Annotation of www/69.html, Revision 1.19
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 6.9</title>
6: <meta name="description" content="OpenBSD 6.9">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/69.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 6.9
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/XXX.png">
21: <img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
22: <td>
1.2 kn 23: Released May 1, 2021.<br>
24: Copyright 1997-2021, Theo de Raadt.<br>
1.1 deraadt 25: <br>
26: 6.9 Song:
27: <a href="lyrics.html#69">"XXX"</a>.
28: <br>
1.7 job 29: Artwork by Joy San.
1.1 deraadt 30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <code class=reldir>pub/OpenBSD/6.9/</code> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata69.html">the 6.9 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus69.html">detailed log of changes</a> between the
39: 6.8 and 6.9 releases.
40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<p>
43:
44: <table class=signify>
45: <tr><td>
46: openbsd-69-base.pub:
47: <td>
48: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/openbsd-69-base.pub">
49: RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f</a>
50: <tr><td>
51: openbsd-69-fw.pub:
52: <td>
53: RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy
54: <tr><td>
55: openbsd-69-pkg.pub:
56: <td>
57: RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K
58: <tr><td>
59: openbsd-69-syspatch.pub:
60: <td>
61: RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR
62: </table>
63: </ul>
64: <p>
65: All applicable copyrights and credits are in the src.tar.gz,
66: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
67: files fetched via <code>ports.tar.gz</code>.
68: </table>
69:
70: <hr>
71:
72: <section id=new>
73: <h3>What's New</h3>
74: <p>
75: This is a partial list of new features and systems included in OpenBSD 6.9.
76: For a comprehensive list, see the <a href="plus69.html">changelog</a> leading
77: to 6.9.
78:
79: <ul>
80:
81: <li>New/extended platforms:
82: <ul>
1.15 benno 83: <li>Support for the <a href="powerpc64.html">powerpc64</a> platform was improved:
84: <ul>
1.3 benno 85: <li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a
86: driver for the framebuffer of the Aspeed BMC found on many POWER8 and
87: POWER9 systems.
88: <li>Added bsd.mp to powerpc64's installXX.{img,iso}.
89: <li>Added RETGUARD implementation for powerpc and powerpc64.
90: <li>Added powerpc64 retguard macros for setjmp/longjmp.
91: <li>Added retguard macros to powerpc64 locore functions.
92: <li>Added a workaround for PCIO devices that cannot address the full
93: 64-bit PCI address space to powerpc64. Needed for <a
94: href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a
95: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon
96: GPUs only implement 36, 40, or 44 bits of address space.
97: <li>Added limited emulation of unaligned access in the powerpc64 kernel.
98: <li>Changed <a href="https://man.openbsd.org/astfb.4">astfb(4)</a> to
99: allow it to become the console on powerpc64.
100: <li>Added support for passing a bootmac command line argument to
101: RAMDISK on powerpc64.
1.5 benno 102: <li>Fixed booting on powerpc64 machines with memory banks higher in
103: physical address space, needing a larger TCE table.
104: <li>Introduced power-saving mode on POWER9 (ISA v3).
1.9 benno 105: <li>Enabled floating-point exceptions on powerpc64.
1.10 benno 106: <li>Added support for <a
107: href="https://man.openbsd.org/ipmi.4">ipmi(4)</a> on PowerNV systems.
1.15 benno 108: </ul>
109: <li>Support was added for devices using the Apple M1 SoC:
110: <ul>
1.10 benno 111: <li>Recognized Apple Icestorm cores on arm64.
112: <li>Added basic support for BCM4379, found on the Apple M1 SoCs, to
113: <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
114: <li>Added <a href="https://man.openbsd.org/exuart.4">exuart(4)</a>
115: support for hte UART found on the Apple M1 SoC.
116: <li>Added <a href="https://man.openbsd.org/apldog.4">apldog(4)</a>, a
117: driver for the watchdog on Apple M1 SoCs, allowing reboot of the
118: machine.
119: <li>Added <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a>,
120: a driver for the interrupt controller found on Apple M1 SoCs.
121: <li>Added <a href="https://man.openbsd.org/aplpcie.4">aplpcie(4)</a>,
122: a driver for the PCIe host bridge on Apple M1 SoCs.
123: <li>Increased RX buffers available to the <a
124: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> chip to 256,
125: allowing use of the Apple M1's wifi.
126: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a>,
127: a driver for the IOMMU on Apple M1 SoCs.
128: <li>Added <a href="https://man.openbsd.org/smmu.4">smmu(4)</a>, a
129: driver for the ARM System MMU.
1.15 benno 130: <li>Added an initial attempt to support 8-bit ASIDs such as those on
131: Apple's M1 SoC.
132: <li>Recognized Apple Firestorm cores on arm64.
133: <li>Added SMP support to <a
134: href="https://man.openbsd.org/aplintc.4">aplintc(4)</a>, the interrupt
135: controller driver on Apple M1 SoCs.
136: </ul>
137: <li>The arm64 platform support was improved with the following changes:
138: <ul>
139: <li>Optimized arm64 <a
140: href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a
141: href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a
142: href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte
143: copies if possible.
144: <li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
145: <li>Added clock support for i.MX8MP.
146: <li>Added support for the VF610 I2C controller to <a
147: href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
148: <li>Fixed a panic seen with mbuf chains on arm64.
149: <li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a
150: driver for the Synopsys DesignWare GPIO controller.
151: <li>Added "amlogic,meson-g12a-dwmac" to <a
152: href="https://man.openbsd.org/dwge.4">dwge(4)</a>.
153: <li>Added <a
154: href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support
155: for the "Always On" GPIOs.
156: <li>Added PCIe clocks to <a
157: href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>.
158: <li>Made large read and write transactions work in <a
159: href="https://man.openbsd.org/amliic.4">amliic(4)</a>.
160: <li>Added PCIe support to <a
161: href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>.
162: <li>Added support to <a
163: href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> for the PCIe
164: controller found on Amlogic G12A/G12B/SM1 SoCs.
165: <li>Implemented intx support in <a
166: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a>.
167: <li>Added <a href="https://man.openbsd.org/cryptox.4">cryptox(4)</a>,
168: a driver for armv8 cryptographic extensions.
169: <li>Added support for PCIe on the NanoPi R4S to <a
170: href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
171: <li>Introduced an IOVA allocator, improving the way <a
172: href="https://man.openbsd.org/smmu.4">smmu(4)</a> maps pages.
173: <li>Added support for rk809 to <a
174: href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>, as seen on the
175: Rock Pi N10 with the rk3399pro.
176: <li>Added support for <a
177: href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> on the Raspberry Pi
178: in ACPI mode.
179: <li>Enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a> on arm64.
180: <li>Updated device-tree bindings for <a
181: href="https://man.openbsd.org/cwfg.4">cwfg(4)</a> battery capacity
182: driver to correct attaching and account for monitoring interval
183: change, making cwfg(4) export values under hw.sensors as expected when
184: using a Pinebook Pro.
185: <li>Added ARMv8-5 instruction set related CPU features to arm64.
186: </ul>
187: </ul>
1.3 benno 188:
189:
1.1 deraadt 190: </ul>
191:
1.15 benno 192: <li>Various kernel improvements:
1.1 deraadt 193: <ul>
1.15 benno 194: <li>Added the RAID1C (encrypted raid1) <a
195: href="https://man.openbsd.org/softraid.4">softraid(4)</a> discipline,
196: encrypting data like the CRYPTO discipline and accepting multiple
197: chunks during creation and assembly like the RAID1 discipline.
198: <li>Corrected raidlevel verification specified by the -c option in <a
199: href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>.
200:
201: <li>Introduced kern.video.record for <a
202: href="https://man.openbsd.org/video.4">video(4)</a> devices, a privacy feature analog
203: to the kern.audio.record <a
204: href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a
205: href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By
206: default, kern.video.record will be set to zero and blank all data
207: delivered by drivers attaching to <a
208: href="https://man.openbsd.org/video.4">video(4)</a>.
209: <li>Allowed a process to open a <a
210: href="https://man.openbsd.org/video.4">video(4)</a> device multiple
211: times. Fixes webcam usage with Firefox and BigBlueButton.
212: <li>Enabled multiple opens of a <a
213: href="https://man.openbsd.org/video.4">video(4)</a> device as
214: described in the V4L2 specification.
1.9 benno 215:
1.15 benno 216: <li>Added basic support for kclock timeouts to <a
217: href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
218: <li>Changed the <a href="https://man.openbsd.org/pool.9">pool(9)</a>
219: timeouts to use the system uptime instead of ticks.
1.9 benno 220: <li>Ensured <a href="https://man.openbsd.org/sleep.3">sleep(3)</a>
221: calls <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a>
222: if seconds is zero, now delegating all decisions about whether or not
223: to yield the CPU.
1.5 benno 224: <li>Added a top-level 'reboot' command to <a
225: href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
226: <li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a>
227: check for uninitialized (or zeroed) lock usage.
228: <li>Added fd close notification for kqueue-based <a
229: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
230: href="https://man.openbsd.org/select.2">select(2)</a>.
231: <li>Added a global "nowake" channel for threads avoiding <a
232: href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a
233: href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>.
1.15 benno 234:
1.5 benno 235: <li>Added trace points for <a
236: href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a
237: href="https://man.openbsd.org/free.9">free(9)</a>, making them
238: traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a
239: href="https://man.openbsd.org/btrace.8">btrace(8)</a>.
1.15 benno 240: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> -n
241: (no action) mode, which parses the program and then exits.
1.9 benno 242: <li>Fixed a boot-time crash on sparc64 due to mutex use during the
243: message buffer initialization.
1.15 benno 244: <li>Prevented a panic in some ACPI firmware that provided invalid
1.9 benno 245: memory regions in their reserved memory region reporting table.
246:
1.10 benno 247:
248: <li>Added a barrier between reading the cqe flags and the command ID
249: to prevent completion of the wrong scsi io for <a
250: href="https://man.openbsd.org/nvme.4">nvme(4)</a> drives.
251: <li>Prevent <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>
252: attachment to devices with size zero.
1.9 benno 253: <li>Introduced new function <a
254: href="https://man.openbsd.org/if_unit.9">if_unit(9)</a>, returning a
255: pointer to the interface descriptor corresponding to the unique name.
1.10 benno 256: <li>Clear interrupts on luna88k processors more efficiently at boot
257: time.
258: <li>Added <a
259: href="https://man.openbsd.org/acpiiort.4">acpiiort(4)</a>, a driver
260: for the ACPI I/O Remapping Table.
1.15 benno 261: <li>Updated clock interrupt count atomically on mips64.
262: <li>Prevented an amd64 kernel crash with protection fault due to an
263: invalid offset when reading /dev/kmem.
264: <li>Permitted access to kern.somaxconn sysctl information when the
265: unix <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> is used,
266: allowing Go programs to use "unix" without also including "inet".
267: <li>Excluded the first page and added a guard page between I/O
268: virtual address space allocations on arm64.
1.5 benno 269:
1.3 benno 270:
271: <!-- SMP -->
272: <li>Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions.
273: <li>Introduced a system-wide mutex that serializes msgbuf operations.
1.5 benno 274: <li>Made <a href="https://man.openbsd.org/uvm_pagealloc.9">uvm_pagealloc(9)</a> of the physical memory allocator mp-safe.
1.9 benno 275: <li>Unlocked <a href="https://man.openbsd.org/getppid.2">getppid(2)</a>.
276: <li>Introduced locking for amaps and anons, improving build performance.
1.10 benno 277: <li>Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> as solock()'s backend to protect the whole layer.
1.15 benno 278: <li>Unlocked <a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
279: <li>Used per-CPU counter for fault and stats counters reached in uvm_fault().
1.10 benno 280:
1.3 benno 281:
282: <!-- DRM -->
283: <li>Implemented linux interval tree functions for <a href="https://man.openbsd.org/drm.4">drm(4)</a>.
284: <li>Fixed <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> display commands when using <a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on macppc.
285: <li>Changed from <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> to <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> for linux rwlocks.
286: <li>Fixed a panic associated with locks and <a href="https://man.openbsd.org/drm.4">drm(4)</a> on macppc with Powerbook5,6 and RV350.
287: <li>Revised the initialization of the <a href="https://man.openbsd.org/drm.4">drm(4)</a> Linux emulation layer to call it only when the first drm instance attaches.
1.5 benno 288: <li>Fixed DRI3 support on <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a href="https://man.openbsd.org/ati.4">ati(4)</a>.
1.10 benno 289: <li>Created /dev/ drm nodes with the same names as linux to simplify libdrm and negate the need for certain ports patches.
290:
291:
1.15 benno 292: <!-- VMM/VMD -->
1.10 benno 293:
294: <li>Prevented memory corruption or improper page access in <a
295: href="https://man.openbsd.org/vmm.4">vmm(4)</a> due to improper TLB
296: flushing for now by wiring the pages used by virtual machines.
1.15 benno 297: <li>Removed the ability of <a
298: href="https://man.openbsd.org/vmd.8">vmd(8)</a> to boot from kernels
299: in raw/qcow2 images.
300: <li>Made <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
301: properly indicate VMs are stopped instead of "running" with "vmctl
302: status".
303: <li>Cleaned up events on <a
304: href="https://man.openbsd.org/vmd.8">vmd(8)</a> pause or resume and
305: fixed an issue leading to broken serial console by cleanly tearing
306: down and restoring emulated device state on vm send/receive.
307: <li>Propagated host-side <a
308: href="https://man.openbsd.org/tap.4">tap(4)</a> lladdr to guest vm
309: process to allow unicast dhcp and bootp renewals with <a
310: href="https://man.openbsd.org/vmd.8">vmd(8)</a>'s built-in dhcp
311: server.
312:
1.3 benno 313:
314:
1.1 deraadt 315: </ul>
316:
317: <li>Various new userland features:
318: <ul>
1.3 benno 319: <li>Added <a
320: href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog"
321: option to avoid <a
322: href="https://man.openbsd.org/syslog.3">syslog(3)</a>.
323: <li>Allowed specific <a
324: href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used
325: for play-only and rec-only modes.
1.9 benno 326: <li>Use an 8th order FIR low-pass filter for resampling in <a
327: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> and for <a
328: href="https://man.openbsd.org/aucat.1">aucat(1)</a>, removing most of
329: the aliasing noise during resampling.
1.10 benno 330: <li>Disabled <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
331: autovolume by default and set the default volume to 127. Setting "-w
332: on" will replicate the previous behavior of automatically decreasing
333: playback volume when new programs start playing.
334: <li>Allowed mixing of alternative devices (-F) with different
335: capabilities in <a
336: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> by treating any
337: device as full-duplex.
1.15 benno 338: <li>Fixed visibility of <a
339: href="https://man.openbsd.org/sndioctl.1">sndioctl(1)</a> output when
340: used through a pipe.
341:
1.10 benno 342: <li>Enabled build and install of <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>.
343: <li>Added <a href="https://man.openbsd.org/logger.1">logger(1)</a>
344: support to <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>, <a
345: href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a> and <a
346: href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for daemons logging
347: to stdout/stderr.
348:
1.15 benno 349: <li>Added a configurable button mapping for tap gestures on touchpads
350: to <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
351: <li>Made <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>
352: touchpad tap detection less restrictive for multi-finger taps and
353: improved tap detection.
354: <li>Enable <a
355: href="https://man.openbsd.org/man4/arm64/apm.4">apm(4)</a> on arm64 to
356: display meaningful information about battery use and capacity.
1.10 benno 357:
358:
1.3 benno 359:
1.1 deraadt 360: </ul>
361:
362: <li>Various bugfixes and tweaks in userland:
363: <ul>
1.3 benno 364: <li>Fixed a pledge violation in <a
365: href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting
366: input from a file containing ^T would cause csh(1) to perform a tty
367: ioctl operation against a non-tty.
1.14 tb 368: <li>Made <a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a> work
369: again when fewer than 3 patches are available.
1.3 benno 370: <li>Stopped exempting file systems from <a
371: href="https://man.openbsd.org/security.8">security(8)</a> on the basis
372: of nodev and nosuid options, which may not be used for file systems
373: mounted beneath.
374: <li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a>
375: to stop reporting disk status and networking statistics.
376: <li>Made <a
377: href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify
378: a version when it uses <a
379: href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid
380: the situation where upgrading a pre-6.8 snapshot to 6.8 release with
381: "-r" would install firmware packages from snapshots.
382: <li>Increased speed of the dependency check pass for <a
383: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
384:
385: <li>Prevented process exit in multithreaded programs from reporting
386: the wrong error code.
387:
1.5 benno 388: <li>Allowed booting of amd64/i386 from 4TB GPT formatted disks.
389:
390: <li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a>
391: -n flag, correctly enumerate files with more than INT_MAX lines.
392: <li>Fixed a memory leak in ld.so's malloc.
1.15 benno 393:
1.9 benno 394: <li>Added a "xenodm" login class for <a
395: href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> and increased
396: openfiles to 512 to avoid running out of file descriptors with a busy
397: desktop.
1.15 benno 398: <li>Stopped <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
399: from adding authorizations for TCP connections by default and added
400: "listenTCP" to explicitly add authorizations for existing IP addresses
401: on startup.
402: <li>Skip <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
403: from adding the IPv6 link local addresses for TCP listener
404: authorizations, matching what is done by <a
405: href="https://man.openbsd.org/startx.1">startx(1)</a>.
406:
1.9 benno 407: <li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>.
408: <li>Improve pledge in <a
409: href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added
410: pledge to the "-C" code path.
1.6 otto 411: <li>Inproved performance of <a
412: href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s cache.
1.10 benno 413: <li>Made editing GPT in <a
414: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> safer by
415: defaulting offset to the beginning of the largest free space and
416: preventing the creation of overlapping partitions.
417: <li>Fixed a crash that could occur in <a
418: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when a usb
419: device is unplugged.
420: <li>Append .html suffixes to temporary files in <a
421: href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> to allow
422: recognition by browsers.
423: <li>Allow specification of a path to the <a
424: href="https://man.openbsd.org/mg.1">mg(1)</a> startup file on the
425: command line.
1.15 benno 426: <li>Added a "batch" mode to <a
427: href="https://man.openbsd.org/mg.1">mg(1)</a> via the "-b" command
428: line option which will initialize a pty, run the specified file of mg
429: commands and then exit.
430: <li>Inverted the <a href="https://man.openbsd.org/mg.1">mg(1)</a> "R"
431: indicator to mean that a "*" next to a file's name indicates that it
432: is read-only. Made the active buffer indicator more visible by
433: changing it to ">".
434:
435:
436:
437: <li>Fixed <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
438: redrawing of a multiline PS1 prompt in vi mode and added support for
439: ^R (redraw) in insert mode.
440: <li>Used <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to
441: restrict filesystem access in <a
442: href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
443: <li>Removed the 30s minimum delay for <a
444: href="https://man.openbsd.org/xlock.1">xlock(1)</a> timeouts.
445: <li>Stopped deleting the control socket on exit in <a
446: href="https://man.openbsd.org/apmd.8">apmd(8)</a> exit, as deleting
447: the socket in process after calling <a
448: href="https://man.openbsd.org/unveil.2">unveil(2)</a> would cause a
449: unveil restriction violation,
450:
1.10 benno 451:
452:
1.1 deraadt 453: </ul>
454:
455: <li>Improved hardware support and driver bugfixes, including:
456: <ul>
1.15 benno 457: <li>Corrected accounting of zero length Transfer Descriptors in <a
458: href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running
459: out of free Transfer Ring Blocks.
1.3 benno 460: <li>Moved mfokclock(4) from loongson to make it available for other
461: platforms and renamed it to <a
462: href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>.
463: <li>Fixed brightness setting on MacBooks.
464: <li>Added AMD Vi and Intel VTD IOMMU support. This creates separate
465: domains for each PCI device and can provide protection against invalid
466: memory access.
467: <li>Enabled brightness keys on powerbooks where the keyboard attaches
468: as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>.
469: <li>Set initial default display brightness on macppc via
470: of_setbrightness() to ensure <a
471: href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in
472: sync.
473: <li>Added the ClearFog GT 8K to <a
474: href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
475: <li>Added support for the PL2303HXN series chips to <a
476: href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>.
477: <li>Added support for the PCA9547 I2C mux to <a
478: href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>.
479: <li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>
480: with ACPI support.
481: <li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a
482: driver for ACPI generic event devices, used on te HoneyComb LX2K to
483: implement power button handling.
484: <li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>,
485: a driver for the GPIO controllers found on modern Intel PCHs.
486: <li>Added ACPI support to <a
487: href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
488: <li>Fixed panics on the HoneyComb LX2K with <a
489: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
490: <li>Fixed very old <a
491: href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the
492: INQUIRY command succeeds but with a residue equal to the requested
493: bytes.
1.5 benno 494: <li>Added Gemini Lake I2C id to <a
495: href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>, making the
496: touchpad work on the Teclast F7 Plus laptop.
1.10 benno 497: <li>Introduced <a href="https://man.openbsd.org/ujoy.4">ujoy(4)</a>, a
498: restricted subset of <a
499: href="https://man.openbsd.org/uhid.4">uhid(4)</a> for game controllers
500: which uses /dev/ujoy/* device nodes.
501: <li>Set up <a href="https://man.openbsd.org/ims.4">ims(4)</a> devices
502: in X11 to behave like touchpads.
503: <li>Stopped relying on USB devices to correctly present their
504: indices, instead searching for the correct interfaces. This fixes E+
505: Corp. DAC Audio devices.
506: <li>Introduced <a
507: href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>, a driver for
508: Logitech HID++ devices.
1.15 benno 509: <li>Separated reading of general and touchpad-specific <a
510: href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> settings and
511: corrected identification of device type when reading touchpad
512: parameters fails.
513:
514: <li>Added support for 30-bit color modes to <a
515: href="https://man.openbsd.org/simplefb.4">simplefb(4)</a>.
516: <li>Added <a href="https://man.openbsd.org/wsfb.4">wsfb(4)</a>
517: support for 30-bit color.
1.10 benno 518:
1.15 benno 519: <li>Made loongson kernels recognize Lynloong LM9002/9003 and LM9013 models.
520: <li>Use native display resolution 1368x768 for Lynloong all-in-one computers.
1.1 deraadt 521: </ul>
522:
523: <li>New or improved network hardware support:
524: <ul>
1.3 benno 525: <li>Fixed link state change behavior in 82598 <a
526: href="https://man.openbsd.org/ix.4">ix(4)</a> chips.
527: <li>Fixed issues with network stopping after the first down/up cycle
528: in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada
529: Ethernet device.
530: <li>Added SFP+ support to ofw, including support for direct attach cables.
531: <li>Added 10G media support to <a
532: href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
533: <li>Added support for 1000base-x and 2500base-x connections to <a
534: href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
535: <li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a
536: driver for Marvel "SOHO" switches.
1.5 benno 537: <li>Enabled auto-negotiation on the SerDes links, allowing
538: in-band-status to work between <a
539: href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a
540: href="https://man.openbsd.org/mvsw.4">mvsw(4)</a> on the ClearFog GT
541: 8K.
542: <li>Added support for the i.MX8MP PCIe clocks, USB clocks and second
543: ethernet.
544: <li>Added Wake on LAN support to <a
545: href="https://man.openbsd.org/rge.4">rge(4)</a>.
546: <li>Enabled IPv4 and TCP/UDP checksum offload on transmission in <a
547: href="https://man.openbsd.org/ogx.4">ogx(4)</a>.
1.10 benno 548: <li>Raised the maximum number of queues/interrupts from 1 to 16 on <a
549: href="https://man.openbsd.org/mcx.4">mcx(4)</a> devices.
550: <li>Added support for the Netgear ProSecure UTM25 to octeon.
1.15 benno 551: <li>Added vid/pid table to <a
552: href="https://man.openbsd.org/umb.4">umb(4)</a> allowing matching to
553: alternate configurations.
1.1 deraadt 554: </ul>
555:
556: <li>Added or improved wireless network drivers:
557: <ul>
1.3 benno 558: <li>Fixed <a href="https://man.openbsd.org/athn.4">athn(4)</a> in
559: client mode against APs that use WPA1/TKIP as the group cipher.
560: <li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
561: against access points using WPA1/TKIP as the group cipher.
562: <li>Added multicast support to <a
563: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6.
564: <li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
565: repeated DEAUTH and loss/restoration of link.
1.5 benno 566: <li>Introduced a delay to work around an issue in <a
567: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> on the BCM43602 that
568: was triggering "unexpected pairwise key update" errors.
1.9 benno 569: <li>Enabled <a href="https://man.openbsd.org/athn.4">athn(4)</a> for arm64.
1.10 benno 570: <li>Added support for version 7 of the <a
571: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> PCIe interface.
1.17 stsp 572: <li>Implemented RA (new 11n Tx rate adaptation) in <a
1.15 benno 573: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
574: href="https://man.openbsd.org/iwn.4">iwn(4)</a>.
575: <li>Prevented a WPA failure in <a
576: href="https://man.openbsd.org/ipw.4">ipw(4)</a> due to a state
577: mismatch between firmware and net80211 during the association
578: sequence.
579: <li>Ensured WEP and plaintext interface link state update by <a
580: href="https://man.openbsd.org/ipw.4">ipw(4)</a>.
581: <li>Made <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attach to
582: AX201 devices with PCI ID 0x34f0. Needs <a
583: href="https://man.openbsd.org/fw_update.1">fw_update(1)</a>.
584: <li>Fixed a problem where <a
585: href="https://man.openbsd.org/iwn.4">iwn(4)</a> firmware would
586: generate bogus block ack requests and stall traffic.
1.1 deraadt 587: </ul>
588:
589: <li>IEEE 802.11 wireless stack improvements and bugfixes:
590: <ul>
1.5 benno 591: <li>Fixed the calculation of "maxlen" in <a
592: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
593: href="https://man.openbsd.org/iwx.4">iwx(4)</a> when there are
594: multiple MPDUs in one packet.
595: <li>Fixed 802.11 RSN capabilities announced to peers.
596: <li>Flushed the reorder buffer after gap timeout to prevent frames
597: from remaining in the buffer until the next frame is received.
598: <li>Avoided spurious "input packet decapsulations failed" errors in
599: <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with
600: A-MSDU enabled.
1.17 stsp 601: <li>Introduced RA, a new 11n Tx rate adaptation module for net80211.
1.15 benno 602: Unlike MiRa, RA does not attempt to precisely measure actual
603: throughput but simply deducts a loss percentage from the theoretical
604: throughput which can be achieved by a given MCS.
1.1 deraadt 605: </ul>
606:
607: <li>Generic network stack improvements and bugfixes:
608: <ul>
1.10 benno 609: <li>Removed the direct ACK on every other data segment. After
610: receiving a data segment, we were sending out two ACKs, the first one
611: in tcp_input() direct after receiving and the second ACK after the
612: userland or the sosplice task read some data out of the socket buffer.
613: This change removes the ACK in tcp_input(), saving processing time and
614: improving network performance.
615: <li>Removed the maxburst feature from tcp_output().
616: <li>Added a MONITOR feature to interfaces. Packets received on these
617: interfaces do not enter the network stack for further processing. This
618: can be used to watch traffic, for example with <a
619: href="https://man.openbsd.org/bpf.4">bpf(4)</a> without risk of the packets
620: interfering with the system.
621:
622: <li>Added etherbridge, the internals of a reusable learning bridge
623: interface providing common code reusable for other drivers needing a
624: mac learning bridge.
625: <li>Introduced <a href="https://man.openbsd.org/veb.4">veb(4)</a>, a
626: Virtual Ethernet Bridge driver.
1.3 benno 627:
1.15 benno 628: <li>Added the ability to force the selection of source IP address for
629: programs that do not specify a source IP, overriding the default
630: source IP selection algorithm. This is configurable via <a
631: href="https://man.openbsd.org/route.8">route(8)</a>
632: <tt>sourceaddr</tt> command.
633:
634: <li>Bring interfaces up when autoconfiguration for inetor inet6 is
635: enabled (AUTOCONF4 or AUTOCONF6 flags).
636: <li>Adjust terminology in <a
637: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to refer to
638: "temporary address extensions" rather than the former "privacy
639: extensions," including the addition of an AUTOCONF6TEMP flag (to
640: replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy
641: option if <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
642: has been deprecated.
643: <li>Made it possible to disable the "autoconf" flag but keep
644: "temporary" enabled in <a
645: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
646: <li>For IPv6 addresses, added tracking of address proposal creation
647: times to be able to establish total lifetime. This information is used
648: to renew pltime/vltime of privacy addresse per RFC 4941.
1.3 benno 649:
1.15 benno 650: <li>Prevented kernel reuse of mbuf memory when generating the ICMP6
651: response to an IPv6 packet.
652: <li>Use the toeplitz hash algorithm to a flowid for tcp packets,
653: which in turn is used to choose the tx ring on network cards with
654: multiple rings.
655: <li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc
656: by keeping track of allowed ips pointer correctly.
657: <li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> ioctl to
658: handle multiple wgpeers.
659: <li>Fixed a race between tx/rx handshakes in <a
660: href="https://man.openbsd.org/wg.4">wg(4)</a>.
661: <li>Prevented a potential hang when trying to remove a <a
662: href="https://man.openbsd.org/tun.4">tun(4)</a> interface.
663: <li>Used the correct rdomain when adding and deleting routes with <a
664: href="https://man.openbsd.org/mpip.4">mpip(4)</a> and <a
665: href="https://man.openbsd.org/mpw.4">mpw(4)</a>.
666: <li>Made <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
667: "-mplslabel" work with <a
668: href="https://man.openbsd.org/mpw.4">mpw(4)</a>.
1.1 deraadt 669: </ul>
670:
1.15 benno 671: <li>Installer and upgrade improvements:
1.1 deraadt 672: <ul>
1.5 benno 673: <li>Prevented a race in <a
674: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep
675: which could cause autoinstall to fail by calling <a
676: href="https://man.openbsd.org/ftp.1">ftp(1)</a> without a local
677: address.
678: <li>Fixed hangs on amd64 bsd.rd due to misreported core clock
679: frequency on newer Intel Comet Lake models.
1.15 benno 680: <li>Began distributing the gzip'd version of bsd.rd on all platforms
681: with boot methods supporting it.
682: <li>Fixed a problem which prevented use of <a
683: href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> when an
684: interface failed to come up and <a
685: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> didn't
686: notice link-timeout expiration.
687: <li>Prevented <a
688: href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> from
689: adjusting the swap 'b' partition size if physmem is zero to keep the
690: auto-allocate code from putting a filesystem on that partition.
691: <li>Emulate "[inet] autoconf" <a
692: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> lines
693: with "dhcp" so users testing <a
694: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> will
695: still be able to upgrade manually while the installer uses only <a
696: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
1.5 benno 697:
1.1 deraadt 698: </ul>
699:
700: <li>Security improvements:
701: <ul>
1.3 benno 702: <li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used.
1.15 benno 703: <li>Removed workaround permitting Go executables to do syscalls directly, forcing them to use shared libc like all other dynamic binaries.
1.1 deraadt 704: </ul>
705:
706: <li>Routing daemons and other userland network improvements:
707: <ul>
1.15 benno 708: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> daemon saw the following changes:
709: <ul>
1.3 benno 710: <li>Fixed a memory leak when parsing <a
711: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists.
712: <li>Stopped allowing configuration of the same neighbor multiple
713: times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
1.5 benno 714: <li>When exporting prefixes from multiple sessions in <a
715: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> into the same <a
716: href="https://man.openbsd.org/pf.4">pf(4)</a> table, now prefixes are
717: only removed from the table when withdrawn from all sessions that
718: announced them.
719: <li>Introduced a send hold timer in <a
720: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to detect stalls on
721: the sending side of a TCP connection, acting as a last resort to
722: detect faulty peers.
723: <li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
724: "show sets" to display information about the roa-set, as-sets and
725: prefix-sets loaded into <a
726: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
1.10 benno 727: <li>Introduced the <a
728: href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> per
729: neighbor and global config option "reject as-set yes/no" to allow
730: rejection of received UPDATES with AS_SET segments. These rejected
731: prefixes can be viewed with <a
732: href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> "show rib in
733: error".
734: <li>Properly implemented "rde med compare strict" in <a
735: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and ensured that the
736: order of prefixes is always correct.
737: <li>Added RTR support to <a href="https://man.openbsd.org/bgpd.8">OpenBGPD</a>.
738: <li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
739: "show rtr" to display basic information about RTR sessions.
740: <li>Introduced <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
741: <code>rde evaluate all</code> to work around path hiding in IXP
742: route-server environments.
1.15 benno 743: </ul>
1.10 benno 744:
1.15 benno 745: <li>The <a
746: href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and <a
747: href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> routing
748: daemons saw various internal refactoring to keep the code similar to
749: changes in other routing daemons and improve maintainability.<br>
750: Additionally, support was added in <a
751: href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> for interfaces
752: that share the same IP.
1.10 benno 753:
1.15 benno 754: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and it's userland utility:
755: <ul>
756: <li>Relaxed checks in <a
757: href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a
758: href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid
759: routing domain, even if it does not yet exist.
760: <li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>
761: detect and reject bogus ranges before loading the ruleset to prevent a
762: panic.
763: <li>Changed route-to in <a
764: href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> to send
765: packets to IPs instead of interfaces.
766: <li>Changed pf_route so <a
767: href="https://man.openbsd.org/pf.4">pf(4)</a> only runs when packets
768: enter and leave the stack. Running the same packet through pf multiple
769: times creates confusion for the state table. By default, pf states are
770: floating, meaning that packets are matched to states regardless of
771: which interface they're going over. This diff avoids multiple pf(4)
772: traversals of one packet causing confusion in the state table.
773: <li>Prevented the kernel from being stuck in an endless recursion
774: during TCP path MTU discovery when <a
775: href="https://man.openbsd.org/pf.4">pf(4)</a> changes the routing
776: table when sending packets.
777: <li>When cutting off the head of an overlapping fragment during <a
778: href="https://man.openbsd.org/pf.4">pf(4)</a> reassembly, reinserted
779: the fragment into the lookup table with the correct index.
780: </ul>
1.5 benno 781:
1.15 benno 782: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
783: <ul>
1.3 benno 784: <li>Added support to request IP addresses as IKEv2 initiator to <a
785: href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr
786: 0.0.0.0' is configured, any address will be accepted.
787: <li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept
788: ANY dynamic address with 'request addr 0.0.0.0'.
789: <li>Added 'dynamic' keyword to <a
790: href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow
791: configuration of flows to dynamically assigned addresses.
792: <li>Added the 'any' keyword to <a
793: href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for
794: requests to allow "request address any".
795: <li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a>
796: support for ASN1_DN ipsec identifiers.
797: <li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a>
798: "from dynamic," installing flows where "dynamic" is replaced by the
799: received dynamic IP address.
800: <li>Made sure not to replace 0.0.0.0 with a dynamic address in <a
801: href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network
802: address.
803: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s
804: socket option to specify a control socket.
805: <li>Used a counter instead of random IV for AES-GCM in <a
806: href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the
807: risk of random collisions.
808: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
809: support for multiple address pools.
810: <li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a>
811: "set stickyaddress" option, which attempts to assign the same "config
812: address" when an IKESA is negotiated with the DSTID of an existing
813: IKESA.
814: <li>Ensured rekeying of every child SA in <a
815: href="https://man.openbsd.org/iked.8">iked(8)</a>.
1.5 benno 816: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> support
817: for RSASSA-PSS signature verification (RFC 7427).
818: <li>Corrected the first packet of an <a
819: href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> SA to have
820: sequence number 1.
821: <li>Accepted reject and blackhole routes for IPsec PMTU discovery.
822: <li>Prevented leaking of ipsec_hosts in <a
823: href="https://man.openbsd.org/iked.8">iked(8)</a> when building
824: hosts_list.
825: <li>Prevented initiation of new additional SAs for each policy upon
826: every <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> config
827: reload.
828: <li>Fixed "any" and "dynamic" keywords for flows in <a
829: href="https://man.openbsd.org/iked.8">iked(8)</a> and added proper
830: IPv6 support.
1.9 benno 831: <li>Created a path MTU host route for <a
832: href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> over IPv6.
1.10 benno 833: <li>Added support for INVALID_KE_PAYLOAD in <a
834: href="https://man.openbsd.org/iked.8">iked(8)</a> CREATE_CHILD_SA
835: exchange.
836: <li>Added support for RSA-PSS PKCS1 signatures to <a
837: href="https://man.openbsd.org/iked.8">iked(8)</a>.
838: <li>Fixed path MTU discovery for ESP tunnels in IPv6.
839: <li>Upgraded to OpenSSL 1.1 compatible crypto API in <a
840: href="https://man.openbsd.org/iked.8">iked(8)</a>.
841: <li>Added an optional "group none" transform for child SAs in <a
842: href="https://man.openbsd.org/iked.8">iked(8)</a> to ensure the
843: ability to negotiate optional PFS.
844: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
845: dynamic address configuration for roadwarrior clients, with a new
846: "iface" config option which can be used to specify an interface for
847: the virtual addresses received from the peer.
1.15 benno 848: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a>
849: interop problem with strongswan if make-before-break is enabled.
850: </ul>
1.3 benno 851:
1.16 tb 852: <li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements:
1.15 benno 853: <ul>
854: <li>Prevented a crash due to
855: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port
856: 443 with missing TLS certificates.
857: <li>Created a new "location (found|notfound)" option for
858: <a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow
859: testing for resource path existence.
860: <li>Added a directive to <a
861: href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path
862: is accessible.
863: <li>Fixed detection of duplicate locations in <a
864: href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
865: <li>Fixed leak of access and error log filenames on config reload in
866: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
867: <li>Avoid leaking the log message in
868: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s
869: server_sendlog.
870: <li>Incorrect order of
871: <a href="https://man.openbsd.org/close.2">close(2)</a> and
872: <a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a>
1.16 tb 873: together with a bug in libssl led to leaking memory in
1.15 benno 874: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
875: for each TLS connection.
876: <li>Fixed the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
877: example configuration not to generate errors when running without TLS
878: keys already in place.
879: <li>Optimize disk reads of
880: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
881: by using st_blocksize as high water mark instead of
882: the socket buffer size.
883: </ul>
1.3 benno 884:
1.15 benno 885: <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> received the following new features and bugfixes:
886: <ul>
887: <li>Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support
888: to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
889: <li>Supported use of more than one URI in the TAL file for <a
890: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>,
891: sorting with a preference for https.
892: <li>Validated ghostbuster records (RFC 6493) in <a
893: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
894: <li>Fixed <a
895: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> checks
896: for the manifest validity interval.
897: <li>The connection is now killed when the rsync server stalls.
898: <li>Limited the URL embedded in .cer files in <a
899: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to
900: alphanumeric characters and punctuation.
901: <li>Added <a
902: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -V
903: option to show version.
904: <li>Included the default cert.pem file path in tls_load_file error
905: messages in <a
906: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
907: </ul>
1.3 benno 908:
1.15 benno 909: <li>The <a href="https://man.openbsd.org/dig.1">dig(1)</a> DNS utility received the following updates:
910: <ul>
1.5 benno 911: <li>Implemented RFC 8914 Extended DNS Errors for <a
912: href="https://man.openbsd.org/dig.1">dig(1)</a>.
913: <li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS
914: Client Subnet option (+subnet=).
915: <li>Fixed IPv6 link-local address handling for nameservers to talk to
916: and address to bind to in <a
917: href="https://man.openbsd.org/dig.1">dig(1)</a>.
1.15 benno 918: <li>Implemented ZONEMD (RFC 8976) in <a
919: href="https://man.openbsd.org/dig.1">dig(1)</a> to convey a message
920: digest of the content of a DNS zone.
921: </ul>
1.5 benno 922:
1.15 benno 923: <li>Changes to <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>:
924: <ul>
1.5 benno 925: <li>Fixed incorrect behavior when using <a
926: href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to
927: change the lease renew/rebind/expiry timing.
928: <li>Allowed the provision of <a
929: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on
930: "dhcp" lines in <a
931: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
1.15 benno 932: <li>Finished conversion of <a
933: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> timers to
934: allow monotonic accounting for the active lease.
935: </ul>
1.5 benno 936:
1.15 benno 937: <li>Two new daemons, <a
938: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a
939: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added.
940: These work alongside with <a
941: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
942: href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a
943: coherent and simple automatic configration of network interfaces and
944: DNS resolution.<br>
945: The two daemons are not enabled by default for now, but can be tested
946: by enableing them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>.
947: <ul>
948: <li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>
949: implements the DHCP protocol to acquire IPv4 address leases from
950: servers.
951: <li><a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
952: manages the content of <a
953: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> based
954: on nameserver proposals from dhcpleased(8) and slaacd(8).
955: </ul>
956: <li>Other userland network changes:
957: <ul>
958: <li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert
959: and key path inference for absolute paths.
960: <li>Fixed incorrect cast in a
961: <a href="https://man.openbsd.org/vsnprintf(3)">vsnprintf(3)</a>
962: error check
963: in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>.
964: <li>Applied <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
965: to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>.
1.5 benno 966:
1.3 benno 967: <li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to
968: drain the raw socket of packets received before we were fully setup to
969: avoid reporting ICMP responses intended for other instances of ping(8)
970: running in parallel.
1.10 benno 971: <li>Added <a href="https://man.openbsd.org/ping.8">ping(8)</a> -g
972: option to provide a visual display of packets received and lost.
1.3 benno 973:
974: <li>Changed <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
975: Duplicate Address Detection (DAD) to only generate a new address if we
976: are using Semantically Opaque Interface Identifiers.
977: <li>Handled an autoconf interface changing its rdomain in <a
978: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.
1.15 benno 979: <li>Completed <a
980: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> implementation
981: of RFC 8981 temporary address extensions.
982:
1.14 tb 983: <li>Do not leak the domains listed in
984: <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>'s
985: blocklist file on each config reload.
986: <li>Do not leak duplicate domain nodes when loading the
987: <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>
988: config.
1.3 benno 989: <li>Fixed rare crashes of <a
990: href="https://man.openbsd.org/unwind.8">unwind(8)</a> when DNS answers
991: are larger than the maximum imsg size.
1.9 benno 992: <li>Implemented <a
993: href="https://man.openbsd.org/unwind.8">unwind(8)</a> listening on
994: TCP.
1.10 benno 995: <li>Implemented DNS64 synthesis in <a
996: href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
997: <li>Disabled logging to <a
998: href="https://man.openbsd.org/syslog.3">syslog(3)</a> for libunbound
999: with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>. Does
1000: not prevent logging to stderr with "unwind -d".
1001:
1.3 benno 1002: <li>Removed the -L option from <a
1003: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
1004: <li>Added a simple --timeout implementation to <a
1005: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
1.15 benno 1006: <li>Added the <a href="https://man.openbsd.org/rsync.1">rsync(1)</a>
1007: option --no-motd to suppress the information output by the client at
1008: the start of a daemon transfer.
1.3 benno 1009: <li>Added support for the use of !command to <a
1010: href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that
1011: netstart has a late opportunity to perform network configuration.
1.5 benno 1012: <li>Make <a href="https://man.openbsd.org/rad.8">rad(8)</a> to handle
1013: multiple rdomains in a single daemon (instead of running it in
1014: multiple rdomains).
1015: <li>Added a specific headline to <a
1016: href="https://man.openbsd.org/netstat.1">netstat(1)</a> for TCP state
1017: and IP protocol.
1.9 benno 1018: <li>Handle permanent redirects (RFC 7538) in <a
1.5 benno 1019: href="https://man.openbsd.org/ftp.1">ftp(1)</a> fetch.
1.10 benno 1020: <li>Introduced <a href="https://man.openbsd.org/ftp.1">ftp(1)</a>
1021: support for sending the If-Modified-Since header while fetching over
1022: http or https. Switched to using the timestamps from the remote
1023: server's Last-Modified header if available when saving local files and
1024: introduced the ftp "-u" flag to disable this behavior.
1.15 benno 1025: <li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> set
1026: timestamps only on files.
1.10 benno 1027:
1.9 benno 1028: <li>Added requests for a new certificate without requiring -F when <a
1029: href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
1030: detects an added or removed SAN in the config file not reflected in
1031: the existing certificate on disk.
1032: <li>Print rewritten addresses in <a
1033: href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> logged with <a
1034: href="https://man.openbsd.org/pflog.4">pflog(4)</a> for rdr-to, nat-to
1035: and af-to rules.
1.10 benno 1036: <li>Removed the <a
1037: href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> traphandler
1038: process.
1039: <li>When calling <a
1040: href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> with
1041: AI_ADDRCONFIG, consider the routing domain when checking for available
1042: address families. This ensures that name resolution is only performed
1043: for the address families available in the rdomain.
1044: <li>Implemented the <a href="https://man.openbsd.org/nc.1">nc(1)</a>
1045: -D socket debug option in <a
1046: href="https://man.openbsd.org/tcpbench.1">tcpbench(1)</a>, allowing
1047: analysis of TCP connections.
1.14 tb 1048: <li>Avoid leaking the help text in
1049: <a href="https://man.openbsd.org/tcpbench.1">systat(8)</a>.
1050: <li>Simplify argument parsing of
1.15 benno 1051: <tt><a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> stop</tt>
1.14 tb 1052: thereby avoiding a
1053: <a href="https://man.openbsd.org/printf.3">printf(3)</a> "%s" NULL,
1054: a use of uninitialized and a dead else branch.
1.15 benno 1055: <li>Increased the maximum length for CHAP challenges to 96 octets to
1056: ensure <a href="https://man.openbsd.org/npppd.8">npppd(8)</a> can
1057: handle longer challenges, such as those sent by Juniper.
1058: </ul>
1.1 deraadt 1059: </ul>
1060:
1061: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
1062: <ul>
1.5 benno 1063: <li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> synchronize-panes a pane option and added set-option -U flag to unset an option on all panes.
1.15 benno 1064: <li>Allowed use of ## and # in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> styles and added a "w" format modifier for width.
1065: <li>Added a -C flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> run-shell to use a tmux command rather than a shell command.
1066: <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> -N flag to never start the server even if the command would normally do so.
1067: <li>Added the new <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> -S flag to new-window to select the existing window if one with the given name already exists, rather than failing.
1068: <li>Added support for X11 color names and other variations for OSC 10/11 and added OSC 110 and 111 to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1069: <li>Removed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> support for popups where the content is provided directly to tmux.
1070: <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> "absolute-centre" alignment to use the center of the total space instead of the available space.
1071: <li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> split-window -Z to start the pane zoomed.
1072: <li>Added client-detached notification in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> control mode.
1073: <li>Changed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> search-again with vi keys to work like <a href="https://man.openbsd.org/vi.1">vi(1)</a>.
1.1 deraadt 1074: </ul>
1075:
1076: <li>OpenSMTPD 6.9.0
1077: <ul>
1.5 benno 1078: <li>Introduced <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>
1079: -a to perform authentication before sending a message.
1080: <li>Fixed a memory leak in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> resolver.
1081: <li>Prevented a crash due to premature release of resources by the <a
1082: href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> filter state
1083: machine.
1.12 eric 1084: <li>Switch to libtls internally.
1085: <li>Change the way SNI works in <a href="https://man.openbsd.org/smtpd.conf.5#pki~2">smtpd.conf(5)</a>.
1086: TLS listeners may be configured with multiple certificates,
1087: the matching is based on the names included in these certificates.
1088: <li>Allow to specify tls protocols and ciphers per listener and relay action.
1.15 benno 1089: <li>Allowed <a
1090: href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>
1091: specification of tls protocols and ciphers on relay actions.
1.5 benno 1092:
1.1 deraadt 1093: </ul>
1094:
1.15 benno 1095: <li>LibreSSL 3.2.5
1.1 deraadt 1096: <ul>
1097: <li>New Features
1098: <ul>
1.15 benno 1099:
1.11 benno 1100: <!-- taken from plus.html, not sorted into categories:
1.15 benno 1101:
1.3 benno 1102: <li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator.
1103: <li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a>
1104: to call its get_issuer() callback to try and find a suitable
1105: certificate in cases where it has failed to find a print certificate
1106: from the supplied roots and intermediates.
1107: <li>Corrected an issue where <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> verify might not error on expired certificates.
1108: <li>Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software.
1109: <li>Implemented auto chain for the TLSv1.3 server.
1110: <li>Implemented the key material exporter for TLSv1.3.
1.9 benno 1111: <li>Fixed problems which could arise with software such as bacula and icinga when a root certificate was specified as both a trusted and an untrusted certificate.
1112: <li>Added support for <a href="https://man.openbsd.org/SSL_get_shared_ciphers.3">SSL_get_shared_ciphers(3)</a> in TLSv1.3 and fixed to correctly return ciphers shared by the client and the server.
1.15 benno 1113: <li>Requested client certificate only when required in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
1114: <li>Enabled DTLSv1.2.
1.11 benno 1115: -->
1.3 benno 1116:
1.1 deraadt 1117: </ul>
1118:
1119: <li>API and Documentation Enhancements
1120: <ul>
1121: <li>...
1122: </ul>
1123:
1124: <li>Compatibility Changes
1125: <ul>
1126: <li>...
1127: </ul>
1128:
1129: <li>Testing and Proactive Security
1130: <ul>
1131: <li>...
1132: </ul>
1133:
1134: <li>Internal Improvements
1135: <ul>
1136: <li>...
1137: </ul>
1138:
1139: <li>Portable Improvements
1140: <ul>
1141: <li>...
1142: </ul>
1143:
1144: <li>Bug Fixes
1145: <ul>
1146: <li>...
1147: </ul>
1148: </ul>
1149:
1.15 benno 1150: <li>OpenSSH 8.5
1.3 benno 1151:
1.1 deraadt 1152: <ul>
1.3 benno 1153:
1.11 benno 1154: <!-- XXX taken from plus.html, not sorted into categories yet
1.3 benno 1155: <li>Preferred ed25519 signature algorithm variants over ECDSA in <a
1156: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a
1157: href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
1158: <li>Enabled <a
1159: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
1160: UpdateHostkeys by default when the configuration has not overridden
1161: UserKnownHostFile.
1162: <li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1163: keyboard interactive prompts with "user@host" for easier
1164: identification of connections.
1165: <li>Displayed any other hostnames/addresses associated with a new
1166: hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1167: prompts the user to accept it.
1168: <li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
1169: recursive upload or download of a read-only directory, ensured that
1170: the directory was created with write and execute permissions in the
1171: interim to allow the transfer.
1172: <li>Set the specified TOS/DSCP for interactive use prior to TCP
1173: connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
1174: <li>CLeaned up passing of struct passwd from monitor to preauth
1175: privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
1.5 benno 1176: <li>Added an <a
1177: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
1178: KnownHostsCommand that allows the client to obtain known_hosts data
1179: from a command in addition to the usual files.
1.9 benno 1180: <li>Made CheckHostIP default to "no" in <a
1181: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>.
1182: <li>Added PerSourceMaxStartups and PerSourceNetBlockSize options to
1183: <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
1.10 benno 1184: <li>Renamed the PubkeyAcceptedKeyTypes keyword to
1185: PubkeyAcceptedAlgorithms in <a
1186: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a
1187: href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
1188: <li>Renamed the HostbasedKeyTypes keyword in <a
1189: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and the
1190: HostbasedAcceptedKeyTypes keyword in <a
1191: href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> to
1192: HostbasedAcceptedAlgorithms.
1193: <li>Added PermitRemoteOpen to <a
1194: href="https://man.openbsd.org/ssh.1">ssh(1)</a> for remote dynamic
1195: forwarding with SOCKS.
1.15 benno 1196: <li>Released <a href="https://www.openssh.com/txt/release-8.5">OpenSSH 8.5</a>.
1.11 benno 1197: -->
1.3 benno 1198:
1.1 deraadt 1199: <li>Potentially incompatible changes.
1200: <ul>
1201: <li>...
1202: </ul>
1203: <li>New Features
1204: <ul>
1205: <li>...
1206: </ul>
1207: <li>Bugfixes
1208: <ul>
1209: <li>...
1210: </ul>
1211: </ul>
1212:
1213: <li>Ports and packages:
1.18 gnezdo 1214: <p>The package system provides an easy way to install 3rd party software. New features include:
1215: <ul>
1216: <li>Upgraded GHC (The Glasgow Haskell Compiler) to 8.10.3.
1217: <li>Reworked Haskell binary package builds using
1218: <a href="https://man.openbsd.org/cabal-module.5">cabal.port.mk</a>. This
1219: allowed new versions of preexisting Haskell packages and some
1220: notable new packages like pandoc and hledger.
1221: </ul>
1222:
1.1 deraadt 1223: <p>Many pre-built packages for each architecture:
1224: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1225: <ul style="column-count: 3">
1226: <li>aarch64: XXX
1227: <li>amd64: XXX
1228: <li>arm: XXX
1229: <li>i386: XXX
1230: <li>mips64: XXX
1231: <li>mips64el: XXX
1232: <li>powerpc: XXX
1233: <li>powerpc64: XXX
1234: <li>sparc64: XXX
1235: </ul>
1236:
1237: <li>As usual, steady improvements in manual pages and other documentation.
1238:
1239: <li>The system includes the following major components from outside suppliers:
1240: <ul>
1.5 benno 1241:
1242: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches,
1.10 benno 1243: freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 366,
1.5 benno 1244: xkeyboard-config 2.20, fonttosfnt 1.2.1 and more)
1.1 deraadt 1245: <li>LLVM/Clang 10.0.1 (+ patches)
1246: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.10 benno 1247: <li>Perl 5.32.1 (+ patches)
1.8 florian 1248: <li>NSD 4.3.6
1249: <li>Unbound 1.13.1
1.1 deraadt 1250: <li>Ncurses 5.7
1251: <li>Binutils 2.17 (+ patches)
1252: <li>Gdb 6.3 (+ patches)
1.5 benno 1253: <li>Awk December 18, 2020 version
1254: <li>Expat 2.2.10
1.1 deraadt 1255: </ul>
1256:
1257: </ul>
1258: </section>
1259:
1260: <hr>
1261:
1262: <section id=install>
1263: <h3>How to install</h3>
1264: <p>
1265: Please refer to the following files on the mirror site for
1266: extensive details on how to install OpenBSD 6.9 on your machine:
1267:
1268: <ul>
1269: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/alpha/INSTALL.alpha">
1270: .../OpenBSD/6.9/alpha/INSTALL.alpha</a>
1271: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/amd64/INSTALL.amd64">
1272: .../OpenBSD/6.9/amd64/INSTALL.amd64</a>
1273: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/arm64/INSTALL.arm64">
1274: .../OpenBSD/6.9/arm64/INSTALL.arm64</a>
1275: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/armv7/INSTALL.armv7">
1276: .../OpenBSD/6.9/armv7/INSTALL.armv7</a>
1277: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/hppa/INSTALL.hppa">
1278: .../OpenBSD/6.9/hppa/INSTALL.hppa</a>
1279: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/i386/INSTALL.i386">
1280: .../OpenBSD/6.9/i386/INSTALL.i386</a>
1281: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/landisk/INSTALL.landisk">
1282: .../OpenBSD/6.9/landisk/INSTALL.landisk</a>
1283: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/loongson/INSTALL.loongson">
1284: .../OpenBSD/6.9/loongson/INSTALL.loongson</a>
1285: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/luna88k/INSTALL.luna88k">
1286: .../OpenBSD/6.9/luna88k/INSTALL.luna88k</a>
1287: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/macppc/INSTALL.macppc">
1288: .../OpenBSD/6.9/macppc/INSTALL.macppc</a>
1289: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/octeon/INSTALL.octeon">
1290: .../OpenBSD/6.9/octeon/INSTALL.octeon</a>
1291: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/powerpc64/INSTALL.powerpc64">
1.4 landry 1292: .../OpenBSD/6.9/powerpc64/INSTALL.powerpc64</a>
1.1 deraadt 1293: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sgi/INSTALL.sgi">
1294: .../OpenBSD/6.9/sgi/INSTALL.sgi</a>
1295: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sparc64/INSTALL.sparc64">
1296: .../OpenBSD/6.9/sparc64/INSTALL.sparc64</a>
1297: </ul>
1298: </section>
1299:
1300: <hr>
1301:
1302: <section id=quickinstall>
1303: <p>
1304: Quick installer information for people familiar with OpenBSD, and the use of
1305: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1306: If you are at all confused when installing OpenBSD, read the relevant
1307: INSTALL.* file as listed above!
1308:
1309: <h3>OpenBSD/alpha:</h3>
1310:
1311: <p>
1312: If your machine can boot from CD, you can write <i>install69.iso</i> or
1313: <i>cd69.iso</i> to a CD and boot from it.
1314: Refer to INSTALL.alpha for more details.
1315:
1316: <h3>OpenBSD/amd64:</h3>
1317:
1318: <p>
1319: If your machine can boot from CD, you can write <i>install69.iso</i> or
1320: <i>cd69.iso</i> to a CD and boot from it.
1321: You may need to adjust your BIOS options first.
1322:
1323: <p>
1324: If your machine can boot from USB, you can write <i>install69.img</i> or
1325: <i>miniroot69.img</i> to a USB stick and boot from it.
1326:
1327: <p>
1328: If you can't boot from a CD, floppy disk, or USB,
1329: you can install across the network using PXE as described in the included
1330: INSTALL.amd64 document.
1331:
1332: <p>
1333: If you are planning to dual boot OpenBSD with another OS, you will need to
1334: read INSTALL.amd64.
1335:
1336: <h3>OpenBSD/arm64:</h3>
1337:
1338: <p>
1339: Write <i>miniroot69.img</i> to a disk and boot from it after connecting
1340: to the serial console. Refer to INSTALL.arm64 for more details.
1341:
1342: <h3>OpenBSD/armv7:</h3>
1343:
1344: <p>
1345: Write a system specific miniroot to an SD card and boot from it after connecting
1346: to the serial console. Refer to INSTALL.armv7 for more details.
1347:
1348: <h3>OpenBSD/hppa:</h3>
1349:
1350: <p>
1351: Boot over the network by following the instructions in INSTALL.hppa or the
1352: <a href="hppa.html#install">hppa platform page</a>.
1353:
1354: <h3>OpenBSD/i386:</h3>
1355:
1356: <p>
1357: If your machine can boot from CD, you can write <i>install69.iso</i> or
1358: <i>cd69.iso</i> to a CD and boot from it.
1359: You may need to adjust your BIOS options first.
1360:
1361: <p>
1362: If your machine can boot from USB, you can write <i>install69.img</i> or
1363: <i>miniroot69.img</i> to a USB stick and boot from it.
1364:
1365: <p>
1366: If you can't boot from a CD, floppy disk, or USB,
1367: you can install across the network using PXE as described in
1368: the included INSTALL.i386 document.
1369:
1370: <p>
1371: If you are planning on dual booting OpenBSD with another OS, you will need to
1372: read INSTALL.i386.
1373:
1374: <h3>OpenBSD/landisk:</h3>
1375:
1376: <p>
1377: Write <i>miniroot69.img</i> to the start of the CF
1378: or disk, and boot normally.
1379:
1380: <h3>OpenBSD/loongson:</h3>
1381:
1382: <p>
1383: Write <i>miniroot69.img</i> to a USB stick and boot bsd.rd from it
1384: or boot bsd.rd via tftp.
1385: Refer to the instructions in INSTALL.loongson for more details.
1386:
1387: <h3>OpenBSD/luna88k:</h3>
1388:
1389: <p>
1390: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1391: from the PROM, and then bsd.rd from the bootloader.
1392: Refer to the instructions in INSTALL.luna88k for more details.
1393:
1394: <h3>OpenBSD/macppc:</h3>
1395:
1396: <p>
1397: Burn the image from a mirror site to a CDROM, and power on your machine
1398: while holding down the <i>C</i> key until the display turns on and
1399: shows <i>OpenBSD/macppc boot</i>.
1400:
1401: <p>
1402: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1403: /6.9/macppc/bsd.rd</i>
1404:
1405: <h3>OpenBSD/octeon:</h3>
1406:
1407: <p>
1408: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1409: Refer to the instructions in INSTALL.octeon for more details.
1410:
1411: <h3>OpenBSD/powerpc64:</h3>
1412:
1413: <p>
1414: To install, write <i>install69.img</i> or <i>miniroot69.img</i> to a
1415: USB stick, plug it into the machine and choose the <i>OpenBSD
1416: install</i> menu item in Petitboot.
1417: Refer to the instructions in INSTALL.powerpc64 for more details.
1418:
1419: <h3>OpenBSD/sgi:</h3>
1420:
1421: <p>
1422: To install, burn cd69.iso on a CD-R, put it in the CD drive of your
1423: machine and select <i>Install System Software</i> from the System Maintenance
1424: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
1425: CD-ROM, and need a proper invocation from the PROM prompt.
1426: Refer to the instructions in INSTALL.sgi for more details.
1427:
1428: <p>
1429: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
1430: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
1431: system type. Refer to the instructions in INSTALL.sgi for more details.
1432:
1433: <h3>OpenBSD/sparc64:</h3>
1434:
1435: <p>
1436: Burn the image from a mirror site to a CDROM, boot from it, and type
1437: <i>boot cdrom</i>.
1438:
1439: <p>
1440: If this doesn't work, or if you don't have a CDROM drive, you can write
1441: <i>floppy69.img</i> or <i>floppyB69.img</i>
1442: (depending on your machine) to a floppy and boot it with <i>boot
1443: floppy</i>. Refer to INSTALL.sparc64 for details.
1444:
1445: <p>
1446: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1447: will most likely fail.
1448:
1449: <p>
1450: You can also write <i>miniroot69.img</i> to the swap partition on
1451: the disk and boot with <i>boot disk:b</i>.
1452:
1453: <p>
1454: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1455: </section>
1456:
1457: <hr>
1458:
1459: <section id=upgrade>
1460: <h3>How to upgrade</h3>
1461: <p>
1462: If you already have an OpenBSD 6.7 system, and do not want to reinstall,
1463: upgrade instructions and advice can be found in the
1464: <a href="faq/upgrade69.html">Upgrade Guide</a>.
1465: </section>
1466:
1467: <hr>
1468:
1469: <section id=sourcecode>
1470: <h3>Notes about the source code</h3>
1471: <p>
1472: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1473: This file contains everything you need except for the kernel sources,
1474: which are in a separate archive.
1475: To extract:
1476: <blockquote><pre>
1477: # <kbd>mkdir -p /usr/src</kbd>
1478: # <kbd>cd /usr/src</kbd>
1479: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1480: </pre></blockquote>
1481: <p>
1482: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1483: This file contains all the kernel sources you need to rebuild kernels.
1484: To extract:
1485: <blockquote><pre>
1486: # <kbd>mkdir -p /usr/src/sys</kbd>
1487: # <kbd>cd /usr/src</kbd>
1488: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1489: </pre></blockquote>
1490: <p>
1491: Both of these trees are a regular CVS checkout. Using these trees it
1492: is possible to get a head-start on using the anoncvs servers as
1493: described <a href="anoncvs.html">here</a>.
1494: Using these files
1495: results in a much faster initial CVS update than you could expect from
1496: a fresh checkout of the full OpenBSD source tree.
1497: </section>
1498:
1499: <hr>
1500:
1501: <section id=ports>
1502: <h3>Ports Tree</h3>
1503: <p>
1504: A ports tree archive is also provided. To extract:
1505: <blockquote><pre>
1506: # <kbd>cd /usr</kbd>
1507: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1508: </pre></blockquote>
1509: <p>
1510: Go read the <a href="faq/ports/index.html">ports</a> page
1511: if you know nothing about ports
1512: at this point. This text is not a manual of how to use ports.
1513: Rather, it is a set of notes meant to kickstart the user on the
1514: OpenBSD ports system.
1515: <p>
1516: The <i>ports/</i> directory represents a CVS checkout of our ports.
1517: As with our complete source tree, our ports tree is available via
1518: <a href="anoncvs.html">AnonCVS</a>.
1519: So, in order to keep up to date with the -stable branch, you must make
1520: the <i>ports/</i> tree available on a read-write medium and update the tree
1521: with a command like:
1522: <blockquote><pre>
1523: # <kbd>cd /usr/ports</kbd>
1524: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_9</kbd>
1525: </pre></blockquote>
1526: <p>
1527: [Of course, you must replace the server name here with a nearby anoncvs
1528: server.]
1529: <p>
1530: Note that most ports are available as packages on our mirrors. Updated
1531: ports for the 6.9 release will be made available if problems arise.
1532: <p>
1533: If you're interested in seeing a port added, would like to help out, or just
1534: would like to know more, the mailing list
1535: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1536: </section>