mirror of https://github.com/openbsd/www.git
1124 lines
51 KiB
HTML
1124 lines
51 KiB
HTML
<!doctype html>
|
|
<html lang=en id=release>
|
|
<meta charset=utf-8>
|
|
|
|
<title>OpenBSD 6.2</title>
|
|
<meta name="description" content="OpenBSD 6.2">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<link rel="stylesheet" type="text/css" href="openbsd.css">
|
|
<link rel="canonical" href="https://www.openbsd.org/62.html">
|
|
|
|
<h2 id=OpenBSD>
|
|
<a href="index.html">
|
|
<i>Open</i><b>BSD</b></a>
|
|
6.2
|
|
</h2>
|
|
|
|
<table>
|
|
<tr>
|
|
<td>
|
|
<a href="images/MoBSD-l.gif">
|
|
<img width="227" height="343" src="images/MoBSD.gif" alt="MoBSD"></a>
|
|
<td>
|
|
Released October 9, 2017<br>
|
|
Copyright 1997-2017, Theo de Raadt.<br>
|
|
<br>
|
|
6.2 Song:
|
|
<a href="lyrics.html#62">"A 3 line diff"</a>.
|
|
<br>
|
|
<br>
|
|
<ul>
|
|
<li>See the information on <a href="ftp.html">the FTP page</a> for
|
|
a list of mirror machines.
|
|
<li>Go to the <code class=reldir>pub/OpenBSD/6.2/</code> directory on
|
|
one of the mirror sites.
|
|
<li>Have a look at <a href="errata62.html">the 6.2 errata page</a> for a list
|
|
of bugs and workarounds.
|
|
<li>See a <a href="plus62.html">detailed log of changes</a> between the
|
|
6.1 and 6.2 releases.
|
|
<p>
|
|
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
|
|
pubkeys for this release:<p>
|
|
|
|
<table class=signify>
|
|
<tr><td>
|
|
openbsd-62-base.pub:
|
|
<td>
|
|
RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
|
|
<tr><td>
|
|
openbsd-62-fw.pub:
|
|
<td>
|
|
RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
|
|
<tr><td>
|
|
openbsd-62-pkg.pub:
|
|
<td>
|
|
RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
|
|
</table>
|
|
</ul>
|
|
<p>
|
|
All applicable copyrights and credits are in the src.tar.gz,
|
|
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
|
|
files fetched via <code>ports.tar.gz</code>.
|
|
</table>
|
|
|
|
<hr>
|
|
|
|
<section id=new>
|
|
<h3>What's New</h3>
|
|
<p>
|
|
This is a partial list of new features and systems included in OpenBSD 6.2.
|
|
For a comprehensive list, see the <a href="plus62.html">changelog</a> leading
|
|
to 6.2.
|
|
|
|
<ul>
|
|
|
|
<li>Improved hardware support, including:
|
|
<ul>
|
|
<li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
|
|
for the Rockchip RK3399/RK3288 register file.
|
|
<li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
|
|
driver for Rockchip RK3399/RK3288 clocks.
|
|
<li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
|
|
driver for controlling Rockchip RK3399/RK3288 pins.
|
|
<li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
|
|
for GPIO on Rockchip SoCs.
|
|
<li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
|
|
for Rockchip RK3399 temperature sensors.
|
|
<li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
|
|
for Rockchip RK3399 I2C controllers.
|
|
<li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
|
|
for the RK808 Power Management IC.
|
|
<li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
|
|
for Synopsis DesignWare SD/MMC controllers.
|
|
<li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
|
|
for the Synopsys DesignWare watchdog timer.
|
|
<li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
|
|
for the Synopsys DesignWare Ethernet controller.
|
|
<li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
|
|
for the two-wire bus on Allwinner SoCs.
|
|
<li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
|
|
driver for the AXP209 I2C PMIC.
|
|
<li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
|
|
for clocks and interrupts on the auxiliary UART on BCM2835 devices.
|
|
<li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
|
|
driver for an interrupt controller on Marvell ARMADA 38x.
|
|
<li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
|
|
driver for the SD Host Controller on Marvell ARMADA 38x.
|
|
<li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
|
|
driver to configure pins on Marvell ARMADA 38x.
|
|
<li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
|
|
the Ethernet controller on Marvell ARMADA 38x.
|
|
<li>arm: New <a
|
|
href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &
|
|
<a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
|
|
for the Texas Instruments AM335x LCD controller.
|
|
<li>octeon: New <a
|
|
href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
|
|
the interrupt bus widget on CN70xx/CN71xx.
|
|
<li>octeon: New <a
|
|
href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
|
|
the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
|
|
<li>octeon: New <a
|
|
href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
|
|
for the OCTEON SATA controller bridge.
|
|
<li>octeon: New <a
|
|
href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
|
|
for the OCTEON USB3 controller bridge.
|
|
<li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
|
|
and 6 are now supported.
|
|
<li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
|
|
Hyper-V storage.
|
|
<li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
|
|
the NXP PCF8563 Real Time Clock.
|
|
<li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
|
|
random number generator devices.
|
|
<li>Intel 8265 and 3168 support was added to the
|
|
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
|
|
<li>RTL8192CE support was added to the
|
|
<a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
|
|
<li>RT5360 support was added to the
|
|
<a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
|
|
<li>RTS525A support was added to the
|
|
<a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
|
|
<li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
|
|
now supports _BIX entries from ACPI 4.0.
|
|
<li>ACPI hibernate support was added to the
|
|
<a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
|
|
<li>Substantially improved ACPI hibernate performance in the
|
|
<a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
|
|
<li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
|
|
was updated to code based on Linux 4.4.70 - it now supports Skylake,
|
|
Kaby Lake, and Cherryview devices and has better support for Broadwell
|
|
and Valleyview devices.
|
|
<li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
|
|
supports ASIX AX99100 devices.
|
|
<li>Xen platform support and the
|
|
<a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
|
|
have been substantially improved.
|
|
<li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
|
|
correct last sector address to SCSI, allowing a valid GPT to be created.
|
|
<li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
|
|
</ul>
|
|
|
|
<li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
|
|
<a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
|
|
<ul>
|
|
<li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports
|
|
paused VM migration and memory snapshotting using send and receive commands.
|
|
<li>VPID/ASID reuse/rollover in <a
|
|
href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
|
|
<li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial
|
|
console redirection).
|
|
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the
|
|
guest VM RTC (real time clock) on host resume from suspend/hibernate
|
|
(OpenBSD guests only).
|
|
<li>Allow guest VMs access to AVX/AVX2 host CPU features.
|
|
<li>Support for AMD SVM/RVI hosts.
|
|
<li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - e.g.
|
|
32GB on amd64 hosts).
|
|
<li>Better handling of guest VM MONITOR/MWAIT and HLT instructions.
|
|
<li>Various device emulation improvements in <a
|
|
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
|
|
<li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a>
|
|
queue size provided by <a
|
|
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
|
|
<li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a>
|
|
and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
|
|
</ul>
|
|
|
|
<li>IEEE 802.11 wireless stack improvements:
|
|
<ul>
|
|
<li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers
|
|
of Tx and Rx streams. Fixes 11n mode for some
|
|
<a href="https://man.openbsd.org/athn.4">athn(4)</a> devices.
|
|
<li>The <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> and
|
|
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> drivers will now start
|
|
scanning for a new access point if they no longer receive beacons from
|
|
the current AP.
|
|
<li>Prefer the 5GHz band over the 2GHz band during access point selection.
|
|
<li>Improved debug output in
|
|
<a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless
|
|
interface is put into debug mode with
|
|
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
|
|
</ul>
|
|
|
|
<li>Generic network stack improvements:
|
|
<ul>
|
|
<li>Incoming and forwarded IP packets are now processed without
|
|
KERNEL_LOCK, resulting in better performances and reduced latency.
|
|
<li>The kernel no longer handles IPv6 Stateless Address
|
|
Autoconfiguration (RFC 4862), allowing cleanup and simplification
|
|
of the IPv6 network stack.
|
|
<li>The kernel sends IPv6 router solicitations for link local addresses
|
|
with a link local source address.
|
|
<li>FQ-CoDel algorithm has been implemented for use with <a
|
|
href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
|
|
<li>Improved IPv6 checks for IPsec policies and made them consistent
|
|
with IPv4.
|
|
<li>Refactored local IP delivery to process IPsec packets in a flow and
|
|
avoid enqueueing a second time.
|
|
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
|
|
now inspects AH packets and matches on the inner protocol.
|
|
This makes IPv4 authentication headers work like IPv6.
|
|
<li>The length of extension header chains in pf(4) is limited.
|
|
This prevents spending excessive CPU time on crafted packets.
|
|
<li>Block IPv6 packets in
|
|
<a href="https://man.openbsd.org/pf.4">pf(4)</a>
|
|
that have a hop-by-hop options header or a destination options header.
|
|
Such packets can be passed by adding "allow-opts" to the rule.
|
|
This makes IPv6 option handling consistent with IPv4.
|
|
<li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
|
|
uses a smarter strategy to drop packets.
|
|
<li>Enabled the use of per-CPU caches in the network packet allocators.
|
|
</ul>
|
|
|
|
<li>Installer improvements:
|
|
<ul>
|
|
<li>The installer now uses the Allotment Routing Table (ART).
|
|
<li>A unique kernel is now created by the installer to boot from after
|
|
install/upgrade.
|
|
<li>On release installs of architectures supported by syspatch,
|
|
"syspatch -c" is now added to rc.firsttime.
|
|
<li>Backwards compatibility code to support the 'rtsol' keyword in
|
|
<a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a>
|
|
has been removed.
|
|
<li>The <code>install.site</code> and <code>upgrade.site</code> scripts are now
|
|
executed at the end of the install/upgrade process.
|
|
<li>More detailed information is shown to identify disks.
|
|
<li>The IPv6 default router selection has been fixed.
|
|
<li>On the amd64 platform, AES-NI is used if present.
|
|
</ul>
|
|
|
|
<li>Routing daemons and other userland network improvements:
|
|
<ul>
|
|
<li>A new daemon, <a
|
|
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
|
|
Stateless Address Autoconfiguration (RFC 4862).
|
|
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
|
|
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
|
|
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
|
|
been fixed to quickly handle IPv6 prefix changes on the system.
|
|
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
|
|
can now show SA bundles and the "bundle" keyword allows them to be
|
|
explicitly created. This avoids confusion as they were previously
|
|
used implicitly.
|
|
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
|
|
now has a <code>-W recvlimit</code> option to terminate netcat after
|
|
receiving the specified number of packets. This allows for a UDP
|
|
request to be sent, a reply to be received and the result checked on
|
|
the command line.
|
|
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
|
|
now has a <code>-Z</code> option, allowing the peer certificate and chain to be
|
|
saved to a file in PEM format.
|
|
<li>A new <code>-T tlscompat</code> option was added to
|
|
<a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
|
|
of all TLS protocols and libtls "compat" ciphers.
|
|
<li>Various races have been fixed in
|
|
<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
|
|
especially in HTTP chunked mode.
|
|
<li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> now shows the
|
|
relevant NDP information when run in a non-default routing
|
|
domain.
|
|
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
|
|
copes with interface departures/arrivals.
|
|
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
|
|
be started multiple times in different
|
|
<a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
|
|
this provides virtual router functionality.
|
|
</ul>
|
|
|
|
<li>Security improvements:
|
|
<ul>
|
|
<li>A new function
|
|
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
|
|
to easily clear and free memory holding sensitive data has been added.
|
|
<li>Double free detection has been improved when the F
|
|
<a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
|
|
The existing S option now includes F.
|
|
<li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
|
|
tty ioctl has been removed. The I/O-loops in the last two consumers
|
|
<a href="https://man.openbsd.org/csh.1">csh(1)</a> and
|
|
<a href="https://man.openbsd.org/mail.1">mail(1)</a>
|
|
were rewritten to cope with the removal.
|
|
<li>Trapsleds, a new mitigation that significantly reduces the amount of
|
|
nops in the instruction stream, replacing them with trap instructions
|
|
or jump-over-trap sequences, thereby requiring greater accuracy for
|
|
targeting potential gadgets.
|
|
<li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
|
|
files of the kernel to be relinked in a random order, creating a unique
|
|
kernel for each boot. /bsd is now non-readable to users, to try to
|
|
keep the secret.
|
|
<li>Like with libc previously,
|
|
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
|
|
startup, placing the objects in a random order.
|
|
<li>In addition to libcrypto, to deter code reuse exploits,
|
|
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
|
|
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
|
|
startup, placing the objects in a random order.
|
|
<li>If process accounting is activated with
|
|
<a href="https://man.openbsd.org/accton.8">accton(8)</a>,
|
|
the daily mail shows pledge violations and program crashes.
|
|
<a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
|
|
uses the flags P and T for such processes.
|
|
<li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
|
|
fork+exec model.
|
|
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
|
|
fork+exec model.
|
|
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
|
|
uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
|
|
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
|
|
<a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> now use
|
|
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
|
|
<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
|
|
<li>Fixed and simplified pledge logic for
|
|
<a href="https://man.openbsd.org/nc.1">nc(1)</a>.
|
|
<li>More application of
|
|
<a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>
|
|
in userland, and tracked sizes to
|
|
<a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel.
|
|
<li>Achieve higher levels of paranoia regarding structure packing, and
|
|
clear many kernel objects before passing to userland.
|
|
<li>Disable some optimizations in
|
|
<a href="https://man.openbsd.org/clang.1">clang(1)</a>
|
|
due to incompatibility with security.
|
|
<li>For instance, cope with
|
|
<a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption
|
|
that static or const
|
|
objects placed in unknown sections (such as .openbsd.randomdata)
|
|
are surely always 0, and therefore such memory accesses can be
|
|
optimized away.
|
|
<li>In kernel, randomly bias down the top-of-stack per kthread.
|
|
</ul>
|
|
|
|
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
|
|
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
|
|
<ul>
|
|
<li>Add support for echo-client-id statement to
|
|
<a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
|
|
<li>Take greater care to process all data read, and only data read, from the
|
|
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
|
|
socket.
|
|
<li>Use /dev/bpf instead of /dev/bpf0.
|
|
<li>Handle DHCPINFORM messages from clients behind a DHCP relay.
|
|
<li>Fix handling of
|
|
<a href="https://man.openbsd.org/carp.4">carp(4)</a>
|
|
interfaces in
|
|
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
|
|
<li>Don't stop
|
|
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
|
|
logging to stderr when it is started with the -d option.
|
|
</ul>
|
|
|
|
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
|
|
<ul>
|
|
<li>Log messages reworked and clarified, in particular by prefixing
|
|
the name of the relevant network interface.
|
|
<li>Treat SSID as 0 to 32 bytes of binary data, not a string.
|
|
<li>Use RTM_PROPOSAL to take control of an interface rather than flipping
|
|
interface down and up in the hope that other
|
|
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
|
|
instances notice.
|
|
<li>Reduce file operations needed by -L option by opening file at
|
|
startup and using it throughout process lifetime.
|
|
<li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
|
|
handling by reducing writes and more reliably determining which interface
|
|
has the current default route.
|
|
<li>Take greater care to process all data read, and only data read, from the
|
|
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
|
|
socket.
|
|
<li>Improve the determination of the link state of an interface.
|
|
<li>Decline inappropriate lease offers as soon as they are deemed
|
|
inappropriate.
|
|
<li>Drop support for the timestamp formats used in lease files created
|
|
more than four years ago.
|
|
<li>Accept an offer from the server that sent the first copy of
|
|
the offer, not the server that sent the last copy.
|
|
<li>Don't delete addresses and routes when exiting.
|
|
<li>Ensure IPv6 packets are not read from sockets.
|
|
<li>Don't silently ignore obsolete keywords in
|
|
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
|
|
<li>Reduce memory footprint by shrinking oversized static buffers.
|
|
<li>Eliminate repeated socket opens by opening the required sockets during
|
|
startup.
|
|
<li>Fix construction of unicast UDP packets, broken in 5.6.
|
|
<li>Improve determination of when a renewed lease requires interface
|
|
configuration changes.
|
|
<li>Don't exit when addresses are manually added or deleted from an
|
|
interface.
|
|
<li>Don't support option 33, classfull IP addresses.
|
|
<li>Fix configuration of default routes supplied by classless route options.
|
|
<li>Consider
|
|
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
|
|
contents when determining what MTU value to configure.
|
|
<li>Consider
|
|
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
|
|
contents when creating the content of
|
|
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
|
|
<li>Delete direct routes when routes are flushed.
|
|
<li>Don't label routes with "DHCLIENT nnnn".
|
|
<li>Don't delete addresses or routes that will be immediately added back.
|
|
<li>Delete addresses and routes only when a renewal request is NAK'ed.
|
|
<li>Don't wait forever for requested information on the default route.
|
|
<li>Don't exit when an attempt to send a packet fails.
|
|
<li>Don't log a packet send when the send fails.
|
|
<li>Remove the -u option, broken since 2013 without complaints.
|
|
<li>Use /dev/bpf instead of /dev/bpf0.
|
|
</ul>
|
|
|
|
<li>Assorted improvements:
|
|
<ul>
|
|
<li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
|
|
<a href="https://www.openbsd.org/amd64.html">amd64</a>
|
|
platforms have switched to using
|
|
<a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
|
|
as the base system compiler.
|
|
<li>Improved UTF-8 line editing support for
|
|
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
|
|
Emacs and Vi input mode.
|
|
<li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
|
|
a plain text format. Support for the
|
|
<a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
|
|
environment variable was added.
|
|
<li>The performance of the memory deallocator used by
|
|
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
|
|
<li>The <code>emacs-usemeta</code> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
|
|
flag is no longer needed and is now deprecated.
|
|
<li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
|
|
<li>New pthread
|
|
<a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
|
|
<a href="https://man.openbsd.org/pthread_cond_init">condition
|
|
variable</a> implementations improving latency
|
|
of threaded applications.
|
|
<li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
|
|
implementation written from scratch, complete in the sense that
|
|
all POSIX *locale(3) and *_l(3) functions are included, but in
|
|
OpenBSD, we of course only really care about <code>LC_CTYPE</code>
|
|
and we only support ASCII and UTF-8.
|
|
<li>Automatic hibernation and suspend by
|
|
<a href="https://man.openbsd.org/apmd">apmd</a>
|
|
when battery is low.
|
|
<li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
|
|
<a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
|
|
tools to manipulate CTF (Compact C Type Format).
|
|
<li>The error handling in
|
|
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
|
|
has been improved.
|
|
Even if internal errors occur, the daemon tries to keep
|
|
unaffected subsystems active.
|
|
So as many messages as possible are logged.
|
|
They can be filtered by severity and facility "syslog".
|
|
<li>syslogd(8) can now suppress "last message repeated" which is
|
|
useful for remote logging.
|
|
<li>syslogd(8) can listen on multiple TLS sockets.
|
|
<li>syslogd(8) closes the *.514 UDP sockets when they are not
|
|
needed.
|
|
<li>Truncate log messages at 8192 bytes everywhere.
|
|
<li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
|
|
now skips and logs invalid config lines.
|
|
<li>Nested mount points are umounted in correct order.
|
|
<li>Fix creation of
|
|
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
|
|
CONCAT volumes.
|
|
<li>Include
|
|
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
|
|
volume and backing disk information in i/o error messages.
|
|
<li>Make
|
|
<a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
|
|
a normal
|
|
<a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
|
|
device by eliminating its use of the obsolete XS_NO_CCB mechanism.
|
|
<li>Remove last vestiges of now unused XS_NO_CCB mechanism.
|
|
<li>Userspace can now get the address of the thread control block
|
|
without a system call on OCTEON II and later.
|
|
<li>FPU is enabled on OCTEON III.
|
|
<li>GENERIC kernels now include a .SUNW_ctf section containing CTF data.
|
|
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>kill</code>
|
|
command, send an uncatchable SIGABRT to a process.
|
|
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>pprint</code>
|
|
command, using CTF information to "pretty print" global symbols.
|
|
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
|
|
<code>show struct</code> command, using CTF information to display the content
|
|
of in memory C structures.
|
|
<li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
|
|
to display the correct number of function arguments in backtraces.
|
|
<li>Power off all codecs in
|
|
<a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
|
|
noise in speakers and headphones on reboot.
|
|
<li>Fix i386 boot regression seen on very old 486DX CPUs.
|
|
<li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
|
|
for debugging lock order issues in the kernel.
|
|
The tool is not built in by default, and only amd64, hppa and i386
|
|
are supported.
|
|
<li>Modernize some bizarre tty behaviours of getty(8).
|
|
<li>Some subtle changes to pledge(2) to satisfy requirements observed
|
|
in real life.
|
|
<li>Prefer use of waitpid(2) rather than wait(3) where possible, to
|
|
avoid problems with pre-existing children.
|
|
<li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
|
|
in a more portable fashion.
|
|
<li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
|
|
caches</a> implemented in pools.
|
|
<li><a href="https://man.openbsd.org/pthread_mutex_lock.3">Mutex</a>,
|
|
<a href="https://man.openbsd.org/pthread_cond_wait.3">condition-variable</a>,
|
|
<a href="https://man.openbsd.org/pthread_getspecific.3">thread-specific data</a>,
|
|
<a href="https://man.openbsd.org/pthread_once.3">pthread_once(3)</a>,
|
|
and <a href="https://man.openbsd.org/pthread_exit.3">pthread_exit(3)</a>
|
|
routines moved to libc from libpthread for ease of library
|
|
use and compatibility with other OSes.
|
|
<li>Added <a href="https://man.openbsd.org/openpty.3">getptmfd(3)</a>,
|
|
<a href="https://man.openbsd.org/openpty.3">fdopenpty(3)</a>, and
|
|
<a href="https://man.openbsd.org/openpty.3">fdforkpty(3)</a>
|
|
to simplify privilege separation and use of pledge(2).
|
|
<li>Improved computational complexity in various cases of
|
|
<a href="https://man.openbsd.org/strstr.3">strstr(3)</a>,
|
|
<a href="https://man.openbsd.org/qsort.3">qsort(3)</a>,
|
|
and <a href="https://man.openbsd.org/glob.3">glob(3)</a>.
|
|
<li>Added support for <code>EV_RECEIPT</code> and <code>EV_DISPATCH</code> to
|
|
<a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>.
|
|
<li>Added <a href="https://man.openbsd.org/ktrace.2">fktrace(2)</a>.
|
|
</ul>
|
|
|
|
<li>OpenSMTPD 6.0.0
|
|
<ul>
|
|
<li>Fix an off-by-one in the config parser that made 65535 an invalid port.
|
|
<li>Fix a fd leak in the session congestion mechanism.
|
|
<li>Fix a possible crash when relaying with smtps.
|
|
<li>Remove support for the "listen secure" syntax (expicitely define two listeners for tls and smtps instead).
|
|
<li>Remove experimental support for filters.
|
|
<li>Assorted code and documentation cleanups and improvements.
|
|
</ul>
|
|
|
|
<li>OpenSSH 7.6
|
|
<ul>
|
|
<li>Security:
|
|
<ul>
|
|
<li>sftp-server(8): in read-only mode, sftp-server was incorrectly
|
|
permitting creation of zero-length files.
|
|
</ul>
|
|
<li>New/changed features:
|
|
<ul>
|
|
<li>Add RemoteCommand option to specify a command in the
|
|
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
|
|
config file instead of giving it on the client's command
|
|
line.
|
|
The feature allows to automate tasks using ssh config.
|
|
<li>sshd(8): add ExposeAuthInfo option that enables writing details of
|
|
the authentication methods used (including public keys where
|
|
applicable) to a file that is exposed via a $SSH_USER_AUTH
|
|
environment variable in the subsequent session.
|
|
<li>ssh(1): add support for reverse dynamic forwarding. In this mode,
|
|
ssh will act as a SOCKS4/5 proxy and forward connections
|
|
to destinations requested by the remote SOCKS client. This mode
|
|
is requested using extended syntax for the -R and RemoteForward
|
|
options and, because it is implemented solely at the client,
|
|
does not require the server be updated to be supported.
|
|
<li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
|
|
<li>ssh-keygen(1): allow inclusion of arbitrary string or flag
|
|
certificate extensions and critical options.
|
|
<li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
|
|
a CA when signing certificates.
|
|
<li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
|
|
ToS/DSCP value and just use the operating system default.
|
|
<li>ssh-add(1): added -q option to make ssh-add quiet on success.
|
|
<li>ssh(1): expand the StrictHostKeyChecking option with two new
|
|
settings. The first "accept-new" will automatically accept
|
|
hitherto-unseen keys but will refuse connections for changed or
|
|
invalid hostkeys. This is a safer subset of the current behaviour
|
|
of StrictHostKeyChecking=no. The second setting "off", is a synonym
|
|
for the current behaviour of StrictHostKeyChecking=no: accept new
|
|
host keys, and continue connection for hosts with incorrect
|
|
hostkeys. A future release will change the meaning of
|
|
StrictHostKeyChecking=no to the behaviour of "accept-new".
|
|
<li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
|
|
option in sshd(8).
|
|
</ul>
|
|
<li>The following significant bugs have been fixed in this release:
|
|
<ul>
|
|
<li>ssh(1): use HostKeyAlias if specified instead of hostname for
|
|
matching host certificate principal names.
|
|
<li>sftp(1): implement sorting for globbed ls.
|
|
<li>ssh(1): add a user@host prefix to client's "Permission denied"
|
|
messages, useful in particular when using "stacked" connections
|
|
(e.g. ssh -J) where it's not clear which host is denying.
|
|
<li>ssh(1): accept unknown EXT_INFO extension values that contain \0
|
|
characters. These are legal, but would previously cause fatal
|
|
connection errors if received.
|
|
<li>ssh(1)/sshd(8): repair compression statistics printed at
|
|
connection exit.
|
|
<li>sftp(1): print '?' instead of incorrect link count (that the
|
|
protocol doesn't provide) for remote listings.
|
|
<li>ssh(1): return failure rather than fatal() for more cases during
|
|
session multiplexing negotiations. Causes the session to fall back
|
|
to a non-mux connection if they occur.
|
|
<li>ssh(1): mention that the server may send debug messages to explain
|
|
public key authentication problems under some circumstances.
|
|
<li>Translate OpenSSL error codes to better report incorrect passphrase
|
|
errors when loading private keys.
|
|
<li>sshd(8): adjust compatibility patterns for WinSCP to correctly
|
|
identify versions that implement only the legacy DH group exchange
|
|
scheme.
|
|
<li>ssh(1): print the "Killed by signal 1" message only at LogLevel
|
|
verbose so that it is not shown at the default level; prevents it
|
|
from appearing during ssh -J and equivalent ProxyCommand configs.
|
|
<li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
|
|
existing keys if they exist but are zero length. zero-length keys
|
|
could previously be made if ssh-keygen failed or was interrupted part
|
|
way through generating them.
|
|
<li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
|
|
place the current session in the background.
|
|
<li>ssh-keyscan(1): avoid double-close() on file descriptors.
|
|
<li>sshd(8): avoid reliance on shared use of pointers shared between
|
|
monitor and child sshd processes.
|
|
<li>sshd_config(8): document available AuthenticationMethods.
|
|
<li>ssh(1): avoid truncation in some login prompts.
|
|
<li>ssh(1): make "--" before the hostname terminate argument processing
|
|
after the hostname too.
|
|
<li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
|
|
new-style private keys. Fixes problems related to private key
|
|
handling for no-OpenSSL builds.
|
|
<li>ssh(1): warn and do not attempt to use keys when the public and
|
|
private halves do not match.
|
|
<li>sftp(1): don't print verbose error message when ssh disconnects
|
|
from under sftp.
|
|
<li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
|
|
port from preventing the keepalive from being sent.
|
|
<li>sshd(8): when started without root privileges, don't require the
|
|
privilege separation user or path to exist. Makes running the
|
|
regression tests easier without touching the filesystem.
|
|
<li>Make integrity.sh regression tests more robust against timeouts.
|
|
<li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
|
|
channel IDs greater than 0x7FFFFFFF.
|
|
</ul>
|
|
</ul>
|
|
|
|
<li>LibreSSL 2.6.3
|
|
<ul>
|
|
<li>Added support for providing CRLs to libtls - once a CRL is provided via
|
|
<a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
|
|
or
|
|
<a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
|
|
CRL checking is enabled and required for the full certificate chain.
|
|
<li>Reworked TLS certificate name verification code to more strictly
|
|
follow RFC 6125.
|
|
<li>Cleaned up and simplified server key exchange EC point handling.
|
|
<li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
|
|
simplified BIO_get_host_ip() and BIO_accept().
|
|
<li>Added definitions for three OIDs used in EV certificates.
|
|
<li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
|
|
IP addresses with SNI to connect to a libtls-based TLS server.
|
|
<li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
|
|
validation callbacks such as those in relayd.
|
|
<li>Converted explicit clear/free sequences to use
|
|
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
|
|
<li>Fixed the
|
|
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
|
|
ca command so that it generates certificates with RFC 5280-conformant time.
|
|
<li>Added
|
|
<a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
|
|
to set an ASN.1 time from a struct tm *.
|
|
<li>Added
|
|
<a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
|
|
functions.
|
|
<li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
|
|
<li>Provided a
|
|
<a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
|
|
function that frees the memory returned from a
|
|
<a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
|
|
call, ensuring that the contents become inaccessible.
|
|
<li>Implemented reference counting for libtls tls_config, allowing
|
|
<a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
|
|
to be called as soon as it has been passed to the final
|
|
<a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
|
|
call, simplifying lifetime tracking for the application.
|
|
<li>Dropped cipher suites using DSS authentication.
|
|
<li>Removed support for DSS/DSA from libssl.
|
|
<li>Distinguish between self-issued certificates and self-signed
|
|
certificates. The certificate verification code has special cases
|
|
for self-signed certificates and without this change, self-issued
|
|
certificates (which it seems are common place with
|
|
openvpn/easyrsa) were also being included in this category.
|
|
<li>Added a new TLS extension handling framework and converted all
|
|
TLS extensions to use it.
|
|
<li>Improved and added many new manpages. Updated
|
|
<a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
|
|
manpages with additional cautions regarding their use.
|
|
<li>Cleaned up and simplified EC key/curve configuration handling.
|
|
<li>Added
|
|
<a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
|
|
to libtls, which allows the names of the elliptical curves that may
|
|
be used during client and server key exchange to be specified.
|
|
<li>Converted more code paths to use CBB/CBS.
|
|
<li>Removed NPN support - NPN was never standardised and the last draft
|
|
expired in October 2012.
|
|
<li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
|
|
CryptoPro clients.
|
|
<li>Removed support for the TLS padding extension, which was added as a
|
|
workaround for an old bug in F5's TLS termination.
|
|
<li>Added ability to clamp notafter values in certificates for systems
|
|
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
|
|
<li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
|
|
<li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
|
|
<li>Provide a useful error with libtls if there are no OCSP URLs in a
|
|
peer certificate.
|
|
<li>Keep track of which keypair is in use by a TLS context, fixing a bug
|
|
where a TLS server with SNI would only return the OCSP staple for the
|
|
default keypair.
|
|
<li>If
|
|
<a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
|
|
is called with a NULL pointer it now
|
|
returns the default protocols.
|
|
</ul>
|
|
|
|
<li>mandoc 1.14.3
|
|
<ul>
|
|
<li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
|
|
databases are now enabled by default, allowing semantic searching
|
|
with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
|
|
without any local configuration changes.
|
|
<li>Full integration of the former
|
|
<a href="https://cvsweb.openbsd.org/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
|
|
utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
|
|
<code>-Wall</code>, new <code>-Wstyle</code> and
|
|
<code>-Wopenbsd</code> message levels, and many new messages,
|
|
for example about typos in <code>.Sh</code> lines,
|
|
unknown <code>.Xr</code> targets, and links to self.
|
|
<li>Additional steps unifying the
|
|
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
|
|
<a href="https://man.openbsd.org/man.7">man(7)</a>, and
|
|
<a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
|
|
use one common data type and
|
|
<a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
|
|
for all requests and macros and support creation of syntax tree
|
|
nodes in the roff(7) parser, allowing support for many new
|
|
low-level roff(7) features.
|
|
Only about 25 ports still need <code>USE_GROFF</code> now.
|
|
<li>Many improvements to
|
|
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
|
|
parsing and formatting,
|
|
including automatic line wrapping inside table columns.
|
|
<li>Many improvements to
|
|
<a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
|
|
parsing and formatting, including better font selection,
|
|
recognition of well-known mathematical function names, and writing
|
|
of <code><mn></code> and <code><mo></code> HTML tags.
|
|
<li>Intelligible rendering of mathematical symbols in
|
|
<code>-Tascii</code> output.
|
|
<li>Several parsing and rendering improvements for the
|
|
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
|
|
<code>.Lk</code> macro.
|
|
<li>Some CSS improvements in HTML output, in particular for the
|
|
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
|
|
<code>.Bl</code> macro.
|
|
</ul>
|
|
|
|
<li><p>Ports and packages:
|
|
<p>A massive amount of clang-related fixes happened between 6.1 and 6.2.
|
|
|
|
<p>Many pre-built packages for each architecture:
|
|
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
|
|
<ul style="column-count: 4">
|
|
<li>aarch64: 7942
|
|
<li>alpha: 7426
|
|
<li>amd64: 9728
|
|
<li>arm: 7939
|
|
<li>hppa: 6260
|
|
<li>i386: 9685
|
|
<li>mips64: 7972
|
|
<li>mips64el: 7984
|
|
<li>powerpc: 8133
|
|
<li>sparc64: 8281
|
|
</ul>
|
|
|
|
<p>Some highlights:
|
|
<ul style="column-count: 2">
|
|
<li>AFL 2.51b
|
|
<li>CMake 3.9.3
|
|
<li>Chromium 61.0.3163.100
|
|
<li>Emacs 21.4 and 25.3
|
|
<li>GCC 4.9.4
|
|
<li>GHC 7.10.3
|
|
<li>Gimp 2.8.22
|
|
<li>GNOME 3.24.2
|
|
<li>Go 1.9
|
|
<li>Groff 1.22.3
|
|
<li>JDK 8u144
|
|
<li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
|
|
<li>LLVM/Clang 5.0.0
|
|
<li>LibreOffice 5.2.7.2
|
|
<li>Lua 5.1.5, 5.2.4, and 5.3.4
|
|
<li>MariaDB 10.0.32
|
|
<li>Mozilla Firefox 52.4.0esr and 56.0.0
|
|
<li>Mozilla Thunderbird 52.2.1
|
|
<li>Mutt 1.9.1 and NeoMutt 20170912
|
|
<li>Node.js 6.11.2
|
|
<li>Ocaml 4.03.0
|
|
<li>OpenLDAP 2.3.43 and 2.4.45
|
|
<li>PHP 5.6.31 and 7.0.23
|
|
<li>Postfix 3.2.2 and 3.3-20170910
|
|
<li>PostgreSQL 9.6.5
|
|
<li>Python 2.7.14 and 3.6.2
|
|
<li>R 3.4.1
|
|
<li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
|
|
<li>Rust 1.20.0
|
|
<li>Sendmail 8.16.0.21
|
|
<li>SQLite3 3.20.1
|
|
<li>Sudo 1.8.21.2
|
|
<li>Tcl/Tk 8.5.19 and 8.6.6
|
|
<li>TeX Live 2016
|
|
<li>Vim 8.0.0987
|
|
<li>Xfce 4.12
|
|
</ul>
|
|
|
|
<li>As usual, steady improvements in manual pages and other documentation.
|
|
|
|
<li>The system includes the following major components from outside suppliers:
|
|
<ul>
|
|
<li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
|
|
freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
|
|
xkeyboard-config 2.20 and more)
|
|
<li>LLVM/Clang 4.0.0 (+ patches)
|
|
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
|
|
<li>Perl 5.24.2 (+ patches)
|
|
<li>NSD 4.1.17
|
|
<li>Unbound 1.6.6
|
|
<li>Ncurses 5.7
|
|
<li>Binutils 2.17 (+ patches)
|
|
<li>Gdb 6.3 (+ patches)
|
|
<li>Awk Aug 10, 2011 version
|
|
<li>Expat 2.2.4
|
|
</ul>
|
|
</ul>
|
|
</section>
|
|
|
|
<hr>
|
|
|
|
<section id=install>
|
|
<h3>How to install</h3>
|
|
<p>
|
|
Please refer to the following files on the mirror site for
|
|
extensive details on how to install OpenBSD 6.2 on your machine:
|
|
|
|
<ul>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/alpha/INSTALL.alpha">
|
|
.../OpenBSD/6.2/alpha/INSTALL.alpha</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/amd64/INSTALL.amd64">
|
|
.../OpenBSD/6.2/amd64/INSTALL.amd64</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/arm64/INSTALL.arm64">
|
|
.../OpenBSD/6.2/arm64/INSTALL.arm64</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/armv7/INSTALL.armv7">
|
|
.../OpenBSD/6.2/armv7/INSTALL.armv7</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/hppa/INSTALL.hppa">
|
|
.../OpenBSD/6.2/hppa/INSTALL.hppa</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/i386/INSTALL.i386">
|
|
.../OpenBSD/6.2/i386/INSTALL.i386</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/landisk/INSTALL.landisk">
|
|
.../OpenBSD/6.2/landisk/INSTALL.landisk</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/loongson/INSTALL.loongson">
|
|
.../OpenBSD/6.2/loongson/INSTALL.loongson</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/luna88k/INSTALL.luna88k">
|
|
.../OpenBSD/6.2/luna88k/INSTALL.luna88k</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/macppc/INSTALL.macppc">
|
|
.../OpenBSD/6.2/macppc/INSTALL.macppc</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/octeon/INSTALL.octeon">
|
|
.../OpenBSD/6.2/octeon/INSTALL.octeon</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sgi/INSTALL.sgi">
|
|
.../OpenBSD/6.2/sgi/INSTALL.sgi</a>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sparc64/INSTALL.sparc64">
|
|
.../OpenBSD/6.2/sparc64/INSTALL.sparc64</a>
|
|
</ul>
|
|
</section>
|
|
|
|
<hr>
|
|
|
|
<section id=quickinstall>
|
|
<p>
|
|
Quick installer information for people familiar with OpenBSD, and the use of
|
|
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
|
|
If you are at all confused when installing OpenBSD, read the relevant
|
|
INSTALL.* file as listed above!
|
|
|
|
<h3>OpenBSD/alpha:</h3>
|
|
|
|
<p>
|
|
Write <i>floppy62.fs</i> or <i>floppyB62.fs</i> (depending on your machine)
|
|
to a diskette and enter <i>boot dva0</i>.
|
|
Refer to INSTALL.alpha for more details.
|
|
|
|
<p>
|
|
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
|
|
will most likely fail.
|
|
|
|
<h3>OpenBSD/amd64:</h3>
|
|
|
|
<p>
|
|
If your machine can boot from CD, you can write <i>install62.iso</i> or
|
|
<i>cd62.iso</i> to a CD and boot from it.
|
|
You may need to adjust your BIOS options first.
|
|
|
|
<p>
|
|
If your machine can boot from USB, you can write <i>install62.fs</i> or
|
|
<i>miniroot62.fs</i> to a USB stick and boot from it.
|
|
|
|
<p>
|
|
If you can't boot from a CD, floppy disk, or USB,
|
|
you can install across the network using PXE as described in the included
|
|
INSTALL.amd64 document.
|
|
|
|
<p>
|
|
If you are planning to dual boot OpenBSD with another OS, you will need to
|
|
read INSTALL.amd64.
|
|
|
|
<h3>OpenBSD/arm64:</h3>
|
|
|
|
<p>
|
|
Write <i>miniroot62.fs</i> to a disk and boot from it after connecting
|
|
to the serial console. Refer to INSTALL.arm64 for more details.
|
|
|
|
<h3>OpenBSD/armv7:</h3>
|
|
|
|
<p>
|
|
Write a system specific miniroot to an SD card and boot from it after connecting
|
|
to the serial console. Refer to INSTALL.armv7 for more details.
|
|
|
|
<h3>OpenBSD/hppa:</h3>
|
|
|
|
<p>
|
|
Boot over the network by following the instructions in INSTALL.hppa or the
|
|
<a href="hppa.html#install">hppa platform page</a>.
|
|
|
|
<h3>OpenBSD/i386:</h3>
|
|
|
|
<p>
|
|
If your machine can boot from CD, you can write <i>install62.iso</i> or
|
|
<i>cd62.iso</i> to a CD and boot from it.
|
|
You may need to adjust your BIOS options first.
|
|
|
|
<p>
|
|
If your machine can boot from USB, you can write <i>install62.fs</i> or
|
|
<i>miniroot62.fs</i> to a USB stick and boot from it.
|
|
|
|
<p>
|
|
If you can't boot from a CD, floppy disk, or USB,
|
|
you can install across the network using PXE as described in
|
|
the included INSTALL.i386 document.
|
|
|
|
<p>
|
|
If you are planning on dual booting OpenBSD with another OS, you will need to
|
|
read INSTALL.i386.
|
|
|
|
<h3>OpenBSD/landisk:</h3>
|
|
|
|
<p>
|
|
Write <i>miniroot62.fs</i> to the start of the CF
|
|
or disk, and boot normally.
|
|
|
|
<h3>OpenBSD/loongson:</h3>
|
|
|
|
<p>
|
|
Write <i>miniroot62.fs</i> to a USB stick and boot bsd.rd from it
|
|
or boot bsd.rd via tftp.
|
|
Refer to the instructions in INSTALL.loongson for more details.
|
|
|
|
<h3>OpenBSD/luna88k:</h3>
|
|
|
|
<p>
|
|
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
|
|
from the PROM, and then bsd.rd from the bootloader.
|
|
Refer to the instructions in INSTALL.luna88k for more details.
|
|
|
|
<h3>OpenBSD/macppc:</h3>
|
|
|
|
<p>
|
|
Burn the image from a mirror site to a CDROM, and power on your machine
|
|
while holding down the <i>C</i> key until the display turns on and
|
|
shows <i>OpenBSD/macppc boot</i>.
|
|
|
|
<p>
|
|
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
|
|
/6.2/macppc/bsd.rd</i>
|
|
|
|
<h3>OpenBSD/octeon:</h3>
|
|
|
|
<p>
|
|
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
|
|
Refer to the instructions in INSTALL.octeon for more details.
|
|
|
|
<h3>OpenBSD/sgi:</h3>
|
|
|
|
<p>
|
|
To install, burn cd62.iso on a CD-R, put it in the CD drive of your
|
|
machine and select <i>Install System Software</i> from the System Maintenance
|
|
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
|
|
CD-ROM, and need a proper invocation from the PROM prompt.
|
|
Refer to the instructions in INSTALL.sgi for more details.
|
|
|
|
<p>
|
|
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
|
|
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
|
|
system type. Refer to the instructions in INSTALL.sgi for more details.
|
|
|
|
<h3>OpenBSD/sparc64:</h3>
|
|
|
|
<p>
|
|
Burn the image from a mirror site to a CDROM, boot from it, and type
|
|
<i>boot cdrom</i>.
|
|
|
|
<p>
|
|
If this doesn't work, or if you don't have a CDROM drive, you can write
|
|
<i>floppy62.fs</i> or <i>floppyB62.fs</i>
|
|
(depending on your machine) to a floppy and boot it with <i>boot
|
|
floppy</i>. Refer to INSTALL.sparc64 for details.
|
|
|
|
<p>
|
|
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
|
|
will most likely fail.
|
|
|
|
<p>
|
|
You can also write <i>miniroot62.fs</i> to the swap partition on
|
|
the disk and boot with <i>boot disk:b</i>.
|
|
|
|
<p>
|
|
If nothing works, you can boot over the network as described in INSTALL.sparc64.
|
|
</section>
|
|
|
|
<hr>
|
|
|
|
<section id=upgrade>
|
|
<h3>How to upgrade</h3>
|
|
<p>
|
|
If you already have an OpenBSD 6.1 system, and do not want to reinstall,
|
|
upgrade instructions and advice can be found in the
|
|
<a href="faq/upgrade62.html">Upgrade Guide</a>.
|
|
</section>
|
|
|
|
<hr>
|
|
|
|
<section id=sourcecode>
|
|
<h3>Notes about the source code</h3>
|
|
<p>
|
|
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
|
|
This file contains everything you need except for the kernel sources,
|
|
which are in a separate archive.
|
|
To extract:
|
|
<blockquote><pre>
|
|
# <kbd>mkdir -p /usr/src</kbd>
|
|
# <kbd>cd /usr/src</kbd>
|
|
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
|
|
</pre></blockquote>
|
|
<p>
|
|
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
|
|
This file contains all the kernel sources you need to rebuild kernels.
|
|
To extract:
|
|
<blockquote><pre>
|
|
# <kbd>mkdir -p /usr/src/sys</kbd>
|
|
# <kbd>cd /usr/src</kbd>
|
|
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
|
|
</pre></blockquote>
|
|
<p>
|
|
Both of these trees are a regular CVS checkout. Using these trees it
|
|
is possible to get a head-start on using the anoncvs servers as
|
|
described <a href="anoncvs.html">here</a>.
|
|
Using these files
|
|
results in a much faster initial CVS update than you could expect from
|
|
a fresh checkout of the full OpenBSD source tree.
|
|
</section>
|
|
|
|
<hr>
|
|
|
|
<section id=ports>
|
|
<h3>Ports Tree</h3>
|
|
<p>
|
|
A ports tree archive is also provided. To extract:
|
|
<blockquote><pre>
|
|
# <kbd>cd /usr</kbd>
|
|
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
|
|
</pre></blockquote>
|
|
<p>
|
|
Go read the <a href="faq/ports/index.html">ports</a> page
|
|
if you know nothing about ports
|
|
at this point. This text is not a manual of how to use ports.
|
|
Rather, it is a set of notes meant to kickstart the user on the
|
|
OpenBSD ports system.
|
|
<p>
|
|
The <i>ports/</i> directory represents a CVS checkout of our ports.
|
|
As with our complete source tree, our ports tree is available via
|
|
<a href="anoncvs.html">AnonCVS</a>.
|
|
So, in order to keep up to date with the -stable branch, you must make
|
|
the <i>ports/</i> tree available on a read-write medium and update the tree
|
|
with a command like:
|
|
<blockquote><pre>
|
|
# <kbd>cd /usr/ports</kbd>
|
|
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_2</kbd>
|
|
</pre></blockquote>
|
|
<p>
|
|
[Of course, you must replace the server name here with a nearby anoncvs
|
|
server.]
|
|
<p>
|
|
Note that most ports are available as packages on our mirrors. Updated
|
|
ports for the 6.2 release will be made available if problems arise.
|
|
<p>
|
|
If you're interested in seeing a port added, would like to help out, or just
|
|
would like to know more, the mailing list
|
|
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
|
|
</section>
|