version 1.33, 2024/03/31 12:44:40 |
version 1.34, 2024/03/31 21:47:37 |
|
|
significantly reduces the side-effects of lock contention on the |
significantly reduces the side-effects of lock contention on the |
kernel map lock and leads to significant speedups on machines with |
kernel map lock and leads to significant speedups on machines with |
many CPU cores. |
many CPU cores. |
|
<li>Implemented <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> |
|
RootPathString support in the LoadTable() AML function, fixing OpenBSD |
|
boot on an older version of Hyper-V. |
|
<li>Fixed Linux NFS clients freezing after five minutes of inactivity. |
|
<li>Fixed core file writing when a file map into memory has later been |
|
truncated to be smaller than the mapping. |
|
<li>Disallow<a |
|
href="https://man.openbsd.org/madvise.2">madvise(2)</a> and <a |
|
href="https://man.openbsd.org/msync.2">msync(2)</a> memory/mapping |
|
destructive operations on immutable memory regions. Innstead return EPERM. |
|
<li>Added new amd64-only sysctl machdep.retpoline which says whether |
|
the cpu requires the retpoline branch target injection mitigation. |
|
<li>Added new accounting flag ABTCFI to <a |
|
href="https://man.openbsd.org/acct.5">acct(5)</a> to indicate SIGILL + |
|
code ILL_BTCFI has occurred in the process. |
</ul> |
</ul> |
|
|
<li>SMP Improvements |
<li>SMP Improvements |
|
|
<li>Corrected handling of CPUID 0xd subleaves |
<li>Corrected handling of CPUID 0xd subleaves |
<li>Added additional use of VERW and register clobbering to mitigate RFDS |
<li>Added additional use of VERW and register clobbering to mitigate RFDS |
vulnerabilities on Intel Atom cores. |
vulnerabilities on Intel Atom cores. |
<li>Added recv TCP/UDP checksum offloading to <a |
|
href="https://man.openbsd.org/vio.4">vio(4)</a>. |
|
</ul> |
</ul> |
|
|
<li>Various new userland features: |
<li>Various new userland features: |
|
|
<li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
<li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs. |
<li>Built and provide the tzdata.zi and leap-seconds.list files from |
<li>Built and provide the tzdata.zi and leap-seconds.list files from |
zoneinfo. Some third-party software now expects these files to be |
zoneinfo. Some third-party software now expects these files to be |
installed. |
installed. Provide the zonenow.tab file, a table where each row |
|
stands for a timezone where civil timestamps are predicted to agree |
|
from now on. |
<li>Added basic write support for <a |
<li>Added basic write support for <a |
href="https://man.openbsd.org/pax.1">pax(1)</a> format archives. |
href="https://man.openbsd.org/pax.1">pax(1)</a> format archives. |
<li>Added 'pax' format support for files over 8GB to <a |
<li>Added 'pax' format support for files over 8GB to <a |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
<li>Added 'pax' format support for mtime and atime to <a |
<li>Added 'pax' format support for mtime and atime to <a |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
href="https://man.openbsd.org/tar.1">tar(1)</a>. |
|
|
<li>Extended <a href="https://man.openbsd.org/imsg_init.3">imsg</a> |
<li>Extended <a href="https://man.openbsd.org/imsg_init.3">imsg</a> |
and the <a href="https://man.openbsd.org/ibuf_add.3">ibuf</a> buffer |
and the <a href="https://man.openbsd.org/ibuf_add.3">ibuf</a> buffer |
manipulation API with useful getter methods. |
manipulation API with useful getter methods. Unified file descriptior |
|
passing in all imsg using programs with the use of the imsg_get_fd() |
|
function. |
|
<li>Added <a |
|
href="https://man.openbsd.org/mkdtemps.3">mkdtemps(3)</a>, identical |
|
to <a href="https://man.openbsd.org/mkdtemp.3">mkdtemp(3)</a> except |
|
that it permits a suffix to exist in the template. |
|
<li>Added <a href="https://man.openbsd.org/mktemp.1">mktemp(1)</a> |
|
suffix support for compatibility with the GNU version. It is now |
|
possible to use templates where the Xs are not at the end. |
</ul> |
</ul> |
|
|
<li>Various bugfixes and tweaks in userland: |
<li>Various bugfixes and tweaks in userland: |
|
|
<li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
<li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> |
'flag' from altering other GPT partition attributes when flagging a |
'flag' from altering other GPT partition attributes when flagging a |
partition as the only bootable partition. |
partition as the only bootable partition. |
|
<li>Allow <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to |
|
add GPT partitions of protected types, making it possible to provision |
|
virtual machine images that need a "BIOS Boot" partition. |
|
|
<li>Added group handling matching <a |
<li>Added group handling matching <a |
href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm. |
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> -m behavior match GNU grep. |
<li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> -m behavior match GNU grep. |
|
|
<li>Moved non-daemon services to run in a different <a |
<li>Moved non-daemon services to run in a different <a |
href="https://man.openbsd.org/rc.8">rc(8)</a> process group to avoid |
href="https://man.openbsd.org/rc.8">rc(8)</a> process group to avoid |
SIGHUP at boot. |
SIGHUP at boot. |
|
<li>Changed <a |
|
href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> to only load the first libc version encountered |
|
requested and substituting it for all further loads, ensuring that the |
|
libc version requested by an executable itself is the one loaded. |
|
<li>Significantly (for small programs) reduce the size of statically |
|
linked binaries by splitting several libc internal functions into |
|
seperate compilation and thus linkage units. Specifically <a |
|
href="https://man.openbsd.org/getpwnam.3">getpwnam(3)</a> does not |
|
need the full YP socket setup and does not use all possible <a |
|
href="https://man.openbsd.org/dbopen.3">dbopen(3)</a> databease |
|
backends. |
|
<li>Added <a href="https://man.openbsd.org/vi.1">vi(1)</a> |
|
showfilename set option to display the file name in the lower left |
|
corner. |
|
<li>Added backup of disklabel for <a |
|
href="https://man.openbsd.org/softraid.4">softraid(4)</a> chunks to <a |
|
href="https://man.openbsd.org/security.8">security(8)</a>. |
</ul> |
</ul> |
|
|
<li>Improved hardware support and driver bugfixes, including: |
<li>Improved hardware support and driver bugfixes, including: |
|
|
TEMPer{1,2} devices display negative degC. |
TEMPer{1,2} devices display negative degC. |
<li>Improve support for audio devices that via attach multiple <a |
<li>Improve support for audio devices that via attach multiple <a |
href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> drivers. |
href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> drivers. |
|
|
</ul> |
</ul> |
|
|
<li>New or improved network hardware support: |
<li>New or improved network hardware support: |
|
|
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>. |
href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>. |
<li>Updated <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
<li>Updated <a href="https://man.openbsd.org/rge.4">rge(4)</a> |
microcode, initialization and reset behavior. |
microcode, initialization and reset behavior. |
|
<li>Prevented a potential <a |
|
href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> crash after failure |
|
to bring up a queue. |
</ul> |
</ul> |
|
|
<li>Added or improved wireless network drivers: |
<li>Added or improved wireless network drivers: |
|
|
|
|
<li>Installer, upgrade and bootloader improvements: |
<li>Installer, upgrade and bootloader improvements: |
<ul> |
<ul> |
|
<li>Add support for disk encryption in unattended installations with |
|
<a href="https://man.openbsd.org/autoinstall.8">autoinstall(8)</a>, |
|
both with a plaintext passphrase or a keydisk. |
<li>Removed default sets answer in <a |
<li>Removed default sets answer in <a |
href="https://man.openbsd.org/autoinstall.8">autoinstall(8)</a> |
href="https://man.openbsd.org/autoinstall.8">autoinstall(8)</a> |
response file such that it now populates only with non-defaults. |
response file such that it now populates only with non-defaults. |
|
|
<li>Added support in the installer to encrypt the root disk with a key disk. |
<li>Added support in the installer to encrypt the root disk with a key disk. |
<li>Prevent re-starting the automatic upgrade on octeon and |
<li>Prevent re-starting the automatic upgrade on octeon and |
powerpc64, as is already done on other platforms. |
powerpc64, as is already done on other platforms. |
<li>Enabled CD9660 in arm64 RAMDISK to allow CD-ROM mounting. |
<li>Added CD install images to arm64. |
<li>Make the amd64 cdXX.iso and installXX.iso CD images bootable in |
<li>Make the amd64 cdXX.iso and installXX.iso CD images bootable in |
EFI mode (by creating an EFI system partition containing the EFI boot |
EFI mode (by creating an EFI system partition containing the EFI boot |
loaders to be installed as an El Torito boot image). |
loaders to be installed as an El Torito boot image). |
|
|
</ul> |
</ul> |
|
|
<li>Security improvements: |
<li>Security improvements: |
|
|
<li>Fixed race between <a |
<li>Fixed race between <a |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> destroy of |
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> destroy of |
an interface and the ARP timer. |
an interface and the ARP timer. |
|
<li>Added statistics counters for the route cache, reporting cache |
|
hits and misses. This is shown in <a |
|
href="https://man.openbsd.org/netstat.1">netstat(1)</a> with |
|
<code>netstat -s</code>. |
</ul> |
</ul> |
|
|
<li>The following changes were made to the <a |
<li>The following changes were made to the <a |
|
|
<li>Added check to ensure <a |
<li>Added check to ensure <a |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> -f won't accept a |
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> -f won't accept a |
directory and install an empty ruleset. |
directory and install an empty ruleset. |
|
<li>Added validation for IPv4 packet options in <a |
|
href="https://man.openbsd.org/divert.4">divert(4)</a>. |
</ul> |
</ul> |
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
|
|
<li>IPsec support was improved: |
<li>IPsec support was improved: |
<ul> |
<ul> |
|
|
|
|
prefer group from the initial KE payload as responder if supported. |
prefer group from the initial KE payload as responder if supported. |
<li>Corrected renewal of expired certificates in <a |
<li>Corrected renewal of expired certificates in <a |
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
href="https://man.openbsd.org/iked.8">iked(8)</a>. |
|
<li>Added an <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
debug message when no policy is found. |
|
<li>Implemented a per connection peerid for <a |
|
href="https://man.openbsd.org/iked.8">iked(8)</a> control replies. |
|
<li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> |
|
trigger retransmission only for fragment 1/x to prevent each received |
|
fragment triggering retransmission of the full fragment queue. |
|
<li>Prevent routing loops by droping already encrypted packets that are going through <a |
|
href="https://man.openbsd.org/sec.4">sec(4)</a> again. |
</ul> |
</ul> |
|
|
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, |
|
|
<li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
<li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the |
response. |
response. |
|
<li>Added nochroot parameter to <a |
|
href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> |
|
module_drop_privilege() so that modules can use <a |
|
href="https://man.openbsd.org/unveil.2">unveil(2)</a> instead of <a |
|
href="https://man.openbsd.org/chroot.2">chroot(2)</a> if needed. |
<li>Ensured correct denominators when converting NTP fixed point |
<li>Ensured correct denominators when converting NTP fixed point |
values to double and vice-versa in <a |
values to double and vice-versa in <a |
href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>. |
href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>. |
<li>Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set. |
<li>In the resolver, do not short-circuit resolution of localhost |
|
when AI_NUMERICHOST is set. Ensure that a proper string is returned by <a |
|
href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> when |
|
AI_CANONNAME or AI_FQDN is set. |
<li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
<li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> |
support for specifying ports on the src address in tunnel endpoints of |
support for specifying ports on the src address in tunnel endpoints of |
<a href="https://man.openbsd.org/gif.4">gif(4)</a>, <a |
<a href="https://man.openbsd.org/gif.4">gif(4)</a>, <a |
|
|
<li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
<li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
auto-index, adding human-readable file sizes and allowing per-column |
auto-index, adding human-readable file sizes and allowing per-column |
sorting. |
sorting. |
|
<li>Switched to using whois.internic.net for <a |
|
href="https://man.openbsd.org/whois.1">whois(1)</a> -i. |
|
|
|
|
</ul> |
</ul> |
</ul><!-- Routing daemons and other userland network improvements --> |
</ul><!-- Routing daemons and other userland network improvements --> |
|
|
|
|
<li>Removed flags from the prefix before comparing with the received |
<li>Removed flags from the prefix before comparing with the received |
key so that <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
key so that <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> |
modifier keys with flags work correctly. |
modifier keys with flags work correctly. |
|
<li>Increased buffer size to avoid truncating styles in <a |
|
href="https://man.openbsd.org/tmux.1">tmux(1)</a>. |
|
<li>Added two new values for the <a |
|
href="https://man.openbsd.org/tmux.1">tmux(1)</a> destroy-unattached |
|
option to destroy sessions only if they are not members of sessions |
|
groups. |
</ul> |
</ul> |
|
|
<li>LibreSSL version 3.9.0 |
<li>LibreSSL version 3.9.0 |