version 1.43, 2022/10/02 09:43:24 |
version 1.44, 2022/10/02 19:48:50 |
|
|
<li>Added support for Apple M2 |
<li>Added support for Apple M2 |
<li>Added support for Lenovo ThinkPad x13s and other machines using |
<li>Added support for Lenovo ThinkPad x13s and other machines using |
the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC. |
the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC. |
<li>... |
|
</ul> |
</ul> |
|
|
<li>Various kernel improvements: |
<li>Various kernel improvements: |
|
|
<li>Added support for switching from glass console to serial console |
<li>Added support for switching from glass console to serial console |
on arm64 systems that default to glass console. |
on arm64 systems that default to glass console. |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows |
IGMP and ICMP6 MLD packets with router alert option. |
IGMP and ICMP6 MLD packets with router alert option. |
Special allow-opts rules are no longer needed for multicast |
Special allow-opts rules are no longer needed for multicast |
discovery. |
discovery. |
<li>Fixed a <a href="https://man.openbsd.org/pf.4">pf(4)</a> NULL |
<li>Fixed a <a href="https://man.openbsd.org/pf.4">pf(4)</a> NULL |
dereference panic triggered by <a |
dereference panic triggered by <a |
href="https://man.openbsd.org/relayd.8">relayd(8)</a>. |
href="https://man.openbsd.org/relayd.8">relayd(8)</a>. |
|
|
href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
href="https://man.openbsd.org/ddb.4">ddb(4)</a>. |
<li>Added a "show swap" command to <a |
<li>Added a "show swap" command to <a |
href="https://man.openbsd.org/ddb.4">ddb(4)</a> to help debugging. |
href="https://man.openbsd.org/ddb.4">ddb(4)</a> to help debugging. |
|
|
|
|
<li>Count dropped network packets due to low memory in |
<li>Count dropped network packets due to low memory in |
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>. |
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>. |
<li>Simplified machine command handling in <a |
<li>Simplified machine command handling in <a |
|
|
href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> wakeup, found by |
href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> wakeup, found by |
a Go testcase hang. |
a Go testcase hang. |
<li>Bumped the maximum number of supported CPUs to 256 on arm64. |
<li>Bumped the maximum number of supported CPUs to 256 on arm64. |
|
<!-- XXX should the following be here (swapper, pmem...) or maybe one entry describing them together? --> |
<!-- XXX should the following be here (swapper, pmem...) or maybe one entry describing them together? --> |
|
<li>Ensure uvm_swap_io() can succeed, even in out of memory |
<li>Ensure uvm_swap_io() can succeed, even in out of memory |
situations, by reserving a second segment for the page daemon. |
situations, by reserving a second segment for the page daemon. |
<li>Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region. |
<li>Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region. |
|
|
returning an error. Previously an error could be returned to the fault |
returning an error. Previously an error could be returned to the fault |
handler which would result in processes dying when a system was under |
handler which would result in processes dying when a system was under |
a lot of memory pressure. |
a lot of memory pressure. |
|
<!-- ... up to here --> |
|
|
<li>Added support for using non-standard UARTs (such as the Synopsys |
<li>Added support for using non-standard UARTs (such as the Synopsys |
DesignWare UART) as an early console. |
DesignWare UART) as an early console. |
|
|
<li>Remove NexGen CPU identification code as the kernel cannot run on these CPUs anyway. |
<li>Remove NexGen CPU identification code as the kernel cannot run on these CPUs anyway. |
<li>Remove Rise CPU identification code. |
<li>Remove Rise CPU identification code. |
<li>Dropped detection code for 386sx/386dx CPUs. OpenBSD/i386 hasn't |
<li>Dropped detection code for 386sx/386dx CPUs. OpenBSD/i386 hasn't |
actually supported running on either for some time. |
actually supported running on either for some time. |
<li>Dropped detection code for Cyrix CPUs older than the Cyrix M2. |
<li>Dropped detection code for Cyrix CPUs older than the Cyrix M2. |
|
|
<li>Implemented the fundamentals for suspend/resume on arm64. |
<li>Implemented the fundamentals for suspend/resume on arm64. |
<li>Simplified TSC synchronization testing on amd64. |
<li>Simplified TSC synchronization testing on amd64. |
|
|
<li>Corrected sparc64 ofwboot to default to the <a |
<li>Corrected sparc64 ofwboot to default to the <a |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volume on the |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volume on the |
boot device to make root on softraid work out of the box on sparc64 |
boot device to make root on softraid work out of the box on sparc64 |
|
|
<li>Added support for booting from RAID 1C <a |
<li>Added support for booting from RAID 1C <a |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volumes on |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volumes on |
amd64, sparc64 and arm64. |
amd64, sparc64 and arm64. |
|
|
<li>Removed the obsolete kern.nselcoll <a |
<li>Removed the obsolete kern.nselcoll <a |
href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>. |
href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>. |
<li>Changed mips64, octeon, and loongson to trigger deferred clock |
<li>Changed mips64, octeon, and loongson to trigger deferred clock |
|
|
switching between them depending on their quality properties. This |
switching between them depending on their quality properties. This |
improves how timers backing <a |
improves how timers backing <a |
href="https://man.openbsd.org/delay.9">delay(9)</a> are managed. |
href="https://man.openbsd.org/delay.9">delay(9)</a> are managed. |
|
|
</ul> |
</ul> |
|
|
<li>SMP Improvements |
<li>SMP Improvements |
|
|
<li>Made <a href="https://man.openbsd.org/unix.4">unix(4)</a> domain |
<li>Made <a href="https://man.openbsd.org/unix.4">unix(4)</a> domain |
sockets locking per-socket rather than coarse locking of the entire |
sockets locking per-socket rather than coarse locking of the entire |
domain sockets layer. |
domain sockets layer. |
|
|
<li>... |
|
</ul> |
</ul> |
|
|
<li>Direct Rendering Manager and graphics drivers |
<li>Direct Rendering Manager and graphics drivers |
|
|
<li>Added forest (-f) mode to <a |
<li>Added forest (-f) mode to <a |
href="https://man.openbsd.org/ps.1">ps(1)</a>. |
href="https://man.openbsd.org/ps.1">ps(1)</a>. |
<li>Sped up <a href="https://man.openbsd.org/wc.1">wc(1)</a> word counting. |
<li>Sped up <a href="https://man.openbsd.org/wc.1">wc(1)</a> word counting. |
|
|
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
out of the UNDEFINED state. |
out of the UNDEFINED state. |
<li>Added Wacom One S (CTL-472) support to <a |
<li>Added Wacom One S (CTL-472) support to <a |
href="https://man.openbsd.org/uwacom.4">uwacom(4)</a>. |
href="https://man.openbsd.org/uwacom.4">uwacom(4)</a>. |
|
|
</ul> |
</ul> |
|
|
<li>New or improved network hardware support: |
<li>New or improved network hardware support: |
<ul> |
<ul> |
|
|
<li>Increased rx buffer size on <a |
<li>Increased rx buffer size on <a |
href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB. |
href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB. |
<li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
<li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
|
|
<li>Fixed integer overflows in the <a |
<li>Fixed integer overflows in the <a |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a |
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware file parsers. |
href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware file parsers. |
|
|
</ul> |
</ul> |
|
|
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
<li>IEEE 802.11 wireless stack improvements and bugfixes: |
|
|
<li>Added support for wildcards in <a |
<li>Added support for wildcards in <a |
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> patterns. |
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> patterns. |
|
|
<!-- XXX no idea where to put bootblock stuff --> |
<!-- XXX no idea where to put bootblock stuff --> |
<li>Added NFS client support to the luna88k RAMDISK kernel. |
<li>Added NFS client support to the luna88k RAMDISK kernel. |
<li>Made the EFI bootloader provide the extra parameters necessary to |
<li>Made the EFI bootloader provide the extra parameters necessary to |
use non-standard UARTs on the AMD Ryzen Embedded V1000 SoCs as console. |
use non-standard UARTs on the AMD Ryzen Embedded V1000 SoCs as console. |
<li>Switched bootloaders to the extended BOOTARG_CONSDEV struct. |
<li>Switched bootloaders to the extended BOOTARG_CONSDEV struct. |
<li>Added UFS2 support to landisk boot blocks. |
<li>Added UFS2 support to landisk boot blocks. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
|
|
dynamically linked to allow them to benefit from all the additional |
dynamically linked to allow them to benefit from all the additional |
mitigations that dynamically linked executables gain. NFS mounting of |
mitigations that dynamically linked executables gain. NFS mounting of |
/usr must now use statically configured IP addresses. |
/usr must now use statically configured IP addresses. |
|
|
</ul> |
</ul> |
|
|
<li>Changes in the network stack: |
<li>Changes in the network stack: |
<ul> |
<ul> |
|
<li>Added the <a |
|
href="https://man.openbsd.org/recvmmsg.2">recvmmsg(2)</a> system call |
|
that allows receiving multiple msghdrs at once, and the <a |
|
href="https://man.openbsd.org/sendmmsg.2">sendmmsg</a> syscall that |
|
allows sending multiple msghdrs at once. |
<li>Relaxed address availability check for <a |
<li>Relaxed address availability check for <a |
href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so |
href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so |
processes listening for the same multicast address do not need to be |
processes listening for the same multicast address do not need to be |
|
|
where a pool defined like "172.16.0.0/16" would count as a pool size |
where a pool defined like "172.16.0.0/16" would count as a pool size |
of one address. Also fixed random selection of source address to be |
of one address. Also fixed random selection of source address to be |
uniform across the whole pool. |
uniform across the whole pool. |
|
<li>Fixed a kernel panic in <a |
|
href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an |
|
ICMP payload were truncated. Such packets will now be dropped instead. |
<li>Allow forwarding to and from IPs in the 240/4 range. |
<li>Allow forwarding to and from IPs in the 240/4 range. |
<li>Corrected the Virtual Ethernet Bridge <a |
<li>Corrected the Virtual Ethernet Bridge <a |
href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling |
href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling |
if_enqueue from an smr critical section. |
if_enqueue from an smr critical section. |
<li>Fixed a kernel panic in <a |
<li>Reworked the kroute rttimer code to fix icmp_pmtu_timeout crashes. |
href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an |
|
ICMP payload were truncated. Such packets will now be dropped instead. |
|
<li>Reworked the rttimer code to fix icmp_pmtu_timeout crashes. |
|
<li>Fixed an interrupt storm upon suspend on Amlogic arm64 boards. |
<li>Fixed an interrupt storm upon suspend on Amlogic arm64 boards. |
|
|
<li>Fixed a race between pflow_output_process() and |
<li>Fixed a race between pflow_output_process() and |
pflow_clone_destroy() in <a |
pflow_clone_destroy() in <a |
href="https://man.openbsd.org/pflow.4">pflow(4)</a>. |
href="https://man.openbsd.org/pflow.4">pflow(4)</a>. |
<li>Added a missing input validation step to <a |
<li>Added a missing input validation step to <a |
href="https://man.openbsd.org/pipex.4">pipex(4)</a> mppe keylenbits. |
href="https://man.openbsd.org/pipex.4">pipex(4)</a> mppe keylenbits. |
<li>Added the <a |
</ul> |
href="https://man.openbsd.org/recvmmsg.2">recvmmsg(2)</a> system call |
|
that allows receiving multiple msghdrs at once. |
|
|
|
</ul> |
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>IPsec support was improved: |
<li>IPsec support was improved: |
|
|
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
connection statistics for successful and failed connections, error |
connection statistics for successful and failed connections, error |
types, and other events that can be printed with "ikectl show stats". |
types, and other events that can be printed with "ikectl show stats". |
|
|
</ul> |
</ul> |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<ul> |
<ul> |
|
|
<li>Made sure only one <a |
<li>Made sure only one <a |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa softreconfig |
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa softreconfig |
runner is run at any time. |
runner is run at any time. |
|
|
</ul> |
</ul> |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
<ul> |
<ul> |
|
|
<li>Add support for validating Autonomous System Provider Authorization |
<li>Add support for validating Autonomous System Provider Authorization |
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10. |
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10. |
Validated ASPA payloads are visible in JSON and filemode (-f) output. |
Validated ASPA payloads are visible in JSON and filemode (-f) output. |
<li>Set rsync connection I/O idle timeout to 15 seconds. |
<li>Set <a href="https://man.openbsd.org/openrsync.1">rsync(1)</a> connection I/O idle timeout to 15 seconds. |
<li>Unify the maximum idle I/O and connect timeouts for rsync & HTTPS. |
<li>Unify the maximum idle I/O and connect timeouts for <a href="https://man.openbsd.org/openrsync.1">rsync(1)</a> & HTTPS. |
<li>rpki-client now performs stricter EE certificate validation: |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> now performs stricter EE certificate validation: |
<ul> |
<ul> |
<li>Disallow AS Resources extensions in ROA EE certificates. |
<li>Disallow AS Resources extensions in ROA EE certificates. |
<li>Disallow Subject Information Access (SIA) extensions in RPKI |
<li>Disallow Subject Information Access (SIA) extensions in RPKI |
|
|
<li>Improve compliance with the HTTP protocol specification. |
<li>Improve compliance with the HTTP protocol specification. |
</ul> |
</ul> |
|
|
<li>In <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, |
|
match password schemas case sensitive. |
|
|
|
<li>In <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, |
<ul> |
<ul> |
<li>Allow object names to be used in addition to OIDs in |
<li>Allow object names to be used in addition to OIDs in |
|
|
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> metrics. |
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> metrics. |
</ul> |
</ul> |
|
|
|
<li>In <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, |
|
match password schemas case sensitive. |
<li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>, |
<li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>, |
relax the limitations on what is an acceptable unicast IP. There are no |
relax the limitations on what is an acceptable unicast IP. There are no |
more experiments in IPv4 and so there is less reason for network |
more experiments in IPv4 and so there is less reason for network |
|
|
instead of <a href="https://man.openbsd.org/alarm.3">alarm(3)</a>. |
instead of <a href="https://man.openbsd.org/alarm.3">alarm(3)</a>. |
This allows failing over to another IP address for hosts that have |
This allows failing over to another IP address for hosts that have |
more than one. |
more than one. |
|
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
|
|
href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> window |
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> window |
size reporting. |
size reporting. |
|
|
</ul> |
</ul> |
|
|
<li>LibreSSL version 3.6.0 |
<li>LibreSSL version 3.6.0 |