Annotation of www/68.html, Revision 1.7
1.1 benno 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 6.8</title>
6: <meta name="description" content="OpenBSD 6.8">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/68.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 6.8
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/XXX.gif">
21: <img width="227" height="343" src="images/XXX-s.gif" alt="XXX"></a>
22: <td>
23: Released Oct XXX, 2020<br>
24: Copyright 1997-2020, Theo de Raadt.<br>
25: <br>
26: <br>
27: Artwork by XXX.
28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/6.8/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata68.html">the 6.8 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus68.html">detailed log of changes</a> between the
37: 6.7 and 6.8 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-68-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/openbsd-68-base.pub">
47: RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f
48: <tr><td>
49: openbsd-68-fw.pub:
50: <td>
51: RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy
52: <tr><td>
53: openbsd-68-pkg.pub:
54: <td>
55: RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K
56: <tr><td>
57: openbsd-68-syspatch.pub:
58: <td>
59: RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 6.8.
74: For a comprehensive list, see the <a href="plus68.html">changelog</a> leading
75: to 6.8.
76:
77: <ul>
78:
79: <li>General improvements and bugfixes:
80: <ul>
1.3 benno 81: <li>Added support in the kernel and libc for timecounting in
82: userland, eliminating the need for a context switch everytime a
83: process requests the current time, thereby improving speed and
84: responsiveness in programs which make many <a
85: href="https://man.openbsd.org/gettimeofday">gettimeofday(2)</a> calls,
86: especially browsers and office software.<br>The userland timecounters
87: are enabled on the amd64, arm64, macppc, octeon and sparc64
88: architectures.<span style="color:red;">verify architectures</span>
89:
1.1 benno 90: <li>Set <a href="https://man.openbsd.org/ddb">ddb(4)</a> "/t" to show a trace via TID on all architectures.
91: <li>Restored VGA fonts on VT switch, preventing an unusable screen when switching to a VT with a custom VGA font from X.
92: <li>Fixed the <a href="https://man.openbsd.org/ksh">ksh(1)</a> exit code when evaluating a || compound list to prevent termination of the shell when running under -e.
93: <li>Relaxed filename checks in <a href="https://man.openbsd.org/syspatch">syspatch(8)</a> to allow use of hyphens.
94: <li>Rewrote m88k mutex code as a slight variation of the MI mutex code, potentially improving stability and rendering mutex spinning time visible in <a href="https://man.openbsd.org/top">top(1)</a>.
95: <li>Corrected <a href="https://man.openbsd.org/getopt_long">getopt_long(3)</a> parsing of a trailing dash in an option group, which was being incorrectly returned as an argument.
96: <li>Enabled building <a href="https://man.openbsd.org/wsmoused">wsmoused(8)</a> and <a href="https://man.openbsd.org/wsfontload">wsfontload(8)</a> on arm64 and armv7.
97: <li>Added a new column to <a href="https://man.openbsd.org/wsfontload">wsfontload(8)</a> -l output to report the number of characters contained in a loaded font.
98: <li>Fixed a panic in <a href="https://man.openbsd.org/wscons">wscons(4)</a>.
99: <li>Prevented callers inspecting unrelated fields in the libc resolver function asr_run().
100: <li>Prevented <a href="https://man.openbsd.org/rcs">rcs(1)</a> removal of locked revisions with rcs -orange, avoiding leaving behind a lock for a revision which no longer exists.
101: <li>Provided an optimized implementation of <a href="https://man.openbsd.org/ffs">ffs(3)</a> in the kernel on arm64/powerpc/powerpc64.
102: <li>Improved CPU frequency scaling in automatic performance mode by removing accounting for offline CPUs.
103: <li>Fixed <a href="https://man.openbsd.org/sndiod">sndiod(8)</a> crashes when USB devices are disconnected.
104: <li>Fixed the initial <a href="https://man.openbsd.org/sndiod">sndiod(8)</a> alternate device number, preventing device number 1 from being skipped on first use.
105: <li>Allowed switching between alternate devices (-F) with <a href="https://man.openbsd.org/sndioctl">sndioctl(1)</a>.
106: <li>Implemented the gensub(), systime() and strftime() functions for <a href="https://man.openbsd.org/awk">awk(1)</a>.
107: <li>Stopped incrementing openclass for a literal "[" in <a href="https://man.openbsd.org/awk">awk(1)</a>, allowing parsing of expressions such as "/[[/[]/".
108: <li>Added <a href="https://man.openbsd.org/intrmap_create">intrmap</a>, an interrupt to CPU mapping API that is used by hardware drivers to use multiple CPUs for interrupt handling.
109: <li>Added an ioctl PCIOCGETVPD allowing userland to access read-only support information about pci devices via the vpd register.
110: <li>Introduced <a href="https://man.openbsd.org/gettime">gettime(9)</a> and <a href="https://man.openbsd.org/getuptime">getuptime(9)</a> and substituted these for time_second(9) and time_uptime(9) throughout the kernel to prevent split-read problems on 32-bit platforms.
111: <li>Fixed merging of files that lack newlines for <a href="https://man.openbsd.org/diff3">diff3(1)</a>, OpenRCS and OpenCVS.
112: <li>Switched the default CDDB database for <a href="https://man.openbsd.org/cdio">cdio(1)</a> to gnudb.gnudb.org:8880.
113: <li>Fixed a problem where switching to a vt and back was needed to see rc output and login prompt on some intel machines with skylake and newer graphics.
114: <li>Introduced a darker <a href="https://man.openbsd.org/xenodm">xenodm(1)</a> login widget and a lower contrast default background.
115: <li>Prevented creation of bogus <a href="https://man.openbsd.org/sd">sd(4)</a> devices for <a href="https://man.openbsd.org/nvme">nvme(4)</a> namespaces which are configured but have size 0.
116: <li>Initialized v4l2_requestbuffers for libv4l compatibility, allowing view of video encodings not directly supported by <a href="https://man.openbsd.org/video">video(1)</a>.
117: <li>Added <a href="https://man.openbsd.org/video">video(1)</a> white balance temperature control through w/W keys.
118: <li>Added the ability to set and display <a href="https://man.openbsd.org/video">video(1)</a> control values directly on the CLI.
119: <li>Allowed the combination of <a href="https://man.openbsd.org/video">video(1)</a> "-dc" options, reset and display control values.
120: <li>Added control for backlight compensation to <a href="https://man.openbsd.org/video">video(4)</a>.
121: <li>Used an LFENCE instruction everywhere RDTSC is used for a time measurement, reducing the jitter in TSC skew measurements.
122: <li>Prevented a core dump in <a href="https://man.openbsd.org/ftp">ftp(1)</a> during fetch abort.
123: <li>Allowed specification of supported TLS protocols in <a href="https://man.openbsd.org/ftp">ftp(1)</a> "-S protocols".
124: <li>Fixed an <a href="https://man.openbsd.org/xconsole">xconsole(1)</a> crash by starting it after setting the background.
125: <li>Fixed <a href="https://man.openbsd.org/ls">ls(1)</a> -R mode to not display subdirectories of a directory beginning with '.' and ensure directory names are always displayed.
126: <li>Introduced <a href="https://man.openbsd.org/kstat">kstat(1)</a>, a subsystem to allow the kernel to expose statistics to userland (and <a href="https://man.openbsd.org/kstat">kstat(8)</a>, the userland side).
127: <li>Added <a href="https://man.openbsd.org/kstat">kstat(1)</a> -w option, allowing update and printing of stats at a specified wait interval.
128: <li>Added kstat to <a href="https://man.openbsd.org/cnmac">cnmac(4)</a>.
129: <li>Added tsc_delay(), a <a href="https://man.openbsd.org/delay">delay(9)</a> implementation based on the TSC, to amd64.
130: <li>Synchronized each core's CP0 cycle counter using the IO clock counter on mips64 and octeon, making the cycle counter usable as timecounter.
131: <li>Added support for set -o pipefail to <a href="https://man.openbsd.org/ksh">ksh(1)</a>, potentially helping error checking.
132: <li>Taught <a href="https://man.openbsd.org/su">su(1)</a> -l -f to start a regular shell for non-csh shells rather than a login shell.
133: <li>Enabled spleen16x32 and spleen32x64 fonts on armv7 for GENERIC kernels.
134: <li>Implemented linear and power-of-two histograms in btrace(5).
135: <li>Added <a href="https://man.openbsd.org/btrace">btrace(8)</a> -p flag to filter all actions by PID.
136: <li>Enabled <a href="https://man.openbsd.org/btrace">btrace(8)</a>.
137: <li>Added support for "&" and "|" operators in btrace scripts.
138: <li>Used <a href="https://man.openbsd.org/su">su(1)</a> -fl to avoid sourcing the target user's .profile in <a href="https://man.openbsd.org/rc.d">rc.d(8)</a>/<a href="https://man.openbsd.org/rcctl">rcctl(8)</a>.
139: <li>Added a <a href="https://man.openbsd.org/ktrace">ktrace(1)</a> -T option to make time-related system calls more prominent.
140: <li>Switched the default pager from "<a href="https://man.openbsd.org/more">more(1)</a> -s" to <a href="https://man.openbsd.org/less">less(1)</a>.
141: <li>Ensured only pseudo-terminal devices use reprint delays.
142: <li>Prevented <a href="https://man.openbsd.org/mg">mg(1)</a> from running out of memory or segfaulting with <code>query-replace-regex ^</code>.
143: <li>Prevented an <a href="https://man.openbsd.org/unveil">unveil(2)</a> failure with chdir / on <a href="https://man.openbsd.org/sensorsd">sensorsd(8)</a>.
144: <li>Ported NetBSD's arm64 disassembler for <a href="https://man.openbsd.org/ddb">ddb(4)</a>.
145: <li>Added / as an alias for g (grep) in <a href="https://man.openbsd.org/top">top(1)</a>.
146: <li>Added support for remote coverage to <a href="https://man.openbsd.org/kcov">kcov(4)</a>.
147: <li>Avoided reading one byte before the path buffer in <a href="https://man.openbsd.org/mountd">mountd(8)</a>.
148: <li>Added the ability to filter which <a href="https://man.openbsd.org/kstat">kstat(1)</a> entries are displayed.
149: <li>Moved <a href="https://man.openbsd.org/sysctl">sysctl(2)</a> CTL_DEBUG from DEBUG to the new DEBUG_SYSCTL.
150: <li>Added <a href="https://man.openbsd.org/fstat">fstat(1)</a> support for looking up unix domain sockets by file name.
151: <li>Fixed <a href="https://man.openbsd.org/make">make(1)</a> :S with anchors and replacement.
152: <li>Imported <a href="https://man.openbsd.org/login_ldap">login_ldap(8)</a>, using <a href="https://man.openbsd.org/ldap">ldap(1)</a> rather than openldap.
153: <li>Used READ(16)/WRITE(16) commands for disks large enough to require them to access the last sectors, fixing large 512E devices plugged into USB to ATA/ATAPI bridges which mistakenly use 4K sector addresses/sizes.
154: <li>Fixed "$@" splitting with empty IFS in <a href="https://man.openbsd.org/ksh">ksh(1)</a>.
155: <li>Prevented improper disabling of the backlight in <a href="https://man.openbsd.org/umstc">umstc(4)</a> when brightness is adjusted to 0.
1.7 ! jsg 156: <li>Stopped <a href="https://man.openbsd.org/syslogd">syslogd(8)</a> from closing UDP sockets for sending messages when DNS lookup of a UDP loghost fails, allowing them to be used to send if DNS is working during the next SIGHUP.
1.1 benno 157: <li>Prevented established TCP and TLS sockets of <a href="https://man.openbsd.org/syslogd">syslogd(8)</a> from staying open forever if a client aborted the connection silently.
158: <li>Provided a naptime variable for userspace via <a href="https://man.openbsd.org/kvm_read">kvm_read(3)</a>, usable by <a href="https://man.openbsd.org/vmstat">vmstat(8)</a>.
159: <li>Cleared the screen in <a href="https://man.openbsd.org/ksh">ksh(1)</a>'s vi editing mode before redrawing the line with ^L.
160: <li>Made <a href="https://man.openbsd.org/apmd">apmd(8)</a> always ask the kernel about current hw.perfpolicy rather than maintaining state.
161: <li>Reworked kernel loading with <a href="https://man.openbsd.org/octboot">octboot(4)</a>, which now does not rely on a mounted filesystem.
162: <li>Converted macppc, octeon and loongson to use machine-independent installboot.
163: <li>Forced long-names on msdos filenames for installboot on most 32-bit architectures.
164: <!-- FFS2 -->
165: <li>Improvements in the FFS2 filesystem:
166: <ul>
167: <li>Made FFS2 the default for <a href="https://man.openbsd.org/newfs">newfs(8)</a>, except for mfs.
168: <li>Enabled the FFS2 option on the luna88k ramdisk.
169: <li>Made FFS2 the default non-root filesystems on landisk, sgi and luna88k.
170: </ul>
171: <li>
172: </ul>
173: </ul>
174:
175: <li>SMP-Improvements:
176: <ul>
177: <li>
178: </ul>
179:
180: <li>Improved hardware support and driver bugfixes, including:
181: <ul>
182: <li>Enabled scrollback in <a href="https://man.openbsd.org/simplefb">simplefb(4)</a>.
183: <li>Fixed display glitches on smaller screens or with larger fonts in <a href="https://man.openbsd.org/efifb">efifb(4)</a> associated with remapping and attaching.
184: <li>Disabled <a href="https://man.openbsd.org/ohci">ohci(4)</a> on the amd64 ramdisk kernel.
185: <li>Improved reporting of remaining power with batteries of different capacities in <a href="https://man.openbsd.org/acpi">acpi(4)</a>.
186: <li>Added support for the ThingM blink(1) USB notification light.
187: <li>Fixed bogus frame sizes being returned by <a href="https://man.openbsd.org/xhci">xhci(4)</a>.
188: <li>Added an ASMedia ASM1182e PCIe switch <a href="https://man.openbsd.org/pci">pci(4)</a> id.
189: <li>Added <a href="https://man.openbsd.org/wsmoused">wsmoused(8)</a> support to <a href="https://man.openbsd.org/efifb">efifb(4)</a>.
190: <li>Added <a href="https://man.openbsd.org/umstc">umstc(4)</a>, a driver for Microsoft Surface Type Cover keyboards.
191: <li>Introduced <a href="https://man.openbsd.org/acpihid">acpihid(4)</a> for ACPI HID event and 5-button array devices.
192: <li>Moved Powerbook5,4 audio from <a href="https://man.openbsd.org/aoa">aoa(4)</a> to <a href="https://man.openbsd.org/snapper">snapper(4)</a>, adding the missing TAS3004 volume control.
193: <li>Added Intel 200 Series HD Audio <a href="https://man.openbsd.org/pci">pci(4)</a> id.
194: <li>Fixed broken HID descriptors of Elecom trackballs with 6 or 8 buttons.
195: <li>Added RK3328 PWM, also found in the RK3308, to <a href="https://man.openbsd.org/rkpwm">rkpwm(4)</a>.
196: <li>Added RK3308 temperature sensors to <a href="https://man.openbsd.org/rktemp">rktemp(4)</a>.
197: <li>Added <a href="https://man.openbsd.org/pcamux">pcamux(4)</a>, a driver for the PCA8548 I2C switch.
1.6 jsg 198: <li>Introduced a framework for digital audio interfaces, and added <a href="https://man.openbsd.org/simpleaudio">simpleaudio(4)</a>, a driver for "simple audio cards." This is a wrapper connecting the I2S controller, the codec and some aux devices, and <a href="https://man.openbsd.org/simpleamp">simpleamp(4)</a>, a driver for "simple audio amplifier," one of the aux devices for <a href="https://man.openbsd.org/simpleaudio">simpleaudio(4)</a>.
1.1 benno 199: <li>Enabled <a href="https://man.openbsd.org/nvme">nvme(4)</a> on i386.
200: <li>Added support for the Ericsson F5521gw Mobile Broadband Modem.
201: <li>Implemented pci_intr_establish_cpu() for <a href="https://man.openbsd.org/pyro">pyro(4)</a> and <a href="https://man.openbsd.org/vpci">vpci(4)</a>-based sparc64 systems.
202: <li>Ensured the STOP command sent by <a href="https://man.openbsd.org/sd">sd(4)</a> on powerdown will not result in hanging the machine if commands to the USB mass storage fail.
203: <li>Fixed intermittent failing <a href="https://man.openbsd.org/pms">pms(4)</a> device initialization seen on some Synaptics devices.
204: <li>Corrected trackstick/button attachment of Windows Precision Touchpad <a href="https://man.openbsd.org/imt">imt(4)</a> devices, fixing behavior on certain Dell Latitude laptops.
205: <li>Improved speed of scrolling by optimizing <a href="https://man.openbsd.org/rasops">rasops(9)</a> write-only framebuffer console.
206: <li>Added support for routing interrupts to other CPUs in <a href="https://man.openbsd.org/ampintc">ampintc(4)</a> and <a href="https://man.openbsd.org/agintc">agintc(4)</a>.
207: <li>Modified <a href="https://man.openbsd.org/uvideo">uvideo(4)</a> to fix webcam detection in Firefox 78.
208: <li>Added a SENSOR_ENERGY sensor type to the <a href="https://man.openbsd.org/sensor_attach">sensors framework API</a> which uses microjoules.
209: <li>Added support for the AMDI0010 touchpad on the Inspiron 5505.
210: <li>Avoided nvram lock timeout on sparc64 systems with onboard BCM5704 <a href="https://man.openbsd.org/bge">bge(4)</a> instances that come without a fitted EEPROM/NVRAM.
211: <li>Added support for Gear Head keyboards.
212: <li>Added <a href="https://man.openbsd.org/pms">pms(4)</a> support for the Elantech v1 touchpad with firmware version 0x20022.
213: <li>Added <a href="https://man.openbsd.org/sdmmc">sdmmc(4)</a> support for eMMC HS200 mode.
214: <li>Added Exar XR17V35x serial port support.
215: <li>Properly implemented <a href="https://man.openbsd.org/amlmmc">amlmmc(4)</a> setting of signal voltage.
216: <li>Implemented UHS-I support in the <a href="https://man.openbsd.org/sdmmc">sdmmc(4)</a> midlayer and enabled it in <a href="https://man.openbsd.org/amlmmc">amlmmc(4)</a>.
217: <li>Allowed theoretical multiple attachment of <a href="https://man.openbsd.org/asmc">asmc(4)</a> controllers.
218: <li>Introduced <a href="https://man.openbsd.org/abl">abl(4)</a>, a new driver to control the backlight brightness on Intel-based Apple machines, and allowed it to be controlled through <a href="https://man.openbsd.org/wsconsctl">wsconsctl(8)</a>.
219: <li>Disabled <a href="https://man.openbsd.org/acpivout">acpivout(4)</a> brightness control on machines aware of Windows 8, enabling inteldrm to handle brightness ioctls.
220: <li>Fixed <a href="https://man.openbsd.org/eeprom">eeprom(8)</a> error when setting variables on macppc.
1.4 jsg 221: <li>Updated <a href="https://man.openbsd.org/drm">drm(4)</a> to Linux 5.7.19.
1.1 benno 222: </ul>
223: <li>New or improved network hardware support:
224: <ul>
225: <li>Enabled multiple queues on <a href="https://man.openbsd.org/vmx">vmx(4)</a>, VMware VMXNET3 Virtual Interface Controller.
226: <li>Added support for hardware vlan tagging to <a href="https://man.openbsd.org/mcx">mcx(4)</a>.
227: <li>Fixed a crash in <a href="https://man.openbsd.org/re">re(4)</a>.
1.7 ! jsg 228: <li>Added <a href="https://man.openbsd.org/bge">bge(4)</a> support for the BCM5719 A1 Ethernet controller.
1.1 benno 229: <li>Handled AGL interfaces on octeon, making management network ports usable on some machines.
230: <li>Implemented rss/toeplitz support for <a href="https://man.openbsd.org/ixl">ixl(4)</a> 710 chips.
231: <li>Added support for the <a href="https://man.openbsd.org/mcx">mcx(4)</a> ConnectX-6 Dx.
232: <li>Fixed a potential crash when bringing down an <a href="https://man.openbsd.org/mcx">mcx(4)</a> interface.
233: <li>Enabled multiq support for <a href="https://man.openbsd.org/ix">ix(4)</a>.
234: <li>Increased the <a href="https://man.openbsd.org/mcx">mcx(4)</a> event queue size, preventing a potential interrupt storm on the ConnectX-4.
235: <li>Fixed outbound <a href="https://man.openbsd.org/bpf">bpf(4)</a> tap on <a href="https://man.openbsd.org/ogx">ogx(4)</a> interfaces.
236: <li>Improved <a href="https://man.openbsd.org/ure">ure(4)</a> TX performance by combining multiple packets into one xfer as possible.
237: </ul>
238: <li>Added or improved wireless network drivers:
239: <ul>
240: <li>Added support to <a href="https://man.openbsd.org/urtwn">urtwn(4)</a> for TP-Link TL-WN822N-EU v5 (and v4).
241: <li>Added WPA2 (CCMP) crypto offload support to <a href="https://man.openbsd.org/iwx">iwx(4)</a>.
242: <li>Fixed a fatal firmware error at run-time on <a href="https://man.openbsd.org/iwx">iwx(4)</a>.
243: <li>Added <a href="https://man.openbsd.org/bwfm">bwfm(4)</a> support for BCM4359 SDIO variants such as the AP6359SA module found on the RockPro64 WiFi module.
244: <li>Enabled critical temperature detection in <a href="https://man.openbsd.org/iwx">iwx(4)</a> firmware.
245: <li>Fixed mbuf leak in <a href="https://man.openbsd.org/urtwn">urtwn(4)</a> with frames CCMP-encrypted by hardware.
246: <li>Added support for the D-Link DWA-121 rev B1 <a href="https://man.openbsd.org/urtwn">urtwn(4)</a> device.
247: <li>Repaired <a href="https://man.openbsd.org/athn">athn(4)</a> in client mode against WPA2 access points.
248: <li>Switched <a href="https://man.openbsd.org/iwx">iwx(4)</a> from -46 to -48 firmware.
249: <li>Fixed <a href="https://man.openbsd.org/athn">athn(4)</a> use with WPA2 APs.
250: <li>Enabled background scanning on <a href="https://man.openbsd.org/iwx">iwx(4)</a> devices.
251: <li>Added <a href="https://man.openbsd.org/rge">rge(4)</a> support for newer RTL8125 chipset (RTL8125B).
252: <li>Fixed gain calibration for some <a href="https://man.openbsd.org/iwn">iwn(4)</a> devices (5000 and up).
253: <li>Added support for AX201 devices to <a href="https://man.openbsd.org/iwx">iwx(4)</a>.
254: <li>Added support for the RK3308 MAC to <a href="https://man.openbsd.org/dwge">dwge(4)</a>.
255: </ul>
256:
257: <li>Removed hardware support
258: <ul>
259: <li>
260: </ul>
261:
262:
263: <li>The powerpc64 architecture was added:<span style="color:red;">maybe shorten this and add a text about current status instead?</span>
264: <ul>
265: <li>Began initial development of an OpenBSD/powerpc64 port.
266: <li>Added IBM POWER9 host bridge <a href="https://man.openbsd.org/pci">pci(4)</a> id.
267: <li>Added <a href="https://man.openbsd.org/opal">opal(4)</a>, a driver that interacts with the OPAL firmware on powerpc64 and implements RTC functionality.
268: <li>Added support for the XIVE interrupt controller found on POWER9 CPUs.
269: <li>Increased the buffer size for OFW parameter name strings, making it possible to dump the full device tree on POWER9 systems using eeprom -p.
270: <li>Added powerpc64 FDT interrupt support.
271: <li>Introduced an initial bootloader for OpenBSD/powerpc64.
272: <li>Added installboot powerpc64 support.
273: <li>Added initial powerpc64 X sets.
274: <li>Passed boothowto and bootduid parameters to the booted powerpc64 kernel via the device tree.
275: <li>Improved the powerpc64 kernel linker script and installed proper page protections via pmap_bootstrap().
276: <li>Enabled <a href="https://man.openbsd.org/xhci">xhci(4)</a> in the powerpc64 BOOT kernel.
277: <li>Introduced powerpc64 GENERIC.MP and bsd.mp.
278: <li>Implemented IPIs on powerpc64.
279: <li>Increased the powerpc64 MAXCPUS to 48, the maximum cores available in any POWER9 system.
280: <li>Added additional scsi devices on powerpc64.
281: <li>Added powerpc64 cd9660, msdos and inet6 ramdisk support.
282: <li>Built installXX.{img,iso} powerpc64 files.
283: <li>Introduced <a href="https://man.openbsd.org/xicp">xicp(4)</a>, a driver for the interrupt control presenter hardware found on POWER8 CPUs.
284: <li>Added powerpc support for POWER8 CPUs.
285: <li>Added support for IODA2 bridges such as those found on POWER8 chips.
286: <li>Added powerpc64 support for "normal" external interrupts, needed for running POWER8 and earlier CPUs.
287: <li>Added support for the IBM POWER8 host bridge.
288: <li>Improved detection of the proper powerpc64 boot device by choosing the disk matching the bootduid of the boot kernel.
289: <li>Added <a href="https://man.openbsd.org/mpii">mpii(4)</a> to powerpc64.
290: <li>Used an IPI on powerpc64 so hw.setperf affects all cores in the mp kernel.
291: </ul>
292:
293:
294: <li>New <a href="https://www.openbsd.org/arm64.html">arm64</a> and <a
295: href="https://www.openbsd.org/armv7.html">armv7</a> hardware support
296: and bugfixes, including:
297: <ul>
298: <li>Added <a href="https://man.openbsd.org/amlpwrc">amlpwrc(4)</a>, a driver for the power domain controller found on Amlogic SoCs.
1.7 ! jsg 299: <li>Made OpenBSD boot on the ODROID-C4 with power domain in <a href="https://man.openbsd.org/amldwusb">amldwusb(4)</a>.
1.1 benno 300: <li>Added support for the SD card detect pins on the Turris Mox.
1.7 ! jsg 301: <li>Added support for the Marvell Xenon SDHC, used as storage on the Armada 3700 and 8040 SoCs. This should make eMMC/SD show up on the MACCHIATObin.
! 302: <li>Opened up a 4GB memory bus window for <a href="https://man.openbsd.org/mvneta">mvneta(4)</a> on the Marvell Armada 3700, making the second Ethernet controller/port work on the Turris Mox.
1.1 benno 303: <li>Added <a href="https://man.openbsd.org/mvkpcie">mkvpcie(4)</a>, a driver for the Aardvark PCIe controller found on the Armada 3700 SoC.
304: <li>Adjusted <a href="https://man.openbsd.org/dwpcie">dwpcie(4)</a> timing to improve likelihood of a successful PCIe link on the i.MX8MM. Avoids a failure to detect <a href="https://man.openbsd.org/em">em(4)</a> on the HummingBoard Pulse.
1.7 ! jsg 305: <li>Added support for the Cortex-A78 CPU.
1.1 benno 306: <li>Added Marvel 88SE9215 and 88SE9235 AHCI <a href="https://man.openbsd.org/pci">pci(4)</a> ids.
307: <li>Added <a href="https://man.openbsd.org/cwfg">cwfg(4)</a>, a driver for the Cellwise CW201x fuel gauge on the Pinebook Pro.
308: <li>Populated a list of 256 brightness levels as a fallback when the device tree does not specify a list, making the Pinebook Pro display work with the dtb from Linux 5.7.
309: <li>Added <a href="https://man.openbsd.org/escodec">escodec(4)</a>, a driver for the Everest ES8316 audio codec used on the Pinebook Pro.
1.6 jsg 310: <li>Added <a href="https://man.openbsd.org/rkiis">rkiis(4)</a>, a driver for the I2S controller found on the Rockchip RK3399.
1.1 benno 311: <li>Fixed an <a href="https://man.openbsd.org/sdhc">sdhc(4)</a> panic on the MACCHIATObin due to unaligned memory access.
312: <li>Added <a href="https://man.openbsd.org/bcmtmon">bcmtmon(4)</a>, a driver for the temperature sensor on the Raspberry Pi 4.
313: <li>Introduced <a href="https://man.openbsd.org/opalcons">opalcons(4)</a>, a driver for the OPAL console.
314: <li>Introduced <a href="https://man.openbsd.org/mvpp">mvpp(4)</a>, a driver for the Marvell Packet Processor v2 as used on the Armada 7K and 8K SoCs.
315: <li>Introduced <a href="https://man.openbsd.org/opalsens">opalsens(4)</a>, a driver for sensors provided by the OPAL firmware.
316: <li>Introduced <a href="https://man.openbsd.org/xics">xics(4)</a>, a driver for the OPAL virtual ICS.
317: <li>Improved PLL1(CPU_PLL) stability for the Allwinner H3/H2+.
318: </ul>
319:
320: <li>IEEE 802.11 wireless stack improvements and bugfixes:
321: <ul>
322: <li>Fixed CCMP replay checks with 11n Rx aggregation and CCMP hardware offloading.
323: <li>Offloaded CCMP (WPA2) encryption and decryption to <a href="https://man.openbsd.org/iwm">iwm(4)</a> hardware, reducing CPU load during traffic bursts.
324: <li>Adjusted to complete group key renewal immediately if no station is associated when ieee80211_proto.c runs.
325: <li>Improved processing of lost frames during 802.11 Rx aggregation.
326: <li>Allowed passage of unencrypted 802.11 frames during hardware decryption post-processing, fixing failure of some <a href="https://man.openbsd.org/ral">ral(4)</a> devices to receive packets on encrypted networks.
327: <li>Prevented a fatal <a href="https://man.openbsd.org/iwx">iwx(4)</a> firmware error when the driver moves out of AUTH state.
328: <li>Prevented a panic where <a href="https://man.openbsd.org/athn">athn(4)</a> attempted to transmit old, unencryptable frames after switching to a new group key in hostap mode.
329: <li>Prevented a use-after-free when a wireless device is detached.
330: </ul>
331:
332: <li>Generic network stack improvements and bugfixes:
333: <ul>
334: <!-- carp and pf -->
335: <li>Implemented a <a href="https://man.openbsd.org/carp">carp(4)</a> transmit bypassing the ifq on output, enqueuing the packet directly on the parent interface.
336: <li>Fixed <a href="https://man.openbsd.org/pf.conf">pf.conf(5)</a> "route-to TABLE least-states" in an anchor.
337: <li>Allowed <a href="https://man.openbsd.org/pf">pf(4)</a> to divert packets from <a href="https://man.openbsd.org/bridge">bridge(4)</a> to local socket.
338: <li>Rehashed main <a href="https://man.openbsd.org/pf">pf(4)</a> rulesets after rule expiration.
339: <li>Added a check for <a href="https://man.openbsd.org/pfctl">pfctl(8)</a> that an rtable exists when parsing the config.
340: <!-- wg -->
1.7 ! jsg 341: <li>Added <a href="https://man.openbsd.org/wg">wg(4)</a>, an in-kernel driver for WireGuard VPN communication.
1.1 benno 342: <!-- network pseudo drivers and other kernel network internals -->
343: <li>Protected the whole <a href="https://man.openbsd.org/pipex">pipex(4)</a> layer by NET_LOCK().
344: <li>Stopped creation of non-existent <a href="https://man.openbsd.org/bridge">bridge(4)</a> interfaces.
345: <li>Added a symmetric toeplitz implementation with integration for nics, usable through the <a href="https://man.openbsd.org/stoeplitz_to_key">stoeplitz_to_key(9)</a> hash algorithm API.
346: <li>Changed <a href="https://man.openbsd.org/tpmr">tpmr(4)</a> from ifconfig [-]trunkport to add|del synopsis.
347: <li>Filtered vlan and svlan packets by default for <a href="https://man.openbsd.org/tpmr">tpmr(4)</a>.
348: <li>Implemented IPv6 source address selection as outlined in RFC 6724 section 5.
349: <li>Set IPv6 source address selection to prefer the address with the highest preferred lifetime in case of a tie.
350: <li>Stopped preventing TCP connections to IPv6 anycast addresses.
351: <li>Added the <a href="https://man.openbsd.org/pcap-filter">pcap-filter(5)</a> "sample NUM" primitive to allow capture of 1/NUM packets.
352: <li>Added a <a href="https://man.openbsd.org/man4/route.4">ROUTE_FLAGFILTER</a> socket option for routing sockets, allowing routing daemons to opt out of receiving messages for L2 and broadcast route entries.
353: <li>Allowed SIOCSWGDPID and SIOCSWGMAXFLOW ioctls for non-root, preventing <a href="https://man.openbsd.org/switch">switch(4)</a> interfaces from appearing partially as <a href="https://man.openbsd.org/bridge">bridge(4)</a> devices for unprivileged users running <a href="https://man.openbsd.org/ifconfig">ifconfig(8)</a>.
354: <li>Modified <a href="https://man.openbsd.org/trunk">trunk(4)</a> to keep port interfaces UP on removal, matching <a href="https://man.openbsd.org/aggr">aggr(4)</a> behavior.
355: </ul>
356:
357: <li>Installer improvements:
358: <ul>
359: <li>sysupgrade(8) can now be used on systems with multiple installations and boot disks.<span style="color:red;">needs check</span>
360: <li>Ensured <a href="https://man.openbsd.org/sysupgrade">sysupgrade(8)</a> on systems with multiple root disks will proceed on the disk with auto_upgrade.conf present.
361: <li>Changed install images called *.fs to *.img to accommodate some UEFI bootloaders.
362: </ul>
363:
364: <li>Security improvements:
365: <ul>
366: <li>Added RB_GOODRANDOM passed from bootloader to kernel in boothowto, indicating confidence a "great seed" was loaded.
367: <li>Passed boothowto from the sparc64 bootloader to the kernel using .openbsd.bootdata.
368: <li>Introduced detection of /etc/random.seed reuse.
369: <li>Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
370: <li>Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it.
371: <li>Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with <a href="https://man.openbsd.org/security">security(8)</a>.
372:
373:
374: <li>The following security bugs were addressed:
375: <ul>
376: <li>Fixed two out-of-bounds array accesses in ioctl code pathways in
377: <a href="https://man.openbsd.org/wscons">wscons(4)</a>.
378: <li>Fixed information leak in semctl SEM_GET.
379: <li>Prevented root from freezing the UTC clock with <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> at securelevel 2.
380: <li>Fixed performance problems relating to tty subsystem abuse.<!-- tty.c,v 1.158 2020/07/14 14:33:03 deraadt -->
381: <li>Fixed heap corruption in the X input method client in libX11.
382: <li>Fixed potential information leak via X server pixel data uninitialized memory.
383: <li>Fixed a race condition for isoc devices during device close.
384: <li>Fixed an integer overflow in libX11 which could lead to a double free.
385: <li>Corrected multiple input validation deficits in X server extensions.
386: </ul>
387: </ul>
388:
389: <li>Routing daemons and other userland network improvements:
390: <ul>
391: <!-- bgpd -->
392: <li>In <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a>, the
393: "reload" command now takes a 'reason' argument to use as
1.7 ! jsg 394: Administrative Shutdown Communication to its neighbors.
1.1 benno 395: <li>Added <a href="https://man.openbsd.org/bgpctl">bgpctl(8)</a>
396: support for VPNv6 in the family option of the "show rib" command.
397: <!-- OSPF -->
398: <li>Improve performance of <a href="https://man.openbsd.org/ospfd">ospfd(8)</a>, <a href="https://man.openbsd.org/ospf6d">ospf6d(8)</a> by using the ROUTE_FLAGFILTER setsockopt to filter out routing socket messages
399: for L2 and broadcast routes.
400: <!-- ldap -->
401: <li>Modified <a href="https://man.openbsd.org/ldapd">ldapd(8)</a> use of "ldaps" and "tls" keywords to enable only the libtls defaults for protocols and ciphers. The new "legacy" keyword can be used before these keywords in <a href="https://man.openbsd.org/ldapd.conf">ldapd.conf(5)</a> to enable them all.
402: <li>Added a bsd.schema to <a href="https://man.openbsd.org/ldapd">ldapd(8)</a> including a shadowPassword and an sshPublicKey attribute which can be used to extend existing LDAP users with the additional bsdAccount objectclass.
403: <!-- snmpd -->
404: <li>Removed support for the socket keyword in <a href="https://man.openbsd.org/snmpd.conf">snmpd.conf(5)</a>.
405: <li>Allowed <a href="https://man.openbsd.org/snmp">snmp(1)</a> mibtree to take one or more arguments to be converted to a chosen output format.
406: <!-- httpd and relayd -->
407: <li>Introduced a "dark mode" for directory listings and error pages in <a href="https://man.openbsd.org/httpd">httpd(8)</a>.
408: <li>Allowed specifying -d multiple times in <a href="https://man.openbsd.org/slowcgi">slowcgi(8)</a>.
409: <li>Added <a href="https://man.openbsd.org/unveil">unveil(2)</a> to the main process of <a href="https://man.openbsd.org/relayd">relayd(8)</a>.
410: <li>Added support for non-localhost fastcgi sockets to <a href="https://man.openbsd.org/httpd.conf">httpd.conf(5)</a>.
411: <!-- rpki-client -->
412: <li>Fixed a hang in <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> by properly waiting for exiting <a href="https://man.openbsd.org/openrsync">openrsync(1)</a> processes.
413: <li>Removed the -f (force) option in <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a>.
1.7 ! jsg 414: <li>Fixed <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> return value check for OpenSSL API used during pubkey validation.
1.1 benno 415: <li>Released <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> 6.7p1 including OpenBSD 6.7 Errata 015.
416: <li>Changed <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> -n behavior to automatically validate the repo.
417: <li>Added a "-s timeout" feature to <a href="https://man.openbsd.org/rpki-client">rpki-client(8)</a> with a one hour default, allowing fresh attempts with <a href="https://man.openbsd.org/cron">cron(8)</a> if rpki-client gets stuck.
418: <!-- other userland -->
419: <li>Added an optional "domain name" <a href="https://man.openbsd.org/acme-client.conf">acme-client.conf(5)</a> option allowing use of multiple domain sections with the same name and creation of an rsa and an ecdsa key for the same domain name.
420: <li>Added <a href="https://man.openbsd.org/netstat">netstat(1)</a> -R to show a summary of rdomains with associated interfaces and tables.
421: <li>Defaulted to showing full IPv6 address entries in the routing tables displayed by <a href="https://man.openbsd.org/route">route(8)</a> show and <a href="https://man.openbsd.org/netstat">netstat(1)</a> -r.
422: <li>Fixed <a href="https://man.openbsd.org/dhclient">dhclient(8)</a> domain-search option processing.
423: <li>Corrected <a href="https://man.openbsd.org/route">route(8)</a> handling of ::/0 and "route add -inet 0.0.0.0 -prefixlen 0 (gateway)".
424: <li>Added initial <a href="https://man.openbsd.org/tcpdump">tcpdump(8)</a> support for handling geneve packets.
425: <li>Added <a href="https://man.openbsd.org/top">top(1)</a> "t" to toggle the display of routing tables.
426: <li>Added filtering by routing table to <a href="https://man.openbsd.org/top">top(1)</a>.
427: <li>Moved <a href="https://man.openbsd.org/ntpd">ntpd(8)</a> to unsynced mode if no replies are received for awhile due to connectivity issues.
428: <li>Made <a href="https://man.openbsd.org/slaacd">slaacd(8)</a> handle IPv6 address configuration in all rdomains in a single daemon, instead of running one daemon per rdomain.
429: <li>Added an explanation for <a href="https://man.openbsd.org/acme-client">acme-client(1)</a> account creation failure.
430: </ul>
431:
432: <li><a href="https://man.openbsd.org/ipsec">ipsec(4)</a> (and related userland programs) improvements and
433: bugfixes:
434: <ul>
435: <li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a> policy lookup edge case for simultaneous transport and tunnel mode SAs.
436: <li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
437: <li>Fixed <a href="https://man.openbsd.org/iked">iked(8)</a> public key authentication interoperability with *swan and other IKEv2 implementations by making CERT and CERTREQ payloads optional.
438: <li>Prioritized incoming certificate requests by the order of CERTEQ payloads in the received message in <a href="https://man.openbsd.org/iked">iked(8)</a>.
439: <li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP.
440: <li>Prevented concurrent CREATE_CHILD_SA and INFORMATION exchanges in <a href="https://man.openbsd.org/iked">iked(8)</a>.
441: <li>Added the new <a href="https://man.openbsd.org/iked">iked(8)</a> configuration option "set enforcesingleikesa" to limit the number of connections for each peer.
442: <li>Added a dpd_check_interval configuration option to <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a>.
443: <li>Allowed disabling of <a href="https://man.openbsd.org/iked">iked(8)</a> DPD liveness checks by setting dpd_check_interval to 0 in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a>.
444: <li>Added a 30 second timeout for OCSP requests in <a href="https://man.openbsd.org/iked">iked(8)</a>.
445: <li>Added a new "set cert_partial_chain" config option to <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca.
446: </ul>
447:
448: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
449: <ul>
450: <li>Added -W and -T flags to command-prompt to only complete a window and a target.
451: <li>Added the 'e' key in buffer mode to open the buffer in an editor.
452: <li>Added -e for new-session to set environment variables.
453: <li>Changed refresh-client -F to -f and added -f flags to attach-session and switch-client.
454: <li>Added M-+ and M-- to expand and collapse all items in tree mode.
455: <li>Added a customize mode (C) where keys and options can be browsed and changed.
456: <li>Added a -D flag to run in non-daemonized mode.
457: <li>Added a client flag 'active-pane' which stores the active pane in the client and allows it to be changed independently from the real active pane stored in the window.
458: <li>Added an option to set the pane border lines style as single lines, double or heavy, simple or number (the pane numbers).
459: <li>Added support for pausing a <a href="https://man.openbsd.org/tmux">tmux(1)</a> pane when the output buffered for a control mode client is too far behind, controllable with refresh-client -f and -A.
460: <li>Added a <a href="https://man.openbsd.org/tmux">tmux(1)</a> -A option to pause a pane manually.
461: <li>Added <a href="https://man.openbsd.org/tmux">tmux(1)</a> -b flags to insert a window before (like the existing -a for after) to break-pane, move-window and new-window.
462: <li>Added d and D keys to <a href="https://man.openbsd.org/tmux">tmux(1)</a> customize mode to reset to defaults.
463: <li>Corrected handling of padding cells while searching in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.
464: <li>Added <a href="https://man.openbsd.org/tmux">tmux(1)</a> -d option to display-message to set delay.
465: <li>Changed <a href="https://man.openbsd.org/tmux">tmux(1)</a> searching to behave more like emacs and prevented regex searching from overlapping when searching forward.
466: <li>Added the <a href="https://man.openbsd.org/tmux">tmux(1)</a> n: modifier to get the length of a format.
467: <li>Allowed a-z keys for <a href="https://man.openbsd.org/tmux">tmux(1)</a> display-panes to jump to higher-numbered panes.
468: <li>Allowed use of -N without a command to change or add a note to an existing key in <a href="https://man.openbsd.org/tmux">tmux(1)</a>.
469: </ul>
470:
471: <li>VMM/VMD and ldom/sparc64 virtualization improvements
472: <ul>
473: <li>Made <a href="https://man.openbsd.org/ldomctl">ldomctl(8)</a> "init-system -n" check vcpu and memory constraints.
474: <li>Increased the default number of ldom and ttyV devices for sparc64 from eight to sixteen.
475: <li>Fixed <a href="https://man.openbsd.org/vmd">vmd(8)</a> ns8250 lockup due to a race condition, helping to prevent linux vm crashes when the return key is held on boot.
476: <li>Prevented possible libevent state corruption in <a href="https://man.openbsd.org/vmd">vmd(8)</a>.
477: <li>Fixed a dst/src <a href="https://man.openbsd.org/iked">iked(8)</a> port configuration bug with multiple flows.
478: <li>Handled <a href="https://man.openbsd.org/iked">iked(8)</a> TEMPORARY_FAILURE notification on IKESA rekeying.
479: <li>Corrected ruleset checksum calculation to allow <a href="https://man.openbsd.org/pfsync">pfsync(4)</a> to verify rulesets are identical on all nodes.
480: </ul>
481:
482: <li>OpenSMTPD 6.8.0
483: <ul>
484: <li>Fixed an uninitialized variable and potential stack overflow with IPv6 connections in <a href="https://man.openbsd.org/smtpd">smtpd(8)</a>.
485: <li>Fixed <a href="https://man.openbsd.org/smtpd">smtpd(8)</a> handling of user names containing "@" symbols.
486: <li>Allowed handling of long lines in an <a href="https://man.openbsd.org/smtpd">smtpd(8)</a> aliases table.
487: <li>Removed <a href="https://man.openbsd.org/mail.local">mail.local(8)</a> support for world-writable mail spools.
488: </ul>
489:
490: <li>LibreSSL 3.1.1 XXX <span style="color:red;">Temporary List, replace with LibreSSL ChangeLog:</span>
491: <ul>
492: <li>Enabled the TLSv1.3 server in <a href="https://man.openbsd.org/openssl">openssl(1)</a>.
493: <li>Added -rls1_3 and -no_tls1_3 options to <a href="https://man.openbsd.org/openssl">openssl(1)</a> s_server.
494: <li>Enabled TLSv1.3 support in <a href="https://man.openbsd.org/relayd">relayd(8)</a>.
495: <li>Added a decode error alert when a TLS server provides an empty certificate list.
1.7 ! jsg 496: <li>Added support for TLS 1.3 server to send certificate status messages with OCSP staples.
1.1 benno 497: <li>Began looking for non-expired certificates first when building a chain, making certificate validation possible for various sites that are serving expired AddTrust certificates.
498: <li>Improved TLSv1.3 client certificate selection to allow use of EC certificates.
499: <li>Added <a href="https://man.openbsd.org/ssl">ssl(8)</a> support for additional GOST curves and aliases for 256-bit GOST curves.
500: <li>Enabled TLSv1.3 for the generic TLS_method().
501: <li>Fixed potential use-after-free and double-free issues in <a href="https://man.openbsd.org/PEM_X509_INFO_read_bio">PEM_X509_INFO_read_bio(3)</a>.
502: <li>Corrected <a href="https://man.openbsd.org/ssl">ssl(8)</a> handling of server requests for an OCSP response.
503: <li>Added P-521 to the list of curves supported by default for TLS.
504: <li>Released <a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.4-relnotes.txt">LibreSSL 3.1.4</a>.
505: <li>Released <a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.1-relnotes.txt">LibreSSL 3.2.1</a>.
506: <li>Fixed a memory leak in x509_constraints_extract_names.
507: </ul>
508: <ul>
509: <li>New Features
510: <ul>
511: <li>...
512: </ul>
513:
514: <li>API and Documentation Enhancements
515: <ul>
516: <li>...
517: </ul>
518:
519: <li>Compatibility Changes
520: <ul>
521: <li>...
522: </ul>
523:
524: <li>Testing and Proactive Security
525: <ul>
526: <li>...
527: </ul>
528:
529: <li>Internal Improvements
530: <ul>
531: <li>...
532: </ul>
533:
534: <li>Portable Improvements
535: <ul>
536: <li>...
537: </ul>
538:
539: <li>Bug Fixes
540: <ul>
541: <li>...
542: </ul>
543: </ul>
544:
545: <li>OpenSSH 8.3 XXX
546: <ul><span style="color:red;">Temporary List, replace with SSH ChangeLog:</span>
547: <li>Preserved group/world read permission on known_hosts files across runs of <a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> "-Rf /path".
548: <li>Restricted <a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a> from signing web challenges for FIDO keys, preventing ssh-agent forwarding on a host that has FIDO keys attached from granting the ability for the remote side to also sign challenges for web authentication using those keys.
549: <li>Added to <a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a> a selection of keywords allowed to expand shell-style ${ENV} environment variables on the client side.
550: <li>Added <a href="https://man.openbsd.org/ssh">ssh(1)</a> support for <a href="https://man.openbsd.org/fido">fido(4)</a> WebAuthn (verification only).
551: <li>Allowed <a href="https://man.openbsd.org/sshd_config">sshd_config(5)</a> longer than 256k.
552: <li>Allowed <a href="https://man.openbsd.org/ssh-add">ssh-add(1)</a> "-d -" to read keys to be deleted from stdin.
553: <li>Prevented <a href="https://man.openbsd.org/ssh">ssh(1)</a> port forwarding clients from keeping a connection alive when it should be terminated.
554: <li>Allowed additional control over the use of <a href="https://man.openbsd.org/ssh-askpass">ssh-askpass(1)</a> in <a href="https://man.openbsd.org/ssh-add">ssh-add(1)</a>, including force-enable/disable.
555: <li>Added %-TOKEN, environment variable and tilde expansion to UserKnownHostsFile in <a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a>.
556: <li>Added a "%k" TOKEN to <a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a> that expands to the effective HostKey of the destination.
557: <li>Allowed <a href="https://man.openbsd.org/scp">scp(1)</a> and <a href="https://man.openbsd.org/sftp">sftp(1)</a> -A option to explicitly enable agent forwarding.
558: <li>Added optional time limits for the AddKeysToAgent keyword in <a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a>.
559: <li>Added support for requiring user-verified FIDO keys in <a href="https://man.openbsd.org/sshd">sshd(8)</a>.
560: <li>Capped <a href="https://man.openbsd.org/ssh">ssh(1)</a> channel input buffer size at 16MB, avoiding high memory use when a peer advertises a large window but is slow to consume sent data.
561: </ul>
562: <ul>
563: <li>Potentially incompatible changes.
564: <ul>
565: <li> </ul>
566: <li>New Features
567: <ul>
568: <li>...
569: </ul>
570: <li>Bugfixes
571: <ul>
572: <li>...
573: </ul>
574: </ul>
575:
576: <li>Mandoc 1.14.6 XXX
577: <ul>
578: <li>Supported -T html -O tag for <a href="https://man.openbsd.org/mandoc">mandoc(1)</a> by passing a file:// URI to the pager..
579: </ul>
580:
581: <li>Ports and packages:
582: <p>The package system provides an easy way to install 3rd party software. New features include:
583: <ul>
584: <li>...
585: </ul>
586:
587: <p>Many pre-built packages for each architecture:
588: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
589: <ul style="column-count: 3">
590: <li>aarch64: XXX
591: <li>amd64: XXX
592: <li>arm: XXX
593: <li>i386: XXX
594: <li>mips64: XXX
595: <li>mips64el: XXX
596: <li>powerpc: XXX
597: <li>sparc64: XXX
598: </ul>
599:
600: <li>As usual, steady improvements in manual pages and other documentation.
601:
602: <li>The system includes the following major components from outside suppliers: XXX
603: <ul><span style="color:red;">this list needs checking</span>
604: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches,
1.4 jsg 605: freetype 2.10.2, fontconfig 2.12.4, Mesa 20.0.8, xterm 351,
1.1 benno 606: xkeyboard-config 2.20 and more)
607: <li>LLVM/Clang 10.0.1 (+ patches)
608: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
609: <li>Perl 5.30.3 (+ patches)
610: <li>NSD 4.3.2
611: <li>Unbound 1.11.0
612: <li>Ncurses 5.7
613: <li>Binutils 2.17 (+ patches)
614: <li>Gdb 6.3 (+ patches)
615: <li>Awk August 7, 2020 version
616: <li>Expat 2.2.8
617: </ul>
618:
619: <ul><span style="color:red;">XXX. We did not list these before, i got them from plus.html. Do we want them here? libfido2 version looks funny.</span>
620: <li>Updated libpcap to 9.0.
621: <li>Updated Spleen kernel fonts to version 1.8.2.
622: <li>Updated libcbor to v0.7.0.
623: <li>Updated <a href="https://man.openbsd.org/xkbcomp">xkbcomp(1)</a> to 1.4.3.
624: <li>Updated to libfido2 46710ac06.
625: </ul>
626:
627:
628: </ul>
629: </section>
630:
631: <hr>
632:
633: <section id=install>
634: <h3>How to install</h3>
635: <p>
636: Please refer to the following files on the mirror site for
637: extensive details on how to install OpenBSD 6.8 on your machine:
638:
639: <ul>
640: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/alpha/INSTALL.alpha">
641: .../OpenBSD/6.8/alpha/INSTALL.alpha</a>
642: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/amd64/INSTALL.amd64">
643: .../OpenBSD/6.8/amd64/INSTALL.amd64</a>
644: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/arm64/INSTALL.arm64">
645: .../OpenBSD/6.8/arm64/INSTALL.arm64</a>
646: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/armv7/INSTALL.armv7">
647: .../OpenBSD/6.8/armv7/INSTALL.armv7</a>
648: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/hppa/INSTALL.hppa">
649: .../OpenBSD/6.8/hppa/INSTALL.hppa</a>
650: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/i386/INSTALL.i386">
651: .../OpenBSD/6.8/i386/INSTALL.i386</a>
652: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/landisk/INSTALL.landisk">
653: .../OpenBSD/6.8/landisk/INSTALL.landisk</a>
654: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/loongson/INSTALL.loongson">
655: .../OpenBSD/6.8/loongson/INSTALL.loongson</a>
656: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/luna88k/INSTALL.luna88k">
657: .../OpenBSD/6.8/luna88k/INSTALL.luna88k</a>
658: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/macppc/INSTALL.macppc">
659: .../OpenBSD/6.8/macppc/INSTALL.macppc</a>
660: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/octeon/INSTALL.octeon">
661: .../OpenBSD/6.8/octeon/INSTALL.octeon</a>
662: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/powerpc64/INSTALL.powerpc64">
663: .../OpenBSD/6.8/octeon/INSTALL.powerpc64</a>
664: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/sgi/INSTALL.sgi">
665: .../OpenBSD/6.8/sgi/INSTALL.sgi</a>
666: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.8/sparc64/INSTALL.sparc64">
667: .../OpenBSD/6.8/sparc64/INSTALL.sparc64</a>
668: </ul>
669: </section>
670:
671: <hr>
672:
673: <section id=quickinstall>
674: <p>
675: Quick installer information for people familiar with OpenBSD, and the use of
676: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
677: If you are at all confused when installing OpenBSD, read the relevant
678: INSTALL.* file as listed above!
679:
680: <h3>OpenBSD/alpha:</h3>
681:
682: <p>
683: If your machine can boot from CD, you can write <i>install68.iso</i> or
684: <i>cd68.iso</i> to a CD and boot from it.
685: Refer to INSTALL.alpha for more details.
686:
687: <h3>OpenBSD/amd64:</h3>
688:
689: <p>
690: If your machine can boot from CD, you can write <i>install68.iso</i> or
691: <i>cd68.iso</i> to a CD and boot from it.
692: You may need to adjust your BIOS options first.
693:
694: <p>
695: If your machine can boot from USB, you can write <i>install68.fs</i> or
696: <i>miniroot68.fs</i> to a USB stick and boot from it.
697:
698: <p>
699: If you can't boot from a CD, floppy disk, or USB,
700: you can install across the network using PXE as described in the included
701: INSTALL.amd64 document.
702:
703: <p>
704: If you are planning to dual boot OpenBSD with another OS, you will need to
705: read INSTALL.amd64.
706:
707: <h3>OpenBSD/arm64:</h3>
708:
709: <p>
710: Write <i>miniroot68.fs</i> to a disk and boot from it after connecting
711: to the serial console. Refer to INSTALL.arm64 for more details.
712:
713: <h3>OpenBSD/armv7:</h3>
714:
715: <p>
716: Write a system specific miniroot to an SD card and boot from it after connecting
717: to the serial console. Refer to INSTALL.armv7 for more details.
718:
719: <h3>OpenBSD/hppa:</h3>
720:
721: <p>
722: Boot over the network by following the instructions in INSTALL.hppa or the
723: <a href="hppa.html#install">hppa platform page</a>.
724:
725: <h3>OpenBSD/i386:</h3>
726:
727: <p>
728: If your machine can boot from CD, you can write <i>install68.iso</i> or
729: <i>cd68.iso</i> to a CD and boot from it.
730: You may need to adjust your BIOS options first.
731:
732: <p>
733: If your machine can boot from USB, you can write <i>install68.fs</i> or
734: <i>miniroot68.fs</i> to a USB stick and boot from it.
735:
736: <p>
737: If you can't boot from a CD, floppy disk, or USB,
738: you can install across the network using PXE as described in
739: the included INSTALL.i386 document.
740:
741: <p>
742: If you are planning on dual booting OpenBSD with another OS, you will need to
743: read INSTALL.i386.
744:
745: <h3>OpenBSD/landisk:</h3>
746:
747: <p>
748: Write <i>miniroot68.fs</i> to the start of the CF
749: or disk, and boot normally.
750:
751: <h3>OpenBSD/loongson:</h3>
752:
753: <p>
754: Write <i>miniroot68.fs</i> to a USB stick and boot bsd.rd from it
755: or boot bsd.rd via tftp.
756: Refer to the instructions in INSTALL.loongson for more details.
757:
758: <h3>OpenBSD/luna88k:</h3>
759:
760: <p>
761: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
762: from the PROM, and then bsd.rd from the bootloader.
763: Refer to the instructions in INSTALL.luna88k for more details.
764:
765: <h3>OpenBSD/macppc:</h3>
766:
767: <p>
768: Burn the image from a mirror site to a CDROM, and power on your machine
769: while holding down the <i>C</i> key until the display turns on and
770: shows <i>OpenBSD/macppc boot</i>.
771:
772: <p>
773: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
774: /6.8/macppc/bsd.rd</i>
775:
776: <h3>OpenBSD/octeon:</h3>
777:
778: <p>
779: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
780: Refer to the instructions in INSTALL.octeon for more details.
781:
782: <h3>OpenBSD/powerpc64:</h3>
783:
784: <p>
785: After XXX
786: Refer to the instructions in INSTALL.powerpc64 for more details.
787:
788: <h3>OpenBSD/sgi:</h3>
789:
790: <p>
791: To install, burn cd68.iso on a CD-R, put it in the CD drive of your
792: machine and select <i>Install System Software</i> from the System Maintenance
793: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
794: CD-ROM, and need a proper invocation from the PROM prompt.
795: Refer to the instructions in INSTALL.sgi for more details.
796:
797: <p>
798: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
799: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
800: system type. Refer to the instructions in INSTALL.sgi for more details.
801:
802: <h3>OpenBSD/sparc64:</h3>
803:
804: <p>
805: Burn the image from a mirror site to a CDROM, boot from it, and type
806: <i>boot cdrom</i>.
807:
808: <p>
809: If this doesn't work, or if you don't have a CDROM drive, you can write
810: <i>floppy68.fs</i> or <i>floppyB68.fs</i>
811: (depending on your machine) to a floppy and boot it with <i>boot
812: floppy</i>. Refer to INSTALL.sparc64 for details.
813:
814: <p>
815: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
816: will most likely fail.
817:
818: <p>
819: You can also write <i>miniroot68.fs</i> to the swap partition on
820: the disk and boot with <i>boot disk:b</i>.
821:
822: <p>
823: If nothing works, you can boot over the network as described in INSTALL.sparc64.
824: </section>
825:
826: <hr>
827:
828: <section id=upgrade>
829: <h3>How to upgrade</h3>
830: <p>
1.2 benno 831: If you already have an OpenBSD 6.7 system, and do not want to reinstall,
1.1 benno 832: upgrade instructions and advice can be found in the
833: <a href="faq/upgrade68.html">Upgrade Guide</a>.
834: </section>
835:
836: <hr>
837:
838: <section id=sourcecode>
839: <h3>Notes about the source code</h3>
840: <p>
841: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
842: This file contains everything you need except for the kernel sources,
843: which are in a separate archive.
844: To extract:
845: <blockquote><pre>
846: # <kbd>mkdir -p /usr/src</kbd>
847: # <kbd>cd /usr/src</kbd>
848: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
849: </pre></blockquote>
850: <p>
851: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
852: This file contains all the kernel sources you need to rebuild kernels.
853: To extract:
854: <blockquote><pre>
855: # <kbd>mkdir -p /usr/src/sys</kbd>
856: # <kbd>cd /usr/src</kbd>
857: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
858: </pre></blockquote>
859: <p>
860: Both of these trees are a regular CVS checkout. Using these trees it
861: is possible to get a head-start on using the anoncvs servers as
862: described <a href="anoncvs.html">here</a>.
863: Using these files
864: results in a much faster initial CVS update than you could expect from
865: a fresh checkout of the full OpenBSD source tree.
866: </section>
867:
868: <hr>
869:
870: <section id=ports>
871: <h3>Ports Tree</h3>
872: <p>
873: A ports tree archive is also provided. To extract:
874: <blockquote><pre>
875: # <kbd>cd /usr</kbd>
876: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
877: </pre></blockquote>
878: <p>
879: Go read the <a href="faq/ports/index.html">ports</a> page
880: if you know nothing about ports
881: at this point. This text is not a manual of how to use ports.
882: Rather, it is a set of notes meant to kickstart the user on the
883: OpenBSD ports system.
884: <p>
885: The <i>ports/</i> directory represents a CVS checkout of our ports.
886: As with our complete source tree, our ports tree is available via
887: <a href="anoncvs.html">AnonCVS</a>.
888: So, in order to keep up to date with the -stable branch, you must make
889: the <i>ports/</i> tree available on a read-write medium and update the tree
890: with a command like:
891: <blockquote><pre>
892: # <kbd>cd /usr/ports</kbd>
893: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_8</kbd>
894: </pre></blockquote>
895: <p>
896: [Of course, you must replace the server name here with a nearby anoncvs
897: server.]
898: <p>
899: Note that most ports are available as packages on our mirrors. Updated
900: ports for the 6.8 release will be made available if problems arise.
901: <p>
902: If you're interested in seeing a port added, would like to help out, or just
903: would like to know more, the mailing list
904: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
905: </section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 68.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www