version 1.3, 2022/04/04 15:12:45 |
version 1.4, 2022/04/06 20:24:19 |
|
|
|
|
<ul> |
<ul> |
|
|
<!-- replace all of this |
|
|
|
<li>New/extended platforms: |
<li>New/extended platforms: |
<ul> |
<ul> |
<li>Added new <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V systems. |
|
<li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes: |
<li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes: |
<ul> |
<ul> |
<li>Support for Apple Silicon Macs has improved but is not ready for general use yet: |
<li>Support for Apple Silicon Macs has improved and is ready for general use: |
<ul> |
<ul> |
<li>Added support for installing on a disk with a GPT. |
<li>... |
<li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller. |
|
<li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC. |
|
<li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices. |
|
<li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a>, a driver for the Apple GPIO controller found on the M1 SoCs. |
|
<li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems. |
|
<li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller. |
|
</ul> |
</ul> |
<li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+. |
<li>... |
<li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399. |
|
<li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>. |
|
</ul> |
</ul> |
<li>Changes on other architectures: |
<li>Changes on other architectures: |
<ul> |
<ul> |
<li>Switched <a href="macppc.html">macppc</a> to use <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a>. |
<li>... |
<li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc. |
|
<li>Made <a href="amd64.html">amd64</a> hw.setperf percentages proportional to the enhanced |
|
speed step frequencies on Intel processors. The default hw.setperf=99 |
|
corresponds to the maximum ordinary speed, and setting it to 100 |
|
enables turbo mode. |
|
<li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64. |
|
<li>Disabled base-gcc on amd64. |
|
<li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used. |
|
<li>Prevented a kernel panic in sparc64 due to page boundary misalignment. |
|
<li>Forced <a href="luna88k.html">luna88k</a> to use the serial console when no graphics board is found. |
|
<li>Made additional free inodes on luna88k bsd.rd by specifying density=4096. |
|
<li>Fixed strchr() and strrchr() on <a href="mips64.html">mips64</a>. |
|
<li>Prevented watchdog resets on some i.MX 64-bit machines with a |
|
recent U-Boot and watchdog enabled on boot in <a |
|
href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>. |
|
<li>Created audio devices on <a href="armv7.html">armv7</a>. |
|
<li>Retired OpenBSD/<a href="sgi.html">sgi</a> platform. |
|
<li>Enabled MSI-X support for <a href="powerpc64.html">powerpc64</a>. |
|
<li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc. |
|
<li>Increased the maximum data size on powerpc64 to 32GB. |
|
<li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB on amd64. |
|
<li>Added <a href="https://man.openbsd.org/cduart.4">cduart(4)</a> driver for Cadence Universal Asynchronous Receiver/Transmitter on armv7. |
|
<li>Added <a href="https://man.openbsd.org/armv7/zqclock.4">zqclock(4)</a> driver for Xilinx Zynq-7000 clock controller on armv7. |
|
<li>Added <a href="https://man.openbsd.org/armv7/zqreset.4">zqreset(4)</a> driver for Xilinx Zynq-7000 reset controller on armv7. |
|
</ul> |
</ul> |
</ul> |
</ul> |
|
|
<li>Various kernel improvements: |
<li>Various kernel improvements: |
<ul> |
<ul> |
<li>Unlocked the top part of the VM fault handler on i386. |
<li>... |
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64. |
|
<li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>. |
|
<li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters. |
|
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> |
|
display of time spent in userland when analyzing the kernel stack in |
|
the flame graph tool and fixed a parsing bug. |
|
<li>Introduced /etc/<a |
|
href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>, |
|
which can be used to configure the kernel using <a |
|
href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of |
|
KARL while making changes to the GENERIC kernel. |
|
<li>Identify TPM 2.0 devices and perform the 2.0-specific |
|
suspend command, allowing the ThinkPad X1 Carbon Gen 9 and |
|
ThinkPad X1 Nano with the latest BIOS (which added S3) to resume. |
|
<li>Changed the printing of the hibernate image size from bytes to megabytes. |
|
<li>Increased hibernate writeout speed. |
|
<li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64. |
|
<li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs. |
|
<li>Delayed installation of sensors until a device with battery |
|
support is connected, allowing <a |
|
href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up |
|
hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> |
|
devices. |
|
<li>Prevented a kernel panic after VFS shutdown. |
|
<li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds. |
|
<li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex. |
|
<li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool. |
|
<li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a> |
|
errno handling to match what Mesa expects and prevent failure to |
|
properly report timeouts. |
|
<li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>. |
|
<li>Increased the default buffer space on PF_UNIX sockets to 8k and |
|
made the values tuneable via <a |
|
href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>. |
|
<li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> |
|
timer re-addition reset an existing timer to use the new timeout |
|
period. |
|
<li>In the build system, pass make flags to kernel and lib builds, |
|
making hacking on ramdisks/the installer much faster. |
|
</ul> |
</ul> |
|
|
<li>SMP Improvements |
<li>SMP Improvements |
<ul> |
<ul> |
<li>Made pmap_extract() mpsafe on hppa and amd64. |
<li>... |
<li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code |
|
to prevent waiting on non-running CPUs. |
|
<li>Made anonymous object reference counting independent from the KERNEL_LOCK(). |
|
<li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>. |
|
<li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>. |
|
<li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers. |
|
<li>Used so_lock to protect key management (PF_KEY) sockets. |
|
<li>Used so_lock to protect routing (PF_ROUTE) sockets. |
|
<li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>. |
|
<li>Unlocked the top part of the fault handler. |
|
</ul> |
</ul> |
|
|
<li>Direct Rendering Manager |
<li>Direct Rendering Manager |
<ul> |
<ul> |
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a> |
<li>... |
to Linux 5.10.65 |
|
<li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>: |
|
better support for Tiger Lake |
|
<li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>: |
|
support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus |
|
<li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>: |
|
support for Cezanne "Green Sardine" Ryzen 5000 APU |
|
</ul> |
</ul> |
|
|
<li>VMM/VMD improvements |
<li>VMM/VMD improvements |
<ul> |
<ul> |
<li>Added a theoretical limit of 512 to the number of allocated vcpus |
<li>... |
in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues. |
|
<li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains. |
|
<li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large DHCP packets on local interfaces. |
|
<li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
|
<li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
|
<li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
|
<li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking. |
|
<li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> |
|
client "wait" state corruption in <a |
|
href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is |
|
canceled and restarted, allowing multiple waiting clients. |
|
<li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> |
|
<li>Unlocked the kernel in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> ioctl handlers and introduced vcpu locks |
|
</ul> |
</ul> |
|
|
<li>Various new userland features: |
<li>Various new userland features: |
<ul> |
<ul> |
|
|
<li>Imported <a |
<li>... |
href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from |
|
NetBSD. timeout(1) can be used to run commands with a time limit. |
|
<li>Added include and exclude options to <a |
|
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>. |
|
<li>Implemented reporting of supplemental groups in <a |
|
href="https://man.openbsd.org/ps.1">ps(1)</a>. |
|
<li>Added indication of whether an <a |
|
href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable |
|
for a startup file. |
|
<li>Added "dired-jump" command to <a |
|
href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer |
|
containing the current buffer's directory location. |
|
</ul> |
</ul> |
|
|
<li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
<ul> |
<ul> |
<li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to |
<li>... |
retry up to 3 times on password authentication failure. |
|
<li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal |
|
handler functions async-signal-safe. |
|
<li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to |
|
consider two files sharing the same inode identical. |
|
<li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> |
|
login when ~/.Xauthority does not exist. |
|
<li>Disabled building all of the non-unicode fonts in Xenocara |
|
except for ISO8859-1. |
|
<li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a> |
|
to use stderr for printer error and informational messages. This |
|
allows easier parsing of what passwd(1) is doing if spawned from a |
|
GUI. |
|
<li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a> |
|
per-device values when <a |
|
href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time |
|
mode ('b'), not normalizing based on the sleep interval. |
|
<li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive. |
|
<li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard |
|
the current input line when Ctrl-C is used during line editing and |
|
provide a fresh prompt rather than exiting the program. |
|
<li>Let <a href="https://man.openbsd.org/el_gets.3">el_gets(3)</a> |
|
honour the first Ctrl-C typed by the user rather than |
|
ignoring it. |
|
<li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F |
|
null string behavior to ensure -F '' behaves consistently with -v |
|
FS="". |
|
<li>Avoided a potential buffer overflow in backslash escaping in <a |
|
href="https://man.openbsd.org/awk.1">awk(1)</a>. |
|
<li>Disallowed the use of an empty list between "while" and "do" in |
|
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a>. |
|
<li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a> |
|
maximization and full-screen mode toggling to keep the cursor within |
|
the window, preventing focus loss. |
|
<li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly |
|
attempt an early mount of /var/log in case someone has created |
|
it as a separate filesystem to avoid /var overflow issues. |
|
<li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
to retain essential partitions on various platforms. |
|
<li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
for disks with 4K sectors. |
|
<li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT |
|
initialization code, making -g independent of -i, leaving four |
|
mutually exclusive initialization options (-i, -g, -u and -A) with the |
|
last option specified executed (allowing the existing -i -g to work as |
|
intended). |
|
<li>Relaxed criteria for recognizing GPT formatted media, allowing |
|
GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical |
|
media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel. |
|
<li>Added the ability for <a |
|
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize |
|
"BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL" GPT partitions. |
|
<li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
-b and -l are treated as 512-byte block counts. |
|
<li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
-A option to initialize a GPT without removing special boot |
|
partitions. |
|
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
-b option available to architectures other than amd64 and i386 and extended the |
|
syntax to allow specification of the boot partition type and offset. |
|
<li>Adjusted density for partitions on a 4k disk in <a |
|
href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and |
|
density are not passed on the command line to ensure sufficient inodes |
|
to hold a src tree on a 2G fs. |
|
<li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64. |
|
<li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a> |
|
autoalloc code. |
|
<li>Corrected various min/max cluster numbers for FAT12/16/32 in <a |
|
href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>. |
|
<li>Added libexecinfo, a library providing backtrace functions. |
|
<li>Updated C library support for character classification |
|
to Unicode 13.0. |
|
<li>Let <a href="https://man.openbsd.org/wcwidth.3">wcwidth(3)</a> |
|
treat all characters in Unicode private use areas |
|
as single-width, even those in planes 15 and 16. |
|
<li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters. |
|
<li>Corrected the output of |
|
<a href="https://man.openbsd.org/date.1">date(1)</a> -f %s |
|
which was wrongly affected by the local timezone. |
|
<li>Turn printing additional information into toggles for <a href="https://man.openbsd.org/systat.1">systat(1)</a>. |
|
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
<ul> |
<ul> |
<li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect. |
<li>... |
<li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo ThinkPads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume. |
|
<li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+. |
|
<li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad. |
|
<li>Added |
|
<a href="https://man.openbsd.org/ucc.4">ucc(4)</a>, |
|
a driver for USB HID Consumer Control keyboards. |
|
Often used to expose volume, audio and application launch keys. |
|
Volume keys are handled by the kernel and all other keys are |
|
propagated to X11 and the console through |
|
<a href="https://man.openbsd.org/wscons.4">wscons(4)</a>. |
|
<li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately. |
|
<li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>. |
|
<li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1. |
|
<li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>. |
|
<li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed. |
|
<li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions. |
|
<li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>. |
|
<li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>. |
|
<li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor. |
|
<li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages. |
|
<li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched. |
|
<li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes. |
|
<li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data. |
|
<li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory. |
|
<li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14. |
|
<li>Added quirk to enable ThinkPad X1 Extreme 1 speakers and Dolby Atmos in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume. |
|
<li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>. |
|
</ul> |
</ul> |
|
|
<li>New or improved network hardware support: |
<li>New or improved network hardware support: |
<ul> |
<ul> |
<li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device. |
<li>... |
<li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB Ethernet devices. |
|
<li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe Ethernet adapters. |
|
<li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board Ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a>, fixing <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+. |
|
<li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM. |
|
<li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>. |
|
<li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>. |
|
<li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices. |
|
<li>Fixed <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> with a single queue in MSI-X mode. |
|
</ul> |
</ul> |
|
|
<li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
<ul> |
<ul> |
<li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which is done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring. |
<li>... |
<li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption. |
|
<li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume. |
|
<li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume. |
|
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi. |
|
<li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>. |
|
<li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default. |
|
<li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association. |
|
<li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive. |
|
<li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities. |
|
<li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware. |
|
<li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association. |
|
<li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend. |
|
<li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices. |
|
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher. |
|
<li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries. |
|
<li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>. |
|
<li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points. |
|
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file. |
|
<li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>. |
|
<li>Worked around a problem between certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware running in HostAP mode and clients that use Tx aggregation. |
|
<li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>. |
|
<li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>. |
|
<li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time. |
|
<li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode. |
|
<li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port. |
|
</ul> |
</ul> |
|
|
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<ul> |
<ul> |
<li>Drop fragmented 802.11 frames. |
<li>... |
<li>Prevent frame injection via forged 802.11n A-MSDUs. |
|
<li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic. |
|
</ul> |
</ul> |
|
|
<li>Generic network stack improvements and bugfixes: |
<li>Generic network stack improvements and bugfixes: |
<ul> |
<ul> |
<li>Implemented reception of "VLAN 0 priority tagged" packets. |
<li>... |
<li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU. |
|
<li>Display provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>. |
|
</ul> |
</ul> |
|
|
<li>Installer and upgrade improvements: |
<li>Installer and upgrade improvements: |
<ul> |
<ul> |
<li>Checked the installer's /tmp/i/hostname.* files for a configured |
<li>... |
IP address so that configurations without a broadcast address are |
|
detected as well. |
|
<li>Handled "inet autoconf" in the ramdisk. |
|
<li>Introduced a short wait in <a |
|
href="https://man.openbsd.org/rc.8">rc(8)</a> after <a |
|
href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes |
|
until an IPv4 or IPv6 default route is present before continuing boot. |
|
Fixed setups depending on working network and DNS resolution during |
|
early boot when using autoconfiguration (<a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a |
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>). |
|
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
|
always create an EFI SYS partition if the -b option is specified when |
|
initializing a GPT. |
|
<li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a |
|
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple |
|
APFS ISC partition is detected and fdisk -ig otherwise. Created EFI |
|
SYS boot partitions only on ROOTDISK GPT disks. |
|
<li>Added <a |
|
href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p" |
|
to prepare by creating a new filesystem on the partition reserved for |
|
the bootloader on relevant architectures. |
|
<li>Added GPT support to <a href="armv7.html">armv7</a> <a |
|
href="https://man.openbsd.org/installboot.8">installboot(8)</a>. |
|
<li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and |
|
RAMDISK kernels. |
|
<li>Use <a |
|
href="https://man.openbsd.org/installboot.8">installboot(8)</a> on |
|
arm64 ramdisks. |
|
<li>Enable <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> on |
|
ramdisks, and activate <a |
|
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, replacing <a |
|
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>. |
|
<li>Enable <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> |
|
to configure nameservers on ramdisks. |
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>Moved objcopy to base set to allow KARL to work on all installs. |
<li>... |
<li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> |
|
calls to xterm in the case where there are no exec-formatted or |
|
exec-selected resources set. |
|
<li>Changed usage of %n from a syslog warning to syslog and abort for |
|
<a href="https://man.openbsd.org/printf.3">printf(3)</a> (and |
|
associated variants). |
|
<li>Made kernel stop all threads when terminating via pledge_fail(). |
|
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> |
<li>... |
daemon saw the following changes: |
|
<ul> |
|
<li>Stop processing queued UPDATES when the max-prefix limit was reached. |
|
<li>Improved negotiation for route refresh, graceful restart and |
|
multi-protocol capabilities |
|
<li>Correctly track 'rde evaluate all' and 'export' settings during reload. |
|
<li>Properly withdraw prefixes when 'rde evaluate all' is used. |
|
<li>Fixed MRT handling on initial startup for message dump types. |
|
<li>Fixed and use non-blocking connect for RTR sessions. |
|
<li>Fully implemented RFC 6286 by checking for BGP ID collisions. |
|
<li>Adjusted the 4-byte AS number handling to RFC 6793 by changing error |
|
behaviour from prefix withdraw to attribute discard. |
|
<li>In <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print out both the sent "Neighbor capabilities" and the |
|
"Negotiated capabilities" for a session. |
|
<li>Print timestamps both as a formatted and a pure time in seconds |
|
field in various JSON objects. |
|
<li>Fixed a bug, where during <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> config reloads prefixes of the |
|
wrong address family could leak to peers resulting in session resets. |
|
<li>Added support for RFC 7313 - Enhanced Route Refresh. |
|
Disabled by default. To enable, use 'announce enhanced refresh yes'. |
|
<li>Improved output of Adj-RIB-Out by updating nexthop and ASPATH before |
|
adding the prefix to the RIB. This improves `bgpctl show rib out` |
|
output. |
|
<li>Added command line option to both <a |
|
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a |
|
href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> to show the |
|
version. |
|
<li>Added support for RFC 9072 - Extended Optional Parameters Length for |
|
BGP OPEN Message |
|
<li>Added support for RFC 8050 - MRT Format with BGP Additional Path Extensions |
|
<li>Implemented receive side of RFC 7911 - Advertisement of Multiple Paths |
|
in BGP. OpenBGPD is currently not able to send multiple paths out. |
|
<li>Improved checks of VRPs loaded via RTR or from the roa-set table. |
|
<li>Allowed optionally specifying an expiry time for roa-set entries to |
|
mitigate BGP route decision making based on outdated RPKI data. |
|
OpenBGPD's companion rpki-client(8) produces roa-sets with the |
|
new 'expires' property |
|
</ul> |
|
|
|
<li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility: |
|
<ul> |
|
<li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests. |
|
<li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list. |
|
<li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling. |
|
<li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>. |
|
<li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>. |
|
<li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet. |
|
</ul> |
|
|
|
<li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon: |
|
<ul> |
|
<li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>. |
|
<li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>. |
|
<li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups. |
|
<li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool. |
|
<li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured. |
|
<li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519. |
|
<li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput. |
|
<li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>. |
|
</ul> |
|
|
|
<li><a |
|
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> |
|
received the following new features and bugfixes: |
|
<ul> |
|
<li>Added keep-alive support to the HTTP client code for RRDP. |
|
<li>Reference-count and delete unused files synced via RRDP, as far as |
|
possible. |
|
<li>In the JSON output, changed the AS Number from a string ("AS123") to |
|
an integer ("123") to make processing of the output easier. |
|
<li>Added an 'expires' column to CSV & JSON output, based on certificate |
|
and CRL validity times. The 'expires' value can be used to avoid route |
|
selection based on stale data when generating VRP sets, when faced |
|
with loss of communication between consumer and validator, or |
|
validator and CA repository. |
|
<li>Made the runtime timeout (-s option) also trigger in |
|
child processes. |
|
<li>Improved RRDP support and make RRDP the default protocol for |
|
synchronizing the RPKI repository data, with <a |
|
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> used as secondary. |
|
<li>At startup, warn if the filesystem containing the cache directory |
|
is probably too small. |
|
<li>Handle running out of disk space more gracefully, including cleanup |
|
of temporary and old files before exiting. |
|
<li>Improved the HTTP/1.1 request headers being sent. |
|
<li>Improved validation checks for ROA and MFT objects. |
|
<li>Improved the HTTP client code (status code handling, http proxy |
|
support, keep-alive). |
|
<li>In RRDP, do not access URI with userinfo (@-sign) |
|
<li>Improved RRDP syncing by considering a notification file serial |
|
jumping backwards as synced repository. |
|
<li>Made -R (rsync only) also apply to the fetching of TA files. |
|
<li>Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others. |
|
<li>When producing output for <a |
|
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, make use of the |
|
'roa-set expires' attribute to prevent machines from loading outdated |
|
roa-sets. |
|
<li>In RRDP, limited the number of deltas to 300 per repo. If more deltas |
|
exist, downloading a full snapshot is faster. |
|
<li>Limited the validation depth of X.509 certificate chains to 12, double |
|
the current depth seen in RPKI. |
|
</ul> |
|
|
|
<li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved: |
|
<ul> |
|
<li>Probe packets are now sent in quick succession and responses handled asynchronously.</li> |
|
<li>DNS lookups are performed asynchronously. |
|
This speeds up the time required to display results considerably. |
|
</ul> |
|
|
|
<li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made |
|
the default program for configuring IPv4 addresses via DHCP. <a |
|
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated |
|
to handle concurrent changes to <a |
|
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by |
|
both dhcpleased(8) and <a |
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br> |
|
Additionally these programs saw the following improvements and bugfixes: |
|
<ul> |
|
<li>Changed <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client |
|
identifier transmission to match other DHCP client implementations. |
|
<li>Simplified <a |
|
href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and |
|
added syntax to match <a |
|
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface), |
|
allowing one to be aliased to the other. |
|
<li>Retried broadcast with <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the |
|
DHCP server is unreachable via unicast UDP. |
|
<li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> |
|
accept DNS proposals for the loopback addresses. |
|
<li>Added to <a |
|
href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a> |
|
the ability to ignore routes or nameservers from a lease and to ignore |
|
servers entirely. |
|
<li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> |
|
defer to <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the |
|
inet autoconf flag is set. When run, dhclient will signal dhcpleased |
|
to request a new lease rather than requesting one itself. |
|
<li>Fixed potential races in <a |
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two |
|
processes are configuring the same IP. |
|
<li>Added the possibility to send vendor class identifier and client |
|
identifier using <a |
|
href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>. |
|
<li>Made <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always |
|
configure provided routes, regardless of whether the address received |
|
in the lease is already configured. |
|
<li>Used exclusive locks under /dev/ to ensure single instances of <a |
|
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a |
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
|
<li>Implemented classless static routes DHCP option in <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>. |
|
<li>Added a new "nameserver" command to <a |
|
href="https://man.openbsd.org/route.8">route(8)</a>, sending |
|
nameserver proposals to <a |
|
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the DNS |
|
proposal protocol over the route socket. This command is intended be |
|
used to integrate userland triggered nameserver changes, for example |
|
by VPN software. |
|
</ul> |
|
|
|
<li>Changes to snmp related tools: |
|
<ul> |
|
<li>Disable SNMPv1 and SNMPv2c by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
|
<li>Remove default communities from <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
|
<li>Switched default seclevel to enc for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
|
<li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community. |
|
<li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth to hmac-sha1. |
|
<li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> privacy protocol to AES. |
|
<li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps. |
|
<li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>. |
|
<li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>. |
|
</ul> |
|
|
|
<li>Other userland network changes: |
|
<ul> |
|
<li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs. |
|
<li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes. |
|
<li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>. |
|
<li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag. |
|
<li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream. |
|
<li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic. |
|
<li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer. |
|
<li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal. |
|
<li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>. |
|
</ul> |
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<ul> |
<ul> |
<li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane. |
|
<li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands. |
|
<li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
|
<li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
|
<li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
|
<li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu. |
|
<li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts. |
|
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode. |
|
<li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
|
</ul> |
</ul> |
|
|
<li>OpenSMTPD 7.0.0 |
<li>OpenSMTPD version <!--- XXX ---> |
<ul> |
<ul> |
<li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>. |
|
<li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |
|
<li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>. |
|
</ul> |
</ul> |
|
|
<li>LibreSSL 3.4.1 |
<li>LibreSSL version <!--- XXX ---> |
<ul> |
<ul> |
<li>New Features |
<li>New Features |
<ul> |
<ul> |
<li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li> |
<li>... |
<li>Enabled the new X.509 validator to allow verification of modern certificate chains. |
|
</ul> |
</ul> |
|
|
<li>Portable Improvements |
<li>Portable Improvements |
<ul> |
<ul> |
<li>Ported continuous integration and test infrastructure to Github actions.</li> |
<li>... |
<li>Added Universal Windows Platform (UWP) build support.</li> |
|
<li>Fixed mingw-w64 builds on newer versions with missing SSP support.</li> |
|
<li>Added non-executable stack annotations for CMake builds.</li> |
|
</ul> |
</ul> |
|
|
<li>API and Documentation Enhancements |
<li>API and Documentation Enhancements |
<ul> |
<ul> |
<li>Added the following APIs from OpenSSL |
<li>... |
<ul> |
|
<li>BN_bn2binpad</li> |
|
<li>BN_bn2lebinpad</li> |
|
<li>BN_lebin2bn</li> |
|
<li>EC_GROUP_get_curve</li> |
|
<li>EC_GROUP_order_bits</li> |
|
<li>EC_GROUP_set_curve</li> |
|
<li>EC_POINT_get_affine_coordinates</li> |
|
<li>EC_POINT_set_affine_coordinates</li> |
|
<li>EC_POINT_set_compressed_coordinates</li> |
|
<li>EVP_DigestSign</li> |
|
<li>EVP_DigestVerify</li> |
|
<li>SSL_CIPHER_find</li> |
|
<li>SSL_CTX_get0_privatekey</li> |
|
<li>SSL_CTX_get_max_early_data</li> |
|
<li>SSL_CTX_get_ssl_method</li> |
|
<li>SSL_CTX_set_ciphersuites</li> |
|
<li>SSL_CTX_set_max_early_data</li> |
|
<li>SSL_CTX_set_post_handshake_auth</li> |
|
<li>SSL_SESSION_get0_cipher</li> |
|
<li>SSL_SESSION_get_max_early_data</li> |
|
<li>SSL_SESSION_is_resumable</li> |
|
<li>SSL_SESSION_set_max_early_data</li> |
|
<li>SSL_get_early_data_status</li> |
|
<li>SSL_get_max_early_data</li> |
|
<li>SSL_read_early_data</li> |
|
<li>SSL_set0_rbio</li> |
|
<li>SSL_set_ciphersuites</li> |
|
<li>SSL_set_max_early_data</li> |
|
<li>SSL_set_post_handshake_auth</li> |
|
<li>SSL_set_psk_use_session_callback</li> |
|
<li>SSL_verify_client_post_handshake</li> |
|
<li>SSL_write_early_data</li> |
|
</ul> |
|
<li>Added AES-GCM constants from RFC 7714 for SRTP.</li> |
|
</ul> |
</ul> |
|
|
<li>Compatibility Changes |
<li>Compatibility Changes |
<ul> |
<ul> |
<li>Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.</li> |
<li>... |
<li>Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay.</li> |
|
<li>Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.</li> |
|
<li>Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.</li> |
|
</ul> |
</ul> |
|
|
<li>Testing and Proactive Security |
<li>Testing and Proactive Security |
<ul> |
<ul> |
<li>Added additional state machine test coverage.</li> |
<li>... |
<li>Improved integration test support with ruby/openssl tests.</li> |
|
<li>Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests.</li> |
|
</ul> |
</ul> |
|
|
<li>Internal Improvements |
<li>Internal Improvements |
<ul> |
<ul> |
<li>Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes |
<li>... |
and callback support compatible with the legacy OpenSSL validator. |
|
</ul> |
</ul> |
</ul> |
</ul> |
|
|
<li>OpenSSH 8.8 |
<li>OpenSSH version <!--- XXX ---> |
<ul> |
<ul> |
<li>Security |
<li>Security |
<ul> |
<ul> |
<li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: OpenSSH |
<li>... |
8.5 introduced the LogVerbose keyword. When this option was |
|
enabled with a set of patterns that activated logging in code |
|
that runs in the low-privilege sandboxed sshd process, the log |
|
messages were constructed in such a way that printf(3) format |
|
strings could effectively be specified the low-privilege code. |
|
<li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a> from |
|
OpenSSH 6.2 through 8.7 failed to correctly initialise |
|
supplemental groups when executing an AuthorizedKeysCommand or |
|
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser |
|
or AuthorizedPrincipalsCommandUser directive has been set to |
|
run the command as a different user. |
|
</ul> |
</ul> |
<li>Potentially incompatible changes |
<li>Potentially incompatible changes |
<ul> |
<ul> |
<li>A near-future release of OpenSSH will switch <a |
<li>... |
href='https://man.openbsd.org/scp.1'>scp(1)</a> from using |
|
the legacy scp/rcp protocol to using SFTP by default. |
|
<li>This release disables RSA signatures using the SHA-1 hash |
|
algorithm by default. |
|
<li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: this |
|
release changes the behaviour of remote to remote copies |
|
(e.g. "scp host-a:/path host-b:") to transfer through the |
|
local host by default. This was previously available via the |
|
-3 flag. This mode avoids the need to expose credentials on |
|
the origin hop, avoids triplicate interpretation of filenames |
|
by the shell (by the local system, the copy origin and the |
|
destination) and, in conjunction with the SFTP support for |
|
<a href='https://man.openbsd.org/scp.1'>scp(1)</a> mentioned |
|
below, allows use of all authentication methods to the remote |
|
hosts (previously, only non-interactive methods could be |
|
used). A -R flag has been added to select the old behaviour. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/<a |
|
href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: both the |
|
client and server are now using a stricter configuration file |
|
parser. The new parser uses more shell-like rules for quotes, |
|
space and escape characters. It is also more strict in |
|
rejecting configurations that include options lacking |
|
arguments. Previously some options (e.g. DenyUsers) could |
|
appear on a line with no subsequent arguments. This release |
|
will reject such configurations. The new parser will also |
|
reject configurations with unterminated quotes and multiple |
|
'=' characters after the option name. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: when using |
|
SSHFP DNS records for host key verification, <a |
|
href='https://man.openbsd.org/ssh.1'>ssh(1)</a> will verify |
|
all matching records instead of just those with the specific |
|
signature type requested. This may cause host key verification |
|
problems if stale SSHFP records of a different or legacy |
|
signature type exist alongside other records for a particular |
|
host. |
|
<li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>: |
|
when generating a FIDO key and specifying an explicit |
|
attestation challenge (using -Ochallenge), the challenge will |
|
now be hashed by the builtin security key middleware. This |
|
removes the (undocumented) requirement that challenges be |
|
exactly 32 bytes in length and matches the expectations of |
|
libfido2. |
|
<li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: |
|
environment="..." directives in authorized_keys files are now |
|
first-match-wins and limited to 1024 discrete environment |
|
variable names. |
|
</ul> |
</ul> |
|
|
<li>New features |
<li>New features |
<ul> |
<ul> |
<li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: |
<li>... |
experimental support for transfers using the SFTP protocol as |
|
a replacement for the venerable SCP/RCP protocol that it has |
|
traditionally used. SFTP offers more predictable filename |
|
handling and does not require expansion of glob(3) patterns |
|
via the shell on the remote side. |
|
<li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>: |
|
add a protocol extension to support expansion of ~/ and ~user/ |
|
prefixed paths. This was added to support these paths when |
|
used by <a href='https://man.openbsd.org/scp.1'>scp(1)</a> |
|
while in SFTP mode. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a |
|
ForkAfterAuthentication |
|
<a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> |
|
counterpart to the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> -f flag. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a |
|
StdinNull directive to |
|
<a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> |
|
that allows the config file to do the same thing as -n does on |
|
the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> |
|
command- line. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a |
|
SessionType directive to ssh_config, allowing the |
|
configuration file to offer equivalent control to the -N (no |
|
session) and -s (subsystem) command-line flags. |
|
<li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>: |
|
allowed signers files used by |
|
<a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a> |
|
signatures now support listing key validity intervals |
|
alongside the keys, and |
|
<a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a> |
|
can optionally check during signature verification whether a |
|
specified time falls inside this interval. This feature is |
|
intended for use by git to support signing and verifying |
|
objects using ssh keys. |
|
<li><a href='https://man.openbsd.org/ssh-keygen.8'>ssh-keygen(8)</a>: |
|
support printing of the full public key in a sshsig signature |
|
via a -Oprint-pubkey flag. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow the |
|
<a |
|
href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> |
|
CanonicalizePermittedCNAMEs directive to accept a "none" |
|
argument to specify the default behaviour. |
|
</ul> |
</ul> |
|
|
<li>Bugfixes |
<li>Bugfixes |
<ul> |
<ul> |
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/ |
<li>... |
<a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: start |
|
time-based re-keying exactly on schedule in the client and |
|
server mainloops. Previously the re-key timeout could expire |
|
but re-keying would not start until a packet was sent or |
|
received, causing a spin in select() if the connection was |
|
quiescent. |
|
<li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>: |
|
avoid Y2038 problem in printing certificate validity |
|
lifetimes. Dates past 2^31-1 seconds since epoch were |
|
displayed incorrectly on some platforms. |
|
<li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: allow |
|
spaces to appear in usernames for local to remote and scp -3 |
|
remote to remote copies. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/ |
|
<a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: remove |
|
references to ChallengeResponseAuthentication in favour of |
|
KbdInteractiveAuthentication. The former is what was in SSHv1, |
|
the latter is what is in SSHv2 (<a href='https://tools.ietf.org/html/rfc4256'>RFC4256</a>) |
|
and they were treated as somewhat but not entirely equivalent. We |
|
retain the old name as a deprecated alias so configuration |
|
files continue to work as well as a reference in the man page |
|
for people looking for it. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/ |
|
<a href='https://man.openbsd.org/ssh-add.1'>ssh-add(1)</a>/ |
|
<a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>: |
|
fix decoding of X.509 subject name when extracting a key from |
|
a PKCS#11 certificate. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: restore |
|
blocking status on stdio fds before close. |
|
<a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> needs file |
|
descriptors in non-blocking mode to operate but it was not |
|
restoring the original state on exit. This could cause |
|
problems with fds shared with other programs via the shell. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/ |
|
<a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: switch both |
|
client and server mainloops from select(3) to |
|
pselect(3). Avoids race conditions where a signal may arrive |
|
immediately before select(3) and not be processed until an |
|
event fires. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: sessions |
|
started with ControlPersist were incorrectly executing a shell |
|
when the -N (no shell) option was specified. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: check if |
|
IPQoS or TunnelDevice are already set before |
|
overriding. Prevents values in config files from overriding |
|
values supplied on the command line. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix debug |
|
message when finding a private key to match a certificate |
|
being attempted for user authentication. Previously it would |
|
print the certificate's path, whereas it was supposed to be |
|
showing the private key's path. |
|
<li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: match |
|
host certificates against host public keys, not private |
|
keys. Allows use of certificates with private keys held in a |
|
ssh-agent. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a |
|
workaround for a bug in OpenSSH 7.4 <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>, |
|
which allows RSA/SHA2 signatures for public key authentication but |
|
fails to advertise this correctly via SSH2_MSG_EXT_INFO. This |
|
causes clients of these server to incorrectly match |
|
PubkeyAcceptedAlgorithms and potentially refuse to offer |
|
valid keys. |
|
<li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>/ |
|
<a href='https://man.openbsd.org/scp.1'>scp(1)</a>: degrade |
|
gracefully if a sftp-server offers the limits@openssh.com |
|
extension but fails when the client tries to invoke it. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow |
|
ssh_config SetEnv to override $TERM, which is otherwise |
|
handled specially by the protocol. Useful in ~/.ssh/config to |
|
set TERM to something generic (e.g. "xterm" instead of |
|
"xterm-256color") for destinations that lack terminfo entries. |
|
<li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>: |
|
the limits@openssh.com extension was incorrectly marked as an |
|
operation that writes to the filesystem, which made it |
|
unavailable in sftp-server read-only mode. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix SEGV |
|
in UpdateHostkeys debug() message, triggered when the update |
|
removed more host keys than remained present. |
|
<li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: when using |
|
the SFTP protocol, continue transferring files after a |
|
transfer error occurs, better matching original scp/rcp |
|
behaviour. |
|
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fixed a |
|
number of memory leaks in multiplexing, |
|
<li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>: |
|
avoid crash when using the -Y find-principals command. |
|
<li>A number of documentation and manual improvements. |
|
</ul> |
</ul> |
</ul> |
</ul> |
|
|
<li>mandoc 1.14.6 |
<li>mandoc version <!--- XXX ---> |
<ul> |
<ul> |
<li>Added a style message about overlong text input lines. |
<li>... |
<li>Made "-W style" check .Xr links along the full manpath |
|
to help validation of non-base manual pages. |
|
<li>Supported auto-tagging for ".It Va" in |
|
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> documents. |
|
<li>Stopped printing two extra blank lines at the top and bottom of |
|
<a href="https://man.openbsd.org/man.7">man(7)</a> documents. |
|
<li>Supported the CB and CI fonts in |
|
<a href="https://man.openbsd.org/roff.7">roff(7)</a> |
|
\f font escapes and .ft font requests. |
|
<li>Added support for two-character font names (BI, CW, CR, CB, CI) |
|
to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> |
|
layout font modifier. |
|
<li>Implemented the |
|
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> |
|
layout modifiers "b" (bold) and "i" (italic) |
|
in HTML output mode. |
|
<li>Completed support for the "nospaces" option in the |
|
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser. |
|
<li>Fixed an infinite loop in the |
|
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser |
|
for some cases of horizontally overlapping horizontal spans. |
|
<li>Added a meta viewport element to "-T html" output. |
|
<li>Fixed a crash with "-T man" when an input file contains |
|
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or |
|
<a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input. |
|
<li>Fixed a crash in <a |
|
href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> |
|
when a manpath directory contains a symbolic link |
|
that points to a directory. |
|
</ul> |
</ul> |
|
|
replace all above |
|
--> |
|
|
|
<li>Ports and packages: |
<li>Ports and packages: |
<p>Many pre-built packages for each architecture: |
<p>Many pre-built packages for each architecture: |
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt --> |
|
|
<li>sparc64: XXXX |
<li>sparc64: XXXX |
</ul> |
</ul> |
|
|
<!-- update these |
<!-- XXX update these |
<p>Some highlights: |
<p>Some highlights: |
<ul style="column-count: 3"> |
<ul style="column-count: 3"> |
<li>Asterisk 18.6.0 |
<li>Asterisk 18.6.0 |
|
|
<li>Expat 2.4.1 |
<li>Expat 2.4.1 |
</ul> |
</ul> |
|
|
end uf updates--> |
XXX end uf updates--> |
|
|
</ul> |
</ul> |
</section> |
</section> |