| version 1.2, 2021/04/04 23:08:33 |
version 1.3, 2021/04/05 21:59:13 |
|
|
| |
|
| <li>New/extended platforms: |
<li>New/extended platforms: |
| <ul> |
<ul> |
| <li>... |
|
| |
<li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a |
| |
driver for the framebuffer of the Aspeed BMC found on many POWER8 and |
| |
POWER9 systems. |
| |
<li>Added bsd.mp to powerpc64's installXX.{img,iso}. |
| |
<li>Added RETGUARD implementation for powerpc and powerpc64. |
| |
<li>Added powerpc64 retguard macros for setjmp/longjmp. |
| |
<li>Added retguard macros to powerpc64 locore functions. |
| |
<li>Added a workaround for PCIO devices that cannot address the full |
| |
64-bit PCI address space to powerpc64. Needed for <a |
| |
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a |
| |
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon |
| |
GPUs only implement 36, 40, or 44 bits of address space. |
| |
<li>Added limited emulation of unaligned access in the powerpc64 kernel. |
| |
<li>Changed <a href="https://man.openbsd.org/astfb.4">astfb(4)</a> to |
| |
allow it to become the console on powerpc64. |
| |
<li>Added support for passing a bootmac command line argument to |
| |
RAMDISK on powerpc64. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Improvements to time measurements, mostly in the kernel: |
<li>Improvements to time measurements, mostly in the kernel: |
|
|
| |
|
| <li>Various kernel improvements: |
<li>Various kernel improvements: |
| <ul> |
<ul> |
| <li>... |
<li>Added basic support for kclock timeouts to <a href="https://man.openbsd.org/timeout.9">timeout(9)</a>. |
| |
<li>Added a top-level 'reboot' command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
| |
<li>Fixed the "entry point at 0x10010000" hang reported on amd64 machines by using a 64MB block to load the kernel. |
| |
<li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a> check for uninitialized (or zeroed) lock usage. |
| |
|
| |
<!-- SMP --> |
| |
<li>Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions. |
| |
<li>Introduced a system-wide mutex that serializes msgbuf operations. |
| |
|
| |
|
| |
<!-- DRM --> |
| |
<li>Implemented linux interval tree functions for <a href="https://man.openbsd.org/drm.4">drm(4)</a>. |
| |
<li>Fixed <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> display commands when using <a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on macppc. |
| |
<li>Changed from <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> to <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> for linux rwlocks. |
| |
<li>Fixed a panic associated with locks and <a href="https://man.openbsd.org/drm.4">drm(4)</a> on macppc with Powerbook5,6 and RV350. |
| |
<li>Revised the initialization of the <a href="https://man.openbsd.org/drm.4">drm(4)</a> Linux emulation layer to call it only when the first drm instance attaches. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various new userland features: |
<li>Various new userland features: |
| <ul> |
<ul> |
| <li>... |
<li>Added <a |
| |
href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog" |
| |
option to avoid <a |
| |
href="https://man.openbsd.org/syslog.3">syslog(3)</a>. |
| |
<li>Allowed specific <a |
| |
href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used |
| |
for play-only and rec-only modes. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
| <ul> |
<ul> |
| <li>... |
<li>Fixed a pledge violation in <a |
| |
href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting |
| |
input from a file containing ^T would cause csh(1) to perform a tty |
| |
ioctl operation against a non-tty. |
| |
<li>Prevented a crash due to <a |
| |
href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port |
| |
443 with missing TLS certificates. |
| |
<li>Stopped exempting file systems from <a |
| |
href="https://man.openbsd.org/security.8">security(8)</a> on the basis |
| |
of nodev and nosuid options, which may not be used for file systems |
| |
mounted beneath. |
| |
<li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a> |
| |
to stop reporting disk status and networking statistics. |
| |
<li>Made <a |
| |
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify |
| |
a version when it uses <a |
| |
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid |
| |
the situation where upgrading a pre-6.8 snapshot to 6.8 release with |
| |
"-r" would install firmware packages from snapshots. |
| |
<li>Increased speed of the dependency check pass for <a |
| |
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>. |
| |
|
| |
<li>Prevented process exit in multithreaded programs from reporting |
| |
the wrong error code. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
| <ul> |
<ul> |
| <li>... |
|
| |
<li>Moved mfokclock(4) from loongson to make it available for other |
| |
platforms and renamed it to <a |
| |
href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>. |
| |
<li>Fixed brightness setting on MacBooks. |
| |
<li>Added AMD Vi and Intel VTD IOMMU support. This creates separate |
| |
domains for each PCI device and can provide protection against invalid |
| |
memory access. |
| |
<li>Enabled brightness keys on powerbooks where the keyboard attaches |
| |
as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>. |
| |
<li>Set initial default display brightness on macppc via |
| |
of_setbrightness() to ensure <a |
| |
href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in |
| |
sync. |
| |
<li>Added the ClearFog GT 8K to <a |
| |
href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>. |
| |
<li>Added support for the PL2303HXN series chips to <a |
| |
href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>. |
| |
<li>Added support for the PCA9547 I2C mux to <a |
| |
href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>. |
| |
<li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a> |
| |
with ACPI support. |
| |
<li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a |
| |
driver for ACPI generic event devices, used on te HoneyComb LX2K to |
| |
implement power button handling. |
| |
<li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, |
| |
a driver for the GPIO controllers found on modern Intel PCHs. |
| |
<li>Added ACPI support to <a |
| |
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
| |
<li>Fixed panics on the HoneyComb LX2K with <a |
| |
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>. |
| |
<li>Fixed very old <a |
| |
href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the |
| |
INQUIRY command succeeds but with a residue equal to the requested |
| |
bytes. |
| |
|
| |
<!-- ARM64 --> |
| |
<li>Optimized arm64 <a |
| |
href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a |
| |
href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a |
| |
href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte |
| |
copies if possible. |
| |
<li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs. |
| |
<li>Added clock support for i.MX8MP. |
| |
<li>Added support for the VF610 I2C controller to <a |
| |
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
| |
<li>Fixed a panic seen with mbuf chains on arm64. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>New or improved network hardware support: |
<li>New or improved network hardware support: |
| <ul> |
<ul> |
| <li>... |
<li>Fixed link state change behavior in 82598 <a |
| |
href="https://man.openbsd.org/ix.4">ix(4)</a> chips. |
| |
<li>Fixed issues with network stopping after the first down/up cycle |
| |
in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada |
| |
Ethernet device. |
| |
<li>Added SFP+ support to ofw, including support for direct attach cables. |
| |
<li>Added 10G media support to <a |
| |
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>. |
| |
<li>Added support for 1000base-x and 2500base-x connections to <a |
| |
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>. |
| |
<li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a |
| |
driver for Marvel "SOHO" switches. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
| <ul> |
<ul> |
| <li>... |
<li>Fixed <a href="https://man.openbsd.org/athn.4">athn(4)</a> in |
| |
client mode against APs that use WPA1/TKIP as the group cipher. |
| |
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> |
| |
against access points using WPA1/TKIP as the group cipher. |
| |
<li>Added multicast support to <a |
| |
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6. |
| |
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> |
| |
repeated DEAUTH and loss/restoration of link. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
|
|
| |
|
| <li>Generic network stack improvements and bugfixes: |
<li>Generic network stack improvements and bugfixes: |
| <ul> |
<ul> |
| <li>... |
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
| |
response to an IPv6 packet. |
| |
<li>Added the ability to force the selection of source IP address for |
| |
programs that do not specify a source IP, configurable via <a |
| |
href="https://man.openbsd.org/route.8">route(8)</a>. |
| |
<li>For IPv6 addresses, added tracking of address proposal creation |
| |
times to be able to establish total lifetime. This information is used |
| |
to renew pltime/vltime of privacy addresse per RFC 4941. |
| |
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
| |
by keeping track of allowed ips pointer correctly. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Installer improvements: |
<li>Installer improvements: |
|
|
| |
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li>... |
<li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used. |
| </ul> |
</ul> |
| |
|
| <li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
| <ul> |
<ul> |
| <li>... |
<!-- BGP --> |
| |
<li>Fixed a memory leak when parsing <a |
| |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
| |
<li>Stopped allowing configuration of the same neighbor multiple |
| |
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
| |
<!-- HTTPD --> |
| |
<li>Created a new "location (found|notfound)" option for <a |
| |
href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow |
| |
testing for resource path existence. |
| |
<li>Added a directive to <a |
| |
href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path |
| |
is accessible. |
| |
<li>Fixed detection of duplicate locations in <a |
| |
href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
| |
|
| |
|
| |
<!-- IKE/IPSEC --> |
| |
<li>Added support to request IP addresses as IKEv2 initiator to <a |
| |
href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr |
| |
0.0.0.0' is configured, any address will be accepted. |
| |
<li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept |
| |
ANY dynamic address with 'request addr 0.0.0.0'. |
| |
<li>Added 'dynamic' keyword to <a |
| |
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow |
| |
configuration of flows to dynamically assigned addresses. |
| |
<li>Added the 'any' keyword to <a |
| |
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for |
| |
requests to allow "request address any". |
| |
<li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
| |
support for ASN1_DN ipsec identifiers. |
| |
<li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
| |
"from dynamic," installing flows where "dynamic" is replaced by the |
| |
received dynamic IP address. |
| |
<li>Made sure not to replace 0.0.0.0 with a dynamic address in <a |
| |
href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network |
| |
address. |
| |
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s |
| |
socket option to specify a control socket. |
| |
<li>Used a counter instead of random IV for AES-GCM in <a |
| |
href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the |
| |
risk of random collisions. |
| |
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
| |
support for multiple address pools. |
| |
<li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
| |
"set stickyaddress" option, which attempts to assign the same "config |
| |
address" when an IKESA is negotiated with the DSTID of an existing |
| |
IKESA. |
| |
<li>Ensured rekeying of every child SA in <a |
| |
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
| |
|
| |
|
| |
<!-- LDAP --> |
| |
<li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert |
| |
and key path inference for absolute paths. |
| |
|
| |
|
| |
<!-- PF --> |
| |
<li>Relaxed checks in <a |
| |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid |
| |
routing domain, even if it does not yet exist. |
| |
|
| |
|
| |
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
| |
drain the raw socket of packets received before we were fully setup to |
| |
avoid reporting ICMP responses intended for other instances of ping(8) |
| |
running in parallel. |
| |
|
| |
<li>Implemented RFC 8914 Extended DNS Errors for <a |
| |
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
| |
|
| |
<li>Changed <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> |
| |
Duplicate Address Detection (DAD) to only generate a new address if we |
| |
are using Semantically Opaque Interface Identifiers. |
| |
<li>Handled an autoconf interface changing its rdomain in <a |
| |
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>. |
| |
<li>Fixed rare crashes of <a |
| |
href="https://man.openbsd.org/unwind.8">unwind(8)</a> when DNS answers |
| |
are larger than the maximum imsg size. |
| |
<li>Removed the -L option from <a |
| |
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
| |
<li>Fixed incorrect behavior when using <a |
| |
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to |
| |
change the lease renew/rebind/expiry timing. |
| |
<li>Added a simple --timeout implementation to <a |
| |
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>. |
| |
<li>Added support for the use of !command to <a |
| |
href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that |
| |
netstart has a late opportunity to perform network configuration. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
|
|
| <ul> |
<ul> |
| <li>New Features |
<li>New Features |
| <ul> |
<ul> |
| <li>... |
<!-- XXX not sorted into categories yet --> |
| |
<li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator. |
| |
<li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a> |
| |
to call its get_issuer() callback to try and find a suitable |
| |
certificate in cases where it has failed to find a print certificate |
| |
from the supplied roots and intermediates. |
| |
<li>Corrected an issue where <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> verify might not error on expired certificates. |
| |
<li>Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software. |
| |
<li>Implemented auto chain for the TLSv1.3 server. |
| |
<li>Implemented the key material exporter for TLSv1.3. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>API and Documentation Enhancements |
<li>API and Documentation Enhancements |
|
|
| </ul> |
</ul> |
| |
|
| <li>OpenSSH 8.4 |
<li>OpenSSH 8.4 |
| |
|
| <ul> |
<ul> |
| |
|
| |
<!-- XXX not sorted into categories yet --> |
| |
<li>Preferred ed25519 signature algorithm variants over ECDSA in <a |
| |
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a |
| |
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>. |
| |
<li>Enabled <a |
| |
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
| |
UpdateHostkeys by default when the configuration has not overridden |
| |
UserKnownHostFile. |
| |
<li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
| |
keyboard interactive prompts with "user@host" for easier |
| |
identification of connections. |
| |
<li>Displayed any other hostnames/addresses associated with a new |
| |
hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
| |
prompts the user to accept it. |
| |
<li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
| |
recursive upload or download of a read-only directory, ensured that |
| |
the directory was created with write and execute permissions in the |
| |
interim to allow the transfer. |
| |
<li>Set the specified TOS/DSCP for interactive use prior to TCP |
| |
connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
| |
<li>CLeaned up passing of struct passwd from monitor to preauth |
| |
privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
| |
|
| |
|
| <li>Potentially incompatible changes. |
<li>Potentially incompatible changes. |
| <ul> |
<ul> |
| <li>... |
<li>... |
|
|
| <li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
| <ul> |
<ul> |
| <li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches, |
<li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches, |
| freetype 2.10.2, fontconfig 2.12.4, Mesa 20.0.8, xterm 351, |
freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 351, |
| xkeyboard-config 2.20 and more) |
xkeyboard-config 2.20, fonttosfnt 1.2.0 and more) |
| <li>LLVM/Clang 10.0.1 (+ patches) |
<li>LLVM/Clang 10.0.1 (+ patches) |
| <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) |
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) |
| <li>Perl 5.30.3 (+ patches) |
<li>Perl 5.30.3 (+ patches) |
| <li>NSD 4.3.2 |
<li>NSD 4.3.3 |
| <li>Unbound 1.11.0 |
<li>Unbound 1.12.0 |
| <li>Ncurses 5.7 |
<li>Ncurses 5.7 |
| <li>Binutils 2.17 (+ patches) |
<li>Binutils 2.17 (+ patches) |
| <li>Gdb 6.3 (+ patches) |
<li>Gdb 6.3 (+ patches) |
![[BACK]](/icons/back.gif){kind=icon}
Return to 69.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www