Annotation of www/72.html, Revision 1.18
1.1 deraadt 1: <!doctype html>
2: <html lang=en id=release>
3: <head>
4: <meta charset=utf-8>
5:
6: <title>OpenBSD 7.2</title>
7: <meta name="description" content="OpenBSD 7.2">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/72.html">
11: </head><body>
12: <h2 id=OpenBSD>
13: <a href="index.html">
14: <i>Open</i><b>BSD</b></a>
15: 7.2
16: </h2>
17:
18: <table>
19: <tr>
20: <td>
21: <a href="images/XXX.png">
22: <img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
23: <td>
24: Released Oct 20, 2022. (53rd OpenBSD release)<br>
25: Copyright 1997-2022, Theo de Raadt.<br>
26: <br>
27: Artwork by Luc Houweling.
28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <code class=reldir>pub/OpenBSD/7.2/</code> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata72.html">the 7.2 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus72.html">detailed log of changes</a> between the
37: 7.1 and 7.2 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<p>
41:
42: <table class=signify>
43: <tr><td>
44: openbsd-72-base.pub:
45: <td>
46: <a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/openbsd-72-base.pub">
1.17 jsg 47: RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo</a>
1.1 deraadt 48: <tr><td>
49: openbsd-72-fw.pub:
50: <td>
51: RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4
52: <tr><td>
53: openbsd-72-pkg.pub:
54: <td>
55: RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0
56: <tr><td>
57: openbsd-72-syspatch.pub:
58: <td>
59: RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w
60: </table>
61: </ul>
62: <p>
63: All applicable copyrights and credits are in the src.tar.gz,
64: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65: files fetched via <code>ports.tar.gz</code>.
66: </table>
67:
68: <hr>
69:
70: <section id=new>
71: <h3>What's New</h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 7.2.
74: For a comprehensive list, see the <a href="plus72.html">changelog</a> leading
75: to 7.2.
76:
77: <ul>
78:
79: <li>New/extended platforms:
80: <ul>
1.4 jsg 81: <li>Added support for Ampere Altra
82: <li>Added support for Apple M2
83: <li>Added support for Qualcomm Snapdragon 8cx Gen 3 (SC8280XP)
1.1 deraadt 84: <li>...
85: </ul>
86:
87: <li>Various kernel improvements:
88: <ul>
1.12 benno 89: <li>Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.
90: <li>Added support for switching from glass console to serial console
91: on arm64 systems that default to glass console.
1.16 jsg 92: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows
93: IGMP and ICMP6 MLD packets with router alert option.
1.9 bluhm 94: Special allow-opts rules are no longer needed for multicast
95: discovery.
1.16 jsg 96: <li>Implement "show all routes" to print routing tables in
97: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
98: <li>Count dropped network packets due to low memory in
99: <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
1.12 benno 100: <li>Simplified machine command handling in <a
101: href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
102: <li>Changed to a simpler formula to calculate a default kern.maxthread
103: value: 2*NPROCESS.
104: <li>Enabled <a href="https://man.openbsd.org/kstat.4">kstat(4)</a>, a
105: device that exports kernel statistics that can be read by <a
106: href="https://man.openbsd.org/kstat.4">kstat(4)</a>.
1.13 benno 107: <li>Added cpu frequency sensors for each core on CPUs that have MPERF/APERF support.
1.14 benno 108: <li>Merged the UVM swap-backed and object-backed inactive page lists.
109: <li>Fixed <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a>
110: implementation to be fair to writers. Previously, readers could grab
111: the lock even if writers were waiting first.
112: <li>Made the CPU frequency scaling duration relative to the load
113: when in automatic mode on battery.
114: <li>Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules
115: installed in arbitrary slots.
1.1 deraadt 116: </ul>
117:
118: <li>SMP Improvements
119: <ul>
1.9 bluhm 120: <li>Make route timer MP safe and use pool rttmr.
121: <li>Use kernel lock to protect parts of ARP, ND6 and PPPoE that
122: are not MP safe.
123: Lookup of existing ARP entry is MP safe and can run in parallel.
124: <li>Start up to 4 softnet tasks to run IP input and forwarding
125: in parallel on multiple cores.
126: <li>Run IPv4 packet reassembly in parallel.
127: <li>Run IPv6 hop-by-hop options processing in parallel.
128: <li>Add a mutex to rate limiting functions to make them MP safe.
129: <li>Introduce mutex and reference counter for internet protocol
130: control block.
131: <li>Protect UDP, raw IP, and divert packet input routines
132: with a per socket mutex.
1.16 jsg 133: <li>Protect <a href="https://man.openbsd.org/recv.2">recv(2)</a> system call
134: for UDP and raw IP packets with a per socket mutex and shared netlock.
1.9 bluhm 135: Allows to receive packets while forwarding in parallel.
136: <li>Protect multicast deliver loop for UDP and raw IP sockets with rwlock.
1.13 benno 137: <li>Only grab netlock in IGMP and MLD timer when necessary.
1.9 bluhm 138: <li>TCP slow timer runs without netlock.
139: <li>Rework rwlock so that a writer will get the lock eventually.
140: Readers cannot share the lock forever.
141: This prevents starvation of the writer.
142: <li>Run interface media ioctl with shared netlock so packets
1.16 jsg 143: can be processed while running
144: <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
145: <li><a href="https://man.openbsd.org/btrace.8">btrace(8)</a> can be used
146: to debug reference counting.
1.9 bluhm 147: <li>Use MP safe refcount for interface addresses.
1.1 deraadt 148: <li>...
149: </ul>
150:
1.13 benno 151: <li>Direct Rendering Manager and graphics drivers
1.1 deraadt 152: <ul>
1.5 jsg 153: <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
154: to Linux 5.15.69
155: <li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
156: support for Alder Lake, Raptor Lake
1.13 benno 157: <li>Reimplemented the page allocation code using <a
158: href="https://man.openbsd.org/bus_dma.9">bus_dma(9)</a> APIs to make
159: sure DMA addresses are translated properly on architectures with an
160: IOMMU. This fixed <a
161: href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a
162: href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> on
163: powerpc, sparc64, and arm64 machines.
1.1 deraadt 164: </ul>
165:
166: <li>VMM/VMD improvements
167: <ul>
1.11 benno 168: <li>Improved error handling and logging in <a
169: href="https://man.openbsd.org/vmd.8">vmd(8)</a>
170: <li>Unify all internal structures and interfaces between <a
171: href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a
172: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a
173: href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for
1.13 benno 174: memory and disk sizes.
1.18 ! jsg 175: <li>Fix rebooting a received VM in <a
1.11 benno 176: href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
177: <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide
178: a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
179: it there.
180: <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by
1.18 ! jsg 181: one in VM memory range check.
1.11 benno 182: <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add
1.18 ! jsg 183: support for MMIO assist. In <a
! 184: href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port I/O
1.11 benno 185: emulation to userland.
186: <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute
187: i8254 read-back command latch from singular timestamp.
188: <li>Improve the command line parsing in <a
189: href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
190: <li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow
191: reading MSR_TSC on Intel hosts.
192: <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference
1.18 ! jsg 193: count VMs and VCPUs.
1.11 benno 194: <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero
1.18 ! jsg 195: virtual addresses of VCPU state pages after freeing.
1.11 benno 196: <li>Fix `vmctl send` on Intel hosts by load the vmcs before reading
1.18 ! jsg 197: VCPU registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
1.11 benno 198: <li>Fix `vmctl receive` on Intel hosts by adding an additional fault
199: type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
200: <li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a>
201: tracepoints in various <a
202: href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths.
1.1 deraadt 203: </ul>
204:
205: <li>Various new userland features:
206: <ul>
1.12 benno 207: <li>Added <a href="https://man.openbsd.org/kstat.1">kstat(1)</a>, a
208: utility to display kernel statistics collected by <a
209: href="https://man.openbsd.org/kstat.4">kstat(4)</a>.
1.14 benno 210: <li>Replaced <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>
211: $rcexec variable with an rc_exec function. <em>This will require a
212: mechanical change from <code>${rcexec}</code> to <code>rc_exec</code>
213: in rc.d scripts.</em> Kept compatibility to give people a chance to
214: fix their custom scripts.
1.1 deraadt 215: </ul>
216:
217: <li>Various bugfixes and tweaks in userland:
218: <ul>
1.12 benno 219: <li>Changed <a href="https://man.openbsd.org/compress">compress(1)</a>
220: to print a more accurate message when -v is used with -k.
221: <li>Fixed <a href="https://man.openbsd.org/openrsync">openrsync(1)</a>
222: on sparc64 by eliminating a redundant second conversion of the int
223: value from little to host endian.
224: <li>Made use of the fact that repositories are unique objects in <a
225: href="https://man.openbsd.org/pkg_add">pkg_add(1)</a> and annotated
226: the quirks repository as cached, allowing for a large speed increase.
1.14 benno 227: <li>Enabled <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> caching by default.
1.12 benno 228: <li>Fixed <a href="https://man.openbsd.org/kbd.8">kbd(8)</a> so it
229: doesn't fail silently when executed by a regular user.
1.13 benno 230: <li>Prevented a crash in <a
231: href="https://man.openbsd.org/vi">vi(1)</a> when cursor key support is disabled.
232: <li>Updated <a href="https://man.openbsd.org/vi">vi(1)</a> to apply
233: expandtab to the output of a ! command.
234: <li>Added missing uuid_dec_le() to init_fp() so <a
235: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A works on
236: big-endian architectures.
1.14 benno 237: <li>Aligned <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
238: logic with that used in the kernel to allow the protective EFI GPT
239: partition to be in MBR partitions 0-3, not just 0.
240: <li>Prevented use of "-u" when <a
241: href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> is operating on
242: GPT formatted disks.
243: <li>Stopped telling <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> that macppc HAS_MBR.
244:
245:
246: <li>In the <i>sndio</i> library, added the function <a
247: href="https://man.openbsd.org/sio_flush.3">sio_flush(3)</a> to stop
248: playback immediately. Altered <a
249: href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to wait until
250: the buffer is drained before closing the device.
251: <li>Installed useful <a
252: href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts in
253: /usr/share/btrace.
254: <li>Made <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> use a
255: much safer FD-passing idiom for updating <a
256: href="https://man.openbsd.org/utmp.5">utmp(5)</a>.
257: <li>Made <a href="https://man.openbsd.org/mg.1">mg(1)</a>
258: automatically delete trailing whitespace on RET in c-mode and
259: auto-indent-mode.
260:
1.1 deraadt 261: </ul>
262:
263: <li>Improved hardware support and driver bugfixes, including:
264: <ul>
1.7 jsg 265: <li>New <a href="https://man.openbsd.org/arm64/aplaudio.4">aplaudio(4)</a>
266: driver for Apple audio subsystem.
267: <li>New <a href="https://man.openbsd.org/arm64/aplmca.4">aplmca(4)</a>
268: driver for Apple MCA controller.
269: <li>New <a href="https://man.openbsd.org/arm64/aplsart.4">aplsart(4)</a>
270: driver for Apple SART address filter.
271: <li>New alpdc, apldchidev, apldckbd, apldcms, and aplrtk drivers for
272: keyboard and trackpad on Apple M2 laptops.
273: <li>New <a href="https://man.openbsd.org/arm64/qcgpio.4">qcgpio(4)</a>
274: driver for Qualcomm Snapdragon GPIO controller.
275: <li>New <a href="https://man.openbsd.org/arm64/qciic.4">qciic(4)</a>
276: driver for Qualcomm Snapdragon GENI I2C controller.
277: <li>New <a href="https://man.openbsd.org/riscv64/sfgpio.4">sfgpio(4)</a>
278: driver for SiFive GPIO controller.
279: <li>New <a href="https://man.openbsd.org/riscv64/stfclock.4">stfclock(4)</a>
280: driver for StarFive JH7100 clock controller.
281: <li>New <a href="https://man.openbsd.org/riscv64/stfpinctrl.4">stfpinctrl(4)</a>
282: driver for StarFive JH7100 pin configuration.
283: <li>New stftemp
284: driver for StarFive JH7100 temperature sensor.
285: <li>New <a href="https://man.openbsd.org/sxirintc.4">sxirintc(4)</a>
286: driver for Allwinner wakeup interrupt controller.
287: <li>New gpiorestart
288: driver for system reset via GPIO pin.
1.12 benno 289: <li>Added support for more power sensors to <a
290: href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
1.14 benno 291: <li>Added support for the <a
292: href="https://man.openbsd.org/ehci.4">ehci(4)</a> controller on
1.18 ! jsg 293: Marvell 3720 boards.
1.1 deraadt 294: </ul>
295:
296: <li>New or improved network hardware support:
297: <ul>
1.6 mbuhl 298: <li>Enabled checksum offloads in <a href="https://man.openbsd.org/igc.4"
299: >igc(4)</a>.
1.13 benno 300: <li>Extended <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a> to show CCD temperatures if available.
1.1 deraadt 301: </ul>
302:
303: <li>Added or improved wireless network drivers:
304: <ul>
1.18 ! jsg 305: <li>Made device matching in <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> more similar to Linux iwlwifi.
1.14 benno 306: <li>Added support for AX210/AX211 devices to <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
307: <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> setting
308: of HT/VHT bits in rate flags of the Tx command that could cause a
309: firmware panic.
1.18 ! jsg 310: <li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a> hardware VLAN tagging.
1.13 benno 311: <li>Updated various wireless drivers to use <a href="https://man.openbsd.org/memset.3">memset(3)</a> to initialize ieee80211_rxinfo struct properly.
312: <li>Increased rx buffer size on <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB.
313:
1.1 deraadt 314: </ul>
315:
316: <li>IEEE 802.11 wireless stack improvements and bugfixes:
317: <ul>
318: <li>...
319: </ul>
320:
321: <li>Installer and upgrade improvements:
322: <ul>
1.14 benno 323: <li>Fixed the watchdog in the installer so that the watchdog is reset
324: after each download and each set installation.
1.1 deraadt 325: </ul>
326:
327: <li>Security improvements:
328: <ul>
329: <li>...
330: </ul>
331:
1.12 benno 332: <li>Changes in the network stack:
333: <ul>
1.13 benno 334: <li>Relaxed address availability check for <a
335: href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so
336: processes listening for the same multicast address do not need to be
337: the same UID.
338: <li>Introduced dedicated link entries for snapshots to <a
339: href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>.
1.14 benno 340: <li>Changed <a href="https://man.openbsd.org/pf.4">pf(4)</a> handling
341: of IGMP and ICMP6 MLD packets to allow multicast control packets to
342: work by default.
343: <li>Made <a href="https://man.openbsd.org/pf.4">pf(4)</a> more paranoid about IGMP/MKP messages.
344: <li>Allow forwarding to and from IPs in the 240/4 range.
1.18 ! jsg 345: <li>Corrected the Virtual Ethernet Bridge <a
1.14 benno 346: href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling
347: if_enqueue from an smr critical section.
348: <li>Fixed a kernel panic in <a
349: href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an
350: ICMP payload were truncated. Such packets will now be dropped instead.
1.12 benno 351: </ul>
352:
1.1 deraadt 353: <li>Routing daemons and other userland network improvements:
354: <ul>
1.11 benno 355: <li>IPsec support was improved:
356: <ul>
357: </ul>
358: <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
359: <ul>
360: <li>Implement max-communities filter to limit the number of allowed
361: communities, ext-communities and large-communities.
362: <li>Fix insertion of additional non-transitive extended communities when
363: sending out prefixes.
364: <li>Relax IP address limitation by allowing prefixes in 240/4.
365: <li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
366: in UPDATE and OPEN Messages.
367: <li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
368: <li>Improve FIB code, handle IPv6 scoped addresses properly.
369: <li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>,
1.18 ! jsg 370: a FastCGI server providing a REST API of bgpctl.
1.16 jsg 371: <li>Bugfix: <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> could
372: fail to invalidate nexthops and incorrectly leave them in the FIB or
373: Adj-RIB-Out.
1.11 benno 374: <li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>
375: <code>show rib 10/8 or-longer</code> and <code>show rib 10/8
376: or-shorter</code>
377: <li>Switch various static hash tables to RB trees improving
378: performance on large systems
379: <li>Export per neighbor pending update and withdraw statistics
380: <li>Fix race between a neighbor session reset and its update message
381: backlog
382: <li>Improve handling of nexthop reachability state changes
383: </ul>
384: <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
385: <ul>
1.12 benno 386: <li>Allowed more than one CRL URI in certificates.
1.11 benno 387: <li>Do not apply timezone offsets when converting X509 times. X509
388: times are in UTC and comparing them to times in different timezones
389: would cause validity problems.
390: <li>Add support for an operator-configurable skiplist facility.
391: Operators can specify a list of FQDNs which should not be contacted
392: when synchronizing the local cache to the network.
393: <li>Emit a warning when a RRDP session serial number decreases.
394: <li>DER decoding functions were refactored to leverage ASN.1 templates.
395: <li>Add support to validate & inspect .sig files containing RPKI Signed
396: Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
397: <li>Print various statistics after the completion of the main process.
398: <li>Add support to decode & print TAL (RFC 8630) details in filemode (-f).
399: <li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON
400: output flag (-j) are combined.
1.13 benno 401: <li>Add support for validating Autonomous System Provider Authorization
1.11 benno 402: (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
403: Validated ASPA payloads are visible in JSON and filemode (-f) output.
404: <li>Set rsync connection I/O idle timeout to 15 seconds.
1.13 benno 405: <li>Unify the maximum idle I/O and connect timeouts for rsync & HTTPS.
1.18 ! jsg 406: <li>rpki-client now performs stricter EE certificate validation:
1.11 benno 407: <ul>
408: <li>Disallow AS Resources extensions in ROA EE certificates.
409: <li>Disallow Subject Information Access (SIA) extensions in RPKI
410: Signed Checklist (RSC) EE certs.
411: <li>Check the resources in ROAs and RSCs against EE certs.
412: </ul>
413: <li>Improve readability and add various information being printed in
414: verbose mode.
415: <li>Extend filemode (-f) output and print X.509 certificates in PEM
416: format when increased verbosity (-vv) is specified.
417: <li>Shorten the RRDP I/O idle timeout.
418: <li>Introduce a deadline timer that aborts all repository synchronization
419: after seven eights of timeout (-s). With this rpki-client has improved
1.13 benno 420: chances to complete and produce an output even when a CA is excessively
1.11 benno 421: slow.
422: <li>Abort a currently running RRDP request process when the per-repository
423: timeout is reached.
424: <li>Permit multiple AccessDescription entries in SIA X.509 extensions. While
425: fetching from secondary locations is not yet supported, rpki-client will
1.13 benno 426: not treat occurrence as a fatal error.
1.11 benno 427: <li>Resolve a potential for a race condition in non-atomic RRDP deltas.
428: <li>Fix some memory leaks.
429: <li>Improve compliance with the HTTP protocol specification.
430: </ul>
431:
1.14 benno 432: <li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
1.11 benno 433: relax the limitations on what is an acceptable unicast IP. There are no
434: more experiments in IPv4 and so there is less reason for network
435: daemons to deny formerly experimental IP space. Multicast IPs
1.13 benno 436: (224/4) and loopback (127/8) are still disallowed.
1.14 benno 437: <li>Added check to <a
438: href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> to
439: ensure the challenge token is turned into a filename that is base64url
440: encoded.
441: <li>Added RFC 9234 "BGP Role" support to <a
442: href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
1.11 benno 443:
1.1 deraadt 444: </ul>
445:
446: <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
447: <ul>
448: <li>...
449: </ul>
450:
1.2 jsg 451: <li>LibreSSL version 3.6.0
1.1 deraadt 452: <ul>
453: <li>New Features
454: <ul>
455: <li>...
456: </ul>
457:
458: <li>Portable Improvements
459: <ul>
460: <li>...
461: </ul>
462:
463: <li>Compatibility Changes
464: <ul>
465: <li>...
466: </ul>
467:
468: <li>Bug fixes
469: <ul>
470: <li>...
471: </ul>
472:
473: <li>Internal Improvements
474: <ul>
475: <li>...
476: </ul>
477:
478: <li>Documentation improvements
479: <ul>
480: <li>...
481: </ul>
482: </ul>
483:
1.2 jsg 484: <li>OpenSSH 9.1
1.1 deraadt 485: <ul>
486: <li>...
487: </ul>
488:
489: <li>mandoc 1.14.6 plus several bugfixes, including:
490: <ul>
1.12 benno 491: <li>Fixed calculation of the width of spanned columns in <a
492: href="https://man.openbsd.org/mandoc">mandoc(1)</a>.
1.14 benno 493: <li>Made <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>'s
494: roff_expand() parse left-to-right rather than right-to-left.
495:
1.1 deraadt 496: </ul>
497:
498: <li>Ports and packages:
499: <p>Many pre-built packages for each architecture:
500: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
501: <ul style="column-count: 3">
502: <li>aarch64: XXXX
503: <li>amd64: XXXX
504: <li>arm: XXXX
505: <li>i386: XXXX
506: <li>mips64: XXXX
507: <li>powerpc: XXXX
508: <li>powerpc64: XXXX
509: <li>riscv64: XXXX
510: <li>sparc64: XXXX
511: </ul>
512:
513: <p>Some highlights:
514: <ul style="column-count: 3">
1.3 sthen 515: <li>Asterisk 16.28.0, 18.14.0 and 19.6.0
1.1 deraadt 516: <li>Audacity 2.4.2
1.3 sthen 517: <li>CMake 3.24.2
518: <li>Chromium 105.0.5195.125
519: <li>Emacs 28.2
520: <li>FFmpeg 4.4.2
1.1 deraadt 521: <li>GCC 8.4.0 and 11.2.0
1.3 sthen 522: <li>GHC 9.2.4
523: <li>GNOME 42.4
524: <li>Go 1.19.1
525: <li>JDK 8u342, 11.0.16 and 17.0.4
526: <li>KDE Applications 22.08.1
527: <li>KDE Frameworks 5.98.0
528: <li>Krita 5.1.1
1.1 deraadt 529: <li>LLVM/Clang 13.0.0
1.3 sthen 530: <li>LibreOffice 7.4.1.2
1.1 deraadt 531: <li>Lua 5.1.5, 5.2.4 and 5.3.6
1.3 sthen 532: <li>MariaDB 10.9.3
533: <li>Mono 6.12.0.182
534: <li>Mozilla Firefox 105.0.1 and ESR 102.3.0
535: <li>Mozilla Thunderbird 102.3.0
536: <li>Mutt 2.2.7 and NeoMutt 20220429
537: <li>Node.js 16.17.1
1.1 deraadt 538: <li>OCaml 4.12.1
1.3 sthen 539: <li>OpenLDAP 2.6.3
540: <li>PHP 7.4.30, 8.0.23 and 8.1.10
541: <li>Postfix 3.7.2
542: <li>PostgreSQL 14.5
543: <li>Python 2.7.18, 3.9.14 and 3.10.7
544: <li>Qt 5.15.6 and 6.3.1
545: <li>R 4.2.1
546: <li>Ruby 2.7.6, 3.0.4 and 3.1.2
547: <li>Rust 1.63.0
548: <li>SQLite 3.39.3
549: <li>Shotcut 22.06.23
550: <li>Sudo 1.9.11.2
551: <li>Suricata 6.0.6
552: <li>Tcl/Tk 8.5.19 and 8.6.12
1.1 deraadt 553: <li>TeX Live 2021
1.3 sthen 554: <li>Vim 9.0.0192 and Neovim 0.7.2
1.1 deraadt 555: <li>Xfce 4.16
556: </ul>
557: <p>
558:
559: <li>As usual, steady improvements in manual pages and other documentation.
560:
561: <li>The system includes the following major components from outside suppliers:
562: <ul>
1.2 jsg 563: <li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
1.15 jsg 564: freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
1.1 deraadt 565: xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
566: <li>LLVM/Clang 13.0.0 (+ patches)
567: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
568: <li>Perl 5.32.1 (+ patches)
1.2 jsg 569: <li>NSD 4.6.0
570: <li>Unbound 1.16.3
1.1 deraadt 571: <li>Ncurses 5.7
572: <li>Binutils 2.17 (+ patches)
573: <li>Gdb 6.3 (+ patches)
1.2 jsg 574: <li>Awk September 12, 2022
575: <li>Expat 2.4.9
1.1 deraadt 576: </ul>
577:
578: </ul>
579: </section>
580:
581: <hr>
582:
583: <section id=install>
584: <h3>How to install</h3>
585: <p>
586: Please refer to the following files on the mirror site for
587: extensive details on how to install OpenBSD 7.2 on your machine:
588:
589: <ul>
590: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/alpha/INSTALL.alpha">
591: .../OpenBSD/7.2/alpha/INSTALL.alpha</a>
592: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/amd64/INSTALL.amd64">
593: .../OpenBSD/7.2/amd64/INSTALL.amd64</a>
594: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/arm64/INSTALL.arm64">
595: .../OpenBSD/7.2/arm64/INSTALL.arm64</a>
596: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/armv7/INSTALL.armv7">
597: .../OpenBSD/7.2/armv7/INSTALL.armv7</a>
598: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/hppa/INSTALL.hppa">
599: .../OpenBSD/7.2/hppa/INSTALL.hppa</a>
600: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/i386/INSTALL.i386">
601: .../OpenBSD/7.2/i386/INSTALL.i386</a>
602: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/landisk/INSTALL.landisk">
603: .../OpenBSD/7.2/landisk/INSTALL.landisk</a>
1.8 jsg 604: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/loongson/INSTALL.loongson">
605: .../OpenBSD/7.2/loongson/INSTALL.loongson</a>
1.1 deraadt 606: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/luna88k/INSTALL.luna88k">
607: .../OpenBSD/7.2/luna88k/INSTALL.luna88k</a>
608: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/macppc/INSTALL.macppc">
609: .../OpenBSD/7.2/macppc/INSTALL.macppc</a>
610: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/octeon/INSTALL.octeon">
611: .../OpenBSD/7.2/octeon/INSTALL.octeon</a>
612: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/powerpc64/INSTALL.powerpc64">
613: .../OpenBSD/7.2/powerpc64/INSTALL.powerpc64</a>
614: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/riscv64/INSTALL.riscv64">
615: .../OpenBSD/7.2/riscv64/INSTALL.riscv64</a>
616: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/sparc64/INSTALL.sparc64">
617: .../OpenBSD/7.2/sparc64/INSTALL.sparc64</a>
618: </ul>
619: </section>
620:
621: <hr>
622:
623: <section id=quickinstall>
624: <p>
625: Quick installer information for people familiar with OpenBSD, and the use of
626: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
627: If you are at all confused when installing OpenBSD, read the relevant
628: INSTALL.* file as listed above!
629:
630: <h3>OpenBSD/alpha:</h3>
631:
632: <p>
633: If your machine can boot from CD, you can write <i>install72.iso</i> or
634: <i>cd72.iso</i> to a CD and boot from it.
635: Refer to INSTALL.alpha for more details.
636:
637: <h3>OpenBSD/amd64:</h3>
638:
639: <p>
640: If your machine can boot from CD, you can write <i>install72.iso</i> or
641: <i>cd72.iso</i> to a CD and boot from it.
642: You may need to adjust your BIOS options first.
643:
644: <p>
645: If your machine can boot from USB, you can write <i>install72.img</i> or
646: <i>miniroot72.img</i> to a USB stick and boot from it.
647:
648: <p>
649: If you can't boot from a CD, floppy disk, or USB,
650: you can install across the network using PXE as described in the included
651: INSTALL.amd64 document.
652:
653: <p>
654: If you are planning to dual boot OpenBSD with another OS, you will need to
655: read INSTALL.amd64.
656:
657: <h3>OpenBSD/arm64:</h3>
658:
659: <p>
660: Write <i>install72.img</i> or <i>miniroot72.img</i> to a disk and boot from it
661: after connecting to the serial console. Refer to INSTALL.arm64 for more
662: details.
663:
664: <h3>OpenBSD/armv7:</h3>
665:
666: <p>
667: Write a system specific miniroot to an SD card and boot from it after connecting
668: to the serial console. Refer to INSTALL.armv7 for more details.
669:
670: <h3>OpenBSD/hppa:</h3>
671:
672: <p>
673: Boot over the network by following the instructions in INSTALL.hppa or the
674: <a href="hppa.html#install">hppa platform page</a>.
675:
676: <h3>OpenBSD/i386:</h3>
677:
678: <p>
679: If your machine can boot from CD, you can write <i>install72.iso</i> or
680: <i>cd72.iso</i> to a CD and boot from it.
681: You may need to adjust your BIOS options first.
682:
683: <p>
684: If your machine can boot from USB, you can write <i>install72.img</i> or
685: <i>miniroot72.img</i> to a USB stick and boot from it.
686:
687: <p>
688: If you can't boot from a CD, floppy disk, or USB,
689: you can install across the network using PXE as described in
690: the included INSTALL.i386 document.
691:
692: <p>
693: If you are planning on dual booting OpenBSD with another OS, you will need to
694: read INSTALL.i386.
695:
696: <h3>OpenBSD/landisk:</h3>
697:
698: <p>
699: Write <i>miniroot72.img</i> to the start of the CF
700: or disk, and boot normally.
1.8 jsg 701:
702: <h3>OpenBSD/loongson:</h3>
703:
704: <p>
705: Write <i>miniroot72.img</i> to a USB stick and boot bsd.rd from it
706: or boot bsd.rd via tftp.
707: Refer to the instructions in INSTALL.loongson for more details.
1.1 deraadt 708:
709: <h3>OpenBSD/luna88k:</h3>
710:
711: <p>
712: Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
713: from the PROM, and then bsd.rd from the bootloader.
714: Refer to the instructions in INSTALL.luna88k for more details.
715:
716: <h3>OpenBSD/macppc:</h3>
717:
718: <p>
719: Burn the image from a mirror site to a CDROM, and power on your machine
720: while holding down the <i>C</i> key until the display turns on and
721: shows <i>OpenBSD/macppc boot</i>.
722:
723: <p>
724: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
725: /7.2/macppc/bsd.rd</i>
726:
727: <h3>OpenBSD/octeon:</h3>
728:
729: <p>
730: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
731: Refer to the instructions in INSTALL.octeon for more details.
732:
733: <h3>OpenBSD/powerpc64:</h3>
734:
735: <p>
736: To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
737: USB stick, plug it into the machine and choose the <i>OpenBSD
738: install</i> menu item in Petitboot.
739: Refer to the instructions in INSTALL.powerpc64 for more details.
740:
741: <h3>OpenBSD/riscv64:</h3>
742:
743: <p>
744: To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
745: USB stick, and boot with that drive plugged in.
746: Make sure you also have the microSD card plugged in that shipped with the
747: HiFive Unmatched board.
748: Refer to the instructions in INSTALL.riscv64 for more details.
749:
750: <h3>OpenBSD/sparc64:</h3>
751:
752: <p>
753: Burn the image from a mirror site to a CDROM, boot from it, and type
754: <i>boot cdrom</i>.
755:
756: <p>
757: If this doesn't work, or if you don't have a CDROM drive, you can write
758: <i>floppy72.img</i> or <i>floppyB72.img</i>
759: (depending on your machine) to a floppy and boot it with <i>boot
760: floppy</i>. Refer to INSTALL.sparc64 for details.
761:
762: <p>
763: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
764: will most likely fail.
765:
766: <p>
767: You can also write <i>miniroot72.img</i> to the swap partition on
768: the disk and boot with <i>boot disk:b</i>.
769:
770: <p>
771: If nothing works, you can boot over the network as described in INSTALL.sparc64.
772: </section>
773:
774: <hr>
775:
776: <section id=upgrade>
777: <h3>How to upgrade</h3>
778: <p>
1.10 benno 779: If you already have an OpenBSD 7.1 system, and do not want to reinstall,
1.1 deraadt 780: upgrade instructions and advice can be found in the
781: <a href="faq/upgrade72.html">Upgrade Guide</a>.
782: </section>
783:
784: <hr>
785:
786: <section id=sourcecode>
787: <h3>Notes about the source code</h3>
788: <p>
789: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
790: This file contains everything you need except for the kernel sources,
791: which are in a separate archive.
792: To extract:
793: <blockquote><pre>
794: # <kbd>mkdir -p /usr/src</kbd>
795: # <kbd>cd /usr/src</kbd>
796: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
797: </pre></blockquote>
798: <p>
799: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
800: This file contains all the kernel sources you need to rebuild kernels.
801: To extract:
802: <blockquote><pre>
803: # <kbd>mkdir -p /usr/src/sys</kbd>
804: # <kbd>cd /usr/src</kbd>
805: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
806: </pre></blockquote>
807: <p>
808: Both of these trees are a regular CVS checkout. Using these trees it
809: is possible to get a head-start on using the anoncvs servers as
810: described <a href="anoncvs.html">here</a>.
811: Using these files
812: results in a much faster initial CVS update than you could expect from
813: a fresh checkout of the full OpenBSD source tree.
814: </section>
815:
816: <hr>
817:
818: <section id=ports>
819: <h3>Ports Tree</h3>
820: <p>
821: A ports tree archive is also provided. To extract:
822: <blockquote><pre>
823: # <kbd>cd /usr</kbd>
824: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
825: </pre></blockquote>
826: <p>
827: Go read the <a href="faq/ports/index.html">ports</a> page
828: if you know nothing about ports
829: at this point. This text is not a manual of how to use ports.
830: Rather, it is a set of notes meant to kickstart the user on the
831: OpenBSD ports system.
832: <p>
833: The <i>ports/</i> directory represents a CVS checkout of our ports.
834: As with our complete source tree, our ports tree is available via
835: <a href="anoncvs.html">AnonCVS</a>.
836: So, in order to keep up to date with the -stable branch, you must make
837: the <i>ports/</i> tree available on a read-write medium and update the tree
838: with a command like:
839: <blockquote><pre>
840: # <kbd>cd /usr/ports</kbd>
841: # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_2</kbd>
842: </pre></blockquote>
843: <p>
844: [Of course, you must replace the server name here with a nearby anoncvs
845: server.]
846: <p>
847: Note that most ports are available as packages on our mirrors. Updated
848: ports for the 7.2 release will be made available if problems arise.
849: <p>
850: If you're interested in seeing a port added, would like to help out, or just
851: would like to know more, the mailing list
852: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
853: </section>
854: </body>
855: </html>