File: [local] / www / 72.html (download) (as text)
Revision 1.73, Sun Apr 9 07:14:45 2023 UTC (13 months ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.72: +2 -2 lines
fix double words
|
<!doctype html>
<html lang=en id=release>
<head>
<meta charset=utf-8>
<title>OpenBSD 7.2</title>
<meta name="description" content="OpenBSD 7.2">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/72.html">
</head><body>
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.2
</h2>
<table>
<tr>
<td>
<a href="images/OneFishTwoFish.png">
<img width="227" height="303" src="images/OneFishTwoFish-s.gif" alt="One Fish, Two Fish, Blowfish..."></a>
<td>
Released Oct 20, 2022. (53rd OpenBSD release)<br>
Copyright 1997-2022, Theo de Raadt.<br>
<br>
Artwork by Jon Chad.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.2/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata72.html">the 7.2 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus72.html">detailed log of changes</a> between the
7.1 and 7.2 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-72-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/openbsd-72-base.pub">
RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo</a>
<tr><td>
openbsd-72-fw.pub:
<td>
RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4
<tr><td>
openbsd-72-pkg.pub:
<td>
RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0
<tr><td>
openbsd-72-syspatch.pub:
<td>
RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.2.
For a comprehensive list, see the <a href="plus72.html">changelog</a> leading
to 7.2.
<ul>
<li>New/extended platforms:
<ul>
<li>Added support for Ampere Altra
<li>Added support for Apple M2
<li>Added support for Lenovo ThinkPad x13s and other machines using
the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC.
</ul>
<li>Various kernel improvements:
<ul>
<li>Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.
<li>Added support for switching from glass console to serial console
on arm64 systems that default to glass console.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> automatically allows
IGMP and ICMP6 MLD packets with the router alert option.
Special allow-opts rules are no longer needed for multicast
discovery.
<li>Fixed a <a href="https://man.openbsd.org/pf.4">pf(4)</a> NULL
dereference panic triggered by <a
href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
<li>Implement "show all routes" to print routing tables in
<a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Added a method (ESC D) to enter <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a> on serial drivers that
do not have a true BREAK mechanism.
<li>Added "show all routes" and the ability to show individual routes
(e.g. "show route 0xfffffd807e9b0000") to <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Added a "show swap" command to <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a> to help debugging.
<li>Count dropped network packets due to low memory in
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
<li>Simplified machine command handling in <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Changed to a simpler formula to calculate a default kern.maxthread
value: 2*NPROCESS.
<li>Enabled <a href="https://man.openbsd.org/kstat.4">kstat(4)</a>, a
device that exports kernel statistics that can be read by <a
href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
<li>Added CPU frequency sensors for each core on CPUs that have MPERF/APERF support.
<li>Merged the UVM swap-backed and object-backed inactive page lists.
<li>Fixed <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a>
implementation to be fair to writers. Previously, readers could grab
the lock even if writers were waiting first.
<li>Made the CPU frequency scaling duration relative to the load
when in automatic mode on battery.
<li>Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules
installed in arbitrary slots.
<li>Added a missing <a
href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> wakeup, found by
a Go testcase hang.
<li>Bumped the maximum number of supported CPUs to 256 on arm64.
<!-- XXX should the following be here (swapper, pmem...) or maybe one entry describing them together? -->
<li>Ensure uvm_swap_io() can succeed, even in out of memory
situations, by reserving a second segment for the page daemon.
<li>Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region.
<li>Made the page daemon consider pmemrange regions when trying to
free pages from the inactive list. Previously the page daemon could
use a lot of CPU without freeing a page because the global limits were
satisfied.
<li>Ensured that uvm_swap_get() will always sleep rather than
returning an error. Previously an error could be returned to the fault
handler which would result in processes dying when a system was under
a lot of memory pressure.
<!-- ... up to here -->
<li>Added support for using non-standard UARTs (such as the Synopsys
DesignWare UART) as an early console.
<li>Remove NexGen CPU identification code as the kernel cannot run on these CPUs anyway.
<li>Remove Rise CPU identification code.
<li>Dropped detection code for 386sx/386dx CPUs. OpenBSD/i386 hasn't
actually supported running on either for some time.
<li>Dropped detection code for Cyrix CPUs older than the Cyrix M2.
<li>Implemented the fundamentals for suspend/resume on arm64.
<li>Simplified TSC synchronization testing on amd64.
<li>Corrected sparc64 ofwboot to default to the <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volume on the
boot device to make root on softraid work out of the box on sparc64
and be more consistent with softraid boot on other architectures.
<li>Removed the obsolete kern.nselcoll <a
href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
<li>Changed mips64, octeon, and loongson to trigger deferred clock
interrupts from <a href="https://man.openbsd.org/splx.9">splx(9)</a>.
This isolates the clock interrupt schedule from the MD clock interrupt
code.
<li>Fixed a potential kernel panic when an msdos partition is out
of space by fixing instances where msdosfs passed a NULL proc pointer
to detrunc().
<li>Add a delay_init() function that helps on i386 and amd64
architectures in setting up delay_func for different timers and
switching between them depending on their quality properties. This
improves how timers backing <a
href="https://man.openbsd.org/delay.9">delay(9)</a> are managed.
<li>Ensured <a href="https://man.openbsd.org/disklabel.5">disklabel(5)</a> is
read from/written to disk only from/to unused space or an OpenBSD partition.
<li>Ensured GPT header data is not used until all validity checks are passed.
<li>Corrected handling of GPT usable LBA start/end values, preventing incorrect fallback to
MBR partitioning.
<li>Ignored size of OpenBSD GPT partition when searching for the
<a href="https://man.openbsd.org/disklabel.5">disklabel(5)</a>,
as has always been done for MBR OpenBSD partition.
</ul>
<li>SMP Improvements
<ul>
<li>Make route timer MP safe and use rttimer pool.
<li>Use kernel lock to protect parts of ARP, ND6 and PPPoE that
are not MP safe.
Lookup of existing ARP entries is MP safe and can run in parallel.
<li>Start up to 4 softnet tasks to run IP input and forwarding
in parallel on multiple cores.
<li>Run IPv4 packet reassembly in parallel.
<li>Run IPv6 hop-by-hop options processing in parallel.
<li>Add a mutex to rate limiting functions to make them MP safe.
<li>Introduce mutex and reference counter for internet protocol
control block.
<li>Protect <a href="https://man.openbsd.org/udp.4">UDP</a>, raw <a
href="https://man.openbsd.org/ip.4">IP</a>, and <a
href="https://man.openbsd.org/divert.4">divert</a> packet input
routines with a per-socket mutex.
<li>Protect <a href="https://man.openbsd.org/recv.2">recv(2)</a> system call
for UDP and raw IP packets with a per-socket mutex and shared netlock.
Allows to receive packets while forwarding in parallel.
<li>Protect multicast deliver loop for UDP and raw IP sockets with rwlock.
<li>Only grab netlock in IGMP and MLD timer when necessary.
<li>TCP slow timer runs without netlock.
<li>Rework rwlock so that a writer will get the lock eventually.
Readers cannot share the lock forever.
This prevents starvation of the writer.
<li>Run interface media ioctl with shared netlock so packets
can be processed while running
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li><a href="https://man.openbsd.org/btrace.8">btrace(8)</a> can be used
to debug reference counting.
<li>Use MP safe refcount for interface addresses.
<li>Unlocked <a href="https://man.openbsd.org/kbind.2">kbind(2)</a>.
<li>Unlocked the <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> system call.
<li>Made <a href="https://man.openbsd.org/unix.4">UNIX</a> domain
sockets locking per-socket rather than coarse locking of the entire
domain sockets layer.
</ul>
<li>Direct Rendering Manager and graphics drivers
<ul>
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
to Linux 5.15.69
<li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
support for Alder Lake, Raptor Lake
<li>Reimplemented the TTM page allocation code using <a
href="https://man.openbsd.org/bus_dma.9">bus_dma(9)</a> APIs to make
sure DMA addresses are translated properly on architectures with an
IOMMU. This fixed <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> on
powerpc64, sparc64, and arm64 machines with SMMU.
<li>Implemented support for framebuffers that don't start on a page
boundary (like those on the 2021 14" and 16" MacBook Pro).
<li>Added handling for framebuffers where the first pixel isn't
page-aligned to <a href="https://man.openbsd.org/wsfb.4">wsfb(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/Xorg.1">Xorg(1)</a> when
using the luna88k 1bpp framebuffer hardware.
</ul>
<li>VMM/VMD improvements
<ul>
<li>Improved error handling and logging in <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>
<li>Unify all internal structures and interfaces between <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for
memory and disk sizes.
<li>Fix rebooting a received VM in <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide
a copy of bios at 4g boundary. SeaBIOS and newer Linux kernels expect
it there.
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by
one in VM memory range check.
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add
support for MMIO assist. In <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port I/O
emulation to userland.
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute
i8254 read-back command latch from singular timestamp.
<li>Improve the command line parsing in <a
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
<li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow
reading MSR_TSC on Intel hosts.
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference
count VMs and VCPUs.
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero
virtual addresses of VCPU state pages after freeing.
<li>Fix `vmctl send` on Intel hosts by load the vmcs before reading
VCPU registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Fix `vmctl receive` on Intel hosts by adding an additional fault
type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a>
tracepoints in various <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths.
<li>Add <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>
AgentX support based around VM-MIB (RFC7666).
</ul>
<li>Various new userland features:
<ul>
<li>Replaced <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>
$rcexec variable with an rc_exec function. <em>This will require a
mechanical change from <code>${rcexec}</code> to <code>rc_exec</code>
in rc.d scripts.</em> Kept compatibility to give people a chance to
fix their custom scripts.
<li>Introduced a new daemon_execdir variable to <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for changing to a
specified directory before running rc_exec.
<li>Added <a href="https://man.openbsd.org/ts.1">ts(1)</a>, a
timestamp utility.
<li>Add a new <i>configtest</i> action to <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> and <a
href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> to check
configuration syntax of a daemon.
<li>Added forest (-f) mode to <a
href="https://man.openbsd.org/ps.1">ps(1)</a>.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<!-- openrsync -->
<li>Fixed <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>
on sparc64 by eliminating a redundant second conversion of the int
value from little to host endian.
<li>Added connection timeout functionality to <a
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> via the
--contimeout option.
<li>Set the default <a
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> connection
timeout that <a
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> uses
to 15 seconds.
<!-- pkg_add -->
<li>Made use of the fact that repositories are unique objects in <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and annotated
the quirks repository as cached, allowing for a large speed increase.
<li>Enabled <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> caching by default.
<li>Changed the tied algorithm in <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to prevent
O(n^2) behavior when packages contain several hundred copies of the
same file.
<li>Added a "processing" message for when <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> is
transferring data to inform the user that pkg_add is still working.
<!-- fdisk -->
<li>Added missing uuid_dec_le() to init_gp() so <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A works on
big-endian architectures.
<li>Aligned <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
logic with that used in the kernel to allow the protective EFI GPT
partition to be in MBR partitions 0-3, not just 0.
<li>Prevented use of "-u" when <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> is operating on
GPT formatted disks.
<li>Stopped telling <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> that macppc
HAS_MBR.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
reject input of excessive length.
<li>Fixed an <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
regression to allow editing an MBR of all zeroes.
<li>Changed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
restrict user actions if neither GPT nor MBR structures can be found
on the disk.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> print
a warning when an MBR partition starts or extends past the end of the
device.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> print
a warning when a GPT partition start or end is outside the usable LBA
area of the device.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
display "Microsoft basic data" instead of
"FAT12" for GPT_UUID_MSDOS partitions.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> print
GPT attributes in verbose output.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> use the
correct GPT bootable attribute bit.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> not
spoof GPT partitions with the attribute REQUIRED.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
ensure GPT headers, table entries and usable area don't
overlap each other.
<!-- disklabel/disktab -->
<li>Removed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
ability to edit disk geometry information.
<li>Removed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
and <a href="https://man.openbsd.org/disktab.5">disktab(5)</a> support
for 'bs' (bootblock size) and 'sb' (superblock size) attributes.
<li>Added keyword 'raid' to
<a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
template files, allowing auto-allocation of RAID partitions.
<li>Removed <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
support for <a href="https://man.openbsd.org/disktab.5">disktab(5)</a>
'd[0-4]' (drive data) attributes.
<!-- btrace -->
<li>Installed useful <a
href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts in
/usr/share/btrace.
<li>Made <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>
execute the END probe upon receiving a SIGTERM signal.
<!-- netstart/rc -->
<li>Moved the wait for autoconf interfaces from <a
href="https://man.openbsd.org/rc.8">rc(8)</a> to <a
href="https://man.openbsd.org/netstart.8">netstart(8)</a> to fix
tunnel interfaces that depend on working autoconf interfaces.
<li>Made <a href="https://man.openbsd.org/netstart.8">netstart(8)</a>
create virtual interfaces up front if specified on the command line.
<li>Changed <a
href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a> to copy the
message to stdout when using <a
href="https://man.openbsd.org/logger.1">logger(1)</a> to avoid needing
to check syslog when running in debug mode.
<li>Fixed <a href="https://man.openbsd.org/kbd.8">kbd(8)</a> so it
doesn't fail silently when executed by a regular user.
<li>In the <i>sndio</i> library, added the function <a
href="https://man.openbsd.org/sio_flush.3">sio_flush(3)</a> to stop
playback immediately. Altered <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to wait until
the buffer is drained before closing the device.
<li>Made <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> use a
much safer FD-passing idiom for updating <a
href="https://man.openbsd.org/utmp.5">utmp(5)</a>.
<li>Prevented a crash in <a
href="https://man.openbsd.org/vi.1">vi(1)</a> when cursor key support is
disabled.
<li>Updated <a href="https://man.openbsd.org/vi.1">vi(1)</a> to apply
expandtab to the output of a ! command.
<li>Made <a href="https://man.openbsd.org/mg.1">mg(1)</a>
automatically delete trailing whitespace on RET in c-mode and
auto-indent-mode.
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> provide
full context when using match count (<code>-m</code>)
<li>Added the --null flag to <a
href="https://man.openbsd.org/grep.1">grep(1)</a> which makes grep
print an ASCII NUL byte after the file name to make the output
unambiguous.
<li>Fixed multiple memory leaks in <a
href="https://man.openbsd.org/awk.1">awk(1)</a>.
<li>Changed <a href="https://man.openbsd.org/compress.1">compress(1)</a>
to print a more accurate message when -v is used with -k.
<li>Fixed <a href="https://man.openbsd.org/gzip.1">gzip(1)</a> byte
counts with 32-bit integers.
<li>Fixed the growth check in <a
href="https://man.openbsd.org/compress.1">compress(1)</a> and <a
href="https://man.openbsd.org/gzip.1">gzip(1)</a> in cases of small
files or files with sufficiently random data.
<li>Made <a href="https://man.openbsd.org/timeout.1">timeout(1)</a> -s
accept HUP like <a href="https://man.openbsd.org/kill.1">kill(1)</a>
and GNU timeout(1) do.
<li>Updated capitals and countries in the game <a
href="https://man.openbsd.org/quiz.6">quiz(6)</a>.
<li>Set default sleep value of <a
href="https://man.openbsd.org/ico.1">ico(1)</a> to 10ms.
<li>Fixed a bug in <a
href="https://man.openbsd.org/cron.8">cron(8)</a> where it could exit
silently if <a href="https://man.openbsd.org/ppoll.2">ppoll(2)</a>
exited. Now it will log to <a
href="https://man.openbsd.org/syslog.3">syslog(3)</a> instead of
stderr.
<li>Added <a
href="https://man.openbsd.org/llvm-profdata.1">llvm-profdata(1)</a> to
base so that ports can benefit from profiled builds.
<li>Changed <a href="https://man.openbsd.org/rc.8">rc(8)</a> to only
attempt to set the <a href="https://man.openbsd.org/yp.8">yp(8)</a>
domainname if it has not been set yet.
<li>Raised the "staff" login class data-size-cur on arm64 to be the
same as that for amd64 in <a
href="https://man.openbsd.org/login.conf.5">login.conf(5)</a> (1536M).
<li>Fixed <a href="https://man.openbsd.org/patch.1">patch(1)</a>
locate-hunk in empty files.
<li>Fixed <a href="https://man.openbsd.org/patch.1">patch(1)</a> in
the case of reversing a patch that creates a file.
<li>Added seconds to the uptime display of <a
href="https://man.openbsd.org/top.1">top(1)</a>.
<li>Made <a href="https://man.openbsd.org/putenv.3">putenv(3)</a>
return an error if the string starts with the '=' character. This
matches the behavior on FreeBSD and NetBSD.
<li>Fixed overflow of the number of errors in <a
href="https://man.openbsd.org/renice.8">renice(8)</a> by setting error
instead of incrementing it.
<li>Removed the "-c" compatibility option from <a
href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a>.
<li>Stopped <a
href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> from
printing the device name on failure.
<li>Print a message when <a
href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> fails inside <a
href="https://man.openbsd.org/execve.2">execve(2)</a> to clarify the
failure mode when a dynamic executable is run while /usr isn't
mounted.
<li>Improved <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>
RAID level parsing to check numeric levels before checking single
character levels. This allows recognition of RAID 10 as a valid but
unsupported level.
<li>Fixed <a
href="https://man.openbsd.org/installboot.8">installboot(8)</a>
messaging when verbose (-v) and dry-run (-n) modes are combined with
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>.
<li>Sped up <a href="https://man.openbsd.org/wc.1">wc(1)</a> word counting.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>New <a href="https://man.openbsd.org/arm64/aplaudio.4">aplaudio(4)</a>
driver for Apple audio subsystem.
<li>New <a href="https://man.openbsd.org/arm64/aplmca.4">aplmca(4)</a>
driver for Apple MCA controller.
<li>New <a href="https://man.openbsd.org/arm64/aplsart.4">aplsart(4)</a>
driver for Apple SART address filter.
<li>New alpdc, apldchidev, apldckbd, apldcms, and aplrtk drivers for
keyboard and trackpad on Apple M2 laptops.
<li>New <a href="https://man.openbsd.org/arm64/qcgpio.4">qcgpio(4)</a>
driver for Qualcomm Snapdragon GPIO controller.
<li>New <a href="https://man.openbsd.org/arm64/qciic.4">qciic(4)</a>
driver for Qualcomm Snapdragon GENI I2C controller.
<li>New <a href="https://man.openbsd.org/riscv64/sfgpio.4">sfgpio(4)</a>
driver for SiFive GPIO controller.
<li>New <a href="https://man.openbsd.org/riscv64/stfclock.4">stfclock(4)</a>
driver for StarFive JH7100 clock controller.
<li>New <a href="https://man.openbsd.org/riscv64/stfpinctrl.4">stfpinctrl(4)</a>
driver for StarFive JH7100 pin configuration.
<li>New stftemp
driver for StarFive JH7100 temperature sensor.
<li>New <a href="https://man.openbsd.org/sxirintc.4">sxirintc(4)</a>
driver for Allwinner wakeup interrupt controller.
<li>New gpiorestart
driver for system reset via GPIO pin.
<li>Added support for more power sensors to <a
href="https://man.openbsd.org/ipmi.4">ipmi(4)</a>.
<li>Added support for the <a
href="https://man.openbsd.org/ehci.4">ehci(4)</a> controller on
Marvell 3720 boards.
<li>Extended <a href="https://man.openbsd.org/ksmn.4">ksmn(4)</a> to
show CCD temperatures if available.
<li>Fixed missing interrupts for trackpads on some machines after
resume by making sure <a
href="https://man.openbsd.org/amdgpio.4">amdgpio(4)</a> restores pin
configuration on resume.
<li>Added FIFO support and allow baud rate changes to
<a href="https://man.openbsd.org/pluart.4">pluart(4)</a>.
<li>Added support for the Synopsys DesignWare UART found on the Ryzen
Embedded V1000 SoCs to <a
href="https://man.openbsd.org/com.4">com(4)</a>.
<li>Added <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> support
for the dual role controllers integrated on the Qualcomm Snapdragon
8cx gen 3 SoC.
<li>Added support for using the power button to wake up from suspend
to <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>.
<li>Modified <a href="https://man.openbsd.org/pms.4">pms(4)</a> to
discard relative movement packets outside of the [-127, 127] range to
prevent cursor jumps when using the trackpoint on some Lenovo laptops.
<li>Allowed <a href="https://man.openbsd.org/spdmem.4">spdmem(4)</a>
to attach to <a
href="https://man.openbsd.org/loongson/gdiumiic.4">gdiumiic(4)</a>.
<li>Make <a href="https://man.openbsd.org/spdmem.4">spdmem(4)</a>
attach on 2F-based loongson systems.
<li>Added power button support to <a
href="https://man.openbsd.org/arm64/aplsmc.4">aplsmc(4)</a>.
<li>Changed the <a href="https://man.openbsd.org/mfii.4">mfii(4)</a>
RAID controller driver to allow the firmware more time to transition
out of the UNDEFINED state.
<li>Added Wacom One S (CTL-472) support to <a
href="https://man.openbsd.org/uwacom.4">uwacom(4)</a>.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Increased rx buffer size on <a
href="https://man.openbsd.org/uaq.4">uaq(4)</a> to 62kB.
<li>Repaired <a href="https://man.openbsd.org/rge.4">rge(4)</a>
hardware VLAN tagging.
<li>Provide statistics via kstats for <a
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
<li>Enabled <a href="https://man.openbsd.org/aq.4">aq(4)</a> on arm64.
<li>Implemented and enabled IPv4, TCP, and UDP checksum offloading for
<a href="https://man.openbsd.org/igc.4">igc(4)</a>.
<li>Fixed a panic triggered by ifconfig bnxt0 down by changing <a
href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> devices to not run
rx and tx interrupt handlers when the interface is not running.
<li>Introduced Large Receive Offloading of TCP segment offloading in
<a href="https://man.openbsd.org/ix.4">ix(4)</a>. Also added a tso
option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
to enable and disable this feature.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Made device matching in <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> more similar to Linux
iwlwifi in order to recognize more devices.
<li>Added support for AX210/AX211 devices to <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> setting
of HT/VHT bits in rate flags of the Tx command that could cause a
firmware panic.
<li>Added handling of 9k devices which do not support antenna B to <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>
ifconfig media display on devices with sta_info command version 3.
<li>Fixed a <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> crash during USB detach.
<li>Fixed detection of the Rx data rate on rtl8192eu <a
href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices.
<li>Fixed integer overflows in the <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> firmware file parsers.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>Make sure drivers initialize all of ieee80211_rxinfo struct.
</ul>
<li>Installer, upgrade and bootloader improvements:
<ul>
<li>Fixed the watchdog in the installer so that it is reset
after each download and each set installation.
<li>Ensured that running <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> on
-stable will move to the next release, not -current.
<li>Added the -b option to <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> to set
an alternative base directory to which the installation files will be
downloaded.
<li>Increased the <a
href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> auto
partitioner's maximum size for /usr to 30G.
<li>Altered installer behavior so the <a
href="https://man.openbsd.org/vlan.4">vlan(4)</a> question won't be
asked unless another network interface exists.
<li>Added support for wildcards in <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> patterns.
<!-- bootblock stuff -->
<li>Added support for booting from RAID 1C <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> volumes on
amd64, sparc64 and arm64.
<li>Added NFS client support to the luna88k RAMDISK kernel.
<li>Made the EFI bootloader provide the extra parameters necessary to
use non-standard UARTs on the AMD Ryzen Embedded V1000 SoCs as console.
<li>Switched bootloaders to the extended BOOTARG_CONSDEV struct.
<li>Added UFS2 support to landisk boot blocks.
<li>Removed "force CHS" capability from <a href="https://man.openbsd.org/biosboot.8">biosboot(8)</a>
</ul>
<li>Security improvements:
<ul>
<li>Implemented privilege separation in <a
href="https://man.openbsd.org/xlock.1">xlock(1)</a>.
<li>Added privilege separation to <a
href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>The TZ environment variable no longer supports absolute paths,
to fit better into the <a
href="https://man.openbsd.org/pledge.2">pledge(2)</a> bypass model.
<li>AF_UNIX socket <a
href="https://man.openbsd.org/bind.2">bind(2)</a> and <a
href="https://man.openbsd.org/connect.2">connect(2)</a> now follow <a
href="https://man.openbsd.org/unveil.2">unveil(2)</a> configuration.
<li>New <a
href="https://man.openbsd.org/ypconnect.2">ypconnect(2)</a> system
call creates a socket based upon the IP address encoded directly in a
locked ypbinding file, thereby removing a horrible hack to support YP
lookups in programs using strong
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a> rules.
<li>Processes that pledge("vminfo") may now use the read-only <a
href="https://man.openbsd.org/swapctl.2">swapctl(2)</a> operations
SWAP_NSWAP and SWAP_STATS providing information on swap devices.
<li>Randomized the rekey interval of <a
href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>.
<li>Reduce the attack surface by introducing a 'local bind' mode to
<a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>. In this mode
ypldap binds its RPC sockets to loopback, so YP services are only
available to the host it's running on. ypldap writes the YP binding
file in /var/yp/binding itself and replaces <a
href="https://man.openbsd.org/ypbind.8">ypbind(8)</a> and <a
href="https://man.openbsd.org/ypserv.8">ypserv(8)</a>. This also
implies that <a
href="https://man.openbsd.org/portmap.8">portmap(8)</a> doesn't need
to be running anymore when local bind mode is used.
<li>Changed the /sbin daemons <a
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>, <a
href="https://man.openbsd.org/mountd.8">mountd(8)</a>, <a
href="https://man.openbsd.org/nfsd.8">nfsd(8)</a>, <a
href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>, <a
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>, <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, and <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a> to be
dynamically linked to allow them to benefit from all the additional
mitigations that dynamically linked executables gain. NFS mounting of
/usr must now use statically configured IP addresses.
</ul>
<li>Changes in the network stack:
<ul>
<li>Added the <a
href="https://man.openbsd.org/recvmmsg.2">recvmmsg(2)</a> system call
that allows receiving multiple msghdrs at once, and the <a
href="https://man.openbsd.org/sendmmsg.2">sendmmsg</a> syscall that
allows sending multiple msghdrs at once.
<li>Relaxed address availability check for <a
href="https://man.openbsd.org/multicast.4">multicast(4)</a> binds so
processes listening for the same multicast address do not need to be
the same UID.
<li>Introduced dedicated link entries for snapshots to <a
href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>.
<li>Changed <a href="https://man.openbsd.org/pf.4">pf(4)</a> handling
of IGMP and ICMP6 MLD packets to allow multicast control packets to
work by default.
<li>Made <a href="https://man.openbsd.org/pf.4">pf(4)</a> more paranoid about
IGMP/MLD messages.
<li>Fixed a logic bug in pf_find_state() that could cause <a
href="https://man.openbsd.org/pf.4">pf(4)</a> to incorrectly block a
packet.
<li>Fixed <a href="https://man.openbsd.org/pf.4">pf(4)</a> syncookies during fast TCP port reuse.
<li>Fixed a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a>
where a pool defined like "172.16.0.0/16" would count as a pool size
of one address. Also fixed random selection of source address to be
uniform across the whole pool.
<li>Fixed a kernel panic in <a
href="https://man.openbsd.org/pf.4">pf(4)</a> if IP options with an
ICMP payload were truncated. Such packets will now be dropped instead.
<li>Allow forwarding to and from IPs in the 240/4 range.
<li>Corrected the Virtual Ethernet Bridge <a
href="https://man.openbsd.org/veb.4">veb(4)</a> to avoid calling
if_enqueue from an smr critical section.
<li>Reworked the kroute rttimer code to fix icmp_pmtu_timeout crashes.
<li>Fixed an interrupt storm upon suspend on Amlogic arm64 boards.
<li>Fixed a race between pflow_output_process() and
pflow_clone_destroy() in <a
href="https://man.openbsd.org/pflow.4">pflow(4)</a>.
<li>Added a missing input validation step to <a
href="https://man.openbsd.org/pipex.4">pipex(4)</a> MPPE keylenbits.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>IPsec support was improved:
<ul>
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> ignore
any CERT payload after the first rather than failing the exchange when
more than one CERT payload is received.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> support
for sending certificate chains with intermediate CAs in multiple CERT
payloads.
<li>Added an OpenIKED Vendor ID payload in the <a
href="https://man.openbsd.org/iked.8">iked(8)</a> initial handshake to
make it easier to handle interoperability problems with older versions
in the future.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
connection statistics for successful and failed connections, error
types, and other events that can be printed with "ikectl show stats".
</ul>
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
<ul>
<li>Implement max-communities filter to limit the number of allowed
communities, ext-communities and large-communities.
<li>Fix insertion of additional non-transitive extended communities when
sending out prefixes.
<li>Relax IP address limitation by allowing prefixes in 240/4.
<li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
in UPDATE and OPEN Messages.
<li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP (ADD-PATH).
<li>Improve FIB code, handle IPv6 scoped addresses properly.
<li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>,
a FastCGI server providing a REST API to execute
<a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> commands.
<li>Bugfix: <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> could
fail to invalidate nexthops and incorrectly leave them in the FIB or
Adj-RIB-Out.
<li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>
<code>show rib 10/8 or-longer</code> and <code>show rib 10/8
or-shorter</code>
<li>Switch various static hash tables to RB trees improving
performance on large systems
<li>Export per neighbor pending update and withdraw statistics
<li>Fix race between a neighbor session reset and its update message
backlog
<li>Improve handling of nexthop reachability state changes
<li>Made sure only one <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa softreconfig
runner is run at any time.
</ul>
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
<ul>
<li>Allowed more than one CRL URI in certificates.
<li>Do not apply timezone offsets when converting X509 times. X509
times are in UTC and comparing them to times in different timezones
would cause validity problems.
<li>Add support for an operator-configurable skiplist facility.
Operators can specify a list of FQDNs which should not be contacted
when synchronizing the local cache to the network.
<li>Emit a warning when a RRDP session serial number decreases.
<li>DER decoding functions were refactored to leverage ASN.1 templates.
<li>Add support to validate & inspect .sig files containing RPKI Signed
Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
<li>Print various statistics after the completion of the main process.
<li>Add support to decode & print TAL (RFC 8630) details in filemode (-f).
<li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON
output flag (-j) are combined.
<li>Add support for validating Autonomous System Provider Authorization
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
Validated ASPA payloads are visible in JSON and filemode (-f) output.
<li>Set <a href="https://man.openbsd.org/openrsync.1">rsync(1)</a> connection I/O idle timeout to 15 seconds.
<li>Unify the maximum idle I/O and connect timeouts for <a href="https://man.openbsd.org/openrsync.1">rsync(1)</a> & HTTPS.
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> now performs stricter EE certificate validation:
<ul>
<li>Disallow AS Resources extensions in ROA EE certificates.
<li>Disallow Subject Information Access (SIA) extensions in RPKI
Signed Checklist (RSC) EE certs.
<li>Check the resources in ROAs and RSCs against EE certs.
</ul>
<li>Improve readability and add various information being printed in
verbose mode.
<li>Extend filemode (-f) output and print X.509 certificates in PEM
format when increased verbosity (-vv) is specified.
<li>Shorten the RRDP I/O idle timeout.
<li>Introduce a deadline timer that aborts all repository synchronization
after seven eights of timeout (-s). With this rpki-client has improved
chances to complete and produce an output even when a CA is excessively
slow.
<li>Abort a currently running RRDP request process when the per-repository
timeout is reached.
<li>Permit multiple AccessDescription entries in SIA X.509 extensions. While
fetching from secondary locations is not yet supported, rpki-client will
not treat occurrence as a fatal error.
<li>Resolve a potential for a race condition in non-atomic RRDP deltas.
<li>Fix some memory leaks.
<li>Improve compliance with the HTTP protocol specification.
</ul>
<li>In <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>,
<ul>
<li>Allow object names to be used in addition to OIDs in
<a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a>.
<li>Better type hinting for debug logging.
<li>Introduce a blocklist feature, which removes subtrees from view.
<li>Reintroduce AgentX master support.
<li>Move non-SNMP related metrics to their own AgentX based backend.
<li>The snmpe process is now pledged <code>stdio recvfd inet unix</code>.
<li>Imported <a
href="https://man.openbsd.org/snmpd_metrics.8">snmpd_metrics(8)</a>.
This allows those who need to use net-snmpd the ability to access base
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> metrics.
</ul>
<li>In <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
match password schemas case sensitive.
<li>In <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
relax the limitations on what is an acceptable unicast IP. There are no
more experiments in IPv4 and so there is less reason for network
daemons to deny formerly experimental IP space. Multicast IPs
(224/4) and loopback (127/8) are still disallowed.
<li>Added check to <a
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> to
ensure the challenge token is turned into a filename that is base64url
encoded.
<li>Added RFC 9234 "BGP Role" support to <a
href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
<li>Have <a
href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> print
ASnumbers in 'asplain' format instead of the old 'asdot' format.
<li>Fixed a crash in libpcap when it would walk off the end of the array performing frees.
<li>Made -X connect SOCKS work with IPv6 addresses in <a href="https://man.openbsd.org/nc.1">nc(1)</a>.
<li>Introduced a blocklist backend and keyword to <a
href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, this deprecates
filter-pf-addresses.
<li>Changed <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> to defer to
<a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> by
doing execve ifconfig and providing syslog warnings about deprecated
options.
<li>Implemented <a href="https://man.openbsd.org/dig.1">dig(1)</a>
support for SVCB and HTTPS record types.
<li>Made <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
write /etc/resolv.conf in a more atomic manner.
<li>Added a <a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a>
-t flag to change the request timeout.
<li>Corrected handling of an abnormal FastCGI termination in <a
href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Made newer MIME type definitions take precedence over existing
ones in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Moved the <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
<a href="https://man.openbsd.org/daemon.3">daemon(3)</a> call to just
before forking the children so the parent disassociates from its
controlling terminal and shell, but not from its children.
<li>Changed <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to use
non-blocking <a
href="https://man.openbsd.org/connect.2">connect(2)</a> with <a
href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and timeout
instead of <a href="https://man.openbsd.org/alarm.3">alarm(3)</a>.
This allows failing over to another IP address for hosts that have
more than one.
</ul>
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes:
<ul>
<li>Added an ACL list for multiple users attaching to the <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> socket.
<li>Ensured cursor remains on selected item on menu.
<li>Added support for OSC 8 hyperlinks.
<li>Added support for hyperlinks with capture-pane -e and a
mouse_hyperlink format.
<li>Added an "all" state to allow-passthrough to work even in invisible panes.
<li>Fixed a crash when searching for .* with extremely long lines.
<li>Added <a href="https://man.openbsd.org/vi.1">vi(1)</a> Home/End
bindings.
<li>Added a Nobr terminfo capability to tell <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> the terminal does
not use bright colors for bold.
<li>Added a notification when a paste buffer is deleted.
<li>Fixed window size reporting.
</ul>
<li>LibreSSL version 3.6.0
<ul>
<li>New features
<ul>
<li>EVP API for HKDF ported from OpenSSL and subsequently cleaned up.
<li>The security level API (SSL_{,CTX}_{get,set}_security_level()) is
now available. Callbacks and ex_data are not supported. Sane
software will not be using this.
<li>Experimental support for the BoringSSL QUIC API.
<li>Add initial support for TS ESSCertIDv2 verification.
<li>LibreSSL now uses the Baillie-PSW primality test instead of
Miller-Rabin.
</ul>
<li>Compatibility changes
<ul>
<li>The ASN.1 time parser has been refactored and rewritten using CBS.
It has been made stricter in that it now enforces the rules from
RFC 5280.
<li>ASN1_AFLG_BROKEN was removed.
<li>Error check tls_session_secret_cb() like OpenSSL.
<li>Added ASN1_INTEGER_{get,set}_{u,}int64()
<li>Move leaf certificate checks to the last thing after chain
validation.
<li>Added -s option to <a
href="https://man.openbsd.org/openssl.1">openssl(1)</a> ciphers
that only shows the ciphers supported by the specified protocol.
<li>Use <a href="https://man.openbsd.org/TLS_client_method.3">TLS_client_method(3)</a>
instead of <a href="https://man.openbsd.org/TLSv1_client_method.3">TLSv1_client_method(3)</a> in
the <a
href="https://man.openbsd.org/openssl.1">openssl(1)</a> ciphers command.
<li>Validate the protocols in <a
href="https://man.openbsd.org/SSL_CTX_set_alpn_protos.3">SSL{_CTX,}_set_alpn_protos()</a>.
<li>Made TS and PKCS12 opaque.
<li>Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF.
<li>Align PKCS12_key_gen_uni() with OpenSSL
<li>Various PKCS12 and TS accessors were added. In particular, the
TS_RESP_CTX_set_time_cb() function was added back.
<li>Allow a NULL header in <a
href="https://man.openbsd.org/PEM_write.3">PEM_write{,_bio}()</a>
<li>Allow empty attribute sets in CSRs.
<li>Adjust signatures of <a
href="https://man.openbsd.org/BIO_ctrl.3">BIO_ctrl</a> functions.
<li>Provide additional defines for EVP AEAD.
<li>Provide OPENSSL_cleanup().
<li>Make <a
href="https://man.openbsd.org/BIO_info_cb.3">BIO_info_cb()</a> identical to bio_info_cb().
</ul>
<li>Bug fixes
<ul>
<li>Avoid use of uninitialized in BN_mod_exp_recp().
<li>Fix <a
href="https://man.openbsd.org/X509_get_extension_flags.3">X509_get_extension_flags()</a>
by ensuring that EXFLAG_INVALID is
set on X509_get_purpose() failure.
<li>Fix <a
href="https://man.openbsd.org/HMAC.3">HMAC()</a> with NULL key.
<li>Add ERR_load_{COMP,CT,KDF}_strings() to <a
href="https://man.openbsd.org/ERR_load_crypto_strings.3">ERR_load_crypto_strings()</a>.
<li>Avoid strict aliasing violations in BN_nist_mod_*().
<li>Do not return X509_V_ERR_UNSPECIFIED from <a
href="https://man.openbsd.org/X509_check_ca.3">X509_check_ca()</a>.
No return value of X509_check_ca() indicates failure. Application
code should therefore issue a checked call to X509_check_purpose()
before calling X509_check_ca().
<li>Rewrite and fix X509v3_asid_subset() to avoid segfaults on some
valid input.
<li>Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
<li>Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly.
<li>Avoid use of uninitialized in <a
href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
<li>Do not pass uninitialized pointer to <a
href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
<li>Do not refuse valid IPv6 addresses in <a
href="https://man.openbsd.org/nc.1">nc(1)</a>'s HTTP CONNECT proxy.
<li>Do not reject primes in trial divisions.
<li>Error out on negative shifts in BN_{r,l}shift() instead of
accessing arrays out of bounds.
<li>Fix URI name constraints, allow for URIs with no host part.
<li>Fix the legacy verifier callback behaviour for untrusted certs.
<li>Correct serfver-side handling of TLSv1.3 key updates.
<li>Plug leak in PKCS12_setup_mac().
<li>Plug leak in <a
href="https://man.openbsd.org/X509V3_add1_i2d.3">X509V3_add1_i2d()</a>.
<li>Only print X.509 versions we know about.
<li>Avoid signed integer overflow due to unary negation
<li>Initialize readbytes in <a
href="https://man.openbsd.org/BIO_gets.3">BIO_gets()</a>.
<li>Plug memory leak in CMS_add_simple_smimecap().
<li>Plug memory leak in <a
href="https://man.openbsd.org/X509_REQ_print_ex.3">X509_REQ_print_ex()</a>.
<li>Check <a
href="https://man.openbsd.org/HMAC.3">HMAC()</a> return value to avoid a later use of uninitialized.
<li>Avoid potential NULL dereference in ssl_set_pkey().
<li>Check return values in ssl_print_tmp_key().
<li>Switch loop bounds from size_t to int in check_hosts().
<li>Avoid division by zero if no connection was made in s_time.c.
<li>Check sk_SSL_CIPHER_push() return value
<li>Avoid out-of-bounds read in ssl_cipher_process_rulestr().
<li>Use LONG_MAX as the limit for ciphers with long based APIs.
</ul>
<li>Internal improvements
<ul>
<li>Avoid expensive RFC 3779 checks during cert verification.
<li>The templated ASN.1 decoder has been cleaned up, refactored,
modernized with parts rewritten using CBB and CBS.
<li>The ASN.1 time parser has been rewritten.
<li>Rewrite and fix <a
href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
<li>Use asn1_abs_set_unused_bits() rather than inlining it.
<li>Simplify ec_asn1_group2curve().
<li>First pass at a clean up of ASN1_item_sign_ctx()
<li>ssl_txt.c was cleaned up.
<li>Internal function arguments and struct member have been changed
to size_t.
<li>Lots of missing error checks of EVP API were added.
<li>Clean up and clarify BN_kronecker().
<li>Simplify ASN1_INTEGER_cmp()
<li>Rewrite ASN1_INTEGER_{get,set}() using CBS and CBB and reuse
the ASN1_INTEGER functions for ASN1_ENUMERATED.
<li>Use ASN1_INTEGER to parse and build {Z,}LONG_it
<li>Refactored and cleaned up group (elliptic curve) handling in
t1_lib.c.
<li>Simplify certificate list handling code in the legacy server.
<li>Make CBB_finish() fail if *out_data is not NULL.
<li>Remove tls_buffer_set_data() and remove/revise callers.
<li>Rewrite SSL{_CTX,}_set_alpn_protos() using CBS.
<li>Simplify tlsext_supported_groups_server_parse().
<li>Remove redundant length checks in tlsext parse functions.
<li>Simplify tls13_server_encrypted_extensions_recv().
<li>Add read and write support to tls_buffer.
<li>Convert TLS transcript from BUF_MEM to tls_buffer.
<li>Clear key on exit in PKCS12_gen_mac().
<li>Minor fixes in PKCS12_parse().
<li>Provide and use a primitive clear function for BIGNUM_it.
<li>Use ASN1_INTEGER to encode/decode BIGNUM_it.
<li>Add stack frames to AES-NI x86_64 assembly.
<li>Use named initialisers for BIGNUMs.
<li>Tidy up some of BN_nist_mod_*.
<li>Expand BLOCK_CIPHER_* and related macros.
<li>Avoid shadowing the cbs function parameter in
tlsext_alpn_server_parse()
<li>Deduplicate peer certificate chain processing code.
<li>Make it possible to signal an error from an i2c_* function.
<li>Rewrite i2c_ASN1_INTEGER() using CBB/CBS.
<li>Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20().
<li>Remove bogus length checks from EVP_aead_chacha20_poly1305().
<li>Reworked DSA_size() and ECDSA_size().
<li>Stop using CBIGNUM_it internal to libcrypto.
<li>Provide c2i_ASN1_ENUMERATED_cbs() and call it from
asn1_c2i_primitive().
<li>Ensure ASN.1 types are appropriately encoded.
<li>Avoid recycling ASN1_STRINGs when decoding ASN.1.
<li>Tidy up asn1_c2i_primitive() slightly.
<li>Mechanically expand IMPLEMENT_BLOCK_CIPHER, IMPLEMENT_CFBR,
BLOCK_CIPHER and the looney M_do_cipher macros.
<li>Use correct length for EVP CFB mode ciphers.
<li>Provide a version of ssl_msg_callback() that takes a CBS.
<li>Use CBS to parse TLS alerts in the legacy stack.
<li>Increment the input and output position for EVP AES CFB1.
<li>Ensure there is no trailing data for a CCS received by the
TLSv1.3 stack.
<li>Use CBS when processing a CCS message in the legacy stack.
<li>Be stricter with middlebox compatibility mode in the TLSv1.3
server.
</ul>
</ul>
<li>OpenSSH 9.1
<ul>
<li>Security
<ul>
<li>ssh-keyscan(1): fix a one-byte overflow in SSH banner processing
<li>ssh-keygen(1): fix double free() in error path of signing/verify code
<li>ssh-keysign(8): fix double-free in error path introduced in OpenSSH 8.9.
</ul>
<li>Potentially-incompatible changes
<ul>
<li>ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used.
<li>ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.
<li>ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).<br>
ssh(1) will terminate a connection if the server offers an RSA key
that falls below this limit, as the SSH protocol does not include
the ability to retry a failed key exchange
<li>sftp-server(8): add a <code>users-groups-by-id@openssh.com</code>
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
<li>sftp(1): use <code>users-groups-by-id@openssh.com</code> sftp-server
extension (when available) to fill in user/group names for
directory listings.
<li>sftp-server(8): support the <code>home-directory</code> extension
request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.
<li>ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.<br>
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.
<li>sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
<code>/usr/libexec/sftp-server -el debug3</code>.
<li>ssh-keygen(1): allow the existing -U (use agent) flag to work
with <code>-Y sign</code> operations, where it will be interpreted to
require that the private keys is hosted in an agent.
</ul>
<li>Bugfixes
<ul>
<li>ssh-keygen(1): implement the "verify-required" certificate option.
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.
<li>ssh-agent(1): hook up the restrict_websafe command-line flag;
previously the flag was accepted but never actually used.
<li>sftp(1): improve filename tab completions: never try to complete
names to non-existent commands, and better match the completion
type (local or remote filename) against the argument position
being completed.
<li>ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
handling, especially relating to keys that request
user-verification. These should reduce the number of unnecessary
PIN prompts for keys that support intrinsic user verification.
<li>ssh-keygen(1): when enrolling a FIDO resident key, check if a
credential with matching application and user ID strings already
exists and, if so, prompt the user for confirmation before
overwriting the credential.
<li> sshd(8): improve logging of errors when opening authorized_keys
files.
<li>ssh(1): avoid multiplexing operations that could cause SIGPIPE from
causing the client to exit early. bz3454
<li>ssh_config(5), sshd_config(5): clarify that the RekeyLimit
directive applies to both transmitted and received data.
<li>ssh-keygen(1): avoid double fclose() in error path.
<li>sshd(8): log an error if pipe() fails while accepting a connection.
<li>ssh(1), ssh-keygen(1): fix possible NULL deref when built without
FIDO support.
<li>ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
<li>sshd(8): ensure that authentication passwords are cleared from
memory in error paths.
<li>ssh(1), ssh-agent(1): avoid possibility of notifier code executing
kill(-1).
<li>ssh_config(5): note that the ProxyJump directive also accepts the
same tokens as ProxyCommand.
<li>scp(1): do not ftruncate(3) files early when in sftp mode. The
previous behaviour of unconditionally truncating the destination
file would cause <code>scp ~/foo localhost:</code> and <code>scp
localhost:foo ~/</code> to delete all the contents of their destination.
<li>ssh-keygen(1): improve error message when <code>ssh-keygen -Y sign
</code> is unable to load a private key.
<li>sftp(1), scp(1): when performing operations that glob(3) a remote
path, ensure that the implicit working directory used to construct
that path escapes glob(3) characters. This prevents glob characters
from being processed in places they shouldn't, e.g. <code>cd
/tmp/a*/</code>, <code>get *.txt</code> should have the get operation
treat the path <code>/tmp/a*</code> literally and not attempt to expand
it.
<li>ssh(1), sshd(8): be stricter in which characters will be accepted
in specifying a mask length; allow only 0-9.
<li>ssh-keygen(1): avoid printing hash algorithm twice when dumping a
KRL.
<li>ssh(1), sshd(8): continue running local I/O for open channels
during SSH transport rekeying. This should make ~-escapes work in
the client (e.g. to exit) if the connection happened to have
stalled during a rekey event.
<li>ssh(1), sshd(8): avoid potential poll() spin during rekeying
<li>Further hardening for sshbuf internals: disallow "reparenting" a
hierarchical sshbuf and zero the entire buffer if reallocation
fails.
</ul>
</ul>
<li>mandoc 1.14.6 plus some new features and many bugfixes, including:
<ul>
<li>Significantly improved accessibility of
<a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
<code>-T html</code> and
<a href="https://man.openbsd.org/man.cgi.8">man.cgi(8)</a>
output by using semantically better HTML elements in several places
and by adding ARIA and DPUB-ARIA roles and aria-label attributes
to several HTML elements.
<li>Got rid of archaic HTML table markup for header and footer lines
in favor of flexbox CSS.
Rendering now adapts to browser windows of arbitrary narrowness.
<li>Prevented <code>-T html</code> output from turning breakable
hyphens into underscores in URI fragment identifiers.
<li>Improved the <a href="https://man.openbsd.org/roff.7">roff(7)</a>
escape sequence parser in several fundamental ways
regarding output correctness and groff compatibility.
<li>Corrected output that depends on the order of evaluation of
<a href="https://man.openbsd.org/roff.7">roff(7)</a>
escape sequences by parsing them left-to-right
rather than right-to-left.
<li>Significantly improved <code>-T lint</code> diagnostics regarding
syntax errors in <a href="https://man.openbsd.org/roff.7">roff(7)</a>
escape sequences and in their arguments.
<li>Stopped emitting vertical space before the
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> .TS (table
start) macro for compatibility with the same change in groff.
This implies .PP or .Pp macros may need to be inserted before .TS
in some (but not all!) places in some manual pages using tbl(7).
<li>Stopped skipping vertical space after the
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> .TE (table
end) macro of boxed tables for compatibility with the same
change in groff. This implies .sp requests may need to be
removed after .TE in some manual pages using tbl(7).
<li>Corrected the calculation of the width of spanned
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a> columns.
<li>Improved the handling of literal tab characters in filled text
in multiple ways for compatibility with groff and Heirloom troff.
<li>Plus bugfixes for two segfaults, two infinite loops, and several
assertion failures.
</ul>
<li>Ports and packages:
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: 11261
<li>amd64: 11451
<li>arm: 8182
<li>i386: 10225
<li>mips64: 8759
<li>powerpc: 9577
<li>powerpc64: 9597
<li>riscv64: 9808
<li>sparc64: 9275
</ul>
<p>Some highlights:
<ul style="column-count: 3">
<li>Asterisk 16.28.0, 18.14.0 and 19.6.0
<li>Audacity 2.4.2
<li>CMake 3.24.2
<li>Chromium 105.0.5195.125
<li>Emacs 28.2
<li>FFmpeg 4.4.2
<li>GCC 8.4.0 and 11.2.0
<li>GHC 9.2.4
<li>GNOME 42.4
<li>Go 1.19.1
<li>JDK 8u342, 11.0.16 and 17.0.4
<li>KDE Applications 22.08.1
<li>KDE Frameworks 5.98.0
<li>Krita 5.1.1
<li>LLVM/Clang 13.0.0
<li>LibreOffice 7.4.1.2
<li>Lua 5.1.5, 5.2.4 and 5.3.6
<li>MariaDB 10.9.3
<li>Mono 6.12.0.182
<li>Mozilla Firefox 105.0.1 and ESR 102.3.0
<li>Mozilla Thunderbird 102.3.0
<li>Mutt 2.2.7 and NeoMutt 20220429
<li>Node.js 16.17.1
<li>OCaml 4.12.1
<li>OpenLDAP 2.6.3
<li>PHP 7.4.30, 8.0.23 and 8.1.10
<li>Postfix 3.7.2
<li>PostgreSQL 14.5
<li>Python 2.7.18, 3.9.14 and 3.10.7
<li>Qt 5.15.6 and 6.3.1
<li>R 4.2.1
<li>Ruby 2.7.6, 3.0.4 and 3.1.2
<li>Rust 1.63.0
<li>SQLite 3.39.3
<li>Shotcut 22.06.23
<li>Sudo 1.9.11.2
<li>Suricata 6.0.6
<li>Tcl/Tk 8.5.19 and 8.6.12
<li>TeX Live 2021
<li>Vim 9.0.0192 and Neovim 0.7.2
<li>Xfce 4.16
</ul>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
<li>LLVM/Clang 13.0.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.32.1 (+ patches)
<li>NSD 4.6.0
<li>Unbound 1.16.3
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk September 12, 2022
<li>Expat 2.4.9
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 7.2 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/alpha/INSTALL.alpha">
.../OpenBSD/7.2/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/amd64/INSTALL.amd64">
.../OpenBSD/7.2/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/arm64/INSTALL.arm64">
.../OpenBSD/7.2/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/armv7/INSTALL.armv7">
.../OpenBSD/7.2/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/hppa/INSTALL.hppa">
.../OpenBSD/7.2/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/i386/INSTALL.i386">
.../OpenBSD/7.2/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/landisk/INSTALL.landisk">
.../OpenBSD/7.2/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/loongson/INSTALL.loongson">
.../OpenBSD/7.2/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/luna88k/INSTALL.luna88k">
.../OpenBSD/7.2/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/macppc/INSTALL.macppc">
.../OpenBSD/7.2/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/octeon/INSTALL.octeon">
.../OpenBSD/7.2/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/powerpc64/INSTALL.powerpc64">
.../OpenBSD/7.2/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/riscv64/INSTALL.riscv64">
.../OpenBSD/7.2/riscv64/INSTALL.riscv64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.2/sparc64/INSTALL.sparc64">
.../OpenBSD/7.2/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install72.img</i> or
<i>miniroot72.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>install72.img</i> or <i>miniroot72.img</i> to a disk and boot from it
after connecting to the serial console. Refer to INSTALL.arm64 for more
details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install72.iso</i> or
<i>cd72.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install72.img</i> or
<i>miniroot72.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot72.img</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot72.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/7.2/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/powerpc64:</h3>
<p>
To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.
<h3>OpenBSD/riscv64:</h3>
<p>
To install, write <i>install72.img</i> or <i>miniroot72.img</i> to a
USB stick, and boot with that drive plugged in.
Make sure you also have the microSD card plugged in that shipped with the
HiFive Unmatched board.
Refer to the instructions in INSTALL.riscv64 for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy72.img</i> or <i>floppyB72.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot72.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 7.1 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade72.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_2</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 7.2 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to 72.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www