Annotation of www/66.html, Revision 1.77
1.7 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.1 beck 5: <title>OpenBSD 6.6</title>
6: <meta name="description" content="OpenBSD 6.6">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/66.html">
10:
1.7 bentley 11: <h2 id=OpenBSD>
1.1 beck 12: <a href="index.html">
1.7 bentley 13: <i>Open</i><b>BSD</b></a>
14: 6.6
1.1 beck 15: </h2>
16:
1.7 bentley 17: <table>
18: <tr>
19: <td>
1.71 job 20: <a href="images/sixdotsix.gif"><!-- XXX -->
21: <img alt="XXX" width="227" height="343" src="images/sixdotsix-s.gif"></a>
1.7 bentley 22: <td>
1.72 deraadt 23: Released Oct 17, 2019<br>
1.1 beck 24: Copyright 1997-2019, Theo de Raadt.<br>
25: <br>
26: <br>
1.70 job 27: Artwork by Natasha Allegri.
1.1 beck 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
1.7 bentley 32: <li>Go to the <code class=reldir>pub/OpenBSD/6.6/</code> directory on
1.1 beck 33: one of the mirror sites.
34: <li>Have a look at <a href="errata66.html">the 6.6 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus66.html">detailed log of changes</a> between the
37: 6.5 and 6.6 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
1.7 bentley 42: <table class=signify>
43: <tr><td>
44: openbsd-66-base.pub:
1.1 beck 45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/openbsd-66-base.pub">
1.21 benno 47: RWSvK/c+cFe24BIalifKnqoqdvLlXfeZ9MIj3MINndNeKgyYw5PpcWGn</a>
1.7 bentley 48: <tr><td>
1.1 beck 49: openbsd-66-fw.pub:
1.7 bentley 50: <td>
1.21 benno 51: RWSKyzM3wogTrgHkO88MnRiK/yuu8xy2OeIqhnP/uGL/j2IF4I5djMIM
1.7 bentley 52: <tr><td>
1.1 beck 53: openbsd-66-pkg.pub:
1.7 bentley 54: <td>
1.21 benno 55: RWSS4lqHZ5ayOFMBPj3leAkE9tCsSWG9OxD6MmAIS5Y3H3tD6F4vP/eF
1.7 bentley 56: <tr><td>
1.1 beck 57: openbsd-66-syspatch.pub:
1.7 bentley 58: <td>
1.21 benno 59: RWRQMmZg6mMlSTfHsJH9czeLAvf9e+ViLvkQ4id4dxaQqWU3aX9Cl/W1
1.1 beck 60: </table>
1.7 bentley 61: </ul>
1.1 beck 62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
1.9 deraadt 65: files fetched via <code>ports.tar.gz</code>.
1.7 bentley 66: </table>
1.1 beck 67:
68: <hr>
69:
1.7 bentley 70: <section id=new>
71: <h3>What's New</h3>
72: <p>
1.1 beck 73: This is a partial list of new features and systems included in OpenBSD 6.6.
74: For a comprehensive list, see the <a href="plus66.html">changelog</a> leading
75: to 6.6.
76:
77: <ul>
78:
1.59 fcambus 79: <li>General improvements and bugfixes:
1.21 benno 80: <ul>
81: <li>Fixed support for amd64 machines with greater than 1023GB
82: physical memory.
83: <li><a href="https://man.openbsd.org/drm.4">drm(4)</a> updates.
1.31 brynet 84: <li>The octeon platform is now using
85: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
86: as the base system compiler.
87: <li>The powerpc architecture is now provided with
1.21 benno 88: <a href="https://man.openbsd.org/clang.1">clang(1)</a>, in
1.42 benno 89: addition to aarch64, amd64, armv7, i386, mips64el, sparc64.
1.21 benno 90: <li>Disabled <a href="https://man.openbsd.org/gcc.1">gcc</a> in
1.34 fcambus 91: base on armv7 and i386.
1.21 benno 92: <li>Prevented <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
93: from repeatedly obtaining a new lease when the mtu is given in a
94: lease.
95: <li>Prevented more than one thread from opening a
96: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> device in
97: read/write mode.
98: <li>Allowed non-root users to become owner of the
99: <a href="https://man.openbsd.org/drm.4">drm(4)</a> device when they are
100: the first to open it.
101: <li>Added regular expression support for the format search, match
102: and substitute modifiers in
103: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
104: <li>Added a -v flag to source-file in
105: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to show the commands
106: and line numbers.
107: <li>Added simple menus usable with mouse or keyboard in
108: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
109: Introduced the command "display-menu" to show a menu bound to
110: the mouse on status line by default, and added menus in tree,
1.23 fcambus 111: client and buffer modes.
1.21 benno 112: <li>Changed the behavior of swap-window -d in
113: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to match
114: swap-pane.
115: <li>Allow panes to be empty in
116: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>, and
117: enabling output to be piped to them with split-window or
118: display-message -I.
119: <li>Adjusted <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
120: to automatically scroll when dragging to create a selection with
121: the mouse when the cursor reaches the top or bottom line.
122: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
123: crash when killing the current window, and other bugfixes.
124: </ul>
125:
1.57 deraadt 126: <li>SMP-Improvements, System call unlocking:
1.21 benno 127: <ul>
128: <li>Unlocked <a href="https://man.openbsd.org/getrlimit.2">getrlimit(2)</a>
129: and <a href="https://man.openbsd.org/setrlimit.2">setrlimit(2)</a>
1.34 fcambus 130: syscalls.
1.21 benno 131: <li>Unlocked <a href="https://man.openbsd.org/read.2">read(2)</a> and
132: <a href="https://man.openbsd.org/write.2">write(2)</a> syscalls.
133: <li>Removed the KERNEL_LOCK from
134: the <a href="https://man.openbsd.org/bridge.4">bridge(4)</a>
1.23 fcambus 135: output fast-path.
1.21 benno 136: <li>Made resource limit access MP-safe.
1.37 anton 137: <li>Made
138: <a href="https://man.openbsd.org/file.9">file(9)</a>
139: offset access MP-safe.
1.21 benno 140: </ul>
141:
1.1 beck 142: <li>Improved hardware support, including:
1.21 benno 143: <ul>
1.67 benno 144: <li>Implemented Linux compatible
1.21 benno 145: <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>
146: interfaces and enabled the ACPI support code in
147: <a href="https://man.openbsd.org/radeon.4">radeon(4)</a> and
148: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
149: <li>Implemented backlight control for
150: <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, allowing setting
151: of the backlight using
152: <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
1.62 jcs 153: <li>Both sets of speakers work by default on the ThinkPad X1C7.
1.21 benno 154: <li>Added <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, an AMD
1.25 jsg 155: Radeon GPU video driver.
1.21 benno 156: <li>Added TSC synchronization for multiprocessor machines and re-enabled TSC
157: as the default amd64 time source.
1.62 jcs 158: <li>Added support for Realtek ALC285 in
1.21 benno 159: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
160: <li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support
161: for the KSMedia 8-bit IR format and for dual functions on integrated USB
162: cameras.
1.41 solene 163: <li>Added the <a href="https://man.openbsd.org/aplgpio.4">aplgpio(4)</a>
1.45 fcambus 164: driver for the GPIO controllers on Intel's Apollo Lake SoC.
1.21 benno 165: <li>Implemented MSI-X support on sparc64.
166: <li>Skipped PCI host bridges and devices not present with
1.74 bentley 167: <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> when establishing
1.21 benno 168: the mapping between ACPI device nodes and PCI devices.
169: <li>Added the <a href="https://man.openbsd.org/ukspan.4">ukspan(4)</a>
170: driver for the Keyspan USA19HS USB serial adapter.
1.43 jmatthew 171: <li>Improved support for SAS3 controllers, made device enumeration during
172: boot more reliable, and enabled 64bit DMA for io in
1.21 benno 173: <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
174: <li>Fixed MSI/MSI-X on arm64 machines with
175: <a href="https://man.openbsd.org/agintc.4">agintc(4)</a>.
176: <li>Added MSI-X support in
177: <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>, pciecam,
178: <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> and
179: <a href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
180: <li>Improved support for type4 devices in the
181: <a href="https://man.openbsd.org/ubcmtp.4">ubcmtp(4)</a> multi-touch
182: trackpad driver.
183: <li>Support for <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> 1.0
184: specification for PCI devices.
185: <li>Improved support for the AR9271 chipset
186: in <a href="https://man.openbsd.org/athn.4">athn(4)</a> .
1.58 stsp 187: <li>Repaired support for <a href="https://man.openbsd.org/athn.4">athn(4)</a>
188: 9280 1T2R devices (broken since OpenBSD 6.5).
1.62 jcs 189: <li>Added support for the trackpad and trackpoint of the Dell Precision 7520
190: laptop.
191: <li>Added the Colemak keyboard layout.
1.21 benno 192: <li>New <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
193: driver for the Fairchild FUSB302 USB Type-C controller.
194: <li>Added a fallback to
195: <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>
196: which enables the USB ports on the RockPro64.
197: <li>Added support for more Intel 300 Series PCH devices to
198: <a href="https://man.openbsd.org/ichiic.4">ichiic(4)</a>.
199: <li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> driver for
1.34 fcambus 200: Mellanox ConnectX-4 (and later) Ethernet controllers.
1.21 benno 201: <li>Added support for the cryptographic coprocessor found on newer
202: AMD Ryzen CPUs/APUs.
203: <li>Improved the <a href="https://man.openbsd.org/envy.4">envy(4)</a> codec
204: API and used it on ESI Juli@ cards.
205: <li>Enabled EnvyHT-specific sample rates (above 96kHz) on the host
206: controller for <a href="https://man.openbsd.org/envy.4">envy(4)</a>
207: devices.
208: <li>Added support for the USB serial adapter found in Juniper SRX 300 to
209: <a href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
210: <li>Updated shared drm code,
211: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>
212: and <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
1.50 jsg 213: to linux 4.19.78. This adds support for Intel Broxton/Apollo
1.25 jsg 214: Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake,
1.34 fcambus 215: and Comet Lake hardware.
1.21 benno 216: <li>Made <a href="https://man.openbsd.org/startx.1">startx(1)</a> and
217: <a href="https://man.openbsd.org/xinit.1">xinit(1)</a> work again on
218: modern systems using
219: <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>,
220: <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
221: and <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
222: <li>Added <a href="https://man.openbsd.org/mcprtc.4">mcprtc(4)</a>, a driver
223: for the Microchip MCP79400 RTC and similar.
224: <li>Added I2C clock gates to <a href="https://man.openbsd.org/mvclock.4">
225: mvclock(4)</a>.
1.40 jmatthew 226: <li>Added support for MSI-X to <a href="https://man.openbsd.org/bnxt.4">
1.21 benno 227: bnxt(4)</a>.
228: <li>Added <a href="https://man.openbsd.org/octpip.4">octpip(4)</a>, a driver
1.34 fcambus 229: for the Octeon packet input processing unit.
1.21 benno 230: <li>Added the <a href="https://man.openbsd.org/octiic.4">octiic(4)</a>
231: driver for OCTEON two-wire serial interfaces.
232: <li>Enabled <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> on octeon.
233: <li>Added <a href="https://man.openbsd.org/octpcie.4">octpcie(4)</a>, a
234: driver for the PCIe controller found on OCTEON II and OCTEON III.
235: <li>Fixed random kernel hangs on
236: some <a href="https://www.openbsd.org/sparc64.html">sparc64</a>
237: machines by blocking interrupts while sending an IPI on sunv4
238: (as on sun4u).
1.40 jmatthew 239: <li><a href="https://man.openbsd.org/ure.4">ure(4)</a> now supports
1.62 jcs 240: RTL8153B devices, adding support for Ethernet on Lenovo USB-C docks.
1.51 brynet 241: <li>Added new <a href="http://man.openbsd.org/ksmn.4">ksmn(4)</a> driver
242: for temperature sensor on AMD Family 17h CPUs.
1.58 stsp 243: <li>Explicitly disable BCM4331 wifi chips present in 2011-2012 Apple Mac systems.
244: Fixes an interrupt storm that consumes about 50% of CPU0 on affected machines.
1.21 benno 245: </ul>
246:
247: <li>Improved <a href="https://www.openbsd.org/arm64.html">arm64</a> hardware
248: support, including:
1.23 fcambus 249: <ul>
1.21 benno 250: <li>Added support for Ampere eMAG CPU based systems.
251: <li>Added support to <a href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>
252: for obtaining CPU clock frequency.
253: <li>Enabled <a href="https://man.openbsd.org/amlmmc.4">amlmmc(4)</a>, a
254: driver for the SD/MMC controller found on various Amlogic SoCs.
255: <li>Implemented setting the CPU clock for Allwinner A64 SoCs in
256: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
257: <li>Added <a href="https://man.openbsd.org/amldwusb.4">amldwusb(4)</a>,
258: <a href="https://man.openbsd.org/amlusbphy.4">amlusbphy(4)</a> and
259: <a href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>, drivers
260: for the USB controller and PHYs on the Amlogic G12A/B SoCs.
261: <li>Added <a href="https://man.openbsd.org/imxtmu.4">imxtmu(4)</a>, a driver
1.23 fcambus 262: to support the temperature sensors on i.MX8M SoCs.
1.21 benno 263: <li>Added <a href="https://man.openbsd.org/amlrng.4">amlrng(4)</a>, a simple
264: random number generator driver for Amlogic SoCs.
265: <li>Added <a href="https://man.openbsd.org/amclock.4">amclock(4)</a>,
266: a driver for the Amlogic SoC clocks.
267: <li>Added <a href="https://man.openbsd.org/amluart.4">amluart(4)</a>, a
268: driver for the UARTs found on various Amlogic SoCs.
269: <li>Added support for the SMBus System Interfaces (SSIF) to
1.34 fcambus 270: <a href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
1.21 benno 271: <li>PXE booting using U-Boot works now.
272: <li>Added clock support
273: to <a href="https://man.openbsd.org/sxisyscon.4">sxisyscon(4)</a>,
274: a driver for the system controller found on various Allwinner
275: SoCs.
276: <li>Implemented <a href="https://man.openbsd.org/smbios.4">smbios(4)</a>
277: support on arm64.
278: <li>Added <a href="https://man.openbsd.org/ucrcom.4">ucrcom(4)</a>, a driver
279: for the serial console of chromebooks.
280: <li>Enabled <a href="https://man.openbsd.org/mvmdio.4">mvmdio(4)</a> and
281: <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> on arm64.
282: <li>Added <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a>
283: support for 'pinconf-single' devices and support for
1.23 fcambus 284: bias and drive-strength properties, needed for HiSilicon SoCs.
1.32 fcambus 285: <li>Added <a href="https://man.openbsd.org/mvdog.4">mvdog(4)</a>, a driver
1.21 benno 286: to support the watchdog on the Armada 3700 SoC.
287: <li>Added support for the Allwinner H6 to
288: <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a> and
289: <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>.
290: <li>Added <a href="https://man.openbsd.org/mviic.4">mviic(4)</a>, a driver
291: to support the I2C controller on the Armada 3700 SoC.
292: <li>Added <a href="https://man.openbsd.org/mvuart.4">mvuart(4)</a> to
1.34 fcambus 293: support the Armada 3720's serial console.
1.21 benno 294: <li>Added support for the Armada 3720 clocks to
1.33 fcambus 295: <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
1.21 benno 296: <li>Added support for the Armada 3720 pinctrl controller to
297: <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>. This
298: controller also includes GPIO controller functionality.
299: <li>Added the RK3328 and RK3399 GMAC clocks to
1.34 fcambus 300: <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.21 benno 301: <li>Increased MAXCPUs to 32 in arm64, allowing use of all cores on the Ampere
302: eMAG.
303: <li>Added support for the Cortex-A65 CPU.
304: <li>Implemented interrupt controller functionality in
305: <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a>,
306: allowing use of the
307: <a href="https://man.openbsd.org/fusbtc.4">fusbtc(4)</a>
308: interrupt on the RockPro64.
309: </ul>
1.1 beck 310:
311: <li>IEEE 802.11 wireless stack improvements:
312: <ul>
1.60 stsp 313: <li>Repaired the
314: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
315: 'nwflag' command (broken since OpenBSD 6.4).
1.58 stsp 316: <li>Added a new 'stayauth' nwflag which can be set to ignore deauth frames.
317: This is useful when deauth frames are being spoofed by an attacker.
1.60 stsp 318: <li>Repaired the
319: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
320: 'mode' command to properly force a wireless interface into 11a/b/g/n mode.
1.58 stsp 321: <li>Made 11n Tx rate selection more sensitive to transmission failures.
322: <li>Fixed automatic use of HT protection in 11n hostap mode.
323: <li>Fixed WPA APs occasionally appearing as non-WPA APs during AP selection.
324: <li>Fixed some eligible APs being ignored during AP selection after a
325: roaming failure.
326: <li>Added support for 802.11n Tx aggregation to net80211 and the
327: <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> driver.
1.21 benno 328: <li>Made net80211 expose reasons for association failures to have
329: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
330: display them in "scan" output and on the
331: <a href="https://man.openbsd.org/ieee80211.9">ieee80211(9)</a>
1.34 fcambus 332: status line.
1.58 stsp 333: <li>Made all wireless drivers submit a batch of received packets to the
334: network stack during one interrupt if possible, rather than submitting
335: each packet individually. Prevents packet loss under high load due to
336: backpressure from the network stack.
1.1 beck 337: </ul>
338:
339: <li>Generic network stack improvements:
1.21 benno 340: <ul>
341: <li>Enabled TCP and UDP checksum offloading by default for
342: <a href="https://man.openbsd.org/ix.4">ix(4)</a>.
343: <li>Added <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a>, a 802.1Q
344: two-port MAC relay implementation.
1.38 fcambus 345: <li>Added <a href="https://man.openbsd.org/iavf.4">iavf(4)</a>, a driver for
1.34 fcambus 346: Intel SR-IOV Virtual Functions of Intel 700 series Ethernet controllers.
1.21 benno 347: <li>Added <a href="https://man.openbsd.org/aggr.4">aggr(4)</a>, a
1.73 bentley 348: dedicated driver to implement 802.1AX link aggregation.
1.21 benno 349: <li>Added port protection support
350: to <a href="https://man.openbsd.org/switch.4">switch(4)</a>. Domain
351: membership is checked for unicast, flooded (broadcast) and local
1.34 fcambus 352: (host-network-bound, e.g. trunk) traffic.
1.21 benno 353: <li>Disabled <a href="https://man.openbsd.org/mobileip.4">mobileip(4)</a>.
354: <li>Added support
355: to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
356: for getting and setting rxprio, finishing support for RFC
357: 2983. Implemented configuring rxprio
358: in <a href="https://man.openbsd.org/vlan.4">vlan(4)</a>,
359: <a href="https://man.openbsd.org/gre.4">gre(4)</a>,
360: <a href="https://man.openbsd.org/mpw.4">mpw(4)</a>,
361: <a href="https://man.openbsd.org/mpe.4">mpe(4)</a>,
362: <a href="https://man.openbsd.org/mpip.4">mpip(4)</a>,
363: <a href="https://man.openbsd.org/etherip.4">etherip(4)</a>
1.23 fcambus 364: and <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>.
1.45 fcambus 365: <li>Implemented Tx mitigation by calling the hardware transmit
1.21 benno 366: routine per several packets rather than for individual
367: packets. Defers calls to the transmit routine to a network taskq,
368: or until a backlog of packets has built up.
369: <li>Stopped using <a href="https://man.openbsd.org/splnet.9">splnet(9)</a> when
370: running the network stack now
371: that it is using the NET_LOCK for protection, reducing latency spikes.
1.29 deraadt 372: <li>Added support for reading SFPs to some ethernet cards.
1.21 benno 373: </ul>
1.1 beck 374:
375: <li>Installer improvements:
1.21 benno 376: <ul>
377: <li>Allowed quoted SSIDs in the installer, rather than ignoring
378: those containing whitespace.
379: <li>Introduced <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
1.44 deraadt 380: that can be used to upgrade OpenBSD unattended.
381: <li><a href="errata65.html#p012_sysupgrade">A syspatch was provided which adds</a>
382: <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
383: to 6.5, so unattended upgrades to 6.6 can be
384: performed on amd64/arm64/i386 with <b># syspatch && sysupgrade</b>.
1.29 deraadt 385: <li>Created an <a href="https://www.openbsd.org/octeon.html">octeon</a>
386: bootloader which is a modified kernel. To use this bootloader, the
387: firmware must be configured to load file "boot" instead of "bsd".
1.21 benno 388: <li>Included <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a>
389: on the amd64 CD ramdisk.
390: <li>Added <a href="https://man.openbsd.org/tee.1">tee(1)</a> to the ramdisk, and
391: display a moving progress bar
392: during auto upgrade/install.
393: <li>Repaired and improved v6 default route selection, fixing autoinstalls.
394: <li>Added <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>
395: support to the sparc64 bootloader.
1.45 fcambus 396: <li>The DHCP configuration is now preserved when restarting an install.
1.21 benno 397: <li>The installer now remembers 'autoconf' when restarting an install.
398: <li>Stopped prompting for disks that do not contain a root
399: partition during upgrades. This defaults to the correct disk
400: when full disk encryption is in use, and will be useful for
401: future unattended upgrades.
402: </ul>
1.1 beck 403:
404: <li>Security improvements:
405: <ul>
1.21 benno 406: <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
1.28 deraadt 407: now used in 77 userland programs to redact filesystem access.
1.21 benno 408: <li>Various changes
409: in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
1.23 fcambus 410: to improve application behavior when encountering hidden
1.21 benno 411: filesystem paths.
1.28 deraadt 412: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which
413: processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
414: with the <b>u</b> and <b>U</b> flags in STATE field.
415: <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list
416: of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options
417: processes use with the <b>-o pledge</b> option.
1.22 benno 418: <li>Further and improved mitigations against Spectre side-channel
1.21 benno 419: vulnerability in Intel CPUs built since 2012.
420: <li>Mitigations for Intel's Microarchitectural Data Sampling
421: vulnerability, using the new CPU VERW behavior if available or
422: by using the proper sequence from Intel's "Deep Dive" doc in the
423: return-to-userspace and enter-VMM-guest
424: paths. Updated <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
425: to pass through the MSR bits so that guests can apply the
426: optimal mitigation.
427: <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
428: environment inheritance not to inherit, and instead reset to the
429: target user's values by default.
1.28 deraadt 430: <li>Prepare
1.41 solene 431: the <a href="https://www.openbsd.org/amd64.html">amd64</a> BIOS
1.28 deraadt 432: bootloader for loading the kernel at a random virtual address (future work).
1.21 benno 433: <li>Introduced
434: <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
435: and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,
436: which return memory in pages marked MAP_CONCEAL and call
437: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
438: on <a href="https://man.openbsd.org/free.3">free(3)</a>.
439: <li>Make 'systat pf' not require root permissions
1.74 bentley 440: (<a href="https://man.openbsd.org/systat.1">systat(1)</a>).
1.21 benno 441: <li>Added support for the EFI Random Number Generator Protocol,
442: using it to XOR random data into the buffer we feed the kernel for
443: <a href="https://www.openbsd.org/amd64.html">amd64</a>.
444: <li>Added information about system call memory write protection
1.23 fcambus 445: and stack mapping violations to system
1.21 benno 446: accounting. Now <a href="https://man.openbsd.org/daily.8">daily(8)</a>
447: will print a list of affected processes
1.41 solene 448: and <a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
1.21 benno 449: will flag violations with 'M'.
1.1 beck 450: </ul>
451:
452: <li>Routing daemons and other userland network improvements:
1.21 benno 453: <ul>
454: <li>The <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
455: daemon now gets and sets the clock in a secure way when booting
456: even when a battery-backed clock is absent.
457: <li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> now
458: removes IPv6 addresses when it detects a link-state change but
459: no new router advertisement is received.
460: <li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
1.29 deraadt 461: now reports SFP, SFP+ and QSFP module information when using
462: the <b>sff</b> option.
1.21 benno 463: <li>Imported <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>,
1.45 fcambus 464: a new SNMP client which aims to be netsnmp-compatible for
1.21 benno 465: supported features, and
1.74 bentley 466: removed <a href="https://man.openbsd.org/OpenBSD-6.5/snmpctl.8">snmpctl(8)</a>.
1.21 benno 467: <li>Improvements
1.45 fcambus 468: in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> DNS
1.59 fcambus 469: resolving and constraints checking, especially during
1.45 fcambus 470: startup. Unreliable NTP peers are removed from the pool and
471: DNS resolving is repeated to add replacements.
1.21 benno 472: <li>Changed the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
473: Adj-RIB-Out to a per-peer set of RB trees, improving speed.
474: <li>Rewrote <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
475: community matching and handling code and improved performance
476: for setups using many communities.
477: <li>Checked the type of a network statement when looking for
478: duplicates
479: in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. This
480: fixes added network 0.0.0.0/0 after 'network inet static'.
481: <li>Made improvements
482: to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> speed when
483: configuring many peers.
484: <li>Implemented <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
485: 'show mrt neighbors', to print the neighbor table of MRT
486: TABLE_DUMP_V2 dumps.
487: <li>Moved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
488: pfkey socket to the parent process. The refreshing of the keys
489: for MD5 and IPSEC is done whenever the session state changes to
490: IDLE or ACTIVE, which should behave better when reloading
491: configs with auth changes.
492: <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, fixed
493: reloading of network statements that have no fixed prefix
494: specification.
495: <li>Extended the maximum size of
496: the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
497: shutdown communication message to 255 bytes.
498: <li>Improvements
499: in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, to
500: always check for namespace collisions on table
501: commands. Introduced 'pfctl -FR' to reset pfctl(8) settings to
502: defaults.
503: <li>Imported Kristaps Dzonsons' RPKI
504: validator, <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
505: <li> <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports
506: binary protocol health checking. See
507: <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
508: <li>Added support for OCSP stapling
509: to <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
510: <li>Added <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
511: support for SNI with new 'tls keypair' option to load additional
512: certificates.
513: <li>Added support for 'from/to address[/prefix]'
1.73 bentley 514: in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> filter rules.
1.21 benno 515: <li>Implemented RFC 8555 "Automatic Certificate Management
516: Environment (ACME)" to
517: enable <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
518: to communicate with the v02 Let's Encrypt API. Read the
519: <a href="faq/upgrade66.html">upgrade guide</a> for more information.
520: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
521: support for '-T erspan' and
522: arbitrary <a href="https://man.openbsd.org/gre.4">gre(4)</a>
523: protocols.
524: <li>Allowed specifying area by number as well as id
525: in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.
526: <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now
527: accepts both address and number format for 'ospfctl show
528: database area XXX'.
529: <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> reload
530: improvements.
531: <li>Added a check
532: to <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>
533: and <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>
534: that any "depend on" interfaces are in the same rdomain.
535: <li>Make 'passive' (announce a network configured on an interface
536: as a stub network) work with P2P interfaces
537: in <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>.
538: <li>Shutdown the service port when behind a captive portal
539: with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>,
540: allowing bypass of captive portals that correctly answer SOA
541: queries for the root zone and return NXDOMAIN for the captive
542: portal redirect domain if edns0 is present.
543: <li>Implemented DNS block lists
544: in <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
545: <li>Added support for IKEv2 Message Fragmentation (RFC 7383)
546: to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
547: <li>Enabled switching between wireless and wired interfaces in
548: dhclient(8), setting the default route with the interface
549: address and allowing two default routes in the routing table. A
1.23 fcambus 550: wired interface will be preferred when connected.
1.21 benno 551: <li>Added consistent use of 'ifconfig $_if [-inet| -inet6]' to clear existing
552: configurations completely after restarting an install.
553: <li>Added 'forwarded' log format extending the 'combined' log
554: format in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
555: </ul>
1.23 fcambus 556:
557: <li>Assorted improvements:
1.1 beck 558: <ul>
559: <li> The filesystem buffer cache now more aggressively uses memory
560: outside the DMA region, to improve cache performance on amd64
561: machines.
1.5 rob 562: <li> The BER API previously internal to
1.21 benno 563: <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>,
564: <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
565: <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>, and
566: <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> has been moved into
567: libutil.
568: See <a href="https://man.openbsd.org/ber_read_elements.3">ber_read_elements(3)</a>.
569: <li>Removed the old
570: userland <a href="https://man.openbsd.org/realpath.3">realpath(3)</a>
571: and replaced it with __realpath(2), a kernel
572: implementation. This will prevent
573: calling <a href="https://man.openbsd.org/readlink.2">readlink(2)</a>
574: on every component of a path and improve performance for
575: <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
576: <li><a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> speedups,
577: improving dynamic linker performance for large objects.
578: <li>Modified <a href="https://man.openbsd.org/systat.1">systat(1)</a>
579: to allow the use of 'b' to switch to stats since boot.
1.64 schwarze 580: <li>From <a href="https://man.openbsd.org/perldoc.1">perldoc(1)</a>,
581: always produce <a href="https://man.openbsd.org/man.7">man(7)</a>
582: output in UTF-8, which gives better results with our
583: <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
584: renderer no matter which <code>LC_CTYPE</code> the user selected.
1.21 benno 585: </ul>
586:
1.56 benno 587: <li>VMM/VMD improvements
1.21 benno 588: <ul>
589: <li>Added support for 'boot device'
1.37 anton 590: to <a href="https://man.openbsd.org/vm.conf.5#boot_device">vm.conf(5)</a>
1.21 benno 591: grammar, the '-B device' counterpart
592: from <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
593: <li>Emulated kvm pvclock
594: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, compatible
595: with <a href="https://man.openbsd.org/pvclock.4">pvclock(4)</a> in
596: OpenBSD.
597: <li>Enabled reporting of the vm state through use of
598: the <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
599: 'status' command.
600: <li>Synced vm state
601: in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when
602: (un)pausing a vm to ensure
603: both <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
604: and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> processes
605: know the vm is paused.
606: <li>Handled some unhandled instructions for SVM which led
607: to <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> guest
608: termination, as well as RDTSCP and INVLPGA instructions.
609: <li>Modified <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> to
610: flush guest TLB entries if the guest disables paging.
1.1 beck 611: </ul>
612:
613: <li>OpenSMTPD 6.6.0
614: <ul>
1.18 gilles 615: <li>New Features
616: <ul>
617: <li>Introduced support for ECDSA certificates with an ECDSA privsep engine.
1.21 benno 618: <li>Introduced builtin filters to allow basic filtering of incoming sessions
619: in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
620: <li>Introduced option to deliver junk to a Junk folder
621: in <a href="https://man.openbsd.org/mail.maildir.8">mail.maildir(8)</a>.
1.18 gilles 622: </ul>
623: <li>Bug fixes
624: <ul>
1.21 benno 625: <li>Fixed the <a href="https://man.openbsd.org/smtp.1">smtp(1)</a> client
626: so it uses correct default port for SMTPS.
627: <li>Fixed an <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> crash on
628: excessively large input.
1.18 gilles 629: <li>Ensured mail rejected by an LMTP server will stay queued rather than bouncing.
630: </ul>
631: <li>Experimental Features
632: <ul>
1.21 benno 633: <li>Introduced a filters API to allow writing standalone filters
634: for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
1.18 gilles 635: with multiple filters made available in ports.
1.21 benno 636: <li>Introduced support for proxy-v2 protocol
637: allowing <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> to
638: operate behind proxy.
1.18 gilles 639: </ul>
1.1 beck 640: </ul>
641:
1.61 lteo 642: <li>LibreSSL 3.0.2
1.1 beck 643: <ul>
644: <li>API and Documentation Enhancements
645: <ul>
1.11 tb 646: <li>Completed the port of RSA_METHOD accessors from the
1.13 tb 647: OpenSSL 1.1 API.
1.21 benno 648: <li>Documented undescribed options and removed unfunctional
649: options description
650: in <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
651: manual.
1.1 beck 652: </ul>
653:
654: <li>Compatibility Changes
655: <ul>
656: </ul>
657:
658: <li>Testing and Proactive Security
659: <ul>
660: <li>
1.2 tb 661: A plethora of small fixes due to regular oss-fuzz testing.
1.13 tb 662: <li>
1.21 benno 663: Various side channels in DSA and ECDSA were addressed. These
664: are some of the many issues found in an extensive systematic
665: analysis of bignum usage by Samuel Weiser, David Schrammel et
666: al.
1.20 tb 667: <li>
1.21 benno 668: Try to compute the cofactor if a nonsensical value was
669: provided for ECC parameters. Fix from Billy Brumley.
1.1 beck 670: </ul>
671:
672: <li>Internal Improvements
1.21 benno 673: <ul>
674: </ul>
1.1 beck 675:
676: <li>Portable Improvements
677: <ul>
1.21 benno 678: <li>Enabled performance optimizations when building with Visual
679: Studio on Windows.
1.55 fcambus 680: <li>Enabled <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
681: speed subcommand on Windows platform.
1.1 beck 682: </ul>
683:
684: <li>Bug Fixes
685: <ul>
1.21 benno 686: <li>Fixed issue where SRTP extension would not be sent by
687: server.
688: <li>Fixed incorrect carry operation in 512 addition for
689: Streebog.
1.55 fcambus 690: <li>Fixed -modulus option with
691: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
692: dsa subcommand.
693: <li>Fixed PVK format output issue with
694: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
695: dsa and rsa subcommand.
1.46 tb 696: <li>Fixed a padding oracle attack in <code>PKCS7_dataDecode()</code>
697: and <code>CMS_decrypt_set1_pkey()</code> (<code>CMS</code>
698: is currently disabled). From Bernd Edlinger.
1.1 beck 699: </ul>
700: </ul>
701:
1.52 benno 702: <li>OpenSSH 8.1
1.1 beck 703: <ul>
1.21 benno 704: <li>New Features
705: <ul>
1.52 benno 706: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: Allow %n to be
707: expanded in ProxyCommand strings
708: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
709: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: Allow
710: prepending a list of algorithms to the default set by
711: starting the list with the '^' character, E.g.
712: "HostKeyAlgorithms ^ssh-ed25519"
713: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
714: add an experimental lightweight signature and verification
715: ability. Signatures may be made using regular ssh keys held
716: on disk or stored in a ssh-agent and verified against an
717: authorized_keys-like list of allowed keys. Signatures embed
718: a namespace that prevents confusion and attacks between
719: different usage domains (e.g. files vs email).
720: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
721: print key comment when extracting public key from a private
722: key. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3052'>bz#3052</a>
723: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
724: accept the verbose flag when searching for host keys in
725: known hosts (i.e. "ssh-keygen -vF host") to print the
726: matching host's random-art signature
727: too. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3003'>bz#3003</a>
728: <li>All: support PKCS8 as an optional format for storage of
729: private keys to disk. The OpenSSH native key format remains
730: the default, but PKCS8 is a superior format to PEM if
731: interoperability with non-OpenSSH software is required, as
732: it may use a less insecure key derivation function than
733: PEM's.
1.21 benno 734: </ul>
735: <li>Bugfixes
736: <ul>
1.52 benno 737: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: if a
738: PKCS#11 token returns no keys then try to login and
739: refetch them. Based on patch from Jakub
740: Jelen; <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2430'>bz#2430</a>
741: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
742: produce a useful error message if the user's shell is set
743: incorrectly during "match exec"
744: processing. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2791'>bz#2791</a>
745: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
746: allow the maximum uint32 value for the argument passed to
747: -b which allows better error messages from later
748: validation.
749: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3050'>bz#3050</a>
750: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
751: avoid pledge sandbox violations in some combinations of
752: remote forwarding, connection multiplexing and
753: ControlMaster.
754: <li><a href='https://man.openbsd.org/ssh-keyscan.1'>ssh-keyscan(1)</a>:
755: include SHA2-variant RSA key algorithms in KEX proposal;
756: allows ssh-keyscan to harvest keys from servers that
757: disable old SHA1
758: ssh-rsa. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3029'>bz#3029</a>
759: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
760: print explicit "not modified" message if a file was
761: requested for resumed download but was considered already
762: complete.
763: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2978'>bz#2978</a>
764: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
765: fix a typo and make <esc><right> move right to the
766: closest end of a word just like <esc><left> moves
767: left to the closest beginning of a word.
768: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
769: cap the number of permitopen/permitlisten directives
770: allowed to appear on a single authorized_keys line.
771: <li>All: fix a number of memory leaks (one-off or on exit paths).
772: <li>Regression tests: a number of fixes and improvements,
773: including fixes to the interop tests, adding the ability
774: to run most tests on builds that disable OpenSSL support,
775: better support for running tests under Valgrind and a
776: number of bug-fixes.
777: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
778: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
779: check for convtime() refusing to accept times that resolve
780: to LONG_MAX Reported by Kirk Wolf bz2977
781: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>:
782: slightly more instructive error message when the user
783: specifies multiple -J options on the command-line. bz3015
784: <li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>:
785: process agent requests for RSA certificate private keys
786: using correct signature algorithm when requested. bz3016
787: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
788: check for user@host when parsing sftp target. This allows
789: user@[1.2.3.4] to work without a
790: path. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2999'>bz#2999</a>
791: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
792: enlarge format buffer size for certificate serial number
793: so the log message can record any 64-bit integer without
794: truncation. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3012'>bz#3012</a>
795: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
796: for PermitOpen violations add the remote host and port to
797: be able to more easily ascertain the source of the
798: request. Add the same logging for PermitListen violations
799: which where not previously logged at all.
800: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>,
801: <a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>:
802: use the correct POSIX format style for left justification
803: for the transfer progress
804: meter. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3002'>bz#3002</a>
805: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>
806: when examining a configuration using sshd -T, assume any
807: attribute not provided by -C does not match, which allows
808: it to work when sshd_config contains a Match directive
809: with or without -C.
810: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=2858'>bz#2858</a>
811: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
812: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
813: downgrade PKCS#11 "provider returned no slots" warning
814: from log level error to debug. This is common when
815: attempting to enumerate keys on smartcard readers with no
816: cards plugged
817: in. <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3058'>bz#3058</a>
818: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>,
819: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
820: do not unconditionally log in to PKCS#11 tokens. Avoids
821: spurious PIN prompts for keys not selected for
822: authentication
823: in <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> and
824: when listing public keys available in a token
825: using <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>.
826: <a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3006'>bz#3006</a>
1.21 benno 827: </ul>
1.1 beck 828: </ul>
1.57 deraadt 829: <li>Mandoc
1.1 beck 830: <ul>
1.64 schwarze 831: <li>Slowly start implementing tagging support for
832: <a href="https://man.openbsd.org/man.7">man(7)</a> pages:
833: tag alphabetic arguments of <code>.IP</code>, <code>.TP</code>,
834: and <code>.TQ</code> macros.
835: <li>In HTML output, wrap text and phrasing elements in paragraphs
836: unless already contained in flow containers; never put them
837: directly into sections. This helps to format paragraphs with
838: the CSS class selector <code>.Pp</code>.
839: <li>Implement the <a href="https://man.openbsd.org/roff.7">roff(7)</a>
840: <code>.break</code> request to break out of a <code>.while</code>
841: loop.
842: <li>If messages are shown and output is printed without a pager,
843: display a heads-up on standard error output at the end because
844: otherwise, users may easily miss the messages.
845: <li>Let <code>mandoc.css</code> support
846: <code>prefers-color-scheme: dark</code>.
847: <li>For pages lacking a SYNOPSIS, let
848: <a href="https://man.openbsd.org/man.1">man(1)</a>
849: show the NAME section.
1.1 beck 850: </ul>
851:
1.7 bentley 852: <li><p>Ports and packages:
1.1 beck 853: <ul>
854: </ul>
1.7 bentley 855: <p>Many pre-built packages for each architecture:
1.1 beck 856: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1.7 bentley 857: <ul style="column-count: 3">
1.65 naddy 858: <li>aarch64: 10075
1.63 naddy 859: <li>amd64: 10736
1.77 ! sthen 860: <li>armv7: 8943
1.63 naddy 861: <li>i386: 10682
1.69 visa 862: <li>mips64: 7921
1.76 naddy 863: <li>mips64el: 6583
1.75 naddy 864: <li>powerpc: 9700
1.68 naddy 865: <li>sparc64: 9685
1.7 bentley 866: </ul>
1.1 beck 867:
868: <li>As usual, steady improvements in manual pages and other documentation.
869:
870: <li>The system includes the following major components from outside suppliers:
1.21 benno 871: <ul>
1.25 jsg 872: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.5 + patches,
873: freetype 2.10.1, fontconfig 2.12.4, Mesa 19.0.8, xterm 344,
874: xkeyboard-config 2.20 and more)
875: <li>LLVM/Clang 8.0.1 (+ patches)
876: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
877: <li>Perl 5.28.2 (+ patches)
1.59 fcambus 878: <li>NSD 4.2.2
1.48 fcambus 879: <li>Unbound 1.9.4
1.25 jsg 880: <li>Ncurses 5.7
881: <li>Binutils 2.17 (+ patches)
882: <li>Gdb 6.3 (+ patches)
883: <li>Awk Aug 10, 2011 version
884: <li>Expat 2.2.8
1.21 benno 885: </ul>
1.1 beck 886: </ul>
1.7 bentley 887: </section>
1.1 beck 888:
889: <hr>
890:
1.7 bentley 891: <section id=install>
892: <h3>How to install</h3>
893: <p>
1.1 beck 894: Please refer to the following files on the mirror site for
895: extensive details on how to install OpenBSD 6.6 on your machine:
896:
897: <ul>
898: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/alpha/INSTALL.alpha">
899: .../OpenBSD/6.6/alpha/INSTALL.alpha</a>
900: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/amd64/INSTALL.amd64">
901: .../OpenBSD/6.6/amd64/INSTALL.amd64</a>
902: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/arm64/INSTALL.arm64">
903: .../OpenBSD/6.6/arm64/INSTALL.arm64</a>
904: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/armv7/INSTALL.armv7">
905: .../OpenBSD/6.6/armv7/INSTALL.armv7</a>
906: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/hppa/INSTALL.hppa">
907: .../OpenBSD/6.6/hppa/INSTALL.hppa</a>
908: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/i386/INSTALL.i386">
909: .../OpenBSD/6.6/i386/INSTALL.i386</a>
910: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/landisk/INSTALL.landisk">
911: .../OpenBSD/6.6/landisk/INSTALL.landisk</a>
912: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/loongson/INSTALL.loongson">
913: .../OpenBSD/6.6/loongson/INSTALL.loongson</a>
914: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/luna88k/INSTALL.luna88k">
915: .../OpenBSD/6.6/luna88k/INSTALL.luna88k</a>
916: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/macppc/INSTALL.macppc">
917: .../OpenBSD/6.6/macppc/INSTALL.macppc</a>
918: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/octeon/INSTALL.octeon">
919: .../OpenBSD/6.6/octeon/INSTALL.octeon</a>
920: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.6/sparc64/INSTALL.sparc64">
921: .../OpenBSD/6.6/sparc64/INSTALL.sparc64</a>
922: </ul>
1.8 deraadt 923: </section>
1.1 beck 924:
925: <hr>
926:
1.7 bentley 927: <section id=quickinstall>
1.1 beck 928: <p>
929: Quick installer information for people familiar with OpenBSD, and the use of
930: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
931: If you are at all confused when installing OpenBSD, read the relevant
932: INSTALL.* file as listed above!
933:
1.7 bentley 934: <h3>OpenBSD/alpha:</h3>
1.1 beck 935:
1.7 bentley 936: <p>
1.1 beck 937: Write <i>floppy66.fs</i> or <i>floppyB66.fs</i> (depending on your machine)
938: to a diskette and enter <i>boot dva0</i>.
939: Refer to INSTALL.alpha for more details.
1.7 bentley 940:
1.1 beck 941: <p>
942: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
943: will most likely fail.
944:
1.7 bentley 945: <h3>OpenBSD/amd64:</h3>
1.1 beck 946:
1.7 bentley 947: <p>
1.1 beck 948: If your machine can boot from CD, you can write <i>install66.iso</i> or
949: <i>cd66.iso</i> to a CD and boot from it.
950: You may need to adjust your BIOS options first.
1.7 bentley 951:
1.1 beck 952: <p>
953: If your machine can boot from USB, you can write <i>install66.fs</i> or
954: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 955:
1.1 beck 956: <p>
957: If you can't boot from a CD, floppy disk, or USB,
958: you can install across the network using PXE as described in the included
959: INSTALL.amd64 document.
1.7 bentley 960:
1.1 beck 961: <p>
962: If you are planning to dual boot OpenBSD with another OS, you will need to
963: read INSTALL.amd64.
964:
1.7 bentley 965: <h3>OpenBSD/arm64:</h3>
1.1 beck 966:
1.7 bentley 967: <p>
1.1 beck 968: Write <i>miniroot66.fs</i> to a disk and boot from it after connecting
969: to the serial console. Refer to INSTALL.arm64 for more details.
970:
1.7 bentley 971: <h3>OpenBSD/armv7:</h3>
1.1 beck 972:
1.7 bentley 973: <p>
1.1 beck 974: Write a system specific miniroot to an SD card and boot from it after connecting
975: to the serial console. Refer to INSTALL.armv7 for more details.
976:
1.7 bentley 977: <h3>OpenBSD/hppa:</h3>
1.1 beck 978:
1.7 bentley 979: <p>
1.1 beck 980: Boot over the network by following the instructions in INSTALL.hppa or the
981: <a href="hppa.html#install">hppa platform page</a>.
982:
1.7 bentley 983: <h3>OpenBSD/i386:</h3>
1.1 beck 984:
1.7 bentley 985: <p>
1.1 beck 986: If your machine can boot from CD, you can write <i>install66.iso</i> or
987: <i>cd66.iso</i> to a CD and boot from it.
988: You may need to adjust your BIOS options first.
1.7 bentley 989:
1.1 beck 990: <p>
991: If your machine can boot from USB, you can write <i>install66.fs</i> or
992: <i>miniroot66.fs</i> to a USB stick and boot from it.
1.7 bentley 993:
1.1 beck 994: <p>
995: If you can't boot from a CD, floppy disk, or USB,
996: you can install across the network using PXE as described in
997: the included INSTALL.i386 document.
1.7 bentley 998:
1.1 beck 999: <p>
1000: If you are planning on dual booting OpenBSD with another OS, you will need to
1001: read INSTALL.i386.
1002:
1.7 bentley 1003: <h3>OpenBSD/landisk:</h3>
1.1 beck 1004:
1.7 bentley 1005: <p>
1.1 beck 1006: Write <i>miniroot66.fs</i> to the start of the CF
1007: or disk, and boot normally.
1008:
1.7 bentley 1009: <h3>OpenBSD/loongson:</h3>
1.1 beck 1010:
1.7 bentley 1011: <p>
1.1 beck 1012: Write <i>miniroot66.fs</i> to a USB stick and boot bsd.rd from it
1013: or boot bsd.rd via tftp.
1014: Refer to the instructions in INSTALL.loongson for more details.
1015:
1.7 bentley 1016: <h3>OpenBSD/luna88k:</h3>
1.1 beck 1017:
1.7 bentley 1018: <p>
1019: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1.1 beck 1020: from the PROM, and then bsd.rd from the bootloader.
1021: Refer to the instructions in INSTALL.luna88k for more details.
1022:
1.7 bentley 1023: <h3>OpenBSD/macppc:</h3>
1.1 beck 1024:
1.7 bentley 1025: <p>
1.1 beck 1026: Burn the image from a mirror site to a CDROM, and power on your machine
1027: while holding down the <i>C</i> key until the display turns on and
1028: shows <i>OpenBSD/macppc boot</i>.
1.7 bentley 1029:
1.1 beck 1030: <p>
1031: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1032: /6.6/macppc/bsd.rd</i>
1033:
1.7 bentley 1034: <h3>OpenBSD/octeon:</h3>
1.1 beck 1035:
1.7 bentley 1036: <p>
1.1 beck 1037: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1038: Refer to the instructions in INSTALL.octeon for more details.
1039:
1.7 bentley 1040: <h3>OpenBSD/sparc64:</h3>
1.1 beck 1041:
1.7 bentley 1042: <p>
1.1 beck 1043: Burn the image from a mirror site to a CDROM, boot from it, and type
1044: <i>boot cdrom</i>.
1.7 bentley 1045:
1.1 beck 1046: <p>
1047: If this doesn't work, or if you don't have a CDROM drive, you can write
1048: <i>floppy66.fs</i> or <i>floppyB66.fs</i>
1049: (depending on your machine) to a floppy and boot it with <i>boot
1050: floppy</i>. Refer to INSTALL.sparc64 for details.
1.7 bentley 1051:
1.1 beck 1052: <p>
1053: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1054: will most likely fail.
1.7 bentley 1055:
1.1 beck 1056: <p>
1057: You can also write <i>miniroot66.fs</i> to the swap partition on
1058: the disk and boot with <i>boot disk:b</i>.
1.7 bentley 1059:
1.1 beck 1060: <p>
1061: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1.7 bentley 1062: </section>
1.1 beck 1063:
1064: <hr>
1065:
1.7 bentley 1066: <section id=upgrade>
1067: <h3>How to upgrade</h3>
1068: <p>
1.1 beck 1069: If you already have an OpenBSD 6.5 system, and do not want to reinstall,
1070: upgrade instructions and advice can be found in the
1071: <a href="faq/upgrade66.html">Upgrade Guide</a>.
1.7 bentley 1072: </section>
1.1 beck 1073:
1074: <hr>
1075:
1.7 bentley 1076: <section id=sourcecode>
1077: <h3>Notes about the source code</h3>
1078: <p>
1079: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1.1 beck 1080: This file contains everything you need except for the kernel sources,
1081: which are in a separate archive.
1082: To extract:
1083: <blockquote><pre>
1.7 bentley 1084: # <kbd>mkdir -p /usr/src</kbd>
1085: # <kbd>cd /usr/src</kbd>
1086: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1.1 beck 1087: </pre></blockquote>
1.7 bentley 1088: <p>
1089: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1.1 beck 1090: This file contains all the kernel sources you need to rebuild kernels.
1091: To extract:
1092: <blockquote><pre>
1.7 bentley 1093: # <kbd>mkdir -p /usr/src/sys</kbd>
1094: # <kbd>cd /usr/src</kbd>
1095: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1.1 beck 1096: </pre></blockquote>
1.7 bentley 1097: <p>
1.1 beck 1098: Both of these trees are a regular CVS checkout. Using these trees it
1099: is possible to get a head-start on using the anoncvs servers as
1100: described <a href="anoncvs.html">here</a>.
1101: Using these files
1102: results in a much faster initial CVS update than you could expect from
1103: a fresh checkout of the full OpenBSD source tree.
1.7 bentley 1104: </section>
1.1 beck 1105:
1106: <hr>
1107:
1.7 bentley 1108: <section id=ports>
1109: <h3>Ports Tree</h3>
1110: <p>
1.1 beck 1111: A ports tree archive is also provided. To extract:
1112: <blockquote><pre>
1.7 bentley 1113: # <kbd>cd /usr</kbd>
1114: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1.1 beck 1115: </pre></blockquote>
1.7 bentley 1116: <p>
1.1 beck 1117: Go read the <a href="faq/ports/index.html">ports</a> page
1118: if you know nothing about ports
1119: at this point. This text is not a manual of how to use ports.
1120: Rather, it is a set of notes meant to kickstart the user on the
1121: OpenBSD ports system.
1122: <p>
1123: The <i>ports/</i> directory represents a CVS checkout of our ports.
1124: As with our complete source tree, our ports tree is available via
1125: <a href="anoncvs.html">AnonCVS</a>.
1126: So, in order to keep up to date with the -stable branch, you must make
1127: the <i>ports/</i> tree available on a read-write medium and update the tree
1128: with a command like:
1129: <blockquote><pre>
1.7 bentley 1130: # <kbd>cd /usr/ports</kbd>
1.15 jsg 1131: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_6</kbd>
1.1 beck 1132: </pre></blockquote>
1.7 bentley 1133: <p>
1.1 beck 1134: [Of course, you must replace the server name here with a nearby anoncvs
1135: server.]
1136: <p>
1137: Note that most ports are available as packages on our mirrors. Updated
1138: ports for the 6.6 release will be made available if problems arise.
1139: <p>
1140: If you're interested in seeing a port added, would like to help out, or just
1141: would like to know more, the mailing list
1142: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1.7 bentley 1143: </section>