Annotation of www/71.html, Revision 1.9
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
5: <title>OpenBSD 7.1</title>
6: <meta name="description" content="OpenBSD 7.1">
7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
9: <link rel="canonical" href="https://www.openbsd.org/71.html">
10:
11: <h2 id=OpenBSD>
12: <a href="index.html">
13: <i>Open</i><b>BSD</b></a>
14: 7.1
15: </h2>
16:
17: <table>
18: <tr>
19: <td>
20: <a href="images/xxx.png">
21: <img width="227" height="303" src="images/xxx-s.png" alt="xxx"></a>
22: <td>
1.6 tj 23: Released May ?, 2022. (52nd OpenBSD release)<br>
1.1 deraadt 24: Copyright 1997-2022, Theo de Raadt.<br>
25: <br>
1.3 job 26: Artwork by Luc Houweling.
1.1 deraadt 27: <br>
28: <ul>
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus71.html">detailed log of changes</a> between the
36: 7.0 and 7.1 releases.
37: <p>
38: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
39: pubkeys for this release:<p>
40:
41: <table class=signify>
42: <tr><td>
43: openbsd-71-base.pub:
44: <td>
45: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
46: RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
47: <tr><td>
48: openbsd-71-fw.pub:
49: <td>
50: RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
51: <tr><td>
52: openbsd-71-pkg.pub:
53: <td>
54: RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
55: <tr><td>
56: openbsd-71-syspatch.pub:
57: <td>
58: RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
59: </table>
60: </ul>
61: <p>
62: All applicable copyrights and credits are in the src.tar.gz,
63: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
64: files fetched via <code>ports.tar.gz</code>.
65: </table>
66:
67: <hr>
68:
69: <section id=new>
70: <h3>What's New</h3>
71: <p>
72: This is a partial list of new features and systems included in OpenBSD 7.1.
73: For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
74: to 7.1.
75:
76: <ul>
77:
78: <li>New/extended platforms:
79: <ul>
80: <li>The <a href="arm64.html">arm64</a> platform support was improved with the following changes:
81: <ul>
1.4 benno 82: <li>Support for Apple Silicon Macs has improved and is ready for general use:
1.1 deraadt 83: <ul>
1.4 benno 84: <li>...
1.1 deraadt 85: </ul>
1.4 benno 86: <li>...
1.1 deraadt 87: </ul>
88: <li>Changes on other architectures:
89: <ul>
1.7 benno 90: <li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
1.1 deraadt 91: </ul>
92: </ul>
93:
94: <li>Various kernel improvements:
95: <ul>
1.7 benno 96: <li>Fixed memory leak in <a
97: href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
98: href="https://man.openbsd.org/namei.9">namei(9)</a>.
99: <li>Made redistributable firmwares available across all architectures.
100: <li>Fixed establishing legacy INTx interrupts on machines without a (usable) MSI interrupt controller.
101: <li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
102: href="https://man.openbsd.org/open.2">open(2)</a>/<a
103: href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
104: creating files.
105:
1.1 deraadt 106: </ul>
107:
108: <li>SMP Improvements
109: <ul>
1.7 benno 110: <li>Made pipe event filters MP-safe.
111: <li>Set klist lock for sockets to make socket event filters MP-safe.
112: <li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
113: <a href="https://man.openbsd.org/select.2">select(2)</a>, <a
114: href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
115: href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
116: kqueue.
117: <li>Unlocked top part of UVM fault hander on mips64. <!--- XXX move? --->
118:
1.1 deraadt 119: </ul>
120:
121: <li>Direct Rendering Manager
122: <ul>
1.5 jsg 123: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
124: to Linux 5.15.26
125: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
126: support for Elkhart Lake, Jasper Lake, Rocket Lake
127: <li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
128: support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
129: Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
130: Navi 24 "Beige Goby"
1.1 deraadt 131: </ul>
132:
133: <li>VMM/VMD improvements
134: <ul>
1.8 dv 135: <li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
136: switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
137: vmd(8)</a>.
138: <li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
139: would exit when requesting a new VM and hitting memory resource
140: limits.
141: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
142: corruption on Intel hosts.
143: <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
144: clamping when the host has an invariant TSC.
145: <li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
146: vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
147: running guests.
148: <li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
149: vmd(8)</a> on amd64.
1.1 deraadt 150: </ul>
151:
152: <li>Various new userland features:
153: <ul>
154:
1.7 benno 155: <li>Added <a
156: href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
157: for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
158: use in ports.
159: <li>Removed an unused decoding of c/h/s from the MBR read from disk
160: by <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
161: <li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
162: "disk" editing command.
163: <li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
164: rogue" to show daemons which are running but not set as "enabled" in
165: <a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
166: <li>Provided common <a
167: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
168: kprofile.bt (to save kernel stackframes and produce flamegraphs) and
169: runqlat.bt (to measure the latency of the scheduler runqueues).
170:
1.1 deraadt 171: </ul>
172:
173: <li>Various bugfixes and tweaks in userland:
174: <ul>
1.7 benno 175:
176: <li>Removed the constraint that <a
177: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b specified block
178: count or block size must be greater than 63.
179: <li>Stopped <a
180: href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> from
181: communicating warnings starting with "XXX" which appeared to indicate
182: errors.
183: <li>Merged bugfixes from upstream into <a
184: href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
185: the prompt hiding feature (CTRL-P) and an integer overflow.
186: <li>Fixed file descriptor leak of /dev/tty on <a
187: href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
188: <li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
189: <a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
190: href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
191: href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
192: implementations from NetBSD with the existing FreeBSD implementations
193: we were already using for <a
194: href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
195: href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
196: <li>Renamed Pacific/Enderbury timezone to Pacific/Kanton.
197: <li>Called <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
198: later to prevent it from killing various games using ncurses when both
199: stdout and stderr are redirected to a non-tty.
200:
1.1 deraadt 201: </ul>
202:
203: <li>Improved hardware support and driver bugfixes, including:
204: <ul>
1.7 benno 205: <li>Introduced <a
206: href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
207: driver providing support for battery chargers connected to GPIO pins,
208: such as those found on the Pinebook Pro.
209: <li>Introduced <a
210: href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
211: driver providing support for LEDs connected to GPIO pins, such as
212: those found on the Pinebook Pro.
213: <li>Added support to <a
214: href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
215: Lake H and Tiger Lake H platforms.
216: <li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
217: is present with an attached <a
218: href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
219: <li>Fixed an interrupt storm on <a
220: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
221: support Energy Efficient Ethernet when connected to a switch which
222: does so as well.
223: <li>Added support for tpm2 CRB interface to <a
224: href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
225: regressions on the Surface Go 2 caused by a firmware change.
226: ` <li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
227: device tree with at least one page of free space to extend into. This
228: fixes booting on VMWare Fusion.
229:
1.1 deraadt 230: </ul>
231:
232: <li>New or improved network hardware support:
233: <ul>
1.7 benno 234: <li>Added support to <a href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
235:
236: <li>Fixed an interrupt storm on <a
237: href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
238: support Energy Efficient Ethernet when connected to a switch which
239: does so as well.
240:
1.1 deraadt 241: </ul>
242:
243: <li>Added or improved wireless network drivers:
244: <ul>
1.7 benno 245: <li>Reset the Tx timer upon validation of a BA notification sent by
246: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
247: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware.
248: <li>Prevented <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
249: <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attempts to
250: transition toward the same state where this would result in a
251: redundant or illegal state transition and a potential hang.
252: <li>Fixed a panic when <a
253: href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
254: at boot time.
255: <li>Added relicensed wireless firmwares from Realtek for <a
256: href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
257: href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
258: href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
259: these devices to work without requiring a separate firmware download.
260: <li>Added a workaround for buggy <a
261: href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
262: filling up the node cache when used in hostap mode.
263: <li>Applied a workaround in <a
264: href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
265: external abort under load with <a
266: href="https://man.openbsd.org/athn.4">athn(4)</a>.
267: <li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
268: performance drop after roaming between APs in 11n mode.
269: <li>Ensured <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses
270: only the HT (high throughput) frame format for data frames.
271: <li>Allowed AUTH->AUTH state transitions in the <a
272: href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
273: href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers again, needed
274: if the access point uses band-steering.
275: <li>Added support for 802.11n 40MHz channels to the <a
276: href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
277: <li>Reverted to use <a
278: href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
279: AC 7265, fixing instability issues on X1 Carbon gen3.
280: <li>Cached the old BSSID when roaming with <a
281: href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
282: <li>Explicitly stopped <a
283: href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack when
284: roaming between access points.
285: <li>Added initial 40MHz support to the <a
286: href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
287:
1.1 deraadt 288: </ul>
289:
290: <li>IEEE 802.11 wireless stack improvements and bugfixes:
291: <ul>
1.7 benno 292: <li>Added <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> Tx aggregation support.
293: <li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
294: <li>Cached the old BSSID when roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> so firmware commands can continue using it while roaming to a new AP.
295: <li>Added support for 40MHz channels to net80211 RA.
296: <li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
297:
298:
1.1 deraadt 299: </ul>
300:
301: <li>Generic network stack improvements and bugfixes:
302: <ul>
1.7 benno 303: <li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
1.1 deraadt 304: </ul>
305:
306: <li>Installer and upgrade improvements:
307: <ul>
1.7 benno 308: <li>Corrected installer to use "inet autoconf" properly for <a
309: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
310: <li>Stopped prompting whether to fall back to HTTP in the installer, making the fallback automatic.
311: <li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
312: "join" command by default in <a
313: href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
314: replacing the old "nwid".
315:
1.1 deraadt 316: </ul>
317:
318: <li>Security improvements:
319: <ul>
1.7 benno 320: <li>Cleared length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
321: <li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
322: <li>Fixed double free after allocation failure in <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
323: <li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
324: <li>Fixed a panic by prohibiting renames of tmpfs mount-points.
325: <li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> use after free with unsaved buffer. <!-- XXX move? -->
326:
1.1 deraadt 327: </ul>
328:
329: <li>Routing daemons and other userland network improvements:
330: <ul>
1.7 benno 331: <li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
332: <li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
333: <li>Fixed <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> to respond with 400 Bad Request when a client sends header lines without a colon.
334: <li>Added protocol version checking to <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
335: <li>Implemented <a href="https://man.openbsd.org/rsync.1">rsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
336: <li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
337: <li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
338: <li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
339: <li>In <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>, stopped sending content alongside responses to HEAD requests.
340: <li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
341: <li>Added <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> custom error page facility.
342:
343:
1.1 deraadt 344: </ul>
345:
346: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
347: <ul>
1.7 benno 348: <li>Fixed a crash in <a
349: href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
350: multiple clients is destroyed but tmux does not close completely due
351: to other sessions.
352: <li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
353: redraw problem on automargin terminals.
354: <li>Fixed a problem with repeat in <a
355: href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
356: <li>Added -T to set a popup title in <a
357: href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
358: <li>Added -s and -S to <a
359: href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
360: popup and border style.
361: <li>Fixed application-set fg and bg in <a
362: href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
363: <li>Added a way to force a color to RGB in <a
364: href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
365: display it.
366:
1.1 deraadt 367: </ul>
368:
1.4 benno 369: <li>OpenSMTPD version <!--- XXX --->
1.1 deraadt 370: <ul>
371: </ul>
372:
1.4 benno 373: <li>LibreSSL version <!--- XXX --->
1.1 deraadt 374: <ul>
375: <li>New Features
376: <ul>
1.9 ! inoguchi 377: <li>The RFC 3779 API was ported from OpenSSL.<br>
! 378: Many bugs were fixed, regression tests were added and the code was cleaned up.
! 379: <li>Certificate Transparency was ported from OpenSSL.<br>
! 380: Many internal improvements were made, resulting in cleaner and safer code.<br>
! 381: Regress coverage was added. libssl does not yet make use of it.
1.1 deraadt 382: </ul>
383:
384: <li>Portable Improvements
385: <ul>
1.9 ! inoguchi 386: <li>Enabled ASAN CI on Linux platform.<br>
! 387: Thanks to Ilya Shipitsin (chipitsine <at> gmail com).
! 388: <li>Fixed various POSIX compliance and other portability issues<br>
! 389: found by the port to the Sortix operating system.
! 390: <li>Add libmd as platform specific libraries for Solaris.<br>
! 391: Issue reported from (ihsan <at> opencsw org) on libressl ML.
! 392: <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
! 393: Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
! 394: <li>Enabled and scheduled Coverity scan.<br>
! 395: Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github.
1.1 deraadt 396: </ul>
397:
1.9 ! inoguchi 398: <li>Compatibility Changes
! 399: <ul>
! 400: <li>Most structs that were previously defined in the following headers
! 401: are now opaque as they are in OpenSSL 1.1:<br>
! 402: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
! 403: x509.h, x509v3.h, x509_vfy.h
! 404: <li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
! 405: OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
! 406: of using something consistent with the previous naming.<br>
! 407: Various test suites expect these names (instead of checking for the much
! 408: more sensible cipher numbers).<br>
! 409: The old names are still accepted as aliases.
! 410: <li>Subject alternative names and name constraints are now validated
! 411: when they are added to certificates.<br>
! 412: Various interoperability problems with stacks that validate
! 413: certificates more strictly than OpenSSL can be avoided this way.
! 414: <li>Attempt to opportunistically use the host name for SNI in s_client
! 415: </ul>
! 416:
! 417: <li>Bug fixes
1.1 deraadt 418: <ul>
1.9 ! inoguchi 419: <li>Avoid infinite loop for custom curves of order 1.<br>
! 420: Found and reported with a reproducer by Hanno Boeck.
! 421: Helpful comments and analysis from David Benjamin.
! 422: <li>Avoid infinite loop on parsing DSA private keys.<br>
! 423: Issue reported with reproducers by Hanno Boeck.
! 424: Additional variants and analysis by David Benjamin.
! 425: <li>A malicious certificate can cause an infinite loop.<br>
! 426: Reported by and fix from Tavis Ormandy and David Benjamin, Google.
! 427: <li>In some situations, the verifier would discard the error on an
! 428: unvalidated certificate chain.<br>
! 429: This would happen when the verification callback was in use,
! 430: instructing the verifier to continue unconditionally.<br>
! 431: This could lead to incorrect decisions being made in software.
! 432: <li>Avoid an infinite loop in SSL_shutdown()
! 433: <li>Fix another return 0 bug in SSL_shutdown()
! 434: <li>Handle zero byte reads/writes that trigger handshakes in the
! 435: TLSv1.3 stack
! 436: <li>A long standing memleak in libtls CRL handling was fixed
1.1 deraadt 437: </ul>
438:
1.9 ! inoguchi 439: <li>Internal Improvements
1.1 deraadt 440: <ul>
1.9 ! inoguchi 441: <li>Cache the SHA-512 hash instead of the SHA-1 hash and cache
! 442: notBefore and notAfter times when X.509 certificates are parsed.
! 443: <li>The X.509 lookup code has been simplified and cleaned up.
! 444: <li>Fixed numerous issues flagged by coverity and the cryptofuzz project
! 445: <li>Increased the number of Miller-Rabin checks in DH and DSA
! 446: key/parameter generation
! 447: <li>Started using the bytestring API in libcrypto for cleaner and
! 448: safer code
! 449: <li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
! 450: ASN1
! 451: <li>Convert ASN1_OBJECT_new() to calloc()
! 452: <li>Convert ASN1_STRING_type_new() to calloc()
! 453: <li>Rewrite ASN1_STRING_cmp()
! 454: <li>Use calloc() for X509_CRL_METHOD_new() instead of malloc()
! 455: <li>Convert ASN1_PCTX_new() to calloc()
! 456: <li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
! 457: <li>Consolidate {d2i,i2d}_{pr,pu}.c
! 458: <li>Remove handling of a NULL BUF_MEM from asn1_collect()
! 459: <li>Pull the recursion depth check up to the top of asn1_collect()
! 460: <li>Inline collect_data() in asn1_collect()
! 461: <li>Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
! 462: <li>Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
! 463: <li>Consolidate ASN.1 universal tag type data
! 464: <li>Rewrite ASN.1 identifier/length parsing in CBS
! 465: <li>Make OBJ_obj2nid() work correctly with NID_undef
! 466: <li>tlsext_tick_lifetime_hint is now an uint32_t
! 467: <li>Untangle ssl3_get_message() return values
! 468: <li>Rename tls13_buffer to tls_buffer
! 469: <li>Fold DTLS_STATE_INTERNAL into DTLS1_STATE
! 470: <li>Provide a way to determine our maximum legacy version
! 471: <li>Mop up enc_read_ctx and read_hash
! 472: <li>Fold SSL_SESSION_INTERNAL into SSL_SESSION
! 473: <li>Use ssl_force_want_read in the DTLS code
! 474: <li>Add record processing limit to DTLS code
! 475: <li>Add explicit CBS_contains_zero_byte() check in CBS_strdup()
! 476: <li>Improve SNI hostname validation
! 477: <li>Ensure SSL_set_tlsext_host_name() is given a valid hostname
! 478: <li>Fix a strange check in the auto DH codepath
! 479: <li>Factor out/rewrite DHE key exchange
! 480: <li>Convert server serialisation of DHE parameters/public key to new
! 481: functions
! 482: <li>Check DH public key in ssl_kex_peer_public_dhe()
! 483: <li>Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
! 484: <li>Clean up and refactor server side DHE key exchange
! 485: <li>Provide CBS_get_last_u8()
! 486: <li>Provide CBS_get_u64()
! 487: <li>Provide CBS_add_u64()
! 488: <li>Provide various CBS_peek_* functions
! 489: <li>Use CBS_get_last_u8() to find the content type in TLSv1.3 records
! 490: <li>unifdef TLS13_USE_LEGACY_CLIENT_AUTH
! 491: <li>Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
! 492: <li>Only allow zero length key shares when we know we're doing HRR
! 493: <li>Pull key share group/length CBB code up from
! 494: tls13_key_share_public()
! 495: <li>Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
! 496: validation
! 497: <li>Return 0 on failure from send/get kex functions in the legacy
! 498: stack
! 499: <li>Rename tls13_key_share to tls_key_share
! 500: <li>Allocate and free the EVP_AEAD_CTX struct in
! 501: tls13_record_protection
! 502: <li>Convert legacy TLS client to tls_key_share
! 503: <li>Convert legacy TLS server to tls_key_share
! 504: <li>Stop attempting to duplicate the public and private key of dh_tmp
! 505: <li>Rename dh_tmp to dhe_params
! 506: <li>Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
! 507: <li>Clean up pkey handling in ssl3_get_server_key_exchange()
! 508: <li>Fix GOST skip certificate verify handling
! 509: <li>Simplify tlsext_keyshare_server_parse()
! 510: <li>Plumb decode errors through key share parsing code
! 511: <li>Simplify SSL_get_peer_certificate()
! 512: <li>Cleanup/simplify ssl_cert_type()
! 513: <li>The S3I macro was removed
! 514: <li>The openssl(1) cms, smime and ts subcommands option handling was
! 515: converted and the C source was cleaned up.
1.1 deraadt 516: </ul>
517:
1.9 ! inoguchi 518: <li>Documentation improvements
1.1 deraadt 519: <ul>
1.9 ! inoguchi 520: <li>45 new manual pages, most of which were written from scratch.<br>
! 521: Documentation coverage of ASN.1 and X.509 code has been
! 522: significantly improved.
1.1 deraadt 523: </ul>
524:
1.9 ! inoguchi 525: <li>API additions and removals
1.1 deraadt 526: <ul>
1.9 ! inoguchi 527: <li>libssl
! 528: <ul>
! 529: <li>API additions
! 530: <ul>
! 531: <li>SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
! 532: </ul>
! 533: <li>API stubs for compatibility
! 534: <ul>
! 535: <li>SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets<br>
! 536: SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets<br>
! 537: SSL_get_num_tickets SSL_set_num_tickets
! 538: </ul>
! 539: </ul>
! 540: <li>libcrypto
! 541: <ul>
! 542: <li>added API (some of these were previously available as macros):
! 543: <ul>
! 544: <li>ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free<br>
! 545: ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new<br>
! 546: ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex<br>
! 547: BIO_get_init BIO_set_callback_ex BIO_set_next<br>
! 548: BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old<br>
! 549: BN_abs_is_word BN_get_flags BN_is_negative<br>
! 550: BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags<br>
! 551: BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free<br>
! 552: CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file<br>
! 553: CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free<br>
! 554: CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key<br>
! 555: CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free<br>
! 556: CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer<br>
! 557: CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time<br>
! 558: CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert<br>
! 559: CT_POLICY_EVAL_CTX_set1_issuer<br>
! 560: CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE<br>
! 561: CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key<br>
! 562: DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g<br>
! 563: DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q<br>
! 564: ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free<br>
! 565: EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst<br>
! 566: EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data<br>
! 567: EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx<br>
! 568: EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new<br>
! 569: EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup<br>
! 570: EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final<br>
! 571: EVP_MD_meth_set_flags EVP_MD_meth_set_init<br>
! 572: EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size<br>
! 573: EVP_MD_meth_set_update EVP_PKEY_asn1_set_check<br>
! 574: EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check<br>
! 575: EVP_PKEY_check EVP_PKEY_meth_set_check<br>
! 576: EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check<br>
! 577: EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode<br>
! 578: FIPS_mode_set IPAddressChoice_free IPAddressChoice_new<br>
! 579: IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free<br>
! 580: IPAddressOrRange_new IPAddressRange_free IPAddressRange_new<br>
! 581: OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id<br>
! 582: OCSP_resp_get0_produced_at OCSP_resp_get0_respdata<br>
! 583: OCSP_resp_get0_signature OCSP_resp_get0_signer<br>
! 584: OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional<br>
! 585: RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp<br>
! 586: RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q<br>
! 587: SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free<br>
! 588: SCT_get0_extensions SCT_get0_log_id SCT_get0_signature<br>
! 589: SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source<br>
! 590: SCT_get_timestamp SCT_get_validation_status SCT_get_version<br>
! 591: SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions<br>
! 592: SCT_set0_log_id SCT_set0_signature SCT_set1_extensions<br>
! 593: SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type<br>
! 594: SCT_set_signature_nid SCT_set_source SCT_set_timestamp<br>
! 595: SCT_set_version SCT_validate SCT_validation_status_string<br>
! 596: X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey<br>
! 597: X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject<br>
! 598: X509_STORE_CTX_get_num_untrusted<br>
! 599: X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify<br>
! 600: X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain<br>
! 601: X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth<br>
! 602: X509_STORE_CTX_set_verify X509_STORE_get_verify<br>
! 603: X509_STORE_get_verify_cb X509_STORE_set_verify<br>
! 604: X509_get_X509_PUBKEY X509_get_extended_key_usage<br>
! 605: X509_get_extension_flags X509_get_key_usage<br>
! 606: X509v3_addr_add_inherit X509v3_addr_add_prefix<br>
! 607: X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi<br>
! 608: X509v3_addr_get_range X509v3_addr_inherits<br>
! 609: X509v3_addr_is_canonical X509v3_addr_subset<br>
! 610: X509v3_addr_validate_path X509v3_addr_validate_resource_set<br>
! 611: X509v3_asid_add_id_or_range X509v3_asid_add_inherit<br>
! 612: X509v3_asid_canonize X509v3_asid_inherits<br>
! 613: X509v3_asid_is_canonical X509v3_asid_subset<br>
! 614: X509v3_asid_validate_path X509v3_asid_validate_resource_set<br>
! 615: d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers<br>
! 616: d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily<br>
! 617: d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST<br>
! 618: i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers<br>
! 619: i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily<br>
! 620: i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST<br>
! 621: i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT<br>
! 622: i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
! 623: </ul>
! 624: <li>removed API:
! 625: <ul>
! 626: <li>ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss<br>
! 627: EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init<br>
! 628: NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new<br>
! 629: NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free<br>
! 630: NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit<br>
! 631: PEM_SealUpdate PEM_read_X509_CERT_PAIR<br>
! 632: PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR<br>
! 633: PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free<br>
! 634: X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb<br>
! 635: asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore<br>
! 636: asn1_enc_save asn1_ex_c2i asn1_get_choice_selector<br>
! 637: asn1_get_field_ptr asn1_set_choice_selector check_defer<br>
! 638: d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY<br>
! 639: d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET<br>
! 640: d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY<br>
! 641: i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET<br>
! 642: i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer
! 643: </ul>
! 644: </ul>
1.1 deraadt 645: </ul>
646: </ul>
647:
1.4 benno 648: <li>OpenSSH version <!--- XXX --->
1.1 deraadt 649: <ul>
650: <li>Security
651: <ul>
1.4 benno 652: <li>...
1.1 deraadt 653: </ul>
654: <li>Potentially incompatible changes
655: <ul>
1.4 benno 656: <li>...
1.1 deraadt 657: </ul>
658:
659: <li>New features
660: <ul>
1.4 benno 661: <li>...
1.1 deraadt 662: </ul>
663:
664: <li>Bugfixes
665: <ul>
1.4 benno 666: <li>...
1.1 deraadt 667: </ul>
668: </ul>
669:
1.4 benno 670: <li>mandoc version <!--- XXX --->
1.1 deraadt 671: <ul>
1.4 benno 672: <li>...
1.1 deraadt 673: </ul>
674:
675: <li>Ports and packages:
676: <p>Many pre-built packages for each architecture:
677: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
678: <ul style="column-count: 3">
679: <li>aarch64: XXXX
680: <li>amd64: XXXX
681: <li>arm: XXXX
682: <li>i386: XXXX
683: <li>mips64: XXXX
684: <li>powerpc: XXXX
685: <li>powerpc64: XXXX
686: <li>riscv64: XXXX
687: <li>sparc64: XXXX
688: </ul>
689:
690: <p>Some highlights:
691: <ul style="column-count: 3">
1.5 jsg 692: <li>Asterisk 19.3.1
1.1 deraadt 693: <li>Audacity 2.4.2
694: <li>CMake 3.20.3
1.5 jsg 695: <li>Chromium 100.0.4896.75
1.1 deraadt 696: <li>Emacs 27.2
1.5 jsg 697: <li>FFmpeg 4.4.1
1.1 deraadt 698: <li>GCC 8.4.0 and 11.2.0
699: <li>GHC 8.10.6
1.5 jsg 700: <li>GNOME 41.5
701: <li>Go 1.17.7
702: <li>JDK 8u322, 11.0.14 and 17.0.2
703: <li>KDE Applications 21.12.2
704: <li>KDE Frameworks 5.91.0
705: <li>Krita 5.0.2
706: <li>LLVM/Clang 13.0.0
707: <li>LibreOffice 7.3.2.2
1.1 deraadt 708: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.5 jsg 709: <li>MariaDB 10.6.7
1.1 deraadt 710: <li>Mono 6.12.0.122
1.5 jsg 711: <li>Mozilla Firefox 99.0 and ESR 91.8.0
712: <li>Mozilla Thunderbird 91.8.0
713: <li>Mutt 2.2.2 and NeoMutt 20211029
714: <li>Node.js 16.14.2
715: <li>OCaml 4.12.1
1.1 deraadt 716: <li>OpenLDAP 2.4.59
1.5 jsg 717: <li>PHP 7.4.28, 8.0.17 and 8.1.4
718: <li>Postfix 3.5.14
719: <li>PostgreSQL 14.2
720: <li>Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4
1.1 deraadt 721: <li>Qt 5.15.2 and 6.0.4
1.5 jsg 722: <li>R 4.1.2
723: <li>Ruby 2.7.5, 3.0.3 and 3.1.1
724: <li>Rust 1.59.0
725: <li>SQLite 2.8.17 and 3.38.2
726: <li>Shotcut 21.10.31
727: <li>Sudo 1.9.10
728: <li>Suricata 6.0.4
1.1 deraadt 729: <li>Tcl/Tk 8.5.19 and 8.6.8
1.5 jsg 730: <li>TeX Live 2021
731: <li>Vim 8.2.4600 and Neovim 0.6.1
1.1 deraadt 732: <li>Xfce 4.16
733: </ul>
734: <p>
735:
736: <li>As usual, steady improvements in manual pages and other documentation.
737:
738: <li>The system includes the following major components from outside suppliers:
739: <ul>
1.5 jsg 740: <li>Xenocara (based on X.Org 7.7 with xserver 1.21.1.3 + patches,
741: freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369,
1.1 deraadt 742: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
1.5 jsg 743: <li>LLVM/Clang 13.0.0 (+ patches)
1.1 deraadt 744: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
745: <li>Perl 5.32.1 (+ patches)
1.5 jsg 746: <li>NSD 4.4.0
747: <li>Unbound 1.15.0
1.1 deraadt 748: <li>Ncurses 5.7
749: <li>Binutils 2.17 (+ patches)
750: <li>Gdb 6.3 (+ patches)
1.5 jsg 751: <li>Awk December 8, 2021 version
752: <li>Expat 2.4.7
1.1 deraadt 753: </ul>
754:
755: </ul>
756: </section>
757:
758: <hr>
759:
760: <section id=install>
761: <h3>How to install</h3>
762: <p>
763: Please refer to the following files on the mirror site for
764: extensive details on how to install OpenBSD 7.1 on your machine:
765:
766: <ul>
767: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/alpha/INSTALL.alpha">
768: .../OpenBSD/7.1/alpha/INSTALL.alpha</a>
769: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/INSTALL.amd64">
770: .../OpenBSD/7.1/amd64/INSTALL.amd64</a>
771: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/arm64/INSTALL.arm64">
772: .../OpenBSD/7.1/arm64/INSTALL.arm64</a>
773: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/armv7/INSTALL.armv7">
774: .../OpenBSD/7.1/armv7/INSTALL.armv7</a>
775: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/hppa/INSTALL.hppa">
776: .../OpenBSD/7.1/hppa/INSTALL.hppa</a>
777: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/i386/INSTALL.i386">
778: .../OpenBSD/7.1/i386/INSTALL.i386</a>
779: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/landisk/INSTALL.landisk">
780: .../OpenBSD/7.1/landisk/INSTALL.landisk</a>
781: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/luna88k/INSTALL.luna88k">
782: .../OpenBSD/7.1/luna88k/INSTALL.luna88k</a>
783: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/macppc/INSTALL.macppc">
784: .../OpenBSD/7.1/macppc/INSTALL.macppc</a>
785: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/octeon/INSTALL.octeon">
786: .../OpenBSD/7.1/octeon/INSTALL.octeon</a>
787: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/powerpc64/INSTALL.powerpc64">
788: .../OpenBSD/7.1/powerpc64/INSTALL.powerpc64</a>
789: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/riscv64/INSTALL.riscv64">
790: .../OpenBSD/7.1/riscv64/INSTALL.riscv64</a>
791: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/sparc64/INSTALL.sparc64">
792: .../OpenBSD/7.1/sparc64/INSTALL.sparc64</a>
793: </ul>
794: </section>
795:
796: <hr>
797:
798: <section id=quickinstall>
799: <p>
800: Quick installer information for people familiar with OpenBSD, and the use of
801: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
802: If you are at all confused when installing OpenBSD, read the relevant
803: INSTALL.* file as listed above!
804:
805: <h3>OpenBSD/alpha:</h3>
806:
807: <p>
808: If your machine can boot from CD, you can write <i>install71.iso</i> or
809: <i>cd71.iso</i> to a CD and boot from it.
810: Refer to INSTALL.alpha for more details.
811:
812: <h3>OpenBSD/amd64:</h3>
813:
814: <p>
815: If your machine can boot from CD, you can write <i>install71.iso</i> or
816: <i>cd71.iso</i> to a CD and boot from it.
817: You may need to adjust your BIOS options first.
818:
819: <p>
820: If your machine can boot from USB, you can write <i>install71.img</i> or
821: <i>miniroot71.img</i> to a USB stick and boot from it.
822:
823: <p>
824: If you can't boot from a CD, floppy disk, or USB,
825: you can install across the network using PXE as described in the included
826: INSTALL.amd64 document.
827:
828: <p>
829: If you are planning to dual boot OpenBSD with another OS, you will need to
830: read INSTALL.amd64.
831:
832: <h3>OpenBSD/arm64:</h3>
833:
834: <p>
835: Write <i>install71.img</i> or <i>miniroot71.img</i> to a disk and boot from it
836: after connecting to the serial console. Refer to INSTALL.arm64 for more
837: details.
838:
839: <h3>OpenBSD/armv7:</h3>
840:
841: <p>
842: Write a system specific miniroot to an SD card and boot from it after connecting
843: to the serial console. Refer to INSTALL.armv7 for more details.
844:
845: <h3>OpenBSD/hppa:</h3>
846:
847: <p>
848: Boot over the network by following the instructions in INSTALL.hppa or the
849: <a href="hppa.html#install">hppa platform page</a>.
850:
851: <h3>OpenBSD/i386:</h3>
852:
853: <p>
854: If your machine can boot from CD, you can write <i>install71.iso</i> or
855: <i>cd71.iso</i> to a CD and boot from it.
856: You may need to adjust your BIOS options first.
857:
858: <p>
859: If your machine can boot from USB, you can write <i>install71.img</i> or
860: <i>miniroot71.img</i> to a USB stick and boot from it.
861:
862: <p>
863: If you can't boot from a CD, floppy disk, or USB,
864: you can install across the network using PXE as described in
865: the included INSTALL.i386 document.
866:
867: <p>
868: If you are planning on dual booting OpenBSD with another OS, you will need to
869: read INSTALL.i386.
870:
871: <h3>OpenBSD/landisk:</h3>
872:
873: <p>
874: Write <i>miniroot71.img</i> to the start of the CF
875: or disk, and boot normally.
876:
877: <h3>OpenBSD/luna88k:</h3>
878:
879: <p>
880: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
881: from the PROM, and then bsd.rd from the bootloader.
882: Refer to the instructions in INSTALL.luna88k for more details.
883:
884: <h3>OpenBSD/macppc:</h3>
885:
886: <p>
887: Burn the image from a mirror site to a CDROM, and power on your machine
888: while holding down the <i>C</i> key until the display turns on and
889: shows <i>OpenBSD/macppc boot</i>.
890:
891: <p>
892: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
893: /7.1/macppc/bsd.rd</i>
894:
895: <h3>OpenBSD/octeon:</h3>
896:
897: <p>
898: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
899: Refer to the instructions in INSTALL.octeon for more details.
900:
901: <h3>OpenBSD/powerpc64:</h3>
902:
903: <p>
904: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
905: USB stick, plug it into the machine and choose the <i>OpenBSD
906: install</i> menu item in Petitboot.
907: Refer to the instructions in INSTALL.powerpc64 for more details.
908:
909: <h3>OpenBSD/riscv64:</h3>
910:
911: <p>
912: To install, write <i>install71.img</i> or <i>miniroot71.img</i> to a
913: USB stick, and boot with that drive plugged in.
914: Make sure you also have the microSD card plugged in that shipped with the
915: HiFive Unmatched board.
916: Refer to the instructions in INSTALL.riscv64 for more details.
917:
918: <h3>OpenBSD/sparc64:</h3>
919:
920: <p>
921: Burn the image from a mirror site to a CDROM, boot from it, and type
922: <i>boot cdrom</i>.
923:
924: <p>
925: If this doesn't work, or if you don't have a CDROM drive, you can write
926: <i>floppy71.img</i> or <i>floppyB71.img</i>
927: (depending on your machine) to a floppy and boot it with <i>boot
928: floppy</i>. Refer to INSTALL.sparc64 for details.
929:
930: <p>
931: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
932: will most likely fail.
933:
934: <p>
935: You can also write <i>miniroot71.img</i> to the swap partition on
936: the disk and boot with <i>boot disk:b</i>.
937:
938: <p>
939: If nothing works, you can boot over the network as described in INSTALL.sparc64.
940: </section>
941:
942: <hr>
943:
944: <section id=upgrade>
945: <h3>How to upgrade</h3>
946: <p>
1.6 tj 947: If you already have an OpenBSD 7.0 system, and do not want to reinstall,
1.1 deraadt 948: upgrade instructions and advice can be found in the
949: <a href="faq/upgrade71.html">Upgrade Guide</a>.
950: </section>
951:
952: <hr>
953:
954: <section id=sourcecode>
955: <h3>Notes about the source code</h3>
956: <p>
957: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
958: This file contains everything you need except for the kernel sources,
959: which are in a separate archive.
960: To extract:
961: <blockquote><pre>
962: # <kbd>mkdir -p /usr/src</kbd>
963: # <kbd>cd /usr/src</kbd>
964: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
965: </pre></blockquote>
966: <p>
967: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
968: This file contains all the kernel sources you need to rebuild kernels.
969: To extract:
970: <blockquote><pre>
971: # <kbd>mkdir -p /usr/src/sys</kbd>
972: # <kbd>cd /usr/src</kbd>
973: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
974: </pre></blockquote>
975: <p>
976: Both of these trees are a regular CVS checkout. Using these trees it
977: is possible to get a head-start on using the anoncvs servers as
978: described <a href="anoncvs.html">here</a>.
979: Using these files
980: results in a much faster initial CVS update than you could expect from
981: a fresh checkout of the full OpenBSD source tree.
982: </section>
983:
984: <hr>
985:
986: <section id=ports>
987: <h3>Ports Tree</h3>
988: <p>
989: A ports tree archive is also provided. To extract:
990: <blockquote><pre>
991: # <kbd>cd /usr</kbd>
992: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
993: </pre></blockquote>
994: <p>
995: Go read the <a href="faq/ports/index.html">ports</a> page
996: if you know nothing about ports
997: at this point. This text is not a manual of how to use ports.
998: Rather, it is a set of notes meant to kickstart the user on the
999: OpenBSD ports system.
1000: <p>
1001: The <i>ports/</i> directory represents a CVS checkout of our ports.
1002: As with our complete source tree, our ports tree is available via
1003: <a href="anoncvs.html">AnonCVS</a>.
1004: So, in order to keep up to date with the -stable branch, you must make
1005: the <i>ports/</i> tree available on a read-write medium and update the tree
1006: with a command like:
1007: <blockquote><pre>
1008: # <kbd>cd /usr/ports</kbd>
1009: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_1</kbd>
1010: </pre></blockquote>
1011: <p>
1012: [Of course, you must replace the server name here with a nearby anoncvs
1013: server.]
1014: <p>
1015: Note that most ports are available as packages on our mirrors. Updated
1016: ports for the 7.1 release will be made available if problems arise.
1017: <p>
1018: If you're interested in seeing a port added, would like to help out, or just
1019: would like to know more, the mailing list
1020: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1021: </section>