Annotation of www/71.html, Revision 1.24
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
1.24 ! benno 3: <head>
1.1 deraadt 4: <meta charset=utf-8>
5:
6: <title>OpenBSD 7.1</title>
7: <meta name="description" content="OpenBSD 7.1">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/71.html">
1.24 ! benno 11: </head><body>
1.1 deraadt 12: <h2 id=OpenBSD>
13: <a href="index.html">
14: <i>Open</i><b>BSD</b></a>
15: 7.1
16: </h2>
17:
18: <table>
19: <tr>
20: <td>
21: <a href="images/xxx.png">
22: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
23: <td>
1.6 tj 24: Released May ?, 2022. (52nd OpenBSD release)<br>
1.1 deraadt 25: Copyright 1997-2022, Theo de Raadt.<br>
26: <br>
1.3 job 27: Artwork by Luc Houweling.
1.1 deraadt 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus71.html">detailed log of changes</a> between the
37: 7.0 and 7.1 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-71-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
47: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
48: <tr><td>
49: openbsd-71-fw.pub:
50: <td>
51: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
52: <tr><td>
53: openbsd-71-pkg.pub:
54: <td>
55: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
56: <tr><td>
57: openbsd-71-syspatch.pub:
58: <td>
59: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 7.1.
74: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
75: to 7.1.
76:
77: <ul>
78:
79: <li>New/extended platforms:
80: <ul>
1.16 benno 81: <li>Support for Apple Silicon Macs has improved and is ready for general use:
1.1 deraadt 82: <ul>
1.10 benno 83: <li>Added <a href="https://man.openbsd.org/aplspi.4">aplspi(4)</a>, a driver for the SPI controller found on the Apple M1 SoC.
84: <li>Added <a href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a> support for the keyboard/touchpad on Apple M1 laptops.
1.11 benno 85: <li>Introduced <a href="https://man.openbsd.org/aplpmgr.4">aplpmgr(4)</a>, a driver for the power management controller found on various Apple SoCs.
86: <li>Introduced <a href="https://man.openbsd.org/aplmbox.4">aplmbox(4)</a>, a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs.
87: <li>Introduced <a href="https://man.openbsd.org/apliic.4">apliic(4)</a>, a driver for the I2C controller found on various Apple SoCs.
88: <li>Added the chip ids used on Apple M1 Pro/Max and Apple T2 Macs to <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
89: <li>Rewrote arm64 kernel FPU handling code to fix the random crashes seen with SMP kernels on Apple M1.
90: <li>Restricted the <a href="https://man.openbsd.org/pci.4">pci(4)</a> ioctl interface to devices detected by the kernel, preventing Xorg PCI probes from breaking the WiFi chip on M1 macs.
91: <li>Introduced <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>, a driver for the SMC found on Apple M1 SoCs.
92: <li>Introduced <a href="https://man.openbsd.org/aplnco.4">aplnco(4)</a>, a driver for the Numerically-controlled oscillator (NCO) clock which drives the audio clocks on Apple silicon.
93: <li>Introduced <a href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>, a driver for the TI TAS2770/TAS5770 digital audio amplifier codec found on Apple M1 Macs.
1.14 benno 94: <li>Introduced <a href="https://man.openbsd.org/apldma.4">apldma(4)</a>, a driver for the DMA controller found on Apple SoCs.
1.15 benno 95: <li>Added support to explicitly power on some PCIe devices on the M1 and M1 Pro/Max through a GPIO controlled by the SMC.
96: <li>Added <a href="https://man.openbsd.org/aplcpu.4">aplcpu(4)</a>, a driver to control the CPU performance levels on Apple SoCs.
97: <li>Modified <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> to support a newer interrupt controller, making OpenBSD run on M1 Pro/Max machines.
98: <li>Added nvmem support to <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a> and made it available on Apple SPMI PMUs.
99: <li>Added RTC support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
100: <li>Made the arm64 ramdisk installer fetch <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> firmware from the EFI System Partition on Apple Silicon devices for use during installation and addition to the newly installed system.
101: <li>Added support for controlling keyboard LEDs to <a
102: href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a>.
103: <li>Added basic GPIO support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
104: <li>Ensured <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> keeps the DART enabled in front of the display controller to preserve its access to the framebuffer and continued display.
105: <li>Fixed reading motherboard time on Apple machines with old SMC firmware.
106: <li>Implemented reboot/powerdown support in <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
107: <li>Implemented <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> support for multiple dies, making OpenBSD work on the M1 Ultra.
1.16 benno 108: </ul>
109: <li>Support for other <a href="arm64.html">arm64</a> architecture hardware was also improved with the following changes:
110: <ul>
1.23 benno 111: <li>Implemented powerdown in arm64.
1.10 benno 112: <li>Introduced <a
113: href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
114: driver providing support for battery chargers connected to GPIO pins,
115: such as those found on the Pinebook Pro.
116: <li>Introduced <a
117: href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
118: driver providing support for LEDs connected to GPIO pins, such as
119: those found on the Pinebook Pro.
120: <li>Added <a href="https://man.openbsd.org/gpiokeys.4">gpiokeys(4)</a>
121: for arm64, a driver which handles events triggered by GPIO keys such
122: as lid status and power button.
1.11 benno 123: <li>Added pclk clock used by <a
124: href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> on RK3399 to <a
125: href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.23 benno 126: <li>Introduced <a
127: href="https://man.openbsd.org/mpfclock.4">mpfclock(4)</a>, a driver
128: for the PolarFire SoC MSS clock controller.
129: <li>Introduced <a
130: href="https://man.openbsd.org/cdsdhc.4">cdsdhc(4)</a>, a driver for
131: the Cadence SD/SDIO/eMMC host controller.
132: <li>Introduced <a
133: href="https://man.openbsd.org/mpfiic.4">mpfiic(4)</a>, a driver for
134: the PolarFire SoC MSS I2C controller.
135: <li>Introduced <a
136: href="https://man.openbsd.org/mpfgpio.4">mpfgpio(4)</a>, a driver for
137: the PolarFire SoC MSS GPIO controller.
138: <li>Enabled <a href="https://man.openbsd.org/cduart.4">cduart(4)</a>
139: on arm64.
140: <li>Added <a
141: href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a> support
142: for the CP115 block found on Marvell CN9K SoCs.
143: <li>Added <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>
144: support for the AP807 block found on Marvell CN9K SoCs.
1.1 deraadt 145: </ul>
146: <li>Changes on other architectures:
147: <ul>
1.16 benno 148: <!-- riscv -->
1.23 benno 149: <li>Enabled <a href="https://man.openbsd.org/uhid.4">uhid(4)</a>/<a
150: href="https://man.openbsd.org/fido.4">fido(4)</a> on riscv64.
1.14 benno 151: <li>Allowed riscv64 installation on a disk with a GPT.
1.16 benno 152: <li>Added missing locking to <a
153: href="https://man.openbsd.org/pmap_extract.9">pmap_extract(9)</a> and
154: <a href="https://man.openbsd.org/pmap_unwire.9">pmap_unwire(9)</a> on
155: arm64 and riscv64.
156: <li>Improved stack unwinding on riscv64 in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
157: <li>Fixed kernel stack alignment on riscv64.
158: <li>Fixed RISC-V lld link code when dealing with object files created with "ld -b".
159: <li>Made sure nothing can map address zero on RISC-V.
160: <li>Made sure armv7,arm64 and risc-v FDT bootloader code does not write beyond the FDT data structure.
161: <-- sparc64 -->
1.11 benno 162: <li>Fixed booting from an IDE block device on the Sun Blade 100.
163: <li>Fixed <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> console colors on sparc64.
1.16 benno 164: <!-- macppc/powerpc64 -->
1.23 benno 165:
166: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on
167: macppc.
168: <li>Increased <a href="https://man.openbsd.org/ddb.1">ddb(1)</a>
169: access to registers on macppc and powerpc64.
1.16 benno 170: <li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
1.23 benno 171: <li>Allowed <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> trace
172: through interrupt on macppc.
1.1 deraadt 173: </ul>
174: </ul>
175:
176: <li>Various kernel improvements:
177: <ul>
1.16 benno 178: <li>Made redistributable firmwares available across all architectures.<!-- XXX right place? -->
179:
180: <li>Made futexes work in shared anonymous memory.
181: <li>Improved tracking of mbuf memory usage in the whole system.
182: <li>Switched to using long filenames by default with <a
183: href="https://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a> on FAT
184: filesystems.
1.7 benno 185: <li>Fixed memory leak in <a
186: href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
187: href="https://man.openbsd.org/namei.9">namei(9)</a>.
188: <li>Fixed establishing legacy INTx interrupts on machines without a (usable) MSI interrupt controller.
189: <li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
190: href="https://man.openbsd.org/open.2">open(2)</a>/<a
191: href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
192: creating files.
1.16 benno 193: <li>Reworked garbage collector for <a
194: href="https://man.openbsd.org/unix.4">unix(4)</a> sockets to prevent
195: potential kernel panics.
1.10 benno 196: <li>Changed the power management <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
197: hw.perfpolicy to "auto" at startup, defaulting to 100%
198: performance with AC power connected and using the auto algorithm when
199: on battery.
1.11 benno 200: <li>Aligned memory allocation for USB device drivers and USB HC drivers, enlarging the USB memory pool.
1.16 benno 201: <li>Prevent panic in <a
202: href="https://man.openbsd.org/softraid.4">softraid(4)</a> while
203: rebooting if softraid has been disabled.
204:
205: <!-- suspend/hibernate/resume -->
1.11 benno 206: <li>Fixed hibernate setups where removal of a <a
207: href="https://man.openbsd.org/umass.4">umass(4)</a> device results in
208: a renumbered <a
209: href="https://man.openbsd.org/softraid.4">softraid(4)</a> boot device.
210: <li>Fix hibernate on newer hardware by allowing more memory ranges.
1.15 benno 211: <li>If CPU sleep state S4 is not available, use S5 for the ACPI-transitions in hibernate support.
212: <li>Added code to update hw.power whenever AC state changes on resume.
1.22 benno 213: <li>Fixed a panic by prohibiting renames of tmpfs mount-points.
214: <li>Fixed double free after allocation failure in <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
1.11 benno 215:
1.16 benno 216:
1.1 deraadt 217: </ul>
218:
219: <li>SMP Improvements
220: <ul>
1.7 benno 221: <li>Made pipe event filters MP-safe.
222: <li>Set klist lock for sockets to make socket event filters MP-safe.
223: <li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
224: <a href="https://man.openbsd.org/select.2">select(2)</a>, <a
225: href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
226: href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
227: kqueue.
1.24 ! benno 228: <li>Unlocked top part of UVM fault hander on mips64. <!-- XXX move? -->
1.10 benno 229: <li>Unlocked the <a href="https://man.openbsd.org/kevent.2">kevent(2)</a> system call.
230: <li>Made the kqread event filter MP-safe.
231: <li>Reduced the time overhead of <a
232: href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>-based <a
233: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
234: href="https://man.openbsd.org/select.2">select(2)</a> systems calls by
235: keeping knotes between the system calls.
1.11 benno 236: <li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a>
237: and <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>
238: syscalls.
239: <li>Prevented <a
240: href="https://man.openbsd.org/select.2">select(2)</a> from blocking if
241: registering found pending events.
242: <li>Protected <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>
243: input and output with the kernel lock to allow forwarding of non-ipsec
244: traffic in parallel.
245: <li>Unlocked the bottom part of the uvm fault handler.
246: <li>Unlocked <a href="https://man.openbsd.org/getpeername.2">getpeername(2)</a>.
247: <li>Made <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> MP-safe.
1.14 benno 248: <li>Implemented the <a
249: href="https://man.openbsd.org/poll.2">poll(2)</a> system call on top
250: of the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
251: subsystem, obsoleting the old, non-MP-safe poll backend.
1.15 benno 252: <li>Made <a href="https://man.openbsd.org/audio.4">audio(4)</a> event filters MP-safe.
253: <li>Unlocked <a href="https://man.openbsd.org/getsockname.2">getsockname(2)</a>.
254: <li>Added kernel interfaces for atomic load and store functions for int and long to be used in reference counted struct members.
1.1 deraadt 255: </ul>
256:
257: <li>Direct Rendering Manager
258: <ul>
1.5 jsg 259: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
260: to Linux 5.15.26
261: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
262: support for Elkhart Lake, Jasper Lake, Rocket Lake
263: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
264: support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
265: Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
266: Navi 24 "Beige Goby"
1.16 benno 267: <li>Reinstated a <a href="https://man.openbsd.org/drm.4">drm(4)</a>
268: workaround to get framebuffer size from efifb, preventing fatal errors
269: for the BESSTAR TECH HM90 with Ryzen 9 4900H.
270:
1.1 deraadt 271: </ul>
272:
273: <li>VMM/VMD improvements
274: <ul>
1.10 benno 275: <li>Enabled <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> on arm64.
1.8 dv 276: <li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
277: switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
278: vmd(8)</a>.
279: <li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
280: would exit when requesting a new VM and hitting memory resource
281: limits.
282: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
283: corruption on Intel hosts.
284: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
285: clamping when the host has an invariant TSC.
286: <li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
287: vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
288: running guests.
289: <li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
290: vmd(8)</a> on amd64.
1.11 benno 291: <li>Fixed spurious abort of a VM by <a
292: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when the scheduler
293: moves a VM to a different core while it is sleeping on a lock.
294: <li>Fixed broken <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
295: "boot device cdrom" feature after a fix in seabios.
296: <li>Reintroduced support for <a
297: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> <code>start -B net
298: -b bsd.rd</code>, which emulates a PXE boot and performs an
299: autoinstall.
1.16 benno 300: <li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> <a
301: href="https://man.openbsd.org/dt.4">dt(4)</a> tracepoints amd64-only.
302: <li>Provided a login class for <a
303: href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
304: <li>Added handling for <a
305: href="https://man.openbsd.org/vmd.8">vmd(8)</a> hitting resource
306: limits when starting a vm and added memory error messages for the
307: user.
308: <li>Added quiesce/wakeup hooks to sync vcpu state in <a
309: href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.11 benno 310:
1.1 deraadt 311: </ul>
312:
313: <li>Various new userland features:
314: <ul>
1.7 benno 315: <li>Added <a
316: href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
317: for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
318: use in ports.
319: <li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
320: rogue" to show daemons which are running but not set as "enabled" in
321: <a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
1.16 benno 322: <li>Implemented probe variables in BPFtrace (<a
323: href="https://man.openbsd.org/bt.5">bt(5)</a>).
1.7 benno 324: <li>Provided common <a
325: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
326: kprofile.bt (to save kernel stackframes and produce flamegraphs) and
327: runqlat.bt (to measure the latency of the scheduler runqueues).
1.16 benno 328: <li>DNSSEC support: Implemented RFC6840 (AD flag processing) in the libc resolver, if
1.11 benno 329: using trusted name servers specified with 'trust-ad' in <a
1.16 benno 330: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a><!-- XXX or network section? -->
1.14 benno 331: <li>Enabled support for displaying an estimated battery recharge time
332: in <a href="https://man.openbsd.org/apm.8">apm(8)</a> and <a
333: href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
334: <li>Introduced support for storing capability databases in
335: /etc/login.conf.d, allowing easy addition of custom login classes from
1.16 benno 336: packages and made <a
337: href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> look for the login
338: class in both login.conf and login.conf.d/${class}.
339: <li>Added a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
340: cache of regions between 128k and 2M to accommodate programs
341: allocating and deallocating regions of these sizes quickly.
342: ` <li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
343: for mtime/atime/ctime extended headers (in not-SMALL builds).
344: <li>Added -k flag to <a
345: href="https://man.openbsd.org/gzip.1">gzip(1)</a> and <a
346: href="https://man.openbsd.org/gunzip.1">gunzip(1)</a> to retain
347: (de)compressed file.
1.22 benno 348: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
349: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --max-size and --min-size.
1.1 deraadt 350: </ul>
351:
352: <li>Various bugfixes and tweaks in userland:
353: <ul>
1.16 benno 354: <!-- pkg tools -->
355: <li>Stopped <a
356: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> from
357: communicating warnings starting with "XXX" which appeared to indicate
358: errors.
1.7 benno 359:
1.16 benno 360: <!-- X11 -->
361: <li>Enabled subpixel rendering in FreeType.
362: <li>Updated xorg-server to 21.1.3, leaving in place an earlier change
363: to compute the screen resolution from dimensions returned by the
364: screen, reverted by upstream.
365: <li>Allowed bare numbers for key and mouse bindings in <a
366: href="https://man.openbsd.org/cwm.1">cwm(1)</a>.
367: <li>Added a <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
368: "group-last" command that shows only the previously active group.
369: <li>Fixed glass console and <a href="https://man.openbsd.org/getty.8">getty(8)</a> interference with Xorg on arm64.
370:
371: <!-- utilities -->
372: <li>Fixed octal escape parsing in <a
373: href="https://man.openbsd.org/tr.1">tr(1)</a> backslash().
374: <li>Added <a href="https://man.openbsd.org/uniq.1">uniq(1)</a>
375: support for arbitrarily long input lines.
376: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> ignore
377: trailing newlines when comparing lines.
378: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> skip()
379: each input line only once, improving performance.
380: <li>Increased <a href="https://man.openbsd.org/tee.1">tee(1)</a> I/O
381: buffer size for 8KB to 64KB.
382: <li>Improved performance of <a
383: href="https://man.openbsd.org/rev.1">rev(1)</a>.
384: <li>Made <a href="https://man.openbsd.org/ed.1">ed(1)</a> flush all
385: stdio streams before running a shell command.
386: <li>Prevented a file descriptor leak in <a
387: href="https://man.openbsd.org/touch.1">touch(1)</a> after <a
388: href="https://man.openbsd.org/futimens.2">futimens(2)</a> failure.
389: <li>Added <a href="https://man.openbsd.org/seq.1">seq(1)</a>, a
390: command to print sequences of numbers.
391:
392: <!-- apm -->
1.22 benno 393: <li>Set cpuspeed to 0 in <a
394: href="https://man.openbsd.org/apm.8">apm(8)</a> when hw.cpuspeed
395: cannot be retrieved.
1.16 benno 396:
397: <li>Copied the <a href="https://man.openbsd.org/cos.3">cos(3)</a>
398: cosine software implementation from FreeBSD-13, and disabled assembly
399: implementations of trig functions on x86 platforms.
400: <li>Added optimization for tiny x in <a
401: href="https://man.openbsd.org/cos.3">cos(3)</a> and <a
1.21 tj 402: href="https://man.openbsd.org/sin.3">sin(3)</a> trigonometry
403: functions.
1.16 benno 404:
405: <!-- audio -->
406: <li>Switched <a href="https://man.openbsd.org/aucat.1">aucat(1)</a>
407: internal sample representation and default file encoding to 24-bit.
408: <li>Switched <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
409: internal sample representation to 24-bit fixed point.
410:
411: <!-- rc scripts -->
412: <li>Allowed passing a different signal than SIGTERM in the default
413: rc_stop() function in <a
414: href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
415: <li>Improved and simplified timer handling in <a
416: href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> "stop" and "reload".
417:
418: <!-- fdisk -->
1.19 krw 419: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
420: -b available on all architectures.
1.7 benno 421: <li>Removed the constraint that <a
1.19 krw 422: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b block
423: count and block offset must be greater than 63.
424: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b
425: partitions other than EFI System partitions DOSACTIVE.
426: <li>Switched to using <a
427: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b to create boot
428: partitions on multiple architectures.
1.16 benno 429: <li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
430: "disk" editing command.
1.19 krw 431: <li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
432: from initializing an MBR to have overlapping partitions 0 and 3.
1.16 benno 433: <li>Allowed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
434: extend the default OpenBSD partition to the end of the disk, rather
435: than truncating at the end of the last full cylinder.
1.19 krw 436: <li>Corrected GPT checksums written by <a
1.16 benno 437: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> on big-endian
438: architectures to be little-endian as per spec.
439: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
440: preserve BIOS boot partition.
1.19 krw 441: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
442: preserve the EFI System partition on GPT disks with Apple APFS partitions.
443: <li>Removed the builtin MBR from <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
444: <li>Removed the "rpath" and "wpath" pledges from <a
445: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
446: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
447: creates the default OpenBSD MBR partition only when there is space for it.
448: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
449: does not set MBR DOSACTIVE flag on unused partitions when initializing MBR.
450: <li>Reduced the alignment space <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
451: inserts before the start of the default OpenBSD partition.
1.16 benno 452:
453: <!-- other -->
1.7 benno 454: <li>Merged bugfixes from upstream into <a
455: href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
456: the prompt hiding feature (CTRL-P) and an integer overflow.
1.16 benno 457: <li>Fixed possible use after free with long lines in <a
458: href="https://man.openbsd.org/less.1">less(1)</a>.
1.7 benno 459: <li>Fixed file descriptor leak of /dev/tty on <a
460: href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
461: <li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
462: <a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
463: href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
464: href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
465: implementations from NetBSD with the existing FreeBSD implementations
466: we were already using for <a
467: href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
468: href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
1.16 benno 469: <li>In various games, call <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
1.7 benno 470: later to prevent it from killing various games using ncurses when both
471: stdout and stderr are redirected to a non-tty.
1.16 benno 472: <li>Switched LLD_ARCHs (architectures using the LLVM <a
473: href="https://man.openbsd.org/ld.lld.1">ld.lld(1)</a> linker) to also
474: user the LLVM archiver <a
475: href="https://man.openbsd.org/llvm-ar.1">llvm-ar(1)</a>.
1.24 ! benno 476: <li>Added openvpn ports (udp/1194 & tcp/1194) to /etc/services.
1.16 benno 477: <li>Prevented an access to uninitialized memory in <a
478: href="https://man.openbsd.org/awk.1">awk(1)</a>.
479: <li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> recovery
480: mode.
481: <li>Extended and reordered the process accounting information
482: structure <a href="https://man.openbsd.org/acct.5">acct(5)</a>. Flag
483: Day for the <a href="https://man.openbsd.org/acct.2">acct(2)</a> file
484: format.
485: <li>Fixed <a
486: href="https://man.openbsd.org/setusercontext.3">setusercontext(3)</a>
487: error when /etc/login.conf is not present.
1.1 deraadt 488: </ul>
489:
490: <li>Improved hardware support and driver bugfixes, including:
491: <ul>
1.7 benno 492: <li>Added support to <a
493: href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
494: Lake H and Tiger Lake H platforms.
495: <li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
496: is present with an attached <a
497: href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
498: <li>Fixed an interrupt storm on <a
499: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
500: support Energy Efficient Ethernet when connected to a switch which
501: does so as well.
502: <li>Added support for tpm2 CRB interface to <a
503: href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
504: regressions on the Surface Go 2 caused by a firmware change.
505: ` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
506: device tree with at least one page of free space to extend into. This
507: fixes booting on VMWare Fusion.
1.10 benno 508: <li>Stopped binding audio devices exposed by <a
509: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to physical
510: devices. <!-- XXX check this -->
511: <li>Fixed handling of interrupts shared between multiple <a
512: href="https://man.openbsd.org/dwiic.4">swiic(4)</a> devices.
1.11 benno 513: <li>Introduced <a
514: href="https://man.openbsd.org/iicmux.4">iicmux(4)</a>, a driver that
515: switches between I2C busses connected to a single I2C controller by
516: using the pin muxing facilities of an SoC.
517: <li>Introduced <a
518: href="https://man.openbsd.org/pcyrtc.4">pcyrtc(4)</a>, a driver for
519: the NXP PCF85063A/TP RTC chips.
520: <li>Fixed a panic when running <a
521: href="https://man.openbsd.org/utvfu.4">utvfu(4)</a> on <a
522: href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
523: <li>Added <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>
524: support for interrupts represented by ACPI PCI Interrupt Link Devices,
525: making PCI interrupts work on QEMU's SBSA target.
1.16 benno 526: <li>Added handling of multi-port controllers to <a
527: href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
528: <li>Make <a href="https://man.openbsd.org/com.4">com(4)</a> attach
529: over <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64.
530: <li>Added address locators for the ACPI "bus" and used these to fix
531: the order of the <a href="https://man.openbsd.org/com.4">com(4)</a>
532: devices to match the traditional order on the ISA bus.
533: <li>Added Intel Jasper Lake to the <a
534: href="https://man.openbsd.org/azalia.4">azalia(4)</a> audio driver.
535: <li>Ensured <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>
536: matches on Intel 300 Series audio, fixing attaching on the Dell G3
537: 3590.
538: <li>Added Synopsys Designware UART support to <a
539: href="https://man.openbsd.org/com.4">com(4)</a>.
540: <li>Fixed an issue where <a
541: href="https://man.openbsd.org/com.4">com(4)</a> would attach for a
542: disabled serial port leading to misdirection of the hardware variant
543: and a subsequent hang when /etc/rc runs <a
544: href="https://man.openbsd.org/ttyflags.8">ttyflags(8)</a> -a.
545: <li>Fixed <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> for
546: Jasper Lake eMMC.
547: <li>Improved how quirks are handled on <a
548: href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>-compatible drivers.
549: <li>Enabled <a
550: href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> use with the
551: Surface Go 3.
552: <li>Fixed suspend/resume issues with <a
553: href="https://man.openbsd.org/com.4">com(4)</a> at <a
554: href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
555: <li>Correlated <a
556: href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> and <a
557: href="https://man.openbsd.org/ucc.4">ucc(4)</a> devices attacked over
558: USB in order to adjust the volume of the correct attached audio device
559: rather than the first one attached.
560: <li>Enabled PL011 UART FIFO support in <a
561: href="https://man.openbsd.org/pluart.4">pluart(4)</a>.
1.15 benno 562: <li>Added support for XBox One game controller on usb.
1.16 benno 563: <li>Stopped suspending the <a
564: href="https://man.openbsd.org/tpm.4">tpm(4)</a> device upon
565: hibernation, preventing some systems from hanging when hibernating a
566: second time.
567: <li>Fixed <a href="https://man.openbsd.org/hilkbd.4">hilkbd(4)</a>
568: Swedish keyboard layout on non-PS/2 style keyboards.
1.1 deraadt 569: </ul>
570:
571: <li>New or improved network hardware support:
572: <ul>
1.16 benno 573: <li>Added support to <a
574: href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
1.7 benno 575: <li>Fixed an interrupt storm on <a
576: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
577: support Energy Efficient Ethernet when connected to a switch which
578: does so as well.
1.16 benno 579: <li>Applied MP-safe changes from <a
580: href="https://man.openbsd.org/dwge.4">dwge(4)</a> to <a
581: href="https://man.openbsd.org/dwxe.4">dwxe(4)</a>.
1.10 benno 582: <li>Added <a href="https://man.openbsd.org/igc.4">igc(4)</a>, a
583: driver for the Intel 2.5Gb Ethernet controllers.
1.11 benno 584: <li>Implemented <a href="https://man.openbsd.org/em.4">em(4)</a>
585: support for selecting SMGII or SerDes mode depending on the plugged-in
586: SFP transceiver and for reading out transceiver information via <a
587: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.16 benno 588: <li>Enabled hardware vlan tagging for <a
589: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
590: <li>Re-enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>
591: IPv4, TCP4/6 and UDP4/6 checksum offloading. \ <li>Enabled receive
592: checksum offloading on <a
593: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
594: <li>Prevented a possible deadlock in <a
595: href="https://man.openbsd.org/cad.4">cad(4)</a>.
1.22 benno 596: <li>Prevented <a href="https://man.openbsd.org/aq.4">aq(4)</a> nics
597: from writing to mbufs taken off the ring when the interface was taken
598: down.
1.16 benno 599: <li>Fixed receive filter handling in <a
600: href="https://man.openbsd.org/aq.4">aq(4)</a>.
601: <li>Enable vlan promisc, header stripping and vlan RX/TX offload on
602: <a href="https://man.openbsd.org/aq.4">aq(4)</a>.
603: <li>Enabled checksum offloads on <a
604: href="https://man.openbsd.org/aq.4">aq(4)</a>.
605: <li>Enabled interrupt moderation on <a
606: href="https://man.openbsd.org/aq.4">aq(4)</a>, aiming at around 20k
607: per second.
608: <li>Fixed <a href="https://man.openbsd.org/aq.4">aq(4)</a> occasional
609: errors seen on rockpro64.
610: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> vlan
611: transmission with hw tagging.
1.22 benno 612: <li>Reworked <a href="https://man.openbsd.org/ix.4">ix(4)</a>
613: checksum/vlan offloading and enabled it for IPv6.
614: <li>Enabled IP header checksum offloading in <a
615: href="https://man.openbsd.org/ix.4">ix(4)</a>.
1.1 deraadt 616: </ul>
617:
618: <li>Added or improved wireless network drivers:
619: <ul>
1.7 benno 620: <li>Reset the Tx timer upon validation of a BA notification sent by
621: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
622: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware.
623: <li>Prevented <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
624: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attempts to
625: transition toward the same state where this would result in a
626: redundant or illegal state transition and a potential hang.
627: <li>Fixed a panic when <a
628: href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
629: at boot time.
630: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
631: performance drop after roaming between APs in 11n mode.
632: <li>Ensured <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses
633: only the HT (high throughput) frame format for data frames.
634: <li>Allowed AUTH->AUTH state transitions in the <a
635: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
636: href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers again, needed
637: if the access point uses band-steering.
638: <li>Added support for 802.11n 40MHz channels to the <a
639: href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
640: <li>Reverted to use <a
641: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
642: AC 7265, fixing instability issues on X1 Carbon gen3.
643: <li>Cached the old BSSID when roaming with <a
644: href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
645: <li>Explicitly stopped <a
646: href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack when
647: roaming between access points.
648: <li>Added initial 40MHz support to the <a
649: href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
1.10 benno 650: <li>Fixed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> with 4965 devices.
1.11 benno 651: <li>Disabled active scanning on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 to prevent a device lockup.
652: <li>Fixed monitor mode on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
653: <li>Let <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
654: href="https://man.openbsd.org/iwm.4">iwm(4)</a> use per-Tx-queue
655: interface timers to ensure timeout if a particular Tx queue gets
656: stuck.
657: <li>Disabled probe requests during scans in <a
658: href="https://man.openbsd.org/iwx.4">iwx(4)</a> again, preventing
659: device timeouts for some devices.<!-- XXX stsp: whats the final state of this? ;) -->
660: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to new -67 firmware images.
661: <li>Made <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> attach to PCI devices with product ID 0x31dc, part of the 9560 chip family.
662: <li>Fixed wrong pointer assignment causing the driver to read block ack request information sent by firmware from the wrong offset in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
663: <li>Fixed and reenabled active scans on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
1.15 benno 664: <li>Improved roaming stability on <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, particularly with wpa_supplicant.
665: <li>Added 802.11ac support on <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
666: <li>Add initial 802.11ac support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
667: <li>Fixed attach of multiple <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> interfaces in the same machine.
668: <li>Prevent announcing VHT capabilities on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> for 2GHz bands during scans.
669: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 802.11ac throughput at a distance.
1.16 benno 670:
671: <li>Added relicensed wireless firmwares from Realtek for <a
672: href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
673: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
674: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
675: these devices to work without requiring a separate firmware download.
676: <li>Added a workaround for buggy <a
677: href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
678: filling up the node cache when used in hostap mode.
679: <li>Applied a workaround in <a
680: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
681: external abort under load with <a
682: href="https://man.openbsd.org/athn.4">athn(4)</a>.
683: <li>Made <a href="https://man.openbsd.org/athn.4">athn(4)</a> attach
684: to the Sony UWA-BR100.
685: <li>Fixed "(null node)" panics on <a href="https://man.openbsd.org/run.4">run(4)</a>.
686: <li>Introduced <a href="https://man.openbsd.org/mtw.4">mtw(4)</a>, a
687: driver for MediaTek MT7601U wifi devices, enabled on i386, macppc and
688: arm64.
689: <li>Disabled minimum power consumption in <a
690: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> hostap mode,
691: improving connection reliability when used as an access point.
692: <li>Added support for the BCM4387 to <a
693: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
694: <li>Improved TX performance on <a
695: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> RTL8192EU devices.
696: <li>Fix TX rate used by <a
697: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
698: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> for RTS frames.
699: <li>Added preliminary <a
700: href="https://man.openbsd.org/ure.4">ure(4)</a> support for RTL8156B
701: and bug fixes for RTL8153/RTL8156.
1.7 benno 702:
1.1 deraadt 703: </ul>
704:
705: <li>IEEE 802.11 wireless stack improvements and bugfixes:
706: <ul>
1.7 benno 707: <li>Added <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx aggregation support.
708: <li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
709: <li>Cached the old BSSID when roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> so firmware commands can continue using it while roaming to a new AP.
710: <li>Added support for 40MHz channels to net80211 RA.
711: <li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
1.11 benno 712: <li>Introduced an optional driver-specific bgscan_done() handler which allows the driver to take control of the roaming teardown sequence, ensuring that race conditions between firmware state and net80211 state are avoided.<!-- XXX srsly? "net80211" is the only thing in this sentence that tells me this is about wireless! -->
713: <li>Implemented bgscan_done() handlers for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
714: <li>Taught the net80211 stack to remove corresponding frames from ic_pwrsaveq when a power-saving client decides to leave our hostap interface, preventing a panic.
1.15 benno 715: <li>Added initial 802.11ac (VHT) support to the wifi stack.
716: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> show 802.11ac VHT capability and operation IEs in -v mode.
717: <li>Added 802.11ac/VHT TX rate adaptation support to the wifi stack.
718: <li>When choosing networks during SSID selection, give a higher score to 11ac and 11n access points, prioritizing 11ac.
1.1 deraadt 719: </ul>
720:
721: <li>Generic network stack improvements and bugfixes:
722: <ul>
1.7 benno 723: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
1.15 benno 724: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> rdr-to rules failing on certain port ranges when explicitly specified.
725: <li>Ensured the <a href="https://man.openbsd.org/pf.4">pf(4)</a> "set prio" values are checked consistently.
1.11 benno 726: <li>Made "set skip on ..." in <a
727: href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> dynamic, with
728: this, "set skip" can be used on interfaces that are not configured
729: yet.
1.22 benno 730: <li>Protected <a
731: href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> tdb flags and
732: lists with a mutex to prevent crashes involving pfsync, IPsec and
733: parallel forwarding.
734:
735: <li>Added support for PPP IPCP extensions for DNS to <a
736: href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
737: <li>Added display of DNS information from <a
738: href="https://man.openbsd.org/sppp.4">sppp(4)</a> to <a
739: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
740: <li>Switched to calculating <a
741: href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> session duration
742: using system uptime rather than UTC.
743:
744: <li>Fixed <a href="https://man.openbsd.org/veb.4">veb(4)</a> vport
745: handling to prevent improper drop of packets leaving a vport
746: interface.
747: <li>Prevented tweaks to <a
748: href="https://man.openbsd.org/tun.4">tun(4)</a> if_flags when the
749: NET_LOCK isn't held.
750: <li>Prevented reopening of <a
751: href="https://man.openbsd.org/tun.4">tun(4)</a>/<a
752: href="https://man.openbsd.org/tap.4">tap(4)</a> interfaces which are
753: being destroyed.
1.15 benno 754: <li>Rewrote <a href="https://man.openbsd.org/vxlan.4">vxlan(4)</a> to
755: operate independently of <a
756: href="https://man.openbsd.org/bridge.4">bridge(4)</a>, create and bind
757: udp sockets and prevent loops.
1.22 benno 758: <li>Stopped hiding the mtu on "bridge" interfaces which do handle l3
759: traffic in <a
760: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
761: <li>Added mbuf tags to prevent output loops in <a
762: href="https://man.openbsd.org/etherip.4">etherip(4)</a>.
763: <li>Added rtable capability to <a
764: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>,
765: allowing to specify the rtable a process uses.
766: <li>Made <a href="https://man.openbsd.org/su.1">su(1)</a> honor the
767: login class routing table when doing a full login with su -l.
768: <li>Fix IP output routines on raw sockets so route sourceaddr can
769: take effect using <a
770: href="https://man.openbsd.org/sendto.2">sendto(2)</a> or similar.
771: <li>Ensured <a
772: href="https://man.openbsd.org/pcap_lookupdev.3">pcap_lookupdev(3)</a>
773: matches only on complete interface names.
1.1 deraadt 774: </ul>
775:
776: <li>Installer and upgrade improvements:
777: <ul>
1.22 benno 778: <li>Corrected installer to understand "inet autoconf" properly in <a
1.7 benno 779: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
1.22 benno 780: <li>Stopped prompting whether to fall back to HTTP in the installer,
781: making the fallback automatic.
1.7 benno 782: <li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
783: "join" command by default in <a
784: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
785: replacing the old "nwid".
1.22 benno 786: <li>Replace custom bootloader installation code with <a
787: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
788: riscv64 and armv7 architecture installations.
789: <li>New logic for <a
790: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to avoid
791: excessive moving of files during updates when possible.
792: <li>Documented OpenBSD installation and upgrade customization using the <a
793: href="https://man.openbsd.org/install.site.5">install.site(5)</a> file.
1.10 benno 794: <li>Corrected "!" escape handling in the installer when accepting WEP/WPA passphrase.
1.22 benno 795: <li>Prevented a potential race which could make <a
796: href="https://man.openbsd.org/umount.8">umount(8)</a> fail spuriously
797: in the installer.
798: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -e
799: work with ramdisk kernels.
1.11 benno 800: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -c
801: cmdfile use lines from the command file for all input, not just
802: commands. This allows complex actions like changing device parameters.
1.22 benno 803: <li>Ensured that an interrupted arm64 install from the ramdisk kernel
804: can be restarted.
805:
806: <!-- fw_update -->
1.11 benno 807: <li>Returned to a shell-script based <a
808: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>, written
809: to be usable by the install script, allowing earlier retrieval of
810: downloaded firmwares.
811: <li>Stopped <a
812: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> from
813: downloading SHA256.sig when not needed, to allow installing local
814: files without network access.
815: <li>Modified the installer to use <a
816: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to install
817: non-free firmware files if present on the install media.
1.22 benno 818: <li>Made <a
819: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>
820: re-download existing files with failed checksums.
821: <li>Stopped unregistering firmware with <a
822: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> when the
823: SHA256.sig cannot be fetched.<!-- what does "unregistering firmware" mean? -->
824: <li>Made <a
825: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> use the
826: /snapshots directory only on -current snapshot installations.
1.1 deraadt 827: </ul>
828:
829: <li>Security improvements:
830: <ul>
1.22 benno 831: <li>Clear the length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
1.7 benno 832: <li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
833: <li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
1.10 benno 834: <li>Disabled <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> mouse tracking by default.
1.22 benno 835: <li>On arm64 architectures, use "rng-seed" and "kaslr-seed" properties from the device tree to mix extra entropy into the random pool.
1.15 benno 836: <li>Made <a href="https://man.openbsd.org/apmd.8">apmd(8)</a> replace /etc/random.seed for hibernate-resumes.
1.11 benno 837: <li>Restricted <a
838: href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a
839: href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> file
840: system access with <a
841: href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
1.14 benno 842: <li>Added <a href="https://man.openbsd.org/ps.1">ps(1)</a> status flag "c" to indicate a process is chrooted.
1.15 benno 843: <li>In <a
844: href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a> <a
845: href="https://man.openbsd.org/unveil.2">unveil(2)</a> "/dev" read-only
846: instead of using <a
847: href="https://man.openbsd.org/chroot.2">chroot(2)</a>.
1.1 deraadt 848: </ul>
849:
850: <li>Routing daemons and other userland network improvements:
851: <ul>
1.11 benno 852: <li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
1.7 benno 853: <li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
1.11 benno 854: <li>Installed missing scope identifiers for IPv6 link-local addresses for <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> and <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>.
855: <li>Allowed interface names as scope-id in IPv6 link-local addresses in <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
1.15 benno 856: <li>Let <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> probe for DNS64 presence with an absolute name, so asr doesn't add search domains and retry.
1.7 benno 857: <li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
1.11 benno 858: <li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
859: <li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
860: <li>Made the <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> host name DHCP option configurable.
861: <li>Prevented a crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> due to updating an interface which no longer exists.
1.15 benno 862: <li>Prevented a potential crash when <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> receives more than 7 nameservers.
863: <li>Fixed crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> when receiving a negative length field for DNS labels.
1.11 benno 864: <li>Fix <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, create permissions are required for databases.
865: <li>Made <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> start listening on interface in 'down' state. Interfaces can come up later, at which point dhcpd(8) will start receiving packets.
866: <li>Added a basic printer for EAPOL packets to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.15 benno 867: <li>Made <a href="https://man.openbsd.org/ping.8">ping(8)</a> print out the source address and sequence number when the signature on an icmp echo reply doesn't match.
868: <li>Rate limit <a href="https://man.openbsd.org/rad.8">rad(8)</a> router advertisements according to RFC 4861.
1.22 benno 869:
870: <!-- httpd -->
871: <li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> received new features and bugfixes:
872: <ul>
873: <li>Respond with 400 Bad Request when a client sends header lines without a colon.
874: <li>Added protocol version checking.
875: <li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
876: <li>Corrected <a
877: href="https://man.openbsd.org/httpd.8">httpd(8)</a> version string
878: checking, responding with 505 Version Not Supported rather than 400
879: Bad Request when the version format is incorrect.
880: <li>Stop sending content alongside responses to HEAD requests.
881: <li>Added support for custom error pages.
882: <li>Added a gzip-static option to <a
883: href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>,
884: allowing delivery of precompressed files with content-encoding gzip.
885: <li>Improved handling of static compressed gzip files.
886: </ul>
887:
888:
889: <!-- IPSEC/isakmpd/iked -->
890: <li>IPSEC support was improved:
891: <ul>
892: <li>Made <a href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> proto config option accept a list to allow specifying multiple protocols for a single policy.
893: <li>Fixed removal of SAs that could not be flushed with <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -F.
894: <li>Changed <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to log a warning when proto is NULL rather than dereferencing it.
895: <li>Fixed broken key exchange negotiation with matching proposals in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
896: <li>Added <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> "show certinfo" to show trusted CAs and certificates.
897: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -V to display the version.
898: <li>Fixed a bug where <a href="https://man.openbsd.org/iked.8">iked(8)</a> sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
899: <li>Improved message fragment retransmissions for <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
900: <li>Make sure <a href="https://man.openbsd.org/iked.8">iked(8)</a> vroute messages are correctly aligned, fixes autoconfiguration of addresses on octeon.
901: </ul>
902: <!-- rpki-client -->
903: <li><a
904: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> was
905: made more resilient regarding untrusted input. Additionally the
906: following bugfixes and improvements were made:
907: <ul>
908: <li>Added support for validating BGPsec Router Public Keys.
909: <li>Fix issues with chunked transfer encoding in the RRDP HTTP client.
910: <li>Cleanup and improvement of how IO is handled.
911: <li>Improvements in the way X509 certificates are verified.
912: <li>Make rpki-client
913: <li>Limit the number of concurrent rsync processes.
914: <li>Fix CRLF in tal files.
915: <li>Enforce the correct namespace of rrdp files.
916: <li>Fail certificate verification if a certificate contains unknown
917: critical extensions.
918: <li>Improve cleanup of rrdp directory contents.
919: <li>Introduce a validated cache which holds all the files that have
920: successfully been verified by rpki-client.
1.24 ! benno 921: <li>Add a new option '-f <file>' to validate a signed object in a file
1.22 benno 922: against the RPKI cache.
923: <li>Add various RFC 6488 compliance checks to improve the CMS parser.
924: <li>Improve RRDP replication through less aggressive cache cleanup.
925: <li>Add a check whether a given Manifest EE certificate is listed on the
926: applicable CRL.
927: <li>For forward compatibility permit ASPA object to appear on Manifests.
1.24 ! benno 928: <li>Various improvements to the '-f <file>' diagnostic option to
1.22 benno 929: now also validate files containing Trust Anchor certs and CRLs.
930: <li>Do not apply timezone offsets when converting X509 times. X509
931: times are in UTC and comparing them to times in different timezones
932: would cause validity problems.
933: <li>Limited the number of <a
934: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> processes
935: being spawned by <a
936: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 16.
937: </ul>
938: <!-- bgpd -->
939: <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
940: <ul>
941: <li>macro expansion in the config file was improved. It is now possible
942: to expand 'set large-community $myAS:$location:$transit'.
943: <li>tThe RIB codebase was refactored in order to add multipath
944: support in an upcoming release.
945: <li>the <a href="https://man.openbsd.org/bgpd.8">bgpd</a> login
946: class datasize attribute (in <a
947: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>) was set
948: to either 16G or 1G, depending on architecture.
949: <li>added a "listen on" parameter in in <a
950: href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> to make it
951: possible to bind and connect to non-default ports.
952: </ul>
1.1 deraadt 953: </ul>
954:
955: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
956: <ul>
1.7 benno 957: <li>Fixed a crash in <a
958: href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
959: multiple clients is destroyed but tmux does not close completely due
960: to other sessions.
961: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
962: redraw problem on automargin terminals.
963: <li>Fixed a problem with repeat in <a
964: href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
965: <li>Added -T to set a popup title in <a
966: href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
967: <li>Added -s and -S to <a
968: href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
969: popup and border style.
970: <li>Fixed application-set fg and bg in <a
971: href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
972: <li>Added a way to force a color to RGB in <a
973: href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
974: display it.
1.10 benno 975: <li>Added a cursor-colour option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
976: <li>Added a cursor-style option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.11 benno 977: <li>Added a pane-border-format pane option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
978: <li>Added attempts to turn on less-capable mouse modes when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> turns on more-capable ones, in case the terminal doesn't support the desired mode.
1.14 benno 979: <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to show arrows for the active pane indicator.
980: <li>Added a key in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode to toggle the position indicator.
1.15 benno 981: <li>Added an option in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to set the character for unused areas of the terminal.
982: <li>Add <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to control if it scrolls into history on clear.
983: <li>Added OSC 7 capability to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> for setting titles.
1.1 deraadt 984: </ul>
985:
1.24 ! benno 986: <li>OpenSMTPD version XXX <!-- XXX -->
1.1 deraadt 987: <ul>
1.14 benno 988: <li>Stopped <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> from verifying the cert or CA for a relay using opportunistic TLS.
1.15 benno 989: <li>Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> behavior.
1.1 deraadt 990: </ul>
991:
1.24 ! benno 992: <li>LibreSSL version XXX <!-- XXX -->
1.1 deraadt 993: <ul>
994: <li>New Features
995: <ul>
1.9 inoguchi 996: <li>The RFC 3779 API was ported from OpenSSL.<br>
997: Many bugs were fixed, regression tests were added and the code was cleaned up.
998: <li>Certificate Transparency was ported from OpenSSL.<br>
999: Many internal improvements were made, resulting in cleaner and safer code.<br>
1000: Regress coverage was added. libssl does not yet make use of it.
1.1 deraadt 1001: </ul>
1002:
1003: <li>Portable Improvements
1004: <ul>
1.9 inoguchi 1005: <li>Enabled ASAN CI on Linux platform.<br>
1006: Thanks to Ilya Shipitsin (chipitsine <at> gmail com).
1007: <li>Fixed various POSIX compliance and other portability issues<br>
1008: found by the port to the Sortix operating system.
1009: <li>Add libmd as platform specific libraries for Solaris.<br>
1010: Issue reported from (ihsan <at> opencsw org) on libressl ML.
1011: <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
1012: Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
1013: <li>Enabled and scheduled Coverity scan.<br>
1014: Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github.
1.1 deraadt 1015: </ul>
1016:
1.9 inoguchi 1017: <li>Compatibility Changes
1018: <ul>
1019: <li>Most structs that were previously defined in the following headers
1020: are now opaque as they are in OpenSSL 1.1:<br>
1021: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
1022: x509.h, x509v3.h, x509_vfy.h
1023: <li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
1024: OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
1025: of using something consistent with the previous naming.<br>
1026: Various test suites expect these names (instead of checking for the much
1027: more sensible cipher numbers).<br>
1028: The old names are still accepted as aliases.
1029: <li>Subject alternative names and name constraints are now validated
1030: when they are added to certificates.<br>
1031: Various interoperability problems with stacks that validate
1032: certificates more strictly than OpenSSL can be avoided this way.
1033: <li>Attempt to opportunistically use the host name for SNI in s_client
1034: </ul>
1035:
1036: <li>Bug fixes
1.1 deraadt 1037: <ul>
1.9 inoguchi 1038: <li>Avoid infinite loop for custom curves of order 1.<br>
1039: Found and reported with a reproducer by Hanno Boeck.
1040: Helpful comments and analysis from David Benjamin.
1041: <li>Avoid infinite loop on parsing DSA private keys.<br>
1042: Issue reported with reproducers by Hanno Boeck.
1043: Additional variants and analysis by David Benjamin.
1044: <li>A malicious certificate can cause an infinite loop.<br>
1045: Reported by and fix from Tavis Ormandy and David Benjamin, Google.
1046: <li>In some situations, the verifier would discard the error on an
1047: unvalidated certificate chain.<br>
1048: This would happen when the verification callback was in use,
1049: instructing the verifier to continue unconditionally.<br>
1050: This could lead to incorrect decisions being made in software.
1051: <li>Avoid an infinite loop in SSL_shutdown()
1052: <li>Fix another return 0 bug in SSL_shutdown()
1053: <li>Handle zero byte reads/writes that trigger handshakes in the
1054: TLSv1.3 stack
1055: <li>A long standing memleak in libtls CRL handling was fixed
1.1 deraadt 1056: </ul>
1057:
1.9 inoguchi 1058: <li>Internal Improvements
1.1 deraadt 1059: <ul>
1.9 inoguchi 1060: <li>Cache the SHA-512 hash instead of the SHA-1 hash and cache
1061: notBefore and notAfter times when X.509 certificates are parsed.
1062: <li>The X.509 lookup code has been simplified and cleaned up.
1063: <li>Fixed numerous issues flagged by coverity and the cryptofuzz project
1064: <li>Increased the number of Miller-Rabin checks in DH and DSA
1065: key/parameter generation
1066: <li>Started using the bytestring API in libcrypto for cleaner and
1067: safer code
1068: <li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
1069: ASN1
1070: <li>Convert ASN1_OBJECT_new() to calloc()
1071: <li>Convert ASN1_STRING_type_new() to calloc()
1072: <li>Rewrite ASN1_STRING_cmp()
1073: <li>Use calloc() for X509_CRL_METHOD_new() instead of malloc()
1074: <li>Convert ASN1_PCTX_new() to calloc()
1075: <li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
1076: <li>Consolidate {d2i,i2d}_{pr,pu}.c
1077: <li>Remove handling of a NULL BUF_MEM from asn1_collect()
1078: <li>Pull the recursion depth check up to the top of asn1_collect()
1079: <li>Inline collect_data() in asn1_collect()
1080: <li>Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
1081: <li>Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
1082: <li>Consolidate ASN.1 universal tag type data
1083: <li>Rewrite ASN.1 identifier/length parsing in CBS
1084: <li>Make OBJ_obj2nid() work correctly with NID_undef
1085: <li>tlsext_tick_lifetime_hint is now an uint32_t
1086: <li>Untangle ssl3_get_message() return values
1087: <li>Rename tls13_buffer to tls_buffer
1088: <li>Fold DTLS_STATE_INTERNAL into DTLS1_STATE
1089: <li>Provide a way to determine our maximum legacy version
1090: <li>Mop up enc_read_ctx and read_hash
1091: <li>Fold SSL_SESSION_INTERNAL into SSL_SESSION
1092: <li>Use ssl_force_want_read in the DTLS code
1093: <li>Add record processing limit to DTLS code
1094: <li>Add explicit CBS_contains_zero_byte() check in CBS_strdup()
1095: <li>Improve SNI hostname validation
1096: <li>Ensure SSL_set_tlsext_host_name() is given a valid hostname
1097: <li>Fix a strange check in the auto DH codepath
1098: <li>Factor out/rewrite DHE key exchange
1099: <li>Convert server serialisation of DHE parameters/public key to new
1100: functions
1101: <li>Check DH public key in ssl_kex_peer_public_dhe()
1102: <li>Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
1103: <li>Clean up and refactor server side DHE key exchange
1104: <li>Provide CBS_get_last_u8()
1105: <li>Provide CBS_get_u64()
1106: <li>Provide CBS_add_u64()
1107: <li>Provide various CBS_peek_* functions
1108: <li>Use CBS_get_last_u8() to find the content type in TLSv1.3 records
1109: <li>unifdef TLS13_USE_LEGACY_CLIENT_AUTH
1110: <li>Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
1111: <li>Only allow zero length key shares when we know we're doing HRR
1112: <li>Pull key share group/length CBB code up from
1113: tls13_key_share_public()
1114: <li>Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
1115: validation
1116: <li>Return 0 on failure from send/get kex functions in the legacy
1117: stack
1118: <li>Rename tls13_key_share to tls_key_share
1119: <li>Allocate and free the EVP_AEAD_CTX struct in
1120: tls13_record_protection
1121: <li>Convert legacy TLS client to tls_key_share
1122: <li>Convert legacy TLS server to tls_key_share
1123: <li>Stop attempting to duplicate the public and private key of dh_tmp
1124: <li>Rename dh_tmp to dhe_params
1125: <li>Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
1126: <li>Clean up pkey handling in ssl3_get_server_key_exchange()
1127: <li>Fix GOST skip certificate verify handling
1128: <li>Simplify tlsext_keyshare_server_parse()
1129: <li>Plumb decode errors through key share parsing code
1130: <li>Simplify SSL_get_peer_certificate()
1131: <li>Cleanup/simplify ssl_cert_type()
1132: <li>The S3I macro was removed
1133: <li>The openssl(1) cms, smime and ts subcommands option handling was
1134: converted and the C source was cleaned up.
1.1 deraadt 1135: </ul>
1136:
1.9 inoguchi 1137: <li>Documentation improvements
1.1 deraadt 1138: <ul>
1.9 inoguchi 1139: <li>45 new manual pages, most of which were written from scratch.<br>
1140: Documentation coverage of ASN.1 and X.509 code has been
1141: significantly improved.
1.1 deraadt 1142: </ul>
1143:
1.9 inoguchi 1144: <li>API additions and removals
1.1 deraadt 1145: <ul>
1.9 inoguchi 1146: <li>libssl
1147: <ul>
1148: <li>API additions
1149: <ul>
1150: <li>SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
1151: </ul>
1152: <li>API stubs for compatibility
1153: <ul>
1154: <li>SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets<br>
1155: SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets<br>
1156: SSL_get_num_tickets SSL_set_num_tickets
1157: </ul>
1158: </ul>
1159: <li>libcrypto
1160: <ul>
1161: <li>added API (some of these were previously available as macros):
1162: <ul>
1163: <li>ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free<br>
1164: ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new<br>
1165: ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex<br>
1166: BIO_get_init BIO_set_callback_ex BIO_set_next<br>
1167: BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old<br>
1168: BN_abs_is_word BN_get_flags BN_is_negative<br>
1169: BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags<br>
1170: BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free<br>
1171: CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file<br>
1172: CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free<br>
1173: CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key<br>
1174: CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free<br>
1175: CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer<br>
1176: CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time<br>
1177: CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert<br>
1178: CT_POLICY_EVAL_CTX_set1_issuer<br>
1179: CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE<br>
1180: CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key<br>
1181: DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g<br>
1182: DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q<br>
1183: ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free<br>
1184: EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst<br>
1185: EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data<br>
1186: EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx<br>
1187: EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new<br>
1188: EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup<br>
1189: EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final<br>
1190: EVP_MD_meth_set_flags EVP_MD_meth_set_init<br>
1191: EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size<br>
1192: EVP_MD_meth_set_update EVP_PKEY_asn1_set_check<br>
1193: EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check<br>
1194: EVP_PKEY_check EVP_PKEY_meth_set_check<br>
1195: EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check<br>
1196: EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode<br>
1197: FIPS_mode_set IPAddressChoice_free IPAddressChoice_new<br>
1198: IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free<br>
1199: IPAddressOrRange_new IPAddressRange_free IPAddressRange_new<br>
1200: OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id<br>
1201: OCSP_resp_get0_produced_at OCSP_resp_get0_respdata<br>
1202: OCSP_resp_get0_signature OCSP_resp_get0_signer<br>
1203: OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional<br>
1204: RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp<br>
1205: RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q<br>
1206: SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free<br>
1207: SCT_get0_extensions SCT_get0_log_id SCT_get0_signature<br>
1208: SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source<br>
1209: SCT_get_timestamp SCT_get_validation_status SCT_get_version<br>
1210: SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions<br>
1211: SCT_set0_log_id SCT_set0_signature SCT_set1_extensions<br>
1212: SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type<br>
1213: SCT_set_signature_nid SCT_set_source SCT_set_timestamp<br>
1214: SCT_set_version SCT_validate SCT_validation_status_string<br>
1215: X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey<br>
1216: X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject<br>
1217: X509_STORE_CTX_get_num_untrusted<br>
1218: X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify<br>
1219: X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain<br>
1220: X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth<br>
1221: X509_STORE_CTX_set_verify X509_STORE_get_verify<br>
1222: X509_STORE_get_verify_cb X509_STORE_set_verify<br>
1223: X509_get_X509_PUBKEY X509_get_extended_key_usage<br>
1224: X509_get_extension_flags X509_get_key_usage<br>
1225: X509v3_addr_add_inherit X509v3_addr_add_prefix<br>
1226: X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi<br>
1227: X509v3_addr_get_range X509v3_addr_inherits<br>
1228: X509v3_addr_is_canonical X509v3_addr_subset<br>
1229: X509v3_addr_validate_path X509v3_addr_validate_resource_set<br>
1230: X509v3_asid_add_id_or_range X509v3_asid_add_inherit<br>
1231: X509v3_asid_canonize X509v3_asid_inherits<br>
1232: X509v3_asid_is_canonical X509v3_asid_subset<br>
1233: X509v3_asid_validate_path X509v3_asid_validate_resource_set<br>
1234: d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers<br>
1235: d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily<br>
1236: d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST<br>
1237: i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers<br>
1238: i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily<br>
1239: i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST<br>
1240: i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT<br>
1241: i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
1242: </ul>
1243: <li>removed API:
1244: <ul>
1245: <li>ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss<br>
1246: EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init<br>
1247: NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new<br>
1248: NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free<br>
1249: NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit<br>
1250: PEM_SealUpdate PEM_read_X509_CERT_PAIR<br>
1251: PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR<br>
1252: PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free<br>
1253: X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb<br>
1254: asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore<br>
1255: asn1_enc_save asn1_ex_c2i asn1_get_choice_selector<br>
1256: asn1_get_field_ptr asn1_set_choice_selector check_defer<br>
1257: d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY<br>
1258: d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET<br>
1259: d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY<br>
1260: i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET<br>
1261: i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
1262: </ul>
1263: </ul>
1.1 deraadt 1264: </ul>
1265: </ul>
1266:
1.24 ! benno 1267: <li>OpenSSH version XXX <!-- XXX -->
1.1 deraadt 1268: <ul>
1269: <li>Security
1270: <ul>
1.4 benno 1271: <li>...
1.1 deraadt 1272: </ul>
1273: <li>Potentially incompatible changes
1274: <ul>
1.4 benno 1275: <li>...
1.1 deraadt 1276: </ul>
1277:
1278: <li>New features
1279: <ul>
1.4 benno 1280: <li>...
1.1 deraadt 1281: </ul>
1282:
1283: <li>Bugfixes
1284: <ul>
1.4 benno 1285: <li>...
1.1 deraadt 1286: </ul>
1287: </ul>
1288:
1.13 schwarze 1289: <li>mandoc 1.14.6 plus several bugfixes, including:
1.1 deraadt 1290: <ul>
1.13 schwarze 1291: <li>Fixed <a href="https://man.openbsd.org/man.1">man(1)</a>
1292: to always read the configuration file and respect
1293: the other directives contained in it,
1294: even when the manpath is overridden by other means.
1295: <li>Fixed a memory leak in
1296: <a href="https://man.openbsd.org/man.1">man(1)</a>
1297: that mattered when many names were given on the command line.
1298: <li>Fixed a small memory leak in the
1299: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parser
1300: that occurred each time a user-defined macro was called.
1301: <li>Fixed the width of the <code>\h</code> (horizontal motion)
1302: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
1303: escape sequence in the PostScript and PDF output modes.
1.15 benno 1304: <li>Avoid legacy CSS2 syntax and use CSS3 two-value syntax in <a
1305: href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
1.1 deraadt 1306: </ul>
1307:
1308: <li>Ports and packages:
1309: <p>Many pre-built packages for each architecture:
1310: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1311: <ul style="column-count: 3">
1312: <li>aarch64: XXXX
1.17 naddy 1313: <li>amd64: 11301
1.20 deraadt 1314: <li>arm: XXXX
1315: <li>i386: 10136
1.1 deraadt 1316: <li>mips64: XXXX
1317: <li>powerpc: XXXX
1318: <li>powerpc64: XXXX
1319: <li>riscv64: XXXX
1320: <li>sparc64: XXXX
1321: </ul>
1322:
1323: <p>Some highlights:
1324: <ul style="column-count: 3">
1.12 sthen 1325: <li>Asterisk 16.25.1, 18.11.1 and 19.3.1
1.1 deraadt 1326: <li>Audacity 2.4.2
1327: <li>CMake 3.20.3
1.5 jsg 1328: <li>Chromium 100.0.4896.75
1.1 deraadt 1329: <li>Emacs 27.2
1.5 jsg 1330: <li>FFmpeg 4.4.1
1.1 deraadt 1331: <li>GCC 8.4.0 and 11.2.0
1332: <li>GHC 8.10.6
1.5 jsg 1333: <li>GNOME 41.5
1334: <li>Go 1.17.7
1335: <li>JDK 8u322, 11.0.14 and 17.0.2
1336: <li>KDE Applications 21.12.2
1337: <li>KDE Frameworks 5.91.0
1338: <li>Krita 5.0.2
1339: <li>LLVM/Clang 13.0.0
1340: <li>LibreOffice 7.3.2.2
1.1 deraadt 1341: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.5 jsg 1342: <li>MariaDB 10.6.7
1.1 deraadt 1343: <li>Mono 6.12.0.122
1.5 jsg 1344: <li>Mozilla Firefox 99.0 and ESR 91.8.0
1345: <li>Mozilla Thunderbird 91.8.0
1346: <li>Mutt 2.2.2 and NeoMutt 20211029
1347: <li>Node.js 16.14.2
1348: <li>OCaml 4.12.1
1.1 deraadt 1349: <li>OpenLDAP 2.4.59
1.5 jsg 1350: <li>PHP 7.4.28, 8.0.17 and 8.1.4
1351: <li>Postfix 3.5.14
1352: <li>PostgreSQL 14.2
1353: <li>Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4
1.1 deraadt 1354: <li>Qt 5.15.2 and 6.0.4
1.5 jsg 1355: <li>R 4.1.2
1356: <li>Ruby 2.7.5, 3.0.3 and 3.1.1
1357: <li>Rust 1.59.0
1358: <li>SQLite 2.8.17 and 3.38.2
1359: <li>Shotcut 21.10.31
1360: <li>Sudo 1.9.10
1361: <li>Suricata 6.0.4
1.1 deraadt 1362: <li>Tcl/Tk 8.5.19 and 8.6.8
1.5 jsg 1363: <li>TeX Live 2021
1364: <li>Vim 8.2.4600 and Neovim 0.6.1
1.1 deraadt 1365: <li>Xfce 4.16
1366: </ul>
1367: <p>
1368:
1369: <li>As usual, steady improvements in manual pages and other documentation.
1370:
1371: <li>The system includes the following major components from outside suppliers:
1372: <ul>
1.5 jsg 1373: <li>Xenocara (based on X.Org 7.7 with xserver 1.21.1.3 + patches,
1374: freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369,
1.1 deraadt 1375: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1.5 jsg 1376: <li>LLVM/Clang 13.0.0 (+ patches)
1.1 deraadt 1377: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1378: <li>Perl 5.32.1 (+ patches)
1.5 jsg 1379: <li>NSD 4.4.0
1380: <li>Unbound 1.15.0
1.1 deraadt 1381: <li>Ncurses 5.7
1382: <li>Binutils 2.17 (+ patches)
1383: <li>Gdb 6.3 (+ patches)
1.10 benno 1384: <li>Awk October 12, 2021
1.5 jsg 1385: <li>Expat 2.4.7
1.1 deraadt 1386: </ul>
1387:
1388: </ul>
1389: </section>
1390:
1391: <hr>
1392:
1393: <section id=install>
1394: <h3>How to install</h3>
1395: <p>
1396: Please refer to the following files on the mirror site for
1397: extensive details on how to install OpenBSD 7.1 on your machine:
1398:
1399: <ul>
1400: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
1401: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
1402: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
1403: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
1404: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
1405: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
1406: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
1407: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
1408: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
1409: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
1410: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
1411: .../OpenBSD/7.1/i386/INSTALL.i386</a>
1412: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
1413: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
1414: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
1415: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
1416: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
1417: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
1418: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
1419: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
1420: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
1421: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
1422: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
1423: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
1424: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
1425: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
1426: </ul>
1427: </section>
1428:
1429: <hr>
1430:
1431: <section id=quickinstall>
1432: <p>
1433: Quick installer information for people familiar with OpenBSD, and the use of
1434: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1435: If you are at all confused when installing OpenBSD, read the relevant
1436: INSTALL.* file as listed above!
1437:
1438: <h3>OpenBSD/alpha:</h3>
1439:
1440: <p>
1441: If your machine can boot from CD, you can write <i>install71.iso</i> or
1442: <i>cd71.iso</i> to a CD and boot from it.
1443: Refer to INSTALL.alpha for more details.
1444:
1445: <h3>OpenBSD/amd64:</h3>
1446:
1447: <p>
1448: If your machine can boot from CD, you can write <i>install71.iso</i> or
1449: <i>cd71.iso</i> to a CD and boot from it.
1450: You may need to adjust your BIOS options first.
1451:
1452: <p>
1453: If your machine can boot from USB, you can write <i>install71.img</i> or
1454: <i>miniroot71.img</i> to a USB stick and boot from it.
1455:
1456: <p>
1457: If you can't boot from a CD, floppy disk, or USB,
1458: you can install across the network using PXE as described in the included
1459: INSTALL.amd64 document.
1460:
1461: <p>
1462: If you are planning to dual boot OpenBSD with another OS, you will need to
1463: read INSTALL.amd64.
1464:
1465: <h3>OpenBSD/arm64:</h3>
1466:
1467: <p>
1468: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
1469: after connecting to the serial console. Refer to INSTALL.arm64 for more
1470: details.
1471:
1472: <h3>OpenBSD/armv7:</h3>
1473:
1474: <p>
1475: Write a system specific miniroot to an SD card and boot from it after connecting
1476: to the serial console. Refer to INSTALL.armv7 for more details.
1477:
1478: <h3>OpenBSD/hppa:</h3>
1479:
1480: <p>
1481: Boot over the network by following the instructions in INSTALL.hppa or the
1482: <a href="hppa.html#install">hppa platform page</a>.
1483:
1484: <h3>OpenBSD/i386:</h3>
1485:
1486: <p>
1487: If your machine can boot from CD, you can write <i>install71.iso</i> or
1488: <i>cd71.iso</i> to a CD and boot from it.
1489: You may need to adjust your BIOS options first.
1490:
1491: <p>
1492: If your machine can boot from USB, you can write <i>install71.img</i> or
1493: <i>miniroot71.img</i> to a USB stick and boot from it.
1494:
1495: <p>
1496: If you can't boot from a CD, floppy disk, or USB,
1497: you can install across the network using PXE as described in
1498: the included INSTALL.i386 document.
1499:
1500: <p>
1501: If you are planning on dual booting OpenBSD with another OS, you will need to
1502: read INSTALL.i386.
1503:
1504: <h3>OpenBSD/landisk:</h3>
1505:
1506: <p>
1507: Write <i>miniroot71.img</i> to the start of the CF
1508: or disk, and boot normally.
1509:
1510: <h3>OpenBSD/luna88k:</h3>
1511:
1512: <p>
1513: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1514: from the PROM, and then bsd.rd from the bootloader.
1515: Refer to the instructions in INSTALL.luna88k for more details.
1516:
1517: <h3>OpenBSD/macppc:</h3>
1518:
1519: <p>
1520: Burn the image from a mirror site to a CDROM, and power on your machine
1521: while holding down the <i>C</i> key until the display turns on and
1522: shows <i>OpenBSD/macppc boot</i>.
1523:
1524: <p>
1525: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1526: /7.1/macppc/bsd.rd</i>
1527:
1528: <h3>OpenBSD/octeon:</h3>
1529:
1530: <p>
1531: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1532: Refer to the instructions in INSTALL.octeon for more details.
1533:
1534: <h3>OpenBSD/powerpc64:</h3>
1535:
1536: <p>
1537: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1538: USB stick, plug it into the machine and choose the <i>OpenBSD
1539: install</i> menu item in Petitboot.
1540: Refer to the instructions in INSTALL.powerpc64 for more details.
1541:
1542: <h3>OpenBSD/riscv64:</h3>
1543:
1544: <p>
1545: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1546: USB stick, and boot with that drive plugged in.
1547: Make sure you also have the microSD card plugged in that shipped with the
1548: HiFive Unmatched board.
1549: Refer to the instructions in INSTALL.riscv64 for more details.
1550:
1551: <h3>OpenBSD/sparc64:</h3>
1552:
1553: <p>
1554: Burn the image from a mirror site to a CDROM, boot from it, and type
1555: <i>boot cdrom</i>.
1556:
1557: <p>
1558: If this doesn't work, or if you don't have a CDROM drive, you can write
1559: <i>floppy71.img</i> or <i>floppyB71.img</i>
1560: (depending on your machine) to a floppy and boot it with <i>boot
1561: floppy</i>. Refer to INSTALL.sparc64 for details.
1562:
1563: <p>
1564: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1565: will most likely fail.
1566:
1567: <p>
1568: You can also write <i>miniroot71.img</i> to the swap partition on
1569: the disk and boot with <i>boot disk:b</i>.
1570:
1571: <p>
1572: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1573: </section>
1574:
1575: <hr>
1576:
1577: <section id=upgrade>
1578: <h3>How to upgrade</h3>
1579: <p>
1.6 tj 1580: If you already have an OpenBSD 7.0 system, and do not want to reinstall,
1.1 deraadt 1581: upgrade instructions and advice can be found in the
1582: <a href="faq/upgrade71.html">Upgrade Guide</a>.
1583: </section>
1584:
1585: <hr>
1586:
1587: <section id=sourcecode>
1588: <h3>Notes about the source code</h3>
1589: <p>
1590: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1591: This file contains everything you need except for the kernel sources,
1592: which are in a separate archive.
1593: To extract:
1594: <blockquote><pre>
1595: # <kbd>mkdir -p /usr/src</kbd>
1596: # <kbd>cd /usr/src</kbd>
1597: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1598: </pre></blockquote>
1599: <p>
1600: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1601: This file contains all the kernel sources you need to rebuild kernels.
1602: To extract:
1603: <blockquote><pre>
1604: # <kbd>mkdir -p /usr/src/sys</kbd>
1605: # <kbd>cd /usr/src</kbd>
1606: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1607: </pre></blockquote>
1608: <p>
1609: Both of these trees are a regular CVS checkout. Using these trees it
1610: is possible to get a head-start on using the anoncvs servers as
1611: described <a href="anoncvs.html">here</a>.
1612: Using these files
1613: results in a much faster initial CVS update than you could expect from
1614: a fresh checkout of the full OpenBSD source tree.
1615: </section>
1616:
1617: <hr>
1618:
1619: <section id=ports>
1620: <h3>Ports Tree</h3>
1621: <p>
1622: A ports tree archive is also provided. To extract:
1623: <blockquote><pre>
1624: # <kbd>cd /usr</kbd>
1625: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1626: </pre></blockquote>
1627: <p>
1628: Go read the <a href="faq/ports/index.html">ports</a> page
1629: if you know nothing about ports
1630: at this point. This text is not a manual of how to use ports.
1631: Rather, it is a set of notes meant to kickstart the user on the
1632: OpenBSD ports system.
1633: <p>
1634: The <i>ports/</i> directory represents a CVS checkout of our ports.
1635: As with our complete source tree, our ports tree is available via
1636: <a href="anoncvs.html">AnonCVS</a>.
1637: So, in order to keep up to date with the -stable branch, you must make
1638: the <i>ports/</i> tree available on a read-write medium and update the tree
1639: with a command like:
1640: <blockquote><pre>
1641: # <kbd>cd /usr/ports</kbd>
1642: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1643: </pre></blockquote>
1644: <p>
1645: [Of course, you must replace the server name here with a nearby anoncvs
1646: server.]
1647: <p>
1648: Note that most ports are available as packages on our mirrors. Updated
1649: ports for the 7.1 release will be made available if problems arise.
1650: <p>
1651: If you're interested in seeing a port added, would like to help out, or just
1652: would like to know more, the mailing list
1653: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1654: </section>
1.24 ! benno 1655: </body>
! 1656: </html>