Annotation of www/69.html, Revision 1.5
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 6.9</title>
6: <meta name="description" content="OpenBSD 6.9">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/69.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 6.9
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/XXX.png">
21: <img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
22: <td>
1.2 kn 23: Released May 1, 2021.<br>
24: Copyright 1997-2021, Theo de Raadt.<br>
1.1 deraadt 25: <br>
26: 6.9 Song:
27: <a href="lyrics.html#69">"XXX"</a>.
28: <br>
29: Artwork by Siah Files.
30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <code class=reldir>pub/OpenBSD/6.9/</code> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata69.html">the 6.9 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus69.html">detailed log of changes</a> between the
39: 6.8 and 6.9 releases.
40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<p>
43:
44: <table class=signify>
45: <tr><td>
46: openbsd-69-base.pub:
47: <td>
48: <a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/openbsd-69-base.pub">
49: RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f</a>
50: <tr><td>
51: openbsd-69-fw.pub:
52: <td>
53: RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy
54: <tr><td>
55: openbsd-69-pkg.pub:
56: <td>
57: RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K
58: <tr><td>
59: openbsd-69-syspatch.pub:
60: <td>
61: RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR
62: </table>
63: </ul>
64: <p>
65: All applicable copyrights and credits are in the src.tar.gz,
66: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
67: files fetched via <code>ports.tar.gz</code>.
68: </table>
69:
70: <hr>
71:
72: <section id=new>
73: <h3>What's New</h3>
74: <p>
75: This is a partial list of new features and systems included in OpenBSD 6.9.
76: For a comprehensive list, see the <a href="plus69.html">changelog</a> leading
77: to 6.9.
78:
79: <ul>
80:
81: <li>New/extended platforms:
82: <ul>
1.3 benno 83: <li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a
84: driver for the framebuffer of the Aspeed BMC found on many POWER8 and
85: POWER9 systems.
86: <li>Added bsd.mp to powerpc64's installXX.{img,iso}.
87: <li>Added RETGUARD implementation for powerpc and powerpc64.
88: <li>Added powerpc64 retguard macros for setjmp/longjmp.
89: <li>Added retguard macros to powerpc64 locore functions.
90: <li>Added a workaround for PCIO devices that cannot address the full
91: 64-bit PCI address space to powerpc64. Needed for <a
92: href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a
93: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon
94: GPUs only implement 36, 40, or 44 bits of address space.
95: <li>Added limited emulation of unaligned access in the powerpc64 kernel.
96: <li>Changed <a href="https://man.openbsd.org/astfb.4">astfb(4)</a> to
97: allow it to become the console on powerpc64.
98: <li>Added support for passing a bootmac command line argument to
99: RAMDISK on powerpc64.
1.5 ! benno 100: <li>Fixed booting on powerpc64 machines with memory banks higher in
! 101: physical address space, needing a larger TCE table.
! 102: <li>Introduced power-saving mode on POWER9 (ISA v3).
1.3 benno 103:
104:
1.1 deraadt 105: </ul>
106:
107: <li>Improvements to time measurements, mostly in the kernel:
108: <ul>
109: <li>...
110: </ul>
111:
112: <li>Various kernel improvements:
113: <ul>
1.5 ! benno 114: <li>Added basic support for kclock timeouts to <a
! 115: href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
! 116: <li>Added a top-level 'reboot' command to <a
! 117: href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
! 118: <li>Fixed the "entry point at 0x10010000" hang reported on amd64
! 119: machines by using a 64MB block to load the kernel.
! 120: <li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a>
! 121: check for uninitialized (or zeroed) lock usage.
! 122: <li>Added fd close notification for kqueue-based <a
! 123: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
! 124: href="https://man.openbsd.org/select.2">select(2)</a>.
! 125: <li>Added a global "nowake" channel for threads avoiding <a
! 126: href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a
! 127: href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>.
! 128: <li>Corrected accounting of zero length Transfer Descriptors in <a
! 129: href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running
! 130: out of free Transfer Ring Blocks.
! 131: <li>Used per-CPU counter for fault and stats counters reached in uvm_fault().
! 132: <li>Introduced kern.video.record for <a
! 133: href="https://man.openbsd.org/video.4">video(4)</a> devices, an analog
! 134: to the kern.audio.record <a
! 135: href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a
! 136: href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By
! 137: default, kern.video.record will be set to zero and blank all data
! 138: delivered by drivers attaching to <a
! 139: href="https://man.openbsd.org/video.4">video(4)</a>.
! 140: <li>Added trace points for <a
! 141: href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a
! 142: href="https://man.openbsd.org/free.9">free(9)</a>, making them
! 143: traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a
! 144: href="https://man.openbsd.org/btrace.8">btrace(8)</a>.
! 145:
1.3 benno 146:
147: <!-- SMP -->
148: <li>Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions.
149: <li>Introduced a system-wide mutex that serializes msgbuf operations.
1.5 ! benno 150: <li>Made <a href="https://man.openbsd.org/uvm_pagealloc.9">uvm_pagealloc(9)</a> of the physical memory allocator mp-safe.
1.3 benno 151:
152: <!-- DRM -->
153: <li>Implemented linux interval tree functions for <a href="https://man.openbsd.org/drm.4">drm(4)</a>.
154: <li>Fixed <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> display commands when using <a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on macppc.
155: <li>Changed from <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> to <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> for linux rwlocks.
156: <li>Fixed a panic associated with locks and <a href="https://man.openbsd.org/drm.4">drm(4)</a> on macppc with Powerbook5,6 and RV350.
157: <li>Revised the initialization of the <a href="https://man.openbsd.org/drm.4">drm(4)</a> Linux emulation layer to call it only when the first drm instance attaches.
1.5 ! benno 158: <li>Fixed DRI3 support on <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a href="https://man.openbsd.org/ati.4">ati(4)</a>.
1.3 benno 159:
160:
1.1 deraadt 161: </ul>
162:
163: <li>Various new userland features:
164: <ul>
1.3 benno 165: <li>Added <a
166: href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog"
167: option to avoid <a
168: href="https://man.openbsd.org/syslog.3">syslog(3)</a>.
169: <li>Allowed specific <a
170: href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used
171: for play-only and rec-only modes.
172:
1.1 deraadt 173: </ul>
174:
175: <li>Various bugfixes and tweaks in userland:
176: <ul>
1.3 benno 177: <li>Fixed a pledge violation in <a
178: href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting
179: input from a file containing ^T would cause csh(1) to perform a tty
180: ioctl operation against a non-tty.
181: <li>Prevented a crash due to <a
182: href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port
183: 443 with missing TLS certificates.
184: <li>Stopped exempting file systems from <a
185: href="https://man.openbsd.org/security.8">security(8)</a> on the basis
186: of nodev and nosuid options, which may not be used for file systems
187: mounted beneath.
188: <li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a>
189: to stop reporting disk status and networking statistics.
190: <li>Made <a
191: href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify
192: a version when it uses <a
193: href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid
194: the situation where upgrading a pre-6.8 snapshot to 6.8 release with
195: "-r" would install firmware packages from snapshots.
196: <li>Increased speed of the dependency check pass for <a
197: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
198:
199: <li>Prevented process exit in multithreaded programs from reporting
200: the wrong error code.
201:
1.5 ! benno 202: <li>Allowed booting of amd64/i386 from 4TB GPT formatted disks.
! 203:
! 204: <li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a>
! 205: -n flag, correctly enumerate files with more than INT_MAX lines.
! 206: <li>Fixed a memory leak in ld.so's malloc.
! 207:
1.3 benno 208:
1.1 deraadt 209: </ul>
210:
211: <li>Improved hardware support and driver bugfixes, including:
212: <ul>
1.3 benno 213:
214: <li>Moved mfokclock(4) from loongson to make it available for other
215: platforms and renamed it to <a
216: href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>.
217: <li>Fixed brightness setting on MacBooks.
218: <li>Added AMD Vi and Intel VTD IOMMU support. This creates separate
219: domains for each PCI device and can provide protection against invalid
220: memory access.
221: <li>Enabled brightness keys on powerbooks where the keyboard attaches
222: as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>.
223: <li>Set initial default display brightness on macppc via
224: of_setbrightness() to ensure <a
225: href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in
226: sync.
227: <li>Added the ClearFog GT 8K to <a
228: href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
229: <li>Added support for the PL2303HXN series chips to <a
230: href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>.
231: <li>Added support for the PCA9547 I2C mux to <a
232: href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>.
233: <li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>
234: with ACPI support.
235: <li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a
236: driver for ACPI generic event devices, used on te HoneyComb LX2K to
237: implement power button handling.
238: <li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>,
239: a driver for the GPIO controllers found on modern Intel PCHs.
240: <li>Added ACPI support to <a
241: href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
242: <li>Fixed panics on the HoneyComb LX2K with <a
243: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
244: <li>Fixed very old <a
245: href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the
246: INQUIRY command succeeds but with a residue equal to the requested
247: bytes.
1.5 ! benno 248: <li>Added Gemini Lake I2C id to <a
! 249: href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>, making the
! 250: touchpad work on the Teclast F7 Plus laptop.
1.3 benno 251:
252: <!-- ARM64 -->
253: <li>Optimized arm64 <a
254: href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a
255: href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a
256: href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte
257: copies if possible.
258: <li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
259: <li>Added clock support for i.MX8MP.
260: <li>Added support for the VF610 I2C controller to <a
261: href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
262: <li>Fixed a panic seen with mbuf chains on arm64.
1.5 ! benno 263: <li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a
! 264: driver for the Synopsys DesignWare GPIO controller.
! 265: <li>Added "amlogic,meson-g12a-dwmac" to <a
! 266: href="https://man.openbsd.org/dwge.4">dwge(4)</a>.
! 267: <li>Added <a
! 268: href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support
! 269: for the "Always On" GPIOs.
! 270: <li>Added PCIe clocks to <a
! 271: href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>.
! 272: <li>Made large read and write transactions work in <a
! 273: href="https://man.openbsd.org/amliic.4">amliic(4)</a>.
! 274: <li>Added PCIe support to <a href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>.
! 275: <li>Added support to <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> for the PCIe controller found on Amlogic G12A/G12B/SM1 SoCs.
1.3 benno 276:
277:
1.1 deraadt 278: </ul>
279:
280: <li>New or improved network hardware support:
281: <ul>
1.3 benno 282: <li>Fixed link state change behavior in 82598 <a
283: href="https://man.openbsd.org/ix.4">ix(4)</a> chips.
284: <li>Fixed issues with network stopping after the first down/up cycle
285: in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada
286: Ethernet device.
287: <li>Added SFP+ support to ofw, including support for direct attach cables.
288: <li>Added 10G media support to <a
289: href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
290: <li>Added support for 1000base-x and 2500base-x connections to <a
291: href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
292: <li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a
293: driver for Marvel "SOHO" switches.
294:
1.5 ! benno 295: <li>Enabled auto-negotiation on the SerDes links, allowing
! 296: in-band-status to work between <a
! 297: href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a
! 298: href="https://man.openbsd.org/mvsw.4">mvsw(4)</a> on the ClearFog GT
! 299: 8K.
! 300: <li>Added support for the i.MX8MP PCIe clocks, USB clocks and second
! 301: ethernet.
! 302: <li>Added Wake on LAN support to <a
! 303: href="https://man.openbsd.org/rge.4">rge(4)</a>.
! 304: <li>Enabled IPv4 and TCP/UDP checksum offload on transmission in <a
! 305: href="https://man.openbsd.org/ogx.4">ogx(4)</a>.
! 306:
! 307:
1.1 deraadt 308: </ul>
309:
310: <li>Added or improved wireless network drivers:
311: <ul>
1.3 benno 312: <li>Fixed <a href="https://man.openbsd.org/athn.4">athn(4)</a> in
313: client mode against APs that use WPA1/TKIP as the group cipher.
314: <li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
315: against access points using WPA1/TKIP as the group cipher.
316: <li>Added multicast support to <a
317: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6.
318: <li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
319: repeated DEAUTH and loss/restoration of link.
1.5 ! benno 320: <li>Introduced a delay to work around an issue in <a
! 321: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> on the BCM43602 that
! 322: was triggering "unexpected pairwise key update" errors.
1.3 benno 323:
1.1 deraadt 324: </ul>
325:
326: <li>IEEE 802.11 wireless stack improvements and bugfixes:
327: <ul>
1.5 ! benno 328: <li>Fixed the calculation of "maxlen" in <a
! 329: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
! 330: href="https://man.openbsd.org/iwx.4">iwx(4)</a> when there are
! 331: multiple MPDUs in one packet.
! 332: <li>Fixed 802.11 RSN capabilities announced to peers.
! 333: <li>Flushed the reorder buffer after gap timeout to prevent frames
! 334: from remaining in the buffer until the next frame is received.
! 335: <li>Avoided spurious "input packet decapsulations failed" errors in
! 336: <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with
! 337: A-MSDU enabled.
! 338:
! 339:
1.1 deraadt 340: </ul>
341:
342: <li>Generic network stack improvements and bugfixes:
343: <ul>
1.3 benno 344: <li>Prevented kernel reuse of mbuf memory when generating the ICMP6
345: response to an IPv6 packet.
346: <li>Added the ability to force the selection of source IP address for
347: programs that do not specify a source IP, configurable via <a
348: href="https://man.openbsd.org/route.8">route(8)</a>.
349: <li>For IPv6 addresses, added tracking of address proposal creation
350: times to be able to establish total lifetime. This information is used
351: to renew pltime/vltime of privacy addresse per RFC 4941.
352: <li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc
353: by keeping track of allowed ips pointer correctly.
354:
355:
1.1 deraadt 356: </ul>
357:
358: <li>Installer improvements:
359: <ul>
1.5 ! benno 360: <li>Prevented a race in <a
! 361: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep
! 362: which could cause autoinstall to fail by calling <a
! 363: href="https://man.openbsd.org/ftp.1">ftp(1)</a> without a local
! 364: address.
! 365: <li>Fixed hangs on amd64 bsd.rd due to misreported core clock
! 366: frequency on newer Intel Comet Lake models.
! 367:
1.1 deraadt 368: </ul>
369:
370: <li>Improvements in the FFS2 filesystem:
371: <ul>
372: <li>...
373: </ul>
374:
375: <li>Security improvements:
376: <ul>
1.3 benno 377: <li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used.
1.1 deraadt 378: </ul>
379:
380: <li>Routing daemons and other userland network improvements:
381: <ul>
1.3 benno 382: <!-- BGP -->
383: <li>Fixed a memory leak when parsing <a
384: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists.
385: <li>Stopped allowing configuration of the same neighbor multiple
386: times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
1.5 ! benno 387: <li>When exporting prefixes from multiple sessions in <a
! 388: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> into the same <a
! 389: href="https://man.openbsd.org/pf.4">pf(4)</a> table, now prefixes are
! 390: only removed from the table when withdrawn from all sessions that
! 391: announced them.
! 392: <li>Introduced a send hold timer in <a
! 393: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to detect stalls on
! 394: the sending side of a TCP connection, acting as a last resort to
! 395: detect faulty peers.
! 396: <li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
! 397: "show sets" to display information about the roa-set, as-sets and
! 398: prefix-sets loaded into <a
! 399: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
! 400:
! 401:
1.3 benno 402: <!-- HTTPD -->
403: <li>Created a new "location (found|notfound)" option for <a
404: href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow
405: testing for resource path existence.
406: <li>Added a directive to <a
407: href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path
408: is accessible.
409: <li>Fixed detection of duplicate locations in <a
410: href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
411:
412:
413: <!-- IKE/IPSEC -->
414: <li>Added support to request IP addresses as IKEv2 initiator to <a
415: href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr
416: 0.0.0.0' is configured, any address will be accepted.
417: <li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept
418: ANY dynamic address with 'request addr 0.0.0.0'.
419: <li>Added 'dynamic' keyword to <a
420: href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow
421: configuration of flows to dynamically assigned addresses.
422: <li>Added the 'any' keyword to <a
423: href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for
424: requests to allow "request address any".
425: <li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a>
426: support for ASN1_DN ipsec identifiers.
427: <li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a>
428: "from dynamic," installing flows where "dynamic" is replaced by the
429: received dynamic IP address.
430: <li>Made sure not to replace 0.0.0.0 with a dynamic address in <a
431: href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network
432: address.
433: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s
434: socket option to specify a control socket.
435: <li>Used a counter instead of random IV for AES-GCM in <a
436: href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the
437: risk of random collisions.
438: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
439: support for multiple address pools.
440: <li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a>
441: "set stickyaddress" option, which attempts to assign the same "config
442: address" when an IKESA is negotiated with the DSTID of an existing
443: IKESA.
444: <li>Ensured rekeying of every child SA in <a
445: href="https://man.openbsd.org/iked.8">iked(8)</a>.
1.5 ! benno 446: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> support
! 447: for RSASSA-PSS signature verification (RFC 7427).
! 448: <li>Corrected the first packet of an <a
! 449: href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> SA to have
! 450: sequence number 1.
! 451: <li>Accepted reject and blackhole routes for IPsec PMTU discovery.
! 452: <li>Prevented leaking of ipsec_hosts in <a
! 453: href="https://man.openbsd.org/iked.8">iked(8)</a> when building
! 454: hosts_list.
! 455: <li>Prevented initiation of new additional SAs for each policy upon
! 456: every <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> config
! 457: reload.
! 458: <li>Fixed "any" and "dynamic" keywords for flows in <a
! 459: href="https://man.openbsd.org/iked.8">iked(8)</a> and added proper
! 460: IPv6 support.
1.3 benno 461:
462:
463: <!-- LDAP -->
464: <li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert
465: and key path inference for absolute paths.
466:
467:
468: <!-- PF -->
469: <li>Relaxed checks in <a
470: href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a
471: href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid
472: routing domain, even if it does not yet exist.
473:
1.5 ! benno 474: <li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>
! 475: detect and reject bogus ranges before loading the ruleset to prevent a
! 476: panic.
! 477:
! 478:
1.3 benno 479:
1.5 ! benno 480: <!-- dig -->
! 481: <li>Implemented RFC 8914 Extended DNS Errors for <a
! 482: href="https://man.openbsd.org/dig.1">dig(1)</a>.
! 483: <li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS
! 484: Client Subnet option (+subnet=).
! 485: <li>Fixed IPv6 link-local address handling for nameservers to talk to
! 486: and address to bind to in <a
! 487: href="https://man.openbsd.org/dig.1">dig(1)</a>.
! 488:
! 489: <!-- dhclient -->
! 490: <li>Fixed incorrect behavior when using <a
! 491: href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to
! 492: change the lease renew/rebind/expiry timing.
! 493: <li>Allowed the provision of <a
! 494: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on
! 495: "dhcp" lines in <a
! 496: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
! 497:
! 498:
! 499: <!-- other -->
1.3 benno 500: <li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to
501: drain the raw socket of packets received before we were fully setup to
502: avoid reporting ICMP responses intended for other instances of ping(8)
503: running in parallel.
504:
505: <li>Changed <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
506: Duplicate Address Detection (DAD) to only generate a new address if we
507: are using Semantically Opaque Interface Identifiers.
508: <li>Handled an autoconf interface changing its rdomain in <a
509: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.
510: <li>Fixed rare crashes of <a
511: href="https://man.openbsd.org/unwind.8">unwind(8)</a> when DNS answers
512: are larger than the maximum imsg size.
513: <li>Removed the -L option from <a
514: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
515: <li>Added a simple --timeout implementation to <a
516: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
517: <li>Added support for the use of !command to <a
518: href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that
519: netstart has a late opportunity to perform network configuration.
1.5 ! benno 520: <li>Make <a href="https://man.openbsd.org/rad.8">rad(8)</a> to handle
! 521: multiple rdomains in a single daemon (instead of running it in
! 522: multiple rdomains).
! 523: <li>Added a specific headline to <a
! 524: href="https://man.openbsd.org/netstat.1">netstat(1)</a> for TCP state
! 525: and IP protocol.
! 526: <li>Handled permanent redirects (RFC 7538) in <a
! 527: href="https://man.openbsd.org/ftp.1">ftp(1)</a> fetch.
1.3 benno 528:
1.1 deraadt 529: </ul>
530:
531: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
532: <ul>
1.5 ! benno 533: <li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> synchronize-panes a pane option and added set-option -U flag to unset an option on all panes.
1.1 deraadt 534: </ul>
535:
536: <li>OpenSMTPD 6.9.0
537: <ul>
1.5 ! benno 538: <li>Introduced <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>
! 539: -a to perform authentication before sending a message.
! 540: <li>Fixed a memory leak in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> resolver.
! 541: <li>Prevented a crash due to premature release of resources by the <a
! 542: href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> filter state
! 543: machine.
! 544:
1.1 deraadt 545: </ul>
546:
547: <li>LibreSSL 3.2.2
548: <ul>
549: <li>New Features
550: <ul>
1.3 benno 551: <!-- XXX not sorted into categories yet -->
552: <li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator.
553: <li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a>
554: to call its get_issuer() callback to try and find a suitable
555: certificate in cases where it has failed to find a print certificate
556: from the supplied roots and intermediates.
557: <li>Corrected an issue where <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> verify might not error on expired certificates.
558: <li>Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software.
559: <li>Implemented auto chain for the TLSv1.3 server.
560: <li>Implemented the key material exporter for TLSv1.3.
561:
562:
1.1 deraadt 563: </ul>
564:
565: <li>API and Documentation Enhancements
566: <ul>
567: <li>...
568: </ul>
569:
570: <li>Compatibility Changes
571: <ul>
572: <li>...
573: </ul>
574:
575: <li>Testing and Proactive Security
576: <ul>
577: <li>...
578: </ul>
579:
580: <li>Internal Improvements
581: <ul>
582: <li>...
583: </ul>
584:
585: <li>Portable Improvements
586: <ul>
587: <li>...
588: </ul>
589:
590: <li>Bug Fixes
591: <ul>
592: <li>...
593: </ul>
594: </ul>
595:
596: <li>OpenSSH 8.4
1.3 benno 597:
1.1 deraadt 598: <ul>
1.3 benno 599:
600: <!-- XXX not sorted into categories yet -->
601: <li>Preferred ed25519 signature algorithm variants over ECDSA in <a
602: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a
603: href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
604: <li>Enabled <a
605: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
606: UpdateHostkeys by default when the configuration has not overridden
607: UserKnownHostFile.
608: <li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
609: keyboard interactive prompts with "user@host" for easier
610: identification of connections.
611: <li>Displayed any other hostnames/addresses associated with a new
612: hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
613: prompts the user to accept it.
614: <li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
615: recursive upload or download of a read-only directory, ensured that
616: the directory was created with write and execute permissions in the
617: interim to allow the transfer.
618: <li>Set the specified TOS/DSCP for interactive use prior to TCP
619: connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
620: <li>CLeaned up passing of struct passwd from monitor to preauth
621: privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
1.5 ! benno 622: <li>Added an <a
! 623: href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
! 624: KnownHostsCommand that allows the client to obtain known_hosts data
! 625: from a command in addition to the usual files.
1.3 benno 626:
627:
1.1 deraadt 628: <li>Potentially incompatible changes.
629: <ul>
630: <li>...
631: </ul>
632: <li>New Features
633: <ul>
634: <li>...
635: </ul>
636: <li>Bugfixes
637: <ul>
638: <li>...
639: </ul>
640: </ul>
641:
642: <li>Ports and packages:
643: <p>Many pre-built packages for each architecture:
644: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
645: <ul style="column-count: 3">
646: <li>aarch64: XXX
647: <li>amd64: XXX
648: <li>arm: XXX
649: <li>i386: XXX
650: <li>mips64: XXX
651: <li>mips64el: XXX
652: <li>powerpc: XXX
653: <li>powerpc64: XXX
654: <li>sparc64: XXX
655: </ul>
656:
657: <li>As usual, steady improvements in manual pages and other documentation.
658:
659: <li>The system includes the following major components from outside suppliers:
660: <ul>
1.5 ! benno 661:
! 662: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches,
1.3 benno 663: freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 351,
1.5 ! benno 664: xkeyboard-config 2.20, fonttosfnt 1.2.1 and more)
1.1 deraadt 665: <li>LLVM/Clang 10.0.1 (+ patches)
666: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
667: <li>Perl 5.30.3 (+ patches)
1.5 ! benno 668: <li>NSD 4.3.4
! 669: <li>Unbound 1.13.0
1.1 deraadt 670: <li>Ncurses 5.7
671: <li>Binutils 2.17 (+ patches)
672: <li>Gdb 6.3 (+ patches)
1.5 ! benno 673: <li>Awk December 18, 2020 version
! 674: <li>Expat 2.2.10
1.1 deraadt 675: </ul>
676:
677: </ul>
678: </section>
679:
680: <hr>
681:
682: <section id=install>
683: <h3>How to install</h3>
684: <p>
685: Please refer to the following files on the mirror site for
686: extensive details on how to install OpenBSD 6.9 on your machine:
687:
688: <ul>
689: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/alpha/INSTALL.alpha">
690: .../OpenBSD/6.9/alpha/INSTALL.alpha</a>
691: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/amd64/INSTALL.amd64">
692: .../OpenBSD/6.9/amd64/INSTALL.amd64</a>
693: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/arm64/INSTALL.arm64">
694: .../OpenBSD/6.9/arm64/INSTALL.arm64</a>
695: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/armv7/INSTALL.armv7">
696: .../OpenBSD/6.9/armv7/INSTALL.armv7</a>
697: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/hppa/INSTALL.hppa">
698: .../OpenBSD/6.9/hppa/INSTALL.hppa</a>
699: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/i386/INSTALL.i386">
700: .../OpenBSD/6.9/i386/INSTALL.i386</a>
701: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/landisk/INSTALL.landisk">
702: .../OpenBSD/6.9/landisk/INSTALL.landisk</a>
703: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/loongson/INSTALL.loongson">
704: .../OpenBSD/6.9/loongson/INSTALL.loongson</a>
705: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/luna88k/INSTALL.luna88k">
706: .../OpenBSD/6.9/luna88k/INSTALL.luna88k</a>
707: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/macppc/INSTALL.macppc">
708: .../OpenBSD/6.9/macppc/INSTALL.macppc</a>
709: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/octeon/INSTALL.octeon">
710: .../OpenBSD/6.9/octeon/INSTALL.octeon</a>
711: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/powerpc64/INSTALL.powerpc64">
1.4 landry 712: .../OpenBSD/6.9/powerpc64/INSTALL.powerpc64</a>
1.1 deraadt 713: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sgi/INSTALL.sgi">
714: .../OpenBSD/6.9/sgi/INSTALL.sgi</a>
715: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sparc64/INSTALL.sparc64">
716: .../OpenBSD/6.9/sparc64/INSTALL.sparc64</a>
717: </ul>
718: </section>
719:
720: <hr>
721:
722: <section id=quickinstall>
723: <p>
724: Quick installer information for people familiar with OpenBSD, and the use of
725: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
726: If you are at all confused when installing OpenBSD, read the relevant
727: INSTALL.* file as listed above!
728:
729: <h3>OpenBSD/alpha:</h3>
730:
731: <p>
732: If your machine can boot from CD, you can write <i>install69.iso</i> or
733: <i>cd69.iso</i> to a CD and boot from it.
734: Refer to INSTALL.alpha for more details.
735:
736: <h3>OpenBSD/amd64:</h3>
737:
738: <p>
739: If your machine can boot from CD, you can write <i>install69.iso</i> or
740: <i>cd69.iso</i> to a CD and boot from it.
741: You may need to adjust your BIOS options first.
742:
743: <p>
744: If your machine can boot from USB, you can write <i>install69.img</i> or
745: <i>miniroot69.img</i> to a USB stick and boot from it.
746:
747: <p>
748: If you can't boot from a CD, floppy disk, or USB,
749: you can install across the network using PXE as described in the included
750: INSTALL.amd64 document.
751:
752: <p>
753: If you are planning to dual boot OpenBSD with another OS, you will need to
754: read INSTALL.amd64.
755:
756: <h3>OpenBSD/arm64:</h3>
757:
758: <p>
759: Write <i>miniroot69.img</i> to a disk and boot from it after connecting
760: to the serial console. Refer to INSTALL.arm64 for more details.
761:
762: <h3>OpenBSD/armv7:</h3>
763:
764: <p>
765: Write a system specific miniroot to an SD card and boot from it after connecting
766: to the serial console. Refer to INSTALL.armv7 for more details.
767:
768: <h3>OpenBSD/hppa:</h3>
769:
770: <p>
771: Boot over the network by following the instructions in INSTALL.hppa or the
772: <a href="hppa.html#install">hppa platform page</a>.
773:
774: <h3>OpenBSD/i386:</h3>
775:
776: <p>
777: If your machine can boot from CD, you can write <i>install69.iso</i> or
778: <i>cd69.iso</i> to a CD and boot from it.
779: You may need to adjust your BIOS options first.
780:
781: <p>
782: If your machine can boot from USB, you can write <i>install69.img</i> or
783: <i>miniroot69.img</i> to a USB stick and boot from it.
784:
785: <p>
786: If you can't boot from a CD, floppy disk, or USB,
787: you can install across the network using PXE as described in
788: the included INSTALL.i386 document.
789:
790: <p>
791: If you are planning on dual booting OpenBSD with another OS, you will need to
792: read INSTALL.i386.
793:
794: <h3>OpenBSD/landisk:</h3>
795:
796: <p>
797: Write <i>miniroot69.img</i> to the start of the CF
798: or disk, and boot normally.
799:
800: <h3>OpenBSD/loongson:</h3>
801:
802: <p>
803: Write <i>miniroot69.img</i> to a USB stick and boot bsd.rd from it
804: or boot bsd.rd via tftp.
805: Refer to the instructions in INSTALL.loongson for more details.
806:
807: <h3>OpenBSD/luna88k:</h3>
808:
809: <p>
810: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
811: from the PROM, and then bsd.rd from the bootloader.
812: Refer to the instructions in INSTALL.luna88k for more details.
813:
814: <h3>OpenBSD/macppc:</h3>
815:
816: <p>
817: Burn the image from a mirror site to a CDROM, and power on your machine
818: while holding down the <i>C</i> key until the display turns on and
819: shows <i>OpenBSD/macppc boot</i>.
820:
821: <p>
822: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
823: /6.9/macppc/bsd.rd</i>
824:
825: <h3>OpenBSD/octeon:</h3>
826:
827: <p>
828: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
829: Refer to the instructions in INSTALL.octeon for more details.
830:
831: <h3>OpenBSD/powerpc64:</h3>
832:
833: <p>
834: To install, write <i>install69.img</i> or <i>miniroot69.img</i> to a
835: USB stick, plug it into the machine and choose the <i>OpenBSD
836: install</i> menu item in Petitboot.
837: Refer to the instructions in INSTALL.powerpc64 for more details.
838:
839: <h3>OpenBSD/sgi:</h3>
840:
841: <p>
842: To install, burn cd69.iso on a CD-R, put it in the CD drive of your
843: machine and select <i>Install System Software</i> from the System Maintenance
844: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
845: CD-ROM, and need a proper invocation from the PROM prompt.
846: Refer to the instructions in INSTALL.sgi for more details.
847:
848: <p>
849: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
850: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
851: system type. Refer to the instructions in INSTALL.sgi for more details.
852:
853: <h3>OpenBSD/sparc64:</h3>
854:
855: <p>
856: Burn the image from a mirror site to a CDROM, boot from it, and type
857: <i>boot cdrom</i>.
858:
859: <p>
860: If this doesn't work, or if you don't have a CDROM drive, you can write
861: <i>floppy69.img</i> or <i>floppyB69.img</i>
862: (depending on your machine) to a floppy and boot it with <i>boot
863: floppy</i>. Refer to INSTALL.sparc64 for details.
864:
865: <p>
866: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
867: will most likely fail.
868:
869: <p>
870: You can also write <i>miniroot69.img</i> to the swap partition on
871: the disk and boot with <i>boot disk:b</i>.
872:
873: <p>
874: If nothing works, you can boot over the network as described in INSTALL.sparc64.
875: </section>
876:
877: <hr>
878:
879: <section id=upgrade>
880: <h3>How to upgrade</h3>
881: <p>
882: If you already have an OpenBSD 6.7 system, and do not want to reinstall,
883: upgrade instructions and advice can be found in the
884: <a href="faq/upgrade69.html">Upgrade Guide</a>.
885: </section>
886:
887: <hr>
888:
889: <section id=sourcecode>
890: <h3>Notes about the source code</h3>
891: <p>
892: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
893: This file contains everything you need except for the kernel sources,
894: which are in a separate archive.
895: To extract:
896: <blockquote><pre>
897: # <kbd>mkdir -p /usr/src</kbd>
898: # <kbd>cd /usr/src</kbd>
899: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
900: </pre></blockquote>
901: <p>
902: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
903: This file contains all the kernel sources you need to rebuild kernels.
904: To extract:
905: <blockquote><pre>
906: # <kbd>mkdir -p /usr/src/sys</kbd>
907: # <kbd>cd /usr/src</kbd>
908: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
909: </pre></blockquote>
910: <p>
911: Both of these trees are a regular CVS checkout. Using these trees it
912: is possible to get a head-start on using the anoncvs servers as
913: described <a href="anoncvs.html">here</a>.
914: Using these files
915: results in a much faster initial CVS update than you could expect from
916: a fresh checkout of the full OpenBSD source tree.
917: </section>
918:
919: <hr>
920:
921: <section id=ports>
922: <h3>Ports Tree</h3>
923: <p>
924: A ports tree archive is also provided. To extract:
925: <blockquote><pre>
926: # <kbd>cd /usr</kbd>
927: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
928: </pre></blockquote>
929: <p>
930: Go read the <a href="faq/ports/index.html">ports</a> page
931: if you know nothing about ports
932: at this point. This text is not a manual of how to use ports.
933: Rather, it is a set of notes meant to kickstart the user on the
934: OpenBSD ports system.
935: <p>
936: The <i>ports/</i> directory represents a CVS checkout of our ports.
937: As with our complete source tree, our ports tree is available via
938: <a href="anoncvs.html">AnonCVS</a>.
939: So, in order to keep up to date with the -stable branch, you must make
940: the <i>ports/</i> tree available on a read-write medium and update the tree
941: with a command like:
942: <blockquote><pre>
943: # <kbd>cd /usr/ports</kbd>
944: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_9</kbd>
945: </pre></blockquote>
946: <p>
947: [Of course, you must replace the server name here with a nearby anoncvs
948: server.]
949: <p>
950: Note that most ports are available as packages on our mirrors. Updated
951: ports for the 6.9 release will be made available if problems arise.
952: <p>
953: If you're interested in seeing a port added, would like to help out, or just
954: would like to know more, the mailing list
955: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
956: </section>