Annotation of www/71.html, Revision 1.2
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.1</title>
6: <meta name="description" content="OpenBSD 7.1">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/71.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.1
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/xxx.png">
21: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
22: <td>
23: Released May ?, 2022. (52st OpenBSD release)<br>
24: Copyright 1997-2022, Theo de Raadt.<br>
25: <br>
26: Artwork by ??? ???..
27: <br>
28: <ul>
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus71.html">detailed log of changes</a> between the
36: 7.0 and 7.1 releases.
37: <p>
38: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
39: pubkeys for this release:<p>
40:
41: <table class=signify>
42: <tr><td>
43: openbsd-71-base.pub:
44: <td>
45: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
46: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
47: <tr><td>
48: openbsd-71-fw.pub:
49: <td>
50: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
51: <tr><td>
52: openbsd-71-pkg.pub:
53: <td>
54: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
55: <tr><td>
56: openbsd-71-syspatch.pub:
57: <td>
58: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
59: </table>
60: </ul>
61: <p>
62: All applicable copyrights and credits are in the src.tar.gz,
63: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
64: files fetched via <code>ports.tar.gz</code>.
65: </table>
66:
67: <hr>
68:
69: <section id=new>
70: <h3>What's New</h3>
71: <p>
72: This is a partial list of new features and systems included in OpenBSD 7.1.
73: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
74: to 7.1.
75:
76: <ul>
77:
78: <!-- replace all of this
79:
80: <li>New/extended platforms:
81: <ul>
82: <li>Added new <a href="riscv64.html">riscv64</a> platform for 64-bit RISC-V systems.
83: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
84: <ul>
85: <li>Support for Apple Silicon Macs has improved but is not ready for general use yet:
86: <ul>
87: <li>Added support for installing on a disk with a GPT.
88: <li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
89: <li>Added <a href="https://man.openbsd.org/apldwusb.4">apldwusb(4)</a>, a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
90: <li>Added <a href="https://man.openbsd.org/aplns.4">aplns(4)</a> to provide support for Apple NVME storage as found in Apple M1 devices.
91: <li>Added <a href="https://man.openbsd.org/aplpinctrl.4">aplpinctrl(4)</a>, a driver for the Apple GPIO controller found on the M1 SoCs.
92: <li>Added <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a>, a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
93: <li>Added <a href="https://man.openbsd.org/aplspmi.4">aplspmi(4)</a>, a driver for the Apple SPMI controller.
94: </ul>
95: <li>Enabled LEDs for the <a href="https://man.openbsd.org/mue.4">mue(4)</a> LAN7800 chip as found on the Raspberry Pi 3 Model B+.
96: <li>Added <a href="https://man.openbsd.org/rktcphy.4">rktcphy(4)</a>, a driver for the Type-C PHY controller found on the Rockchip RK3399.
97: <li>Implemented multicast support in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
98: </ul>
99: <li>Changes on other architectures:
100: <ul>
101: <li>Switched <a href="macppc.html">macppc</a> to use <a href="https://man.openbsd.org/ld.lld">ld.lld(1)</a>.
102: <li>Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
103: <li>Made <a href="amd64.html">amd64</a> hw.setperf percentages proportional to the enhanced
104: speed step frequencies on Intel processors. The default hw.setperf=99
105: corresponds to the maximum ordinary speed, and setting it to 100
106: enables turbo mode.
107: <li>Enabled <a href="https://man.openbsd.org/cy.4">cy(4)</a> on amd64.
108: <li>Disabled base-gcc on amd64.
109: <li>Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
110: <li>Prevented a kernel panic in sparc64 due to page boundary misalignment.
111: <li>Forced <a href="luna88k.html">luna88k</a> to use the serial console when no graphics board is found.
112: <li>Made additional free inodes on luna88k bsd.rd by specifying density=4096.
113: <li>Fixed strchr() and strrchr() on <a href="mips64.html">mips64</a>.
114: <li>Prevented watchdog resets on some i.MX 64-bit machines with a
115: recent U-Boot and watchdog enabled on boot in <a
116: href="https://man.openbsd.org/imxdog.8">imxdog(8)</a>.
117: <li>Created audio devices on <a href="armv7.html">armv7</a>.
118: <li>Retired OpenBSD/<a href="sgi.html">sgi</a> platform.
119: <li>Enabled MSI-X support for <a href="powerpc64.html">powerpc64</a>.
120: <li>Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
121: <li>Increased the maximum data size on powerpc64 to 32GB.
122: <li>Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB on amd64.
123: <li>Added <a href="https://man.openbsd.org/cduart.4">cduart(4)</a> driver for Cadence Universal Asynchronous Receiver/Transmitter on armv7.
124: <li>Added <a href="https://man.openbsd.org/armv7/zqclock.4">zqclock(4)</a> driver for Xilinx Zynq-7000 clock controller on armv7.
125: <li>Added <a href="https://man.openbsd.org/armv7/zqreset.4">zqreset(4)</a> driver for Xilinx Zynq-7000 reset controller on armv7.
126: </ul>
127: </ul>
128:
129: <li>Various kernel improvements:
130: <ul>
131: <li>Unlocked the top part of the VM fault handler on i386.
132: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> for GENERIC kernels on amd64, arm64, i386, sparc64, and powerpc64.
133: <li>Added kprobes provider for <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
134: <li>Implemented < and > operators in <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> filters.
135: <li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
136: display of time spent in userland when analyzing the kernel stack in
137: the flame graph tool and fixed a parsing bug.
138: <li>Introduced /etc/<a
139: href="https://man.openbsd.org/bsd.re-config.5">bsd.re-config(5)</a>,
140: which can be used to configure the kernel using <a
141: href="https://man.openbsd.org/config.8">config(8)</a>, allowing use of
142: KARL while making changes to the GENERIC kernel.
143: <li>Identify TPM 2.0 devices and perform the 2.0-specific
144: suspend command, allowing the ThinkPad X1 Carbon Gen 9 and
145: ThinkPad X1 Nano with the latest BIOS (which added S3) to resume.
146: <li>Changed the printing of the hibernate image size from bytes to megabytes.
147: <li>Increased hibernate writeout speed.
148: <li>Added "machine sysregs" command to <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> on amd64.
149: <li>Prevented interleaved stack traces in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> from multiple CPUs.
150: <li>Delayed installation of sensors until a device with battery
151: support is connected, allowing <a
152: href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a> to pick up
153: hotplugged <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>
154: devices.
155: <li>Prevented a kernel panic after VFS shutdown.
156: <li>Increased the <a href="https://man.openbsd.org/setitimer.2">setitimer(2)</a> timer limit to UINT_MAX seconds.
157: <li>Serialized the internals of <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> with a mutex.
158: <li>Enabled pool cache on <a href="https://man.openbsd.org/knote.9">knote(9)</a> pool.
159: <li>Fixed <a href="https://man.openbsd.org/futex.2">futex(2)</a>
160: errno handling to match what Mesa expects and prevent failure to
161: properly report timeouts.
162: <li>Fixed a kernel crash in <a href="https://man.openbsd.org/tty.4">tty(4)</a>.
163: <li>Increased the default buffer space on PF_UNIX sockets to 8k and
164: made the values tuneable via <a
165: href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
166: <li>Made <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
167: timer re-addition reset an existing timer to use the new timeout
168: period.
169: <li>In the build system, pass make flags to kernel and lib builds,
170: making hacking on ramdisks/the installer much faster.
171: </ul>
172:
173: <li>SMP Improvements
174: <ul>
175: <li>Made pmap_extract() mpsafe on hppa and amd64.
176: <li>Introduced CPU_IS_RUNNING() and used it in scheduler-related code
177: to prevent waiting on non-running CPUs.
178: <li>Made anonymous object reference counting independent from the KERNEL_LOCK().
179: <li>Unlocked <a href="https://man.openbsd.org/connect.2">connect(2)</a>.
180: <li>Unlocked <a href="https://man.openbsd.org/setrtable.2">setrtable(2)</a>.
181: <li>Introduced per-CPU <a href="https://man.openbsd.org/panic.9">panic(9)</a> message buffers.
182: <li>Used so_lock to protect key management (PF_KEY) sockets.
183: <li>Used so_lock to protect routing (PF_ROUTE) sockets.
184: <li>Unlocked <a href="https://man.openbsd.org/lseek.2">lseek(2)</a>.
185: <li>Unlocked the top part of the fault handler.
186: </ul>
187:
188: <li>Direct Rendering Manager
189: <ul>
190: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
191: to Linux 5.10.65
192: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
193: better support for Tiger Lake
194: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
195: support for Navi 12, Navi 21 "Sienna Cichlid", Arcturus
196: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
197: support for Cezanne "Green Sardine" Ryzen 5000 APU
198: </ul>
199:
200: <li>VMM/VMD improvements
201: <ul>
202: <li>Added a theoretical limit of 512 to the number of allocated vcpus
203: in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
204: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> vcpu locking issues.
205: <li>Added <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> support for variable length vionet rx descriptor chains.
206: <li>Prevented stack overflow in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> due to large DHCP packets on local interfaces.
207: <li>Allowed locking of a randomly assigned lladdr in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
208: <li>Skipped inspecting non-udp packets on local interfaces for <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
209: <li>Prevented guest virtio drivers from causing stack and buffer overflows in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
210: <li>Fixed a race condition in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> relating to incorrect physical cpu tracking.
211: <li>Fixed <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
212: client "wait" state corruption in <a
213: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when a wait is
214: canceled and restarted, allowing multiple waiting clients.
215: <li>Added protections against guests with bad virtio drivers to <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
216: <li>Unlocked the kernel in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> ioctl handlers and introduced vcpu locks
217: </ul>
218:
219: <li>Various new userland features:
220: <ul>
221:
222: <li>Imported <a
223: href="https://man.openbsd.org/timeout.1">timeout(1)</a> utility from
224: NetBSD. timeout(1) can be used to run commands with a time limit.
225: <li>Added include and exclude options to <a
226: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
227: <li>Implemented reporting of supplemental groups in <a
228: href="https://man.openbsd.org/ps.1">ps(1)</a>.
229: <li>Added indication of whether an <a
230: href="https://man.openbsd.org/mg.1">mg(1)</a> function is unsuitable
231: for a startup file.
232: <li>Added "dired-jump" command to <a
233: href="https://man.openbsd.org/mg.1">mg(1)</a> to open a dired buffer
234: containing the current buffer's directory location.
235: </ul>
236:
237: <li>Various bugfixes and tweaks in userland:
238: <ul>
239: <li>Modified <a href="https://man.openbsd.org/doas">doas(1)</a> to
240: retry up to 3 times on password authentication failure.
241: <li>Made all <a href="https://man.openbsd.org/vi.1">vi(1)</a> signal
242: handler functions async-signal-safe.
243: <li>Changed <a href="https://man.openbsd.org/diff.1">diff(1)</a> to
244: consider two files sharing the same inode identical.
245: <li>Allowed <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
246: login when ~/.Xauthority does not exist.
247: <li>Disabled building all of the non-unicode fonts in Xenocara
248: except for ISO8859-1.
249: <li>Altered <a href="https://man.openbsd.org/passwd.1">passwd(1)</a>
250: to use stderr for printer error and informational messages. This
251: allows easier parsing of what passwd(1) is doing if spawned from a
252: GUI.
253: <li>Fixed <a href="https://man.openbsd.org/iostat.8">iostat(8)</a>
254: per-device values when <a
255: href="https://man.openbsd.org/systat.1">systat(1)</a> is in boot time
256: mode ('b'), not normalizing based on the sleep interval.
257: <li>Made <a href="https://man.openbsd.org/jot.1">jot(1)</a> -b, -c and -w mutually exclusive.
258: <li>Made <a href="https://man.openbsd.org/cdio.1">cdio(1)</a> discard
259: the current input line when Ctrl-C is used during line editing and
260: provide a fresh prompt rather than exiting the program.
261: <li>Let <a href="https://man.openbsd.org/el_gets.3">el_gets(3)</a>
262: honour the first Ctrl-C typed by the user rather than
263: ignoring it.
264: <li>Corrected <a href="https://man.openbsd.org/awk.1">awk(1)</a> -F
265: null string behavior to ensure -F '' behaves consistently with -v
266: FS="".
267: <li>Avoided a potential buffer overflow in backslash escaping in <a
268: href="https://man.openbsd.org/awk.1">awk(1)</a>.
269: <li>Disallowed the use of an empty list between "while" and "do" in
270: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
271: <li>Changed <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
272: maximization and full-screen mode toggling to keep the cursor within
273: the window, preventing focus loss.
274: <li>Made <a href="https://man.openbsd.org/rc.8">rc(8)</a> quietly
275: attempt an early mount of /var/log in case someone has created
276: it as a separate filesystem to avoid /var overflow issues.
277: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
278: to retain essential partitions on various platforms.
279: <li>Improved <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
280: for disks with 4K sectors.
281: <li>Cleaned up the <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> MBR/GPT
282: initialization code, making -g independent of -i, leaving four
283: mutually exclusive initialization options (-i, -g, -u and -A) with the
284: last option specified executed (allowing the existing -i -g to work as
285: intended).
286: <li>Relaxed criteria for recognizing GPT formatted media, allowing
287: GPT disk images added with <a href="https://man.openbsd.org/dd.1">dd(1)</a> onto larger physical
288: media to be recognized by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> and the kernel.
289: <li>Added the ability for <a
290: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to recognize
291: "BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL" GPT partitions.
292: <li>Ensured the values for <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
293: -b and -l are treated as 512-byte block counts.
294: <li>Added an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
295: -A option to initialize a GPT without removing special boot
296: partitions.
297: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
298: -b option available to architectures other than amd64 and i386 and extended the
299: syntax to allow specification of the boot partition type and offset.
300: <li>Adjusted density for partitions on a 4k disk in <a
301: href="https://man.openbsd.org/newfs.8">newfs(8)</a> when fragsize and
302: density are not passed on the command line to ensure sufficient inodes
303: to hold a src tree on a 2G fs.
304: <li>Fixed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> generation on sparc64.
305: <li>Fixed overlap check in <a href="https://man.openbsd.org/disklabel.1">disklabel(1)</a>
306: autoalloc code.
307: <li>Corrected various min/max cluster numbers for FAT12/16/32 in <a
308: href="https://man.openbsd.org/newfs_msdos.8">newfs_msdos(8)</a>.
309: <li>Added libexecinfo, a library providing backtrace functions.
310: <li>Updated C library support for character classification
311: to Unicode 13.0.
312: <li>Let <a href="https://man.openbsd.org/wcwidth.3">wcwidth(3)</a>
313: treat all characters in Unicode private use areas
314: as single-width, even those in planes 15 and 16.
315: <li>Limited the <a href="https://man.openbsd.org/printf.1">printf(1)</a> \x escape sequence to two characters.
316: <li>Corrected the output of
317: <a href="https://man.openbsd.org/date.1">date(1)</a> -f %s
318: which was wrongly affected by the local timezone.
319: <li>Turn printing additional information into toggles for <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
320: </ul>
321:
322: <li>Improved hardware support and driver bugfixes, including:
323: <ul>
324: <li>Added a workaround to <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> for machines where the framebuffer size reported by the hardware is incorrect.
325: <li>In <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>, worked around a BIOS bug on Lenovo ThinkPads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
326: <li>Stopped setting the highspeed bit on bcm2835-sdhci <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> controllers, fixing <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> wifi on the Raspberry Pi 3 Model B+.
327: <li>Added support for obtaining sense status and source slot of a media to <a href="https://man.openbsd.org/chio.1">chio(1)</a> and <a href="https://man.openbsd.org/ch.4">ch(4)</a>.
328: <li>Fixed <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> timeouts requesting data from at least one touchpad.
329: <li>Added
330: <a href="https://man.openbsd.org/ucc.4">ucc(4)</a>,
331: a driver for USB HID Consumer Control keyboards.
332: Often used to expose volume, audio and application launch keys.
333: Volume keys are handled by the kernel and all other keys are
334: propagated to X11 and the console through
335: <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>.
336: <li>Set the <a href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a> battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain <a href="https://man.openbsd.org/sensorsd.conf.5">sensorsd.conf(5)</a> actions from triggering inappropriately.
337: <li>Added Tiger Lake LP (INT34C5) support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
338: <li>Fixed a panic at shutdown relating to <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> on the X1 Extreme Gen 1.
339: <li>Fixed a panic reported in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
340: <li>Fixed display of incorrect patterns on LUNA's <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> with 1bpp framebuffer when backspace is typed.
341: <li>Fixed an attachment problem for <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> for certain devices issuing NAK interrupts during split transactions.
342: <li>Added AMD 17h/6xh Root Complex to <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a>.
343: <li>Ensured the TX FIFO isn't overrun for longer transfers in <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>.
344: <li>Added <a href="https://man.openbsd.org/titmp.4">titmp(4)</a>, a driver for the TI TMP451 temperature sensor.
345: <li>Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
346: <li>Attached unsupported video devices to <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> but not <a href="https://man.openbsd.org/video.1">video(1)</a>, rather than leaving it unmatched.
347: <li>Added a -R flag to <a href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> to dump the raw report descriptor bytes.
348: <li>Added hid_get_report_desc_data() to <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> to access raw report descriptor data.
349: <li>Fixed overflows when reading multiple bytes from AML over an i2c bus in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
350: <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
351: <li>Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
352: <li>Added quirk to enable ThinkPad X1 Extreme 1 speakers and Dolby Atmos in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>.
353: <li>Fixed <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> issues with dead touchpads after resume.
354: <li>Fixed an mbuf leak in <a href="https://man.openbsd.org/xnf.4">xnf(4)</a>.
355: </ul>
356:
357: <li>New or improved network hardware support:
358: <ul>
359: <li>Fixed <a href="https://man.openbsd.org/ix.4">ix(4)</a> with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
360: <li>Added the <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> driver for Aquantia AQC111U/AQC112U USB Ethernet devices.
361: <li>Added the <a href="https://man.openbsd.org/aq.4">aq(4)</a> driver to support Aquantia 1/2.5/5/10Gb/s PCIe Ethernet adapters.
362: <li>Synced <a href="https://man.openbsd.org/dwctwo.4">dwctwo(4)</a> with the NetBSD-current code base, enabling the USB on-board Ethernet controller through <a href="https://man.openbsd.org/mue.4">mue(4)</a>, fixing <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>, and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
363: <li>Added <a href="https://man.openbsd.org/cad.4">cad(4)</a>, a driver for Cadence GEM.
364: <li>Added Broadcom BCM5725 to <a href="https://man.openbsd.org/brgphy.4">brgphy(4)</a>.
365: <li>Added support for RTL8168FP/RTL8111FP/RTL8117 to <a href="https://man.openbsd.org/re.4">re(4)</a>.
366: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> after a media link change on RTL8153/B devices.
367: <li>Fixed <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> with a single queue in MSI-X mode.
368: </ul>
369:
370: <li>Added or improved wireless network drivers:
371: <ul>
372: <li>Zeroed out <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx descriptors of frames which is done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
373: <li>Fixed a bug in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
374: <li>Changed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to sleep for 1 second while loading firmware to match what <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> does. This fixes some issues with suspend/resume.
375: <li>Ensured that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> will reload firmware from disk on down/up and not during resume.
376: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> crystal latency values to match those used by Linux iwlwifi.
377: <li>Fixed an off-by-one error in <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
378: <li>Changed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>, and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices to hide detailed firmware error reports by default.
379: <li>Prevented a loop when <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> receives an unsolicited association status event right after successful association.
380: <li>Fixed a leak with <a href="https://man.openbsd.org/wg.4">wg(4)</a> keepalive.
381: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to -63 firmware images as shipped in iwx-firmware-20210512, including fixes addressing fragattacks vulnerabilities.
382: <li>Supported the new <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware session protection command, required for successful associations with new firmware.
383: <li>Stopped asking <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to send probe requests on passive channels, fixing firmware going unresponsive after association.
384: <li>Fixed an <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> edge case where devices failed to resume after system suspend.
385: <li>Switched <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
386: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> against access points using TKIP as the group cipher.
387: <li>Prevented <a href="https://man.openbsd.org/athn.4">athn(4)</a> from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
388: <li>Implemented various fixes addressing firmware errors in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
389: <li>Fixed node leaks in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> which caused the drivers to get stuck when roaming between access points.
390: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware reloading after a failure to parse the firmware file.
391: <li>Avoided "mac clock not ready" panics in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
392: <li>Worked around a problem between certain <a href="https://man.openbsd.org/athn.4">athn(4)</a> hardware running in HostAP mode and clients that use Tx aggregation.
393: <li>Corrected multicast decryption for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
394: <li>Added 802.11n Tx aggregation support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
395: <li>Made <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> keep track of beacon parameters at run-time.
396: <li>Implemented support for Rx aggregation offload in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
397: <li>Changed error reporting for <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
398: </ul>
399:
400: <li>IEEE 802.11 wireless stack improvements and bugfixes:
401: <ul>
402: <li>Drop fragmented 802.11 frames.
403: <li>Prevent frame injection via forged 802.11n A-MSDUs.
404: <li>Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
405: </ul>
406:
407: <li>Generic network stack improvements and bugfixes:
408: <ul>
409: <li>Implemented reception of "VLAN 0 priority tagged" packets.
410: <li>Fixed an alignment fault observed on an octeon machine while <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> negotiated a large MTU.
411: <li>Display provider ID for a <a href="https://man.openbsd.org/umb.4">umb(4)</a> SIM in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
412: </ul>
413:
414: <li>Installer and upgrade improvements:
415: <ul>
416: <li>Checked the installer's /tmp/i/hostname.* files for a configured
417: IP address so that configurations without a broadcast address are
418: detected as well.
419: <li>Handled "inet autoconf" in the ramdisk.
420: <li>Introduced a short wait in <a
421: href="https://man.openbsd.org/rc.8">rc(8)</a> after <a
422: href="https://man.openbsd.org/netstart.8">netstart(8)</a> finishes
423: until an IPv4 or IPv6 default route is present before continuing boot.
424: Fixed setups depending on working network and DNS resolution during
425: early boot when using autoconfiguration (<a
426: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> or <a
427: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>).
428: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
429: always create an EFI SYS partition if the -b option is specified when
430: initializing a GPT.
431: <li>Allowed (w)hole disk allocation for GPT disks in arm64, using <a
432: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A when an Apple
433: APFS ISC partition is detected and fdisk -ig otherwise. Created EFI
434: SYS boot partitions only on ROOTDISK GPT disks.
435: <li>Added <a
436: href="https://man.openbsd.org/installboot.8">installboot(8)</a> "-p"
437: to prepare by creating a new filesystem on the partition reserved for
438: the bootloader on relevant architectures.
439: <li>Added GPT support to <a href="armv7.html">armv7</a> <a
440: href="https://man.openbsd.org/installboot.8">installboot(8)</a>.
441: <li>Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and
442: RAMDISK kernels.
443: <li>Use <a
444: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
445: arm64 ramdisks.
446: <li>Enable <a
447: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> on
448: ramdisks, and activate <a
449: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, replacing <a
450: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
451: <li>Enable <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
452: to configure nameservers on ramdisks.
453: </ul>
454:
455: <li>Security improvements:
456: <ul>
457: <li>Moved objcopy to base set to allow KARL to work on all installs.
458: <li>Added <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
459: calls to xterm in the case where there are no exec-formatted or
460: exec-selected resources set.
461: <li>Changed usage of %n from a syslog warning to syslog and abort for
462: <a href="https://man.openbsd.org/printf.3">printf(3)</a> (and
463: associated variants).
464: <li>Made kernel stop all threads when terminating via pledge_fail().
465: </ul>
466:
467: <li>Routing daemons and other userland network improvements:
468: <ul>
469: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
470: daemon saw the following changes:
471: <ul>
472: <li>Stop processing queued UPDATES when the max-prefix limit was reached.
473: <li>Improved negotiation for route refresh, graceful restart and
474: multi-protocol capabilities
475: <li>Correctly track 'rde evaluate all' and 'export' settings during reload.
476: <li>Properly withdraw prefixes when 'rde evaluate all' is used.
477: <li>Fixed MRT handling on initial startup for message dump types.
478: <li>Fixed and use non-blocking connect for RTR sessions.
479: <li>Fully implemented RFC 6286 by checking for BGP ID collisions.
480: <li>Adjusted the 4-byte AS number handling to RFC 6793 by changing error
481: behaviour from prefix withdraw to attribute discard.
482: <li>In <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print out both the sent "Neighbor capabilities" and the
483: "Negotiated capabilities" for a session.
484: <li>Print timestamps both as a formatted and a pure time in seconds
485: field in various JSON objects.
486: <li>Fixed a bug, where during <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> config reloads prefixes of the
487: wrong address family could leak to peers resulting in session resets.
488: <li>Added support for RFC 7313 - Enhanced Route Refresh.
489: Disabled by default. To enable, use 'announce enhanced refresh yes'.
490: <li>Improved output of Adj-RIB-Out by updating nexthop and ASPATH before
491: adding the prefix to the RIB. This improves `bgpctl show rib out`
492: output.
493: <li>Added command line option to both <a
494: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a
495: href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> to show the
496: version.
497: <li>Added support for RFC 9072 - Extended Optional Parameters Length for
498: BGP OPEN Message
499: <li>Added support for RFC 8050 - MRT Format with BGP Additional Path Extensions
500: <li>Implemented receive side of RFC 7911 - Advertisement of Multiple Paths
501: in BGP. OpenBGPD is currently not able to send multiple paths out.
502: <li>Improved checks of VRPs loaded via RTR or from the roa-set table.
503: <li>Allowed optionally specifying an expiry time for roa-set entries to
504: mitigate BGP route decision making based on outdated RPKI data.
505: OpenBGPD's companion rpki-client(8) produces roa-sets with the
506: new 'expires' property
507: </ul>
508:
509: <li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
510: <ul>
511: <li>Corrected a potential memory leak associated with <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> update requests.
512: <li>Introduced locks around the global <a href="https://man.openbsd.org/pf.4">pf(4)</a> state list.
513: <li>Fixed a panic due to <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> deferral timeout handling.
514: <li>Added support for <a href="https://man.openbsd.org/pf.4">pf(4)</a> divert-to on <a href="https://man.openbsd.org/tpmr.4">tpmr(4)</a> and <a href="https://man.openbsd.org/veb.4">veb(4)</a>.
515: <li>Fixed state key reference underflow when both state keys are identical in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
516: <li>Only skipped <a href="https://man.openbsd.org/pf.4">pf(4)</a> once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
517: </ul>
518:
519: <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
520: <ul>
521: <li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
522: <li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
523: <li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
524: <li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
525: <li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
526: <li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
527: <li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
528: <li>Fixed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
529: </ul>
530:
531: <li><a
532: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
533: received the following new features and bugfixes:
534: <ul>
535: <li>Added keep-alive support to the HTTP client code for RRDP.
536: <li>Reference-count and delete unused files synced via RRDP, as far as
537: possible.
538: <li>In the JSON output, changed the AS Number from a string ("AS123") to
539: an integer ("123") to make processing of the output easier.
540: <li>Added an 'expires' column to CSV & JSON output, based on certificate
541: and CRL validity times. The 'expires' value can be used to avoid route
542: selection based on stale data when generating VRP sets, when faced
543: with loss of communication between consumer and validator, or
544: validator and CA repository.
545: <li>Made the runtime timeout (-s option) also trigger in
546: child processes.
547: <li>Improved RRDP support and make RRDP the default protocol for
548: synchronizing the RPKI repository data, with <a
549: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> used as secondary.
550: <li>At startup, warn if the filesystem containing the cache directory
551: is probably too small.
552: <li>Handle running out of disk space more gracefully, including cleanup
553: of temporary and old files before exiting.
554: <li>Improved the HTTP/1.1 request headers being sent.
555: <li>Improved validation checks for ROA and MFT objects.
556: <li>Improved the HTTP client code (status code handling, http proxy
557: support, keep-alive).
558: <li>In RRDP, do not access URI with userinfo (@-sign)
559: <li>Improved RRDP syncing by considering a notification file serial
560: jumping backwards as synced repository.
561: <li>Made -R (rsync only) also apply to the fetching of TA files.
562: <li>Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others.
563: <li>When producing output for <a
564: href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, make use of the
565: 'roa-set expires' attribute to prevent machines from loading outdated
566: roa-sets.
567: <li>In RRDP, limited the number of deltas to 300 per repo. If more deltas
568: exist, downloading a full snapshot is faster.
569: <li>Limited the validation depth of X.509 certificate chains to 12, double
570: the current depth seen in RPKI.
571: </ul>
572:
573: <li><a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a> was improved:
574: <ul>
575: <li>Probe packets are now sent in quick succession and responses handled asynchronously.</li>
576: <li>DNS lookups are performed asynchronously.
577: This speeds up the time required to display results considerably.
578: </ul>
579:
580: <li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> was made
581: the default program for configuring IPv4 addresses via DHCP. <a
582: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> was activated
583: to handle concurrent changes to <a
584: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> by
585: both dhcpleased(8) and <a
586: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.<br>
587: Additionally these programs saw the following improvements and bugfixes:
588: <ul>
589: <li>Changed <a
590: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> client
591: identifier transmission to match other DHCP client implementations.
592: <li>Simplified <a
593: href="https://man.openbsd.org/dhcpleasectl.8">dhcpleasectl(8)</a> and
594: added syntax to match <a
595: href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> (interface),
596: allowing one to be aliased to the other.
597: <li>Retried broadcast with <a
598: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
599: DHCP server is unreachable via unicast UDP.
600: <li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
601: accept DNS proposals for the loopback addresses.
602: <li>Added to <a
603: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>
604: the ability to ignore routes or nameservers from a lease and to ignore
605: servers entirely.
606: <li>Made <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
607: defer to <a
608: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when the
609: inet autoconf flag is set. When run, dhclient will signal dhcpleased
610: to request a new lease rather than requesting one itself.
611: <li>Fixed potential races in <a
612: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
613: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> when two
614: processes are configuring the same IP.
615: <li>Added the possibility to send vendor class identifier and client
616: identifier using <a
617: href="https://man.openbsd.org/dhcpleased.conf.5">dhcpleased.conf(5)</a>.
618: <li>Made <a
619: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> always
620: configure provided routes, regardless of whether the address received
621: in the lease is already configured.
622: <li>Used exclusive locks under /dev/ to ensure single instances of <a
623: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a
624: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
625: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
626: <li>Implemented classless static routes DHCP option in <a
627: href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
628: <li>Added a new "nameserver" command to <a
629: href="https://man.openbsd.org/route.8">route(8)</a>, sending
630: nameserver proposals to <a
631: href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> using the DNS
632: proposal protocol over the route socket. This command is intended be
633: used to integrate userland triggered nameserver changes, for example
634: by VPN software.
635: </ul>
636:
637: <li>Changes to snmp related tools:
638: <ul>
639: <li>Disable SNMPv1 and SNMPv2c by default in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
640: <li>Remove default communities from <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
641: <li>Switched default seclevel to enc for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
642: <li>Changed the default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> version to -v3 and removed the default community.
643: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> auth to hmac-sha1.
644: <li>Switched default <a href="https://man.openbsd.org/snmp.1">snmp(1)</a> and <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> privacy protocol to AES.
645: <li>Added the ability for <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> to send SNMPv3 traps.
646: <li>Allowed "any" to be used as a listen on address in <a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
647: <li>Allowed setting of the engineid in <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
648: </ul>
649:
650: <li>Other userland network changes:
651: <ul>
652: <li>Fixed <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> SAN generation for CSRs.
653: <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> for <a href="https://man.openbsd.org/ftpd.8">ftpd(8)</a> user processes.
654: <li>Allowed router solicitations from the unspecified address (::) in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
655: <li>Altered <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a> so it no longer sends debug logging to syslog unless debug logging is requested via the new -v flag.
656: <li>Prevented <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> from trying to chunk encode an empty http body coming from an fcgi upstream.
657: <li>Used relative reference URIs in Location header on directory redirects in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
658: <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> WireGuard printer.
659: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
660: <li>Added simple BGP enhanced route refresh message decoding to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
661: </ul>
662: </ul>
663:
664: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
665: <ul>
666: <li>Added a -B flag to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
667: <li>Added pipe variants of the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> line copy commands.
668: <li>Added basic support for zero width joiners to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
669: <li>Added client focus hooks to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
670: <li>Made window-linked and window-unlinked window options in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
671: <li>Added -F for <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command-prompt and used it to fix "Rename" on the window menu.
672: <li>Added different <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> command histories for different types of prompts.
673: <li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with xterm in VT340 mode.
674: <li>Added an "always" value to the extended-keys option to always forward those keys to applications inside <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
675: </ul>
676:
677: <li>OpenSMTPD 7.0.0
678: <ul>
679: <li>Fixed incorrect status code for expired mails resulting in a misleading bounce report in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
680: <li>Added TLS options cafile=(path), nosni, noverify and servername=(name) to <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
681: <li>Allowed specification of TLS ciphers and protocols in <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>.
682: </ul>
683:
684: <li>LibreSSL 3.4.1
685: <ul>
686: <li>New Features
687: <ul>
688: <li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li>
689: <li>Enabled the new X.509 validator to allow verification of modern certificate chains.
690: </ul>
691:
692: <li>Portable Improvements
693: <ul>
694: <li>Ported continuous integration and test infrastructure to Github actions.</li>
695: <li>Added Universal Windows Platform (UWP) build support.</li>
696: <li>Fixed mingw-w64 builds on newer versions with missing SSP support.</li>
697: <li>Added non-executable stack annotations for CMake builds.</li>
698: </ul>
699:
700: <li>API and Documentation Enhancements
701: <ul>
702: <li>Added the following APIs from OpenSSL
703: <ul>
704: <li>BN_bn2binpad</li>
705: <li>BN_bn2lebinpad</li>
706: <li>BN_lebin2bn</li>
707: <li>EC_GROUP_get_curve</li>
708: <li>EC_GROUP_order_bits</li>
709: <li>EC_GROUP_set_curve</li>
710: <li>EC_POINT_get_affine_coordinates</li>
711: <li>EC_POINT_set_affine_coordinates</li>
712: <li>EC_POINT_set_compressed_coordinates</li>
713: <li>EVP_DigestSign</li>
714: <li>EVP_DigestVerify</li>
715: <li>SSL_CIPHER_find</li>
716: <li>SSL_CTX_get0_privatekey</li>
717: <li>SSL_CTX_get_max_early_data</li>
718: <li>SSL_CTX_get_ssl_method</li>
719: <li>SSL_CTX_set_ciphersuites</li>
720: <li>SSL_CTX_set_max_early_data</li>
721: <li>SSL_CTX_set_post_handshake_auth</li>
722: <li>SSL_SESSION_get0_cipher</li>
723: <li>SSL_SESSION_get_max_early_data</li>
724: <li>SSL_SESSION_is_resumable</li>
725: <li>SSL_SESSION_set_max_early_data</li>
726: <li>SSL_get_early_data_status</li>
727: <li>SSL_get_max_early_data</li>
728: <li>SSL_read_early_data</li>
729: <li>SSL_set0_rbio</li>
730: <li>SSL_set_ciphersuites</li>
731: <li>SSL_set_max_early_data</li>
732: <li>SSL_set_post_handshake_auth</li>
733: <li>SSL_set_psk_use_session_callback</li>
734: <li>SSL_verify_client_post_handshake</li>
735: <li>SSL_write_early_data</li>
736: </ul>
737: <li>Added AES-GCM constants from RFC 7714 for SRTP.</li>
738: </ul>
739:
740: <li>Compatibility Changes
741: <ul>
742: <li>Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.</li>
743: <li>Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay.</li>
744: <li>Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.</li>
745: <li>Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.</li>
746: </ul>
747:
748: <li>Testing and Proactive Security
749: <ul>
750: <li>Added additional state machine test coverage.</li>
751: <li>Improved integration test support with ruby/openssl tests.</li>
752: <li>Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests.</li>
753: </ul>
754:
755: <li>Internal Improvements
756: <ul>
757: <li>Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes
758: and callback support compatible with the legacy OpenSSL validator.
759: </ul>
760: </ul>
761:
762: <li>OpenSSH 8.8
763: <ul>
764: <li>Security
765: <ul>
766: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: OpenSSH
767: 8.5 introduced the LogVerbose keyword. When this option was
768: enabled with a set of patterns that activated logging in code
769: that runs in the low-privilege sandboxed sshd process, the log
770: messages were constructed in such a way that printf(3) format
771: strings could effectively be specified the low-privilege code.
772: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a> from
773: OpenSSH 6.2 through 8.7 failed to correctly initialise
774: supplemental groups when executing an AuthorizedKeysCommand or
775: AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser
776: or AuthorizedPrincipalsCommandUser directive has been set to
777: run the command as a different user.
778: </ul>
779: <li>Potentially incompatible changes
780: <ul>
781: <li>A near-future release of OpenSSH will switch <a
782: href='https://man.openbsd.org/scp.1'>scp(1)</a> from using
783: the legacy scp/rcp protocol to using SFTP by default.
784: <li>This release disables RSA signatures using the SHA-1 hash
785: algorithm by default.
786: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: this
787: release changes the behaviour of remote to remote copies
788: (e.g. "scp host-a:/path host-b:") to transfer through the
789: local host by default. This was previously available via the
790: -3 flag. This mode avoids the need to expose credentials on
791: the origin hop, avoids triplicate interpretation of filenames
792: by the shell (by the local system, the copy origin and the
793: destination) and, in conjunction with the SFTP support for
794: <a href='https://man.openbsd.org/scp.1'>scp(1)</a> mentioned
795: below, allows use of all authentication methods to the remote
796: hosts (previously, only non-interactive methods could be
797: used). A -R flag has been added to select the old behaviour.
798: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/<a
799: href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: both the
800: client and server are now using a stricter configuration file
801: parser. The new parser uses more shell-like rules for quotes,
802: space and escape characters. It is also more strict in
803: rejecting configurations that include options lacking
804: arguments. Previously some options (e.g. DenyUsers) could
805: appear on a line with no subsequent arguments. This release
806: will reject such configurations. The new parser will also
807: reject configurations with unterminated quotes and multiple
808: '=' characters after the option name.
809: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: when using
810: SSHFP DNS records for host key verification, <a
811: href='https://man.openbsd.org/ssh.1'>ssh(1)</a> will verify
812: all matching records instead of just those with the specific
813: signature type requested. This may cause host key verification
814: problems if stale SSHFP records of a different or legacy
815: signature type exist alongside other records for a particular
816: host.
817: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
818: when generating a FIDO key and specifying an explicit
819: attestation challenge (using -Ochallenge), the challenge will
820: now be hashed by the builtin security key middleware. This
821: removes the (undocumented) requirement that challenges be
822: exactly 32 bytes in length and matches the expectations of
823: libfido2.
824: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>:
825: environment="..." directives in authorized_keys files are now
826: first-match-wins and limited to 1024 discrete environment
827: variable names.
828: </ul>
829:
830: <li>New features
831: <ul>
832: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>:
833: experimental support for transfers using the SFTP protocol as
834: a replacement for the venerable SCP/RCP protocol that it has
835: traditionally used. SFTP offers more predictable filename
836: handling and does not require expansion of glob(3) patterns
837: via the shell on the remote side.
838: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
839: add a protocol extension to support expansion of ~/ and ~user/
840: prefixed paths. This was added to support these paths when
841: used by <a href='https://man.openbsd.org/scp.1'>scp(1)</a>
842: while in SFTP mode.
843: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
844: ForkAfterAuthentication
845: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
846: counterpart to the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> -f flag.
847: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
848: StdinNull directive to
849: <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
850: that allows the config file to do the same thing as -n does on
851: the <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
852: command- line.
853: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
854: SessionType directive to ssh_config, allowing the
855: configuration file to offer equivalent control to the -N (no
856: session) and -s (subsystem) command-line flags.
857: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
858: allowed signers files used by
859: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
860: signatures now support listing key validity intervals
861: alongside the keys, and
862: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>
863: can optionally check during signature verification whether a
864: specified time falls inside this interval. This feature is
865: intended for use by git to support signing and verifying
866: objects using ssh keys.
867: <li><a href='https://man.openbsd.org/ssh-keygen.8'>ssh-keygen(8)</a>:
868: support printing of the full public key in a sshsig signature
869: via a -Oprint-pubkey flag.
870: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow the
871: <a
872: href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a>
873: CanonicalizePermittedCNAMEs directive to accept a "none"
874: argument to specify the default behaviour.
875: </ul>
876:
877: <li>Bugfixes
878: <ul>
879: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
880: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: start
881: time-based re-keying exactly on schedule in the client and
882: server mainloops. Previously the re-key timeout could expire
883: but re-keying would not start until a packet was sent or
884: received, causing a spin in select() if the connection was
885: quiescent.
886: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
887: avoid Y2038 problem in printing certificate validity
888: lifetimes. Dates past 2^31-1 seconds since epoch were
889: displayed incorrectly on some platforms.
890: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: allow
891: spaces to appear in usernames for local to remote and scp -3
892: remote to remote copies.
893: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
894: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: remove
895: references to ChallengeResponseAuthentication in favour of
896: KbdInteractiveAuthentication. The former is what was in SSHv1,
897: the latter is what is in SSHv2 (<a href='https://tools.ietf.org/html/rfc4256'>RFC4256</a>)
898: and they were treated as somewhat but not entirely equivalent. We
899: retain the old name as a deprecated alias so configuration
900: files continue to work as well as a reference in the man page
901: for people looking for it.
902: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
903: <a href='https://man.openbsd.org/ssh-add.1'>ssh-add(1)</a>/
904: <a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
905: fix decoding of X.509 subject name when extracting a key from
906: a PKCS#11 certificate.
907: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: restore
908: blocking status on stdio fds before close.
909: <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> needs file
910: descriptors in non-blocking mode to operate but it was not
911: restoring the original state on exit. This could cause
912: problems with fds shared with other programs via the shell.
913: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>/
914: <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: switch both
915: client and server mainloops from select(3) to
916: pselect(3). Avoids race conditions where a signal may arrive
917: immediately before select(3) and not be processed until an
918: event fires.
919: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: sessions
920: started with ControlPersist were incorrectly executing a shell
921: when the -N (no shell) option was specified.
922: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: check if
923: IPQoS or TunnelDevice are already set before
924: overriding. Prevents values in config files from overriding
925: values supplied on the command line.
926: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix debug
927: message when finding a private key to match a certificate
928: being attempted for user authentication. Previously it would
929: print the certificate's path, whereas it was supposed to be
930: showing the private key's path.
931: <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: match
932: host certificates against host public keys, not private
933: keys. Allows use of certificates with private keys held in a
934: ssh-agent.
935: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: add a
936: workaround for a bug in OpenSSH 7.4 <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>,
937: which allows RSA/SHA2 signatures for public key authentication but
938: fails to advertise this correctly via SSH2_MSG_EXT_INFO. This
939: causes clients of these server to incorrectly match
940: PubkeyAcceptedAlgorithms and potentially refuse to offer
941: valid keys.
942: <li><a href='https://man.openbsd.org/sftp.1'>sftp(1)</a>/
943: <a href='https://man.openbsd.org/scp.1'>scp(1)</a>: degrade
944: gracefully if a sftp-server offers the limits@openssh.com
945: extension but fails when the client tries to invoke it.
946: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: allow
947: ssh_config SetEnv to override $TERM, which is otherwise
948: handled specially by the protocol. Useful in ~/.ssh/config to
949: set TERM to something generic (e.g. "xterm" instead of
950: "xterm-256color") for destinations that lack terminfo entries.
951: <li><a href='https://man.openbsd.org/sftp-server.8'>sftp-server(8)</a>:
952: the limits@openssh.com extension was incorrectly marked as an
953: operation that writes to the filesystem, which made it
954: unavailable in sftp-server read-only mode.
955: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix SEGV
956: in UpdateHostkeys debug() message, triggered when the update
957: removed more host keys than remained present.
958: <li><a href='https://man.openbsd.org/scp.1'>scp(1)</a>: when using
959: the SFTP protocol, continue transferring files after a
960: transfer error occurs, better matching original scp/rcp
961: behaviour.
962: <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fixed a
963: number of memory leaks in multiplexing,
964: <li><a href='https://man.openbsd.org/ssh-keygen.1'>ssh-keygen(1)</a>:
965: avoid crash when using the -Y find-principals command.
966: <li>A number of documentation and manual improvements.
967: </ul>
968: </ul>
969:
970: <li>mandoc 1.14.6
971: <ul>
972: <li>Added a style message about overlong text input lines.
973: <li>Made "-W style" check .Xr links along the full manpath
974: to help validation of non-base manual pages.
975: <li>Supported auto-tagging for ".It Va" in
976: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> documents.
977: <li>Stopped printing two extra blank lines at the top and bottom of
978: <a href="https://man.openbsd.org/man.7">man(7)</a> documents.
979: <li>Supported the CB and CI fonts in
980: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
981: \f font escapes and .ft font requests.
982: <li>Added support for two-character font names (BI, CW, CR, CB, CI)
983: to the <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
984: layout font modifier.
985: <li>Implemented the
986: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
987: layout modifiers "b" (bold) and "i" (italic)
988: in HTML output mode.
989: <li>Completed support for the "nospaces" option in the
990: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser.
991: <li>Fixed an infinite loop in the
992: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser
993: for some cases of horizontally overlapping horizontal spans.
994: <li>Added a meta viewport element to "-T html" output.
995: <li>Fixed a crash with "-T man" when an input file contains
996: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> or
997: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a> input.
998: <li>Fixed a crash in <a
999: href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>
1000: when a manpath directory contains a symbolic link
1001: that points to a directory.
1002: </ul>
1003:
1004: replace all above
1005: -->
1006:
1007: <li>Ports and packages:
1008: <p>Many pre-built packages for each architecture:
1009: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1010: <ul style="column-count: 3">
1011: <li>aarch64: XXXX
1012: <li>amd64: XXXX
1013: <li>arm: XXXX
1014: <li>i386: XXXX
1015: <li>mips64: XXXX
1016: <li>powerpc: XXXX
1017: <li>powerpc64: XXXX
1018: <li>riscv64: XXXX
1019: <li>sparc64: XXXX
1020: </ul>
1021:
1022: <!-- update these
1023: <p>Some highlights:
1024: <ul style="column-count: 3">
1025: <li>Asterisk 18.6.0
1026: <li>Audacity 2.4.2
1027: <li>CMake 3.20.3
1028: <li>Chromium 93.0.4577.82
1029: <li>Emacs 27.2
1030: <li>FFmpeg 4.4
1031: <li>GCC 8.4.0 and 11.2.0
1032: <li>GHC 8.10.6
1033: <li>GNOME 40.4
1034: <li>Go 1.17
1035: <li>JDK 8u302, 11.0.12 and 16.0.2
1036: <li>KDE Applications 21.08.1
1037: <li>KDE Frameworks 5.85.0
1038: <li>Krita 4.4.8
1039: <li>LLVM/Clang 11.1.0
1040: <li>LibreOffice 7.2.1.2
1041: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1042: <li>MariaDB 10.6.4
1043: <li>Mono 6.12.0.122
1044: <li>Mozilla Firefox 92.0 and ESR 91.1.0
1045: <li>Mozilla Thunderbird 91.1.1
1046: <li>Mutt 2.1.3 and NeoMutt 20210205
1047: <li>Node.js 12.22.6
1048: <li>OCaml 4.10.0
1049: <li>OpenLDAP 2.4.59
1050: <li>PHP 7.3.30, 7.4.23 and 8.0.10
1051: <li>Postfix 3.5.12
1052: <li>PostgreSQL 13.4
1053: <li>Python 2.7.18, 3.8.12 and 3.9.7
1054: <li>Qt 5.15.2 and 6.0.4
1055: <li>R 4.1.1
1056: <li>Ruby 2.6.8, 2.7.4 and 3.0.2
1057: <li>Rust 1.55.0
1058: <li>SQLite 3.35.5
1059: <li>Shotcut 21.01.29
1060: <li>Sudo 1.9.7p2
1061: <li>Suricata 6.0.2
1062: <li>Tcl/Tk 8.5.19 and 8.6.8
1063: <li>TeX Live 2020
1064: <li>Vim 8.2.3394 and Neovim 0.5.0
1065: <li>Xfce 4.16
1066: </ul>
1067: <p>
1068:
1069: <li>As usual, steady improvements in manual pages and other documentation.
1070:
1071: <li>The system includes the following major components from outside suppliers:
1072: <ul>
1073: <li>Xenocara (based on X.Org 7.7 with xserver 1.20.13 + patches,
1074: freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367,
1075: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1076: <li>LLVM/Clang 11.1.0 (+ patches)
1077: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1078: <li>Perl 5.32.1 (+ patches)
1079: <li>NSD 4.3.7
1080: <li>Unbound 1.13.2
1081: <li>Ncurses 5.7
1082: <li>Binutils 2.17 (+ patches)
1083: <li>Gdb 6.3 (+ patches)
1084: <li>Awk December 18, 2020 version
1085: <li>Expat 2.4.1
1086: </ul>
1087:
1088: end uf updates-->
1089:
1090: </ul>
1091: </section>
1092:
1093: <hr>
1094:
1095: <section id=install>
1096: <h3>How to install</h3>
1097: <p>
1098: Please refer to the following files on the mirror site for
1099: extensive details on how to install OpenBSD 7.1 on your machine:
1100:
1101: <ul>
1102: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
1103: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
1104: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
1105: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
1106: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
1107: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
1108: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
1109: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
1110: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
1111: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
1112: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
1113: .../OpenBSD/7.1/i386/INSTALL.i386</a>
1114: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
1115: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
1116: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
1117: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
1118: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
1119: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
1120: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
1121: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
1122: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
1123: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
1124: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
1125: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
1126: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
1127: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
1128: </ul>
1129: </section>
1130:
1131: <hr>
1132:
1133: <section id=quickinstall>
1134: <p>
1135: Quick installer information for people familiar with OpenBSD, and the use of
1136: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1137: If you are at all confused when installing OpenBSD, read the relevant
1138: INSTALL.* file as listed above!
1139:
1140: <h3>OpenBSD/alpha:</h3>
1141:
1142: <p>
1143: If your machine can boot from CD, you can write <i>install71.iso</i> or
1144: <i>cd71.iso</i> to a CD and boot from it.
1145: Refer to INSTALL.alpha for more details.
1146:
1147: <h3>OpenBSD/amd64:</h3>
1148:
1149: <p>
1150: If your machine can boot from CD, you can write <i>install71.iso</i> or
1151: <i>cd71.iso</i> to a CD and boot from it.
1152: You may need to adjust your BIOS options first.
1153:
1154: <p>
1155: If your machine can boot from USB, you can write <i>install71.img</i> or
1156: <i>miniroot71.img</i> to a USB stick and boot from it.
1157:
1158: <p>
1159: If you can't boot from a CD, floppy disk, or USB,
1160: you can install across the network using PXE as described in the included
1161: INSTALL.amd64 document.
1162:
1163: <p>
1164: If you are planning to dual boot OpenBSD with another OS, you will need to
1165: read INSTALL.amd64.
1166:
1167: <h3>OpenBSD/arm64:</h3>
1168:
1169: <p>
1170: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
1171: after connecting to the serial console. Refer to INSTALL.arm64 for more
1172: details.
1173:
1174: <h3>OpenBSD/armv7:</h3>
1175:
1176: <p>
1177: Write a system specific miniroot to an SD card and boot from it after connecting
1178: to the serial console. Refer to INSTALL.armv7 for more details.
1179:
1180: <h3>OpenBSD/hppa:</h3>
1181:
1182: <p>
1183: Boot over the network by following the instructions in INSTALL.hppa or the
1184: <a href="hppa.html#install">hppa platform page</a>.
1185:
1186: <h3>OpenBSD/i386:</h3>
1187:
1188: <p>
1189: If your machine can boot from CD, you can write <i>install71.iso</i> or
1190: <i>cd71.iso</i> to a CD and boot from it.
1191: You may need to adjust your BIOS options first.
1192:
1193: <p>
1194: If your machine can boot from USB, you can write <i>install71.img</i> or
1195: <i>miniroot71.img</i> to a USB stick and boot from it.
1196:
1197: <p>
1198: If you can't boot from a CD, floppy disk, or USB,
1199: you can install across the network using PXE as described in
1200: the included INSTALL.i386 document.
1201:
1202: <p>
1203: If you are planning on dual booting OpenBSD with another OS, you will need to
1204: read INSTALL.i386.
1205:
1206: <h3>OpenBSD/landisk:</h3>
1207:
1208: <p>
1209: Write <i>miniroot71.img</i> to the start of the CF
1210: or disk, and boot normally.
1211:
1212: <h3>OpenBSD/luna88k:</h3>
1213:
1214: <p>
1215: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1216: from the PROM, and then bsd.rd from the bootloader.
1217: Refer to the instructions in INSTALL.luna88k for more details.
1218:
1219: <h3>OpenBSD/macppc:</h3>
1220:
1221: <p>
1222: Burn the image from a mirror site to a CDROM, and power on your machine
1223: while holding down the <i>C</i> key until the display turns on and
1224: shows <i>OpenBSD/macppc boot</i>.
1225:
1226: <p>
1227: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1228: /7.1/macppc/bsd.rd</i>
1229:
1230: <h3>OpenBSD/octeon:</h3>
1231:
1232: <p>
1233: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1234: Refer to the instructions in INSTALL.octeon for more details.
1235:
1236: <h3>OpenBSD/powerpc64:</h3>
1237:
1238: <p>
1239: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1240: USB stick, plug it into the machine and choose the <i>OpenBSD
1241: install</i> menu item in Petitboot.
1242: Refer to the instructions in INSTALL.powerpc64 for more details.
1243:
1244: <h3>OpenBSD/riscv64:</h3>
1245:
1246: <p>
1247: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1248: USB stick, and boot with that drive plugged in.
1249: Make sure you also have the microSD card plugged in that shipped with the
1250: HiFive Unmatched board.
1251: Refer to the instructions in INSTALL.riscv64 for more details.
1252:
1253: <h3>OpenBSD/sparc64:</h3>
1254:
1255: <p>
1256: Burn the image from a mirror site to a CDROM, boot from it, and type
1257: <i>boot cdrom</i>.
1258:
1259: <p>
1260: If this doesn't work, or if you don't have a CDROM drive, you can write
1261: <i>floppy71.img</i> or <i>floppyB71.img</i>
1262: (depending on your machine) to a floppy and boot it with <i>boot
1263: floppy</i>. Refer to INSTALL.sparc64 for details.
1264:
1265: <p>
1266: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1267: will most likely fail.
1268:
1269: <p>
1270: You can also write <i>miniroot71.img</i> to the swap partition on
1271: the disk and boot with <i>boot disk:b</i>.
1272:
1273: <p>
1274: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1275: </section>
1276:
1277: <hr>
1278:
1279: <section id=upgrade>
1280: <h3>How to upgrade</h3>
1281: <p>
1282: If you already have an OpenBSD 7.1 system, and do not want to reinstall,
1283: upgrade instructions and advice can be found in the
1284: <a href="faq/upgrade71.html">Upgrade Guide</a>.
1285: </section>
1286:
1287: <hr>
1288:
1289: <section id=sourcecode>
1290: <h3>Notes about the source code</h3>
1291: <p>
1292: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1293: This file contains everything you need except for the kernel sources,
1294: which are in a separate archive.
1295: To extract:
1296: <blockquote><pre>
1297: # <kbd>mkdir -p /usr/src</kbd>
1298: # <kbd>cd /usr/src</kbd>
1299: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1300: </pre></blockquote>
1301: <p>
1302: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1303: This file contains all the kernel sources you need to rebuild kernels.
1304: To extract:
1305: <blockquote><pre>
1306: # <kbd>mkdir -p /usr/src/sys</kbd>
1307: # <kbd>cd /usr/src</kbd>
1308: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1309: </pre></blockquote>
1310: <p>
1311: Both of these trees are a regular CVS checkout. Using these trees it
1312: is possible to get a head-start on using the anoncvs servers as
1313: described <a href="anoncvs.html">here</a>.
1314: Using these files
1315: results in a much faster initial CVS update than you could expect from
1316: a fresh checkout of the full OpenBSD source tree.
1317: </section>
1318:
1319: <hr>
1320:
1321: <section id=ports>
1322: <h3>Ports Tree</h3>
1323: <p>
1324: A ports tree archive is also provided. To extract:
1325: <blockquote><pre>
1326: # <kbd>cd /usr</kbd>
1327: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1328: </pre></blockquote>
1329: <p>
1330: Go read the <a href="faq/ports/index.html">ports</a> page
1331: if you know nothing about ports
1332: at this point. This text is not a manual of how to use ports.
1333: Rather, it is a set of notes meant to kickstart the user on the
1334: OpenBSD ports system.
1335: <p>
1336: The <i>ports/</i> directory represents a CVS checkout of our ports.
1337: As with our complete source tree, our ports tree is available via
1338: <a href="anoncvs.html">AnonCVS</a>.
1339: So, in order to keep up to date with the -stable branch, you must make
1340: the <i>ports/</i> tree available on a read-write medium and update the tree
1341: with a command like:
1342: <blockquote><pre>
1343: # <kbd>cd /usr/ports</kbd>
1344: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1345: </pre></blockquote>
1346: <p>
1347: [Of course, you must replace the server name here with a nearby anoncvs
1348: server.]
1349: <p>
1350: Note that most ports are available as packages on our mirrors. Updated
1351: ports for the 7.1 release will be made available if problems arise.
1352: <p>
1353: If you're interested in seeing a port added, would like to help out, or just
1354: would like to know more, the mailing list
1355: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1356: </section>