Blame


1 57d3a05c 2024-03-02 benno <!doctype html>
2 57d3a05c 2024-03-02 benno <html lang=en id=release>
3 57d3a05c 2024-03-02 benno <head>
4 57d3a05c 2024-03-02 benno <meta charset=utf-8>
5 57d3a05c 2024-03-02 benno
6 57d3a05c 2024-03-02 benno <title>OpenBSD 7.5</title>
7 57d3a05c 2024-03-02 benno <meta name="description" content="OpenBSD 7.5">
8 57d3a05c 2024-03-02 benno <meta name="viewport" content="width=device-width, initial-scale=1">
9 57d3a05c 2024-03-02 benno <link rel="stylesheet" type="text/css" href="openbsd.css">
10 57d3a05c 2024-03-02 benno <link rel="canonical" href="https://www.openbsd.org/75.html">
11 57d3a05c 2024-03-02 benno </head><body>
12 57d3a05c 2024-03-02 benno <h2 id=OpenBSD>
13 57d3a05c 2024-03-02 benno <a href="index.html">
14 57d3a05c 2024-03-02 benno <i>Open</i><b>BSD</b></a>
15 57d3a05c 2024-03-02 benno 7.5
16 57d3a05c 2024-03-02 benno </h2>
17 57d3a05c 2024-03-02 benno
18 57d3a05c 2024-03-02 benno <table>
19 57d3a05c 2024-03-02 benno <tr>
20 57d3a05c 2024-03-02 benno <td>
21 42396bb1 2024-04-05 deraadt <a href="images/King_of_Kings.jpg">
22 42396bb1 2024-04-05 deraadt <img width="227" height="303" src="images/King_of_Kings-s.gif" alt="King of Kings"></a>
23 57d3a05c 2024-03-02 benno <td>
24 8886b193 2024-04-05 deraadt Released Apr 5, 2024. (56th OpenBSD release)<br>
25 57d3a05c 2024-03-02 benno Copyright 1997-2024, Theo de Raadt.<br>
26 57d3a05c 2024-03-02 benno <br>
27 42396bb1 2024-04-05 deraadt Artwork by Stipan Morian.
28 57d3a05c 2024-03-02 benno <br>
29 57d3a05c 2024-03-02 benno <ul>
30 57d3a05c 2024-03-02 benno <li>See the information on <a href="ftp.html">the FTP page</a> for
31 57d3a05c 2024-03-02 benno a list of mirror machines.
32 57d3a05c 2024-03-02 benno <li>Go to the <code class=reldir>pub/OpenBSD/7.5/</code> directory on
33 57d3a05c 2024-03-02 benno one of the mirror sites.
34 57d3a05c 2024-03-02 benno <li>Have a look at <a href="errata75.html">the 7.5 errata page</a> for a list
35 57d3a05c 2024-03-02 benno of bugs and workarounds.
36 57d3a05c 2024-03-02 benno <li>See a <a href="plus75.html">detailed log of changes</a> between the
37 57d3a05c 2024-03-02 benno 7.4 and 7.5 releases.
38 57d3a05c 2024-03-02 benno <p>
39 57d3a05c 2024-03-02 benno <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40 57d3a05c 2024-03-02 benno pubkeys for this release:<p>
41 57d3a05c 2024-03-02 benno
42 57d3a05c 2024-03-02 benno <table class=signify>
43 57d3a05c 2024-03-02 benno <tr><td>
44 57d3a05c 2024-03-02 benno openbsd-75-base.pub:
45 57d3a05c 2024-03-02 benno <td>
46 57d3a05c 2024-03-02 benno <a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/openbsd-75-base.pub">
47 57d3a05c 2024-03-02 benno RWRGj1pRpprAfgeF/rgld4ubduChLvTkigA1Zj7WLDsVA4qfYSWOEI8q
48 57d3a05c 2024-03-02 benno </a><tr><td>
49 57d3a05c 2024-03-02 benno openbsd-75-fw.pub:
50 57d3a05c 2024-03-02 benno <td>
51 57d3a05c 2024-03-02 benno RWQ6EsXr4NMYvyLICug3dLHfmbpXlVasF1jbt3GVNQsosgB5+PgaufBu
52 57d3a05c 2024-03-02 benno <tr><td>
53 57d3a05c 2024-03-02 benno openbsd-75-pkg.pub:
54 57d3a05c 2024-03-02 benno <td>
55 57d3a05c 2024-03-02 benno RWS/sEFDvf+rjUmS1WROzxH05pB1kB7JRRq76DUGUhCE0Ks8AdpjP5pD
56 57d3a05c 2024-03-02 benno <tr><td>
57 57d3a05c 2024-03-02 benno openbsd-75-syspatch.pub:
58 57d3a05c 2024-03-02 benno <td>
59 57d3a05c 2024-03-02 benno RWRAAZC5WcFgn+8b5msDR+yDVCx4ziLaSQI2sy7e4GFY42nFW9p7mP2t
60 57d3a05c 2024-03-02 benno </table>
61 57d3a05c 2024-03-02 benno </ul>
62 57d3a05c 2024-03-02 benno <p>
63 57d3a05c 2024-03-02 benno All applicable copyrights and credits are in the src.tar.gz,
64 57d3a05c 2024-03-02 benno sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
65 57d3a05c 2024-03-02 benno files fetched via <code>ports.tar.gz</code>.
66 57d3a05c 2024-03-02 benno </table>
67 57d3a05c 2024-03-02 benno
68 57d3a05c 2024-03-02 benno <hr>
69 57d3a05c 2024-03-02 benno
70 57d3a05c 2024-03-02 benno <section id=new>
71 57d3a05c 2024-03-02 benno <h3>What's New</h3>
72 57d3a05c 2024-03-02 benno <p>
73 57d3a05c 2024-03-02 benno This is a partial list of new features and systems included in OpenBSD 7.5.
74 57d3a05c 2024-03-02 benno For a comprehensive list, see the <a href="plus75.html">changelog</a> leading <!-- plus? XXX -->
75 57d3a05c 2024-03-02 benno to 7.5.
76 57d3a05c 2024-03-02 benno
77 57d3a05c 2024-03-02 benno <ul>
78 57d3a05c 2024-03-02 benno
79 57d3a05c 2024-03-02 benno <!--
80 57d3a05c 2024-03-02 benno <li>New/extended platforms:
81 57d3a05c 2024-03-02 benno <ul>
82 57d3a05c 2024-03-02 benno <li>...
83 57d3a05c 2024-03-02 benno </ul>
84 57d3a05c 2024-03-02 benno -->
85 57d3a05c 2024-03-02 benno
86 57d3a05c 2024-03-02 benno <li>Various kernel improvements:
87 57d3a05c 2024-03-02 benno <ul>
88 d84d45fe 2024-03-29 benno <li>Added <a href="https://man.openbsd.org/bt.5">bt(5)</a> and <a
89 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/btrace.8">btrace(8)</a> support for
90 d84d45fe 2024-03-29 benno binary modulo operator ('%').
91 d84d45fe 2024-03-29 benno <li>Added a TIMEOUT_MPSAFE flag to <a
92 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
93 d84d45fe 2024-03-29 benno <li>Added IBM encoded version of the "Spleen 8x16" font, usable as console font.
94 d84d45fe 2024-03-29 benno <li>Cleanup and machine-independent refactoring of three context
95 d84d45fe 2024-03-29 benno switch paths outside of mi_switch(): when a process forks and the new
96 d84d45fe 2024-03-29 benno proc needs to be scheduled by proc_trampoline, cpu_hatch: when booting
97 d84d45fe 2024-03-29 benno APs, and sched_exit: when a proc exits.
98 d84d45fe 2024-03-29 benno <li>Made <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>
99 d84d45fe 2024-03-29 benno 'vscsi_filtops' mpsafe and extended the 'sc_state_mtx' <a
100 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/mutex.9">mutex(9)</a> to protect
101 d84d45fe 2024-03-29 benno 'sc_klist' knotes list.
102 d84d45fe 2024-03-29 benno <li>Made out-of-swap checking more robust, preventing potential deadlocks.
103 d84d45fe 2024-03-29 benno <li>Eliminated the ioctl whitelist that <a
104 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/bio.4">bio(4)</a> will tunnel for other
105 d84d45fe 2024-03-29 benno devices, allowing bio to be used with other (non-raid) related
106 d84d45fe 2024-03-29 benno devices.
107 9489e264 2024-03-31 benno <li>On msdos filesystems, ensure that a complete struct fsinfo is read
108 9489e264 2024-03-31 benno even if the filesystem sectors are smaller.
109 9489e264 2024-03-31 benno <li>Implemented per-CPU caching for the page table page (vp) pool and
110 9489e264 2024-03-31 benno the PTE descriptor (pted) pool in the arm64 pmap implementation. This
111 9489e264 2024-03-31 benno significantly reduces the side-effects of lock contention on the
112 9489e264 2024-03-31 benno kernel map lock and leads to significant speedups on machines with
113 d4eec3b9 2024-03-31 otto many CPU cores.
114 e91f99b6 2024-03-31 benno <li>Implemented <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>
115 e91f99b6 2024-03-31 benno RootPathString support in the LoadTable() AML function, fixing OpenBSD
116 e91f99b6 2024-03-31 benno boot on an older version of Hyper-V.
117 e91f99b6 2024-03-31 benno <li>Fixed Linux NFS clients freezing after five minutes of inactivity.
118 e91f99b6 2024-03-31 benno <li>Fixed core file writing when a file map into memory has later been
119 e91f99b6 2024-03-31 benno truncated to be smaller than the mapping.
120 65804062 2024-03-31 tj <li>Disallow <a
121 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/madvise.2">madvise(2)</a> and <a
122 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/msync.2">msync(2)</a> memory/mapping
123 aa928925 2024-03-31 jsg destructive operations on immutable memory regions. Instead return EPERM.
124 e91f99b6 2024-03-31 benno <li>Added new amd64-only sysctl machdep.retpoline which says whether
125 e91f99b6 2024-03-31 benno the cpu requires the retpoline branch target injection mitigation.
126 e91f99b6 2024-03-31 benno <li>Added new accounting flag ABTCFI to <a
127 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/acct.5">acct(5)</a> to indicate SIGILL +
128 e91f99b6 2024-03-31 benno code ILL_BTCFI has occurred in the process.
129 57d3a05c 2024-03-02 benno </ul>
130 57d3a05c 2024-03-02 benno
131 57d3a05c 2024-03-02 benno <li>SMP Improvements
132 57d3a05c 2024-03-02 benno <ul>
133 9489e264 2024-03-31 benno <li>Some network timers run without kernel lock.
134 9489e264 2024-03-31 benno <li>TCP syn cache timer runs with shared net lock.
135 9489e264 2024-03-31 benno <li><a href="https://man.openbsd.org/bind.2">bind(2)</a>
136 9489e264 2024-03-31 benno and <a href="https://man.openbsd.org/connect.2">connect(2)</a>
137 9489e264 2024-03-31 benno system calls can run in parallel.
138 9489e264 2024-03-31 benno <li>Packet counter for <a
139 9489e264 2024-03-31 benno href="https://man.openbsd.org/lo.4">lo(4)</a> loopback
140 9489e264 2024-03-31 benno interface are MP safe.
141 9489e264 2024-03-31 benno <li>Split protocol control block table for UDP into IPv4
142 9489e264 2024-03-31 benno and IPv6 tables to allow concurrent access.
143 9489e264 2024-03-31 benno <li>UDP packets can be sent in parallel by multiple threads.
144 57d3a05c 2024-03-02 benno </ul>
145 57d3a05c 2024-03-02 benno
146 57d3a05c 2024-03-02 benno <li>Direct Rendering Manager and graphics drivers
147 57d3a05c 2024-03-02 benno <ul>
148 584568a7 2024-03-22 jsg <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
149 584568a7 2024-03-22 jsg to Linux 6.6.19.
150 584568a7 2024-03-22 jsg <li>New <a href="https://man.openbsd.org/arm64/apldcp.4">apldcp(4)</a> and
151 584568a7 2024-03-22 jsg <a href="https://man.openbsd.org/arm64/apldrm.4">apldrm(4)</a> drivers
152 584568a7 2024-03-22 jsg for Apple display coprocessor.
153 57d3a05c 2024-03-02 benno </ul>
154 57d3a05c 2024-03-02 benno
155 57d3a05c 2024-03-02 benno <li>VMM/VMD improvements
156 57d3a05c 2024-03-02 benno <ul>
157 b525a9d7 2024-03-31 jsg <li>Fixed IRQ storm caused by edge-triggered devices such as the UART.
158 7b14f24a 2024-03-23 dv <li>Fixed block size calculation for vioscsi devices.
159 7b14f24a 2024-03-23 dv <li>Added io instruction length to vm exit information, allowing
160 7b14f24a 2024-03-23 dv <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> to perform validation
161 7b14f24a 2024-03-23 dv in userspace.
162 7b14f24a 2024-03-23 dv <li>Adopted new <a href="https://man.openbsd.org/imsg_init.3">imsg_get_*(3)</a>
163 7b14f24a 2024-03-23 dv api.
164 7b14f24a 2024-03-23 dv <li>Rewrote vionet devices to allow zero-copy data transfers between host and
165 7b14f24a 2024-03-23 dv guest.
166 7b14f24a 2024-03-23 dv <li>Improved error messages related to <a href="https://man.openbsd.org/getgrnam.3">
167 7b14f24a 2024-03-23 dv getgrnam(3)</a> usage and out of <a href="https://man.openbsd.org/tap.4">tap(4)
168 7b14f24a 2024-03-23 dv </a> device conditions.
169 7b14f24a 2024-03-23 dv <li>Fixed various things found by smatch static analyzer.
170 7b14f24a 2024-03-23 dv <li>Fixed various file descriptor lifecycle issues and leaks across
171 7b14f24a 2024-03-23 dv <a href="https://man.openbsd.org/fork.2">fork(2)</a>/
172 7b14f24a 2024-03-23 dv <a href="https://man.openbsd.org/execve.2">execve(2)</a> usage.
173 7b14f24a 2024-03-23 dv <li>Added multi-threading support to vionet device emulation, improving latency.
174 7b14f24a 2024-03-23 dv <li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> instability on Intel
175 7b14f24a 2024-03-23 dv VMX hosts by updating GDTR &amp; TR if vcpu moves host cpus.
176 7b14f24a 2024-03-23 dv <li>Added EPT flushing upon <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>
177 7b14f24a 2024-03-23 dv enabling VMX mode.
178 7b14f24a 2024-03-23 dv <li>Added branch predictor flushing if IBPB is supported.
179 7b14f24a 2024-03-23 dv <li>Corrected restoring GDTR and IDTR limits upon VMX guest exit.
180 7b14f24a 2024-03-23 dv <li>Corrected handling of CPUID 0xd subleaves
181 7b14f24a 2024-03-23 dv <li>Added additional use of VERW and register clobbering to mitigate RFDS
182 7b14f24a 2024-03-23 dv vulnerabilities on Intel Atom cores.
183 57d3a05c 2024-03-02 benno </ul>
184 57d3a05c 2024-03-02 benno
185 57d3a05c 2024-03-02 benno <li>Various new userland features:
186 57d3a05c 2024-03-02 benno <ul>
187 1512fccd 2024-03-31 otto <li>Made <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> save
188 1512fccd 2024-03-31 otto backtraces to show in leak dump with depth of backtrace set via malloc
189 1512fccd 2024-03-31 otto option D (aka 1), 2, 3 or 4.
190 d84d45fe 2024-03-29 benno <li>Added support for <a
191 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/cksum.1">cksum(1)</a> -c checking base64
192 d84d45fe 2024-03-29 benno digests in reverse mode.
193 d84d45fe 2024-03-29 benno <li>Added <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> [-p
194 d84d45fe 2024-03-29 benno program] to filter dumps by basename.
195 d84d45fe 2024-03-29 benno <li>Made <a href="https://man.openbsd.org/ps.1">ps(1)</a> accept numerical user IDs.
196 9489e264 2024-03-31 benno <li>Built and provide the tzdata.zi and leap-seconds.list files from
197 9489e264 2024-03-31 benno zoneinfo. Some third-party software now expects these files to be
198 e91f99b6 2024-03-31 benno installed. Provide the zonenow.tab file, a table where each row
199 e91f99b6 2024-03-31 benno stands for a timezone where civil timestamps are predicted to agree
200 e91f99b6 2024-03-31 benno from now on.
201 9489e264 2024-03-31 benno <li>Added basic write support for <a
202 9489e264 2024-03-31 benno href="https://man.openbsd.org/pax.1">pax(1)</a> format archives.
203 9489e264 2024-03-31 benno <li>Added 'pax' format support for files over 8GB to <a
204 9489e264 2024-03-31 benno href="https://man.openbsd.org/tar.1">tar(1)</a>.
205 9489e264 2024-03-31 benno <li>Added 'pax' format support for mtime and atime to <a
206 9489e264 2024-03-31 benno href="https://man.openbsd.org/tar.1">tar(1)</a>.
207 9489e264 2024-03-31 benno <li>Extended <a href="https://man.openbsd.org/imsg_init.3">imsg</a>
208 9489e264 2024-03-31 benno and the <a href="https://man.openbsd.org/ibuf_add.3">ibuf</a> buffer
209 aa928925 2024-03-31 jsg manipulation API with useful getter methods. Unified file descriptor
210 e91f99b6 2024-03-31 benno passing in all imsg using programs with the use of the imsg_get_fd()
211 e91f99b6 2024-03-31 benno function.
212 e91f99b6 2024-03-31 benno <li>Added <a
213 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/mkdtemps.3">mkdtemps(3)</a>, identical
214 e91f99b6 2024-03-31 benno to <a href="https://man.openbsd.org/mkdtemp.3">mkdtemp(3)</a> except
215 e91f99b6 2024-03-31 benno that it permits a suffix to exist in the template.
216 e91f99b6 2024-03-31 benno <li>Added <a href="https://man.openbsd.org/mktemp.1">mktemp(1)</a>
217 e91f99b6 2024-03-31 benno suffix support for compatibility with the GNU version. It is now
218 e91f99b6 2024-03-31 benno possible to use templates where the Xs are not at the end.
219 57d3a05c 2024-03-02 benno </ul>
220 57d3a05c 2024-03-02 benno
221 57d3a05c 2024-03-02 benno <li>Various bugfixes and tweaks in userland:
222 57d3a05c 2024-03-02 benno <ul>
223 d84d45fe 2024-03-29 benno <li>Silenced list of specific firmware not needing update in <a
224 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
225 d84d45fe 2024-03-29 benno <li>Improved <a href="https://man.openbsd.org/ls.1">ls(1)</a> horizontal alignment in long format.
226 d84d45fe 2024-03-29 benno <li>Added <a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a> retry on empty passphrase.
227 d84d45fe 2024-03-29 benno <li>Fixed <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in
228 d84d45fe 2024-03-29 benno <a href="https://man.openbsd.org/patch.1">patch(1)</a> with explicit
229 d84d45fe 2024-03-29 benno patchfile.
230 d84d45fe 2024-03-29 benno <li>Made gnu99 the default for gcc 3.3.6 and 4.2.1 rather than defaulting to gnu89.
231 d84d45fe 2024-03-29 benno <!-- fdisk -->
232 d84d45fe 2024-03-29 benno <li>Enhanced <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> 'flag' to accept hex values.
233 d84d45fe 2024-03-29 benno <li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
234 d84d45fe 2024-03-29 benno 'flag' from altering other GPT partition attributes when flagging a
235 d84d45fe 2024-03-29 benno partition as the only bootable partition.
236 e91f99b6 2024-03-31 benno <li>Allow <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
237 e91f99b6 2024-03-31 benno add GPT partitions of protected types, making it possible to provision
238 e91f99b6 2024-03-31 benno virtual machine images that need a "BIOS Boot" partition.
239 e91f99b6 2024-03-31 benno
240 d84d45fe 2024-03-29 benno <li>Added group handling matching <a
241 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/fbtab.5">fbtab(5)</a> to xenodm.
242 9489e264 2024-03-31 benno <li>Made <a href="https://man.openbsd.org/grep.1">grep(1)</a> -m behavior match GNU grep.
243 9489e264 2024-03-31 benno <li>Tweaked the default memory limits in /etc/login.conf on several
244 b525a9d7 2024-03-31 jsg architectures to account for increased memory requirements, for
245 9489e264 2024-03-31 benno example when compiling or linking under user pbuild.
246 9489e264 2024-03-31 benno <li>Initialize all terminals with "tset -I", thereby avoiding extra
247 9489e264 2024-03-31 benno newlines to be printed.
248 9489e264 2024-03-31 benno <li>Added <a href="https://man.openbsd.org/mkhybrid.8">mkhybrid(8)</a>
249 9489e264 2024-03-31 benno '-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot
250 9489e264 2024-03-31 benno image, in addition to or instead of the x86 boot image, to the output
251 9489e264 2024-03-31 benno file.
252 9489e264 2024-03-31 benno <li>Added <a
253 9489e264 2024-03-31 benno href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>
254 9489e264 2024-03-31 benno --omit-dir-times (-O) to omit directories from --times, as well as
255 9489e264 2024-03-31 benno --no-O and --no-omit-dir-times options for compatibility.
256 9489e264 2024-03-31 benno <li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>
257 9489e264 2024-03-31 benno --omit-link-times (-J) option to omit symlinks from --times.
258 9489e264 2024-03-31 benno <li>Added accounting flag and <a
259 9489e264 2024-03-31 benno href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a> report for
260 9489e264 2024-03-31 benno <a href="https://man.openbsd.org/pinsyscalls.2">syscall pinning</a> violations.
261 9489e264 2024-03-31 benno <li>Added <a href="https://man.openbsd.org/ktrace.1">ktrace(1)</a> and
262 9489e264 2024-03-31 benno <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> support to
263 9489e264 2024-03-31 benno observe <a
264 9489e264 2024-03-31 benno href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a>
265 9489e264 2024-03-31 benno violations.
266 9489e264 2024-03-31 benno <li>Changed <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> to
267 9489e264 2024-03-31 benno avoid use of the interactive shell if -o is given.
268 9489e264 2024-03-31 benno <li>Moved non-daemon services to run in a different <a
269 9489e264 2024-03-31 benno href="https://man.openbsd.org/rc.8">rc(8)</a> process group to avoid
270 9489e264 2024-03-31 benno SIGHUP at boot.
271 e91f99b6 2024-03-31 benno <li>Changed <a
272 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> to only load the first libc version encountered
273 e91f99b6 2024-03-31 benno requested and substituting it for all further loads, ensuring that the
274 e91f99b6 2024-03-31 benno libc version requested by an executable itself is the one loaded.
275 e91f99b6 2024-03-31 benno <li>Significantly (for small programs) reduce the size of statically
276 e91f99b6 2024-03-31 benno linked binaries by splitting several libc internal functions into
277 aa928925 2024-03-31 jsg separate compilation and thus linkage units. Specifically <a
278 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/getpwnam.3">getpwnam(3)</a> does not
279 e91f99b6 2024-03-31 benno need the full YP socket setup and does not use all possible <a
280 aa928925 2024-03-31 jsg href="https://man.openbsd.org/dbopen.3">dbopen(3)</a> database
281 e91f99b6 2024-03-31 benno backends.
282 e91f99b6 2024-03-31 benno <li>Added <a href="https://man.openbsd.org/vi.1">vi(1)</a>
283 e91f99b6 2024-03-31 benno showfilename set option to display the file name in the lower left
284 e91f99b6 2024-03-31 benno corner.
285 e91f99b6 2024-03-31 benno <li>Added backup of disklabel for <a
286 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/softraid.4">softraid(4)</a> chunks to <a
287 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/security.8">security(8)</a>.
288 57d3a05c 2024-03-02 benno </ul>
289 57d3a05c 2024-03-02 benno
290 57d3a05c 2024-03-02 benno <li>Improved hardware support and driver bugfixes, including:
291 57d3a05c 2024-03-02 benno <ul>
292 b2cc6aff 2024-03-26 jsg <li>New <a href="https://man.openbsd.org/arm64/ampchwm.4">ampchwm(4)</a>
293 b2cc6aff 2024-03-26 jsg driver for Ampere Altra power telemetry.
294 b2cc6aff 2024-03-26 jsg <li>New <a href="https://man.openbsd.org/rkspi.4">rkspi(4)</a>
295 b2cc6aff 2024-03-26 jsg driver for Rockchip SPI controller.
296 b2cc6aff 2024-03-26 jsg <li>Support for RK806 PMIC in
297 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>.
298 b2cc6aff 2024-03-26 jsg <li>Support for Allwinner H616 in
299 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxisyscon.4">sxisyscon(4)</a>,
300 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>,
301 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a>,
302 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sximmc.4">sximmc(4)</a> and
303 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>.
304 b2cc6aff 2024-03-26 jsg <li>Support for Allwinner D1 in
305 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxidog.4">sxidog(4)</a>,
306 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxiccmu.4">sxiccmu(4)</a>,
307 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sxipio.4">sxipio(4)</a>,
308 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/sximmc.4">sximmc(4)</a> and
309 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>.
310 b2cc6aff 2024-03-26 jsg <li>Support for Aero and Sea SAS HBAs in
311 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
312 b2cc6aff 2024-03-26 jsg <li>Support for SAS3816 and SAS3916 in
313 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/mfii.4">mfii(4)</a>.
314 d84d45fe 2024-03-29 benno <li>In <a href="https://man.openbsd.org/xbf.4">xbf(4)</a>, allowed Xen
315 d84d45fe 2024-03-29 benno to use backing store devices with 4K-byte sectors.
316 d84d45fe 2024-03-29 benno <li>Added <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a>
317 d84d45fe 2024-03-29 benno support for the Rockchip RK8602 and RK8603 voltage regulators.
318 9489e264 2024-03-31 benno <li>Support keyboard backlights on Apple Powerbooks.
319 9489e264 2024-03-31 benno <li>Added operating performance point info about each arm64 cpu and
320 9489e264 2024-03-31 benno expose the states of thermal zones as <a
321 9489e264 2024-03-31 benno href="https://man.openbsd.org/kstat.1">kstats(1)</a>.
322 9489e264 2024-03-31 benno <li>Overhauled <a
323 9489e264 2024-03-31 benno href="https://man.openbsd.org/ugold.4">ugold(4)</a> temperature sensor
324 9489e264 2024-03-31 benno identification logic and added support for additional devices.
325 9489e264 2024-03-31 benno <li>Made <a href="https://man.openbsd.org/uthum.4">uthum(4)</a>
326 9489e264 2024-03-31 benno TEMPer{1,2} devices display negative degC.
327 9489e264 2024-03-31 benno <li>Improve support for audio devices that via attach multiple <a
328 9489e264 2024-03-31 benno href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> drivers.
329 d7044b2f 2024-04-01 krw <li>In <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> don't create
330 d7044b2f 2024-04-01 krw <a href="https://man.openbsd.org/sd.4">sd(4)</a> devices larger than the namespace.
331 d7044b2f 2024-04-01 krw <li>Fix <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> decoding of status fields.
332 57d3a05c 2024-03-02 benno </ul>
333 57d3a05c 2024-03-02 benno
334 57d3a05c 2024-03-02 benno <li>New or improved network hardware support:
335 57d3a05c 2024-03-02 benno <ul>
336 379f66aa 2024-03-25 jan <li>Utilize full checksum offload capabilities of
337 379f66aa 2024-03-25 jan <a href="https://man.openbsd.org/vio.4">vio(4)</a> and
338 c5c3255f 2024-03-30 jan <a href="https://man.openbsd.org/vmx.4">vmx(4)</a>.
339 c5c3255f 2024-03-30 jan <li>TCP Segmentation Offload (TSO) is also used in
340 379f66aa 2024-03-25 jan <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> and
341 c5c3255f 2024-03-30 jan <a href="https://man.openbsd.org/em.4">em(4)</a>.
342 9489e264 2024-03-31 benno <li>Enabled TCP Segmentation Offload (TSO) in <a
343 9489e264 2024-03-31 benno href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
344 379f66aa 2024-03-25 jan <li>The Synopsys Ethernet Quality-of-Service Controller
345 379f66aa 2024-03-25 jan (<a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>) is enabled for
346 c5c3255f 2024-03-30 jan amd64.
347 b525a9d7 2024-03-31 jsg <li>Added initial support for Elkhart Lake Ethernet to <a
348 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
349 b2cc6aff 2024-03-26 jsg <li>Support for AX88179A in
350 b2cc6aff 2024-03-26 jsg <a href="https://man.openbsd.org/axen.4">axen(4)</a>.
351 c5c3255f 2024-03-30 jan <li>Intel I225 and I226 Ethernet Controller
352 c5c3255f 2024-03-30 jan <a href="https://man.openbsd.org/igc.4">igc(4)</a> enabled for
353 c5c3255f 2024-03-30 jan sparc64.
354 c5c3255f 2024-03-30 jan <li>Allwinner EMAC Ethernet Controller
355 c5c3255f 2024-03-30 jan <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> enabled for
356 c5c3255f 2024-03-30 jan riscv64.
357 d84d45fe 2024-03-29 benno <li>Corrected wrong register offset macros for <a
358 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> DMA burst length.
359 9489e264 2024-03-31 benno <li>Fixed Tx watchdog trigger and freeze in <a
360 9489e264 2024-03-31 benno href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
361 9489e264 2024-03-31 benno <li>Updated <a href="https://man.openbsd.org/rge.4">rge(4)</a>
362 9489e264 2024-03-31 benno microcode, initialization and reset behavior.
363 e91f99b6 2024-03-31 benno <li>Prevented a potential <a
364 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> crash after failure
365 e91f99b6 2024-03-31 benno to bring up a queue.
366 57d3a05c 2024-03-02 benno </ul>
367 57d3a05c 2024-03-02 benno
368 57d3a05c 2024-03-02 benno <li>Added or improved wireless network drivers:
369 57d3a05c 2024-03-02 benno <ul>
370 4bce311b 2024-03-23 stsp <li>Introduce <a href="https://man.openbsd.org/qwx.4">qwx(4)</a>,
371 4bce311b 2024-03-23 stsp a port of the Linux ath11k driver for QCNFA765 devices.
372 4bce311b 2024-03-23 stsp Available on the amd64 and arm64 platforms.
373 4bce311b 2024-03-23 stsp <li>Fix Tx rate selection for management frames in
374 4bce311b 2024-03-23 stsp <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
375 4bce311b 2024-03-23 stsp <li>Fix <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> loading the wrong
376 4bce311b 2024-03-23 stsp firmware image on some devices.
377 4bce311b 2024-03-23 stsp <li>Make <a href="https://man.openbsd.org/bfwm.4">bwfm(4)</a> work with MAC
378 4bce311b 2024-03-23 stsp addresses set via ifconfig lladdr.
379 4bce311b 2024-03-23 stsp <li>Ensure that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> uses the
380 4bce311b 2024-03-23 stsp 80MHz primary channel index announced in beacons.
381 4bce311b 2024-03-23 stsp <li>Avoid using MCS-9 in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
382 4bce311b 2024-03-23 stsp Tx rate selection if 40 MHz is disabled to prevent firmware errors.
383 4bce311b 2024-03-23 stsp <li>Ensure that <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
384 4bce311b 2024-03-23 stsp <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> devices announce VHT
385 4bce311b 2024-03-23 stsp capabilities in probe requests.
386 4bce311b 2024-03-23 stsp <li>Fix bug in <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>,
387 4bce311b 2024-03-23 stsp <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>, and
388 4bce311b 2024-03-23 stsp <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> which could result
389 4bce311b 2024-03-23 stsp in some channels missing from scan results.
390 4bce311b 2024-03-23 stsp <li>Enable <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> on the
391 4bce311b 2024-03-23 stsp arm64 platform.
392 57d3a05c 2024-03-02 benno </ul>
393 57d3a05c 2024-03-02 benno
394 57d3a05c 2024-03-02 benno <li>IEEE 802.11 wireless stack improvements and bugfixes:
395 57d3a05c 2024-03-02 benno <ul>
396 4bce311b 2024-03-23 stsp <li> Ignore 40/80 MHz wide channel configurations which do not appear
397 4bce311b 2024-03-23 stsp in the 802.11ac spec. This prevents device firmware errors which
398 4bce311b 2024-03-23 stsp occurred when an access point announced an invalid channel configuration.
399 57d3a05c 2024-03-02 benno </ul>
400 57d3a05c 2024-03-02 benno
401 57d3a05c 2024-03-02 benno <li>Installer, upgrade and bootloader improvements:
402 57d3a05c 2024-03-02 benno <ul>
403 e91f99b6 2024-03-31 benno <li>Add support for disk encryption in unattended installations with
404 e91f99b6 2024-03-31 benno <a href="https://man.openbsd.org/autoinstall.8">autoinstall(8)</a>,
405 e91f99b6 2024-03-31 benno both with a plaintext passphrase or a keydisk.
406 d84d45fe 2024-03-29 benno <li>Removed default sets answer in <a
407 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/autoinstall.8">autoinstall(8)</a>
408 d84d45fe 2024-03-29 benno response file such that it now populates only with non-defaults.
409 d84d45fe 2024-03-29 benno <li>Made <a
410 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> verify but
411 d84d45fe 2024-03-29 benno not overwrite SHA256.sig.
412 9489e264 2024-03-31 benno <li>Improved <a
413 65804062 2024-03-31 tj href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> output on
414 9489e264 2024-03-31 benno errors and improved ftp error handling.
415 d84d45fe 2024-03-29 benno <li>Added support in the installer to encrypt the root disk with a key disk.
416 d84d45fe 2024-03-29 benno <li>Prevent re-starting the automatic upgrade on octeon and
417 d84d45fe 2024-03-29 benno powerpc64, as is already done on other platforms.
418 e91f99b6 2024-03-31 benno <li>Added CD install images to arm64.
419 9489e264 2024-03-31 benno <li>Make the amd64 cdXX.iso and installXX.iso CD images bootable in
420 9489e264 2024-03-31 benno EFI mode (by creating an EFI system partition containing the EFI boot
421 9489e264 2024-03-31 benno loaders to be installed as an El Torito boot image).
422 57d3a05c 2024-03-02 benno </ul>
423 57d3a05c 2024-03-02 benno
424 57d3a05c 2024-03-02 benno <li>Security improvements:
425 57d3a05c 2024-03-02 benno <ul>
426 026d16b9 2024-03-31 benno <li>Introduce pinsyscalls(2): The kernel and <a
427 026d16b9 2024-03-31 benno href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> register the
428 026d16b9 2024-03-31 benno precise entry location of every system call used by a program, as
429 026d16b9 2024-03-31 benno described in the new ELF section .openbsd.syscalls inside ld.so and
430 026d16b9 2024-03-31 benno libc.so. ld.so uses the new syscall <a
431 026d16b9 2024-03-31 benno href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> to
432 026d16b9 2024-03-31 benno tell the kernel the precise entry location of system calls in
433 026d16b9 2024-03-31 benno libc.so.<br>
434 026d16b9 2024-03-31 benno Attempting to use a different system call entry instruction to
435 026d16b9 2024-03-31 benno perform a non-corresponding system call operation will fail and the
436 026d16b9 2024-03-31 benno process will be terminated with signal SIGABRT.
437 026d16b9 2024-03-31 benno <li>Removed support for <a
438 026d16b9 2024-03-31 benno href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the
439 026d16b9 2024-03-31 benno "indirection system call," a dangerous alternative entry point for all
440 026d16b9 2024-03-31 benno system calls.<br>
441 026d16b9 2024-03-31 benno Together with <a
442 026d16b9 2024-03-31 benno href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> this
443 aa928925 2024-03-31 jsg change makes it impossible to perform system call through any other
444 aa928925 2024-03-31 jsg way than the libc system call wrapper functions.<br>
445 026d16b9 2024-03-31 benno Users of syscall(2), such as Perl and the Go programming
446 aa928925 2024-03-31 jsg language were converted to use the libc functions.
447 d84d45fe 2024-03-29 benno <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
448 d84d45fe 2024-03-29 benno stdio before parsing pfkey messages to <a
449 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s.
450 026d16b9 2024-03-31 benno <li>Tightened the <a
451 026d16b9 2024-03-31 benno href="https://man.openbsd.org/pledge.2">pledge(2)</a> in <a
452 026d16b9 2024-03-31 benno href="https://man.openbsd.org/pax.1">pax(1)</a> in List and Append
453 026d16b9 2024-03-31 benno modes.
454 026d16b9 2024-03-31 benno <li>Created __OpenBSD versions of llvm cxa guard implementation
455 026d16b9 2024-03-31 benno using <a href="https://man.openbsd.org/futex.2">futex(2)</a> with the
456 026d16b9 2024-03-31 benno correct number of arguments and without using <a
457 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/syscall.2">syscall(2)</a>.
458 026d16b9 2024-03-31 benno <li>Improvements in Pointer Authentication (PAC) and Branch Target
459 026d16b9 2024-03-31 benno Identification (BTI) on arm64.
460 57d3a05c 2024-03-02 benno </ul>
461 57d3a05c 2024-03-02 benno
462 57d3a05c 2024-03-02 benno <li>Changes in the network stack:
463 57d3a05c 2024-03-02 benno <ul>
464 d84d45fe 2024-03-29 benno <li>Enable IPv6 support in <a
465 72a8c166 2024-03-25 bluhm href="https://man.openbsd.org/ppp.4">ppp(4)</a>
466 d84d45fe 2024-03-29 benno <li>Socket with sequenced packet type and control messages
467 72a8c166 2024-03-25 bluhm handle end of record correctly.
468 d84d45fe 2024-03-29 benno <li>The routing table has a generation number. That means
469 72a8c166 2024-03-25 bluhm cached routes at sockets will be invalidated when the routing
470 72a8c166 2024-03-25 bluhm table changes. Especially with dynamic routing daemons
471 72a8c166 2024-03-25 bluhm local connections use the up to date route.
472 d84d45fe 2024-03-29 benno <li>Route cache hits an misses are printed in
473 72a8c166 2024-03-25 bluhm <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>
474 d84d45fe 2024-03-29 benno statistics.
475 d84d45fe 2024-03-29 benno <li>Prevented <a href="https://man.openbsd.org/wg.4">wg(4)</a>
476 d84d45fe 2024-03-29 benno getting stuck on peer destruction.
477 d84d45fe 2024-03-29 benno <li>Made <a href="https://man.openbsd.org/umb.4">umb(4)</a> delete any
478 d84d45fe 2024-03-29 benno existing v4 address before setting a new one, allowing keeping of a
479 d84d45fe 2024-03-29 benno working default route when the address changes.
480 d84d45fe 2024-03-29 benno <li>Forwarded TCP LRO disabling to parent devices and disabled TCP LR0
481 d84d45fe 2024-03-29 benno on bridged <a href="https://man.openbsd.org/vlan.4">vlan(4)</a> and
482 d84d45fe 2024-03-29 benno default for <a href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a
483 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/nvgre.4">nvgre(4)</a> and <a
484 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>.
485 9489e264 2024-03-31 benno <li>Fixed race between <a
486 9489e264 2024-03-31 benno href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> destroy of
487 9489e264 2024-03-31 benno an interface and the ARP timer.
488 e91f99b6 2024-03-31 benno <li>Added statistics counters for the route cache, reporting cache
489 e91f99b6 2024-03-31 benno hits and misses. This is shown in <a
490 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/netstat.1">netstat(1)</a> with
491 e91f99b6 2024-03-31 benno <code>netstat -s</code>.
492 57d3a05c 2024-03-02 benno </ul>
493 57d3a05c 2024-03-02 benno
494 57d3a05c 2024-03-02 benno <li>The following changes were made to the <a
495 57d3a05c 2024-03-02 benno href="https://man.openbsd.org/pf.4">pf(4)</a> firewall:
496 57d3a05c 2024-03-02 benno <ul>
497 f800283e 2024-03-29 benno <li>tcpdump on <a
498 f800283e 2024-03-29 benno href="https://man.openbsd.org/pflog.4">pflog(4)</a> interface shows
499 f800283e 2024-03-29 benno packets dropped by the default rule with the "block" action. Although
500 f800283e 2024-03-29 benno the default rules is a "pass" rule, it blocks malformed packets. Now
501 f800283e 2024-03-29 benno this is correctly logged.
502 f800283e 2024-03-29 benno <li>Adjustments to keep up firewall aware of MP related changes in
503 f800283e 2024-03-29 benno the network stack.
504 850aed87 2024-03-26 sashan <li>Fix handling of multiple <code>-K</code>(<code>-k</code>) options in
505 f800283e 2024-03-29 benno <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, so behavior
506 f800283e 2024-03-29 benno matches what's described in manual.
507 f800283e 2024-03-29 benno <li>Make <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> show
508 f800283e 2024-03-29 benno all tables in all anchors with <code>pfctl -a "*" -sT</code>.
509 d84d45fe 2024-03-29 benno <li>Added check to ensure <a
510 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> -f won't accept a
511 d84d45fe 2024-03-29 benno directory and install an empty ruleset.
512 e91f99b6 2024-03-31 benno <li>Added validation for IPv4 packet options in <a
513 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/divert.4">divert(4)</a>.
514 57d3a05c 2024-03-02 benno </ul>
515 57d3a05c 2024-03-02 benno
516 57d3a05c 2024-03-02 benno <li>Routing daemons and other userland network improvements:
517 9489e264 2024-03-31 benno <ul>
518 57d3a05c 2024-03-02 benno <li>IPsec support was improved:
519 57d3a05c 2024-03-02 benno <ul>
520 d84d45fe 2024-03-29 benno <li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a> always
521 d84d45fe 2024-03-29 benno prefer group from the initial KE payload as responder if supported.
522 9489e264 2024-03-31 benno <li>Corrected renewal of expired certificates in <a
523 9489e264 2024-03-31 benno href="https://man.openbsd.org/iked.8">iked(8)</a>.
524 e91f99b6 2024-03-31 benno <li>Added an <a href="https://man.openbsd.org/iked.8">iked(8)</a>
525 e91f99b6 2024-03-31 benno debug message when no policy is found.
526 e91f99b6 2024-03-31 benno <li>Implemented a per connection peerid for <a
527 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/iked.8">iked(8)</a> control replies.
528 e91f99b6 2024-03-31 benno <li>Made <a href="https://man.openbsd.org/iked.8">iked(8)</a>
529 e91f99b6 2024-03-31 benno trigger retransmission only for fragment 1/x to prevent each received
530 e91f99b6 2024-03-31 benno fragment triggering retransmission of the full fragment queue.
531 aa928925 2024-03-31 jsg <li>Prevent routing loops by dropping already encrypted packets that are going through <a
532 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/sec.4">sec(4)</a> again.
533 57d3a05c 2024-03-02 benno </ul>
534 57d3a05c 2024-03-02 benno
535 57d3a05c 2024-03-02 benno <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
536 57d3a05c 2024-03-02 benno <ul>
537 026d16b9 2024-03-31 benno <li>Rewrite the internal message passing mechanism to use a new
538 026d16b9 2024-03-31 benno memory-safe API.
539 026d16b9 2024-03-31 benno <li>Rewrite most protocol parsers to use the new memory-safe API.
540 026d16b9 2024-03-31 benno Convert the UPDATE parser, all of RTR, as well as both the MRT dump
541 026d16b9 2024-03-31 benno code in bgpd and the parser in bgpctl.
542 026d16b9 2024-03-31 benno <li>Improve RTR logging, error handling and version negotiation.
543 57d3a05c 2024-03-02 benno </ul>
544 57d3a05c 2024-03-02 benno
545 465887fd 2024-03-03 benno <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes:
546 57d3a05c 2024-03-02 benno <ul>
547 465887fd 2024-03-03 benno <li>Add ability to constrain an RPKI Trust Anchor's effective signing
548 465887fd 2024-03-03 benno authority to a limited set of Internet numbers. This allows Relying
549 465887fd 2024-03-03 benno Parties to enjoy the potential benefits of assuming trust, but within
550 465887fd 2024-03-03 benno a bounded scope.
551 465887fd 2024-03-03 benno <li>Following a 'failed fetch' (described in RFC 9286), emit a warning and
552 465887fd 2024-03-03 benno continue with a previously cached Manifest file.
553 465887fd 2024-03-03 benno <li>Emit a warning when the remote repository presents a Manifest with an
554 465887fd 2024-03-03 benno unexpected manifestNumber.
555 465887fd 2024-03-03 benno <li>Improved CRL extension checking.
556 465887fd 2024-03-03 benno <li>Experimental support for the P-256 signature algorithm.
557 465887fd 2024-03-03 benno <!-- 8.8. -->
558 465887fd 2024-03-03 benno <li>A failed manifest fetch could result in a NULL pointer dereference or
559 465887fd 2024-03-03 benno a use after free.
560 465887fd 2024-03-03 benno <li>Reject non-conforming RRDP delta elements that contain neither publish
561 465887fd 2024-03-03 benno nor a withdraw element and fall back to the RRDP snapshot.
562 465887fd 2024-03-03 benno <li>Refactoring and minor bug fixes in the warning display functions.
563 465887fd 2024-03-03 benno <!-- 8.9 -->
564 465887fd 2024-03-03 benno <li>The handling of manifests fetched via rsync or RRDP was reworked to
565 465887fd 2024-03-03 benno fully conform to RFC 9286.
566 465887fd 2024-03-03 benno <li>Fix a race condition between closing an idle connection and scheduling a
567 465887fd 2024-03-03 benno new request on it.
568 465887fd 2024-03-03 benno <li>The evaluation time specified with -P now also applies to trust anchor
569 465887fd 2024-03-03 benno certificates.
570 465887fd 2024-03-03 benno <li>Check that the entire CMS eContent was consumed. Previously, trailing
571 465887fd 2024-03-03 benno data would be silently discarded on deserialization of products.
572 465887fd 2024-03-03 benno <li>In file mode do not consider overclaiming intermediate CA certificates
573 465887fd 2024-03-03 benno as invalid. OAA warning is still issued.
574 465887fd 2024-03-03 benno <li>Print the revocation time of certificates in file mode.
575 465887fd 2024-03-03 benno <li>Be more careful when converting OpenSSL numeric identifiers (NIDs)
576 465887fd 2024-03-03 benno to strings.
577 465887fd 2024-03-03 benno <!-- 9.0 -->
578 465887fd 2024-03-03 benno <li>Added support for RPKI Signed Prefix Lists.
579 465887fd 2024-03-03 benno <li>Added an -x flag to opt into parsing and evaluation of file types that are
580 465887fd 2024-03-03 benno still considered experimental.
581 465887fd 2024-03-03 benno <li>Added a metric to track the number of new files that were moved to the
582 465887fd 2024-03-03 benno validated cache.
583 465887fd 2024-03-03 benno <li>Ensure that the FileAndHashes list in a Manifest contains no duplicate
584 465887fd 2024-03-03 benno file names and no duplicate hashes.
585 57d3a05c 2024-03-02 benno </ul>
586 57d3a05c 2024-03-02 benno
587 57d3a05c 2024-03-02 benno <li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
588 57d3a05c 2024-03-02 benno <ul>
589 2cfa6345 2024-03-13 op <li>Add <code>Message-Id</code> as needed for messages received on
590 2cfa6345 2024-03-13 op the submission port.
591 2cfa6345 2024-03-13 op <li>Added support for RFC 7505 "Null MX" handling and treat
592 2cfa6345 2024-03-13 op an MX of "localhost" as it were a "Null MX".
593 2cfa6345 2024-03-13 op <li>Allow inline tables and filter listings in
594 2cfa6345 2024-03-13 op <a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>
595 2cfa6345 2024-03-13 op to span over multiple lines.
596 2cfa6345 2024-03-13 op <li>Enabled <abbr title="Delivery Status Notification">DSN</abbr>
597 2cfa6345 2024-03-13 op for the implicit socket too.
598 2cfa6345 2024-03-13 op <li>Added the
599 2cfa6345 2024-03-13 op <a href="https://man.openbsd.org/smtpd.conf.5#no-dsn~2">no-dsn</a>
600 2cfa6345 2024-03-13 op option for <code>listen on socket</code> too.
601 2cfa6345 2024-03-13 op <li>Reject headers that start with a space or a tab.
602 2cfa6345 2024-03-13 op <li>Fixed parsing of the <code>ORCPT</code> parameter.
603 2cfa6345 2024-03-13 op <li>Fixed table lookups of IPv6 addresses.
604 2cfa6345 2024-03-13 op <li>Fixed handling of escape characters in To, From and Cc headers.
605 2cfa6345 2024-03-13 op <li>Run <abbr title="Local Mail Transfer Protocol">LMTP</abbr>
606 2cfa6345 2024-03-13 op deliveries as the recipient user again.
607 2cfa6345 2024-03-13 op <li>Disallow custom commands and file reading in root's
608 2cfa6345 2024-03-13 op <code>.forward</code> file.
609 2cfa6345 2024-03-13 op <li>Do not process other users <code>.forward</code> files when
610 2cfa6345 2024-03-13 op an alternate delivery user is provided in a dispatcher.
611 2cfa6345 2024-03-13 op <li>Unify the <a href="https://man.openbsd.org/table.5">table(5)</a>
612 2cfa6345 2024-03-13 op parser used in
613 2cfa6345 2024-03-13 op <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> and
614 2cfa6345 2024-03-13 op <a href="https://man.openbsd.org/makemap.8">makemap(8)</a>.
615 2cfa6345 2024-03-13 op <li>Allow to use <a href="https://man.openbsd.org/table.5">table(5)</a>
616 2cfa6345 2024-03-13 op mappings on various match constraints.
617 57d3a05c 2024-03-02 benno </ul>
618 9489e264 2024-03-31 benno <!-- OTHER -->
619 57d3a05c 2024-03-02 benno <li>Many other changes in various network programs and libraries:
620 57d3a05c 2024-03-02 benno <ul>
621 9489e264 2024-03-31 benno <!-- syslogd -->
622 72a8c166 2024-03-25 bluhm <li>If a DNS name is configured as remote syslog server,
623 d84d45fe 2024-03-29 benno <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
624 d84d45fe 2024-03-29 benno retries to resolve the loghost name periodically until it succeeds.
625 d84d45fe 2024-03-29 benno UDP packets that get lost during that period are counted and
626 d84d45fe 2024-03-29 benno logged later.
627 d84d45fe 2024-03-29 benno <li>Added counting of dropped UDP packets to <a
628 d84d45fe 2024-03-29 benno href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>.
629 9489e264 2024-03-31 benno <li>Prevented use after free of TLS context at <a
630 9489e264 2024-03-31 benno href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> shutdown.
631 9489e264 2024-03-31 benno <!-- dhcp -->
632 d84d45fe 2024-03-29 benno <li>Introduced <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>
633 d84d45fe 2024-03-29 benno log output to stderr and '-v' option to make this output more verbose.
634 9489e264 2024-03-31 benno <li>In <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, made <a
635 9489e264 2024-03-31 benno href="https://man.openbsd.org/dhcp-options.5">dhcp-options(5)</a>
636 9489e264 2024-03-31 benno recognize option ipv6-only-preferred (RFC8925).
637 9489e264 2024-03-31 benno <li>Allowed <a
638 9489e264 2024-03-31 benno href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> to
639 9489e264 2024-03-31 benno request "IPv6-only preferred" and deconfigure IPv4 on the interface if
640 9489e264 2024-03-31 benno the server replies with this option.
641 9489e264 2024-03-31 benno <!-- more -->
642 d84d45fe 2024-03-29 benno <li>Fixed <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>
643 d84d45fe 2024-03-29 benno to properly fixup MPPE-{Send,Recv}-Key and Tunnel-Password attributes of the
644 d84d45fe 2024-03-29 benno response.
645 e91f99b6 2024-03-31 benno <li>Added nochroot parameter to <a
646 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>
647 e91f99b6 2024-03-31 benno module_drop_privilege() so that modules can use <a
648 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/unveil.2">unveil(2)</a> instead of <a
649 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/chroot.2">chroot(2)</a> if needed.
650 9489e264 2024-03-31 benno <li>Ensured correct denominators when converting NTP fixed point
651 9489e264 2024-03-31 benno values to double and vice-versa in <a
652 9489e264 2024-03-31 benno href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
653 e91f99b6 2024-03-31 benno <li>In the resolver, do not short-circuit resolution of localhost
654 e91f99b6 2024-03-31 benno when AI_NUMERICHOST is set. Ensure that a proper string is returned by <a
655 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> when
656 e91f99b6 2024-03-31 benno AI_CANONNAME or AI_FQDN is set.
657 9489e264 2024-03-31 benno <li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
658 9489e264 2024-03-31 benno support for specifying ports on the src address in tunnel endpoints of
659 9489e264 2024-03-31 benno <a href="https://man.openbsd.org/gif.4">gif(4)</a>, <a
660 9489e264 2024-03-31 benno href="https://man.openbsd.org/gre.4">gre(4)</a> and related
661 9489e264 2024-03-31 benno tunnel interfaces.
662 9489e264 2024-03-31 benno <li>Added an <a
663 9489e264 2024-03-31 benno href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> endpoint
664 9489e264 2024-03-31 benno command for "bridges" that use addresses as endpoints, usable to add
665 9489e264 2024-03-31 benno static entries on interfaces like <a
666 9489e264 2024-03-31 benno href="https://man.openbsd.org/vxlan.4">vxlan(4)</a>.
667 9489e264 2024-03-31 benno <li>Tightened up <a
668 b525a9d7 2024-03-31 jsg href="https://man.openbsd.org/relayd.8">relayd(8)</a> HTTP header parsing.
669 9489e264 2024-03-31 benno <li>Deferred <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
670 9489e264 2024-03-31 benno relay_read_http header parsing until after line continuation,
671 9489e264 2024-03-31 benno preventing potential request smuggling attacks.
672 9489e264 2024-03-31 benno <li>Improved <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
673 9489e264 2024-03-31 benno auto-index, adding human-readable file sizes and allowing per-column
674 9489e264 2024-03-31 benno sorting.
675 e91f99b6 2024-03-31 benno <li>Switched to using whois.internic.net for <a
676 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/whois.1">whois(1)</a> -i.
677 57d3a05c 2024-03-02 benno </ul>
678 9489e264 2024-03-31 benno </ul><!-- Routing daemons and other userland network improvements -->
679 57d3a05c 2024-03-02 benno
680 57d3a05c 2024-03-02 benno <li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes:
681 57d3a05c 2024-03-02 benno <ul>
682 d84d45fe 2024-03-29 benno <li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> unzoom
683 d84d45fe 2024-03-29 benno a window at the start of destroy so it doesn't happen later after the
684 d84d45fe 2024-03-29 benno layout has been freed.
685 d84d45fe 2024-03-29 benno <li>Prevented <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> use
686 d84d45fe 2024-03-29 benno of combined UTF-8 characters that are too long.
687 9489e264 2024-03-31 benno <li>Corrected <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
688 9489e264 2024-03-31 benno handling of window ops with no pane.
689 9489e264 2024-03-31 benno <li>Removed flags from the prefix before comparing with the received
690 9489e264 2024-03-31 benno key so that <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
691 9489e264 2024-03-31 benno modifier keys with flags work correctly.
692 e91f99b6 2024-03-31 benno <li>Increased buffer size to avoid truncating styles in <a
693 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
694 e91f99b6 2024-03-31 benno <li>Added two new values for the <a
695 e91f99b6 2024-03-31 benno href="https://man.openbsd.org/tmux.1">tmux(1)</a> destroy-unattached
696 e91f99b6 2024-03-31 benno option to destroy sessions only if they are not members of sessions
697 e91f99b6 2024-03-31 benno groups.
698 57d3a05c 2024-03-02 benno </ul>
699 57d3a05c 2024-03-02 benno
700 e22b8e5f 2024-03-09 tb <li>LibreSSL version 3.9.0
701 57d3a05c 2024-03-02 benno <ul>
702 57d3a05c 2024-03-02 benno <li>Portable changes
703 57d3a05c 2024-03-02 benno <ul>
704 e22b8e5f 2024-03-09 tb <li>libcrypto no longer exports compat symbols in cmake builds.
705 e22b8e5f 2024-03-09 tb <li>Most compatibility symbols are prefixed with <code>libressl_</code>
706 e22b8e5f 2024-03-09 tb to avoid symbol clashes in static links.
707 e22b8e5f 2024-03-09 tb <li>Fixed various warnings on Windows.
708 e22b8e5f 2024-03-09 tb <li>Removed assert pop-ups with Windows debug builds.
709 e22b8e5f 2024-03-09 tb <li>Fixed crashes and hangs in Windows ARM64 builds.
710 e22b8e5f 2024-03-09 tb <li>Improved control-flow enforcement (CET) support.
711 57d3a05c 2024-03-02 benno </ul>
712 e22b8e5f 2024-03-09 tb <li>Internal improvements
713 57d3a05c 2024-03-02 benno <ul>
714 e22b8e5f 2024-03-09 tb <li>Converted uses of <code>OBJ_bsearch_()</code> to standard
715 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/bsearch">bsearch(3)</a>.
716 e22b8e5f 2024-03-09 tb <li>Greatly simplified <code>by_file_ctrl()</code>.
717 e22b8e5f 2024-03-09 tb <li>Simplified and cleaned up the OBJ_ API.
718 e22b8e5f 2024-03-09 tb <li>Cleaned up the <a href="https://man.openbsd.org/EVP_CipherInit">EVP_Cipher{Init,Update,Final}(3)</a> implementations.
719 e22b8e5f 2024-03-09 tb <li>Removed unused function pointers from X.509 stores and contexts.
720 e22b8e5f 2024-03-09 tb <li>A lot of cleanup and reorganization in EVP.
721 e22b8e5f 2024-03-09 tb <li>Removed all remaining <code>ENGINE</code> tentacles.
722 e22b8e5f 2024-03-09 tb <li>Simplified internals of <code>X509_TRUST</code> handling.
723 e22b8e5f 2024-03-09 tb <li>Made deletion from a <a href="https://man.openbsd.org/lh_delete">lhash</a>
724 e22b8e5f 2024-03-09 tb doall callback safe.
725 e22b8e5f 2024-03-09 tb <li>Rewrote <a href="https://man.openbsd.org/BIO_dump">BIO_dump*(3)</a> internals
726 e22b8e5f 2024-03-09 tb to be less bad.
727 57d3a05c 2024-03-02 benno </ul>
728 e22b8e5f 2024-03-09 tb <li>Documentation improvements
729 57d3a05c 2024-03-02 benno <ul>
730 e22b8e5f 2024-03-09 tb <li><code>ENGINE</code> documentation was updated to reflect reality.
731 e22b8e5f 2024-03-09 tb <li>Made EVP API documentation more accurate and less incoherent.
732 e22b8e5f 2024-03-09 tb <li>Call out some shortcomings of the <code>EC_KEY_set_*</code> API explicitly.
733 57d3a05c 2024-03-02 benno </ul>
734 e22b8e5f 2024-03-09 tb <li>Testing and proactive security
735 57d3a05c 2024-03-02 benno <ul>
736 e22b8e5f 2024-03-09 tb <li>Bug fixes and simplifications in the Wycheproof tests.
737 e22b8e5f 2024-03-09 tb </ul>
738 e22b8e5f 2024-03-09 tb <li>Compatibility changes
739 e22b8e5f 2024-03-09 tb <ul>
740 e22b8e5f 2024-03-09 tb <li>Added ChaCha20 and chacha20 aliases for ChaCha.
741 e22b8e5f 2024-03-09 tb <li><a href="https://man.openbsd.org/SSL_library_init">SSL_library_init(3)</a>
742 e22b8e5f 2024-03-09 tb now has the same effect as OPENSSL_init_ssl().
743 e22b8e5f 2024-03-09 tb <li><code>EVP_add_{cipher,digest}()</code> were removed. From the <code>OBJ_NAME</code> API,
744 e22b8e5f 2024-03-09 tb only <a href="https://man.openbsd.org/OBJ_NAME_do_all">OBJ_NAME_do_all*()</a> remain.
745 e22b8e5f 2024-03-09 tb In particular, it is no longer possible to add aliases for ciphers and digests.
746 e22b8e5f 2024-03-09 tb <li>The thread unsafe global tables are no longer supported. It is no
747 e22b8e5f 2024-03-09 tb longer possible to add aliases for ciphers and digests, custom ASN.1
748 e22b8e5f 2024-03-09 tb strings table entries, ASN.1 methods, PKEY methods, digest methods,
749 e22b8e5f 2024-03-09 tb CRL methods, purpose and trust identifiers, or X.509 extensions.
750 e22b8e5f 2024-03-09 tb <li>Removed the _cb() and _fp() versions of
751 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/BIO_dump">BIO_dump{,_indent}()</a>.
752 e22b8e5f 2024-03-09 tb <li><code>BIO_set()</code> was removed.
753 e22b8e5f 2024-03-09 tb <li><code>BIO_{sn,v,vsn}printf()</code> were removed.
754 e22b8e5f 2024-03-09 tb <li>Turn the long dysfunctional
755 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/openssl(1)">openssl(1)</a>
756 e22b8e5f 2024-03-09 tb <code>s_client -pause</code> into a noop.
757 e22b8e5f 2024-03-09 tb <li><a href="https://man.openbsd.org/openssl(1)">openssl(1)</a> <code>x509</code>
758 e22b8e5f 2024-03-09 tb now supports <code>-new</code>, <code>-force_pubkey</code>, <code>-multivalue-rdn</code>,
759 e22b8e5f 2024-03-09 tb <code>-set_issuer</code> <code>-set_subject</code>, and <code>-utf8</code>.
760 e22b8e5f 2024-03-09 tb <li>Support ECDSA with SHA-3 signature algorithms.
761 e22b8e5f 2024-03-09 tb <li>Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF.
762 e22b8e5f 2024-03-09 tb <li>GOST and STREEBOG support was removed.
763 e22b8e5f 2024-03-09 tb <li><code>CRYPTO_THREADID</code>, <code>_LHASH</code>, <code>_STACK</code> and
764 e22b8e5f 2024-03-09 tb <code>X509_PURPOSE</code> are now opaque, <code>X509_CERT_AUX</code> and
765 e22b8e5f 2024-03-09 tb <code>X509_TRUST</code> were removed from the public API.
766 e22b8e5f 2024-03-09 tb <li><a href="https://man.openbsd.org/ASN1_STRING_TABLE_get()">ASN1_STRING_TABLE_get(3)</a>
767 e22b8e5f 2024-03-09 tb and <a href="https://man.openbsd.org/X509_PURPOSE_get0">X509_PURPOSE_get0*(3)</a> now
768 e22b8e5f 2024-03-09 tb return const pointers.
769 e22b8e5f 2024-03-09 tb <li><code>EVP_{CIPHER,MD}_CTX_init()</code>'s signatures and semantics now match
770 e22b8e5f 2024-03-09 tb OpenSSL's behavior.
771 e22b8e5f 2024-03-09 tb <li><code>sk_find_ex()</code> and <code>OBJ_bsearch_()</code> were removed.
772 e22b8e5f 2024-03-09 tb <li><a href="https://man.openbsd.org/CRYPTO_malloc">CRYPTO_malloc(3)</a> was fixed to use
773 e22b8e5f 2024-03-09 tb <code>size_t</code> argument. <code>CRYPTO_malloc()</code>
774 e22b8e5f 2024-03-09 tb and <code>CRYPTO_free()</code> now accept file and line arguments.
775 e22b8e5f 2024-03-09 tb <li>A lot of decrepit CRYPTO memory API was removed.
776 57d3a05c 2024-03-02 benno </ul>
777 57d3a05c 2024-03-02 benno <li>Bug fixes
778 57d3a05c 2024-03-02 benno <ul>
779 e22b8e5f 2024-03-09 tb <li>Fixed aliasing issues in <code>BN_mod_exp_simple()</code> and <code>BN_mod_exp_recp()</code>.
780 e22b8e5f 2024-03-09 tb <li>Fixed numerous misuses of
781 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/X509_ALGOR_set0">X509_ALGOR_set0(3)</a>
782 e22b8e5f 2024-03-09 tb resulting in leaks and potentially incorrect encodings.
783 e22b8e5f 2024-03-09 tb <li>Fixed potential double free in
784 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/X509v3_asid_add_id_or_range">X509v3_asid_add_id_or_range(3)</a>.
785 e22b8e5f 2024-03-09 tb <li>Stopped using <code>ASN1_time_parse()</code> outside of libcrypto.
786 e22b8e5f 2024-03-09 tb <li>Prepared <a href="https://man.openbsd.org/OPENSSL_gmtime">OPENSSL_gmtime(3)</a> and
787 e22b8e5f 2024-03-09 tb <a href="https://man.openbsd.org/OPENSSL_timegm">OPENSSL_timegm(3)</a> as public API
788 e22b8e5f 2024-03-09 tb wrappers of internal functions compatible with BoringSSL API.
789 e22b8e5f 2024-03-09 tb <li>Removed <code>print_bin()</code> to avoid overwriting the stack with 5 bytes
790 e22b8e5f 2024-03-09 tb of <code>&quot;&nbsp;&quot;</code> when ECPK parameters are printed with large
791 e22b8e5f 2024-03-09 tb indentation.
792 e22b8e5f 2024-03-09 tb <li>Avoid a <code>NULL</code> dereference after memory allocation failure during TLS
793 e22b8e5f 2024-03-09 tb version downgrade.
794 e22b8e5f 2024-03-09 tb <li>Fixed various bugs in CMAC internals.
795 e22b8e5f 2024-03-09 tb <li>Fixed 4-byte overreads in GHASH assembly on amd64 and i386.
796 e22b8e5f 2024-03-09 tb <li>Fixed various NULL dereferences in PKCS #12 code due to mishandling
797 e22b8e5f 2024-03-09 tb of OPTIONAL content in PKCS #7 ContentInfo.
798 e22b8e5f 2024-03-09 tb <li>Aligned <a href="https://man.openbsd.org/SSL_shutdown">SSL_shutdown(3)</a>
799 e22b8e5f 2024-03-09 tb behavior in TLSv1.3 with the legacy stack.
800 e22b8e5f 2024-03-09 tb <li>Fixed the new X.509 verifier to find trust anchors in the trusted
801 e22b8e5f 2024-03-09 tb stack.
802 57d3a05c 2024-03-02 benno </ul>
803 57d3a05c 2024-03-02 benno </ul>
804 57d3a05c 2024-03-02 benno
805 7f28ae08 2024-03-23 djm <li>OpenSSH 9.6 and OpenSSH 9.7
806 57d3a05c 2024-03-02 benno <ul>
807 7f28ae08 2024-03-23 djm <li>Security fixes
808 57d3a05c 2024-03-02 benno <ul>
809 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: implement protocol extensions to thwart the
810 7f28ae08 2024-03-23 djm so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
811 7f28ae08 2024-03-23 djm Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
812 7f28ae08 2024-03-23 djm limited break of the integrity of the early encrypted SSH transport
813 7f28ae08 2024-03-23 djm protocol by sending extra messages prior to the commencement of
814 7f28ae08 2024-03-23 djm encryption, and deleting an equal number of consecutive messages
815 7f28ae08 2024-03-23 djm immediately after encryption starts. A peer SSH client/server
816 7f28ae08 2024-03-23 djm would not be able to detect that messages were deleted.
817 7f28ae08 2024-03-23 djm
818 7f28ae08 2024-03-23 djm <br>While cryptographically novel, the security impact of this attack
819 7f28ae08 2024-03-23 djm is fortunately very limited as it only allows deletion of
820 7f28ae08 2024-03-23 djm consecutive messages, and deleting most messages at this stage of
821 e033ad94 2024-03-24 gnezdo the protocol prevents user authentication from proceeding and
822 7f28ae08 2024-03-23 djm results in a stuck connection.
823 7f28ae08 2024-03-23 djm
824 7f28ae08 2024-03-23 djm <br>The most serious identified impact is that it lets a MITM to
825 7f28ae08 2024-03-23 djm delete the SSH2_MSG_EXT_INFO message sent before authentication
826 7f28ae08 2024-03-23 djm starts, allowing the attacker to disable a subset of the keystroke
827 7f28ae08 2024-03-23 djm timing obfuscation features introduced in OpenSSH 9.5. There is no
828 7f28ae08 2024-03-23 djm other discernable impact to session secrecy or session integrity.
829 7f28ae08 2024-03-23 djm
830 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>: when adding PKCS#11-hosted private keys while
831 7f28ae08 2024-03-23 djm specifying destination constraints, if the PKCS#11 token returned
832 7f28ae08 2024-03-23 djm multiple keys then only the first key had the constraints applied.
833 7f28ae08 2024-03-23 djm Use of regular private keys, FIDO tokens and unconstrained keys
834 7f28ae08 2024-03-23 djm are unaffected.
835 7f28ae08 2024-03-23 djm
836 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: if an invalid user or hostname that contained shell
837 7f28ae08 2024-03-23 djm metacharacters was passed to <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, and a ProxyCommand,
838 7f28ae08 2024-03-23 djm LocalCommand directive or "match exec" predicate referenced the
839 7f28ae08 2024-03-23 djm user or hostname via %u, %h or similar expansion token, then
840 7f28ae08 2024-03-23 djm an attacker who could supply arbitrary user/hostnames to <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>
841 7f28ae08 2024-03-23 djm could potentially perform command injection depending on what
842 7f28ae08 2024-03-23 djm quoting was present in the user-supplied <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> directive.
843 7f28ae08 2024-03-23 djm
844 7f28ae08 2024-03-23 djm <br>OpenSSH 9.6 now
845 7f28ae08 2024-03-23 djm bans most shell metacharacters from user and hostnames supplied
846 7f28ae08 2024-03-23 djm via the command-line. This countermeasure is not guaranteed to be
847 7f28ae08 2024-03-23 djm effective in all situations, as it is infeasible for <a href='https://man.openbsd.org/ssh.1'>ssh(1)</a> to
848 7f28ae08 2024-03-23 djm universally filter shell metacharacters potentially relevant to
849 7f28ae08 2024-03-23 djm user-supplied commands.
850 7f28ae08 2024-03-23 djm
851 7f28ae08 2024-03-23 djm <br>User/hostnames provided via <a href='https://man.openbsd.org/ssh_config.5'>ssh_config(5)</a> are not subject to these
852 7f28ae08 2024-03-23 djm restrictions, allowing configurations that use strange names to
853 7f28ae08 2024-03-23 djm continue to be used, under the assumption that the user knows what
854 7f28ae08 2024-03-23 djm they are doing in their own configuration files.
855 57d3a05c 2024-03-02 benno </ul>
856 57d3a05c 2024-03-02 benno <li>New features
857 57d3a05c 2024-03-02 benno <ul>
858 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: add a "global" ChannelTimeout type that watches
859 7f28ae08 2024-03-23 djm all open channels and will close all open channels if there is no
860 7f28ae08 2024-03-23 djm traffic on any of them for the specified interval. This is in
861 7f28ae08 2024-03-23 djm addition to the existing per-channel timeouts added recently.
862 7f28ae08 2024-03-23 djm <br>This supports situations like having both session and x11
863 7f28ae08 2024-03-23 djm forwarding channels open where one may be idle for an extended
864 7f28ae08 2024-03-23 djm period but the other is actively used. The global timeout could
865 7f28ae08 2024-03-23 djm close both channels when both have been idle for too long.
866 7f28ae08 2024-03-23 djm
867 7f28ae08 2024-03-23 djm <li>All: make DSA key support compile-time optional, defaulting to on.
868 57d3a05c 2024-03-02 benno </ul>
869 57d3a05c 2024-03-02 benno <li>Bugfixes
870 57d3a05c 2024-03-02 benno <ul>
871 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: don't append an unnecessary space to the end of subsystem
872 7f28ae08 2024-03-23 djm arguments (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3667'>bz3667</a>)
873 7f28ae08 2024-03-23 djm
874 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>: fix the multiplexing "channel proxy" mode, broken when
875 7f28ae08 2024-03-23 djm keystroke timing obfuscation was added. (<a href='https://github.com/openssh/openssh-portable/pull/463'>GHPR#463</a>)
876 7f28ae08 2024-03-23 djm
877 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh.1'>ssh(1)</a>, <a href='https://man.openbsd.org/sshd.8'>sshd(8)</a>: fix spurious configuration parsing errors when
878 7f28ae08 2024-03-23 djm options that accept array arguments are overridden (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3657'>bz3657</a>).
879 7f28ae08 2024-03-23 djm
880 7f28ae08 2024-03-23 djm <li><a href='https://man.openbsd.org/ssh-agent.1'>ssh-agent(1)</a>: fix potential spin in signal handler (<a href='https://bugzilla.mindrot.org/show_bug.cgi?id=3670'>bz3670</a>)
881 7f28ae08 2024-03-23 djm
882 7f28ae08 2024-03-23 djm <li>Many fixes to manual pages and other documentation, including
883 7f28ae08 2024-03-23 djm <a href='https://github.com/openssh/openssh-portable/pull/462'>GHPR#462</a>, <a href='https://github.com/openssh/openssh-portable/pull/454'>GHPR#454</a>, <a href='https://github.com/openssh/openssh-portable/pull/442'>GHPR#442</a> and <a href='https://github.com/openssh/openssh-portable/pull/441'>GHPR#441</a>.
884 7f28ae08 2024-03-23 djm
885 7f28ae08 2024-03-23 djm <li>Greatly improve interop testing against PuTTY.
886 57d3a05c 2024-03-02 benno </ul>
887 57d3a05c 2024-03-02 benno </ul>
888 57d3a05c 2024-03-02 benno
889 57d3a05c 2024-03-02 benno <li>Ports and packages:
890 57d3a05c 2024-03-02 benno <p>Many pre-built packages for each architecture:
891 57d3a05c 2024-03-02 benno <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
892 57d3a05c 2024-03-02 benno <ul style="column-count: 3">
893 d9f6fc44 2024-03-18 sthen <li>aarch64: 12145
894 84e91ee0 2024-03-17 naddy <li>amd64: 12309
895 dba95b4c 2024-04-22 naddy <li>arm: 8144
896 d9f6fc44 2024-03-18 sthen <li>i386: 10830
897 ab297ee2 2024-03-30 visa <li>mips64: 8674
898 73981e3e 2024-04-12 naddy <li>powerpc: 9980
899 c83ec0da 2024-03-22 sthen <li>powerpc64: 8469
900 3b4b4e5b 2024-03-30 naddy <li>riscv64: 10508
901 6bd68d6d 2024-03-21 sthen <li>sparc64: 9432
902 57d3a05c 2024-03-02 benno </ul>
903 57d3a05c 2024-03-02 benno
904 57d3a05c 2024-03-02 benno <p>Some highlights:
905 57d3a05c 2024-03-02 benno <ul style="column-count: 3"><!-- XXX all need to be checked/updated 2024-03-02 -->
906 ea4537df 2024-03-22 lteo <li>Asterisk 16.30.1, 18.21.0 and 20.6.0
907 ea4537df 2024-03-22 lteo <li>Audacity 3.4.2
908 ea4537df 2024-03-22 lteo <li>CMake 3.28.3
909 ea4537df 2024-03-22 lteo <li>Chromium 122.0.6261.111
910 ea4537df 2024-03-22 lteo <li>Emacs 29.2
911 57d3a05c 2024-03-02 benno <li>FFmpeg 4.4.4
912 57d3a05c 2024-03-02 benno <li>GCC 8.4.0 and 11.2.0
913 ea4537df 2024-03-22 lteo <li>GHC 9.6.4
914 ea4537df 2024-03-22 lteo <li>GNOME 45
915 ea4537df 2024-03-22 lteo <li>Go 1.22.1
916 ea4537df 2024-03-22 lteo <li>JDK 8u402, 11.0.22, 17.0.10 and 21.0.2
917 ea4537df 2024-03-22 lteo <li>KDE Applications 23.08.4
918 ea4537df 2024-03-22 lteo <li>KDE Frameworks 5.115.0
919 b7841b88 2024-03-23 rsadowski <li>KDE Plasma 5.27.10
920 ea4537df 2024-03-22 lteo <li>Krita 5.2.2
921 ea4537df 2024-03-22 lteo <li>LLVM/Clang 13.0.0, 16.0.6 and 17.0.6
922 ea4537df 2024-03-22 lteo <li>LibreOffice 24.2.1.2
923 57d3a05c 2024-03-02 benno <li>Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.6
924 ea4537df 2024-03-22 lteo <li>MariaDB 10.9.8
925 57d3a05c 2024-03-02 benno <li>Mono 6.12.0.199
926 ea4537df 2024-03-22 lteo <li>Mozilla Firefox 123.0.1 and ESR 115.8.0
927 ea4537df 2024-03-22 lteo <li>Mozilla Thunderbird 115.8.1
928 ea4537df 2024-03-22 lteo <li>Mutt 2.2.13 and NeoMutt 20240201
929 ea4537df 2024-03-22 lteo <li>Node.js 18.19.1
930 ea4537df 2024-03-22 lteo <li>OCaml 4.14.1
931 ea4537df 2024-03-22 lteo <li>OpenLDAP 2.6.7
932 ea4537df 2024-03-22 lteo <li>PHP 7.4.33, 8.0.30, 8.1.27, 8.2.16 and 8.3.3
933 ea4537df 2024-03-22 lteo <li>Postfix 3.8.6
934 ea4537df 2024-03-22 lteo <li>PostgreSQL 16.2
935 ea4537df 2024-03-22 lteo <li>Python 2.7.18, 3.9.18, 3.10.13 and 3.11.8
936 b7841b88 2024-03-23 rsadowski <li>Qt 5.15.12 (+ kde patches) and 6.6.1
937 ea4537df 2024-03-22 lteo <li>R 4.2.3
938 ea4537df 2024-03-22 lteo <li>Ruby 3.1.4, 3.2.3 and 3.3.0
939 ea4537df 2024-03-22 lteo <li>Rust 1.76.0
940 ea4537df 2024-03-22 lteo <li>SQLite 3.44.2
941 ea4537df 2024-03-22 lteo <li>Shotcut 23.07.29
942 ea4537df 2024-03-22 lteo <li>Sudo 1.9.15.5
943 ea4537df 2024-03-22 lteo <li>Suricata 7.0.3
944 57d3a05c 2024-03-02 benno <li>Tcl/Tk 8.5.19 and 8.6.13
945 ea4537df 2024-03-22 lteo <li>TeX Live 2023
946 ea4537df 2024-03-22 lteo <li>Vim 9.1.139 and Neovim 0.9.5
947 ea4537df 2024-03-22 lteo <li>Xfce 4.18.1
948 57d3a05c 2024-03-02 benno </ul>
949 57d3a05c 2024-03-02 benno <p>
950 57d3a05c 2024-03-02 benno
951 57d3a05c 2024-03-02 benno <li>As usual, steady improvements in manual pages and other documentation.
952 57d3a05c 2024-03-02 benno
953 57d3a05c 2024-03-02 benno <li>The system includes the following major components from outside suppliers:
954 57d3a05c 2024-03-02 benno <ul><!-- XXX all need to be checked/updated 2024-03-02 -->
955 e5f8ebc4 2024-03-09 matthieu <li>Xenocara (based on X.Org 7.7 with xserver 21.1.11 + patches,
956 e5f8ebc4 2024-03-09 matthieu freetype 2.13.0, fontconfig 2.14.2, Mesa 23.1.9, xterm 378,
957 e5f8ebc4 2024-03-09 matthieu xkeyboard-config 2.20, fonttosfnt 1.2.3 and more)
958 e5f8ebc4 2024-03-09 matthieu <li>LLVM/Clang 16.0.6 (+ patches)
959 57d3a05c 2024-03-02 benno <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
960 e5f8ebc4 2024-03-09 matthieu <li>Perl 5.36.3 (+ patches)
961 e5f8ebc4 2024-03-09 matthieu <li>NSD 4.8.0
962 57d3a05c 2024-03-02 benno <li>Unbound 1.18.0
963 14659de7 2024-04-10 sthen <li>Ncurses 6.4
964 57d3a05c 2024-03-02 benno <li>Binutils 2.17 (+ patches)
965 57d3a05c 2024-03-02 benno <li>Gdb 6.3 (+ patches)
966 e5f8ebc4 2024-03-09 matthieu <li>Awk January 22, 2024
967 e5f8ebc4 2024-03-09 matthieu <li>Expat 2.6.0
968 e5f8ebc4 2024-03-09 matthieu <li>zlib 1.3.1 (+ patches)
969 57d3a05c 2024-03-02 benno </ul>
970 57d3a05c 2024-03-02 benno
971 57d3a05c 2024-03-02 benno </ul>
972 57d3a05c 2024-03-02 benno </section>
973 57d3a05c 2024-03-02 benno
974 57d3a05c 2024-03-02 benno <hr>
975 57d3a05c 2024-03-02 benno
976 57d3a05c 2024-03-02 benno <section id=install>
977 57d3a05c 2024-03-02 benno <h3>How to install</h3>
978 57d3a05c 2024-03-02 benno <p>
979 57d3a05c 2024-03-02 benno Please refer to the following files on the mirror site for
980 57d3a05c 2024-03-02 benno extensive details on how to install OpenBSD 7.5 on your machine:
981 57d3a05c 2024-03-02 benno
982 57d3a05c 2024-03-02 benno <ul>
983 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/alpha/INSTALL.alpha">
984 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/alpha/INSTALL.alpha</a>
985 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/amd64/INSTALL.amd64">
986 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/amd64/INSTALL.amd64</a>
987 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/arm64/INSTALL.arm64">
988 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/arm64/INSTALL.arm64</a>
989 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/armv7/INSTALL.armv7">
990 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/armv7/INSTALL.armv7</a>
991 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/hppa/INSTALL.hppa">
992 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/hppa/INSTALL.hppa</a>
993 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/i386/INSTALL.i386">
994 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/i386/INSTALL.i386</a>
995 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/landisk/INSTALL.landisk">
996 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/landisk/INSTALL.landisk</a>
997 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/loongson/INSTALL.loongson">
998 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/loongson/INSTALL.loongson</a>
999 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/luna88k/INSTALL.luna88k">
1000 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/luna88k/INSTALL.luna88k</a>
1001 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/macppc/INSTALL.macppc">
1002 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/macppc/INSTALL.macppc</a>
1003 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/octeon/INSTALL.octeon">
1004 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/octeon/INSTALL.octeon</a>
1005 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/powerpc64/INSTALL.powerpc64">
1006 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/powerpc64/INSTALL.powerpc64</a>
1007 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/riscv64/INSTALL.riscv64">
1008 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/riscv64/INSTALL.riscv64</a>
1009 57d3a05c 2024-03-02 benno <li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.5/sparc64/INSTALL.sparc64">
1010 57d3a05c 2024-03-02 benno .../OpenBSD/7.5/sparc64/INSTALL.sparc64</a>
1011 57d3a05c 2024-03-02 benno </ul>
1012 57d3a05c 2024-03-02 benno </section>
1013 57d3a05c 2024-03-02 benno
1014 57d3a05c 2024-03-02 benno <hr>
1015 57d3a05c 2024-03-02 benno
1016 57d3a05c 2024-03-02 benno <section id=quickinstall>
1017 57d3a05c 2024-03-02 benno <p>
1018 57d3a05c 2024-03-02 benno Quick installer information for people familiar with OpenBSD, and the use of
1019 57d3a05c 2024-03-02 benno the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
1020 57d3a05c 2024-03-02 benno If you are at all confused when installing OpenBSD, read the relevant
1021 57d3a05c 2024-03-02 benno INSTALL.* file as listed above!
1022 57d3a05c 2024-03-02 benno
1023 57d3a05c 2024-03-02 benno <h3>OpenBSD/alpha:</h3>
1024 57d3a05c 2024-03-02 benno
1025 57d3a05c 2024-03-02 benno <p>
1026 57d3a05c 2024-03-02 benno If your machine can boot from CD, you can write <i>install75.iso</i> or
1027 57d3a05c 2024-03-02 benno <i>cd75.iso</i> to a CD and boot from it.
1028 57d3a05c 2024-03-02 benno Refer to INSTALL.alpha for more details.
1029 57d3a05c 2024-03-02 benno
1030 57d3a05c 2024-03-02 benno <h3>OpenBSD/amd64:</h3>
1031 57d3a05c 2024-03-02 benno
1032 57d3a05c 2024-03-02 benno <p>
1033 57d3a05c 2024-03-02 benno If your machine can boot from CD, you can write <i>install75.iso</i> or
1034 57d3a05c 2024-03-02 benno <i>cd75.iso</i> to a CD and boot from it.
1035 57d3a05c 2024-03-02 benno You may need to adjust your BIOS options first.
1036 57d3a05c 2024-03-02 benno
1037 57d3a05c 2024-03-02 benno <p>
1038 57d3a05c 2024-03-02 benno If your machine can boot from USB, you can write <i>install75.img</i> or
1039 57d3a05c 2024-03-02 benno <i>miniroot75.img</i> to a USB stick and boot from it.
1040 57d3a05c 2024-03-02 benno
1041 57d3a05c 2024-03-02 benno <p>
1042 57d3a05c 2024-03-02 benno If you can't boot from a CD, floppy disk, or USB,
1043 57d3a05c 2024-03-02 benno you can install across the network using PXE as described in the included
1044 57d3a05c 2024-03-02 benno INSTALL.amd64 document.
1045 57d3a05c 2024-03-02 benno
1046 57d3a05c 2024-03-02 benno <p>
1047 57d3a05c 2024-03-02 benno If you are planning to dual boot OpenBSD with another OS, you will need to
1048 57d3a05c 2024-03-02 benno read INSTALL.amd64.
1049 57d3a05c 2024-03-02 benno
1050 57d3a05c 2024-03-02 benno <h3>OpenBSD/arm64:</h3>
1051 57d3a05c 2024-03-02 benno
1052 57d3a05c 2024-03-02 benno <p>
1053 375b0c95 2024-03-22 jsg If your machine can boot from CD, you can write <i>install75.iso</i> or
1054 375b0c95 2024-03-22 jsg <i>cd75.iso</i> to a CD and boot from it.
1055 375b0c95 2024-03-22 jsg
1056 375b0c95 2024-03-22 jsg <p>
1057 375b0c95 2024-03-22 jsg To boot from disk, write <i>install75.img</i> or <i>miniroot75.img</i> to a
1058 375b0c95 2024-03-22 jsg disk and boot from it after connecting to the serial console. Refer to
1059 375b0c95 2024-03-22 jsg INSTALL.arm64 for more details.
1060 57d3a05c 2024-03-02 benno
1061 57d3a05c 2024-03-02 benno <h3>OpenBSD/armv7:</h3>
1062 57d3a05c 2024-03-02 benno
1063 57d3a05c 2024-03-02 benno <p>
1064 57d3a05c 2024-03-02 benno Write a system specific miniroot to an SD card and boot from it after connecting
1065 57d3a05c 2024-03-02 benno to the serial console. Refer to INSTALL.armv7 for more details.
1066 57d3a05c 2024-03-02 benno
1067 57d3a05c 2024-03-02 benno <h3>OpenBSD/hppa:</h3>
1068 57d3a05c 2024-03-02 benno
1069 57d3a05c 2024-03-02 benno <p>
1070 57d3a05c 2024-03-02 benno Boot over the network by following the instructions in INSTALL.hppa or the
1071 57d3a05c 2024-03-02 benno <a href="hppa.html#install">hppa platform page</a>.
1072 57d3a05c 2024-03-02 benno
1073 57d3a05c 2024-03-02 benno <h3>OpenBSD/i386:</h3>
1074 57d3a05c 2024-03-02 benno
1075 57d3a05c 2024-03-02 benno <p>
1076 57d3a05c 2024-03-02 benno If your machine can boot from CD, you can write <i>install75.iso</i> or
1077 57d3a05c 2024-03-02 benno <i>cd75.iso</i> to a CD and boot from it.
1078 57d3a05c 2024-03-02 benno You may need to adjust your BIOS options first.
1079 57d3a05c 2024-03-02 benno
1080 57d3a05c 2024-03-02 benno <p>
1081 57d3a05c 2024-03-02 benno If your machine can boot from USB, you can write <i>install75.img</i> or
1082 57d3a05c 2024-03-02 benno <i>miniroot75.img</i> to a USB stick and boot from it.
1083 57d3a05c 2024-03-02 benno
1084 57d3a05c 2024-03-02 benno <p>
1085 57d3a05c 2024-03-02 benno If you can't boot from a CD, floppy disk, or USB,
1086 57d3a05c 2024-03-02 benno you can install across the network using PXE as described in
1087 57d3a05c 2024-03-02 benno the included INSTALL.i386 document.
1088 57d3a05c 2024-03-02 benno
1089 57d3a05c 2024-03-02 benno <p>
1090 57d3a05c 2024-03-02 benno If you are planning on dual booting OpenBSD with another OS, you will need to
1091 57d3a05c 2024-03-02 benno read INSTALL.i386.
1092 57d3a05c 2024-03-02 benno
1093 57d3a05c 2024-03-02 benno <h3>OpenBSD/landisk:</h3>
1094 57d3a05c 2024-03-02 benno
1095 57d3a05c 2024-03-02 benno <p>
1096 57d3a05c 2024-03-02 benno Write <i>miniroot75.img</i> to the start of the CF
1097 57d3a05c 2024-03-02 benno or disk, and boot normally.
1098 57d3a05c 2024-03-02 benno
1099 57d3a05c 2024-03-02 benno <h3>OpenBSD/loongson:</h3>
1100 57d3a05c 2024-03-02 benno
1101 57d3a05c 2024-03-02 benno <p>
1102 57d3a05c 2024-03-02 benno Write <i>miniroot75.img</i> to a USB stick and boot bsd.rd from it
1103 57d3a05c 2024-03-02 benno or boot bsd.rd via tftp.
1104 57d3a05c 2024-03-02 benno Refer to the instructions in INSTALL.loongson for more details.
1105 57d3a05c 2024-03-02 benno
1106 57d3a05c 2024-03-02 benno <h3>OpenBSD/luna88k:</h3>
1107 57d3a05c 2024-03-02 benno
1108 57d3a05c 2024-03-02 benno <p>
1109 57d3a05c 2024-03-02 benno Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1110 57d3a05c 2024-03-02 benno from the PROM, and then bsd.rd from the bootloader.
1111 57d3a05c 2024-03-02 benno Refer to the instructions in INSTALL.luna88k for more details.
1112 57d3a05c 2024-03-02 benno
1113 57d3a05c 2024-03-02 benno <h3>OpenBSD/macppc:</h3>
1114 57d3a05c 2024-03-02 benno
1115 57d3a05c 2024-03-02 benno <p>
1116 57d3a05c 2024-03-02 benno Burn the image from a mirror site to a CDROM, and power on your machine
1117 57d3a05c 2024-03-02 benno while holding down the <i>C</i> key until the display turns on and
1118 57d3a05c 2024-03-02 benno shows <i>OpenBSD/macppc boot</i>.
1119 57d3a05c 2024-03-02 benno
1120 57d3a05c 2024-03-02 benno <p>
1121 57d3a05c 2024-03-02 benno Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
1122 57d3a05c 2024-03-02 benno /7.5/macppc/bsd.rd</i>
1123 57d3a05c 2024-03-02 benno
1124 57d3a05c 2024-03-02 benno <h3>OpenBSD/octeon:</h3>
1125 57d3a05c 2024-03-02 benno
1126 57d3a05c 2024-03-02 benno <p>
1127 57d3a05c 2024-03-02 benno After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
1128 57d3a05c 2024-03-02 benno Refer to the instructions in INSTALL.octeon for more details.
1129 57d3a05c 2024-03-02 benno
1130 57d3a05c 2024-03-02 benno <h3>OpenBSD/powerpc64:</h3>
1131 57d3a05c 2024-03-02 benno
1132 57d3a05c 2024-03-02 benno <p>
1133 57d3a05c 2024-03-02 benno To install, write <i>install75.img</i> or <i>miniroot75.img</i> to a
1134 57d3a05c 2024-03-02 benno USB stick, plug it into the machine and choose the <i>OpenBSD
1135 57d3a05c 2024-03-02 benno install</i> menu item in Petitboot.
1136 57d3a05c 2024-03-02 benno Refer to the instructions in INSTALL.powerpc64 for more details.
1137 57d3a05c 2024-03-02 benno
1138 57d3a05c 2024-03-02 benno <h3>OpenBSD/riscv64:</h3>
1139 57d3a05c 2024-03-02 benno
1140 57d3a05c 2024-03-02 benno <p>
1141 57d3a05c 2024-03-02 benno To install, write <i>install75.img</i> or <i>miniroot75.img</i> to a
1142 57d3a05c 2024-03-02 benno USB stick, and boot with that drive plugged in.
1143 57d3a05c 2024-03-02 benno Make sure you also have the microSD card plugged in that shipped with the
1144 57d3a05c 2024-03-02 benno HiFive Unmatched board.
1145 57d3a05c 2024-03-02 benno Refer to the instructions in INSTALL.riscv64 for more details.
1146 57d3a05c 2024-03-02 benno
1147 57d3a05c 2024-03-02 benno <h3>OpenBSD/sparc64:</h3>
1148 57d3a05c 2024-03-02 benno
1149 57d3a05c 2024-03-02 benno <p>
1150 57d3a05c 2024-03-02 benno Burn the image from a mirror site to a CDROM, boot from it, and type
1151 57d3a05c 2024-03-02 benno <i>boot cdrom</i>.
1152 57d3a05c 2024-03-02 benno
1153 57d3a05c 2024-03-02 benno <p>
1154 57d3a05c 2024-03-02 benno If this doesn't work, or if you don't have a CDROM drive, you can write
1155 57d3a05c 2024-03-02 benno <i>floppy75.img</i> or <i>floppyB75.img</i>
1156 57d3a05c 2024-03-02 benno (depending on your machine) to a floppy and boot it with <i>boot
1157 57d3a05c 2024-03-02 benno floppy</i>. Refer to INSTALL.sparc64 for details.
1158 57d3a05c 2024-03-02 benno
1159 57d3a05c 2024-03-02 benno <p>
1160 57d3a05c 2024-03-02 benno Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1161 57d3a05c 2024-03-02 benno will most likely fail.
1162 57d3a05c 2024-03-02 benno
1163 57d3a05c 2024-03-02 benno <p>
1164 57d3a05c 2024-03-02 benno You can also write <i>miniroot75.img</i> to the swap partition on
1165 57d3a05c 2024-03-02 benno the disk and boot with <i>boot disk:b</i>.
1166 57d3a05c 2024-03-02 benno
1167 57d3a05c 2024-03-02 benno <p>
1168 57d3a05c 2024-03-02 benno If nothing works, you can boot over the network as described in INSTALL.sparc64.
1169 57d3a05c 2024-03-02 benno </section>
1170 57d3a05c 2024-03-02 benno
1171 57d3a05c 2024-03-02 benno <hr>
1172 57d3a05c 2024-03-02 benno
1173 57d3a05c 2024-03-02 benno <section id=upgrade>
1174 57d3a05c 2024-03-02 benno <h3>How to upgrade</h3>
1175 57d3a05c 2024-03-02 benno <p>
1176 57d3a05c 2024-03-02 benno If you already have an OpenBSD 7.4 system, and do not want to reinstall,
1177 57d3a05c 2024-03-02 benno upgrade instructions and advice can be found in the
1178 57d3a05c 2024-03-02 benno <a href="faq/upgrade75.html">Upgrade Guide</a>.
1179 57d3a05c 2024-03-02 benno </section>
1180 57d3a05c 2024-03-02 benno
1181 57d3a05c 2024-03-02 benno <hr>
1182 57d3a05c 2024-03-02 benno
1183 57d3a05c 2024-03-02 benno <section id=sourcecode>
1184 57d3a05c 2024-03-02 benno <h3>Notes about the source code</h3>
1185 57d3a05c 2024-03-02 benno <p>
1186 57d3a05c 2024-03-02 benno <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
1187 57d3a05c 2024-03-02 benno This file contains everything you need except for the kernel sources,
1188 57d3a05c 2024-03-02 benno which are in a separate archive.
1189 57d3a05c 2024-03-02 benno To extract:
1190 57d3a05c 2024-03-02 benno <blockquote><pre>
1191 57d3a05c 2024-03-02 benno # <kbd>mkdir -p /usr/src</kbd>
1192 57d3a05c 2024-03-02 benno # <kbd>cd /usr/src</kbd>
1193 57d3a05c 2024-03-02 benno # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
1194 57d3a05c 2024-03-02 benno </pre></blockquote>
1195 57d3a05c 2024-03-02 benno <p>
1196 57d3a05c 2024-03-02 benno <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1197 57d3a05c 2024-03-02 benno This file contains all the kernel sources you need to rebuild kernels.
1198 57d3a05c 2024-03-02 benno To extract:
1199 57d3a05c 2024-03-02 benno <blockquote><pre>
1200 57d3a05c 2024-03-02 benno # <kbd>mkdir -p /usr/src/sys</kbd>
1201 57d3a05c 2024-03-02 benno # <kbd>cd /usr/src</kbd>
1202 57d3a05c 2024-03-02 benno # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1203 57d3a05c 2024-03-02 benno </pre></blockquote>
1204 57d3a05c 2024-03-02 benno <p>
1205 57d3a05c 2024-03-02 benno Both of these trees are a regular CVS checkout. Using these trees it
1206 57d3a05c 2024-03-02 benno is possible to get a head-start on using the anoncvs servers as
1207 57d3a05c 2024-03-02 benno described <a href="anoncvs.html">here</a>.
1208 57d3a05c 2024-03-02 benno Using these files
1209 57d3a05c 2024-03-02 benno results in a much faster initial CVS update than you could expect from
1210 57d3a05c 2024-03-02 benno a fresh checkout of the full OpenBSD source tree.
1211 57d3a05c 2024-03-02 benno </section>
1212 57d3a05c 2024-03-02 benno
1213 57d3a05c 2024-03-02 benno <hr>
1214 57d3a05c 2024-03-02 benno
1215 57d3a05c 2024-03-02 benno <section id=ports>
1216 57d3a05c 2024-03-02 benno <h3>Ports Tree</h3>
1217 57d3a05c 2024-03-02 benno <p>
1218 57d3a05c 2024-03-02 benno A ports tree archive is also provided. To extract:
1219 57d3a05c 2024-03-02 benno <blockquote><pre>
1220 57d3a05c 2024-03-02 benno # <kbd>cd /usr</kbd>
1221 57d3a05c 2024-03-02 benno # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
1222 57d3a05c 2024-03-02 benno </pre></blockquote>
1223 57d3a05c 2024-03-02 benno <p>
1224 57d3a05c 2024-03-02 benno Go read the <a href="faq/ports/index.html">ports</a> page
1225 57d3a05c 2024-03-02 benno if you know nothing about ports
1226 57d3a05c 2024-03-02 benno at this point. This text is not a manual of how to use ports.
1227 57d3a05c 2024-03-02 benno Rather, it is a set of notes meant to kickstart the user on the
1228 57d3a05c 2024-03-02 benno OpenBSD ports system.
1229 57d3a05c 2024-03-02 benno <p>
1230 57d3a05c 2024-03-02 benno The <i>ports/</i> directory represents a CVS checkout of our ports.
1231 57d3a05c 2024-03-02 benno As with our complete source tree, our ports tree is available via
1232 57d3a05c 2024-03-02 benno <a href="anoncvs.html">AnonCVS</a>.
1233 57d3a05c 2024-03-02 benno So, in order to keep up to date with the -stable branch, you must make
1234 57d3a05c 2024-03-02 benno the <i>ports/</i> tree available on a read-write medium and update the tree
1235 57d3a05c 2024-03-02 benno with a command like:
1236 57d3a05c 2024-03-02 benno <blockquote><pre>
1237 57d3a05c 2024-03-02 benno # <kbd>cd /usr/ports</kbd>
1238 57d3a05c 2024-03-02 benno # <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_5</kbd>
1239 57d3a05c 2024-03-02 benno </pre></blockquote>
1240 57d3a05c 2024-03-02 benno <p>
1241 57d3a05c 2024-03-02 benno [Of course, you must replace the server name here with a nearby anoncvs
1242 57d3a05c 2024-03-02 benno server.]
1243 57d3a05c 2024-03-02 benno <p>
1244 57d3a05c 2024-03-02 benno Note that most ports are available as packages on our mirrors. Updated
1245 57d3a05c 2024-03-02 benno ports for the 7.5 release will be made available if problems arise.
1246 57d3a05c 2024-03-02 benno <p>
1247 57d3a05c 2024-03-02 benno If you're interested in seeing a port added, would like to help out, or just
1248 57d3a05c 2024-03-02 benno would like to know more, the mailing list
1249 57d3a05c 2024-03-02 benno <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1250 57d3a05c 2024-03-02 benno </section>
1251 57d3a05c 2024-03-02 benno </body>
1252 57d3a05c 2024-03-02 benno </html>