Annotation of www/70.html, Revision 1.32
1.1 benno 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.0</title>
6: <meta name="description" content="OpenBSD 7.0">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/70.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.0
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/XXX.png">
21: <img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
22: <td>
1.6 deraadt 23: Released Nov 1, 2021. (51st OpenBSD release)<br>
1.1 benno 24: Copyright 1997-2021, Theo de Raadt.<br>
25: <br>
26: 7.0 Song:
27: <a href="lyrics.html#70">XXX</a>.
28: <br>
29: Artwork by XXX.
30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <code class=reldir>pub/OpenBSD/7.0/</code> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata70.html">the 7.0 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus70.html">detailed log of changes</a> between the
1.4 jsg 39: 6.9 and 7.0 releases.
1.1 benno 40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<p>
43:
44: <table class=signify>
45: <tr><td>
46: openbsd-70-base.pub:
47: <td>
48: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/openbsd-70-base.pub">
49: RWR3KL+gSr4QZ5mOvKhcOOgGe61ogHp5PyBOj2RrmyCpqchk9A7NVPzh</a>
50: <tr><td>
51: openbsd-70-fw.pub:
1.11 deraadt 52: <td>
1.1 benno 53: RWS8nd7vy+I+fRHtnpxVBeX+P+9rBqJMPvSU6z8LYyAv5p73WcdFXs3B
54: <tr><td>
55: openbsd-70-pkg.pub:
1.11 deraadt 56: <td>
1.1 benno 57: RWR3iauEtA8/bLN/zfIQhOc5ramL/fARX72S6xw8BwAUebxik7KioCvL
58: <tr><td>
59: openbsd-70-syspatch.pub:
1.11 deraadt 60: <td>
1.1 benno 61: RWSD33kMDKsQH8j0Q8FzfYk+vsgTKiP8Q5DcrkQQtrZoWg48yxUQgLxU
62: </table>
63: </ul>
64: <p>
65: All applicable copyrights and credits are in the src.tar.gz,
66: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
67: files fetched via <code>ports.tar.gz</code>.
68: </table>
69:
70: <hr>
71:
72: <section id=new>
73: <h3>What's New</h3>
74: <p>
75: This is a partial list of new features and systems included in OpenBSD 7.0.
76: For a comprehensive list, see the <a href="plus70.html">changelog</a> leading
77: to 7.0.
78:
79: <ul>
80:
81: <li>New/extended platforms:
82: <ul>
1.3 jsg 83: <li>New <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V
84: systems.
1.1 benno 85: <li>Support for the <a href="powerpc64.html">powerpc64</a> platform was improved:
86: <ul>
87: <li>...
88: </ul>
89: <li>The arm64 platform support was improved with the following changes:
90: <ul>
1.29 benno 91: <li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a> driver for the Apple GPIO controller found on the M1 SoCs.
92: <li>Ensured <a href="https://man.openbsd.org/rkpwm.4">rkpwm(4)</a> can find the clock when using a recent device tree.
93: <li>Added RK3399 Type-C PHY clocks and PCIe PHY reference clocks to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
94: <li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
95: <li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
96: <li>Ensured (W)hole disk partitioning cannot be used if an "APFS ISC" is found on the disk, required for Apple M1 machines to boot.
97: <li>Added initial arm64 support for installing on a disk with a GPT.
98: <li>Added arm64 support for booting from disks with 4k sectors.
99: <li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
100: <li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
101: <li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple APFS ISC partition is detected and fdisk -ig otherwise. Created EFI SYS boot partitions only on ROOTDISK GPT disks.
102: <li>Relaxed criteria for recognizing GPT formatted media, allowing GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
103: <li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
104: <li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
105: <li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
106: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
1.1 benno 107: </ul>
1.29 benno 108: <li><span style="color:red;">architecture specific changes that need to be sorted</a>
109: <ul>
110: </li>Switched macppc to use <a href="https://man.openbsd.org/ld.lld">ld.lld.1(1)</a>.
111: </li>Made amd64 hw.setperf percentages proportional to the enhanced speed step frequencies on Intel processors. The default hw.setperf=99 corresponds to the maximum ordinary speed, and setting it to 100 enables turbo mode.
112: </li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
113: </li>Forced luna88k to use the serial console when no graphics board is found.
114: </li>Fixed strchr() and strrchr() on mips64.
115: </li>Added <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p" to prepare by creating a new filesystem on the partition reserved for the bootloader on relevant architectures.
116: </li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on sparc64.
117: </li>Introduced <a href="https://man.openbsd.org/sfclock.4">sfclock(4)</a>, a driver for the SiFive Power Reset Clocking Interrupt (PRCI).
118: </li>Introduced <a href="https://man.openbsd.org/sfcc.4">sfcc(4)</a>, a driver for the SiFive level two cache controller.
119: </li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
120: </li>Introduced <a href="https://man.openbsd.org/sfuart.4">sfuart(4)</a>, a driver for the SiFive UART, and added support for it as a console.
121: </li>Added the ability for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize "HiFive! FSBL" and "HiFive! BBL" GPT partitions.
122: </li>Enabled MSI-X support for powerpc64.
123: </li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
124: </li>Added GPT support to armv7 <a href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
125: </li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
126: </li>Prevented watchdog resets on some i.MX 64-bit machines with a recent U-Boot and watchdog enabled on boot in <a href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
127: </li>Created audio devices for armv7.
128: </li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
129: </li>Increased the maximum data size on powerpc64 to 32GB.
130: </li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
131: </li>Disabled base-gcc on amd64.
132: </li>Retired OpenBSD/sgi platform.
1.1 benno 133: </ul>
1.29 benno 134:
1.1 benno 135:
136: <li>Various kernel improvements:
137: <ul>
1.25 benno 138: <li>Introduced /etc/<a href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>, which can be used to configure the kernel using <a href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of KARL while making changes to the GENERIC kernel.
139: <li>Identified TPM2.0 devices and performed the 2.0-specific "suspend" command, allowing the lenovo xlr9 and xlnano using the latest BIOS (which added S3) to resume.
140: <li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
141: <li>Changed the printing of the hibernate image size from bytes to megabytes.
142: <li>Increased hibernate writeout speed.
143: <li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
144: <li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
145: <li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
146: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> display of time spent in userland when analyzing the kernel stack in the flame graph tool and fixed a parsing bug.
147: <li>Fixed suspend/resume of machines with certain <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> hardware.
148: <li>Delayed installation of sensors until a device with battery support is connected, allowing <a href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> devices.
149: <li>In the build system, pass make flags to kernel and lib builds, making hacking on ramdisks/the installer much faster.
150: <li>Prevented a kernel panic after VFS shutdown.
151: <li>Corrected various min/max cluster numbers for FAT12/16/32 in <a href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
152: <li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
153: <li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
154: <li>Added libexecinfo, a library providing backtrace functions.
155: <li>Relaxed media length checking to allow EFT GPT partitions to be smaller than the full disk.
156: <li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
157: <li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a> errno handling to match what Mesa expects and prevent failure to properly report timeouts.
158: <li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
159: <li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB.
160: <li>Increased the default buffer space on PF_UNIX sockets to 8k and made the values tuneable via <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
161: <li>Updated en_US.UTF-8.src to Unicode 13.0.
162: <li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
163: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, and powerpc64.
164: <li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> timer re-addition reset an existing timer to use the new timeout period.
1.1 benno 165: </ul>
166:
167: <li>SMP Improvements
168: <ul>
1.24 benno 169: <li>Made pmap_extract() mpsafe on hppa and amd64.
170: <li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code to prevent waiting on non-running CPUs.
171: <li>Made anonymous object reference counting independent from the KERNEL_LOCK().
172: <li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
173: <li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
174: <li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
175: <li>Used so_lock to protect key management (PF_KEY) sockets.
176: <li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
177: <li>Unlocked the top part of the fault handler.
1.1 benno 178: </ul>
179:
180: <li>Direct Rendering Manager
181: <ul>
1.8 jsg 182: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
183: to Linux 5.10.65
184: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
185: better support for Tiger Lake
186: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
187: support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
188: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
189: support for Cezanne "Green Sardine" Ryzen 5000 APU
1.1 benno 190: </ul>
191:
192: <li>VMM/VMD improvements
193: <ul>
1.19 benno 194: <li>Unlocked the top part of the VM fault handler on i386.
195: <li>Added a theoretical limit of 512 to the number of allocated vcpus in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
196: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
197: <li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
198: <li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
199: <li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large dhcp packets on local interfaces.
200: <li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
201: <li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
202: <li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
203: <li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
204: <li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> client "wait" state corruption in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is canceled and restarted, allowing multiple waiting clients.
205: <li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
1.1 benno 206: </ul>
207:
208: <li>Various new userland features:
209: <ul>
1.17 benno 210: <li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
211: <li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to retry up to 3 times on password authentication failure.
212: <li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal handler functions async-signal-safe.
213: <li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to consider two files sharing the same inode identical.
214: <li>Imported <a href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from NetBSD. timeout(1) can be used to run commands with a time limit.
215: <li>Removed from0 support from <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
216: <li>Added include and exclude options to <a href="https://man.openbsd.org/rsync.1">rsync(1)</a> usage message.
217: <li>Implemented reporting of supplemental groups in <a href="https://man.openbsd.org/ps.1">ps(1)</a>.
218: <li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a> to use stderr for printer error and informational messages. This allows easier parsing of what passwd(1) is doing if spawned from a GUI.
219: <li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a> per-device values when <a href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time mode ('b'), not normalizing based on the sleep interval.
220: <li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
221: <li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard the current input line when Ctrl-C is used during line editing and provide a fresh prompt rather than exiting the program.
222: <li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT initialization code, making -g independent of -i, leaving four mutually exclusive initialization options (-i, -b, -u and -A) with the last option specified executed (allowing the existing -i -g to work as intended).
223: <li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F null string behavior to ensure -F '' behaves consistently with -v FS="".
224: <li>Avoided a potential buffer overflow in backslash escaping in <a href="https://man.openbsd.org/awk.1">awk(1)</a>.
225: <li>Disallowed the use of an empty list between "while" and "do" in <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
226: <li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b and -l are treated as 512-byte block counts.
227: <li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A option to initialize a GPT without removing special boot partitions.
228: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> available to architectures other than amd64 and i386 and extended the syntax to allow specification of the boot partition type and offset.
229: <li>Adjusted density for partitions on a 4k disk in <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and density are not passed on the command line to ensure sufficient inodes to hold a src tree on a 2G fs.
230: <li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a> autoalloc code.
231: <li>Prevented base pkg tools from looking under /usr/local in general. <!-- ??? -->
232: <li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a> maximization and full-screen mode toggling to keep the cursor within the window, preventing focus loss.
233: <li>Added indication of whether an <a href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable for a startup file.
234: <li>Added "dired-jump" command to <a href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer containing the current buffer's directory location.
1.1 benno 235: </ul>
236:
1.30 benno 237: <li>Various bugfixes and tweaks in userland:
1.1 benno 238: <ul>
1.17 benno 239: <li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> login when ~./Xauthority does not exist.
240: <li>Disabled building all of the non-unicode fonts except for ISO8859-1.
1.30 benno 241:
242: <li>Fix crash in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when a manpath directory contained a symbolic link that pointed to a directory.
243: <li>Added support for two-character font names (BI, CW, CR, CB, CI) to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> layout font modifier.
244: <li>Supported auto-tagging for ".It Va" in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
245: <li>Fixed a crash in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when an input file contains <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input unsupported by -T <a href="https://man.openbsd.org/man.1">man(1)</a> output mode.
246: <li>Added a meta viewport element to the HTML output for <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> -Thtml.
247: <li>Implemented the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> layout modifiers "b" (bold) and "i" (italic) in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> HTML output mode.
248:
1.1 benno 249: </ul>
250:
251: <li>Improved hardware support and driver bugfixes, including:
252: <ul>
1.15 benno 253: <li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
254: <li>Prevented <a href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboards from changing the <a href="https://man.openbsd.org/wsmux.4">wsmux(4)</a> keyboard layout.
255: <li>Silently ignored invalid requests to change the encoding of a <a href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
256: <li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo Thinkpads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
257: <li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
258: <li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
259: <li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB ethernet devices.
260: <li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe ethernet adapters.
261: <li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
262: <li>Fixed a crash with i915 graphics by removing bogus Linux code that tried to deal with something that is impossible on OpenBSD.
263: <li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
264: <li>Added <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>, a driver for USB HID Consumer Control keyboards.
265: <li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
266: <li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
267: <li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
268: <li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
269: <li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
270: <li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
271: <li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
272: <li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a> and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
273: <li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
274: <li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
275: <li>Implemented 64-bit DMA mode in <a href="https://man.openbsd.org/cad.4">cad(4)</a>.
276: <li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
277: <li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
278: <li>Limited the workaround for AMD errata 400 ("APIC Timer Interrupt Does Not Occur in Processor C-States")to family 0fh and 10h.
279: <li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
280: <li>Stopped fatal error in <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> on failing to map visible VRAM.
281: <li>Disabled PPGTT on Intel machines with cherryview/braswell graphics to avoid memory corruption.
282: <li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
283: <li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
284: <li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
285: <li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
286: <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
287: <li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
288: <li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
289: <li>Enabled all Thinkpad X1 Extreme 1 speakers and atmos dolby in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
1.16 benno 290: <li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
1.1 benno 291: </ul>
292:
293: <li>New or improved network hardware support:
294: <ul>
295: <li>...
296: </ul>
297:
298: <li>Added or improved wireless network drivers:
299: <ul>
1.27 benno 300: <li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which are done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
301: <li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
302: <li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
303: <li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
304: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
305: <li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
306: <li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
307: <li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
308: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
309: <li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
310: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
311: <li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
312: <li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
313: <li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
314: <li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
315: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
316: <li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
317: <li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
318: <li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
319: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
320: <li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
321: <li>Worked around a problem with certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
322: <li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
323: <li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
324: <li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
325: <li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
326: <li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
1.1 benno 327: </ul>
328:
329: <li>IEEE 802.11 wireless stack improvements and bugfixes:
330: <ul>
1.27 benno 331: <li>Dropped fragmented 802.11 frames.
332: <li>Prevented frame injection via forged 802.11n A-MSDUs.
333: <li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
1.1 benno 334: </ul>
335:
336: <li>Generic network stack improvements and bugfixes:
337: <ul>
1.22 benno 338: <li>Implemented reception of "VLAN 0 priority tagged" packets.
339: <li>Added <a href="https://man.openbsd.org/veb.4">veb(4)</a> to the list of pseudo devices that <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> can create.
340: <li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
341: <li>Displayed provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
342: <li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
343: <li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
344: <li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
345: <li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
346: <li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
347: <li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
1.1 benno 348: </ul>
349:
350: <li>Installer and upgrade improvements:
351: <ul>
1.26 benno 352: <li>Checked the installer's /tmp/i/hostname.* files for a configured IP address so that configurations without a broadcast address are detected as well.
353: <li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly attempt an early mount of /var/log in case someone has created it to avoid /var overflow issues.
354: <li>Handled "inet autoconf" in the ramdisk.
355: <li>Allowed <a href="https://man.openbsd.org/cad.4">cad(4)</a> recognition as boot interface when using netboot, making autoinstall/upgrade work.
356: <li>Introduced a short wait in <a href="https://man.openbsd.org/rc.8">rc(8)</a> after <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes until an IPv4 or IPv6 default route is present before continuing boot. Fixed setups depending on working network and DNS resolution during early boot when using autoconfiguration (<a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
357: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> always create an EFI SYS partition if the -b option is specified when initializing a GPT.
358: <li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels.
359: <li>Used <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> on arm64 ramdisks.
360: <li>Fixed an issue on machines where the EFI memory map has more than 64 entries.
361: <!-- move fdisk changes related to EFI here, independent of architecture? -->
1.1 benno 362: </ul>
363:
364: <li>Security improvements:
365: <ul>
1.16 benno 366: <li>Moved objcopy to base set to allow KARL to work on all installs.
367: <li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> calls to xterm in the case where there are no exec-formatted or exec-selected resources set.
368: <li>Changed usage of %n from a syslog warning to syslog and abort for <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and associated variants).
369: <li>Made kernel stop all threads when terminating via pledge_fail().
1.1 benno 370: </ul>
371:
372: <li>Routing daemons and other userland network improvements:
373: <ul>
374: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> daemon saw the following changes:
375: <ul>
1.14 benno 376: <!-- check against and use openbgpd/rpki-client release notes instead? -->
377: <li>Fixed a memory leak in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
378: <li>Adjusted <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> RIB_GENERIC_ADDPATH MRT message handling to work with other MRT implementations.
379: <li>Set the <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> x509 validation depth limit to 12 or double the current depth.
380: <li>Limited <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 300 deltas to sync an RRDP repository rather than fetching a snapshot.
381: <li>Add add-path support in MRT dumps (RFC8050) to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
382: <li>Added http_proxy support to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> http handler.
383: <li>Implemented reception of multiple paths per BGP session in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> and made it possible to match on path-id in <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> show rib outputs.
384: <li>Ensured MRT dumps containing add-path information will be dumped properly by <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> (RFC 8050).
385: <li>Implemented Extended Optional Parameters Length for BGP OPEN Message (RFC 9072) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, allowing sending of more than 255 bytes of optional parameters.
386: <li>Defaulted to attempting RRDP first in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -r.
387: <li>Implemented enhanced route refresh (RFC 7313) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
388: <li>Improved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> graceful restart capability handling.
389: <li>Limited the number of concurrent RTR connects to 32 in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
390: <li>Added an 'expires' column to CSV & JSON output of <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
391: <li>Added keep-alive support to the <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> HTTP module.
1.1 benno 392: </ul>
393:
1.21 benno 394: <li>...other routing daemons...
1.1 benno 395:
396: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
397: <ul>
398: <li>...
399: </ul>
400:
401: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
402: <ul>
1.20 benno 403: <li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
404: <li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
405: <li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
406: <li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
407: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
408: <li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
409: <li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
410: <li>Fixed <a href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
1.1 benno 411: </ul>
412:
413: <li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements:
414: <ul>
415: <li>...
416: </ul>
417:
418: <li><a
419: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
420: received the following new features and bugfixes:
421: <ul>
422: <li>...
423: </ul>
424:
1.28 benno 425: <li><span style="color:red;">add blurp about awesome traceroute changes!</span>
1.1 benno 426: <ul>
1.28 benno 427: <li>Made <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> faster by sending probes and doing DNS lookups asynchronously.
1.1 benno 428: </ul>
429:
430: <li>XXX Two new daemons, <a
431: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a
432: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added.
433: These work alongside with <a
434: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
435: href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a
436: coherent and simple automatic configuration of network interfaces and
437: DNS resolution.<br>
438: The two daemons are not enabled by default for now, but can be tested
1.18 benno 439: by enabling them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>
1.1 benno 440: <ul>
1.18 benno 441: <li>Changed <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client identifier transmission to match other dhcp client implementations.
442: <li>Simplified <a href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and added syntax to match <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface), allowing one to be aliased to the other.
443: <li>Retried broadcast with <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the dhcp server is unreachable via unicast UDP.
444: <li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> accept dns proposals for the loopback addresses.
445: <li>Added to <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a> the ability to ignore routes or nameservers from a lease and to ignore servers entirely.
446: <li>Added a new "nameserver" command to <a href="https://man.openbsd.org/route.8">route(8)</a>, sending nameserver proposals to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the dns proposal protocol over the route socket.
447: <li>Left <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> rather than recreating after finding nameservers.
448: <li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> defer to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself.
449: <li>Fixed potential races in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two processes are configuring the same IP.
450: <li>Added the possibility to send vendor class identifier and client identifier using <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
451: <li>Made <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always configure provided routes, regardless of whether the address received in the lease is already configured.
452: <li>Made <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> send rDNS proposals on ramdisks, allowing <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> to learn nameservers and update /etc/resolv.conf with IPv6 resolvers.
453: <li>Used exclusive locks under /dev/ to ensure single instances of <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
454: <li>Switched to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> / <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> in base.
455: <li>Stopped attempting to install a default route with <a href="https://man.openbsd.org/route.8">route(8)</a> in <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> if using inet autoconf.
456: <li>Implemented classless static routes dhcp option in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
1.1 benno 457: </ul>
458:
459: <li>Changes to snmp related tools:
460: <ul>
461: <li>...
462: </ul>
463:
464: <li>Other userland network changes:
465: <ul>
1.21 benno 466: <li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
467: <li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
468: <li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
469: <li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
470: <li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
471: <li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
472: <li>Switched default <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth back to hmac-sha1.
473: <li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
474: <li>Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. Changed default authentication to SHA-256 and privacy protocol to AES in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>.
475: <li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
476: <li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
477: <li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
478: <li>Added <a href="https://man.openbsd.org/pledge.8">pledge(8)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
479: <li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
480: <li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
1.23 benno 481: <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
482: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
483: <li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.1 benno 484: </ul>
485: </ul>
486:
487: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
488: <ul>
1.30 benno 489: <li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
490: <li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
491: <li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
492: <li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
493: <li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
494: <li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
495: <li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
496: <li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
497: <li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.1 benno 498: </ul>
499:
500: <li>OpenSMTPD 7.0.0
501: <ul>
502: <li>...
503: </ul>
504:
1.2 jsg 505: <li>LibreSSL 3.4.0 XXX
1.1 benno 506: <ul>
507: <li>New Features
508: <ul>
509: <li>...
510: </ul>
511:
512: <li>Portable Improvements
513: <ul>
514: <li>...
515: </ul>
516:
517: <li>API and Documentation Enhancements
518: <ul>
519: <li>...
520: </ul>
521:
522: <li>Compatibility Changes
523: <ul>
524: <li>...
525: </ul>
526:
527: <li>Testing and Proactive Security
528: <ul>
529: <li>...
530: </ul>
531:
532: <li>Internal Improvements
533: <ul>
534: <li>...
535: </ul>
536:
537: <li>Bug Fixes
538: <ul>
539: <li>...
540: </ul>
541: </ul>
542:
1.13 benno 543: <li>OpenSSH 8.8 XXX <span style="color:red;">replace with release notes</span>
544: <li>Corrected <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user.
545: <li>Fixed the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> "Allocated port" debug message for unix sockets.
546: <li>Switched <a href="https://man.openbsd.org/scp.1">scp(1)</a> back to using the original scp/rcp protocol by default for release.
547: <li>Made <a href="https://man.openbsd.org/scp.1">scp(1)</a> SFTP mode (including error logging) more scp-like.
548: <li>Allowed CanonicalPermittedCNAMEs=none in <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>.
549: <li>Put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
550: <li>Stopped ignoring SIGINT in <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> while waiting for input if <a href="https://man.openbsd.org/editline.3">editline(3)</a> is not used.
551: <li>Altered <a href="https://man.openbsd.org/scp">scp(1)</a> to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
552: <li>Disabled the RSA/SHA-1 signature algorithm by default in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
553: <li>Ensured some programs (including <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>) do not ignore Ctrl-C when awaiting user input.
554: <li>Added <a href="https://man.openbsd.org/scp.1">scp(1)</a> -O and temporary -s (SFTP) flags to select the sftp protocol.
555: <li>Made <a href="https://man.openbsd.org/scp.1">scp(1)</a> -3 the default for remote-to-remote copies.
556: <li>Improved handling of ~ prefixed paths in <a href="https://man.openbsd.org/scp.1">scp(1)</a> in SFTP mode.
557: <li>Added experimental support for using the SFTP protocol for file transfers in <a href="https://man.openbsd.org/scp.1">scp(1)</a>.
558: <li>Added a ForkAfterAuthentication directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, equivalent to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> -f.
559: <li>Added a StdinNull directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> to prevent reading from stdin, equivalent to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> -n.
560: <li>Let allowed signers files used by <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a> signatures support key lifetimes and verification mode to specify a signature time at which to check.
561: <li>Added a SessionType directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, equivalent to the -N (no session) and -s (subsystem) command line flags.
562: <li>Allowed spaces to appear in usernames for <a href="https://man.openbsd.org/scp.1">scp(1)</a> local to remote and scp -3 remote to remote copies.
563: <li>Prevented a hang in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> when interrupted.
564: <li>Matched host certificates against host public keys in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, allowing use of certificates with private keys held in an ssh-agent.
565: <li>Prevented a race condition which could result in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> not shutting down until the next time it receives a new connection.
566: <li>Allowed <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> SetEnv to override $TERM.
567: <li>Fixed a segmentation violation in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> in an UpdateHostKezs debug() message when the update removed more host keys than remain present.
568: <li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> to restore file descriptors to non-blocking mode on exit.
569: <li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> started with ControlPersist incorrectly executing a shell when the -N option was specified.
570:
1.1 benno 571: <ul>
572: <li>Security fixes
573: <ul>
574: <li>...
575: </ul>
576: <li>Potentially incompatible changes
577: <ul>
578: <li>...
579: </ul>
580: <li>New Features
581: <ul>
582: <li>...
583: </ul>
584: <li>Bugfixes
585: <ul>
586: <li>...
587: </ul>
588: </ul>
589:
590: <li>Ports and packages:
591: <p>Many pre-built packages for each architecture:
592: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
593: <ul style="column-count: 3">
1.10 naddy 594: <li>aarch64: 11034
1.9 naddy 595: <li>amd64: 11325
1.1 benno 596: <li>arm: ...
1.10 naddy 597: <li>i386: 10248
1.1 benno 598: <li>mips64: ...
599: <li>mips64el: ...
600: <li>powerpc: ...
1.10 naddy 601: <li>powerpc64: 9273
1.1 benno 602: <li>sparc64: ...
603: </ul>
604:
605: <p>Some highlights:
606: <ul style="column-count: 3">
1.2 jsg 607: <li>Asterisk 18.6.0
1.1 benno 608: <li>Audacity 2.4.2
1.2 jsg 609: <li>CMake 3.20.3
610: <li>Chromium 93.0.4577.82
1.1 benno 611: <li>Emacs 27.2
1.2 jsg 612: <li>FFmpeg 4.4
613: <li>GCC 8.4.0 and 11.2.0
614: <li>GHC 8.10.6
615: <li>GNOME 40.4
616: <li>Go 1.17
617: <li>JDK 8u302, 11.0.12 and 16.0.2
618: <li>KDE Applications 21.08.1
619: <li>KDE Frameworks 5.85.0
620: <li>Krita 4.4.8
621: <li>LLVM/Clang 11.1.0
1.7 jsg 622: <li>LibreOffice 7.2.1.2
1.1 benno 623: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.2 jsg 624: <li>MariaDB 10.6.4
1.1 benno 625: <li>Mono 6.12.0.122
1.2 jsg 626: <li>Mozilla Firefox 92.0 and ESR 91.1.0
1.7 jsg 627: <li>Mozilla Thunderbird 91.1.1
1.2 jsg 628: <li>Mutt 2.1.3 and NeoMutt 20210205
629: <li>Node.js 12.22.6
1.1 benno 630: <li>OCaml 4.10.0
1.2 jsg 631: <li>OpenLDAP 2.4.59
632: <li>PHP 7.3.30, 7.4.23 and 8.0.10
1.7 jsg 633: <li>Postfix 3.5.12
1.2 jsg 634: <li>PostgreSQL 13.4
635: <li>Python 2.7.18, 3.8.12 and 3.9.7
636: <li>Qt 5.15.2 and 6.0.4
637: <li>R 4.1.1
638: <li>Ruby 2.6.8, 2.7.4 and 3.0.2
639: <li>Rust 1.55.0
640: <li>SQLite 3.35.5
1.1 benno 641: <li>Shotcut 21.01.29
1.2 jsg 642: <li>Sudo 1.9.7p2
643: <li>Suricata 6.0.2
1.1 benno 644: <li>Tcl/Tk 8.5.19 and 8.6.8
645: <li>TeX Live 2020
1.2 jsg 646: <li>Vim 8.2.3394 and Neovim 0.5.0
1.1 benno 647: <li>Xfce 4.16
648: </ul>
649: <p>
650:
651: <li>As usual, steady improvements in manual pages and other documentation.
652:
653: <li>The system includes the following major components from outside suppliers:
654: <ul>
1.2 jsg 655: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
1.5 jsg 656: freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
1.2 jsg 657: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
658: <li>LLVM/Clang 11.1.0 (+ patches)
1.1 benno 659: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
660: <li>Perl 5.32.1 (+ patches)
1.2 jsg 661: <li>NSD 4.3.7
662: <li>Unbound 1.13.2
1.1 benno 663: <li>Ncurses 5.7
664: <li>Binutils 2.17 (+ patches)
665: <li>Gdb 6.3 (+ patches)
666: <li>Awk December 18, 2020 version
1.2 jsg 667: <li>Expat 2.4.1
1.1 benno 668: </ul>
669:
670: </ul>
671: </section>
672:
673: <hr>
674:
675: <section id=install>
676: <h3>How to install</h3>
677: <p>
678: Please refer to the following files on the mirror site for
679: extensive details on how to install OpenBSD 7.0 on your machine:
680:
681: <ul>
682: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/alpha/INSTALL.alpha">
683: .../OpenBSD/7.0/alpha/INSTALL.alpha</a>
684: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/amd64/INSTALL.amd64">
685: .../OpenBSD/7.0/amd64/INSTALL.amd64</a>
686: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/arm64/INSTALL.arm64">
687: .../OpenBSD/7.0/arm64/INSTALL.arm64</a>
688: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/armv7/INSTALL.armv7">
689: .../OpenBSD/7.0/armv7/INSTALL.armv7</a>
690: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/hppa/INSTALL.hppa">
691: .../OpenBSD/7.0/hppa/INSTALL.hppa</a>
692: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/i386/INSTALL.i386">
693: .../OpenBSD/7.0/i386/INSTALL.i386</a>
694: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/landisk/INSTALL.landisk">
695: .../OpenBSD/7.0/landisk/INSTALL.landisk</a>
696: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/loongson/INSTALL.loongson">
697: .../OpenBSD/7.0/loongson/INSTALL.loongson</a>
698: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/luna88k/INSTALL.luna88k">
699: .../OpenBSD/7.0/luna88k/INSTALL.luna88k</a>
700: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/macppc/INSTALL.macppc">
701: .../OpenBSD/7.0/macppc/INSTALL.macppc</a>
702: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/octeon/INSTALL.octeon">
703: .../OpenBSD/7.0/octeon/INSTALL.octeon</a>
704: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/powerpc64/INSTALL.powerpc64">
705: .../OpenBSD/7.0/powerpc64/INSTALL.powerpc64</a>
1.3 jsg 706: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/riscv64/INSTALL.riscv64">
707: .../OpenBSD/7.0/riscv64/INSTALL.riscv64</a>
1.1 benno 708: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/sparc64/INSTALL.sparc64">
709: .../OpenBSD/7.0/sparc64/INSTALL.sparc64</a>
710: </ul>
711: </section>
712:
713: <hr>
714:
715: <section id=quickinstall>
716: <p>
717: Quick installer information for people familiar with OpenBSD, and the use of
718: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
719: If you are at all confused when installing OpenBSD, read the relevant
720: INSTALL.* file as listed above!
721:
722: <h3>OpenBSD/alpha:</h3>
723:
724: <p>
725: If your machine can boot from CD, you can write <i>install70.iso</i> or
726: <i>cd70.iso</i> to a CD and boot from it.
727: Refer to INSTALL.alpha for more details.
728:
729: <h3>OpenBSD/amd64:</h3>
730:
731: <p>
732: If your machine can boot from CD, you can write <i>install70.iso</i> or
733: <i>cd70.iso</i> to a CD and boot from it.
734: You may need to adjust your BIOS options first.
735:
736: <p>
737: If your machine can boot from USB, you can write <i>install70.img</i> or
738: <i>miniroot70.img</i> to a USB stick and boot from it.
739:
740: <p>
741: If you can't boot from a CD, floppy disk, or USB,
742: you can install across the network using PXE as described in the included
743: INSTALL.amd64 document.
744:
745: <p>
746: If you are planning to dual boot OpenBSD with another OS, you will need to
747: read INSTALL.amd64.
748:
749: <h3>OpenBSD/arm64:</h3>
750:
751: <p>
752: Write <i>install70.img</i> or <i>miniroot70.img</i> to a disk and boot from it
753: after connecting to the serial console. Refer to INSTALL.arm64 for more
754: details.
755:
756: <h3>OpenBSD/armv7:</h3>
757:
758: <p>
759: Write a system specific miniroot to an SD card and boot from it after connecting
760: to the serial console. Refer to INSTALL.armv7 for more details.
761:
762: <h3>OpenBSD/hppa:</h3>
763:
764: <p>
765: Boot over the network by following the instructions in INSTALL.hppa or the
766: <a href="hppa.html#install">hppa platform page</a>.
767:
768: <h3>OpenBSD/i386:</h3>
769:
770: <p>
771: If your machine can boot from CD, you can write <i>install70.iso</i> or
772: <i>cd70.iso</i> to a CD and boot from it.
773: You may need to adjust your BIOS options first.
774:
775: <p>
776: If your machine can boot from USB, you can write <i>install70.img</i> or
777: <i>miniroot70.img</i> to a USB stick and boot from it.
778:
779: <p>
780: If you can't boot from a CD, floppy disk, or USB,
781: you can install across the network using PXE as described in
782: the included INSTALL.i386 document.
783:
784: <p>
785: If you are planning on dual booting OpenBSD with another OS, you will need to
786: read INSTALL.i386.
787:
788: <h3>OpenBSD/landisk:</h3>
789:
790: <p>
791: Write <i>miniroot70.img</i> to the start of the CF
792: or disk, and boot normally.
793:
794: <h3>OpenBSD/loongson:</h3>
795:
796: <p>
797: Write <i>miniroot70.img</i> to a USB stick and boot bsd.rd from it
798: or boot bsd.rd via tftp.
799: Refer to the instructions in INSTALL.loongson for more details.
800:
801: <h3>OpenBSD/luna88k:</h3>
802:
803: <p>
804: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
805: from the PROM, and then bsd.rd from the bootloader.
806: Refer to the instructions in INSTALL.luna88k for more details.
807:
808: <h3>OpenBSD/macppc:</h3>
809:
810: <p>
811: Burn the image from a mirror site to a CDROM, and power on your machine
812: while holding down the <i>C</i> key until the display turns on and
813: shows <i>OpenBSD/macppc boot</i>.
814:
815: <p>
816: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
817: /7.0/macppc/bsd.rd</i>
818:
819: <h3>OpenBSD/octeon:</h3>
820:
821: <p>
822: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
823: Refer to the instructions in INSTALL.octeon for more details.
824:
825: <h3>OpenBSD/powerpc64:</h3>
826:
827: <p>
828: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
829: USB stick, plug it into the machine and choose the <i>OpenBSD
830: install</i> menu item in Petitboot.
831: Refer to the instructions in INSTALL.powerpc64 for more details.
832:
1.3 jsg 833: <h3>OpenBSD/riscv64:</h3>
1.1 benno 834:
835: <p>
1.3 jsg 836: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
837: USB stick, and boot with that drive plugged in.
838: Make sure you also have the microSD card plugged in that shipped with the
839: HiFive Unmatched board.
840: Refer to the instructions in INSTALL.riscv64 for more details.
1.1 benno 841:
842: <h3>OpenBSD/sparc64:</h3>
843:
844: <p>
845: Burn the image from a mirror site to a CDROM, boot from it, and type
846: <i>boot cdrom</i>.
847:
848: <p>
849: If this doesn't work, or if you don't have a CDROM drive, you can write
850: <i>floppy70.img</i> or <i>floppyB70.img</i>
851: (depending on your machine) to a floppy and boot it with <i>boot
852: floppy</i>. Refer to INSTALL.sparc64 for details.
853:
854: <p>
855: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
856: will most likely fail.
857:
858: <p>
859: You can also write <i>miniroot70.img</i> to the swap partition on
860: the disk and boot with <i>boot disk:b</i>.
861:
862: <p>
863: If nothing works, you can boot over the network as described in INSTALL.sparc64.
864: </section>
865:
866: <hr>
867:
868: <section id=upgrade>
869: <h3>How to upgrade</h3>
870: <p>
1.4 jsg 871: If you already have an OpenBSD 6.9 system, and do not want to reinstall,
1.1 benno 872: upgrade instructions and advice can be found in the
873: <a href="faq/upgrade70.html">Upgrade Guide</a>.
874: </section>
875:
876: <hr>
877:
878: <section id=sourcecode>
879: <h3>Notes about the source code</h3>
880: <p>
881: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
882: This file contains everything you need except for the kernel sources,
883: which are in a separate archive.
884: To extract:
885: <blockquote><pre>
886: # <kbd>mkdir -p /usr/src</kbd>
887: # <kbd>cd /usr/src</kbd>
888: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
889: </pre></blockquote>
890: <p>
891: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
892: This file contains all the kernel sources you need to rebuild kernels.
893: To extract:
894: <blockquote><pre>
895: # <kbd>mkdir -p /usr/src/sys</kbd>
896: # <kbd>cd /usr/src</kbd>
897: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
898: </pre></blockquote>
899: <p>
900: Both of these trees are a regular CVS checkout. Using these trees it
901: is possible to get a head-start on using the anoncvs servers as
902: described <a href="anoncvs.html">here</a>.
903: Using these files
904: results in a much faster initial CVS update than you could expect from
905: a fresh checkout of the full OpenBSD source tree.
906: </section>
907:
908: <hr>
909:
910: <section id=ports>
911: <h3>Ports Tree</h3>
912: <p>
913: A ports tree archive is also provided. To extract:
914: <blockquote><pre>
915: # <kbd>cd /usr</kbd>
916: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
917: </pre></blockquote>
918: <p>
919: Go read the <a href="faq/ports/index.html">ports</a> page
920: if you know nothing about ports
921: at this point. This text is not a manual of how to use ports.
922: Rather, it is a set of notes meant to kickstart the user on the
923: OpenBSD ports system.
924: <p>
925: The <i>ports/</i> directory represents a CVS checkout of our ports.
926: As with our complete source tree, our ports tree is available via
927: <a href="anoncvs.html">AnonCVS</a>.
928: So, in order to keep up to date with the -stable branch, you must make
929: the <i>ports/</i> tree available on a read-write medium and update the tree
930: with a command like:
931: <blockquote><pre>
932: # <kbd>cd /usr/ports</kbd>
933: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_0</kbd>
934: </pre></blockquote>
935: <p>
936: [Of course, you must replace the server name here with a nearby anoncvs
937: server.]
938: <p>
939: Note that most ports are available as packages on our mirrors. Updated
940: ports for the 7.0 release will be made available if problems arise.
941: <p>
942: If you're interested in seeing a port added, would like to help out, or just
943: would like to know more, the mailing list
944: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
945: </section>