File: [local] / www / 72.html (download) (as text)
Revision 1.28, Sat Oct 1 20:48:07 2022 UTC (19 months, 4 weeks ago) by deraadt
Branch: MAIN
Changes since 1.27: +2 -1 lines
improve ypconnect() explanation
|
<!doctype html>
<html lang=en id=release>
<head>
<meta charset=utf-8>
<title>OpenBSD 7.2</title>
<meta name="description" content="OpenBSD 7.2">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/72.html">
</head><body>
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.2
</h2>
<table>
<tr>
<td>
<a href="images/XXX.png">
<img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
<td>
Released Oct 20, 2022. (53rd OpenBSD release)<br>
Copyright 1997-2022, Theo de Raadt.<br>
<br>
Artwork by Jon Chad.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.2/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata72.html">the 7.2 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus72.html">detailed log of changes</a> between the
7.1 and 7.2 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-72-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/openbsd-72-base.pub">
RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo</a>
<tr><td>
openbsd-72-fw.pub:
<td>
RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4
<tr><td>
openbsd-72-pkg.pub:
<td>
RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0
<tr><td>
openbsd-72-syspatch.pub:
<td>
RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.2.
For a comprehensive list, see the <a href="plus72.html">changelog</a> leading
to 7.2.
<ul>
<li>New/extended platforms:
<ul>
<li>Added support for Ampere Altra
<li>Added support for Apple M2
<li>Added support for Qualcomm Snapdragon 8cx Gen 3 (SC8280XP)
<li>...
</ul>
<li>Various kernel improvements:
<ul>
<li>Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.
<li>Added support for switching from glass console to serial console
on arm64 systems that default to glass console.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows
IGMP and ICMP6 MLD packets with router alert option.
Special allow-opts rules are no longer needed for multicast
discovery.
<li>Fixed a <a href="https://man.openbsd.org/pf.4">pf(4)</a> NULL
dereference panic triggered by <a
href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
<li>Implement "show all routes" to print routing tables in
<a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Count dropped network packets due to low memory in
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
<li>Simplified machine command handling in <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Changed to a simpler formula to calculate a default kern.maxthread
value: 2*NPROCESS.
<li>Enabled <a href="https://man.openbsd.org/kstat.4">kstat(4)</a>, a
device that exports kernel statistics that can be read by <a
href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
<li>Added cpu frequency sensors for each core on CPUs that have MPERF/APERF support.
<li>Merged the UVM swap-backed and object-backed inactive page lists.
<li>Fixed <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a>
implementation to be fair to writers. Previously, readers could grab
the lock even if writers were waiting first.
<li>Made the CPU frequency scaling duration relative to the load
when in automatic mode on battery.
<li>Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules
installed in arbitrary slots.
<li>Added a missing <a
href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> wakeup, found by
a Go testcase hang.
<li>Bumped the maximum number of supported CPUs to 256 on arm64.
</ul>
<li>SMP Improvements
<ul>
<li>Make route timer MP safe and use pool rttmr.
<li>Use kernel lock to protect parts of ARP, ND6 and PPPoE that
are not MP safe.
Lookup of existing ARP entry is MP safe and can run in parallel.
<li>Start up to 4 softnet tasks to run IP input and forwarding
in parallel on multiple cores.
<li>Run IPv4 packet reassembly in parallel.
<li>Run IPv6 hop-by-hop options processing in parallel.
<li>Add a mutex to rate limiting functions to make them MP safe.
<li>Introduce mutex and reference counter for internet protocol
control block.
<li>Protect UDP, raw IP, and divert packet input routines
with a per socket mutex.
<li>Protect <a href="https://man.openbsd.org/recv.2">recv(2)</a> system call
for UDP and raw IP packets with a per socket mutex and shared netlock.
Allows to receive packets while forwarding in parallel.
<li>Protect multicast deliver loop for UDP and raw IP sockets with rwlock.
<li>Only grab netlock in IGMP and MLD timer when necessary.
<li>TCP slow timer runs without netlock.
<li>Rework rwlock so that a writer will get the lock eventually.
Readers cannot share the lock forever.
This prevents starvation of the writer.
<li>Run interface media ioctl with shared netlock so packets
can be processed while running
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li><a href="https://man.openbsd.org/btrace.8">btrace(8)</a> can be used
to debug reference counting.
<li>Use MP safe refcount for interface addresses.
<li>...
</ul>
<li>Direct Rendering Manager and graphics drivers
<ul>
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
to Linux 5.15.69
<li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
support for Alder Lake, Raptor Lake
<li>Reimplemented the page allocation code using <a
href="https://man.openbsd.org/bus_dma.9">bus_dma(9)</a> APIs to make
sure DMA addresses are translated properly on architectures with an
IOMMU. This fixed <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> on
powerpc, sparc64, and arm64 machines.
</ul>
<li>VMM/VMD improvements
<ul>
<li>Improved error handling and logging in <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>
<li>Unify all internal structures and interfaces between <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for
memory and disk sizes.
<li>Fix rebooting a received VM in <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide
a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
it there.
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by
one in VM memory range check.
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add
support for MMIO assist. In <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port I/O
emulation to userland.
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute
i8254 read-back command latch from singular timestamp.
<li>Improve the command line parsing in <a
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
<li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow
reading MSR_TSC on Intel hosts.
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference
count VMs and VCPUs.
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero
virtual addresses of VCPU state pages after freeing.
<li>Fix `vmctl send` on Intel hosts by load the vmcs before reading
VCPU registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Fix `vmctl receive` on Intel hosts by adding an additional fault
type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a>
tracepoints in various <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths.
</ul>
<li>Various new userland features:
<ul>
<li>Replaced <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>
$rcexec variable with an rc_exec function. <em>This will require a
mechanical change from <code>${rcexec}</code> to <code>rc_exec</code>
in rc.d scripts.</em> Kept compatibility to give people a chance to
fix their custom scripts.
<li>Introduced a new daemon_execdir variable to <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for changing to a
specified directory before running rc_exec.
<li>Add a new <i>configtest</i> action to <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> and <a
href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> to check
configuration syntax of a daemon.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>Changed <a href="https://man.openbsd.org/compress">compress(1)</a>
to print a more accurate message when -v is used with -k.
<li>Fixed <a href="https://man.openbsd.org/openrsync">openrsync(1)</a>
on sparc64 by eliminating a redundant second conversion of the int
value from little to host endian.
<li>Made use of the fact that repositories are unique objects in <a
href="https://man.openbsd.org/pkg_add">pkg_add(1)</a> and annotated
the quirks repository as cached, allowing for a large speed increase.
<li>Enabled <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> caching by default.
<li>Changed the tied algorithm in <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to prevent
O(n^2) behavior when packages contain several hundred copies of the
same file.
<li>Fixed <a href="https://man.openbsd.org/kbd.8">kbd(8)</a> so it
doesn't fail silently when executed by a regular user.
<li>Prevented a crash in <a
href="https://man.openbsd.org/vi">vi(1)</a> when cursor key support is disabled.
<li>Updated <a href="https://man.openbsd.org/vi">vi(1)</a> to apply
expandtab to the output of a ! command.
<li>Added missing uuid_dec_le() to init_fp() so <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A works on
big-endian architectures.
<li>Aligned <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
logic with that used in the kernel to allow the protective EFI GPT
partition to be in MBR partitions 0-3, not just 0.
<li>Prevented use of "-u" when <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> is operating on
GPT formatted disks.
<li>Stopped telling <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> that macppc HAS_MBR.
<li>In the <i>sndio</i> library, added the function <a
href="https://man.openbsd.org/sio_flush.3">sio_flush(3)</a> to stop
playback immediately. Altered <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to wait until
the buffer is drained before closing the device.
<li>Installed useful <a
href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts in
/usr/share/btrace.
<li>Made <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
execute the END probe upon receiving a SIGTERM signal.
<li>Made <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> use a
much safer FD-passing idiom for updating <a
href="https://man.openbsd.org/utmp.5">utmp(5)</a>.
<li>Made <a href="https://man.openbsd.org/mg.1">mg(1)</a>
automatically delete trailing whitespace on RET in c-mode and
auto-indent-mode.
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> provide
full context when using match count (<code>-m</code>
<li>Added the --null flag to <a
href="https://man.openbsd.org/grep.1">grep(1)</a> which makes grep
print an ASCII NUL byte after the file name to make the output
unambiguous.
<li>Fixed multiple memory leaks in <a href="https://man.openbsd.org/awk.1">awk(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/gzip.1">gzip(1)</a> byte counts with 32-bit integers.
<li>Moved the wait for autoconf interfaces from <a
href="https://man.openbsd.org/rc.8">rc(8)</a> to <a
href="https://man.openbsd.org/netstart.8">netstart(8)</a> to fix
tunnel interfaces that depend on working autoconf interfaces.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>New <a href="https://man.openbsd.org/arm64/aplaudio.4">aplaudio(4)</a>
driver for Apple audio subsystem.
<li>New <a href="https://man.openbsd.org/arm64/aplmca.4">aplmca(4)</a>
driver for Apple MCA controller.
<li>New <a href="https://man.openbsd.org/arm64/aplsart.4">aplsart(4)</a>
driver for Apple SART address filter.
<li>New alpdc, apldchidev, apldckbd, apldcms, and aplrtk drivers for
keyboard and trackpad on Apple M2 laptops.
<li>New <a href="https://man.openbsd.org/arm64/qcgpio.4">qcgpio(4)</a>
driver for Qualcomm Snapdragon GPIO controller.
<li>New <a href="https://man.openbsd.org/arm64/qciic.4">qciic(4)</a>
driver for Qualcomm Snapdragon GENI I2C controller.
<li>New <a href="https://man.openbsd.org/riscv64/sfgpio.4">sfgpio(4)</a>
driver for SiFive GPIO controller.
<li>New <a href="https://man.openbsd.org/riscv64/stfclock.4">stfclock(4)</a>
driver for StarFive JH7100 clock controller.
<li>New <a href="https://man.openbsd.org/riscv64/stfpinctrl.4">stfpinctrl(4)</a>
driver for StarFive JH7100 pin configuration.
<li>New stftemp
driver for StarFive JH7100 temperature sensor.
<li>New <a href="https://man.openbsd.org/sxirintc.4">sxirintc(4)</a>
driver for Allwinner wakeup interrupt controller.
<li>New gpiorestart
driver for system reset via GPIO pin.
<li>Added support for more power sensors to <a
href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
<li>Added support for the <a
href="https://man.openbsd.org/ehci.4">ehci(4)</a> controller on
Marvell 3720 boards.
<li>Extended <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a> to show CCD temperatures if available.
<li>Fixed missing interrupts for trackpads on some machines after
resume by making sure <a
href="https://man.openbsd.org/amdgpio.4">amdgpio(4)</a> restores pin
configuration on resume.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Enabled checksum offloads in <a href="https://man.openbsd.org/igc.4"
>igc(4)</a>.
<li>Increased rx buffer size on <a href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB.
<li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a> hardware VLAN tagging.
<li>Provide statistics via kstats for <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
<li>Enabled <a href="https://man.openbsd.org/aq.4">aq(4)</a> on arm64.
<li>Implemented and enabled IPv4, TCP, and UDP checksum offloading for
<a href="https://man.openbsd.org/igc.4">igc(4)</a>.
<li>Fixed a panic triggered by ifconfig bnxt0 down by changing <a
href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> devices to not run
rx and tx interrupt handlers when the interface is not running.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Made device matching in <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> more similar to Linux
iwlwifi.
<li>Added support for AX210/AX211 devices to <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> setting
of HT/VHT bits in rate flags of the Tx command that could cause a
firmware panic.
<li>Added handling of 9k devices which do not support antenna B to <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>
ifconfig media display on devices with sta_info command version 3.
<li>Make sure drivers initialize all of ieee80211_rxinfo struct.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>...
</ul>
<li>Installer and upgrade improvements:
<ul>
<li>Fixed the watchdog in the installer so that the watchdog is reset
after each download and each set installation.
<li>Ensured that when running <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> on
-stable that it will move to the next release, not -current.
<li>Added the -b option to <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> to set
an alternative base directory to which the installation files will be
downloaded to.
<li>Increased the <a
href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> auto
partitioner's maximum size for /usr to 30G.
</ul>
<li>Security improvements:
<ul>
<li>Implemented privilege separation in <a href="https://man.openbsd.org/xlock.1">xlock(1)</a>.
<li>The TZ environment variable no longer supports absolute paths, to fit better fit into the <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> bypass model.
<li>AF_UNIX socket <a href="https://man.openbsd.org/bind.2">bind(2)</a> and <a href="https://man.openbsd.org/connect.2">connect(2)</a> now follow <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> configuration..
<li>New <a href="https://man.openbsd.org/ypconnect.2">ypconnect(2)</a> system call creates a socket based upon the IP address encoded directly in a locked ypbinding file, thereby removing a horrible hack to support YP lookups in programs using strong a <href="https://man.openbsd.org/pledge.2">pledge(2)</a> rules.
</ul>
<li>Changes in the network stack:
<ul>
<li>Relaxed address availability check for <a
href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so
processes listening for the same multicast address do not need to be
the same UID.
<li>Introduced dedicated link entries for snapshots to <a
href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>.
<li>Changed <a href="https://man.openbsd.org/pf.4">pf(4)</a> handling
of IGMP and ICMP6 MLD packets to allow multicast control packets to
work by default.
<li>Made <a href="https://man.openbsd.org/pf.4">pf(4)</a> more paranoid about IGMP/MKP messages.
<li>Fixed a logic bug in pf_find_state() that could cause <a
href="https://man.openbsd.org/pf.4">pf(4)</a> to incorrectly block a
packet.
<li>Allow forwarding to and from IPs in the 240/4 range.
<li>Corrected the Virtual Ethernet Bridge <a
href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling
if_enqueue from an smr critical section.
<li>Fixed a kernel panic in <a
href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an
ICMP payload were truncated. Such packets will now be dropped instead.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>IPsec support was improved:
<ul>
</ul>
<li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
<ul>
<li>Implement max-communities filter to limit the number of allowed
communities, ext-communities and large-communities.
<li>Fix insertion of additional non-transitive extended communities when
sending out prefixes.
<li>Relax IP address limitation by allowing prefixes in 240/4.
<li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
in UPDATE and OPEN Messages.
<li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
<li>Improve FIB code, handle IPv6 scoped addresses properly.
<li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>,
a FastCGI server providing a REST API of bgpctl.
<li>Bugfix: <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> could
fail to invalidate nexthops and incorrectly leave them in the FIB or
Adj-RIB-Out.
<li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>
<code>show rib 10/8 or-longer</code> and <code>show rib 10/8
or-shorter</code>
<li>Switch various static hash tables to RB trees improving
performance on large systems
<li>Export per neighbor pending update and withdraw statistics
<li>Fix race between a neighbor session reset and its update message
backlog
<li>Improve handling of nexthop reachability state changes
</ul>
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
<ul>
<li>Allowed more than one CRL URI in certificates.
<li>Do not apply timezone offsets when converting X509 times. X509
times are in UTC and comparing them to times in different timezones
would cause validity problems.
<li>Add support for an operator-configurable skiplist facility.
Operators can specify a list of FQDNs which should not be contacted
when synchronizing the local cache to the network.
<li>Emit a warning when a RRDP session serial number decreases.
<li>DER decoding functions were refactored to leverage ASN.1 templates.
<li>Add support to validate & inspect .sig files containing RPKI Signed
Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
<li>Print various statistics after the completion of the main process.
<li>Add support to decode & print TAL (RFC 8630) details in filemode (-f).
<li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON
output flag (-j) are combined.
<li>Add support for validating Autonomous System Provider Authorization
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
Validated ASPA payloads are visible in JSON and filemode (-f) output.
<li>Set rsync connection I/O idle timeout to 15 seconds.
<li>Unify the maximum idle I/O and connect timeouts for rsync & HTTPS.
<li>rpki-client now performs stricter EE certificate validation:
<ul>
<li>Disallow AS Resources extensions in ROA EE certificates.
<li>Disallow Subject Information Access (SIA) extensions in RPKI
Signed Checklist (RSC) EE certs.
<li>Check the resources in ROAs and RSCs against EE certs.
</ul>
<li>Improve readability and add various information being printed in
verbose mode.
<li>Extend filemode (-f) output and print X.509 certificates in PEM
format when increased verbosity (-vv) is specified.
<li>Shorten the RRDP I/O idle timeout.
<li>Introduce a deadline timer that aborts all repository synchronization
after seven eights of timeout (-s). With this rpki-client has improved
chances to complete and produce an output even when a CA is excessively
slow.
<li>Abort a currently running RRDP request process when the per-repository
timeout is reached.
<li>Permit multiple AccessDescription entries in SIA X.509 extensions. While
fetching from secondary locations is not yet supported, rpki-client will
not treat occurrence as a fatal error.
<li>Resolve a potential for a race condition in non-atomic RRDP deltas.
<li>Fix some memory leaks.
<li>Improve compliance with the HTTP protocol specification.
</ul>
<li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
relax the limitations on what is an acceptable unicast IP. There are no
more experiments in IPv4 and so there is less reason for network
daemons to deny formerly experimental IP space. Multicast IPs
(224/4) and loopback (127/8) are still disallowed.
<li>Added check to <a
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> to
ensure the challenge token is turned into a filename that is base64url
encoded.
<li>Added RFC 9234 "BGP Role" support to <a
href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
<li>Have <a
href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> print
ASnumbers in 'asplain' format instead the old 'asdot' format.
<li>Fixed a crash in libpcap when it would walk off the end of the array performing frees.
<li>Made -X connect SOCKS work with IPv6 adresses in <a href="https://man.openbsd.org/nc.1">nc(1)</a>.
</ul>
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
<ul>
<li>Added an ACL list for multiple users attaching to the <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> socket.
<li>Ensured cursor remains on selected item on menu in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
</ul>
<li>LibreSSL version 3.6.0
<ul>
<li>New Features
<ul>
<li>...
</ul>
<li>Portable Improvements
<ul>
<li>...
</ul>
<li>Compatibility Changes
<ul>
<li>...
</ul>
<li>Bug fixes
<ul>
<li>...
</ul>
<li>Internal Improvements
<ul>
<li>...
</ul>
<li>Documentation improvements
<ul>
<li>...
</ul>
</ul>
<li>OpenSSH 9.1
<ul>
<li>...
</ul>
<li>mandoc 1.14.6 plus several bugfixes, including:
<ul>
<li>Fixed calculation of the width of spanned columns in <a
href="https://man.openbsd.org/mandoc">mandoc(1)</a>.
<li>Made <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>'s
roff_expand() parse left-to-right rather than right-to-left.
<li>Implemented a rudimentary version of the <a
href="https://man.openbsd.org/roff.7">roff(7)</a> <code>\A</code>
escape sequence for <a
href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Matched groff behavior to allow arbitrary argument delimiters for
\C in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>.
<li>Improved accessibility of <a
href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> -T html -O toc
output by using the <nav> element in the DPUB-ARIA doc-toc role.
</ul>
<li>Ports and packages:
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: 11261
<li>amd64: 11451
<li>arm: XXXX
<li>i386: 10225
<li>mips64: XXXX
<li>powerpc: XXXX
<li>powerpc64: XXXX
<li>riscv64: XXXX
<li>sparc64: XXXX
</ul>
<p>Some highlights:
<ul style="column-count: 3">
<li>Asterisk 16.28.0, 18.14.0 and 19.6.0
<li>Audacity 2.4.2
<li>CMake 3.24.2
<li>Chromium 105.0.5195.125
<li>Emacs 28.2
<li>FFmpeg 4.4.2
<li>GCC 8.4.0 and 11.2.0
<li>GHC 9.2.4
<li>GNOME 42.4
<li>Go 1.19.1
<li>JDK 8u342, 11.0.16 and 17.0.4
<li>KDE Applications 22.08.1
<li>KDE Frameworks 5.98.0
<li>Krita 5.1.1
<li>LLVM/Clang 13.0.0
<li>LibreOffice 7.4.1.2
<li>Lua 5.1.5, 5.2.4 and 5.3.6
<li>MariaDB 10.9.3
<li>Mono 6.12.0.182
<li>Mozilla Firefox 105.0.1 and ESR 102.3.0
<li>Mozilla Thunderbird 102.3.0
<li>Mutt 2.2.7 and NeoMutt 20220429
<li>Node.js 16.17.1
<li>OCaml 4.12.1
<li>OpenLDAP 2.6.3
<li>PHP 7.4.30, 8.0.23 and 8.1.10
<li>Postfix 3.7.2
<li>PostgreSQL 14.5
<li>Python 2.7.18, 3.9.14 and 3.10.7
<li>Qt 5.15.6 and 6.3.1
<li>R 4.2.1
<li>Ruby 2.7.6, 3.0.4 and 3.1.2
<li>Rust 1.63.0
<li>SQLite 3.39.3
<li>Shotcut 22.06.23
<li>Sudo 1.9.11.2
<li>Suricata 6.0.6
<li>Tcl/Tk 8.5.19 and 8.6.12
<li>TeX Live 2021
<li>Vim 9.0.0192 and Neovim 0.7.2
<li>Xfce 4.16
</ul>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
<li>LLVM/Clang 13.0.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.32.1 (+ patches)
<li>NSD 4.6.0
<li>Unbound 1.16.3
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk September 12, 2022
<li>Expat 2.4.9
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 7.2 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/alpha/INSTALL.alpha">
.../OpenBSD/7.2/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/amd64/INSTALL.amd64">
.../OpenBSD/7.2/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/arm64/INSTALL.arm64">
.../OpenBSD/7.2/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/armv7/INSTALL.armv7">
.../OpenBSD/7.2/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/hppa/INSTALL.hppa">
.../OpenBSD/7.2/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/i386/INSTALL.i386">
.../OpenBSD/7.2/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/landisk/INSTALL.landisk">
.../OpenBSD/7.2/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/loongson/INSTALL.loongson">
.../OpenBSD/7.2/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/luna88k/INSTALL.luna88k">
.../OpenBSD/7.2/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/macppc/INSTALL.macppc">
.../OpenBSD/7.2/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/octeon/INSTALL.octeon">
.../OpenBSD/7.2/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/powerpc64/INSTALL.powerpc64">
.../OpenBSD/7.2/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/riscv64/INSTALL.riscv64">
.../OpenBSD/7.2/riscv64/INSTALL.riscv64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/sparc64/INSTALL.sparc64">
.../OpenBSD/7.2/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install72.img</i> or
<i>miniroot72.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>install72.img</i> or <i>miniroot72.img</i> to a disk and boot from it
after connecting to the serial console. Refer to INSTALL.arm64 for more
details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install72.img</i> or
<i>miniroot72.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot72.img</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot72.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/7.2/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/powerpc64:</h3>
<p>
To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.
<h3>OpenBSD/riscv64:</h3>
<p>
To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
USB stick, and boot with that drive plugged in.
Make sure you also have the microSD card plugged in that shipped with the
HiFive Unmatched board.
Refer to the instructions in INSTALL.riscv64 for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy72.img</i> or <i>floppyB72.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot72.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 7.1 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade72.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_2</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 7.2 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
</body>
</html>