Annotation of www/67.html, Revision 1.75
1.1 benno 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 6.7</title>
6: <meta name="description" content="OpenBSD 6.7">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/67.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 6.7
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
1.73 job 20: <a href="images/CoralFever.gif">
21: <img width="227" height="343" src="images/CoralFever-s.gif" alt="Coral Fever"></a>
1.1 benno 22: <td>
1.73 job 23: Released May 19, 2020<br>
1.1 benno 24: Copyright 1997-2020, Theo de Raadt.<br>
25: <br>
26: <br>
1.11 job 27: Artwork by Jonni Phillips.
1.1 benno 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/6.7/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata67.html">the 6.7 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus67.html">detailed log of changes</a> between the
37: 6.6 and 6.7 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-67-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/openbsd-67-base.pub">
47: RWRmkIA877Io3oCILSZoJGhAswifJbFK4r18ICoia+3c0PfwANueolNj</a>
48: <tr><td>
49: openbsd-67-fw.pub:
50: <td>
51: RWSOSlsdN/fgAY1SvEyFdbTkouV2cIsUBXdJhEIhRscq8TT3bz9iOYRL
52: <tr><td>
53: openbsd-67-pkg.pub:
54: <td>
55: RWTR60UGd2MbnaRg+upZbbBYO00ZhHJehXy7tH2ORHvCjGcDH2pZpsxv
56: <tr><td>
57: openbsd-67-syspatch.pub:
58: <td>
59: RWTLqtfkjXfBADZEVkBDwSU0EAhy45nb5ovn1xHtQmD3DcqUWe+CouTL
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 6.7.
74: For a comprehensive list, see the <a href="plus67.html">changelog</a> leading
75: to 6.7.
76:
77: <ul>
78:
79: <li>General improvements and bugfixes:
80: <ul>
81: <li>Reduced the minimum allowed number of chunks in a CONCAT
82: volume from 2 to 1, increasing the number of volumes which can be
83: created on a single disk with <a
84: href="https://man.openbsd.org/bioctl">bioctl(8)</a> from 7 to 15. This
85: can be used to create more partitions than previously.
86: <li>Rewrote the <a href="https://man.openbsd.org/cron">cron(8)</a>
87: flag-parsing code to be getopt-like, allowing tight formations like
88: -ns and flag repetition. Renamed the "options" field in <a
89: href="https://man.openbsd.org/crontab">crontab(5)</a> to "flags".
90: <li>Added <a
91: href="https://man.openbsd.org/man5/crontab.5">crontab(5)</a> -s flag
92: to the command field, indicating that only a single instance of the
93: job should run concurrently.
94: <li>Added <a href="https://man.openbsd.org/cron">cron(8)</a>
1.64 benno 95: support for random time values using the ~ operator.
1.1 benno 96: <li>Allowed <a href="https://man.openbsd.org/cwm">cwm(1)</a>
97: configuration of window size based on percentage of the master window
98: during horizontal and vertical tiling actions.
99: <li>Allowed use of window-htile and window-vtile with the "empty"
100: group clients in <a href="https://man.openbsd.org/cwm">cwm(1)</a>.
101: <li>Switched powerpc to a machine-independent mplock implementation,
102: allowing use of <a href="https://man.openbsd.org/witness">
103: witness(4)</a>.
104: <li>Added <a href="https://man.openbsd.org/acpi">acpi(4)</a>
105: support for the _CCA method, indicating whether DMA is cache-coherent.
106: <li>Switched the default compiler on powerpc to clang.
107: <li>Bumped <a href="https://man.openbsd.org/nvme">nvme(4)</a> max
108: physio() i/o size to 128K.
1.57 jca 109: <li>Improved <a href="https://man.openbsd.org/apmd">apmd(8)</a>
110: support for automatic suspend/hibernate (-z/-Z). The daemon now
111: reacts to power changes messages sent by the battery driver.
112: Those messages are ignored for 60 seconds after a resume, so
113: that the user can take control before the machine goes back to
114: sleep.
1.1 benno 115: <li>Prevented a kernel hang when no unlocked ffs_softdep worklist
116: items could be processed.
117: <li>Stopped counting pages mapped as PROT_NONE against the
118: RLIMIT_DATA limit, helping code which reserves large chunks of address
119: space but populates it sparsely.
120: <li>Added the $REQUEST_SCHEME variable to <a
121: href="https://man.openbsd.org/httpd.conf">httpd.conf(5)</a>, allowing
122: preservation of the original connection type (http or https) for
123: redirect locations
124: <li>Implemented "strip" option in <a
125: href="https://man.openbsd.org/httpd.conf">httpd.conf(5)</a> for
126: fastcgi to be able to have multiple chroots under /var/www for FastCGI
127: servers.
128: <li>Changed <a href="https://man.openbsd.org/httpd">httpd(8)</a>
129: to send a 408 response when a timeout happens while headers are being
130: received, but close the connection if no request is received.
131: <li>Updated en_US.UTF-8.src to Unicode 12.1.
1.19 deraadt 132: <li>Added a new __tmpfd system call which creates a new, unnamed file in
133: /tmp, intended for shm/fd passing, but in programs that may otherwise
134: lack filesystem access (due to restrictions imposed by
135: <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> or
136: <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>).
1.1 benno 137: <li>Imported <a href="https://man.openbsd.org/dt">dt(4)</a>, a
138: driver and framework for Dynamic Profiling, and an accompanying bug
1.74 sthen 139: tracer that speaks the <a href="https://man.openbsd.org/dt">dt(5)</a>
1.1 benno 140: language.
141: <li>Added a human-readable mode (-h) to <a
142: href="https://man.openbsd.org/systat">systat(1)</a>.
143: <li>Implemented scrolling in <a
144: href="https://man.openbsd.org/top">top(1)</a> using the 9 and 0 keys.
145: <li>Added <a
146: href="https://man.openbsd.org/timeout_set_flags">timeout_set_flags(9)</a>
147: and TIMEOUT_INITIALIZER_FLAGS(9) to the timeout API, allowing the
148: caller to initialize timeouts with arbitrary flags.
149: <li>Introduced TIMEOUT_SCHEDULED flag and tos_scheduled statistic
150: to <a href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
151: <li>Switched to tickless backend in <a
152: href="https://man.openbsd.org/timeout.9">timeout(9)</a>, adding new
153: interface <a
1.75 ! sthen 154: href="https://man.openbsd.org/timeout_add_ts">timeout_add_ts(9)</a> to
1.1 benno 155: avoid backwardly compatible behavior.
156: <li>Added the system clock interface <a
157: href="https://man.openbsd.org/nanoboottime">nanoboottime(9)</a>,
158: returning the UTC time at which the system booted in seconds and
159: nanoseconds.
160: <li>Introduced efficient page freeing in reverse order from uvm,
161: greatly improving cases of massive page freeing.
162: <li>Added uvm_objfree to uvm to efficiently free all pages from a
163: uvm object, used in the buffer cache for considerable speedup when
164: freeing pages.
165: <li>Modified buffer cache to use individual uvm_objs per buffer to
166: speed page lookups.
167: <li>Speed up <a href="https://man.openbsd.org/sort">sort(1)</a> by
168: not performing a top-level sort when -c is used with a -k field.
169: <li>Modified -z mode verification in <a
170: href="https://man.openbsd.org/signify">signify(1)</a> to save the
171: header and output it, so signify -zV >saved.tgz will keep the
172: signature for later checks.
173: <li>Enabled DNSSEC validation in <a
174: href="https://man.openbsd.org/unbound">unbound(8)</a> by default.
175: <li><a href="https://man.openbsd.org/ntpd">ntpd(8)</a> now does
176: constraint validation against 9.9.9.9 and 2620:fe::fe by default.
1.44 krw 177: <li>Fixed <a href="https://man.openbsd.org/arp.4">arp(4)</a>
178: issues created by <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
179: modifying existing routes.
180: <li>Fixed <a href="https://man.openbsd.org/resolv.conf.5">route.conf(5)</a>
181: handling by <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
182: when an interface loses link.
183: <li>Restored previous <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
184: behaviour of rejecting leases that lack a subnet mask.
185: <li>Enabled <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
186: to configure <a href="https://man.openbsd.org/carp.4">carp(4)</a>
187: interfaces.
188: <li>Fixed <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
189: releasing leases without a server identifier.
190: <li>Improved <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
191: NAK handling in various corner cases.
192: <li>Fixed <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
193: endlessly sending REQUEST messages when an ACK is never received.
1.45 krw 194: <li>Prevented
195: <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>
196: from referencing freed memory when releasing a lease with
197: an unusually long uid.
198: <li>Corrected parsing of classless static default route "0/0" in
199: <a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
1.46 krw 200: <li>Increased to 15 the number of
201: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
202: CONCAT volumes that can be created on a single disk.
203: <li>Fixed
204: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
205: CRYPTO volumes on 4K-sector disks.
1.1 benno 206: </ul>
207:
208: <!-- FFS2 -->
1.6 benno 209: <li>The FFS2 filesystem, which uses 64bit timestamps and block numbers
210: is now the default for new installs on nearly all architectures:
1.1 benno 211: <ul>
212: <li>Enabled ffs2 in sgi bootblocks and ramdisks.
213: <li>Made ffs2 the default filesystem type on installs except for landisk, luna88k and sgi.
214: <li>Changed the sparc64 bootblocks to be able to read from ffs1, ffs2 and softraid, and enabled the ffs2 option for both floppies.
215: <li>Enabled FFS2 on the landisk ramdisk.
216: <li>Taught i386 boot(8), cdboot(8) and pxeboot(8) about ffs2.
217: <li>Taught macppc boot(8) about ffs2.
1.54 brynet 218: <li>Taught sparc64 boot(8) about ffs2.
1.1 benno 219: <li>Allowed hppa <a href="https://man.openbsd.org/man8/hppa/boot.8">boot(8)</a> to read from an ffs2 filesystem.
220: <li>Allowed alpha boot(8) to read from an ffs2 filesystem and adapted its custom installboot to deal with ffs2. Also fixed the partition read code to deal with offsets greater than 2G.
221: <li>Adapted <a href="https://man.openbsd.org/biosboot">biosboot(8)</a> so that it can read <a href="https://man.openbsd.org/boot.8">boot(8)</a> from an ffs2 filesystem.
222: <li>Allowed amd64 <a href="https://man.openbsd.org/man8/amd64/boot.8">boot(8)</a> to read from an ffs2 filesystem. Enabled ffs2 for floppy.
223: <li>Allowed loongson boot(8) to read from an ffs2 filesystem.
224: <li>Allowed arm64 and armv7 efiboot(8) to read from an ffs2 filesystem.
225: </ul>
226:
1.36 mpi 227: <li>SMP-Improvements:
1.1 benno 228: <ul>
1.36 mpi 229: <li>
1.37 anton 230: <a href="https://man.openbsd.org/__thrsleep">__thrsleep(2)</a>,
231: <a href="https://man.openbsd.org/__thrwakeup">__thrwakeup(2)</a>,
1.36 mpi 232: <a href="https://man.openbsd.org/close">close(2)</a>,
233: <a href="https://man.openbsd.org/closefrom">closefrom(2)</a>,
234: <a href="https://man.openbsd.org/dup">dup(2)</a>,
235: <a href="https://man.openbsd.org/dup2">dup2(2)</a>,
236: <a href="https://man.openbsd.org/dup3">dup3(2)</a>,
237: <a href="https://man.openbsd.org/flock">flock(2)</a>,
1.37 anton 238: <a href="https://man.openbsd.org/fcntl">fcntl(2)</a>,
1.36 mpi 239: <a href="https://man.openbsd.org/kqueue">kqueue(2)</a>,
1.37 anton 240: <a href="https://man.openbsd.org/pipe">pipe(2)</a>,
241: <a href="https://man.openbsd.org/pipe2">pipe2(2)</a> and
1.36 mpi 242: <a href="https://man.openbsd.org/nanosleep">nanosleep(2)</a>
243: are run without KERNEL_LOCK.
244: <li>The generic part of <a href="https://man.openbsd.org/ioctl">ioctl(2)</a>
245: is run without KERNEL_LOCK.
246: <li>Reworked AMD smt/core/package detection, helping prevent cores being
247: misidentified as threads.
248: <li>Avoided false positives in
249: <a href="https://man.openbsd.org/witness">witness(4)</a> when detecting
250: lock order reversals by using separate rwlock initializations for
251: userland and kernel maps.
1.1 benno 252: <li>Allowed sleeping inside kqueue event filters.
1.36 mpi 253: <li>Made <a href="https://man.openbsd.org/vmx">vmx(4)</a> transmit MP-safe.
1.1 benno 254: </ul>
255:
256: <li>Improved hardware support, including:
257: <ul>
258: <li>Improvements in the <a href="https://man.openbsd.org/em">em(4)</a> driver.
259: <li>Added <a href="https://man.openbsd.org/dsxrtc">dsxrtc(4)</a>,
260: a driver for the Maxim DS3231/DS3232 I2C RTC.
261: <li>Added <a href="https://man.openbsd.org/ure">ure(4)</a> support
262: for Lenovo OneLine Plus Dock Ethernet.
263: <li>Improved <a href="https://man.openbsd.org/ucom">ucom(4)</a> to
264: fix firmware upload on some microcontroller boards using DTR and RTS
265: as signaling lines to reset the device and enter the bootloader.
266: <li>Added a PCI attachment driver for <a
267: href="https://man.openbsd.org/com">com(4)</a> to support memory-mapped
268: PCI devices which are part of a Low Power Subsystem (LPSS).
269: <li>Implemented microsecond resolution using <a
270: href="https://man.openbsd.org/microuptime">microuptime(9)</a> to avoid
271: a hard hang when starting X on Intel Cherry Trail Atom processors.
272: <li>Added support for X553 controllers to <a
273: href="https://man.openbsd.org/ix">ix(4)</a>.
274: <li>Added <a href="https://man.openbsd.org/usb">usb(4)</a> device
275: support for an AMD hub on the APU2 and a Synaptics vendor id and two
276: fingerprint readers.
277: <li>Prevented buffer overflows with <a
278: href="https://man.openbsd.org/uthum">uthum(4)</a> by not assuming the
279: report length given by the hardware is necessarily smaller than the
280: length of the on-stack buffer.
281: <li>Added <a href="https://man.openbsd.org/rge">rge(4)</a>, a driver
282: for the Realtek 8125 PCI Express 2.5Gb Ethernet devices.
283: <li>Fixed cursor issues and suspend/resume on <a
1.51 kettenis 284: href="https://man.openbsd.org/amdgpu">amdgpu(4)</a> and
285: <a href="https://man.openbsd.org/radeondrm">radeondrm(4)</a>.
1.1 benno 286: <li>Fixed support for additional I2C busses in <a
287: href="https://man.openbsd.org/piixpm">piixpm(4)</a> for older SB800
288: SMBus controllers. Prevented sensors from attaching four times on old
289: AMD machines.
290: <li>Invalidated the <a
291: href="https://man.openbsd.org/knote">knote(9)</a> list of <a
292: href="https://man.openbsd.org/uhid">uhid(4)</a> after device detach,
293: preventing a crash that can happen when kqueue still holds references
294: to knotes pointing to the device.
295: <li>Prevented a use-after-free causing crashes with <a
296: href="https://man.openbsd.org/uhidev">uhidev(4)</a> devices.
297:
298: <li>Prevented <a href="https://man.openbsd.org/mcx">mcx(4)</a>
299: interface lockups due to completion queue overflow.
1.51 kettenis 300: <li>Fixed brightness keys on various laptops with AMD graphics.
301: <li>Fixed brightness controls on machines where the
1.1 benno 302: initial brightness values are returned out of range.
303: <li>Set the default brightness level on attachment for <a
304: href="https://man.openbsd.org/pwmbl">pwmbl(4)</a>.
305: <li>Fixed <a
306: href="https://man.openbsd.org/acpivout">acpivout(4)</a> screen
307: brightness adjustment through function keys, better supporting
308: machines using exponential brightness scaling.
309: <li>Changed <a
310: href="https://man.openbsd.org/acpivout">acpivout(4)</a> to increment
311: and decrement screen brightness based only on brightness level changes
312: of 5% or higher.
313: <li>Fixed Etron EJ168 USB 3.0 Host Controllers via USB 2 devices.
314: <li>Added support for the SIERRA MC7700 to <a
315: href="https://man.openbsd.org/umsm">umsm(4)</a> UMTS and LTE modem device.
316: <li>Fixed RAID volume WWIDs for <a
317: href="https://man.openbsd.org/mpii">mpii(4)</a> LSI controllers on
318: sparc64, allowing <a
319: href="https://man.openbsd.org/autoconf">autoconf(9)</a> to identify
320: the volume as the root device and boot off hardware RAID.
321: <li>Populated logical disk port WWNs with their RAID volume's WWID
322: in <a href="https://man.openbsd.org/mpii">mpii(4)</a>.
323: <li>Added <a href="https://man.openbsd.org/fido">fido(4)</a>, an
324: HID driver for FIDO/U2F security keys.
325: <li>Added parsing of DDR4 and LPDDDR3/4 SPD memories to <a
326: href="https://man.openbsd.org/spdmem">spdmem(4)</a>.
327: <li>Added support to <a
328: href="https://man.openbsd.org/lm">lm(4)</a> for NCT6775F, NCT5104D,
329: NCT6779D and NCT679[1235]D sensors.
330: <li>Updated <a href="https://man.openbsd.org/piixpm">piixpm(4)</a>
331: to support newer AMD chips like Hudson-2 and KERNCZ and implemented
332: multi-bus support for SB800, Hudson-2 and KERNCZ.
333: <li>Extended the expected SPD types to include DDR4 and low-power DDR3/DDR4.
334: <li>Enabled full use of jumbo frames on <a
335: href="https://man.openbsd.org/bnx">bnx(4)</a> devices.
336: <li>Fixed <a href="https://man.openbsd.org/scsi">scsi(8)</a>
337: softraid crypto volumes on 4K-sector disks.
338: <li>Faked disk info to match expected boot disk when EFI
339: bootloader has been received via TFTP, fixing a hang during HP
340: Elitebook UEFI boot.
1.40 schwarze 341: <li>Implemented a hexdump command in the bootloader, helping to
342: inspect the memory layout created by the firmware and useful for UEFI
343: debugging.
1.1 benno 344: <li>Improved <a href="https://man.openbsd.org/ksmn">ksmn(4)</a>
345: temperature conversion precision.
346: <li>Added a quirk to handle Apollo Lake, Gemini Lake and 100
347: Series Intel SD/MMC <a href="https://man.openbsd.org/sdhc">sdhc(4)</a>
348: controllers which should not have voltages set to 0V.
349: <li>Prevented a local user from causing the system to hang by
350: reading specific registers when Intel Gen8/Gen9 graphics hardware is
351: in a low power state.
352: <li>Prevented writes to memory allowed by the Intel Gen9 graphics hardware.
353: <li>Added support for buttons 2 and 3 to <a
354: href="https://man.openbsd.org/imt">imt(4)</a>.
355: <li>Added <a href="https://man.openbsd.org/ogx">ogx(4)</a>, a
356: driver for the OCTEON III network processor.
357: <li>Fixed endian swapping in <a
358: href="https://man.openbsd.org/xhci">xhci(4)</a>, allowing it to work
359: again on octeon and other big endian architectures.
360: <li>Implemented the "parallel boot" feature on compatible sparc64 firmware.
1.7 stsp 361: <li>Introduced <a href="https://man.openbsd.org/iwx">iwx(4)</a>, a
362: driver for Intel AX200 WiFi devices.
363: <li>Added <a href="https://man.openbsd.org/iwm">iwm(4)</a> support
364: for Intel 9260 and 9560 wifi devices.
1.8 stsp 365: <li>Updated firmware for all devices supported by the
366: <a href="https://man.openbsd.org/iwm">iwm(4)</a> driver.
1.7 stsp 367: <li>Fixed <a href="https://man.openbsd.org/iwm">iwm(4)</a> support
1.8 stsp 368: for Intel 3168 wifi devices.
1.7 stsp 369: <li>Added support for the tp-link tl-wn823n to the <a
370: href="https://man.openbsd.org/urtwn">urtwn(4)</a> driver.
1.24 stsp 371: <li>The <a href="https://man.openbsd.org/athn">athn(4)</a> driver
372: now offloads CCMP (WPA2) encryption and decryption to hardware.
1.40 schwarze 373: <li>Prevented an overflow due to <a
374: href="https://man.openbsd.org/xen">xen(4)</a> failing to release the
375: interrupt source when unmasking the interrupt.
1.47 krw 376: <li>Fixed <a href="https://man.openbsd.org/usb.4">usb(4)</a>
377: handling USB 2.0 devices on various USB 3.0 controllers.
378: <li>Fixed <a href="https://man.openbsd.org/usb.4">usb(4)</a>
379: handling of controllers that STALL to indicate a short read.
380: <li>Fixed <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>
381: handling of i/o's that are exact multiples of the max packet size.
1.49 krw 382: <li>Bumped <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>
383: maximum physio i/o size to 128K.
384: <li>Fixed probing of modern <a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
385: devices to ignore the SYNC and WIDE flags used by parallel SCSI.
1.1 benno 386: </ul>
387:
388: <li>Removed hardware support
389: <ul>
1.13 benno 390: <li>Removed the rtfps(4) driver, a multiplexing serial communications interface for IBM RT PC boards
1.1 benno 391: <li>Removed the dpt(4) driver for DPT EATA SCSI RAID.
1.13 benno 392: <li>Removed gpr(4), a driver for GemPlus GPR400 PCMCIA smartcard readers.
1.49 krw 393: <li>Removed mesh(4), a driver for old world Apple Power Macintosh SCSI cards.
1.1 benno 394: </ul>
395:
396: <li>Improvements in audio drivers and the
397: <a href="https://man.openbsd.org/sndio">sndio(7)</a> framework:
398: <ul>
399: <li>Introduced the <a
1.48 ratchov 400: href="https://man.openbsd.org/sioctl_open">sioctl_open(3)</a>
401: API to manipulate audio controls exposed by <a
402: href="https://man.openbsd.org/sndiod">sndiod(8)</a>.
403: <li>Modified <a
404: href="https://man.openbsd.org/sndiod">sndiod(8)</a> to
405: use and expose hardware volume controls if available.
406: <li>Modified all ports manipulating audio controls to use <a
407: href="https://man.openbsd.org/sndio">sndio(7)</a> instead of the
408: kernel <a href="https://man.openbsd.org/mixer">mixer(4)</a> interface.
409: <li>Introduced the <a
1.1 benno 410: href="https://man.openbsd.org/sndioctl">sndioctl(1)</a> utility to
1.48 ratchov 411: manipulate audio controls exposed by <a
1.1 benno 412: href="https://man.openbsd.org/sndiod">sndiod(8)</a>.
1.48 ratchov 413: <li>Exposed the first 4 <a
414: href="https://man.openbsd.org/audio">audio(4)</a> devices
415: and the first 8 <a
416: href="https://man.openbsd.org/midi">midi(4)</a> devices through <a
417: href="https://man.openbsd.org/sndiod">sndiod(8)</a> by default.
1.1 benno 418: <li>Disabled access for regular users to /dev/audio* and
1.48 ratchov 419: /dev/rmidi*, for improved security.
1.1 benno 420: <li>Modified <a
421: href="https://man.openbsd.org/mixerctl">mixerctl(1)</a> to use
1.48 ratchov 422: /dev/audioctl* instead of /dev/mixer*.
423: <li>Removed /dev/mixer*
1.50 ratchov 424: <li>Fixed support for <a
425: href="https://man.openbsd.org/uaudio">uaudio(4)</a>
426: devices with different recording and playback rate sets.
1.48 ratchov 427: <li>Fixed volume control of many <a
428: href="https://man.openbsd.org/uaudio">uaudio(4)</a>
429: devices.
1.1 benno 430: <li>Fixed channel duplication (-j option) in <a
431: href="https://man.openbsd.org/sndiod">sndiod(8)</a>.
432: <li>Allowed <a href="https://man.openbsd.org/rc.d">rc.d(8)</a>
433: script to reload <a
434: href="https://man.openbsd.org/sndiod">sndiod(8)</a>.
435: <li>Added an <a
436: href="https://man.openbsd.org/azalia">azalia(4)</a> quirk for the
437: ALC285 on the X1C7 to avoid a clicking noise on the headphone output.
438: <li>Disabled MSI for the AMD Hudson2 <a
439: href="https://man.openbsd.org/azalia">azalia(4)</a> HDA to fix random lock ups.
440: </ul>
441:
1.12 benno 442: <li>A large number of drivers were written to improve <a href="https://www.openbsd.org/arm64.html">arm64</a>
443: and <a href="https://www.openbsd.org/armv7.html">armv7</a> hardware support, including:
1.1 benno 444: <ul>
445: <li>Better hardware support for the i.MX8MM platform.
1.51 kettenis 446: <li>Support for the Raspberry Pi 4 on arm64.
1.55 fcambus 447: <li>Better support for the Raspberry Pi 3 on arm64.
1.51 kettenis 448: <li>Proper support for the Raspberry Pi 2 and 3 on armv7.
1.20 benno 449: <li>Better support for Rockchip based systems, especially the Pinebook Pro.
450: <li>Switched USB to use non-coherent buffers for data transfers, dramatically improving performance on some ARM SoCs where the USB controller is not coherent with the caches.
1.51 kettenis 451: <li>Allowed switching to framebuffer "glass" console on armv7 in the bootloader, mirroring previous changes to arm64.
1.20 benno 452: <li>Corrected cache flush operations on arm64 which were being incorrectly treated as write operations. This fixes a bug where cache flushing caused Firefox to abort.
453: <li>Added the capability for armv7 boot from another block device than the one from which efiboot was loaded.
454: <br><br>
455: Specifically the following device drivers were added or fixed:
1.1 benno 456: <li>Added <a href="https://man.openbsd.org/bcmbsc">bcmbsc(4)</a>, a driver for the Broadcom Serial Control (BSC) controller.
457: <li>Added <a href="https://man.openbsd.org/bcmgpio">bcmgpio(4)</a>, a driver for the Broadcom BCM283x GPIO controller.
458: <li>Added <a href="https://man.openbsd.org/bcmsdhost">bcmsdhost(4)</a>, a driver for the Broadcom "sdhost" SD controller found on the Raspberry Pi.
459: <li>Added <a href="https://man.openbsd.org/bcmdmac">bcmdmac(4)</a>, a driver for the DMA controller found on BCM283x SoCs.
460: <li>Added support for the additional <a href="https://man.openbsd.org/sdhc">sdhc(4)</a> controller found on the Raspberry Pi.
461: <li>Added quirks for the <a href="https://man.openbsd.org/sdhc">sdhc(4)</a> controller on the Raspberry Pi, providing microSD card or WiFi support depending on the firmware configuration.
462: <li>Added support for hardware with <a href="https://man.openbsd.org/sdhc">sdhc(4)</a> controllers on busses only supporting 32-bit access.
463: <li>Added <a href="https://man.openbsd.org/bcmirng">bcmirng(4)</a>, a driver for the RNG200 random number generator found on the Raspberry Pi 4.
464: <li>Added <a href="https://man.openbsd.org/bcmclock">bcmclock(4)</a>, a driver for the BCM283X CPRMAN clock controller.
465: <li>Added <a href="https://man.openbsd.org/bcmmbox">bcmmbox(4)</a>, a driver for the VideoCore messagebox interface on BCM283X.
466: <li>Added <a href="https://man.openbsd.org/bcmpcie">bcmpcie(4)</a>, a driver for the PCIe controller found on the Raspberry Pi 4.
467: <li>Added <a href="https://man.openbsd.org/bse">bse(4)</a>, a driver for the Broadcom GENET v5 network interface found on the Raspberry Pi 4.
468: <li>Added <a href="https://man.openbsd.org/brgphy">brgphy(4)</a> support for the Broadcom BCM54210E.
1.20 benno 469: <li>Added support for the Armada 3720 CPU clock to <a href="https://man.openbsd.org/mvclock">mvclock(4)</a>.
1.51 kettenis 470: <li>Fixed address filter in <a href="https://man.openbsd.org/mvneta">mvneta(4)</a>.
1.1 benno 471: <li>Added <a href="https://man.openbsd.org/omcm">omcm(4)</a>, <a href="https://man.openbsd.org/omclock">omclock(4)</a> and <a href="https://man.openbsd.org/omsysc">omsysc(4)</a> drivers that support the new bus structure used in current mainline Linux device trees.
1.20 benno 472: <li>Added <a href="https://man.openbsd.org/omrng">omrng(4)</a>, a driver for the random number generator found on TI OMAP SoCs.
1.1 benno 473: <li>Fixed the MAC address on Pandaboard-ES by increasing <a href="https://man.openbsd.org/smsc">smsc(4)</a> buffer size used to fetch device tree properties.
474: <li>Added support for additional Allwinner A80 clocks and resets in <a href="https://man.openbsd.org/sxiccmu">sxiccmu(4)</a>.
475: <li>Fixed <a href="https://man.openbsd.org/amlpciephy">amlpciephy(4)</a> USB3 support when USB has not been initialized by U-Boot.
476: <li>Added clock support for i.MX8MM.
1.20 benno 477: <li>Fixed CPU frequency scaling support on the Librem5 Devkit.
478: <li>Added <a href="https://man.openbsd.org/imxpwm">imxpwm(4)</a>, a driver for the PWM controller found on various NXP i.MX SoCs.
479: <li>Added support for reading the i.MX8MM temperature sensors to <a href="https://man.openbsd.org/imxtmu">imxtmu(4)</a>.
1.1 benno 480: <li>Added <a href="https://man.openbsd.org/bdpmic">bdpmic(4)</a>, a driver for the ROHM BD71837 and BD71847 Power Management IC.
481: <li>Allowed <a href="https://man.openbsd.org/ipmi">ipmi(4)</a> to attach using mmio.
1.20 benno 482: <li>Added <a href="https://man.openbsd.org/rkrng">rkrng(4)</a>, a driver for the random number generator found on various Rockchip SoCs.
1.51 kettenis 483: <li>Added glass console support to <a href="https://man.openbsd.org/rkdrm">rkdrm(4)</a> in Rockchip SoCs, including kernel modesetting support.
1.20 benno 484: <li>Added <a href="https://man.openbsd.org/rkdrm">rkdrm(4)</a>, a driver providing kernel mode setting (KMS) functionality for the graphics hardware integrated on Rockchip SoCs.
1.1 benno 485: <li>Added <a href="https://man.openbsd.org/rkdwhdmi">rkdwhdmi(4)</a>, a driver for the HDMI transmitter found on the Rockchip RK3399 SoC.
1.51 kettenis 486: <li>Added <a href="https://man.openbsd.org/rkanxdp">rkanxdp(4)</a>, a driver for the Analogix Display Port controller on the RK3399.
1.20 benno 487: <li>Added <a href="https://man.openbsd.org/rkvop">rkvop(4)</a>, a driver for the RK3399's Video Output Processors.
488: <li>Added <a href="https://man.openbsd.org/rkpwm">rkpwm(4)</a>, a driver for the RK3399's PWM controller.
489: <li>Added <a href="https://man.openbsd.org/rkemmcphy">rkemmcphy(4)</a>, a driver for the RK3399's eMMC PHY.
490: <li>Added support for gen2 negotiation to <a href="https://man.openbsd.org/rkpcie">rkpcie(4)</a> and enabled gen2 link state training when the dtb is configured with max-link-speed = 2.
491: <li>Enabled backlight control use on the Pinebook Pro via <a href="https://man.openbsd.org/wsconsctl">wsconsctl(8)</a>.
1.1 benno 492: <li>Fixed the Pinebook Pro's trackpad by ensuring only hid_input items are accepted when walking the HID descriptor.
493: <li>Fixed <a href="https://man.openbsd.org/pwmbl">pwmbl(4)</a> attachment on the Pinebook Pro.
1.51 kettenis 494: <li>Added <a href="https://man.openbsd.org/simplepanel">simplepanel(4)</a>, a driver for simple display panels such as the one found on the Pinebook Pro.
1.1 benno 495: <li>Recognized BCM4345 rev 9 as shipped with the Pinebook Pro as an AMPAK AP6256 module in <a href="https://man.openbsd.org/bwfm">bwfm(4)</a>.
496: <li>Improved <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> on the Pinebook Pro by acking SDIO interrupts earlier on <a href="https://man.openbsd.org/dwmmc">dwmmc(4)</a>.
497: <li>Added <a href="https://man.openbsd.org/amltemp">amltemp(4)</a>, a driver for the temperature sensors on various Amlogic SoCs.
498: <li>Added <a href="https://man.openbsd.org/pwmfan">pwmfan(4)</a>, a driver for PWM-regulated fans.
1.60 benno 499: <li>Enabled <a href="https://man.openbsd.org/umt">umt(4)</a> (USB HID multitouch touchpad devices) on arm64.
1.1 benno 500: </ul>
501:
502: <li>IEEE 802.11 wireless stack improvements and bugfixes:
503: <ul>
1.17 stsp 504: <li>Stop connecting to any available unencrypted wifi networks when an
505: interface is marked up. This behavior must now be explicitly enabled
506: with <code><a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> join
507: ""</code>.
508: <li>A background scan is now triggered when root runs the <a
509: href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> scan command.
510: This updates the list of cached APs displayed by the scan command and
511: forces a search for a better AP to roam to.
1.23 stsp 512: <li>Add <code>nwflag nomimo</code> which can be set with <a
513: href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> to work
514: around packet loss in 11n mode if the wireless network device has
515: unused antenna connectors.
1.17 stsp 516: <li>Increased the net80211 node cache size to allow more APs to be viewed during scans.
517: <li>Fixed the <a
518: href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> "media:" line
519: displayed during and after a background scan in 11n mode.
520: <li>Made background scans less frequent if they keep choosing the same AP.
1.67 stsp 521: <li>Fix kernel crashes in net80211 hostap mode due to mbuf corruption
1.17 stsp 522: which occurred if a relatively long SSID was configured.
1.14 stsp 523: <li>Added support for active scanning to <a
1.1 benno 524: href="https://man.openbsd.org/bwfm">bwfm(4)</a>.
1.14 stsp 525: <li>Fix <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> behavior which
526: could trigger the ifq pressure drop mechanism under moderate load.
1.1 benno 527: <li>Improved error handling for <a
528: href="https://man.openbsd.org/bwfm">bwfm(4)</a> connection attempts.
1.14 stsp 529: <li>Improved automatic switching between wifi networks by lowering the priority
530: of networks in the <a
531: href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> join list which
532: fail to connect.
1.27 stsp 533: <li>Avoid repeated switching between APs in areas where APs
1.17 stsp 534: are tuned for low transmit range.
1.1 benno 535: <li>Raised net80211's "beacon miss" threshold to avoid frequent
1.14 stsp 536: reconnects under conditions which cause loss of beacons.
1.17 stsp 537: <li>Reduced stalls on packet loss in 11n mode by improving net80211 handling
538: of the Rx block ack sequence number window and queue.
539: <li>Fixed a bug where outstanding frames on the <a
540: href="https://man.openbsd.org/iwn">iwn(4)</a> aggregation queue
541: interfered with roaming to another AP.
542: <li>Fixed a race condition in <a
543: href="https://man.openbsd.org/iwm">iwm(4)</a> Rx interrupt handling.
544: <li>Implemented a workaround for missing Tx completion interrupts
545: in <a href="https://man.openbsd.org/iwm">iwm(4)</a> which could lead
546: to failures when roaming to another AP.
547: <li>Re-enabled firmware-based Tx retries at lower rates for <a
548: href="https://man.openbsd.org/iwm">iwm(4)</a>, reducing packet loss.
549: <li>Fixed automatic Tx rate control issues in <a
550: href="https://man.openbsd.org/iwm">iwn(4)</a>, and <a
551: href="https://man.openbsd.org/iwm">iwm(4)</a>.
1.25 stsp 552: <li>Fixed a use-after-free that caused a kernel crash during <a
553: href="https://man.openbsd.org/zyd">zyd(4)</a> device detach.
1.1 benno 554: </ul>
555:
556: <li>Generic network stack improvements and bugfixes:
557: <ul>
558:
559: <li>Fixed a panic when using <a href="https://man.openbsd.org/pppac">
560: pppac(4)</a> without <a href="https://man.openbsd.org/pipex">pipex(4)</a>.
561: <li>Fixed a "route contains no arp information" bug where a kernel routing
562: table entry was incorrectly deleted upon insertion of a new entry.
563: <li>Stopped processing packets under non-exclusive netlock, preventing
564: concurrency in the socket layer.
565: <li>Prevented data corruption on UDP receive socket buffers by grabbing the
566: exclusive NET_LOCK() in the softnet thread.
567: <li>Fixed a kernel crash due to unlimited recursion caused by
568: local outbound UDP broadcast/multicast packets sent by a spliced
569: socket.
570: <li>Added IPv6 support to <a href="https://man.openbsd.org/umb">umb(4)</a>.
571: <li>Added support for very old firmware umsm devices with <a
572: href="https://man.openbsd.org/umsm">umsm(4)</a> rather than <a
573: href="https://man.openbsd.org/umb">umb(4)</a>.
574: <li>Added <a href="https://man.openbsd.org/pppac">pppac(4)</a>
575: code for a dedicated PPP Access Concentrator interface and switched <a
576: href="https://man.openbsd.org/npppd.conf">npppd.conf(5)</a> to use <a
577: href="https://man.openbsd.org/pppac">pppac(4)</a> instead of <a
578: href="https://man.openbsd.org/tun">tun(4)</a>.
579: <li>Added a check when IP forwarding is disabled to ensure packet
580: destination address matches interface address.
581: <li>Fixed kernel crash in pf_ioctl with WITH_PF_LOCK and NET_TASKQ > 1.
582: <li>Ensured proper kernel stack alignment on mips64, fixing a
583: panic on octeon related to <a
584: href="https://man.openbsd.org/pppoe">pppoe(4)</a>.
585: <li>Added <a href="https://man.openbsd.org/rge">rge(4)</a>, a new
586: driver for Realtek 8125 PCI Express 2.5Gb ethernet devices.
587: <li>Repaired the "set delay" option for <a
588: href="https://man.openbsd.org/pf">pf(4)</a> to function as specified
589: in <a href="https://man.openbsd.org/pf.conf">pf.conf(5)</a>.
590: <li>Prevented non-root users from using <a
591: href="https://man.openbsd.org/ioctl">ioctl(2)</a> to alter the address
592: of a network interface.
593: <li>Prevented non-root users from setting the parameters of <a
594: href="https://man.openbsd.org/pppoe">pppoe(4)</a> interfaces.
595: <li>Removed mobileip(4).
596: <li>Stopped checking whether the IPv6 source address of a neighbor
597: advertisement is from a neighbor's address, not required in accordance
598: with RFC 4861.
599:
600: </ul>
601:
602: <li>Installer improvements:
603: <ul>
604: <li>Simplified <a
605: href="https://man.openbsd.org/sysupgrade">sysupgrade(8)</a> directory
606: check and creation (/home/_syspatch). It can now be a symlink.
607: <li>Printed the URL when <a
608: href="https://man.openbsd.org/sysupgrade">sysupgrade(8)</a> fetches
609: new sets.
610: <li>Added an opportunistic run of <a
611: href="https://man.openbsd.org/fw_update">fw_update(1)</a> to <a
612: href="https://man.openbsd.org/sysupgrade">sysupgrade(8)</a> before
613: rebooting to run the upgrade.
614: </ul>
615:
616: <li>Security improvements:
617: <ul>
618: <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
1.6 benno 619: now used in 82 userland programs to redact filesystem access.
1.1 benno 620: <li>Used <a href="https://man.openbsd.org/unveil">unveil(2)</a> to
621: reduce filesystem access in <a
622: href="https://man.openbsd.org/vmstat">vmstat(8)</a>, <a
623: href="https://man.openbsd.org/iostat">iostat(8)</a> and <a
624: href="https://man.openbsd.org/systat">systat(1)</a>.
625:
626: <!-- dig -->
1.59 benno 627:
1.1 benno 628: <li>Extracted <a href="https://man.openbsd.org/dig">dig(1)</a>, <a
629: href="https://man.openbsd.org/host">host(1)</a> and <a
630: href="https://man.openbsd.org/nslookup">nslookup(1)</a> from the
1.59 benno 631: bind(8) source code and cleaned up the source code by removing not
632: needed features and auditing it. The kernel API accessible to these
1.1 benno 633: programs is now restricted through <a
634: href="https://man.openbsd.org/pledge">pledge(2)</a>.
1.2 deraadt 635: <li>System calls may now only be performed from selected code regions:
636: the main program, <a href="https://man.openbsd.org/ld.so">ld.so(1)</a>,
637: libc.so and the signal trampoline. A new system call
638: <a href="https://man.openbsd.org/msyscall">msyscall(2)</a> indicates
1.5 deraadt 639: the libc range, and activates the locking. This change hardens
1.2 deraadt 640: against some attack methods.
1.1 benno 641: <li>Prevented stack trace saving from inspecting untrusted data on
642: amd64, arm64 and i386.
643: <li>Used lfence in place of stac/clac on pre-SMAP CPUs to protect
644: against Load-Value-Injection attacks against the kernel.
645: <li>Prevented a panic due to missing <a
646: href="https://man.openbsd.org/sysctl">sysctl(2)</a> input validation.
647: <li>Injected failure to fetch entropy with an rdrand() timeout as
648: an entropic event, along with an additional rdtsc measuring the vmexit
649: latency.
650: <li>Enforced that <a href="https://man.openbsd.org/ksh">ksh(1)</a>
651: TMOUT is an integer literal to prevent command execution from the
652: environment at shell initialization time.
653: <li>Ensured the first 2MB page of the amd64 kernel is correctly
654: mapped read-only in the direct map.
1.51 kettenis 655: <li>Addressed an armv7/arm64 speculative execution issue by changing the
656: system call ABI to skip two instructions and inserting a barrier
1.1 benno 657: after each system call.
658: <li>Fixed arm64 speculative execution of instructions after ERET,
659: which had led to spectre-like effects on some processors.
660: <li>Tightened permissions for USB device nodes.
661: <li>Ensured that <a
662: href="https://man.openbsd.org/ld.so">ld.so(1)</a> removed the
663: LD_LIBRARY_PATH environment variable for set-user-ID and set-group-ID
664: executables in low memory conditions.
665: <li>Added support for RSA-PSS to <a
666: href="https://man.openbsd.org/crypto">crypto(3)</a>.
667: <li>Added retguard for octeon/mips64.
668:
669: <li>The following security bugs were addressed:
670: <ul>
671: <li>Reset the login class each time through the loop when using -L
672: (loop) mode with <a href="https://man.openbsd.org/su">su(1)</a>. Fixes
673: CVE-2019-19519.
674: <li>Fixed insufficient username validation performed by libc's
675: authentication privilege separation layer and added additional
676: validation points, further validating in <a
677: href="https://man.openbsd.org/login">login(1)</a> and <a
678: href="https://man.openbsd.org/su">su(1)</a>.
679: <li>Prevented escalation to the auth group in <a
680: href="https://man.openbsd.org/xlock">xlock(1)</a> through path-related
681: environment variables and disabled mesa and opengl functionality.
682: </ul>
683: </ul>
684:
685: <li>Routing daemons and other userland network improvements:
686: <ul>
687: <!-- bgpd -->
1.70 claudio 688: <li>Add initial support for JSON output in
689: <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a>.
690: <li>Allow setting both IPv4 and IPv6 local-addresses at the same time in
691: <a href="https://man.openbsd.org/bgpd.conf">bgpd.conf(5)</a> group
692: blocks. Introduced <code>no local-address</code> to reset a previously
693: set local address.
694: <li>Properly aggregate duplicate <a href="https://man.openbsd.org/bgpd">
695: bgpd(8)</a> roa table prefix/source-as combinations into a single entry
696: with the longest maxlen length.
1.1 benno 697: <li>Implemented <a
698: href="https://man.openbsd.org/bgpd.conf">bgpd.conf(5)</a>
699: <code>max-prefix NUM out</code> to limit the number of announced
700: prefixes, avoiding leaks of full tables to upstreams and peers.
1.70 claudio 701: <li>Extended <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a>
702: <code>show neighbor</code> to include the received and set prefix
703: count, as well as the max-prefix out limit if set.
704: <li>Improved reporting of notifications to include the suberror cause.
705: <li>Also report the last received error cause in
706: <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a> <code>show
707: neighbor</code> output.
708: <li>Fix softreconfig out handling to also work for neighbors using
709: <code>export default-route</code>.
710: <li>Mark stale prefixes in the Adj-RIB-Out so that graceful reload
711: operates properly.
1.1 benno 712: <!-- OSPF -->
713: <li>Allowed configuration of the <a
714: href="https://man.openbsd.org/ospfd">ospfd(8)</a> interface setting
715: "type p2p" to be configured globally or per area.
716: <li>Added point-to-point <a
717: href="https://man.openbsd.org/ospf6d">ospf6d(8)</a> support for
718: broadcast interfaces.
1.39 tobhe 719: <!-- other daemons -->
1.1 benno 720: <li>Validated authentication lengths in <a
721: href="https://man.openbsd.org/ripd">ripd(8)</a> before use to prevent
722: crashes.
723: <li>Fixed empty response packages sent out by <a
724: href="https://man.openbsd.org/ripd">ripd(8)</a> when entries are
725: skipped due to split-horizon simple.
1.61 benno 726: <li>Reduced temporary address valid lifetime to 2 days in <a
727: href="https://man.openbsd.org/slaacd">slaacd(8)</a>.
1.1 benno 728: <li>Made <a href="https://man.openbsd.org/slaacd">slaacd(8)</a>
729: honor the rdomain in which it runs when configuring the default route.
730: <li>Withdrew all proposals on <a
731: href="https://man.openbsd.org/slaacd">slaacd(8)</a> startup to prevent
732: indefinite retention of nameservers on interfaces no longer flagged
733: for autoconf.
734: <li>Modified <a href="https://man.openbsd.org/ldpd">ldpd(8)</a> to
735: lookup the adjacency by LSR id as well as source IP address, as the
736: remote peer may change its LSR id.
737:
738: <!-- other programs -->
739: <li>Added support for printing RFC 2332 NBMA Next Hop Resolution Protocol
740: (NHRP) to <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>.
741: <li>Added <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>
742: support for printing RFC 8300 Network Service Header (NSH).
743: <li>Added <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>
744: support for VXLAN-GPE.
745: <li>Fixed a <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a>
746: crash when printing the contents of a malformed packet where the
747: packet length was smaller than the size of the usbpcap header.
748:
749: <li>Rewrote dhcpv6 parsing in <a
750: href="https://man.openbsd.org/tcpdump">tcpdump(8)</a> to match the
751: RFC, correctly handling dhcpv6 messages.
752: <li>Accept netmask for IPv6 in <a
753: href="https://man.openbsd.org/ifconfig">ifconfig(8)</a> instead of
754: ignoring it and using only the prefixlen argument.
755:
756: <li>Fixed <a href="https://man.openbsd.org/snmp">snmp(1)</a> agent
757: address parsing to allow IPv6 addresses to be used based on format,
758: allow those without brackets to skip the port if it results in a
759: nonsensical address (allowing use of ::1), and try to connect to the
760: address immediately.
761: <li>Implemented a df subcommand for <a
762: href="https://man.openbsd.org/snmp">snmp(1)</a> which outputs disk and
763: memory information in a <a href="https://man.openbsd.org/df">df(1)</a>
764: format.
765: <li>Implemented a -Cs option in <a
766: href="https://man.openbsd.org/snmp">snmp(1)</a> for snmp walk and
767: bulkwalk, allowing subsections of a tree to be skipped.
1.10 benno 768: <li>Introduced option filter-pf-addresses to <a
769: href="https://man.openbsd.org/snmpd.conf">snmpd.conf(5)</a>, allowing
770: the OPENBSD-PF-MIB::pfTblAddrTable tree to be filtered out when many
771: prefixes are stored in pf tables, reducing CPU usage during bulk
772: walks.
1.1 benno 773:
774: <li>Added retries and timeouts for test packets to <a
775: href="https://man.openbsd.org/radiusctl">radiusctl(8)</a>.
776:
777:
778: <li>Corrected http auth combined with proxy auth in <a
779: href="https://man.openbsd.org/ftp">ftp(1)</a>.
780: <li>Corrected <a href="https://man.openbsd.org/ftp">ftp(1)</a>
781: access to an https server with user/password through the "http_proxy"
782: environment variable.
783: <li>Prevented <a href="https://man.openbsd.org/ftp">ftp(1)</a>
784: from following remote redirects to local files.
785: <li>Implemented HTTP/1.1 in <a href="https://man.openbsd.org/ftp">ftp(1)</a>.
786: <li>Added new -N name option to <a
787: href="https://man.openbsd.org/ftp">ftp(1)</a>, allowing calling
788: scripts to change the progname and produce better error messages.
789:
790: <li>Allowed <a href="https://man.openbsd.org/pfctl">pfctl(8)</a>
791: to recursively flush rules and tables.
1.62 benno 792: <li>In <a href="https://man.openbsd.org/pf">pf(4)</a>, ensured
793: rdr-to with loopback destination will work even when IP forwarding is
794: disabled.
1.1 benno 795:
796: <!-- rpki-client -->
797:
798: <li>Enabled <a
799: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a>, a free,
800: easy-to-use implementation of the Resource Public Key Infrastructure
801: (RPKI) for Relying Parties (RP) to facilitate validation of the Route
802: Origin of a BGP announcement. The program queries the RPKI repository
803: system and outputs Validated ROA Payloads in the configuration format
804: of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by
805: other routing stacks.
806: <li>Modified root's <a
807: href="https://man.openbsd.org/crontab">crontab(1)</a> to run <a
808: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> and
809: reload <a href="https://man.openbsd.org/bgpd">bgpd(8)</a>
810: configuration, enabling RPKI ROA filtering.
1.63 benno 811: <li>Stopped hardcoding the cache directory in <a
1.1 benno 812: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a>. Cache
813: and output directory will use defaults for root users and must be
814: specified by non-root users.
815: <li>Made <a
816: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> use
1.63 benno 817: the existing cache and not exit if rsync(1) exits non-zero.
1.1 benno 818: <li>Fixed <a
819: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> -j
820: option, which had not been producing any output.
821: <li>Rewrote the time validity check for mtfs in <a
822: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> to
823: correctly account for the timezone.
824: <li>Added <a
825: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> output
1.63 benno 826: formats for the BIRD routing daemon and CSV.
827: <li>For BIRD <a
828: href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> can
829: generate three different output formats with the option
830: <code>-B</code>: v1 with IPv4 and IPv6 routes, and v2.
1.41 florian 831: </ul>
1.1 benno 832:
1.41 florian 833: <li><a href="https://man.openbsd.org/unwind">unwind(8)</a> improvements:
834: <ul>
1.1 benno 835: <li>Implemented <a
836: href="https://man.openbsd.org/unwindctl">unwindctl(8)</a> status
837: memory to show cache memory usage.
838: <li>Allowed forcing specific domains to be resolved by specific
839: resolvers in <a
840: href="https://man.openbsd.org/unwind.conf">unwind.conf(5)</a>,
841: handling typical split-horizon setups.
842: <li>Measured performance of resolving strategies in <a
843: href="https://man.openbsd.org/unwind">unwind(8)</a>, sorting them and
1.41 florian 844: choosing the next best strategy when one fails.
845: Performance data decays over time.
846: <li>Switched captive portal detection from HTTP probing to DNS probing in <a
1.1 benno 847: href="https://man.openbsd.org/unwind">unwind(8)</a>.
848: <li>Implemented DNS proposals in <a
849: href="https://man.openbsd.org/unwind">unwind(8)</a> to learn
850: nameservers from network autoconfiguration daemons.
851: <li>Added opportunistic DoT support to <a
852: href="https://man.openbsd.org/unwind">unwind(8)</a>.
853: <li>Added an ASR resolver type to <a
854: href="https://man.openbsd.org/unwind">unwind(8)</a>, using the libc
1.41 florian 855: asynchronous resolver directly with DHCP-provided nameservers to work
856: around broken middle boxes.
1.39 tobhe 857: </ul>
858:
859: <li><a href="https://man.openbsd.org/ipsec">ipsec(4)</a> improvements and
860: bugfixes:
861: <ul>
862: <li>Added support for automatically moving traffic between
863: rdomains on <a href="https://man.openbsd.org/ipsec">ipsec(4)</a>
864: encryption or decryption, reducing the attack surface for network
865: sidechannel attacks.
866: <li>Added <a href="https://man.openbsd.org/iked">iked(8)</a>
867: support for switching rdomain on <a
868: href="https://man.openbsd.org/ipsec">ipsec(4)</a>
869: encryption/decryption, configurable per policy with the new
870: 'rdomain' option in <a
871: href="https://man.openbsd.org/iked.conf">iked.conf(5)</a>.
872: <li>Changed the default ipsec level set by <a
873: href="https://man.openbsd.org/iked">iked(8)</a> and <a
874: href="https://man.openbsd.org/isakmpd">isakmpd(8)</a> to
875: IPSEC_LEVEL_REQUIRE. Unencrypted packets matching incoming
876: ipsec flows are no longer accepted by default.
877: <li>Added curve25519, ecp256, ecp384, ecp521, modp3072 and modp4096 to
878: the default Diffie-Hellman group configuration for IKE SAs in
879: <a href="https://man.openbsd.org/iked">iked(8)</a>.
880: <li>Removed support for the insecure EC2N Diffie-Hellman groups in <a
881: href="https://man.openbsd.org/iked">iked(8)</a>.
882: <li>Changed the default authentication method in <a
883: href="https://man.openbsd.org/iked">iked(8)</a> to
884: generic signature authentication (RFC 7427).
885: <li>Added ESN configuration options for ikesa in <a
886: href="https://man.openbsd.org/iked.conf">iked.conf(5)</a>.
887: <li>Added transport mode for child SAs to <a
888: href="https://man.openbsd.org/iked">iked(8)</a>.
889: <li>Added active probing for lost connection in <a
890: href="https://man.openbsd.org/iked">iked(8)</a> resulting in a
891: faster connection reset.
892: <li>Added a -p command line option to <a
893: href="https://man.openbsd.org/iked">iked(8)</a> allow configuration
894: of a non-standard UDP encapsulation port.
895: <li>Added support for multiple x509 extensions and multiple
896: subjectAltName fields in certificates used with <a
897: href="https://man.openbsd.org/iked">iked(8)</a>.
898: <li>Added support for certificates with uppercase subjectAltNames
899: in <a href="https://man.openbsd.org/iked">iked(8)</a>.
900: <li>Removed automatically installed <a
901: href="https://man.openbsd.org/ipsec">ipsec(4)</a> flow blocking
902: unencrypted IPv6 traffic in <a
903: href="https://man.openbsd.org/iked">iked(8)</a>.
904: <li>Reduced size of IKE_AUTH message by eliminating duplicate traffic
905: selectors in <a href="https://man.openbsd.org/iked">iked(8)</a>.
906: <li>Added an <a
907: href="https://man.openbsd.org/ikectl">ikectl(8)</a> "show sa"
908: command to print information about the state of negotiated IKE SAs,
909: their child SAs and the resulting IPsec flows.
910: <li>Added an <a
911: href="https://man.openbsd.org/ikectl">ikectl(8)</a> "reset id"
912: command to reset all SAs from policies with matching destination IDs.
913: <li>Added support for UDP encapsulation in manual SAs set up with <a
914: href="https://man.openbsd.org/ipsec.conf">ipsec.conf(5)</a>.
915: <li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a>
916: bug that lead to connection loss after simultaneous rekeying.
917: <li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a>
918: public key leak in the CA process for ASN-DN IDs.
919: <li>Fixed a bug that lead to a lost EAP ID after rekeying in <a
920: href="https://man.openbsd.org/iked">iked(8)</a>.
921: <li>Fixed EAP user database corruption resulting from use of the <a
922: href="https://man.openbsd.org/ikectl">ikectl(8)</a> reload command.
923: <li>Corrected <a href="https://man.openbsd.org/iked">iked(8)</a>
924: calculation of IPv6 address leases from small address pools.
925: <li>Fixed several bugs that could lead to <a
926: href="https://man.openbsd.org/iked">iked(8)</a> selecting a false policy
927: for incoming requests, resulting in a failed handshake.
928: <li>Fixed a bug that broke PSK authentication against Strongswan.
929: <li>Enabled UDP-encapsulation in Child SAs if <a
930: href="https://man.openbsd.org/iked">iked(8)</a> was started with -t.
931: <li>Fixed <a href="https://man.openbsd.org/isakmpd">isakmpd(8)</a>
932: IKE pcap file creation.
1.1 benno 933: </ul>
934:
1.35 nicm 935: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
1.1 benno 936: <ul>
937: <li>Indicated the marked pane in <a
938: href="https://man.openbsd.org/tmux">tmux(1)</a> choose mode in
939: reverse, and added keys to set (m) and clear it (M), and to jump to
940: the starting pane (H).
941: <li>Allowed <a href="https://man.openbsd.org/tmux">tmux(1)</a>
942: main-pane-width and height to be specified as percentages.
943: <li>Added a -f filter argument to the <a
944: href="https://man.openbsd.org/tmux">tmux(1)</a> list commands like
945: choose-tree.
946: <li>Added an -s flag to <a
947: href="https://man.openbsd.org/tmux">tmux(1)</a> copy-mode to specify a
948: different pane for the source content.
949: <li>Added a -T flag to <a
950: href="https://man.openbsd.org/tmux">tmux(1)</a> resize-pane to trim
951: lines below the cursor.
952: <li>Added support for <a
953: href="https://man.openbsd.org/tmux">tmux(1)</a> overlay popup boxes,
954: created with the display-popup command.
955: <li>Added a <a href="https://man.openbsd.org/tmux">tmux(1)</a> -d
956: flag to run-shell to wait for delay before running the command (or
957: delay with no command).
958: <li>Added a <a href="https://man.openbsd.org/tmux">tmux(1)</a>
959: copy-mode -H flag to hide the position marker in the top right.
960: <li>Added <a href="https://man.openbsd.org/tmux">tmux(1)</a> C-g
961: to cancel command prompt with <a
962: href="https://man.openbsd.org/vi">vi(1)</a> keys as well as emacs, and
963: q in command mode.
964: <li>Modified <a href="https://man.openbsd.org/tmux">tmux(1)</a> -S
965: server socket to be created with umask 177 rather than 117.
966: <li>Introduced a <a
967: href="https://man.openbsd.org/tmux">tmux(1)</a> selection_active
968: format for when the selection is present but not moving with the
969: cursor.
970: <li>Added -a to the list-keys command in <a
971: href="https://man.openbsd.org/tmux">tmux(1)</a> to also list keys
972: without notes with -N.
973: <li>Added <a href="https://man.openbsd.org/tmux">tmux(1)</a> support
974: for adding a note to a key binding with bind-key -N and using this to
975: add descriptions to the default key binding. Using list-keys -N shows
976: key bindings with notes. Changed the default ? binding to show a
977: readable summary of keys.
978: <li>Added -Z to the default <a
979: href="https://man.openbsd.org/tmux">tmux(1)</a> switch-client command
980: in tree mode.
981: <li>Prevented read-only <a
982: href="https://man.openbsd.org/tmux">tmux(1)</a> clients from limiting
1.35 nicm 983: the size of other clients.
1.1 benno 984: <li>Added support for regex searches in <a
985: href="https://man.openbsd.org/tmux">tmux(1)</a> copy mode.
986: <li>Modified <a href="https://man.openbsd.org/tmux">tmux(1)</a>
987: source-file to allow reading from stdin.
988: <li>Added a <a href="https://man.openbsd.org/tmux">tmux(1)</a> p
989: format modifier for padding to width.
990: <li>Added -f for full size to join-pane in <a
991: href="https://man.openbsd.org/tmux">tmux(1)</a>.
992: <li>Changed <a href="https://man.openbsd.org/tmux">tmux(1)</a>
993: new-session -A to attach to the best existing session when a session
994: name is not specified, rather than creating a new session.
995: <li>Added an option to <a
996: href="https://man.openbsd.org/tmux">tmux(1)</a> to set the key sent by
997: backspace for systems using ^H.
998: <li>Added -F flag to <a
999: href="https://man.openbsd.org/tmux">tmux(1)</a> send-keys to expand
1000: formats in search-backward and forward copy mode commands.
1001: <li>Added support for percentage sizes to <a
1002: href="https://man.openbsd.org/tmux">tmux(1)</a> resize-pane ("-x 10%")
1003: and changed split-window and join-pane -l to accept similar
1004: percentages, deprecating the -p option.
1005: </ul>
1006:
1007: <li>VMM/VMD improvements
1008: <ul>
1009: <li>Added <a href="https://man.openbsd.org/vmm">vmm(4)</a> IOCTL
1010: handler to set the access protections of the ept.
1011: <li>Added a check in <a
1012: href="https://man.openbsd.org/vmm">vmm(4)</a> for <a
1013: href="https://man.openbsd.org/pvclock">pvclock(4)</a> struct crossing
1014: of page boundaries, which could potentially corrupt host memory.
1015: <li>Tightened rdmsr on svm in <a href="https://man.openbsd.org/vmm">vmm(4)</a>.
1016: <li>Fixed an issue where a <a
1017: href="https://man.openbsd.org/vmm">vmm(4)</a> guest could write to
1018: host memory by passing bogus addresses in <a
1019: href="https://man.openbsd.org/pvclock">pvclock(4)</a>.
1020: <li>Run <a href="https://man.openbsd.org/cu">cu(1)</a> in
1021: restricted mode using -r in <a
1022: href="https://man.openbsd.org/vmctl">vmctl(8)</a> and <a
1023: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a>.
1024: <li>Started virtual machines defined in <a
1025: href="https://man.openbsd.org/vm.conf">vm.conf(5)</a> in a staggered
1026: fashion, helping prevent overload of the host and improper tsc
1027: calibration in guests.
1028: <li>Provided proper concurrency control when pausing a vm in <a
1029: href="https://man.openbsd.org/vmd">vmd(8)</a>.
1030: <li>Fixed a panic when tearing down vms with <a
1031: href="https://man.openbsd.org/vmm">vmm(4)</a>.
1032: </ul>
1033:
1034:
1035: <li>ldom/sparc64 virtualization improvements
1036: <ul>
1037: <li>Added support for devaliases for vnet in <a
1038: href="https://man.openbsd.org/ldom.conf">ldom.conf(5)</a>.
1039: <li>Implemented <a
1040: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> "panic -c" to
1041: panic a guest domain (and enter <a
1042: href="https://man.openbsd.org/ddb">ddb(4)</a>).
1043: <li>Implemented "start -c" in <a
1044: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> to automatically
1045: connect to the console.
1046: <li>Introduced a -n option to <a
1047: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> to validate the
1048: configuration file and exit.
1049: <li>Added a create-vdisk command to <a
1050: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> analogous to
1051: amd64's <a href="https://man.openbsd.org/vmctl">vmctl(8)</a> create.
1052: <li>Added the "console" command to <a
1053: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> which executes
1054: <a href="https://man.openbsd.org/cu">cu(1)</a> on the domain's
1055: console.
1056: <li>Printed guest domain <a
1057: href="https://man.openbsd.org/vcctty">vcctty(4)</a> devices in status
1058: output in <a href="https://man.openbsd.org/ldomctl">ldomctl(8)</a>.
1059: <li>Added list-io command to <a
1060: href="https://man.openbsd.org/ldomctl">ldomctl(8)</a>, listing the
1061: available PCIe devices to be used with the iodevice parameter in <a
1062: href="https://man.openbsd.org/ldom.conf">ldom.conf(5)</a>.
1063: </ul>
1064:
1065: <li>OpenSMTPD 6.7.0
1066: <ul>
1067: <li>New Features
1068: <ul>
1069: <li>Allowed use of the <a
1070: href="https://man.openbsd.org/smtpd">smtpd(8)</a> session username in
1071: built-in filters when available.
1072: <li>Introduced a bypass keyword to <a
1073: href="https://man.openbsd.org/smtpd">smtpd(8)</a> so that built-in
1074: filters can bypass processing when a condition is met.
1075: <li>Allowed use of 'auth' as an origin in <a
1076: href="https://man.openbsd.org/smtpd.conf">smtpd.conf(5)</a>.
1077: <li>Allowed use of mail-from and rctp-to as for and from parameters
1078: in <a href="https://man.openbsd.org/smtpd.conf">smtpd.conf(5)</a>.
1.66 eric 1079: </ul>
1.1 benno 1080:
1081: <li>Bug fixes
1082: <ul>
1083: <li>Ensured legacy <a href="https://man.openbsd.org/ssl">ssl(8)</a>
1084: session ID is persistent during a client TLS session, fixing an issue
1085: using TLSv1.3 with smtp.mail.yahoo.com.
1086: <li>Fixed security vulnerabilities in <a
1087: href="https://man.openbsd.org/smtpd">smtpd(8)</a>. Corrected an
1088: out-of-bounds read in smtpd allowing an attacker to inject arbitrary
1089: commands into the envelope file to be executed as root, and ensured
1090: privilege revocation in <a
1091: href="https://man.openbsd.org/smtpctl">smtpctl(8)</a> to prevent
1092: arbitrary commands from being run with the _smtpq group.
1093: <li>Allowed <a
1094: href="https://man.openbsd.org/mail.local">mail.local(8)</a> to be run
1095: as non-root, opening a pipe to <a
1096: href="https://man.openbsd.org/lockspool">lockspool(1)</a> for file
1097: locking.
1098: <li>Fixed a security vulnerability in <a
1099: href="https://man.openbsd.org/smtpd">smtpd(8)</a> which could lead to
1100: a privilege escalation on mbox deliveries and unprivileged code
1101: execution on lmtp deliveries.
1102: <li>Added support for CIDR in a: spf atoms in <a
1103: href="https://man.openbsd.org/smtpd">smtpd(8)</a>.
1104: <li>Fixed a possible crash in <a
1105: href="https://man.openbsd.org/smtpd">smtpd(8)</a> when combining "from
1106: rdns" with nested virtual aliases under a particular configuration.
1.66 eric 1107: </ul>
1.1 benno 1108:
1109: <li>Experimental Features
1110: <ul>
1.66 eric 1111: <li>Introduced smtp-out event reporting.
1112: <li>Improved filtering protocol.
1.1 benno 1113: </ul>
1114: </ul>
1115:
1.28 beck 1116: <li>LibreSSL 3.1.1
1.34 inoguchi 1117: <ul>
1.43 jsing 1118: <li>New Features
1.29 beck 1119: <ul>
1.34 inoguchi 1120: <li>Completed initial TLS 1.3 implementation with a completely new state
1.29 beck 1121: machine and record layer. TLS 1.3 is now enabled by default for the
1122: client side, with the server side to be enabled in a future release.
1123: Note that the OpenSSL TLS 1.3 API is not yet visible/available.
1.43 jsing 1124: <li>Improved cipher suite handling to automatically include TLSv1.3
1125: cipher suites when they are not explicitly referred to in the
1126: cipher string.
1.34 inoguchi 1127: <li>Provided TLSv1.3 cipher suite aliases to match the names used
1128: in RFC 8446.
1.43 jsing 1129: <li>Added cms subcommand to openssl(1).
1130: <li>Added -addext option to openssl(1) req subcommand.
1131: <li>Added -groups option to openssl(1) s_server subcommand.
1132: <li>Added TLSv1.3 extension types to openssl(1) -tlsextdebug.
1133: </ul>
1134:
1135: <li>API and Documentation Enhancements
1136: <ul>
1.34 inoguchi 1137: <li>Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
1138: <li>Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.29 beck 1139: 1.1.1 and enabled by default.
1.1 benno 1140: </ul>
1141:
1142: <li>Compatibility Changes
1143: <ul>
1.34 inoguchi 1144: <li>Improved compatibility by backporting functionality and documentation
1145: from OpenSSL 1.1.1.
1146: <li>Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics.
1.1 benno 1147: </ul>
1148:
1149: <li>Testing and Proactive Security
1150: <ul>
1.34 inoguchi 1151: <li>Added many new additional crypto test vectors.
1.43 jsing 1152: <li>Fix to disallow setting the AES-GCM IV length to zero.
1.1 benno 1153: </ul>
1154:
1155: <li>Internal Improvements
1156: <ul>
1.34 inoguchi 1157: <li>Many more code cleanups, fixes, and improvements to memory handling
1158: and protocol parsing.
1.1 benno 1159: </ul>
1160:
1161: <li>Portable Improvements
1162: <ul>
1.34 inoguchi 1163: <li>Default CA bundle location is now configurable in portable builds.
1164: <li>Improved portable builds to support for use of static MSVC runtimes.
1165: <li>Fixed portable builds to avoid exporting a sleep() symbol.
1.1 benno 1166: </ul>
1167:
1168: <li>Bug Fixes
1169: <ul>
1.34 inoguchi 1170: <li>Fixed printing the serialNumber with X509_print_ex() fall back to
1171: the colon separated hex bytes in case greater than int value.
1.1 benno 1172: </ul>
1173: </ul>
1174:
1.68 dtucker 1175: <li>OpenSSH 8.3
1.1 benno 1176: <ul>
1.68 dtucker 1177: <li>Potentially incompatible changes.
1178: <ul>
1179: <li><a href="https://man.openbsd.org/sftp">sftp(1)</a>:
1180: reject an argument of "-1" in the same way as ssh(1) and
1181: scp(1) do instead of accepting and silently ignoring it.
1.69 dtucker 1182: <li>Removed ssh-rsa (SHA1) from the list of allowed CA signature algorithms.
1183: <li>Removed diffie-hellman-group14-sha1 from the default <a
1184: href="https://man.openbsd.org/ssh">ssh(1)</a> key exchange.
1185: <li><a href="https://man.openbsd.org/ssh-keygen.a">ssh-keygen(1)</a>:
1186: the command-line options related to the generation
1187: and screening of safe prime numbers used by the
1188: diffie-hellman-group-exchange-* key exchange algorithms have
1189: changed. Most options have been folded under the -O flag.
1190: <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1191: the sshd listener process title visible to ps(1) has
1192: changed to include information about the number of connections that
1193: are currently attempting authentication and the limits configured
1194: by MaxStartups.
1195: <li><a href="https://man.openbsd.org/ssh-sk-helper.8">ssh-sk-helper(8)</a>:
1196: this is a new binary. It is used by the FIDO/U2F
1197: support to provide address-space isolation for token middleware
1198: libraries (including the internal one). It needs to be installed
1199: in the expected path under /usr/libexec.
1.68 dtucker 1200: </ul>
1.1 benno 1201: <li>New Features
1202: <ul>
1203: <li>Allowed use of the IgnoreRhosts directive anywhere in an <a
1204: href="https://man.openbsd.org/sshd_config">sshd_config(5)</a> file,
1205: not just before Match blocks, and made it a tri-state option.
1206: <li>Added TOKEN percent expansion (i.e. userid, hostnames etc.) to <a
1207: href="https://man.openbsd.org/ssh">ssh(1)</a> LocalForward and
1208: RemoteForward when used for Unix domain socket forwarding.
1.68 dtucker 1209: <li>all: allow loading public keys from the unencrypted envelope of a
1210: private key file if no corresponding public key file is present.
1.1 benno 1211: <li>Gave <a
1212: href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> the
1213: ability to dump the contents of a binary key revocation list with
1214: <code>ssh-keygen -lQf /path</code>.
1215: <li>Added <a href="https://man.openbsd.org/ssh">ssh(1)</a> -Q key-sig
1216: option for all key and signature types, teaching ssh -Q to accept <a
1217: href="https://man.openbsd.org/ssh_config">ssh_config(5)</a> and <a
1218: href="https://man.openbsd.org/sshd_config">sshd_config(5)</a>
1219: algorithm keywords as an alias for the corresponding query.
1220: <li>Updated to libfido2 780ad3c25.
1221: <li>Added an <a
1222: href="https://man.openbsd.org/sshd_config">sshd_config(5)</a>
1223: "Include" directive to allow inclusion of files.
1224: <li>Renamed <a href="https://man.openbsd.org/ssh-add">ssh-add(1)</a>
1225: -O to -K to load resident keys from a FIDO authenticator.
1226: <li>Added the ability to download FIDO2 resident keys from a token
1227: via the <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>
1228: -K option and save public/private keys into the current directory.
1229: <li>Implemented support for generating FIDO2 resident keys. "ssh-add
1230: -O" will load resident keys from a FIDO2 token and add them to an
1231: ssh-agent. Removed the -x option currently used for the
1232: FIDO/U2F-specific key flags, now under -O.
1233: <li>Removed single letter flags for moduli generation in <a
1234: href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> and moved
1235: all moduli generation options to under the -O flag. Breaks existing
1236: ssh-keygen commandline syntax for moduli-related operations.
1237: <li>Allowed forwarding of a different agent socket to a specified
1238: path in <a href="https://man.openbsd.org/ssh">ssh(1)</a>.
1239: <li>Allowed <a href="https://man.openbsd.org/ssh">ssh(1)</a> security
1240: keys to act as host keys as well as user keys.
1241: <li>Used ssh-sk-helper for all security key signing operations and
1242: security key enrollment. Most <a
1243: href="https://man.openbsd.org/ssh">ssh(1)</a> tools no longer need to
1244: link against libfido2 or interact with /dev/uhid* directly.
1245: <li>Added "no-touch-required" options to <a
1246: href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> and <a
1247: href="https://man.openbsd.org/sshd">sshd(8)</a> to disable touch
1248: requirement for authorized_keys and certificates.
1249: <li>Added an <a
1250: href="https://man.openbsd.org/sshd_config">sshd_config(5)</a>
1251: PubkeyAuthOptions directive allowing specification of whether <a
1252: href="https://man.openbsd.org/sshd">sshd(8)</a> should check whether
1253: user presence was tested before a security key was made.
1254: <li>Added direct support for U2F/FIDO2 security keys in <a
1255: href="https://man.openbsd.org/ssh">ssh(1)</a>.
1256: <li>Added initial infrastructure for U2F/FIDO support in <a
1257: href="https://man.openbsd.org/ssh">ssh(1)</a>.
1258: <li>Notified the user via TTY or $SSH_ASKPASS when <a
1259: href="https://man.openbsd.org/ssh">ssh(1)</a> security keys must be
1260: tapped/touched in order to perform a signature operation.
1261: <li>Enabled ed25519 support in <a
1262: href="https://man.openbsd.org/ssh">ssh(1)</a>.
1263: </ul>
1264: <li>Bugfixes
1265: <ul>
1266: <li>Detected and prevented simple <a
1.68 dtucker 1267: href="https://man.openbsd.org/ssh">ssh(1)</a> configuration loops when
1268: using ProxyJump.
1269: <li>Fixed PIN entry bugs on FIDO in <a
1270: href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>.
1.1 benno 1271: <li>Fixed <a
1.68 dtucker 1272: href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> not
1273: displaying the authenticator touch prompt.
1.1 benno 1274: <li>Prevented a timeout in <a
1.68 dtucker 1275: href="https://man.openbsd.org/ssh">ssh(1)</a> when the server doesn't
1276: immediately send a banner, such as with multiplexers like sslh.
1.1 benno 1277: <li>Adjusted on-wire signature encoding for ecdsh-sk <a
1.68 dtucker 1278: href="https://man.openbsd.org/ssh">ssh(1)</a> keys to better match
1279: ec25519-sk keys.
1.1 benno 1280: <li>Fixed a potential NULL dereference for revoked hostkeys in <a
1.68 dtucker 1281: href="https://man.openbsd.org/ssh">ssh(1)</a>.
1282: <li>ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
1283: a PKCS11Provider
1284: <li>ssh-keygen(1): avoid NULL dereference when trying to convert an
1285: invalid RFC4716 private key.
1286: <li>scp(2): when performing remote-to-remote copies using "scp -3",
1287: start the second ssh(1) channel with BatchMode=yes enabled to
1288: avoid confusing and non-deterministic ordering of prompts.
1289: <li>ssh(1): fix incorrect error message for "too many known hosts
1290: files."
1291: <li>ssh(1): make failures when establishing "Tunnel" forwarding
1292: terminate the connection when ExitOnForwardFailure is enabled
1293: <li>ssh-keygen(1): fix printing of fingerprints on private keys and add
1294: a regression test for same.
1295: <li>sshd(8): document order of checking AuthorizedKeysFile (first) and
1296: AuthorizedKeysCommand (subsequently, if the file doesn't match)
1297: <li>sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
1298: not considered for HostbasedAuthentication when the target user is
1299: root
1300: <li>ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
1301: key parsing (oss-fuzz #20074).
1302: <li>ssh(1), sshd(8): more consistency between sets of %TOKENS are
1303: accepted in various configuration options.
1304: <li>ssh(1), ssh-keygen(1): improve error messages for some common
1305: PKCS#11 C_Login failure cases
1306: <li>ssh(1), sshd(8): make error messages for problems during SSH banner
1307: exchange consistent with other SSH transport-layer error messages
1308: and ensure they include the relevant IP addresses
1309: <li>various: fix a number of spelling errors in comments and debug/error
1310: messages
1311: <li>ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
1312: from a token, don't prompt for a PIN until the token has told us
1313: that it needs one. Avoids double-prompting on devices that
1314: implement on-device authentication.
1315: <li>sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
1316: should be an extension, not a critical option.
1317: <li>ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
1318: when trying to use a FIDO key function and SecurityKeyProvider is
1319: empty.
1320: <li>ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
1321: the values allowed by the wire format (u32). Prevents integer
1322: wraparound of the timeout values
1.1 benno 1323: </ul>
1324: </ul>
1325:
1.38 schwarze 1326: <li>Mandoc 1.14.6
1.1 benno 1327: <ul>
1328: <li>Introduced a new <a
1329: href="https://man.openbsd.org/mdoc">mdoc(7)</a> macro .Tg ("tag") to
1.38 schwarze 1330: explicitly mark a place as defining a term, and improved automatic
1331: tagging in various ways.
1332: <li>Print the manpath when the <a
1333: href="https://man.openbsd.org/man.1#w">man(1) -w</a> option
1334: is given without an argument, for compatibility with the man-1.6
1335: and man-db implementations.
1336: <li>Deleted support for the <a
1337: href="https://man.openbsd.org/OpenBSD-6.6/man.conf.5#_whatdb"
1338: >_whatdb</a> configuration directive from
1339: <a href="https://man.openbsd.org/man.conf.5">man.conf(5)</a>
1340: five years after it was declared obsolete; use <a
1341: href="https://man.openbsd.org/man.conf.5#manpath">manpath</a> instead.
1.1 benno 1342: <li>Added a Content-Security-Policy HTTP header to <a
1.38 schwarze 1343: href="https://man.openbsd.org/man.cgi.8">man.cgi(8)</a>
1344: that allows only CSS.
1345: <li>Provide a STYLE message when <a
1346: href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> knows the
1347: filename and the extension disagrees with the section number
1348: given in the .Dt or .TH macro.
1349: <li>When the <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> .Dd
1350: macro lacks an argument, use the empty string, and always
1351: concatenate all arguments, no matter their number.
1352: The same change was applied to groff.
1.1 benno 1353: </ul>
1354:
1.31 benno 1355: <li>Ports and packages:
1356: <p>The package system provides an easy way to install 3rd party software. New features include:
1.1 benno 1357: <ul>
1.18 benno 1358: <li>Provide debug package information that can be installed
1359: alongside packages and used to provide better bug reports.
1360: <li>Added DEBUG_PKG_CACHE functionality to <a
1361: href="https://man.openbsd.org/pkg_add">pkg_add(1)</a>, fetching debug
1362: patches when packages are installed.
1363: <li>Added a -d option to <a
1364: href="https://man.openbsd.org/pkg_add">pkg_add(1)</a> to add debug
1365: packages if present alongside intended updates or additions.
1.1 benno 1366: <li>Added support for "alpha" suffixes in <a
1367: href="https://man.openbsd.org/packages-specs">packages-specs(7)</a>,
1368: removing the need for workarounds in certain ports distfiles.
1.31 benno 1369: </ul>
1.1 benno 1370:
1371: <p>Many pre-built packages for each architecture:
1372: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1373: <ul style="column-count: 3">
1.65 naddy 1374: <li>aarch64: 10848
1375: <li>amd64: 11268
1.1 benno 1376: <li>arm: XXXX
1.65 naddy 1377: <li>i386: 10715
1.71 visa 1378: <li>mips64: 9281
1.1 benno 1379: <li>mips64el: XXXX
1380: <li>powerpc: XXXX
1.65 naddy 1381: <li>sparc64: 9850
1.1 benno 1382: </ul>
1383:
1384: <li>As usual, steady improvements in manual pages and other documentation.
1385:
1386: <li>The system includes the following major components from outside suppliers:
1387: <ul>
1388: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches,
1.30 matthieu 1389: freetype 2.10.1, fontconfig 2.12.4, Mesa 19.2.8, xterm 351,
1390: xkeyboard-config 2.20 and more)
1.1 benno 1391: <li>LLVM/Clang 8.0.1 (+ patches)
1392: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1393: <li>Perl 5.30.2 (+ patches)
1394: <li>NSD 4.2.4
1395: <li>Unbound 1.10.0
1396: <li>Ncurses 5.7
1397: <li>Binutils 2.17 (+ patches)
1398: <li>Gdb 6.3 (+ patches)
1399: <li>Awk Dec 20, 2012 version
1400: <li>Expat 2.2.8
1401: </ul>
1402: </ul>
1403: </section>
1404:
1405: <hr>
1406:
1407: <section id=install>
1408: <h3>How to install</h3>
1409: <p>
1410: Please refer to the following files on the mirror site for
1411: extensive details on how to install OpenBSD 6.7 on your machine:
1412:
1413: <ul>
1414: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/alpha/INSTALL.alpha">
1415: .../OpenBSD/6.7/alpha/INSTALL.alpha</a>
1416: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/amd64/INSTALL.amd64">
1417: .../OpenBSD/6.7/amd64/INSTALL.amd64</a>
1418: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/arm64/INSTALL.arm64">
1419: .../OpenBSD/6.7/arm64/INSTALL.arm64</a>
1420: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/armv7/INSTALL.armv7">
1421: .../OpenBSD/6.7/armv7/INSTALL.armv7</a>
1422: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/hppa/INSTALL.hppa">
1423: .../OpenBSD/6.7/hppa/INSTALL.hppa</a>
1424: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/i386/INSTALL.i386">
1425: .../OpenBSD/6.7/i386/INSTALL.i386</a>
1426: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/landisk/INSTALL.landisk">
1427: .../OpenBSD/6.7/landisk/INSTALL.landisk</a>
1428: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/loongson/INSTALL.loongson">
1429: .../OpenBSD/6.7/loongson/INSTALL.loongson</a>
1430: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/luna88k/INSTALL.luna88k">
1431: .../OpenBSD/6.7/luna88k/INSTALL.luna88k</a>
1432: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/macppc/INSTALL.macppc">
1433: .../OpenBSD/6.7/macppc/INSTALL.macppc</a>
1434: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/octeon/INSTALL.octeon">
1435: .../OpenBSD/6.7/octeon/INSTALL.octeon</a>
1.72 tj 1436: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/sgi/INSTALL.sgi">
1437: .../OpenBSD/6.7/sgi/INSTALL.sgi</a>
1.1 benno 1438: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.7/sparc64/INSTALL.sparc64">
1439: .../OpenBSD/6.7/sparc64/INSTALL.sparc64</a>
1440: </ul>
1441: </section>
1442:
1443: <hr>
1444:
1445: <section id=quickinstall>
1446: <p>
1447: Quick installer information for people familiar with OpenBSD, and the use of
1448: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1449: If you are at all confused when installing OpenBSD, read the relevant
1450: INSTALL.* file as listed above!
1451:
1452: <h3>OpenBSD/alpha:</h3>
1453:
1454: <p>
1455: If your machine can boot from CD, you can write <i>install67.iso</i> or
1456: <i>cd67.iso</i> to a CD and boot from it.
1457: Refer to INSTALL.alpha for more details.
1458:
1459: <h3>OpenBSD/amd64:</h3>
1460:
1461: <p>
1462: If your machine can boot from CD, you can write <i>install67.iso</i> or
1463: <i>cd67.iso</i> to a CD and boot from it.
1464: You may need to adjust your BIOS options first.
1465:
1466: <p>
1467: If your machine can boot from USB, you can write <i>install67.fs</i> or
1468: <i>miniroot67.fs</i> to a USB stick and boot from it.
1469:
1470: <p>
1471: If you can't boot from a CD, floppy disk, or USB,
1472: you can install across the network using PXE as described in the included
1473: INSTALL.amd64 document.
1474:
1475: <p>
1476: If you are planning to dual boot OpenBSD with another OS, you will need to
1477: read INSTALL.amd64.
1478:
1479: <h3>OpenBSD/arm64:</h3>
1480:
1481: <p>
1482: Write <i>miniroot67.fs</i> to a disk and boot from it after connecting
1483: to the serial console. Refer to INSTALL.arm64 for more details.
1484:
1485: <h3>OpenBSD/armv7:</h3>
1486:
1487: <p>
1488: Write a system specific miniroot to an SD card and boot from it after connecting
1489: to the serial console. Refer to INSTALL.armv7 for more details.
1490:
1491: <h3>OpenBSD/hppa:</h3>
1492:
1493: <p>
1494: Boot over the network by following the instructions in INSTALL.hppa or the
1495: <a href="hppa.html#install">hppa platform page</a>.
1496:
1497: <h3>OpenBSD/i386:</h3>
1498:
1499: <p>
1500: If your machine can boot from CD, you can write <i>install67.iso</i> or
1501: <i>cd67.iso</i> to a CD and boot from it.
1502: You may need to adjust your BIOS options first.
1503:
1504: <p>
1505: If your machine can boot from USB, you can write <i>install67.fs</i> or
1506: <i>miniroot67.fs</i> to a USB stick and boot from it.
1507:
1508: <p>
1509: If you can't boot from a CD, floppy disk, or USB,
1510: you can install across the network using PXE as described in
1511: the included INSTALL.i386 document.
1512:
1513: <p>
1514: If you are planning on dual booting OpenBSD with another OS, you will need to
1515: read INSTALL.i386.
1516:
1517: <h3>OpenBSD/landisk:</h3>
1518:
1519: <p>
1520: Write <i>miniroot67.fs</i> to the start of the CF
1521: or disk, and boot normally.
1522:
1523: <h3>OpenBSD/loongson:</h3>
1524:
1525: <p>
1526: Write <i>miniroot67.fs</i> to a USB stick and boot bsd.rd from it
1527: or boot bsd.rd via tftp.
1528: Refer to the instructions in INSTALL.loongson for more details.
1529:
1530: <h3>OpenBSD/luna88k:</h3>
1531:
1532: <p>
1533: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1534: from the PROM, and then bsd.rd from the bootloader.
1535: Refer to the instructions in INSTALL.luna88k for more details.
1536:
1537: <h3>OpenBSD/macppc:</h3>
1538:
1539: <p>
1540: Burn the image from a mirror site to a CDROM, and power on your machine
1541: while holding down the <i>C</i> key until the display turns on and
1542: shows <i>OpenBSD/macppc boot</i>.
1543:
1544: <p>
1545: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1546: /6.7/macppc/bsd.rd</i>
1547:
1548: <h3>OpenBSD/octeon:</h3>
1549:
1550: <p>
1551: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1552: Refer to the instructions in INSTALL.octeon for more details.
1.72 tj 1553:
1554: <h3>OpenBSD/sgi:</h3>
1555:
1556: <p>
1557: To install, burn cd67.iso on a CD-R, put it in the CD drive of your
1558: machine and select <i>Install System Software</i> from the System Maintenance
1559: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
1560: CD-ROM, and need a proper invocation from the PROM prompt.
1561: Refer to the instructions in INSTALL.sgi for more details.
1562:
1563: <p>
1564: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
1565: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
1566: system type. Refer to the instructions in INSTALL.sgi for more details.
1.1 benno 1567:
1568: <h3>OpenBSD/sparc64:</h3>
1569:
1570: <p>
1571: Burn the image from a mirror site to a CDROM, boot from it, and type
1572: <i>boot cdrom</i>.
1573:
1574: <p>
1575: If this doesn't work, or if you don't have a CDROM drive, you can write
1576: <i>floppy67.fs</i> or <i>floppyB67.fs</i>
1577: (depending on your machine) to a floppy and boot it with <i>boot
1578: floppy</i>. Refer to INSTALL.sparc64 for details.
1579:
1580: <p>
1581: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1582: will most likely fail.
1583:
1584: <p>
1585: You can also write <i>miniroot67.fs</i> to the swap partition on
1586: the disk and boot with <i>boot disk:b</i>.
1587:
1588: <p>
1589: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1590: </section>
1591:
1592: <hr>
1593:
1594: <section id=upgrade>
1595: <h3>How to upgrade</h3>
1596: <p>
1.42 deraadt 1597: If you already have an OpenBSD 6.6 system, and do not want to reinstall,
1.1 benno 1598: upgrade instructions and advice can be found in the
1599: <a href="faq/upgrade67.html">Upgrade Guide</a>.
1600: </section>
1601:
1602: <hr>
1603:
1604: <section id=sourcecode>
1605: <h3>Notes about the source code</h3>
1606: <p>
1607: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1608: This file contains everything you need except for the kernel sources,
1609: which are in a separate archive.
1610: To extract:
1611: <blockquote><pre>
1612: # <kbd>mkdir -p /usr/src</kbd>
1613: # <kbd>cd /usr/src</kbd>
1614: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1615: </pre></blockquote>
1616: <p>
1617: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1618: This file contains all the kernel sources you need to rebuild kernels.
1619: To extract:
1620: <blockquote><pre>
1621: # <kbd>mkdir -p /usr/src/sys</kbd>
1622: # <kbd>cd /usr/src</kbd>
1623: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1624: </pre></blockquote>
1625: <p>
1626: Both of these trees are a regular CVS checkout. Using these trees it
1627: is possible to get a head-start on using the anoncvs servers as
1628: described <a href="anoncvs.html">here</a>.
1629: Using these files
1630: results in a much faster initial CVS update than you could expect from
1631: a fresh checkout of the full OpenBSD source tree.
1632: </section>
1633:
1634: <hr>
1635:
1636: <section id=ports>
1637: <h3>Ports Tree</h3>
1638: <p>
1639: A ports tree archive is also provided. To extract:
1640: <blockquote><pre>
1641: # <kbd>cd /usr</kbd>
1642: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1643: </pre></blockquote>
1644: <p>
1645: Go read the <a href="faq/ports/index.html">ports</a> page
1646: if you know nothing about ports
1647: at this point. This text is not a manual of how to use ports.
1648: Rather, it is a set of notes meant to kickstart the user on the
1649: OpenBSD ports system.
1650: <p>
1651: The <i>ports/</i> directory represents a CVS checkout of our ports.
1652: As with our complete source tree, our ports tree is available via
1653: <a href="anoncvs.html">AnonCVS</a>.
1654: So, in order to keep up to date with the -stable branch, you must make
1655: the <i>ports/</i> tree available on a read-write medium and update the tree
1656: with a command like:
1657: <blockquote><pre>
1658: # <kbd>cd /usr/ports</kbd>
1659: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_7</kbd>
1660: </pre></blockquote>
1661: <p>
1662: [Of course, you must replace the server name here with a nearby anoncvs
1663: server.]
1664: <p>
1665: Note that most ports are available as packages on our mirrors. Updated
1666: ports for the 6.7 release will be made available if problems arise.
1667: <p>
1668: If you're interested in seeing a port added, would like to help out, or just
1669: would like to know more, the mailing list
1670: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1671: </section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 67.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www