Annotation of www/71.html, Revision 1.1
1.1 ! deraadt 1: <!doctype html>
! 2: <html lang=en id=release>
! 3: <meta charset=utf-8>
! 4:
! 5: <title>OpenBSD 7.1</title>
! 6: <meta name="description" content="OpenBSD 7.1">
! 7: <meta name="viewport" content="width=device-width, initial-scale=1">
! 8: <link rel="stylesheet" type="text/css" href="openbsd.css">
! 9: <link rel="canonical" href="https://www.openbsd.org/71.html">
! 10:
! 11: <h2 id=OpenBSD>
! 12: <a href="index.html">
! 13: <i>Open</i><b>BSD</b></a>
! 14: 7.1
! 15: </h2>
! 16:
! 17: <table>
! 18: <tr>
! 19: <td>
! 20: <a href="images/xxx.png">
! 21: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
! 22: <td>
! 23: Released May ?, 2022. (52st OpenBSD release)<br>
! 24: Copyright 1997-2022, Theo de Raadt.<br>
! 25: <br>
! 26: Artwork by ??? ???..
! 27: <br>
! 28: <ul>
! 29: <li>See the information on <a href="ftp.html">the FTP page</a> for
! 30: a list of mirror machines.
! 31: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
! 32: one of the mirror sites.
! 33: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
! 34: of bugs and workarounds.
! 35: <li>See a <a href="plus71.html">detailed log of changes</a> between the
! 36: 7.0 and 7.1 releases.
! 37: <p>
! 38: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
! 39: pubkeys for this release:<p>
! 40:
! 41: <table class=signify>
! 42: <tr><td>
! 43: openbsd-71-base.pub:
! 44: <td>
! 45: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
! 46: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
! 47: <tr><td>
! 48: openbsd-71-fw.pub:
! 49: <td>
! 50: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
! 51: <tr><td>
! 52: openbsd-71-pkg.pub:
! 53: <td>
! 54: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
! 55: <tr><td>
! 56: openbsd-71-syspatch.pub:
! 57: <td>
! 58: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
! 59: </table>
! 60: </ul>
! 61: <p>
! 62: All applicable copyrights and credits are in the src.tar.gz,
! 63: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
! 64: files fetched via <code>ports.tar.gz</code>.
! 65: </table>
! 66:
! 67: <hr>
! 68:
! 69: <section id=new>
! 70: <h3>What's New</h3>
! 71: <p>
! 72: This is a partial list of new features and systems included in OpenBSD 7.1.
! 73: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
! 74: to 7.1.
! 75:
! 76: <ul>
! 77:
! 78: <!-- replace all of this
! 79:
! 80: <li>New/extended platforms:
! 81: <ul>
! 82: <li>Added new <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V systems.
! 83: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
! 84: <ul>
! 85: <li>Support for Apple Silicon Macs has improved but is not ready for general use yet:
! 86: <ul>
! 87: <li>Added support for installing on a disk with a GPT.
! 88: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
! 89: <li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
! 90: <li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
! 91: <li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a>, a driver for the Apple GPIO controller found on the M1 SoCs.
! 92: <li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
! 93: <li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
! 94: </ul>
! 95: <li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
! 96: <li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
! 97: <li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
! 98: </ul>
! 99: <li>Changes on other architectures:
! 100: <ul>
! 101: <li>Switched <a href="macppc.html">macppc</a> to use <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a>.
! 102: <li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
! 103: <li>Made <a href="amd64.html">amd64</a> hw.setperf percentages proportional to the enhanced
! 104: speed step frequencies on Intel processors. The default hw.setperf=99
! 105: corresponds to the maximum ordinary speed, and setting it to 100
! 106: enables turbo mode.
! 107: <li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
! 108: <li>Disabled base-gcc on amd64.
! 109: <li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
! 110: <li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
! 111: <li>Forced <a href="luna88k.html">luna88k</a> to use the serial console when no graphics board is found.
! 112: <li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
! 113: <li>Fixed strchr() and strrchr() on <a href="mips64.html">mips64</a>.
! 114: <li>Prevented watchdog resets on some i.MX 64-bit machines with a
! 115: recent U-Boot and watchdog enabled on boot in <a
! 116: href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
! 117: <li>Created audio devices on <a href="armv7.html">armv7</a>.
! 118: <li>Retired OpenBSD/<a href="sgi.html">sgi</a> platform.
! 119: <li>Enabled MSI-X support for <a href="powerpc64.html">powerpc64</a>.
! 120: <li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
! 121: <li>Increased the maximum data size on powerpc64 to 32GB.
! 122: <li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB on amd64.
! 123: <li>Added <a href="https://man.openbsd.org/cduart.4">cduart(4)</a> driver for Cadence Universal Asynchronous Receiver/Transmitter on armv7.
! 124: <li>Added <a href="https://man.openbsd.org/armv7/zqclock.4">zqclock(4)</a> driver for Xilinx Zynq-7000 clock controller on armv7.
! 125: <li>Added <a href="https://man.openbsd.org/armv7/zqreset.4">zqreset(4)</a> driver for Xilinx Zynq-7000 reset controller on armv7.
! 126: </ul>
! 127: </ul>
! 128:
! 129: <li>Various kernel improvements:
! 130: <ul>
! 131: <li>Unlocked the top part of the VM fault handler on i386.
! 132: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64.
! 133: <li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
! 134: <li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
! 135: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
! 136: display of time spent in userland when analyzing the kernel stack in
! 137: the flame graph tool and fixed a parsing bug.
! 138: <li>Introduced /etc/<a
! 139: href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>,
! 140: which can be used to configure the kernel using <a
! 141: href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of
! 142: KARL while making changes to the GENERIC kernel.
! 143: <li>Identify TPM 2.0 devices and perform the 2.0-specific
! 144: suspend command, allowing the ThinkPad X1 Carbon Gen 9 and
! 145: ThinkPad X1 Nano with the latest BIOS (which added S3) to resume.
! 146: <li>Changed the printing of the hibernate image size from bytes to megabytes.
! 147: <li>Increased hibernate writeout speed.
! 148: <li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
! 149: <li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
! 150: <li>Delayed installation of sensors until a device with battery
! 151: support is connected, allowing <a
! 152: href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up
! 153: hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>
! 154: devices.
! 155: <li>Prevented a kernel panic after VFS shutdown.
! 156: <li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
! 157: <li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
! 158: <li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
! 159: <li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a>
! 160: errno handling to match what Mesa expects and prevent failure to
! 161: properly report timeouts.
! 162: <li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
! 163: <li>Increased the default buffer space on PF_UNIX sockets to 8k and
! 164: made the values tuneable via <a
! 165: href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
! 166: <li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
! 167: timer re-addition reset an existing timer to use the new timeout
! 168: period.
! 169: <li>In the build system, pass make flags to kernel and lib builds,
! 170: making hacking on ramdisks/the installer much faster.
! 171: </ul>
! 172:
! 173: <li>SMP Improvements
! 174: <ul>
! 175: <li>Made pmap_extract() mpsafe on hppa and amd64.
! 176: <li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code
! 177: to prevent waiting on non-running CPUs.
! 178: <li>Made anonymous object reference counting independent from the KERNEL_LOCK().
! 179: <li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
! 180: <li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
! 181: <li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
! 182: <li>Used so_lock to protect key management (PF_KEY) sockets.
! 183: <li>Used so_lock to protect routing (PF_ROUTE) sockets.
! 184: <li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
! 185: <li>Unlocked the top part of the fault handler.
! 186: </ul>
! 187:
! 188: <li>Direct Rendering Manager
! 189: <ul>
! 190: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
! 191: to Linux 5.10.65
! 192: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
! 193: better support for Tiger Lake
! 194: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
! 195: support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
! 196: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
! 197: support for Cezanne "Green Sardine" Ryzen 5000 APU
! 198: </ul>
! 199:
! 200: <li>VMM/VMD improvements
! 201: <ul>
! 202: <li>Added a theoretical limit of 512 to the number of allocated vcpus
! 203: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
! 204: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
! 205: <li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
! 206: <li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large DHCP packets on local interfaces.
! 207: <li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
! 208: <li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
! 209: <li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
! 210: <li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
! 211: <li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
! 212: client "wait" state corruption in <a
! 213: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is
! 214: canceled and restarted, allowing multiple waiting clients.
! 215: <li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
! 216: <li>Unlocked the kernel in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> ioctl handlers and introduced vcpu locks
! 217: </ul>
! 218:
! 219: <li>Various new userland features:
! 220: <ul>
! 221:
! 222: <li>Imported <a
! 223: href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from
! 224: NetBSD. timeout(1) can be used to run commands with a time limit.
! 225: <li>Added include and exclude options to <a
! 226: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
! 227: <li>Implemented reporting of supplemental groups in <a
! 228: href="https://man.openbsd.org/ps.1">ps(1)</a>.
! 229: <li>Added indication of whether an <a
! 230: href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable
! 231: for a startup file.
! 232: <li>Added "dired-jump" command to <a
! 233: href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer
! 234: containing the current buffer's directory location.
! 235: </ul>
! 236:
! 237: <li>Various bugfixes and tweaks in userland:
! 238: <ul>
! 239: <li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to
! 240: retry up to 3 times on password authentication failure.
! 241: <li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal
! 242: handler functions async-signal-safe.
! 243: <li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to
! 244: consider two files sharing the same inode identical.
! 245: <li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
! 246: login when ~/.Xauthority does not exist.
! 247: <li>Disabled building all of the non-unicode fonts in Xenocara
! 248: except for ISO8859-1.
! 249: <li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a>
! 250: to use stderr for printer error and informational messages. This
! 251: allows easier parsing of what passwd(1) is doing if spawned from a
! 252: GUI.
! 253: <li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a>
! 254: per-device values when <a
! 255: href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time
! 256: mode ('b'), not normalizing based on the sleep interval.
! 257: <li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
! 258: <li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard
! 259: the current input line when Ctrl-C is used during line editing and
! 260: provide a fresh prompt rather than exiting the program.
! 261: <li>Let <a href="https://man.openbsd.org/el_gets.3">el_gets(3)</a>
! 262: honour the first Ctrl-C typed by the user rather than
! 263: ignoring it.
! 264: <li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F
! 265: null string behavior to ensure -F '' behaves consistently with -v
! 266: FS="".
! 267: <li>Avoided a potential buffer overflow in backslash escaping in <a
! 268: href="https://man.openbsd.org/awk.1">awk(1)</a>.
! 269: <li>Disallowed the use of an empty list between "while" and "do" in
! 270: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
! 271: <li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
! 272: maximization and full-screen mode toggling to keep the cursor within
! 273: the window, preventing focus loss.
! 274: <li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly
! 275: attempt an early mount of /var/log in case someone has created
! 276: it as a separate filesystem to avoid /var overflow issues.
! 277: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 278: to retain essential partitions on various platforms.
! 279: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 280: for disks with 4K sectors.
! 281: <li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT
! 282: initialization code, making -g independent of -i, leaving four
! 283: mutually exclusive initialization options (-i, -g, -u and -A) with the
! 284: last option specified executed (allowing the existing -i -g to work as
! 285: intended).
! 286: <li>Relaxed criteria for recognizing GPT formatted media, allowing
! 287: GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical
! 288: media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
! 289: <li>Added the ability for <a
! 290: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize
! 291: "BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL" GPT partitions.
! 292: <li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 293: -b and -l are treated as 512-byte block counts.
! 294: <li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 295: -A option to initialize a GPT without removing special boot
! 296: partitions.
! 297: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 298: -b option available to architectures other than amd64 and i386 and extended the
! 299: syntax to allow specification of the boot partition type and offset.
! 300: <li>Adjusted density for partitions on a 4k disk in <a
! 301: href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and
! 302: density are not passed on the command line to ensure sufficient inodes
! 303: to hold a src tree on a 2G fs.
! 304: <li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
! 305: <li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a>
! 306: autoalloc code.
! 307: <li>Corrected various min/max cluster numbers for FAT12/16/32 in <a
! 308: href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
! 309: <li>Added libexecinfo, a library providing backtrace functions.
! 310: <li>Updated C library support for character classification
! 311: to Unicode 13.0.
! 312: <li>Let <a href="https://man.openbsd.org/wcwidth.3">wcwidth(3)</a>
! 313: treat all characters in Unicode private use areas
! 314: as single-width, even those in planes 15 and 16.
! 315: <li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
! 316: <li>Corrected the output of
! 317: <a href="https://man.openbsd.org/date.1">date(1)</a> -f %s
! 318: which was wrongly affected by the local timezone.
! 319: <li>Turn printing additional information into toggles for <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
! 320: </ul>
! 321:
! 322: <li>Improved hardware support and driver bugfixes, including:
! 323: <ul>
! 324: <li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
! 325: <li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo ThinkPads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
! 326: <li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
! 327: <li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
! 328: <li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
! 329: <li>Added
! 330: <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>,
! 331: a driver for USB HID Consumer Control keyboards.
! 332: Often used to expose volume, audio and application launch keys.
! 333: Volume keys are handled by the kernel and all other keys are
! 334: propagated to X11 and the console through
! 335: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>.
! 336: <li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
! 337: <li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
! 338: <li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
! 339: <li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
! 340: <li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
! 341: <li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
! 342: <li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
! 343: <li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
! 344: <li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
! 345: <li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
! 346: <li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
! 347: <li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
! 348: <li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
! 349: <li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
! 350: <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
! 351: <li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
! 352: <li>Added quirk to enable ThinkPad X1 Extreme 1 speakers and Dolby Atmos in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
! 353: <li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
! 354: <li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
! 355: </ul>
! 356:
! 357: <li>New or improved network hardware support:
! 358: <ul>
! 359: <li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
! 360: <li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB Ethernet devices.
! 361: <li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe Ethernet adapters.
! 362: <li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board Ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a>, fixing <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
! 363: <li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
! 364: <li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
! 365: <li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
! 366: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
! 367: <li>Fixed <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> with a single queue in MSI-X mode.
! 368: </ul>
! 369:
! 370: <li>Added or improved wireless network drivers:
! 371: <ul>
! 372: <li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which is done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
! 373: <li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
! 374: <li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
! 375: <li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
! 376: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
! 377: <li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
! 378: <li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
! 379: <li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
! 380: <li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
! 381: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
! 382: <li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
! 383: <li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
! 384: <li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
! 385: <li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
! 386: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
! 387: <li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
! 388: <li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
! 389: <li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
! 390: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
! 391: <li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
! 392: <li>Worked around a problem between certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware running in HostAP mode and clients that use Tx aggregation.
! 393: <li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
! 394: <li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
! 395: <li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
! 396: <li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
! 397: <li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
! 398: </ul>
! 399:
! 400: <li>IEEE 802.11 wireless stack improvements and bugfixes:
! 401: <ul>
! 402: <li>Drop fragmented 802.11 frames.
! 403: <li>Prevent frame injection via forged 802.11n A-MSDUs.
! 404: <li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
! 405: </ul>
! 406:
! 407: <li>Generic network stack improvements and bugfixes:
! 408: <ul>
! 409: <li>Implemented reception of "VLAN 0 priority tagged" packets.
! 410: <li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
! 411: <li>Display provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
! 412: </ul>
! 413:
! 414: <li>Installer and upgrade improvements:
! 415: <ul>
! 416: <li>Checked the installer's /tmp/i/hostname.* files for a configured
! 417: IP address so that configurations without a broadcast address are
! 418: detected as well.
! 419: <li>Handled "inet autoconf" in the ramdisk.
! 420: <li>Introduced a short wait in <a
! 421: href="https://man.openbsd.org/rc.8">rc(8)</a> after <a
! 422: href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes
! 423: until an IPv4 or IPv6 default route is present before continuing boot.
! 424: Fixed setups depending on working network and DNS resolution during
! 425: early boot when using autoconfiguration (<a
! 426: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a
! 427: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
! 428: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
! 429: always create an EFI SYS partition if the -b option is specified when
! 430: initializing a GPT.
! 431: <li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a
! 432: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple
! 433: APFS ISC partition is detected and fdisk -ig otherwise. Created EFI
! 434: SYS boot partitions only on ROOTDISK GPT disks.
! 435: <li>Added <a
! 436: href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p"
! 437: to prepare by creating a new filesystem on the partition reserved for
! 438: the bootloader on relevant architectures.
! 439: <li>Added GPT support to <a href="armv7.html">armv7</a> <a
! 440: href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
! 441: <li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and
! 442: RAMDISK kernels.
! 443: <li>Use <a
! 444: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
! 445: arm64 ramdisks.
! 446: <li>Enable <a
! 447: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> on
! 448: ramdisks, and activate <a
! 449: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, replacing <a
! 450: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
! 451: <li>Enable <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
! 452: to configure nameservers on ramdisks.
! 453: </ul>
! 454:
! 455: <li>Security improvements:
! 456: <ul>
! 457: <li>Moved objcopy to base set to allow KARL to work on all installs.
! 458: <li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
! 459: calls to xterm in the case where there are no exec-formatted or
! 460: exec-selected resources set.
! 461: <li>Changed usage of %n from a syslog warning to syslog and abort for
! 462: <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and
! 463: associated variants).
! 464: <li>Made kernel stop all threads when terminating via pledge_fail().
! 465: </ul>
! 466:
! 467: <li>Routing daemons and other userland network improvements:
! 468: <ul>
! 469: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
! 470: daemon saw the following changes:
! 471: <ul>
! 472: <li>Stop processing queued UPDATES when the max-prefix limit was reached.
! 473: <li>Improved negotiation for route refresh, graceful restart and
! 474: multi-protocol capabilities
! 475: <li>Correctly track 'rde evaluate all' and 'export' settings during reload.
! 476: <li>Properly withdraw prefixes when 'rde evaluate all' is used.
! 477: <li>Fixed MRT handling on initial startup for message dump types.
! 478: <li>Fixed and use non-blocking connect for RTR sessions.
! 479: <li>Fully implemented RFC 6286 by checking for BGP ID collisions.
! 480: <li>Adjusted the 4-byte AS number handling to RFC 6793 by changing error
! 481: behaviour from prefix withdraw to attribute discard.
! 482: <li>In <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print out both the sent "Neighbor capabilities" and the
! 483: "Negotiated capabilities" for a session.
! 484: <li>Print timestamps both as a formatted and a pure time in seconds
! 485: field in various JSON objects.
! 486: <li>Fixed a bug, where during <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> config reloads prefixes of the
! 487: wrong address family could leak to peers resulting in session resets.
! 488: <li>Added support for RFC 7313 - Enhanced Route Refresh.
! 489: Disabled by default. To enable, use 'announce enhanced refresh yes'.
! 490: <li>Improved output of Adj-RIB-Out by updating nexthop and ASPATH before
! 491: adding the prefix to the RIB. This improves `bgpctl show rib out`
! 492: output.
! 493: <li>Added command line option to both <a
! 494: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a
! 495: href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> to show the
! 496: version.
! 497: <li>Added support for RFC 9072 - Extended Optional Parameters Length for
! 498: BGP OPEN Message
! 499: <li>Added support for RFC 8050 - MRT Format with BGP Additional Path Extensions
! 500: <li>Implemented receive side of RFC 7911 - Advertisement of Multiple Paths
! 501: in BGP. OpenBGPD is currently not able to send multiple paths out.
! 502: <li>Improved checks of VRPs loaded via RTR or from the roa-set table.
! 503: <li>Allowed optionally specifying an expiry time for roa-set entries to
! 504: mitigate BGP route decision making based on outdated RPKI data.
! 505: OpenBGPD's companion rpki-client(8) produces roa-sets with the
! 506: new 'expires' property
! 507: </ul>
! 508:
! 509: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
! 510: <ul>
! 511: <li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
! 512: <li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
! 513: <li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
! 514: <li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
! 515: <li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
! 516: <li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
! 517: </ul>
! 518:
! 519: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
! 520: <ul>
! 521: <li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
! 522: <li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
! 523: <li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
! 524: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
! 525: <li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
! 526: <li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
! 527: <li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
! 528: <li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
! 529: </ul>
! 530:
! 531: <li><a
! 532: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
! 533: received the following new features and bugfixes:
! 534: <ul>
! 535: <li>Added keep-alive support to the HTTP client code for RRDP.
! 536: <li>Reference-count and delete unused files synced via RRDP, as far as
! 537: possible.
! 538: <li>In the JSON output, changed the AS Number from a string ("AS123") to
! 539: an integer ("123") to make processing of the output easier.
! 540: <li>Added an 'expires' column to CSV & JSON output, based on certificate
! 541: and CRL validity times. The 'expires' value can be used to avoid route
! 542: selection based on stale data when generating VRP sets, when faced
! 543: with loss of communication between consumer and validator, or
! 544: validator and CA repository.
! 545: <li>Made the runtime timeout (-s option) also trigger in
! 546: child processes.
! 547: <li>Improved RRDP support and make RRDP the default protocol for
! 548: synchronizing the RPKI repository data, with <a
! 549: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> used as secondary.
! 550: <li>At startup, warn if the filesystem containing the cache directory
! 551: is probably too small.
! 552: <li>Handle running out of disk space more gracefully, including cleanup
! 553: of temporary and old files before exiting.
! 554: <li>Improved the HTTP/1.1 request headers being sent.
! 555: <li>Improved validation checks for ROA and MFT objects.
! 556: <li>Improved the HTTP client code (status code handling, http proxy
! 557: support, keep-alive).
! 558: <li>In RRDP, do not access URI with userinfo (@-sign)
! 559: <li>Improved RRDP syncing by considering a notification file serial
! 560: jumping backwards as synced repository.
! 561: <li>Made -R (rsync only) also apply to the fetching of TA files.
! 562: <li>Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others.
! 563: <li>When producing output for <a
! 564: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, make use of the
! 565: 'roa-set expires' attribute to prevent machines from loading outdated
! 566: roa-sets.
! 567: <li>In RRDP, limited the number of deltas to 300 per repo. If more deltas
! 568: exist, downloading a full snapshot is faster.
! 569: <li>Limited the validation depth of X.509 certificate chains to 12, double
! 570: the current depth seen in RPKI.
! 571: </ul>
! 572:
! 573: <li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved:
! 574: <ul>
! 575: <li>Probe packets are now sent in quick succession and responses handled asynchronously.</li>
! 576: <li>DNS lookups are performed asynchronously.
! 577: This speeds up the time required to display results considerably.
! 578: </ul>
! 579:
! 580: <li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made
! 581: the default program for configuring IPv4 addresses via DHCP. <a
! 582: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated
! 583: to handle concurrent changes to <a
! 584: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by
! 585: both dhcpleased(8) and <a
! 586: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br>
! 587: Additionally these programs saw the following improvements and bugfixes:
! 588: <ul>
! 589: <li>Changed <a
! 590: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client
! 591: identifier transmission to match other DHCP client implementations.
! 592: <li>Simplified <a
! 593: href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and
! 594: added syntax to match <a
! 595: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface),
! 596: allowing one to be aliased to the other.
! 597: <li>Retried broadcast with <a
! 598: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
! 599: DHCP server is unreachable via unicast UDP.
! 600: <li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
! 601: accept DNS proposals for the loopback addresses.
! 602: <li>Added to <a
! 603: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>
! 604: the ability to ignore routes or nameservers from a lease and to ignore
! 605: servers entirely.
! 606: <li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
! 607: defer to <a
! 608: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
! 609: inet autoconf flag is set. When run, dhclient will signal dhcpleased
! 610: to request a new lease rather than requesting one itself.
! 611: <li>Fixed potential races in <a
! 612: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
! 613: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two
! 614: processes are configuring the same IP.
! 615: <li>Added the possibility to send vendor class identifier and client
! 616: identifier using <a
! 617: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
! 618: <li>Made <a
! 619: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always
! 620: configure provided routes, regardless of whether the address received
! 621: in the lease is already configured.
! 622: <li>Used exclusive locks under /dev/ to ensure single instances of <a
! 623: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a
! 624: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
! 625: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
! 626: <li>Implemented classless static routes DHCP option in <a
! 627: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
! 628: <li>Added a new "nameserver" command to <a
! 629: href="https://man.openbsd.org/route.8">route(8)</a>, sending
! 630: nameserver proposals to <a
! 631: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the DNS
! 632: proposal protocol over the route socket. This command is intended be
! 633: used to integrate userland triggered nameserver changes, for example
! 634: by VPN software.
! 635: </ul>
! 636:
! 637: <li>Changes to snmp related tools:
! 638: <ul>
! 639: <li>Disable SNMPv1 and SNMPv2c by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
! 640: <li>Remove default communities from <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
! 641: <li>Switched default seclevel to enc for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
! 642: <li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
! 643: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth to hmac-sha1.
! 644: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> privacy protocol to AES.
! 645: <li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
! 646: <li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
! 647: <li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
! 648: </ul>
! 649:
! 650: <li>Other userland network changes:
! 651: <ul>
! 652: <li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
! 653: <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
! 654: <li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
! 655: <li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
! 656: <li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
! 657: <li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
! 658: <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
! 659: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
! 660: <li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
! 661: </ul>
! 662: </ul>
! 663:
! 664: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
! 665: <ul>
! 666: <li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
! 667: <li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
! 668: <li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
! 669: <li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
! 670: <li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
! 671: <li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
! 672: <li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
! 673: <li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
! 674: <li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
! 675: </ul>
! 676:
! 677: <li>OpenSMTPD 7.0.0
! 678: <ul>
! 679: <li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
! 680: <li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
! 681: <li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
! 682: </ul>
! 683:
! 684: <li>LibreSSL 3.4.1
! 685: <ul>
! 686: <li>New Features
! 687: <ul>
! 688: <li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li>
! 689: <li>Enabled the new X.509 validator to allow verification of modern certificate chains.
! 690: </ul>
! 691:
! 692: <li>Portable Improvements
! 693: <ul>
! 694: <li>Ported continuous integration and test infrastructure to Github actions.</li>
! 695: <li>Added Universal Windows Platform (UWP) build support.</li>
! 696: <li>Fixed mingw-w64 builds on newer versions with missing SSP support.</li>
! 697: <li>Added non-executable stack annotations for CMake builds.</li>
! 698: </ul>
! 699:
! 700: <li>API and Documentation Enhancements
! 701: <ul>
! 702: <li>Added the following APIs from OpenSSL
! 703: <ul>
! 704: <li>BN_bn2binpad</li>
! 705: <li>BN_bn2lebinpad</li>
! 706: <li>BN_lebin2bn</li>
! 707: <li>EC_GROUP_get_curve</li>
! 708: <li>EC_GROUP_order_bits</li>
! 709: <li>EC_GROUP_set_curve</li>
! 710: <li>EC_POINT_get_affine_coordinates</li>
! 711: <li>EC_POINT_set_affine_coordinates</li>
! 712: <li>EC_POINT_set_compressed_coordinates</li>
! 713: <li>EVP_DigestSign</li>
! 714: <li>EVP_DigestVerify</li>
! 715: <li>SSL_CIPHER_find</li>
! 716: <li>SSL_CTX_get0_privatekey</li>
! 717: <li>SSL_CTX_get_max_early_data</li>
! 718: <li>SSL_CTX_get_ssl_method</li>
! 719: <li>SSL_CTX_set_ciphersuites</li>
! 720: <li>SSL_CTX_set_max_early_data</li>
! 721: <li>SSL_CTX_set_post_handshake_auth</li>
! 722: <li>SSL_SESSION_get0_cipher</li>
! 723: <li>SSL_SESSION_get_max_early_data</li>
! 724: <li>SSL_SESSION_is_resumable</li>
! 725: <li>SSL_SESSION_set_max_early_data</li>
! 726: <li>SSL_get_early_data_status</li>
! 727: <li>SSL_get_max_early_data</li>
! 728: <li>SSL_read_early_data</li>
! 729: <li>SSL_set0_rbio</li>
! 730: <li>SSL_set_ciphersuites</li>
! 731: <li>SSL_set_max_early_data</li>
! 732: <li>SSL_set_post_handshake_auth</li>
! 733: <li>SSL_set_psk_use_session_callback</li>
! 734: <li>SSL_verify_client_post_handshake</li>
! 735: <li>SSL_write_early_data</li>
! 736: </ul>
! 737: <li>Added AES-GCM constants from RFC 7714 for SRTP.</li>
! 738: </ul>
! 739:
! 740: <li>Compatibility Changes
! 741: <ul>
! 742: <li>Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.</li>
! 743: <li>Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay.</li>
! 744: <li>Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.</li>
! 745: <li>Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.</li>
! 746: </ul>
! 747:
! 748: <li>Testing and Proactive Security
! 749: <ul>
! 750: <li>Added additional state machine test coverage.</li>
! 751: <li>Improved integration test support with ruby/openssl tests.</li>
! 752: <li>Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests.</li>
! 753: </ul>
! 754:
! 755: <li>Internal Improvements
! 756: <ul>
! 757: <li>Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes
! 758: and callback support compatible with the legacy OpenSSL validator.
! 759: </ul>
! 760: </ul>
! 761:
! 762: <li>OpenSSH 8.8
! 763: <ul>
! 764: <li>Security
! 765: <ul>
! 766: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: OpenSSH
! 767: 8.5 introduced the LogVerbose keyword. When this option was
! 768: enabled with a set of patterns that activated logging in code
! 769: that runs in the low-privilege sandboxed sshd process, the log
! 770: messages were constructed in such a way that printf(3) format
! 771: strings could effectively be specified the low-privilege code.
! 772: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a> from
! 773: OpenSSH 6.2 through 8.7 failed to correctly initialise
! 774: supplemental groups when executing an AuthorizedKeysCommand or
! 775: AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser
! 776: or AuthorizedPrincipalsCommandUser directive has been set to
! 777: run the command as a different user.
! 778: </ul>
! 779: <li>Potentially incompatible changes
! 780: <ul>
! 781: <li>A near-future release of OpenSSH will switch <a
! 782: href='https://man.openbsd.org/scp.1'>scp(1)</a> from using
! 783: the legacy scp/rcp protocol to using SFTP by default.
! 784: <li>This release disables RSA signatures using the SHA-1 hash
! 785: algorithm by default.
! 786: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: this
! 787: release changes the behaviour of remote to remote copies
! 788: (e.g. "scp host-a:/path host-b:") to transfer through the
! 789: local host by default. This was previously available via the
! 790: -3 flag. This mode avoids the need to expose credentials on
! 791: the origin hop, avoids triplicate interpretation of filenames
! 792: by the shell (by the local system, the copy origin and the
! 793: destination) and, in conjunction with the SFTP support for
! 794: <a href='https://man.openbsd.org/scp.1'>scp(1)</a> mentioned
! 795: below, allows use of all authentication methods to the remote
! 796: hosts (previously, only non-interactive methods could be
! 797: used). A -R flag has been added to select the old behaviour.
! 798: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/<a
! 799: href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: both the
! 800: client and server are now using a stricter configuration file
! 801: parser. The new parser uses more shell-like rules for quotes,
! 802: space and escape characters. It is also more strict in
! 803: rejecting configurations that include options lacking
! 804: arguments. Previously some options (e.g. DenyUsers) could
! 805: appear on a line with no subsequent arguments. This release
! 806: will reject such configurations. The new parser will also
! 807: reject configurations with unterminated quotes and multiple
! 808: '=' characters after the option name.
! 809: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: when using
! 810: SSHFP DNS records for host key verification, <a
! 811: href='https://man.openbsd.org/ssh.1'>ssh(1)</a> will verify
! 812: all matching records instead of just those with the specific
! 813: signature type requested. This may cause host key verification
! 814: problems if stale SSHFP records of a different or legacy
! 815: signature type exist alongside other records for a particular
! 816: host.
! 817: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 818: when generating a FIDO key and specifying an explicit
! 819: attestation challenge (using -Ochallenge), the challenge will
! 820: now be hashed by the builtin security key middleware. This
! 821: removes the (undocumented) requirement that challenges be
! 822: exactly 32 bytes in length and matches the expectations of
! 823: libfido2.
! 824: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
! 825: environment="..." directives in authorized_keys files are now
! 826: first-match-wins and limited to 1024 discrete environment
! 827: variable names.
! 828: </ul>
! 829:
! 830: <li>New features
! 831: <ul>
! 832: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>:
! 833: experimental support for transfers using the SFTP protocol as
! 834: a replacement for the venerable SCP/RCP protocol that it has
! 835: traditionally used. SFTP offers more predictable filename
! 836: handling and does not require expansion of glob(3) patterns
! 837: via the shell on the remote side.
! 838: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
! 839: add a protocol extension to support expansion of ~/ and ~user/
! 840: prefixed paths. This was added to support these paths when
! 841: used by <a href='https://man.openbsd.org/scp.1'>scp(1)</a>
! 842: while in SFTP mode.
! 843: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 844: ForkAfterAuthentication
! 845: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 846: counterpart to the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> -f flag.
! 847: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 848: StdinNull directive to
! 849: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 850: that allows the config file to do the same thing as -n does on
! 851: the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
! 852: command- line.
! 853: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 854: SessionType directive to ssh_config, allowing the
! 855: configuration file to offer equivalent control to the -N (no
! 856: session) and -s (subsystem) command-line flags.
! 857: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 858: allowed signers files used by
! 859: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
! 860: signatures now support listing key validity intervals
! 861: alongside the keys, and
! 862: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
! 863: can optionally check during signature verification whether a
! 864: specified time falls inside this interval. This feature is
! 865: intended for use by git to support signing and verifying
! 866: objects using ssh keys.
! 867: <li><a href='https://man.openbsd.org/ssh-keygen.8'>ssh-keygen(8)</a>:
! 868: support printing of the full public key in a sshsig signature
! 869: via a -Oprint-pubkey flag.
! 870: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow the
! 871: <a
! 872: href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
! 873: CanonicalizePermittedCNAMEs directive to accept a "none"
! 874: argument to specify the default behaviour.
! 875: </ul>
! 876:
! 877: <li>Bugfixes
! 878: <ul>
! 879: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 880: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: start
! 881: time-based re-keying exactly on schedule in the client and
! 882: server mainloops. Previously the re-key timeout could expire
! 883: but re-keying would not start until a packet was sent or
! 884: received, causing a spin in select() if the connection was
! 885: quiescent.
! 886: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 887: avoid Y2038 problem in printing certificate validity
! 888: lifetimes. Dates past 2^31-1 seconds since epoch were
! 889: displayed incorrectly on some platforms.
! 890: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: allow
! 891: spaces to appear in usernames for local to remote and scp -3
! 892: remote to remote copies.
! 893: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 894: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: remove
! 895: references to ChallengeResponseAuthentication in favour of
! 896: KbdInteractiveAuthentication. The former is what was in SSHv1,
! 897: the latter is what is in SSHv2 (<a href='https://tools.ietf.org/html/rfc4256'>RFC4256</a>)
! 898: and they were treated as somewhat but not entirely equivalent. We
! 899: retain the old name as a deprecated alias so configuration
! 900: files continue to work as well as a reference in the man page
! 901: for people looking for it.
! 902: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 903: <a href='https://man.openbsd.org/ssh-add.1'>ssh-add(1)</a>/
! 904: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 905: fix decoding of X.509 subject name when extracting a key from
! 906: a PKCS#11 certificate.
! 907: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: restore
! 908: blocking status on stdio fds before close.
! 909: <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> needs file
! 910: descriptors in non-blocking mode to operate but it was not
! 911: restoring the original state on exit. This could cause
! 912: problems with fds shared with other programs via the shell.
! 913: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
! 914: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: switch both
! 915: client and server mainloops from select(3) to
! 916: pselect(3). Avoids race conditions where a signal may arrive
! 917: immediately before select(3) and not be processed until an
! 918: event fires.
! 919: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: sessions
! 920: started with ControlPersist were incorrectly executing a shell
! 921: when the -N (no shell) option was specified.
! 922: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: check if
! 923: IPQoS or TunnelDevice are already set before
! 924: overriding. Prevents values in config files from overriding
! 925: values supplied on the command line.
! 926: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix debug
! 927: message when finding a private key to match a certificate
! 928: being attempted for user authentication. Previously it would
! 929: print the certificate's path, whereas it was supposed to be
! 930: showing the private key's path.
! 931: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: match
! 932: host certificates against host public keys, not private
! 933: keys. Allows use of certificates with private keys held in a
! 934: ssh-agent.
! 935: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
! 936: workaround for a bug in OpenSSH 7.4 <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>,
! 937: which allows RSA/SHA2 signatures for public key authentication but
! 938: fails to advertise this correctly via SSH2_MSG_EXT_INFO. This
! 939: causes clients of these server to incorrectly match
! 940: PubkeyAcceptedAlgorithms and potentially refuse to offer
! 941: valid keys.
! 942: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>/
! 943: <a href='https://man.openbsd.org/scp.1'>scp(1)</a>: degrade
! 944: gracefully if a sftp-server offers the limits@openssh.com
! 945: extension but fails when the client tries to invoke it.
! 946: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow
! 947: ssh_config SetEnv to override $TERM, which is otherwise
! 948: handled specially by the protocol. Useful in ~/.ssh/config to
! 949: set TERM to something generic (e.g. "xterm" instead of
! 950: "xterm-256color") for destinations that lack terminfo entries.
! 951: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
! 952: the limits@openssh.com extension was incorrectly marked as an
! 953: operation that writes to the filesystem, which made it
! 954: unavailable in sftp-server read-only mode.
! 955: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix SEGV
! 956: in UpdateHostkeys debug() message, triggered when the update
! 957: removed more host keys than remained present.
! 958: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: when using
! 959: the SFTP protocol, continue transferring files after a
! 960: transfer error occurs, better matching original scp/rcp
! 961: behaviour.
! 962: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fixed a
! 963: number of memory leaks in multiplexing,
! 964: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
! 965: avoid crash when using the -Y find-principals command.
! 966: <li>A number of documentation and manual improvements.
! 967: </ul>
! 968: </ul>
! 969:
! 970: <li>mandoc 1.14.6
! 971: <ul>
! 972: <li>Added a style message about overlong text input lines.
! 973: <li>Made "-W style" check .Xr links along the full manpath
! 974: to help validation of non-base manual pages.
! 975: <li>Supported auto-tagging for ".It Va" in
! 976: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> documents.
! 977: <li>Stopped printing two extra blank lines at the top and bottom of
! 978: <a href="https://man.openbsd.org/man.7">man(7)</a> documents.
! 979: <li>Supported the CB and CI fonts in
! 980: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
! 981: \f font escapes and .ft font requests.
! 982: <li>Added support for two-character font names (BI, CW, CR, CB, CI)
! 983: to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
! 984: layout font modifier.
! 985: <li>Implemented the
! 986: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
! 987: layout modifiers "b" (bold) and "i" (italic)
! 988: in HTML output mode.
! 989: <li>Completed support for the "nospaces" option in the
! 990: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser.
! 991: <li>Fixed an infinite loop in the
! 992: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser
! 993: for some cases of horizontally overlapping horizontal spans.
! 994: <li>Added a meta viewport element to "-T html" output.
! 995: <li>Fixed a crash with "-T man" when an input file contains
! 996: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or
! 997: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input.
! 998: <li>Fixed a crash in <a
! 999: href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>
! 1000: when a manpath directory contains a symbolic link
! 1001: that points to a directory.
! 1002: </ul>
! 1003:
! 1004: replace all above
! 1005: -->
! 1006:
! 1007: <li>Ports and packages:
! 1008: <p>Many pre-built packages for each architecture:
! 1009: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
! 1010: <ul style="column-count: 3">
! 1011: <li>aarch64: XXXX
! 1012: <li>amd64: XXXX
! 1013: <li>arm: XXXX
! 1014: <li>i386: XXXX
! 1015: <li>mips64: XXXX
! 1016: <li>mips64el: XXXX
! 1017: <li>powerpc: XXXX
! 1018: <li>powerpc64: XXXX
! 1019: <li>riscv64: XXXX
! 1020: <li>sparc64: XXXX
! 1021: </ul>
! 1022:
! 1023: <!-- update these
! 1024: <p>Some highlights:
! 1025: <ul style="column-count: 3">
! 1026: <li>Asterisk 18.6.0
! 1027: <li>Audacity 2.4.2
! 1028: <li>CMake 3.20.3
! 1029: <li>Chromium 93.0.4577.82
! 1030: <li>Emacs 27.2
! 1031: <li>FFmpeg 4.4
! 1032: <li>GCC 8.4.0 and 11.2.0
! 1033: <li>GHC 8.10.6
! 1034: <li>GNOME 40.4
! 1035: <li>Go 1.17
! 1036: <li>JDK 8u302, 11.0.12 and 16.0.2
! 1037: <li>KDE Applications 21.08.1
! 1038: <li>KDE Frameworks 5.85.0
! 1039: <li>Krita 4.4.8
! 1040: <li>LLVM/Clang 11.1.0
! 1041: <li>LibreOffice 7.2.1.2
! 1042: <li>Lua 5.1.5, 5.2.4 and 5.3.6
! 1043: <li>MariaDB 10.6.4
! 1044: <li>Mono 6.12.0.122
! 1045: <li>Mozilla Firefox 92.0 and ESR 91.1.0
! 1046: <li>Mozilla Thunderbird 91.1.1
! 1047: <li>Mutt 2.1.3 and NeoMutt 20210205
! 1048: <li>Node.js 12.22.6
! 1049: <li>OCaml 4.10.0
! 1050: <li>OpenLDAP 2.4.59
! 1051: <li>PHP 7.3.30, 7.4.23 and 8.0.10
! 1052: <li>Postfix 3.5.12
! 1053: <li>PostgreSQL 13.4
! 1054: <li>Python 2.7.18, 3.8.12 and 3.9.7
! 1055: <li>Qt 5.15.2 and 6.0.4
! 1056: <li>R 4.1.1
! 1057: <li>Ruby 2.6.8, 2.7.4 and 3.0.2
! 1058: <li>Rust 1.55.0
! 1059: <li>SQLite 3.35.5
! 1060: <li>Shotcut 21.01.29
! 1061: <li>Sudo 1.9.7p2
! 1062: <li>Suricata 6.0.2
! 1063: <li>Tcl/Tk 8.5.19 and 8.6.8
! 1064: <li>TeX Live 2020
! 1065: <li>Vim 8.2.3394 and Neovim 0.5.0
! 1066: <li>Xfce 4.16
! 1067: </ul>
! 1068: <p>
! 1069:
! 1070: <li>As usual, steady improvements in manual pages and other documentation.
! 1071:
! 1072: <li>The system includes the following major components from outside suppliers:
! 1073: <ul>
! 1074: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
! 1075: freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
! 1076: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
! 1077: <li>LLVM/Clang 11.1.0 (+ patches)
! 1078: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
! 1079: <li>Perl 5.32.1 (+ patches)
! 1080: <li>NSD 4.3.7
! 1081: <li>Unbound 1.13.2
! 1082: <li>Ncurses 5.7
! 1083: <li>Binutils 2.17 (+ patches)
! 1084: <li>Gdb 6.3 (+ patches)
! 1085: <li>Awk December 18, 2020 version
! 1086: <li>Expat 2.4.1
! 1087: </ul>
! 1088:
! 1089: end uf updates-->
! 1090:
! 1091: </ul>
! 1092: </section>
! 1093:
! 1094: <hr>
! 1095:
! 1096: <section id=install>
! 1097: <h3>How to install</h3>
! 1098: <p>
! 1099: Please refer to the following files on the mirror site for
! 1100: extensive details on how to install OpenBSD 7.1 on your machine:
! 1101:
! 1102: <ul>
! 1103: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
! 1104: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
! 1105: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
! 1106: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
! 1107: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
! 1108: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
! 1109: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
! 1110: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
! 1111: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
! 1112: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
! 1113: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
! 1114: .../OpenBSD/7.1/i386/INSTALL.i386</a>
! 1115: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
! 1116: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
! 1117: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/loongson/INSTALL.loongson">
! 1118: .../OpenBSD/7.1/loongson/INSTALL.loongson</a>
! 1119: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
! 1120: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
! 1121: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
! 1122: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
! 1123: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
! 1124: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
! 1125: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
! 1126: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
! 1127: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
! 1128: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
! 1129: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
! 1130: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
! 1131: </ul>
! 1132: </section>
! 1133:
! 1134: <hr>
! 1135:
! 1136: <section id=quickinstall>
! 1137: <p>
! 1138: Quick installer information for people familiar with OpenBSD, and the use of
! 1139: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
! 1140: If you are at all confused when installing OpenBSD, read the relevant
! 1141: INSTALL.* file as listed above!
! 1142:
! 1143: <h3>OpenBSD/alpha:</h3>
! 1144:
! 1145: <p>
! 1146: If your machine can boot from CD, you can write <i>install71.iso</i> or
! 1147: <i>cd71.iso</i> to a CD and boot from it.
! 1148: Refer to INSTALL.alpha for more details.
! 1149:
! 1150: <h3>OpenBSD/amd64:</h3>
! 1151:
! 1152: <p>
! 1153: If your machine can boot from CD, you can write <i>install71.iso</i> or
! 1154: <i>cd71.iso</i> to a CD and boot from it.
! 1155: You may need to adjust your BIOS options first.
! 1156:
! 1157: <p>
! 1158: If your machine can boot from USB, you can write <i>install71.img</i> or
! 1159: <i>miniroot71.img</i> to a USB stick and boot from it.
! 1160:
! 1161: <p>
! 1162: If you can't boot from a CD, floppy disk, or USB,
! 1163: you can install across the network using PXE as described in the included
! 1164: INSTALL.amd64 document.
! 1165:
! 1166: <p>
! 1167: If you are planning to dual boot OpenBSD with another OS, you will need to
! 1168: read INSTALL.amd64.
! 1169:
! 1170: <h3>OpenBSD/arm64:</h3>
! 1171:
! 1172: <p>
! 1173: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
! 1174: after connecting to the serial console. Refer to INSTALL.arm64 for more
! 1175: details.
! 1176:
! 1177: <h3>OpenBSD/armv7:</h3>
! 1178:
! 1179: <p>
! 1180: Write a system specific miniroot to an SD card and boot from it after connecting
! 1181: to the serial console. Refer to INSTALL.armv7 for more details.
! 1182:
! 1183: <h3>OpenBSD/hppa:</h3>
! 1184:
! 1185: <p>
! 1186: Boot over the network by following the instructions in INSTALL.hppa or the
! 1187: <a href="hppa.html#install">hppa platform page</a>.
! 1188:
! 1189: <h3>OpenBSD/i386:</h3>
! 1190:
! 1191: <p>
! 1192: If your machine can boot from CD, you can write <i>install71.iso</i> or
! 1193: <i>cd71.iso</i> to a CD and boot from it.
! 1194: You may need to adjust your BIOS options first.
! 1195:
! 1196: <p>
! 1197: If your machine can boot from USB, you can write <i>install71.img</i> or
! 1198: <i>miniroot71.img</i> to a USB stick and boot from it.
! 1199:
! 1200: <p>
! 1201: If you can't boot from a CD, floppy disk, or USB,
! 1202: you can install across the network using PXE as described in
! 1203: the included INSTALL.i386 document.
! 1204:
! 1205: <p>
! 1206: If you are planning on dual booting OpenBSD with another OS, you will need to
! 1207: read INSTALL.i386.
! 1208:
! 1209: <h3>OpenBSD/landisk:</h3>
! 1210:
! 1211: <p>
! 1212: Write <i>miniroot71.img</i> to the start of the CF
! 1213: or disk, and boot normally.
! 1214:
! 1215: <h3>OpenBSD/loongson:</h3>
! 1216:
! 1217: <p>
! 1218: Write <i>miniroot71.img</i> to a USB stick and boot bsd.rd from it
! 1219: or boot bsd.rd via tftp.
! 1220: Refer to the instructions in INSTALL.loongson for more details.
! 1221:
! 1222: <h3>OpenBSD/luna88k:</h3>
! 1223:
! 1224: <p>
! 1225: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
! 1226: from the PROM, and then bsd.rd from the bootloader.
! 1227: Refer to the instructions in INSTALL.luna88k for more details.
! 1228:
! 1229: <h3>OpenBSD/macppc:</h3>
! 1230:
! 1231: <p>
! 1232: Burn the image from a mirror site to a CDROM, and power on your machine
! 1233: while holding down the <i>C</i> key until the display turns on and
! 1234: shows <i>OpenBSD/macppc boot</i>.
! 1235:
! 1236: <p>
! 1237: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
! 1238: /7.1/macppc/bsd.rd</i>
! 1239:
! 1240: <h3>OpenBSD/octeon:</h3>
! 1241:
! 1242: <p>
! 1243: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
! 1244: Refer to the instructions in INSTALL.octeon for more details.
! 1245:
! 1246: <h3>OpenBSD/powerpc64:</h3>
! 1247:
! 1248: <p>
! 1249: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
! 1250: USB stick, plug it into the machine and choose the <i>OpenBSD
! 1251: install</i> menu item in Petitboot.
! 1252: Refer to the instructions in INSTALL.powerpc64 for more details.
! 1253:
! 1254: <h3>OpenBSD/riscv64:</h3>
! 1255:
! 1256: <p>
! 1257: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
! 1258: USB stick, and boot with that drive plugged in.
! 1259: Make sure you also have the microSD card plugged in that shipped with the
! 1260: HiFive Unmatched board.
! 1261: Refer to the instructions in INSTALL.riscv64 for more details.
! 1262:
! 1263: <h3>OpenBSD/sparc64:</h3>
! 1264:
! 1265: <p>
! 1266: Burn the image from a mirror site to a CDROM, boot from it, and type
! 1267: <i>boot cdrom</i>.
! 1268:
! 1269: <p>
! 1270: If this doesn't work, or if you don't have a CDROM drive, you can write
! 1271: <i>floppy71.img</i> or <i>floppyB71.img</i>
! 1272: (depending on your machine) to a floppy and boot it with <i>boot
! 1273: floppy</i>. Refer to INSTALL.sparc64 for details.
! 1274:
! 1275: <p>
! 1276: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! 1277: will most likely fail.
! 1278:
! 1279: <p>
! 1280: You can also write <i>miniroot71.img</i> to the swap partition on
! 1281: the disk and boot with <i>boot disk:b</i>.
! 1282:
! 1283: <p>
! 1284: If nothing works, you can boot over the network as described in INSTALL.sparc64.
! 1285: </section>
! 1286:
! 1287: <hr>
! 1288:
! 1289: <section id=upgrade>
! 1290: <h3>How to upgrade</h3>
! 1291: <p>
! 1292: If you already have an OpenBSD 7.1 system, and do not want to reinstall,
! 1293: upgrade instructions and advice can be found in the
! 1294: <a href="faq/upgrade71.html">Upgrade Guide</a>.
! 1295: </section>
! 1296:
! 1297: <hr>
! 1298:
! 1299: <section id=sourcecode>
! 1300: <h3>Notes about the source code</h3>
! 1301: <p>
! 1302: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
! 1303: This file contains everything you need except for the kernel sources,
! 1304: which are in a separate archive.
! 1305: To extract:
! 1306: <blockquote><pre>
! 1307: # <kbd>mkdir -p /usr/src</kbd>
! 1308: # <kbd>cd /usr/src</kbd>
! 1309: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
! 1310: </pre></blockquote>
! 1311: <p>
! 1312: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
! 1313: This file contains all the kernel sources you need to rebuild kernels.
! 1314: To extract:
! 1315: <blockquote><pre>
! 1316: # <kbd>mkdir -p /usr/src/sys</kbd>
! 1317: # <kbd>cd /usr/src</kbd>
! 1318: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
! 1319: </pre></blockquote>
! 1320: <p>
! 1321: Both of these trees are a regular CVS checkout. Using these trees it
! 1322: is possible to get a head-start on using the anoncvs servers as
! 1323: described <a href="anoncvs.html">here</a>.
! 1324: Using these files
! 1325: results in a much faster initial CVS update than you could expect from
! 1326: a fresh checkout of the full OpenBSD source tree.
! 1327: </section>
! 1328:
! 1329: <hr>
! 1330:
! 1331: <section id=ports>
! 1332: <h3>Ports Tree</h3>
! 1333: <p>
! 1334: A ports tree archive is also provided. To extract:
! 1335: <blockquote><pre>
! 1336: # <kbd>cd /usr</kbd>
! 1337: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
! 1338: </pre></blockquote>
! 1339: <p>
! 1340: Go read the <a href="faq/ports/index.html">ports</a> page
! 1341: if you know nothing about ports
! 1342: at this point. This text is not a manual of how to use ports.
! 1343: Rather, it is a set of notes meant to kickstart the user on the
! 1344: OpenBSD ports system.
! 1345: <p>
! 1346: The <i>ports/</i> directory represents a CVS checkout of our ports.
! 1347: As with our complete source tree, our ports tree is available via
! 1348: <a href="anoncvs.html">AnonCVS</a>.
! 1349: So, in order to keep up to date with the -stable branch, you must make
! 1350: the <i>ports/</i> tree available on a read-write medium and update the tree
! 1351: with a command like:
! 1352: <blockquote><pre>
! 1353: # <kbd>cd /usr/ports</kbd>
! 1354: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
! 1355: </pre></blockquote>
! 1356: <p>
! 1357: [Of course, you must replace the server name here with a nearby anoncvs
! 1358: server.]
! 1359: <p>
! 1360: Note that most ports are available as packages on our mirrors. Updated
! 1361: ports for the 7.1 release will be made available if problems arise.
! 1362: <p>
! 1363: If you're interested in seeing a port added, would like to help out, or just
! 1364: would like to know more, the mailing list
! 1365: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
! 1366: </section>