Annotation of www/72.html, Revision 1.16
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <head>
4: <meta charset=utf-8>
5:
6: <title>OpenBSD 7.2</title>
7: <meta name="description" content="OpenBSD 7.2">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/72.html">
11: </head><body>
12: <h2 id=OpenBSD>
13: <a href="index.html">
14: <i>Open</i><b>BSD</b></a>
15: 7.2
16: </h2>
17:
18: <table>
19: <tr>
20: <td>
21: <a href="images/XXX.png">
22: <img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
23: <td>
24: Released Oct 20, 2022. (53rd OpenBSD release)<br>
25: Copyright 1997-2022, Theo de Raadt.<br>
26: <br>
27: Artwork by Luc Houweling.
28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/7.2/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata72.html">the 7.2 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus72.html">detailed log of changes</a> between the
37: 7.1 and 7.2 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-72-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/openbsd-72-base.pub">
47: RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo
48: <tr><td>
49: openbsd-72-fw.pub:
50: <td>
51: RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4
52: <tr><td>
53: openbsd-72-pkg.pub:
54: <td>
55: RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0
56: <tr><td>
57: openbsd-72-syspatch.pub:
58: <td>
59: RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 7.2.
74: For a comprehensive list, see the <a href="plus72.html">changelog</a> leading
75: to 7.2.
76:
77: <ul>
78:
79: <li>New/extended platforms:
80: <ul>
1.4 jsg 81: <li>Added support for Ampere Altra
82: <li>Added support for Apple M2
83: <li>Added support for Qualcomm Snapdragon 8cx Gen 3 (SC8280XP)
1.1 deraadt 84: <li>...
85: </ul>
86:
87: <li>Various kernel improvements:
88: <ul>
1.12 benno 89: <li>Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.
90: <li>Added support for switching from glass console to serial console
91: on arm64 systems that default to glass console.
1.16 ! jsg 92: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows
! 93: IGMP and ICMP6 MLD packets with router alert option.
1.9 bluhm 94: Special allow-opts rules are no longer needed for multicast
95: discovery.
1.16 ! jsg 96: <li>Implement "show all routes" to print routing tables in
! 97: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
! 98: <li>Count dropped network packets due to low memory in
! 99: <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
1.12 benno 100: <li>Simplified machine command handling in <a
101: href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
102: <li>Changed to a simpler formula to calculate a default kern.maxthread
103: value: 2*NPROCESS.
104: <li>Enabled <a href="https://man.openbsd.org/kstat.4">kstat(4)</a>, a
105: device that exports kernel statistics that can be read by <a
106: href="https://man.openbsd.org/kstat.4">kstat(4)</a>.
1.13 benno 107: <li>Added cpu frequency sensors for each core on CPUs that have MPERF/APERF support.
1.14 benno 108: <li>Merged the UVM swap-backed and object-backed inactive page lists.
109: <li>Fixed <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a>
110: implementation to be fair to writers. Previously, readers could grab
111: the lock even if writers were waiting first.
112: <li>Made the CPU frequency scaling duration relative to the load
113: when in automatic mode on battery.
114: <li>Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules
115: installed in arbitrary slots.
1.1 deraadt 116: </ul>
117:
118: <li>SMP Improvements
119: <ul>
1.9 bluhm 120: <li>Make route timer MP safe and use pool rttmr.
121: <li>Use kernel lock to protect parts of ARP, ND6 and PPPoE that
122: are not MP safe.
123: Lookup of existing ARP entry is MP safe and can run in parallel.
124: <li>Start up to 4 softnet tasks to run IP input and forwarding
125: in parallel on multiple cores.
126: <li>Run IPv4 packet reassembly in parallel.
127: <li>Run IPv6 hop-by-hop options processing in parallel.
128: <li>Add a mutex to rate limiting functions to make them MP safe.
129: <li>Introduce mutex and reference counter for internet protocol
130: control block.
131: <li>Protect UDP, raw IP, and divert packet input routines
132: with a per socket mutex.
1.16 ! jsg 133: <li>Protect <a href="https://man.openbsd.org/recv.2">recv(2)</a> system call
! 134: for UDP and raw IP packets with a per socket mutex and shared netlock.
1.9 bluhm 135: Allows to receive packets while forwarding in parallel.
136: <li>Protect multicast deliver loop for UDP and raw IP sockets with rwlock.
1.13 benno 137: <li>Only grab netlock in IGMP and MLD timer when necessary.
1.9 bluhm 138: <li>TCP slow timer runs without netlock.
139: <li>Rework rwlock so that a writer will get the lock eventually.
140: Readers cannot share the lock forever.
141: This prevents starvation of the writer.
142: <li>Run interface media ioctl with shared netlock so packets
1.16 ! jsg 143: can be processed while running
! 144: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
! 145: <li><a href="https://man.openbsd.org/btrace.8">btrace(8)</a> can be used
! 146: to debug reference counting.
1.9 bluhm 147: <li>Use MP safe refcount for interface addresses.
1.1 deraadt 148: <li>...
149: </ul>
150:
1.13 benno 151: <li>Direct Rendering Manager and graphics drivers
1.1 deraadt 152: <ul>
1.5 jsg 153: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
154: to Linux 5.15.69
155: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
156: support for Alder Lake, Raptor Lake
1.13 benno 157: <li>Reimplemented the page allocation code using <a
158: href="https://man.openbsd.org/bus_dma.9">bus_dma(9)</a> APIs to make
159: sure DMA addresses are translated properly on architectures with an
160: IOMMU. This fixed <a
161: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a
162: href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> on
163: powerpc, sparc64, and arm64 machines.
1.1 deraadt 164: </ul>
165:
166: <li>VMM/VMD improvements
167: <ul>
1.11 benno 168: <li>Improved error handling and logging in <a
169: href="https://man.openbsd.org/vmd.8">vmd(8)</a>
170: <li>Unify all internal structures and interfaces between <a
171: href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a
172: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a
173: href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for
1.13 benno 174: memory and disk sizes.
1.11 benno 175: <li>fix rebooting a received vm in <a
176: href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
177: <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide
178: a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
179: it there.
180: <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by
181: one in vm memory range check.
182: <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add
183: support for mmio assist. In <a
184: href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port io
185: emulation to userland.
186: <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute
187: i8254 read-back command latch from singular timestamp.
188: <li>Improve the command line parsing in <a
189: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
190: <li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow
191: reading MSR_TSC on Intel hosts.
192: <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference
193: count vm's and vcpu's.
194: <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero
195: virtual addresses of vcpu state pages after freeing.
196: <li>Fix `vmctl send` on Intel hosts by load the vmcs before reading
197: vcpu registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
198: <li>Fix `vmctl receive` on Intel hosts by adding an additional fault
199: type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
200: <li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a>
201: tracepoints in various <a
202: href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths.
1.1 deraadt 203: </ul>
204:
205: <li>Various new userland features:
206: <ul>
1.12 benno 207: <li>Added <a href="https://man.openbsd.org/kstat.1">kstat(1)</a>, a
208: utility to display kernel statistics collected by <a
209: href="https://man.openbsd.org/kstat.4">kstat(4)</a>.
1.14 benno 210: <li>Replaced <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>
211: $rcexec variable with an rc_exec function. <em>This will require a
212: mechanical change from <code>${rcexec}</code> to <code>rc_exec</code>
213: in rc.d scripts.</em> Kept compatibility to give people a chance to
214: fix their custom scripts.
1.1 deraadt 215: </ul>
216:
217: <li>Various bugfixes and tweaks in userland:
218: <ul>
1.12 benno 219: <li>Changed <a href="https://man.openbsd.org/compress">compress(1)</a>
220: to print a more accurate message when -v is used with -k.
221: <li>Fixed <a href="https://man.openbsd.org/openrsync">openrsync(1)</a>
222: on sparc64 by eliminating a redundant second conversion of the int
223: value from little to host endian.
224: <li>Made use of the fact that repositories are unique objects in <a
225: href="https://man.openbsd.org/pkg_add">pkg_add(1)</a> and annotated
226: the quirks repository as cached, allowing for a large speed increase.
1.14 benno 227: <li>Enabled <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> caching by default.
1.12 benno 228: <li>Fixed <a href="https://man.openbsd.org/kbd.8">kbd(8)</a> so it
229: doesn't fail silently when executed by a regular user.
1.13 benno 230: <li>Prevented a crash in <a
231: href="https://man.openbsd.org/vi">vi(1)</a> when cursor key support is disabled.
232: <li>Updated <a href="https://man.openbsd.org/vi">vi(1)</a> to apply
233: expandtab to the output of a ! command.
234: <li>Added missing uuid_dec_le() to init_fp() so <a
235: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A works on
236: big-endian architectures.
1.14 benno 237: <li>Aligned <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
238: logic with that used in the kernel to allow the protective EFI GPT
239: partition to be in MBR partitions 0-3, not just 0.
240: <li>Prevented use of "-u" when <a
241: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> is operating on
242: GPT formatted disks.
243: <li>Stopped telling <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> that macppc HAS_MBR.
244:
245:
246: <li>In the <i>sndio</i> library, added the function <a
247: href="https://man.openbsd.org/sio_flush.3">sio_flush(3)</a> to stop
248: playback immediately. Altered <a
249: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to wait until
250: the buffer is drained before closing the device.
251: <li>Installed useful <a
252: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts in
253: /usr/share/btrace.
254: <li>Made <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> use a
255: much safer FD-passing idiom for updating <a
256: href="https://man.openbsd.org/utmp.5">utmp(5)</a>.
257: <li>Made <a href="https://man.openbsd.org/mg.1">mg(1)</a>
258: automatically delete trailing whitespace on RET in c-mode and
259: auto-indent-mode.
260:
1.1 deraadt 261: </ul>
262:
263: <li>Improved hardware support and driver bugfixes, including:
264: <ul>
1.7 jsg 265: <li>New <a href="https://man.openbsd.org/arm64/aplaudio.4">aplaudio(4)</a>
266: driver for Apple audio subsystem.
267: <li>New <a href="https://man.openbsd.org/arm64/aplmca.4">aplmca(4)</a>
268: driver for Apple MCA controller.
269: <li>New <a href="https://man.openbsd.org/arm64/aplsart.4">aplsart(4)</a>
270: driver for Apple SART address filter.
271: <li>New alpdc, apldchidev, apldckbd, apldcms, and aplrtk drivers for
272: keyboard and trackpad on Apple M2 laptops.
273: <li>New <a href="https://man.openbsd.org/arm64/qcgpio.4">qcgpio(4)</a>
274: driver for Qualcomm Snapdragon GPIO controller.
275: <li>New <a href="https://man.openbsd.org/arm64/qciic.4">qciic(4)</a>
276: driver for Qualcomm Snapdragon GENI I2C controller.
277: <li>New <a href="https://man.openbsd.org/riscv64/sfgpio.4">sfgpio(4)</a>
278: driver for SiFive GPIO controller.
279: <li>New <a href="https://man.openbsd.org/riscv64/stfclock.4">stfclock(4)</a>
280: driver for StarFive JH7100 clock controller.
281: <li>New <a href="https://man.openbsd.org/riscv64/stfpinctrl.4">stfpinctrl(4)</a>
282: driver for StarFive JH7100 pin configuration.
283: <li>New stftemp
284: driver for StarFive JH7100 temperature sensor.
285: <li>New <a href="https://man.openbsd.org/sxirintc.4">sxirintc(4)</a>
286: driver for Allwinner wakeup interrupt controller.
287: <li>New gpiorestart
288: driver for system reset via GPIO pin.
1.12 benno 289: <li>Added support for more power sensors to <a
290: href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
1.14 benno 291: <li>Added support for the <a
292: href="https://man.openbsd.org/ehci.4">ehci(4)</a> controller on
293: marvell 3720 boards.
1.12 benno 294:
1.1 deraadt 295: </ul>
296:
297: <li>New or improved network hardware support:
298: <ul>
1.6 mbuhl 299: <li>Enabled checksum offloads in <a href="https://man.openbsd.org/igc.4"
300: >igc(4)</a>.
1.13 benno 301: <li>Extended <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a> to show CCD temperatures if available.
1.1 deraadt 302: </ul>
303:
304: <li>Added or improved wireless network drivers:
305: <ul>
1.12 benno 306: <li>Made device matching in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> more similar to linux iwlwifi.
1.14 benno 307: <li>Added support for AX210/AX211 devices to <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
308: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> setting
309: of HT/VHT bits in rate flags of the Tx command that could cause a
310: firmware panic.
1.13 benno 311: <li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a> hardware vlan tagging.
312: <li>Updated various wireless drivers to use <a href="https://man.openbsd.org/memset.3">memset(3)</a> to initialize ieee80211_rxinfo struct properly.
313: <li>Increased rx buffer size on <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB.
314:
1.1 deraadt 315: </ul>
316:
317: <li>IEEE 802.11 wireless stack improvements and bugfixes:
318: <ul>
319: <li>...
320: </ul>
321:
322: <li>Installer and upgrade improvements:
323: <ul>
1.14 benno 324: <li>Fixed the watchdog in the installer so that the watchdog is reset
325: after each download and each set installation.
1.1 deraadt 326: </ul>
327:
328: <li>Security improvements:
329: <ul>
330: <li>...
331: </ul>
332:
1.12 benno 333: <li>Changes in the network stack:
334: <ul>
1.13 benno 335: <li>Relaxed address availability check for <a
336: href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so
337: processes listening for the same multicast address do not need to be
338: the same UID.
339: <li>Introduced dedicated link entries for snapshots to <a
340: href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>.
1.14 benno 341: <li>Changed <a href="https://man.openbsd.org/pf.4">pf(4)</a> handling
342: of IGMP and ICMP6 MLD packets to allow multicast control packets to
343: work by default.
344: <li>Made <a href="https://man.openbsd.org/pf.4">pf(4)</a> more paranoid about IGMP/MKP messages.
345: <li>Allow forwarding to and from IPs in the 240/4 range.
346: <li>Corrected the virtual ethernet bridge <a
347: href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling
348: if_enqueue from an smr critical section.
349: <li>Fixed a kernel panic in <a
350: href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an
351: ICMP payload were truncated. Such packets will now be dropped instead.
1.12 benno 352: </ul>
353:
1.1 deraadt 354: <li>Routing daemons and other userland network improvements:
355: <ul>
1.11 benno 356: <li>IPsec support was improved:
357: <ul>
358: </ul>
359: <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
360: <ul>
361: <li>Implement max-communities filter to limit the number of allowed
362: communities, ext-communities and large-communities.
363: <li>Fix insertion of additional non-transitive extended communities when
364: sending out prefixes.
365: <li>Relax IP address limitation by allowing prefixes in 240/4.
366: <li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
367: in UPDATE and OPEN Messages.
368: <li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
369: <li>Improve FIB code, handle IPv6 scoped addresses properly.
370: <li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>,
371: a fastcgi server providing a REST API of bgpctl.
1.16 ! jsg 372: <li>Bugfix: <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> could
! 373: fail to invalidate nexthops and incorrectly leave them in the FIB or
! 374: Adj-RIB-Out.
1.11 benno 375: <li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>
376: <code>show rib 10/8 or-longer</code> and <code>show rib 10/8
377: or-shorter</code>
378: <li>Switch various static hash tables to RB trees improving
379: performance on large systems
380: <li>Export per neighbor pending update and withdraw statistics
381: <li>Fix race between a neighbor session reset and its update message
382: backlog
383: <li>Improve handling of nexthop reachability state changes
384: </ul>
385: <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
386: <ul>
1.12 benno 387: <li>Allowed more than one CRL URI in certificates.
1.11 benno 388: <li>Do not apply timezone offsets when converting X509 times. X509
389: times are in UTC and comparing them to times in different timezones
390: would cause validity problems.
391: <li>Add support for an operator-configurable skiplist facility.
392: Operators can specify a list of FQDNs which should not be contacted
393: when synchronizing the local cache to the network.
394: <li>Emit a warning when a RRDP session serial number decreases.
395: <li>DER decoding functions were refactored to leverage ASN.1 templates.
396: <li>Add support to validate & inspect .sig files containing RPKI Signed
397: Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
398: <li>Print various statistics after the completion of the main process.
399: <li>Add support to decode & print TAL (RFC 8630) details in filemode (-f).
400: <li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON
401: output flag (-j) are combined.
1.13 benno 402: <li>Add support for validating Autonomous System Provider Authorization
1.11 benno 403: (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
404: Validated ASPA payloads are visible in JSON and filemode (-f) output.
405: <li>Set rsync connection I/O idle timeout to 15 seconds.
1.13 benno 406: <li>Unify the maximum idle I/O and connect timeouts for rsync & HTTPS.
1.11 benno 407: <li>Rpki-client now performs stricter EE certificate validation:
408: <ul>
409: <li>Disallow AS Resources extensions in ROA EE certificates.
410: <li>Disallow Subject Information Access (SIA) extensions in RPKI
411: Signed Checklist (RSC) EE certs.
412: <li>Check the resources in ROAs and RSCs against EE certs.
413: </ul>
414: <li>Improve readability and add various information being printed in
415: verbose mode.
416: <li>Extend filemode (-f) output and print X.509 certificates in PEM
417: format when increased verbosity (-vv) is specified.
418: <li>Shorten the RRDP I/O idle timeout.
419: <li>Introduce a deadline timer that aborts all repository synchronization
420: after seven eights of timeout (-s). With this rpki-client has improved
1.13 benno 421: chances to complete and produce an output even when a CA is excessively
1.11 benno 422: slow.
423: <li>Abort a currently running RRDP request process when the per-repository
424: timeout is reached.
425: <li>Permit multiple AccessDescription entries in SIA X.509 extensions. While
426: fetching from secondary locations is not yet supported, rpki-client will
1.13 benno 427: not treat occurrence as a fatal error.
1.11 benno 428: <li>Resolve a potential for a race condition in non-atomic RRDP deltas.
429: <li>Fix some memory leaks.
430: <li>Improve compliance with the HTTP protocol specification.
431: </ul>
432:
1.14 benno 433: <li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
1.11 benno 434: relax the limitations on what is an acceptable unicast IP. There are no
435: more experiments in IPv4 and so there is less reason for network
436: daemons to deny formerly experimental IP space. Multicast IPs
1.13 benno 437: (224/4) and loopback (127/8) are still disallowed.
1.14 benno 438: <li>Added check to <a
439: href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> to
440: ensure the challenge token is turned into a filename that is base64url
441: encoded.
442: <li>Added RFC 9234 "BGP Role" support to <a
443: href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
1.11 benno 444:
1.1 deraadt 445: </ul>
446:
447: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
448: <ul>
449: <li>...
450: </ul>
451:
1.2 jsg 452: <li>LibreSSL version 3.6.0
1.1 deraadt 453: <ul>
454: <li>New Features
455: <ul>
456: <li>...
457: </ul>
458:
459: <li>Portable Improvements
460: <ul>
461: <li>...
462: </ul>
463:
464: <li>Compatibility Changes
465: <ul>
466: <li>...
467: </ul>
468:
469: <li>Bug fixes
470: <ul>
471: <li>...
472: </ul>
473:
474: <li>Internal Improvements
475: <ul>
476: <li>...
477: </ul>
478:
479: <li>Documentation improvements
480: <ul>
481: <li>...
482: </ul>
483: </ul>
484:
1.2 jsg 485: <li>OpenSSH 9.1
1.1 deraadt 486: <ul>
487: <li>...
488: </ul>
489:
490: <li>mandoc 1.14.6 plus several bugfixes, including:
491: <ul>
1.12 benno 492: <li>Fixed calculation of the width of spanned columns in <a
493: href="https://man.openbsd.org/mandoc">mandoc(1)</a>.
1.14 benno 494: <li>Made <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>'s
495: roff_expand() parse left-to-right rather than right-to-left.
496:
1.1 deraadt 497: </ul>
498:
499: <li>Ports and packages:
500: <p>Many pre-built packages for each architecture:
501: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
502: <ul style="column-count: 3">
503: <li>aarch64: XXXX
504: <li>amd64: XXXX
505: <li>arm: XXXX
506: <li>i386: XXXX
507: <li>mips64: XXXX
508: <li>powerpc: XXXX
509: <li>powerpc64: XXXX
510: <li>riscv64: XXXX
511: <li>sparc64: XXXX
512: </ul>
513:
514: <p>Some highlights:
515: <ul style="column-count: 3">
1.3 sthen 516: <li>Asterisk 16.28.0, 18.14.0 and 19.6.0
1.1 deraadt 517: <li>Audacity 2.4.2
1.3 sthen 518: <li>CMake 3.24.2
519: <li>Chromium 105.0.5195.125
520: <li>Emacs 28.2
521: <li>FFmpeg 4.4.2
1.1 deraadt 522: <li>GCC 8.4.0 and 11.2.0
1.3 sthen 523: <li>GHC 9.2.4
524: <li>GNOME 42.4
525: <li>Go 1.19.1
526: <li>JDK 8u342, 11.0.16 and 17.0.4
527: <li>KDE Applications 22.08.1
528: <li>KDE Frameworks 5.98.0
529: <li>Krita 5.1.1
1.1 deraadt 530: <li>LLVM/Clang 13.0.0
1.3 sthen 531: <li>LibreOffice 7.4.1.2
1.1 deraadt 532: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.3 sthen 533: <li>MariaDB 10.9.3
534: <li>Mono 6.12.0.182
535: <li>Mozilla Firefox 105.0.1 and ESR 102.3.0
536: <li>Mozilla Thunderbird 102.3.0
537: <li>Mutt 2.2.7 and NeoMutt 20220429
538: <li>Node.js 16.17.1
1.1 deraadt 539: <li>OCaml 4.12.1
1.3 sthen 540: <li>OpenLDAP 2.6.3
541: <li>PHP 7.4.30, 8.0.23 and 8.1.10
542: <li>Postfix 3.7.2
543: <li>PostgreSQL 14.5
544: <li>Python 2.7.18, 3.9.14 and 3.10.7
545: <li>Qt 5.15.6 and 6.3.1
546: <li>R 4.2.1
547: <li>Ruby 2.7.6, 3.0.4 and 3.1.2
548: <li>Rust 1.63.0
549: <li>SQLite 3.39.3
550: <li>Shotcut 22.06.23
551: <li>Sudo 1.9.11.2
552: <li>Suricata 6.0.6
553: <li>Tcl/Tk 8.5.19 and 8.6.12
1.1 deraadt 554: <li>TeX Live 2021
1.3 sthen 555: <li>Vim 9.0.0192 and Neovim 0.7.2
1.1 deraadt 556: <li>Xfce 4.16
557: </ul>
558: <p>
559:
560: <li>As usual, steady improvements in manual pages and other documentation.
561:
562: <li>The system includes the following major components from outside suppliers:
563: <ul>
1.2 jsg 564: <li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
1.15 jsg 565: freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
1.1 deraadt 566: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
567: <li>LLVM/Clang 13.0.0 (+ patches)
568: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
569: <li>Perl 5.32.1 (+ patches)
1.2 jsg 570: <li>NSD 4.6.0
571: <li>Unbound 1.16.3
1.1 deraadt 572: <li>Ncurses 5.7
573: <li>Binutils 2.17 (+ patches)
574: <li>Gdb 6.3 (+ patches)
1.2 jsg 575: <li>Awk September 12, 2022
576: <li>Expat 2.4.9
1.1 deraadt 577: </ul>
578:
579: </ul>
580: </section>
581:
582: <hr>
583:
584: <section id=install>
585: <h3>How to install</h3>
586: <p>
587: Please refer to the following files on the mirror site for
588: extensive details on how to install OpenBSD 7.2 on your machine:
589:
590: <ul>
591: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/alpha/INSTALL.alpha">
592: .../OpenBSD/7.2/alpha/INSTALL.alpha</a>
593: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/amd64/INSTALL.amd64">
594: .../OpenBSD/7.2/amd64/INSTALL.amd64</a>
595: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/arm64/INSTALL.arm64">
596: .../OpenBSD/7.2/arm64/INSTALL.arm64</a>
597: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/armv7/INSTALL.armv7">
598: .../OpenBSD/7.2/armv7/INSTALL.armv7</a>
599: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/hppa/INSTALL.hppa">
600: .../OpenBSD/7.2/hppa/INSTALL.hppa</a>
601: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/i386/INSTALL.i386">
602: .../OpenBSD/7.2/i386/INSTALL.i386</a>
603: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/landisk/INSTALL.landisk">
604: .../OpenBSD/7.2/landisk/INSTALL.landisk</a>
1.8 jsg 605: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/loongson/INSTALL.loongson">
606: .../OpenBSD/7.2/loongson/INSTALL.loongson</a>
1.1 deraadt 607: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/luna88k/INSTALL.luna88k">
608: .../OpenBSD/7.2/luna88k/INSTALL.luna88k</a>
609: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/macppc/INSTALL.macppc">
610: .../OpenBSD/7.2/macppc/INSTALL.macppc</a>
611: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/octeon/INSTALL.octeon">
612: .../OpenBSD/7.2/octeon/INSTALL.octeon</a>
613: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/powerpc64/INSTALL.powerpc64">
614: .../OpenBSD/7.2/powerpc64/INSTALL.powerpc64</a>
615: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/riscv64/INSTALL.riscv64">
616: .../OpenBSD/7.2/riscv64/INSTALL.riscv64</a>
617: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/sparc64/INSTALL.sparc64">
618: .../OpenBSD/7.2/sparc64/INSTALL.sparc64</a>
619: </ul>
620: </section>
621:
622: <hr>
623:
624: <section id=quickinstall>
625: <p>
626: Quick installer information for people familiar with OpenBSD, and the use of
627: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
628: If you are at all confused when installing OpenBSD, read the relevant
629: INSTALL.* file as listed above!
630:
631: <h3>OpenBSD/alpha:</h3>
632:
633: <p>
634: If your machine can boot from CD, you can write <i>install72.iso</i> or
635: <i>cd72.iso</i> to a CD and boot from it.
636: Refer to INSTALL.alpha for more details.
637:
638: <h3>OpenBSD/amd64:</h3>
639:
640: <p>
641: If your machine can boot from CD, you can write <i>install72.iso</i> or
642: <i>cd72.iso</i> to a CD and boot from it.
643: You may need to adjust your BIOS options first.
644:
645: <p>
646: If your machine can boot from USB, you can write <i>install72.img</i> or
647: <i>miniroot72.img</i> to a USB stick and boot from it.
648:
649: <p>
650: If you can't boot from a CD, floppy disk, or USB,
651: you can install across the network using PXE as described in the included
652: INSTALL.amd64 document.
653:
654: <p>
655: If you are planning to dual boot OpenBSD with another OS, you will need to
656: read INSTALL.amd64.
657:
658: <h3>OpenBSD/arm64:</h3>
659:
660: <p>
661: Write <i>install72.img</i> or <i>miniroot72.img</i> to a disk and boot from it
662: after connecting to the serial console. Refer to INSTALL.arm64 for more
663: details.
664:
665: <h3>OpenBSD/armv7:</h3>
666:
667: <p>
668: Write a system specific miniroot to an SD card and boot from it after connecting
669: to the serial console. Refer to INSTALL.armv7 for more details.
670:
671: <h3>OpenBSD/hppa:</h3>
672:
673: <p>
674: Boot over the network by following the instructions in INSTALL.hppa or the
675: <a href="hppa.html#install">hppa platform page</a>.
676:
677: <h3>OpenBSD/i386:</h3>
678:
679: <p>
680: If your machine can boot from CD, you can write <i>install72.iso</i> or
681: <i>cd72.iso</i> to a CD and boot from it.
682: You may need to adjust your BIOS options first.
683:
684: <p>
685: If your machine can boot from USB, you can write <i>install72.img</i> or
686: <i>miniroot72.img</i> to a USB stick and boot from it.
687:
688: <p>
689: If you can't boot from a CD, floppy disk, or USB,
690: you can install across the network using PXE as described in
691: the included INSTALL.i386 document.
692:
693: <p>
694: If you are planning on dual booting OpenBSD with another OS, you will need to
695: read INSTALL.i386.
696:
697: <h3>OpenBSD/landisk:</h3>
698:
699: <p>
700: Write <i>miniroot72.img</i> to the start of the CF
701: or disk, and boot normally.
1.8 jsg 702:
703: <h3>OpenBSD/loongson:</h3>
704:
705: <p>
706: Write <i>miniroot72.img</i> to a USB stick and boot bsd.rd from it
707: or boot bsd.rd via tftp.
708: Refer to the instructions in INSTALL.loongson for more details.
1.1 deraadt 709:
710: <h3>OpenBSD/luna88k:</h3>
711:
712: <p>
713: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
714: from the PROM, and then bsd.rd from the bootloader.
715: Refer to the instructions in INSTALL.luna88k for more details.
716:
717: <h3>OpenBSD/macppc:</h3>
718:
719: <p>
720: Burn the image from a mirror site to a CDROM, and power on your machine
721: while holding down the <i>C</i> key until the display turns on and
722: shows <i>OpenBSD/macppc boot</i>.
723:
724: <p>
725: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
726: /7.2/macppc/bsd.rd</i>
727:
728: <h3>OpenBSD/octeon:</h3>
729:
730: <p>
731: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
732: Refer to the instructions in INSTALL.octeon for more details.
733:
734: <h3>OpenBSD/powerpc64:</h3>
735:
736: <p>
737: To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
738: USB stick, plug it into the machine and choose the <i>OpenBSD
739: install</i> menu item in Petitboot.
740: Refer to the instructions in INSTALL.powerpc64 for more details.
741:
742: <h3>OpenBSD/riscv64:</h3>
743:
744: <p>
745: To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
746: USB stick, and boot with that drive plugged in.
747: Make sure you also have the microSD card plugged in that shipped with the
748: HiFive Unmatched board.
749: Refer to the instructions in INSTALL.riscv64 for more details.
750:
751: <h3>OpenBSD/sparc64:</h3>
752:
753: <p>
754: Burn the image from a mirror site to a CDROM, boot from it, and type
755: <i>boot cdrom</i>.
756:
757: <p>
758: If this doesn't work, or if you don't have a CDROM drive, you can write
759: <i>floppy72.img</i> or <i>floppyB72.img</i>
760: (depending on your machine) to a floppy and boot it with <i>boot
761: floppy</i>. Refer to INSTALL.sparc64 for details.
762:
763: <p>
764: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
765: will most likely fail.
766:
767: <p>
768: You can also write <i>miniroot72.img</i> to the swap partition on
769: the disk and boot with <i>boot disk:b</i>.
770:
771: <p>
772: If nothing works, you can boot over the network as described in INSTALL.sparc64.
773: </section>
774:
775: <hr>
776:
777: <section id=upgrade>
778: <h3>How to upgrade</h3>
779: <p>
1.10 benno 780: If you already have an OpenBSD 7.1 system, and do not want to reinstall,
1.1 deraadt 781: upgrade instructions and advice can be found in the
782: <a href="faq/upgrade72.html">Upgrade Guide</a>.
783: </section>
784:
785: <hr>
786:
787: <section id=sourcecode>
788: <h3>Notes about the source code</h3>
789: <p>
790: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
791: This file contains everything you need except for the kernel sources,
792: which are in a separate archive.
793: To extract:
794: <blockquote><pre>
795: # <kbd>mkdir -p /usr/src</kbd>
796: # <kbd>cd /usr/src</kbd>
797: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
798: </pre></blockquote>
799: <p>
800: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
801: This file contains all the kernel sources you need to rebuild kernels.
802: To extract:
803: <blockquote><pre>
804: # <kbd>mkdir -p /usr/src/sys</kbd>
805: # <kbd>cd /usr/src</kbd>
806: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
807: </pre></blockquote>
808: <p>
809: Both of these trees are a regular CVS checkout. Using these trees it
810: is possible to get a head-start on using the anoncvs servers as
811: described <a href="anoncvs.html">here</a>.
812: Using these files
813: results in a much faster initial CVS update than you could expect from
814: a fresh checkout of the full OpenBSD source tree.
815: </section>
816:
817: <hr>
818:
819: <section id=ports>
820: <h3>Ports Tree</h3>
821: <p>
822: A ports tree archive is also provided. To extract:
823: <blockquote><pre>
824: # <kbd>cd /usr</kbd>
825: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
826: </pre></blockquote>
827: <p>
828: Go read the <a href="faq/ports/index.html">ports</a> page
829: if you know nothing about ports
830: at this point. This text is not a manual of how to use ports.
831: Rather, it is a set of notes meant to kickstart the user on the
832: OpenBSD ports system.
833: <p>
834: The <i>ports/</i> directory represents a CVS checkout of our ports.
835: As with our complete source tree, our ports tree is available via
836: <a href="anoncvs.html">AnonCVS</a>.
837: So, in order to keep up to date with the -stable branch, you must make
838: the <i>ports/</i> tree available on a read-write medium and update the tree
839: with a command like:
840: <blockquote><pre>
841: # <kbd>cd /usr/ports</kbd>
842: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_2</kbd>
843: </pre></blockquote>
844: <p>
845: [Of course, you must replace the server name here with a nearby anoncvs
846: server.]
847: <p>
848: Note that most ports are available as packages on our mirrors. Updated
849: ports for the 7.2 release will be made available if problems arise.
850: <p>
851: If you're interested in seeing a port added, would like to help out, or just
852: would like to know more, the mailing list
853: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
854: </section>
855: </body>
856: </html>