| version 1.80, 2023/10/14 21:13:43 |
version 1.81, 2023/10/14 22:32:04 |
|
|
| catch up with box drawing characters which have |
catch up with box drawing characters which have |
| been standardized in unicode after the original wscons code was |
been standardized in unicode after the original wscons code was |
| written and chose placeholder values. |
written and chose placeholder values. |
| |
<li>In <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>, |
| |
make sure we do not increase the escape sequence argument count beyond |
| |
usable bounds. |
| <li>Take more functions in the network and routing code out |
<li>Take more functions in the network and routing code out |
| of kernel lock. |
of kernel lock. |
| <li>Implement <a href="https://man.openbsd.org/dt.4">dt(4)</a> |
<li>Implement <a href="https://man.openbsd.org/dt.4">dt(4)</a> |
|
|
| detaching devices during suspend, must continue processing |
detaching devices during suspend, must continue processing |
| command completion events. This fixes USB suspend/resume in Apple |
command completion events. This fixes USB suspend/resume in Apple |
| M1/M2. --> |
M1/M2. --> |
| |
<li>Update AMD CPU microcode if a newer patch is available. |
| |
<li>Enable a workaround for the 'Zenbleed' AMD CPU bug. |
| |
<li>Report speculation control bits in dmesg cpu lines. |
| |
<li>To give the primary CPU an opportunity to perform clock interrupt |
| |
preparation in a machine-independent manner we need to separate the |
| |
"initialization" parts of cpu_initclocks() from the "start the clock |
| |
interrupt" parts. Separate cpu_initclocks() from cpu_startclock(). |
| |
<li>Fix a problem where CPU time accounting and RLIMIT_CPU was |
| |
unreliable on idle systems. |
| |
<li>Improve the output of the "show proc" command of the kernel |
| |
debugger <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> and show |
| |
both the PID and TID of the proc. |
| </ul> |
</ul> |
| |
|
| <li>SMP Improvements |
<li>SMP Improvements |
|
|
| mostly used in network daemons. |
mostly used in network daemons. |
| <li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
<li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, |
| add button mappings for two- and three-finger clicks on clickpads. |
add button mappings for two- and three-finger clicks on clickpads. |
| |
<li>Implement a non-interactive mode (-s) in <a |
| |
href="https://man.openbsd.org/bioctl.8">bioctl(8)</a> for use in |
| |
scripts. |
| |
<li>In <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>, use |
| |
a hardware based number of KDF rounds by default for passphrases. |
| |
Motivation is to provide a saner and more modern default, especially |
| |
for fresh installations utilizing new disk encryption question. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
| <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> |
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> |
| to speed up <tt>pkg_add -u</tt> now also works if -stable packages |
to speed up <tt>pkg_add -u</tt> now also works if -stable packages |
| are available. |
are available. |
| |
<li>Significantly increase the speed of <a |
| |
href="https://man.openbsd.org/pkg-config.1">pkg-config(1)</a>. |
| <li>In seq(1), fix a check for rounding error and truncation. |
<li>In seq(1), fix a check for rounding error and truncation. |
| <li>In cron(8), introduce upstream fixes in the handling of @yearly, @monthly, |
<li>In cron(8), introduce upstream fixes in the handling of @yearly, @monthly, |
| @weekly, @daily and @hourly entries. |
@weekly, @daily and @hourly entries. |
|
|
| <li>Make <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
<li>Make <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> |
| check if a daemon exists before trying to disable it, thereby avoiding |
check if a daemon exists before trying to disable it, thereby avoiding |
| parsing and printing of bogus characters. |
parsing and printing of bogus characters. |
| |
<li>Print to the console the fingerprint of a newly generated <a |
| |
href="https://man.openbsd.org/ssh.1">ssh(1)</a> host key of the |
| |
preferred type (currently ED25519), typically when booting for the |
| |
first time. This simplifies a secure first ssh connection to a |
| |
freshly installed machine. |
| </ul> |
</ul> |
| |
|
| <li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
| making eMMC and microSD mostly work on the Starfive VisionFive 2. |
making eMMC and microSD mostly work on the Starfive VisionFive 2. |
| <li>Add driver <a href="https://man.openbsd.org/qccpu.4">qccpu(4)</a> |
<li>Add driver <a href="https://man.openbsd.org/qccpu.4">qccpu(4)</a> |
| for QC CPU Power States. |
for QC CPU Power States. |
| |
<li>Add <a href="https://man.openbsd.org/qcsdam.4">qcsdam(4)</a>, |
| |
a driver for the PMIC Shared Direct Access Memory found on |
| |
Qualcomm SoCs. |
| <li>Add support for the RK3588 PCIe3 PHY to |
<li>Add support for the RK3588 PCIe3 PHY to |
| <a href="https://man.openbsd.org/rkpciephy.4">rkpciephy(4)</a>. |
<a href="https://man.openbsd.org/rkpciephy.4">rkpciephy(4)</a>. |
| The PHY controls 4 lanes that can be routed to 4 of 5 PCIe controllers. |
The PHY controls 4 lanes that can be routed to 4 of 5 PCIe controllers. |
|
|
| <li>Add mute control to <a |
<li>Add mute control to <a |
| href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>. This makes |
href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>. This makes |
| the mute button on laptops that use tascodec(4) work. |
the mute button on laptops that use tascodec(4) work. |
| |
<li>Improve the suspend/resume behavior of several drivers, reducing |
| |
power consumption during suspend. |
| |
<li>Add support for the Synopsys DesignWare I2C controller |
| |
(dwiic(4)) and the X-Powers AXP Power Management IC (axppmic(4)). |
| |
<li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a |
| |
driver for the random number generator on the risc-v JH7110 SoC. |
| |
<li>Enable the <a href="https://man.openbsd.org/mbg.4">mbg(4)</a> |
| |
timedelta sensor on amd64 and match the Meinberg PZF180PEX. |
| </ul> |
</ul> |
| |
|
| <li>New or improved network hardware support: |
<li>New or improved network hardware support: |
|
|
| <a href="https://man.openbsd.org/dwge.4">dwge(4)</a> implementations. |
<a href="https://man.openbsd.org/dwge.4">dwge(4)</a> implementations. |
| <li>On <a href="https://man.openbsd.org/bge.4">bge(4)</a>, make hardware |
<li>On <a href="https://man.openbsd.org/bge.4">bge(4)</a>, make hardware |
| counters available via kstats for BCM5705 and newer controller chips. |
counters available via kstats for BCM5705 and newer controller chips. |
| |
<li>Make several improvements to <a |
| |
href="https://man.openbsd.org/vmx.4">vmx(4)</a>, the VMware VMXNET3 |
| |
Virtual Interface Controller. |
| |
<li>In <a href="https://man.openbsd.org/em.4">em(4)</a>, stop |
| |
putting multicast addresses into the Receive Address Registers. |
| |
Instead hash them all into the Multicast Table Array. |
| |
<li>Support Mellanox ConnectX-6 Lx in <a |
| |
href="https://man.openbsd.org/mcx.4">mcx(4)</a>. |
| |
<li>In <a href="https://man.openbsd.org/mcx.4">mcx(4)</a>, add 100GB |
| |
LR4 Ethernet capability and map it to IFM_100G_LR4. |
| </ul> |
</ul> |
| |
|
| <li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
| <li>Enable <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> |
<li>Enable <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> |
| on arm64 install media. |
on arm64 install media. |
| <li>On arm64 pine64 boards, stop writing pine64 firmware to disk. |
<li>On arm64 pine64 boards, stop writing pine64 firmware to disk. |
| <li>Make root on |
<li>When media has neither a GPT nor an MBR |
| |
<a href="https://man.openbsd.org/installboot.8">installboot(8)</a>, |
| |
assume OpenBSD occupies the entire disk starting at sector 0. |
| |
<li>Attempt to not overflow the ramdisk when extracting firmware on |
| |
Apple arm64 systems. |
| |
<li>Add support for loading files from the EFI System Partition. |
| |
<li>Fix a bug in the handling of SCSI drives in the bootloader on the luna88k architecture. |
| |
<li>On luna88k, implement the chmod() signaling mechanism for |
| |
<code>/bsd.upgrade</code> to prevent re-upgrade, like other |
| |
architectures. |
| |
<!--- add here ---> |
| |
<li>Support for <a |
| |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> disks in the |
| |
installer was improved: |
| |
<ul> |
| |
<li>Make root on |
| <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
| installations boot out of the box on Raspberry Pis (arm64). |
installations boot out of the box on Raspberry Pis (arm64). |
| <li>Support installations with root on |
<li>Support installations with root on |
| <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
| on arm64, tested on Pinebook Pro, Raspberry Pi 4b, and SolidRun CEX7. |
on arm64, tested on Pinebook Pro, Raspberry Pi 4b, and SolidRun CEX7. |
| <li>On riscv64, enable softraid(4) in the ramdisk kernel and support |
<li>On riscv64, enable softraid(4) in the ramdisk kernel and support |
| installations with root on |
installations with root on |
| <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a> |
| <li>When installing on encrypted |
<li>When installing on encrypted |
| <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>, determine |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>, determine |
| the disk for placing the root device automatically and make it default |
the disk for placing the root device automatically and make it default |
| as it is the only legit choice. |
as it is the only legit choice. |
| <li>Add arm64 to the list of architectures with support for guided disk |
<li>Add arm64 to the list of architectures with support for guided disk |
| encryption. |
encryption. |
| <li>Retain existing EFI System partitions on systems with APFSISC |
<li>Retain existing EFI System partitions on systems with APFSISC |
| partitions (arm64 Apple M1/M2) during installation with root on |
partitions (arm64 Apple M1/M2) during installation with root on |
| <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. |
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>. |
| <li>When media has neither a GPT nor an MBR |
<li>Enable <a |
| <a href="https://man.openbsd.org/installboot.8">installboot(8)</a>, |
href="https://man.openbsd.org/softraid.4">softraid(4)</a> in ramdisk |
| assume OpenBSD occupies the entire disk starting at sector 0. |
on the powerpc64 architecture. |
| <li>Attempt to not overflow the ramdisk when extracting firmware on |
</ul> |
| Apple arm64 systems. |
|
| <li>Add support for loading files from the EFI System Partition. |
|
| <li>Fix a bug in the handling of SCSI drives in the bootloader on the luna88k architecture. |
|
| <li>On luna88k, implement the chmod() signaling mechanism for |
|
| <code>/bsd.upgrade</code> to prevent re-upgrade, like other |
|
| architectures. |
|
| </ul> |
</ul> |
| |
|
| <li>Security improvements: |
<li>Security improvements: |
|
|
| when receiving a valid Neighbor Advertisement. |
when receiving a valid Neighbor Advertisement. |
| <li>Implement RFC9131 and create new neighbor cache entries |
<li>Implement RFC9131 and create new neighbor cache entries |
| when receiving a valid Neighbor Advertisement. |
when receiving a valid Neighbor Advertisement. |
| <li>If the driver of a network interface supports TCP segmentation |
|
| |
<li>Initial support for TCP segmentation offload (TSO) and TCP large receive offload (LRO) was implemented: |
| |
<ul> |
| |
<li>If the driver of a network interface supports TCP segmentation |
| offload (TSO), do not chop the packet in the network stack, |
offload (TSO), do not chop the packet in the network stack, |
| but pass it down to the interface layer for TSO. |
but pass it down to the interface layer for TSO. |
| <li>Provide a software TSO implementation, to be used as a fallback |
<li>Provide a software TSO implementation, to be used as a fallback |
| if network hardware does not support TSO. |
if network hardware does not support TSO. |
| <li>Provide a new <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> |
<li>Provide a new <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> |
| node <a href="https://man.openbsd.org/sysctl.2#tcp.tso" |
node <a href="https://man.openbsd.org/sysctl.2#tcp.tso" |
| >net.inet.tcp.tso</a> such that TSO can be globally disabled. |
>net.inet.tcp.tso</a> such that TSO can be globally disabled. |
| By default, it is enabled on all interfaces supporting it. |
By default, it is enabled on all interfaces supporting it. |
| <li>In <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, |
<li>In <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, |
| display separate |
display separate |
| <a href="https://man.openbsd.org/ifconfig.8#hwfeatures">hwfeatures</a> |
<a href="https://man.openbsd.org/ifconfig.8#hwfeatures">hwfeatures</a> |
| for TCP segmentation offload (TSOv4, TSOv6) |
for TCP segmentation offload (TSOv4, TSOv6) |
| and TCP large receive offload (LRO) and provide a |
and TCP large receive offload (LRO) and provide a |
| <a href="https://man.openbsd.org/ifconfig.8#tcplro">-tcplro</a> |
<a href="https://man.openbsd.org/ifconfig.8#tcplro">-tcplro</a> |
| parameter to disable LRO. |
parameter to disable LRO. |
| <li>Enable TSO and forwarding of LRO packets via TSO in |
<li>Enable TSO and forwarding of LRO packets via TSO in |
| <a href="https://man.openbsd.org/ix.4">ix(4)</a>. |
<a href="https://man.openbsd.org/ix.4">ix(4)</a>. |
| <li>In <a href="https://man.openbsd.org/ix.4">ix(4)</a>, allocate |
<li>In <a href="https://man.openbsd.org/ix.4">ix(4)</a>, allocate |
| less memory for tx buffers. |
less memory for tx buffers. |
| <li>Speed up TCP transfer on |
<li>Speed up TCP transfer on |
| <a href="https://man.openbsd.org/lo.4">lo(4)</a> |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> |
| interfaces by using TSO and LRO. |
interfaces by using TSO and LRO. |
| <li>Enable Large Receive Offload (LRO) for TCP per default in network |
<li>Enable Large Receive Offload (LRO) for TCP per default in network |
| drivers. LRO allows to receive aggregated packets larger than the MTU. |
drivers. LRO allows to receive aggregated packets larger than the MTU. |
| Receiving TCP streams becomes much faster. Currently only <a |
Receiving TCP streams becomes much faster. Currently only <a |
| href="https://man.openbsd.org/ix.4">ix(4)</a> and <a |
href="https://man.openbsd.org/ix.4">ix(4)</a> and <a |
| href="https://man.openbsd.org/lo.4">lo(4)</a> devices support LRO, and |
href="https://man.openbsd.org/lo.4">lo(4)</a> devices support LRO, and |
| ix(4) is limited to IPv4 and hardware newer than the old 82598 model.<br> |
ix(4) is limited to IPv4 and hardware newer than the old 82598 model.<br> |
| LRO can be turned off per interface with ifconfig <code>-tcplro</code>. |
LRO can be turned off per interface with ifconfig <code>-tcplro</code>. |
| <li>Do not calculate IP, TCP, and UDP checksums on |
</ul> |
| <a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
|
| <li>Speed up the |
<li>The following changes were made to the <a |
| |
href="https://man.openbsd.org/pf.4">pf(4)</a> firewall: |
| |
<ul> |
| |
<li>Speed up the |
| <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
<a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
| <a href="https://man.openbsd.org/pf.4#DIOCGETRULE">DIOCGETRULE</a> |
<a href="https://man.openbsd.org/pf.4#DIOCGETRULE">DIOCGETRULE</a> |
| such that <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
such that <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
|
|
| In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
| and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
| now do that. |
now do that. |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
| relax the implementation of the <code>pass all</code> rule so all |
relax the implementation of the <code>pass all</code> rule so all |
| forms of neighbor advertisements are allowed in either direction. |
forms of neighbor advertisements are allowed in either direction. |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
| when redirecting locally generated IP packets to userland with |
when redirecting locally generated IP packets to userland with |
| <code>divert-packet</code> rules, the packets may have no checksum |
<code>divert-packet</code> rules, the packets may have no checksum |
| due to hardware offloading. Calculate the checksum in that case. |
due to hardware offloading. Calculate the checksum in that case. |
| <li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
<li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
| where <code>nat-to</code> could fail to insert a state |
where <code>nat-to</code> could fail to insert a state |
| due to conflict on chosen source port number. |
due to conflict on chosen source port number. |
| |
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> ignored 'keep |
| |
state' and 'nat-to' actions for unsolicited icmp error responses. With |
| |
OpenBSD 7.4, the rule matching logic is tightened so icmp error |
| |
responses no longer match 'keep state' rule. In typical scenarios icmp |
| |
errors (if solicited) should match existing state. The change is |
| |
going to bite firewalls which deal with asymmetric routes. In those |
| |
cases the 'keep state' action should be relaxed to sloppy or new 'no |
| |
state' rule to explicitly match icmp errors should be added. |
| |
</ul> |
| |
<li>Do not calculate IP, TCP, and UDP checksums on |
| |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
| <li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
| wrap around after changing tcp_now() ticks to milliseconds. |
wrap around after changing tcp_now() ticks to milliseconds. |
| |
<li>Added initial support for route-based ipsec vpns.<br> |
| |
Rather than use ipsec flows (aka, entries in the ipsec security |
| |
policy database) to decide which traffic should be encapsulated in |
| |
ipsec and sent to a peer, this changes security associations (SAs) |
| |
so they can also refer to a tunnel interface. When traffic is routed |
| |
over that tunnel interface, an ipsec SA is looked up and used to |
| |
encapsulate traffic before being sent to the peer on the SA. When |
| |
traffic is received from a peer using an interface SA, the specified |
| |
interface is looked up and the packet is handed to it so it looks |
| |
like packets come out of the tunnel. |
| |
<li>Add <a href="https://man.openbsd.org/sec.4">sec(4)</a> to support |
| |
route based ipsec vpns. |
| |
<li>Introduce reference counting for TCP syn cache entries. |
| |
<li>Have <a href="https://man.openbsd.org/wg.4">wg(4)</a> copy the |
| |
priority from the inner packet to the outer encrypted packet, so that |
| |
higher priority packets are picked from hfsc queues for earlier |
| |
transmission. |
| </ul> |
</ul> |
| |
|
| <li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
|
|
| href="https://man.openbsd.org/dhcrelay6.8">dhcrelay6(8)</a>, do not |
href="https://man.openbsd.org/dhcrelay6.8">dhcrelay6(8)</a>, do not |
| ignore the AF_LINK entries of <a |
ignore the AF_LINK entries of <a |
| href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces. |
href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces. |
| |
<li>Allow libpcap to read files with some additional link-layer type values. |
| |
<li>Improve the config parser of radiusd(8) to better handle |
| |
comments, improve error messages and plug a memory leak. |
| |
<li>In <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>, |
| |
add request or response decoration feature which is used through the |
| |
radiusd module interface. This makes additional modules can modify |
| |
RADIUS request or response messages. Also add new "radius_standard" |
| |
module which uses this new feature, provides some generic features |
| |
like "strip-atmark-realm" which removes the realm part from the |
| |
User-Name attribute. |
| |
<li>Allow UDP for built-in <a |
| |
href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on |
| |
127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand |
| |
mapped addresses. Nowadays our kernel does not support these IPv6 |
| |
features and blocks localhost addresses on non-loopback interfaces. |
| |
Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide |
| |
local services if configured. |
| |
<li>In <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>, log a |
| |
dummy "<unknown>" IP address in the unlikely event that getnameinfo(3) |
| |
fails. |
| |
|
| </ul> |
</ul> |
| |
|
| <li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
|
|
| be sent again. |
be sent again. |
| <li>Add options to change the confirm key and default behaviour of |
<li>Add options to change the confirm key and default behaviour of |
| confirm-before. |
confirm-before. |
| |
<li>Add iked support for route based sec(4) tunnels. |
| |
<li>Add an option menu-selected-style to configure the currently |
| |
selected menu item. |
| |
<li>Add -c to run-shell to set working directory. |
| |
<li>Add detach-on-destroy previous and next, |
| |
<li>Set visited flag on last windows when linking session. |
| </ul> |
</ul> |
| |
|
| <li>LibreSSL version 3.8.2 |
<li>LibreSSL version 3.8.2 |
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www