| version 1.29, 2024/03/30 19:38:42 |
version 1.30, 2024/03/31 00:57:03 |
|
|
| href="https://man.openbsd.org/bio.4">bio(4)</a> will tunnel for other |
href="https://man.openbsd.org/bio.4">bio(4)</a> will tunnel for other |
| devices, allowing bio to be used with other (non-raid) related |
devices, allowing bio to be used with other (non-raid) related |
| devices. |
devices. |
| |
<li>On msdos filesystems, ensure that a complete struct fsinfo is read |
| |
even if the filesystem sectors are smaller. |
| |
<li>Made <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> save |
| |
backtraces to show in leak dump with depth of backtrace set via malloc |
| |
option D (aka 1), 2, 3 or 4. |
| |
<li>Implemented per-CPU caching for the page table page (vp) pool and |
| |
the PTE descriptor (pted) pool in the arm64 pmap implementation. This |
| |
significantly reduces the side-effects of lock contention on the |
| |
kernel map lock and leads to significant speedups on machines with |
| |
many CPU scores. |
| |
|
| |
|
| </ul> |
</ul> |
| |
|
| <li>SMP Improvements |
<li>SMP Improvements |
| <ul> |
<ul> |
| <li>Some network timers run without kernel lock. |
<li>Some network timers run without kernel lock. |
| <li>TCP syn cache timer runs with shared net lock. |
<li>TCP syn cache timer runs with shared net lock. |
| <li><a href="https://man.openbsd.org/bind.2">bind(2)</a> |
<li><a href="https://man.openbsd.org/bind.2">bind(2)</a> |
| and <a href="https://man.openbsd.org/connect.2">connect(2)</a> |
and <a href="https://man.openbsd.org/connect.2">connect(2)</a> |
| system calls can run in parallel. |
system calls can run in parallel. |
| <li>Packet counter for <a |
<li>Packet counter for <a |
| href="https://man.openbsd.org/lo.4">lo(4)</a> loopback |
href="https://man.openbsd.org/lo.4">lo(4)</a> loopback |
| interface are MP safe. |
interface are MP safe. |
| <li>Split protocol control block table for UDP into IPv4 |
<li>Split protocol control block table for UDP into IPv4 |
| and IPv6 tables to allow concurrent access. |
and IPv6 tables to allow concurrent access. |
| <li>UDP packets can be sent in parallel by multiple threads. |
<li>UDP packets can be sent in parallel by multiple threads. |
| </ul> |
</ul> |
| |
|
| <li>Direct Rendering Manager and graphics drivers |
<li>Direct Rendering Manager and graphics drivers |
|
|
| <li>Corrected handling of CPUID 0xd subleaves |
<li>Corrected handling of CPUID 0xd subleaves |
| <li>Added additional use of VERW and register clobbering to mitigate RFDS |
<li>Added additional use of VERW and register clobbering to mitigate RFDS |
| vulnerabilities on Intel Atom cores. |
vulnerabilities on Intel Atom cores. |
| |
<li>Added recv TCP/UDP checksum offloading to <a |
| |
href="https://man.openbsd.org/vio.4">vio(4)</a>. |
| </ul> |
</ul> |
| |
|
| <li>Various new userland features: |
<li>Various new userland features: |
|
|
| <li>Added <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> [-p |
<li>Added <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> [-p |
| program] to filter dumps by basename. |
program] to filter dumps by basename. |
| <li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
<li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
| |
<li>Built and provide the tzdata.zi and leap-seconds.list files from |
| |
zoneinfo. Some third-party software now expects these files to be |
| |
installed. |
| |
<li>Added basic write support for <a |
| |
href="https://man.openbsd.org/pax.1">pax(1)</a> format archives. |
| |
<li>Added 'pax' format support for files over 8GB to <a |
| |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
| |
<li>Added 'pax' format support for mtime and atime to <a |
| |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
| |
|
| |
<li>Extended <a href="https://man.openbsd.org/imsg_init.3">imsg</a> |
| |
and the <a href="https://man.openbsd.org/ibuf_add.3">ibuf</a> buffer |
| |
manipulation API with useful getter methods. |
| </ul> |
</ul> |
| |
|
| <li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
| partition as the only bootable partition. |
partition as the only bootable partition. |
| <li>Added group handling matching <a |
<li>Added group handling matching <a |
| href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
| |
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> -m behavior match GNU grep. |
| |
<li>Tweaked the default memory limits in /etc/login.conf on several |
| |
architectures to account for increased memeory requirements, for |
| |
example when compiling or linking under user pbuild. |
| |
<li>Initialize all terminals with "tset -I", thereby avoiding extra |
| |
newlines to be printed. |
| |
<li>Added <a href="https://man.openbsd.org/mkhybrid.8">mkhybrid(8)</a> |
| |
'-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot |
| |
image, in addition to or instead of the x86 boot image, to the output |
| |
file. |
| |
<li>Added <a |
| |
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> |
| |
--omit-dir-times (-O) to omit directories from --times, as well as |
| |
--no-O and --no-omit-dir-times options for compatibility. |
| |
<li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> |
| |
--omit-link-times (-J) option to omit symlinks from --times. |
| |
<li>Added accounting flag and <a |
| |
href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a> report for |
| |
<a href="https://man.openbsd.org/pinsyscalls.2">syscall pinning</a> violations. |
| |
<li>Added <a href="https://man.openbsd.org/ktrace.1">ktrace(1)</a> and |
| |
<a href="https://man.openbsd.org/kdump.1">kdump(1)</a> support to |
| |
observe <a |
| |
href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a> |
| |
violations. |
| |
<li>Changed <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to |
| |
avoid use of the interactive shell if -o is given. |
| |
<li>Moved non-daemon services to run in a different <a |
| |
href="https://man.openbsd.org/rc.8">rc(8)</a> process group to avoid |
| |
SIGHUP at boot. |
| </ul> |
</ul> |
| |
|
| <li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
| to use backing store devices with 4K-byte sectors. |
to use backing store devices with 4K-byte sectors. |
| <li>Added <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a> |
<li>Added <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a> |
| support for the Rockchip RK8602 and RK8603 voltage regulators. |
support for the Rockchip RK8602 and RK8603 voltage regulators. |
| |
<li>Support keyboard backlights on Apple Powerbooks. |
| |
<li>Added operating performance point info about each arm64 cpu and |
| |
expose the states of thermal zones as <a |
| |
href="https://man.openbsd.org/kstat.1">kstats(1)</a>. |
| |
<li>Overhauled <a |
| |
href="https://man.openbsd.org/ugold.4">ugold(4)</a> temperature sensor |
| |
identification logic and added support for additional devices. |
| |
<li>Made <a href="https://man.openbsd.org/uthum.4">uthum(4)</a> |
| |
TEMPer{1,2} devices display negative degC. |
| |
<li>Improve support for audio devices that via attach multiple <a |
| |
href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> drivers. |
| |
|
| </ul> |
</ul> |
| |
|
|
|
| <li>TCP Segmentation Offload (TSO) is also used in |
<li>TCP Segmentation Offload (TSO) is also used in |
| <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> and |
<a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> and |
| <a href="https://man.openbsd.org/em.4">em(4)</a>. |
<a href="https://man.openbsd.org/em.4">em(4)</a>. |
| |
<li>Enabled TCP Segmentation Offload (TSO) in <a |
| |
href="https://man.openbsd.org/ixl.4">ixl(4)</a>. |
| <li>The Synopsys Ethernet Quality-of-Service Controller |
<li>The Synopsys Ethernet Quality-of-Service Controller |
| (<a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>) is enabled for |
(<a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>) is enabled for |
| amd64. |
amd64. |
|
|
| <li>Allwinner EMAC Ethernet Controller |
<li>Allwinner EMAC Ethernet Controller |
| <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> enabled for |
<a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> enabled for |
| riscv64. |
riscv64. |
| <li>Enabled TCP Segmentation Offload (TSO) for <a |
|
| href="https://man.openbsd.org/ixl.4">ixl(4)</a>. |
|
| <li>Corrected wrong register offset macros for <a |
<li>Corrected wrong register offset macros for <a |
| href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> DMA burst length. |
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> DMA burst length. |
| |
<li>Fixed Tx watchdog trigger and freeze in <a |
| |
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>. |
| |
<li>Updated <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
| |
microcode, initialization and reset behavior. |
| </ul> |
</ul> |
| |
|
| <li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
| <li>Made <a |
<li>Made <a |
| href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> verify but |
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> verify but |
| not overwrite SHA256.sig. |
not overwrite SHA256.sig. |
| |
<li>Improved <a |
| |
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> output on |
| |
errors and improved ftp error handling. |
| <li>Added support in the installer to encrypt the root disk with a key disk. |
<li>Added support in the installer to encrypt the root disk with a key disk. |
| <li>Prevent re-starting the automatic upgrade on octeon and |
<li>Prevent re-starting the automatic upgrade on octeon and |
| powerpc64, as is already done on other platforms. |
powerpc64, as is already done on other platforms. |
| <li>Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting. |
<li>Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting. |
| |
<li>Make the amd64 cdXX.iso and installXX.iso CD images bootable in |
| |
EFI mode (by creating an EFI system partition containing the EFI boot |
| |
loaders to be installed as an El Torito boot image). |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li><b style="color:red;"> BTI and PAC on arm64?</b> |
|
| |
|
| <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> |
<li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> |
| stdio before parsing pfkey messages to <a |
stdio before parsing pfkey messages to <a |
| href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s. |
href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s. |
|
|
| <li>Created __OpenBSD versions of llvm cxa guard implementation using |
<li>Created __OpenBSD versions of llvm cxa guard implementation using |
| futex() with the correct number of arguments and without using <a |
futex() with the correct number of arguments and without using <a |
| href="https://man.openbsd.org/syscall.2">syscall(2)</a>. |
href="https://man.openbsd.org/syscall.2">syscall(2)</a>. |
| |
<li>Removed support for <a |
| |
href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the |
| |
"indirection system call," a dangerous alternative entry point for all |
| |
system calls and incompatible with the precision system call entry |
| |
point scheme a.k.a. <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
| |
|
| |
<li>Enable BTI and PAC again on arm64. |
| |
<li><a style="color:red;" href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Changes in the network stack: |
<li>Changes in the network stack: |
|
|
| default for <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a |
default for <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a |
| href="https://man.openbsd.org/nvgre.4">nvgre(4)</a> and <a |
href="https://man.openbsd.org/nvgre.4">nvgre(4)</a> and <a |
| href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
| |
<li>Fixed race between <a |
| |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> destroy of |
| |
an interface and the ARP timer. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>The following changes were made to the <a |
<li>The following changes were made to the <a |
|
|
| </ul> |
</ul> |
| |
|
| <li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
| <ul> |
<ul> |
| |
|
| <li>IPsec support was improved: |
<li>IPsec support was improved: |
| <ul> |
<ul> |
| |
|
| <li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> always |
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> always |
| prefer group from the initial KE payload as responder if supported. |
prefer group from the initial KE payload as responder if supported. |
| |
<li>Corrected renewal of expired certificates in <a |
| |
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
| </ul> |
</ul> |
| |
|
| <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
|
|
| <li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a> |
<li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a> |
| mappings on various match constraints. |
mappings on various match constraints. |
| </ul> |
</ul> |
| |
<!-- OTHER --> |
| <li>Many other changes in various network programs and libraries: |
<li>Many other changes in various network programs and libraries: |
| <ul> |
<ul> |
| |
<!-- syslogd --> |
| <li>If a DNS name is configured as remote syslog server, |
<li>If a DNS name is configured as remote syslog server, |
| <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
| retries to resolve the loghost name periodically until it succeeds. |
retries to resolve the loghost name periodically until it succeeds. |
|
|
| logged later. |
logged later. |
| <li>Added counting of dropped UDP packets to <a |
<li>Added counting of dropped UDP packets to <a |
| href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>. |
href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>. |
| |
<li>Prevented use after free of TLS context at <a |
| |
href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> shutdown. |
| |
<!-- dhcp --> |
| <li>Introduced <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> |
<li>Introduced <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> |
| log output to stderr and '-v' option to make this output more verbose. |
log output to stderr and '-v' option to make this output more verbose. |
| |
<li>In <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, made <a |
| |
href="https://man.openbsd.org/dhcp-options.5">dhcp-options(5)</a> |
| |
recognize option ipv6-only-preferred (RFC8925). |
| |
<li>Allowed <a |
| |
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> to |
| |
request "IPv6-only preferred" and deconfigure IPv4 on the interface if |
| |
the server replies with this option. |
| |
<!-- more --> |
| <li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
<li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
| to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
| response. |
response. |
| |
<li>Ensured correct denominators when converting NTP fixed point |
| |
values to double and vice-versa in <a |
| |
href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>. |
| |
<li>Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set. |
| |
<li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
| |
support for specifying ports on the src address in tunnel endpoints of |
| |
<a href="https://man.openbsd.org/gif.4">gif(4)</a>, <a |
| |
href="https://man.openbsd.org/gre.4">gre(4)</a> and related |
| |
tunnel interfaces. |
| |
<li>Added an <a |
| |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> endpoint |
| |
command for "bridges" that use addresses as endpoints, usable to add |
| |
static entries on interfaces like <a |
| |
href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
| |
<li>Tightened up <a |
| |
href="https://man.openbsd.org/relayd.8">relayd(8)</a> HTTP eader parsing. |
| |
<li>Deferred <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> |
| |
relay_read_http header parsing until after line continuation, |
| |
preventing potential request smuggling attacks. |
| |
<li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
| |
auto-index, adding human-readable file sizes and allowing per-column |
| |
sorting. |
| |
|
| |
|
| |
|
| |
|
| </ul> |
</ul> |
| </ul> |
</ul><!-- Routing daemons and other userland network improvements --> |
| |
|
| <li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
| <ul> |
<ul> |
|
|
| layout has been freed. |
layout has been freed. |
| <li>Prevented <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> use |
<li>Prevented <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> use |
| of combined UTF-8 characters that are too long. |
of combined UTF-8 characters that are too long. |
| |
<li>Corrected <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
| |
handling of window ops with no pane. |
| |
<li>Removed flags from the prefix before comparing with the received |
| |
key so that <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
| |
modifier keys with flags work correctly. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>LibreSSL version 3.9.0 |
<li>LibreSSL version 3.9.0 |
![[BACK]](/icons/back.gif){kind=icon}
Return to 75.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www