ports Tree</h3>
1099: <p>
1.1 beck 1100: A ports tree archive is also provided. To extract:
1101: <blockquote><pre>
1.7 bentley 1102: # <kbd>cd /usr</kbd>
1103: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1.1 beck 1104: </pre></blockquote>
1.7 bentley 1105: <p>
1.1 beck 1106: Go read the <a href="faq/ports/index.html">ports</a> page
1107: if you know nothing about ports
1108: at this point. This text is not a manual of how to use ports.
1109: Rather, it is a set of notes meant to kickstart the user on the
1110: OpenBSD ports system.
1111: <p>
1112: The <i>ports/</i> directory represents a CVS checkout of our ports.
1113: As with our complete source tree, our ports tree is available via
1114: <a href="anoncvs.html">AnonCVS</a>.
1115: So, in order to keep up to date with the -stable branch, you must make
1116: the <i>ports/</i> tree available on a read-write medium and update the tree
1117: with a command like:
1118: <blockquote><pre>
1.7 bentley 1119: # <kbd>cd /usr/ports</kbd>
1.15 jsg 1120: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_6</kbd>
1.1 beck 1121: </pre></blockquote>
1.7 bentley 1122: <p>
1.1 beck 1123: [Of course, you must replace the server name here with a nearby anoncvs
1124: server.]
1125: <p>
1126: Note that most ports are available as packages on our mirrors. Updated
1127: ports for the 6.6 release will be made available if problems arise.
1128: <p>
1129: If you're interested in seeing a port added, would like to help out, or just
1130: would like to know more, the mailing list
1131: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1.7 bentley 1132: </section>