Thank you to all the developers for such a great release! Sysupgrade went flawlessly on my cloud instances, router, and laptop host. Keep up the great work!
On Mon, Apr 10, 2023, at 6:52 AM, Theo de Raadt wrote: > > ------------------------------------------------------------------------ > - OpenBSD 7.3 RELEASED ------------------------------------------------- > > April 10, 2023. > > We are pleased to announce the official release of OpenBSD 7.3. > This is our 54th release. We remain proud of OpenBSD's record of more > than twenty years with only two remote holes in the default install. > > As in our previous releases, 7.3 provides significant improvements, > including new features, in nearly all areas of the system: > > - Various kernel improvements: > o Added waitid(2), wait for process state change. > o Added pinsyscall(2), specify the call stub for a specific system > call. > o Added getthrname(2) and setthrname(2), get or set thread name. > o Added WTRAPPED option for waitid(2) to control whether CLD_TRAPPED > state changes, i.e., ptrace(2) on a process, are reported. > o Introduced clockintr(9), a machine-independent clock interrupt > scheduler. Switched all architectures to use this new kernel > subsystem. > o Added a priority queue to clockintr(9). > o Introduced a new kern.autoconf_serial sysctl(8) that can be used > by userland to monitor state changes of the kernel device tree. > o Fixed pmap(9) bugs involving entering an executable mapping for a > page before synchronizing the data and instruction cache on arm64 > and riscv64. > o Removed copystr(9) from public API. > o Add getnsecruntime(9) to the kernel timecounting API. Together > with getbinruntime(), it provides a fast, monotonic clock that > only advances while the system is not suspended. > o Add detection for Spectre-BHB Branch History Injection > vulnerability related CLRBHB, ECBHB and CSV2_3/HCXT feature bits. > o Prevent detaching ("bioctl -d detach") of a boot volume on a RAID > managed by bioctl(8). > o On arm64, avoid using 1GB mappings for the identity map in the > early kernel bootstrap phase and when booting the secondary CPUs. > This avoids accidentally mapping memory regions that should not be > mapped (i.e. secure memory) as all mapped memory can be accessed > speculatively. > o Added arm64 detection of EPAN feature bit. Enhanced Privileged > Access Never (EPAN) allows Privileged Access Never to be used with > Execute-only mappings. > o On arm64, add a machdep.lidaction sysctl(8) for aplsmc(4) Apple > Silicon laptops. > The arm64 default for the machdep.lidaction is 1, making the > system suspend when the lid is closed. aplsmc(4) provides support > for the lid position sensor. > o Changed arm64 suspend idle loop from WFE to WFI, avoiding spurious > wakeups while other CPUs are still active. > o Added new dt(4) tracing ioctl DTIOCARGS to get the type of probe > arguments. > > - SMP Improvements > o Unlocked mmap(2), munmap(2), and mprotect(2). > o Unlocked sched_yield(2). > o Added support for per-cpu event counters, to be used for clock and > IPI counters where the event counted occurs across all CPUs in the > system. > o Moved pf(4) purge tasks out from under the kernel lock. > o Unlocked ioctl(2) SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and > SIOCGIFGLIST. > o Protected interface tables in pf(4) with PF_LOCK(), allowing > removal of NET_LOCK() protection from the ioctl(2) code path in > pf. > o Unlocked getsockopt(2) and setsockopt(2). > o Completed removing kernel lock from IPv6 read ioctls. > o Unlocked minherit(2). > o Made tun(4) and tap(4) event filters MP-safe. > o Unlocked utrace(2). > o Stopped holding the vm_map lock while flushing pages in msync(2) > and madvise(2). Prevents a 3-thread deadlock between msync(2), > page-fault and mmap(2). > o Unlocked select(2), pselect(2), poll(2), and ppoll(2). > > - Direct Rendering Manager and graphics drivers > o Updated drm(4) to Linux 6.1.15 > o amdgpu(4): Added support for Ryzen 7000 "Raphael", Ryzen 7020 > series "Mendocino", Ryzen 7045 series "Dragon Range", Radeon RX > 7900 XT/XTX "Navi 31", Radeon RX 7600M (XT), 7700S, and 7600S > "Navi 33." > o Fixed frame buffer corruption and additional bugs after wakeup on > Apple Silicon laptops and the Lenovo x13s. > o Added support for the backlight connector property to amdgpu(4) as > in inteldrm(4), making xbacklight(1) work when using the Xorg > modesetting driver. > > - VMM/VMD improvements > o Updated vmm(4) to allow guests to read MSR_HWCR and MSR_PSTATEDEF, > which is necessary to determine the TSC frequency on AMD families > 17h and 19h. > o Allocated reference for vm and vcpu SLISTs in vmm(4), keeping vmm > from triggering excessive wakeup calls while iterating through the > list of vms while servicing an ioctl(2). > o Set vmm(4) RAX guest register state based on VMCB. > o Removed locking in vmm(4) vmm_intr_pending, reducing slowdowns due > to requests for a lock held while the VM is running. > o Increased speed of delivery of interrupts to a running vcpu in > vmm(4). > o Made vmm(4) treat vcpu lists as immutable, removing the need to > reference count individual vcpu objects and use a rwlock. > o Implemented zero-copy operations on virtqueues in vmd(8). > o Provided a detailed e820 memory map when booting vmd(8) guests > with SeaBIOS. When a vm initializes memory ranges, we now track > what each range represents. This information can be used to supply > the e820 memory map to SeaBIOS via the fw_cfg interface allowing > it to properly communicate memory ranges to a guest operating > system. With this special cases in ports can be removed. > o Added thread names to vm processes in vmd(8), visible in ps(1). > o Hid the WAITPKG cpu feature from vmm(4) guests, preventing invalid > instruction exceptions. Also added WAITPKG feature identification > to i386 and amd64. > o Changed vmd(8) to only open /dev/vmm once, having the parent > process send the fd to the vmm child process. > o Restricted vmm(4) exposed cpuid extended feature flags. > o Adjusted vmd(8) error paths to avoid removal of > configuration-defined (known) VMs on error. > o Stopped being paranoid about hypervisor correct PKU handling. > Added saving and restoring guest PKRU to vmm(4). Expose the PKU > cpuid bit to the guest if in use on the host. > o Made vmd(8) scan the PCI bus to determine bootorder strings. > > - Various new userland features: > o Added kdump(1) argument support for msyscall, pledge, unveil, > __realpath, ypconnect and __tmpfd. > o Added mimmutable(2) and munmap(2) reporting to kdump(1). > o Added lastcomm(1) reporting for process kills due to execve(2) > from non-pinned syscall address. > > - Various bugfixes and tweaks in userland: > o Allow TZ to contain absolute paths starting with > /usr/share/zoneinfo. All absolute paths were ignored in 7.2 to > avoid unveil(2) violations. > o Made ldomctl(8) accept more descriptive name-based paths in > addition to number-based paths in ldom.conf(5). > o Dropped support for $rc_exec in rc.subr(8). The rc_exec function > should be used instead. > o Excluded /tmp/*.shm files from /tmp cleaning in daily(8). Removing > them interferes with programs that use shared memory via > shm_open(3). > o Added zap-to-char and zap-up-to-char to mg(1). Bound zap-to-char > to M-z. > o Fixed handling of escaped backslashes in vi(1) ex_range. > o Added support to gunzip(1) for zip files that contain a single > member. > o Fixed ed(1) to print bytes read/written and the ? prompt to > stdout, not stderr. > o Modified the vmstat view in systat(1) to measure elapsed time > using clock_gettime(2). > o Implemented periodic display in iostat(8). > o Corrected top(1) display of online CPUs which can change based on > the sysctl(2) sysctl setting. > o Added support for a personal units(1) library by passing -f > multiple times. > o Changed df(1) to round up fractional percentages. > o Fixed unbounded variable expansion in pkg-config(1). > o Switched to use llvm-strip(1) on architectures that use ld.lld(1). > o Made rc(8) reorder libraries in parallel to netstart(8), as this > does not depend on network access. > o Made rc(8) print the name of each library before relinking as a > signal to the operator that boot has not stalled. > o Added the audioctl(8) -w option to display variables periodically. > o Added short options for timeout(1) --foreground and > --preserve-status. > Added signal as a full argument name for timeout(1) -s. > o Fixed .wav files generated by aucat(1) by using extended header > format. > o In disklabel(8), use the size of the largest chunk of free space, > not the total of all such chunks, when checking for sufficient > space to add a partition. > o Extended disklabel(8) template parsing to allow "[mount point] *" > as the specification for putting the maximum available free space > into a partition. Extended command line parsing to allow "T-" as > the specification to read the template from stdin. > o Repaired disklabel(8) to check for D_VENDOR flag in d_flags, not > d_secpercyl. > o Removed remnents of DEC standard 144 bad sector code from > disklabel(8) and disktab(5). > o Removed last references to d_drivedata field from disklabel(8) > o Enhanced disklabel(8) auto allocation to use all possible free > space. > o Enhanced disklabel(8) to ensure valid partition offsets and sizes > after rounding. > o Enhanced disklabel(8) simple editor to allow '*' when the action > is 'delete'. > o Removed disklabel(8) code related to defunct disk types 'hd' and > 'svnd'. > o Repaired fdisk(8) to set the correct 'bootable' bit in GPT > partitions. > o Repaired fdisk(8) to use GPT_UUID_NBSD_UFS for NetBSD GPT > partition entries. > o Added UEFI defined GPT partition type GPT_UUID_LEGACY_MBR to the > partition types fdisk(8) recognizes. > o Enhanced fdisk(8) to avoid spurious warnings when editing unused > GPT partition. > o Fixed cdio(1) error displays and plugged a leak in the error path. > o Removed pointless :ob#0:pb#0:[tb=swap:] and :pb#N:ob#0: lines from > various disktab(5) entries. > > - Improved hardware support and driver bugfixes, including: > o Suspend/Resume improvements > - Extended arm64 suspend/resume to include support for parking > CPUs in a WFE/WFI loop. > - Put CPUs in the lowest P-state before the final suspend step, > needed for systems where we park CPUs in a low-power idle > state ourselves. > o system-on-chip devices > - Added support for the Rockchip RK3566/RK3568 SoCs. > - Added support for the Rockchip RK3568 processor. > - Added support for the RK3568 PCIe controller to dwpcie(4). > - Added qcdwusb(4), a driver controlling the interface logic > for the Synopsys DesignWare USB 3.0 controller found on > various Qualcomm Snapdragon SoCs. > - Added support for the PCIe controller on the Qualcomm > SC8280XP to dwpcie(4). > - Added qcpmicgpio(4), a driver for the GPIO block inside the > Qualcomm PMICs. > - Added qcpmic(4), a driver for the SPMI-connected PMICs found > on Qualcomm SoCs. > - Added qcspmi(4), a driver for the SPMI PMIC Arbiter found on > Qualcomm SoCs. > - Added qcpdc(4), a driver for the Qualcomm Power Domain > controller found on Qualcomm SoCs. > - Added qcpwm(4), a driver for the PWM found on Qualcomm SoCs. > - Added qcpon(4), a driver for the Qualcomm PMIC block that > hosts the powerkey and reset input. > - In rkgpio(4), handled different register layouts in modern > Rockchip SoCs as seen in the RK356x and RK3588. > - Added support for RK356x TSADC clocks to rkclock(4). > - Added GMAC-related RK356x clocks to rkclock(4). > - Added RK3588 support to rkclock(4) and rkpinctrl(4). > - Added mvortc(4), a driver for the RTC on the ARMADA 38x > series. > - Added mvodog(4), a driver for the watchdog on the ARMADA 38x > series. > - Implemented rkpinctrl(4) support for explicit routing to use > alternative pin muxings. > - Added ytphy(4), a driver for the MotorComm YT8511 PHY. > - Made rktemp(4) work on RK356x with U-Boot. > - Added initialization code for RK356x in dwpcie(4) to prevent > kernel hangs. > - Implemented setting the parent clock for RK356x in > rkclock(4). > - Added dwpcie(4) code to bring up the PCIe controller on the > RK356x. > - Added rkpciephy(4), a driver for the PCIe 3.0 PHY found on > the RK356x. > - Added rkcomphy(4), a driver for the "naneng" combo PHY found > on the RK356x (and RK3588). Only PCIe, SATA and USB3 support > are implemented. > o Improved support for Apple arm64 hardware > - Made aplhidev(4) recognize M1 laptops with touchbars and > translated Fn+(1-10,-,=) keys to F1-F12 on these systems. > - Added suspend/resume support to aplns(4). > - Implemented wakeup interrupt support in aplintc(4). > - Added suspend/resume support to control the power domain to > aplsart(4). > - Made the power button function as a wakeup button during > suspend in aplsmc(4). > - Added aplpwm(4), a driver for the PWM controller found on > Apple Silicon. > - Improve Apple support by increasing the apliic(4) transfer > completion timeout to 100ms to accommodate USB Type-C PD > chips. > - Added tipd(4), a driver fixing USB hotplug of type-C > connectors on Apple Silicon hardware. > - Improved aplpmu(4) range check to protect against overflow. > - Added aplefuse(4), a driver for the eFuses on Apple Silicon > SoCs. > - Enabled aplpcie(4) power management for PCI devices. > - Disable the screen backlight with aplsmc(4) on Apple Silicon > laptops when the lid is closed. > o X13s support > - Worked around incomplete ACPI tables on the Lenovo x13s by > loading the alternate device tree binaries from disk. > - Set console output to the framebuffer on Lenovo x13s > machines. > - Made the USB ports work after a suspend/resume cycle on the > x13s. > o Improved audio devices > - Made aplaudio(4) calculate the bit clock based on numbers of > channels, bytes/sample and sample rate. > - Set sncodec(4) and tascodec(4) default volume to -30dB > instead of the hardware default of 0dB (maximum). > - Added sncodec(4), a driver for the TI SNO12776/TAS2764 > digital amplifier. > o Other changes > - Added support for the Wacom One M CTL-672 tablet to > uwacom(4). > - Hooked up the same USB device drivers on riscv64 as done in > the arm64 architecture kernel. > Enabled access to usb(4), ugen(4), ulpt(4), ucom(4) and > ujoy(4). > - Added uftdi(4) support for FTDI FT232R. > - Added uhidpp(4) support for Bolt receivers and the Unified > Battery feature often found on newer Logitech HID++ hardware. > - Converted more RTC drivers to use todr_attach(). Quality of > the RTC is set such that "discrete" RTC chips are preferred > over RTCs integrated on a SoC. > - Added support for the DS1339 RTC as found on the PiJuice. > - Added qcrtc(4), a driver for the RTC found on Qualcomm PMICs. > - Improved qcrtc(4) RTC reliability. > - Added cursor back tab support to wscons(4) VT100 emulation. > Added aixterm bright color sequences (SGR 90-97 and 100-107). > - Added missing wscons(4) bounds checks when processing > terminal escape sequences. > - Replaced broken UTF-8 logic in wscons(4) with a better one > borrowed from Citrus. > - Introduced pijuice(4), an apm/sensor driver for the PiJuice > HAT UPS. > - Added pwmleds(4), a driver for PWM controlled LEDs. > - Implemented dwpcie(4) support for the (optional) MSI > controller of the Synopsys DesignWare PCIe host bridge. > - Added icc(4) driver for I2C Consumer Control devices. > - Prevented a possible crash when a ugen(4) device is detached. > - Implemented wakeup interrupt handling in agintc(4). > - Enabled pcagpio(4) and pcamux(4), making the SFP port on the > ClearFog Base (CN9130) work. > - Adopted a workaround for a bug in the ARM generic timer on > the A64, disabling userland timecounter support on affected > hardware pending a similar libc workaround. > - Made amd64 cpuid recognize protection keys for Protection Key > Supervisor (PKS). > - Implemented access to EFI variables ESRT through an ioctl(2) > interface compatible with what FreeBSD and NetBSD have. > Created /dev/efi on amd64 and arm64. > - Added dwge(4) support for "enhanced descriptor" mode found on > some variants of the Synopsys DesignWare GMAC. > - Removed the elansc(4) driver for AMD Elan SC520 System > Controller. > - Made ppb(4) bus range available after detaching, fixing > unplugging and replugging thunderbolt devices that were > plugged in when the machine was booted. > - Reworked the arm64 architecture cpu_init_secondary() function > to allow use for both initial powerup and wakeup from deeper > sleep states. > - Added ufshci(4), a driver for Universal Flash Storage (UFS) > Host Controllers. > - Added scmi(4), a driver for the ARM System Control and > Management Interface. > - Added support for the Shenzhen Tangcheng Technology TCS4525 > voltage regulator to fanpwr(4). > - Added psci(4) (ARM Power State Coordination Interface) > support for available deep idle states as advertised in > device trees. > - Added eephy(4), found on the Turris Omnia WAN port, to armv7. > - Added polling to tipmic(4) driver when starting from a cold > boot, fixing a hang on boot. > - Added a workaround for Intel Braswell/Cherry Trail mwait > hang. > - Added the Armada 380 temperature sensor to mvtemp(4) and > enabled the driver on armv7. > > - New or improved network hardware support: > o Enabled em(4) IPv4, TCP and UDP checksum offloading and hardware > VLAN tagging on devices with 82575, 82576, i350 and i210 chipsets. > o Improved mcx(4) performance by using interrupt-based command > completion. > o Fixed a panic seen with rge(4) RTL8125 with MCLGETL. > o Add dwqe(4), a driver for the Synopsys DesignWare Ethernet QoS > controller used on the NXP i.MX8MP, the Rockchip RK35xx series and > Intel Elkhart Lake. > o Worked around an issue on the StarFive JH7100 SoC to make dwge(4) > Ethernet work reliably on the StarFive VisionFive 1 board. > o In mvneta(4), passed MII flags depending on the phy mode specified > in the device tree, making the WAN port work on the Turris Omnia. > > - Added or improved wireless network drivers: > o Bumped tsleep timeout for bwfm(4) PCI devices to help prevent > failures loading firmware, particularly on Apple M2 laptops. > o Implemented alternative mailbox handling mechanism required by > newer bwfm(4) firmware. > o Fixed bwfm(4) issues with suspend/resume and possible firmware > crashes on the M2 MacBook Air. > o Prevented an iwx(4) firmware error when authentication to the AP > times out. > o Fixed a crash in iwx(4) when connecting to WEP networks via > ifconfig(8) join. > o Fixed an alignment issue in iwx(4) Rx descriptors. > o Avoided trying to remove keys while doing crypto in hardware if > the station is not active in iwx(4) firmware, fixing a firmware > panic. > o Prevented potential panics by disallowing the iwx(4) init task > from running in parallel to wakeup code during resume. > o Switched all iwx(4) devices to -77 firmware images. > o Upgraded firmware images for iwm(4) 9260 and 9560 devices. > o Made iwx(4) get the primary channel number from AP beacon info, > preventing problems on 40/80Mhz channels if there is a mismatch. > o Fixed iwx(4) session protection event duration. > > - IEEE 802.11 wireless stack improvements and bugfixes: > o Made net80211 drop beacons received on secondary HT/VHT channels, > preventing iwm(4) firmware panics and making association work with > 11ac APs which transmit beacons on channels other than their > primary. > o Made WEP encryption work on bwfm(4). > > - Installer, upgrade and bootloader improvements: > o Made installer answers ! and (S)hell drop into a ksh(1) > environment rather than the more limited sh(1). > o Added support for configuring interfaces by lladdr (MAC). > o Made the installer skip interface configuration questions when no > interfaces are available. > o Fixed resizing partitions on an auto-allocated disk that had a > boot partition. > o Stopped the installer from asking to initialize disks that have > softraid(4) chunks. > o Made efiboot fdt support device trees with NOPs in them (like the > kernel version). > o Improved the default choice for the installer's install media disk > question to show the first disk that (a) is not the root disk and > (b) is not a disk with softraid chunks (hosting the root disk, for > example). > o Stopped offering WEP in the installer if not supported. > o Fixed lock file error on installer exit/abort. > o Made installboot(8) -p support softraid(4). > o Made installboot(8) silently skip softraid(4) keydisks. > o Fixed passing explicit stages files to installboot(8). > o Added mount_nfs(8) to the sparc64 installer, to fetch sets over > NFS. > o Copy the apple-boot firmware to EFI system partition, enabling > automatic bootloader updates on Apple Silicon computers. > o Made the installer stop printing MD post installation instructions > on upgrades. > o Made it possible to set keyboard layout(s) in arm64's installer. > o Added initial support in the installer for guided disk encryption > for amd64, i386, riscv64 and sparc64. > o Added passing of boot device information from the bootloader to > the kernel on luna88k. > o Switched luna88k boot loader to MI boot code. > o Made the luna88k bootloader display a puffy boot logo. > o Made ls(1) work correctly in the luna88k bootloader. > o Made time(1) work correctly in the luna88k bootloader. > o Removed dangerous user-settable "addr" variable from MI > bootloader, only compiling tty-related code on platforms where it > makes sense for the bootloader to control it. > o Added "machine poweroff" command on luna88k bootloader. > o Switched alpha to machine-independent boot blocks. > o Switched all architectures' ramdisks (except alpha's and > luna88k's) to use installboot(8) -p. > o Fixed ofwboot OpenFirmware map call to unbreak boot on some > machines. > o Reduced ofwboot.net size after libz update to unbreak netboot on > some machines. > o Made riscv64 bootloader support boot from RAID 1C softraid > volumes. > o Made installboot(8) support softraid(4) on riscv64. > o Stopped creating defunct Vax (ra, rx), HP-300 (hd) and Sparc (xy, > xd) devices in /dev. > > - Security improvements: > o Permissions (RWX, MAP_STACK, etc.) on address space regions can be > made immutable, so that mmap(2), mprotect(2) or munmap(2) fail > with EPERM. Most of the program static address space is now > automatically immutable (main program, ld.so, main stack, > load-time shared libraries, and dlopen()'d libraries mapped > without RTLD_NODELETE). Programmers can request non-immutable > static data using the "openbsd.mutable" section, or manually bring > immutability to (page aligned heap objects) using mimmutable(2). > The main internal data of malloc(3) is marked immutable. > o Some architectures now have non-readable code ("xonly"), both from > the perspective of userland reading its own memory, or the kernel > trying to read memory in a system call. Many sloppy practices in > userland code had to be repaired to allow this. The linker > (ld.lld(1)) option --execute-only is enabled by default. In order > of development: arm64, riscv64, hppa, amd64, powerpc64, powerpc > (G5 only), octeon, and sparc64 (sun4u only; unfinished). > o On all architectures which lack hardware-enforcement of xonly, > system calls are now prevented from reading (via > copyin(9)/copyinst) inside the program's main text, ld.so text, > sigtramp text, or libc.so text. > o These can still benefit from switching to --execute-only binaries > if the cpu generates different traps for instruction-fetch versus > data-fetch. The VM system will not allow memory to be read before > it was executed which is valuable together with library relinking. > Architectures switched over include loongson. > o ld.so(1) and crt0 register the location of the execve(2) stub with > the kernel using pinsyscall(2), after which the kernel only > accepts an execve call from that specific location. > o Added execve(2) violations of pinsyscall(2) policy to the daily > mail, available by setting rc.conf.local(5) accounting=YES. > o Added retguard (consistency-check the return address on the stack) > to amd64 syscalls. > o sshd random relinking at boot: Randomly relink and install > sshd(8), resulting in a sshd binary with unknown address layout > after every reboot. > o Add another mitigation against classic BROP on systems without > execute-only mmu hardware-enforcement. A range-checking wrapper in > front of copyin(9) and copyinstr(9) ensures the userland source > address doesn't overlap the main program text and other text > segments, thereby making these address ranges unreadable to the > kernel. No programs have been discovered which require reading > their own text segments with a system call. > o On arm64, introduce mitigation of the Spectre-BHB (Branch History > Injection) CPU vulnerability by using core-specific trampoline > vectors. > o Enabled the arm64 Data Independent Timing (DIT) feature in both > the kernel and userland on CPUs that support it to mitigate timing > side-channel attacks. > > - Changes in the network stack: > o Made /dev/pf a clonable device to better track kernel resources > used by processes. > o Modified TCP receive buffer size auto-scaling to use the smoothed > RTT (SRTT) instead of the timestamp option, which improves > performance on high latency networks if the timestamp option isn't > available. > o Relaxed the requirement for multicast support of interfaces for > configuring IPv6. This allows non-multicast interfaces such as > point-to-point interfaces and the NBMA / point-to-multipoint > interfaces like mpe(4), mgre(4) and wg(4) to work with IPv6. > o Use the new getnsecruntime(9) timer to check the TCP_KEEPALIVE > timer only against the system runtime, not the uptime. Prevents > TCP connections to fail after waking up from suspend. > o Used stoeplitz (symmetric Toeplitz hash algorithm) to generate a > hash/flowid for pf(4) state keys. With this change, pf will hash > traffic the same way that hardware using a stoeplitz key will hash > incoming traffic on rings. stoeplitz is also used by the TCP stack > to generate a flow id, which is used to pick which transmit ring > is used on nics with multiple queues, too. Using the same > algorithm throughout the stack encourages affinity of packets to > rings and softnet threads the whole way through. > o Prevented possible kernel crashes by dropping TCP packets with > destination port 0 in pf(4) and the stack. > o Fixed an endian swap bug causing problems with vlan(4) on em(4) > sparc64 systems. > o Denied "pipex no" tunnel setting for pppx(4) interfaces. > o Fixed pfsync(4) crashing on pf_state_key removal. > o Fixed a panic in pfsync(4) when there is no data ready for bulk > transfer. > o Turned off TCP Segmentation Offload (TSO) if interface is added to > layer 2 devices. > o Improved vnet(4) to work better in busy conditions. > o Added a bpf(4) timeout (BIOCSWTIMEOUT) between capturing a packet > and making the buffer readable, preventing, for example, pflogd(8) > waking every half second even if there is nothing to read. By > default this buffer is infinite and must be filled to become > readable. > o Avoided enabling TSO on interfaces which are already attached to a > bridge. > > - Routing daemons and other userland network improvements: > o IPsec support was improved: > - Added iked(8) support for configuring multiple name servers. > - Synced proc.c from vmd(8) to iked(8) to enable fork + exec > for all processes. This gives each process a fresh and unique > address space to further improve randomization of ASLR and > stack protector. > o In bgpd(8), bgpctl(8) and bgplgd(8): > - Improved performance by optimising the output filters. > - Add Autonomous System Provider Authorization (ASPA) > validation based on draft-ietf-sidrops-aspa-verification-12 > - Introduce avs (ASPA validation state) filter and bgpctl > filter argument. > - Add ASPA support for the RTR protocol based on > draft-ietf-sidrops-8210bis-10. > - Improve open policy (RFC 9234) support and enable the > capability automatically if a role is specified for the peer. > - Introduce a per-neighbor 'role' configuration option to > specify the session role used by ASPA verification and the > open policy capability. The 'announce policy' statement was > simplified at the same time. > - Improve startup behaviour by introducing a small delay before > opening the connection to a new peer. > - Support for aspa-set table config which can be provided by > rpki-client(8). > - Make it possible to filter the RIB by invalid and leaked > prefixes in bgpctl and bgplgd. > - Add OpenMetrics output to bgpctl for various BGP statistics > and add /metrics endpoint to bgplgd. > - Fix of incorrect length checks that allowed an out-of-bounds > read in bgpd. > o rpki-client(8) saw some changes: > - Add a new '-H' command line option to create a shortlist of > repositories to synchronize to. For example, when invoking > "rpki-client -H rpki.ripe.net -H chloe.sobornost.net", the > utility will not connect to any other hosts other than the > two specified through the -H option. > - Add support for validating Geofeed (RFC 9092) authenticators. > To see an example download https://sobornost.net/geofeed.csv > and run "rpki-client -f geofeed.csv" > - Add support for validating Trust Anchor Key (TAK) objects. > TAK objects can be used to produce new Trust Anchor Locators > (TALs) signed by and verified against the previous Trust > Anchor. See draft-ietf-sidrops-signed-tal for the full > specification. > - Log lines related to RRDP/HTTPS connection problems now > include the IP address of the problematic endpoint (in > brackets). > - Improve the error message when an invalid filename is > encountered in the rpkiManifest field in the Subject Access > Information (SIA) extension. > - Emit a warning when unexpected X.509 extensions are > encountered. > - Restrict the ROA ipAddrBlocks field to only allow two > ROAIPAddressFamily structures (one per address family). See > draft-ietf-sidrops-rfc6482bis. > - Check the absence of the Path Length constraint in the Basic > Constraints extension. > - Restrict the SIA extension to only allow the signedObject and > rpkiNotify accessMethods. > - Check that the Signed Object access method is present in ROA, > MFT, ASPA, TAK, and GBR End-Entity certificates. > - In addition to the 'rsync://' scheme, also permit other > schemes (such as 'https://') in the SIA signedObject access > method. > - Check that the KeyUsage extension is set to nothing but > digitalSignature on End-Entity certificates. > - Check that the KeyUsage extension is set to nothing but > keyCertSign and CRLSign on CA certificates. > - Check that the ExtendedKeyUsage extension is absent on CA > certificates. > - Fix a bug in the handling of the port of http_proxy. > - The '-r' command line option has been deprecated. > - Filemode (-f) output is now presented as a text based table. > - The 'expires' key in the JSON/CSV/OpenBGPD output formats is > now calculated with more accuracy. The calculation takes into > account the nextUpdate value of all intermediate CRLs in the > signature path towards the trust anchor, in addition to the > expiry moment of the leaf-CRL and CAs. > - Handling of CRLs and Manifests in the face of inconsistent > RRDP delta publications has been improved. A copy of an > alternative version of the applicable CRL is kept in the > staging area of the cache directory, in order to increase the > potential for establishing a complete publication point, in > cases where a single publication point update was smeared > across multiple RRDP delta files. > - The OpenBGPD configuration output now includes validated > Autonomous System Provider Authorization (ASPA) payloads as > an 'aspa-set {}' configuration block. > - When rpki-client is invoked with increased verbosity ('-v'), > the current RRDP Serial and Session ID are shown to aid > debugging. > - Self-signed X.509 certificates (such as Trust Anchor > certificates) now are considered invalid if they contain an > X.509 AuthorityInfoAccess extension. > - Signed Objects where the CMS signing-time attribute contains > a timestamp later then the X.509 certificate's notAfter > timestamp are considered invalid. > - Manifests where the CMS signing-time attribute contains a > timestamp later then the Manifest eContent nextUpdate > timestamp are considered invalid. > - Any objects whose CRL Distribution Points extension contains > a CRLIssuer, CRL Reasons, or nameRelativeToCRLIssuer field > are considered invalid in accordance with RFC 6487 section > 4.8.6. > - For every X.509 certificate the SHA-1 of the Subject Public > Key is calculated and compared to the Subject Key Identifier > (SKI). If a mismatch is found the certificate is not trusted. > - Require the outside-TBS signature OID for every X.509 > intermediate CA certificate and CRL to be > sha256WithRSAEncryption. > - Require the RSA key pair modulus and public exponent > parameters to strictly conform to the RFC 7935 profile. > - Ensure there is no trailing garbage present in Signed Objects > beyond the self-embedded length field. > - Require RRDP Session IDs to strictly be version 4 UUIDs. > - When decoding and validating an individual RPKI file using > filemode (rpki-client -f file), display the signature path > towards the trust anchor and the timestamp when the signature > path will expire. > - When decoding and validating an individual RPKI file using > filemode (rpki-client -f file), display the optional CMS > signing-time, non-optional X.509 notBefore timestamp and > non-optional X.509 notAfter timestamp. > o Updated zlib to 1.2.13. > o Fixed a long-standing bug in a libreadline header that broke the > interactive Python command line interface. > o Switched tftpd(8) to default to read-only unless -w is specified > for write access (the previous default). > o Stopped printing the prompt for non-interactive usage of tftp(1). > o Changed rarpd(8) to only unveil /tftpboot if -t is specified. > o Added client certificate authentication and an optional SASL > EXTERNAL bind to ypldap(8). > o Adjusted ipv6 address width to align the display columns better in > the output of ndp(8), route(8) and netstat(1) as already available > in systat(1)'s netstat. > o Used stravis(3) to sanitize redirect URIs from ftp(1) fetch before > printing. > o Prevent an unwind(8) crash when a TCP query is larger than the > length field indicated. > o Preserve the original order of nameservers as configured via > resolv.conf(5) in resolvd(8). > o Restrict the characters allowed in the hostname argument of > getaddrinfo(3) to the set [A-z0-9-_.]. Additionally, two > consecutive dots ('.') are not allowed nor can the string start > with - or '.'. This removes characters like '$', '`', '\n' or '*' > that can traverse the DNS without problems but have special > meaning as in a shell. > o Fixed a number of out of bounds reads in DNS response parsing of > the async DNS resolver in libc. > o Added ifconfig(8) -M (mac) to find the mac address on an interface > and print it. > o Added support for configuring interfaces by lladdr to support > interface configurations bound to a specific hardware device. The > "if" part of the hostname.if(5) configuration file can now be a > MAC address. > o Limited display of wireguard peers by ifconfig(8) to when either a > wireguard interface is specified or the flag "-A" is used. > o Implemented the RFC 8781 PREF64 router advertisement option in > rad(8) which is used to communicate NAT64 prefixes to hosts. > o Moved the documentation of flag mappings displayed by "route show" > from the netstat(1) manpage to route(8). > o Improvements in nc(1): > - Stop claiming connection success in UDP mode unless true. > - Do not test the connection in non-interactive mode. The test > writes characters to the socket which can corrupt data that > is possibly piped into nc. > - Some refactoring and code cleanup. > o Improvements in acme-client(1): > - Added support for newlines inside the alternative names block > in acme-client.conf(5). > - Use proper data structures for retrieving subject alternative > names in certificates rather than printing them to a buffer > and tokenizing and parsing the undocumented string. > - Simplified, corrected and modernized the use of libcrypto > interfaces. > - Plugged various memory leaks. > - Use ASN1_TIME_to_tm(3) instead of a poor man's hand-rolled > version of it. > - Use timegm(3) instead of mktime(3) to eliminate time-zone > variation. > - Encode Subject Alternative Name (SAN) entries before > printing. > - Prevent acme-client(1) from leaking an http get request when > receiving a redirect without a location header. > o Prevented smtpd(8) abort due to a connection from a local, scoped > ipv6 address. > o Fixed a potential NULL dereference in the unpriv child expanding > %{mda} in smtpd(8). > o Corrected the order of arguments for calls to shutdown(2) on the > route socket of slaacd(8), dhcpleased(8) and unwind(8). > o Made route(8) sourceaddr print the used addresses for inet and > inet6, or "default" if no sourceaddr is set and the default > algorithm is used. > o Added -mpls option to the route(8) monitor command. It can be used > to restrict displayed route messages to the mpls address family. > o Fixed rsync(1) handling of port numbers in > rsync://host[:port]/module URLS. > o Made tcpdrop(8) accept netstat-style address.port syntax. > o Ensured pfctl(8) correctly adds addresses to the > undefined/inactive table. > o Switched tftpd(8) to default to read-only unless -w is specified > for write access (the previous default). > o Changed rarpd(8) to only unveil /tftpboot if -t is specified. > o Fixed the DIOCIGETIFACES ioctl so all network interfaces and > interface groups are reported in pfctl(8). > > - tmux(1) improvements and bug fixes: > o Added scroll-top and scroll-bottom tmux(1) commands to scroll so > cursor is at the top or bottom respectively. > o Added a -T flag to tmux(1) capture-pane to capture up to the last > used cell and not the full width of the pane. > o Preserved the marked pane when renumbering windows in tmux(1). > o Added modified tab key sequences to tmux(1). > o Changed tmux(1) to only set the extended flag when searching, > which allows send-keys to work. > o Added a -l flag to tmux(1) display-message to disable format > expansion. > o Fixed a tmux(1) crash when there are no window buffers. > o Fixed tmux(1) C-S-Tab without extended keys. > o Added tmux(1) send-keys -K to handle keys directly as if typed. > o Made tmux(1) tty-keys accept \007 as terminator to OSC 10 or 11. > o Made tmux(1) recognize pasted texts wrapped in bracket paste > sequences, rather than only forwarding to the program inside. > o Supported -1 without -N for list-keys in tmux(1). > o Added a flag to tmux(1) display-menu to select the menu item > chosen first. > o Added Backtab key support to tmux(1) > o Disallowed multiple consecutive line separators in tmux(1) menu. > o Extended display-message to work for control clients in tmux(1). > o Added -f to list-clients in tmux(1). > o Added a tmux(1) L modifier like P, W, S to loop over clients. > > - LibreSSL version 3.7.2 > o New features > - Added Ed25519 support both as a primitive and via OpenSSL's > EVP interfaces. > - X25519 is now also supported via EVP. > - The OpenSSL 1.1 raw public and private key API is available > with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and > EVP_PKEY_X25519. Poly1305 is not currently supported via this > interface. > - Added EVP_CIPHER_meth_*() setter API. > - Added various X.509 accessor functions. > o Compatibility changes > - BIO_read() and BIO_write() now behave more closely to OpenSSL > 3 in various corner cases. > o Bug fixes > - Added EVP_chacha20_poly1305() to the list of all ciphers. > - Fixed potential leaks of EVP_PKEY in various printing > functions > - Fixed potential leak in OBJ_NAME_add(). > - Avoid signed overflow in i2c_ASN1_BIT_STRING(). > - Cleaned up EVP_PKEY_ASN1_METHOD related tables and code. > - Fixed long standing bugs BN_GF2m_poly2arr() and > BN_GF2m_mod(). > - Fixed segfaults in BN_{dec,hex}2bn(). > - Fixed NULL dereference in x509_constraints_uri_host() > reachable only in the process of generating certificates. > - Fixed a variety of memory corruption issues in BIO chains > coming from poor old and new API: BIO_push(), BIO_pop(), > BIO_set_next(). > - Avoid potential divide by zero in BIO_dump_indent_cb() > - Fixed a memory leak, a double free and various other issues > in BIO_new_NDEF(). > - Fixed various crashes in the openssl(1) testing utility. > - Do not check policies by default in the new X.509 verifier. > - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse. > - Added missing error checking in PKCS7. > - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). > o Documentation improvements > - Numerous improvements and additions for ASN.1, BIO, BN, and > X.509. > - The BN documentation is now considered to be complete. > - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), > BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and > BIO_dump_indent_cb(3) as intentionally undocumented. > - Documented various BIO_* interfaces. > - Documented ED25519_keypair(3), ED25519_sign(3), and > ED25519_verify(3). > - Documented EVP_PKEY raw private/public key interfaces. > - Documented ASN1_buf_print(3). > - Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and > RSA_get0_*. > - Merged documentation of UI_null() from OpenSSL 1.1 > - Various spelling and other documentation improvements. > o Internal improvements > - Remove dependency on system timegm() and gmtime() by > replacing traditional Julian date conversion with POSIX > epoch-seconds date conversion from BoringSSL. > - Removed old and unused BN code dealing with primes. > - Started rewriting name constraints code using CBS. > - Removed support for the HMAC PRIVATE KEY. > - Reworked DSA signing and verifying internals. > - Rewrote the TLSv1.2 key exporter. > - Cleaned up and refactored various aspects of the legacy TLS > stack. > - Initial overhaul of the BIGNUM code: > # Added a new framework that allows architecture-dependent > replacement implementations for bignum primitives. > # Imported various s2n-bignum's constant time assembly > primitives and switched amd64 to them. > # Lots of cleanup, simplification and bug fixes. > - Changed Perl assembly generators to move constants into > .rodata, allowing code to run with execute-only permissions. > - Capped the number of iterations in DSA and ECDSA signing > (avoiding infinite loops), added additional sanity checks to > DSA. > - ASN.1 parsing improvements. > - Cleanup and improvements in EC code, including always > clearing EC groups and points on free. > - Various openssl(1) improvements. > - Various nc(1) improvements. > o Security fixes > - A malicious certificate revocation list or timestamp response > token would allow an attacker to read arbitrary memory. > > - OpenSSH 9.3 and OpenSSH 9.2 > This release of OpenBSD includes the changes made to OpenSSH since > release 9.1: > o Security > - ssh-add(1): when adding smartcard keys to ssh-agent(1) with > the per-hop destination constraints (ssh-add -h ...) added in > OpenSSH 8.9, a logic error prevented the constraints from > being communicated to the agent. This resulted in the keys > being added without constraints. The common cases of > non-smartcard keys and keys without destination constraints > are unaffected. This problem was reported by Luci Stanescu. > - ssh(1): Portable OpenSSH provides an implementation of the > getrrsetbyname(3) function if the standard library does not > provide it, for use by the VerifyHostKeyDNS feature. A > specifically crafted DNS response could cause this function > to perform an out-of-bounds read of adjacent stack data, but > this condition does not appear to be exploitable beyond > denial-of-service to the ssh(1) client. > The getrrsetbyname(3) replacement is only included if the > system's standard library lacks this function and portable > OpenSSH was not compiled with the ldns library (--with-ldns). > getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS > to fetch SSHFP records. This problem was found by the > Coverity static analyzer. > - sshd(8): fix a pre-authentication double-free memory fault > introduced in OpenSSH 9.1. This is not believed to be > exploitable, and it occurs in the unprivileged pre-auth > process that is subject to chroot(2) and is further sandboxed > on most major platforms. > - ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen > option would ignore its first argument unless it was one of > the special keywords "any" or "none", causing the permission > list to fail open if only one permission was specified. > bz3515 > - ssh(1): if the CanonicalizeHostname and > CanonicalizePermittedCNAMEs options were enabled, and the > system/libc resolver did not check that names in DNS > responses were valid, then use of these options could allow > an attacker with control of DNS to include invalid characters > (possibly including wildcards) in names added to known_hosts > files when they were updated. These names would still have to > match the CanonicalizePermittedCNAMEs allow-list, so > practical exploitation appears unlikely. > o Potentially-incompatible changes > - ssh(1): add a new EnableEscapeCommandline ssh_config(5) > option that controls whether the client-side ~C escape > sequence that provides a command-line is available. Among > other things, the ~C command-line could be used to add > additional port-forwards at runtime. > This option defaults to "no", disabling the ~C command-line > that was previously enabled by default. Turning off the > command-line allows platforms that support sandboxing of the > ssh(1) client (currently only OpenBSD) to use a stricter > default sandbox policy. > o New features > - ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 > when outputting SSHFP fingerprints to allow algorithm > selection. bz3493 > - sshd(8): add a `sshd -G` option that parses and prints the > effective configuration without attempting to load private > keys and perform other checks. This allows usage of the > option before keys have been generated and for configuration > evaluation and verification by unprivileged users. > - sshd(8): add support for channel inactivity timeouts via a > new sshd_config(5) ChannelTimeout directive. This allows > channels that have not seen traffic in a configurable > interval to be automatically closed. Different timeouts may > be applied to session, X11, agent and TCP forwarding > channels. > - sshd(8): add a sshd_config UnusedConnectionTimeout option to > terminate client connections that have no open channels for a > length of time. This complements the ChannelTimeout option > above. > - sshd(8): add a -V (version) option to sshd like the ssh > client has. > - ssh(1): add a "Host" line to the output of ssh -G showing the > original hostname argument. bz3343 > - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) > to allow control over some SFTP protocol parameters: the copy > buffer length and the number of in-flight requests, both of > which are used during upload/download. Previously these could > be controlled in sftp(1) only. This makes them available in > both SFTP protocol clients using the same option character > sequence. > - ssh-keyscan(1): allow scanning of complete CIDR address > ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is > passed, then it will be expanded to all possible addresses in > the range including the all-0s and all-1s addresses. bz#976 > - ssh(1): support dynamic remote port forwarding in escape > command-line's -R processing. bz#3499 > o Bugfixes > - scp(1), sftp(1): fix progressmeter corruption on wide > displays; bz3534 > - ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing > usability of private keys as some systems are starting to > disable RSA/SHA1 in libcrypto. > - sftp-server(8): fix a memory leak. GHPR363 > - ssh(1), sshd(8), ssh-keyscan(1): remove vestigial protocol > compatibility code and simplify what's left. > - Fix a number of low-impact Coverity static analysis findings. > These include several reported via bz2687 > - ssh_config(5), sshd_config(5): mention that some options are > not first-match-wins. > - Rework logging for the regression tests. Regression tests > will now capture separate logs for each ssh and sshd > invocation in a test. > - ssh(1): make `ssh -Q CASignatureAlgorithms` work as the > manpage says it should; bz3532. > - ssh(1): ensure that there is a terminating newline when > adding a new entry to known_hosts; bz3529 > - ssh(1): when restoring non-blocking mode to stdio fds, > restore exactly the flags that ssh started with and don't > just clobber them with zero, as this could also remove the > append flag from the set. bz3523 > - ssh(1): avoid printf("%s", NULL) if using > UserKnownHostsFile=none and a hostkey in one of the system > known hosts file changes. > - scp(1): switch scp from using pipes to a socket-pair for > communication with its ssh sub-processes, matching how > sftp(1) operates. > - sshd(8): clear signal mask early in main(); sshd may have > been started with one or more signals masked (sigprocmask(2) > is not cleared on fork/exec) and this could interfere with > various things, e.g. the login grace timer. Execution > environments that fail to clear the signal mask before > running sshd are clearly broken, but apparently they do > exist. > - ssh(1): warn if no host keys for hostbased auth can be > loaded. > - sshd(8): Add server debugging for hostbased auth that is > queued and sent to the client after successful > authentication, but also logged to assist in diagnosis of > HostbasedAuthentication problems. bz3507 > - ssh(1): document use of the IdentityFile option as being > usable to list public keys as well as private keys. GHPR352 > - sshd(8): check for and disallow MaxStartups values less than > or equal to zero during config parsing, rather than failing > later at runtime. bz3489 > - ssh-keygen(1): fix parsing of hex cert expiry times specified > on the command-line when acting as a CA. > - scp(1): when scp(1) is using the SFTP protocol for transport > (the default), better match scp/rcp's handling of globs that > don't match the globbed characters but do match literally > (e.g. trying to transfer a file named "foo.[1]"). Previously > scp(1) in SFTP mode would not match these pathnames but > legacy scp/rcp mode would. bz3488 > - ssh-agent(1): document the "-O no-restrict-websafe" > command-line option. > - ssh(1): honour user's umask(2) if it is more restrictive then > the ssh default (022). > > - Ports and packages: > o Pre-built packages are available for the following architectures on > the day of release: > - aarch64 (arm64): 11561 > - amd64: 11764 > - i386: 10572 > - mips64: 8936 > - powerpc64: 8474 > - riscv64: 10191 > - sparc64: 9325 > o Packages for the following architectures will be made available as > their builds complete: > - arm > - powerpc > > - Some highlights: > > o Asterisk 16.30.0, 18.17.0 and o Mozilla Thunderbird 102.9.0 > 20.2.0 o Mutt 2.2.9 and NeoMutt 20220429 > o Audacity 3.2.5 o Node.js 18.15.0 > o CMake 3.25.2 o OCaml 4.12.1 > o Chromium 111.0.5563.110 o OpenLDAP 2.6.4 > o Emacs 28.2 o PHP 7.4.33, 8.0.28, 8.1.16 and > o FFmpeg 4.4.3 8.2.3 > o GCC 8.4.0 and 11.2.0 o Postfix 3.5.17 and 3.7.3 > o GHC 9.2.7 o PostgreSQL 15.2 > o GNOME 43.3 o Python 2.7.18, 3.9.16, 3.10.10 > o Go 1.20.1 and 3.11.2 > o JDK 8u362, 11.0.18 and 17.0.6 o Qt 5.15.8 and 6.4.2 > o KDE Applications 22.12.3 o R 4.2.1 > o KDE Frameworks 5.103.0 o Ruby 3.0.5, 3.1.3 and 3.2.1 > o Krita 5.1.5 o Rust 1.68.0 > o LLVM/Clang 13.0.0 o SQLite 2.8.17 and 3.41.0 > o LibreOffice 7.5.1.2 o Shotcut 22.12.21 > o Lua 5.1.5, 5.2.4, 5.3.6 and o Sudo 1.9.13.3 > 5.4.4 o Suricata 6.0.10 > o MariaDB 10.9.4 o Tcl/Tk 8.5.19 and 8.6.13 > o Mono 6.12.0.182 o TeX Live 2022 > o Mozilla Firefox 111.0 and o Vim 9.0.1388 and Neovim 0.8.3 > ESR 102.9.0 o Xfce 4.18 > > - As usual, steady improvements in manual pages and other documentation. > > - The system includes the following major components from outside suppliers: > o Xenocara (based on X.Org 7.7 with xserver 21.1.6 + patches, > freetype 2.12.1, fontconfig 2.14, Mesa 22.3.4, xterm 378, > xkeyboard-config 2.20, fonttosfnt 1.2.2, and more) > o LLVM/Clang 13.0.0 (+ patches) > o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) > o Perl 5.36.0 (+ patches) > o NSD 4.6.1 > o Unbound 1.17.0 > o Ncurses 5.7 > o Binutils 2.17 (+ patches) > o Gdb 6.3 (+ patches) > o Awk September 12, 2022 version > o Expat 2.5.0 > > ------------------------------------------------------------------------ > - SECURITY AND ERRATA -------------------------------------------------- > > We provide patches for known security threats and other important > issues discovered after each release. Our continued research into > security means we will find new security problems -- and we always > provide patches as soon as possible. Therefore, we advise regular > visits to > > https://www.OpenBSD.org/security.html > <https://www.openbsd.org/security.html> > and > https://www.OpenBSD.org/errata.html > <https://www.openbsd.org/errata.html> > > ------------------------------------------------------------------------ > - MAILING LISTS AND FAQ ------------------------------------------------ > > Mailing lists are an important means of communication among users and > developers of OpenBSD. For information on OpenBSD mailing lists, please > see: > > https://www.OpenBSD.org/mail.html <https://www.openbsd.org/mail.html> > > You are also encouraged to read the Frequently Asked Questions (FAQ) at: > > https://www.OpenBSD.org/faq/ <https://www.openbsd.org/faq/> > > ------------------------------------------------------------------------ > - DONATIONS ------------------------------------------------------------ > > The OpenBSD Project is a volunteer-driven software group funded by > donations. Besides OpenBSD itself, we also develop important software > like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet > filter, the quality work of our ports development process, and many > others. This ecosystem is all handled under the same funding umbrella. > > We hope our quality software will result in contributions that maintain > our build/development infrastructure, pay our electrical/internet costs, > and allow us to continue operating very productive developer hackathon > events. > > All of our developers strongly urge you to donate and support our future > efforts. Donations to the project are highly appreciated, and are > described in more detail at: > > https://www.OpenBSD.org/donations.html > <https://www.openbsd.org/donations.html> > > ------------------------------------------------------------------------ > - OPENBSD FOUNDATION --------------------------------------------------- > > For those unable to make their contributions as straightforward gifts, > the OpenBSD Foundation (https://www.openbsdfoundation.org) is a Canadian > not-for-profit corporation that can accept larger contributions and > issue receipts. In some situations, their receipt may qualify as a > business expense write-off, so this is certainly a consideration for > some organizations or businesses. > > There may also be exposure benefits since the Foundation may be > interested in participating in press releases. In turn, the Foundation > then uses these contributions to assist OpenBSD's infrastructure needs. > Contact the foundation directors at direct...@openbsdfoundation.org for > more information. > > ------------------------------------------------------------------------ > - HTTPS INSTALLS ------------------------------------------------------- > > OpenBSD can be easily installed via HTTPS downloads. Typically you need > a single small piece of boot media (e.g., a USB flash drive) and then > the rest of the files can be installed from a number of locations, > including directly off the Internet. Follow this simple set of > instructions to ensure that you find all of the documentation you will > need while performing an install via HTTPS. > > 1) Read either of the following two files for a list of HTTPS mirrors > which provide OpenBSD, then choose one near you: > > https://www.OpenBSD.org/ftp.html <https://www.openbsd.org/ftp.html> > https://ftp.openbsd.org/pub/OpenBSD/ftplist > > As of April 10, 2023, the following HTTPS mirror sites have the > 7.3 release: > > https://cdn.openbsd.org/pub/OpenBSD/7.3/ Global > https://ftp.eu.openbsd.org/pub/OpenBSD/7.3/ Stockholm, Sweden > https://ftp.hostserver.de/pub/OpenBSD/7.3/ Frankfurt, Germany > https://ftp.bytemine.net/pub/OpenBSD/7.3/ Oldenburg, Germany > https://ftp.fr.openbsd.org/pub/OpenBSD/7.3/ Paris, France > https://mirror.aarnet.edu.au/pub/OpenBSD/7.3/ Brisbane, > Australia > https://ftp.usa.openbsd.org/pub/OpenBSD/7.3/ CO, USA > https://ftp5.usa.openbsd.org/pub/OpenBSD/7.3/ CA, USA > https://mirror.esc7.net/pub/OpenBSD/7.3/ TX, USA > https://openbsd.cs.toronto.edu/pub/OpenBSD/7.3/ Toronto, Canada > https://cloudflare.cdn.openbsd.org/pub/OpenBSD/7.3/ Global > https://fastly.cdn.openbsd.org/pub/OpenBSD/7.3/ Global > > The release is also available at the master site: > > https://ftp.openbsd.org/pub/OpenBSD/7.3/ Alberta, Canada > > However it is strongly suggested you use a mirror. > > Other mirror sites may take a day or two to update. > > 2) Connect to that HTTPS mirror site and go into the directory > pub/OpenBSD/7.3/ which contains these files and directories. > This is a list of what you will see: > > ANNOUNCEMENT armv7/ octeon/ root.mail > README hppa/ openbsd-73-base.pub sparc64/ > SHA256 i386/ packages/ src.tar.gz > SHA256.sig landisk/ packages-stable/ sys.tar.gz > alpha/ loongson/ ports.tar.gz xenocara.tar.gz > amd64/ luna88k/ powerpc64/ > arm64/ macppc/ riscv64/ > > It is quite likely that you will want at LEAST the following > files which apply to all the architectures OpenBSD supports. > > README - generic README > root.mail - a copy of root's mail at initial login. > (This is really worthwhile reading). > > 3) Read the README file. It is short, and a quick read will make > sure you understand what else you need to fetch. > > 4) Next, go into the directory that applies to your architecture, > for example, amd64. This is a list of what you will see: > > BOOTIA32.EFI* bsd* floppy73.img pxeboot* > BOOTX64.EFI* bsd.mp* game73.tgz xbase73.tgz > BUILDINFO bsd.rd* index.txt xfont73.tgz > INSTALL.amd64 cd73.iso install73.img xserv73.tgz > SHA256 cdboot* install73.iso xshare73.tgz > SHA256.sig cdbr* man73.tgz > base73.tgz comp73.tgz miniroot73.img > > If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64 > and install73.iso. The install73.iso file (roughly 626MB in size) > is a one-step ISO-format install CD image which contains the various > *.tgz files so you do not need to fetch them separately. > > If you prefer to use a USB flash drive, fetch install73.img and > follow the instructions in INSTALL.amd64. > > 5) If you are an expert, follow the instructions in the file called > README; otherwise, use the more complete instructions in the > file called INSTALL.amd64. INSTALL.amd64 may tell you that you > need to fetch other files. > > 6) Just in case, take a peek at: > > https://www.OpenBSD.org/errata.html > <https://www.openbsd.org/errata.html> > > This is the page where we talk about the mistakes we made while > creating the 7.3 release, or the significant bugs we fixed > post-release which we think our users should have fixes for. > Patches and workarounds are clearly described there. > > ------------------------------------------------------------------------ > - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- > > X.Org has been integrated more closely into the system. This release > contains X.Org 7.7. Most of our architectures ship with X.Org, including > amd64, sparc64 and macppc. During installation, you can install X.Org > quite easily using xenodm(1), our simplified X11 display manager forked > from xdm(1). > > ------------------------------------------------------------------------ > - PACKAGES AND PORTS --------------------------------------------------- > > Many third party software applications have been ported to OpenBSD and > can be installed as pre-compiled binary packages on the various OpenBSD > architectures. Please see https://www.openbsd.org/faq/faq15.html for > more information on working with packages and ports. > > Note: a few popular ports, e.g., NSD, Unbound, and several X > applications, come standard with OpenBSD and do not need to be installed > separately. > > ------------------------------------------------------------------------ > - SYSTEM SOURCE CODE --------------------------------------------------- > > The source code for all four subsystems can be found in the > pub/OpenBSD/7.3/ directory: > > xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz > > The README (https://ftp.OpenBSD.org/pub/OpenBSD/7.3/README > <https://ftp.openbsd.org/pub/OpenBSD/7.3/README>) file > explains how to deal with these source files. > > ------------------------------------------------------------------------ > - THANKS --------------------------------------------------------------- > > Ports tree and package building by Jeremie Courreges-Anglas, > Visa Hankala, Stuart Henderson, Peter Hessler, George Koehler, > Kurt Mosiejczuk, and Christian Weisgerber. Base and X system builds by > Kenji Aoyama, Theo de Raadt, and Miod Vallat. Release art by > George Mager. > > We would like to thank all of the people who sent in bug reports, bug > fixes, donation cheques, and hardware that we use. We would also like > to thank those who bought our previous CD sets. Those who did not > support us financially have still helped us with our goal of improving > the quality of the software. > > Our developers are: > > Aaron Bieber, Adam Wolk, Aisha Tammy, Alexander Bluhm, > Alexander Hall, Alexandr Nedvedicky, Alexandr Shadchin, > Alexandre Ratchov, Andrew Fresh, Anil Madhavapeddy, > Anthony J. Bentley, Antoine Jacoutot, Anton Lindqvist, Asou Masato, > Ayaka Koshibe, Benoit Lecocq, Bjorn Ketelaars, Bob Beck, > Brandon Mercer, Brent Cook, Brian Callahan, Bryan Steele, > Can Erkin Acar, Caspar Schutijser, Charlene Wendling, > Charles Longeau, Chris Cappuccio, Christian Weisgerber, > Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller, > Daniel Dickman, Daniel Jakots, Darren Tucker, Dave Voutila, > David Coppa, David Gwynne, David Hill, Denis Fondras, Edd Barrett, > Eric Faurot, Florian Obser, Florian Riehm, Frederic Cambus, > George Koehler, George Rosamond, Gerhard Roth, Giannis Tsaraias, > Gilles Chehade, Giovanni Bechis, Gleydson Soares, > Gonzalo L. Rodriguez, Greg Steuck, Helg Bredow, Henning Brauer, > Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze, > Inoguchi Kinichiro, James Hastings, James Turner, Jan Klemkow, > Jason McIntyre, Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, > Jeremy Evans, Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani, > Jonathan Gray, Jonathan Matthew, Jordan Hargrave, Josh Rickmar, > Joshua Sing, Joshua Stein, Juan Francisco Cantero Hurtado, > Kazuya Goda, Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner, > Kevin Lo, Kirill Bychkov, Klemens Nanni, Kurt Miller, > Kurt Mosiejczuk, Landry Breuil, Lawrence Teo, Lucas Raab, > Marc Espie, Marcus Glocker, Mark Kettenis, Mark Lumsden, > Markus Friedl, Martijn van Duren, Martin Natano, Martin Pieuchot, > Martin Reindl, Martynas Venckus, Matthew Dempsky, Matthias Kilian, > Matthieu Herrb, Michael Mikonos, Mike Belopuhov, Mike Larkin, > Miod Vallat, Moritz Buhl, Nam Nguyen, Nayden Markatchev, > Nicholas Marriott, Nigel Taylor, Okan Demirmen, Omar Polo, > Ori Bernstein, Otto Moerbeek, Paco Esteban, Pamela Mosiejczuk, > Pascal Stumpf, Patrick Wildt, Paul Irofti, Pavel Korovin, > Peter Hessler, Philip Guenther, Pierre-Emmanuel Andre, Pratik Vyas, > Rafael Sadowski, Rafael Zalamena, Raphael Graf, Remi Locherer, > Remi Pointel, Renato Westphal, Ricardo Mestre, Richard Procter, > Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha, > Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie, > Solene Rapenne, Stefan Fritsch, Stefan Hagen, Stefan Kempf, > Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson, > Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler, > Theo de Raadt, Thomas Frohwein, Tim van der Molen, Tobias Heider, > Tobias Stoeckmann, Todd C. Miller, Todd Mortimer, Tom Cosgrove, > Tracey Emery, Ulf Brosziewski, Uwe Stuehler, Vadim Zhukov, > Vincent Gross, Visa Hankala, Vitaliy Makkoveev, Yasuoka Masahiko, > Yojiro Uo > >