version 1.2, 2021/04/04 23:08:33 |
version 1.3, 2021/04/05 21:59:13 |
|
|
|
|
<li>New/extended platforms: |
<li>New/extended platforms: |
<ul> |
<ul> |
<li>... |
|
|
<li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a |
|
driver for the framebuffer of the Aspeed BMC found on many POWER8 and |
|
POWER9 systems. |
|
<li>Added bsd.mp to powerpc64's installXX.{img,iso}. |
|
<li>Added RETGUARD implementation for powerpc and powerpc64. |
|
<li>Added powerpc64 retguard macros for setjmp/longjmp. |
|
<li>Added retguard macros to powerpc64 locore functions. |
|
<li>Added a workaround for PCIO devices that cannot address the full |
|
64-bit PCI address space to powerpc64. Needed for <a |
|
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a |
|
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon |
|
GPUs only implement 36, 40, or 44 bits of address space. |
|
<li>Added limited emulation of unaligned access in the powerpc64 kernel. |
|
<li>Changed <a href="https://man.openbsd.org/astfb.4">astfb(4)</a> to |
|
allow it to become the console on powerpc64. |
|
<li>Added support for passing a bootmac command line argument to |
|
RAMDISK on powerpc64. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Improvements to time measurements, mostly in the kernel: |
<li>Improvements to time measurements, mostly in the kernel: |
|
|
|
|
<li>Various kernel improvements: |
<li>Various kernel improvements: |
<ul> |
<ul> |
<li>... |
<li>Added basic support for kclock timeouts to <a href="https://man.openbsd.org/timeout.9">timeout(9)</a>. |
|
<li>Added a top-level 'reboot' command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
|
<li>Fixed the "entry point at 0x10010000" hang reported on amd64 machines by using a 64MB block to load the kernel. |
|
<li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a> check for uninitialized (or zeroed) lock usage. |
|
|
|
<!-- SMP --> |
|
<li>Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions. |
|
<li>Introduced a system-wide mutex that serializes msgbuf operations. |
|
|
|
|
|
<!-- DRM --> |
|
<li>Implemented linux interval tree functions for <a href="https://man.openbsd.org/drm.4">drm(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> display commands when using <a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on macppc. |
|
<li>Changed from <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> to <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> for linux rwlocks. |
|
<li>Fixed a panic associated with locks and <a href="https://man.openbsd.org/drm.4">drm(4)</a> on macppc with Powerbook5,6 and RV350. |
|
<li>Revised the initialization of the <a href="https://man.openbsd.org/drm.4">drm(4)</a> Linux emulation layer to call it only when the first drm instance attaches. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Various new userland features: |
<li>Various new userland features: |
<ul> |
<ul> |
<li>... |
<li>Added <a |
|
href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog" |
|
option to avoid <a |
|
href="https://man.openbsd.org/syslog.3">syslog(3)</a>. |
|
<li>Allowed specific <a |
|
href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used |
|
for play-only and rec-only modes. |
|
|
</ul> |
</ul> |
|
|
<li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
<ul> |
<ul> |
<li>... |
<li>Fixed a pledge violation in <a |
|
href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting |
|
input from a file containing ^T would cause csh(1) to perform a tty |
|
ioctl operation against a non-tty. |
|
<li>Prevented a crash due to <a |
|
href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port |
|
443 with missing TLS certificates. |
|
<li>Stopped exempting file systems from <a |
|
href="https://man.openbsd.org/security.8">security(8)</a> on the basis |
|
of nodev and nosuid options, which may not be used for file systems |
|
mounted beneath. |
|
<li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a> |
|
to stop reporting disk status and networking statistics. |
|
<li>Made <a |
|
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify |
|
a version when it uses <a |
|
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid |
|
the situation where upgrading a pre-6.8 snapshot to 6.8 release with |
|
"-r" would install firmware packages from snapshots. |
|
<li>Increased speed of the dependency check pass for <a |
|
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>. |
|
|
|
<li>Prevented process exit in multithreaded programs from reporting |
|
the wrong error code. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
<ul> |
<ul> |
<li>... |
|
|
<li>Moved mfokclock(4) from loongson to make it available for other |
|
platforms and renamed it to <a |
|
href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>. |
|
<li>Fixed brightness setting on MacBooks. |
|
<li>Added AMD Vi and Intel VTD IOMMU support. This creates separate |
|
domains for each PCI device and can provide protection against invalid |
|
memory access. |
|
<li>Enabled brightness keys on powerbooks where the keyboard attaches |
|
as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>. |
|
<li>Set initial default display brightness on macppc via |
|
of_setbrightness() to ensure <a |
|
href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in |
|
sync. |
|
<li>Added the ClearFog GT 8K to <a |
|
href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>. |
|
<li>Added support for the PL2303HXN series chips to <a |
|
href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>. |
|
<li>Added support for the PCA9547 I2C mux to <a |
|
href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>. |
|
<li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a> |
|
with ACPI support. |
|
<li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a |
|
driver for ACPI generic event devices, used on te HoneyComb LX2K to |
|
implement power button handling. |
|
<li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, |
|
a driver for the GPIO controllers found on modern Intel PCHs. |
|
<li>Added ACPI support to <a |
|
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
|
<li>Fixed panics on the HoneyComb LX2K with <a |
|
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>. |
|
<li>Fixed very old <a |
|
href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the |
|
INQUIRY command succeeds but with a residue equal to the requested |
|
bytes. |
|
|
|
<!-- ARM64 --> |
|
<li>Optimized arm64 <a |
|
href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a |
|
href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a |
|
href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte |
|
copies if possible. |
|
<li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs. |
|
<li>Added clock support for i.MX8MP. |
|
<li>Added support for the VF610 I2C controller to <a |
|
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>. |
|
<li>Fixed a panic seen with mbuf chains on arm64. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>New or improved network hardware support: |
<li>New or improved network hardware support: |
<ul> |
<ul> |
<li>... |
<li>Fixed link state change behavior in 82598 <a |
|
href="https://man.openbsd.org/ix.4">ix(4)</a> chips. |
|
<li>Fixed issues with network stopping after the first down/up cycle |
|
in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada |
|
Ethernet device. |
|
<li>Added SFP+ support to ofw, including support for direct attach cables. |
|
<li>Added 10G media support to <a |
|
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>. |
|
<li>Added support for 1000base-x and 2500base-x connections to <a |
|
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>. |
|
<li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a |
|
driver for Marvel "SOHO" switches. |
|
|
</ul> |
</ul> |
|
|
<li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
<ul> |
<ul> |
<li>... |
<li>Fixed <a href="https://man.openbsd.org/athn.4">athn(4)</a> in |
|
client mode against APs that use WPA1/TKIP as the group cipher. |
|
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> |
|
against access points using WPA1/TKIP as the group cipher. |
|
<li>Added multicast support to <a |
|
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6. |
|
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> |
|
repeated DEAUTH and loss/restoration of link. |
|
|
</ul> |
</ul> |
|
|
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
|
|
|
|
<li>Generic network stack improvements and bugfixes: |
<li>Generic network stack improvements and bugfixes: |
<ul> |
<ul> |
<li>... |
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6 |
|
response to an IPv6 packet. |
|
<li>Added the ability to force the selection of source IP address for |
|
programs that do not specify a source IP, configurable via <a |
|
href="https://man.openbsd.org/route.8">route(8)</a>. |
|
<li>For IPv6 addresses, added tracking of address proposal creation |
|
times to be able to establish total lifetime. This information is used |
|
to renew pltime/vltime of privacy addresse per RFC 4941. |
|
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc |
|
by keeping track of allowed ips pointer correctly. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Installer improvements: |
<li>Installer improvements: |
|
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>... |
<li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used. |
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>... |
<!-- BGP --> |
|
<li>Fixed a memory leak when parsing <a |
|
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists. |
|
<li>Stopped allowing configuration of the same neighbor multiple |
|
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>. |
|
<!-- HTTPD --> |
|
<li>Created a new "location (found|notfound)" option for <a |
|
href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow |
|
testing for resource path existence. |
|
<li>Added a directive to <a |
|
href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path |
|
is accessible. |
|
<li>Fixed detection of duplicate locations in <a |
|
href="https://man.openbsd.org/httpd.8">httpd(8)</a>. |
|
|
|
|
|
<!-- IKE/IPSEC --> |
|
<li>Added support to request IP addresses as IKEv2 initiator to <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr |
|
0.0.0.0' is configured, any address will be accepted. |
|
<li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept |
|
ANY dynamic address with 'request addr 0.0.0.0'. |
|
<li>Added 'dynamic' keyword to <a |
|
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow |
|
configuration of flows to dynamically assigned addresses. |
|
<li>Added the 'any' keyword to <a |
|
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for |
|
requests to allow "request address any". |
|
<li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
support for ASN1_DN ipsec identifiers. |
|
<li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
"from dynamic," installing flows where "dynamic" is replaced by the |
|
received dynamic IP address. |
|
<li>Made sure not to replace 0.0.0.0 with a dynamic address in <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network |
|
address. |
|
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s |
|
socket option to specify a control socket. |
|
<li>Used a counter instead of random IV for AES-GCM in <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the |
|
risk of random collisions. |
|
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
support for multiple address pools. |
|
<li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
"set stickyaddress" option, which attempts to assign the same "config |
|
address" when an IKESA is negotiated with the DSTID of an existing |
|
IKESA. |
|
<li>Ensured rekeying of every child SA in <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
|
|
|
|
|
<!-- LDAP --> |
|
<li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert |
|
and key path inference for absolute paths. |
|
|
|
|
|
<!-- PF --> |
|
<li>Relaxed checks in <a |
|
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a |
|
href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid |
|
routing domain, even if it does not yet exist. |
|
|
|
|
|
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to |
|
drain the raw socket of packets received before we were fully setup to |
|
avoid reporting ICMP responses intended for other instances of ping(8) |
|
running in parallel. |
|
|
|
<li>Implemented RFC 8914 Extended DNS Errors for <a |
|
href="https://man.openbsd.org/dig.1">dig(1)</a>. |
|
|
|
<li>Changed <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> |
|
Duplicate Address Detection (DAD) to only generate a new address if we |
|
are using Semantically Opaque Interface Identifiers. |
|
<li>Handled an autoconf interface changing its rdomain in <a |
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>. |
|
<li>Fixed rare crashes of <a |
|
href="https://man.openbsd.org/unwind.8">unwind(8)</a> when DNS answers |
|
are larger than the maximum imsg size. |
|
<li>Removed the -L option from <a |
|
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
|
<li>Fixed incorrect behavior when using <a |
|
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to |
|
change the lease renew/rebind/expiry timing. |
|
<li>Added a simple --timeout implementation to <a |
|
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>. |
|
<li>Added support for the use of !command to <a |
|
href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that |
|
netstart has a late opportunity to perform network configuration. |
|
|
|
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
|
|
<ul> |
<ul> |
<li>New Features |
<li>New Features |
<ul> |
<ul> |
<li>... |
<!-- XXX not sorted into categories yet --> |
|
<li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator. |
|
<li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a> |
|
to call its get_issuer() callback to try and find a suitable |
|
certificate in cases where it has failed to find a print certificate |
|
from the supplied roots and intermediates. |
|
<li>Corrected an issue where <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> verify might not error on expired certificates. |
|
<li>Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software. |
|
<li>Implemented auto chain for the TLSv1.3 server. |
|
<li>Implemented the key material exporter for TLSv1.3. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>API and Documentation Enhancements |
<li>API and Documentation Enhancements |
|
|
</ul> |
</ul> |
|
|
<li>OpenSSH 8.4 |
<li>OpenSSH 8.4 |
|
|
<ul> |
<ul> |
|
|
|
<!-- XXX not sorted into categories yet --> |
|
<li>Preferred ed25519 signature algorithm variants over ECDSA in <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a |
|
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>. |
|
<li>Enabled <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
|
UpdateHostkeys by default when the configuration has not overridden |
|
UserKnownHostFile. |
|
<li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
|
keyboard interactive prompts with "user@host" for easier |
|
identification of connections. |
|
<li>Displayed any other hostnames/addresses associated with a new |
|
hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
|
prompts the user to accept it. |
|
<li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
|
recursive upload or download of a read-only directory, ensured that |
|
the directory was created with write and execute permissions in the |
|
interim to allow the transfer. |
|
<li>Set the specified TOS/DSCP for interactive use prior to TCP |
|
connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
|
<li>CLeaned up passing of struct passwd from monitor to preauth |
|
privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
|
|
|
|
<li>Potentially incompatible changes. |
<li>Potentially incompatible changes. |
<ul> |
<ul> |
<li>... |
<li>... |
|
|
<li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
<ul> |
<ul> |
<li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches, |
<li>Xenocara (based on X.Org 7.7 with xserver 1.20.8 + patches, |
freetype 2.10.2, fontconfig 2.12.4, Mesa 20.0.8, xterm 351, |
freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 351, |
xkeyboard-config 2.20 and more) |
xkeyboard-config 2.20, fonttosfnt 1.2.0 and more) |
<li>LLVM/Clang 10.0.1 (+ patches) |
<li>LLVM/Clang 10.0.1 (+ patches) |
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) |
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) |
<li>Perl 5.30.3 (+ patches) |
<li>Perl 5.30.3 (+ patches) |
<li>NSD 4.3.2 |
<li>NSD 4.3.3 |
<li>Unbound 1.11.0 |
<li>Unbound 1.12.0 |
<li>Ncurses 5.7 |
<li>Ncurses 5.7 |
<li>Binutils 2.17 (+ patches) |
<li>Binutils 2.17 (+ patches) |
<li>Gdb 6.3 (+ patches) |
<li>Gdb 6.3 (+ patches) |