Friday, April 30, 2021

OpenBSD 6.9 released May 1

------------------------------------------------------------------------
- OpenBSD 6.9 RELEASED -------------------------------------------------

May 1, 2021.

We are pleased to announce the official release of OpenBSD 6.9.
This is our 50th release. We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.

As in our previous releases, 6.9 provides significant improvements,
including new features, in nearly all areas of the system:

- New/extended platforms:
o Support for the powerpc64 platform was improved:
- Added astfb(4), a driver for the framebuffer of the Aspeed
BMC found on many POWER8 and POWER9 systems.
- Added bsd.mp to powerpc64's installXX.{img,iso}.
- Added RETGUARD implementation for powerpc and powerpc64.
- Added a workaround for PCIO devices that cannot address the
full 64-bit PCI address space to powerpc64. Needed for
radeondrm(4) and amdgpu(4) since Radeon GPUs only implement
36, 40, or 44 bits of address space.
- Added limited emulation of unaligned access in the powerpc64
kernel.
- Added support for netbooting to the powerpc64 RAMDISK kernel.
- Fixed booting on powerpc64 machines with memory banks higher
in physical address space, needing a larger TCE table.
- Introduced power-saving mode on POWER9 CPUs.
- Enabled floating-point exceptions on powerpc64.
- Added support for ipmi(4) on PowerNV systems.
o Preliminary support was added for devices using the Apple M1 SoC:
- Recognized Apple Icestorm/Firestorm cores on arm64.
- Added support for BCM4378 chips, as found on the Apple M1
SoCs, to bwfm(4).
- Added exuart(4) support for the UART found on the Apple M1
SoC.
- Added apldog(4), a driver for the watchdog on Apple M1 SoCs,
allowing reboot of the machine.
- Added aplintc(4), a driver for the interrupt controller found
on Apple M1 SoCs.
- Added aplpcie(4), a driver for the PCIe host bridge on Apple
M1 SoCs.
- Added apldart(4), a driver for the IOMMU on Apple M1 SoCs.
- Added support for CPUs with 8-bit ASIDs such as those on
Apple's M1 SoC.
o The arm64 platform support was improved with the following
changes:
- Optimized arm64 copyin(9), copyout(9) and kcopy(9) by doing
16-byte copies if possible.
- Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1
arm64 CPUs.
- Added clock support for i.MX8MP SoCs.
- Added support for the VF610 I2C controller to imxiic(4).
- Added dwgpio(4), a driver for the Synopsys DesignWare GPIO
controller.
- Added amlpinctrl(4) support for the "Always On" GPIOs.
- Made large read and write transactions work in amliic(4).
- Added support for the PCIe controller found on Amlogic
G12A/G12B/SM1 SoCs to dwpcie(4).
- Implemented legacy interrupt support to mvkpcie(4).
- Added cryptox(4), a driver for armv8 cryptographic
extensions.
- Added support for PCIe on the NanoPi R4S to rkpcie(4).
- Added smmu(4), a driver for the ARM System MMU.
- Introduced an IOVA early-allocation scheme in smmu(4),
mitigating the performance penalty of typical IOVA allocation
designs.
- Introduced Guard Pages in smmu(4), to spot misuse and
misconfiguration of I/O devices more easily.
- Added support for RK809 to rkpmic(4), as seen on the Rock Pi
N10 with the rk3399pro.
- Added support for sdhc(4) on the Raspberry Pi in ACPI mode.
- Enabled ixl(4) on arm64.
- Updated device-tree bindings for cwfg(4) battery capacity
driver to correct attaching and account for monitoring
interval change, making cwfg(4) export values under
hw.sensors as expected when using a Pinebook Pro.
- Added ARMv8-5 instruction set related CPU features to arm64.

- Various kernel improvements:
o Added the RAID1C (encrypted raid1) softraid(4) discipline,
encrypting data like the CRYPTO discipline and accepting multiple
chunks during creation and assembly like the RAID1 discipline.
o Corrected raidlevel verification specified by the -c option in
bioctl(8).
o Introduced kern.video.record for video(4) devices, a privacy
feature analog to the kern.audio.record sysctl(8) parameter for
audio(4) devices. By default, kern.video.record will be set to
zero and blank all data delivered by drivers attaching to
video(4).
o Allowed a process to open a video(4) device multiple times. Fixes
webcam usage with Firefox and BigBlueButton.
o Enabled multiple opens of a video(4) device as described in the
V4L2 specification.
o Added basic support for kclock timeouts to timeout(9).
o Changed the pool(9) timeouts to use the system uptime instead of
ticks.
o Ensured sleep(3) calls nanosleep(2) if seconds is zero, now
delegating all decisions about whether or not to yield the CPU.
o Added a top-level 'reboot' command to ddb(4).
o Added witness(4) check for uninitialized (or zeroed) lock usage.
o Added fd close notification for kqueue-based poll(2) and
select(2).
o Added a global "nowake" channel for threads avoiding wakeup(9) to
tsleep(9).
o Added trace points for malloc(9) and free(9), making them
traceable via dt(4) and btrace(8).
o Added btrace(8) -n (no action) mode, which parses the program and
then exits.
o Fixed a boot-time crash on sparc64 due to mutex use during the
message buffer initialization.
o Prevented a panic in some ACPI firmware that provided invalid
memory regions in their reserved memory region reporting table.
o Added a barrier between reading the cqe flags and the command ID
to prevent completion of the wrong SCSI I/O for nvme(4) drives.
o Prevented attachment of nvme(4) devices of zero size.
o Introduced new function if_unit(9), returning a pointer to the
interface descriptor corresponding to the unique name.
o Clear interrupts on luna88k processors more efficiently at boot
time.
o Added acpiiort(4), a driver for the ACPI I/O Remapping Table.
o Updated clock interrupt count atomically on mips64.
o Prevented an amd64 kernel crash with protection fault due to an
invalid offset when reading /dev/kmem.
o Permitted access to kern.somaxconn sysctl information when the
unix pledge(2) is used, allowing Go programs to use "unix" without
also including "inet".
o Excluded the first page and added a guard page between I/O virtual
address space allocations on arm64.
o Prevented attachment of SCSI devices that fail to provide adequate
INQUIRY data.

- SMP Improvements
o Introduced "if_cloners_lock" rwlock and used it to serialize
if_clone_{create,destroy}(), avoiding multiple race conditions.
o Introduced a system-wide mutex that serializes msgbuf operations.
o Made uvm_pagealloc(9) of the physical memory allocator mp-safe.
o Unlocked getppid(2).
o Introduced locking for amaps and anons, improving build
performance.
o Moved UNIX domain sockets out of the kernel lock, using the new
"unp_lock" rwlock(9) as solock()'s backend to protect the whole
layer.
o Unlocked sendsyslog(2).
o Used per-CPU counter for fault and stats counters reached in
uvm_fault().

- Direct Rendering Manager
o Fixed wsconsctl(8) backlight commands when using drm(4) drivers on
macppc.
o Fixed a radeondrm(4) panic on macppc with Powerbook5,6 and RV350.
o Fixed DRI3 support on amdgpu(4) and ati(4).
o /dev/dri/ device nodes are created to be more compatible with
Linux.

- VMM/VMD improvements
o Prevented memory corruption or improper page access in vmm(4) due
to improper TLB flushing for now by wiring the pages used by
virtual machines.
o Removed the ability of vmd(8) to boot from kernels in raw/qcow2
images.
o Made vmctl(8) properly indicate VMs are stopping instead of
"running" with "vmctl status".
o Simplify argument parsing of vmctl(8) stop thereby avoiding a
printf(3) "%s" NULL, a use of uninitialized and a dead else
branch.
o Cleaned up events on vmd(8) pause or resume and fixed an issue
leading to broken serial console by cleanly tearing down and
restoring emulated device state on vm send/receive.
o Propagated host-side tap(4) lladdr to guest vm process to allow
unicast dhcp and bootp renewals with vmd(8)'s built-in dhcp
server.
o Added veb(4) to the list of supported bridges for vmd(8).
o Improved MSR exit handling in vmm(4) on SVM and VMX hosts
preventing invalid reads and fixing support for 9front.
o Added ability to boot compressed ramdisks to vmd(8).

- Various new userland features:
o Added doas.conf(5) "nolog" option to avoid syslog(3).
o Allowed specific sndio(7) devices to be used for play-only and
rec-only modes.
o Use an 8th order FIR low-pass filter for resampling in sndiod(8)
and for aucat(1), removing most of the aliasing noise during
resampling.
o Disabled sndiod(8) autovolume by default and set the default
volume to 127. Setting "-w on" will replicate the previous
behavior of automatically decreasing playback volume when new
programs start playing.
o Allowed mixing of alternative devices (-F) with different
capabilities in sndiod(8) by treating any device as full-duplex.
o Fixed visibility of sndioctl(1) output when used through a pipe.
o Enabled build and install of lldb(1).
o Added logger(1) support to rcctl(8), rc.subr(8) and rc.d(8) for
daemons logging to stdout/stderr.
o Added a configurable button mapping for tap gestures on touchpads
to wsconsctl(8).
o Made wscons(4) touchpad tap detection less restrictive for
multi-finger taps and improved tap detection.
o Enable apm(4) on arm64 to display meaningful information about
battery use and capacity.

- Various bugfixes and tweaks in userland:
o Fixed a pledge violation in csh(1) where redirecting input from a
file containing ^T would cause csh(1) to perform a tty ioctl
operation against a non-tty.
o Made syspatch(8) work again when fewer than 3 patches are
available.
o Stopped exempting file systems from security(8) on the basis of
nodev and nosuid options, which may not be used for file systems
mounted beneath.
o Modified daily(8) to stop reporting disk status and networking
statistics.
o Made sysupgrade(8) specify a version when it uses fw_update(1) to
avoid the situation where upgrading a pre-6.8 snapshot to 6.8
release with "-r" would install firmware packages from snapshots.
o Increased speed of the dependency check pass for pkg_add(1).
o Prevented process exit in multithreaded programs from reporting
the wrong error code.
o Allowed booting of amd64/i386 from GPT formatted disks larger than
4TB.
o When using the cat(1) -n flag, correctly enumerate files with more
than INT_MAX lines.
o Fixed a memory leak in ld.so's malloc.
o Added a "xenodm" login class for xenodm(1) and increased openfiles
to 512 to avoid running out of file descriptors with a busy
desktop.
o Stopped xenodm(1) from adding authorizations for TCP connections
by default and added "listenTCP" to explicitly add authorizations
for existing IP addresses on startup.
o Skip adding the IPv6 link local addresses for TCP listener
authorizations in xenodm(1), matching what is done by startx(1).
o Fixed -s option for cmp(1).
o Improve pledge in doas(1), specifically added pledge to the "-C"
code path.
o Improved performance of malloc(3)'s cache.
o Made editing GPT in fdisk(8) safer by defaulting offset to the
beginning of the largest free space and preventing the creation of
overlapping partitions.
o Fixed a crash that could occur in sndiod(8) when a USB device is
unplugged.
o Append .html suffixes to temporary files in mandoc(1) to allow
recognition by browsers.
o Allow specification of a path to the mg(1) startup file on the
command line.
o Added a "batch" mode to mg(1) via the "-b" command line option,
which will initialize a pty, run the specified file of mg commands
and then exit.
o Inverted the mg(1) "R" indicator to mean that a "*" next to a
file's name indicates that it is read-only. Made the active buffer
indicator more visible by changing it to ">".
o Fixed ksh(1) redrawing of a multiline PS1 prompt in vi mode and
added support for ^R (redraw) in insert mode.
o Used unveil(2) to restrict filesystem access in apmd(8).
o Removed the 30s minimum delay for xlock(1) timeouts.
o Stopped deleting the control socket on exit in apmd(8), as
deleting the socket after calling unveil(2) would cause an unveil
violation.

- Improved hardware support and driver bugfixes, including:
o Corrected accounting of zero length Transfer Descriptors in
xhci(4), preventing running out of free Transfer Ring Blocks.
o Moved mfokclock(4) from loongson to make it available for other
platforms and renamed it to mfokrtc(4).
o Fixed brightness setting on MacBooks.
o Added AMD Vi and Intel VTD IOMMU support. This creates separate
domains for each PCI device and can provide protection against
invalid memory access.
o Enabled brightness keys on powerbooks where the keyboard attaches
as ukbd(4).
o Set initial default display brightness on macppc via
of_setbrightness() to ensure wscons(4) and ofw are in sync.
o Added support for the PL2303HXN series chips to uplcom(4).
o Added support for the PCA9547 I2C mux to pcamux(4).
o Extended pcamux(4) with ACPI support.
o Added acpige(4), a driver for ACPI generic event devices, used on
various systems to implement power button handling.
o Added pchgpio(4), a driver for the GPIO controllers found on
modern Intel PCHs.
o Added ACPI support to imxiic(4).
o Fixed panics on the HoneyComb LX2K with amdgpu(4).
o Fixed very old umass(4) devices where the INQUIRY command succeeds
but with a residue equal to the requested bytes.
o Added Gemini Lake I2C id to dwiic(4), making the touchpad work on
the Teclast F7 Plus laptop.
o Introduced ujoy(4), a restricted subset of uhid(4) for game
controllers which uses /dev/ujoy/* device nodes.
o Set up ims(4) devices in X11 to behave like touchpads.
o Stopped relying on USB devices to correctly present their indices,
instead searching for the correct interfaces. This fixes E+ Corp.
DAC Audio devices.
o Introduced uhidpp(4), a driver for Logitech HID++ devices.
o Separated reading of general and touchpad-specific wsmouse(4)
settings and corrected identification of device type when reading
touchpad parameters fails.
o Added support for 30-bit color modes to simplefb(4) and wsfb(4).
o Made loongson kernels recognize Lynloong LM9002/9003 and LM9013
models.
o Use native display resolution 1368x768 for Lynloong all-in-one
computers.

- New or improved network hardware support:
o Fixed link state change behavior in 82598 ix(4) chips.
o Fixed issues with network stopping after the first down/up cycle
in mvpp(4) Marvel Armada Ethernet device.
o Added SFP+ support to ofw, including support for direct attach
cables.
o Added 10G media support to mvpp(4).
o Added support for 1000base-x and 2500base-x connections to
mvneta(4).
o Added mvsw(4), a driver for Marvel "SOHO" switches.
o Enabled auto-negotiation on the SerDes links, allowing
in-band-status to work between mvpp(4) and mvsw(4) on the ClearFog
GT 8K.
o Added support for the i.MX8MP PCIe clocks, USB clocks and second
ethernet.
o Added Wake on LAN support to rge(4).
o Enabled IPv4 and TCP/UDP checksum offload on transmission in
ogx(4).
o Raised the maximum number of queues/interrupts from 1 to 16 on
mcx(4) devices.
o Added support for the Netgear ProSecure UTM25 to octeon.
o Added vid/pid table to umb(4) allowing matching to alternate
configurations.

- Added or improved wireless network drivers:
o Fixed the athn(4) and urtwn(4) drivers in client mode against
access points which use WPA1/TKIP as the group cipher.
o Added multicast support to bwfm(4) to allow IPv6.
o Fixed urtwn(4) repeated DEAUTH and loss/restoration of link.
o Introduced a delay to work around an issue in bwfm(4) on the
BCM43602 that was triggering "unexpected pairwise key update"
errors.
o Enabled athn(4) for arm64.
o Implemented a new 802.11n Tx rate adaptation algorithm ("RA") for
iwm(4), iwn(4), and athn(4).
o Fixed association problems with the ipw(4) and iwi(4) drivers.
o Made iwx(4) attach to AX201 devices with PCI IDs 0x34f0 and
0x06f0. Needs fw_update(1).
o Fixed a problem where iwn(4) firmware would generate bogus block
ack requests and stall traffic.
o Fixed automatic channel selection in the athn(4) driver when
running in hostap or monitor mode.

- IEEE 802.11 wireless stack improvements and bugfixes:
o Fixed length calculations in iwm(4) and iwx(4) when there are
multiple MPDUs in one packet.
o Fixed 802.11n interoperability with access points that offer
management frame protection.
o Flush the A-MPDU reorder buffer after gap timeout to prevent
frames from remaining in the buffer until the next frame is
received.
o Avoid spurious "input packet decapsulations failed" errors in
netstat(1) -W with A-MSDU enabled.
o Fixed automatic selection of the 11a/b/g/n/ac operating mode when
the interface is running as an access point.
o Ensured crypto keys are installed before the link is brought up.

- Generic network stack improvements and bugfixes:
o Removed the maxburst feature from tcp_output(). Sending out TCP
segments was limited to 4 packets per burst. This did not scale
well on high bandwidth, high latency links. Especially when the
receiving side delays ACK packets aggressively, the maxburst
limitation could seriously reduce TCP throughput per connection.
o Added a MONITOR feature to interfaces. Packets received on these
interfaces do not enter the network stack for further processing.
This can be used to watch traffic, for example with bpf(4) without
risk of the packets interfering with the system.
o Added etherbridge, the internals of a reusable learning bridge
interface providing common code reusable for other drivers needing
a mac learning bridge.
o Introduced veb(4), a Virtual Ethernet Bridge driver.
o Added the ability to force the selection of source IP address for
programs that do not specify a source IP, overriding the default
source IP selection algorithm. This is configurable via route(8)
sourceaddr command.
o Bring interfaces up when autoconfiguration for inet or inet6 is
enabled (AUTOCONF4 or AUTOCONF6 flags).
o Adjust terminology in ifconfig(8) to refer to "temporary address
extensions" rather than the former "privacy extensions," including
the addition of an AUTOCONF6TEMP flag (to replace the negative
flag "INET6_NOPRIVACY"). The autoconfprivacy option in ifconfig(8)
has been deprecated.
o Made it possible to disable the "autoconf" flag but keep
"temporary" enabled in ifconfig(8).
o For IPv6 addresses, added tracking of address proposal creation
times to be able to establish total lifetime. This information is
used to renew pltime/vltime of privacy addresse per RFC 4941.
o Prevented kernel reuse of mbuf memory when generating the ICMP6
response to an IPv6 packet.
o Use the toeplitz hash algorithm to set a flowid for tcp packets,
which in turn is used to choose the tx ring on network cards with
multiple rings.
o Fixed wg(4) on macppc by keeping track of allowed ips pointer
correctly.
o Fixed wg(4) ioctl to handle multiple wgpeers.
o Fixed a race between tx/rx handshakes in wg(4).
o Prevented a potential hang when trying to remove a tun(4)
interface.
o Used the correct rdomain when adding and deleting routes with
mpip(4) and mpw(4).
o Made ifconfig(8) "-mplslabel" work with mpw(4).

- Installer and upgrade improvements:
o Prevented a race in dhclient(8) privsep which could cause
autoinstall to fail by calling ftp(1) without a local address.
o Fixed hangs on amd64 bsd.rd due to misreported core clock
frequency on newer Intel Comet Lake models.
o Began distributing the gzip'd version of bsd.rd on all platforms
with boot methods supporting it.
o Fixed a problem which prevented use of sysupgrade(8) when an
interface failed to come up and dhclient(8) didn't notice
link-timeout expiration.
o Prevented disklabel(8) from adjusting the swap 'b' partition size
if physmem is zero to keep the auto-allocate code from putting a
filesystem on that partition.
o Emulate "[inet] autoconf" hostname.if(5) lines with "dhcp" so
users testing dhcpleased(8) will still be able to upgrade manually
while the installer uses only dhclient(8).
o Restored dhclient.conf(5) to the group of network configuration
files used during upgrades.

- Security improvements:
o Added notices to syslog whenever the "%n" format string component
of printf(3) is used.
o Removed workaround permitting Go executables to do syscalls
directly, forcing them to use shared libc like all other dynamic
binaries.

- Routing daemons and other userland network improvements:
o The bgpd(8) daemon saw the following changes:
- Introduced bgpd(8) rde evaluate all to reduce path hiding in
IXP route-server environments.
- Added RTR support to OpenBGPD.
- Added bgpctl(8) "show rtr" to display basic information about
RTR sessions.
- Added bgpctl(8) "show sets" to display information about the
roa-set, as-sets and prefix-sets loaded into bgpd(8).
- Properly implemented "rde med compare strict" in bgpd(8) and
ensured that the order of prefixes is always correct.
- Introduced a send hold timer in bgpd(8) to detect stalls on
the sending side of a TCP connection, acting as a last resort
to detect faulty peers.
- Introduced the bgpd.conf(5) per neighbor and global config
option "reject as-set yes/no" to allow rejection of received
UPDATES with AS_SET segments. These rejected prefixes can be
viewed with bgpctl(8) "show rib in error".
- No longer allow configuration of the same neighbor multiple
times in bgpd(8).
- pf(4) tables now track prefixes correctly even when received
by multiple sessions.
- Fixed a memory leak when parsing bgpd(8) roa-set lists.
o The ospfd(8) and ospf6d(8) routing daemons were refactored to keep
the code similar to changes in other routing daemons and to
improve maintainability.
Additionally, support for point-to-point interfaces in ospf6d(8)
was fixed and ospfd(8) now works with point-to-point interfaces
which use a common IP address.
o The pf(4) packet filter and its userland utility:
- Relaxed checks in pfctl(8) and pf(4) to accept any valid
routing domain, even if it does not yet exist.
- Made pfctl(8) detect and reject bogus ranges before loading
the ruleset to prevent a panic.
- Changed route-to in pf.conf(5) to send packets to IPs instead
of interfaces.
- Changed pf_route so pf(4) only runs when packets enter and
leave the stack. Running the same packet through pf multiple
times creates confusion for the state table. By default, pf
states are floating, meaning that packets are matched to
states regardless of which interface they're going over. This
diff avoids multiple pf(4) traversals of one packet causing
confusion in the state table.
- Prevented the kernel from being stuck in an endless recursion
during TCP path MTU discovery when pf(4) changes the routing
table when sending packets.
- When cutting off the head of an overlapping fragment during
pf(4) reassembly, reinserted the fragment into the lookup
table with the correct index.
- Improved tftpd(8) logging to report the reasons a transfer
failed.
o IPSEC support in the kernel and the iked(8) userland daemon:
- Added support to request IP addresses as IKEv2 initiator to
iked(8). If 'request addr 0.0.0.0' is configured, any address
will be accepted.
- Make iked(8) accept ANY dynamic address with 'request addr
0.0.0.0'.
- Added 'dynamic' keyword to iked.conf(5) to allow
configuration of flows to dynamically assigned addresses.
- Added the 'any' keyword to iked.conf(5) for requests to allow
"request address any".
- Enabled iked(8) support for ASN1_DN ipsec identifiers.
- Implemented iked(8) "from dynamic," installing flows where
"dynamic" is replaced by the received dynamic IP address.
- Made sure not to replace 0.0.0.0 with a dynamic address in
iked(8) if it is a network address.
- Added iked(8) -s socket option to specify a control socket.
- Used a counter instead of random IV for AES-GCM in iked(8),
eliminating the risk of random collisions.
- Added iked(8) support for multiple address pools.
- Added the iked(8) "set stickyaddress" option, which attempts
to assign the same "config address" when an IKESA is
negotiated with the DSTID of an existing IKESA.
- Ensured rekeying of every child SA in iked(8).
- Added iked(8) support for RSASSA-PSS signature verification
(RFC 7427).
- Corrected the first packet of an ipsec(4) SA to have sequence
number 1.
- Accepted reject and blackhole routes for IPsec PMTU
discovery.
- Prevented leaking of ipsec_hosts in iked(8) when building
hosts_list.
- Prevented initiation of new additional SAs for each policy
upon every ikectl(8) config reload.
- Fixed "any" and "dynamic" keywords for flows in iked(8) and
added proper IPv6 support.
- Created a path MTU host route for IPsec(4) over IPv6.
- Added support for INVALID_KE_PAYLOAD in iked(8)
CREATE_CHILD_SA exchange.
- Added support for RSA-PSS PKCS1 signatures to iked(8).
- Fixed path MTU discovery for ESP tunnels in IPv6.
- Upgraded to OpenSSL 1.1 compatible crypto API in iked(8).
- Added an optional "group none" transform for child SAs in
iked(8) to ensure the ability to negotiate optional PFS.
- Added iked(8) dynamic address configuration for roadwarrior
clients, with a new "iface" config option which can be used
to specify an interface for the virtual addresses received
from the peer.
- Fixed an iked(8) interop problem with strongswan if
make-before-break is enabled.
o The httpd(8) webserver saw numerous improvements:
- Prevented a crash due to httpd(8) listening on port 443 with
missing TLS certificates.
- Created a new "location (found|notfound)" option for
httpd.conf(5) to allow testing for resource path existence.
- Fixed detection of duplicate locations in httpd(8).
- Fixed leak of access and error log filenames on config reload
in httpd(8).
- Avoid leaking the log message in httpd(8)'s server_sendlog.
- Incorrect order of close(2) and tls_close(3) together with a
bug in libssl led to leaking memory in httpd(8) for each TLS
connection.
- Fixed the httpd(8) example configuration not to generate
errors when running without TLS keys already in place.
- Optimized disk reads of httpd(8) by using st_blocksize as
high water mark instead of the socket buffer size.
- Do not compare TLS config params for non-TLS servers. This
allows using listen on * port 80 and listen on * port 443 in
the same server block in httpd.conf(5).
o rpki-client(8) received the following new features and bugfixes:
- Added RRDP (The RPKI Repository Delta Protocol, RFC 8182)
support as a 'technology preview'. To use it, the "-r" flag
needs to be used.
- Support the use of more than one URI in the TAL file, sorting
with a preference for https.
- Validation of ghostbuster records (RFC 6493).
- Fixed checks of the manifest validity interval.
- The rsync connection is now killed when the rsync server
stalls.
- Limited the URL embedded in .cer files to alphanumeric
characters and punctuation.
- Added a "-V" option to show version.
- Included the default cert.pem file path in tls_load_file
error messages.
o The dig(1) DNS utility received the following updates:
- Implemented RFC 8914 Extended DNS Errors for dig(1).
- Fixed dig(1) EDNS Client Subnet option (+subnet=).
- Fixed IPv6 link-local address handling for nameservers to
talk to and for address to bind to in dig(1).
- Implemented ZONEMD (RFC 8976) in dig(1) to convey a message
digest of the content of a DNS zone.
o Changes to dhclient(8):
- Fixed incorrect behavior when using dhclient.conf(5) to
change the lease renew/rebind/expiry timing.
- Allowed the provision of dhclient(8) options on "dhcp" lines
in hostname.if(5) files.
- Converted all timers from time(3) values to clock_gettime(2)
CLOCK_MONOTONIC values.
- Removed -L command line option.
- Improved debug output.
- Improved re-acquisition of a previous address by immediately
accepting any OFFER for the address, rather than waiting for
'select-timeout' to expire.
- Exit immediately if the -c option specifies a non-existent
file.
- Exit immediately if the -i option contains invalid
information.
o Two new daemons, dhcpleased(8) and resolvd(8) were added. These
work alongside with slaacd(8) and unwind(8) to provide a coherent
and simple automatic configuration of network interfaces and DNS
resolution.
The two daemons are not enabled by default for now, but can be
tested by enabling them with rcctl(8).
- dhcpleased(8) implements the DHCP protocol to acquire IPv4
address leases from servers.
- resolvd(8) manages the content of resolv.conf(5) based on
nameserver proposals from dhcpleased(8), slaacd(8), and
drivers like umb(4).
o Changes to snmp related tools:
- libagentx(3) moved its API prefix from subagentx_ to agentx_.
- agentx_varbind_integer(3) now accepts an int32_t as per
SMI/RFC 2578.
- agentx_varbind_unsigned32(3) has been added as an alias for
agentx_varbind_gauge32(3).
- snmpd.conf(5) no longer accepts the old listen on address
[tcp|udp] syntax. Only the new listen on [tcp|udp] address
syntax is now supported.
- snmpd(8) now fully implements RFC3584 Trapv1 to Trapv2
conversion for the trap handle.
- sysUpTime and snmpTrapOID now respect snmpd(8)'s -N flag,
similar to the other values sent by the trap handle.
- snmpd.conf(5) now accepts the read, write, and notify
keywords. This allows for request type filtering per listen
on statement and custom trap handle ports.
- snmp(1) now has initial support for SMI enums. For now only
TruthValue is implemented on ifPromiscuousMode and
ifConnectorPresent.
- snmp(1) now interprets the "u" data type as unsigned integer.
o Other userland network changes:
- Fixed ldapd(8) cert and key path inference for absolute
paths.
- Fixed incorrect cast in a vsnprintf(3) error check in
ldapd(8).
- Applied unveil(2) to ldapd(8).
- Changed ping(8) to drain the raw socket of packets received
before it is fully set up to avoid reporting ICMP responses
intended for other instances of ping(8) running in parallel.
- Added ping(8) -g option to provide a visual display of
packets received and lost.
- Changed slaacd(8) Duplicate Address Detection (DAD) to only
generate a new address if we are using Semantically Opaque
Interface Identifiers.
- Handled an autoconf interface changing its rdomain in
slaacd(8).
- Completed slaacd(8) implementation of RFC 8981 temporary
address extensions.
- Do not leak the domains listed in unwind(8)'s blocklist file
on each config reload.
- Do not leak duplicate domain nodes when loading the unwind(8)
config.
- Fixed rare crashes of unwind(8) when DNS answers are larger
than the maximum imsg size.
- Implemented unwind(8) listening on TCP.
- Implemented DNS64 synthesis in unwind(8).
- Disabled logging to syslog(3) for libunbound with unwind(8).
Does not prevent logging to stderr with "unwind -d".
- Added a simple --timeout implementation to openrsync(1).
- Added the rsync(1) option --no-motd to suppress the
information output by the client at the start of a daemon
transfer.
- Added support for the use of !command to mygate(5), so that
netstart has a late opportunity to perform network
configuration.
- Make rad(8) to handle multiple rdomains in a single daemon
(instead of running it in multiple rdomains).
- Added a specific headline to netstat(1) for TCP state and IP
protocol.
- Handle permanent redirects (RFC 7538) in ftp(1) fetch.
- Introduced ftp(1) support for sending the If-Modified-Since
header while fetching over http or https. Switched to using
the timestamps from the remote server's Last-Modified header
if available when saving local files and introduced the ftp
"-u" flag to disable this behavior.
- Made ftp(1) set timestamps only on files.
- Added requests for a new certificate without requiring -F
when acme-client(1) detects an added or removed SAN in the
config file not reflected in the existing certificate on
disk.
- Print rewritten addresses in tcpdump(8) logged with pflog(4)
for rdr-to, nat-to and af-to rules.
- When calling getaddrinfo(3) with AI_ADDRCONFIG, consider the
routing domain when checking for available address families.
This ensures that name resolution is only performed for the
address families available in the rdomain.
- Implemented the nc(1) -D socket debug option in tcpbench(1),
allowing analysis of TCP connections.
- Avoid leaking the help text in systat(8).
- Increased the maximum length for CHAP challenges to 96 octets
to ensure npppd(8) can handle longer challenges, such as
those sent by Juniper.

- tmux(1) improvements and bug fixes:
o Made tmux(1) synchronize-panes a pane option and added set-option
-U flag to unset an option on all panes.
o Allowed use of ## and # in tmux(1) styles and added a "w" format
modifier for width.
o Added a -C flag to tmux(1) run-shell to use a tmux command rather
than a shell command.
o Added a tmux(1) -N flag to never start the server even if the
command would normally do so.
o Added the new tmux(1) -S flag to new-window to select the existing
window if one with the given name already exists, rather than
failing.
o Added support for X11 color names and other variations for OSC
10/11 and added OSC 110 and 111 to tmux(1).
o Removed tmux(1) support for popups where the content is provided
directly to tmux.
o Added a tmux(1) "absolute-centre" alignment to use the center of
the total space instead of the available space.
o Added tmux(1) split-window -Z to start the pane zoomed.
o Added client-detached notification in tmux(1) control mode.
o Changed tmux(1) search-again with vi keys to work like vi(1).

- OpenSMTPD 6.9.0
o Introduced smtp(1) -a to perform authentication before sending a
message.
o Fixed a memory leak in smtpd(8) resolver.
o Prevented a crash due to premature release of resources by the
smtpd(8) filter state machine.
o Switch to libtls internally.
o Change the way SNI works in smtpd.conf(5). TLS listeners may be
configured with multiple certificates. The matching is based on
the names included in these certificates.
o Allow to specify tls protocols and ciphers per listener and relay
action.

- LibreSSL 3.3.2
o New Features
- Support for DTLSv1.2.
- Continued rewrite of the record layer for the legacy stack.
- Numerous bugs and interoperability issues were fixed in the
new verifier. A few bugs and incompatibilities remain, so
this release uses the old verifier by default.
- The OpenSSL 1.1 TLSv1.3 API is not yet available.
o Portable Improvements
- Added '--enable-libtls-only' build option, which builds and
installs a statically-linked libtls, skipping libcrypto and
libssl. This is useful for systems that ship with OpenSSL but
wish to also package libtls.
- Update getentropy on Windows to use Cryptography Next
Generation (CNG). wincrypt is deprecated and no longer works
with newer Windows environments, such as in Windows Store
apps.
o API and Documentation Enhancements
- Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182,
8360, draft-ietf-sidrops-rpki-rta, and
draft-ietf-opsawg-finding-geofeeds.
- Add support for SSL_get_shared_ciphers(3) with TLSv1.3.
- Add DTLSv1.2 methods.
- Implement SSL_is_dtls(3) and use it internally in place of
the SSL_IS_DTLS macro.
- Provide EVP_PKEY_new_CMAC_KEY(3).
- Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h.
- Add DTLSv1.2 to openssl(1) s_server and s_client protocol
message logging.
- Provide SSL_use_certificate_chain_file(3).
- Provide SSL_set_hostflags(3) and SSL_get0_peername(3).
- Provide various DTLSv1.2 specific functions and defines.
- Document meaning of '*' in the genrsa output.
- Updated documentation for SSL_get_shared_ciphers(3).
- Add documentation for SSL_get_finished(3).
- Document EVP_PKEY_new_CMAC_key(3).
- Document SSL_use_certificate_chain_file(3).
- Document SSL_set_hostflags(3) and SSL_get0_peername(3).
- Update SSL_get_version(3) manual for DTLSv.1.2 support.
- Make supported protocols and options for DHE params more
prominent in tls_config_set_protocols(3).
- Various documentation improvements around TLS methods.
o Compatibility Changes
- Make openssl(1) s_server ignore -4 and -6 for compatibility
with OpenSSL.
- Set SO_REUSEADDR on the server socket in the openssl(1) ocsp
command.
- Send a host header with OCSP queries to make openssl(1) ocsp
work with some widely used OCSP responders.
- Add ability to ocspcheck(8) to parse a port in the specified
OCSP URL.
- Implement auto chain for the TLSv1.3 server since some
software relies on this.
- Implement key exporter for TLSv1.3.
- Align SSL_get_shared_ciphers(3) with OpenSSL. This takes into
account that it never returned server ciphers, so now it will
fail when called from the client side.
- Sync cert.pem with Mozilla NSS root CAs except "GeoTrust
Global CA".
- Make SSL{_CTX,}_get_{min,max}_proto_version(3) return a
version of zero if the minimum or maximum has been set to
zero to match OpenSSL's behavior.
- Add DTLSv1.2 support to openssl(1) s_client/s_server.
o Testing and Proactive Security
- Malformed ASN.1 in a certificate revocation list or a
timestamp response token can lead to a NULL pointer
dereference.
- Pull in fix for EVP_CipherUpdate(3) overflow from OpenSSL.
- Use EXFLAG_INVALID to handle out of memory and parse errors
in x509v3_cache_extensions().
- Refactor and clean up ocspcheck(8) and add regression tests.
o Internal Improvements
- Further cleanup of the DTLS record handling.
- Continue the replacement of the TLSv1.2 record layer by
reimplementing the read side of the TLSv1.2 record handling.
- Replace DTLSv1_enc_data() with TLSv1_1_enc_data().
- Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c.
- Add const to ssl_ciphers and tls1[23]_sigalgs* to push them
into .data.rel.ro and .rodata, respectively.
- Add a const qualifier to srtp_known_profiles.
- Simplify TLS method by removing the client and server
specific methods internally.
- Avoid casting away const in ssl_ctx_make_profiles().
- Avoid explicitly conditioning an assert on DTLS1_VERSION to
make the assert work for newer DTLS versions.
- Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL.
- Add a flag to mark DTLS methods as DTLS to have an easy way
to recognize DTLS methods that avoids inspecting the version
number.
- Mark a few more internal static tables const.
- Switch finish{,_peer}_md_len from an int to a size_t.
- Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as
size for cert_verify_md[], finish_md[] and peer_finish_md[].
The factor 2 was a historical artefact.
- Free struct members in tls13_record_layer_free() in their
natural order for reviewability.
- Use consistent names in
tls13_{client,server}_finished_{recv,send}().
- Add tls13_secret_{init,cleanup}() and use them throughout the
TLSv1.3 code base.
- Move the read MAC key into the TLSv1.2 record layer.
- Make tls12_record_layer_free() NULL safe.
- Split the record protection from the TLSv1.2 record layer.
- Clean up sequence number handling in the new TLSv1.2 record
layer.
- Clean up sequence number handling in DTLS.
- Clean up dtls1_reset_seq_numbers().
- Factor out code for explicit IV length, block size and MAC
length from
tls12_record_layer_open_record_protected_cipher().
- Provide record layer overhead for DTLS.
- Provide functions to determine if TLSv1.2 record protection
is engaged.
- Add code to handle change of cipher state in the new TLSv1.2
record layer.
- Mop up now unused dtls1_build_sequence_numbers() function.
- Allow setting a keypair on a tls context without specifying
the private key, and fake it internally in libtls. This
removes the need for privsep engines like relayd to use bogus
keys.
- Skip the private key check for fake private keys.
- Move the private key setup from tls_configure_ssl_keypair()
to a helper function with proper error checking.
- Change the internal tls_configure_ssl_keypair() function to
return -1 instead of 1 on failure.
- Move sequence numbers into the new TLSv1.2 record layer.
- Move AEAD handling into the new TLSv1.2 record layer.
- Factor out legacy stack version checks.
- Correct handshake MAC/PRF for various TLSv1.2 cipher suites
which were originally added with the default handshake MAC
and PRF rather than the SHA256 handshake MAC and PRF.
- Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
- Use dtls1_record_retrieve_buffered_record() to load buffered
application data.
- Enforce read ahead with DTLS.
- Remove bogus DTLS checks that disabled ECC and OCSP.
- Clean up and simplify dtls1_get_cipher().
- Group HelloVerifyRequest decoding and add missing check for
trailing data.
- Revise HelloVerifyRequest handling for DTLSv1.2.
- Handle DTLS1_2_VERSION in various places.
- Rename the "truncated" label into "decode_err" and the
"f_err" label into "fatal_err".
- Factor out and change some of the legacy client version code.
- Simplify version checks in the TLSv1.3 client. Ensure that
the server announced TLSv1.3 and nothing higher and check
that the legacy_version is set to TLSv1.2 as required by RFC
8446.
- Only use TLS versions internally rather than both TLS and
DTLS versions since the latter are the one's complement of
the human readable version numbers, which means that newer
versions decrease in value.
- Identify DTLS based on the version major value.
- Move handling of cipher/hash based cipher suites into the new
record layer.
- Add tls12_record_protection_unused() and call it from CCS
functions.
- Move key/IV length checks closer to usage sites. Also add
explicit checks against EVP_CIPHER_{iv,key}_length().
- Replace two handrolled tls12_record_protection_engaged().
- Improve internal version handling: add handshake fields for
our minimum version, our maximum version and the TLS version
negotiated during the handshake. Convert most of the internal
code to use these version fields.
- Guard against future internal use of
TLS1_get_{client,}_version() macros.
- Remove the internal ssl_downgrade_max_version() function
which is no longer needed.
- Add support for DTLSv1.2 version handling.
- Remove no longer needed read ahead workarounds in the
s_client and s_server.
- Split TLSv1.3 record protection from record layer.
- Move the TLSv1.3 handshake struct inside the shared handshake
struct.
- Fully initialize rrec in
tls12_record_layer_open_record_protected() to avoid confusing
some static analyzers.
- Use tls_set_errorx() on OCSP_basic_verify() failure since the
latter does not set errno.
- Convert openssl(1) x509 to new option handling and do the
usual clean up that goes along with it.
- Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.
- Rename new_cipher to cipher to align naming with keyblock or
other parts of the handshake data.
- Move the TLSv1.2 record number increment into the new record
layer.
- Move finished and peer finished into the handshake struct.
- Remove pointless assignment in SSL_get0_alpn_selected().
- Add some error checking to openssl(1) x509.
o Bug Fixes
- Move point-on-curve check to set_affine_coordinates to avoid
verifying ECDSA signatures with unchecked public keys.
- Fix SSL_is_server(3) to behave as documented by
re-introducing the client-specific methods.
- Avoid undefined behavior due to memcpy(NULL, NULL, 0).
- Make SSL_get{,_peer}_finished() work when used with TLSv1.3.
- Correct the return value type from ERR_peek_error() to a
long.
- Avoid use of uninitialized in ASN1_time_parse() which could
happen on parsing UTCTime if the caller did not initialize
the passed struct tm.
- Destroy the mutex in a tls_config object on
tls_config_free().
- Free alert_data and phh_data in tls13_record_layer_free().
These could leak if SSL_shutdown(3) or tls_close(3) were
called after closing the underlying socket().
- Gracefully handle root certificates being both trusted and
untrusted.
- Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new
verifier.
- Use the legacy verifier when building auto chains for TLS.
- Search the intermediates only after searching the root certs
in the new verifier to avoid problems with the legacy
callback.
- Bail out early after finding a single chain in the new
verifier, if we have been called via the legacy verifier API.
- Set (invalid and likely incomplete) chain on the xsc on chain
build failure prior to calling the callback. This is required
by various callers, including auto chain.
- Remove direct assignment of aead_ctx to avoid a leak.
- Fail early in legacy exporter if the master secret is not
available to avoid a segfault if it is called when the
handshake is not completed.
- Only print the certificate file once on verification failure.
- Fix an off-by-one in x509_verify_set_xsc_chain() to make sure
that the new validator checks for EXFLAG_CRITICAL in
x509_vfy_check_chain_extension() for all untrusted certs in
the chain. Take into account that the root is not necessarily
trusted.
- Avoid passing last and depth to x509_verify_cert_error() on
ENOMEM.
- Fix two bugs in the legacy verifier that resulted from
refactoring of X509_verify_cert(3) for the new verifier: a
return value was incorrectly treated as boolean, making it
insufficient to decide whether validation should carry on or
not.
- Fix checks for memory caps of constraints names. There are
internal caps on the number of name constraints and other
names, that the new name constraints code allocates per cert
chain. These limits were checked too late, making them only
partially effective.
- Fix a copy-paste error - skid was confused with an akid when
checking for EXFLAG_INVALID. This broke OCSP validation with
certain mirrors.
- Avoid a use-after-scope in tls13_cert_add().
- Avoid mangled output in BIO_debug_callback().
- Fix client initiated renegotiation by replacing use of
s->internal-type with s->server.
- Avoid transcript initialization when sending a TLS
HelloRequest, fixing server initiated renegotiation.
- Avoid leaking param->name in x509_verify_param_zero().
- Avoid a leak in an error path in openssl(1) x509.
- When sending an alert in TLSv1.3, only set its error code
when no other error was set previously. Certain clients rely
on specific SSL_R_ error codes to identify that they are
dealing with a self signed cert.
- When switching from the TLSv1.3 stack to the legacy stack
include a TLS record header. This is necessary if there is
more than one handshake message in the TLS plaintext record.
- Fix resource handling on error in OCSP_request_add0_id().
- Make sure there is enough room for stashing the handshake
message when switching to the legacy TLS stack.
- Fix a memory leak in the openssl(1) s_client.
- Unbreak DTLS retransmissions for flights that include a CCS.
- If x509_verify() fails, ensure that the error is set on both
the x509_verify_ctx() and its store context to make some
failures visible from SSL_get_verify_result().
- Use the X509_STORE_CTX get_issuer() callback from the new
X.509 verifier to fix hashed certificate directories.
- Only check BIO_should_read(3) on read and BIO_should_write(3)
on write. Previously, BIO_should_write(3) was also checked
after read and BIO_should_read(3) after write which could
cause stalls in software that uses the same BIO for read and
write.
- In openssl(1) verify, also check for error on the store
context since the return value of X509_verify_cert(3) is
unreliable in presence of a callback that returns 1 too
often.
- Handle additional certificate error cases in the new X.509
verifier. Keep track of the errors encountered if a verify
callback tells the verifier to continue and report them back
via the error on the store context. This mimics the behavior
of the old verifier that would persist the first error
encountered while building the chain.
- Report specific failures for "self signed certificates" in a
way compatible with the old verifier since software relies on
the error code.
- Plug a large memory leak in the new verifier caused by
calling X509_policy_check(3) repeatedly.
- Avoid leaking memory in x509_verify_chain_dup().

- OpenSSH 8.5
o Security fixes
- ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults
as potentially exploitable. This bug could be reached by an
attacker with access to the agent socket.
On modern operating systems where the OS can provide
information about the user identity connected to a socket,
OpenSSH ssh-agent and sshd limit agent socket access only to
the originating user and root. Additional mitigation may be
afforded by the system's malloc(3)/free(3) implementation, if
it detects double-free conditions.
The most likely scenario for exploitation is a user
forwarding an agent either to an account shared with a
malicious user or to a host with an attacker holding root
access.
o Potentially incompatible changes
- ssh(1), sshd(8): this release changes the first-preference
signature algorithm from ECDSA to ED25519.
- ssh(1), sshd(8): set the TOS/DSCP specified in the
configuration for interactive use prior to TCP connect. The
connection phase of the SSH session is time-sensitive and
often explicitly interactive. The ultimate interactive/bulk
TOS/DSCP will be set after authentication completes.
- ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc
before it was standardized in RFC4253 (2006), has been
deprecated and disabled by default since OpenSSH 7.2 (2016)
and was only briefly documented in ssh.1 in 2001.
- ssh(1), sshd(8): update/replace the experimental post-quantum
hybrid key exchange method based on Streamlined NTRU Prime
coupled with X25519.
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per its
designers, the sntrup4591761 algorithm was superseded almost
two years ago by sntrup761. (Note that both the updated
method and the one that it replaced are disabled by default.)
- ssh(1): disable CheckHostIP by default. It provides
insignificant benefits while making key rotation
significantly more difficult, especially for hosts behind
IP-based load-balancers.
o New Features
- ssh(1): this release enables UpdateHostkeys by default
subject to some conservative preconditions:
# The key was matched in the UserKnownHostsFile (and not
in the GlobalKnownHostsFile).
# The same key does not exist under another name.
# A certificate host key is not in use.
# known_hosts contains no matching wildcard hostname
pattern.
# VerifyHostKeyDNS is not enabled.
# The default UserKnownHostsFile is in use.
We expect some of these conditions will be modified or
relaxed in future.
- ssh(1), sshd(8): add a new LogVerbose configuration directive
for that allows forcing maximum debug logging by
file/function/line pattern-lists.
- ssh(1): when prompting the user to accept a new hostkey,
display any other host names/addresses already associated
with the key.
- ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
- ssh(1): add a ssh_config KnownHostsCommand option that allows
the client to obtain known_hosts data from a command in
addition to the usual files.
- ssh(1): add a ssh_config PermitRemoteOpen option that allows
the client to restrict the destination when RemoteForward is
used with SOCKS.
- ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested
from the user, then request a PIN and retry the operation.
This supports some biometric devices that fall back to
requiring PIN when reading of the biometric failed, and
devices that require PINs for all hosted credentials.
- sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a
per-origin address basis than the global MaxStartups limit.
o Bugfixes
- ssh(1): Prefix keyboard interactive prompts with
"(user@host)" to make it easier to determine which connection
they are associated with in cases like scp -3, ProxyJump,
etc. bz#3224
- sshd(8): fix sshd_config SetEnv directives located inside
Match blocks. GHPR#201
- ssh(1): when requesting a FIDO token touch on stderr, inform
the user once the touch has been recorded.
- ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective
value (for most platforms) at 24 days. bz#3229
- ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
- ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly
suggested that it control allowed key algorithms, when this
option actually specifies the signature algorithms that are
accepted. The previous name remains available as an alias.
bz#3253
- ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh)
and HostbasedAcceptedKeyTypes (sshd) to
HostbasedAcceptedAlgorithms.
- sftp-server(8): add missing lsetstat@openssh.com
documentation and advertisement in the server's
SSH2_FXP_VERSION hello packet.
- ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak
caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz
#30078).
- sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on
32bit platforms instead of being limited by LONG_MAX. bz#3206
- Minor man page fixes (capitalization, commas, etc.) bz#3223
- sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created
with write and execute permissions in the interim so that the
transfer can actually complete, then set the directory
permission as the final step. bz#3222
- ssh-keygen(1): document the -Z, check the validity of its
argument earlier and provide a better error message if it's
not correct. bz#2879
- ssh(1): ignore comments at the end of config lines in
ssh_config, similar to what we already do for sshd_config.
bz#2320
- sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
- sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
- ssh(1), sshd(8): fix potential integer truncation of
(unlikely) timeout values. bz#3250
- ssh(1): make hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of
the key type. This makes HostbasedAcceptedAlgorithms do what
it is supposed to - filter on signature algorithm and not key
type.

- Ports and packages:
o Pre-built packages are available for the following architectures on
the day of release:
- aarch64 (arm64): 10943
- amd64: 11310
- i386: 10468
- mips64: 8182
- powerpc64: 9341
- sparc64: 9642
o Packages for the following architectures will be made available as
their builds complete:
- arm
- mips64el
- powerpc

- Some highlights:

o Asterisk 18.3.0 o Mutt 2.0.6 and NeoMutt 20210205
o Audacity 2.4.2 o Node.js 12.16.1
o CMake 3.19.4 o OCaml 4.10.0
o Chromium 90.0.4430.72 o OpenLDAP 2.4.58
o Emacs 27.2 o PHP 7.2.34, 7.3.27, 7.4.16 and 8.0.3
o FFmpeg 4.3.2 o Postfix 3.5.10
o GCC 8.4.0 o PostgreSQL 13.2
o GHC 8.10.3 o Python 2.7.18, 3.8.8 and 3.9.2
o GNOME 3.38 o Qt 5.15.2
o Go 1.16.2 o R 4.0.5
o JDK 8u282 and 11.0.10 o Ruby 2.6.7, 2.7.3 and 3.0.1
o KDE Applications 20.12.3 o Rust 1.51.0
o KDE Frameworks 5.80.0 o SQLite 3.34.1
o Krita 4.4.3 o Shotcut 21.01.29
o LLVM/Clang 10.0.1 o Sudo 1.9.6p1
o LibreOffice 7.0.5.2 o Suricata 6.0.1
o Lua 5.1.5, 5.2.4 and 5.3.6 o Tcl/Tk 8.5.19 and 8.6.8
o MariaDB 10.5.9 o TeX Live 2020
o Mono 6.12.0.122 o Vim 8.2.2580 and Neovim 0.4.4
o Mozilla Firefox 88.0 and o Xfce 4.16
ESR 78.10.0
o Mozilla Thunderbird 78.10.0

- As usual, steady improvements in manual pages and other documentation.

- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches,
freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 367,
xkeyboard-config 2.20, fonttosfnt 1.2.1, and more)
o LLVM/Clang 10.0.1 (+ patches)
o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
o Perl 5.32.1 (+ patches)
o NSD 4.3.6
o Unbound 1.13.1
o Ncurses 5.7
o Binutils 2.17 (+ patches)
o Gdb 6.3 (+ patches)
o Awk December 18, 2020 version
o Expat 2.2.10

------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each release. Our continued research into
security means we will find new security problems -- and we always
provide patches as soon as possible. Therefore, we advise regular
visits to

https://www.OpenBSD.org/security.html
and
https://www.OpenBSD.org/errata.html

------------------------------------------------------------------------
- MAILING LISTS AND FAQ ------------------------------------------------

Mailing lists are an important means of communication among users and
developers of OpenBSD. For information on OpenBSD mailing lists, please
see:

https://www.OpenBSD.org/mail.html

You are also encouraged to read the Frequently Asked Questions (FAQ) at:

https://www.OpenBSD.org/faq/

------------------------------------------------------------------------
- DONATIONS ------------------------------------------------------------

The OpenBSD Project is a volunteer-driven software group funded by
donations. Besides OpenBSD itself, we also develop important software
like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
filter, the quality work of our ports development process, and many
others. This ecosystem is all handled under the same funding umbrella.

We hope our quality software will result in contributions that maintain
our build/development infrastructure, pay our electrical/internet costs,
and allow us to continue operating very productive developer hackathon
events.

All of our developers strongly urge you to donate and support our future
efforts. Donations to the project are highly appreciated, and are
described in more detail at:

https://www.OpenBSD.org/donations.html

------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------

For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (https://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.

There may also be exposure benefits since the Foundation may be
interested in participating in press releases. In turn, the Foundation
then uses these contributions to assist OpenBSD's infrastructure needs.
Contact the foundation directors at directors@openbsdfoundation.org for
more information.

------------------------------------------------------------------------
- RELEASE SONG ---------------------------------------------------------

OpenBSD 6.9 comes with the song "Vetera Novis". Lyrics (and an
explanation) of the song may be found at:

https://www.OpenBSD.org/lyrics.html#69

------------------------------------------------------------------------
- HTTPS INSTALLS -------------------------------------------------------

OpenBSD can be easily installed via HTTPS downloads. Typically you need
a single small piece of boot media (e.g., a USB flash drive) and then
the rest of the files can be installed from a number of locations,
including directly off the Internet. Follow this simple set of
instructions to ensure that you find all of the documentation you will
need while performing an install via HTTPS.

1) Read either of the following two files for a list of HTTPS mirrors
which provide OpenBSD, then choose one near you:

https://www.OpenBSD.org/ftp.html
https://ftp.openbsd.org/pub/OpenBSD/ftplist

As of May 1, 2021, the following HTTPS mirror sites have the
6.9 release:

https://cdn.openbsd.org/pub/OpenBSD/6.9/ Global
https://ftp.eu.openbsd.org/pub/OpenBSD/6.9/ Stockholm, Sweden
https://ftp.hostserver.de/pub/OpenBSD/6.9/ Frankfurt, Germany
https://ftp.bytemine.net/pub/OpenBSD/6.9/ Oldenburg, Germany
https://ftp.fr.openbsd.org/pub/OpenBSD/6.9/ Paris, France
https://mirror.aarnet.edu.au/pub/OpenBSD/6.9/ Brisbane, Australia
https://ftp.usa.openbsd.org/pub/OpenBSD/6.9/ CO, USA
https://ftp5.usa.openbsd.org/pub/OpenBSD/6.9/ CA, USA
https://mirror.esc7.net/pub/OpenBSD/6.9/ TX, USA
https://openbsd.cs.toronto.edu/pub/OpenBSD/6.9/ Toronto, Canada
https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.9/ Global
https://fastly.cdn.openbsd.org/pub/OpenBSD/6.9/ Global

The release is also available at the master site:

https://ftp.openbsd.org/pub/OpenBSD/6.9/ Alberta, Canada

However it is strongly suggested you use a mirror.

Other mirror sites may take a day or two to update.

2) Connect to that HTTPS mirror site and go into the directory
pub/OpenBSD/6.9/ which contains these files and directories.
This is a list of what you will see:

ANNOUNCEMENT armv7/ octeon/ sgi/
README hppa/ openbsd-69-base.pub sparc64/
SHA256 i386/ packages/ src.tar.gz
SHA256.sig landisk/ packages-stable/ sys.tar.gz
alpha/ loongson/ ports.tar.gz xenocara.tar.gz
amd64/ luna88k/ powerpc64/
arm64/ macppc/ root.mail

It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.

README - generic README
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).

3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
for example, amd64. This is a list of what you will see:

BOOTIA32.EFI* bsd* floppy69.img pxeboot*
BOOTX64.EFI* bsd.mp* game69.tgz xbase69.tgz
BUILDINFO bsd.rd* index.txt xfont69.tgz
INSTALL.amd64 cd69.iso install69.img xserv69.tgz
SHA256 cdboot* install69.iso xshare69.tgz
SHA256.sig cdbr* man69.tgz
base69.tgz comp69.tgz miniroot69.img

If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
and install69.iso. The install69.iso file (roughly 545MB in size)
is a one-step ISO-format install CD image which contains the various
*.tgz files so you do not need to fetch them separately.

If you prefer to use a USB flash drive, fetch install69.img and
follow the instructions in INSTALL.amd64.

5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.amd64. INSTALL.amd64 may tell you that you
need to fetch other files.

6) Just in case, take a peek at:

https://www.OpenBSD.org/errata.html

This is the page where we talk about the mistakes we made while
creating the 6.9 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.

------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------

X.Org has been integrated more closely into the system. This release
contains X.Org 7.7. Most of our architectures ship with X.Org, including
amd64, sparc64 and macppc. During installation, you can install X.Org
quite easily using xenodm(1), our simplified X11 display manager forked
from xdm(1).

------------------------------------------------------------------------
- PACKAGES AND PORTS ---------------------------------------------------

Many third party software applications have been ported to OpenBSD and
can be installed as pre-compiled binary packages on the various OpenBSD
architectures. Please see https://www.openbsd.org/faq/faq15.html for
more information on working with packages and ports.

Note: a few popular ports, e.g., NSD, Unbound, and several X
applications, come standard with OpenBSD and do not need to be installed
separately.

------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------

The source code for all four subsystems can be found in the
pub/OpenBSD/6.9/ directory:

xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz

The README (https://ftp.OpenBSD.org/pub/OpenBSD/6.9/README) file
explains how to deal with these source files.

------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------

Ports tree and package building by Jasper Lievisse Adriaanse,
Pierre-Emmanuel Andre, Visa Hankala, Stuart Henderson, Peter Hessler,
Kurt Mosiejczuk, Christian Weisgerber, and Charlene Wendling.
Base and X system builds by Kenji Aoyama and Theo de Raadt. Release art
contributed by Joy San.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who bought our previous CD sets. Those who did not
support us financially have still helped us with our goal of improving
the quality of the software.

Our developers are:

Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall,
Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov,
Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley,
Antoine Jacoutot, Anton Lindqvist, Asou Masato, Ayaka Koshibe,
Benoit Lecocq, Bjorn Ketelaars, Bob Beck, Brandon Mercer,
Brent Cook, Brian Callahan, Bryan Steele, Can Erkin Acar,
Carlos Cardenas, Charlene Wendling, Charles Longeau,
Chris Cappuccio, Christian Weisgerber, Christopher Zimmermann,
Claudio Jeker, Dale Rahn, Damien Miller, Daniel Dickman,
Daniel Jakots, Darren Tucker, Dave Voutila, David Coppa,
David Gwynne, David Hill, Denis Fondras, Doug Hogan, Edd Barrett,
Elias M. Mariani, Eric Faurot, Florian Obser, Florian Riehm,
Frederic Cambus, George Koehler, Gerhard Roth, Giannis Tsaraias,
Gilles Chehade, Giovanni Bechis, Gleydson Soares,
Gonzalo L. Rodriguez, Greg Steuck, Helg Bredow, Henning Brauer,
Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze,
Inoguchi Kinichiro, James Turner, Jan Klemkow, Jason McIntyre,
Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans,
Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani, Jonathan Gray,
Jonathan Matthew, Jordan Hargrave, Joris Vink, Joshua Stein,
Juan Francisco Cantero Hurtado, Kazuya Goda, Kenji Aoyama,
Kenneth R Westerback, Kent R. Spillner, Kevin Lo, Kirill Bychkov,
Klemens Nanni, Kurt Miller, Kurt Mosiejczuk, Landry Breuil,
Lawrence Teo, Marc Espie, Marcus Glocker, Mark Kettenis,
Mark Lumsden, Markus Friedl, Martijn van Duren, Martin Natano,
Martin Pieuchot, Martin Reindl, Martynas Venckus, Mats O Jansson,
Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Mikonos,
Mike Belopuhov, Mike Larkin, Nam Nguyen, Nayden Markatchev,
Nicholas Marriott, Nigel Taylor, Okan Demirmen, Ori Bernstein,
Otto Moerbeek, Paco Esteban, Pamela Mosiejczuk, Pascal Stumpf,
Patrick Wildt, Paul Irofti, Pavel Korovin, Peter Hessler,
Philip Guenther, Pierre-Emmanuel Andre, Pratik Vyas,
Rafael Sadowski, Rafael Zalamena, Raphael Graf, Remi Locherer,
Remi Pointel, Renato Westphal, Ricardo Mestre, Richard Procter,
Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha,
Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie,
Solene Rapenne, Stefan Fritsch, Stefan Kempf, Stefan Sperling,
Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Sunil Nimmagadda,
T.J. Townsend, Ted Unangst, Theo Buehler, Theo de Raadt,
Thomas Frohwein, Tim van der Molen, Tobias Heider,
Tobias Stoeckmann, Todd C. Miller, Todd Mortimer, Tom Cosgrove,
Tracey Emery, Ulf Brosziewski, Uwe Stuehler, Vadim Zhukov,
Vincent Gross, Visa Hankala, Vitaliy Makkoveev, Yasuoka Masahiko,
Yojiro Uo

No comments:

Post a Comment