Annotation of www/71.html, Revision 1.36
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
1.24 benno 3: <head>
1.1 deraadt 4: <meta charset=utf-8>
5:
6: <title>OpenBSD 7.1</title>
7: <meta name="description" content="OpenBSD 7.1">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/71.html">
1.24 benno 11: </head><body>
1.1 deraadt 12: <h2 id=OpenBSD>
13: <a href="index.html">
14: <i>Open</i><b>BSD</b></a>
15: 7.1
16: </h2>
17:
18: <table>
19: <tr>
20: <td>
21: <a href="images/xxx.png">
22: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
23: <td>
1.6 tj 24: Released May ?, 2022. (52nd OpenBSD release)<br>
1.1 deraadt 25: Copyright 1997-2022, Theo de Raadt.<br>
26: <br>
1.3 job 27: Artwork by Luc Houweling.
1.1 deraadt 28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus71.html">detailed log of changes</a> between the
37: 7.0 and 7.1 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-71-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
47: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
48: <tr><td>
49: openbsd-71-fw.pub:
50: <td>
51: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
52: <tr><td>
53: openbsd-71-pkg.pub:
54: <td>
55: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
56: <tr><td>
57: openbsd-71-syspatch.pub:
58: <td>
59: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 7.1.
74: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
75: to 7.1.
76:
77: <ul>
78:
79: <li>New/extended platforms:
80: <ul>
1.16 benno 81: <li>Support for Apple Silicon Macs has improved and is ready for general use:
1.1 deraadt 82: <ul>
1.10 benno 83: <li>Added <a href="https://man.openbsd.org/aplspi.4">aplspi(4)</a>, a driver for the SPI controller found on the Apple M1 SoC.
84: <li>Added <a href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a> support for the keyboard/touchpad on Apple M1 laptops.
1.31 jsg 85: <li>Introduced <a href="https://man.openbsd.org/aplpmgr.4">aplpmgr(4)</a>, a driver for the power management controller found on Apple SoCs.
1.11 benno 86: <li>Introduced <a href="https://man.openbsd.org/aplmbox.4">aplmbox(4)</a>, a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs.
1.31 jsg 87: <li>Introduced <a href="https://man.openbsd.org/apliic.4">apliic(4)</a>, a driver for the I2C controller found on Apple SoCs.
1.11 benno 88: <li>Added the chip ids used on Apple M1 Pro/Max and Apple T2 Macs to <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
89: <li>Rewrote arm64 kernel FPU handling code to fix the random crashes seen with SMP kernels on Apple M1.
90: <li>Restricted the <a href="https://man.openbsd.org/pci.4">pci(4)</a> ioctl interface to devices detected by the kernel, preventing Xorg PCI probes from breaking the WiFi chip on M1 macs.
91: <li>Introduced <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>, a driver for the SMC found on Apple M1 SoCs.
92: <li>Introduced <a href="https://man.openbsd.org/aplnco.4">aplnco(4)</a>, a driver for the Numerically-controlled oscillator (NCO) clock which drives the audio clocks on Apple silicon.
93: <li>Introduced <a href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>, a driver for the TI TAS2770/TAS5770 digital audio amplifier codec found on Apple M1 Macs.
1.14 benno 94: <li>Introduced <a href="https://man.openbsd.org/apldma.4">apldma(4)</a>, a driver for the DMA controller found on Apple SoCs.
1.15 benno 95: <li>Added support to explicitly power on some PCIe devices on the M1 and M1 Pro/Max through a GPIO controlled by the SMC.
96: <li>Added <a href="https://man.openbsd.org/aplcpu.4">aplcpu(4)</a>, a driver to control the CPU performance levels on Apple SoCs.
97: <li>Modified <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> to support a newer interrupt controller, making OpenBSD run on M1 Pro/Max machines.
98: <li>Added nvmem support to <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a> and made it available on Apple SPMI PMUs.
99: <li>Added RTC support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
100: <li>Made the arm64 ramdisk installer fetch <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> firmware from the EFI System Partition on Apple Silicon devices for use during installation and addition to the newly installed system.
101: <li>Added support for controlling keyboard LEDs to <a
102: href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a>.
103: <li>Added basic GPIO support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
104: <li>Ensured <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> keeps the DART enabled in front of the display controller to preserve its access to the framebuffer and continued display.
105: <li>Fixed reading motherboard time on Apple machines with old SMC firmware.
106: <li>Implemented reboot/powerdown support in <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
107: <li>Implemented <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> support for multiple dies, making OpenBSD work on the M1 Ultra.
1.16 benno 108: </ul>
109: <li>Support for other <a href="arm64.html">arm64</a> architecture hardware was also improved with the following changes:
110: <ul>
1.10 benno 111: <li>Introduced <a
112: href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
113: driver providing support for battery chargers connected to GPIO pins,
114: such as those found on the Pinebook Pro.
115: <li>Introduced <a
116: href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
117: driver providing support for LEDs connected to GPIO pins, such as
118: those found on the Pinebook Pro.
119: <li>Added <a href="https://man.openbsd.org/gpiokeys.4">gpiokeys(4)</a>
120: for arm64, a driver which handles events triggered by GPIO keys such
121: as lid status and power button.
1.11 benno 122: <li>Added pclk clock used by <a
123: href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> on RK3399 to <a
124: href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
1.23 benno 125: <li>Introduced <a
126: href="https://man.openbsd.org/mpfclock.4">mpfclock(4)</a>, a driver
127: for the PolarFire SoC MSS clock controller.
128: <li>Introduced <a
129: href="https://man.openbsd.org/cdsdhc.4">cdsdhc(4)</a>, a driver for
130: the Cadence SD/SDIO/eMMC host controller.
131: <li>Introduced <a
132: href="https://man.openbsd.org/mpfiic.4">mpfiic(4)</a>, a driver for
133: the PolarFire SoC MSS I2C controller.
134: <li>Introduced <a
135: href="https://man.openbsd.org/mpfgpio.4">mpfgpio(4)</a>, a driver for
136: the PolarFire SoC MSS GPIO controller.
137: <li>Enabled <a href="https://man.openbsd.org/cduart.4">cduart(4)</a>
138: on arm64.
139: <li>Added <a
140: href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a> support
141: for the CP115 block found on Marvell CN9K SoCs.
142: <li>Added <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>
143: support for the AP807 block found on Marvell CN9K SoCs.
1.1 deraadt 144: </ul>
145: <li>Changes on other architectures:
146: <ul>
1.16 benno 147: <!-- riscv -->
1.23 benno 148: <li>Enabled <a href="https://man.openbsd.org/uhid.4">uhid(4)</a>/<a
149: href="https://man.openbsd.org/fido.4">fido(4)</a> on riscv64.
1.14 benno 150: <li>Allowed riscv64 installation on a disk with a GPT.
1.16 benno 151: <li>Added missing locking to <a
152: href="https://man.openbsd.org/pmap_extract.9">pmap_extract(9)</a> and
153: <a href="https://man.openbsd.org/pmap_unwire.9">pmap_unwire(9)</a> on
154: arm64 and riscv64.
155: <li>Improved stack unwinding on riscv64 in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
156: <li>Fixed kernel stack alignment on riscv64.
157: <li>Fixed RISC-V lld link code when dealing with object files created with "ld -b".
158: <li>Made sure nothing can map address zero on RISC-V.
159: <li>Made sure armv7,arm64 and risc-v FDT bootloader code does not write beyond the FDT data structure.
1.27 deraadt 160: <!-- sparc64 -->
1.11 benno 161: <li>Fixed booting from an IDE block device on the Sun Blade 100.
162: <li>Fixed <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> console colors on sparc64.
1.16 benno 163: <!-- macppc/powerpc64 -->
1.23 benno 164:
165: <li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on
166: macppc.
167: <li>Increased <a href="https://man.openbsd.org/ddb.1">ddb(1)</a>
168: access to registers on macppc and powerpc64.
1.16 benno 169: <li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
1.23 benno 170: <li>Allowed <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> trace
171: through interrupt on macppc.
1.1 deraadt 172: </ul>
173: </ul>
174:
175: <li>Various kernel improvements:
176: <ul>
1.16 benno 177: <li>Made redistributable firmwares available across all architectures.<!-- XXX right place? -->
178:
179: <li>Made futexes work in shared anonymous memory.
180: <li>Improved tracking of mbuf memory usage in the whole system.
181: <li>Switched to using long filenames by default with <a
1.31 jsg 182: href="https://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a>.
1.7 benno 183: <li>Fixed memory leak in <a
184: href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
185: href="https://man.openbsd.org/namei.9">namei(9)</a>.
1.26 benno 186:
187: <li>Fixed establishing legacy INTx interrupts on machines without a
188: (usable) MSI interrupt controller.
1.7 benno 189: <li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
190: href="https://man.openbsd.org/open.2">open(2)</a>/<a
191: href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
192: creating files.
1.16 benno 193: <li>Reworked garbage collector for <a
194: href="https://man.openbsd.org/unix.4">unix(4)</a> sockets to prevent
195: potential kernel panics.
1.10 benno 196: <li>Changed the power management <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
197: hw.perfpolicy to "auto" at startup, defaulting to 100%
198: performance with AC power connected and using the auto algorithm when
199: on battery.
1.26 benno 200: <li>Aligned memory allocation for USB device drivers and USB HC
201: drivers, enlarging the USB memory pool.
1.16 benno 202: <li>Prevent panic in <a
203: href="https://man.openbsd.org/softraid.4">softraid(4)</a> while
204: rebooting if softraid has been disabled.
205:
206: <!-- suspend/hibernate/resume -->
1.11 benno 207: <li>Fixed hibernate setups where removal of a <a
208: href="https://man.openbsd.org/umass.4">umass(4)</a> device results in
209: a renumbered <a
210: href="https://man.openbsd.org/softraid.4">softraid(4)</a> boot device.
211: <li>Fix hibernate on newer hardware by allowing more memory ranges.
1.26 benno 212: <li>If CPU sleep state S4 is not available, use S5 for the
213: ACPI-transitions in hibernate support.
214: <li>Added code to update hw.power whenever AC state changes on
215: resume.
1.22 benno 216: <li>Fixed a panic by prohibiting renames of tmpfs mount-points.
1.26 benno 217: <li>Fixed double free after allocation failure in <a
218: href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
1.1 deraadt 219: </ul>
220:
221: <li>SMP Improvements
222: <ul>
1.7 benno 223: <li>Made pipe event filters MP-safe.
224: <li>Set klist lock for sockets to make socket event filters MP-safe.
225: <li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
226: <a href="https://man.openbsd.org/select.2">select(2)</a>, <a
227: href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
228: href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
229: kqueue.
1.29 jsg 230: <li>Unlocked top part of UVM fault handler on mips64. <!-- XXX move? -->
1.10 benno 231: <li>Unlocked the <a href="https://man.openbsd.org/kevent.2">kevent(2)</a> system call.
232: <li>Made the kqread event filter MP-safe.
233: <li>Reduced the time overhead of <a
234: href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>-based <a
235: href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
236: href="https://man.openbsd.org/select.2">select(2)</a> systems calls by
237: keeping knotes between the system calls.
1.11 benno 238: <li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a>
239: and <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>
240: syscalls.
241: <li>Prevented <a
242: href="https://man.openbsd.org/select.2">select(2)</a> from blocking if
243: registering found pending events.
244: <li>Protected <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>
245: input and output with the kernel lock to allow forwarding of non-ipsec
246: traffic in parallel.
247: <li>Unlocked the bottom part of the uvm fault handler.
248: <li>Unlocked <a href="https://man.openbsd.org/getpeername.2">getpeername(2)</a>.
249: <li>Made <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> MP-safe.
1.14 benno 250: <li>Implemented the <a
251: href="https://man.openbsd.org/poll.2">poll(2)</a> system call on top
252: of the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
253: subsystem, obsoleting the old, non-MP-safe poll backend.
1.15 benno 254: <li>Made <a href="https://man.openbsd.org/audio.4">audio(4)</a> event filters MP-safe.
255: <li>Unlocked <a href="https://man.openbsd.org/getsockname.2">getsockname(2)</a>.
256: <li>Added kernel interfaces for atomic load and store functions for int and long to be used in reference counted struct members.
1.1 deraadt 257: </ul>
258:
259: <li>Direct Rendering Manager
260: <ul>
1.5 jsg 261: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
262: to Linux 5.15.26
263: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
264: support for Elkhart Lake, Jasper Lake, Rocket Lake
265: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
266: support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
267: Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
268: Navi 24 "Beige Goby"
1.16 benno 269: <li>Reinstated a <a href="https://man.openbsd.org/drm.4">drm(4)</a>
270: workaround to get framebuffer size from efifb, preventing fatal errors
271: for the BESSTAR TECH HM90 with Ryzen 9 4900H.
272:
1.1 deraadt 273: </ul>
274:
275: <li>VMM/VMD improvements
276: <ul>
1.8 dv 277: <li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
278: switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
279: vmd(8)</a>.
280: <li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
281: would exit when requesting a new VM and hitting memory resource
282: limits.
283: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
284: corruption on Intel hosts.
285: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
286: clamping when the host has an invariant TSC.
287: <li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
288: vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
289: running guests.
290: <li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
291: vmd(8)</a> on amd64.
1.11 benno 292: <li>Fixed spurious abort of a VM by <a
293: href="https://man.openbsd.org/vmd.8">vmd(8)</a> when the scheduler
294: moves a VM to a different core while it is sleeping on a lock.
295: <li>Fixed broken <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
296: "boot device cdrom" feature after a fix in seabios.
297: <li>Reintroduced support for <a
298: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> <code>start -B net
299: -b bsd.rd</code>, which emulates a PXE boot and performs an
300: autoinstall.
1.16 benno 301: <li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> <a
302: href="https://man.openbsd.org/dt.4">dt(4)</a> tracepoints amd64-only.
303: <li>Provided a login class for <a
304: href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
305: <li>Added handling for <a
306: href="https://man.openbsd.org/vmd.8">vmd(8)</a> hitting resource
307: limits when starting a vm and added memory error messages for the
308: user.
309: <li>Added quiesce/wakeup hooks to sync vcpu state in <a
310: href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.11 benno 311:
1.1 deraadt 312: </ul>
313:
314: <li>Various new userland features:
315: <ul>
1.7 benno 316: <li>Added <a
317: href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
318: for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
319: use in ports.
320: <li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
321: rogue" to show daemons which are running but not set as "enabled" in
322: <a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
1.16 benno 323: <li>Implemented probe variables in BPFtrace (<a
324: href="https://man.openbsd.org/bt.5">bt(5)</a>).
1.7 benno 325: <li>Provided common <a
326: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
327: kprofile.bt (to save kernel stackframes and produce flamegraphs) and
328: runqlat.bt (to measure the latency of the scheduler runqueues).
1.16 benno 329: <li>DNSSEC support: Implemented RFC6840 (AD flag processing) in the libc resolver, if
1.11 benno 330: using trusted name servers specified with 'trust-ad' in <a
1.16 benno 331: href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a><!-- XXX or network section? -->
1.14 benno 332: <li>Enabled support for displaying an estimated battery recharge time
333: in <a href="https://man.openbsd.org/apm.8">apm(8)</a> and <a
334: href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
335: <li>Introduced support for storing capability databases in
336: /etc/login.conf.d, allowing easy addition of custom login classes from
1.16 benno 337: packages and made <a
338: href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> look for the login
339: class in both login.conf and login.conf.d/${class}.
340: <li>Added a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
341: cache of regions between 128k and 2M to accommodate programs
342: allocating and deallocating regions of these sizes quickly.
343: ` <li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
344: for mtime/atime/ctime extended headers (in not-SMALL builds).
345: <li>Added -k flag to <a
346: href="https://man.openbsd.org/gzip.1">gzip(1)</a> and <a
347: href="https://man.openbsd.org/gunzip.1">gunzip(1)</a> to retain
348: (de)compressed file.
1.22 benno 349: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
350: <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --max-size and --min-size.
1.1 deraadt 351: </ul>
352:
353: <li>Various bugfixes and tweaks in userland:
354: <ul>
1.16 benno 355: <!-- pkg tools -->
356: <li>Stopped <a
357: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> from
358: communicating warnings starting with "XXX" which appeared to indicate
359: errors.
1.7 benno 360:
1.16 benno 361: <!-- X11 -->
362: <li>Enabled subpixel rendering in FreeType.
363: <li>Updated xorg-server to 21.1.3, leaving in place an earlier change
364: to compute the screen resolution from dimensions returned by the
365: screen, reverted by upstream.
366: <li>Allowed bare numbers for key and mouse bindings in <a
367: href="https://man.openbsd.org/cwm.1">cwm(1)</a>.
368: <li>Added a <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
369: "group-last" command that shows only the previously active group.
370: <li>Fixed glass console and <a href="https://man.openbsd.org/getty.8">getty(8)</a> interference with Xorg on arm64.
371:
372: <!-- utilities -->
373: <li>Fixed octal escape parsing in <a
374: href="https://man.openbsd.org/tr.1">tr(1)</a> backslash().
375: <li>Added <a href="https://man.openbsd.org/uniq.1">uniq(1)</a>
376: support for arbitrarily long input lines.
377: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> ignore
378: trailing newlines when comparing lines.
379: <li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> skip()
380: each input line only once, improving performance.
381: <li>Increased <a href="https://man.openbsd.org/tee.1">tee(1)</a> I/O
382: buffer size for 8KB to 64KB.
383: <li>Improved performance of <a
384: href="https://man.openbsd.org/rev.1">rev(1)</a>.
385: <li>Made <a href="https://man.openbsd.org/ed.1">ed(1)</a> flush all
386: stdio streams before running a shell command.
387: <li>Prevented a file descriptor leak in <a
388: href="https://man.openbsd.org/touch.1">touch(1)</a> after <a
389: href="https://man.openbsd.org/futimens.2">futimens(2)</a> failure.
390: <li>Added <a href="https://man.openbsd.org/seq.1">seq(1)</a>, a
391: command to print sequences of numbers.
392:
393: <!-- apm -->
1.22 benno 394: <li>Set cpuspeed to 0 in <a
395: href="https://man.openbsd.org/apm.8">apm(8)</a> when hw.cpuspeed
396: cannot be retrieved.
1.16 benno 397:
398: <li>Copied the <a href="https://man.openbsd.org/cos.3">cos(3)</a>
399: cosine software implementation from FreeBSD-13, and disabled assembly
400: implementations of trig functions on x86 platforms.
401: <li>Added optimization for tiny x in <a
402: href="https://man.openbsd.org/cos.3">cos(3)</a> and <a
1.21 tj 403: href="https://man.openbsd.org/sin.3">sin(3)</a> trigonometry
404: functions.
1.16 benno 405:
406: <!-- audio -->
407: <li>Switched <a href="https://man.openbsd.org/aucat.1">aucat(1)</a>
408: internal sample representation and default file encoding to 24-bit.
409: <li>Switched <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
410: internal sample representation to 24-bit fixed point.
411:
412: <!-- rc scripts -->
413: <li>Allowed passing a different signal than SIGTERM in the default
414: rc_stop() function in <a
415: href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
416: <li>Improved and simplified timer handling in <a
417: href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> "stop" and "reload".
418:
419: <!-- fdisk -->
1.19 krw 420: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
421: -b available on all architectures.
1.7 benno 422: <li>Removed the constraint that <a
1.19 krw 423: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b block
424: count and block offset must be greater than 63.
425: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b
426: partitions other than EFI System partitions DOSACTIVE.
427: <li>Switched to using <a
428: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b to create boot
429: partitions on multiple architectures.
1.16 benno 430: <li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
431: "disk" editing command.
1.19 krw 432: <li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
433: from initializing an MBR to have overlapping partitions 0 and 3.
1.16 benno 434: <li>Allowed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
435: extend the default OpenBSD partition to the end of the disk, rather
436: than truncating at the end of the last full cylinder.
1.19 krw 437: <li>Corrected GPT checksums written by <a
1.16 benno 438: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> on big-endian
439: architectures to be little-endian as per spec.
440: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
441: preserve BIOS boot partition.
1.19 krw 442: <li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
443: preserve the EFI System partition on GPT disks with Apple APFS partitions.
444: <li>Removed the builtin MBR from <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
445: <li>Removed the "rpath" and "wpath" pledges from <a
446: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
447: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
448: creates the default OpenBSD MBR partition only when there is space for it.
449: <li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
450: does not set MBR DOSACTIVE flag on unused partitions when initializing MBR.
451: <li>Reduced the alignment space <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
452: inserts before the start of the default OpenBSD partition.
1.16 benno 453:
454: <!-- other -->
1.7 benno 455: <li>Merged bugfixes from upstream into <a
456: href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
457: the prompt hiding feature (CTRL-P) and an integer overflow.
1.16 benno 458: <li>Fixed possible use after free with long lines in <a
459: href="https://man.openbsd.org/less.1">less(1)</a>.
1.7 benno 460: <li>Fixed file descriptor leak of /dev/tty on <a
461: href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
462: <li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
463: <a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
464: href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
465: href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
466: implementations from NetBSD with the existing FreeBSD implementations
467: we were already using for <a
468: href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
469: href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
1.16 benno 470: <li>In various games, call <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
1.7 benno 471: later to prevent it from killing various games using ncurses when both
472: stdout and stderr are redirected to a non-tty.
1.16 benno 473: <li>Switched LLD_ARCHs (architectures using the LLVM <a
474: href="https://man.openbsd.org/ld.lld.1">ld.lld(1)</a> linker) to also
475: user the LLVM archiver <a
476: href="https://man.openbsd.org/llvm-ar.1">llvm-ar(1)</a>.
1.24 benno 477: <li>Added openvpn ports (udp/1194 & tcp/1194) to /etc/services.
1.16 benno 478: <li>Prevented an access to uninitialized memory in <a
479: href="https://man.openbsd.org/awk.1">awk(1)</a>.
480: <li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> recovery
481: mode.
482: <li>Extended and reordered the process accounting information
483: structure <a href="https://man.openbsd.org/acct.5">acct(5)</a>. Flag
484: Day for the <a href="https://man.openbsd.org/acct.2">acct(2)</a> file
485: format.
486: <li>Fixed <a
487: href="https://man.openbsd.org/setusercontext.3">setusercontext(3)</a>
488: error when /etc/login.conf is not present.
1.1 deraadt 489: </ul>
490:
491: <li>Improved hardware support and driver bugfixes, including:
492: <ul>
1.7 benno 493: <li>Added support to <a
494: href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
495: Lake H and Tiger Lake H platforms.
496: <li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
497: is present with an attached <a
498: href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
499: <li>Added support for tpm2 CRB interface to <a
500: href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
501: regressions on the Surface Go 2 caused by a firmware change.
502: ` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
503: device tree with at least one page of free space to extend into. This
504: fixes booting on VMWare Fusion.
1.10 benno 505: <li>Stopped binding audio devices exposed by <a
506: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to physical
507: devices. <!-- XXX check this -->
508: <li>Fixed handling of interrupts shared between multiple <a
509: href="https://man.openbsd.org/dwiic.4">swiic(4)</a> devices.
1.11 benno 510: <li>Introduced <a
511: href="https://man.openbsd.org/iicmux.4">iicmux(4)</a>, a driver that
512: switches between I2C busses connected to a single I2C controller by
513: using the pin muxing facilities of an SoC.
514: <li>Introduced <a
515: href="https://man.openbsd.org/pcyrtc.4">pcyrtc(4)</a>, a driver for
516: the NXP PCF85063A/TP RTC chips.
517: <li>Fixed a panic when running <a
518: href="https://man.openbsd.org/utvfu.4">utvfu(4)</a> on <a
519: href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
520: <li>Added <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>
521: support for interrupts represented by ACPI PCI Interrupt Link Devices,
522: making PCI interrupts work on QEMU's SBSA target.
1.16 benno 523: <li>Added handling of multi-port controllers to <a
524: href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
525: <li>Make <a href="https://man.openbsd.org/com.4">com(4)</a> attach
526: over <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64.
527: <li>Added address locators for the ACPI "bus" and used these to fix
528: the order of the <a href="https://man.openbsd.org/com.4">com(4)</a>
529: devices to match the traditional order on the ISA bus.
530: <li>Added Intel Jasper Lake to the <a
531: href="https://man.openbsd.org/azalia.4">azalia(4)</a> audio driver.
532: <li>Ensured <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>
533: matches on Intel 300 Series audio, fixing attaching on the Dell G3
534: 3590.
535: <li>Added Synopsys Designware UART support to <a
536: href="https://man.openbsd.org/com.4">com(4)</a>.
537: <li>Fixed an issue where <a
538: href="https://man.openbsd.org/com.4">com(4)</a> would attach for a
539: disabled serial port leading to misdirection of the hardware variant
540: and a subsequent hang when /etc/rc runs <a
541: href="https://man.openbsd.org/ttyflags.8">ttyflags(8)</a> -a.
542: <li>Fixed <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> for
543: Jasper Lake eMMC.
544: <li>Improved how quirks are handled on <a
545: href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>-compatible drivers.
546: <li>Enabled <a
547: href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> use with the
548: Surface Go 3.
549: <li>Fixed suspend/resume issues with <a
550: href="https://man.openbsd.org/com.4">com(4)</a> at <a
551: href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
552: <li>Correlated <a
553: href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> and <a
1.31 jsg 554: href="https://man.openbsd.org/ucc.4">ucc(4)</a> devices
555: to adjust the volume of the correct audio device
1.16 benno 556: rather than the first one attached.
1.31 jsg 557: <li>Enabled FIFO support in <a
1.16 benno 558: href="https://man.openbsd.org/pluart.4">pluart(4)</a>.
1.31 jsg 559: <li>Added support for XBox One game controller.
1.16 benno 560: <li>Stopped suspending the <a
561: href="https://man.openbsd.org/tpm.4">tpm(4)</a> device upon
562: hibernation, preventing some systems from hanging when hibernating a
563: second time.
564: <li>Fixed <a href="https://man.openbsd.org/hilkbd.4">hilkbd(4)</a>
565: Swedish keyboard layout on non-PS/2 style keyboards.
1.1 deraadt 566: </ul>
567:
568: <li>New or improved network hardware support:
569: <ul>
1.16 benno 570: <li>Added support to <a
571: href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
1.7 benno 572: <li>Fixed an interrupt storm on <a
573: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
574: support Energy Efficient Ethernet when connected to a switch which
575: does so as well.
1.28 jmatthew 576: <li>Made <a href="https://man.openbsd.org/dwge.4">dwge(4)</a> and <a
577: href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> MP-safe.</li>
1.10 benno 578: <li>Added <a href="https://man.openbsd.org/igc.4">igc(4)</a>, a
579: driver for the Intel 2.5Gb Ethernet controllers.
1.11 benno 580: <li>Implemented <a href="https://man.openbsd.org/em.4">em(4)</a>
581: support for selecting SMGII or SerDes mode depending on the plugged-in
582: SFP transceiver and for reading out transceiver information via <a
583: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.16 benno 584: <li>Enabled hardware vlan tagging for <a
585: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
586: <li>Re-enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>
587: IPv4, TCP4/6 and UDP4/6 checksum offloading. \ <li>Enabled receive
588: checksum offloading on <a
589: href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
590: <li>Prevented a possible deadlock in <a
591: href="https://man.openbsd.org/cad.4">cad(4)</a>.
1.22 benno 592: <li>Prevented <a href="https://man.openbsd.org/aq.4">aq(4)</a> nics
593: from writing to mbufs taken off the ring when the interface was taken
594: down.
1.28 jmatthew 595: <li>Fixed receive filter handling and vlan packet reception in <a
1.16 benno 596: href="https://man.openbsd.org/aq.4">aq(4)</a>.
1.28 jmatthew 597: <li>Enabled vlan and checksum offloads in <a
1.16 benno 598: href="https://man.openbsd.org/aq.4">aq(4)</a>.
1.28 jmatthew 599: <li>Enabled interrupt moderation in <a
1.16 benno 600: href="https://man.openbsd.org/aq.4">aq(4)</a>, aiming at around 20k
601: per second.
602: <li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> vlan
603: transmission with hw tagging.
1.28 jmatthew 604: <li>Added preliminary <a
605: href="https://man.openbsd.org/ure.4">ure(4)</a> support for RTL8156B
606: and bug fixes for RTL8153/RTL8156.
1.22 benno 607: <li>Reworked <a href="https://man.openbsd.org/ix.4">ix(4)</a>
608: checksum/vlan offloading and enabled it for IPv6.
609: <li>Enabled IP header checksum offloading in <a
610: href="https://man.openbsd.org/ix.4">ix(4)</a>.
1.30 jmatthew 611: <li>Fixed <a href="https://man.openbsd.org/msk.4">msk(4)</a> operation
612: after interface state changes.
1.35 dv 613: <li>Enabled <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> on arm64.
1.1 deraadt 614: </ul>
615:
616: <li>Added or improved wireless network drivers:
617: <ul>
1.33 stsp 618: <li>Introduced <a href="https://man.openbsd.org/mtw.4">mtw(4)</a>, a
619: driver for MediaTek MT7601U USB wifi devices, enabled on amd64, i386, macppc, and arm64.
620: <li>Added 802.11n Tx aggregation support to the <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
621: <li>Added support for 802.11n 40MHz channels, and 802.11ac 80MHz channels, to the <a
622: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
623: href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers.
624: <li>Reset the Tx watchdog timer when a block ack notification is received by
1.7 benno 625: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
1.33 stsp 626: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware to prevent spurios device timeouts.
627: <li>Prevent invalid net80211 state transitions in the
628: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
629: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers
630: to avoid a potential hang.
1.7 benno 631: <li>Fixed a panic when <a
632: href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
633: at boot time.
634: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
635: performance drop after roaming between APs in 11n mode.
1.33 stsp 636: <li>When roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or
637: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>, keep the old BSSID available for use by firmware
638: commands which tear down device state before switching to the new AP.
639: <li>Fix race conditions in the <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
640: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers while roaming between APs with
641: outstanding frames on transmit queues.
1.7 benno 642: <li>Reverted to use <a
643: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
644: AC 7265, fixing instability issues on X1 Carbon gen3.
1.33 stsp 645: <li>Explicitly stop <a
646: href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack sessions when
1.7 benno 647: roaming between access points.
1.11 benno 648: <li>Fixed monitor mode on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
649: <li>Let <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
650: href="https://man.openbsd.org/iwm.4">iwm(4)</a> use per-Tx-queue
1.33 stsp 651: interface timers to ensure the Tx watchdog triggers if a particular Tx queue gets
1.11 benno 652: stuck.
1.33 stsp 653: <li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to new -67 firmware images, and updated <a
654: href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 firmware, to address INTEL-SA-00509.
1.11 benno 655: <li>Made <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> attach to PCI devices with product ID 0x31dc, part of the 9560 chip family.
1.33 stsp 656: <li>Fixed wrong pointer assignment causing the <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>
657: driver to read Rx block ack request information from the wrong offset.
658: <li>Fixed and reenabled use of probe requests during scans on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
659: <li>Fixed attach of multiple <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> interfaces in the same machine.
660: <li>Fixed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> with 4965 devices.
1.15 benno 661: <li>Improved roaming stability on <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, particularly with wpa_supplicant.
1.16 benno 662: <li>Added relicensed wireless firmwares from Realtek for <a
663: href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
664: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
665: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
666: these devices to work without requiring a separate firmware download.
667: <li>Added a workaround for buggy <a
668: href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
669: filling up the node cache when used in hostap mode.
670: <li>Applied a workaround in <a
671: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
672: external abort under load with <a
673: href="https://man.openbsd.org/athn.4">athn(4)</a>.
674: <li>Made <a href="https://man.openbsd.org/athn.4">athn(4)</a> attach
675: to the Sony UWA-BR100.
676: <li>Fixed "(null node)" panics on <a href="https://man.openbsd.org/run.4">run(4)</a>.
677: <li>Disabled minimum power consumption in <a
678: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> hostap mode,
679: improving connection reliability when used as an access point.
680: <li>Added support for the BCM4387 to <a
681: href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
682: <li>Improved TX performance on <a
683: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> RTL8192EU devices.
684: <li>Fix TX rate used by <a
685: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
686: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> for RTS frames.
1.1 deraadt 687: </ul>
688:
689: <li>IEEE 802.11 wireless stack improvements and bugfixes:
690: <ul>
1.7 benno 691: <li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
1.33 stsp 692: <li>Added support for 40MHz channels to net80211 Tx rate adaptation in 11n mode.
1.7 benno 693: <li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
1.33 stsp 694: <li>Introduced an optional background-scan handler for wireless drivers, which drivers can use to take control of the device teardown sequence, ensuring that race conditions between firmware state and net80211 state are avoided.
695: <li>Taught the net80211 stack to remove corresponding frames from ic_pwrsaveq when a power-saving client decides to leave our hostap interface, preventing a panic in the <a
696: href="https://man.openbsd.org/athn.4">athn(4)</a> driver.
1.15 benno 697: <li>Added initial 802.11ac (VHT) support to the wifi stack.
1.33 stsp 698: <li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> show 802.11ac VHT capability and operation IEs with the IEEE802_11_RADIO data link type (-y) in verbose (-v) mode.
699: <li>Added 802.11ac/VHT TX rate adaptation support to net80211.
1.15 benno 700: <li>When choosing networks during SSID selection, give a higher score to 11ac and 11n access points, prioritizing 11ac.
1.33 stsp 701: <li>When choosing from a set of access points for a given SSID, prefer APs on 5GHz channels over APs on 2GHz channels. This was already supposed to happen in earlier OpenBSD releases but did not always work as intended.
1.1 deraadt 702: </ul>
703:
704: <li>Generic network stack improvements and bugfixes:
705: <ul>
1.7 benno 706: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
1.15 benno 707: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> rdr-to rules failing on certain port ranges when explicitly specified.
708: <li>Ensured the <a href="https://man.openbsd.org/pf.4">pf(4)</a> "set prio" values are checked consistently.
1.11 benno 709: <li>Made "set skip on ..." in <a
710: href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> dynamic, with
711: this, "set skip" can be used on interfaces that are not configured
712: yet.
1.22 benno 713: <li>Protected <a
714: href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> tdb flags and
715: lists with a mutex to prevent crashes involving pfsync, IPsec and
716: parallel forwarding.
717:
718: <li>Added support for PPP IPCP extensions for DNS to <a
719: href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
720: <li>Added display of DNS information from <a
721: href="https://man.openbsd.org/sppp.4">sppp(4)</a> to <a
722: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
723: <li>Switched to calculating <a
724: href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> session duration
725: using system uptime rather than UTC.
726:
727: <li>Fixed <a href="https://man.openbsd.org/veb.4">veb(4)</a> vport
728: handling to prevent improper drop of packets leaving a vport
729: interface.
730: <li>Prevented tweaks to <a
731: href="https://man.openbsd.org/tun.4">tun(4)</a> if_flags when the
732: NET_LOCK isn't held.
733: <li>Prevented reopening of <a
734: href="https://man.openbsd.org/tun.4">tun(4)</a>/<a
735: href="https://man.openbsd.org/tap.4">tap(4)</a> interfaces which are
736: being destroyed.
1.15 benno 737: <li>Rewrote <a href="https://man.openbsd.org/vxlan.4">vxlan(4)</a> to
738: operate independently of <a
739: href="https://man.openbsd.org/bridge.4">bridge(4)</a>, create and bind
740: udp sockets and prevent loops.
1.22 benno 741: <li>Stopped hiding the mtu on "bridge" interfaces which do handle l3
742: traffic in <a
743: href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
744: <li>Added mbuf tags to prevent output loops in <a
745: href="https://man.openbsd.org/etherip.4">etherip(4)</a>.
746: <li>Added rtable capability to <a
747: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>,
748: allowing to specify the rtable a process uses.
749: <li>Made <a href="https://man.openbsd.org/su.1">su(1)</a> honor the
750: login class routing table when doing a full login with su -l.
751: <li>Fix IP output routines on raw sockets so route sourceaddr can
752: take effect using <a
753: href="https://man.openbsd.org/sendto.2">sendto(2)</a> or similar.
754: <li>Ensured <a
755: href="https://man.openbsd.org/pcap_lookupdev.3">pcap_lookupdev(3)</a>
756: matches only on complete interface names.
1.1 deraadt 757: </ul>
758:
759: <li>Installer and upgrade improvements:
760: <ul>
1.22 benno 761: <li>Corrected installer to understand "inet autoconf" properly in <a
1.7 benno 762: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
1.22 benno 763: <li>Stopped prompting whether to fall back to HTTP in the installer,
764: making the fallback automatic.
1.7 benno 765: <li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
766: "join" command by default in <a
767: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
768: replacing the old "nwid".
1.22 benno 769: <li>Replace custom bootloader installation code with <a
770: href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
771: riscv64 and armv7 architecture installations.
772: <li>New logic for <a
773: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to avoid
774: excessive moving of files during updates when possible.
775: <li>Documented OpenBSD installation and upgrade customization using the <a
776: href="https://man.openbsd.org/install.site.5">install.site(5)</a> file.
1.10 benno 777: <li>Corrected "!" escape handling in the installer when accepting WEP/WPA passphrase.
1.22 benno 778: <li>Prevented a potential race which could make <a
779: href="https://man.openbsd.org/umount.8">umount(8)</a> fail spuriously
780: in the installer.
781: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -e
782: work with ramdisk kernels.
1.11 benno 783: <li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -c
784: cmdfile use lines from the command file for all input, not just
785: commands. This allows complex actions like changing device parameters.
1.22 benno 786: <li>Ensured that an interrupted arm64 install from the ramdisk kernel
787: can be restarted.
788:
789: <!-- fw_update -->
1.11 benno 790: <li>Returned to a shell-script based <a
791: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>, written
792: to be usable by the install script, allowing earlier retrieval of
793: downloaded firmwares.
794: <li>Stopped <a
795: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> from
796: downloading SHA256.sig when not needed, to allow installing local
797: files without network access.
798: <li>Modified the installer to use <a
799: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to install
800: non-free firmware files if present on the install media.
1.22 benno 801: <li>Made <a
802: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>
803: re-download existing files with failed checksums.
804: <li>Stopped unregistering firmware with <a
805: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> when the
806: SHA256.sig cannot be fetched.<!-- what does "unregistering firmware" mean? -->
807: <li>Made <a
808: href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> use the
809: /snapshots directory only on -current snapshot installations.
1.1 deraadt 810: </ul>
811:
812: <li>Security improvements:
813: <ul>
1.22 benno 814: <li>Clear the length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
1.7 benno 815: <li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
816: <li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
1.10 benno 817: <li>Disabled <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> mouse tracking by default.
1.22 benno 818: <li>On arm64 architectures, use "rng-seed" and "kaslr-seed" properties from the device tree to mix extra entropy into the random pool.
1.15 benno 819: <li>Made <a href="https://man.openbsd.org/apmd.8">apmd(8)</a> replace /etc/random.seed for hibernate-resumes.
1.11 benno 820: <li>Restricted <a
821: href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a
822: href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> file
823: system access with <a
824: href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
1.14 benno 825: <li>Added <a href="https://man.openbsd.org/ps.1">ps(1)</a> status flag "c" to indicate a process is chrooted.
1.15 benno 826: <li>In <a
827: href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a> <a
828: href="https://man.openbsd.org/unveil.2">unveil(2)</a> "/dev" read-only
829: instead of using <a
830: href="https://man.openbsd.org/chroot.2">chroot(2)</a>.
1.1 deraadt 831: </ul>
832:
833: <li>Routing daemons and other userland network improvements:
834: <ul>
1.11 benno 835: <li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
1.7 benno 836: <li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
1.11 benno 837: <li>Installed missing scope identifiers for IPv6 link-local addresses for <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> and <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>.
838: <li>Allowed interface names as scope-id in IPv6 link-local addresses in <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
1.15 benno 839: <li>Let <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> probe for DNS64 presence with an absolute name, so asr doesn't add search domains and retry.
1.7 benno 840: <li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
1.11 benno 841: <li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
842: <li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
843: <li>Made the <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> host name DHCP option configurable.
844: <li>Prevented a crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> due to updating an interface which no longer exists.
1.15 benno 845: <li>Prevented a potential crash when <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> receives more than 7 nameservers.
846: <li>Fixed crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> when receiving a negative length field for DNS labels.
1.11 benno 847: <li>Fix <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, create permissions are required for databases.
848: <li>Made <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> start listening on interface in 'down' state. Interfaces can come up later, at which point dhcpd(8) will start receiving packets.
849: <li>Added a basic printer for EAPOL packets to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.15 benno 850: <li>Made <a href="https://man.openbsd.org/ping.8">ping(8)</a> print out the source address and sequence number when the signature on an icmp echo reply doesn't match.
851: <li>Rate limit <a href="https://man.openbsd.org/rad.8">rad(8)</a> router advertisements according to RFC 4861.
1.22 benno 852:
1.25 benno 853: <li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
854: <ul>
1.29 jsg 855: <li>Stop verifying the cert or CA for a relay using opportunistic TLS.
1.25 benno 856: <li>Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> behavior.
857: </ul>
858:
1.22 benno 859: <!-- httpd -->
860: <li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> received new features and bugfixes:
861: <ul>
862: <li>Respond with 400 Bad Request when a client sends header lines without a colon.
863: <li>Added protocol version checking.
864: <li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
865: <li>Corrected <a
866: href="https://man.openbsd.org/httpd.8">httpd(8)</a> version string
867: checking, responding with 505 Version Not Supported rather than 400
868: Bad Request when the version format is incorrect.
869: <li>Stop sending content alongside responses to HEAD requests.
870: <li>Added support for custom error pages.
871: <li>Added a gzip-static option to <a
872: href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>,
873: allowing delivery of precompressed files with content-encoding gzip.
874: <li>Improved handling of static compressed gzip files.
875: </ul>
876:
877:
1.29 jsg 878: <!-- IPsec/isakmpd/iked -->
879: <li>IPsec support was improved:
1.22 benno 880: <ul>
881: <li>Made <a href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> proto config option accept a list to allow specifying multiple protocols for a single policy.
882: <li>Fixed removal of SAs that could not be flushed with <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -F.
883: <li>Changed <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to log a warning when proto is NULL rather than dereferencing it.
884: <li>Fixed broken key exchange negotiation with matching proposals in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
885: <li>Added <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> "show certinfo" to show trusted CAs and certificates.
886: <li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -V to display the version.
887: <li>Fixed a bug where <a href="https://man.openbsd.org/iked.8">iked(8)</a> sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
888: <li>Improved message fragment retransmissions for <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
889: <li>Make sure <a href="https://man.openbsd.org/iked.8">iked(8)</a> vroute messages are correctly aligned, fixes autoconfiguration of addresses on octeon.
890: </ul>
891: <!-- rpki-client -->
1.34 claudio 892: <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> was
893: made more resilient regarding untrusted input. The following
894: bugfixes and improvements were made:
1.22 benno 895: <ul>
896: <li>Added support for validating BGPsec Router Public Keys.
897: <li>Fix issues with chunked transfer encoding in the RRDP HTTP client.
898: <li>Cleanup and improvement of how IO is handled.
899: <li>Improvements in the way X509 certificates are verified.
900: <li>Limit the number of concurrent rsync processes.
901: <li>Fix CRLF in tal files.
902: <li>Enforce the correct namespace of rrdp files.
903: <li>Fail certificate verification if a certificate contains unknown
904: critical extensions.
905: <li>Improve cleanup of rrdp directory contents.
906: <li>Introduce a validated cache which holds all the files that have
907: successfully been verified by rpki-client.
1.24 benno 908: <li>Add a new option '-f <file>' to validate a signed object in a file
1.22 benno 909: against the RPKI cache.
910: <li>Add various RFC 6488 compliance checks to improve the CMS parser.
911: <li>Improve RRDP replication through less aggressive cache cleanup.
912: <li>Add a check whether a given Manifest EE certificate is listed on the
913: applicable CRL.
914: <li>For forward compatibility permit ASPA object to appear on Manifests.
1.24 benno 915: <li>Various improvements to the '-f <file>' diagnostic option to
1.22 benno 916: now also validate files containing Trust Anchor certs and CRLs.
917: <li>Do not apply timezone offsets when converting X509 times. X509
918: times are in UTC and comparing them to times in different timezones
919: would cause validity problems.
920: </ul>
921: <!-- bgpd -->
922: <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
923: <ul>
1.29 jsg 924: <li>The <a href="https://man.openbsd.org/bgpd.8">bgpd</a> login
1.22 benno 925: class datasize attribute (in <a
926: href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>) was set
927: to either 16G or 1G, depending on architecture.
1.34 claudio 928: <li>Macro expansion in the config file was improved. It is now possible
929: to expand 'set large-community $myAS:$location:$transit'.
930: <li>Added a "port" option to "listen on" and the "neighbor" section
931: in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> to make it
1.22 benno 932: possible to bind and connect to non-default ports.
1.34 claudio 933: <li>The RIB codebase was refactored in order to add multipath
934: support in an upcoming release.
1.22 benno 935: </ul>
1.1 deraadt 936: </ul>
937:
938: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
939: <ul>
1.7 benno 940: <li>Fixed a crash in <a
941: href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
942: multiple clients is destroyed but tmux does not close completely due
943: to other sessions.
944: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
945: redraw problem on automargin terminals.
946: <li>Fixed a problem with repeat in <a
947: href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
948: <li>Added -T to set a popup title in <a
949: href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
950: <li>Added -s and -S to <a
951: href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
952: popup and border style.
953: <li>Fixed application-set fg and bg in <a
954: href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
955: <li>Added a way to force a color to RGB in <a
956: href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
957: display it.
1.10 benno 958: <li>Added a cursor-colour option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
959: <li>Added a cursor-style option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.11 benno 960: <li>Added a pane-border-format pane option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
961: <li>Added attempts to turn on less-capable mouse modes when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> turns on more-capable ones, in case the terminal doesn't support the desired mode.
1.14 benno 962: <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to show arrows for the active pane indicator.
963: <li>Added a key in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode to toggle the position indicator.
1.15 benno 964: <li>Added an option in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to set the character for unused areas of the terminal.
965: <li>Add <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to control if it scrolls into history on clear.
966: <li>Added OSC 7 capability to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> for setting titles.
1.1 deraadt 967: </ul>
968:
1.24 benno 969: <li>LibreSSL version XXX <!-- XXX -->
1.1 deraadt 970: <ul>
971: <li>New Features
972: <ul>
1.9 inoguchi 973: <li>The RFC 3779 API was ported from OpenSSL.<br>
974: Many bugs were fixed, regression tests were added and the code was cleaned up.
975: <li>Certificate Transparency was ported from OpenSSL.<br>
976: Many internal improvements were made, resulting in cleaner and safer code.<br>
977: Regress coverage was added. libssl does not yet make use of it.
1.1 deraadt 978: </ul>
979:
980: <li>Portable Improvements
981: <ul>
1.9 inoguchi 982: <li>Enabled ASAN CI on Linux platform.<br>
983: Thanks to Ilya Shipitsin (chipitsine <at> gmail com).
984: <li>Fixed various POSIX compliance and other portability issues<br>
985: found by the port to the Sortix operating system.
986: <li>Add libmd as platform specific libraries for Solaris.<br>
987: Issue reported from (ihsan <at> opencsw org) on libressl ML.
988: <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
989: Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
990: <li>Enabled and scheduled Coverity scan.<br>
991: Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github.
1.1 deraadt 992: </ul>
993:
1.9 inoguchi 994: <li>Compatibility Changes
995: <ul>
996: <li>Most structs that were previously defined in the following headers
997: are now opaque as they are in OpenSSL 1.1:<br>
998: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
999: x509.h, x509v3.h, x509_vfy.h
1000: <li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
1001: OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
1002: of using something consistent with the previous naming.<br>
1003: Various test suites expect these names (instead of checking for the much
1004: more sensible cipher numbers).<br>
1005: The old names are still accepted as aliases.
1006: <li>Subject alternative names and name constraints are now validated
1007: when they are added to certificates.<br>
1008: Various interoperability problems with stacks that validate
1009: certificates more strictly than OpenSSL can be avoided this way.
1010: <li>Attempt to opportunistically use the host name for SNI in s_client
1011: </ul>
1012:
1013: <li>Bug fixes
1.1 deraadt 1014: <ul>
1.9 inoguchi 1015: <li>Avoid infinite loop for custom curves of order 1.<br>
1016: Found and reported with a reproducer by Hanno Boeck.
1017: Helpful comments and analysis from David Benjamin.
1018: <li>Avoid infinite loop on parsing DSA private keys.<br>
1019: Issue reported with reproducers by Hanno Boeck.
1020: Additional variants and analysis by David Benjamin.
1021: <li>A malicious certificate can cause an infinite loop.<br>
1022: Reported by and fix from Tavis Ormandy and David Benjamin, Google.
1023: <li>In some situations, the verifier would discard the error on an
1024: unvalidated certificate chain.<br>
1025: This would happen when the verification callback was in use,
1026: instructing the verifier to continue unconditionally.<br>
1027: This could lead to incorrect decisions being made in software.
1028: <li>Avoid an infinite loop in SSL_shutdown()
1029: <li>Fix another return 0 bug in SSL_shutdown()
1030: <li>Handle zero byte reads/writes that trigger handshakes in the
1031: TLSv1.3 stack
1032: <li>A long standing memleak in libtls CRL handling was fixed
1.1 deraadt 1033: </ul>
1034:
1.9 inoguchi 1035: <li>Internal Improvements
1.1 deraadt 1036: <ul>
1.9 inoguchi 1037: <li>Cache the SHA-512 hash instead of the SHA-1 hash and cache
1038: notBefore and notAfter times when X.509 certificates are parsed.
1039: <li>The X.509 lookup code has been simplified and cleaned up.
1040: <li>Fixed numerous issues flagged by coverity and the cryptofuzz project
1041: <li>Increased the number of Miller-Rabin checks in DH and DSA
1042: key/parameter generation
1043: <li>Started using the bytestring API in libcrypto for cleaner and
1044: safer code
1045: <li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
1046: ASN1
1047: <li>Convert ASN1_OBJECT_new() to calloc()
1048: <li>Convert ASN1_STRING_type_new() to calloc()
1049: <li>Rewrite ASN1_STRING_cmp()
1050: <li>Use calloc() for X509_CRL_METHOD_new() instead of malloc()
1051: <li>Convert ASN1_PCTX_new() to calloc()
1052: <li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
1053: <li>Consolidate {d2i,i2d}_{pr,pu}.c
1054: <li>Remove handling of a NULL BUF_MEM from asn1_collect()
1055: <li>Pull the recursion depth check up to the top of asn1_collect()
1056: <li>Inline collect_data() in asn1_collect()
1057: <li>Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
1058: <li>Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
1059: <li>Consolidate ASN.1 universal tag type data
1060: <li>Rewrite ASN.1 identifier/length parsing in CBS
1061: <li>Make OBJ_obj2nid() work correctly with NID_undef
1062: <li>tlsext_tick_lifetime_hint is now an uint32_t
1063: <li>Untangle ssl3_get_message() return values
1064: <li>Rename tls13_buffer to tls_buffer
1065: <li>Fold DTLS_STATE_INTERNAL into DTLS1_STATE
1066: <li>Provide a way to determine our maximum legacy version
1067: <li>Mop up enc_read_ctx and read_hash
1068: <li>Fold SSL_SESSION_INTERNAL into SSL_SESSION
1069: <li>Use ssl_force_want_read in the DTLS code
1070: <li>Add record processing limit to DTLS code
1071: <li>Add explicit CBS_contains_zero_byte() check in CBS_strdup()
1072: <li>Improve SNI hostname validation
1073: <li>Ensure SSL_set_tlsext_host_name() is given a valid hostname
1074: <li>Fix a strange check in the auto DH codepath
1075: <li>Factor out/rewrite DHE key exchange
1076: <li>Convert server serialisation of DHE parameters/public key to new
1077: functions
1078: <li>Check DH public key in ssl_kex_peer_public_dhe()
1079: <li>Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
1080: <li>Clean up and refactor server side DHE key exchange
1081: <li>Provide CBS_get_last_u8()
1082: <li>Provide CBS_get_u64()
1083: <li>Provide CBS_add_u64()
1084: <li>Provide various CBS_peek_* functions
1085: <li>Use CBS_get_last_u8() to find the content type in TLSv1.3 records
1086: <li>unifdef TLS13_USE_LEGACY_CLIENT_AUTH
1087: <li>Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
1088: <li>Only allow zero length key shares when we know we're doing HRR
1089: <li>Pull key share group/length CBB code up from
1090: tls13_key_share_public()
1091: <li>Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
1092: validation
1093: <li>Return 0 on failure from send/get kex functions in the legacy
1094: stack
1095: <li>Rename tls13_key_share to tls_key_share
1096: <li>Allocate and free the EVP_AEAD_CTX struct in
1097: tls13_record_protection
1098: <li>Convert legacy TLS client to tls_key_share
1099: <li>Convert legacy TLS server to tls_key_share
1100: <li>Stop attempting to duplicate the public and private key of dh_tmp
1101: <li>Rename dh_tmp to dhe_params
1102: <li>Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
1103: <li>Clean up pkey handling in ssl3_get_server_key_exchange()
1104: <li>Fix GOST skip certificate verify handling
1105: <li>Simplify tlsext_keyshare_server_parse()
1106: <li>Plumb decode errors through key share parsing code
1107: <li>Simplify SSL_get_peer_certificate()
1108: <li>Cleanup/simplify ssl_cert_type()
1109: <li>The S3I macro was removed
1110: <li>The openssl(1) cms, smime and ts subcommands option handling was
1111: converted and the C source was cleaned up.
1.1 deraadt 1112: </ul>
1113:
1.9 inoguchi 1114: <li>Documentation improvements
1.1 deraadt 1115: <ul>
1.9 inoguchi 1116: <li>45 new manual pages, most of which were written from scratch.<br>
1117: Documentation coverage of ASN.1 and X.509 code has been
1118: significantly improved.
1.1 deraadt 1119: </ul>
1120:
1.9 inoguchi 1121: <li>API additions and removals
1.1 deraadt 1122: <ul>
1.9 inoguchi 1123: <li>libssl
1124: <ul>
1125: <li>API additions
1126: <ul>
1127: <li>SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
1128: </ul>
1129: <li>API stubs for compatibility
1130: <ul>
1131: <li>SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets<br>
1132: SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets<br>
1133: SSL_get_num_tickets SSL_set_num_tickets
1134: </ul>
1135: </ul>
1136: <li>libcrypto
1137: <ul>
1138: <li>added API (some of these were previously available as macros):
1139: <ul>
1140: <li>ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free<br>
1141: ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new<br>
1142: ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex<br>
1143: BIO_get_init BIO_set_callback_ex BIO_set_next<br>
1144: BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old<br>
1145: BN_abs_is_word BN_get_flags BN_is_negative<br>
1146: BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags<br>
1147: BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free<br>
1148: CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file<br>
1149: CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free<br>
1150: CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key<br>
1151: CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free<br>
1152: CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer<br>
1153: CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time<br>
1154: CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert<br>
1155: CT_POLICY_EVAL_CTX_set1_issuer<br>
1156: CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE<br>
1157: CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key<br>
1158: DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g<br>
1159: DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q<br>
1160: ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free<br>
1161: EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst<br>
1162: EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data<br>
1163: EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx<br>
1164: EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new<br>
1165: EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup<br>
1166: EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final<br>
1167: EVP_MD_meth_set_flags EVP_MD_meth_set_init<br>
1168: EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size<br>
1169: EVP_MD_meth_set_update EVP_PKEY_asn1_set_check<br>
1170: EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check<br>
1171: EVP_PKEY_check EVP_PKEY_meth_set_check<br>
1172: EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check<br>
1173: EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode<br>
1174: FIPS_mode_set IPAddressChoice_free IPAddressChoice_new<br>
1175: IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free<br>
1176: IPAddressOrRange_new IPAddressRange_free IPAddressRange_new<br>
1177: OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id<br>
1178: OCSP_resp_get0_produced_at OCSP_resp_get0_respdata<br>
1179: OCSP_resp_get0_signature OCSP_resp_get0_signer<br>
1180: OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional<br>
1181: RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp<br>
1182: RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q<br>
1183: SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free<br>
1184: SCT_get0_extensions SCT_get0_log_id SCT_get0_signature<br>
1185: SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source<br>
1186: SCT_get_timestamp SCT_get_validation_status SCT_get_version<br>
1187: SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions<br>
1188: SCT_set0_log_id SCT_set0_signature SCT_set1_extensions<br>
1189: SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type<br>
1190: SCT_set_signature_nid SCT_set_source SCT_set_timestamp<br>
1191: SCT_set_version SCT_validate SCT_validation_status_string<br>
1192: X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey<br>
1193: X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject<br>
1194: X509_STORE_CTX_get_num_untrusted<br>
1195: X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify<br>
1196: X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain<br>
1197: X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth<br>
1198: X509_STORE_CTX_set_verify X509_STORE_get_verify<br>
1199: X509_STORE_get_verify_cb X509_STORE_set_verify<br>
1200: X509_get_X509_PUBKEY X509_get_extended_key_usage<br>
1201: X509_get_extension_flags X509_get_key_usage<br>
1202: X509v3_addr_add_inherit X509v3_addr_add_prefix<br>
1203: X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi<br>
1204: X509v3_addr_get_range X509v3_addr_inherits<br>
1205: X509v3_addr_is_canonical X509v3_addr_subset<br>
1206: X509v3_addr_validate_path X509v3_addr_validate_resource_set<br>
1207: X509v3_asid_add_id_or_range X509v3_asid_add_inherit<br>
1208: X509v3_asid_canonize X509v3_asid_inherits<br>
1209: X509v3_asid_is_canonical X509v3_asid_subset<br>
1210: X509v3_asid_validate_path X509v3_asid_validate_resource_set<br>
1211: d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers<br>
1212: d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily<br>
1213: d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST<br>
1214: i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers<br>
1215: i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily<br>
1216: i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST<br>
1217: i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT<br>
1218: i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
1219: </ul>
1220: <li>removed API:
1221: <ul>
1222: <li>ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss<br>
1223: EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init<br>
1224: NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new<br>
1225: NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free<br>
1226: NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit<br>
1227: PEM_SealUpdate PEM_read_X509_CERT_PAIR<br>
1228: PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR<br>
1229: PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free<br>
1230: X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb<br>
1231: asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore<br>
1232: asn1_enc_save asn1_ex_c2i asn1_get_choice_selector<br>
1233: asn1_get_field_ptr asn1_set_choice_selector check_defer<br>
1234: d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY<br>
1235: d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET<br>
1236: d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY<br>
1237: i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET<br>
1238: i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
1239: </ul>
1240: </ul>
1.1 deraadt 1241: </ul>
1242: </ul>
1243:
1.24 benno 1244: <li>OpenSSH version XXX <!-- XXX -->
1.1 deraadt 1245: <ul>
1246: <li>Security
1247: <ul>
1.4 benno 1248: <li>...
1.1 deraadt 1249: </ul>
1250: <li>Potentially incompatible changes
1251: <ul>
1.4 benno 1252: <li>...
1.1 deraadt 1253: </ul>
1254:
1255: <li>New features
1256: <ul>
1.4 benno 1257: <li>...
1.1 deraadt 1258: </ul>
1259:
1260: <li>Bugfixes
1261: <ul>
1.4 benno 1262: <li>...
1.1 deraadt 1263: </ul>
1264: </ul>
1265:
1.13 schwarze 1266: <li>mandoc 1.14.6 plus several bugfixes, including:
1.1 deraadt 1267: <ul>
1.13 schwarze 1268: <li>Fixed <a href="https://man.openbsd.org/man.1">man(1)</a>
1269: to always read the configuration file and respect
1270: the other directives contained in it,
1271: even when the manpath is overridden by other means.
1272: <li>Fixed a memory leak in
1273: <a href="https://man.openbsd.org/man.1">man(1)</a>
1274: that mattered when many names were given on the command line.
1275: <li>Fixed a small memory leak in the
1276: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parser
1277: that occurred each time a user-defined macro was called.
1278: <li>Fixed the width of the <code>\h</code> (horizontal motion)
1279: <a href="https://man.openbsd.org/roff.7">roff(7)</a>
1280: escape sequence in the PostScript and PDF output modes.
1.15 benno 1281: <li>Avoid legacy CSS2 syntax and use CSS3 two-value syntax in <a
1282: href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
1.1 deraadt 1283: </ul>
1284:
1285: <li>Ports and packages:
1286: <p>Many pre-built packages for each architecture:
1287: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
1288: <ul style="column-count: 3">
1.36 ! naddy 1289: <li>aarch64: 11081
1.17 naddy 1290: <li>amd64: 11301
1.20 deraadt 1291: <li>arm: XXXX
1292: <li>i386: 10136
1.1 deraadt 1293: <li>mips64: XXXX
1294: <li>powerpc: XXXX
1295: <li>powerpc64: XXXX
1296: <li>riscv64: XXXX
1297: <li>sparc64: XXXX
1298: </ul>
1299:
1300: <p>Some highlights:
1301: <ul style="column-count: 3">
1.12 sthen 1302: <li>Asterisk 16.25.1, 18.11.1 and 19.3.1
1.1 deraadt 1303: <li>Audacity 2.4.2
1304: <li>CMake 3.20.3
1.5 jsg 1305: <li>Chromium 100.0.4896.75
1.1 deraadt 1306: <li>Emacs 27.2
1.5 jsg 1307: <li>FFmpeg 4.4.1
1.1 deraadt 1308: <li>GCC 8.4.0 and 11.2.0
1309: <li>GHC 8.10.6
1.5 jsg 1310: <li>GNOME 41.5
1311: <li>Go 1.17.7
1312: <li>JDK 8u322, 11.0.14 and 17.0.2
1313: <li>KDE Applications 21.12.2
1314: <li>KDE Frameworks 5.91.0
1315: <li>Krita 5.0.2
1316: <li>LLVM/Clang 13.0.0
1317: <li>LibreOffice 7.3.2.2
1.1 deraadt 1318: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.5 jsg 1319: <li>MariaDB 10.6.7
1.1 deraadt 1320: <li>Mono 6.12.0.122
1.5 jsg 1321: <li>Mozilla Firefox 99.0 and ESR 91.8.0
1322: <li>Mozilla Thunderbird 91.8.0
1323: <li>Mutt 2.2.2 and NeoMutt 20211029
1324: <li>Node.js 16.14.2
1325: <li>OCaml 4.12.1
1.1 deraadt 1326: <li>OpenLDAP 2.4.59
1.5 jsg 1327: <li>PHP 7.4.28, 8.0.17 and 8.1.4
1328: <li>Postfix 3.5.14
1329: <li>PostgreSQL 14.2
1330: <li>Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4
1.1 deraadt 1331: <li>Qt 5.15.2 and 6.0.4
1.5 jsg 1332: <li>R 4.1.2
1333: <li>Ruby 2.7.5, 3.0.3 and 3.1.1
1334: <li>Rust 1.59.0
1335: <li>SQLite 2.8.17 and 3.38.2
1336: <li>Shotcut 21.10.31
1337: <li>Sudo 1.9.10
1338: <li>Suricata 6.0.4
1.1 deraadt 1339: <li>Tcl/Tk 8.5.19 and 8.6.8
1.5 jsg 1340: <li>TeX Live 2021
1341: <li>Vim 8.2.4600 and Neovim 0.6.1
1.1 deraadt 1342: <li>Xfce 4.16
1343: </ul>
1344: <p>
1345:
1346: <li>As usual, steady improvements in manual pages and other documentation.
1347:
1348: <li>The system includes the following major components from outside suppliers:
1349: <ul>
1.5 jsg 1350: <li>Xenocara (based on X.Org 7.7 with xserver 1.21.1.3 + patches,
1351: freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369,
1.1 deraadt 1352: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1.5 jsg 1353: <li>LLVM/Clang 13.0.0 (+ patches)
1.1 deraadt 1354: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1355: <li>Perl 5.32.1 (+ patches)
1.5 jsg 1356: <li>NSD 4.4.0
1357: <li>Unbound 1.15.0
1.1 deraadt 1358: <li>Ncurses 5.7
1359: <li>Binutils 2.17 (+ patches)
1360: <li>Gdb 6.3 (+ patches)
1.10 benno 1361: <li>Awk October 12, 2021
1.5 jsg 1362: <li>Expat 2.4.7
1.1 deraadt 1363: </ul>
1364:
1365: </ul>
1366: </section>
1367:
1368: <hr>
1369:
1370: <section id=install>
1371: <h3>How to install</h3>
1372: <p>
1373: Please refer to the following files on the mirror site for
1374: extensive details on how to install OpenBSD 7.1 on your machine:
1375:
1376: <ul>
1377: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
1378: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
1379: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
1380: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
1381: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
1382: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
1383: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
1384: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
1385: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
1386: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
1387: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
1388: .../OpenBSD/7.1/i386/INSTALL.i386</a>
1389: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
1390: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
1391: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
1392: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
1393: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
1394: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
1395: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
1396: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
1397: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
1398: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
1399: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
1400: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
1401: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
1402: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
1403: </ul>
1404: </section>
1405:
1406: <hr>
1407:
1408: <section id=quickinstall>
1409: <p>
1410: Quick installer information for people familiar with OpenBSD, and the use of
1411: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1412: If you are at all confused when installing OpenBSD, read the relevant
1413: INSTALL.* file as listed above!
1414:
1415: <h3>OpenBSD/alpha:</h3>
1416:
1417: <p>
1418: If your machine can boot from CD, you can write <i>install71.iso</i> or
1419: <i>cd71.iso</i> to a CD and boot from it.
1420: Refer to INSTALL.alpha for more details.
1421:
1422: <h3>OpenBSD/amd64:</h3>
1423:
1424: <p>
1425: If your machine can boot from CD, you can write <i>install71.iso</i> or
1426: <i>cd71.iso</i> to a CD and boot from it.
1427: You may need to adjust your BIOS options first.
1428:
1429: <p>
1430: If your machine can boot from USB, you can write <i>install71.img</i> or
1431: <i>miniroot71.img</i> to a USB stick and boot from it.
1432:
1433: <p>
1434: If you can't boot from a CD, floppy disk, or USB,
1435: you can install across the network using PXE as described in the included
1436: INSTALL.amd64 document.
1437:
1438: <p>
1439: If you are planning to dual boot OpenBSD with another OS, you will need to
1440: read INSTALL.amd64.
1441:
1442: <h3>OpenBSD/arm64:</h3>
1443:
1444: <p>
1445: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
1446: after connecting to the serial console. Refer to INSTALL.arm64 for more
1447: details.
1448:
1449: <h3>OpenBSD/armv7:</h3>
1450:
1451: <p>
1452: Write a system specific miniroot to an SD card and boot from it after connecting
1453: to the serial console. Refer to INSTALL.armv7 for more details.
1454:
1455: <h3>OpenBSD/hppa:</h3>
1456:
1457: <p>
1458: Boot over the network by following the instructions in INSTALL.hppa or the
1459: <a href="hppa.html#install">hppa platform page</a>.
1460:
1461: <h3>OpenBSD/i386:</h3>
1462:
1463: <p>
1464: If your machine can boot from CD, you can write <i>install71.iso</i> or
1465: <i>cd71.iso</i> to a CD and boot from it.
1466: You may need to adjust your BIOS options first.
1467:
1468: <p>
1469: If your machine can boot from USB, you can write <i>install71.img</i> or
1470: <i>miniroot71.img</i> to a USB stick and boot from it.
1471:
1472: <p>
1473: If you can't boot from a CD, floppy disk, or USB,
1474: you can install across the network using PXE as described in
1475: the included INSTALL.i386 document.
1476:
1477: <p>
1478: If you are planning on dual booting OpenBSD with another OS, you will need to
1479: read INSTALL.i386.
1480:
1481: <h3>OpenBSD/landisk:</h3>
1482:
1483: <p>
1484: Write <i>miniroot71.img</i> to the start of the CF
1485: or disk, and boot normally.
1486:
1487: <h3>OpenBSD/luna88k:</h3>
1488:
1489: <p>
1490: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1491: from the PROM, and then bsd.rd from the bootloader.
1492: Refer to the instructions in INSTALL.luna88k for more details.
1493:
1494: <h3>OpenBSD/macppc:</h3>
1495:
1496: <p>
1497: Burn the image from a mirror site to a CDROM, and power on your machine
1498: while holding down the <i>C</i> key until the display turns on and
1499: shows <i>OpenBSD/macppc boot</i>.
1500:
1501: <p>
1502: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1503: /7.1/macppc/bsd.rd</i>
1504:
1505: <h3>OpenBSD/octeon:</h3>
1506:
1507: <p>
1508: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1509: Refer to the instructions in INSTALL.octeon for more details.
1510:
1511: <h3>OpenBSD/powerpc64:</h3>
1512:
1513: <p>
1514: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1515: USB stick, plug it into the machine and choose the <i>OpenBSD
1516: install</i> menu item in Petitboot.
1517: Refer to the instructions in INSTALL.powerpc64 for more details.
1518:
1519: <h3>OpenBSD/riscv64:</h3>
1520:
1521: <p>
1522: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
1523: USB stick, and boot with that drive plugged in.
1524: Make sure you also have the microSD card plugged in that shipped with the
1525: HiFive Unmatched board.
1526: Refer to the instructions in INSTALL.riscv64 for more details.
1527:
1528: <h3>OpenBSD/sparc64:</h3>
1529:
1530: <p>
1531: Burn the image from a mirror site to a CDROM, boot from it, and type
1532: <i>boot cdrom</i>.
1533:
1534: <p>
1535: If this doesn't work, or if you don't have a CDROM drive, you can write
1536: <i>floppy71.img</i> or <i>floppyB71.img</i>
1537: (depending on your machine) to a floppy and boot it with <i>boot
1538: floppy</i>. Refer to INSTALL.sparc64 for details.
1539:
1540: <p>
1541: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1542: will most likely fail.
1543:
1544: <p>
1545: You can also write <i>miniroot71.img</i> to the swap partition on
1546: the disk and boot with <i>boot disk:b</i>.
1547:
1548: <p>
1549: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1550: </section>
1551:
1552: <hr>
1553:
1554: <section id=upgrade>
1555: <h3>How to upgrade</h3>
1556: <p>
1.6 tj 1557: If you already have an OpenBSD 7.0 system, and do not want to reinstall,
1.1 deraadt 1558: upgrade instructions and advice can be found in the
1559: <a href="faq/upgrade71.html">Upgrade Guide</a>.
1560: </section>
1561:
1562: <hr>
1563:
1564: <section id=sourcecode>
1565: <h3>Notes about the source code</h3>
1566: <p>
1567: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1568: This file contains everything you need except for the kernel sources,
1569: which are in a separate archive.
1570: To extract:
1571: <blockquote><pre>
1572: # <kbd>mkdir -p /usr/src</kbd>
1573: # <kbd>cd /usr/src</kbd>
1574: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1575: </pre></blockquote>
1576: <p>
1577: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1578: This file contains all the kernel sources you need to rebuild kernels.
1579: To extract:
1580: <blockquote><pre>
1581: # <kbd>mkdir -p /usr/src/sys</kbd>
1582: # <kbd>cd /usr/src</kbd>
1583: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1584: </pre></blockquote>
1585: <p>
1586: Both of these trees are a regular CVS checkout. Using these trees it
1587: is possible to get a head-start on using the anoncvs servers as
1588: described <a href="anoncvs.html">here</a>.
1589: Using these files
1590: results in a much faster initial CVS update than you could expect from
1591: a fresh checkout of the full OpenBSD source tree.
1592: </section>
1593:
1594: <hr>
1595:
1596: <section id=ports>
1597: <h3>Ports Tree</h3>
1598: <p>
1599: A ports tree archive is also provided. To extract:
1600: <blockquote><pre>
1601: # <kbd>cd /usr</kbd>
1602: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1603: </pre></blockquote>
1604: <p>
1605: Go read the <a href="faq/ports/index.html">ports</a> page
1606: if you know nothing about ports
1607: at this point. This text is not a manual of how to use ports.
1608: Rather, it is a set of notes meant to kickstart the user on the
1609: OpenBSD ports system.
1610: <p>
1611: The <i>ports/</i> directory represents a CVS checkout of our ports.
1612: As with our complete source tree, our ports tree is available via
1613: <a href="anoncvs.html">AnonCVS</a>.
1614: So, in order to keep up to date with the -stable branch, you must make
1615: the <i>ports/</i> tree available on a read-write medium and update the tree
1616: with a command like:
1617: <blockquote><pre>
1618: # <kbd>cd /usr/ports</kbd>
1619: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1620: </pre></blockquote>
1621: <p>
1622: [Of course, you must replace the server name here with a nearby anoncvs
1623: server.]
1624: <p>
1625: Note that most ports are available as packages on our mirrors. Updated
1626: ports for the 7.1 release will be made available if problems arise.
1627: <p>
1628: If you're interested in seeing a port added, would like to help out, or just
1629: would like to know more, the mailing list
1630: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1631: </section>
1.24 benno 1632: </body>
1633: </html>