version 1.29, 2024/03/30 19:38:42 |
version 1.30, 2024/03/31 00:57:03 |
|
|
href="https://man.openbsd.org/bio.4">bio(4)</a> will tunnel for other |
href="https://man.openbsd.org/bio.4">bio(4)</a> will tunnel for other |
devices, allowing bio to be used with other (non-raid) related |
devices, allowing bio to be used with other (non-raid) related |
devices. |
devices. |
|
<li>On msdos filesystems, ensure that a complete struct fsinfo is read |
|
even if the filesystem sectors are smaller. |
|
<li>Made <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> save |
|
backtraces to show in leak dump with depth of backtrace set via malloc |
|
option D (aka 1), 2, 3 or 4. |
|
<li>Implemented per-CPU caching for the page table page (vp) pool and |
|
the PTE descriptor (pted) pool in the arm64 pmap implementation. This |
|
significantly reduces the side-effects of lock contention on the |
|
kernel map lock and leads to significant speedups on machines with |
|
many CPU scores. |
|
|
|
|
</ul> |
</ul> |
|
|
<li>SMP Improvements |
<li>SMP Improvements |
<ul> |
<ul> |
<li>Some network timers run without kernel lock. |
<li>Some network timers run without kernel lock. |
<li>TCP syn cache timer runs with shared net lock. |
<li>TCP syn cache timer runs with shared net lock. |
<li><a href="https://man.openbsd.org/bind.2">bind(2)</a> |
<li><a href="https://man.openbsd.org/bind.2">bind(2)</a> |
and <a href="https://man.openbsd.org/connect.2">connect(2)</a> |
and <a href="https://man.openbsd.org/connect.2">connect(2)</a> |
system calls can run in parallel. |
system calls can run in parallel. |
<li>Packet counter for <a |
<li>Packet counter for <a |
href="https://man.openbsd.org/lo.4">lo(4)</a> loopback |
href="https://man.openbsd.org/lo.4">lo(4)</a> loopback |
interface are MP safe. |
interface are MP safe. |
<li>Split protocol control block table for UDP into IPv4 |
<li>Split protocol control block table for UDP into IPv4 |
and IPv6 tables to allow concurrent access. |
and IPv6 tables to allow concurrent access. |
<li>UDP packets can be sent in parallel by multiple threads. |
<li>UDP packets can be sent in parallel by multiple threads. |
</ul> |
</ul> |
|
|
<li>Direct Rendering Manager and graphics drivers |
<li>Direct Rendering Manager and graphics drivers |
|
|
<li>Corrected handling of CPUID 0xd subleaves |
<li>Corrected handling of CPUID 0xd subleaves |
<li>Added additional use of VERW and register clobbering to mitigate RFDS |
<li>Added additional use of VERW and register clobbering to mitigate RFDS |
vulnerabilities on Intel Atom cores. |
vulnerabilities on Intel Atom cores. |
|
<li>Added recv TCP/UDP checksum offloading to <a |
|
href="https://man.openbsd.org/vio.4">vio(4)</a>. |
</ul> |
</ul> |
|
|
<li>Various new userland features: |
<li>Various new userland features: |
|
|
<li>Added <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> [-p |
<li>Added <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> [-p |
program] to filter dumps by basename. |
program] to filter dumps by basename. |
<li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
<li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
|
<li>Built and provide the tzdata.zi and leap-seconds.list files from |
|
zoneinfo. Some third-party software now expects these files to be |
|
installed. |
|
<li>Added basic write support for <a |
|
href="https://man.openbsd.org/pax.1">pax(1)</a> format archives. |
|
<li>Added 'pax' format support for files over 8GB to <a |
|
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
|
<li>Added 'pax' format support for mtime and atime to <a |
|
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
|
|
|
<li>Extended <a href="https://man.openbsd.org/imsg_init.3">imsg</a> |
|
and the <a href="https://man.openbsd.org/ibuf_add.3">ibuf</a> buffer |
|
manipulation API with useful getter methods. |
</ul> |
</ul> |
|
|
<li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
partition as the only bootable partition. |
partition as the only bootable partition. |
<li>Added group handling matching <a |
<li>Added group handling matching <a |
href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
|
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> -m behavior match GNU grep. |
|
<li>Tweaked the default memory limits in /etc/login.conf on several |
|
architectures to account for increased memeory requirements, for |
|
example when compiling or linking under user pbuild. |
|
<li>Initialize all terminals with "tset -I", thereby avoiding extra |
|
newlines to be printed. |
|
<li>Added <a href="https://man.openbsd.org/mkhybrid.8">mkhybrid(8)</a> |
|
'-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot |
|
image, in addition to or instead of the x86 boot image, to the output |
|
file. |
|
<li>Added <a |
|
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> |
|
--omit-dir-times (-O) to omit directories from --times, as well as |
|
--no-O and --no-omit-dir-times options for compatibility. |
|
<li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> |
|
--omit-link-times (-J) option to omit symlinks from --times. |
|
<li>Added accounting flag and <a |
|
href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a> report for |
|
<a href="https://man.openbsd.org/pinsyscalls.2">syscall pinning</a> violations. |
|
<li>Added <a href="https://man.openbsd.org/ktrace.1">ktrace(1)</a> and |
|
<a href="https://man.openbsd.org/kdump.1">kdump(1)</a> support to |
|
observe <a |
|
href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a> |
|
violations. |
|
<li>Changed <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to |
|
avoid use of the interactive shell if -o is given. |
|
<li>Moved non-daemon services to run in a different <a |
|
href="https://man.openbsd.org/rc.8">rc(8)</a> process group to avoid |
|
SIGHUP at boot. |
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
to use backing store devices with 4K-byte sectors. |
to use backing store devices with 4K-byte sectors. |
<li>Added <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a> |
<li>Added <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a> |
support for the Rockchip RK8602 and RK8603 voltage regulators. |
support for the Rockchip RK8602 and RK8603 voltage regulators. |
|
<li>Support keyboard backlights on Apple Powerbooks. |
|
<li>Added operating performance point info about each arm64 cpu and |
|
expose the states of thermal zones as <a |
|
href="https://man.openbsd.org/kstat.1">kstats(1)</a>. |
|
<li>Overhauled <a |
|
href="https://man.openbsd.org/ugold.4">ugold(4)</a> temperature sensor |
|
identification logic and added support for additional devices. |
|
<li>Made <a href="https://man.openbsd.org/uthum.4">uthum(4)</a> |
|
TEMPer{1,2} devices display negative degC. |
|
<li>Improve support for audio devices that via attach multiple <a |
|
href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> drivers. |
|
|
</ul> |
</ul> |
|
|
|
|
<li>TCP Segmentation Offload (TSO) is also used in |
<li>TCP Segmentation Offload (TSO) is also used in |
<a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> and |
<a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> and |
<a href="https://man.openbsd.org/em.4">em(4)</a>. |
<a href="https://man.openbsd.org/em.4">em(4)</a>. |
|
<li>Enabled TCP Segmentation Offload (TSO) in <a |
|
href="https://man.openbsd.org/ixl.4">ixl(4)</a>. |
<li>The Synopsys Ethernet Quality-of-Service Controller |
<li>The Synopsys Ethernet Quality-of-Service Controller |
(<a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>) is enabled for |
(<a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>) is enabled for |
amd64. |
amd64. |
|
|
<li>Allwinner EMAC Ethernet Controller |
<li>Allwinner EMAC Ethernet Controller |
<a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> enabled for |
<a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> enabled for |
riscv64. |
riscv64. |
<li>Enabled TCP Segmentation Offload (TSO) for <a |
|
href="https://man.openbsd.org/ixl.4">ixl(4)</a>. |
|
<li>Corrected wrong register offset macros for <a |
<li>Corrected wrong register offset macros for <a |
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> DMA burst length. |
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> DMA burst length. |
|
<li>Fixed Tx watchdog trigger and freeze in <a |
|
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>. |
|
<li>Updated <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
|
microcode, initialization and reset behavior. |
</ul> |
</ul> |
|
|
<li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
<li>Made <a |
<li>Made <a |
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> verify but |
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> verify but |
not overwrite SHA256.sig. |
not overwrite SHA256.sig. |
|
<li>Improved <a |
|
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> output on |
|
errors and improved ftp error handling. |
<li>Added support in the installer to encrypt the root disk with a key disk. |
<li>Added support in the installer to encrypt the root disk with a key disk. |
<li>Prevent re-starting the automatic upgrade on octeon and |
<li>Prevent re-starting the automatic upgrade on octeon and |
powerpc64, as is already done on other platforms. |
powerpc64, as is already done on other platforms. |
<li>Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting. |
<li>Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting. |
|
<li>Make the amd64 cdXX.iso and installXX.iso CD images bootable in |
|
EFI mode (by creating an EFI system partition containing the EFI boot |
|
loaders to be installed as an El Torito boot image). |
|
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li><b style="color:red;"> BTI and PAC on arm64?</b> |
|
|
|
<li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> |
<li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> |
stdio before parsing pfkey messages to <a |
stdio before parsing pfkey messages to <a |
href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s. |
href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s. |
|
|
<li>Created __OpenBSD versions of llvm cxa guard implementation using |
<li>Created __OpenBSD versions of llvm cxa guard implementation using |
futex() with the correct number of arguments and without using <a |
futex() with the correct number of arguments and without using <a |
href="https://man.openbsd.org/syscall.2">syscall(2)</a>. |
href="https://man.openbsd.org/syscall.2">syscall(2)</a>. |
|
<li>Removed support for <a |
|
href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the |
|
"indirection system call," a dangerous alternative entry point for all |
|
system calls and incompatible with the precision system call entry |
|
point scheme a.k.a. <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
|
|
|
<li>Enable BTI and PAC again on arm64. |
|
<li><a style="color:red;" href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
|
|
</ul> |
</ul> |
|
|
<li>Changes in the network stack: |
<li>Changes in the network stack: |
|
|
default for <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a |
default for <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a |
href="https://man.openbsd.org/nvgre.4">nvgre(4)</a> and <a |
href="https://man.openbsd.org/nvgre.4">nvgre(4)</a> and <a |
href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
|
<li>Fixed race between <a |
|
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> destroy of |
|
an interface and the ARP timer. |
|
|
</ul> |
</ul> |
|
|
<li>The following changes were made to the <a |
<li>The following changes were made to the <a |
|
|
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
|
|
<li>IPsec support was improved: |
<li>IPsec support was improved: |
<ul> |
<ul> |
|
|
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> always |
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> always |
prefer group from the initial KE payload as responder if supported. |
prefer group from the initial KE payload as responder if supported. |
|
<li>Corrected renewal of expired certificates in <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
</ul> |
</ul> |
|
|
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
|
|
<li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a> |
<li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a> |
mappings on various match constraints. |
mappings on various match constraints. |
</ul> |
</ul> |
|
<!-- OTHER --> |
<li>Many other changes in various network programs and libraries: |
<li>Many other changes in various network programs and libraries: |
<ul> |
<ul> |
|
<!-- syslogd --> |
<li>If a DNS name is configured as remote syslog server, |
<li>If a DNS name is configured as remote syslog server, |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
retries to resolve the loghost name periodically until it succeeds. |
retries to resolve the loghost name periodically until it succeeds. |
|
|
logged later. |
logged later. |
<li>Added counting of dropped UDP packets to <a |
<li>Added counting of dropped UDP packets to <a |
href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>. |
href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>. |
|
<li>Prevented use after free of TLS context at <a |
|
href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> shutdown. |
|
<!-- dhcp --> |
<li>Introduced <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> |
<li>Introduced <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> |
log output to stderr and '-v' option to make this output more verbose. |
log output to stderr and '-v' option to make this output more verbose. |
|
<li>In <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, made <a |
|
href="https://man.openbsd.org/dhcp-options.5">dhcp-options(5)</a> |
|
recognize option ipv6-only-preferred (RFC8925). |
|
<li>Allowed <a |
|
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> to |
|
request "IPv6-only preferred" and deconfigure IPv4 on the interface if |
|
the server replies with this option. |
|
<!-- more --> |
<li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
<li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
response. |
response. |
|
<li>Ensured correct denominators when converting NTP fixed point |
|
values to double and vice-versa in <a |
|
href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>. |
|
<li>Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set. |
|
<li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
|
support for specifying ports on the src address in tunnel endpoints of |
|
<a href="https://man.openbsd.org/gif.4">gif(4)</a>, <a |
|
href="https://man.openbsd.org/gre.4">gre(4)</a> and related |
|
tunnel interfaces. |
|
<li>Added an <a |
|
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> endpoint |
|
command for "bridges" that use addresses as endpoints, usable to add |
|
static entries on interfaces like <a |
|
href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>. |
|
<li>Tightened up <a |
|
href="https://man.openbsd.org/relayd.8">relayd(8)</a> HTTP eader parsing. |
|
<li>Deferred <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> |
|
relay_read_http header parsing until after line continuation, |
|
preventing potential request smuggling attacks. |
|
<li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
|
auto-index, adding human-readable file sizes and allowing per-column |
|
sorting. |
|
|
|
|
|
|
|
|
</ul> |
</ul> |
</ul> |
</ul><!-- Routing daemons and other userland network improvements --> |
|
|
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes: |
<ul> |
<ul> |
|
|
layout has been freed. |
layout has been freed. |
<li>Prevented <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> use |
<li>Prevented <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> use |
of combined UTF-8 characters that are too long. |
of combined UTF-8 characters that are too long. |
|
<li>Corrected <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
|
handling of window ops with no pane. |
|
<li>Removed flags from the prefix before comparing with the received |
|
key so that <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
|
modifier keys with flags work correctly. |
|
|
</ul> |
</ul> |
|
|
<li>LibreSSL version 3.9.0 |
<li>LibreSSL version 3.9.0 |