version 1.80, 2023/10/14 21:13:43 |
version 1.81, 2023/10/14 22:32:04 |
|
|
catch up with box drawing characters which have |
catch up with box drawing characters which have |
been standardized in unicode after the original wscons code was |
been standardized in unicode after the original wscons code was |
written and chose placeholder values. |
written and chose placeholder values. |
|
<li>In <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>, |
|
make sure we do not increase the escape sequence argument count beyond |
|
usable bounds. |
<li>Take more functions in the network and routing code out |
<li>Take more functions in the network and routing code out |
of kernel lock. |
of kernel lock. |
<li>Implement <a href="https://man.openbsd.org/dt.4">dt(4)</a> |
<li>Implement <a href="https://man.openbsd.org/dt.4">dt(4)</a> |
|
|
detaching devices during suspend, must continue processing |
detaching devices during suspend, must continue processing |
command completion events. This fixes USB suspend/resume in Apple |
command completion events. This fixes USB suspend/resume in Apple |
M1/M2. --> |
M1/M2. --> |
|
<li>Update AMD CPU microcode if a newer patch is available. |
|
<li>Enable a workaround for the 'Zenbleed' AMD CPU bug. |
|
<li>Report speculation control bits in dmesg cpu lines. |
|
<li>To give the primary CPU an opportunity to perform clock interrupt |
|
preparation in a machine-independent manner we need to separate the |
|
"initialization" parts of cpu_initclocks() from the "start the clock |
|
interrupt" parts. Separate cpu_initclocks() from cpu_startclock(). |
|
<li>Fix a problem where CPU time accounting and RLIMIT_CPU was |
|
unreliable on idle systems. |
|
<li>Improve the output of the "show proc" command of the kernel |
|
debugger <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> and show |
|
both the PID and TID of the proc. |
</ul> |
</ul> |
|
|
<li>SMP Improvements |
<li>SMP Improvements |
|
|
mostly used in network daemons. |
mostly used in network daemons. |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
add button mappings for two- and three-finger clicks on clickpads. |
add button mappings for two- and three-finger clicks on clickpads. |
|
<li>Implement a non-interactive mode (-s) in <a |
|
href="https://man.openbsd.org/bioctl.8">bioctl(8)</a> for use in |
|
scripts. |
|
<li>In <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>, use |
|
a hardware based number of KDF rounds by default for passphrases. |
|
Motivation is to provide a saner and more modern default, especially |
|
for fresh installations utilizing new disk encryption question. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> |
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> |
to speed up <tt>pkg_add -u</tt> now also works if -stable packages |
to speed up <tt>pkg_add -u</tt> now also works if -stable packages |
are available. |
are available. |
|
<li>Significantly increase the speed of <a |
|
href="https://man.openbsd.org/pkg-config.1">pkg-config(1)</a>. |
<li>In seq(1), fix a check for rounding error and truncation. |
<li>In seq(1), fix a check for rounding error and truncation. |
<li>In cron(8), introduce upstream fixes in the handling of @yearly, @monthly, |
<li>In cron(8), introduce upstream fixes in the handling of @yearly, @monthly, |
@weekly, @daily and @hourly entries. |
@weekly, @daily and @hourly entries. |
|
|
<li>Make <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
<li>Make <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
check if a daemon exists before trying to disable it, thereby avoiding |
check if a daemon exists before trying to disable it, thereby avoiding |
parsing and printing of bogus characters. |
parsing and printing of bogus characters. |
|
<li>Print to the console the fingerprint of a newly generated <a |
|
href="https://man.openbsd.org/ssh.1">ssh(1)</a> host key of the |
|
preferred type (currently ED25519), typically when booting for the |
|
first time. This simplifies a secure first ssh connection to a |
|
freshly installed machine. |
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
making eMMC and microSD mostly work on the Starfive VisionFive 2. |
making eMMC and microSD mostly work on the Starfive VisionFive 2. |
<li>Add driver <a href="https://man.openbsd.org/qccpu.4">qccpu(4)</a> |
<li>Add driver <a href="https://man.openbsd.org/qccpu.4">qccpu(4)</a> |
for QC CPU Power States. |
for QC CPU Power States. |
|
<li>Add <a href="https://man.openbsd.org/qcsdam.4">qcsdam(4)</a>, |
|
a driver for the PMIC Shared Direct Access Memory found on |
|
Qualcomm SoCs. |
<li>Add support for the RK3588 PCIe3 PHY to |
<li>Add support for the RK3588 PCIe3 PHY to |
<a href="https://man.openbsd.org/rkpciephy.4">rkpciephy(4)</a>. |
<a href="https://man.openbsd.org/rkpciephy.4">rkpciephy(4)</a>. |
The PHY controls 4 lanes that can be routed to 4 of 5 PCIe controllers. |
The PHY controls 4 lanes that can be routed to 4 of 5 PCIe controllers. |
|
|
<li>Add mute control to <a |
<li>Add mute control to <a |
href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>. This makes |
href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>. This makes |
the mute button on laptops that use tascodec(4) work. |
the mute button on laptops that use tascodec(4) work. |
|
<li>Improve the suspend/resume behavior of several drivers, reducing |
|
power consumption during suspend. |
|
<li>Add support for the Synopsys DesignWare I2C controller |
|
(dwiic(4)) and the X-Powers AXP Power Management IC (axppmic(4)). |
|
<li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
|
driver for the random number generator on the risc-v JH7110 SoC. |
|
<li>Enable the <a href="https://man.openbsd.org/mbg.4">mbg(4)</a> |
|
timedelta sensor on amd64 and match the Meinberg PZF180PEX. |
</ul> |
</ul> |
|
|
<li>New or improved network hardware support: |
<li>New or improved network hardware support: |
|
|
<a href="https://man.openbsd.org/dwge.4">dwge(4)</a> implementations. |
<a href="https://man.openbsd.org/dwge.4">dwge(4)</a> implementations. |
<li>On <a href="https://man.openbsd.org/bge.4">bge(4)</a>, make hardware |
<li>On <a href="https://man.openbsd.org/bge.4">bge(4)</a>, make hardware |
counters available via kstats for BCM5705 and newer controller chips. |
counters available via kstats for BCM5705 and newer controller chips. |
|
<li>Make several improvements to <a |
|
href="https://man.openbsd.org/vmx.4">vmx(4)</a>, the VMware VMXNET3 |
|
Virtual Interface Controller. |
|
<li>In <a href="https://man.openbsd.org/em.4">em(4)</a>, stop |
|
putting multicast addresses into the Receive Address Registers. |
|
Instead hash them all into the Multicast Table Array. |
|
<li>Support Mellanox ConnectX-6 Lx in <a |
|
href="https://man.openbsd.org/mcx.4">mcx(4)</a>. |
|
<li>In <a href="https://man.openbsd.org/mcx.4">mcx(4)</a>, add 100GB |
|
LR4 Ethernet capability and map it to IFM_100G_LR4. |
</ul> |
</ul> |
|
|
<li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
<li>Enable <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> |
<li>Enable <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> |
on arm64 install media. |
on arm64 install media. |
<li>On arm64 pine64 boards, stop writing pine64 firmware to disk. |
<li>On arm64 pine64 boards, stop writing pine64 firmware to disk. |
<li>Make root on |
<li>When media has neither a GPT nor an MBR |
|
<a href="https://man.openbsd.org/installboot.8">installboot(8)</a>, |
|
assume OpenBSD occupies the entire disk starting at sector 0. |
|
<li>Attempt to not overflow the ramdisk when extracting firmware on |
|
Apple arm64 systems. |
|
<li>Add support for loading files from the EFI System Partition. |
|
<li>Fix a bug in the handling of SCSI drives in the bootloader on the luna88k architecture. |
|
<li>On luna88k, implement the chmod() signaling mechanism for |
|
<code>/bsd.upgrade</code> to prevent re-upgrade, like other |
|
architectures. |
|
<!--- add here ---> |
|
<li>Support for <a |
|
href="https://man.openbsd.org/softraid.4">softraid(4)</a> disks in the |
|
installer was improved: |
|
<ul> |
|
<li>Make root on |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
installations boot out of the box on Raspberry Pis (arm64). |
installations boot out of the box on Raspberry Pis (arm64). |
<li>Support installations with root on |
<li>Support installations with root on |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
on arm64, tested on Pinebook Pro, Raspberry Pi 4b, and SolidRun CEX7. |
on arm64, tested on Pinebook Pro, Raspberry Pi 4b, and SolidRun CEX7. |
<li>On riscv64, enable softraid(4) in the ramdisk kernel and support |
<li>On riscv64, enable softraid(4) in the ramdisk kernel and support |
installations with root on |
installations with root on |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<li>When installing on encrypted |
<li>When installing on encrypted |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>, determine |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>, determine |
the disk for placing the root device automatically and make it default |
the disk for placing the root device automatically and make it default |
as it is the only legit choice. |
as it is the only legit choice. |
<li>Add arm64 to the list of architectures with support for guided disk |
<li>Add arm64 to the list of architectures with support for guided disk |
encryption. |
encryption. |
<li>Retain existing EFI System partitions on systems with APFSISC |
<li>Retain existing EFI System partitions on systems with APFSISC |
partitions (arm64 Apple M1/M2) during installation with root on |
partitions (arm64 Apple M1/M2) during installation with root on |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. |
<li>When media has neither a GPT nor an MBR |
<li>Enable <a |
<a href="https://man.openbsd.org/installboot.8">installboot(8)</a>, |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> in ramdisk |
assume OpenBSD occupies the entire disk starting at sector 0. |
on the powerpc64 architecture. |
<li>Attempt to not overflow the ramdisk when extracting firmware on |
</ul> |
Apple arm64 systems. |
|
<li>Add support for loading files from the EFI System Partition. |
|
<li>Fix a bug in the handling of SCSI drives in the bootloader on the luna88k architecture. |
|
<li>On luna88k, implement the chmod() signaling mechanism for |
|
<code>/bsd.upgrade</code> to prevent re-upgrade, like other |
|
architectures. |
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
|
|
when receiving a valid Neighbor Advertisement. |
when receiving a valid Neighbor Advertisement. |
<li>Implement RFC9131 and create new neighbor cache entries |
<li>Implement RFC9131 and create new neighbor cache entries |
when receiving a valid Neighbor Advertisement. |
when receiving a valid Neighbor Advertisement. |
<li>If the driver of a network interface supports TCP segmentation |
|
|
<li>Initial support for TCP segmentation offload (TSO) and TCP large receive offload (LRO) was implemented: |
|
<ul> |
|
<li>If the driver of a network interface supports TCP segmentation |
offload (TSO), do not chop the packet in the network stack, |
offload (TSO), do not chop the packet in the network stack, |
but pass it down to the interface layer for TSO. |
but pass it down to the interface layer for TSO. |
<li>Provide a software TSO implementation, to be used as a fallback |
<li>Provide a software TSO implementation, to be used as a fallback |
if network hardware does not support TSO. |
if network hardware does not support TSO. |
<li>Provide a new <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> |
<li>Provide a new <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> |
node <a href="https://man.openbsd.org/sysctl.2#tcp.tso" |
node <a href="https://man.openbsd.org/sysctl.2#tcp.tso" |
>net.inet.tcp.tso</a> such that TSO can be globally disabled. |
>net.inet.tcp.tso</a> such that TSO can be globally disabled. |
By default, it is enabled on all interfaces supporting it. |
By default, it is enabled on all interfaces supporting it. |
<li>In <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, |
<li>In <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, |
display separate |
display separate |
<a href="https://man.openbsd.org/ifconfig.8#hwfeatures">hwfeatures</a> |
<a href="https://man.openbsd.org/ifconfig.8#hwfeatures">hwfeatures</a> |
for TCP segmentation offload (TSOv4, TSOv6) |
for TCP segmentation offload (TSOv4, TSOv6) |
and TCP large receive offload (LRO) and provide a |
and TCP large receive offload (LRO) and provide a |
<a href="https://man.openbsd.org/ifconfig.8#tcplro">-tcplro</a> |
<a href="https://man.openbsd.org/ifconfig.8#tcplro">-tcplro</a> |
parameter to disable LRO. |
parameter to disable LRO. |
<li>Enable TSO and forwarding of LRO packets via TSO in |
<li>Enable TSO and forwarding of LRO packets via TSO in |
<a href="https://man.openbsd.org/ix.4">ix(4)</a>. |
<a href="https://man.openbsd.org/ix.4">ix(4)</a>. |
<li>In <a href="https://man.openbsd.org/ix.4">ix(4)</a>, allocate |
<li>In <a href="https://man.openbsd.org/ix.4">ix(4)</a>, allocate |
less memory for tx buffers. |
less memory for tx buffers. |
<li>Speed up TCP transfer on |
<li>Speed up TCP transfer on |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> |
interfaces by using TSO and LRO. |
interfaces by using TSO and LRO. |
<li>Enable Large Receive Offload (LRO) for TCP per default in network |
<li>Enable Large Receive Offload (LRO) for TCP per default in network |
drivers. LRO allows to receive aggregated packets larger than the MTU. |
drivers. LRO allows to receive aggregated packets larger than the MTU. |
Receiving TCP streams becomes much faster. Currently only <a |
Receiving TCP streams becomes much faster. Currently only <a |
href="https://man.openbsd.org/ix.4">ix(4)</a> and <a |
href="https://man.openbsd.org/ix.4">ix(4)</a> and <a |
href="https://man.openbsd.org/lo.4">lo(4)</a> devices support LRO, and |
href="https://man.openbsd.org/lo.4">lo(4)</a> devices support LRO, and |
ix(4) is limited to IPv4 and hardware newer than the old 82598 model.<br> |
ix(4) is limited to IPv4 and hardware newer than the old 82598 model.<br> |
LRO can be turned off per interface with ifconfig <code>-tcplro</code>. |
LRO can be turned off per interface with ifconfig <code>-tcplro</code>. |
<li>Do not calculate IP, TCP, and UDP checksums on |
</ul> |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
|
<li>Speed up the |
<li>The following changes were made to the <a |
|
href="https://man.openbsd.org/pf.4">pf(4)</a> firewall: |
|
<ul> |
|
<li>Speed up the |
<a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
<a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
<a href="https://man.openbsd.org/pf.4#DIOCGETRULE">DIOCGETRULE</a> |
<a href="https://man.openbsd.org/pf.4#DIOCGETRULE">DIOCGETRULE</a> |
such that <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
such that <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
|
|
In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
now do that. |
now do that. |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
relax the implementation of the <code>pass all</code> rule so all |
relax the implementation of the <code>pass all</code> rule so all |
forms of neighbor advertisements are allowed in either direction. |
forms of neighbor advertisements are allowed in either direction. |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
when redirecting locally generated IP packets to userland with |
when redirecting locally generated IP packets to userland with |
<code>divert-packet</code> rules, the packets may have no checksum |
<code>divert-packet</code> rules, the packets may have no checksum |
due to hardware offloading. Calculate the checksum in that case. |
due to hardware offloading. Calculate the checksum in that case. |
<li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
<li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
where <code>nat-to</code> could fail to insert a state |
where <code>nat-to</code> could fail to insert a state |
due to conflict on chosen source port number. |
due to conflict on chosen source port number. |
|
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> ignored 'keep |
|
state' and 'nat-to' actions for unsolicited icmp error responses. With |
|
OpenBSD 7.4, the rule matching logic is tightened so icmp error |
|
responses no longer match 'keep state' rule. In typical scenarios icmp |
|
errors (if solicited) should match existing state. The change is |
|
going to bite firewalls which deal with asymmetric routes. In those |
|
cases the 'keep state' action should be relaxed to sloppy or new 'no |
|
state' rule to explicitly match icmp errors should be added. |
|
</ul> |
|
<li>Do not calculate IP, TCP, and UDP checksums on |
|
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
wrap around after changing tcp_now() ticks to milliseconds. |
wrap around after changing tcp_now() ticks to milliseconds. |
|
<li>Added initial support for route-based ipsec vpns.<br> |
|
Rather than use ipsec flows (aka, entries in the ipsec security |
|
policy database) to decide which traffic should be encapsulated in |
|
ipsec and sent to a peer, this changes security associations (SAs) |
|
so they can also refer to a tunnel interface. When traffic is routed |
|
over that tunnel interface, an ipsec SA is looked up and used to |
|
encapsulate traffic before being sent to the peer on the SA. When |
|
traffic is received from a peer using an interface SA, the specified |
|
interface is looked up and the packet is handed to it so it looks |
|
like packets come out of the tunnel. |
|
<li>Add <a href="https://man.openbsd.org/sec.4">sec(4)</a> to support |
|
route based ipsec vpns. |
|
<li>Introduce reference counting for TCP syn cache entries. |
|
<li>Have <a href="https://man.openbsd.org/wg.4">wg(4)</a> copy the |
|
priority from the inner packet to the outer encrypted packet, so that |
|
higher priority packets are picked from hfsc queues for earlier |
|
transmission. |
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
|
|
href="https://man.openbsd.org/dhcrelay6.8">dhcrelay6(8)</a>, do not |
href="https://man.openbsd.org/dhcrelay6.8">dhcrelay6(8)</a>, do not |
ignore the AF_LINK entries of <a |
ignore the AF_LINK entries of <a |
href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces. |
href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces. |
|
<li>Allow libpcap to read files with some additional link-layer type values. |
|
<li>Improve the config parser of radiusd(8) to better handle |
|
comments, improve error messages and plug a memory leak. |
|
<li>In <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>, |
|
add request or response decoration feature which is used through the |
|
radiusd module interface. This makes additional modules can modify |
|
RADIUS request or response messages. Also add new "radius_standard" |
|
module which uses this new feature, provides some generic features |
|
like "strip-atmark-realm" which removes the realm part from the |
|
User-Name attribute. |
|
<li>Allow UDP for built-in <a |
|
href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
|
127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand |
|
mapped addresses. Nowadays our kernel does not support these IPv6 |
|
features and blocks localhost addresses on non-loopback interfaces. |
|
Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |
|
local services if configured. |
|
<li>In <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>, log a |
|
dummy "<unknown>" IP address in the unlikely event that getnameinfo(3) |
|
fails. |
|
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
|
|
be sent again. |
be sent again. |
<li>Add options to change the confirm key and default behaviour of |
<li>Add options to change the confirm key and default behaviour of |
confirm-before. |
confirm-before. |
|
<li>Add iked support for route based sec(4) tunnels. |
|
<li>Add an option menu-selected-style to configure the currently |
|
selected menu item. |
|
<li>Add -c to run-shell to set working directory. |
|
<li>Add detach-on-destroy previous and next, |
|
<li>Set visited flag on last windows when linking session. |
</ul> |
</ul> |
|
|
<li>LibreSSL version 3.8.2 |
<li>LibreSSL version 3.8.2 |