OpenBSD 6.0 released May 1
30 April, 2021 by deraadt@openbsd.org | openbsd
------------------------------------------------------------------------ - OpenBSD 6.9 RELEASED ------------------------------------------------- May 1, 2021. We are pleased to announce the official release of OpenBSD 6.9. This is our 50th release. We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install. As in our previous releases, 6.9 provides significant improvements, including new features, in nearly all areas of the system: - New/extended platforms: o Support for the powerpc64 platform was improved: - Added astfb(4), a driver for the framebuffer of the Aspeed BMC found on many POWER8 and POWER9 systems. - Added bsd.mp to powerpc64's installXX.{img,iso}. - Added RETGUARD implementation for powerpc and powerpc64. - Added a workaround for PCIO devices that cannot address the full 64-bit PCI address space to powerpc64. Needed for radeondrm(4) and amdgpu(4) since Radeon GPUs only implement 36, 40, or 44 bits of address space. - Added limited emulation of unaligned access in the powerpc64 kernel. - Added support for netbooting to the powerpc64 RAMDISK kernel. - Fixed booting on powerpc64 machines with memory banks higher in physical address space, needing a larger TCE table. - Introduced power-saving mode on POWER9 CPUs. - Enabled floating-point exceptions on powerpc64. - Added support for ipmi(4) on PowerNV systems. o Preliminary support was added for devices using the Apple M1 SoC: - Recognized Apple Icestorm/Firestorm cores on arm64. - Added support for BCM4378 chips, as found on the Apple M1 SoCs, to bwfm(4). - Added exuart(4) support for the UART found on the Apple M1 SoC. - Added apldog(4), a driver for the watchdog on Apple M1 SoCs, allowing reboot of the machine. - Added aplintc(4), a driver for the interrupt controller found on Apple M1 SoCs. - Added aplpcie(4), a driver for the PCIe host bridge on Apple M1 SoCs. - Added apldart(4), a driver for the IOMMU on Apple M1 SoCs. - Added support for CPUs with 8-bit ASIDs such as those on Apple's M1 SoC. o The arm64 platform support was improved with the following changes: - Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing 16-byte copies if possible. - Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs. - Added clock support for i.MX8MP SoCs. - Added support for the VF610 I2C controller to imxiic(4). - Added dwgpio(4), a driver for the Synopsys DesignWare GPIO controller. - Added amlpinctrl(4) support for the "Always On" GPIOs. - Made large read and write transactions work in amliic(4). - Added support for the PCIe controller found on Amlogic G12A/G12B/SM1 SoCs to dwpcie(4). - Implemented legacy interrupt support to mvkpcie(4). - Added cryptox(4), a driver for armv8 cryptographic extensions. - Added support for PCIe on the NanoPi R4S to rkpcie(4). - Added smmu(4), a driver for the ARM System MMU. - Introduced an IOVA early-allocation scheme in smmu(4), mitigating the performance penalty of typical IOVA allocation designs. - Introduced Guard Pages in smmu(4), to spot misuse and misconfiguration of I/O devices more easily. - Added support for RK809 to rkpmic(4), as seen on the Rock Pi N10 with the rk3399pro. - Added support for sdhc(4) on the Raspberry Pi in ACPI mode. - Enabled ixl(4) on arm64. - Updated device-tree bindings for cwfg(4) battery capacity driver to correct attaching and account for monitoring interval change, making cwfg(4) export values under hw.sensors as expected when using a Pinebook Pro. - Added ARMv8-5 instruction set related CPU features to arm64. - Various kernel improvements: o Added the RAID1C (encrypted raid1) softraid(4) discipline, encrypting data like the CRYPTO discipline and accepting multiple chunks during creation and assembly like the RAID1 discipline. o Corrected raidlevel verification specified by the -c option in bioctl(8). o Introduced kern.video.record for video(4) devices, a privacy feature analog to the kern.audio.record sysctl(8) parameter for audio(4) devices. By default, kern.video.record will be set to zero and blank all data delivered by drivers attaching to video(4). o Allowed a process to open a video(4) device multiple times. Fixes webcam usage with Firefox and BigBlueButton. o Enabled multiple opens of a video(4) device as described in the V4L2 specification. o Added basic support for kclock timeouts to timeout(9). o Changed the pool(9) timeouts to use the system uptime instead of ticks. o Ensured sleep(3) calls nanosleep(2) if seconds is zero, now delegating all decisions about whether or not to yield the CPU. o Added a top-level 'reboot' command to ddb(4). o Added witness(4) check for uninitialized (or zeroed) lock usage. o Added fd close notification for kqueue-based poll(2) and select(2). o Added a global "nowake" channel for threads avoiding wakeup(9) to tsleep(9). o Added trace points for malloc(9) and free(9), making them traceable via dt(4) and btrace(8). o Added btrace(8) -n (no action) mode, which parses the program and then exits. o Fixed a boot-time crash on sparc64 due to mutex use during the message buffer initialization. o Prevented a panic in some ACPI firmware that provided invalid memory regions in their reserved memory region reporting table. o Added a barrier between reading the cqe flags and the command ID to prevent completion of the wrong SCSI I/O for nvme(4) drives. o Prevented attachment of nvme(4) devices of zero size. o Introduced new function if_unit(9), returning a pointer to the interface descriptor corresponding to the unique name. o Clear interrupts on luna88k processors more efficiently at boot time. o Added acpiiort(4), a driver for the ACPI I/O Remapping Table. o Updated clock interrupt count atomically on mips64. o Prevented an amd64 kernel crash with protection fault due to an invalid offset when reading /dev/kmem. o Permitted access to kern.somaxconn sysctl information when the unix pledge(2) is used, allowing Go programs to use "unix" without also including "inet". o Excluded the first page and added a guard page between I/O virtual address space allocations on arm64. o Prevented attachment of SCSI devices that fail to provide adequate INQUIRY data. - SMP Improvements o Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions. o Introduced a system-wide mutex that serializes msgbuf operations. o Made uvm_pagealloc(9) of the physical memory allocator mp-safe. o Unlocked getppid(2). o Introduced locking for amaps and anons, improving build performance. o Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" rwlock(9) as solock()'s backend to protect the whole layer. o Unlocked sendsyslog(2). o Used per-CPU counter for fault and stats counters reached in uvm_fault(). - Direct Rendering Manager o Fixed wsconsctl(8) backlight commands when using drm(4) drivers on macppc. o Fixed a radeondrm(4) panic on macppc with Powerbook5,6 and RV350. o Fixed DRI3 support on amdgpu(4) and ati(4). o /dev/dri/ device nodes are created to be more compatible with Linux. - VMM/VMD improvements o Prevented memory corruption or improper page access in vmm(4) due to improper TLB flushing for now by wiring the pages used by virtual machines. o Removed the ability of vmd(8) to boot from kernels in raw/qcow2 images. o Made vmctl(8) properly indicate VMs are stopping instead of "running" with "vmctl status". o Simplify argument parsing of vmctl(8) stop thereby avoiding a printf(3) "%s" NULL, a use of uninitialized and a dead else branch. o Cleaned up events on vmd(8) pause or resume and fixed an issue leading to broken serial console by cleanly tearing down and restoring emulated device state on vm send/receive. o Propagated host-side tap(4) lladdr to guest vm process to allow unicast dhcp and bootp renewals with vmd(8)'s built-in dhcp server. o Added veb(4) to the list of supported bridges for vmd(8). o Improved MSR exit handling in vmm(4) on SVM and VMX hosts preventing invalid reads and fixing support for 9front. o Added ability to boot compressed ramdisks to vmd(8). - Various new userland features: o Added doas.conf(5) "nolog" option to avoid syslog(3). o Allowed specific sndio(7) devices to be used for play-only and rec-only modes. o Use an 8th order FIR low-pass filter for resampling in sndiod(8) and for aucat(1), removing most of the aliasing noise during resampling. o Disabled sndiod(8) autovolume by default and set the default volume to 127. Setting "-w on" will replicate the previous behavior of automatically decreasing playback volume when new programs start playing. o Allowed mixing of alternative devices (-F) with different capabilities in sndiod(8) by treating any device as full-duplex. o Fixed visibility of sndioctl(1) output when used through a pipe. o Enabled build and install of lldb(1). o Added logger(1) support to rcctl(8), rc.subr(8) and rc.d(8) for daemons logging to stdout/stderr. o Added a configurable button mapping for tap gestures on touchpads to wsconsctl(8). o Made wscons(4) touchpad tap detection less restrictive for multi-finger taps and improved tap detection. o Enable apm(4) on arm64 to display meaningful information about battery use and capacity. - Various bugfixes and tweaks in userland: o Fixed a pledge violation in csh(1) where redirecting input from a file containing ^T would cause csh(1) to perform a tty ioctl operation against a non-tty. o Made syspatch(8) work again when fewer than 3 patches are available. o Stopped exempting file systems from security(8) on the basis of nodev and nosuid options, which may not be used for file systems mounted beneath. o Modified daily(8) to stop reporting disk status and networking statistics. o Made sysupgrade(8) specify a version when it uses fw_update(1) to avoid the situation where upgrading a pre-6.8 snapshot to 6.8 release with "-r" would install firmware packages from snapshots. o Increased speed of the dependency check pass for pkg_add(1). o Prevented process exit in multithreaded programs from reporting the wrong error code. o Allowed booting of amd64/i386 from GPT formatted disks larger than 4TB. o When using the cat(1) -n flag, correctly enumerate files with more than INT_MAX lines. o Fixed a memory leak in ld.so's malloc. o Added a "xenodm" login class for xenodm(1) and increased openfiles to 512 to avoid running out of file descriptors with a busy desktop. o Stopped xenodm(1) from adding authorizations for TCP connections by default and added "listenTCP" to explicitly add authorizations for existing IP addresses on startup. o Skip adding the IPv6 link local addresses for TCP listener authorizations in xenodm(1), matching what is done by startx(1). o Fixed -s option for cmp(1). o Improve pledge in doas(1), specifically added pledge to the "-C" code path. o Improved performance of malloc(3)'s cache. o Made editing GPT in fdisk(8) safer by defaulting offset to the beginning of the largest free space and preventing the creation of overlapping partitions. o Fixed a crash that could occur in sndiod(8) when a USB device is unplugged. o Append .html suffixes to temporary files in mandoc(1) to allow recognition by browsers. o Allow specification of a path to the mg(1) startup file on the command line. o Added a "batch" mode to mg(1) via the "-b" command line option, which will initialize a pty, run the specified file of mg commands and then exit. o Inverted the mg(1) "R" indicator to mean that a "*" next to a file's name indicates that it is read-only. Made the active buffer indicator more visible by changing it to ">". o Fixed ksh(1) redrawing of a multiline PS1 prompt in vi mode and added support for ^R (redraw) in insert mode. o Used unveil(2) to restrict filesystem access in apmd(8). o Removed the 30s minimum delay for xlock(1) timeouts. o Stopped deleting the control socket on exit in apmd(8), as deleting the socket after calling unveil(2) would cause an unveil violation. - Improved hardware support and driver bugfixes, including: o Corrected accounting of zero length Transfer Descriptors in xhci(4), preventing running out of free Transfer Ring Blocks. o Moved mfokclock(4) from loongson to make it available for other platforms and renamed it to mfokrtc(4). o Fixed brightness setting on MacBooks. o Added AMD Vi and Intel VTD IOMMU support. This creates separate domains for each PCI device and can provide protection against invalid memory access. o Enabled brightness keys on powerbooks where the keyboard attaches as ukbd(4). o Set initial default display brightness on macppc via of_setbrightness() to ensure wscons(4) and ofw are in sync. o Added support for the PL2303HXN series chips to uplcom(4). o Added support for the PCA9547 I2C mux to pcamux(4). o Extended pcamux(4) with ACPI support. o Added acpige(4), a driver for ACPI generic event devices, used on various systems to implement power button handling. o Added pchgpio(4), a driver for the GPIO controllers found on modern Intel PCHs. o Added ACPI support to imxiic(4). o Fixed panics on the HoneyComb LX2K with amdgpu(4). o Fixed very old umass(4) devices where the INQUIRY command succeeds but with a residue equal to the requested bytes. o Added Gemini Lake I2C id to dwiic(4), making the touchpad work on the Teclast F7 Plus laptop. o Introduced ujoy(4), a restricted subset of uhid(4) for game controllers which uses /dev/ujoy/* device nodes. o Set up ims(4) devices in X11 to behave like touchpads. o Stopped relying on USB devices to correctly present their indices, instead searching for the correct interfaces. This fixes E+ Corp. DAC Audio devices. o Introduced uhidpp(4), a driver for Logitech HID++ devices. o Separated reading of general and touchpad-specific wsmouse(4) settings and corrected identification of device type when reading touchpad parameters fails. o Added support for 30-bit color modes to simplefb(4) and wsfb(4). o Made loongson kernels recognize Lynloong LM9002/9003 and LM9013 models. o Use native display resolution 1368x768 for Lynloong all-in-one computers. - New or improved network hardware support: o Fixed link state change behavior in 82598 ix(4) chips. o Fixed issues with network stopping after the first down/up cycle in mvpp(4) Marvel Armada Ethernet device. o Added SFP+ support to ofw, including support for direct attach cables. o Added 10G media support to mvpp(4). o Added support for 1000base-x and 2500base-x connections to mvneta(4). o Added mvsw(4), a driver for Marvel "SOHO" switches. o Enabled auto-negotiation on the SerDes links, allowing in-band-status to work between mvpp(4) and mvsw(4) on the ClearFog GT 8K. o Added support for the i.MX8MP PCIe clocks, USB clocks and second ethernet. o Added Wake on LAN support to rge(4). o Enabled IPv4 and TCP/UDP checksum offload on transmission in ogx(4). o Raised the maximum number of queues/interrupts from 1 to 16 on mcx(4) devices. o Added support for the Netgear ProSecure UTM25 to octeon. o Added vid/pid table to umb(4) allowing matching to alternate configurations. - Added or improved wireless network drivers: o Fixed the athn(4) and urtwn(4) drivers in client mode against access points which use WPA1/TKIP as the group cipher. o Added multicast support to bwfm(4) to allow IPv6. o Fixed urtwn(4) repeated DEAUTH and loss/restoration of link. o Introduced a delay to work around an issue in bwfm(4) on the BCM43602 that was triggering "unexpected pairwise key update" errors. o Enabled athn(4) for arm64. o Implemented a new 802.11n Tx rate adaptation algorithm ("RA") for iwm(4), iwn(4), and athn(4). o Fixed association problems with the ipw(4) and iwi(4) drivers. o Made iwx(4) attach to AX201 devices with PCI IDs 0x34f0 and 0x06f0. Needs fw_update(1). o Fixed a problem where iwn(4) firmware would generate bogus block ack requests and stall traffic. o Fixed automatic channel selection in the athn(4) driver when running in hostap or monitor mode. - IEEE 802.11 wireless stack improvements and bugfixes: o Fixed length calculations in iwm(4) and iwx(4) when there are multiple MPDUs in one packet. o Fixed 802.11n interoperability with access points that offer management frame protection. o Flush the A-MPDU reorder buffer after gap timeout to prevent frames from remaining in the buffer until the next frame is received. o Avoid spurious "input packet decapsulations failed" errors in netstat(1) -W with A-MSDU enabled. o Fixed automatic selection of the 11a/b/g/n/ac operating mode when the interface is running as an access point. o Ensured crypto keys are installed before the link is brought up. - Generic network stack improvements and bugfixes: o Removed the maxburst feature from tcp_output(). Sending out TCP segments was limited to 4 packets per burst. This did not scale well on high bandwidth, high latency links. Especially when the receiving side delays ACK packets aggressively, the maxburst limitation could seriously reduce TCP throughput per connection. o Added a MONITOR feature to interfaces. Packets received on these interfaces do not enter the network stack for further processing. This can be used to watch traffic, for example with bpf(4) without risk of the packets interfering with the system. o Added etherbridge, the internals of a reusable learning bridge interface providing common code reusable for other drivers needing a mac learning bridge. o Introduced veb(4), a Virtual Ethernet Bridge driver. o Added the ability to force the selection of source IP address for programs that do not specify a source IP, overriding the default source IP selection algorithm. This is configurable via route(8) sourceaddr command. o Bring interfaces up when autoconfiguration for inet or inet6 is enabled (AUTOCONF4 or AUTOCONF6 flags). o Adjust terminology in ifconfig(8) to refer to "temporary address extensions" rather than the former "privacy extensions," including the addition of an AUTOCONF6TEMP flag (to replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy option in ifconfig(8) has been deprecated. o Made it possible to disable the "autoconf" flag but keep "temporary" enabled in ifconfig(8). o For IPv6 addresses, added tracking of address proposal creation times to be able to establish total lifetime. This information is used to renew pltime/vltime of privacy addresse per RFC 4941. o Prevented kernel reuse of mbuf memory when generating the ICMP6 response to an IPv6 packet. o Use the toeplitz hash algorithm to set a flowid for tcp packets, which in turn is used to choose the tx ring on network cards with multiple rings. o Fixed wg(4) on macppc by keeping track of allowed ips pointer correctly. o Fixed wg(4) ioctl to handle multiple wgpeers. o Fixed a race between tx/rx handshakes in wg(4). o Prevented a potential hang when trying to remove a tun(4) interface. o Used the correct rdomain when adding and deleting routes with mpip(4) and mpw(4). o Made ifconfig(8) "-mplslabel" work with mpw(4). - Installer and upgrade improvements: o Prevented a race in dhclient(8) privsep which could cause autoinstall to fail by calling ftp(1) without a local address. o Fixed hangs on amd64 bsd.rd due to misreported core clock frequency on newer Intel Comet Lake models. o Began distributing the gzip'd version of bsd.rd on all platforms with boot methods supporting it. o Fixed a problem which prevented use of sysupgrade(8) when an interface failed to come up and dhclient(8) didn't notice link-timeout expiration. o Prevented disklabel(8) from adjusting the swap 'b' partition size if physmem is zero to keep the auto-allocate code from putting a filesystem on that partition. o Emulate "[inet] autoconf" hostname.if(5) lines with "dhcp" so users testing dhcpleased(8) will still be able to upgrade manually while the installer uses only dhclient(8). o Restored dhclient.conf(5) to the group of network configuration files used during upgrades. - Security improvements: o Added notices to syslog whenever the "%n" format string component of printf(3) is used. o Removed workaround permitting Go executables to do syscalls directly, forcing them to use shared libc like all other dynamic binaries. - Routing daemons and other userland network improvements: o The bgpd(8) daemon saw the following changes: - Introduced bgpd(8) rde evaluate all to reduce path hiding in IXP route-server environments. - Added RTR support to OpenBGPD. - Added bgpctl(8) "show rtr" to display basic information about RTR sessions. - Added bgpctl(8) "show sets" to display information about the roa-set, as-sets and prefix-sets loaded into bgpd(8). - Properly implemented "rde med compare strict" in bgpd(8) and ensured that the order of prefixes is always correct. - Introduced a send hold timer in bgpd(8) to detect stalls on the sending side of a TCP connection, acting as a last resort to detect faulty peers. - Introduced the bgpd.conf(5) per neighbor and global config option "reject as-set yes/no" to allow rejection of received UPDATES with AS_SET segments. These rejected prefixes can be viewed with bgpctl(8) "show rib in error". - No longer allow configuration of the same neighbor multiple times in bgpd(8). - pf(4) tables now track prefixes correctly even when received by multiple sessions. - Fixed a memory leak when parsing bgpd(8) roa-set lists. o The ospfd(8) and ospf6d(8) routing daemons were refactored to keep the code similar to changes in other routing daemons and to improve maintainability. Additionally, support for point-to-point interfaces in ospf6d(8) was fixed and ospfd(8) now works with point-to-point interfaces which use a common IP address. o The pf(4) packet filter and its userland utility: - Relaxed checks in pfctl(8) and pf(4) to accept any valid routing domain, even if it does not yet exist. - Made pfctl(8) detect and reject bogus ranges before loading the ruleset to prevent a panic. - Changed route-to in pf.conf(5) to send packets to IPs instead of interfaces. - Changed pf_route so pf(4) only runs when packets enter and leave the stack. Running the same packet through pf multiple times creates confusion for the state table. By default, pf states are floating, meaning that packets are matched to states regardless of which interface they're going over. This diff avoids multiple pf(4) traversals of one packet causing confusion in the state table. - Prevented the kernel from being stuck in an endless recursion during TCP path MTU discovery when pf(4) changes the routing table when sending packets. - When cutting off the head of an overlapping fragment during pf(4) reassembly, reinserted the fragment into the lookup table with the correct index. - Improved tftpd(8) logging to report the reasons a transfer failed. o IPSEC support in the kernel and the iked(8) userland daemon: - Added support to request IP addresses as IKEv2 initiator to iked(8). If 'request addr 0.0.0.0' is configured, any address will be accepted. - Make iked(8) accept ANY dynamic address with 'request addr 0.0.0.0'. - Added 'dynamic' keyword to iked.conf(5) to allow configuration of flows to dynamically assigned addresses. - Added the 'any' keyword to iked.conf(5) for requests to allow "request address any". - Enabled iked(8) support for ASN1_DN ipsec identifiers. - Implemented iked(8) "from dynamic," installing flows where "dynamic" is replaced by the received dynamic IP address. - Made sure not to replace 0.0.0.0 with a dynamic address in iked(8) if it is a network address. - Added iked(8) -s socket option to specify a control socket. - Used a counter instead of random IV for AES-GCM in iked(8), eliminating the risk of random collisions. - Added iked(8) support for multiple address pools. - Added the iked(8) "set stickyaddress" option, which attempts to assign the same "config address" when an IKESA is negotiated with the DSTID of an existing IKESA. - Ensured rekeying of every child SA in iked(8). - Added iked(8) support for RSASSA-PSS signature verification (RFC 7427). - Corrected the first packet of an ipsec(4) SA to have sequence number 1. - Accepted reject and blackhole routes for IPsec PMTU discovery. - Prevented leaking of ipsec_hosts in iked(8) when building hosts_list. - Prevented initiation of new additional SAs for each policy upon every ikectl(8) config reload. - Fixed "any" and "dynamic" keywords for flows in iked(8) and added proper IPv6 support. - Created a path MTU host route for IPsec(4) over IPv6. - Added support for INVALID_KE_PAYLOAD in iked(8) CREATE_CHILD_SA exchange. - Added support for RSA-PSS PKCS1 signatures to iked(8). - Fixed path MTU discovery for ESP tunnels in IPv6. - Upgraded to OpenSSL 1.1 compatible crypto API in iked(8). - Added an optional "group none" transform for child SAs in iked(8) to ensure the ability to negotiate optional PFS. - Added iked(8) dynamic address configuration for roadwarrior clients, with a new "iface" config option which can be used to specify an interface for the virtual addresses received from the peer. - Fixed an iked(8) interop problem with strongswan if make-before-break is enabled. o The httpd(8) webserver saw numerous improvements: - Prevented a crash due to httpd(8) listening on port 443 with missing TLS certificates. - Created a new "location (found|notfound)" option for httpd.conf(5) to allow testing for resource path existence. - Fixed detection of duplicate locations in httpd(8). - Fixed leak of access and error log filenames on config reload in httpd(8). - Avoid leaking the log message in httpd(8)'s server_sendlog. - Incorrect order of close(2) and tls_close(3) together with a bug in libssl led to leaking memory in httpd(8) for each TLS connection. - Fixed the httpd(8) example configuration not to generate errors when running without TLS keys already in place. - Optimized disk reads of httpd(8) by using st_blocksize as high water mark instead of the socket buffer size. - Do not compare TLS config params for non-TLS servers. This allows using listen on * port 80 and listen on * port 443 in the same server block in httpd.conf(5). o rpki-client(8) received the following new features and bugfixes: - Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support as a 'technology preview'. To use it, the "-r" flag needs to be used. - Support the use of more than one URI in the TAL file, sorting with a preference for https. - Validation of ghostbuster records (RFC 6493). - Fixed checks of the manifest validity interval. - The rsync connection is now killed when the rsync server stalls. - Limited the URL embedded in .cer files to alphanumeric characters and punctuation. - Added a "-V" option to show version. - Included the default cert.pem file path in tls_load_file error messages. o The dig(1) DNS utility received the following updates: - Implemented RFC 8914 Extended DNS Errors for dig(1). - Fixed dig(1) EDNS Client Subnet option (+subnet=). - Fixed IPv6 link-local address handling for nameservers to talk to and for address to bind to in dig(1). - Implemented ZONEMD (RFC 8976) in dig(1) to convey a message digest of the content of a DNS zone. o Changes to dhclient(8): - Fixed incorrect behavior when using dhclient.conf(5) to change the lease renew/rebind/expiry timing. - Allowed the provision of dhclient(8) options on "dhcp" lines in hostname.if(5) files. - Converted all timers from time(3) values to clock_gettime(2) CLOCK_MONOTONIC values. - Removed -L command line option. - Improved debug output. - Improved re-acquisition of a previous address by immediately accepting any OFFER for the address, rather than waiting for 'select-timeout' to expire. - Exit immediately if the -c option specifies a non-existent file. - Exit immediately if the -i option contains invalid information. o Two new daemons, dhcpleased(8) and resolvd(8) were added. These work alongside with slaacd(8) and unwind(8) to provide a coherent and simple automatic configuration of network interfaces and DNS resolution. The two daemons are not enabled by default for now, but can be tested by enabling them with rcctl(8). - dhcpleased(8) implements the DHCP protocol to acquire IPv4 address leases from servers. - resolvd(8) manages the content of resolv.conf(5) based on nameserver proposals from dhcpleased(8), slaacd(8), and drivers like umb(4). o Changes to snmp related tools: - libagentx(3) moved its API prefix from subagentx_ to agentx_. - agentx_varbind_integer(3) now accepts an int32_t as per SMI/RFC 2578. - agentx_varbind_unsigned32(3) has been added as an alias for agentx_varbind_gauge32(3). - snmpd.conf(5) no longer accepts the old listen on address [tcp|udp] syntax. Only the new listen on [tcp|udp] address syntax is now supported. - snmpd(8) now fully implements RFC3584 Trapv1 to Trapv2 conversion for the trap handle. - sysUpTime and snmpTrapOID now respect snmpd(8)'s -N flag, similar to the other values sent by the trap handle. - snmpd.conf(5) now accepts the read, write, and notify keywords. This allows for request type filtering per listen on statement and custom trap handle ports. - snmp(1) now has initial support for SMI enums. For now only TruthValue is implemented on ifPromiscuousMode and ifConnectorPresent. - snmp(1) now interprets the "u" data type as unsigned integer. o Other userland network changes: - Fixed ldapd(8) cert and key path inference for absolute paths. - Fixed incorrect cast in a vsnprintf(3) error check in ldapd(8). - Applied unveil(2) to ldapd(8). - Changed ping(8) to drain the raw socket of packets received before it is fully set up to avoid reporting ICMP responses intended for other instances of ping(8) running in parallel. - Added ping(8) -g option to provide a visual display of packets received and lost. - Changed slaacd(8) Duplicate Address Detection (DAD) to only generate a new address if we are using Semantically Opaque Interface Identifiers. - Handled an autoconf interface changing its rdomain in slaacd(8). - Completed slaacd(8) implementation of RFC 8981 temporary address extensions. - Do not leak the domains listed in unwind(8)'s blocklist file on each config reload. - Do not leak duplicate domain nodes when loading the unwind(8) config. - Fixed rare crashes of unwind(8) when DNS answers are larger than the maximum imsg size. - Implemented unwind(8) listening on TCP. - Implemented DNS64 synthesis in unwind(8). - Disabled logging to syslog(3) for libunbound with unwind(8). Does not prevent logging to stderr with "unwind -d". - Added a simple --timeout implementation to openrsync(1). - Added the rsync(1) option --no-motd to suppress the information output by the client at the start of a daemon transfer. - Added support for the use of !command to mygate(5), so that netstart has a late opportunity to perform network configuration. - Make rad(8) to handle multiple rdomains in a single daemon (instead of running it in multiple rdomains). - Added a specific headline to netstat(1) for TCP state and IP protocol. - Handle permanent redirects (RFC 7538) in ftp(1) fetch. - Introduced ftp(1) support for sending the If-Modified-Since header while fetching over http or https. Switched to using the timestamps from the remote server's Last-Modified header if available when saving local files and introduced the ftp "-u" flag to disable this behavior. - Made ftp(1) set timestamps only on files. - Added requests for a new certificate without requiring -F when acme-client(1) detects an added or removed SAN in the config file not reflected in the existing certificate on disk. - Print rewritten addresses in tcpdump(8) logged with pflog(4) for rdr-to, nat-to and af-to rules. - When calling getaddrinfo(3) with AI_ADDRCONFIG, consider the routing domain when checking for available address families. This ensures that name resolution is only performed for the address families available in the rdomain. - Implemented the nc(1) -D socket debug option in tcpbench(1), allowing analysis of TCP connections. - Avoid leaking the help text in systat(8). - Increased the maximum length for CHAP challenges to 96 octets to ensure npppd(8) can handle longer challenges, such as those sent by Juniper. - tmux(1) improvements and bug fixes: o Made tmux(1) synchronize-panes a pane option and added set-option -U flag to unset an option on all panes. o Allowed use of ## and # in tmux(1) styles and added a "w" format modifier for width. o Added a -C flag to tmux(1) run-shell to use a tmux command rather than a shell command. o Added a tmux(1) -N flag to never start the server even if the command would normally do so. o Added the new tmux(1) -S flag to new-window to select the existing window if one with the given name already exists, rather than failing. o Added support for X11 color names and other variations for OSC 10/11 and added OSC 110 and 111 to tmux(1). o Removed tmux(1) support for popups where the content is provided directly to tmux. o Added a tmux(1) "absolute-centre" alignment to use the center of the total space instead of the available space. o Added tmux(1) split-window -Z to start the pane zoomed. o Added client-detached notification in tmux(1) control mode. o Changed tmux(1) search-again with vi keys to work like vi(1). - OpenSMTPD 6.9.0 o Introduced smtp(1) -a to perform authentication before sending a message. o Fixed a memory leak in smtpd(8) resolver. o Prevented a crash due to premature release of resources by the smtpd(8) filter state machine. o Switch to libtls internally. o Change the way SNI works in smtpd.conf(5). TLS listeners may be configured with multiple certificates. The matching is based on the names included in these certificates. o Allow to specify tls protocols and ciphers per listener and relay action. - LibreSSL 3.3.2 o New Features - Support for DTLSv1.2. - Continued rewrite of the record layer for the legacy stack. - Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default. - The OpenSSL 1.1 TLSv1.3 API is not yet available. o Portable Improvements - Added '--enable-libtls-only' build option, which builds and installs a statically-linked libtls, skipping libcrypto and libssl. This is useful for systems that ship with OpenSSL but wish to also package libtls. - Update getentropy on Windows to use Cryptography Next Generation (CNG). wincrypt is deprecated and no longer works with newer Windows environments, such as in Windows Store apps. o API and Documentation Enhancements - Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360, draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. - Add support for SSL_get_shared_ciphers(3) with TLSv1.3. - Add DTLSv1.2 methods. - Implement SSL_is_dtls(3) and use it internally in place of the SSL_IS_DTLS macro. - Provide EVP_PKEY_new_CMAC_KEY(3). - Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. - Add DTLSv1.2 to openssl(1) s_server and s_client protocol message logging. - Provide SSL_use_certificate_chain_file(3). - Provide SSL_set_hostflags(3) and SSL_get0_peername(3). - Provide various DTLSv1.2 specific functions and defines. - Document meaning of '*' in the genrsa output. - Updated documentation for SSL_get_shared_ciphers(3). - Add documentation for SSL_get_finished(3). - Document EVP_PKEY_new_CMAC_key(3). - Document SSL_use_certificate_chain_file(3). - Document SSL_set_hostflags(3) and SSL_get0_peername(3). - Update SSL_get_version(3) manual for DTLSv.1.2 support. - Make supported protocols and options for DHE params more prominent in tls_config_set_protocols(3). - Various documentation improvements around TLS methods. o Compatibility Changes - Make openssl(1) s_server ignore -4 and -6 for compatibility with OpenSSL. - Set SO_REUSEADDR on the server socket in the openssl(1) ocsp command. - Send a host header with OCSP queries to make openssl(1) ocsp work with some widely used OCSP responders. - Add ability to ocspcheck(8) to parse a port in the specified OCSP URL. - Implement auto chain for the TLSv1.3 server since some software relies on this. - Implement key exporter for TLSv1.3. - Align SSL_get_shared_ciphers(3) with OpenSSL. This takes into account that it never returned server ciphers, so now it will fail when called from the client side. - Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA". - Make SSL{_CTX,}_get_{min,max}_proto_version(3) return a version of zero if the minimum or maximum has been set to zero to match OpenSSL's behavior. - Add DTLSv1.2 support to openssl(1) s_client/s_server. o Testing and Proactive Security - Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference. - Pull in fix for EVP_CipherUpdate(3) overflow from OpenSSL. - Use EXFLAG_INVALID to handle out of memory and parse errors in x509v3_cache_extensions(). - Refactor and clean up ocspcheck(8) and add regression tests. o Internal Improvements - Further cleanup of the DTLS record handling. - Continue the replacement of the TLSv1.2 record layer by reimplementing the read side of the TLSv1.2 record handling. - Replace DTLSv1_enc_data() with TLSv1_1_enc_data(). - Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c. - Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into .data.rel.ro and .rodata, respectively. - Add a const qualifier to srtp_known_profiles. - Simplify TLS method by removing the client and server specific methods internally. - Avoid casting away const in ssl_ctx_make_profiles(). - Avoid explicitly conditioning an assert on DTLS1_VERSION to make the assert work for newer DTLS versions. - Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL. - Add a flag to mark DTLS methods as DTLS to have an easy way to recognize DTLS methods that avoids inspecting the version number. - Mark a few more internal static tables const. - Switch finish{,_peer}_md_len from an int to a size_t. - Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 was a historical artefact. - Free struct members in tls13_record_layer_free() in their natural order for reviewability. - Use consistent names in tls13_{client,server}_finished_{recv,send}(). - Add tls13_secret_{init,cleanup}() and use them throughout the TLSv1.3 code base. - Move the read MAC key into the TLSv1.2 record layer. - Make tls12_record_layer_free() NULL safe. - Split the record protection from the TLSv1.2 record layer. - Clean up sequence number handling in the new TLSv1.2 record layer. - Clean up sequence number handling in DTLS. - Clean up dtls1_reset_seq_numbers(). - Factor out code for explicit IV length, block size and MAC length from tls12_record_layer_open_record_protected_cipher(). - Provide record layer overhead for DTLS. - Provide functions to determine if TLSv1.2 record protection is engaged. - Add code to handle change of cipher state in the new TLSv1.2 record layer. - Mop up now unused dtls1_build_sequence_numbers() function. - Allow setting a keypair on a tls context without specifying the private key, and fake it internally in libtls. This removes the need for privsep engines like relayd to use bogus keys. - Skip the private key check for fake private keys. - Move the private key setup from tls_configure_ssl_keypair() to a helper function with proper error checking. - Change the internal tls_configure_ssl_keypair() function to return -1 instead of 1 on failure. - Move sequence numbers into the new TLSv1.2 record layer. - Move AEAD handling into the new TLSv1.2 record layer. - Factor out legacy stack version checks. - Correct handshake MAC/PRF for various TLSv1.2 cipher suites which were originally added with the default handshake MAC and PRF rather than the SHA256 handshake MAC and PRF. - Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). - Use dtls1_record_retrieve_buffered_record() to load buffered application data. - Enforce read ahead with DTLS. - Remove bogus DTLS checks that disabled ECC and OCSP. - Clean up and simplify dtls1_get_cipher(). - Group HelloVerifyRequest decoding and add missing check for trailing data. - Revise HelloVerifyRequest handling for DTLSv1.2. - Handle DTLS1_2_VERSION in various places. - Rename the "truncated" label into "decode_err" and the "f_err" label into "fatal_err". - Factor out and change some of the legacy client version code. - Simplify version checks in the TLSv1.3 client. Ensure that the server announced TLSv1.3 and nothing higher and check that the legacy_version is set to TLSv1.2 as required by RFC 8446. - Only use TLS versions internally rather than both TLS and DTLS versions since the latter are the one's complement of the human readable version numbers, which means that newer versions decrease in value. - Identify DTLS based on the version major value. - Move handling of cipher/hash based cipher suites into the new record layer. - Add tls12_record_protection_unused() and call it from CCS functions. - Move key/IV length checks closer to usage sites. Also add explicit checks against EVP_CIPHER_{iv,key}_length(). - Replace two handrolled tls12_record_protection_engaged(). - Improve internal version handling: add handshake fields for our minimum version, our maximum version and the TLS version negotiated during the handshake. Convert most of the internal code to use these version fields. - Guard against future internal use of TLS1_get_{client,}_version() macros. - Remove the internal ssl_downgrade_max_version() function which is no longer needed. - Add support for DTLSv1.2 version handling. - Remove no longer needed read ahead workarounds in the s_client and s_server. - Split TLSv1.3 record protection from record layer. - Move the TLSv1.3 handshake struct inside the shared handshake struct. - Fully initialize rrec in tls12_record_layer_open_record_protected() to avoid confusing some static analyzers. - Use tls_set_errorx() on OCSP_basic_verify() failure since the latter does not set errno. - Convert openssl(1) x509 to new option handling and do the usual clean up that goes along with it. - Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data. - Rename new_cipher to cipher to align naming with keyblock or other parts of the handshake data. - Move the TLSv1.2 record number increment into the new record layer. - Move finished and peer finished into the handshake struct. - Remove pointless assignment in SSL_get0_alpn_selected(). - Add some error checking to openssl(1) x509. o Bug Fixes - Move point-on-curve check to set_affine_coordinates to avoid verifying ECDSA signatures with unchecked public keys. - Fix SSL_is_server(3) to behave as documented by re-introducing the client-specific methods. - Avoid undefined behavior due to memcpy(NULL, NULL, 0). - Make SSL_get{,_peer}_finished() work when used with TLSv1.3. - Correct the return value type from ERR_peek_error() to a long. - Avoid use of uninitialized in ASN1_time_parse() which could happen on parsing UTCTime if the caller did not initialize the passed struct tm. - Destroy the mutex in a tls_config object on tls_config_free(). - Free alert_data and phh_data in tls13_record_layer_free(). These could leak if SSL_shutdown(3) or tls_close(3) were called after closing the underlying socket(). - Gracefully handle root certificates being both trusted and untrusted. - Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new verifier. - Use the legacy verifier when building auto chains for TLS. - Search the intermediates only after searching the root certs in the new verifier to avoid problems with the legacy callback. - Bail out early after finding a single chain in the new verifier, if we have been called via the legacy verifier API. - Set (invalid and likely incomplete) chain on the xsc on chain build failure prior to calling the callback. This is required by various callers, including auto chain. - Remove direct assignment of aead_ctx to avoid a leak. - Fail early in legacy exporter if the master secret is not available to avoid a segfault if it is called when the handshake is not completed. - Only print the certificate file once on verification failure. - Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that the new validator checks for EXFLAG_CRITICAL in x509_vfy_check_chain_extension() for all untrusted certs in the chain. Take into account that the root is not necessarily trusted. - Avoid passing last and depth to x509_verify_cert_error() on ENOMEM. - Fix two bugs in the legacy verifier that resulted from refactoring of X509_verify_cert(3) for the new verifier: a return value was incorrectly treated as boolean, making it insufficient to decide whether validation should carry on or not. - Fix checks for memory caps of constraints names. There are internal caps on the number of name constraints and other names, that the new name constraints code allocates per cert chain. These limits were checked too late, making them only partially effective. - Fix a copy-paste error - skid was confused with an akid when checking for EXFLAG_INVALID. This broke OCSP validation with certain mirrors. - Avoid a use-after-scope in tls13_cert_add(). - Avoid mangled output in BIO_debug_callback(). - Fix client initiated renegotiation by replacing use of s->internal-type with s->server. - Avoid transcript initialization when sending a TLS HelloRequest, fixing server initiated renegotiation. - Avoid leaking param->name in x509_verify_param_zero(). - Avoid a leak in an error path in openssl(1) x509. - When sending an alert in TLSv1.3, only set its error code when no other error was set previously. Certain clients rely on specific SSL_R_ error codes to identify that they are dealing with a self signed cert. - When switching from the TLSv1.3 stack to the legacy stack include a TLS record header. This is necessary if there is more than one handshake message in the TLS plaintext record. - Fix resource handling on error in OCSP_request_add0_id(). - Make sure there is enough room for stashing the handshake message when switching to the legacy TLS stack. - Fix a memory leak in the openssl(1) s_client. - Unbreak DTLS retransmissions for flights that include a CCS. - If x509_verify() fails, ensure that the error is set on both the x509_verify_ctx() and its store context to make some failures visible from SSL_get_verify_result(). - Use the X509_STORE_CTX get_issuer() callback from the new X.509 verifier to fix hashed certificate directories. - Only check BIO_should_read(3) on read and BIO_should_write(3) on write. Previously, BIO_should_write(3) was also checked after read and BIO_should_read(3) after write which could cause stalls in software that uses the same BIO for read and write. - In openssl(1) verify, also check for error on the store context since the return value of X509_verify_cert(3) is unreliable in presence of a callback that returns 1 too often. - Handle additional certificate error cases in the new X.509 verifier. Keep track of the errors encountered if a verify callback tells the verifier to continue and report them back via the error on the store context. This mimics the behavior of the old verifier that would persist the first error encountered while building the chain. - Report specific failures for "self signed certificates" in a way compatible with the old verifier since software relies on the error code. - Plug a large memory leak in the new verifier caused by calling X509_policy_check(3) repeatedly. - Avoid leaking memory in x509_verify_chain_dup(). - OpenSSH 8.5 o Security fixes - ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions. The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access. o Potentially incompatible changes - ssh(1), sshd(8): this release changes the first-preference signature algorithm from ECDSA to ED25519. - ssh(1), sshd(8): set the TOS/DSCP specified in the configuration for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive and often explicitly interactive. The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. - ssh(1), sshd(8): remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc before it was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. - ssh(1), sshd(8): update/replace the experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime coupled with X25519. The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per its designers, the sntrup4591761 algorithm was superseded almost two years ago by sntrup761. (Note that both the updated method and the one that it replaced are disabled by default.) - ssh(1): disable CheckHostIP by default. It provides insignificant benefits while making key rotation significantly more difficult, especially for hosts behind IP-based load-balancers. o New Features - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions: # The key was matched in the UserKnownHostsFile (and not in the GlobalKnownHostsFile). # The same key does not exist under another name. # A certificate host key is not in use. # known_hosts contains no matching wildcard hostname pattern. # VerifyHostKeyDNS is not enabled. # The default UserKnownHostsFile is in use. We expect some of these conditions will be modified or relaxed in future. - ssh(1), sshd(8): add a new LogVerbose configuration directive for that allows forcing maximum debug logging by file/function/line pattern-lists. - ssh(1): when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key. - ssh(1): allow UserKnownHostsFile=none to indicate that no known_hosts file should be used to identify host keys. - ssh(1): add a ssh_config KnownHostsCommand option that allows the client to obtain known_hosts data from a command in addition to the usual files. - ssh(1): add a ssh_config PermitRemoteOpen option that allows the client to restrict the destination when RemoteForward is used with SOCKS. - ssh(1): for FIDO keys, if a signature operation fails with a "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This supports some biometric devices that fall back to requiring PIN when reading of the biometric failed, and devices that require PINs for all hosted credentials. - sshd(8): implement client address-based rate-limiting via new sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize directives that provide more fine-grained control on a per-origin address basis than the global MaxStartups limit. o Bugfixes - ssh(1): Prefix keyboard interactive prompts with "(user@host)" to make it easier to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224 - sshd(8): fix sshd_config SetEnv directives located inside Match blocks. GHPR#201 - ssh(1): when requesting a FIDO token touch on stderr, inform the user once the touch has been recorded. - ssh(1): prevent integer overflow when ridiculously large ConnectTimeout values are specified, capping the effective value (for most platforms) at 24 days. bz#3229 - ssh(1): consider the ECDSA key subtype when ordering host key algorithms in the client. - ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The previous name incorrectly suggested that it control allowed key algorithms, when this option actually specifies the signature algorithms that are accepted. The previous name remains available as an alias. bz#3253 - ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms. - sftp-server(8): add missing lsetstat@openssh.com documentation and advertisement in the server's SSH2_FXP_VERSION hello packet. - ssh(1), sshd(8): more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078). - sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206 - Minor man page fixes (capitalization, commas, etc.) bz#3223 - sftp(1): when doing an sftp recursive upload or download of a read-only directory, ensure that the directory is created with write and execute permissions in the interim so that the transfer can actually complete, then set the directory permission as the final step. bz#3222 - ssh-keygen(1): document the -Z, check the validity of its argument earlier and provide a better error message if it's not correct. bz#2879 - ssh(1): ignore comments at the end of config lines in ssh_config, similar to what we already do for sshd_config. bz#2320 - sshd_config(5): mention that DisableForwarding is valid in a sshd_config Match block. bz3239 - sftp(1): fix incorrect sorting of "ls -ltr" under some circumstances. bz3248. - ssh(1), sshd(8): fix potential integer truncation of (unlikely) timeout values. bz#3250 - ssh(1): make hostbased authentication send the signature algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This makes HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type. - Ports and packages: o Pre-built packages are available for the following architectures on the day of release: - aarch64 (arm64): 10943 - amd64: 11310 - i386: 10468 - mips64: 8182 - powerpc64: 9341 - sparc64: 9642 o Packages for the following architectures will be made available as their builds complete: - arm - mips64el - powerpc - Some highlights: o Asterisk 18.3.0 o Mutt 2.0.6 and NeoMutt 20210205 o Audacity 2.4.2 o Node.js 12.16.1 o CMake 3.19.4 o OCaml 4.10.0 o Chromium 90.0.4430.72 o OpenLDAP 2.4.58 o Emacs 27.2 o PHP 7.2.34, 7.3.27, 7.4.16 and 8.0.3 o FFmpeg 4.3.2 o Postfix 3.5.10 o GCC 8.4.0 o PostgreSQL 13.2 o GHC 8.10.3 o Python 2.7.18, 3.8.8 and 3.9.2 o GNOME 3.38 o Qt 5.15.2 o Go 1.16.2 o R 4.0.5 o JDK 8u282 and 11.0.10 o Ruby 2.6.7, 2.7.3 and 3.0.1 o KDE Applications 20.12.3 o Rust 1.51.0 o KDE Frameworks 5.80.0 o SQLite 3.34.1 o Krita 4.4.3 o Shotcut 21.01.29 o LLVM/Clang 10.0.1 o Sudo 1.9.6p1 o LibreOffice 7.0.5.2 o Suricata 6.0.1 o Lua 5.1.5, 5.2.4 and 5.3.6 o Tcl/Tk 8.5.19 and 8.6.8 o MariaDB 10.5.9 o TeX Live 2020 o Mono 6.12.0.122 o Vim 8.2.2580 and Neovim 0.4.4 o Mozilla Firefox 88.0 and o Xfce 4.16 ESR 78.10.0 o Mozilla Thunderbird 78.10.0 - As usual, steady improvements in manual pages and other documentation. - The system includes the following major components from outside suppliers: o Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches, freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 367, xkeyboard-config 2.20, fonttosfnt 1.2.1, and more) o LLVM/Clang 10.0.1 (+ patches) o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) o Perl 5.32.1 (+ patches) o NSD 4.3.6 o Unbound 1.13.1 o Ncurses 5.7 o Binutils 2.17 (+ patches) o Gdb 6.3 (+ patches) o Awk December 18, 2020 version o Expat 2.2.10 ------------------------------------------------------------------------ - SECURITY AND ERRATA -------------------------------------------------- We provide patches for known security threats and other important issues discovered after each release. Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to https://www.OpenBSD.org/security.html and https://www.OpenBSD.org/errata.html ------------------------------------------------------------------------ - MAILING LISTS AND FAQ ------------------------------------------------ Mailing lists are an important means of communication among users and developers of OpenBSD. For information on OpenBSD mailing lists, please see: https://www.OpenBSD.org/mail.html You are also encouraged to read the Frequently Asked Questions (FAQ) at: https://www.OpenBSD.org/faq/ ------------------------------------------------------------------------ - DONATIONS ------------------------------------------------------------ The OpenBSD Project is a volunteer-driven software group funded by donations. Besides OpenBSD itself, we also develop important software like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet filter, the quality work of our ports development process, and many others. This ecosystem is all handled under the same funding umbrella. We hope our quality software will result in contributions that maintain our build/development infrastructure, pay our electrical/internet costs, and allow us to continue operating very productive developer hackathon events. All of our developers strongly urge you to donate and support our future efforts. Donations to the project are highly appreciated, and are described in more detail at: https://www.OpenBSD.org/donations.html ------------------------------------------------------------------------ - OPENBSD FOUNDATION --------------------------------------------------- For those unable to make their contributions as straightforward gifts, the OpenBSD Foundation (https://www.openbsdfoundation.org) is a Canadian not-for-profit corporation that can accept larger contributions and issue receipts. In some situations, their receipt may qualify as a business expense write-off, so this is certainly a consideration for some organizations or businesses. There may also be exposure benefits since the Foundation may be interested in participating in press releases. In turn, the Foundation then uses these contributions to assist OpenBSD's infrastructure needs. Contact the foundation directors at directors@openbsdfoundation.org for more information. ------------------------------------------------------------------------ - RELEASE SONG --------------------------------------------------------- OpenBSD 6.9 comes with the song "Vetera Novis". Lyrics (and an explanation) of the song may be found at: https://www.OpenBSD.org/lyrics.html#69 ------------------------------------------------------------------------ - HTTPS INSTALLS ------------------------------------------------------- OpenBSD can be easily installed via HTTPS downloads. Typically you need a single small piece of boot media (e.g., a USB flash drive) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via HTTPS. 1) Read either of the following two files for a list of HTTPS mirrors which provide OpenBSD, then choose one near you: https://www.OpenBSD.org/ftp.html https://ftp.openbsd.org/pub/OpenBSD/ftplist As of May 1, 2021, the following HTTPS mirror sites have the 6.9 release: https://cdn.openbsd.org/pub/OpenBSD/6.9/ Global https://ftp.eu.openbsd.org/pub/OpenBSD/6.9/ Stockholm, Sweden https://ftp.hostserver.de/pub/OpenBSD/6.9/ Frankfurt, Germany https://ftp.bytemine.net/pub/OpenBSD/6.9/ Oldenburg, Germany https://ftp.fr.openbsd.org/pub/OpenBSD/6.9/ Paris, France https://mirror.aarnet.edu.au/pub/OpenBSD/6.9/ Brisbane, Australia https://ftp.usa.openbsd.org/pub/OpenBSD/6.9/ CO, USA https://ftp5.usa.openbsd.org/pub/OpenBSD/6.9/ CA, USA https://mirror.esc7.net/pub/OpenBSD/6.9/ TX, USA https://openbsd.cs.toronto.edu/pub/OpenBSD/6.9/ Toronto, Canada https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.9/ Global https://fastly.cdn.openbsd.org/pub/OpenBSD/6.9/ Global The release is also available at the master site: https://ftp.openbsd.org/pub/OpenBSD/6.9/ Alberta, Canada However it is strongly suggested you use a mirror. Other mirror sites may take a day or two to update. 2) Connect to that HTTPS mirror site and go into the directory pub/OpenBSD/6.9/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT armv7/ octeon/ sgi/ README hppa/ openbsd-69-base.pub sparc64/ SHA256 i386/ packages/ src.tar.gz SHA256.sig landisk/ packages-stable/ sys.tar.gz alpha/ loongson/ ports.tar.gz xenocara.tar.gz amd64/ luna88k/ powerpc64/ arm64/ macppc/ root.mail It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, amd64. This is a list of what you will see: BOOTIA32.EFI* bsd* floppy69.img pxeboot* BOOTX64.EFI* bsd.mp* game69.tgz xbase69.tgz BUILDINFO bsd.rd* index.txt xfont69.tgz INSTALL.amd64 cd69.iso install69.img xserv69.tgz SHA256 cdboot* install69.iso xshare69.tgz SHA256.sig cdbr* man69.tgz base69.tgz comp69.tgz miniroot69.img If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64 and install69.iso. The install69.iso file (roughly 545MB in size) is a one-step ISO-format install CD image which contains the various *.tgz files so you do not need to fetch them separately. If you prefer to use a USB flash drive, fetch install69.img and follow the instructions in INSTALL.amd64. 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.amd64. INSTALL.amd64 may tell you that you need to fetch other files. 6) Just in case, take a peek at: https://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 6.9 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. ------------------------------------------------------------------------ - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- X.Org has been integrated more closely into the system. This release contains X.Org 7.7. Most of our architectures ship with X.Org, including amd64, sparc64 and macppc. During installation, you can install X.Org quite easily using xenodm(1), our simplified X11 display manager forked from xdm(1). ------------------------------------------------------------------------ - PACKAGES AND PORTS --------------------------------------------------- Many third party software applications have been ported to OpenBSD and can be installed as pre-compiled binary packages on the various OpenBSD architectures. Please see https://www.openbsd.org/faq/faq15.html for more information on working with packages and ports. Note: a few popular ports, e.g., NSD, Unbound, and several X applications, come standard with OpenBSD and do not need to be installed separately. ------------------------------------------------------------------------ - SYSTEM SOURCE CODE --------------------------------------------------- The source code for all four subsystems can be found in the pub/OpenBSD/6.9/ directory: xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz The README (https://ftp.OpenBSD.org/pub/OpenBSD/6.9/README) file explains how to deal with these source files. ------------------------------------------------------------------------ - THANKS --------------------------------------------------------------- Ports tree and package building by Jasper Lievisse Adriaanse, Pierre-Emmanuel Andre, Visa Hankala, Stuart Henderson, Peter Hessler, Kurt Mosiejczuk, Christian Weisgerber, and Charlene Wendling. Base and X system builds by Kenji Aoyama and Theo de Raadt. Release art contributed by Joy San. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who bought our previous CD sets. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall, Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov, Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot, Anton Lindqvist, Asou Masato, Ayaka Koshibe, Benoit Lecocq, Bjorn Ketelaars, Bob Beck, Brandon Mercer, Brent Cook, Brian Callahan, Bryan Steele, Can Erkin Acar, Carlos Cardenas, Charlene Wendling, Charles Longeau, Chris Cappuccio, Christian Weisgerber, Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller, Daniel Dickman, Daniel Jakots, Darren Tucker, Dave Voutila, David Coppa, David Gwynne, David Hill, Denis Fondras, Doug Hogan, Edd Barrett, Elias M. Mariani, Eric Faurot, Florian Obser, Florian Riehm, Frederic Cambus, George Koehler, Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis, Gleydson Soares, Gonzalo L. Rodriguez, Greg Steuck, Helg Bredow, Henning Brauer, Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze, Inoguchi Kinichiro, James Turner, Jan Klemkow, Jason McIntyre, Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans, Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani, Jonathan Gray, Jonathan Matthew, Jordan Hargrave, Joris Vink, Joshua Stein, Juan Francisco Cantero Hurtado, Kazuya Goda, Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner, Kevin Lo, Kirill Bychkov, Klemens Nanni, Kurt Miller, Kurt Mosiejczuk, Landry Breuil, Lawrence Teo, Marc Espie, Marcus Glocker, Mark Kettenis, Mark Lumsden, Markus Friedl, Martijn van Duren, Martin Natano, Martin Pieuchot, Martin Reindl, Martynas Venckus, Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Mikonos, Mike Belopuhov, Mike Larkin, Nam Nguyen, Nayden Markatchev, Nicholas Marriott, Nigel Taylor, Okan Demirmen, Ori Bernstein, Otto Moerbeek, Paco Esteban, Pamela Mosiejczuk, Pascal Stumpf, Patrick Wildt, Paul Irofti, Pavel Korovin, Peter Hessler, Philip Guenther, Pierre-Emmanuel Andre, Pratik Vyas, Rafael Sadowski, Rafael Zalamena, Raphael Graf, Remi Locherer, Remi Pointel, Renato Westphal, Ricardo Mestre, Richard Procter, Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha, Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie, Solene Rapenne, Stefan Fritsch, Stefan Kempf, Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler, Theo de Raadt, Thomas Frohwein, Tim van der Molen, Tobias Heider, Tobias Stoeckmann, Todd C. Miller, Todd Mortimer, Tom Cosgrove, Tracey Emery, Ulf Brosziewski, Uwe Stuehler, Vadim Zhukov, Vincent Gross, Visa Hankala, Vitaliy Makkoveev, Yasuoka Masahiko, Yojiro Uo