Annotation of www/70.html, Revision 1.81
1.1 benno 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.0</title>
6: <meta name="description" content="OpenBSD 7.0">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/70.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.0
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
1.81 ! deraadt 20: <a href="images/StarryPointers.png">
! 21: <img width="227" height="303" src="images/StarryPointers-s.png" alt="XXX"></a>
1.1 benno 22: <td>
1.61 benno 23: Released Oct 14, 2021. (51st OpenBSD release)<br>
1.1 benno 24: Copyright 1997-2021, Theo de Raadt.<br>
25: <br>
26: 7.0 Song:
1.80 deraadt 27: <a href="lyrics.html#70">"The Style Hymn"</a>.
1.1 benno 28: <br>
1.79 deraadt 29: Artwork by Natasha Allegri.
1.1 benno 30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <code class=reldir>pub/OpenBSD/7.0/</code> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata70.html">the 7.0 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus70.html">detailed log of changes</a> between the
1.4 jsg 39: 6.9 and 7.0 releases.
1.1 benno 40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<p>
43:
44: <table class=signify>
45: <tr><td>
46: openbsd-70-base.pub:
47: <td>
48: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/openbsd-70-base.pub">
49: RWR3KL+gSr4QZ5mOvKhcOOgGe61ogHp5PyBOj2RrmyCpqchk9A7NVPzh</a>
50: <tr><td>
51: openbsd-70-fw.pub:
1.11 deraadt 52: <td>
1.1 benno 53: RWS8nd7vy+I+fRHtnpxVBeX+P+9rBqJMPvSU6z8LYyAv5p73WcdFXs3B
54: <tr><td>
55: openbsd-70-pkg.pub:
1.11 deraadt 56: <td>
1.1 benno 57: RWR3iauEtA8/bLN/zfIQhOc5ramL/fARX72S6xw8BwAUebxik7KioCvL
58: <tr><td>
59: openbsd-70-syspatch.pub:
1.11 deraadt 60: <td>
1.1 benno 61: RWSD33kMDKsQH8j0Q8FzfYk+vsgTKiP8Q5DcrkQQtrZoWg48yxUQgLxU
62: </table>
63: </ul>
64: <p>
65: All applicable copyrights and credits are in the src.tar.gz,
66: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
67: files fetched via <code>ports.tar.gz</code>.
68: </table>
69:
70: <hr>
71:
72: <section id=new>
73: <h3>What's New</h3>
74: <p>
75: This is a partial list of new features and systems included in OpenBSD 7.0.
76: For a comprehensive list, see the <a href="plus70.html">changelog</a> leading
77: to 7.0.
78:
79: <ul>
80:
81: <li>New/extended platforms:
82: <ul>
1.35 benno 83: <li>Added new <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V systems.
1.49 benno 84: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
1.1 benno 85: <ul>
1.62 kettenis 86: <li>Support for Apple Silicon Macs has improved but is not ready for general use yet:
87: <ul>
88: <li>Added support for installing on a disk with a GPT.
89: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
90: <li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
91: <li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
92: <li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a> driver for the Apple GPIO controller found on the M1 SoCs.
93: <li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
94: <li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
95: </ul>
1.29 benno 96: <li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
97: <li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
1.35 benno 98: <li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
1.1 benno 99: </ul>
1.35 benno 100: <li>Changes on other architectures:
1.29 benno 101: <ul>
1.49 benno 102: <li>Switched <a href="macppc.html">macppc</a> to use <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a>.
1.35 benno 103: <li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
1.49 benno 104: <li>Made <a href="amd64.html">amd64</a> hw.setperf percentages proportional to the enhanced
1.35 benno 105: speed step frequencies on Intel processors. The default hw.setperf=99
106: corresponds to the maximum ordinary speed, and setting it to 100
107: enables turbo mode.
1.33 benno 108: <li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
1.35 benno 109: <li>Disabled base-gcc on amd64.
110: <li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
1.33 benno 111: <li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
1.49 benno 112: <li>Forced <a href="luna88k.html">luna88k</a> to use the serial console when no graphics board is found.
113: <li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
114: <li>Fixed strchr() and strrchr() on <a href="mips64.html">mips64</a>.
1.46 benno 115: <li>Prevented watchdog resets on some i.MX 64-bit machines with a
116: recent U-Boot and watchdog enabled on boot in <a
117: href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
1.35 benno 118: <li>Created audio devices on <a href="armv7.html">armv7</a>.
1.49 benno 119: <li>Retired OpenBSD/<a href="sgi.html">sgi</a> platform.
120: <li>Enabled MSI-X support for <a href="powerpc64.html">powerpc64</a>.
1.33 benno 121: <li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
122: <li>Increased the maximum data size on powerpc64 to 32GB.
1.54 jsg 123: <li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB on amd64.
1.56 jsg 124: <li>Added <a href="https://man.openbsd.org/cduart.4">cduart(4)</a> driver for Cadence Universal Asynchronous Receiver/Transmitter on armv7.
125: <li>Added <a href="https://man.openbsd.org/armv7/zqclock.4">zqclock(4)</a> driver for Xilinx Zynq-7000 clock controller on armv7.
126: <li>Added <a href="https://man.openbsd.org/armv7/zqreset.4">zqreset(4)</a> driver for Xilinx Zynq-7000 reset controller on armv7.
1.1 benno 127: </ul>
1.41 benno 128: </ul>
1.1 benno 129:
130: <li>Various kernel improvements:
131: <ul>
1.57 dv 132: <li>Unlocked the top part of the VM fault handler on i386.
1.35 benno 133: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64.
134: <li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
135: <li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
1.46 benno 136: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
137: display of time spent in userland when analyzing the kernel stack in
138: the flame graph tool and fixed a parsing bug.
139: <li>Introduced /etc/<a
140: href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>,
141: which can be used to configure the kernel using <a
142: href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of
143: KARL while making changes to the GENERIC kernel.
1.53 jsg 144: <li>Identify TPM 2.0 devices and perform the 2.0-specific
145: suspend command, allowing the ThinkPad X1 Carbon Gen 9 and
146: ThinkPad X1 Nano with the latest BIOS (which added S3) to resume.
1.25 benno 147: <li>Changed the printing of the hibernate image size from bytes to megabytes.
148: <li>Increased hibernate writeout speed.
149: <li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
150: <li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
1.46 benno 151: <li>Delayed installation of sensors until a device with battery
152: support is connected, allowing <a
153: href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up
154: hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>
155: devices.
1.25 benno 156: <li>Prevented a kernel panic after VFS shutdown.
157: <li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
158: <li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
159: <li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
1.46 benno 160: <li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a>
161: errno handling to match what Mesa expects and prevent failure to
162: properly report timeouts.
1.25 benno 163: <li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
1.46 benno 164: <li>Increased the default buffer space on PF_UNIX sockets to 8k and
165: made the values tuneable via <a
166: href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
167: <li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
168: timer re-addition reset an existing timer to use the new timeout
169: period.
170: <li>In the build system, pass make flags to kernel and lib builds,
171: making hacking on ramdisks/the installer much faster.
1.1 benno 172: </ul>
173:
174: <li>SMP Improvements
175: <ul>
1.24 benno 176: <li>Made pmap_extract() mpsafe on hppa and amd64.
1.46 benno 177: <li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code
178: to prevent waiting on non-running CPUs.
1.24 benno 179: <li>Made anonymous object reference counting independent from the KERNEL_LOCK().
180: <li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
181: <li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
182: <li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
183: <li>Used so_lock to protect key management (PF_KEY) sockets.
1.75 mvs 184: <li>Used so_lock to protect routing (PF_ROUTE) sockets.
1.24 benno 185: <li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
186: <li>Unlocked the top part of the fault handler.
1.1 benno 187: </ul>
188:
189: <li>Direct Rendering Manager
190: <ul>
1.8 jsg 191: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
192: to Linux 5.10.65
193: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
194: better support for Tiger Lake
195: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
196: support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
197: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
198: support for Cezanne "Green Sardine" Ryzen 5000 APU
1.1 benno 199: </ul>
200:
201: <li>VMM/VMD improvements
202: <ul>
1.46 benno 203: <li>Added a theoretical limit of 512 to the number of allocated vcpus
204: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.19 benno 205: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
206: <li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
207: <li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large dhcp packets on local interfaces.
208: <li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
209: <li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
210: <li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
211: <li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
1.46 benno 212: <li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
213: client "wait" state corruption in <a
214: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is
215: canceled and restarted, allowing multiple waiting clients.
1.19 benno 216: <li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
1.60 schwarze 217: <li>Unlocked the kernel in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> ioctl handlers and introduced vcpu locks
1.1 benno 218: </ul>
219:
220: <li>Various new userland features:
221: <ul>
1.46 benno 222:
223: <li>Imported <a
224: href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from
225: NetBSD. timeout(1) can be used to run commands with a time limit.
226: <li>Added include and exclude options to <a
1.72 krw 227: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
1.46 benno 228: <li>Implemented reporting of supplemental groups in <a
229: href="https://man.openbsd.org/ps.1">ps(1)</a>.
230: <li>Added indication of whether an <a
231: href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable
232: for a startup file.
233: <li>Added "dired-jump" command to <a
234: href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer
235: containing the current buffer's directory location.
1.36 benno 236: </ul>
237:
238: <li>Various bugfixes and tweaks in userland:
239: <ul>
1.46 benno 240: <li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to
241: retry up to 3 times on password authentication failure.
242: <li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal
243: handler functions async-signal-safe.
244: <li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to
245: consider two files sharing the same inode identical.
246: <li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
1.58 schwarze 247: login when ~/.Xauthority does not exist.
248: <li>Disabled building all of the non-unicode fonts in Xenocara
249: except for ISO8859-1.
1.46 benno 250: <li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a>
251: to use stderr for printer error and informational messages. This
252: allows easier parsing of what passwd(1) is doing if spawned from a
253: GUI.
254: <li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a>
255: per-device values when <a
256: href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time
257: mode ('b'), not normalizing based on the sleep interval.
1.17 benno 258: <li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
1.46 benno 259: <li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard
260: the current input line when Ctrl-C is used during line editing and
261: provide a fresh prompt rather than exiting the program.
1.59 schwarze 262: <li>Let <a href="https://man.openbsd.org/el_gets.3">el_gets(3)</a>
263: honour the first Ctrl-C typed by the user rather than
264: ignoring it.
1.46 benno 265: <li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F
266: null string behavior to ensure -F '' behaves consistently with -v
267: FS="".
268: <li>Avoided a potential buffer overflow in backslash escaping in <a
269: href="https://man.openbsd.org/awk.1">awk(1)</a>.
270: <li>Disallowed the use of an empty list between "while" and "do" in
271: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
272: <li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
273: maximization and full-screen mode toggling to keep the cursor within
274: the window, preventing focus loss.
275: <li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly
1.58 schwarze 276: attempt an early mount of /var/log in case someone has created
277: it as a separate filesystem to avoid /var overflow issues.
1.62 kettenis 278: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
279: to retain essential partitions on various platforms.
280: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
281: for disks with 4K sectors.
1.36 benno 282: <li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT
283: initialization code, making -g independent of -i, leaving four
1.74 krw 284: mutually exclusive initialization options (-i, -g, -u and -A) with the
1.36 benno 285: last option specified executed (allowing the existing -i -g to work as
286: intended).
287: <li>Relaxed criteria for recognizing GPT formatted media, allowing
288: GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical
289: media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
290: <li>Added the ability for <a
291: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize
1.73 krw 292: "BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL" GPT partitions.
1.36 benno 293: <li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
294: -b and -l are treated as 512-byte block counts.
295: <li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
296: -A option to initialize a GPT without removing special boot
297: partitions.
298: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
1.70 krw 299: -b option available to architectures other than amd64 and i386 and extended the
1.36 benno 300: syntax to allow specification of the boot partition type and offset.
301: <li>Adjusted density for partitions on a 4k disk in <a
302: href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and
303: density are not passed on the command line to ensure sufficient inodes
304: to hold a src tree on a 2G fs.
305: <li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
306: <li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a>
307: autoalloc code.
1.54 jsg 308: <li>Corrected various min/max cluster numbers for FAT12/16/32 in <a
309: href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
310: <li>Added libexecinfo, a library providing backtrace functions.
1.58 schwarze 311: <li>Updated C library support for character classification
312: to Unicode 13.0.
1.59 schwarze 313: <li>Let <a href="https://man.openbsd.org/wcwidth.3">wcwidth(3)</a>
314: treat all characters in Unicode private use areas
315: as single-width, even those in planes 15 and 16.
1.54 jsg 316: <li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
1.59 schwarze 317: <li>Corrected the output of
318: <a href="https://man.openbsd.org/date.1">date(1)</a> -f %s
319: which was wrongly affected by the local timezone.
1.64 martijn 320: <li>Turn printing additional information into toggles for <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
1.1 benno 321: </ul>
322:
323: <li>Improved hardware support and driver bugfixes, including:
324: <ul>
1.15 benno 325: <li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
1.53 jsg 326: <li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo ThinkPads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
1.15 benno 327: <li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
328: <li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
329: <li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
1.68 anton 330: <li>Added
331: <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>,
332: a driver for USB HID Consumer Control keyboards.
333: Often used to expose volume, audio and application launch keys.
334: Volume keys are handled by the kernel and all other keys are
335: propagated to X11 and the console through
1.77 anton 336: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>.
1.15 benno 337: <li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
338: <li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
339: <li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
340: <li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
341: <li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
342: <li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
343: <li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
344: <li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
345: <li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
346: <li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
347: <li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
348: <li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
349: <li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
350: <li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
351: <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
352: <li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
1.53 jsg 353: <li>Added quirk to enable ThinkPad X1 Extreme 1 speakers and Dolby Atmos in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
1.16 benno 354: <li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
1.57 dv 355: <li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
1.1 benno 356: </ul>
357:
358: <li>New or improved network hardware support:
359: <ul>
1.33 benno 360: <li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
1.52 jsg 361: <li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB Ethernet devices.
362: <li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe Ethernet adapters.
1.55 mglocker 363: <li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board Ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a>, fixing <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
1.35 benno 364: <li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
1.33 benno 365: <li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
366: <li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
1.63 jmatthew 367: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
368: <li>Fixed <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> with a single queue in MSI-X mode.
1.1 benno 369: </ul>
370:
371: <li>Added or improved wireless network drivers:
372: <ul>
1.27 benno 373: <li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which are done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
374: <li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
375: <li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
376: <li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
377: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
378: <li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
379: <li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
380: <li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
381: <li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
382: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
383: <li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
384: <li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
385: <li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
386: <li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
387: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
388: <li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
389: <li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
390: <li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
391: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
392: <li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
393: <li>Worked around a problem with certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
394: <li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
395: <li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
396: <li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
397: <li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
398: <li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
1.1 benno 399: </ul>
400:
401: <li>IEEE 802.11 wireless stack improvements and bugfixes:
402: <ul>
1.37 benno 403: <li>Drop fragmented 802.11 frames.
404: <li>Prevent frame injection via forged 802.11n A-MSDUs.
1.27 benno 405: <li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
1.1 benno 406: </ul>
407:
408: <li>Generic network stack improvements and bugfixes:
409: <ul>
1.22 benno 410: <li>Implemented reception of "VLAN 0 priority tagged" packets.
411: <li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
1.37 benno 412: <li>Display provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.1 benno 413: </ul>
414:
415: <li>Installer and upgrade improvements:
416: <ul>
1.47 benno 417: <li>Checked the installer's /tmp/i/hostname.* files for a configured
418: IP address so that configurations without a broadcast address are
419: detected as well.
1.26 benno 420: <li>Handled "inet autoconf" in the ramdisk.
1.47 benno 421: <li>Introduced a short wait in <a
422: href="https://man.openbsd.org/rc.8">rc(8)</a> after <a
423: href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes
424: until an IPv4 or IPv6 default route is present before continuing boot.
425: Fixed setups depending on working network and DNS resolution during
426: early boot when using autoconfiguration (<a
427: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a
428: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
429: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
430: always create an EFI SYS partition if the -b option is specified when
431: initializing a GPT.
432: <li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a
433: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple
434: APFS ISC partition is detected and fdisk -ig otherwise. Created EFI
435: SYS boot partitions only on ROOTDISK GPT disks.
436: <li>Added <a
437: href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p"
438: to prepare by creating a new filesystem on the partition reserved for
439: the bootloader on relevant architectures.
440: <li>Added GPT support to <a href="armv7.html">armv7</a> <a
441: href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
442: <li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and
443: RAMDISK kernels.
444: <li>Use <a
445: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
446: arm64 ramdisks.
447: <li>Enable <a
448: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> on
449: ramdisks, and activate <a
450: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, replacing <a
451: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
1.66 landry 452: <li>Enable <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
453: to configure nameservers on ramdisks.
1.47 benno 454: </ul>
1.1 benno 455:
456: <li>Security improvements:
457: <ul>
1.16 benno 458: <li>Moved objcopy to base set to allow KARL to work on all installs.
1.47 benno 459: <li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
460: calls to xterm in the case where there are no exec-formatted or
461: exec-selected resources set.
462: <li>Changed usage of %n from a syslog warning to syslog and abort for
463: <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and
464: associated variants).
1.16 benno 465: <li>Made kernel stop all threads when terminating via pledge_fail().
1.1 benno 466: </ul>
467:
468: <li>Routing daemons and other userland network improvements:
469: <ul>
1.47 benno 470: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
471: daemon saw the following changes:
1.1 benno 472: <ul>
1.38 benno 473: <li>Stop processing queued UPDATES when the max-prefix limit was reached.
474: <li>Improved negotiation for route refresh, graceful restart and
475: multi-protocol capabilities
476: <li>Correctly track 'rde evaluate all' and 'export' settings during reload.
477: <li>Properly withdraw prefixes when 'rde evaluate all' is used.
478: <li>Fixed MRT handling on initial startup for message dump types.
479: <li>Fixed and use non-blocking connect for RTR sessions.
480: <li>Fully implemented RFC 6286 by checking for BGP ID collisions.
481: <li>Adjusted the 4-byte AS number handling to RFC 6793 by changing error
482: behaviour from prefix witdraw to attribute discard.
1.39 benno 483: <li>In <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print out both the sent "Neighbor capabilities" and the
1.38 benno 484: "Negotiated capabilities" for a session.
485: <li>Print timestamps both as a formatted and a pure time in seconds
486: filed in various JSON objects.
1.39 benno 487: <li>Fixed a bug, where during <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> config reloads prefixes of the
1.38 benno 488: wrong address family could leak to peers resulting in session resets.
489: <li>Added support for RFC 7313 - Enhanced Route Refresh
490: Disabled by default, to enable use 'announce enhanced refresh yes'.
491: <li>Improved output of Adj-RIB-Out by updating nexthop and ASPATH before
492: adding the prefix to the RIB. This improves `bgpctl show rib out`
493: output.
1.47 benno 494: <li>Added command line option to both <a
495: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a
496: href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> to show the
497: version.
1.51 fcambus 498: <li>Added support for RFC 9072 - Extended Optional Parameters Length for
1.38 benno 499: BGP OPEN Message
500: <li>Added support for RFC 8050 - MRT Format with BGP Additional Path Extensions
501: <li>Implemented receive side of RFC 7911 - Advertisement of Multiple Paths
502: in BGP. OpenBGPD is currently not able to send multiple paths out.
503: <li>Improved checks of VRPs loaded via RTR or from the roa-set table.
504: <li>Allowed to optionally specify an expiry time for roa-set entries to
505: mitigate BGP route decision making based on outdated RPKI data.
506: OpenBGPD's companion rpki-client(8) produces roa-sets with the
507: new 'expires' property
1.1 benno 508: </ul>
509:
510: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
511: <ul>
1.34 benno 512: <li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
513: <li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
514: <li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
515: <li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
516: <li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
517: <li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
1.1 benno 518: </ul>
519:
520: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
521: <ul>
1.20 benno 522: <li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
523: <li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
524: <li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
525: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
526: <li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
527: <li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
1.39 benno 528: <li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
529: <li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
1.1 benno 530: </ul>
531:
532: <li><a
533: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
534: received the following new features and bugfixes:
535: <ul>
1.39 benno 536: <li>Added keep-alive support to the HTTP client code for RRDP.
537: <li>Reference-count and delete unused files synced via RRDP, as far as
538: possible.
539: <li>In the JSON output, changed the AS Number from a string ("AS123") to
540: an integer ("123") to make processing of the output easier,
541: <li>Added an 'expires' column to CSV & JSON output, based on certificate
542: and CRL validity times. The 'expires' value can be used to avoid route
543: selection based on stale data when generating VRP sets, when faced
1.71 krw 544: with loss of communication between consumer and validator, or
1.39 benno 545: validator and CA repository,
546: <li>Made the runtime timeout (-s option) also trigger in
547: child proecesses.
548: <li>Improved RRDP support and make RRDP as default protocol for
1.51 fcambus 549: synchronizing the RPKI repository data, with <a
1.39 benno 550: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> used as secondary.
551: <li>At startup, warn if the filesystem containing the cache directory
552: is probably too small.
553: <li>Handle running out of disk space more gracefully, including cleanup
554: of temporary and old files before exiting.
555: <li>Improved the HTTP/1.1 request headers being sent.
556: <li>Improved validation checks for ROA and MFT objects.
557: <li>Improved the HTTP client code (status code handling, http proxy
558: support, keep-alive).
559: <li>In RRDP, do not access URI with userinfo (@-sign)
560: <li>Improved RRDP syncing by considering a notification file serial
561: jumping backwards as synced repository.
562: <li>Made -R (rsync only) also apply to the fetching of TA files.
563: <li>Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others.
1.47 benno 564: <li>When producing output for <a
565: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, make use of the
566: 'roa-set expires' attribute to prevent machines from loading outdated
567: roa-sets.
1.39 benno 568: <li>In RRDP, limited the number of deltas to 300 per repo. If more deltas
569: exist, downloading a full snapshot is faster.
570: <li>Limited the validation depth of X509 certificate chains to 12, double
571: the current depth seen in RPKI.
1.1 benno 572: </ul>
573:
1.41 benno 574: <li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved:
1.1 benno 575: <ul>
1.41 benno 576: <li>Probe packets are now sent in quick succession and responses handled asynchronously.</li>
1.60 schwarze 577: <li>DNS lookups are performed asynchronously.
1.41 benno 578: This speeds up the time required to display results considerably.
1.1 benno 579: </ul>
580:
1.41 benno 581: <li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made
582: the default program for configuring IPv4 addresses via DHCP. <a
583: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated
584: to handle concurrent changes to <a
585: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by
586: both dhcpleased(8) and <a
587: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br>
1.51 fcambus 588: Additionally these programs saw the following improvements and bugfixes:
1.1 benno 589: <ul>
1.49 benno 590: <li>Changed <a
591: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client
592: identifier transmission to match other dhcp client implementations.
593: <li>Simplified <a
594: href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and
595: added syntax to match <a
596: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface),
597: allowing one to be aliased to the other.
598: <li>Retried broadcast with <a
599: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
600: dhcp server is unreachable via unicast UDP.
601: <li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
602: accept dns proposals for the loopback addresses.
603: <li>Added to <a
604: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>
605: the ability to ignore routes or nameservers from a lease and to ignore
606: servers entirely.
1.41 benno 607: <li><!-- XXX what does this mean? -->Left <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> to <a
608: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> rather than
609: recreating after finding nameservers.
1.49 benno 610: <li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
611: defer to <a
612: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
613: inet autoconf flag is set. When run, dhclient will signal dhcpleased
614: to request a new lease rather than requesting one itself.
615: <li>Fixed potential races in <a
616: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
617: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two
618: processes are configuring the same IP.
619: <li>Added the possibility to send vendor class identifier and client
620: identifier using <a
621: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
622: <li>Made <a
623: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always
624: configure provided routes, regardless of whether the address received
625: in the lease is already configured.
626: <li>Used exclusive locks under /dev/ to ensure single instances of <a
627: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a
628: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
629: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
630: <li>Implemented classless static routes dhcp option in <a
631: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
632: <li>Added a new "nameserver" command to <a
633: href="https://man.openbsd.org/route.8">route(8)</a>, sending
634: nameserver proposals to <a
635: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the dns
636: proposal protocol over the route socket. This command is intended be
637: used to integrate userland triggered nameserver changes, for example
638: by VPN software.
1.1 benno 639: </ul>
640:
641: <li>Changes to snmp related tools:
642: <ul>
1.64 martijn 643: <li>Disable SNMPv1 and SNMPv2c by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
644: <li>Remove default communities from <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
645: <li>Switched default seclevel to enc for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
646: <li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
647: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth to hmac-sha1.
648: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> privacy protocol to AES.
1.21 benno 649: <li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
650: <li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
651: <li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
1.41 benno 652: </ul>
653:
654: <li>Other userland network changes:
655: <ul>
656: <li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
1.21 benno 657: <li>Added <a href="https://man.openbsd.org/pledge.8">pledge(8)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
658: <li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
1.40 benno 659: <li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
660: <li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
1.21 benno 661: <li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
1.23 benno 662: <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
663: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
664: <li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.1 benno 665: </ul>
666: </ul>
667:
668: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
669: <ul>
1.30 benno 670: <li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
671: <li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
672: <li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
673: <li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
674: <li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
675: <li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
676: <li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
677: <li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
678: <li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.1 benno 679: </ul>
680:
681: <li>OpenSMTPD 7.0.0
682: <ul>
1.42 benno 683: <li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
684: <li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
685: <li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
1.1 benno 686: </ul>
687:
1.67 bcook 688: <li>LibreSSL 3.4.1 XXX
1.1 benno 689: <ul>
690: <li>New Features
691: <ul>
1.67 bcook 692: <li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li>
1.76 beck 693: <li>Enabled the new x509 validator to allow verification of modern certificate chains.
1.1 benno 694: </ul>
695:
696: <li>Portable Improvements
697: <ul>
1.67 bcook 698: <li>Ported continuous integration and test infrastructure to Github actions.</li>
699: <li>Added Universal Windows Platform (UWP) build support.</li>
700: <li>Fixed mingw-w64 builds on newer versions with missing SSP support.</li>
701: <li>Added non-executable stack annotations for CMake builds.</li>
1.1 benno 702: </ul>
703:
704: <li>API and Documentation Enhancements
705: <ul>
1.67 bcook 706: <li>Added the following APIs from OpenSSL
707: <ul>
708: BN_bn2binpad
709: BN_bn2lebinpad
710: BN_lebin2bn
711: EC_GROUP_get_curve
712: EC_GROUP_order_bits
713: EC_GROUP_set_curve
714: EC_POINT_get_affine_coordinates
715: EC_POINT_set_affine_coordinates
716: EC_POINT_set_compressed_coordinates
717: EVP_DigestSign
718: EVP_DigestVerify
719: SSL_CIPHER_find
720: SSL_CTX_get0_privatekey
721: SSL_CTX_get_max_early_data
722: SSL_CTX_get_ssl_method
723: SSL_CTX_set_ciphersuites
724: SSL_CTX_set_max_early_data
725: SSL_CTX_set_post_handshake_auth
726: SSL_SESSION_get0_cipher
727: SSL_SESSION_get_max_early_data
728: SSL_SESSION_is_resumable
729: SSL_SESSION_set_max_early_data
730: SSL_get_early_data_status
731: SSL_get_max_early_data
732: SSL_read_early_data
733: SSL_set0_rbio
734: SSL_set_ciphersuites
735: SSL_set_max_early_data
736: SSL_set_post_handshake_auth
737: SSL_set_psk_use_session_callback
738: SSL_verify_client_post_handshake
739: SSL_write_early_data
740: </ul>
741: <li>Added AES-GCM constants from RFC 7714 for SRTP.</li>
1.1 benno 742: </ul>
743:
744: <li>Compatibility Changes
745: <ul>
1.67 bcook 746: <li>Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.</li>
747: <li>Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay.</li>
748: <li>Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.</li>
749: <li>Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.</li>
1.1 benno 750: </ul>
751:
752: <li>Testing and Proactive Security
753: <ul>
1.67 bcook 754: <li>Added additional state machine test coverage.</li>
1.76 beck 755: <li>Improved integration test support with ruby/openssl tests.</li>
756: <li>Error codes and callback support in new x509 validator made compatible with p5-Net_SSLeay tests.</li>
1.1 benno 757: </ul>
758:
759: <li>Internal Improvements
1.67 bcook 760: <ul>
1.76 beck 761: <li>Numerous fixes and improvements to the new X509 validator to ensure compatible error codes
762: and callback support compatible with the legacy OpenSSL validator.
1.67 bcook 763: </ul>
1.1 benno 764:
765: <li>Bug Fixes
766: <ul>
1.67 bcook 767: <li>...
1.1 benno 768: </ul>
769: </ul>
770:
1.81 ! deraadt 771: <li>OpenSSH 8.8
! 772: <ul>
! 773: <li>Security
! 774: <ul>
! 775: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: OpenSSH
! 776: 8.5 introduced the LogVerbose keyword. When this option was
! 777: enabled with a set of patterns that activated logging in code
! 778: that runs in the low-privilege sandboxed sshd process, the log
! 779: messages were constructed in such a way that printf(3) format
! 780: strings could effectively be specified the low-privilege code.
! 781: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a> from
! 782: OpenSSH 6.2 through 8.7 failed to correctly initialise
! 783: supplemental groups when executing an AuthorizedKeysCommand or
! 784: AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser
! 785: or AuthorizedPrincipalsCommandUser directive has been set to
! 786: run the command as a different user.
! 787: </ul>
! 788: <li>Potentially incompatible changes
! 789: <ul>
! 790: <li>A near-future release of OpenSSH will switch <a
! 791: href='https://man.openbsd.org/scp.1'>scp(1)</a> from using
! 792: the legacy scp/rcp protocol to using SFTP by default.
! 793: <li>This release disables RSA signatures using the SHA-1 hash
! 794: algorithm by default.
! 795: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: this
! 796: release changes the behaviour of remote to remote copies
! 797: (e.g. "scp host-a:/path host-b:") to transfer through the
! 798: local host by default. This was previously available via the
! 799: -3 flag. This mode avoids the need to expose credentials on
! 800: the origin hop, avoids triplicate interpretation of filenames
! 801: by the shell (by the local system, the copy origin and the
! 802: destination) and, in conjunction with the SFTP support for
! 803: <a href='https://man.openbsd.org/scp.1'>scp(1)</a> mentioned
! 804: below, allows use of all authentication methods to the remote
! 805: hosts (previously, only non-interactive methods could be
! 806: used). A -R flag has been added to select the old behaviour.
! 807: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/<a
! 808: href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: both the
! 809: client and server are now using a stricter configuration file
! 810: parser. The new parser uses more shell-like rules for quotes,
! 811: space and escape characters. It is also more strict in
! 812: rejecting configurations that include options lacking
! 813: arguments. Previously some options (e.g. DenyUsers) could
! 814: appear on a line with no subsequent arguments. This release
! 815: will reject such configurations. The new parser will also
! 816: reject configurations with unterminated quotes and multiple
! 817: '=' characters after the option name.
! 818: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: when using
! 819: SSHFP DNS records for host key verification, <a
! 820: href='https://man.openbsd.org/ssh.1'>ssh(1)</a> will verify
! 821: all matching records instead of just those with the specific
! 822: signature type requested. This may cause host key verification
! 823: problems if stale SSHFP records of a different or legacy
! 824: signature type exist alongside other records for a particular
! 825: host.
! 826: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 827: when generating a FIDO key and specifying an explicit
! 828: attestation challenge (using -Ochallenge), the challenge will
! 829: now be hashed by the builtin security key middleware. This
! 830: removes the (undocumented) requirement that challenges be
! 831: exactly 32 bytes in length and matches the expectations of
! 832: libfido2.
! 833: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
! 834: environment="..." directives in authorized_keys files are now
! 835: first-match-wins and limited to 1024 discrete environment
! 836: variable names.
! 837: </ul>
! 838:
! 839: <li>New features
! 840: <ul>
! 841: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>:
! 842: experimental support for transfers using the SFTP protocol as
! 843: a replacement for the venerable SCP/RCP protocol that it has
! 844: traditionally used. SFTP offers more predictable filename
! 845: handling and does not require expansion of glob(3) patterns
! 846: via the shell on the remote side.
! 847: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
! 848: add a protocol extension to support expansion of ~/ and ~user/
! 849: prefixed paths. This was added to support these paths when
! 850: used by <a href='https://man.openbsd.org/scp.1'>scp(1)</a>
! 851: while in SFTP mode.
! 852: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 853: ForkAfterAuthentication
! 854: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 855: counterpart to the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> -f flag.
! 856: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 857: StdinNull directive to
! 858: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 859: that allows the config file to do the same thing as -n does on
! 860: the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
! 861: command- line.
! 862: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 863: SessionType directive to ssh_config, allowing the
! 864: configuration file to offer equivalent control to the -N (no
! 865: session) and -s (subsystem) command-line flags.
! 866: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 867: allowed signers files used by
! 868: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
! 869: signatures now support listing key validity intervals
! 870: alongside they key, and
! 871: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
! 872: can optionally check during signature verification whether a
! 873: specified time falls inside this interval. This feature is
! 874: intended for use by git to support signing and verifying
! 875: objects using ssh keys.
! 876: <li><a href='https://man.openbsd.org/ssh-keygen.8'>ssh-keygen(8)</a>:
! 877: support printing of the full public key in a sshsig signature
! 878: via a -Oprint-pubkey flag.
! 879: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow the
! 880: <a
! 881: href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 882: CanonicalizePermittedCNAMEs directive to accept a "none"
! 883: argument to specify the default behaviour.
! 884: </ul>
! 885:
! 886: <li>Bugfixes
! 887: <ul>
! 888: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 889: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: start
! 890: time-based re-keying exactly on schedule in the client and
! 891: server mainloops. Previously the re-key timeout could expire
! 892: but re-keying would not start until a packet was sent or
! 893: received, causing a spin in select() if the connection was
! 894: quiescent.
! 895: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 896: avoid Y2038 problem in printing certificate validity
! 897: lifetimes. Dates past 2^31-1 seconds since epoch were
! 898: displayed incorrectly on some platforms.
! 899: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: allow
! 900: spaces to appear in usernames for local to remote and scp -3
! 901: remote to remote copies.
! 902: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 903: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: remove
! 904: references to ChallengeResponseAuthentication in favour of
! 905: KbdInteractiveAuthentication. The former is what was in SSHv1,
! 906: the latter is what is in SSHv2 (<a href='https://tools.ietf.org/html/rfc4256'>RFC4256</a>)
! 907: and they were treated as somewhat but not entirely equivalent. We
! 908: retain the old name as a deprecated alias so configuration
! 909: files continue to work as well as a reference in the man page
! 910: for people looking for it.
! 911: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 912: <a href='https://man.openbsd.org/ssh-add.1'>ssh-add(1)</a>/
! 913: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 914: fix decoding of X.509 subject name when extracting a key from
! 915: a PKCS#11 certificate.
! 916: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: restore
! 917: blocking status on stdio fds before close.
! 918: <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> needs file
! 919: descriptors in non-blocking mode to operate but it was not
! 920: restoring the original state on exit. This could cause
! 921: problems with fds shared with other programs via the shell.
! 922: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 923: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: switch both
! 924: client and server mainloops from select(3) to
! 925: pselect(3). Avoids race conditions where a signal may arrive
! 926: immediately before select(3) and not be processed until an
! 927: event fires.
! 928: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: sessions
! 929: started with ControlPersist were incorrectly executing a shell
! 930: when the -N (no shell) option was specified.
! 931: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: check if
! 932: IPQoS or TunnelDevice are already set before
! 933: overriding. Prevents values in config files from overriding
! 934: values supplied on the command line.
! 935: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix debug
! 936: message when finding a private key to match a certificate
! 937: being attempted for user authentication. Previously it would
! 938: print the certificate's path, whereas it was supposed to be
! 939: showing the private key's path.
! 940: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: match
! 941: host certificates against host public keys, not private
! 942: keys. Allows use of certificates with private keys held in a
! 943: ssh-agent.
! 944: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 945: workaround for a bug in OpenSSH 7.4 <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>,
! 946: which allows RSA/SHA2 signatures for public key authentication but
! 947: fails to advertise this correctly via SSH2_MSG_EXT_INFO. This
! 948: causes clients of these server to incorrectly match
! 949: PubkeyAcceptedAlgorithmse and potentially refuse to offer
! 950: valid keys.
! 951: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>/
! 952: <a href='https://man.openbsd.org/scp.1'>scp(1)</a>: degrade
! 953: gracefully if a sftp-server offers the limits@openssh.com
! 954: extension but fails when the client tries to invoke it.
! 955: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow
! 956: ssh_config SetEnv to override $TERM, which is otherwise
! 957: handled specially by the protocol. Useful in ~/.ssh/config to
! 958: set TERM to something generic (e.g. "xterm" instead of
! 959: "xterm-256color") for destinations that lack terminfo entries.
! 960: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
! 961: the limits@openssh.com extension was incorrectly marked as an
! 962: operation that writes to the filesystem, which made it
! 963: unavailable in sftp-server read-only mode.
! 964: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix SEGV
! 965: in UpdateHostkeys debug() message, triggered when the update
! 966: removed more host keys than remain present.
! 967: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: when using
! 968: the SFTP protocol, continue transferring files after a
! 969: transfer error occurs, better matching original scp/rcp
! 970: behaviour.
! 971: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fixed a
! 972: number of memory leaks in multiplexing,
! 973: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 974: avoid crash when using the -Y find-principals command.
! 975: <li>A number of documentation and manual improvements.
1.1 benno 976: </ul>
1.81 ! deraadt 977: </ul>
1.59 schwarze 978:
979: <li>mandoc 1.14.6
980: <ul>
981: <li>Added a style message about overlong text input lines.
982: <li>Made "-W style" check .Xr links along the full manpath
983: to help validation of non-base manual pages.
984: <li>Supported auto-tagging for ".It Va" in
985: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> documents.
986: <li>Stopped printing two extra blank lines at the top and bottom of
987: <a href="https://man.openbsd.org/man.7">man(7)</a> documents.
988: <li>Supported the CB and CI fonts in
989: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
990: \f font escapes and .ft font requests.
991: <li>Added support for two-character font names (BI, CW, CR, CB, CI)
992: to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
993: layout font modifier.
994: <li>Implemented the
995: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
996: layout modifiers "b" (bold) and "i" (italic)
997: in HTML output mode.
998: <li>Completed support for the "nospaces" option in the
999: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser.
1000: <li>Fixed an infinite loop in the
1001: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser
1002: for some cases of horizontally overlapping horizontal spans.
1003: <li>Added a meta viewport element to "-T html" output.
1004: <li>Fixed a crash with "-T man" when an input file contains
1005: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or
1006: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input.
1007: <li>Fixed a crash in <a
1008: href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>
1009: when a manpath directory contains a symbolic link
1010: that points to a directory.
1011: </ul>
1.1 benno 1012:
1013: <li>Ports and packages:
1014: <p>Many pre-built packages for each architecture:
1015: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1016: <ul style="column-count: 3">
1.10 naddy 1017: <li>aarch64: 11034
1.9 naddy 1018: <li>amd64: 11325
1.1 benno 1019: <li>arm: ...
1.10 naddy 1020: <li>i386: 10248
1.78 visa 1021: <li>mips64: 9311
1.1 benno 1022: <li>mips64el: ...
1023: <li>powerpc: ...
1.10 naddy 1024: <li>powerpc64: 9273
1.45 naddy 1025: <li>sparc64: 9636
1.1 benno 1026: </ul>
1027:
1028: <p>Some highlights:
1029: <ul style="column-count: 3">
1.2 jsg 1030: <li>Asterisk 18.6.0
1.1 benno 1031: <li>Audacity 2.4.2
1.2 jsg 1032: <li>CMake 3.20.3
1033: <li>Chromium 93.0.4577.82
1.1 benno 1034: <li>Emacs 27.2
1.2 jsg 1035: <li>FFmpeg 4.4
1036: <li>GCC 8.4.0 and 11.2.0
1037: <li>GHC 8.10.6
1038: <li>GNOME 40.4
1039: <li>Go 1.17
1040: <li>JDK 8u302, 11.0.12 and 16.0.2
1041: <li>KDE Applications 21.08.1
1042: <li>KDE Frameworks 5.85.0
1043: <li>Krita 4.4.8
1044: <li>LLVM/Clang 11.1.0
1.7 jsg 1045: <li>LibreOffice 7.2.1.2
1.1 benno 1046: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.2 jsg 1047: <li>MariaDB 10.6.4
1.1 benno 1048: <li>Mono 6.12.0.122
1.2 jsg 1049: <li>Mozilla Firefox 92.0 and ESR 91.1.0
1.7 jsg 1050: <li>Mozilla Thunderbird 91.1.1
1.2 jsg 1051: <li>Mutt 2.1.3 and NeoMutt 20210205
1052: <li>Node.js 12.22.6
1.1 benno 1053: <li>OCaml 4.10.0
1.2 jsg 1054: <li>OpenLDAP 2.4.59
1055: <li>PHP 7.3.30, 7.4.23 and 8.0.10
1.7 jsg 1056: <li>Postfix 3.5.12
1.2 jsg 1057: <li>PostgreSQL 13.4
1058: <li>Python 2.7.18, 3.8.12 and 3.9.7
1059: <li>Qt 5.15.2 and 6.0.4
1060: <li>R 4.1.1
1061: <li>Ruby 2.6.8, 2.7.4 and 3.0.2
1062: <li>Rust 1.55.0
1063: <li>SQLite 3.35.5
1.1 benno 1064: <li>Shotcut 21.01.29
1.2 jsg 1065: <li>Sudo 1.9.7p2
1066: <li>Suricata 6.0.2
1.1 benno 1067: <li>Tcl/Tk 8.5.19 and 8.6.8
1068: <li>TeX Live 2020
1.2 jsg 1069: <li>Vim 8.2.3394 and Neovim 0.5.0
1.1 benno 1070: <li>Xfce 4.16
1071: </ul>
1072: <p>
1073:
1074: <li>As usual, steady improvements in manual pages and other documentation.
1075:
1076: <li>The system includes the following major components from outside suppliers:
1077: <ul>
1.2 jsg 1078: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
1.5 jsg 1079: freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
1.2 jsg 1080: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1081: <li>LLVM/Clang 11.1.0 (+ patches)
1.1 benno 1082: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1083: <li>Perl 5.32.1 (+ patches)
1.2 jsg 1084: <li>NSD 4.3.7
1085: <li>Unbound 1.13.2
1.1 benno 1086: <li>Ncurses 5.7
1087: <li>Binutils 2.17 (+ patches)
1088: <li>Gdb 6.3 (+ patches)
1089: <li>Awk December 18, 2020 version
1.2 jsg 1090: <li>Expat 2.4.1
1.1 benno 1091: </ul>
1092:
1093: </ul>
1094: </section>
1095:
1096: <hr>
1097:
1098: <section id=install>
1099: <h3>How to install</h3>
1100: <p>
1101: Please refer to the following files on the mirror site for
1102: extensive details on how to install OpenBSD 7.0 on your machine:
1103:
1104: <ul>
1105: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/alpha/INSTALL.alpha">
1106: .../OpenBSD/7.0/alpha/INSTALL.alpha</a>
1107: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/amd64/INSTALL.amd64">
1108: .../OpenBSD/7.0/amd64/INSTALL.amd64</a>
1109: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/arm64/INSTALL.arm64">
1110: .../OpenBSD/7.0/arm64/INSTALL.arm64</a>
1111: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/armv7/INSTALL.armv7">
1112: .../OpenBSD/7.0/armv7/INSTALL.armv7</a>
1113: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/hppa/INSTALL.hppa">
1114: .../OpenBSD/7.0/hppa/INSTALL.hppa</a>
1115: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/i386/INSTALL.i386">
1116: .../OpenBSD/7.0/i386/INSTALL.i386</a>
1117: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/landisk/INSTALL.landisk">
1118: .../OpenBSD/7.0/landisk/INSTALL.landisk</a>
1119: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/loongson/INSTALL.loongson">
1120: .../OpenBSD/7.0/loongson/INSTALL.loongson</a>
1121: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/luna88k/INSTALL.luna88k">
1122: .../OpenBSD/7.0/luna88k/INSTALL.luna88k</a>
1123: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/macppc/INSTALL.macppc">
1124: .../OpenBSD/7.0/macppc/INSTALL.macppc</a>
1125: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/octeon/INSTALL.octeon">
1126: .../OpenBSD/7.0/octeon/INSTALL.octeon</a>
1127: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/powerpc64/INSTALL.powerpc64">
1128: .../OpenBSD/7.0/powerpc64/INSTALL.powerpc64</a>
1.3 jsg 1129: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/riscv64/INSTALL.riscv64">
1130: .../OpenBSD/7.0/riscv64/INSTALL.riscv64</a>
1.1 benno 1131: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/sparc64/INSTALL.sparc64">
1132: .../OpenBSD/7.0/sparc64/INSTALL.sparc64</a>
1133: </ul>
1134: </section>
1135:
1136: <hr>
1137:
1138: <section id=quickinstall>
1139: <p>
1140: Quick installer information for people familiar with OpenBSD, and the use of
1141: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1142: If you are at all confused when installing OpenBSD, read the relevant
1143: INSTALL.* file as listed above!
1144:
1145: <h3>OpenBSD/alpha:</h3>
1146:
1147: <p>
1148: If your machine can boot from CD, you can write <i>install70.iso</i> or
1149: <i>cd70.iso</i> to a CD and boot from it.
1150: Refer to INSTALL.alpha for more details.
1151:
1152: <h3>OpenBSD/amd64:</h3>
1153:
1154: <p>
1155: If your machine can boot from CD, you can write <i>install70.iso</i> or
1156: <i>cd70.iso</i> to a CD and boot from it.
1157: You may need to adjust your BIOS options first.
1158:
1159: <p>
1160: If your machine can boot from USB, you can write <i>install70.img</i> or
1161: <i>miniroot70.img</i> to a USB stick and boot from it.
1162:
1163: <p>
1164: If you can't boot from a CD, floppy disk, or USB,
1165: you can install across the network using PXE as described in the included
1166: INSTALL.amd64 document.
1167:
1168: <p>
1169: If you are planning to dual boot OpenBSD with another OS, you will need to
1170: read INSTALL.amd64.
1171:
1172: <h3>OpenBSD/arm64:</h3>
1173:
1174: <p>
1175: Write <i>install70.img</i> or <i>miniroot70.img</i> to a disk and boot from it
1176: after connecting to the serial console. Refer to INSTALL.arm64 for more
1177: details.
1178:
1179: <h3>OpenBSD/armv7:</h3>
1180:
1181: <p>
1182: Write a system specific miniroot to an SD card and boot from it after connecting
1183: to the serial console. Refer to INSTALL.armv7 for more details.
1184:
1185: <h3>OpenBSD/hppa:</h3>
1186:
1187: <p>
1188: Boot over the network by following the instructions in INSTALL.hppa or the
1189: <a href="hppa.html#install">hppa platform page</a>.
1190:
1191: <h3>OpenBSD/i386:</h3>
1192:
1193: <p>
1194: If your machine can boot from CD, you can write <i>install70.iso</i> or
1195: <i>cd70.iso</i> to a CD and boot from it.
1196: You may need to adjust your BIOS options first.
1197:
1198: <p>
1199: If your machine can boot from USB, you can write <i>install70.img</i> or
1200: <i>miniroot70.img</i> to a USB stick and boot from it.
1201:
1202: <p>
1203: If you can't boot from a CD, floppy disk, or USB,
1204: you can install across the network using PXE as described in
1205: the included INSTALL.i386 document.
1206:
1207: <p>
1208: If you are planning on dual booting OpenBSD with another OS, you will need to
1209: read INSTALL.i386.
1210:
1211: <h3>OpenBSD/landisk:</h3>
1212:
1213: <p>
1214: Write <i>miniroot70.img</i> to the start of the CF
1215: or disk, and boot normally.
1216:
1217: <h3>OpenBSD/loongson:</h3>
1218:
1219: <p>
1220: Write <i>miniroot70.img</i> to a USB stick and boot bsd.rd from it
1221: or boot bsd.rd via tftp.
1222: Refer to the instructions in INSTALL.loongson for more details.
1223:
1224: <h3>OpenBSD/luna88k:</h3>
1225:
1226: <p>
1227: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1228: from the PROM, and then bsd.rd from the bootloader.
1229: Refer to the instructions in INSTALL.luna88k for more details.
1230:
1231: <h3>OpenBSD/macppc:</h3>
1232:
1233: <p>
1234: Burn the image from a mirror site to a CDROM, and power on your machine
1235: while holding down the <i>C</i> key until the display turns on and
1236: shows <i>OpenBSD/macppc boot</i>.
1237:
1238: <p>
1239: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1240: /7.0/macppc/bsd.rd</i>
1241:
1242: <h3>OpenBSD/octeon:</h3>
1243:
1244: <p>
1245: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1246: Refer to the instructions in INSTALL.octeon for more details.
1247:
1248: <h3>OpenBSD/powerpc64:</h3>
1249:
1250: <p>
1251: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
1252: USB stick, plug it into the machine and choose the <i>OpenBSD
1253: install</i> menu item in Petitboot.
1254: Refer to the instructions in INSTALL.powerpc64 for more details.
1255:
1.3 jsg 1256: <h3>OpenBSD/riscv64:</h3>
1.1 benno 1257:
1258: <p>
1.3 jsg 1259: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
1260: USB stick, and boot with that drive plugged in.
1261: Make sure you also have the microSD card plugged in that shipped with the
1262: HiFive Unmatched board.
1263: Refer to the instructions in INSTALL.riscv64 for more details.
1.1 benno 1264:
1265: <h3>OpenBSD/sparc64:</h3>
1266:
1267: <p>
1268: Burn the image from a mirror site to a CDROM, boot from it, and type
1269: <i>boot cdrom</i>.
1270:
1271: <p>
1272: If this doesn't work, or if you don't have a CDROM drive, you can write
1273: <i>floppy70.img</i> or <i>floppyB70.img</i>
1274: (depending on your machine) to a floppy and boot it with <i>boot
1275: floppy</i>. Refer to INSTALL.sparc64 for details.
1276:
1277: <p>
1278: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1279: will most likely fail.
1280:
1281: <p>
1282: You can also write <i>miniroot70.img</i> to the swap partition on
1283: the disk and boot with <i>boot disk:b</i>.
1284:
1285: <p>
1286: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1287: </section>
1288:
1289: <hr>
1290:
1291: <section id=upgrade>
1292: <h3>How to upgrade</h3>
1293: <p>
1.4 jsg 1294: If you already have an OpenBSD 6.9 system, and do not want to reinstall,
1.1 benno 1295: upgrade instructions and advice can be found in the
1296: <a href="faq/upgrade70.html">Upgrade Guide</a>.
1297: </section>
1298:
1299: <hr>
1300:
1301: <section id=sourcecode>
1302: <h3>Notes about the source code</h3>
1303: <p>
1304: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1305: This file contains everything you need except for the kernel sources,
1306: which are in a separate archive.
1307: To extract:
1308: <blockquote><pre>
1309: # <kbd>mkdir -p /usr/src</kbd>
1310: # <kbd>cd /usr/src</kbd>
1311: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1312: </pre></blockquote>
1313: <p>
1314: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1315: This file contains all the kernel sources you need to rebuild kernels.
1316: To extract:
1317: <blockquote><pre>
1318: # <kbd>mkdir -p /usr/src/sys</kbd>
1319: # <kbd>cd /usr/src</kbd>
1320: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1321: </pre></blockquote>
1322: <p>
1323: Both of these trees are a regular CVS checkout. Using these trees it
1324: is possible to get a head-start on using the anoncvs servers as
1325: described <a href="anoncvs.html">here</a>.
1326: Using these files
1327: results in a much faster initial CVS update than you could expect from
1328: a fresh checkout of the full OpenBSD source tree.
1329: </section>
1330:
1331: <hr>
1332:
1333: <section id=ports>
1334: <h3>Ports Tree</h3>
1335: <p>
1336: A ports tree archive is also provided. To extract:
1337: <blockquote><pre>
1338: # <kbd>cd /usr</kbd>
1339: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1340: </pre></blockquote>
1341: <p>
1342: Go read the <a href="faq/ports/index.html">ports</a> page
1343: if you know nothing about ports
1344: at this point. This text is not a manual of how to use ports.
1345: Rather, it is a set of notes meant to kickstart the user on the
1346: OpenBSD ports system.
1347: <p>
1348: The <i>ports/</i> directory represents a CVS checkout of our ports.
1349: As with our complete source tree, our ports tree is available via
1350: <a href="anoncvs.html">AnonCVS</a>.
1351: So, in order to keep up to date with the -stable branch, you must make
1352: the <i>ports/</i> tree available on a read-write medium and update the tree
1353: with a command like:
1354: <blockquote><pre>
1355: # <kbd>cd /usr/ports</kbd>
1356: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_0</kbd>
1357: </pre></blockquote>
1358: <p>
1359: [Of course, you must replace the server name here with a nearby anoncvs
1360: server.]
1361: <p>
1362: Note that most ports are available as packages on our mirrors. Updated
1363: ports for the 7.0 release will be made available if problems arise.
1364: <p>
1365: If you're interested in seeing a port added, would like to help out, or just
1366: would like to know more, the mailing list
1367: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1368: </section>