Annotation of www/71.html, Revision 1.27
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
1.24 benno 3: <head>
1.1 deraadt 4: <meta charset=utf-8>
5:
6: <title>OpenBSD 7.1</title>
7: <meta name="description" content="OpenBSD 7.1">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/71.html">
1.24 benno 11: </head><body>
1.1 deraadt 12: <h2 id=OpenBSD>
13: <a href="index.html">
14: <i>Open</i><b>BSD</b></a>
15: 7.1
16: </h2>
17:
18: <table>
19: <tr>
20: <td>
21: <a href="images/xxx.png">
22: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
23: <td>
1.6 tj 24: Released May ?, 2022. (52nd OpenBSD release)<br>
1.1 deraadt 25: Copyright 1997-2022, Theo de Raadt.<br>
26: <br>
1.3 job 27: Artwork by Luc Houweling.
1.1 deraadt 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus71.html">detailed log of changes</a> between the
37: 7.0 and 7.1 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-71-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
47: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
48: <tr><td>
49: openbsd-71-fw.pub:
50: <td>
51: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
52: <tr><td>
53: openbsd-71-pkg.pub:
54: <td>
55: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
56: <tr><td>
57: openbsd-71-syspatch.pub:
58: <td>
59: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 7.1.
74: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
75: to 7.1.
76:
77: <ul>
78:
79: <li>New/extended platforms:
80: <ul>
1.16 benno 81: <li>Support for Apple Silicon Macs has improved and is ready for general use:
1.1 deraadt 82: <ul>
1.10 benno 83: <li>Added <a href="https://man.openbsd.org/aplspi.4">aplspi(4)</a>, a driver for the SPI controller found on the Apple M1 SoC.
84: <li>Added <a href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a> support for the keyboard/touchpad on Apple M1 laptops.
1.11 benno 85: <li>Introduced <a href="https://man.openbsd.org/aplpmgr.4">aplpmgr(4)</a>, a driver for the power management controller found on various Apple SoCs.
86: <li>Introduced <a href="https://man.openbsd.org/aplmbox.4">aplmbox(4)</a>, a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs.
87: <li>Introduced <a href="https://man.openbsd.org/apliic.4">apliic(4)</a>, a driver for the I2C controller found on various Apple SoCs.
88: <li>Added the chip ids used on Apple M1 Pro/Max and Apple T2 Macs to <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
89: <li>Rewrote arm64 kernel FPU handling code to fix the random crashes seen with SMP kernels on Apple M1.
90: <li>Restricted the <a href="https://man.openbsd.org/pci.4">pci(4)</a> ioctl interface to devices detected by the kernel, preventing Xorg PCI probes from breaking the WiFi chip on M1 macs.
91: <li>Introduced <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>, a driver for the SMC found on Apple M1 SoCs.
92: <li>Introduced <a href="https://man.openbsd.org/aplnco.4">aplnco(4)</a>, a driver for the Numerically-controlled oscillator (NCO) clock which drives the audio clocks on Apple silicon.
93: <li>Introduced <a href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>, a driver for the TI TAS2770/TAS5770 digital audio amplifier codec found on Apple M1 Macs.
1.14 benno 94: <li>Introduced <a href="https://man.openbsd.org/apldma.4">apldma(4)</a>, a driver for the DMA controller found on Apple SoCs.
1.15 benno 95: <li>Added support to explicitly power on some PCIe devices on the M1 and M1 Pro/Max through a GPIO controlled by the SMC.
96: <li>Added <a href="https://man.openbsd.org/aplcpu.4">aplcpu(4)</a>, a driver to control the CPU performance levels on Apple SoCs.
97: <li>Modified <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> to support a newer interrupt controller, making OpenBSD run on M1 Pro/Max machines.
98: <li>Added nvmem support to <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a> and made it available on Apple SPMI PMUs.
99: <li>Added RTC support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
100: <li>Made the arm64 ramdisk installer fetch <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> firmware from the EFI System Partition on Apple Silicon devices for use during installation and addition to the newly installed system.
101: <li>Added support for controlling keyboard LEDs to <a
102: href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a>.
103: <li>Added basic GPIO support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
104: <li>Ensured <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> keeps the DART enabled in front of the display controller to preserve its access to the framebuffer and continued display.
105: <li>Fixed reading motherboard time on Apple machines with old SMC firmware.
106: <li>Implemented reboot/powerdown support in <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
107: <li>Implemented <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> support for multiple dies, making OpenBSD work on the M1 Ultra.
1.16 benno 108: </ul>
109: <li>Support for other <a href="arm64.html">arm64</a> architecture hardware was also improved with the following changes:
110: <ul>
1.23 benno 111: <li>Implemented powerdown in arm64.
1.10 benno 112: <li>Introduced <a
113: href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
114: driver providing support for battery chargers connected to GPIO pins,
115: such as those found on the Pinebook Pro.
116: <li>Introduced <a
117: href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
118: driver providing support for LEDs connected to GPIO pins, such as
119: those found on the Pinebook Pro.
120: <li>Added <a href="https://man.openbsd.org/gpiokeys.4">gpiokeys(4)</a>
121: for arm64, a driver which handles events triggered by GPIO keys such
122: as lid status and power button.
1.11 benno 123: <li>Added pclk clock used by <a
124: href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> on RK3399 to <a
125: href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.23 benno 126: <li>Introduced <a
127: href="https://man.openbsd.org/mpfclock.4">mpfclock(4)</a>, a driver
128: for the PolarFire SoC MSS clock controller.
129: <li>Introduced <a
130: href="https://man.openbsd.org/cdsdhc.4">cdsdhc(4)</a>, a driver for
131: the Cadence SD/SDIO/eMMC host controller.
132: <li>Introduced <a
133: href="https://man.openbsd.org/mpfiic.4">mpfiic(4)</a>, a driver for
134: the PolarFire SoC MSS I2C controller.
135: <li>Introduced <a
136: href="https://man.openbsd.org/mpfgpio.4">mpfgpio(4)</a>, a driver for
137: the PolarFire SoC MSS GPIO controller.
138: <li>Enabled <a href="https://man.openbsd.org/cduart.4">cduart(4)</a>
139: on arm64.
140: <li>Added <a
141: href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a> support
142: for the CP115 block found on Marvell CN9K SoCs.
143: <li>Added <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>
144: support for the AP807 block found on Marvell CN9K SoCs.
1.1 deraadt 145: </ul>
146: <li>Changes on other architectures:
147: <ul>
1.16 benno 148: <!-- riscv -->
1.23 benno 149: <li>Enabled <a href="https://man.openbsd.org/uhid.4">uhid(4)</a>/<a
150: href="https://man.openbsd.org/fido.4">fido(4)</a> on riscv64.
1.14 benno 151: <li>Allowed riscv64 installation on a disk with a GPT.
1.16 benno 152: <li>Added missing locking to <a
153: href="https://man.openbsd.org/pmap_extract.9">pmap_extract(9)</a> and
154: <a href="https://man.openbsd.org/pmap_unwire.9">pmap_unwire(9)</a> on
155: arm64 and riscv64.
156: <li>Improved stack unwinding on riscv64 in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
157: <li>Fixed kernel stack alignment on riscv64.
158: <li>Fixed RISC-V lld link code when dealing with object files created with "ld -b".
159: <li>Made sure nothing can map address zero on RISC-V.
160: <li>Made sure armv7,arm64 and risc-v FDT bootloader code does not write beyond the FDT data structure.
1.27 ! deraadt 161: <!-- sparc64 -->
1.11 benno 162: <li>Fixed booting from an IDE block device on the Sun Blade 100.
163: <li>Fixed <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> console colors on sparc64.
1.16 benno 164: <!-- macppc/powerpc64 -->
1.23 benno 165:
166: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on
167: macppc.
168: <li>Increased <a href="https://man.openbsd.org/ddb.1">ddb(1)</a>
169: access to registers on macppc and powerpc64.
1.16 benno 170: <li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
1.23 benno 171: <li>Allowed <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> trace
172: through interrupt on macppc.
1.1 deraadt 173: </ul>
174: </ul>
175:
176: <li>Various kernel improvements:
177: <ul>
1.16 benno 178: <li>Made redistributable firmwares available across all architectures.<!-- XXX right place? -->
179:
180: <li>Made futexes work in shared anonymous memory.
181: <li>Improved tracking of mbuf memory usage in the whole system.
182: <li>Switched to using long filenames by default with <a
183: href="https://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a> on FAT
184: filesystems.
1.7 benno 185: <li>Fixed memory leak in <a
186: href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
187: href="https://man.openbsd.org/namei.9">namei(9)</a>.
1.26 benno 188:
189: <li>Fixed establishing legacy INTx interrupts on machines without a
190: (usable) MSI interrupt controller.
1.7 benno 191: <li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
192: href="https://man.openbsd.org/open.2">open(2)</a>/<a
193: href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
194: creating files.
1.16 benno 195: <li>Reworked garbage collector for <a
196: href="https://man.openbsd.org/unix.4">unix(4)</a> sockets to prevent
197: potential kernel panics.
1.10 benno 198: <li>Changed the power management <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
199: hw.perfpolicy to "auto" at startup, defaulting to 100%
200: performance with AC power connected and using the auto algorithm when
201: on battery.
1.26 benno 202: <li>Aligned memory allocation for USB device drivers and USB HC
203: drivers, enlarging the USB memory pool.
1.16 benno 204: <li>Prevent panic in <a
205: href="https://man.openbsd.org/softraid.4">softraid(4)</a> while
206: rebooting if softraid has been disabled.
207:
208: <!-- suspend/hibernate/resume -->
1.11 benno 209: <li>Fixed hibernate setups where removal of a <a
210: href="https://man.openbsd.org/umass.4">umass(4)</a> device results in
211: a renumbered <a
212: href="https://man.openbsd.org/softraid.4">softraid(4)</a> boot device.
213: <li>Fix hibernate on newer hardware by allowing more memory ranges.
1.26 benno 214: <li>If CPU sleep state S4 is not available, use S5 for the
215: ACPI-transitions in hibernate support.
216: <li>Added code to update hw.power whenever AC state changes on
217: resume.
1.22 benno 218: <li>Fixed a panic by prohibiting renames of tmpfs mount-points.
1.26 benno 219: <li>Fixed double free after allocation failure in <a
220: href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
1.1 deraadt 221: </ul>
222:
223: <li>SMP Improvements
224: <ul>
1.7 benno 225: <li>Made pipe event filters MP-safe.
226: <li>Set klist lock for sockets to make socket event filters MP-safe.
227: <li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
228: <a href="https://man.openbsd.org/select.2">select(2)</a>, <a
229: href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
230: href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
231: kqueue.
1.24 benno 232: <li>Unlocked top part of UVM fault hander on mips64. <!-- XXX move? -->
1.10 benno 233: <li>Unlocked the <a href="https://man.openbsd.org/kevent.2">kevent(2)</a> system call.
234: <li>Made the kqread event filter MP-safe.
235: <li>Reduced the time overhead of <a
236: href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>-based <a
237: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
238: href="https://man.openbsd.org/select.2">select(2)</a> systems calls by
239: keeping knotes between the system calls.
1.11 benno 240: <li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a>
241: and <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>
242: syscalls.
243: <li>Prevented <a
244: href="https://man.openbsd.org/select.2">select(2)</a> from blocking if
245: registering found pending events.
246: <li>Protected <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>
247: input and output with the kernel lock to allow forwarding of non-ipsec
248: traffic in parallel.
249: <li>Unlocked the bottom part of the uvm fault handler.
250: <li>Unlocked <a href="https://man.openbsd.org/getpeername.2">getpeername(2)</a>.
251: <li>Made <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> MP-safe.
1.14 benno 252: <li>Implemented the <a
253: href="https://man.openbsd.org/poll.2">poll(2)</a> system call on top
254: of the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
255: subsystem, obsoleting the old, non-MP-safe poll backend.
1.15 benno 256: <li>Made <a href="https://man.openbsd.org/audio.4">audio(4)</a> event filters MP-safe.
257: <li>Unlocked <a href="https://man.openbsd.org/getsockname.2">getsockname(2)</a>.
258: <li>Added kernel interfaces for atomic load and store functions for int and long to be used in reference counted struct members.
1.1 deraadt 259: </ul>
260:
261: <li>Direct Rendering Manager
262: <ul>
1.5 jsg 263: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
264: to Linux 5.15.26
265: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
266: support for Elkhart Lake, Jasper Lake, Rocket Lake
267: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
268: support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
269: Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
270: Navi 24 "Beige Goby"
1.16 benno 271: <li>Reinstated a <a href="https://man.openbsd.org/drm.4">drm(4)</a>
272: workaround to get framebuffer size from efifb, preventing fatal errors
273: for the BESSTAR TECH HM90 with Ryzen 9 4900H.
274:
1.1 deraadt 275: </ul>
276:
277: <li>VMM/VMD improvements
278: <ul>
1.10 benno 279: <li>Enabled <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> on arm64.
1.8 dv 280: <li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
281: switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
282: vmd(8)</a>.
283: <li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
284: would exit when requesting a new VM and hitting memory resource
285: limits.
286: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
287: corruption on Intel hosts.
288: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
289: clamping when the host has an invariant TSC.
290: <li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
291: vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
292: running guests.
293: <li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
294: vmd(8)</a> on amd64.
1.11 benno 295: <li>Fixed spurious abort of a VM by <a
296: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when the scheduler
297: moves a VM to a different core while it is sleeping on a lock.
298: <li>Fixed broken <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
299: "boot device cdrom" feature after a fix in seabios.
300: <li>Reintroduced support for <a
301: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> <code>start -B net
302: -b bsd.rd</code>, which emulates a PXE boot and performs an
303: autoinstall.
1.16 benno 304: <li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> <a
305: href="https://man.openbsd.org/dt.4">dt(4)</a> tracepoints amd64-only.
306: <li>Provided a login class for <a
307: href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
308: <li>Added handling for <a
309: href="https://man.openbsd.org/vmd.8">vmd(8)</a> hitting resource
310: limits when starting a vm and added memory error messages for the
311: user.
312: <li>Added quiesce/wakeup hooks to sync vcpu state in <a
313: href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.11 benno 314:
1.1 deraadt 315: </ul>
316:
317: <li>Various new userland features:
318: <ul>
1.7 benno 319: <li>Added <a
320: href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
321: for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
322: use in ports.
323: <li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
324: rogue" to show daemons which are running but not set as "enabled" in
325: <a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
1.16 benno 326: <li>Implemented probe variables in BPFtrace (<a
327: href="https://man.openbsd.org/bt.5">bt(5)</a>).
1.7 benno 328: <li>Provided common <a
329: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
330: kprofile.bt (to save kernel stackframes and produce flamegraphs) and
331: runqlat.bt (to measure the latency of the scheduler runqueues).
1.16 benno 332: <li>DNSSEC support: Implemented RFC6840 (AD flag processing) in the libc resolver, if
1.11 benno 333: using trusted name servers specified with 'trust-ad' in <a
1.16 benno 334: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a><!-- XXX or network section? -->
1.14 benno 335: <li>Enabled support for displaying an estimated battery recharge time
336: in <a href="https://man.openbsd.org/apm.8">apm(8)</a> and <a
337: href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
338: <li>Introduced support for storing capability databases in
339: /etc/login.conf.d, allowing easy addition of custom login classes from
1.16 benno 340: packages and made <a
341: href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> look for the login
342: class in both login.conf and login.conf.d/${class}.
343: <li>Added a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
344: cache of regions between 128k and 2M to accommodate programs
345: allocating and deallocating regions of these sizes quickly.
346: ` <li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
347: for mtime/atime/ctime extended headers (in not-SMALL builds).
348: <li>Added -k flag to <a
349: href="https://man.openbsd.org/gzip.1">gzip(1)</a> and <a
350: href="https://man.openbsd.org/gunzip.1">gunzip(1)</a> to retain
351: (de)compressed file.
1.22 benno 352: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
353: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --max-size and --min-size.
1.1 deraadt 354: </ul>
355:
356: <li>Various bugfixes and tweaks in userland:
357: <ul>
1.16 benno 358: <!-- pkg tools -->
359: <li>Stopped <a
360: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> from
361: communicating warnings starting with "XXX" which appeared to indicate
362: errors.
1.7 benno 363:
1.16 benno 364: <!-- X11 -->
365: <li>Enabled subpixel rendering in FreeType.
366: <li>Updated xorg-server to 21.1.3, leaving in place an earlier change
367: to compute the screen resolution from dimensions returned by the
368: screen, reverted by upstream.
369: <li>Allowed bare numbers for key and mouse bindings in <a
370: href="https://man.openbsd.org/cwm.1">cwm(1)</a>.
371: <li>Added a <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
372: "group-last" command that shows only the previously active group.
373: <li>Fixed glass console and <a href="https://man.openbsd.org/getty.8">getty(8)</a> interference with Xorg on arm64.
374:
375: <!-- utilities -->
376: <li>Fixed octal escape parsing in <a
377: href="https://man.openbsd.org/tr.1">tr(1)</a> backslash().
378: <li>Added <a href="https://man.openbsd.org/uniq.1">uniq(1)</a>
379: support for arbitrarily long input lines.
380: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> ignore
381: trailing newlines when comparing lines.
382: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> skip()
383: each input line only once, improving performance.
384: <li>Increased <a href="https://man.openbsd.org/tee.1">tee(1)</a> I/O
385: buffer size for 8KB to 64KB.
386: <li>Improved performance of <a
387: href="https://man.openbsd.org/rev.1">rev(1)</a>.
388: <li>Made <a href="https://man.openbsd.org/ed.1">ed(1)</a> flush all
389: stdio streams before running a shell command.
390: <li>Prevented a file descriptor leak in <a
391: href="https://man.openbsd.org/touch.1">touch(1)</a> after <a
392: href="https://man.openbsd.org/futimens.2">futimens(2)</a> failure.
393: <li>Added <a href="https://man.openbsd.org/seq.1">seq(1)</a>, a
394: command to print sequences of numbers.
395:
396: <!-- apm -->
1.22 benno 397: <li>Set cpuspeed to 0 in <a
398: href="https://man.openbsd.org/apm.8">apm(8)</a> when hw.cpuspeed
399: cannot be retrieved.
1.16 benno 400:
401: <li>Copied the <a href="https://man.openbsd.org/cos.3">cos(3)</a>
402: cosine software implementation from FreeBSD-13, and disabled assembly
403: implementations of trig functions on x86 platforms.
404: <li>Added optimization for tiny x in <a
405: href="https://man.openbsd.org/cos.3">cos(3)</a> and <a
1.21 tj 406: href="https://man.openbsd.org/sin.3">sin(3)</a> trigonometry
407: functions.
1.16 benno 408:
409: <!-- audio -->
410: <li>Switched <a href="https://man.openbsd.org/aucat.1">aucat(1)</a>
411: internal sample representation and default file encoding to 24-bit.
412: <li>Switched <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
413: internal sample representation to 24-bit fixed point.
414:
415: <!-- rc scripts -->
416: <li>Allowed passing a different signal than SIGTERM in the default
417: rc_stop() function in <a
418: href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
419: <li>Improved and simplified timer handling in <a
420: href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> "stop" and "reload".
421:
422: <!-- fdisk -->
1.19 krw 423: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
424: -b available on all architectures.
1.7 benno 425: <li>Removed the constraint that <a
1.19 krw 426: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b block
427: count and block offset must be greater than 63.
428: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b
429: partitions other than EFI System partitions DOSACTIVE.
430: <li>Switched to using <a
431: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b to create boot
432: partitions on multiple architectures.
1.16 benno 433: <li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
434: "disk" editing command.
1.19 krw 435: <li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
436: from initializing an MBR to have overlapping partitions 0 and 3.
1.16 benno 437: <li>Allowed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
438: extend the default OpenBSD partition to the end of the disk, rather
439: than truncating at the end of the last full cylinder.
1.19 krw 440: <li>Corrected GPT checksums written by <a
1.16 benno 441: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> on big-endian
442: architectures to be little-endian as per spec.
443: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
444: preserve BIOS boot partition.
1.19 krw 445: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
446: preserve the EFI System partition on GPT disks with Apple APFS partitions.
447: <li>Removed the builtin MBR from <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
448: <li>Removed the "rpath" and "wpath" pledges from <a
449: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
450: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
451: creates the default OpenBSD MBR partition only when there is space for it.
452: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
453: does not set MBR DOSACTIVE flag on unused partitions when initializing MBR.
454: <li>Reduced the alignment space <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
455: inserts before the start of the default OpenBSD partition.
1.16 benno 456:
457: <!-- other -->
1.7 benno 458: <li>Merged bugfixes from upstream into <a
459: href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
460: the prompt hiding feature (CTRL-P) and an integer overflow.
1.16 benno 461: <li>Fixed possible use after free with long lines in <a
462: href="https://man.openbsd.org/less.1">less(1)</a>.
1.7 benno 463: <li>Fixed file descriptor leak of /dev/tty on <a
464: href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
465: <li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
466: <a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
467: href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
468: href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
469: implementations from NetBSD with the existing FreeBSD implementations
470: we were already using for <a
471: href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
472: href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
1.16 benno 473: <li>In various games, call <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
1.7 benno 474: later to prevent it from killing various games using ncurses when both
475: stdout and stderr are redirected to a non-tty.
1.16 benno 476: <li>Switched LLD_ARCHs (architectures using the LLVM <a
477: href="https://man.openbsd.org/ld.lld.1">ld.lld(1)</a> linker) to also
478: user the LLVM archiver <a
479: href="https://man.openbsd.org/llvm-ar.1">llvm-ar(1)</a>.
1.24 benno 480: <li>Added openvpn ports (udp/1194 & tcp/1194) to /etc/services.
1.16 benno 481: <li>Prevented an access to uninitialized memory in <a
482: href="https://man.openbsd.org/awk.1">awk(1)</a>.
483: <li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> recovery
484: mode.
485: <li>Extended and reordered the process accounting information
486: structure <a href="https://man.openbsd.org/acct.5">acct(5)</a>. Flag
487: Day for the <a href="https://man.openbsd.org/acct.2">acct(2)</a> file
488: format.
489: <li>Fixed <a
490: href="https://man.openbsd.org/setusercontext.3">setusercontext(3)</a>
491: error when /etc/login.conf is not present.
1.1 deraadt 492: </ul>
493:
494: <li>Improved hardware support and driver bugfixes, including:
495: <ul>
1.7 benno 496: <li>Added support to <a
497: href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
498: Lake H and Tiger Lake H platforms.
499: <li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
500: is present with an attached <a
501: href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
502: <li>Fixed an interrupt storm on <a
503: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
504: support Energy Efficient Ethernet when connected to a switch which
505: does so as well.
506: <li>Added support for tpm2 CRB interface to <a
507: href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
508: regressions on the Surface Go 2 caused by a firmware change.
509: ` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
510: device tree with at least one page of free space to extend into. This
511: fixes booting on VMWare Fusion.
1.10 benno 512: <li>Stopped binding audio devices exposed by <a
513: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to physical
514: devices. <!-- XXX check this -->
515: <li>Fixed handling of interrupts shared between multiple <a
516: href="https://man.openbsd.org/dwiic.4">swiic(4)</a> devices.
1.11 benno 517: <li>Introduced <a
518: href="https://man.openbsd.org/iicmux.4">iicmux(4)</a>, a driver that
519: switches between I2C busses connected to a single I2C controller by
520: using the pin muxing facilities of an SoC.
521: <li>Introduced <a
522: href="https://man.openbsd.org/pcyrtc.4">pcyrtc(4)</a>, a driver for
523: the NXP PCF85063A/TP RTC chips.
524: <li>Fixed a panic when running <a
525: href="https://man.openbsd.org/utvfu.4">utvfu(4)</a> on <a
526: href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
527: <li>Added <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>
528: support for interrupts represented by ACPI PCI Interrupt Link Devices,
529: making PCI interrupts work on QEMU's SBSA target.
1.16 benno 530: <li>Added handling of multi-port controllers to <a
531: href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
532: <li>Make <a href="https://man.openbsd.org/com.4">com(4)</a> attach
533: over <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64.
534: <li>Added address locators for the ACPI "bus" and used these to fix
535: the order of the <a href="https://man.openbsd.org/com.4">com(4)</a>
536: devices to match the traditional order on the ISA bus.
537: <li>Added Intel Jasper Lake to the <a
538: href="https://man.openbsd.org/azalia.4">azalia(4)</a> audio driver.
539: <li>Ensured <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>
540: matches on Intel 300 Series audio, fixing attaching on the Dell G3
541: 3590.
542: <li>Added Synopsys Designware UART support to <a
543: href="https://man.openbsd.org/com.4">com(4)</a>.
544: <li>Fixed an issue where <a
545: href="https://man.openbsd.org/com.4">com(4)</a> would attach for a
546: disabled serial port leading to misdirection of the hardware variant
547: and a subsequent hang when /etc/rc runs <a
548: href="https://man.openbsd.org/ttyflags.8">ttyflags(8)</a> -a.
549: <li>Fixed <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> for
550: Jasper Lake eMMC.
551: <li>Improved how quirks are handled on <a
552: href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>-compatible drivers.
553: <li>Enabled <a
554: href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> use with the
555: Surface Go 3.
556: <li>Fixed suspend/resume issues with <a
557: href="https://man.openbsd.org/com.4">com(4)</a> at <a
558: href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
559: <li>Correlated <a
560: href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> and <a
561: href="https://man.openbsd.org/ucc.4">ucc(4)</a> devices attacked over
562: USB in order to adjust the volume of the correct attached audio device
563: rather than the first one attached.
564: <li>Enabled PL011 UART FIFO support in <a
565: href="https://man.openbsd.org/pluart.4">pluart(4)</a>.
1.15 benno 566: <li>Added support for XBox One game controller on usb.
1.16 benno 567: <li>Stopped suspending the <a
568: href="https://man.openbsd.org/tpm.4">tpm(4)</a> device upon
569: hibernation, preventing some systems from hanging when hibernating a
570: second time.
571: <li>Fixed <a href="https://man.openbsd.org/hilkbd.4">hilkbd(4)</a>
572: Swedish keyboard layout on non-PS/2 style keyboards.
1.1 deraadt 573: </ul>
574:
575: <li>New or improved network hardware support:
576: <ul>
1.16 benno 577: <li>Added support to <a
578: href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
1.7 benno 579: <li>Fixed an interrupt storm on <a
580: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
581: support Energy Efficient Ethernet when connected to a switch which
582: does so as well.
1.16 benno 583: <li>Applied MP-safe changes from <a
584: href="https://man.openbsd.org/dwge.4">dwge(4)</a> to <a
585: href="https://man.openbsd.org/dwxe.4">dwxe(4)</a>.
1.10 benno 586: <li>Added <a href="https://man.openbsd.org/igc.4">igc(4)</a>, a
587: driver for the Intel 2.5Gb Ethernet controllers.
1.11 benno 588: <li>Implemented <a href="https://man.openbsd.org/em.4">em(4)</a>
589: support for selecting SMGII or SerDes mode depending on the plugged-in
590: SFP transceiver and for reading out transceiver information via <a
591: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.16 benno 592: <li>Enabled hardware vlan tagging for <a
593: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
594: <li>Re-enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>
595: IPv4, TCP4/6 and UDP4/6 checksum offloading. \ <li>Enabled receive
596: checksum offloading on <a
597: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
598: <li>Prevented a possible deadlock in <a
599: href="https://man.openbsd.org/cad.4">cad(4)</a>.
1.22 benno 600: <li>Prevented <a href="https://man.openbsd.org/aq.4">aq(4)</a> nics
601: from writing to mbufs taken off the ring when the interface was taken
602: down.
1.16 benno 603: <li>Fixed receive filter handling in <a
604: href="https://man.openbsd.org/aq.4">aq(4)</a>.
605: <li>Enable vlan promisc, header stripping and vlan RX/TX offload on
606: <a href="https://man.openbsd.org/aq.4">aq(4)</a>.
607: <li>Enabled checksum offloads on <a
608: href="https://man.openbsd.org/aq.4">aq(4)</a>.
609: <li>Enabled interrupt moderation on <a
610: href="https://man.openbsd.org/aq.4">aq(4)</a>, aiming at around 20k
611: per second.
612: <li>Fixed <a href="https://man.openbsd.org/aq.4">aq(4)</a> occasional
613: errors seen on rockpro64.
614: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> vlan
615: transmission with hw tagging.
1.22 benno 616: <li>Reworked <a href="https://man.openbsd.org/ix.4">ix(4)</a>
617: checksum/vlan offloading and enabled it for IPv6.
618: <li>Enabled IP header checksum offloading in <a
619: href="https://man.openbsd.org/ix.4">ix(4)</a>.
1.1 deraadt 620: </ul>
621:
622: <li>Added or improved wireless network drivers:
623: <ul>
1.7 benno 624: <li>Reset the Tx timer upon validation of a BA notification sent by
625: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
626: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware.
627: <li>Prevented <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
628: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attempts to
629: transition toward the same state where this would result in a
630: redundant or illegal state transition and a potential hang.
631: <li>Fixed a panic when <a
632: href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
633: at boot time.
634: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
635: performance drop after roaming between APs in 11n mode.
636: <li>Ensured <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses
637: only the HT (high throughput) frame format for data frames.
638: <li>Allowed AUTH->AUTH state transitions in the <a
639: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
640: href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers again, needed
641: if the access point uses band-steering.
642: <li>Added support for 802.11n 40MHz channels to the <a
643: href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
644: <li>Reverted to use <a
645: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
646: AC 7265, fixing instability issues on X1 Carbon gen3.
647: <li>Cached the old BSSID when roaming with <a
648: href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
649: <li>Explicitly stopped <a
650: href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack when
651: roaming between access points.
652: <li>Added initial 40MHz support to the <a
653: href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
1.10 benno 654: <li>Fixed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> with 4965 devices.
1.11 benno 655: <li>Disabled active scanning on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 to prevent a device lockup.
656: <li>Fixed monitor mode on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
657: <li>Let <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
658: href="https://man.openbsd.org/iwm.4">iwm(4)</a> use per-Tx-queue
659: interface timers to ensure timeout if a particular Tx queue gets
660: stuck.
661: <li>Disabled probe requests during scans in <a
662: href="https://man.openbsd.org/iwx.4">iwx(4)</a> again, preventing
663: device timeouts for some devices.<!-- XXX stsp: whats the final state of this? ;) -->
664: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to new -67 firmware images.
665: <li>Made <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> attach to PCI devices with product ID 0x31dc, part of the 9560 chip family.
666: <li>Fixed wrong pointer assignment causing the driver to read block ack request information sent by firmware from the wrong offset in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
667: <li>Fixed and reenabled active scans on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
1.15 benno 668: <li>Improved roaming stability on <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, particularly with wpa_supplicant.
669: <li>Added 802.11ac support on <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
670: <li>Add initial 802.11ac support to <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
671: <li>Fixed attach of multiple <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> interfaces in the same machine.
672: <li>Prevent announcing VHT capabilities on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> for 2GHz bands during scans.
673: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> 802.11ac throughput at a distance.
1.16 benno 674:
675: <li>Added relicensed wireless firmwares from Realtek for <a
676: href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
677: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
678: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
679: these devices to work without requiring a separate firmware download.
680: <li>Added a workaround for buggy <a
681: href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
682: filling up the node cache when used in hostap mode.
683: <li>Applied a workaround in <a
684: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
685: external abort under load with <a
686: href="https://man.openbsd.org/athn.4">athn(4)</a>.
687: <li>Made <a href="https://man.openbsd.org/athn.4">athn(4)</a> attach
688: to the Sony UWA-BR100.
689: <li>Fixed "(null node)" panics on <a href="https://man.openbsd.org/run.4">run(4)</a>.
690: <li>Introduced <a href="https://man.openbsd.org/mtw.4">mtw(4)</a>, a
691: driver for MediaTek MT7601U wifi devices, enabled on i386, macppc and
692: arm64.
693: <li>Disabled minimum power consumption in <a
694: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> hostap mode,
695: improving connection reliability when used as an access point.
696: <li>Added support for the BCM4387 to <a
697: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
698: <li>Improved TX performance on <a
699: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> RTL8192EU devices.
700: <li>Fix TX rate used by <a
701: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
702: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> for RTS frames.
703: <li>Added preliminary <a
704: href="https://man.openbsd.org/ure.4">ure(4)</a> support for RTL8156B
705: and bug fixes for RTL8153/RTL8156.
1.7 benno 706:
1.1 deraadt 707: </ul>
708:
709: <li>IEEE 802.11 wireless stack improvements and bugfixes:
710: <ul>
1.7 benno 711: <li>Added <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx aggregation support.
712: <li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
713: <li>Cached the old BSSID when roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> so firmware commands can continue using it while roaming to a new AP.
714: <li>Added support for 40MHz channels to net80211 RA.
715: <li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
1.11 benno 716: <li>Introduced an optional driver-specific bgscan_done() handler which allows the driver to take control of the roaming teardown sequence, ensuring that race conditions between firmware state and net80211 state are avoided.<!-- XXX srsly? "net80211" is the only thing in this sentence that tells me this is about wireless! -->
717: <li>Implemented bgscan_done() handlers for <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
718: <li>Taught the net80211 stack to remove corresponding frames from ic_pwrsaveq when a power-saving client decides to leave our hostap interface, preventing a panic.
1.15 benno 719: <li>Added initial 802.11ac (VHT) support to the wifi stack.
720: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> show 802.11ac VHT capability and operation IEs in -v mode.
721: <li>Added 802.11ac/VHT TX rate adaptation support to the wifi stack.
722: <li>When choosing networks during SSID selection, give a higher score to 11ac and 11n access points, prioritizing 11ac.
1.1 deraadt 723: </ul>
724:
725: <li>Generic network stack improvements and bugfixes:
726: <ul>
1.7 benno 727: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
1.15 benno 728: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> rdr-to rules failing on certain port ranges when explicitly specified.
729: <li>Ensured the <a href="https://man.openbsd.org/pf.4">pf(4)</a> "set prio" values are checked consistently.
1.11 benno 730: <li>Made "set skip on ..." in <a
731: href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> dynamic, with
732: this, "set skip" can be used on interfaces that are not configured
733: yet.
1.22 benno 734: <li>Protected <a
735: href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> tdb flags and
736: lists with a mutex to prevent crashes involving pfsync, IPsec and
737: parallel forwarding.
738:
739: <li>Added support for PPP IPCP extensions for DNS to <a
740: href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
741: <li>Added display of DNS information from <a
742: href="https://man.openbsd.org/sppp.4">sppp(4)</a> to <a
743: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
744: <li>Switched to calculating <a
745: href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> session duration
746: using system uptime rather than UTC.
747:
748: <li>Fixed <a href="https://man.openbsd.org/veb.4">veb(4)</a> vport
749: handling to prevent improper drop of packets leaving a vport
750: interface.
751: <li>Prevented tweaks to <a
752: href="https://man.openbsd.org/tun.4">tun(4)</a> if_flags when the
753: NET_LOCK isn't held.
754: <li>Prevented reopening of <a
755: href="https://man.openbsd.org/tun.4">tun(4)</a>/<a
756: href="https://man.openbsd.org/tap.4">tap(4)</a> interfaces which are
757: being destroyed.
1.15 benno 758: <li>Rewrote <a href="https://man.openbsd.org/vxlan.4">vxlan(4)</a> to
759: operate independently of <a
760: href="https://man.openbsd.org/bridge.4">bridge(4)</a>, create and bind
761: udp sockets and prevent loops.
1.22 benno 762: <li>Stopped hiding the mtu on "bridge" interfaces which do handle l3
763: traffic in <a
764: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
765: <li>Added mbuf tags to prevent output loops in <a
766: href="https://man.openbsd.org/etherip.4">etherip(4)</a>.
767: <li>Added rtable capability to <a
768: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>,
769: allowing to specify the rtable a process uses.
770: <li>Made <a href="https://man.openbsd.org/su.1">su(1)</a> honor the
771: login class routing table when doing a full login with su -l.
772: <li>Fix IP output routines on raw sockets so route sourceaddr can
773: take effect using <a
774: href="https://man.openbsd.org/sendto.2">sendto(2)</a> or similar.
775: <li>Ensured <a
776: href="https://man.openbsd.org/pcap_lookupdev.3">pcap_lookupdev(3)</a>
777: matches only on complete interface names.
1.1 deraadt 778: </ul>
779:
780: <li>Installer and upgrade improvements:
781: <ul>
1.22 benno 782: <li>Corrected installer to understand "inet autoconf" properly in <a
1.7 benno 783: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
1.22 benno 784: <li>Stopped prompting whether to fall back to HTTP in the installer,
785: making the fallback automatic.
1.7 benno 786: <li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
787: "join" command by default in <a
788: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
789: replacing the old "nwid".
1.22 benno 790: <li>Replace custom bootloader installation code with <a
791: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
792: riscv64 and armv7 architecture installations.
793: <li>New logic for <a
794: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to avoid
795: excessive moving of files during updates when possible.
796: <li>Documented OpenBSD installation and upgrade customization using the <a
797: href="https://man.openbsd.org/install.site.5">install.site(5)</a> file.
1.10 benno 798: <li>Corrected "!" escape handling in the installer when accepting WEP/WPA passphrase.
1.22 benno 799: <li>Prevented a potential race which could make <a
800: href="https://man.openbsd.org/umount.8">umount(8)</a> fail spuriously
801: in the installer.
802: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -e
803: work with ramdisk kernels.
1.11 benno 804: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -c
805: cmdfile use lines from the command file for all input, not just
806: commands. This allows complex actions like changing device parameters.
1.22 benno 807: <li>Ensured that an interrupted arm64 install from the ramdisk kernel
808: can be restarted.
809:
810: <!-- fw_update -->
1.11 benno 811: <li>Returned to a shell-script based <a
812: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>, written
813: to be usable by the install script, allowing earlier retrieval of
814: downloaded firmwares.
815: <li>Stopped <a
816: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> from
817: downloading SHA256.sig when not needed, to allow installing local
818: files without network access.
819: <li>Modified the installer to use <a
820: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to install
821: non-free firmware files if present on the install media.
1.22 benno 822: <li>Made <a
823: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>
824: re-download existing files with failed checksums.
825: <li>Stopped unregistering firmware with <a
826: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> when the
827: SHA256.sig cannot be fetched.<!-- what does "unregistering firmware" mean? -->
828: <li>Made <a
829: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> use the
830: /snapshots directory only on -current snapshot installations.
1.1 deraadt 831: </ul>
832:
833: <li>Security improvements:
834: <ul>
1.22 benno 835: <li>Clear the length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
1.7 benno 836: <li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
837: <li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
1.10 benno 838: <li>Disabled <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> mouse tracking by default.
1.22 benno 839: <li>On arm64 architectures, use "rng-seed" and "kaslr-seed" properties from the device tree to mix extra entropy into the random pool.
1.15 benno 840: <li>Made <a href="https://man.openbsd.org/apmd.8">apmd(8)</a> replace /etc/random.seed for hibernate-resumes.
1.11 benno 841: <li>Restricted <a
842: href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a
843: href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> file
844: system access with <a
845: href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
1.14 benno 846: <li>Added <a href="https://man.openbsd.org/ps.1">ps(1)</a> status flag "c" to indicate a process is chrooted.
1.15 benno 847: <li>In <a
848: href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a> <a
849: href="https://man.openbsd.org/unveil.2">unveil(2)</a> "/dev" read-only
850: instead of using <a
851: href="https://man.openbsd.org/chroot.2">chroot(2)</a>.
1.1 deraadt 852: </ul>
853:
854: <li>Routing daemons and other userland network improvements:
855: <ul>
1.11 benno 856: <li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
1.7 benno 857: <li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
1.11 benno 858: <li>Installed missing scope identifiers for IPv6 link-local addresses for <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> and <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>.
859: <li>Allowed interface names as scope-id in IPv6 link-local addresses in <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
1.15 benno 860: <li>Let <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> probe for DNS64 presence with an absolute name, so asr doesn't add search domains and retry.
1.7 benno 861: <li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
1.11 benno 862: <li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
863: <li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
864: <li>Made the <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> host name DHCP option configurable.
865: <li>Prevented a crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> due to updating an interface which no longer exists.
1.15 benno 866: <li>Prevented a potential crash when <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> receives more than 7 nameservers.
867: <li>Fixed crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> when receiving a negative length field for DNS labels.
1.11 benno 868: <li>Fix <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, create permissions are required for databases.
869: <li>Made <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> start listening on interface in 'down' state. Interfaces can come up later, at which point dhcpd(8) will start receiving packets.
870: <li>Added a basic printer for EAPOL packets to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.15 benno 871: <li>Made <a href="https://man.openbsd.org/ping.8">ping(8)</a> print out the source address and sequence number when the signature on an icmp echo reply doesn't match.
872: <li>Rate limit <a href="https://man.openbsd.org/rad.8">rad(8)</a> router advertisements according to RFC 4861.
1.22 benno 873:
1.25 benno 874: <li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
875: <ul>
876: <li>Stopp verifying the cert or CA for a relay using opportunistic TLS.
877: <li>Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> behavior.
878: </ul>
879:
1.22 benno 880: <!-- httpd -->
881: <li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> received new features and bugfixes:
882: <ul>
883: <li>Respond with 400 Bad Request when a client sends header lines without a colon.
884: <li>Added protocol version checking.
885: <li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
886: <li>Corrected <a
887: href="https://man.openbsd.org/httpd.8">httpd(8)</a> version string
888: checking, responding with 505 Version Not Supported rather than 400
889: Bad Request when the version format is incorrect.
890: <li>Stop sending content alongside responses to HEAD requests.
891: <li>Added support for custom error pages.
892: <li>Added a gzip-static option to <a
893: href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>,
894: allowing delivery of precompressed files with content-encoding gzip.
895: <li>Improved handling of static compressed gzip files.
896: </ul>
897:
898:
899: <!-- IPSEC/isakmpd/iked -->
900: <li>IPSEC support was improved:
901: <ul>
902: <li>Made <a href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> proto config option accept a list to allow specifying multiple protocols for a single policy.
903: <li>Fixed removal of SAs that could not be flushed with <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -F.
904: <li>Changed <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to log a warning when proto is NULL rather than dereferencing it.
905: <li>Fixed broken key exchange negotiation with matching proposals in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
906: <li>Added <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> "show certinfo" to show trusted CAs and certificates.
907: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -V to display the version.
908: <li>Fixed a bug where <a href="https://man.openbsd.org/iked.8">iked(8)</a> sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
909: <li>Improved message fragment retransmissions for <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
910: <li>Make sure <a href="https://man.openbsd.org/iked.8">iked(8)</a> vroute messages are correctly aligned, fixes autoconfiguration of addresses on octeon.
911: </ul>
912: <!-- rpki-client -->
913: <li><a
914: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> was
915: made more resilient regarding untrusted input. Additionally the
916: following bugfixes and improvements were made:
917: <ul>
918: <li>Added support for validating BGPsec Router Public Keys.
919: <li>Fix issues with chunked transfer encoding in the RRDP HTTP client.
920: <li>Cleanup and improvement of how IO is handled.
921: <li>Improvements in the way X509 certificates are verified.
922: <li>Make rpki-client
923: <li>Limit the number of concurrent rsync processes.
924: <li>Fix CRLF in tal files.
925: <li>Enforce the correct namespace of rrdp files.
926: <li>Fail certificate verification if a certificate contains unknown
927: critical extensions.
928: <li>Improve cleanup of rrdp directory contents.
929: <li>Introduce a validated cache which holds all the files that have
930: successfully been verified by rpki-client.
1.24 benno 931: <li>Add a new option '-f <file>' to validate a signed object in a file
1.22 benno 932: against the RPKI cache.
933: <li>Add various RFC 6488 compliance checks to improve the CMS parser.
934: <li>Improve RRDP replication through less aggressive cache cleanup.
935: <li>Add a check whether a given Manifest EE certificate is listed on the
936: applicable CRL.
937: <li>For forward compatibility permit ASPA object to appear on Manifests.
1.24 benno 938: <li>Various improvements to the '-f <file>' diagnostic option to
1.22 benno 939: now also validate files containing Trust Anchor certs and CRLs.
940: <li>Do not apply timezone offsets when converting X509 times. X509
941: times are in UTC and comparing them to times in different timezones
942: would cause validity problems.
943: <li>Limited the number of <a
944: href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> processes
945: being spawned by <a
946: href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 16.
947: </ul>
948: <!-- bgpd -->
949: <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
950: <ul>
951: <li>macro expansion in the config file was improved. It is now possible
952: to expand 'set large-community $myAS:$location:$transit'.
953: <li>tThe RIB codebase was refactored in order to add multipath
954: support in an upcoming release.
955: <li>the <a href="https://man.openbsd.org/bgpd.8">bgpd</a> login
956: class datasize attribute (in <a
957: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>) was set
958: to either 16G or 1G, depending on architecture.
959: <li>added a "listen on" parameter in in <a
960: href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> to make it
961: possible to bind and connect to non-default ports.
962: </ul>
1.1 deraadt 963: </ul>
964:
965: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
966: <ul>
1.7 benno 967: <li>Fixed a crash in <a
968: href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
969: multiple clients is destroyed but tmux does not close completely due
970: to other sessions.
971: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
972: redraw problem on automargin terminals.
973: <li>Fixed a problem with repeat in <a
974: href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
975: <li>Added -T to set a popup title in <a
976: href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
977: <li>Added -s and -S to <a
978: href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
979: popup and border style.
980: <li>Fixed application-set fg and bg in <a
981: href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
982: <li>Added a way to force a color to RGB in <a
983: href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
984: display it.
1.10 benno 985: <li>Added a cursor-colour option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
986: <li>Added a cursor-style option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.11 benno 987: <li>Added a pane-border-format pane option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
988: <li>Added attempts to turn on less-capable mouse modes when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> turns on more-capable ones, in case the terminal doesn't support the desired mode.
1.14 benno 989: <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to show arrows for the active pane indicator.
990: <li>Added a key in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode to toggle the position indicator.
1.15 benno 991: <li>Added an option in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to set the character for unused areas of the terminal.
992: <li>Add <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to control if it scrolls into history on clear.
993: <li>Added OSC 7 capability to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> for setting titles.
1.1 deraadt 994: </ul>
995:
1.24 benno 996: <li>LibreSSL version XXX <!-- XXX -->
1.1 deraadt 997: <ul>
998: <li>New Features
999: <ul>
1.9 inoguchi 1000: <li>The RFC 3779 API was ported from OpenSSL.<br>
1001: Many bugs were fixed, regression tests were added and the code was cleaned up.
1002: <li>Certificate Transparency was ported from OpenSSL.<br>
1003: Many internal improvements were made, resulting in cleaner and safer code.<br>
1004: Regress coverage was added. libssl does not yet make use of it.
1.1 deraadt 1005: </ul>
1006:
1007: <li>Portable Improvements
1008: <ul>
1.9 inoguchi 1009: <li>Enabled ASAN CI on Linux platform.<br>
1010: Thanks to Ilya Shipitsin (chipitsine <at> gmail com).
1011: <li>Fixed various POSIX compliance and other portability issues<br>
1012: found by the port to the Sortix operating system.
1013: <li>Add libmd as platform specific libraries for Solaris.<br>
1014: Issue reported from (ihsan <at> opencsw org) on libressl ML.
1015: <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
1016: Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
1017: <li>Enabled and scheduled Coverity scan.<br>
1018: Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github.
1.1 deraadt 1019: </ul>
1020:
1.9 inoguchi 1021: <li>Compatibility Changes
1022: <ul>
1023: <li>Most structs that were previously defined in the following headers
1024: are now opaque as they are in OpenSSL 1.1:<br>
1025: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
1026: x509.h, x509v3.h, x509_vfy.h
1027: <li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
1028: OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
1029: of using something consistent with the previous naming.<br>
1030: Various test suites expect these names (instead of checking for the much
1031: more sensible cipher numbers).<br>
1032: The old names are still accepted as aliases.
1033: <li>Subject alternative names and name constraints are now validated
1034: when they are added to certificates.<br>
1035: Various interoperability problems with stacks that validate
1036: certificates more strictly than OpenSSL can be avoided this way.
1037: <li>Attempt to opportunistically use the host name for SNI in s_client
1038: </ul>
1039:
1040: <li>Bug fixes
1.1 deraadt 1041: <ul>
1.9 inoguchi 1042: <li>Avoid infinite loop for custom curves of order 1.<br>
1043: Found and reported with a reproducer by Hanno Boeck.
1044: Helpful comments and analysis from David Benjamin.
1045: <li>Avoid infinite loop on parsing DSA private keys.<br>
1046: Issue reported with reproducers by Hanno Boeck.
1047: Additional variants and analysis by David Benjamin.
1048: <li>A malicious certificate can cause an infinite loop.<br>
1049: Reported by and fix from Tavis Ormandy and David Benjamin, Google.
1050: <li>In some situations, the verifier would discard the error on an
1051: unvalidated certificate chain.<br>
1052: This would happen when the verification callback was in use,
1053: instructing the verifier to continue unconditionally.<br>
1054: This could lead to incorrect decisions being made in software.
1055: <li>Avoid an infinite loop in SSL_shutdown()
1056: <li>Fix another return 0 bug in SSL_shutdown()
1057: <li>Handle zero byte reads/writes that trigger handshakes in the
1058: TLSv1.3 stack
1059: <li>A long standing memleak in libtls CRL handling was fixed
1.1 deraadt 1060: </ul>
1061:
1.9 inoguchi 1062: <li>Internal Improvements
1.1 deraadt 1063: <ul>
1.9 inoguchi 1064: <li>Cache the SHA-512 hash instead of the SHA-1 hash and cache
1065: notBefore and notAfter times when X.509 certificates are parsed.
1066: <li>The X.509 lookup code has been simplified and cleaned up.
1067: <li>Fixed numerous issues flagged by coverity and the cryptofuzz project
1068: <li>Increased the number of Miller-Rabin checks in DH and DSA
1069: key/parameter generation
1070: <li>Started using the bytestring API in libcrypto for cleaner and
1071: safer code
1072: <li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
1073: ASN1
1074: <li>Convert ASN1_OBJECT_new() to calloc()
1075: <li>Convert ASN1_STRING_type_new() to calloc()
1076: <li>Rewrite ASN1_STRING_cmp()
1077: <li>Use calloc() for X509_CRL_METHOD_new() instead of malloc()
1078: <li>Convert ASN1_PCTX_new() to calloc()
1079: <li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
1080: <li>Consolidate {d2i,i2d}_{pr,pu}.c
1081: <li>Remove handling of a NULL BUF_MEM from asn1_collect()
1082: <li>Pull the recursion depth check up to the top of asn1_collect()
1083: <li>Inline collect_data() in asn1_collect()
1084: <li>Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
1085: <li>Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
1086: <li>Consolidate ASN.1 universal tag type data
1087: <li>Rewrite ASN.1 identifier/length parsing in CBS
1088: <li>Make OBJ_obj2nid() work correctly with NID_undef
1089: <li>tlsext_tick_lifetime_hint is now an uint32_t
1090: <li>Untangle ssl3_get_message() return values
1091: <li>Rename tls13_buffer to tls_buffer
1092: <li>Fold DTLS_STATE_INTERNAL into DTLS1_STATE
1093: <li>Provide a way to determine our maximum legacy version
1094: <li>Mop up enc_read_ctx and read_hash
1095: <li>Fold SSL_SESSION_INTERNAL into SSL_SESSION
1096: <li>Use ssl_force_want_read in the DTLS code
1097: <li>Add record processing limit to DTLS code
1098: <li>Add explicit CBS_contains_zero_byte() check in CBS_strdup()
1099: <li>Improve SNI hostname validation
1100: <li>Ensure SSL_set_tlsext_host_name() is given a valid hostname
1101: <li>Fix a strange check in the auto DH codepath
1102: <li>Factor out/rewrite DHE key exchange
1103: <li>Convert server serialisation of DHE parameters/public key to new
1104: functions
1105: <li>Check DH public key in ssl_kex_peer_public_dhe()
1106: <li>Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
1107: <li>Clean up and refactor server side DHE key exchange
1108: <li>Provide CBS_get_last_u8()
1109: <li>Provide CBS_get_u64()
1110: <li>Provide CBS_add_u64()
1111: <li>Provide various CBS_peek_* functions
1112: <li>Use CBS_get_last_u8() to find the content type in TLSv1.3 records
1113: <li>unifdef TLS13_USE_LEGACY_CLIENT_AUTH
1114: <li>Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
1115: <li>Only allow zero length key shares when we know we're doing HRR
1116: <li>Pull key share group/length CBB code up from
1117: tls13_key_share_public()
1118: <li>Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
1119: validation
1120: <li>Return 0 on failure from send/get kex functions in the legacy
1121: stack
1122: <li>Rename tls13_key_share to tls_key_share
1123: <li>Allocate and free the EVP_AEAD_CTX struct in
1124: tls13_record_protection
1125: <li>Convert legacy TLS client to tls_key_share
1126: <li>Convert legacy TLS server to tls_key_share
1127: <li>Stop attempting to duplicate the public and private key of dh_tmp
1128: <li>Rename dh_tmp to dhe_params
1129: <li>Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
1130: <li>Clean up pkey handling in ssl3_get_server_key_exchange()
1131: <li>Fix GOST skip certificate verify handling
1132: <li>Simplify tlsext_keyshare_server_parse()
1133: <li>Plumb decode errors through key share parsing code
1134: <li>Simplify SSL_get_peer_certificate()
1135: <li>Cleanup/simplify ssl_cert_type()
1136: <li>The S3I macro was removed
1137: <li>The openssl(1) cms, smime and ts subcommands option handling was
1138: converted and the C source was cleaned up.
1.1 deraadt 1139: </ul>
1140:
1.9 inoguchi 1141: <li>Documentation improvements
1.1 deraadt 1142: <ul>
1.9 inoguchi 1143: <li>45 new manual pages, most of which were written from scratch.<br>
1144: Documentation coverage of ASN.1 and X.509 code has been
1145: significantly improved.
1.1 deraadt 1146: </ul>
1147:
1.9 inoguchi 1148: <li>API additions and removals
1.1 deraadt 1149: <ul>
1.9 inoguchi 1150: <li>libssl
1151: <ul>
1152: <li>API additions
1153: <ul>
1154: <li>SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
1155: </ul>
1156: <li>API stubs for compatibility
1157: <ul>
1158: <li>SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets<br>
1159: SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets<br>
1160: SSL_get_num_tickets SSL_set_num_tickets
1161: </ul>
1162: </ul>
1163: <li>libcrypto
1164: <ul>
1165: <li>added API (some of these were previously available as macros):
1166: <ul>
1167: <li>ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free<br>
1168: ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new<br>
1169: ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex<br>
1170: BIO_get_init BIO_set_callback_ex BIO_set_next<br>
1171: BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old<br>
1172: BN_abs_is_word BN_get_flags BN_is_negative<br>
1173: BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags<br>
1174: BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free<br>
1175: CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file<br>
1176: CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free<br>
1177: CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key<br>
1178: CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free<br>
1179: CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer<br>
1180: CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time<br>
1181: CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert<br>
1182: CT_POLICY_EVAL_CTX_set1_issuer<br>
1183: CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE<br>
1184: CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key<br>
1185: DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g<br>
1186: DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q<br>
1187: ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free<br>
1188: EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst<br>
1189: EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data<br>
1190: EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx<br>
1191: EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new<br>
1192: EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup<br>
1193: EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final<br>
1194: EVP_MD_meth_set_flags EVP_MD_meth_set_init<br>
1195: EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size<br>
1196: EVP_MD_meth_set_update EVP_PKEY_asn1_set_check<br>
1197: EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check<br>
1198: EVP_PKEY_check EVP_PKEY_meth_set_check<br>
1199: EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check<br>
1200: EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode<br>
1201: FIPS_mode_set IPAddressChoice_free IPAddressChoice_new<br>
1202: IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free<br>
1203: IPAddressOrRange_new IPAddressRange_free IPAddressRange_new<br>
1204: OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id<br>
1205: OCSP_resp_get0_produced_at OCSP_resp_get0_respdata<br>
1206: OCSP_resp_get0_signature OCSP_resp_get0_signer<br>
1207: OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional<br>
1208: RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp<br>
1209: RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q<br>
1210: SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free<br>
1211: SCT_get0_extensions SCT_get0_log_id SCT_get0_signature<br>
1212: SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source<br>
1213: SCT_get_timestamp SCT_get_validation_status SCT_get_version<br>
1214: SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions<br>
1215: SCT_set0_log_id SCT_set0_signature SCT_set1_extensions<br>
1216: SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type<br>
1217: SCT_set_signature_nid SCT_set_source SCT_set_timestamp<br>
1218: SCT_set_version SCT_validate SCT_validation_status_string<br>
1219: X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey<br>
1220: X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject<br>
1221: X509_STORE_CTX_get_num_untrusted<br>
1222: X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify<br>
1223: X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain<br>
1224: X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth<br>
1225: X509_STORE_CTX_set_verify X509_STORE_get_verify<br>
1226: X509_STORE_get_verify_cb X509_STORE_set_verify<br>
1227: X509_get_X509_PUBKEY X509_get_extended_key_usage<br>
1228: X509_get_extension_flags X509_get_key_usage<br>
1229: X509v3_addr_add_inherit X509v3_addr_add_prefix<br>
1230: X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi<br>
1231: X509v3_addr_get_range X509v3_addr_inherits<br>
1232: X509v3_addr_is_canonical X509v3_addr_subset<br>
1233: X509v3_addr_validate_path X509v3_addr_validate_resource_set<br>
1234: X509v3_asid_add_id_or_range X509v3_asid_add_inherit<br>
1235: X509v3_asid_canonize X509v3_asid_inherits<br>
1236: X509v3_asid_is_canonical X509v3_asid_subset<br>
1237: X509v3_asid_validate_path X509v3_asid_validate_resource_set<br>
1238: d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers<br>
1239: d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily<br>
1240: d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST<br>
1241: i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers<br>
1242: i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily<br>
1243: i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST<br>
1244: i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT<br>
1245: i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
1246: </ul>
1247: <li>removed API:
1248: <ul>
1249: <li>ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss<br>
1250: EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init<br>
1251: NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new<br>
1252: NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free<br>
1253: NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit<br>
1254: PEM_SealUpdate PEM_read_X509_CERT_PAIR<br>
1255: PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR<br>
1256: PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free<br>
1257: X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb<br>
1258: asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore<br>
1259: asn1_enc_save asn1_ex_c2i asn1_get_choice_selector<br>
1260: asn1_get_field_ptr asn1_set_choice_selector check_defer<br>
1261: d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY<br>
1262: d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET<br>
1263: d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY<br>
1264: i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET<br>
1265: i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
1266: </ul>
1267: </ul>
1.1 deraadt 1268: </ul>
1269: </ul>
1270:
1.24 benno 1271: <li>OpenSSH version XXX <!-- XXX -->
1.1 deraadt 1272: <ul>
1273: <li>Security
1274: <ul>
1.4 benno 1275: <li>...
1.1 deraadt 1276: </ul>
1277: <li>Potentially incompatible changes
1278: <ul>
1.4 benno 1279: <li>...
1.1 deraadt 1280: </ul>
1281:
1282: <li>New features
1283: <ul>
1.4 benno 1284: <li>...
1.1 deraadt 1285: </ul>
1286:
1287: <li>Bugfixes
1288: <ul>
1.4 benno 1289: <li>...
1.1 deraadt 1290: </ul>
1291: </ul>
1292:
1.13 schwarze 1293: <li>mandoc 1.14.6 plus several bugfixes, including:
1.1 deraadt 1294: <ul>
1.13 schwarze 1295: <li>Fixed <a href="https://man.openbsd.org/man.1">man(1)</a>
1296: to always read the configuration file and respect
1297: the other directives contained in it,
1298: even when the manpath is overridden by other means.
1299: <li>Fixed a memory leak in
1300: <a href="https://man.openbsd.org/man.1">man(1)</a>
1301: that mattered when many names were given on the command line.
1302: <li>Fixed a small memory leak in the
1303: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parser
1304: that occurred each time a user-defined macro was called.
1305: <li>Fixed the width of the <code>\h</code> (horizontal motion)
1306: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
1307: escape sequence in the PostScript and PDF output modes.
1.15 benno 1308: <li>Avoid legacy CSS2 syntax and use CSS3 two-value syntax in <a
1309: href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
1.1 deraadt 1310: </ul>
1311:
1312: <li>Ports and packages:
1313: <p>Many pre-built packages for each architecture:
1314: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1315: <ul style="column-count: 3">
1316: <li>aarch64: XXXX
1.17 naddy 1317: <li>amd64: 11301
1.20 deraadt 1318: <li>arm: XXXX
1319: <li>i386: 10136
1.1 deraadt 1320: <li>mips64: XXXX
1321: <li>powerpc: XXXX
1322: <li>powerpc64: XXXX
1323: <li>riscv64: XXXX
1324: <li>sparc64: XXXX
1325: </ul>
1326:
1327: <p>Some highlights:
1328: <ul style="column-count: 3">
1.12 sthen 1329: <li>Asterisk 16.25.1, 18.11.1 and 19.3.1
1.1 deraadt 1330: <li>Audacity 2.4.2
1331: <li>CMake 3.20.3
1.5 jsg 1332: <li>Chromium 100.0.4896.75
1.1 deraadt 1333: <li>Emacs 27.2
1.5 jsg 1334: <li>FFmpeg 4.4.1
1.1 deraadt 1335: <li>GCC 8.4.0 and 11.2.0
1336: <li>GHC 8.10.6
1.5 jsg 1337: <li>GNOME 41.5
1338: <li>Go 1.17.7
1339: <li>JDK 8u322, 11.0.14 and 17.0.2
1340: <li>KDE Applications 21.12.2
1341: <li>KDE Frameworks 5.91.0
1342: <li>Krita 5.0.2
1343: <li>LLVM/Clang 13.0.0
1344: <li>LibreOffice 7.3.2.2
1.1 deraadt 1345: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.5 jsg 1346: <li>MariaDB 10.6.7
1.1 deraadt 1347: <li>Mono 6.12.0.122
1.5 jsg 1348: <li>Mozilla Firefox 99.0 and ESR 91.8.0
1349: <li>Mozilla Thunderbird 91.8.0
1350: <li>Mutt 2.2.2 and NeoMutt 20211029
1351: <li>Node.js 16.14.2
1352: <li>OCaml 4.12.1
1.1 deraadt 1353: <li>OpenLDAP 2.4.59
1.5 jsg 1354: <li>PHP 7.4.28, 8.0.17 and 8.1.4
1355: <li>Postfix 3.5.14
1356: <li>PostgreSQL 14.2
1357: <li>Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4
1.1 deraadt 1358: <li>Qt 5.15.2 and 6.0.4
1.5 jsg 1359: <li>R 4.1.2
1360: <li>Ruby 2.7.5, 3.0.3 and 3.1.1
1361: <li>Rust 1.59.0
1362: <li>SQLite 2.8.17 and 3.38.2
1363: <li>Shotcut 21.10.31
1364: <li>Sudo 1.9.10
1365: <li>Suricata 6.0.4
1.1 deraadt 1366: <li>Tcl/Tk 8.5.19 and 8.6.8
1.5 jsg 1367: <li>TeX Live 2021
1368: <li>Vim 8.2.4600 and Neovim 0.6.1
1.1 deraadt 1369: <li>Xfce 4.16
1370: </ul>
1371: <p>
1372:
1373: <li>As usual, steady improvements in manual pages and other documentation.
1374:
1375: <li>The system includes the following major components from outside suppliers:
1376: <ul>
1.5 jsg 1377: <li>Xenocara (based on X.Org 7.7 with xserver 1.21.1.3 + patches,
1378: freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369,
1.1 deraadt 1379: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1.5 jsg 1380: <li>LLVM/Clang 13.0.0 (+ patches)
1.1 deraadt 1381: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1382: <li>Perl 5.32.1 (+ patches)
1.5 jsg 1383: <li>NSD 4.4.0
1384: <li>Unbound 1.15.0
1.1 deraadt 1385: <li>Ncurses 5.7
1386: <li>Binutils 2.17 (+ patches)
1387: <li>Gdb 6.3 (+ patches)
1.10 benno 1388: <li>Awk October 12, 2021
1.5 jsg 1389: <li>Expat 2.4.7
1.1 deraadt 1390: </ul>
1391:
1392: </ul>
1393: </section>
1394:
1395: <hr>
1396:
1397: <section id=install>
1398: <h3>How to install</h3>
1399: <p>
1400: Please refer to the following files on the mirror site for
1401: extensive details on how to install OpenBSD 7.1 on your machine:
1402:
1403: <ul>
1404: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
1405: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
1406: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
1407: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
1408: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
1409: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
1410: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
1411: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
1412: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
1413: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
1414: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
1415: .../OpenBSD/7.1/i386/INSTALL.i386</a>
1416: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
1417: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
1418: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
1419: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
1420: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
1421: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
1422: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
1423: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
1424: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
1425: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
1426: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
1427: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
1428: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
1429: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
1430: </ul>
1431: </section>
1432:
1433: <hr>
1434:
1435: <section id=quickinstall>
1436: <p>
1437: Quick installer information for people familiar with OpenBSD, and the use of
1438: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1439: If you are at all confused when installing OpenBSD, read the relevant
1440: INSTALL.* file as listed above!
1441:
1442: <h3>OpenBSD/alpha:</h3>
1443:
1444: <p>
1445: If your machine can boot from CD, you can write <i>install71.iso</i> or
1446: <i>cd71.iso</i> to a CD and boot from it.
1447: Refer to INSTALL.alpha for more details.
1448:
1449: <h3>OpenBSD/amd64:</h3>
1450:
1451: <p>
1452: If your machine can boot from CD, you can write <i>install71.iso</i> or
1453: <i>cd71.iso</i> to a CD and boot from it.
1454: You may need to adjust your BIOS options first.
1455:
1456: <p>
1457: If your machine can boot from USB, you can write <i>install71.img</i> or
1458: <i>miniroot71.img</i> to a USB stick and boot from it.
1459:
1460: <p>
1461: If you can't boot from a CD, floppy disk, or USB,
1462: you can install across the network using PXE as described in the included
1463: INSTALL.amd64 document.
1464:
1465: <p>
1466: If you are planning to dual boot OpenBSD with another OS, you will need to
1467: read INSTALL.amd64.
1468:
1469: <h3>OpenBSD/arm64:</h3>
1470:
1471: <p>
1472: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
1473: after connecting to the serial console. Refer to INSTALL.arm64 for more
1474: details.
1475:
1476: <h3>OpenBSD/armv7:</h3>
1477:
1478: <p>
1479: Write a system specific miniroot to an SD card and boot from it after connecting
1480: to the serial console. Refer to INSTALL.armv7 for more details.
1481:
1482: <h3>OpenBSD/hppa:</h3>
1483:
1484: <p>
1485: Boot over the network by following the instructions in INSTALL.hppa or the
1486: <a href="hppa.html#install">hppa platform page</a>.
1487:
1488: <h3>OpenBSD/i386:</h3>
1489:
1490: <p>
1491: If your machine can boot from CD, you can write <i>install71.iso</i> or
1492: <i>cd71.iso</i> to a CD and boot from it.
1493: You may need to adjust your BIOS options first.
1494:
1495: <p>
1496: If your machine can boot from USB, you can write <i>install71.img</i> or
1497: <i>miniroot71.img</i> to a USB stick and boot from it.
1498:
1499: <p>
1500: If you can't boot from a CD, floppy disk, or USB,
1501: you can install across the network using PXE as described in
1502: the included INSTALL.i386 document.
1503:
1504: <p>
1505: If you are planning on dual booting OpenBSD with another OS, you will need to
1506: read INSTALL.i386.
1507:
1508: <h3>OpenBSD/landisk:</h3>
1509:
1510: <p>
1511: Write <i>miniroot71.img</i> to the start of the CF
1512: or disk, and boot normally.
1513:
1514: <h3>OpenBSD/luna88k:</h3>
1515:
1516: <p>
1517: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1518: from the PROM, and then bsd.rd from the bootloader.
1519: Refer to the instructions in INSTALL.luna88k for more details.
1520:
1521: <h3>OpenBSD/macppc:</h3>
1522:
1523: <p>
1524: Burn the image from a mirror site to a CDROM, and power on your machine
1525: while holding down the <i>C</i> key until the display turns on and
1526: shows <i>OpenBSD/macppc boot</i>.
1527:
1528: <p>
1529: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1530: /7.1/macppc/bsd.rd</i>
1531:
1532: <h3>OpenBSD/octeon:</h3>
1533:
1534: <p>
1535: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1536: Refer to the instructions in INSTALL.octeon for more details.
1537:
1538: <h3>OpenBSD/powerpc64:</h3>
1539:
1540: <p>
1541: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1542: USB stick, plug it into the machine and choose the <i>OpenBSD
1543: install</i> menu item in Petitboot.
1544: Refer to the instructions in INSTALL.powerpc64 for more details.
1545:
1546: <h3>OpenBSD/riscv64:</h3>
1547:
1548: <p>
1549: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1550: USB stick, and boot with that drive plugged in.
1551: Make sure you also have the microSD card plugged in that shipped with the
1552: HiFive Unmatched board.
1553: Refer to the instructions in INSTALL.riscv64 for more details.
1554:
1555: <h3>OpenBSD/sparc64:</h3>
1556:
1557: <p>
1558: Burn the image from a mirror site to a CDROM, boot from it, and type
1559: <i>boot cdrom</i>.
1560:
1561: <p>
1562: If this doesn't work, or if you don't have a CDROM drive, you can write
1563: <i>floppy71.img</i> or <i>floppyB71.img</i>
1564: (depending on your machine) to a floppy and boot it with <i>boot
1565: floppy</i>. Refer to INSTALL.sparc64 for details.
1566:
1567: <p>
1568: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1569: will most likely fail.
1570:
1571: <p>
1572: You can also write <i>miniroot71.img</i> to the swap partition on
1573: the disk and boot with <i>boot disk:b</i>.
1574:
1575: <p>
1576: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1577: </section>
1578:
1579: <hr>
1580:
1581: <section id=upgrade>
1582: <h3>How to upgrade</h3>
1583: <p>
1.6 tj 1584: If you already have an OpenBSD 7.0 system, and do not want to reinstall,
1.1 deraadt 1585: upgrade instructions and advice can be found in the
1586: <a href="faq/upgrade71.html">Upgrade Guide</a>.
1587: </section>
1588:
1589: <hr>
1590:
1591: <section id=sourcecode>
1592: <h3>Notes about the source code</h3>
1593: <p>
1594: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1595: This file contains everything you need except for the kernel sources,
1596: which are in a separate archive.
1597: To extract:
1598: <blockquote><pre>
1599: # <kbd>mkdir -p /usr/src</kbd>
1600: # <kbd>cd /usr/src</kbd>
1601: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1602: </pre></blockquote>
1603: <p>
1604: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1605: This file contains all the kernel sources you need to rebuild kernels.
1606: To extract:
1607: <blockquote><pre>
1608: # <kbd>mkdir -p /usr/src/sys</kbd>
1609: # <kbd>cd /usr/src</kbd>
1610: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1611: </pre></blockquote>
1612: <p>
1613: Both of these trees are a regular CVS checkout. Using these trees it
1614: is possible to get a head-start on using the anoncvs servers as
1615: described <a href="anoncvs.html">here</a>.
1616: Using these files
1617: results in a much faster initial CVS update than you could expect from
1618: a fresh checkout of the full OpenBSD source tree.
1619: </section>
1620:
1621: <hr>
1622:
1623: <section id=ports>
1624: <h3>Ports Tree</h3>
1625: <p>
1626: A ports tree archive is also provided. To extract:
1627: <blockquote><pre>
1628: # <kbd>cd /usr</kbd>
1629: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1630: </pre></blockquote>
1631: <p>
1632: Go read the <a href="faq/ports/index.html">ports</a> page
1633: if you know nothing about ports
1634: at this point. This text is not a manual of how to use ports.
1635: Rather, it is a set of notes meant to kickstart the user on the
1636: OpenBSD ports system.
1637: <p>
1638: The <i>ports/</i> directory represents a CVS checkout of our ports.
1639: As with our complete source tree, our ports tree is available via
1640: <a href="anoncvs.html">AnonCVS</a>.
1641: So, in order to keep up to date with the -stable branch, you must make
1642: the <i>ports/</i> tree available on a read-write medium and update the tree
1643: with a command like:
1644: <blockquote><pre>
1645: # <kbd>cd /usr/ports</kbd>
1646: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1647: </pre></blockquote>
1648: <p>
1649: [Of course, you must replace the server name here with a nearby anoncvs
1650: server.]
1651: <p>
1652: Note that most ports are available as packages on our mirrors. Updated
1653: ports for the 7.1 release will be made available if problems arise.
1654: <p>
1655: If you're interested in seeing a port added, would like to help out, or just
1656: would like to know more, the mailing list
1657: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1658: </section>
1.24 benno 1659: </body>
1660: </html>