File: [local] / www / 70.html (download) (as text)
Revision 1.34, Sat Oct 2 13:23:10 2021 UTC (2 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.33: +6 -7 lines
move pf(4) to own section
|
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 7.0</title>
<meta name="description" content="OpenBSD 7.0">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/70.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.0
</h2>
<table>
<tr>
<td>
<a href="images/XXX.png">
<img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
<td>
Released Nov 1, 2021. (51st OpenBSD release)<br>
Copyright 1997-2021, Theo de Raadt.<br>
<br>
7.0 Song:
<a href="lyrics.html#70">XXX</a>.
<br>
Artwork by XXX.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.0/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata70.html">the 7.0 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus70.html">detailed log of changes</a> between the
6.9 and 7.0 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-70-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/openbsd-70-base.pub">
RWR3KL+gSr4QZ5mOvKhcOOgGe61ogHp5PyBOj2RrmyCpqchk9A7NVPzh</a>
<tr><td>
openbsd-70-fw.pub:
<td>
RWS8nd7vy+I+fRHtnpxVBeX+P+9rBqJMPvSU6z8LYyAv5p73WcdFXs3B
<tr><td>
openbsd-70-pkg.pub:
<td>
RWR3iauEtA8/bLN/zfIQhOc5ramL/fARX72S6xw8BwAUebxik7KioCvL
<tr><td>
openbsd-70-syspatch.pub:
<td>
RWSD33kMDKsQH8j0Q8FzfYk+vsgTKiP8Q5DcrkQQtrZoWg48yxUQgLxU
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.0.
For a comprehensive list, see the <a href="plus70.html">changelog</a> leading
to 7.0.
<ul>
<li>New/extended platforms:
<ul>
<li>Added new <a href="riscv64.html">riscv64</a> platform for
64-bit RISC-V systems.
<li>Support for the <a href="powerpc64.html">powerpc64</a> platform was improved:
<ul>
<li>...
</ul>
<li>The arm64 platform support was improved with the following changes:
<ul>
<li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a> driver for the Apple GPIO controller found on the M1 SoCs.
<li>Ensured <a href="https://man.openbsd.org/rkpwm.4">rkpwm(4)</a> can find the clock when using a recent device tree.
<li>Added RK3399 Type-C PHY clocks and PCIe PHY reference clocks to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
<li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
<li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
<li>Ensured (W)hole disk partitioning cannot be used if an "APFS ISC" is found on the disk, required for Apple M1 machines to boot.
<li>Added initial arm64 support for installing on a disk with a GPT.
<li>Added arm64 support for booting from disks with 4k sectors.
<li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
<li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
<li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple APFS ISC partition is detected and fdisk -ig otherwise. Created EFI SYS boot partitions only on ROOTDISK GPT disks.
<li>Relaxed criteria for recognizing GPT formatted media, allowing GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
<li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
<li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
<li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
<li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
</ul>
<li><span style="color:red;">architecture specific changes that need to be sorted</a>
<ul>
<li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
<li>Switched macppc to use <a href="https://man.openbsd.org/ld.lld">ld.lld.1(1)</a>.
<li>Made amd64 hw.setperf percentages proportional to the enhanced speed step frequencies on Intel processors. The default hw.setperf=99 corresponds to the maximum ordinary speed, and setting it to 100 enables turbo mode.
<li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
<li>Forced luna88k to use the serial console when no graphics board is found.
<li>Fixed strchr() and strrchr() on mips64.
<li>Added <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p" to prepare by creating a new filesystem on the partition reserved for the bootloader on relevant architectures.
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on sparc64.
<li>Introduced <a href="https://man.openbsd.org/sfclock.4">sfclock(4)</a>, a driver for the SiFive Power Reset Clocking Interrupt (PRCI).
<li>Introduced <a href="https://man.openbsd.org/sfcc.4">sfcc(4)</a>, a driver for the SiFive level two cache controller.
<li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
<li>Introduced <a href="https://man.openbsd.org/sfuart.4">sfuart(4)</a>, a driver for the SiFive UART, and added support for it as a console.
<li>Added the ability for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize "HiFive! FSBL" and "HiFive! BBL" GPT partitions.
<li>Enabled MSI-X support for powerpc64.
<li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
<li>Added GPT support to armv7 <a href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
<li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
<li>Prevented watchdog resets on some i.MX 64-bit machines with a recent U-Boot and watchdog enabled on boot in <a href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
<li>Created audio devices for armv7.
<li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
<li>Increased the maximum data size on powerpc64 to 32GB.
<li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
<li>Disabled base-gcc on amd64.
<li>Retired OpenBSD/sgi platform.
</ul>
<li>Various kernel improvements:
<ul>
<li>Introduced /etc/<a href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>, which can be used to configure the kernel using <a href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of KARL while making changes to the GENERIC kernel.
<li>Identified TPM2.0 devices and performed the 2.0-specific "suspend" command, allowing the lenovo xlr9 and xlnano using the latest BIOS (which added S3) to resume.
<li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
<li>Changed the printing of the hibernate image size from bytes to megabytes.
<li>Increased hibernate writeout speed.
<li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
<li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
<li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> display of time spent in userland when analyzing the kernel stack in the flame graph tool and fixed a parsing bug.
<li>Fixed suspend/resume of machines with certain <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> hardware.
<li>Delayed installation of sensors until a device with battery support is connected, allowing <a href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> devices.
<li>In the build system, pass make flags to kernel and lib builds, making hacking on ramdisks/the installer much faster.
<li>Prevented a kernel panic after VFS shutdown.
<li>Corrected various min/max cluster numbers for FAT12/16/32 in <a href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
<li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
<li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
<li>Added libexecinfo, a library providing backtrace functions.
<li>Relaxed media length checking to allow EFT GPT partitions to be smaller than the full disk.
<li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
<li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a> errno handling to match what Mesa expects and prevent failure to properly report timeouts.
<li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
<li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB.
<li>Increased the default buffer space on PF_UNIX sockets to 8k and made the values tuneable via <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
<li>Updated en_US.UTF-8.src to Unicode 13.0.
<li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, and powerpc64.
<li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> timer re-addition reset an existing timer to use the new timeout period.
</ul>
<li>SMP Improvements
<ul>
<li>Made pmap_extract() mpsafe on hppa and amd64.
<li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code to prevent waiting on non-running CPUs.
<li>Made anonymous object reference counting independent from the KERNEL_LOCK().
<li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
<li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
<li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
<li>Used so_lock to protect key management (PF_KEY) sockets.
<li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
<li>Unlocked the top part of the fault handler.
</ul>
<li>Direct Rendering Manager
<ul>
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
to Linux 5.10.65
<li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
better support for Tiger Lake
<li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
<li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
support for Cezanne "Green Sardine" Ryzen 5000 APU
</ul>
<li>VMM/VMD improvements
<ul>
<li>Unlocked the top part of the VM fault handler on i386.
<li>Added a theoretical limit of 512 to the number of allocated vcpus in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
<li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
<li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
<li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large dhcp packets on local interfaces.
<li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
<li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> client "wait" state corruption in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is canceled and restarted, allowing multiple waiting clients.
<li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
</ul>
<li>Various new userland features:
<ul>
<li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
<li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to retry up to 3 times on password authentication failure.
<li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal handler functions async-signal-safe.
<li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to consider two files sharing the same inode identical.
<li>Imported <a href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from NetBSD. timeout(1) can be used to run commands with a time limit.
<li>Removed from0 support from <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
<li>Added include and exclude options to <a href="https://man.openbsd.org/rsync.1">rsync(1)</a> usage message.
<li>Implemented reporting of supplemental groups in <a href="https://man.openbsd.org/ps.1">ps(1)</a>.
<li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a> to use stderr for printer error and informational messages. This allows easier parsing of what passwd(1) is doing if spawned from a GUI.
<li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a> per-device values when <a href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time mode ('b'), not normalizing based on the sleep interval.
<li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
<li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard the current input line when Ctrl-C is used during line editing and provide a fresh prompt rather than exiting the program.
<li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT initialization code, making -g independent of -i, leaving four mutually exclusive initialization options (-i, -b, -u and -A) with the last option specified executed (allowing the existing -i -g to work as intended).
<li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F null string behavior to ensure -F '' behaves consistently with -v FS="".
<li>Avoided a potential buffer overflow in backslash escaping in <a href="https://man.openbsd.org/awk.1">awk(1)</a>.
<li>Disallowed the use of an empty list between "while" and "do" in <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
<li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b and -l are treated as 512-byte block counts.
<li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A option to initialize a GPT without removing special boot partitions.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> available to architectures other than amd64 and i386 and extended the syntax to allow specification of the boot partition type and offset.
<li>Adjusted density for partitions on a 4k disk in <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and density are not passed on the command line to ensure sufficient inodes to hold a src tree on a 2G fs.
<li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a> autoalloc code.
<li>Prevented base pkg tools from looking under /usr/local in general. <!-- ??? -->
<li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a> maximization and full-screen mode toggling to keep the cursor within the window, preventing focus loss.
<li>Added indication of whether an <a href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable for a startup file.
<li>Added "dired-jump" command to <a href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer containing the current buffer's directory location.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> login when ~./Xauthority does not exist.
<li>Disabled building all of the non-unicode fonts except for ISO8859-1.
<li>Fix crash in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when a manpath directory contained a symbolic link that pointed to a directory.
<li>Added support for two-character font names (BI, CW, CR, CB, CI) to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> layout font modifier.
<li>Supported auto-tagging for ".It Va" in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Fixed a crash in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> when an input file contains <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input unsupported by -T <a href="https://man.openbsd.org/man.1">man(1)</a> output mode.
<li>Added a meta viewport element to the HTML output for <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> -Thtml.
<li>Implemented the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> layout modifiers "b" (bold) and "i" (italic) in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> HTML output mode.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
<li>Prevented <a href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboards from changing the <a href="https://man.openbsd.org/wsmux.4">wsmux(4)</a> keyboard layout.
<li>Silently ignored invalid requests to change the encoding of a <a href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
<li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo Thinkpads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
<li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
<li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
<li>Fixed a crash with i915 graphics by removing bogus Linux code that tried to deal with something that is impossible on OpenBSD.
<li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
<li>Added <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>, a driver for USB HID Consumer Control keyboards.
<li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
<li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
<li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
<li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
<li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
<li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
<li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
<li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
<li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
<li>Limited the workaround for AMD errata 400 ("APIC Timer Interrupt Does Not Occur in Processor C-States")to family 0fh and 10h.
<li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
<li>Stopped fatal error in <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> on failing to map visible VRAM.
<li>Disabled PPGTT on Intel machines with cherryview/braswell graphics to avoid memory corruption.
<li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
<li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
<li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
<li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
<li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
<li>Enabled all Thinkpad X1 Extreme 1 speakers and atmos dolby in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
<li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB ethernet devices.
<li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe ethernet adapters.
<li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a> and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
<li>Implemented 64-bit DMA mode in <a href="https://man.openbsd.org/cad.4">cad(4)</a>.
<li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
<li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which are done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
<li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
<li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
<li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
<li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
<li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
<li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
<li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
<li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
<li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
<li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
<li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
<li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
<li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
<li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
<li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
<li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Worked around a problem with certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
<li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
<li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
<li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
<li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>Dropped fragmented 802.11 frames.
<li>Prevented frame injection via forged 802.11n A-MSDUs.
<li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
</ul>
<li>Generic network stack improvements and bugfixes:
<ul>
<li>Implemented reception of "VLAN 0 priority tagged" packets.
<li>Added <a href="https://man.openbsd.org/veb.4">veb(4)</a> to the list of pseudo devices that <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> can create.
<li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
<li>Displayed provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
</ul>
<li>Installer and upgrade improvements:
<ul>
<li>Checked the installer's /tmp/i/hostname.* files for a configured IP address so that configurations without a broadcast address are detected as well.
<li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly attempt an early mount of /var/log in case someone has created it to avoid /var overflow issues.
<li>Handled "inet autoconf" in the ramdisk.
<li>Allowed <a href="https://man.openbsd.org/cad.4">cad(4)</a> recognition as boot interface when using netboot, making autoinstall/upgrade work.
<li>Introduced a short wait in <a href="https://man.openbsd.org/rc.8">rc(8)</a> after <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes until an IPv4 or IPv6 default route is present before continuing boot. Fixed setups depending on working network and DNS resolution during early boot when using autoconfiguration (<a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> always create an EFI SYS partition if the -b option is specified when initializing a GPT.
<li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels.
<li>Used <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> on arm64 ramdisks.
<li>Fixed an issue on machines where the EFI memory map has more than 64 entries.
<!-- move fdisk changes related to EFI here, independent of architecture? -->
</ul>
<li>Security improvements:
<ul>
<li>Moved objcopy to base set to allow KARL to work on all installs.
<li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> calls to xterm in the case where there are no exec-formatted or exec-selected resources set.
<li>Changed usage of %n from a syslog warning to syslog and abort for <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and associated variants).
<li>Made kernel stop all threads when terminating via pledge_fail().
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> daemon saw the following changes:
<ul>
<!-- check against and use openbgpd/rpki-client release notes instead? -->
<li>Fixed a memory leak in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<li>Adjusted <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> RIB_GENERIC_ADDPATH MRT message handling to work with other MRT implementations.
<li>Set the <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> x509 validation depth limit to 12 or double the current depth.
<li>Limited <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 300 deltas to sync an RRDP repository rather than fetching a snapshot.
<li>Add add-path support in MRT dumps (RFC8050) to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Added http_proxy support to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> http handler.
<li>Implemented reception of multiple paths per BGP session in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> and made it possible to match on path-id in <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> show rib outputs.
<li>Ensured MRT dumps containing add-path information will be dumped properly by <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> (RFC 8050).
<li>Implemented Extended Optional Parameters Length for BGP OPEN Message (RFC 9072) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, allowing sending of more than 255 bytes of optional parameters.
<li>Defaulted to attempting RRDP first in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -r.
<li>Implemented enhanced route refresh (RFC 7313) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Improved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> graceful restart capability handling.
<li>Limited the number of concurrent RTR connects to 32 in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Added an 'expires' column to CSV & JSON output of <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<li>Added keep-alive support to the <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> HTTP module.
</ul>
<li>...other routing daemons...
<li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
<ul>
<li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
<li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
<li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
<li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
<li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
<li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
</ul>
<li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
<ul>
<li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
<li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
<li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
<li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
<li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
<li>Fixed <a href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
</ul>
<li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements:
<ul>
<li>...
</ul>
<li><a
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
received the following new features and bugfixes:
<ul>
<li>...
</ul>
<li><span style="color:red;">add blurp about awesome traceroute changes!</span>
<ul>
<li>Made <a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> faster by sending probes and doing DNS lookups asynchronously.
</ul>
<li>XXX Two new daemons, <a
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added.
These work alongside with <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a
coherent and simple automatic configuration of network interfaces and
DNS resolution.<br>
The two daemons are not enabled by default for now, but can be tested
by enabling them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>
<ul>
<li>Changed <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client identifier transmission to match other dhcp client implementations.
<li>Simplified <a href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and added syntax to match <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface), allowing one to be aliased to the other.
<li>Retried broadcast with <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the dhcp server is unreachable via unicast UDP.
<li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> accept dns proposals for the loopback addresses.
<li>Added to <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a> the ability to ignore routes or nameservers from a lease and to ignore servers entirely.
<li>Added a new "nameserver" command to <a href="https://man.openbsd.org/route.8">route(8)</a>, sending nameserver proposals to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the dns proposal protocol over the route socket.
<li>Left <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> to <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> rather than recreating after finding nameservers.
<li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> defer to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself.
<li>Fixed potential races in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two processes are configuring the same IP.
<li>Added the possibility to send vendor class identifier and client identifier using <a href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
<li>Made <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always configure provided routes, regardless of whether the address received in the lease is already configured.
<li>Made <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> send rDNS proposals on ramdisks, allowing <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> to learn nameservers and update /etc/resolv.conf with IPv6 resolvers.
<li>Used exclusive locks under /dev/ to ensure single instances of <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
<li>Switched to <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> / <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> in base.
<li>Stopped attempting to install a default route with <a href="https://man.openbsd.org/route.8">route(8)</a> in <a href="https://man.openbsd.org/netstart.8">netstart(8)</a> if using inet autoconf.
<li>Implemented classless static routes dhcp option in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
</ul>
<li>Changes to snmp related tools:
<ul>
<li>...
</ul>
<li>Other userland network changes:
<ul>
<li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
<li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
<li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
<li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
<li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
<li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>Switched default <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth back to hmac-sha1.
<li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<li>Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. Changed default authentication to SHA-256 and privacy protocol to AES in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and <a href="https://man.openbsd.org/snmp.1">snmp(1)</a>.
<li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
<li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
<li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
<li>Added <a href="https://man.openbsd.org/pledge.8">pledge(8)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
<li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
<li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
<li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
<li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
<li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
</ul>
</ul>
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
<ul>
<li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
<li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
<li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
<li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
<li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
</ul>
<li>OpenSMTPD 7.0.0
<ul>
<li>...
</ul>
<li>LibreSSL 3.4.0 XXX
<ul>
<li>New Features
<ul>
<li>...
</ul>
<li>Portable Improvements
<ul>
<li>...
</ul>
<li>API and Documentation Enhancements
<ul>
<li>...
</ul>
<li>Compatibility Changes
<ul>
<li>...
</ul>
<li>Testing and Proactive Security
<ul>
<li>...
</ul>
<li>Internal Improvements
<ul>
<li>...
</ul>
<li>Bug Fixes
<ul>
<li>...
</ul>
</ul>
<li>OpenSSH 8.8 XXX <span style="color:red;">replace with release notes</span>
<li>Corrected <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user.
<li>Fixed the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> "Allocated port" debug message for unix sockets.
<li>Switched <a href="https://man.openbsd.org/scp.1">scp(1)</a> back to using the original scp/rcp protocol by default for release.
<li>Made <a href="https://man.openbsd.org/scp.1">scp(1)</a> SFTP mode (including error logging) more scp-like.
<li>Allowed CanonicalPermittedCNAMEs=none in <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>.
<li>Put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Stopped ignoring SIGINT in <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> while waiting for input if <a href="https://man.openbsd.org/editline.3">editline(3)</a> is not used.
<li>Altered <a href="https://man.openbsd.org/scp">scp(1)</a> to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
<li>Disabled the RSA/SHA-1 signature algorithm by default in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Ensured some programs (including <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>) do not ignore Ctrl-C when awaiting user input.
<li>Added <a href="https://man.openbsd.org/scp.1">scp(1)</a> -O and temporary -s (SFTP) flags to select the sftp protocol.
<li>Made <a href="https://man.openbsd.org/scp.1">scp(1)</a> -3 the default for remote-to-remote copies.
<li>Improved handling of ~ prefixed paths in <a href="https://man.openbsd.org/scp.1">scp(1)</a> in SFTP mode.
<li>Added experimental support for using the SFTP protocol for file transfers in <a href="https://man.openbsd.org/scp.1">scp(1)</a>.
<li>Added a ForkAfterAuthentication directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, equivalent to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> -f.
<li>Added a StdinNull directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> to prevent reading from stdin, equivalent to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> -n.
<li>Let allowed signers files used by <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a> signatures support key lifetimes and verification mode to specify a signature time at which to check.
<li>Added a SessionType directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, equivalent to the -N (no session) and -s (subsystem) command line flags.
<li>Allowed spaces to appear in usernames for <a href="https://man.openbsd.org/scp.1">scp(1)</a> local to remote and scp -3 remote to remote copies.
<li>Prevented a hang in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> when interrupted.
<li>Matched host certificates against host public keys in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, allowing use of certificates with private keys held in an ssh-agent.
<li>Prevented a race condition which could result in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> not shutting down until the next time it receives a new connection.
<li>Allowed <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> SetEnv to override $TERM.
<li>Fixed a segmentation violation in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> in an UpdateHostKezs debug() message when the update removed more host keys than remain present.
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> to restore file descriptors to non-blocking mode on exit.
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> started with ControlPersist incorrectly executing a shell when the -N option was specified.
<ul>
<li>Security fixes
<ul>
<li>...
</ul>
<li>Potentially incompatible changes
<ul>
<li>...
</ul>
<li>New Features
<ul>
<li>...
</ul>
<li>Bugfixes
<ul>
<li>...
</ul>
</ul>
<li>Ports and packages:
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: 11034
<li>amd64: 11325
<li>arm: ...
<li>i386: 10248
<li>mips64: ...
<li>mips64el: ...
<li>powerpc: ...
<li>powerpc64: 9273
<li>sparc64: ...
</ul>
<p>Some highlights:
<ul style="column-count: 3">
<li>Asterisk 18.6.0
<li>Audacity 2.4.2
<li>CMake 3.20.3
<li>Chromium 93.0.4577.82
<li>Emacs 27.2
<li>FFmpeg 4.4
<li>GCC 8.4.0 and 11.2.0
<li>GHC 8.10.6
<li>GNOME 40.4
<li>Go 1.17
<li>JDK 8u302, 11.0.12 and 16.0.2
<li>KDE Applications 21.08.1
<li>KDE Frameworks 5.85.0
<li>Krita 4.4.8
<li>LLVM/Clang 11.1.0
<li>LibreOffice 7.2.1.2
<li>Lua 5.1.5, 5.2.4 and 5.3.6
<li>MariaDB 10.6.4
<li>Mono 6.12.0.122
<li>Mozilla Firefox 92.0 and ESR 91.1.0
<li>Mozilla Thunderbird 91.1.1
<li>Mutt 2.1.3 and NeoMutt 20210205
<li>Node.js 12.22.6
<li>OCaml 4.10.0
<li>OpenLDAP 2.4.59
<li>PHP 7.3.30, 7.4.23 and 8.0.10
<li>Postfix 3.5.12
<li>PostgreSQL 13.4
<li>Python 2.7.18, 3.8.12 and 3.9.7
<li>Qt 5.15.2 and 6.0.4
<li>R 4.1.1
<li>Ruby 2.6.8, 2.7.4 and 3.0.2
<li>Rust 1.55.0
<li>SQLite 3.35.5
<li>Shotcut 21.01.29
<li>Sudo 1.9.7p2
<li>Suricata 6.0.2
<li>Tcl/Tk 8.5.19 and 8.6.8
<li>TeX Live 2020
<li>Vim 8.2.3394 and Neovim 0.5.0
<li>Xfce 4.16
</ul>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
<li>LLVM/Clang 11.1.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.32.1 (+ patches)
<li>NSD 4.3.7
<li>Unbound 1.13.2
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk December 18, 2020 version
<li>Expat 2.4.1
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 7.0 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/alpha/INSTALL.alpha">
.../OpenBSD/7.0/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/amd64/INSTALL.amd64">
.../OpenBSD/7.0/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/arm64/INSTALL.arm64">
.../OpenBSD/7.0/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/armv7/INSTALL.armv7">
.../OpenBSD/7.0/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/hppa/INSTALL.hppa">
.../OpenBSD/7.0/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/i386/INSTALL.i386">
.../OpenBSD/7.0/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/landisk/INSTALL.landisk">
.../OpenBSD/7.0/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/loongson/INSTALL.loongson">
.../OpenBSD/7.0/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/luna88k/INSTALL.luna88k">
.../OpenBSD/7.0/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/macppc/INSTALL.macppc">
.../OpenBSD/7.0/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/octeon/INSTALL.octeon">
.../OpenBSD/7.0/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/powerpc64/INSTALL.powerpc64">
.../OpenBSD/7.0/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/riscv64/INSTALL.riscv64">
.../OpenBSD/7.0/riscv64/INSTALL.riscv64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.0/sparc64/INSTALL.sparc64">
.../OpenBSD/7.0/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
If your machine can boot from CD, you can write <i>install70.iso</i> or
<i>cd70.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install70.iso</i> or
<i>cd70.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install70.img</i> or
<i>miniroot70.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>install70.img</i> or <i>miniroot70.img</i> to a disk and boot from it
after connecting to the serial console. Refer to INSTALL.arm64 for more
details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install70.iso</i> or
<i>cd70.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install70.img</i> or
<i>miniroot70.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot70.img</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot70.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/7.0/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/powerpc64:</h3>
<p>
To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.
<h3>OpenBSD/riscv64:</h3>
<p>
To install, write <i>install70.img</i> or <i>miniroot70.img</i> to a
USB stick, and boot with that drive plugged in.
Make sure you also have the microSD card plugged in that shipped with the
HiFive Unmatched board.
Refer to the instructions in INSTALL.riscv64 for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy70.img</i> or <i>floppyB70.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot70.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 6.9 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade70.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_0</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 7.0 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 70.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www