Annotation of www/70.html, Revision 1.92
1.1 benno 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.0</title>
6: <meta name="description" content="OpenBSD 7.0">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/70.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.0
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
1.91 deraadt 20: <a href="images/StarryPointers.png">
21: <img width="227" height="303" src="images/StarryPointers-s.png" alt="Starry Pointers"></a>
1.1 benno 22: <td>
1.61 benno 23: Released Oct 14, 2021. (51st OpenBSD release)<br>
1.1 benno 24: Copyright 1997-2021, Theo de Raadt.<br>
25: <br>
26: 7.0 Song:
1.80 deraadt 27: <a href="lyrics.html#70">"The Style Hymn"</a>.
1.1 benno 28: <br>
1.79 deraadt 29: Artwork by Natasha Allegri.
1.1 benno 30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <code class=reldir>pub/OpenBSD/7.0/</code> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata70.html">the 7.0 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus70.html">detailed log of changes</a> between the
1.4 jsg 39: 6.9 and 7.0 releases.
1.1 benno 40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<p>
43:
44: <table class=signify>
45: <tr><td>
46: openbsd-70-base.pub:
47: <td>
48: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/openbsd-70-base.pub">
49: RWR3KL+gSr4QZ5mOvKhcOOgGe61ogHp5PyBOj2RrmyCpqchk9A7NVPzh</a>
50: <tr><td>
51: openbsd-70-fw.pub:
1.11 deraadt 52: <td>
1.1 benno 53: RWS8nd7vy+I+fRHtnpxVBeX+P+9rBqJMPvSU6z8LYyAv5p73WcdFXs3B
54: <tr><td>
55: openbsd-70-pkg.pub:
1.11 deraadt 56: <td>
1.1 benno 57: RWR3iauEtA8/bLN/zfIQhOc5ramL/fARX72S6xw8BwAUebxik7KioCvL
58: <tr><td>
59: openbsd-70-syspatch.pub:
1.11 deraadt 60: <td>
1.1 benno 61: RWSD33kMDKsQH8j0Q8FzfYk+vsgTKiP8Q5DcrkQQtrZoWg48yxUQgLxU
62: </table>
63: </ul>
64: <p>
65: All applicable copyrights and credits are in the src.tar.gz,
66: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
67: files fetched via <code>ports.tar.gz</code>.
68: </table>
69:
70: <hr>
71:
72: <section id=new>
73: <h3>What's New</h3>
74: <p>
75: This is a partial list of new features and systems included in OpenBSD 7.0.
76: For a comprehensive list, see the <a href="plus70.html">changelog</a> leading
77: to 7.0.
78:
79: <ul>
80:
81: <li>New/extended platforms:
82: <ul>
1.35 benno 83: <li>Added new <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V systems.
1.49 benno 84: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
1.1 benno 85: <ul>
1.62 kettenis 86: <li>Support for Apple Silicon Macs has improved but is not ready for general use yet:
87: <ul>
88: <li>Added support for installing on a disk with a GPT.
89: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
90: <li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
91: <li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
1.89 namn 92: <li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a>, a driver for the Apple GPIO controller found on the M1 SoCs.
1.62 kettenis 93: <li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
94: <li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
95: </ul>
1.29 benno 96: <li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
97: <li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
1.35 benno 98: <li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
1.1 benno 99: </ul>
1.35 benno 100: <li>Changes on other architectures:
1.29 benno 101: <ul>
1.49 benno 102: <li>Switched <a href="macppc.html">macppc</a> to use <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a>.
1.35 benno 103: <li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
1.49 benno 104: <li>Made <a href="amd64.html">amd64</a> hw.setperf percentages proportional to the enhanced
1.35 benno 105: speed step frequencies on Intel processors. The default hw.setperf=99
106: corresponds to the maximum ordinary speed, and setting it to 100
107: enables turbo mode.
1.33 benno 108: <li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
1.35 benno 109: <li>Disabled base-gcc on amd64.
110: <li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
1.33 benno 111: <li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
1.49 benno 112: <li>Forced <a href="luna88k.html">luna88k</a> to use the serial console when no graphics board is found.
113: <li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
114: <li>Fixed strchr() and strrchr() on <a href="mips64.html">mips64</a>.
1.46 benno 115: <li>Prevented watchdog resets on some i.MX 64-bit machines with a
116: recent U-Boot and watchdog enabled on boot in <a
117: href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
1.35 benno 118: <li>Created audio devices on <a href="armv7.html">armv7</a>.
1.49 benno 119: <li>Retired OpenBSD/<a href="sgi.html">sgi</a> platform.
120: <li>Enabled MSI-X support for <a href="powerpc64.html">powerpc64</a>.
1.33 benno 121: <li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
122: <li>Increased the maximum data size on powerpc64 to 32GB.
1.54 jsg 123: <li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB on amd64.
1.56 jsg 124: <li>Added <a href="https://man.openbsd.org/cduart.4">cduart(4)</a> driver for Cadence Universal Asynchronous Receiver/Transmitter on armv7.
125: <li>Added <a href="https://man.openbsd.org/armv7/zqclock.4">zqclock(4)</a> driver for Xilinx Zynq-7000 clock controller on armv7.
126: <li>Added <a href="https://man.openbsd.org/armv7/zqreset.4">zqreset(4)</a> driver for Xilinx Zynq-7000 reset controller on armv7.
1.1 benno 127: </ul>
1.41 benno 128: </ul>
1.1 benno 129:
130: <li>Various kernel improvements:
131: <ul>
1.57 dv 132: <li>Unlocked the top part of the VM fault handler on i386.
1.35 benno 133: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64.
134: <li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
135: <li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
1.46 benno 136: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
137: display of time spent in userland when analyzing the kernel stack in
138: the flame graph tool and fixed a parsing bug.
139: <li>Introduced /etc/<a
140: href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>,
141: which can be used to configure the kernel using <a
142: href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of
143: KARL while making changes to the GENERIC kernel.
1.53 jsg 144: <li>Identify TPM 2.0 devices and perform the 2.0-specific
145: suspend command, allowing the ThinkPad X1 Carbon Gen 9 and
146: ThinkPad X1 Nano with the latest BIOS (which added S3) to resume.
1.25 benno 147: <li>Changed the printing of the hibernate image size from bytes to megabytes.
148: <li>Increased hibernate writeout speed.
149: <li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
150: <li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
1.46 benno 151: <li>Delayed installation of sensors until a device with battery
152: support is connected, allowing <a
153: href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up
154: hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>
155: devices.
1.25 benno 156: <li>Prevented a kernel panic after VFS shutdown.
157: <li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
158: <li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
159: <li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
1.46 benno 160: <li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a>
161: errno handling to match what Mesa expects and prevent failure to
162: properly report timeouts.
1.25 benno 163: <li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
1.46 benno 164: <li>Increased the default buffer space on PF_UNIX sockets to 8k and
165: made the values tuneable via <a
166: href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
167: <li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
168: timer re-addition reset an existing timer to use the new timeout
169: period.
170: <li>In the build system, pass make flags to kernel and lib builds,
171: making hacking on ramdisks/the installer much faster.
1.1 benno 172: </ul>
173:
174: <li>SMP Improvements
175: <ul>
1.24 benno 176: <li>Made pmap_extract() mpsafe on hppa and amd64.
1.46 benno 177: <li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code
178: to prevent waiting on non-running CPUs.
1.24 benno 179: <li>Made anonymous object reference counting independent from the KERNEL_LOCK().
180: <li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
181: <li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
182: <li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
183: <li>Used so_lock to protect key management (PF_KEY) sockets.
1.75 mvs 184: <li>Used so_lock to protect routing (PF_ROUTE) sockets.
1.24 benno 185: <li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
186: <li>Unlocked the top part of the fault handler.
1.1 benno 187: </ul>
188:
189: <li>Direct Rendering Manager
190: <ul>
1.8 jsg 191: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
192: to Linux 5.10.65
193: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
194: better support for Tiger Lake
195: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
196: support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
197: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
198: support for Cezanne "Green Sardine" Ryzen 5000 APU
1.1 benno 199: </ul>
200:
201: <li>VMM/VMD improvements
202: <ul>
1.46 benno 203: <li>Added a theoretical limit of 512 to the number of allocated vcpus
204: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.19 benno 205: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
206: <li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
1.86 deraadt 207: <li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large DHCP packets on local interfaces.
1.19 benno 208: <li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
209: <li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
210: <li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
211: <li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
1.46 benno 212: <li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
213: client "wait" state corruption in <a
214: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is
215: canceled and restarted, allowing multiple waiting clients.
1.19 benno 216: <li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
1.60 schwarze 217: <li>Unlocked the kernel in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> ioctl handlers and introduced vcpu locks
1.1 benno 218: </ul>
219:
220: <li>Various new userland features:
221: <ul>
1.46 benno 222:
223: <li>Imported <a
224: href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from
225: NetBSD. timeout(1) can be used to run commands with a time limit.
226: <li>Added include and exclude options to <a
1.72 krw 227: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
1.46 benno 228: <li>Implemented reporting of supplemental groups in <a
229: href="https://man.openbsd.org/ps.1">ps(1)</a>.
230: <li>Added indication of whether an <a
231: href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable
232: for a startup file.
233: <li>Added "dired-jump" command to <a
234: href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer
235: containing the current buffer's directory location.
1.36 benno 236: </ul>
237:
238: <li>Various bugfixes and tweaks in userland:
239: <ul>
1.46 benno 240: <li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to
241: retry up to 3 times on password authentication failure.
242: <li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal
243: handler functions async-signal-safe.
244: <li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to
245: consider two files sharing the same inode identical.
246: <li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
1.58 schwarze 247: login when ~/.Xauthority does not exist.
248: <li>Disabled building all of the non-unicode fonts in Xenocara
249: except for ISO8859-1.
1.46 benno 250: <li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a>
251: to use stderr for printer error and informational messages. This
252: allows easier parsing of what passwd(1) is doing if spawned from a
253: GUI.
254: <li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a>
255: per-device values when <a
256: href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time
257: mode ('b'), not normalizing based on the sleep interval.
1.17 benno 258: <li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
1.46 benno 259: <li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard
260: the current input line when Ctrl-C is used during line editing and
261: provide a fresh prompt rather than exiting the program.
1.59 schwarze 262: <li>Let <a href="https://man.openbsd.org/el_gets.3">el_gets(3)</a>
263: honour the first Ctrl-C typed by the user rather than
264: ignoring it.
1.46 benno 265: <li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F
266: null string behavior to ensure -F '' behaves consistently with -v
267: FS="".
268: <li>Avoided a potential buffer overflow in backslash escaping in <a
269: href="https://man.openbsd.org/awk.1">awk(1)</a>.
270: <li>Disallowed the use of an empty list between "while" and "do" in
271: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
272: <li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
273: maximization and full-screen mode toggling to keep the cursor within
274: the window, preventing focus loss.
275: <li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly
1.58 schwarze 276: attempt an early mount of /var/log in case someone has created
277: it as a separate filesystem to avoid /var overflow issues.
1.62 kettenis 278: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
279: to retain essential partitions on various platforms.
280: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
281: for disks with 4K sectors.
1.36 benno 282: <li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT
283: initialization code, making -g independent of -i, leaving four
1.74 krw 284: mutually exclusive initialization options (-i, -g, -u and -A) with the
1.36 benno 285: last option specified executed (allowing the existing -i -g to work as
286: intended).
287: <li>Relaxed criteria for recognizing GPT formatted media, allowing
288: GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical
289: media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
290: <li>Added the ability for <a
291: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize
1.73 krw 292: "BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL" GPT partitions.
1.36 benno 293: <li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
294: -b and -l are treated as 512-byte block counts.
295: <li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
296: -A option to initialize a GPT without removing special boot
297: partitions.
298: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
1.70 krw 299: -b option available to architectures other than amd64 and i386 and extended the
1.36 benno 300: syntax to allow specification of the boot partition type and offset.
301: <li>Adjusted density for partitions on a 4k disk in <a
302: href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and
303: density are not passed on the command line to ensure sufficient inodes
304: to hold a src tree on a 2G fs.
305: <li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
306: <li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a>
307: autoalloc code.
1.54 jsg 308: <li>Corrected various min/max cluster numbers for FAT12/16/32 in <a
309: href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
310: <li>Added libexecinfo, a library providing backtrace functions.
1.58 schwarze 311: <li>Updated C library support for character classification
312: to Unicode 13.0.
1.59 schwarze 313: <li>Let <a href="https://man.openbsd.org/wcwidth.3">wcwidth(3)</a>
314: treat all characters in Unicode private use areas
315: as single-width, even those in planes 15 and 16.
1.54 jsg 316: <li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
1.59 schwarze 317: <li>Corrected the output of
318: <a href="https://man.openbsd.org/date.1">date(1)</a> -f %s
319: which was wrongly affected by the local timezone.
1.64 martijn 320: <li>Turn printing additional information into toggles for <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
1.1 benno 321: </ul>
322:
323: <li>Improved hardware support and driver bugfixes, including:
324: <ul>
1.15 benno 325: <li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
1.53 jsg 326: <li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo ThinkPads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
1.15 benno 327: <li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
328: <li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
329: <li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
1.68 anton 330: <li>Added
331: <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>,
332: a driver for USB HID Consumer Control keyboards.
333: Often used to expose volume, audio and application launch keys.
334: Volume keys are handled by the kernel and all other keys are
335: propagated to X11 and the console through
1.77 anton 336: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>.
1.15 benno 337: <li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
338: <li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
339: <li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
340: <li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
341: <li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
342: <li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
343: <li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
344: <li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
345: <li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
346: <li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
347: <li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
348: <li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
349: <li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
350: <li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
351: <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
352: <li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
1.53 jsg 353: <li>Added quirk to enable ThinkPad X1 Extreme 1 speakers and Dolby Atmos in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
1.16 benno 354: <li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
1.57 dv 355: <li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
1.1 benno 356: </ul>
357:
358: <li>New or improved network hardware support:
359: <ul>
1.33 benno 360: <li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
1.52 jsg 361: <li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB Ethernet devices.
362: <li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe Ethernet adapters.
1.55 mglocker 363: <li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board Ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a>, fixing <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
1.35 benno 364: <li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
1.33 benno 365: <li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
366: <li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
1.63 jmatthew 367: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
368: <li>Fixed <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> with a single queue in MSI-X mode.
1.1 benno 369: </ul>
370:
371: <li>Added or improved wireless network drivers:
372: <ul>
1.89 namn 373: <li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which is done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
1.27 benno 374: <li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
375: <li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
376: <li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
377: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
378: <li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
379: <li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
380: <li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
381: <li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
382: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
383: <li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
384: <li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
385: <li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
386: <li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
387: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
388: <li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
389: <li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
390: <li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
391: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
392: <li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
1.89 namn 393: <li>Worked around a problem between certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware running in HostAP mode and clients that use Tx aggregation.
1.27 benno 394: <li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
395: <li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
396: <li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
397: <li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
398: <li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
1.1 benno 399: </ul>
400:
401: <li>IEEE 802.11 wireless stack improvements and bugfixes:
402: <ul>
1.37 benno 403: <li>Drop fragmented 802.11 frames.
404: <li>Prevent frame injection via forged 802.11n A-MSDUs.
1.27 benno 405: <li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
1.1 benno 406: </ul>
407:
408: <li>Generic network stack improvements and bugfixes:
409: <ul>
1.22 benno 410: <li>Implemented reception of "VLAN 0 priority tagged" packets.
411: <li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
1.37 benno 412: <li>Display provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.1 benno 413: </ul>
414:
415: <li>Installer and upgrade improvements:
416: <ul>
1.47 benno 417: <li>Checked the installer's /tmp/i/hostname.* files for a configured
418: IP address so that configurations without a broadcast address are
419: detected as well.
1.26 benno 420: <li>Handled "inet autoconf" in the ramdisk.
1.47 benno 421: <li>Introduced a short wait in <a
422: href="https://man.openbsd.org/rc.8">rc(8)</a> after <a
423: href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes
424: until an IPv4 or IPv6 default route is present before continuing boot.
425: Fixed setups depending on working network and DNS resolution during
426: early boot when using autoconfiguration (<a
427: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a
428: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
429: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
430: always create an EFI SYS partition if the -b option is specified when
431: initializing a GPT.
432: <li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a
433: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple
434: APFS ISC partition is detected and fdisk -ig otherwise. Created EFI
435: SYS boot partitions only on ROOTDISK GPT disks.
436: <li>Added <a
437: href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p"
438: to prepare by creating a new filesystem on the partition reserved for
439: the bootloader on relevant architectures.
440: <li>Added GPT support to <a href="armv7.html">armv7</a> <a
441: href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
442: <li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and
443: RAMDISK kernels.
444: <li>Use <a
445: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
446: arm64 ramdisks.
447: <li>Enable <a
448: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> on
449: ramdisks, and activate <a
450: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, replacing <a
451: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
1.66 landry 452: <li>Enable <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
453: to configure nameservers on ramdisks.
1.47 benno 454: </ul>
1.1 benno 455:
456: <li>Security improvements:
457: <ul>
1.16 benno 458: <li>Moved objcopy to base set to allow KARL to work on all installs.
1.47 benno 459: <li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
460: calls to xterm in the case where there are no exec-formatted or
461: exec-selected resources set.
462: <li>Changed usage of %n from a syslog warning to syslog and abort for
463: <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and
464: associated variants).
1.16 benno 465: <li>Made kernel stop all threads when terminating via pledge_fail().
1.1 benno 466: </ul>
467:
468: <li>Routing daemons and other userland network improvements:
469: <ul>
1.47 benno 470: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
471: daemon saw the following changes:
1.1 benno 472: <ul>
1.38 benno 473: <li>Stop processing queued UPDATES when the max-prefix limit was reached.
474: <li>Improved negotiation for route refresh, graceful restart and
475: multi-protocol capabilities
476: <li>Correctly track 'rde evaluate all' and 'export' settings during reload.
477: <li>Properly withdraw prefixes when 'rde evaluate all' is used.
478: <li>Fixed MRT handling on initial startup for message dump types.
479: <li>Fixed and use non-blocking connect for RTR sessions.
480: <li>Fully implemented RFC 6286 by checking for BGP ID collisions.
481: <li>Adjusted the 4-byte AS number handling to RFC 6793 by changing error
1.89 namn 482: behaviour from prefix withdraw to attribute discard.
1.39 benno 483: <li>In <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print out both the sent "Neighbor capabilities" and the
1.38 benno 484: "Negotiated capabilities" for a session.
485: <li>Print timestamps both as a formatted and a pure time in seconds
1.84 deraadt 486: field in various JSON objects.
1.39 benno 487: <li>Fixed a bug, where during <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> config reloads prefixes of the
1.38 benno 488: wrong address family could leak to peers resulting in session resets.
1.89 namn 489: <li>Added support for RFC 7313 - Enhanced Route Refresh.
490: Disabled by default. To enable, use 'announce enhanced refresh yes'.
1.38 benno 491: <li>Improved output of Adj-RIB-Out by updating nexthop and ASPATH before
492: adding the prefix to the RIB. This improves `bgpctl show rib out`
493: output.
1.47 benno 494: <li>Added command line option to both <a
495: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a
496: href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> to show the
497: version.
1.51 fcambus 498: <li>Added support for RFC 9072 - Extended Optional Parameters Length for
1.38 benno 499: BGP OPEN Message
500: <li>Added support for RFC 8050 - MRT Format with BGP Additional Path Extensions
501: <li>Implemented receive side of RFC 7911 - Advertisement of Multiple Paths
502: in BGP. OpenBGPD is currently not able to send multiple paths out.
503: <li>Improved checks of VRPs loaded via RTR or from the roa-set table.
1.84 deraadt 504: <li>Allowed optionally specifying an expiry time for roa-set entries to
1.38 benno 505: mitigate BGP route decision making based on outdated RPKI data.
506: OpenBGPD's companion rpki-client(8) produces roa-sets with the
507: new 'expires' property
1.1 benno 508: </ul>
509:
510: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
511: <ul>
1.34 benno 512: <li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
513: <li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
514: <li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
515: <li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
516: <li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
517: <li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
1.1 benno 518: </ul>
519:
520: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
521: <ul>
1.20 benno 522: <li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
523: <li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
524: <li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
525: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
526: <li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
527: <li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
1.39 benno 528: <li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
529: <li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
1.1 benno 530: </ul>
531:
532: <li><a
533: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
534: received the following new features and bugfixes:
535: <ul>
1.39 benno 536: <li>Added keep-alive support to the HTTP client code for RRDP.
537: <li>Reference-count and delete unused files synced via RRDP, as far as
538: possible.
539: <li>In the JSON output, changed the AS Number from a string ("AS123") to
1.89 namn 540: an integer ("123") to make processing of the output easier.
1.39 benno 541: <li>Added an 'expires' column to CSV & JSON output, based on certificate
542: and CRL validity times. The 'expires' value can be used to avoid route
543: selection based on stale data when generating VRP sets, when faced
1.71 krw 544: with loss of communication between consumer and validator, or
1.84 deraadt 545: validator and CA repository.
1.39 benno 546: <li>Made the runtime timeout (-s option) also trigger in
1.84 deraadt 547: child processes.
548: <li>Improved RRDP support and make RRDP the default protocol for
1.51 fcambus 549: synchronizing the RPKI repository data, with <a
1.39 benno 550: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> used as secondary.
551: <li>At startup, warn if the filesystem containing the cache directory
552: is probably too small.
553: <li>Handle running out of disk space more gracefully, including cleanup
554: of temporary and old files before exiting.
555: <li>Improved the HTTP/1.1 request headers being sent.
556: <li>Improved validation checks for ROA and MFT objects.
557: <li>Improved the HTTP client code (status code handling, http proxy
558: support, keep-alive).
559: <li>In RRDP, do not access URI with userinfo (@-sign)
560: <li>Improved RRDP syncing by considering a notification file serial
561: jumping backwards as synced repository.
562: <li>Made -R (rsync only) also apply to the fetching of TA files.
563: <li>Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others.
1.47 benno 564: <li>When producing output for <a
565: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, make use of the
566: 'roa-set expires' attribute to prevent machines from loading outdated
567: roa-sets.
1.39 benno 568: <li>In RRDP, limited the number of deltas to 300 per repo. If more deltas
569: exist, downloading a full snapshot is faster.
1.83 tj 570: <li>Limited the validation depth of X.509 certificate chains to 12, double
1.39 benno 571: the current depth seen in RPKI.
1.1 benno 572: </ul>
573:
1.41 benno 574: <li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved:
1.1 benno 575: <ul>
1.41 benno 576: <li>Probe packets are now sent in quick succession and responses handled asynchronously.</li>
1.60 schwarze 577: <li>DNS lookups are performed asynchronously.
1.41 benno 578: This speeds up the time required to display results considerably.
1.1 benno 579: </ul>
580:
1.41 benno 581: <li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made
582: the default program for configuring IPv4 addresses via DHCP. <a
583: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated
584: to handle concurrent changes to <a
585: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by
586: both dhcpleased(8) and <a
587: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br>
1.51 fcambus 588: Additionally these programs saw the following improvements and bugfixes:
1.1 benno 589: <ul>
1.49 benno 590: <li>Changed <a
591: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client
1.86 deraadt 592: identifier transmission to match other DHCP client implementations.
1.49 benno 593: <li>Simplified <a
594: href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and
595: added syntax to match <a
596: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface),
597: allowing one to be aliased to the other.
598: <li>Retried broadcast with <a
599: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
1.86 deraadt 600: DHCP server is unreachable via unicast UDP.
1.49 benno 601: <li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
1.86 deraadt 602: accept DNS proposals for the loopback addresses.
1.49 benno 603: <li>Added to <a
604: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>
605: the ability to ignore routes or nameservers from a lease and to ignore
606: servers entirely.
607: <li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
608: defer to <a
609: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
610: inet autoconf flag is set. When run, dhclient will signal dhcpleased
611: to request a new lease rather than requesting one itself.
612: <li>Fixed potential races in <a
613: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
614: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two
615: processes are configuring the same IP.
616: <li>Added the possibility to send vendor class identifier and client
617: identifier using <a
618: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
619: <li>Made <a
620: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always
621: configure provided routes, regardless of whether the address received
622: in the lease is already configured.
623: <li>Used exclusive locks under /dev/ to ensure single instances of <a
624: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a
625: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
626: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
1.86 deraadt 627: <li>Implemented classless static routes DHCP option in <a
1.49 benno 628: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
629: <li>Added a new "nameserver" command to <a
630: href="https://man.openbsd.org/route.8">route(8)</a>, sending
631: nameserver proposals to <a
1.86 deraadt 632: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the DNS
1.49 benno 633: proposal protocol over the route socket. This command is intended be
634: used to integrate userland triggered nameserver changes, for example
635: by VPN software.
1.1 benno 636: </ul>
637:
638: <li>Changes to snmp related tools:
639: <ul>
1.64 martijn 640: <li>Disable SNMPv1 and SNMPv2c by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
641: <li>Remove default communities from <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
642: <li>Switched default seclevel to enc for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
643: <li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
644: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth to hmac-sha1.
645: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> privacy protocol to AES.
1.21 benno 646: <li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
647: <li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
648: <li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
1.41 benno 649: </ul>
650:
651: <li>Other userland network changes:
652: <ul>
653: <li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
1.85 tj 654: <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
1.21 benno 655: <li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
1.40 benno 656: <li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
657: <li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
1.21 benno 658: <li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
1.23 benno 659: <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
660: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
661: <li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.1 benno 662: </ul>
663: </ul>
664:
665: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
666: <ul>
1.30 benno 667: <li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
668: <li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
669: <li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
670: <li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
671: <li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
672: <li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
673: <li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
674: <li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
675: <li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.1 benno 676: </ul>
677:
678: <li>OpenSMTPD 7.0.0
679: <ul>
1.42 benno 680: <li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
681: <li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
682: <li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
1.1 benno 683: </ul>
684:
1.87 deraadt 685: <li>LibreSSL 3.4.1
1.1 benno 686: <ul>
687: <li>New Features
688: <ul>
1.67 bcook 689: <li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li>
1.83 tj 690: <li>Enabled the new X.509 validator to allow verification of modern certificate chains.
1.1 benno 691: </ul>
692:
693: <li>Portable Improvements
694: <ul>
1.67 bcook 695: <li>Ported continuous integration and test infrastructure to Github actions.</li>
696: <li>Added Universal Windows Platform (UWP) build support.</li>
697: <li>Fixed mingw-w64 builds on newer versions with missing SSP support.</li>
698: <li>Added non-executable stack annotations for CMake builds.</li>
1.1 benno 699: </ul>
700:
701: <li>API and Documentation Enhancements
702: <ul>
1.67 bcook 703: <li>Added the following APIs from OpenSSL
704: <ul>
705: BN_bn2binpad
706: BN_bn2lebinpad
707: BN_lebin2bn
708: EC_GROUP_get_curve
709: EC_GROUP_order_bits
710: EC_GROUP_set_curve
711: EC_POINT_get_affine_coordinates
712: EC_POINT_set_affine_coordinates
713: EC_POINT_set_compressed_coordinates
714: EVP_DigestSign
715: EVP_DigestVerify
716: SSL_CIPHER_find
717: SSL_CTX_get0_privatekey
718: SSL_CTX_get_max_early_data
719: SSL_CTX_get_ssl_method
720: SSL_CTX_set_ciphersuites
721: SSL_CTX_set_max_early_data
722: SSL_CTX_set_post_handshake_auth
723: SSL_SESSION_get0_cipher
724: SSL_SESSION_get_max_early_data
725: SSL_SESSION_is_resumable
726: SSL_SESSION_set_max_early_data
727: SSL_get_early_data_status
728: SSL_get_max_early_data
729: SSL_read_early_data
730: SSL_set0_rbio
731: SSL_set_ciphersuites
732: SSL_set_max_early_data
733: SSL_set_post_handshake_auth
734: SSL_set_psk_use_session_callback
735: SSL_verify_client_post_handshake
736: SSL_write_early_data
737: </ul>
738: <li>Added AES-GCM constants from RFC 7714 for SRTP.</li>
1.1 benno 739: </ul>
740:
741: <li>Compatibility Changes
742: <ul>
1.67 bcook 743: <li>Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.</li>
744: <li>Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay.</li>
745: <li>Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.</li>
746: <li>Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.</li>
1.1 benno 747: </ul>
748:
749: <li>Testing and Proactive Security
750: <ul>
1.67 bcook 751: <li>Added additional state machine test coverage.</li>
1.76 beck 752: <li>Improved integration test support with ruby/openssl tests.</li>
1.83 tj 753: <li>Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests.</li>
1.1 benno 754: </ul>
755:
756: <li>Internal Improvements
1.67 bcook 757: <ul>
1.83 tj 758: <li>Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes
1.76 beck 759: and callback support compatible with the legacy OpenSSL validator.
1.1 benno 760: </ul>
761: </ul>
762:
1.81 deraadt 763: <li>OpenSSH 8.8
764: <ul>
765: <li>Security
766: <ul>
767: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: OpenSSH
768: 8.5 introduced the LogVerbose keyword. When this option was
769: enabled with a set of patterns that activated logging in code
770: that runs in the low-privilege sandboxed sshd process, the log
771: messages were constructed in such a way that printf(3) format
772: strings could effectively be specified the low-privilege code.
773: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a> from
774: OpenSSH 6.2 through 8.7 failed to correctly initialise
775: supplemental groups when executing an AuthorizedKeysCommand or
776: AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser
777: or AuthorizedPrincipalsCommandUser directive has been set to
778: run the command as a different user.
779: </ul>
780: <li>Potentially incompatible changes
781: <ul>
782: <li>A near-future release of OpenSSH will switch <a
783: href='https://man.openbsd.org/scp.1'>scp(1)</a> from using
784: the legacy scp/rcp protocol to using SFTP by default.
785: <li>This release disables RSA signatures using the SHA-1 hash
786: algorithm by default.
787: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: this
788: release changes the behaviour of remote to remote copies
789: (e.g. "scp host-a:/path host-b:") to transfer through the
790: local host by default. This was previously available via the
791: -3 flag. This mode avoids the need to expose credentials on
792: the origin hop, avoids triplicate interpretation of filenames
793: by the shell (by the local system, the copy origin and the
794: destination) and, in conjunction with the SFTP support for
795: <a href='https://man.openbsd.org/scp.1'>scp(1)</a> mentioned
796: below, allows use of all authentication methods to the remote
797: hosts (previously, only non-interactive methods could be
798: used). A -R flag has been added to select the old behaviour.
799: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/<a
800: href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: both the
801: client and server are now using a stricter configuration file
802: parser. The new parser uses more shell-like rules for quotes,
803: space and escape characters. It is also more strict in
804: rejecting configurations that include options lacking
805: arguments. Previously some options (e.g. DenyUsers) could
806: appear on a line with no subsequent arguments. This release
807: will reject such configurations. The new parser will also
808: reject configurations with unterminated quotes and multiple
809: '=' characters after the option name.
810: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: when using
811: SSHFP DNS records for host key verification, <a
812: href='https://man.openbsd.org/ssh.1'>ssh(1)</a> will verify
813: all matching records instead of just those with the specific
814: signature type requested. This may cause host key verification
815: problems if stale SSHFP records of a different or legacy
816: signature type exist alongside other records for a particular
817: host.
818: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
819: when generating a FIDO key and specifying an explicit
820: attestation challenge (using -Ochallenge), the challenge will
821: now be hashed by the builtin security key middleware. This
822: removes the (undocumented) requirement that challenges be
823: exactly 32 bytes in length and matches the expectations of
824: libfido2.
825: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
826: environment="..." directives in authorized_keys files are now
827: first-match-wins and limited to 1024 discrete environment
828: variable names.
829: </ul>
830:
831: <li>New features
832: <ul>
833: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>:
834: experimental support for transfers using the SFTP protocol as
835: a replacement for the venerable SCP/RCP protocol that it has
836: traditionally used. SFTP offers more predictable filename
837: handling and does not require expansion of glob(3) patterns
838: via the shell on the remote side.
839: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
840: add a protocol extension to support expansion of ~/ and ~user/
841: prefixed paths. This was added to support these paths when
842: used by <a href='https://man.openbsd.org/scp.1'>scp(1)</a>
843: while in SFTP mode.
844: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
845: ForkAfterAuthentication
846: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
847: counterpart to the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> -f flag.
848: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
849: StdinNull directive to
850: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
851: that allows the config file to do the same thing as -n does on
852: the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
853: command- line.
854: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
855: SessionType directive to ssh_config, allowing the
856: configuration file to offer equivalent control to the -N (no
857: session) and -s (subsystem) command-line flags.
858: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
859: allowed signers files used by
860: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
861: signatures now support listing key validity intervals
1.89 namn 862: alongside the keys, and
1.81 deraadt 863: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
864: can optionally check during signature verification whether a
865: specified time falls inside this interval. This feature is
866: intended for use by git to support signing and verifying
867: objects using ssh keys.
868: <li><a href='https://man.openbsd.org/ssh-keygen.8'>ssh-keygen(8)</a>:
869: support printing of the full public key in a sshsig signature
870: via a -Oprint-pubkey flag.
871: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow the
872: <a
873: href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
874: CanonicalizePermittedCNAMEs directive to accept a "none"
875: argument to specify the default behaviour.
876: </ul>
877:
878: <li>Bugfixes
879: <ul>
880: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
881: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: start
882: time-based re-keying exactly on schedule in the client and
883: server mainloops. Previously the re-key timeout could expire
884: but re-keying would not start until a packet was sent or
885: received, causing a spin in select() if the connection was
886: quiescent.
887: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
888: avoid Y2038 problem in printing certificate validity
889: lifetimes. Dates past 2^31-1 seconds since epoch were
890: displayed incorrectly on some platforms.
891: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: allow
892: spaces to appear in usernames for local to remote and scp -3
893: remote to remote copies.
894: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
895: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: remove
896: references to ChallengeResponseAuthentication in favour of
897: KbdInteractiveAuthentication. The former is what was in SSHv1,
898: the latter is what is in SSHv2 (<a href='https://tools.ietf.org/html/rfc4256'>RFC4256</a>)
899: and they were treated as somewhat but not entirely equivalent. We
900: retain the old name as a deprecated alias so configuration
901: files continue to work as well as a reference in the man page
902: for people looking for it.
903: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
904: <a href='https://man.openbsd.org/ssh-add.1'>ssh-add(1)</a>/
905: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
906: fix decoding of X.509 subject name when extracting a key from
907: a PKCS#11 certificate.
908: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: restore
909: blocking status on stdio fds before close.
910: <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> needs file
911: descriptors in non-blocking mode to operate but it was not
912: restoring the original state on exit. This could cause
913: problems with fds shared with other programs via the shell.
914: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
915: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: switch both
916: client and server mainloops from select(3) to
917: pselect(3). Avoids race conditions where a signal may arrive
918: immediately before select(3) and not be processed until an
919: event fires.
920: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: sessions
921: started with ControlPersist were incorrectly executing a shell
922: when the -N (no shell) option was specified.
923: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: check if
924: IPQoS or TunnelDevice are already set before
925: overriding. Prevents values in config files from overriding
926: values supplied on the command line.
927: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix debug
928: message when finding a private key to match a certificate
929: being attempted for user authentication. Previously it would
930: print the certificate's path, whereas it was supposed to be
931: showing the private key's path.
932: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: match
933: host certificates against host public keys, not private
934: keys. Allows use of certificates with private keys held in a
935: ssh-agent.
936: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
937: workaround for a bug in OpenSSH 7.4 <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>,
938: which allows RSA/SHA2 signatures for public key authentication but
939: fails to advertise this correctly via SSH2_MSG_EXT_INFO. This
940: causes clients of these server to incorrectly match
1.88 deraadt 941: PubkeyAcceptedAlgorithms and potentially refuse to offer
1.81 deraadt 942: valid keys.
943: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>/
944: <a href='https://man.openbsd.org/scp.1'>scp(1)</a>: degrade
945: gracefully if a sftp-server offers the limits@openssh.com
946: extension but fails when the client tries to invoke it.
947: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow
948: ssh_config SetEnv to override $TERM, which is otherwise
949: handled specially by the protocol. Useful in ~/.ssh/config to
950: set TERM to something generic (e.g. "xterm" instead of
951: "xterm-256color") for destinations that lack terminfo entries.
952: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
953: the limits@openssh.com extension was incorrectly marked as an
954: operation that writes to the filesystem, which made it
955: unavailable in sftp-server read-only mode.
956: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix SEGV
957: in UpdateHostkeys debug() message, triggered when the update
1.89 namn 958: removed more host keys than remained present.
1.81 deraadt 959: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: when using
960: the SFTP protocol, continue transferring files after a
961: transfer error occurs, better matching original scp/rcp
962: behaviour.
963: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fixed a
964: number of memory leaks in multiplexing,
965: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
966: avoid crash when using the -Y find-principals command.
967: <li>A number of documentation and manual improvements.
1.1 benno 968: </ul>
1.81 deraadt 969: </ul>
1.59 schwarze 970:
971: <li>mandoc 1.14.6
972: <ul>
973: <li>Added a style message about overlong text input lines.
974: <li>Made "-W style" check .Xr links along the full manpath
975: to help validation of non-base manual pages.
976: <li>Supported auto-tagging for ".It Va" in
977: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> documents.
978: <li>Stopped printing two extra blank lines at the top and bottom of
979: <a href="https://man.openbsd.org/man.7">man(7)</a> documents.
980: <li>Supported the CB and CI fonts in
981: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
982: \f font escapes and .ft font requests.
983: <li>Added support for two-character font names (BI, CW, CR, CB, CI)
984: to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
985: layout font modifier.
986: <li>Implemented the
987: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
988: layout modifiers "b" (bold) and "i" (italic)
989: in HTML output mode.
990: <li>Completed support for the "nospaces" option in the
991: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser.
992: <li>Fixed an infinite loop in the
993: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser
994: for some cases of horizontally overlapping horizontal spans.
995: <li>Added a meta viewport element to "-T html" output.
996: <li>Fixed a crash with "-T man" when an input file contains
997: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or
998: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input.
999: <li>Fixed a crash in <a
1000: href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>
1001: when a manpath directory contains a symbolic link
1002: that points to a directory.
1003: </ul>
1.1 benno 1004:
1005: <li>Ports and packages:
1006: <p>Many pre-built packages for each architecture:
1007: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1008: <ul style="column-count: 3">
1.10 naddy 1009: <li>aarch64: 11034
1.9 naddy 1010: <li>amd64: 11325
1.1 benno 1011: <li>arm: ...
1.10 naddy 1012: <li>i386: 10248
1.78 visa 1013: <li>mips64: 9311
1.1 benno 1014: <li>mips64el: ...
1.92 ! naddy 1015: <li>powerpc: 9452
1.10 naddy 1016: <li>powerpc64: 9273
1.90 sthen 1017: <li>riscv64: 8620
1.45 naddy 1018: <li>sparc64: 9636
1.1 benno 1019: </ul>
1020:
1021: <p>Some highlights:
1022: <ul style="column-count: 3">
1.2 jsg 1023: <li>Asterisk 18.6.0
1.1 benno 1024: <li>Audacity 2.4.2
1.2 jsg 1025: <li>CMake 3.20.3
1026: <li>Chromium 93.0.4577.82
1.1 benno 1027: <li>Emacs 27.2
1.2 jsg 1028: <li>FFmpeg 4.4
1029: <li>GCC 8.4.0 and 11.2.0
1030: <li>GHC 8.10.6
1031: <li>GNOME 40.4
1032: <li>Go 1.17
1033: <li>JDK 8u302, 11.0.12 and 16.0.2
1034: <li>KDE Applications 21.08.1
1035: <li>KDE Frameworks 5.85.0
1036: <li>Krita 4.4.8
1037: <li>LLVM/Clang 11.1.0
1.7 jsg 1038: <li>LibreOffice 7.2.1.2
1.1 benno 1039: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.2 jsg 1040: <li>MariaDB 10.6.4
1.1 benno 1041: <li>Mono 6.12.0.122
1.2 jsg 1042: <li>Mozilla Firefox 92.0 and ESR 91.1.0
1.7 jsg 1043: <li>Mozilla Thunderbird 91.1.1
1.2 jsg 1044: <li>Mutt 2.1.3 and NeoMutt 20210205
1045: <li>Node.js 12.22.6
1.1 benno 1046: <li>OCaml 4.10.0
1.2 jsg 1047: <li>OpenLDAP 2.4.59
1048: <li>PHP 7.3.30, 7.4.23 and 8.0.10
1.7 jsg 1049: <li>Postfix 3.5.12
1.2 jsg 1050: <li>PostgreSQL 13.4
1051: <li>Python 2.7.18, 3.8.12 and 3.9.7
1052: <li>Qt 5.15.2 and 6.0.4
1053: <li>R 4.1.1
1054: <li>Ruby 2.6.8, 2.7.4 and 3.0.2
1055: <li>Rust 1.55.0
1056: <li>SQLite 3.35.5
1.1 benno 1057: <li>Shotcut 21.01.29
1.2 jsg 1058: <li>Sudo 1.9.7p2
1059: <li>Suricata 6.0.2
1.1 benno 1060: <li>Tcl/Tk 8.5.19 and 8.6.8
1061: <li>TeX Live 2020
1.2 jsg 1062: <li>Vim 8.2.3394 and Neovim 0.5.0
1.1 benno 1063: <li>Xfce 4.16
1064: </ul>
1065: <p>
1066:
1067: <li>As usual, steady improvements in manual pages and other documentation.
1068:
1069: <li>The system includes the following major components from outside suppliers:
1070: <ul>
1.2 jsg 1071: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
1.5 jsg 1072: freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
1.2 jsg 1073: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1074: <li>LLVM/Clang 11.1.0 (+ patches)
1.1 benno 1075: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1076: <li>Perl 5.32.1 (+ patches)
1.2 jsg 1077: <li>NSD 4.3.7
1078: <li>Unbound 1.13.2
1.1 benno 1079: <li>Ncurses 5.7
1080: <li>Binutils 2.17 (+ patches)
1081: <li>Gdb 6.3 (+ patches)
1082: <li>Awk December 18, 2020 version
1.2 jsg 1083: <li>Expat 2.4.1
1.1 benno 1084: </ul>
1085:
1086: </ul>
1087: </section>
1088:
1089: <hr>
1090:
1091: <section id=install>
1092: <h3>How to install</h3>
1093: <p>
1094: Please refer to the following files on the mirror site for
1095: extensive details on how to install OpenBSD 7.0 on your machine:
1096:
1097: <ul>
1098: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/alpha/INSTALL.alpha">
1099: .../OpenBSD/7.0/alpha/INSTALL.alpha</a>
1100: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/amd64/INSTALL.amd64">
1101: .../OpenBSD/7.0/amd64/INSTALL.amd64</a>
1102: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/arm64/INSTALL.arm64">
1103: .../OpenBSD/7.0/arm64/INSTALL.arm64</a>
1104: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/armv7/INSTALL.armv7">
1105: .../OpenBSD/7.0/armv7/INSTALL.armv7</a>
1106: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/hppa/INSTALL.hppa">
1107: .../OpenBSD/7.0/hppa/INSTALL.hppa</a>
1108: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/i386/INSTALL.i386">
1109: .../OpenBSD/7.0/i386/INSTALL.i386</a>
1110: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/landisk/INSTALL.landisk">
1111: .../OpenBSD/7.0/landisk/INSTALL.landisk</a>
1112: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/loongson/INSTALL.loongson">
1113: .../OpenBSD/7.0/loongson/INSTALL.loongson</a>
1114: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/luna88k/INSTALL.luna88k">
1115: .../OpenBSD/7.0/luna88k/INSTALL.luna88k</a>
1116: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/macppc/INSTALL.macppc">
1117: .../OpenBSD/7.0/macppc/INSTALL.macppc</a>
1118: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/octeon/INSTALL.octeon">
1119: .../OpenBSD/7.0/octeon/INSTALL.octeon</a>
1120: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/powerpc64/INSTALL.powerpc64">
1121: .../OpenBSD/7.0/powerpc64/INSTALL.powerpc64</a>
1.3 jsg 1122: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/riscv64/INSTALL.riscv64">
1123: .../OpenBSD/7.0/riscv64/INSTALL.riscv64</a>
1.1 benno 1124: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/sparc64/INSTALL.sparc64">
1125: .../OpenBSD/7.0/sparc64/INSTALL.sparc64</a>
1126: </ul>
1127: </section>
1128:
1129: <hr>
1130:
1131: <section id=quickinstall>
1132: <p>
1133: Quick installer information for people familiar with OpenBSD, and the use of
1134: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1135: If you are at all confused when installing OpenBSD, read the relevant
1136: INSTALL.* file as listed above!
1137:
1138: <h3>OpenBSD/alpha:</h3>
1139:
1140: <p>
1141: If your machine can boot from CD, you can write <i>install70.iso</i> or
1142: <i>cd70.iso</i> to a CD and boot from it.
1143: Refer to INSTALL.alpha for more details.
1144:
1145: <h3>OpenBSD/amd64:</h3>
1146:
1147: <p>
1148: If your machine can boot from CD, you can write <i>install70.iso</i> or
1149: <i>cd70.iso</i> to a CD and boot from it.
1150: You may need to adjust your BIOS options first.
1151:
1152: <p>
1153: If your machine can boot from USB, you can write <i>install70.img</i> or
1154: <i>miniroot70.img</i> to a USB stick and boot from it.
1155:
1156: <p>
1157: If you can't boot from a CD, floppy disk, or USB,
1158: you can install across the network using PXE as described in the included
1159: INSTALL.amd64 document.
1160:
1161: <p>
1162: If you are planning to dual boot OpenBSD with another OS, you will need to
1163: read INSTALL.amd64.
1164:
1165: <h3>OpenBSD/arm64:</h3>
1166:
1167: <p>
1168: Write <i>install70.img</i> or <i>miniroot70.img</i> to a disk and boot from it
1169: after connecting to the serial console. Refer to INSTALL.arm64 for more
1170: details.
1171:
1172: <h3>OpenBSD/armv7:</h3>
1173:
1174: <p>
1175: Write a system specific miniroot to an SD card and boot from it after connecting
1176: to the serial console. Refer to INSTALL.armv7 for more details.
1177:
1178: <h3>OpenBSD/hppa:</h3>
1179:
1180: <p>
1181: Boot over the network by following the instructions in INSTALL.hppa or the
1182: <a href="hppa.html#install">hppa platform page</a>.
1183:
1184: <h3>OpenBSD/i386:</h3>
1185:
1186: <p>
1187: If your machine can boot from CD, you can write <i>install70.iso</i> or
1188: <i>cd70.iso</i> to a CD and boot from it.
1189: You may need to adjust your BIOS options first.
1190:
1191: <p>
1192: If your machine can boot from USB, you can write <i>install70.img</i> or
1193: <i>miniroot70.img</i> to a USB stick and boot from it.
1194:
1195: <p>
1196: If you can't boot from a CD, floppy disk, or USB,
1197: you can install across the network using PXE as described in
1198: the included INSTALL.i386 document.
1199:
1200: <p>
1201: If you are planning on dual booting OpenBSD with another OS, you will need to
1202: read INSTALL.i386.
1203:
1204: <h3>OpenBSD/landisk:</h3>
1205:
1206: <p>
1207: Write <i>miniroot70.img</i> to the start of the CF
1208: or disk, and boot normally.
1209:
1210: <h3>OpenBSD/loongson:</h3>
1211:
1212: <p>
1213: Write <i>miniroot70.img</i> to a USB stick and boot bsd.rd from it
1214: or boot bsd.rd via tftp.
1215: Refer to the instructions in INSTALL.loongson for more details.
1216:
1217: <h3>OpenBSD/luna88k:</h3>
1218:
1219: <p>
1220: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1221: from the PROM, and then bsd.rd from the bootloader.
1222: Refer to the instructions in INSTALL.luna88k for more details.
1223:
1224: <h3>OpenBSD/macppc:</h3>
1225:
1226: <p>
1227: Burn the image from a mirror site to a CDROM, and power on your machine
1228: while holding down the <i>C</i> key until the display turns on and
1229: shows <i>OpenBSD/macppc boot</i>.
1230:
1231: <p>
1232: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1233: /7.0/macppc/bsd.rd</i>
1234:
1235: <h3>OpenBSD/octeon:</h3>
1236:
1237: <p>
1238: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1239: Refer to the instructions in INSTALL.octeon for more details.
1240:
1241: <h3>OpenBSD/powerpc64:</h3>
1242:
1243: <p>
1244: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
1245: USB stick, plug it into the machine and choose the <i>OpenBSD
1246: install</i> menu item in Petitboot.
1247: Refer to the instructions in INSTALL.powerpc64 for more details.
1248:
1.3 jsg 1249: <h3>OpenBSD/riscv64:</h3>
1.1 benno 1250:
1251: <p>
1.3 jsg 1252: To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
1253: USB stick, and boot with that drive plugged in.
1254: Make sure you also have the microSD card plugged in that shipped with the
1255: HiFive Unmatched board.
1256: Refer to the instructions in INSTALL.riscv64 for more details.
1.1 benno 1257:
1258: <h3>OpenBSD/sparc64:</h3>
1259:
1260: <p>
1261: Burn the image from a mirror site to a CDROM, boot from it, and type
1262: <i>boot cdrom</i>.
1263:
1264: <p>
1265: If this doesn't work, or if you don't have a CDROM drive, you can write
1266: <i>floppy70.img</i> or <i>floppyB70.img</i>
1267: (depending on your machine) to a floppy and boot it with <i>boot
1268: floppy</i>. Refer to INSTALL.sparc64 for details.
1269:
1270: <p>
1271: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1272: will most likely fail.
1273:
1274: <p>
1275: You can also write <i>miniroot70.img</i> to the swap partition on
1276: the disk and boot with <i>boot disk:b</i>.
1277:
1278: <p>
1279: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1280: </section>
1281:
1282: <hr>
1283:
1284: <section id=upgrade>
1285: <h3>How to upgrade</h3>
1286: <p>
1.4 jsg 1287: If you already have an OpenBSD 6.9 system, and do not want to reinstall,
1.1 benno 1288: upgrade instructions and advice can be found in the
1289: <a href="faq/upgrade70.html">Upgrade Guide</a>.
1290: </section>
1291:
1292: <hr>
1293:
1294: <section id=sourcecode>
1295: <h3>Notes about the source code</h3>
1296: <p>
1297: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1298: This file contains everything you need except for the kernel sources,
1299: which are in a separate archive.
1300: To extract:
1301: <blockquote><pre>
1302: # <kbd>mkdir -p /usr/src</kbd>
1303: # <kbd>cd /usr/src</kbd>
1304: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1305: </pre></blockquote>
1306: <p>
1307: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1308: This file contains all the kernel sources you need to rebuild kernels.
1309: To extract:
1310: <blockquote><pre>
1311: # <kbd>mkdir -p /usr/src/sys</kbd>
1312: # <kbd>cd /usr/src</kbd>
1313: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1314: </pre></blockquote>
1315: <p>
1316: Both of these trees are a regular CVS checkout. Using these trees it
1317: is possible to get a head-start on using the anoncvs servers as
1318: described <a href="anoncvs.html">here</a>.
1319: Using these files
1320: results in a much faster initial CVS update than you could expect from
1321: a fresh checkout of the full OpenBSD source tree.
1322: </section>
1323:
1324: <hr>
1325:
1326: <section id=ports>
1327: <h3>Ports Tree</h3>
1328: <p>
1329: A ports tree archive is also provided. To extract:
1330: <blockquote><pre>
1331: # <kbd>cd /usr</kbd>
1332: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1333: </pre></blockquote>
1334: <p>
1335: Go read the <a href="faq/ports/index.html">ports</a> page
1336: if you know nothing about ports
1337: at this point. This text is not a manual of how to use ports.
1338: Rather, it is a set of notes meant to kickstart the user on the
1339: OpenBSD ports system.
1340: <p>
1341: The <i>ports/</i> directory represents a CVS checkout of our ports.
1342: As with our complete source tree, our ports tree is available via
1343: <a href="anoncvs.html">AnonCVS</a>.
1344: So, in order to keep up to date with the -stable branch, you must make
1345: the <i>ports/</i> tree available on a read-write medium and update the tree
1346: with a command like:
1347: <blockquote><pre>
1348: # <kbd>cd /usr/ports</kbd>
1349: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_0</kbd>
1350: </pre></blockquote>
1351: <p>
1352: [Of course, you must replace the server name here with a nearby anoncvs
1353: server.]
1354: <p>
1355: Note that most ports are available as packages on our mirrors. Updated
1356: ports for the 7.0 release will be made available if problems arise.
1357: <p>
1358: If you're interested in seeing a port added, would like to help out, or just
1359: would like to know more, the mailing list
1360: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1361: </section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 70.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www