File: [local] / www / 75.html (download) (as text)
Revision 1.19, Mon Mar 25 22:49:20 2024 UTC (2 months ago) by bluhm
Branch: MAIN
Changes since 1.18: +32 -5 lines
Add SMP, network, pf, and syslogd improvements.
requested by benno@
|
<!doctype html>
<html lang=en id=release>
<head>
<meta charset=utf-8>
<title>OpenBSD 7.5</title>
<meta name="description" content="OpenBSD 7.5">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/75.html">
</head><body>
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.5
</h2>
<table>
<tr>
<td>
<a href="images/XXX.jpg">
<img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
<td>
Released XXXMONTH DAY, 2024. (56th OpenBSD release)<br>
Copyright 1997-2024, Theo de Raadt.<br>
<br>
Artwork by XXX.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.5/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata75.html">the 7.5 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus75.html">detailed log of changes</a> between the
7.4 and 7.5 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-75-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/openbsd-75-base.pub">
RWRGj1pRpprAfgeF/rgld4ubduChLvTkigA1Zj7WLDsVA4qfYSWOEI8q
</a><tr><td>
openbsd-75-fw.pub:
<td>
RWQ6EsXr4NMYvyLICug3dLHfmbpXlVasF1jbt3GVNQsosgB5+PgaufBu
<tr><td>
openbsd-75-pkg.pub:
<td>
RWS/sEFDvf+rjUmS1WROzxH05pB1kB7JRRq76DUGUhCE0Ks8AdpjP5pD
<tr><td>
openbsd-75-syspatch.pub:
<td>
RWRAAZC5WcFgn+8b5msDR+yDVCx4ziLaSQI2sy7e4GFY42nFW9p7mP2t
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.5.
For a comprehensive list, see the <a href="plus75.html">changelog</a> leading <!-- plus? XXX -->
to 7.5.
<ul>
<!--
<li>New/extended platforms:
<ul>
<li>...
</ul>
-->
<li>Various kernel improvements:
<ul>
<li>...
</ul>
<li>SMP Improvements
<ul>
<li>Some network timer run without kernel lock.
<li>TCP syn cache timer runs with shared net lock.
<li><a href="https://man.openbsd.org/bind.2">bind(2)</a>
and <a href="https://man.openbsd.org/connect.2">connect(2)</a>
system calls can run in parallel.
<li>Packet counter for <a
href="https://man.openbsd.org/lo.4">lo(4)</a> loopback
interface are MP safe.
<li>Split protocol control block table for UDP into IPv4
and IPv6 tables to allow concurrent access.
<li>UDP packets can be sent in parallel by multiple threads.
</ul>
<li>Direct Rendering Manager and graphics drivers
<ul>
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
to Linux 6.6.19.
<li>New <a href="https://man.openbsd.org/arm64/apldcp.4">apldcp(4)</a> and
<a href="https://man.openbsd.org/arm64/apldrm.4">apldrm(4)</a> drivers
for Apple display coprocessor.
</ul>
<li>VMM/VMD improvements
<ul>
<li>Fixed IRQ storm caused by edge-triggered devices such as the uart.
<li>Fixed block size calculation for vioscsi devices.
<li>Added io instruction length to vm exit information, allowing
<a href="https://man.openbsd.org/vmd.8">vmd(8)</a> to perform validation
in userspace.
<li>Adopted new <a href="https://man.openbsd.org/imsg_init.3">imsg_get_*(3)</a>
api.
<li>Rewrote vionet devices to allow zero-copy data transfers between host and
guest.
<li>Improved error messages related to <a href="https://man.openbsd.org/getgrnam.3">
getgrnam(3)</a> usage and out of <a href="https://man.openbsd.org/tap.4">tap(4)
</a> device conditions.
<li>Fixed various things found by smatch static analyzer.
<li>Fixed various file descriptor lifecycle issues and leaks across
<a href="https://man.openbsd.org/fork.2">fork(2)</a>/
<a href="https://man.openbsd.org/execve.2">execve(2)</a> usage.
<li>Added multi-threading support to vionet device emulation, improving latency.
<li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> instability on Intel
VMX hosts by updating GDTR & TR if vcpu moves host cpus.
<li>Added EPT flushing upon <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
enabling VMX mode.
<li>Added branch predictor flushing if IBPB is supported.
<li>Corrected restoring GDTR and IDTR limits upon VMX guest exit.
<li>Corrected handling of CPUID 0xd subleaves
<li>Added additional use of VERW and register clobbering to mitigate RFDS
vulnerabilities on Intel Atom cores.
</ul>
<li>Various new userland features:
<ul>
<li>...
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>...
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<!-- new drivers -->
<li>...
<!-- other -->
<li>...
</ul>
<li>New or improved network hardware support:
<ul>
<li>...
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Introduce <a href="https://man.openbsd.org/qwx.4">qwx(4)</a>,
a port of the Linux ath11k driver for QCNFA765 devices.
Available on the amd64 and arm64 platforms.
<li>Fix Tx rate selection for management frames in
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Fix <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> loading the wrong
firmware image on some devices.
<li>Make <a href="https://man.openbsd.org/bfwm.4">bwfm(4)</a> work with MAC
addresses set via ifconfig lladdr.
<li>Ensure that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses the
80MHz primary channel index announced in beacons.
<li>Avoid using MCS-9 in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
Tx rate selection if 40 MHz is disabled to prevent firmware errors.
<li>Ensure that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices announce VHT
capabilities in probe requests.
<li>Fix bug in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>,
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a>, and
<a href="https://man.openbsd.org/iwn.4">iwn(4)</a> which could result
in some channels missing from scan results.
<li>Enable <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> on the
arm64 platform.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li> Ignore 40/80 MHz wide channel configurations which do not appear
in the 802.11ac spec. This prevents device firmware errors which
occurred when an access point announced an invalid channel configuration.
</ul>
<li>Installer, upgrade and bootloader improvements:
<ul>
<li>...
</ul>
<li>Security improvements:
<ul>
<li>...
</ul>
<li>Changes in the network stack:
<ul>
<li>Enable IPv6 support in <a
href="https://man.openbsd.org/ppp.4">ppp(4)</a>
<li>Socket with sequenced packet type and control messages
handle end of record correctly.
<li>The routing table has a generaton number. That means
cached routes at sockets will be invalidated when the routing
table changes. Especially with dynamic routing daemons
local connections use the up to date route.
<li>Route cache hits an misses are printed in
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>
statistics.
</ul>
<li>The following changes were made to the <a
href="https://man.openbsd.org/pf.4">pf(4)</a> firewall:
<ul>
<li>tcpdump on <a
href="https://man.openbsd.org/pflog.4">pflog(4)</a> interface
shows packets dropped by the default rule with the "block"
action. Although the default rules is a "pass" rule, it
blocks malformed packets. Now this is correctly logged.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>IPsec support was improved:
<ul>
<li>...
</ul>
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
<ul>
<li>...
</ul>
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes:
<ul>
<li>Add ability to constrain an RPKI Trust Anchor's effective signing
authority to a limited set of Internet numbers. This allows Relying
Parties to enjoy the potential benefits of assuming trust, but within
a bounded scope.
<li>Following a 'failed fetch' (described in RFC 9286), emit a warning and
continue with a previously cached Manifest file.
<li>Emit a warning when the remote repository presents a Manifest with an
unexpected manifestNumber.
<li>Improved CRL extension checking.
<li>Experimental support for the P-256 signature algorithm.
<!-- 8.8. -->
<li>A failed manifest fetch could result in a NULL pointer dereference or
a use after free.
<li>Reject non-conforming RRDP delta elements that contain neither publish
nor a withdraw element and fall back to the RRDP snapshot.
<li>Refactoring and minor bug fixes in the warning display functions.
<!-- 8.9 -->
<li>The handling of manifests fetched via rsync or RRDP was reworked to
fully conform to RFC 9286.
<li>Fix a race condition between closing an idle connection and scheduling a
new request on it.
<li>The evaluation time specified with -P now also applies to trust anchor
certificates.
<li>Check that the entire CMS eContent was consumed. Previously, trailing
data would be silently discarded on deserialization of products.
<li>In file mode do not consider overclaiming intermediate CA certificates
as invalid. OAA warning is still issued.
<li>Print the revocation time of certificates in file mode.
<li>Be more careful when converting OpenSSL numeric identifiers (NIDs)
to strings.
<!-- 9.0 -->
<li>Added support for RPKI Signed Prefix Lists.
<li>Added an -x flag to opt into parsing and evaluation of file types that are
still considered experimental.
<li>Added a metric to track the number of new files that were moved to the
validated cache.
<li>Ensure that the FileAndHashes list in a Manifest contains no duplicate
file names and no duplicate hashes.
</ul>
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
<ul>
<li>Add <code>Message-Id</code> as needed for messages received on
the submission port.
<li>Added support for RFC 7505 "Null MX" handling and treat
an MX of "localhost" as it were a "Null MX".
<li>Allow inline tables and filter listings in
<a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>
to span over multiple lines.
<li>Enabled <abbr title="Delivery Status Notification">DSN</abbr>
for the implicit socket too.
<li>Added the
<a href="https://man.openbsd.org/smtpd.conf.5#no-dsn~2">no-dsn</a>
option for <code>listen on socket</code> too.
<li>Reject headers that start with a space or a tab.
<li>Fixed parsing of the <code>ORCPT</code> parameter.
<li>Fixed table lookups of IPv6 addresses.
<li>Fixed handling of escape characters in To, From and Cc headers.
<li>Run <abbr title="Local Mail Transfer Protocol">LMTP</abbr>
deliveries as the recipient user again.
<li>Disallow custom commands and file reading in root's
<code>.forward</code> file.
<li>Do not process other users <code>.forward</code> files when
an alternate delivery user is provided in a dispatcher.
<li>Unify the <a href="https://man.openbsd.org/table.5">table(5)</a>
parser used in
<a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> and
<a href="https://man.openbsd.org/makemap.8">makemap(8)</a>.
<li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a>
mappings on various match constraints.
</ul>
<li>Many other changes in various network programs and libraries:
<ul>
<li>If a DNS name is configured as remote syslog server,
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
retries to resolve the name periodically until it succeeds.
UDP packets that get lost during that period are counted and
logged later.
<li>...
</ul>
</ul>
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes:
<ul>
<li>...
</ul>
<li>LibreSSL version 3.9.0
<ul>
<li>Portable changes
<ul>
<li>libcrypto no longer exports compat symbols in cmake builds.
<li>Most compatibility symbols are prefixed with <code>libressl_</code>
to avoid symbol clashes in static links.
<li>Fixed various warnings on Windows.
<li>Removed assert pop-ups with Windows debug builds.
<li>Fixed crashes and hangs in Windows ARM64 builds.
<li>Improved control-flow enforcement (CET) support.
</ul>
<li>Internal improvements
<ul>
<li>Converted uses of <code>OBJ_bsearch_()</code> to standard
<a href="https://man.openbsd.org/bsearch">bsearch(3)</a>.
<li>Greatly simplified <code>by_file_ctrl()</code>.
<li>Simplified and cleaned up the OBJ_ API.
<li>Cleaned up the <a href="https://man.openbsd.org/EVP_CipherInit">EVP_Cipher{Init,Update,Final}(3)</a> implementations.
<li>Removed unused function pointers from X.509 stores and contexts.
<li>A lot of cleanup and reorganization in EVP.
<li>Removed all remaining <code>ENGINE</code> tentacles.
<li>Simplified internals of <code>X509_TRUST</code> handling.
<li>Made deletion from a <a href="https://man.openbsd.org/lh_delete">lhash</a>
doall callback safe.
<li>Rewrote <a href="https://man.openbsd.org/BIO_dump">BIO_dump*(3)</a> internals
to be less bad.
</ul>
<li>Documentation improvements
<ul>
<li><code>ENGINE</code> documentation was updated to reflect reality.
<li>Made EVP API documentation more accurate and less incoherent.
<li>Call out some shortcomings of the <code>EC_KEY_set_*</code> API explicitly.
</ul>
<li>Testing and proactive security
<ul>
<li>Bug fixes and simplifications in the Wycheproof tests.
</ul>
<li>Compatibility changes
<ul>
<li>Added ChaCha20 and chacha20 aliases for ChaCha.
<li><a href="https://man.openbsd.org/SSL_library_init">SSL_library_init(3)</a>
now has the same effect as OPENSSL_init_ssl().
<li><code>EVP_add_{cipher,digest}()</code> were removed. From the <code>OBJ_NAME</code> API,
only <a href="https://man.openbsd.org/OBJ_NAME_do_all">OBJ_NAME_do_all*()</a> remain.
In particular, it is no longer possible to add aliases for ciphers and digests.
<li>The thread unsafe global tables are no longer supported. It is no
longer possible to add aliases for ciphers and digests, custom ASN.1
strings table entries, ASN.1 methods, PKEY methods, digest methods,
CRL methods, purpose and trust identifiers, or X.509 extensions.
<li>Removed the _cb() and _fp() versions of
<a href="https://man.openbsd.org/BIO_dump">BIO_dump{,_indent}()</a>.
<li><code>BIO_set()</code> was removed.
<li><code>BIO_{sn,v,vsn}printf()</code> were removed.
<li>Turn the long dysfunctional
<a href="https://man.openbsd.org/openssl(1)">openssl(1)</a>
<code>s_client -pause</code> into a noop.
<li><a href="https://man.openbsd.org/openssl(1)">openssl(1)</a> <code>x509</code>
now supports <code>-new</code>, <code>-force_pubkey</code>, <code>-multivalue-rdn</code>,
<code>-set_issuer</code> <code>-set_subject</code>, and <code>-utf8</code>.
<li>Support ECDSA with SHA-3 signature algorithms.
<li>Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF.
<li>GOST and STREEBOG support was removed.
<li><code>CRYPTO_THREADID</code>, <code>_LHASH</code>, <code>_STACK</code> and
<code>X509_PURPOSE</code> are now opaque, <code>X509_CERT_AUX</code> and
<code>X509_TRUST</code> were removed from the public API.
<li><a href="https://man.openbsd.org/ASN1_STRING_TABLE_get()">ASN1_STRING_TABLE_get(3)</a>
and <a href="https://man.openbsd.org/X509_PURPOSE_get0">X509_PURPOSE_get0*(3)</a> now
return const pointers.
<li><code>EVP_{CIPHER,MD}_CTX_init()</code>'s signatures and semantics now match
OpenSSL's behavior.
<li><code>sk_find_ex()</code> and <code>OBJ_bsearch_()</code> were removed.
<li><a href="https://man.openbsd.org/CRYPTO_malloc">CRYPTO_malloc(3)</a> was fixed to use
<code>size_t</code> argument. <code>CRYPTO_malloc()</code>
and <code>CRYPTO_free()</code> now accept file and line arguments.
<li>A lot of decrepit CRYPTO memory API was removed.
</ul>
<li>Bug fixes
<ul>
<li>Fixed aliasing issues in <code>BN_mod_exp_simple()</code> and <code>BN_mod_exp_recp()</code>.
<li>Fixed numerous misuses of
<a href="https://man.openbsd.org/X509_ALGOR_set0">X509_ALGOR_set0(3)</a>
resulting in leaks and potentially incorrect encodings.
<li>Fixed potential double free in
<a href="https://man.openbsd.org/X509v3_asid_add_id_or_range">X509v3_asid_add_id_or_range(3)</a>.
<li>Stopped using <code>ASN1_time_parse()</code> outside of libcrypto.
<li>Prepared <a href="https://man.openbsd.org/OPENSSL_gmtime">OPENSSL_gmtime(3)</a> and
<a href="https://man.openbsd.org/OPENSSL_timegm">OPENSSL_timegm(3)</a> as public API
wrappers of internal functions compatible with BoringSSL API.
<li>Removed <code>print_bin()</code> to avoid overwriting the stack with 5 bytes
of <code>" "</code> when ECPK parameters are printed with large
indentation.
<li>Avoid a <code>NULL</code> dereference after memory allocation failure during TLS
version downgrade.
<li>Fixed various bugs in CMAC internals.
<li>Fixed 4-byte overreads in GHASH assembly on amd64 and i386.
<li>Fixed various NULL dereferences in PKCS #12 code due to mishandling
of OPTIONAL content in PKCS #7 ContentInfo.
<li>Aligned <a href="https://man.openbsd.org/SSL_shutdown">SSL_shutdown(3)</a>
behavior in TLSv1.3 with the legacy stack.
<li>Fixed the new X.509 verifier to find trust anchors in the trusted
stack.
</ul>
</ul>
<li>OpenSSH 9.6 and OpenSSH 9.7
<ul>
<li>Security fixes
<ul>
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
<br>While cryptographically novel, the security impact of this attack
is fortunately very limited as it only allows deletion of
consecutive messages, and deleting most messages at this stage of
the protocol prevents user authentication from proceeding and
results in a stuck connection.
<br>The most serious identified impact is that it lets a MITM to
delete the SSH2_MSG_EXT_INFO message sent before authentication
starts, allowing the attacker to disable a subset of the keystroke
timing obfuscation features introduced in OpenSSH 9.5. There is no
other discernable impact to session secrecy or session integrity.
<li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>: when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: if an invalid user or hostname that contained shell
metacharacters was passed to <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
could potentially perform command injection depending on what
quoting was present in the user-supplied <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> directive.
<br>OpenSSH 9.6 now
bans most shell metacharacters from user and hostnames supplied
via the command-line. This countermeasure is not guaranteed to be
effective in all situations, as it is infeasible for <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> to
universally filter shell metacharacters potentially relevant to
user-supplied commands.
<br>User/hostnames provided via <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> are not subject to these
restrictions, allowing configurations that use strange names to
continue to be used, under the assumption that the user knows what
they are doing in their own configuration files.
</ul>
<li>New features
<ul>
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: add a "global" ChannelTimeout type that watches
all open channels and will close all open channels if there is no
traffic on any of them for the specified interval. This is in
addition to the existing per-channel timeouts added recently.
<br>This supports situations like having both session and x11
forwarding channels open where one may be idle for an extended
period but the other is actively used. The global timeout could
close both channels when both have been idle for too long.
<li>All: make DSA key support compile-time optional, defaulting to on.
</ul>
<li>Bugfixes
<ul>
<li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: don't append an unnecessary space to the end of subsystem
arguments (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3667'>bz3667</a>)
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix the multiplexing "channel proxy" mode, broken when
keystroke timing obfuscation was added. (<a href='https://github.com/openssh/openssh-portable/pull/463'>GHPR#463</a>)
<li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: fix spurious configuration parsing errors when
options that accept array arguments are overridden (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3657'>bz3657</a>).
<li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>: fix potential spin in signal handler (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3670'>bz3670</a>)
<li>Many fixes to manual pages and other documentation, including
<a href='https://github.com/openssh/openssh-portable/pull/462'>GHPR#462</a>, <a href='https://github.com/openssh/openssh-portable/pull/454'>GHPR#454</a>, <a href='https://github.com/openssh/openssh-portable/pull/442'>GHPR#442</a> and <a href='https://github.com/openssh/openssh-portable/pull/441'>GHPR#441</a>.
<li>Greatly improve interop testing against PuTTY.
</ul>
</ul>
<li>Ports and packages:
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: 12145
<li>amd64: 12309
<li>arm: XXX
<li>i386: 10830
<li>mips64: XXX
<li>powerpc: XXX
<li>powerpc64: 8469
<li>riscv64: XXX
<li>sparc64: 9432
</ul>
<p>Some highlights:
<ul style="column-count: 3"><!-- XXX all need to be checked/updated 2024-03-02 -->
<li>Asterisk 16.30.1, 18.21.0 and 20.6.0
<li>Audacity 3.4.2
<li>CMake 3.28.3
<li>Chromium 122.0.6261.111
<li>Emacs 29.2
<li>FFmpeg 4.4.4
<li>GCC 8.4.0 and 11.2.0
<li>GHC 9.6.4
<li>GNOME 45
<li>Go 1.22.1
<li>JDK 8u402, 11.0.22, 17.0.10 and 21.0.2
<li>KDE Applications 23.08.4
<li>KDE Frameworks 5.115.0
<li>KDE Plasma 5.27.10
<li>Krita 5.2.2
<li>LLVM/Clang 13.0.0, 16.0.6 and 17.0.6
<li>LibreOffice 24.2.1.2
<li>Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.6
<li>MariaDB 10.9.8
<li>Mono 6.12.0.199
<li>Mozilla Firefox 123.0.1 and ESR 115.8.0
<li>Mozilla Thunderbird 115.8.1
<li>Mutt 2.2.13 and NeoMutt 20240201
<li>Node.js 18.19.1
<li>OCaml 4.14.1
<li>OpenLDAP 2.6.7
<li>PHP 7.4.33, 8.0.30, 8.1.27, 8.2.16 and 8.3.3
<li>Postfix 3.8.6
<li>PostgreSQL 16.2
<li>Python 2.7.18, 3.9.18, 3.10.13 and 3.11.8
<li>Qt 5.15.12 (+ kde patches) and 6.6.1
<li>R 4.2.3
<li>Ruby 3.1.4, 3.2.3 and 3.3.0
<li>Rust 1.76.0
<li>SQLite 3.44.2
<li>Shotcut 23.07.29
<li>Sudo 1.9.15.5
<li>Suricata 7.0.3
<li>Tcl/Tk 8.5.19 and 8.6.13
<li>TeX Live 2023
<li>Vim 9.1.139 and Neovim 0.9.5
<li>Xfce 4.18.1
</ul>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul><!-- XXX all need to be checked/updated 2024-03-02 -->
<li>Xenocara (based on X.Org 7.7 with xserver 21.1.11 + patches,
freetype 2.13.0, fontconfig 2.14.2, Mesa 23.1.9, xterm 378,
xkeyboard-config 2.20, fonttosfnt 1.2.3 and more)
<li>LLVM/Clang 16.0.6 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.36.3 (+ patches)
<li>NSD 4.8.0
<li>Unbound 1.18.0
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk January 22, 2024
<li>Expat 2.6.0
<li>zlib 1.3.1 (+ patches)
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 7.5 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/alpha/INSTALL.alpha">
.../OpenBSD/7.5/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/amd64/INSTALL.amd64">
.../OpenBSD/7.5/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/arm64/INSTALL.arm64">
.../OpenBSD/7.5/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/armv7/INSTALL.armv7">
.../OpenBSD/7.5/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/hppa/INSTALL.hppa">
.../OpenBSD/7.5/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/i386/INSTALL.i386">
.../OpenBSD/7.5/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/landisk/INSTALL.landisk">
.../OpenBSD/7.5/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/loongson/INSTALL.loongson">
.../OpenBSD/7.5/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/luna88k/INSTALL.luna88k">
.../OpenBSD/7.5/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/macppc/INSTALL.macppc">
.../OpenBSD/7.5/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/octeon/INSTALL.octeon">
.../OpenBSD/7.5/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/powerpc64/INSTALL.powerpc64">
.../OpenBSD/7.5/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/riscv64/INSTALL.riscv64">
.../OpenBSD/7.5/riscv64/INSTALL.riscv64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/sparc64/INSTALL.sparc64">
.../OpenBSD/7.5/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
If your machine can boot from CD, you can write <i>install75.iso</i> or
<i>cd75.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install75.iso</i> or
<i>cd75.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install75.img</i> or
<i>miniroot75.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
If your machine can boot from CD, you can write <i>install75.iso</i> or
<i>cd75.iso</i> to a CD and boot from it.
<p>
To boot from disk, write <i>install75.img</i> or <i>miniroot75.img</i> to a
disk and boot from it after connecting to the serial console. Refer to
INSTALL.arm64 for more details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install75.iso</i> or
<i>cd75.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install75.img</i> or
<i>miniroot75.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot75.img</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot75.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/7.5/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/powerpc64:</h3>
<p>
To install, write <i>install75.img</i> or <i>miniroot75.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.
<h3>OpenBSD/riscv64:</h3>
<p>
To install, write <i>install75.img</i> or <i>miniroot75.img</i> to a
USB stick, and boot with that drive plugged in.
Make sure you also have the microSD card plugged in that shipped with the
HiFive Unmatched board.
Refer to the instructions in INSTALL.riscv64 for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy75.img</i> or <i>floppyB75.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot75.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 7.4 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade75.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_5</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 7.5 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to 75.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www