Annotation of www/71.html, Revision 1.11
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.1</title>
6: <meta name="description" content="OpenBSD 7.1">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/71.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.1
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/xxx.png">
21: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
22: <td>
1.6 tj 23: Released May ?, 2022. (52nd OpenBSD release)<br>
1.1 deraadt 24: Copyright 1997-2022, Theo de Raadt.<br>
25: <br>
1.3 job 26: Artwork by Luc Houweling.
1.1 deraadt 27: <br>
28: <ul>
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus71.html">detailed log of changes</a> between the
36: 7.0 and 7.1 releases.
37: <p>
38: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
39: pubkeys for this release:<p>
40:
41: <table class=signify>
42: <tr><td>
43: openbsd-71-base.pub:
44: <td>
45: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
46: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
47: <tr><td>
48: openbsd-71-fw.pub:
49: <td>
50: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
51: <tr><td>
52: openbsd-71-pkg.pub:
53: <td>
54: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
55: <tr><td>
56: openbsd-71-syspatch.pub:
57: <td>
58: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
59: </table>
60: </ul>
61: <p>
62: All applicable copyrights and credits are in the src.tar.gz,
63: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
64: files fetched via <code>ports.tar.gz</code>.
65: </table>
66:
67: <hr>
68:
69: <section id=new>
70: <h3>What's New</h3>
71: <p>
72: This is a partial list of new features and systems included in OpenBSD 7.1.
73: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
74: to 7.1.
75:
76: <ul>
77:
78: <li>New/extended platforms:
79: <ul>
80: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
81: <ul>
1.4 benno 82: <li>Support for Apple Silicon Macs has improved and is ready for general use:
1.1 deraadt 83: <ul>
1.10 benno 84: <li>Added <a href="https://man.openbsd.org/aplspi.4">aplspi(4)</a>, a driver for the SPI controller found on the Apple M1 SoC.
85: <li>Added <a href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a> support for the keyboard/touchpad on Apple M1 laptops.
1.11 ! benno 86: <li>Introduced <a href="https://man.openbsd.org/aplpmgr.4">aplpmgr(4)</a>, a driver for the power management controller found on various Apple SoCs.
! 87: <li>Introduced <a href="https://man.openbsd.org/aplmbox.4">aplmbox(4)</a>, a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs.
! 88: <li>Introduced <a href="https://man.openbsd.org/apliic.4">apliic(4)</a>, a driver for the I2C controller found on various Apple SoCs.
! 89: <li>Added the chip ids used on Apple M1 Pro/Max and Apple T2 Macs to <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
! 90: <li>Rewrote arm64 kernel FPU handling code to fix the random crashes seen with SMP kernels on Apple M1.
! 91: <li>Restricted the <a href="https://man.openbsd.org/pci.4">pci(4)</a> ioctl interface to devices detected by the kernel, preventing Xorg PCI probes from breaking the WiFi chip on M1 macs.
! 92: <li>Introduced <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>, a driver for the SMC found on Apple M1 SoCs.
! 93: <li>Introduced <a href="https://man.openbsd.org/aplnco.4">aplnco(4)</a>, a driver for the Numerically-controlled oscillator (NCO) clock which drives the audio clocks on Apple silicon.
! 94: <li>Introduced <a href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>, a driver for the TI TAS2770/TAS5770 digital audio amplifier codec found on Apple M1 Macs.
1.10 benno 95:
1.1 deraadt 96: </ul>
1.10 benno 97: <li>Introduced <a
98: href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
99: driver providing support for battery chargers connected to GPIO pins,
100: such as those found on the Pinebook Pro.
101: <li>Introduced <a
102: href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
103: driver providing support for LEDs connected to GPIO pins, such as
104: those found on the Pinebook Pro.
105: <li>Added <a href="https://man.openbsd.org/gpiokeys.4">gpiokeys(4)</a>
106: for arm64, a driver which handles events triggered by GPIO keys such
107: as lid status and power button.
1.11 ! benno 108: <li>Added support for controlling keyboard LEDs to <a
! 109: href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a>.
! 110: <li>Added pclk clock used by <a
! 111: href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> on RK3399 to <a
! 112: href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
! 113: <li>Introduced <a href="https://man.openbsd.org/mpfclock.4">mpfclock(4)</a>, a driver for the PolarFire SoC MSS clock controller.
! 114: <li>Implemented powerdown in arm64.
! 115: <li>Introduced <a href="https://man.openbsd.org/cdsdhc.4">cdsdhc(4)</a>, a driver for the Cadence SD/SDIO/eMMC host controller.
! 116:
1.1 deraadt 117: </ul>
118: <li>Changes on other architectures:
119: <ul>
1.7 benno 120: <li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
1.11 ! benno 121: <li>Enabled <a href="https://man.openbsd.org/uhid.4">uhid(4)</a>/<a href="https://man.openbsd.org/fido.4">fido(4)</a> on riscv64.
! 122: <li>Fixed booting from an IDE block device on the Sun Blade 100.
! 123: <li>Fixed <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> console colors on sparc64.
! 124: <li>Added missing locking to <a href="https://man.openbsd.org/pmap_extract.9">pmap_extract(9)</a> and <a href="https://man.openbsd.org/pmap_unwire.9">pmap_unwire(9)</a> on arm64 and riscv64.
! 125: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on macppc.
! 126: <li>Increased <a href="https://man.openbsd.org/ddb.1">ddb(1)</a> access to registers on macppc and powerpc64.
1.1 deraadt 127: </ul>
128: </ul>
129:
130: <li>Various kernel improvements:
131: <ul>
1.7 benno 132: <li>Fixed memory leak in <a
133: href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
134: href="https://man.openbsd.org/namei.9">namei(9)</a>.
135: <li>Made redistributable firmwares available across all architectures.
136: <li>Fixed establishing legacy INTx interrupts on machines without a (usable) MSI interrupt controller.
137: <li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
138: href="https://man.openbsd.org/open.2">open(2)</a>/<a
139: href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
140: creating files.
1.10 benno 141: <li>Changed the power management <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
142: hw.perfpolicy to "auto" at startup, defaulting to 100%
143: performance with AC power connected and using the auto algorithm when
144: on battery.
1.11 ! benno 145: <li>Switched to using long filenames by default with <a
! 146: href="https://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a> on FAT
! 147: filesystems.
! 148: <li>Fixed <a href="https://man.openbsd.org/hilkbd.4">hilkbd(4)</a> Swedish keyboard layout on non-PS/2 style keyboards.
! 149: <li>Made futexes work in shared anonymous memory.
! 150: <li>Aligned memory allocation for USB device drivers and USB HC drivers, enlarging the USB memory pool.
! 151: <li>Reworked garbage collector for <a href="https://man.openbsd.org/unix.4">unix(4)</a> sockets to prevent potential kernel panics.
! 152: <li>Fixed hibernate setups where removal of a <a
! 153: href="https://man.openbsd.org/umass.4">umass(4)</a> device results in
! 154: a renumbered <a
! 155: href="https://man.openbsd.org/softraid.4">softraid(4)</a> boot device.
! 156: <li>Fix hibernate on newer hardware by allowing more memory ranges.
! 157:
1.1 deraadt 158: </ul>
159:
160: <li>SMP Improvements
161: <ul>
1.7 benno 162: <li>Made pipe event filters MP-safe.
163: <li>Set klist lock for sockets to make socket event filters MP-safe.
164: <li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
165: <a href="https://man.openbsd.org/select.2">select(2)</a>, <a
166: href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
167: href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
168: kqueue.
169: <li>Unlocked top part of UVM fault hander on mips64. <!--- XXX move? --->
1.10 benno 170: <li>Unlocked the <a href="https://man.openbsd.org/kevent.2">kevent(2)</a> system call.
171: <li>Made the kqread event filter MP-safe.
172: <li>Reduced the time overhead of <a
173: href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>-based <a
174: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
175: href="https://man.openbsd.org/select.2">select(2)</a> systems calls by
176: keeping knotes between the system calls.
1.11 ! benno 177: <li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a>
! 178: and <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>
! 179: syscalls.
! 180: <li>Prevented <a
! 181: href="https://man.openbsd.org/select.2">select(2)</a> from blocking if
! 182: registering found pending events.
! 183: <li>Protected <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>
! 184: input and output with the kernel lock to allow forwarding of non-ipsec
! 185: traffic in parallel.
! 186: <li>Unlocked the bottom part of the uvm fault handler.
! 187: <li>Unlocked <a href="https://man.openbsd.org/getpeername.2">getpeername(2)</a>.
! 188: <li>Made <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> MP-safe.
1.7 benno 189:
1.1 deraadt 190: </ul>
191:
192: <li>Direct Rendering Manager
193: <ul>
1.5 jsg 194: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
195: to Linux 5.15.26
196: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
197: support for Elkhart Lake, Jasper Lake, Rocket Lake
198: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
199: support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
200: Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
201: Navi 24 "Beige Goby"
1.1 deraadt 202: </ul>
203:
204: <li>VMM/VMD improvements
205: <ul>
1.10 benno 206: <li>Enabled <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> on arm64.
1.8 dv 207: <li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
208: switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
209: vmd(8)</a>.
210: <li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
211: would exit when requesting a new VM and hitting memory resource
212: limits.
213: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
214: corruption on Intel hosts.
215: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
216: clamping when the host has an invariant TSC.
217: <li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
218: vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
219: running guests.
220: <li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
221: vmd(8)</a> on amd64.
1.11 ! benno 222: <li>Fixed spurious abort of a VM by <a
! 223: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when the scheduler
! 224: moves a VM to a different core while it is sleeping on a lock.
! 225: <li>Fixed broken <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
! 226: "boot device cdrom" feature after a fix in seabios.
! 227: <li>Reintroduced support for <a
! 228: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> <code>start -B net
! 229: -b bsd.rd</code>, which emulates a PXE boot and performs an
! 230: autoinstall.
! 231: <li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> <a href="https://man.openbsd.org/dt.4">dt(4)</a> tracepoints amd64-only.
! 232:
1.1 deraadt 233: </ul>
234:
235: <li>Various new userland features:
236: <ul>
1.7 benno 237: <li>Added <a
238: href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
239: for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
240: use in ports.
241: <li>Removed an unused decoding of c/h/s from the MBR read from disk
242: by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
243: <li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
244: "disk" editing command.
1.11 ! benno 245: <li>Prevented the possible creation of MBRs with overlapping
! 246: partitions 0 and 3 in <a
! 247: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
! 248: <li>Allowed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
! 249: extend the default OpenBSD partition to the end of the disk, rather
! 250: than truncating at the end of the last full cylinder.
! 251: <li>Corrected checksums written by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> on big-endian architectures to be little-endian as per spec.
1.7 benno 252: <li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
253: rogue" to show daemons which are running but not set as "enabled" in
254: <a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
1.10 benno 255: <li>Allowed passing a different signal than SIGTERM in the default
256: rc_stop() function in <a
257: href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
1.11 ! benno 258: <li>Improved and simplified timer handling in <a
! 259: href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> "stop" and "reload".
! 260: <li>Implemented probe variables in BPFtrace (<a href="https://man.openbsd.org/bt.5">bt(5)</a>).
1.7 benno 261: <li>Provided common <a
262: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
263: kprofile.bt (to save kernel stackframes and produce flamegraphs) and
264: runqlat.bt (to measure the latency of the scheduler runqueues).
1.11 ! benno 265: <li>Implemented RFC6840 (AD flag processing) in the libc resolver, if
! 266: using trusted name servers specified with 'trust-ad' in <a
! 267: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
! 268: <li>Switched LLD_ARCHs (architectures using the LLVM <a
! 269: href="https://man.openbsd.org/ld.lld.1">ld.lld(1)</a> linker) to also
! 270: user the LLVM archiver <a
! 271: href="https://man.openbsd.org/llvm-ar.1">llvm-ar(1)</a>.
1.7 benno 272:
1.1 deraadt 273: </ul>
274:
275: <li>Various bugfixes and tweaks in userland:
276: <ul>
1.7 benno 277:
278: <li>Removed the constraint that <a
279: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b specified block
280: count or block size must be greater than 63.
281: <li>Stopped <a
282: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> from
283: communicating warnings starting with "XXX" which appeared to indicate
284: errors.
285: <li>Merged bugfixes from upstream into <a
286: href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
287: the prompt hiding feature (CTRL-P) and an integer overflow.
1.11 ! benno 288: <li>Fixed possible use after free with long lines in <a href="https://man.openbsd.org/less.1">less(1)</a>.
1.7 benno 289: <li>Fixed file descriptor leak of /dev/tty on <a
290: href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
291: <li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
292: <a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
293: href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
294: href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
295: implementations from NetBSD with the existing FreeBSD implementations
296: we were already using for <a
297: href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
298: href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
299: <li>Renamed Pacific/Enderbury timezone to Pacific/Kanton.
300: <li>Called <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
301: later to prevent it from killing various games using ncurses when both
302: stdout and stderr are redirected to a non-tty.
1.10 benno 303: <li>Fixed octal escape parsing in <a href="https://man.openbsd.org/tr.1">tr(1)</a> backslash().
304: <li>Added <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> support for arbitrarily long input lines.
1.11 ! benno 305: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> ignore trailing newlines when comparing lines.
! 306: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> skip() each input line only once, improving performance.
1.10 benno 307: <li>Prevented an access to uninitialized memory in <a href="https://man.openbsd.org/awk.1">awk(1)</a>.
1.11 ! benno 308: <li>Increased <a href="https://man.openbsd.org/tee.1">tee(1)</a> I/O buffer size for 8KB to 64KB.
! 309: <li>Allowed bare numbers for key and mouse bindings in <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>.
! 310: <li>Added a <a href="https://man.openbsd.org/cwm.1">cwm(1)</a> "group-last" command that shows only the previously active group.
! 311: <li>Set cpuspeed to 0 in <a href="https://man.openbsd.org/apm.8">apm(8)</a> when hw.cpuspeed cannot be retrieved.
! 312: <li>Improved performance of <a href="https://man.openbsd.org/rev.1">rev(1)</a>.
! 313: <li>Copied the <a href="https://man.openbsd.org/cos.3">cos(3)</a>
! 314: cosine software implementation from FreeBSD-13, and disabled assembly
! 315: implementations of trig functions on x86 platforms.
! 316: <li>Added optimization for tiny x in <a href="https://man.openbsd.org/cos.3">cos(3)</a> and <a href="https://man.openbsd.org/sin.3">sin(3) trigonometry functions</a>.
! 317: <li>Made <a href="https://man.openbsd.org/ed.1">ed(1)</a> flush all stdio streams before running a shell command.
! 318: <li>Prevented a file descriptor leak in <a href="https://man.openbsd.org/touch.1">touch(1)</a> after <a href="https://man.openbsd.org/futimens.2">futimens(2)</a> failure.
! 319:
1.10 benno 320:
1.7 benno 321:
1.1 deraadt 322: </ul>
323:
324: <li>Improved hardware support and driver bugfixes, including:
325: <ul>
1.7 benno 326: <li>Added support to <a
327: href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
328: Lake H and Tiger Lake H platforms.
329: <li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
330: is present with an attached <a
331: href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
332: <li>Fixed an interrupt storm on <a
333: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
334: support Energy Efficient Ethernet when connected to a switch which
335: does so as well.
336: <li>Added support for tpm2 CRB interface to <a
337: href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
338: regressions on the Surface Go 2 caused by a firmware change.
339: ` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
340: device tree with at least one page of free space to extend into. This
341: fixes booting on VMWare Fusion.
1.10 benno 342: <li>Stopped binding audio devices exposed by <a
343: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to physical
344: devices. <!-- XXX check this -->
345: <li>Fixed handling of interrupts shared between multiple <a
346: href="https://man.openbsd.org/dwiic.4">swiic(4)</a> devices.
1.11 ! benno 347: <li>Introduced <a
! 348: href="https://man.openbsd.org/iicmux.4">iicmux(4)</a>, a driver that
! 349: switches between I2C busses connected to a single I2C controller by
! 350: using the pin muxing facilities of an SoC.
! 351: <li>Introduced <a
! 352: href="https://man.openbsd.org/pcyrtc.4">pcyrtc(4)</a>, a driver for
! 353: the NXP PCF85063A/TP RTC chips.
! 354: <li>Fixed a panic when running <a
! 355: href="https://man.openbsd.org/utvfu.4">utvfu(4)</a> on <a
! 356: href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
! 357: <li>Added <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>
! 358: support for interrupts represented by ACPI PCI Interrupt Link Devices,
! 359: making PCI interrupts work on QEMU's SBSA target.
! 360: <li>Added handling of multi-port controllers to <a href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
! 361: <li>Make <a href="https://man.openbsd.org/com.4">com(4)</a> attach over <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64.
! 362: <li>Added address locators for the ACPI "bus" and used these to fix the order of the <a href="https://man.openbsd.org/com.4">com(4)</a> devices to match the traditional order on the ISA bus.
! 363: <li>Added Intel Jasper Lake to the <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> audio driver.
! 364: <li>Added Synopsys Designware UART support to <a href="https://man.openbsd.org/com.4">com(4)</a>.
! 365: <li>Fixed an issue where <a href="https://man.openbsd.org/com.4">com(4)</a> would attach for a disabled serial port leading to misdirection of the hardware variant and a subsequent hang when /etc/rc runs <a href="https://man.openbsd.org/ttyflags.8">ttyflags(8)</a> -a.
! 366: <li>Fixed <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> for Jasper Lake eMMC.
! 367: <li>Improved how quirks are handled on <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>-compatible drivers.
1.7 benno 368:
1.1 deraadt 369: </ul>
370:
371: <li>New or improved network hardware support:
372: <ul>
1.7 benno 373: <li>Added support to <a href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
374: <li>Fixed an interrupt storm on <a
375: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
376: support Energy Efficient Ethernet when connected to a switch which
377: does so as well.
1.10 benno 378: <li>Added <a href="https://man.openbsd.org/igc.4">igc(4)</a>, a
379: driver for the Intel 2.5Gb Ethernet controllers.
1.11 ! benno 380: <li>Implemented <a href="https://man.openbsd.org/em.4">em(4)</a>
! 381: support for selecting SMGII or SerDes mode depending on the plugged-in
! 382: SFP transceiver and for reading out transceiver information via <a
! 383: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
! 384: <li>Applied MP-safe changes from <a
! 385: href="https://man.openbsd.org/dwge.4">dwge(4)</a> to <a
! 386: href="https://man.openbsd.org/dwxe.4">dwxe(4)</a>.
1.7 benno 387:
1.1 deraadt 388: </ul>
389:
390: <li>Added or improved wireless network drivers:
391: <ul>
1.7 benno 392: <li>Reset the Tx timer upon validation of a BA notification sent by
393: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
394: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware.
395: <li>Prevented <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
396: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attempts to
397: transition toward the same state where this would result in a
398: redundant or illegal state transition and a potential hang.
399: <li>Fixed a panic when <a
400: href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
401: at boot time.
402: <li>Added relicensed wireless firmwares from Realtek for <a
403: href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
404: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
405: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
406: these devices to work without requiring a separate firmware download.
407: <li>Added a workaround for buggy <a
408: href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
409: filling up the node cache when used in hostap mode.
410: <li>Applied a workaround in <a
411: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
412: external abort under load with <a
413: href="https://man.openbsd.org/athn.4">athn(4)</a>.
414: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
415: performance drop after roaming between APs in 11n mode.
416: <li>Ensured <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses
417: only the HT (high throughput) frame format for data frames.
418: <li>Allowed AUTH->AUTH state transitions in the <a
419: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
420: href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers again, needed
421: if the access point uses band-steering.
422: <li>Added support for 802.11n 40MHz channels to the <a
423: href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
424: <li>Reverted to use <a
425: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
426: AC 7265, fixing instability issues on X1 Carbon gen3.
427: <li>Cached the old BSSID when roaming with <a
428: href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
429: <li>Explicitly stopped <a
430: href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack when
431: roaming between access points.
432: <li>Added initial 40MHz support to the <a
433: href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
1.10 benno 434: <li>Made <a href="https://man.openbsd.org/athn.4">athn(4)</a> attach to the Sony UWA-BR100.
435: <li>Fixed "null node" panics in <a href="https://man.openbsd.org/run.4">run(4)</a>.
436: <li>Fixed "(null node)" panics on <a href="https://man.openbsd.org/run.4">run(4)</a>.
437: <li>Fixed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> with 4965 devices.
1.11 ! benno 438: <li>Disabled active scanning on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 to prevent a device lockup.
! 439: <li>Fixed monitor mode on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
! 440: <li>Let <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
! 441: href="https://man.openbsd.org/iwm.4">iwm(4)</a> use per-Tx-queue
! 442: interface timers to ensure timeout if a particular Tx queue gets
! 443: stuck.
! 444: <li>Disabled probe requests during scans in <a
! 445: href="https://man.openbsd.org/iwx.4">iwx(4)</a> again, preventing
! 446: device timeouts for some devices.<!-- XXX stsp: whats the final state of this? ;) -->
! 447: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to new -67 firmware images.
! 448: <li>Introduced <a href="https://man.openbsd.org/mtw.4">mtw(4)</a>, a driver for MediaTek MT7601U wifi devices.
! 449: <li>Made <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> attach to PCI devices with product ID 0x31dc, part of the 9560 chip family.
! 450: <li>Disabled minimum power consumption in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> hostap mode, improving connection reliability when used as an access point.
! 451: <li>Fixed wrong pointer assignment causing the driver to read block ack request information sent by firmware from the wrong offset in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
! 452: <li>Fixed and reenabled active scans on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
1.7 benno 453:
1.1 deraadt 454: </ul>
455:
456: <li>IEEE 802.11 wireless stack improvements and bugfixes:
457: <ul>
1.7 benno 458: <li>Added <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx aggregation support.
459: <li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
460: <li>Cached the old BSSID when roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> so firmware commands can continue using it while roaming to a new AP.
461: <li>Added support for 40MHz channels to net80211 RA.
462: <li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
1.11 ! benno 463: <li>Introduced an optional driver-specific bgscan_done() handler which allows the driver to take control of the roaming teardown sequence, ensuring that race conditions between firmware state and net80211 state are avoided.<!-- XXX srsly? "net80211" is the only thing in this sentence that tells me this is about wireless! -->
! 464: <li>Implemented bgscan_done() handlers for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
! 465: <li>Taught the net80211 stack to remove corresponding frames from ic_pwrsaveq when a power-saving client decides to leave our hostap interface, preventing a panic.
1.7 benno 466:
467:
1.1 deraadt 468: </ul>
469:
470: <li>Generic network stack improvements and bugfixes:
471: <ul>
1.7 benno 472: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
1.10 benno 473: <li>Added support for PPP IPCP extensions for DNS to <a href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
1.11 ! benno 474: <li>Added display of DNS information from <a href="https://man.openbsd.org/sppp.4">sppp(4)</a> to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
! 475: <li>Switched to calculating <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> session duration using system uptime rather than UTC.
! 476: <li>Made "set skip on ..." in <a
! 477: href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> dynamic, with
! 478: this, "set skip" can be used on interfaces that are not configured
! 479: yet.
! 480: <li>Fixed <a href="https://man.openbsd.org/veb.4">veb(4)</a> vport handling to prevent improper drop of packets leaving a vport interface.
! 481:
1.1 deraadt 482: </ul>
483:
484: <li>Installer and upgrade improvements:
485: <ul>
1.7 benno 486: <li>Corrected installer to use "inet autoconf" properly for <a
487: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
488: <li>Stopped prompting whether to fall back to HTTP in the installer, making the fallback automatic.
489: <li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
490: "join" command by default in <a
491: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
492: replacing the old "nwid".
1.10 benno 493: <li>Documented <a
494: href="https://man.openbsd.org/install.site.5">install.site(5)</a>,
495: OpenBSD installation and upgrade customization.
496: <li>Corrected "!" escape handling in the installer when accepting WEP/WPA passphrase.
497: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -e work with ramdisk kernels.
1.11 ! benno 498: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -c
! 499: cmdfile use lines from the command file for all input, not just
! 500: commands. This allows complex actions like changing device parameters.
! 501: <li>Prevented a potential race which could make <a
! 502: href="https://man.openbsd.org/umount.8">umount(8)</a> fail spuriously
! 503: in the installer.
! 504: <li>Returned to a shell-script based <a
! 505: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>, written
! 506: to be usable by the install script, allowing earlier retrieval of
! 507: downloaded firmwares.
! 508: <li>Stopped <a
! 509: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> from
! 510: downloading SHA256.sig when not needed, to allow installing local
! 511: files without network access.
! 512: <li>Modified the installer to use <a
! 513: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to install
! 514: non-free firmware files if present on the install media.
! 515: <li>Made <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> re-download existing files with failed checksums.
1.7 benno 516:
1.1 deraadt 517: </ul>
518:
519: <li>Security improvements:
520: <ul>
1.7 benno 521: <li>Cleared length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
522: <li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
523: <li>Fixed double free after allocation failure in <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
524: <li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
525: <li>Fixed a panic by prohibiting renames of tmpfs mount-points.
526: <li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> use after free with unsaved buffer. <!-- XXX move? -->
1.10 benno 527: <li>Disabled <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> mouse tracking by default.
1.11 ! benno 528: <li>On arm64 architectures, used "rng-seed" and "kaslr-seed" properties from the device tree to mix extra entropy into the random pool.
! 529: <li>Restricted <a
! 530: href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a
! 531: href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> file
! 532: system access with <a
! 533: href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
! 534: <li>Updated libexpat to 2.4.4, fixing CVE-2022-23852 and CVE-2022-23990.
1.1 deraadt 535: </ul>
536:
537: <li>Routing daemons and other userland network improvements:
538: <ul>
1.11 ! benno 539:
! 540: <!-- openrsync -->
1.10 benno 541: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
542: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --max-size and --min-size.
543: <li>Limited the number of <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> processes being spawned by <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 16.
1.11 ! benno 544:
! 545: <!-- DNS: unwind/unbound/nsd -->
! 546: <li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
1.7 benno 547: <li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
1.11 ! benno 548: <li>Installed missing scope identifiers for IPv6 link-local addresses for <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> and <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>.
! 549: <li>Allowed interface names as scope-id in IPv6 link-local addresses in <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
! 550:
! 551: <!-- httpd/relayd -->
! 552: <li>Fixed <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> to respond with 400 Bad Request when a client sends header lines without a colon.
! 553: <li>Added protocol version checking to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
! 554: <li>Fixed crashes in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
1.7 benno 555: <li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
1.10 benno 556: <li>Corrected <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> version string checking, responding with 505 Version Not Supported rather than 400 Bad Request when the version format is incorrect.
1.7 benno 557: <li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
558: <li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, stopped sending content alongside responses to HEAD requests.
559: <li>Added <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> custom error page facility.
1.11 ! benno 560:
! 561: <!-- iked/IPSEC -->
1.10 benno 562: <li>Made <a href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> proto config option accept a list to allow specifying multiple protocols for a single policy.
563: <li>Fixed broken key exchange negotiation with matching proposals in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
1.11 ! benno 564: <li>Added <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> "show certinfo" to show trusted CAs and certificates.
! 565: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -V to display the version.
! 566: <li>Fixed removal of SAs that could not be flushed with <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -F.
! 567: <li>Fixed a bug where <a href="https://man.openbsd.org/iked.8">iked(8)</a> sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
! 568: <li>Changed <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to log a warning when proto is NULL rather than dereferencing it.
! 569:
! 570:
! 571: <!-- bgpd/rpki-client -->
1.10 benno 572: <li>Limited <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> HTTP requests to 2GB of data.
573: <li>Published <a href="https://man.openbsd.org/rpki-client.8">rpki-client</a> 7.5.
574: <li>Limited the number of publication points under a given TAL in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
1.11 ! benno 575: <li>Introduced a validated cache which holds all the files successfully verified by <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
! 576: <li>Allowed <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to display more than one file in -f mode.
! 577: <li>Allowed rsync:// URIs as files in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -f mode.
! 578: <li>Properly handled .mft files in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>, preventing replay attacks using old but still valid files.
! 579:
! 580: <!-- others -->
! 581: <li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
! 582: <li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
! 583: <li>Made the <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> host name DHCP option configurable.
! 584: <li>Prevented a crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> due to updating an interface which no longer exists.
! 585: <li>Fix <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, create permissions are required for databases.
! 586: <li>Made <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> start listening on interface in 'down' state. Interfaces can come up later, at which point dhcpd(8) will start receiving packets.
! 587: <li>Added a basic printer for EAPOL packets to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.10 benno 588:
1.7 benno 589:
590:
1.1 deraadt 591: </ul>
592:
593: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
594: <ul>
1.7 benno 595: <li>Fixed a crash in <a
596: href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
597: multiple clients is destroyed but tmux does not close completely due
598: to other sessions.
599: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
600: redraw problem on automargin terminals.
601: <li>Fixed a problem with repeat in <a
602: href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
603: <li>Added -T to set a popup title in <a
604: href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
605: <li>Added -s and -S to <a
606: href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
607: popup and border style.
608: <li>Fixed application-set fg and bg in <a
609: href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
610: <li>Added a way to force a color to RGB in <a
611: href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
612: display it.
1.10 benno 613: <li>Added a cursor-colour option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
614: <li>Added a cursor-style option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.11 ! benno 615: <li>Added a pane-border-format pane option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
! 616: <li>Added attempts to turn on less-capable mouse modes when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> turns on more-capable ones, in case the terminal doesn't support the desired mode.
1.7 benno 617:
1.1 deraadt 618: </ul>
619:
1.4 benno 620: <li>OpenSMTPD version <!--- XXX --->
1.1 deraadt 621: <ul>
622: </ul>
623:
1.4 benno 624: <li>LibreSSL version <!--- XXX --->
1.1 deraadt 625: <ul>
626: <li>New Features
627: <ul>
1.9 inoguchi 628: <li>The RFC 3779 API was ported from OpenSSL.<br>
629: Many bugs were fixed, regression tests were added and the code was cleaned up.
630: <li>Certificate Transparency was ported from OpenSSL.<br>
631: Many internal improvements were made, resulting in cleaner and safer code.<br>
632: Regress coverage was added. libssl does not yet make use of it.
1.1 deraadt 633: </ul>
634:
635: <li>Portable Improvements
636: <ul>
1.9 inoguchi 637: <li>Enabled ASAN CI on Linux platform.<br>
638: Thanks to Ilya Shipitsin (chipitsine <at> gmail com).
639: <li>Fixed various POSIX compliance and other portability issues<br>
640: found by the port to the Sortix operating system.
641: <li>Add libmd as platform specific libraries for Solaris.<br>
642: Issue reported from (ihsan <at> opencsw org) on libressl ML.
643: <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
644: Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
645: <li>Enabled and scheduled Coverity scan.<br>
646: Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github.
1.1 deraadt 647: </ul>
648:
1.9 inoguchi 649: <li>Compatibility Changes
650: <ul>
651: <li>Most structs that were previously defined in the following headers
652: are now opaque as they are in OpenSSL 1.1:<br>
653: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
654: x509.h, x509v3.h, x509_vfy.h
655: <li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
656: OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
657: of using something consistent with the previous naming.<br>
658: Various test suites expect these names (instead of checking for the much
659: more sensible cipher numbers).<br>
660: The old names are still accepted as aliases.
661: <li>Subject alternative names and name constraints are now validated
662: when they are added to certificates.<br>
663: Various interoperability problems with stacks that validate
664: certificates more strictly than OpenSSL can be avoided this way.
665: <li>Attempt to opportunistically use the host name for SNI in s_client
666: </ul>
667:
668: <li>Bug fixes
1.1 deraadt 669: <ul>
1.9 inoguchi 670: <li>Avoid infinite loop for custom curves of order 1.<br>
671: Found and reported with a reproducer by Hanno Boeck.
672: Helpful comments and analysis from David Benjamin.
673: <li>Avoid infinite loop on parsing DSA private keys.<br>
674: Issue reported with reproducers by Hanno Boeck.
675: Additional variants and analysis by David Benjamin.
676: <li>A malicious certificate can cause an infinite loop.<br>
677: Reported by and fix from Tavis Ormandy and David Benjamin, Google.
678: <li>In some situations, the verifier would discard the error on an
679: unvalidated certificate chain.<br>
680: This would happen when the verification callback was in use,
681: instructing the verifier to continue unconditionally.<br>
682: This could lead to incorrect decisions being made in software.
683: <li>Avoid an infinite loop in SSL_shutdown()
684: <li>Fix another return 0 bug in SSL_shutdown()
685: <li>Handle zero byte reads/writes that trigger handshakes in the
686: TLSv1.3 stack
687: <li>A long standing memleak in libtls CRL handling was fixed
1.1 deraadt 688: </ul>
689:
1.9 inoguchi 690: <li>Internal Improvements
1.1 deraadt 691: <ul>
1.9 inoguchi 692: <li>Cache the SHA-512 hash instead of the SHA-1 hash and cache
693: notBefore and notAfter times when X.509 certificates are parsed.
694: <li>The X.509 lookup code has been simplified and cleaned up.
695: <li>Fixed numerous issues flagged by coverity and the cryptofuzz project
696: <li>Increased the number of Miller-Rabin checks in DH and DSA
697: key/parameter generation
698: <li>Started using the bytestring API in libcrypto for cleaner and
699: safer code
700: <li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
701: ASN1
702: <li>Convert ASN1_OBJECT_new() to calloc()
703: <li>Convert ASN1_STRING_type_new() to calloc()
704: <li>Rewrite ASN1_STRING_cmp()
705: <li>Use calloc() for X509_CRL_METHOD_new() instead of malloc()
706: <li>Convert ASN1_PCTX_new() to calloc()
707: <li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
708: <li>Consolidate {d2i,i2d}_{pr,pu}.c
709: <li>Remove handling of a NULL BUF_MEM from asn1_collect()
710: <li>Pull the recursion depth check up to the top of asn1_collect()
711: <li>Inline collect_data() in asn1_collect()
712: <li>Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
713: <li>Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
714: <li>Consolidate ASN.1 universal tag type data
715: <li>Rewrite ASN.1 identifier/length parsing in CBS
716: <li>Make OBJ_obj2nid() work correctly with NID_undef
717: <li>tlsext_tick_lifetime_hint is now an uint32_t
718: <li>Untangle ssl3_get_message() return values
719: <li>Rename tls13_buffer to tls_buffer
720: <li>Fold DTLS_STATE_INTERNAL into DTLS1_STATE
721: <li>Provide a way to determine our maximum legacy version
722: <li>Mop up enc_read_ctx and read_hash
723: <li>Fold SSL_SESSION_INTERNAL into SSL_SESSION
724: <li>Use ssl_force_want_read in the DTLS code
725: <li>Add record processing limit to DTLS code
726: <li>Add explicit CBS_contains_zero_byte() check in CBS_strdup()
727: <li>Improve SNI hostname validation
728: <li>Ensure SSL_set_tlsext_host_name() is given a valid hostname
729: <li>Fix a strange check in the auto DH codepath
730: <li>Factor out/rewrite DHE key exchange
731: <li>Convert server serialisation of DHE parameters/public key to new
732: functions
733: <li>Check DH public key in ssl_kex_peer_public_dhe()
734: <li>Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
735: <li>Clean up and refactor server side DHE key exchange
736: <li>Provide CBS_get_last_u8()
737: <li>Provide CBS_get_u64()
738: <li>Provide CBS_add_u64()
739: <li>Provide various CBS_peek_* functions
740: <li>Use CBS_get_last_u8() to find the content type in TLSv1.3 records
741: <li>unifdef TLS13_USE_LEGACY_CLIENT_AUTH
742: <li>Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
743: <li>Only allow zero length key shares when we know we're doing HRR
744: <li>Pull key share group/length CBB code up from
745: tls13_key_share_public()
746: <li>Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
747: validation
748: <li>Return 0 on failure from send/get kex functions in the legacy
749: stack
750: <li>Rename tls13_key_share to tls_key_share
751: <li>Allocate and free the EVP_AEAD_CTX struct in
752: tls13_record_protection
753: <li>Convert legacy TLS client to tls_key_share
754: <li>Convert legacy TLS server to tls_key_share
755: <li>Stop attempting to duplicate the public and private key of dh_tmp
756: <li>Rename dh_tmp to dhe_params
757: <li>Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
758: <li>Clean up pkey handling in ssl3_get_server_key_exchange()
759: <li>Fix GOST skip certificate verify handling
760: <li>Simplify tlsext_keyshare_server_parse()
761: <li>Plumb decode errors through key share parsing code
762: <li>Simplify SSL_get_peer_certificate()
763: <li>Cleanup/simplify ssl_cert_type()
764: <li>The S3I macro was removed
765: <li>The openssl(1) cms, smime and ts subcommands option handling was
766: converted and the C source was cleaned up.
1.1 deraadt 767: </ul>
768:
1.9 inoguchi 769: <li>Documentation improvements
1.1 deraadt 770: <ul>
1.9 inoguchi 771: <li>45 new manual pages, most of which were written from scratch.<br>
772: Documentation coverage of ASN.1 and X.509 code has been
773: significantly improved.
1.1 deraadt 774: </ul>
775:
1.9 inoguchi 776: <li>API additions and removals
1.1 deraadt 777: <ul>
1.9 inoguchi 778: <li>libssl
779: <ul>
780: <li>API additions
781: <ul>
782: <li>SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
783: </ul>
784: <li>API stubs for compatibility
785: <ul>
786: <li>SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets<br>
787: SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets<br>
788: SSL_get_num_tickets SSL_set_num_tickets
789: </ul>
790: </ul>
791: <li>libcrypto
792: <ul>
793: <li>added API (some of these were previously available as macros):
794: <ul>
795: <li>ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free<br>
796: ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new<br>
797: ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex<br>
798: BIO_get_init BIO_set_callback_ex BIO_set_next<br>
799: BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old<br>
800: BN_abs_is_word BN_get_flags BN_is_negative<br>
801: BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags<br>
802: BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free<br>
803: CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file<br>
804: CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free<br>
805: CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key<br>
806: CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free<br>
807: CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer<br>
808: CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time<br>
809: CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert<br>
810: CT_POLICY_EVAL_CTX_set1_issuer<br>
811: CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE<br>
812: CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key<br>
813: DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g<br>
814: DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q<br>
815: ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free<br>
816: EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst<br>
817: EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data<br>
818: EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx<br>
819: EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new<br>
820: EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup<br>
821: EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final<br>
822: EVP_MD_meth_set_flags EVP_MD_meth_set_init<br>
823: EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size<br>
824: EVP_MD_meth_set_update EVP_PKEY_asn1_set_check<br>
825: EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check<br>
826: EVP_PKEY_check EVP_PKEY_meth_set_check<br>
827: EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check<br>
828: EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode<br>
829: FIPS_mode_set IPAddressChoice_free IPAddressChoice_new<br>
830: IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free<br>
831: IPAddressOrRange_new IPAddressRange_free IPAddressRange_new<br>
832: OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id<br>
833: OCSP_resp_get0_produced_at OCSP_resp_get0_respdata<br>
834: OCSP_resp_get0_signature OCSP_resp_get0_signer<br>
835: OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional<br>
836: RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp<br>
837: RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q<br>
838: SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free<br>
839: SCT_get0_extensions SCT_get0_log_id SCT_get0_signature<br>
840: SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source<br>
841: SCT_get_timestamp SCT_get_validation_status SCT_get_version<br>
842: SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions<br>
843: SCT_set0_log_id SCT_set0_signature SCT_set1_extensions<br>
844: SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type<br>
845: SCT_set_signature_nid SCT_set_source SCT_set_timestamp<br>
846: SCT_set_version SCT_validate SCT_validation_status_string<br>
847: X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey<br>
848: X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject<br>
849: X509_STORE_CTX_get_num_untrusted<br>
850: X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify<br>
851: X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain<br>
852: X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth<br>
853: X509_STORE_CTX_set_verify X509_STORE_get_verify<br>
854: X509_STORE_get_verify_cb X509_STORE_set_verify<br>
855: X509_get_X509_PUBKEY X509_get_extended_key_usage<br>
856: X509_get_extension_flags X509_get_key_usage<br>
857: X509v3_addr_add_inherit X509v3_addr_add_prefix<br>
858: X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi<br>
859: X509v3_addr_get_range X509v3_addr_inherits<br>
860: X509v3_addr_is_canonical X509v3_addr_subset<br>
861: X509v3_addr_validate_path X509v3_addr_validate_resource_set<br>
862: X509v3_asid_add_id_or_range X509v3_asid_add_inherit<br>
863: X509v3_asid_canonize X509v3_asid_inherits<br>
864: X509v3_asid_is_canonical X509v3_asid_subset<br>
865: X509v3_asid_validate_path X509v3_asid_validate_resource_set<br>
866: d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers<br>
867: d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily<br>
868: d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST<br>
869: i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers<br>
870: i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily<br>
871: i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST<br>
872: i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT<br>
873: i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
874: </ul>
875: <li>removed API:
876: <ul>
877: <li>ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss<br>
878: EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init<br>
879: NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new<br>
880: NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free<br>
881: NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit<br>
882: PEM_SealUpdate PEM_read_X509_CERT_PAIR<br>
883: PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR<br>
884: PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free<br>
885: X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb<br>
886: asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore<br>
887: asn1_enc_save asn1_ex_c2i asn1_get_choice_selector<br>
888: asn1_get_field_ptr asn1_set_choice_selector check_defer<br>
889: d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY<br>
890: d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET<br>
891: d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY<br>
892: i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET<br>
893: i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
894: </ul>
895: </ul>
1.1 deraadt 896: </ul>
897: </ul>
898:
1.4 benno 899: <li>OpenSSH version <!--- XXX --->
1.1 deraadt 900: <ul>
901: <li>Security
902: <ul>
1.4 benno 903: <li>...
1.1 deraadt 904: </ul>
905: <li>Potentially incompatible changes
906: <ul>
1.4 benno 907: <li>...
1.1 deraadt 908: </ul>
909:
910: <li>New features
911: <ul>
1.4 benno 912: <li>...
1.1 deraadt 913: </ul>
914:
915: <li>Bugfixes
916: <ul>
1.4 benno 917: <li>...
1.1 deraadt 918: </ul>
919: </ul>
920:
1.4 benno 921: <li>mandoc version <!--- XXX --->
1.1 deraadt 922: <ul>
1.4 benno 923: <li>...
1.1 deraadt 924: </ul>
925:
926: <li>Ports and packages:
927: <p>Many pre-built packages for each architecture:
928: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
929: <ul style="column-count: 3">
930: <li>aarch64: XXXX
931: <li>amd64: XXXX
932: <li>arm: XXXX
933: <li>i386: XXXX
934: <li>mips64: XXXX
935: <li>powerpc: XXXX
936: <li>powerpc64: XXXX
937: <li>riscv64: XXXX
938: <li>sparc64: XXXX
939: </ul>
940:
941: <p>Some highlights:
942: <ul style="column-count: 3">
1.5 jsg 943: <li>Asterisk 19.3.1
1.1 deraadt 944: <li>Audacity 2.4.2
945: <li>CMake 3.20.3
1.5 jsg 946: <li>Chromium 100.0.4896.75
1.1 deraadt 947: <li>Emacs 27.2
1.5 jsg 948: <li>FFmpeg 4.4.1
1.1 deraadt 949: <li>GCC 8.4.0 and 11.2.0
950: <li>GHC 8.10.6
1.5 jsg 951: <li>GNOME 41.5
952: <li>Go 1.17.7
953: <li>JDK 8u322, 11.0.14 and 17.0.2
954: <li>KDE Applications 21.12.2
955: <li>KDE Frameworks 5.91.0
956: <li>Krita 5.0.2
957: <li>LLVM/Clang 13.0.0
958: <li>LibreOffice 7.3.2.2
1.1 deraadt 959: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.5 jsg 960: <li>MariaDB 10.6.7
1.1 deraadt 961: <li>Mono 6.12.0.122
1.5 jsg 962: <li>Mozilla Firefox 99.0 and ESR 91.8.0
963: <li>Mozilla Thunderbird 91.8.0
964: <li>Mutt 2.2.2 and NeoMutt 20211029
965: <li>Node.js 16.14.2
966: <li>OCaml 4.12.1
1.1 deraadt 967: <li>OpenLDAP 2.4.59
1.5 jsg 968: <li>PHP 7.4.28, 8.0.17 and 8.1.4
969: <li>Postfix 3.5.14
970: <li>PostgreSQL 14.2
971: <li>Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4
1.1 deraadt 972: <li>Qt 5.15.2 and 6.0.4
1.5 jsg 973: <li>R 4.1.2
974: <li>Ruby 2.7.5, 3.0.3 and 3.1.1
975: <li>Rust 1.59.0
976: <li>SQLite 2.8.17 and 3.38.2
977: <li>Shotcut 21.10.31
978: <li>Sudo 1.9.10
979: <li>Suricata 6.0.4
1.1 deraadt 980: <li>Tcl/Tk 8.5.19 and 8.6.8
1.5 jsg 981: <li>TeX Live 2021
982: <li>Vim 8.2.4600 and Neovim 0.6.1
1.1 deraadt 983: <li>Xfce 4.16
984: </ul>
985: <p>
986:
987: <li>As usual, steady improvements in manual pages and other documentation.
988:
989: <li>The system includes the following major components from outside suppliers:
990: <ul>
1.5 jsg 991: <li>Xenocara (based on X.Org 7.7 with xserver 1.21.1.3 + patches,
992: freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369,
1.1 deraadt 993: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1.5 jsg 994: <li>LLVM/Clang 13.0.0 (+ patches)
1.1 deraadt 995: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
996: <li>Perl 5.32.1 (+ patches)
1.5 jsg 997: <li>NSD 4.4.0
998: <li>Unbound 1.15.0
1.1 deraadt 999: <li>Ncurses 5.7
1000: <li>Binutils 2.17 (+ patches)
1001: <li>Gdb 6.3 (+ patches)
1.10 benno 1002: <li>Awk October 12, 2021
1.5 jsg 1003: <li>Expat 2.4.7
1.1 deraadt 1004: </ul>
1005:
1006: </ul>
1007: </section>
1008:
1009: <hr>
1010:
1011: <section id=install>
1012: <h3>How to install</h3>
1013: <p>
1014: Please refer to the following files on the mirror site for
1015: extensive details on how to install OpenBSD 7.1 on your machine:
1016:
1017: <ul>
1018: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
1019: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
1020: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
1021: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
1022: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
1023: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
1024: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
1025: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
1026: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
1027: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
1028: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
1029: .../OpenBSD/7.1/i386/INSTALL.i386</a>
1030: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
1031: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
1032: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
1033: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
1034: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
1035: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
1036: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
1037: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
1038: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
1039: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
1040: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
1041: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
1042: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
1043: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
1044: </ul>
1045: </section>
1046:
1047: <hr>
1048:
1049: <section id=quickinstall>
1050: <p>
1051: Quick installer information for people familiar with OpenBSD, and the use of
1052: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1053: If you are at all confused when installing OpenBSD, read the relevant
1054: INSTALL.* file as listed above!
1055:
1056: <h3>OpenBSD/alpha:</h3>
1057:
1058: <p>
1059: If your machine can boot from CD, you can write <i>install71.iso</i> or
1060: <i>cd71.iso</i> to a CD and boot from it.
1061: Refer to INSTALL.alpha for more details.
1062:
1063: <h3>OpenBSD/amd64:</h3>
1064:
1065: <p>
1066: If your machine can boot from CD, you can write <i>install71.iso</i> or
1067: <i>cd71.iso</i> to a CD and boot from it.
1068: You may need to adjust your BIOS options first.
1069:
1070: <p>
1071: If your machine can boot from USB, you can write <i>install71.img</i> or
1072: <i>miniroot71.img</i> to a USB stick and boot from it.
1073:
1074: <p>
1075: If you can't boot from a CD, floppy disk, or USB,
1076: you can install across the network using PXE as described in the included
1077: INSTALL.amd64 document.
1078:
1079: <p>
1080: If you are planning to dual boot OpenBSD with another OS, you will need to
1081: read INSTALL.amd64.
1082:
1083: <h3>OpenBSD/arm64:</h3>
1084:
1085: <p>
1086: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
1087: after connecting to the serial console. Refer to INSTALL.arm64 for more
1088: details.
1089:
1090: <h3>OpenBSD/armv7:</h3>
1091:
1092: <p>
1093: Write a system specific miniroot to an SD card and boot from it after connecting
1094: to the serial console. Refer to INSTALL.armv7 for more details.
1095:
1096: <h3>OpenBSD/hppa:</h3>
1097:
1098: <p>
1099: Boot over the network by following the instructions in INSTALL.hppa or the
1100: <a href="hppa.html#install">hppa platform page</a>.
1101:
1102: <h3>OpenBSD/i386:</h3>
1103:
1104: <p>
1105: If your machine can boot from CD, you can write <i>install71.iso</i> or
1106: <i>cd71.iso</i> to a CD and boot from it.
1107: You may need to adjust your BIOS options first.
1108:
1109: <p>
1110: If your machine can boot from USB, you can write <i>install71.img</i> or
1111: <i>miniroot71.img</i> to a USB stick and boot from it.
1112:
1113: <p>
1114: If you can't boot from a CD, floppy disk, or USB,
1115: you can install across the network using PXE as described in
1116: the included INSTALL.i386 document.
1117:
1118: <p>
1119: If you are planning on dual booting OpenBSD with another OS, you will need to
1120: read INSTALL.i386.
1121:
1122: <h3>OpenBSD/landisk:</h3>
1123:
1124: <p>
1125: Write <i>miniroot71.img</i> to the start of the CF
1126: or disk, and boot normally.
1127:
1128: <h3>OpenBSD/luna88k:</h3>
1129:
1130: <p>
1131: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1132: from the PROM, and then bsd.rd from the bootloader.
1133: Refer to the instructions in INSTALL.luna88k for more details.
1134:
1135: <h3>OpenBSD/macppc:</h3>
1136:
1137: <p>
1138: Burn the image from a mirror site to a CDROM, and power on your machine
1139: while holding down the <i>C</i> key until the display turns on and
1140: shows <i>OpenBSD/macppc boot</i>.
1141:
1142: <p>
1143: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1144: /7.1/macppc/bsd.rd</i>
1145:
1146: <h3>OpenBSD/octeon:</h3>
1147:
1148: <p>
1149: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1150: Refer to the instructions in INSTALL.octeon for more details.
1151:
1152: <h3>OpenBSD/powerpc64:</h3>
1153:
1154: <p>
1155: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1156: USB stick, plug it into the machine and choose the <i>OpenBSD
1157: install</i> menu item in Petitboot.
1158: Refer to the instructions in INSTALL.powerpc64 for more details.
1159:
1160: <h3>OpenBSD/riscv64:</h3>
1161:
1162: <p>
1163: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1164: USB stick, and boot with that drive plugged in.
1165: Make sure you also have the microSD card plugged in that shipped with the
1166: HiFive Unmatched board.
1167: Refer to the instructions in INSTALL.riscv64 for more details.
1168:
1169: <h3>OpenBSD/sparc64:</h3>
1170:
1171: <p>
1172: Burn the image from a mirror site to a CDROM, boot from it, and type
1173: <i>boot cdrom</i>.
1174:
1175: <p>
1176: If this doesn't work, or if you don't have a CDROM drive, you can write
1177: <i>floppy71.img</i> or <i>floppyB71.img</i>
1178: (depending on your machine) to a floppy and boot it with <i>boot
1179: floppy</i>. Refer to INSTALL.sparc64 for details.
1180:
1181: <p>
1182: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1183: will most likely fail.
1184:
1185: <p>
1186: You can also write <i>miniroot71.img</i> to the swap partition on
1187: the disk and boot with <i>boot disk:b</i>.
1188:
1189: <p>
1190: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1191: </section>
1192:
1193: <hr>
1194:
1195: <section id=upgrade>
1196: <h3>How to upgrade</h3>
1197: <p>
1.6 tj 1198: If you already have an OpenBSD 7.0 system, and do not want to reinstall,
1.1 deraadt 1199: upgrade instructions and advice can be found in the
1200: <a href="faq/upgrade71.html">Upgrade Guide</a>.
1201: </section>
1202:
1203: <hr>
1204:
1205: <section id=sourcecode>
1206: <h3>Notes about the source code</h3>
1207: <p>
1208: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1209: This file contains everything you need except for the kernel sources,
1210: which are in a separate archive.
1211: To extract:
1212: <blockquote><pre>
1213: # <kbd>mkdir -p /usr/src</kbd>
1214: # <kbd>cd /usr/src</kbd>
1215: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1216: </pre></blockquote>
1217: <p>
1218: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1219: This file contains all the kernel sources you need to rebuild kernels.
1220: To extract:
1221: <blockquote><pre>
1222: # <kbd>mkdir -p /usr/src/sys</kbd>
1223: # <kbd>cd /usr/src</kbd>
1224: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1225: </pre></blockquote>
1226: <p>
1227: Both of these trees are a regular CVS checkout. Using these trees it
1228: is possible to get a head-start on using the anoncvs servers as
1229: described <a href="anoncvs.html">here</a>.
1230: Using these files
1231: results in a much faster initial CVS update than you could expect from
1232: a fresh checkout of the full OpenBSD source tree.
1233: </section>
1234:
1235: <hr>
1236:
1237: <section id=ports>
1238: <h3>Ports Tree</h3>
1239: <p>
1240: A ports tree archive is also provided. To extract:
1241: <blockquote><pre>
1242: # <kbd>cd /usr</kbd>
1243: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1244: </pre></blockquote>
1245: <p>
1246: Go read the <a href="faq/ports/index.html">ports</a> page
1247: if you know nothing about ports
1248: at this point. This text is not a manual of how to use ports.
1249: Rather, it is a set of notes meant to kickstart the user on the
1250: OpenBSD ports system.
1251: <p>
1252: The <i>ports/</i> directory represents a CVS checkout of our ports.
1253: As with our complete source tree, our ports tree is available via
1254: <a href="anoncvs.html">AnonCVS</a>.
1255: So, in order to keep up to date with the -stable branch, you must make
1256: the <i>ports/</i> tree available on a read-write medium and update the tree
1257: with a command like:
1258: <blockquote><pre>
1259: # <kbd>cd /usr/ports</kbd>
1260: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1261: </pre></blockquote>
1262: <p>
1263: [Of course, you must replace the server name here with a nearby anoncvs
1264: server.]
1265: <p>
1266: Note that most ports are available as packages on our mirrors. Updated
1267: ports for the 7.1 release will be made available if problems arise.
1268: <p>
1269: If you're interested in seeing a port added, would like to help out, or just
1270: would like to know more, the mailing list
1271: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1272: </section>