| version 1.14, 2021/04/10 17:16:19 |
version 1.15, 2021/04/10 23:23:33 |
|
|
| |
|
| <li>New/extended platforms: |
<li>New/extended platforms: |
| <ul> |
<ul> |
| |
<li>Support for the <a href="powerpc64.html">powerpc64</a> platform was improved: |
| |
<ul> |
| <li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a |
<li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a |
| driver for the framebuffer of the Aspeed BMC found on many POWER8 and |
driver for the framebuffer of the Aspeed BMC found on many POWER8 and |
| POWER9 systems. |
POWER9 systems. |
|
|
| <li>Enabled floating-point exceptions on powerpc64. |
<li>Enabled floating-point exceptions on powerpc64. |
| <li>Added support for <a |
<li>Added support for <a |
| href="https://man.openbsd.org/ipmi.4">ipmi(4)</a> on PowerNV systems. |
href="https://man.openbsd.org/ipmi.4">ipmi(4)</a> on PowerNV systems. |
| |
</ul> |
| <!-- ARM64 on Apple M1 --> |
<li>Support was added for devices using the Apple M1 SoC: |
| |
<ul> |
| <li>Recognized Apple Icestorm cores on arm64. |
<li>Recognized Apple Icestorm cores on arm64. |
| <li>Added basic support for BCM4379, found on the Apple M1 SoCs, to |
<li>Added basic support for BCM4379, found on the Apple M1 SoCs, to |
| <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>. |
<a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>. |
|
|
| a driver for the IOMMU on Apple M1 SoCs. |
a driver for the IOMMU on Apple M1 SoCs. |
| <li>Added <a href="https://man.openbsd.org/smmu.4">smmu(4)</a>, a |
<li>Added <a href="https://man.openbsd.org/smmu.4">smmu(4)</a>, a |
| driver for the ARM System MMU. |
driver for the ARM System MMU. |
| |
<li>Added an initial attempt to support 8-bit ASIDs such as those on |
| |
Apple's M1 SoC. |
| |
<li>Recognized Apple Firestorm cores on arm64. |
| <!-- loongson --> |
<li>Added SMP support to <a |
| <li>Made loongson kernels recognize Lynloong LM9002/9003 and LM9013. |
href="https://man.openbsd.org/aplintc.4">aplintc(4)</a>, the interrupt |
| <li>Use native display resolution 1368x768 for Lynloong all-in-one computers. |
controller driver on Apple M1 SoCs. |
| |
</ul> |
| <li>Disabled base-gcc on loongson and octeon. |
<li>The arm64 platform support was improved with the following changes: |
| |
<ul> |
| |
<li>Optimized arm64 <a |
| |
href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a |
| |
href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a |
| |
href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte |
| |
copies if possible. |
| |
<li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs. |
| |
<li>Added clock support for i.MX8MP. |
| |
<li>Added support for the VF610 I2C controller to <a |
| |
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
| |
<li>Fixed a panic seen with mbuf chains on arm64. |
| |
<li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a |
| |
driver for the Synopsys DesignWare GPIO controller. |
| |
<li>Added "amlogic,meson-g12a-dwmac" to <a |
| |
href="https://man.openbsd.org/dwge.4">dwge(4)</a>. |
| |
<li>Added <a |
| |
href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support |
| |
for the "Always On" GPIOs. |
| |
<li>Added PCIe clocks to <a |
| |
href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>. |
| |
<li>Made large read and write transactions work in <a |
| |
href="https://man.openbsd.org/amliic.4">amliic(4)</a>. |
| |
<li>Added PCIe support to <a |
| |
href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>. |
| |
<li>Added support to <a |
| |
href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> for the PCIe |
| |
controller found on Amlogic G12A/G12B/SM1 SoCs. |
| |
<li>Implemented intx support in <a |
| |
href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a>. |
| |
<li>Added <a href="https://man.openbsd.org/cryptox.4">cryptox(4)</a>, |
| |
a driver for armv8 cryptographic extensions. |
| |
<li>Added support for PCIe on the NanoPi R4S to <a |
| |
href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>. |
| |
<li>Introduced an IOVA allocator, improving the way <a |
| |
href="https://man.openbsd.org/smmu.4">smmu(4)</a> maps pages. |
| |
<li>Added support for rk809 to <a |
| |
href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>, as seen on the |
| |
Rock Pi N10 with the rk3399pro. |
| |
<li>Added support for <a |
| |
href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> on the Raspberry Pi |
| |
in ACPI mode. |
| |
<li>Enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a> on arm64. |
| |
<li>Updated device-tree bindings for <a |
| |
href="https://man.openbsd.org/cwfg.4">cwfg(4)</a> battery capacity |
| |
driver to correct attaching and account for monitoring interval |
| |
change, making cwfg(4) export values under hw.sensors as expected when |
| |
using a Pinebook Pro. |
| |
<li>Added ARMv8-5 instruction set related CPU features to arm64. |
| |
</ul> |
| </ul> |
</ul> |
| |
|
| <li>Improvements to time measurements, mostly in the kernel: |
|
| <ul> |
|
| <li>Changed the <a href="https://man.openbsd.org/pool.9">pool(9)</a> timeouts to use the system uptime instead of ticks. |
|
| |
|
| <li>Ensured <a href="https://man.openbsd.org/sleep.3">sleep(3)</a> |
|
| calls <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a> |
|
| if seconds is zero, now delegating all decisions about whether or not |
|
| to yield the CPU. |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various kernel improvements: |
<li>Various kernel improvements: |
| <ul> |
<ul> |
| <li>Added basic support for kclock timeouts to <a |
<li>Added the RAID1C (encrypted raid1) <a |
| href="https://man.openbsd.org/timeout.9">timeout(9)</a>. |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> discipline, |
| <li>Added a top-level 'reboot' command to <a |
encrypting data like the CRYPTO discipline and accepting multiple |
| href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
chunks during creation and assembly like the RAID1 discipline. |
| <li>Fixed the "entry point at 0x10010000" hang reported on amd64 |
<li>Corrected raidlevel verification specified by the -c option in <a |
| machines by using a 64MB block to load the kernel. |
href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>. |
| <li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a> |
|
| check for uninitialized (or zeroed) lock usage. |
|
| <li>Added fd close notification for kqueue-based <a |
|
| href="https://man.openbsd.org/poll.2">poll(2)</a> and <a |
|
| href="https://man.openbsd.org/select.2">select(2)</a>. |
|
| <li>Added a global "nowake" channel for threads avoiding <a |
|
| href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a |
|
| href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>. |
|
| <li>Corrected accounting of zero length Transfer Descriptors in <a |
|
| href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running |
|
| out of free Transfer Ring Blocks. |
|
| <li>Used per-CPU counter for fault and stats counters reached in uvm_fault(). |
|
| <li>Introduced kern.video.record for <a |
<li>Introduced kern.video.record for <a |
| href="https://man.openbsd.org/video.4">video(4)</a> devices, an analog |
href="https://man.openbsd.org/video.4">video(4)</a> devices, a privacy feature analog |
| to the kern.audio.record <a |
to the kern.audio.record <a |
| href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a |
href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a |
| href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By |
href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By |
|
|
| <li>Enabled multiple opens of a <a |
<li>Enabled multiple opens of a <a |
| href="https://man.openbsd.org/video.4">video(4)</a> device as |
href="https://man.openbsd.org/video.4">video(4)</a> device as |
| described in the V4L2 specification. |
described in the V4L2 specification. |
| |
|
| |
<li>Added basic support for kclock timeouts to <a |
| |
href="https://man.openbsd.org/timeout.9">timeout(9)</a>. |
| |
<li>Changed the <a href="https://man.openbsd.org/pool.9">pool(9)</a> |
| |
timeouts to use the system uptime instead of ticks. |
| |
<li>Ensured <a href="https://man.openbsd.org/sleep.3">sleep(3)</a> |
| |
calls <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a> |
| |
if seconds is zero, now delegating all decisions about whether or not |
| |
to yield the CPU. |
| |
<li>Added a top-level 'reboot' command to <a |
| |
href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
| |
<li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a> |
| |
check for uninitialized (or zeroed) lock usage. |
| |
<li>Added fd close notification for kqueue-based <a |
| |
href="https://man.openbsd.org/poll.2">poll(2)</a> and <a |
| |
href="https://man.openbsd.org/select.2">select(2)</a>. |
| |
<li>Added a global "nowake" channel for threads avoiding <a |
| |
href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a |
| |
href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>. |
| |
|
| <li>Added trace points for <a |
<li>Added trace points for <a |
| href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a |
href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a |
| href="https://man.openbsd.org/free.9">free(9)</a>, making them |
href="https://man.openbsd.org/free.9">free(9)</a>, making them |
| traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a |
traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a |
| href="https://man.openbsd.org/btrace.8">btrace(8)</a>. |
href="https://man.openbsd.org/btrace.8">btrace(8)</a>. |
| |
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> -n |
| |
(no action) mode, which parses the program and then exits. |
| <li>Fixed a boot-time crash on sparc64 due to mutex use during the |
<li>Fixed a boot-time crash on sparc64 due to mutex use during the |
| message buffer initialization. |
message buffer initialization. |
| <li>Prevented a panic in some acpi firmware that provided invalid |
<li>Prevented a panic in some ACPI firmware that provided invalid |
| memory regions in their reserved memory region reporting table. |
memory regions in their reserved memory region reporting table. |
| <li>Disabled <a href="https://man.openbsd.org/com.4">com(4)</a> on |
|
| sparc64 for m3000s. Console i/o should fall back to ofw routines. |
|
| |
|
| <li>In softraid(4), added the RAID1C (raid1 + crypto) <a |
|
| href="https://man.openbsd.org/softraid.4">softraid(4)</a> discipline, |
|
| encrypting data like the CRYPTO discipline and accepting multiple |
|
| chunks during creation and assembly like the RAID1 discipline. |
|
| <li>Corrected raidlevel verification specified by the -c option in <a |
|
| href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>. |
|
| |
|
| <li>Added a barrier between reading the cqe flags and the command ID |
<li>Added a barrier between reading the cqe flags and the command ID |
| to prevent completion of the wrong scsi io for <a |
to prevent completion of the wrong scsi io for <a |
|
|
| <li>Added <a |
<li>Added <a |
| href="https://man.openbsd.org/acpiiort.4">acpiiort(4)</a>, a driver |
href="https://man.openbsd.org/acpiiort.4">acpiiort(4)</a>, a driver |
| for the ACPI I/O Remapping Table. |
for the ACPI I/O Remapping Table. |
| |
<li>Updated clock interrupt count atomically on mips64. |
| |
<li>Prevented an amd64 kernel crash with protection fault due to an |
| |
invalid offset when reading /dev/kmem. |
| |
<li>Permitted access to kern.somaxconn sysctl information when the |
| |
unix <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> is used, |
| |
allowing Go programs to use "unix" without also including "inet". |
| |
<li>Excluded the first page and added a guard page between I/O |
| |
virtual address space allocations on arm64. |
| |
|
| |
|
| <!-- SMP --> |
<!-- SMP --> |
|
|
| <li>Unlocked <a href="https://man.openbsd.org/getppid.2">getppid(2)</a>. |
<li>Unlocked <a href="https://man.openbsd.org/getppid.2">getppid(2)</a>. |
| <li>Introduced locking for amaps and anons, improving build performance. |
<li>Introduced locking for amaps and anons, improving build performance. |
| <li>Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> as solock()'s backend to protect the whole layer. |
<li>Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> as solock()'s backend to protect the whole layer. |
| |
<li>Unlocked <a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>. |
| |
<li>Used per-CPU counter for fault and stats counters reached in uvm_fault(). |
| |
|
| |
|
| <!-- DRM --> |
<!-- DRM --> |
|
|
| <li>Created /dev/ drm nodes with the same names as linux to simplify libdrm and negate the need for certain ports patches. |
<li>Created /dev/ drm nodes with the same names as linux to simplify libdrm and negate the need for certain ports patches. |
| |
|
| |
|
| <!-- VMM --> |
<!-- VMM/VMD --> |
| |
|
| <li>Prevented memory corruption or improper page access in <a |
<li>Prevented memory corruption or improper page access in <a |
| href="https://man.openbsd.org/vmm.4">vmm(4)</a> due to improper TLB |
href="https://man.openbsd.org/vmm.4">vmm(4)</a> due to improper TLB |
| flushing for now by wiring the pages used by virtual machines. |
flushing for now by wiring the pages used by virtual machines. |
| |
<li>Removed the ability of <a |
| |
href="https://man.openbsd.org/vmd.8">vmd(8)</a> to boot from kernels |
| |
in raw/qcow2 images. |
| |
<li>Made <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> |
| |
properly indicate VMs are stopped instead of "running" with "vmctl |
| |
status". |
| |
<li>Cleaned up events on <a |
| |
href="https://man.openbsd.org/vmd.8">vmd(8)</a> pause or resume and |
| |
fixed an issue leading to broken serial console by cleanly tearing |
| |
down and restoring emulated device state on vm send/receive. |
| |
<li>Propagated host-side <a |
| |
href="https://man.openbsd.org/tap.4">tap(4)</a> lladdr to guest vm |
| |
process to allow unicast dhcp and bootp renewals with <a |
| |
href="https://man.openbsd.org/vmd.8">vmd(8)</a>'s built-in dhcp |
| |
server. |
| |
|
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various new userland features: |
<li>Various new userland features: |
|
|
| capabilities in <a |
capabilities in <a |
| href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> by treating any |
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> by treating any |
| device as full-duplex. |
device as full-duplex. |
| |
<li>Fixed visibility of <a |
| |
href="https://man.openbsd.org/sndioctl.1">sndioctl(1)</a> output when |
| |
used through a pipe. |
| |
|
| <li>Enabled build and install of <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>. |
<li>Enabled build and install of <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>. |
| <li>Added <a href="https://man.openbsd.org/logger.1">logger(1)</a> |
<li>Added <a href="https://man.openbsd.org/logger.1">logger(1)</a> |
| support to <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>, <a |
support to <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>, <a |
|
|
| href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for daemons logging |
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for daemons logging |
| to stdout/stderr. |
to stdout/stderr. |
| |
|
| |
<li>Added a configurable button mapping for tap gestures on touchpads |
| |
to <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>. |
| |
<li>Made <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> |
| |
touchpad tap detection less restrictive for multi-finger taps and |
| |
improved tap detection. |
| |
<li>Enable <a |
| |
href="https://man.openbsd.org/man4/arm64/apm.4">apm(4)</a> on arm64 to |
| |
display meaningful information about battery use and capacity. |
| |
|
| <!-- XXX own heading and introductory text ? --> |
|
| <li>Introduced <a |
|
| href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>, a dhcp |
|
| daemon to acquire IPv4 address leases from servers. |
|
| <li>Added <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, |
|
| a daemon to rewrite <a |
|
| href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>. |
|
| |
|
| |
|
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
| <li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a> |
<li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a> |
| -n flag, correctly enumerate files with more than INT_MAX lines. |
-n flag, correctly enumerate files with more than INT_MAX lines. |
| <li>Fixed a memory leak in ld.so's malloc. |
<li>Fixed a memory leak in ld.so's malloc. |
| |
|
| <li>Added a "xenodm" login class for <a |
<li>Added a "xenodm" login class for <a |
| href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> and increased |
href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> and increased |
| openfiles to 512 to avoid running out of file descriptors with a busy |
openfiles to 512 to avoid running out of file descriptors with a busy |
| desktop. |
desktop. |
| |
<li>Stopped <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> |
| |
from adding authorizations for TCP connections by default and added |
| |
"listenTCP" to explicitly add authorizations for existing IP addresses |
| |
on startup. |
| |
<li>Skip <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> |
| |
from adding the IPv6 link local addresses for TCP listener |
| |
authorizations, matching what is done by <a |
| |
href="https://man.openbsd.org/startx.1">startx(1)</a>. |
| |
|
| <li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>. |
<li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>. |
| <li>Improve pledge in <a |
<li>Improve pledge in <a |
| href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added |
href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added |
|
|
| <li>Allow specification of a path to the <a |
<li>Allow specification of a path to the <a |
| href="https://man.openbsd.org/mg.1">mg(1)</a> startup file on the |
href="https://man.openbsd.org/mg.1">mg(1)</a> startup file on the |
| command line. |
command line. |
| |
<li>Added the ability to define single value variables in the <a |
| |
href="https://man.openbsd.org/mg.1">mg(1)</a> startup file and use |
| |
them with find-file. |
| |
<li>Added a "batch" mode to <a |
| |
href="https://man.openbsd.org/mg.1">mg(1)</a> via the "-b" command |
| |
line option which will initialize a pty, run the specified file of mg |
| |
commands and then exit. |
| |
<li>Added <a href="https://man.openbsd.org/mg.1">mg(1)</a> quoted |
| |
strings capability in list values and limitation to characters allowed |
| |
in symbol names. |
| |
<li>Inverted the <a href="https://man.openbsd.org/mg.1">mg(1)</a> "R" |
| |
indicator to mean that a "*" next to a file's name indicates that it |
| |
is read-only. Made the active buffer indicator more visible by |
| |
changing it to ">". |
| |
|
| |
|
| |
|
| |
<li>Fixed <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> |
| |
redrawing of a multiline PS1 prompt in vi mode and added support for |
| |
^R (redraw) in insert mode. |
| |
<li>Used <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to |
| |
restrict filesystem access in <a |
| |
href="https://man.openbsd.org/apmd.8">apmd(8)</a>. |
| |
<li>Removed the 30s minimum delay for <a |
| |
href="https://man.openbsd.org/xlock.1">xlock(1)</a> timeouts. |
| |
<li>Stopped deleting the control socket on exit in <a |
| |
href="https://man.openbsd.org/apmd.8">apmd(8)</a> exit, as deleting |
| |
the socket in process after calling <a |
| |
href="https://man.openbsd.org/unveil.2">unveil(2)</a> would cause a |
| |
unveil restriction violation, |
| |
|
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
| <ul> |
<ul> |
| |
<li>Corrected accounting of zero length Transfer Descriptors in <a |
| |
href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running |
| |
out of free Transfer Ring Blocks. |
| <li>Moved mfokclock(4) from loongson to make it available for other |
<li>Moved mfokclock(4) from loongson to make it available for other |
| platforms and renamed it to <a |
platforms and renamed it to <a |
| href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>. |
href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>. |
|
|
| <li>Introduced <a |
<li>Introduced <a |
| href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>, a driver for |
href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>, a driver for |
| Logitech HID++ devices. |
Logitech HID++ devices. |
| |
<li>Separated reading of general and touchpad-specific <a |
| |
href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> settings and |
| |
corrected identification of device type when reading touchpad |
| |
parameters fails. |
| |
|
| |
<li>Added support for 30-bit color modes to <a |
| |
href="https://man.openbsd.org/simplefb.4">simplefb(4)</a>. |
| |
<li>Added <a href="https://man.openbsd.org/wsfb.4">wsfb(4)</a> |
| |
support for 30-bit color. |
| |
|
| |
<li>Made loongson kernels recognize Lynloong LM9002/9003 and LM9013 models. |
| <!-- ARM64 --> |
<li>Use native display resolution 1368x768 for Lynloong all-in-one computers. |
| <li>Optimized arm64 <a |
|
| href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a |
|
| href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a |
|
| href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte |
|
| copies if possible. |
|
| <li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs. |
|
| <li>Added clock support for i.MX8MP. |
|
| <li>Added support for the VF610 I2C controller to <a |
|
| href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
|
| <li>Fixed a panic seen with mbuf chains on arm64. |
|
| <li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a |
|
| driver for the Synopsys DesignWare GPIO controller. |
|
| <li>Added "amlogic,meson-g12a-dwmac" to <a |
|
| href="https://man.openbsd.org/dwge.4">dwge(4)</a>. |
|
| <li>Added <a |
|
| href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support |
|
| for the "Always On" GPIOs. |
|
| <li>Added PCIe clocks to <a |
|
| href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>. |
|
| <li>Made large read and write transactions work in <a |
|
| href="https://man.openbsd.org/amliic.4">amliic(4)</a>. |
|
| <li>Added PCIe support to <a |
|
| href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>. |
|
| <li>Added support to <a |
|
| href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> for the PCIe |
|
| controller found on Amlogic G12A/G12B/SM1 SoCs. |
|
| <li>Implemented intx support in <a |
|
| href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a>. |
|
| <li>Added <a href="https://man.openbsd.org/cryptox.4">cryptox(4)</a>, |
|
| a driver for armv8 cryptographic extensions. |
|
| <li>Added support for PCIe on the NanoPi R4S to <a |
|
| href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>. |
|
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>New or improved network hardware support: |
<li>New or improved network hardware support: |
|
|
| href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>. |
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>. |
| <li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a |
<li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a |
| driver for Marvel "SOHO" switches. |
driver for Marvel "SOHO" switches. |
| |
|
| <li>Enabled auto-negotiation on the SerDes links, allowing |
<li>Enabled auto-negotiation on the SerDes links, allowing |
| in-band-status to work between <a |
in-band-status to work between <a |
| href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a |
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a |
|
|
| <li>Raised the maximum number of queues/interrupts from 1 to 16 on <a |
<li>Raised the maximum number of queues/interrupts from 1 to 16 on <a |
| href="https://man.openbsd.org/mcx.4">mcx(4)</a> devices. |
href="https://man.openbsd.org/mcx.4">mcx(4)</a> devices. |
| <li>Added support for the Netgear ProSecure UTM25 to octeon. |
<li>Added support for the Netgear ProSecure UTM25 to octeon. |
| |
<li>Added vid/pid table to <a |
| |
href="https://man.openbsd.org/umb.4">umb(4)</a> allowing matching to |
| |
alternate configurations. |
| </ul> |
</ul> |
| |
|
| <li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
| <li>Enabled <a href="https://man.openbsd.org/athn.4">athn(4)</a> for arm64. |
<li>Enabled <a href="https://man.openbsd.org/athn.4">athn(4)</a> for arm64. |
| <li>Added support for version 7 of the <a |
<li>Added support for version 7 of the <a |
| href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> PCIe interface. |
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> PCIe interface. |
| |
<li>Implemented RA (new 11nm Tx rate adaptation) in <a |
| |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a |
| |
href="https://man.openbsd.org/iwn.4">iwn(4)</a>. |
| |
<li>Prevented a WPA failure in <a |
| |
href="https://man.openbsd.org/ipw.4">ipw(4)</a> due to a state |
| |
mismatch between firmware and net80211 during the association |
| |
sequence. |
| |
<li>Ensured WEP and plaintext interface link state update by <a |
| |
href="https://man.openbsd.org/ipw.4">ipw(4)</a>. |
| |
<li>Made <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attach to |
| |
AX201 devices with PCI ID 0x34f0. Needs <a |
| |
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a>. |
| |
<li>Fixed a problem where <a |
| |
href="https://man.openbsd.org/iwn.4">iwn(4)</a> firmware would |
| |
generate bogus block ack requests and stall traffic. |
| </ul> |
</ul> |
| |
|
| <li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
|
|
| <li>Avoided spurious "input packet decapsulations failed" errors in |
<li>Avoided spurious "input packet decapsulations failed" errors in |
| <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with |
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with |
| A-MSDU enabled. |
A-MSDU enabled. |
| |
<li>Introduced RA, a new 11nm Tx rate adaptation module for net80211. |
| |
Unlike MiRa, RA does not attempt to precisely measure actual |
| |
throughput but simply deducts a loss percentage from the theoretical |
| |
throughput which can be achieved by a given MCS. |
| </ul> |
</ul> |
| |
|
| <li>Generic network stack improvements and bugfixes: |
<li>Generic network stack improvements and bugfixes: |
| <ul> |
<ul> |
| <li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
|
| response to an IPv6 packet. |
|
| <li>Added the ability to force the selection of source IP address for |
|
| programs that do not specify a source IP, configurable via <a |
|
| href="https://man.openbsd.org/route.8">route(8)</a>. |
|
| <li>For IPv6 addresses, added tracking of address proposal creation |
|
| times to be able to establish total lifetime. This information is used |
|
| to renew pltime/vltime of privacy addresse per RFC 4941. |
|
| <li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
|
| by keeping track of allowed ips pointer correctly. |
|
| <li>Use the toeplitz hash algorithm to a flowid for tcp packets, |
|
| which in turn is used to choose the tx ring on network cards with |
|
| multiple rings. |
|
| <li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> ioctl to |
|
| handle multiple wgpeers. |
|
| <li>Removed the direct ACK on every other data segment. After |
<li>Removed the direct ACK on every other data segment. After |
| receiving a data segment, we were sending out two ACKs, the first one |
receiving a data segment, we were sending out two ACKs, the first one |
| in tcp_input() direct after receiving and the second ACK after the |
in tcp_input() direct after receiving and the second ACK after the |
|
|
| mac learning bridge. |
mac learning bridge. |
| <li>Introduced <a href="https://man.openbsd.org/veb.4">veb(4)</a>, a |
<li>Introduced <a href="https://man.openbsd.org/veb.4">veb(4)</a>, a |
| Virtual Ethernet Bridge driver. |
Virtual Ethernet Bridge driver. |
| <li>Added support for adding and deleting mac addr entries on <a |
|
| href="https://man.openbsd.org/nvgre.4">nvgre(4)</a>. |
|
| <li>Added support for adding and deleting address table entries to <a |
|
| href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a |
|
| href="https://man.openbsd.org/veb.4">veb(4)</a> and etherbridge. |
|
| |
|
| |
<li>Added the ability to force the selection of source IP address for |
| |
programs that do not specify a source IP, overriding the default |
| |
source IP selection algorithm. This is configurable via <a |
| |
href="https://man.openbsd.org/route.8">route(8)</a> |
| |
<tt>sourceaddr</tt> command. |
| |
|
| |
<li>Bring interfaces up when autoconfiguration for inetor inet6 is |
| |
enabled (AUTOCONF4 or AUTOCONF6 flags). |
| |
<li>Adjust terminology in <a |
| |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to refer to |
| |
"temporary address extensions" rather than the former "privacy |
| |
extensions," including the addition of an AUTOCONF6TEMP flag (to |
| |
replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy |
| |
option if <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
| |
has been deprecated. |
| |
<li>Made it possible to disable the "autoconf" flag but keep |
| |
"temporary" enabled in <a |
| |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>. |
| |
<li>For IPv6 addresses, added tracking of address proposal creation |
| |
times to be able to establish total lifetime. This information is used |
| |
to renew pltime/vltime of privacy addresse per RFC 4941. |
| |
|
| |
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
| |
response to an IPv6 packet. |
| |
<li>Use the toeplitz hash algorithm to a flowid for tcp packets, |
| |
which in turn is used to choose the tx ring on network cards with |
| |
multiple rings. |
| |
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
| |
by keeping track of allowed ips pointer correctly. |
| |
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> ioctl to |
| |
handle multiple wgpeers. |
| |
<li>Fixed a race between tx/rx handshakes in <a |
| |
href="https://man.openbsd.org/wg.4">wg(4)</a>. |
| |
<li>Prevented a potential hang when trying to remove a <a |
| |
href="https://man.openbsd.org/tun.4">tun(4)</a> interface. |
| |
<li>Used the correct rdomain when adding and deleting routes with <a |
| |
href="https://man.openbsd.org/mpip.4">mpip(4)</a> and <a |
| |
href="https://man.openbsd.org/mpw.4">mpw(4)</a>. |
| |
<li>Made <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
| |
"-mplslabel" work with <a |
| |
href="https://man.openbsd.org/mpw.4">mpw(4)</a>. |
| </ul> |
</ul> |
| |
|
| <li>Installer improvements: |
<li>Installer and upgrade improvements: |
| <ul> |
<ul> |
| <li>Prevented a race in <a |
<li>Prevented a race in <a |
| href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep |
|
|
| address. |
address. |
| <li>Fixed hangs on amd64 bsd.rd due to misreported core clock |
<li>Fixed hangs on amd64 bsd.rd due to misreported core clock |
| frequency on newer Intel Comet Lake models. |
frequency on newer Intel Comet Lake models. |
| <li>Began distributing the gzip'd version of bsd.rd on all platforms with boot methods supporting it. |
<li>Began distributing the gzip'd version of bsd.rd on all platforms |
| |
with boot methods supporting it. |
| |
<li>Fixed a problem which prevented use of <a |
| |
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> when an |
| |
interface failed to come up and <a |
| |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> didn't |
| |
notice link-timeout expiration. |
| |
<li>Prevented <a |
| |
href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> from |
| |
adjusting the swap 'b' partition size if physmem is zero to keep the |
| |
auto-allocate code from putting a filesystem on that partition. |
| |
<li>Emulate "[inet] autoconf" <a |
| |
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> lines |
| |
with "dhcp" so users testing <a |
| |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> will |
| |
still be able to upgrade manually while the installer uses only <a |
| |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used. |
<li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used. |
| |
<li>Removed workaround permitting Go executables to do syscalls directly, forcing them to use shared libc like all other dynamic binaries. |
| </ul> |
</ul> |
| |
|
| <li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
| <ul> |
<ul> |
| <!-- BGP --> |
<li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> daemon saw the following changes: |
| |
<ul> |
| <li>Fixed a memory leak when parsing <a |
<li>Fixed a memory leak when parsing <a |
| href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
| <li>Stopped allowing configuration of the same neighbor multiple |
<li>Stopped allowing configuration of the same neighbor multiple |
|
|
| <li>Introduced <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> |
<li>Introduced <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> |
| <code>rde evaluate all</code> to work around path hiding in IXP |
<code>rde evaluate all</code> to work around path hiding in IXP |
| route-server environments. |
route-server environments. |
| |
</ul> |
| |
|
| |
<li>The <a |
| |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and <a |
| |
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> routing |
| |
daemons saw various internal refactoring to keep the code similar to |
| |
changes in other routing daemons and improve maintainability.<br> |
| |
Additionally, support was added in <a |
| |
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> for interfaces |
| |
that share the same IP. |
| |
|
| |
<li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and it's userland utility: |
| |
<ul> |
| |
<li>Relaxed checks in <a |
| |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid |
| |
routing domain, even if it does not yet exist. |
| |
<li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
| |
detect and reject bogus ranges before loading the ruleset to prevent a |
| |
panic. |
| |
<li>Changed route-to in <a |
| |
href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> to send |
| |
packets to IPs instead of interfaces. |
| |
<li>Changed pf_route so <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> only runs when packets |
| |
enter and leave the stack. Running the same packet through pf multiple |
| |
times creates confusion for the state table. By default, pf states are |
| |
floating, meaning that packets are matched to states regardless of |
| |
which interface they're going over. This diff avoids multiple pf(4) |
| |
traversals of one packet causing confusion in the state table. |
| |
<li>Prevented the kernel from being stuck in an endless recursion |
| |
during TCP path MTU discovery when <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> changes the routing |
| |
table when sending packets. |
| |
<li>When cutting off the head of an overlapping fragment during <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> reassembly, reinserted |
| |
the fragment into the lookup table with the correct index. |
| |
</ul> |
| |
|
| <li>Allowed use of <a |
<li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon: |
| href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> on interfaces that |
<ul> |
| share the same IP. |
|
| |
|
| <!-- HTTPD --> |
|
| <li>Prevented a crash due to |
|
| <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port |
|
| 443 with missing TLS certificates. |
|
| <li>Created a new "location (found|notfound)" option for |
|
| <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow |
|
| testing for resource path existence. |
|
| <li>Added a directive to <a |
|
| href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path |
|
| is accessible. |
|
| <li>Fixed detection of duplicate locations in <a |
|
| href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
|
| <li>Fixed leak of access and error log filenames on config reload in |
|
| <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
|
| <li>Avoid leaking the log message in |
|
| <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s |
|
| server_sendlog. |
|
| <li>Incorrect order of |
|
| <a href="https://man.openbsd.org/close.2">close(2)</a> and |
|
| <a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a> |
|
| together with a bug in LibSSL led to leaking memory in |
|
| <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
|
| for each TLS connection. |
|
| <li>Fixed the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
|
| example configuration not to generate errors when running without TLS |
|
| keys already in place. |
|
| <li>Optimize disk reads of |
|
| <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
|
| by using st_blocksize as high water mark instead of |
|
| the socket buffer size. |
|
| |
|
| |
|
| <!-- IKE/IPSEC --> |
|
| <li>Added support to request IP addresses as IKEv2 initiator to <a |
<li>Added support to request IP addresses as IKEv2 initiator to <a |
| href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr |
href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr |
| 0.0.0.0' is configured, any address will be accepted. |
0.0.0.0' is configured, any address will be accepted. |
|
|
| dynamic address configuration for roadwarrior clients, with a new |
dynamic address configuration for roadwarrior clients, with a new |
| "iface" config option which can be used to specify an interface for |
"iface" config option which can be used to specify an interface for |
| the virtual addresses received from the peer. |
the virtual addresses received from the peer. |
| |
<li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
| |
interop problem with strongswan if make-before-break is enabled. |
| |
</ul> |
| |
|
| |
<li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numberous improvements: |
| |
<ul> |
| |
<li>Prevented a crash due to |
| |
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port |
| |
443 with missing TLS certificates. |
| |
<li>Created a new "location (found|notfound)" option for |
| |
<a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow |
| |
testing for resource path existence. |
| |
<li>Added a directive to <a |
| |
href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path |
| |
is accessible. |
| |
<li>Fixed detection of duplicate locations in <a |
| |
href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
| |
<li>Fixed leak of access and error log filenames on config reload in |
| |
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
| |
<li>Avoid leaking the log message in |
| |
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s |
| |
server_sendlog. |
| |
<li>Incorrect order of |
| |
<a href="https://man.openbsd.org/close.2">close(2)</a> and |
| |
<a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a> |
| |
together with a bug in LibSSL led to leaking memory in |
| |
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
| |
for each TLS connection. |
| |
<li>Fixed the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
| |
example configuration not to generate errors when running without TLS |
| |
keys already in place. |
| |
<li>Optimize disk reads of |
| |
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
| |
by using st_blocksize as high water mark instead of |
| |
the socket buffer size. |
| |
</ul> |
| |
|
| <!-- LDAP --> |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> received the following new features and bugfixes: |
| <li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert |
<ul> |
| and key path inference for absolute paths. |
<li>Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support |
| <li>Fixed incorrect cast in a |
to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>. |
| <a href="https://man.openbsd.org/vsnprintf(3)">vsnprintf(3)</a> |
<li>Supported use of more than one URI in the TAL file for <a |
| error check |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>, |
| in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
sorting with a preference for https. |
| <li>Applied <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> |
<li>Validated ghostbuster records (RFC 6493) in <a |
| to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>. |
| |
<li>Fixed <a |
| |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> checks |
| |
for the manifest validity interval. |
| |
<li>The connection is now killed when the rsync server stalls. |
| |
<li>Limited the URL embedded in .cer files in <a |
| |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to |
| |
alphanumeric characters and punctuation. |
| |
<li>Added <a |
| |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -V |
| |
option to show version. |
| |
<li>Included the default cert.pem file path in tls_load_file error |
| |
messages in <a |
| |
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>. |
| |
</ul> |
| |
|
| |
<li>The <a href="https://man.openbsd.org/dig.1">dig(1)</a> DNS utility received the following updates: |
| <!-- PF --> |
<ul> |
| <li>Relaxed checks in <a |
|
| href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a |
|
| href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid |
|
| routing domain, even if it does not yet exist. |
|
| <li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
|
| detect and reject bogus ranges before loading the ruleset to prevent a |
|
| panic. |
|
| <li>Changed route-to in <a |
|
| href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> to send |
|
| packets to IPs instead of interfaces. |
|
| <li>Changed pf_route so <a |
|
| href="https://man.openbsd.org/pf.4">pf(4)</a> only runs when packets |
|
| enter and leave the stack. Running the same packet through pf multiple |
|
| times creates confusion for the state table. By default, pf states are |
|
| floating, meaning that packets are matched to states regardless of |
|
| which interface they're going over. This diff avoids multiple pf(4) |
|
| traversals of one packet causing confusion in the state table. |
|
| <li>Prevented the kernel from being stuck in an endless recursion |
|
| during TCP path MTU discovery when <a |
|
| href="https://man.openbsd.org/pf.4">pf(4)</a> changes the routing |
|
| table when sending packets. |
|
| <li>When cutting off the head of an overlapping fragment during <a |
|
| href="https://man.openbsd.org/pf.4">pf(4)</a> reassembly, reinserted |
|
| the fragment into the lookup table with the correct index. |
|
| |
|
| |
|
| <!-- dig --> |
|
| <li>Implemented RFC 8914 Extended DNS Errors for <a |
<li>Implemented RFC 8914 Extended DNS Errors for <a |
| href="https://man.openbsd.org/dig.1">dig(1)</a>. |
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
| <li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS |
<li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS |
|
|
| <li>Fixed IPv6 link-local address handling for nameservers to talk to |
<li>Fixed IPv6 link-local address handling for nameservers to talk to |
| and address to bind to in <a |
and address to bind to in <a |
| href="https://man.openbsd.org/dig.1">dig(1)</a>. |
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
| |
<li>Implemented ZONEMD (RFC 8976) in <a |
| |
href="https://man.openbsd.org/dig.1">dig(1)</a> to convey a message |
| |
digest of the content of a DNS zone. |
| |
</ul> |
| |
|
| <!-- dhclient --> |
<li>Changes to <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>: |
| |
<ul> |
| <li>Fixed incorrect behavior when using <a |
<li>Fixed incorrect behavior when using <a |
| href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to |
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to |
| change the lease renew/rebind/expiry timing. |
change the lease renew/rebind/expiry timing. |
|
|
| href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on |
| "dhcp" lines in <a |
"dhcp" lines in <a |
| href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files. |
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files. |
| |
<li>Finished conversion of <a |
| |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> timers to |
| |
allow monotonic accounting for the active lease. |
| |
</ul> |
| |
|
| |
<li>Two new daemons, <a |
| |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a |
| |
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added. |
| |
These work alongside with <a |
| |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a |
| |
href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a |
| |
coherent and simple automatic configration of network interfaces and |
| |
DNS resolution.<br> |
| |
The two daemons are not enabled by default for now, but can be tested |
| |
by enableing them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>. |
| |
<ul> |
| |
<li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> |
| |
implements the DHCP protocol to acquire IPv4 address leases from |
| |
servers. |
| |
<li><a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> |
| |
manages the content of <a |
| |
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> based |
| |
on nameserver proposals from dhcpleased(8) and slaacd(8). |
| |
</ul> |
| |
<li>Other userland network changes: |
| |
<ul> |
| |
<li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert |
| |
and key path inference for absolute paths. |
| |
<li>Fixed incorrect cast in a |
| |
<a href="https://man.openbsd.org/vsnprintf(3)">vsnprintf(3)</a> |
| |
error check |
| |
in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
| |
<li>Applied <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> |
| |
to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>. |
| |
|
| <!-- other --> |
|
| <li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
| drain the raw socket of packets received before we were fully setup to |
drain the raw socket of packets received before we were fully setup to |
| avoid reporting ICMP responses intended for other instances of ping(8) |
avoid reporting ICMP responses intended for other instances of ping(8) |
|
|
| are using Semantically Opaque Interface Identifiers. |
are using Semantically Opaque Interface Identifiers. |
| <li>Handled an autoconf interface changing its rdomain in <a |
<li>Handled an autoconf interface changing its rdomain in <a |
| href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>. |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>. |
| |
<li>Completed <a |
| |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> implementation |
| |
of RFC 8981 temporary address extensions. |
| |
|
| <li>Do not leak the domains listed in |
<li>Do not leak the domains listed in |
| <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>'s |
<a href="https://man.openbsd.org/unwind.8">unwind(8)</a>'s |
| blocklist file on each config reload. |
blocklist file on each config reload. |
|
|
| href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
| <li>Added a simple --timeout implementation to <a |
<li>Added a simple --timeout implementation to <a |
| href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>. |
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>. |
| |
<li>Added the <a href="https://man.openbsd.org/rsync.1">rsync(1)</a> |
| |
option --no-motd to suppress the information output by the client at |
| |
the start of a daemon transfer. |
| <li>Added support for the use of !command to <a |
<li>Added support for the use of !command to <a |
| href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that |
href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that |
| netstart has a late opportunity to perform network configuration. |
netstart has a late opportunity to perform network configuration. |
|
|
| http or https. Switched to using the timestamps from the remote |
http or https. Switched to using the timestamps from the remote |
| server's Last-Modified header if available when saving local files and |
server's Last-Modified header if available when saving local files and |
| introduced the ftp "-u" flag to disable this behavior. |
introduced the ftp "-u" flag to disable this behavior. |
| |
<li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> set |
| |
timestamps only on files. |
| |
|
| <li>Added requests for a new certificate without requiring -F when <a |
<li>Added requests for a new certificate without requiring -F when <a |
| href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> |
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> |
|
|
| <li>Avoid leaking the help text in |
<li>Avoid leaking the help text in |
| <a href="https://man.openbsd.org/tcpbench.1">systat(8)</a>. |
<a href="https://man.openbsd.org/tcpbench.1">systat(8)</a>. |
| <li>Simplify argument parsing of |
<li>Simplify argument parsing of |
| <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> stop |
<tt><a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> stop</tt> |
| thereby avoiding a |
thereby avoiding a |
| <a href="https://man.openbsd.org/printf.3">printf(3)</a> "%s" NULL, |
<a href="https://man.openbsd.org/printf.3">printf(3)</a> "%s" NULL, |
| a use of uninitialized and a dead else branch. |
a use of uninitialized and a dead else branch. |
| |
<li>Increased the maximum length for CHAP challenges to 96 octets to |
| |
ensure <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> can |
| |
handle longer challenges, such as those sent by Juniper. |
| |
</ul> |
| </ul> |
</ul> |
| |
|
| <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
| <ul> |
<ul> |
| <li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> synchronize-panes a pane option and added set-option -U flag to unset an option on all panes. |
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> synchronize-panes a pane option and added set-option -U flag to unset an option on all panes. |
| |
<li>Allowed use of ## and # in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> styles and added a "w" format modifier for width. |
| |
<li>Added a -C flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> run-shell to use a tmux command rather than a shell command. |
| |
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> -N flag to never start the server even if the command would normally do so. |
| |
<li>Added the new <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> -S flag to new-window to select the existing window if one with the given name already exists, rather than failing. |
| |
<li>Added support for X11 color names and other variations for OSC 10/11 and added OSC 110 and 111 to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
| |
<li>Removed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> support for popups where the content is provided directly to tmux. |
| |
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> "absolute-centre" alignment to use the center of the total space instead of the available space. |
| |
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> split-window -Z to start the pane zoomed. |
| |
<li>Added client-detached notification in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> control mode. |
| |
<li>Changed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> search-again with vi keys to work like <a href="https://man.openbsd.org/vi.1">vi(1)</a>. |
| </ul> |
</ul> |
| |
|
| <li>OpenSMTPD 6.9.0 |
<li>OpenSMTPD 6.9.0 |
|
|
| TLS listeners may be configured with multiple certificates, |
TLS listeners may be configured with multiple certificates, |
| the matching is based on the names included in these certificates. |
the matching is based on the names included in these certificates. |
| <li>Allow to specify tls protocols and ciphers per listener and relay action. |
<li>Allow to specify tls protocols and ciphers per listener and relay action. |
| |
<li>Allowed <a |
| |
href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a> |
| |
specification of tls protocols and ciphers on relay actions. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>LibreSSL 3.2.2 |
<li>LibreSSL 3.2.5 |
| <ul> |
<ul> |
| <li>New Features |
<li>New Features |
| <ul> |
<ul> |
| |
|
| <!-- taken from plus.html, not sorted into categories: |
<!-- taken from plus.html, not sorted into categories: |
| |
|
| <li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator. |
<li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator. |
| <li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a> |
<li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a> |
| to call its get_issuer() callback to try and find a suitable |
to call its get_issuer() callback to try and find a suitable |
|
|
| <li>Implemented the key material exporter for TLSv1.3. |
<li>Implemented the key material exporter for TLSv1.3. |
| <li>Fixed problems which could arise with software such as bacula and icinga when a root certificate was specified as both a trusted and an untrusted certificate. |
<li>Fixed problems which could arise with software such as bacula and icinga when a root certificate was specified as both a trusted and an untrusted certificate. |
| <li>Added support for <a href="https://man.openbsd.org/SSL_get_shared_ciphers.3">SSL_get_shared_ciphers(3)</a> in TLSv1.3 and fixed to correctly return ciphers shared by the client and the server. |
<li>Added support for <a href="https://man.openbsd.org/SSL_get_shared_ciphers.3">SSL_get_shared_ciphers(3)</a> in TLSv1.3 and fixed to correctly return ciphers shared by the client and the server. |
| |
<li>Requested client certificate only when required in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
| |
<li>Enabled DTLSv1.2. |
| --> |
--> |
| |
|
| </ul> |
</ul> |
|
|
| </ul> |
</ul> |
| </ul> |
</ul> |
| |
|
| <li>OpenSSH 8.4 |
<li>OpenSSH 8.5 |
| |
|
| <ul> |
<ul> |
| |
|
|
|
| <li>Added PermitRemoteOpen to <a |
<li>Added PermitRemoteOpen to <a |
| href="https://man.openbsd.org/ssh.1">ssh(1)</a> for remote dynamic |
href="https://man.openbsd.org/ssh.1">ssh(1)</a> for remote dynamic |
| forwarding with SOCKS. |
forwarding with SOCKS. |
| |
<li>Released <a href="https://www.openssh.com/txt/release-8.5">OpenSSH 8.5</a>. |
| --> |
--> |
| |
|
| <li>Potentially incompatible changes. |
<li>Potentially incompatible changes. |
![[BACK]](/icons/back.gif){kind=icon}
Return to 69.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www