https://www.openbsd.org/69.html
OpenBSD 6.9
Released May 1, 2021. (50th OpenBSD release)
Copyright 1997-2021, Theo de Raadt.
6.9 Song: "Vetera Novis".
Artwork by Joy San.
* See the information on the FTP page for a list of mirror
machines.
* Go to the pub/OpenBSD/6.9/ directory on one of the mirror sites.
* Have a look at the 6.9 errata page for a list of bugs and
workarounds.
XXX * See a detailed log of changes between the 6.8 and 6.9 releases.
* signify(1) pubkeys for this release:
openbsd-69-base.pub: RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f
openbsd-69-fw.pub: RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy
openbsd-69-pkg.pub: RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K
openbsd-69-syspatch.pub: RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the files
fetched via ports.tar.gz.
---------------------------------------------------------------------
What's New
This is a partial list of new features and systems included in
OpenBSD 6.9. For a comprehensive list, see the changelog leading to
6.9.
* New/extended platforms:
+ Support for the powerpc64 platform was improved:
o Added astfb(4), a driver for the framebuffer of the
Aspeed BMC found on many POWER8 and POWER9 systems.
o Added bsd.mp to powerpc64's installXX.{img,iso}.
o Added RETGUARD implementation for powerpc and powerpc64.
o Added a workaround for PCIO devices that cannot address
the full 64-bit PCI address space to powerpc64. Needed
for radeondrm(4) and amdgpu(4) since Radeon GPUs only
implement 36, 40, or 44 bits of address space.
o Added limited emulation of unaligned access in the
powerpc64 kernel.
o Added support for netbooting to the powerpc64 RAMDISK
kernel.
o Fixed booting on powerpc64 machines with memory banks
higher in physical address space, needing a larger TCE
table.
o Introduced power-saving mode on POWER9 CPUs.
o Enabled floating-point exceptions on powerpc64.
o Added support for ipmi(4) on PowerNV systems.
+ Preliminary support was added for devices using the Apple M1
SoC:
o Recognized Apple Icestorm/Firestorm cores on arm64.
o Added support for BCM4378 chips, as found on the Apple M1
SoCs, to bwfm(4).
o Added exuart(4) support for the UART found on the Apple
M1 SoC.
o Added apldog(4), a driver for the watchdog on Apple M1
SoCs, allowing reboot of the machine.
o Added aplintc(4), a driver for the interrupt controller
found on Apple M1 SoCs.
o Added aplpcie(4), a driver for the PCIe host bridge on
Apple M1 SoCs.
o Added apldart(4), a driver for the IOMMU on Apple M1
SoCs.
o Added support for CPUs with 8-bit ASIDs such as those on
Apple's M1 SoC.
+ The arm64 platform support was improved with the following
changes:
o Optimized arm64 copyin(9), copyout(9) and kcopy(9) by
doing 16-byte copies if possible.
o Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse
V1 arm64 CPUs.
o Added clock support for i.MX8MP SoCs.
o Added support for the VF610 I2C controller to imxiic(4).
o Added dwgpio(4), a driver for the Synopsys DesignWare
GPIO controller.
o Added amlpinctrl(4) support for the "Always On" GPIOs.
o Made large read and write transactions work in amliic(4).
o Added support for the PCIe controller found on Amlogic
G12A/G12B/SM1 SoCs to dwpcie(4).
o Implemented legacy interrupt support to mvkpcie(4).
o Added cryptox(4), a driver for armv8 cryptographic
extensions.
o Added support for PCIe on the NanoPi R4S to rkpcie(4).
o Added smmu(4), a driver for the ARM System MMU.
o Introduced an IOVA early-allocation scheme in smmu(4),
mitigating the performance penalty of typical IOVA
allocation designs.
o Introduced Guard Pages in smmu(4), to spot misuse and
misconfiguration of I/O devices more easily.
o Added support for RK809 to rkpmic(4), as seen on the Rock
Pi N10 with the rk3399pro.
o Added support for sdhc(4) on the Raspberry Pi in ACPI
mode.
o Enabled ixl(4) on arm64.
o Updated device-tree bindings for cwfg(4) battery capacity
driver to correct attaching and account for monitoring
interval change, making cwfg(4) export values under
hw.sensors as expected when using a Pinebook Pro.
o Added ARMv8-5 instruction set related CPU features to
arm64.
* Various kernel improvements:
+ Added the RAID1C (encrypted raid1) softraid(4) discipline,
encrypting data like the CRYPTO discipline and accepting
multiple chunks during creation and assembly like the RAID1
discipline.
+ Corrected raidlevel verification specified by the -c option
in bioctl(8).
+ Introduced kern.video.record for video(4) devices, a privacy
feature analog to the kern.audio.record sysctl(8) parameter
for audio(4) devices. By default, kern.video.record will be
set to zero and blank all data delivered by drivers attaching
to video(4).
+ Allowed a process to open a video(4) device multiple times.
Fixes webcam usage with Firefox and BigBlueButton.
+ Enabled multiple opens of a video(4) device as described in
the V4L2 specification.
+ Added basic support for kclock timeouts to timeout(9).
+ Changed the pool(9) timeouts to use the system uptime instead
of ticks.
+ Ensured sleep(3) calls nanosleep(2) if seconds is zero, now
delegating all decisions about whether or not to yield the
CPU.
+ Added a top-level 'reboot' command to ddb(4).
+ Added witness(4) check for uninitialized (or zeroed) lock
usage.
+ Added fd close notification for kqueue-based poll(2) and
select(2).
+ Added a global "nowake" channel for threads avoiding wakeup
(9) to tsleep(9).
+ Added trace points for malloc(9) and free(9), making them
traceable via dt(4) and btrace(8).
+ Added btrace(8) -n (no action) mode, which parses the program
and then exits.
+ Fixed a boot-time crash on sparc64 due to mutex use during
the message buffer initialization.
+ Prevented a panic in some ACPI firmware that provided invalid
memory regions in their reserved memory region reporting
table.
+ Added a barrier between reading the cqe flags and the command
ID to prevent completion of the wrong SCSI I/O for nvme(4)
drives.
+ Prevented attachment of nvme(4) devices of zero size.
+ Introduced new function if_unit(9), returning a pointer to
the interface descriptor corresponding to the unique name.
+ Clear interrupts on luna88k processors more efficiently at
boot time.
+ Added acpiiort(4), a driver for the ACPI I/O Remapping Table.
+ Updated clock interrupt count atomically on mips64.
+ Prevented an amd64 kernel crash with protection fault due to
an invalid offset when reading /dev/kmem.
+ Permitted access to kern.somaxconn sysctl information when
the unix pledge(2) is used, allowing Go programs to use
"unix" without also including "inet".
+ Excluded the first page and added a guard page between I/O
virtual address space allocations on arm64.
+ Prevented attachment of SCSI devices that fail to provide
adequate INQUIRY data.
* SMP Improvements
+ Introduced "if_cloners_lock" rwlock and used it to serialize
if_clone_{create,destroy}(), avoiding multiple race
conditions.
+ Introduced a system-wide mutex that serializes msgbuf
operations.
+ Made uvm_pagealloc(9) of the physical memory allocator
mp-safe.
+ Unlocked getppid(2).
+ Introduced locking for amaps and anons, improving build
performance.
+ Moved UNIX domain sockets out of the kernel lock, using the
new "unp_lock" rwlock(9) as solock()'s backend to protect the
whole layer.
+ Unlocked sendsyslog(2).
+ Used per-CPU counter for fault and stats counters reached in
uvm_fault().
* Direct Rendering Manager
+ Fixed wsconsctl(8) backlight commands when using drm(4)
drivers on macppc.
+ Fixed a radeondrm(4) panic on macppc with Powerbook5,6 and
RV350.
+ Fixed DRI3 support on amdgpu(4) and ati(4).
+ /dev/dri/ device nodes are created to be more compatible with
Linux.
* VMM/VMD improvements
+ Prevented memory corruption or improper page access in vmm(4)
due to improper TLB flushing for now by wiring the pages used
by virtual machines.
+ Removed the ability of vmd(8) to boot from kernels in raw/
qcow2 images.
+ Made vmctl(8) properly indicate VMs are stopping instead of
"running" with "vmctl status".
+ Simplify argument parsing of vmctl(8) stop thereby avoiding a
printf(3) "%s" NULL, a use of uninitialized and a dead else
branch.
+ Cleaned up events on vmd(8) pause or resume and fixed an
issue leading to broken serial console by cleanly tearing
down and restoring emulated device state on vm send/receive.
+ Propagated host-side tap(4) lladdr to guest vm process to
allow unicast dhcp and bootp renewals with vmd(8)'s built-in
dhcp server.
+ Added veb(4) to the list of supported bridges for vmd(8).
+ Improved MSR exit handling in vmm(4) on SVM and VMX hosts
preventing invalid reads and fixing support for 9front.
+ Added ability to boot compressed ramdisks to vmd(8).
* Various new userland features:
+ Added doas.conf(5) "nolog" option to avoid syslog(3).
+ Allowed specific sndio(7) devices to be used for play-only
and rec-only modes.
+ Use an 8th order FIR low-pass filter for resampling in sndiod
(8) and for aucat(1), removing most of the aliasing noise
during resampling.
+ Disabled sndiod(8) autovolume by default and set the default
volume to 127. Setting "-w on" will replicate the previous
behavior of automatically decreasing playback volume when new
programs start playing.
+ Allowed mixing of alternative devices (-F) with different
capabilities in sndiod(8) by treating any device as
full-duplex.
+ Fixed visibility of sndioctl(1) output when used through a
pipe.
+ Enabled build and install of lldb(1).
+ Added logger(1) support to rcctl(8), rc.subr(8) and rc.d(8)
for daemons logging to stdout/stderr.
+ Added a configurable button mapping for tap gestures on
touchpads to wsconsctl(8).
+ Made wscons(4) touchpad tap detection less restrictive for
multi-finger taps and improved tap detection.
+ Enable apm(4) on arm64 to display meaningful information
about battery use and capacity.
* Various bugfixes and tweaks in userland:
+ Fixed a pledge violation in csh(1) where redirecting input
from a file containing ^T would cause csh(1) to perform a tty
ioctl operation against a non-tty.
+ Made syspatch(8) work again when fewer than 3 patches are
available.
+ Stopped exempting file systems from security(8) on the basis
of nodev and nosuid options, which may not be used for file
systems mounted beneath.
+ Modified daily(8) to stop reporting disk status and
networking statistics.
+ Made sysupgrade(8) specify a version when it uses fw_update
(1) to avoid the situation where upgrading a pre-6.8 snapshot
to 6.8 release with "-r" would install firmware packages from
snapshots.
+ Increased speed of the dependency check pass for pkg_add(1).
+ Prevented process exit in multithreaded programs from
reporting the wrong error code.
+ Allowed booting of amd64/i386 from GPT formatted disks larger
than 4TB.
+ When using the cat(1) -n flag, correctly enumerate files with
more than INT_MAX lines.
+ Fixed a memory leak in ld.so's malloc.
+ Added a "xenodm" login class for xenodm(1) and increased
openfiles to 512 to avoid running out of file descriptors
with a busy desktop.
+ Stopped xenodm(1) from adding authorizations for TCP
connections by default and added "listenTCP" to explicitly
add authorizations for existing IP addresses on startup.
+ Skip adding the IPv6 link local addresses for TCP listener
authorizations in xenodm(1), matching what is done by startx
(1).
+ Fixed -s option for cmp(1).
+ Improve pledge in doas(1), specifically added pledge to the
"-C" code path.
+ Improved performance of malloc(3)'s cache.
+ Made editing GPT in fdisk(8) safer by defaulting offset to
the beginning of the largest free space and preventing the
creation of overlapping partitions.
+ Fixed a crash that could occur in sndiod(8) when a USB device
is unplugged.
+ Append .html suffixes to temporary files in mandoc(1) to
allow recognition by browsers.
+ Allow specification of a path to the mg(1) startup file on
the command line.
+ Added a "batch" mode to mg(1) via the "-b" command line
option, which will initialize a pty, run the specified file
of mg commands and then exit.
+ Inverted the mg(1) "R" indicator to mean that a "*" next to a
file's name indicates that it is read-only. Made the active
buffer indicator more visible by changing it to ">".
+ Fixed ksh(1) redrawing of a multiline PS1 prompt in vi mode
and added support for ^R (redraw) in insert mode.
+ Used unveil(2) to restrict filesystem access in apmd(8).
+ Removed the 30s minimum delay for xlock(1) timeouts.
+ Stopped deleting the control socket on exit in apmd(8), as
deleting the socket after calling unveil(2) would cause an
unveil violation.
* Improved hardware support and driver bugfixes, including:
+ Corrected accounting of zero length Transfer Descriptors in
xhci(4), preventing running out of free Transfer Ring Blocks.
+ Moved mfokclock(4) from loongson to make it available for
other platforms and renamed it to mfokrtc(4).
+ Fixed brightness setting on MacBooks.
+ Added AMD Vi and Intel VTD IOMMU support. This creates
separate domains for each PCI device and can provide
protection against invalid memory access.
+ Enabled brightness keys on powerbooks where the keyboard
attaches as ukbd(4).
+ Set initial default display brightness on macppc via
of_setbrightness() to ensure wscons(4) and ofw are in sync.
+ Added support for the PL2303HXN series chips to uplcom(4).
+ Added support for the PCA9547 I2C mux to pcamux(4).
+ Extended pcamux(4) with ACPI support.
+ Added acpige(4), a driver for ACPI generic event devices,
used on various systems to implement power button handling.
+ Added pchgpio(4), a driver for the GPIO controllers found on
modern Intel PCHs.
+ Added ACPI support to imxiic(4).
+ Fixed panics on the HoneyComb LX2K with amdgpu(4).
+ Fixed very old umass(4) devices where the INQUIRY command
succeeds but with a residue equal to the requested bytes.
+ Added Gemini Lake I2C id to dwiic(4), making the touchpad
work on the Teclast F7 Plus laptop.
+ Introduced ujoy(4), a restricted subset of uhid(4) for game
controllers which uses /dev/ujoy/* device nodes.
+ Set up ims(4) devices in X11 to behave like touchpads.
+ Stopped relying on USB devices to correctly present their
indices, instead searching for the correct interfaces. This
fixes E+ Corp. DAC Audio devices.
+ Introduced uhidpp(4), a driver for Logitech HID++ devices.
+ Separated reading of general and touchpad-specific wsmouse(4)
settings and corrected identification of device type when
reading touchpad parameters fails.
+ Added support for 30-bit color modes to simplefb(4) and wsfb
(4).
+ Made loongson kernels recognize Lynloong LM9002/9003 and
LM9013 models.
+ Use native display resolution 1368x768 for Lynloong
all-in-one computers.
* New or improved network hardware support:
+ Fixed link state change behavior in 82598 ix(4) chips.
+ Fixed issues with network stopping after the first down/up
cycle in mvpp(4) Marvel Armada Ethernet device.
+ Added SFP+ support to ofw, including support for direct
attach cables.
+ Added 10G media support to mvpp(4).
+ Added support for 1000base-x and 2500base-x connections to
mvneta(4).
+ Added mvsw(4), a driver for Marvel "SOHO" switches.
+ Enabled auto-negotiation on the SerDes links, allowing
in-band-status to work between mvpp(4) and mvsw(4) on the
ClearFog GT 8K.
+ Added support for the i.MX8MP PCIe clocks, USB clocks and
second ethernet.
+ Added Wake on LAN support to rge(4).
+ Enabled IPv4 and TCP/UDP checksum offload on transmission in
ogx(4).
+ Raised the maximum number of queues/interrupts from 1 to 16
on mcx(4) devices.
+ Added support for the Netgear ProSecure UTM25 to octeon.
+ Added vid/pid table to umb(4) allowing matching to alternate
configurations.
* Added or improved wireless network drivers:
+ Fixed the athn(4) and urtwn(4) drivers in client mode against
access points which use WPA1/TKIP as the group cipher.
+ Added multicast support to bwfm(4) to allow IPv6.
+ Fixed urtwn(4) repeated DEAUTH and loss/restoration of link.
+ Introduced a delay to work around an issue in bwfm(4) on the
BCM43602 that was triggering "unexpected pairwise key update"
errors.
+ Enabled athn(4) for arm64.
+ Implemented a new 802.11n Tx rate adaptation algorithm ("RA")
for iwm(4), iwn(4), and athn(4).
+ Fixed association problems with the ipw(4) and iwi(4)
drivers.
+ Made iwx(4) attach to AX201 devices with PCI IDs 0x34f0 and
0x06f0. Needs fw_update(1).
+ Fixed a problem where iwn(4) firmware would generate bogus
block ack requests and stall traffic.
+ Fixed automatic channel selection in the athn(4) driver when
running in hostap or monitor mode.
* IEEE 802.11 wireless stack improvements and bugfixes:
+ Fixed length calculations in iwm(4) and iwx(4) when there are
multiple MPDUs in one packet.
+ Fixed 802.11n interoperability with access points that offer
management frame protection.
+ Flush the A-MPDU reorder buffer after gap timeout to prevent
frames from remaining in the buffer until the next frame is
received.
+ Avoid spurious "input packet decapsulations failed" errors in
netstat(1) -W with A-MSDU enabled.
+ Fixed automatic selection of the 11a/b/g/n/ac operating mode
when the interface is running as an access point.
+ Ensured crypto keys are installed before the link is brought
up.
* Generic network stack improvements and bugfixes:
+ Removed the maxburst feature from tcp_output(). Sending out
TCP segments was limited to 4 packets per burst. This did not
scale well on high bandwidth, high latency links. Especially
when the receiving side delays ACK packets aggressively, the
maxburst limitation could seriously reduce TCP throughput per
connection.
+ Added a MONITOR feature to interfaces. Packets received on
these interfaces do not enter the network stack for further
processing. This can be used to watch traffic, for example
with bpf(4) without risk of the packets interfering with the
system.
+ Added etherbridge, the internals of a reusable learning
bridge interface providing common code reusable for other
drivers needing a mac learning bridge.
+ Introduced veb(4), a Virtual Ethernet Bridge driver.
+ Added the ability to force the selection of source IP address
for programs that do not specify a source IP, overriding the
default source IP selection algorithm. This is configurable
via route(8) sourceaddr command.
+ Bring interfaces up when autoconfiguration for inet or inet6
is enabled (AUTOCONF4 or AUTOCONF6 flags).
+ Adjust terminology in ifconfig(8) to refer to "temporary
address extensions" rather than the former "privacy
extensions," including the addition of an AUTOCONF6TEMP flag
(to replace the negative flag "INET6_NOPRIVACY"). The
autoconfprivacy option in ifconfig(8) has been deprecated.
+ Made it possible to disable the "autoconf" flag but keep
"temporary" enabled in ifconfig(8).
+ For IPv6 addresses, added tracking of address proposal
creation times to be able to establish total lifetime. This
information is used to renew pltime/vltime of privacy
addresse per RFC 4941.
+ Prevented kernel reuse of mbuf memory when generating the
ICMP6 response to an IPv6 packet.
+ Use the toeplitz hash algorithm to set a flowid for tcp
packets, which in turn is used to choose the tx ring on
network cards with multiple rings.
+ Fixed wg(4) on macppc by keeping track of allowed ips pointer
correctly.
+ Fixed wg(4) ioctl to handle multiple wgpeers.
+ Fixed a race between tx/rx handshakes in wg(4).
+ Prevented a potential hang when trying to remove a tun(4)
interface.
+ Used the correct rdomain when adding and deleting routes with
mpip(4) and mpw(4).
+ Made ifconfig(8) "-mplslabel" work with mpw(4).
* Installer and upgrade improvements:
+ Prevented a race in dhclient(8) privsep which could cause
autoinstall to fail by calling ftp(1) without a local
address.
+ Fixed hangs on amd64 bsd.rd due to misreported core clock
frequency on newer Intel Comet Lake models.
+ Began distributing the gzip'd version of bsd.rd on all
platforms with boot methods supporting it.
+ Fixed a problem which prevented use of sysupgrade(8) when an
interface failed to come up and dhclient(8) didn't notice
link-timeout expiration.
+ Prevented disklabel(8) from adjusting the swap 'b' partition
size if physmem is zero to keep the auto-allocate code from
putting a filesystem on that partition.
+ Emulate "[inet] autoconf" hostname.if(5) lines with "dhcp" so
users testing dhcpleased(8) will still be able to upgrade
manually while the installer uses only dhclient(8).
+ Restored dhclient.conf(5) to the group of network
configuration files used during upgrades.
* Security improvements:
+ Added notices to syslog whenever the "%n" format string
component of printf(3) is used.
+ Removed workaround permitting Go executables to do syscalls
directly, forcing them to use shared libc like all other
dynamic binaries.
* Routing daemons and other userland network improvements:
+ The bgpd(8) daemon saw the following changes:
o Introduced bgpd(8) rde evaluate all to reduce path hiding
in IXP route-server environments.
o Added RTR support to OpenBGPD.
o Added bgpctl(8) "show rtr" to display basic information
about RTR sessions.
o Added bgpctl(8) "show sets" to display information about
the roa-set, as-sets and prefix-sets loaded into bgpd(8).
o Properly implemented "rde med compare strict" in bgpd(8)
and ensured that the order of prefixes is always correct.
o Introduced a send hold timer in bgpd(8) to detect stalls
on the sending side of a TCP connection, acting as a last
resort to detect faulty peers.
o Introduced the bgpd.conf(5) per neighbor and global
config option "reject as-set yes/no" to allow rejection
of received UPDATES with AS_SET segments. These rejected
prefixes can be viewed with bgpctl(8) "show rib in
error".
o No longer allow configuration of the same neighbor
multiple times in bgpd(8).
o pf(4) tables now track prefixes correctly even when
received by multiple sessions.
o Fixed a memory leak when parsing bgpd(8) roa-set lists.
+ The ospfd(8) and ospf6d(8) routing daemons were refactored to
keep the code similar to changes in other routing daemons and
to improve maintainability.
Additionally, support for point-to-point interfaces in ospf6d
(8) was fixed and ospfd(8) now works with point-to-point
interfaces which use a common IP address.
+ The pf(4) packet filter and its userland utility:
o Relaxed checks in pfctl(8) and pf(4) to accept any valid
routing domain, even if it does not yet exist.
o Made pfctl(8) detect and reject bogus ranges before
loading the ruleset to prevent a panic.
o Changed route-to in pf.conf(5) to send packets to IPs
instead of interfaces.
o Changed pf_route so pf(4) only runs when packets enter
and leave the stack. Running the same packet through pf
multiple times creates confusion for the state table. By
default, pf states are floating, meaning that packets are
matched to states regardless of which interface they're
going over. This diff avoids multiple pf(4) traversals of
one packet causing confusion in the state table.
o Prevented the kernel from being stuck in an endless
recursion during TCP path MTU discovery when pf(4)
changes the routing table when sending packets.
o When cutting off the head of an overlapping fragment
during pf(4) reassembly, reinserted the fragment into the
lookup table with the correct index.
o Improved tftpd(8) logging to report the reasons a
transfer failed.
+ IPSEC support in the kernel and the iked(8) userland daemon:
o Added support to request IP addresses as IKEv2 initiator
to iked(8). If 'request addr 0.0.0.0' is configured, any
address will be accepted.
o Make iked(8) accept ANY dynamic address with 'request
addr 0.0.0.0'.
o Added 'dynamic' keyword to iked.conf(5) to allow
configuration of flows to dynamically assigned addresses.
o Added the 'any' keyword to iked.conf(5) for requests to
allow "request address any".
o Enabled iked(8) support for ASN1_DN ipsec identifiers.
o Implemented iked(8) "from dynamic," installing flows
where "dynamic" is replaced by the received dynamic IP
address.
o Made sure not to replace 0.0.0.0 with a dynamic address
in iked(8) if it is a network address.
o Added iked(8) -s socket option to specify a control
socket.
o Used a counter instead of random IV for AES-GCM in iked
(8), eliminating the risk of random collisions.
o Added iked(8) support for multiple address pools.
o Added the iked(8) "set stickyaddress" option, which
attempts to assign the same "config address" when an
IKESA is negotiated with the DSTID of an existing IKESA.
o Ensured rekeying of every child SA in iked(8).
o Added iked(8) support for RSASSA-PSS signature
verification (RFC 7427).
o Corrected the first packet of an ipsec(4) SA to have
sequence number 1.
o Accepted reject and blackhole routes for IPsec PMTU
discovery.
o Prevented leaking of ipsec_hosts in iked(8) when building
hosts_list.
o Prevented initiation of new additional SAs for each
policy upon every ikectl(8) config reload.
o Fixed "any" and "dynamic" keywords for flows in iked(8)
and added proper IPv6 support.
o Created a path MTU host route for IPsec(4) over IPv6.
o Added support for INVALID_KE_PAYLOAD in iked(8)
CREATE_CHILD_SA exchange.
o Added support for RSA-PSS PKCS1 signatures to iked(8).
o Fixed path MTU discovery for ESP tunnels in IPv6.
o Upgraded to OpenSSL 1.1 compatible crypto API in iked(8).
o Added an optional "group none" transform for child SAs in
iked(8) to ensure the ability to negotiate optional PFS.
o Added iked(8) dynamic address configuration for
roadwarrior clients, with a new "iface" config option
which can be used to specify an interface for the virtual
addresses received from the peer.
o Fixed an iked(8) interop problem with strongswan if
make-before-break is enabled.
+ The httpd(8) webserver saw numerous improvements:
o Prevented a crash due to httpd(8) listening on port 443
with missing TLS certificates.
o Created a new "location (found|notfound)" option for
httpd.conf(5) to allow testing for resource path
existence.
o Fixed detection of duplicate locations in httpd(8).
o Fixed leak of access and error log filenames on config
reload in httpd(8).
o Avoid leaking the log message in httpd(8)'s
server_sendlog.
o Incorrect order of close(2) and tls_close(3) together
with a bug in libssl led to leaking memory in httpd(8)
for each TLS connection.
o Fixed the httpd(8) example configuration not to generate
errors when running without TLS keys already in place.
o Optimized disk reads of httpd(8) by using st_blocksize as
high water mark instead of the socket buffer size.
o Do not compare TLS config params for non-TLS servers.
This allows using listen on * port 80 and listen on *
port 443 in the same server block in httpd.conf(5).
+ rpki-client(8) received the following new features and
bugfixes:
o Added RRDP (The RPKI Repository Delta Protocol, RFC 8182)
support as a 'technology preview'. To use it, the "-r"
flag needs to be used.
o Support the use of more than one URI in the TAL file,
sorting with a preference for https.
o Validation of ghostbuster records (RFC 6493).
o Fixed checks of the manifest validity interval.
o The rsync connection is now killed when the rsync server
stalls.
o Limited the URL embedded in .cer files to alphanumeric
characters and punctuation.
o Added a "-V" option to show version.
o Included the default cert.pem file path in tls_load_file
error messages.
+ The dig(1) DNS utility received the following updates:
o Implemented RFC 8914 Extended DNS Errors for dig(1).
o Fixed dig(1) EDNS Client Subnet option (+subnet=).
o Fixed IPv6 link-local address handling for nameservers to
talk to and for address to bind to in dig(1).
o Implemented ZONEMD (RFC 8976) in dig(1) to convey a
message digest of the content of a DNS zone.
+ Changes to dhclient(8):
o Fixed incorrect behavior when using dhclient.conf(5) to
change the lease renew/rebind/expiry timing.
o Allowed the provision of dhclient(8) options on "dhcp"
lines in hostname.if(5) files.
o Converted all timers from time(3) values to clock_gettime
(2) CLOCK_MONOTONIC values.
o Removed -L command line option.
o Improved debug output.
o Improved re-acquisition of a previous address by
immediately accepting any OFFER for the address, rather
than waiting for 'select-timeout' to expire.
o Exit immediately if the -c option specifies a
non-existent file.
o Exit immediately if the -i option contains invalid
information.
+ Two new daemons, dhcpleased(8) and resolvd(8) were added.
These work alongside with slaacd(8) and unwind(8) to provide
a coherent and simple automatic configuration of network
interfaces and DNS resolution.
The two daemons are not enabled by default for now, but can
be tested by enabling them with rcctl(8).
o dhcpleased(8) implements the DHCP protocol to acquire
IPv4 address leases from servers.
o resolvd(8) manages the content of resolv.conf(5) based on
nameserver proposals from dhcpleased(8), slaacd(8), and
drivers like umb(4).
+ Changes to snmp related tools:
o libagentx(3) moved its API prefix from subagentx_ to
agentx_.
o agentx_varbind_integer(3) now accepts an int32_t as per
SMI/RFC 2578.
o agentx_varbind_unsigned32(3) has been added as an alias
for agentx_varbind_gauge32(3).
o snmpd.conf(5) no longer accepts the old listen on address
[tcp|udp] syntax. Only the new listen on [tcp|udp]
address syntax is now supported.
o snmpd(8) now fully implements RFC3584 Trapv1 to Trapv2
conversion for the trap handle.
o sysUpTime and snmpTrapOID now respect snmpd(8)'s -N flag,
similar to the other values sent by the trap handle.
o snmpd.conf(5) now accepts the read, write, and notify
keywords. This allows for request type filtering per
listen on statement and custom trap handle ports.
o snmp(1) now has initial support for SMI enums. For now
only TruthValue is implemented on ifPromiscuousMode and
ifConnectorPresent.
o snmp(1) now interprets the "u" data type as unsigned
integer.
+ Other userland network changes:
o Fixed ldapd(8) cert and key path inference for absolute
paths.
o Fixed incorrect cast in a vsnprintf(3) error check in
ldapd(8).
o Applied unveil(2) to ldapd(8).
o Changed ping(8) to drain the raw socket of packets
received before it is fully set up to avoid reporting
ICMP responses intended for other instances of ping(8)
running in parallel.
o Added ping(8) -g option to provide a visual display of
packets received and lost.
o Changed slaacd(8) Duplicate Address Detection (DAD) to
only generate a new address if we are using Semantically
Opaque Interface Identifiers.
o Handled an autoconf interface changing its rdomain in
slaacd(8).
o Completed slaacd(8) implementation of RFC 8981 temporary
address extensions.
o Do not leak the domains listed in unwind(8)'s blocklist
file on each config reload.
o Do not leak duplicate domain nodes when loading the
unwind(8) config.
o Fixed rare crashes of unwind(8) when DNS answers are
larger than the maximum imsg size.
o Implemented unwind(8) listening on TCP.
o Implemented DNS64 synthesis in unwind(8).
o Disabled logging to syslog(3) for libunbound with unwind
(8). Does not prevent logging to stderr with "unwind -d".
o Added a simple --timeout implementation to openrsync(1).
o Added the rsync(1) option --no-motd to suppress the
information output by the client at the start of a daemon
transfer.
o Added support for the use of !command to mygate(5), so
that netstart has a late opportunity to perform network
configuration.
o Make rad(8) to handle multiple rdomains in a single
daemon (instead of running it in multiple rdomains).
o Added a specific headline to netstat(1) for TCP state and
IP protocol.
o Handle permanent redirects (RFC 7538) in ftp(1) fetch.
o Introduced ftp(1) support for sending the
If-Modified-Since header while fetching over http or
https. Switched to using the timestamps from the remote
server's Last-Modified header if available when saving
local files and introduced the ftp "-u" flag to disable
this behavior.
o Made ftp(1) set timestamps only on files.
o Added requests for a new certificate without requiring -F
when acme-client(1) detects an added or removed SAN in
the config file not reflected in the existing certificate
on disk.
o Print rewritten addresses in tcpdump(8) logged with pflog
(4) for rdr-to, nat-to and af-to rules.
o When calling getaddrinfo(3) with AI_ADDRCONFIG, consider
the routing domain when checking for available address
families. This ensures that name resolution is only
performed for the address families available in the
rdomain.
o Implemented the nc(1) -D socket debug option in tcpbench
(1), allowing analysis of TCP connections.
o Avoid leaking the help text in systat(8).
o Increased the maximum length for CHAP challenges to 96
octets to ensure npppd(8) can handle longer challenges,
such as those sent by Juniper.
* tmux(1) improvements and bug fixes:
+ Made tmux(1) synchronize-panes a pane option and added
set-option -U flag to unset an option on all panes.
+ Allowed use of ## and # in tmux(1) styles and added a "w"
format modifier for width.
+ Added a -C flag to tmux(1) run-shell to use a tmux command
rather than a shell command.
+ Added a tmux(1) -N flag to never start the server even if the
command would normally do so.
+ Added the new tmux(1) -S flag to new-window to select the
existing window if one with the given name already exists,
rather than failing.
+ Added support for X11 color names and other variations for
OSC 10/11 and added OSC 110 and 111 to tmux(1).
+ Removed tmux(1) support for popups where the content is
provided directly to tmux.
+ Added a tmux(1) "absolute-centre" alignment to use the center
of the total space instead of the available space.
+ Added tmux(1) split-window -Z to start the pane zoomed.
+ Added client-detached notification in tmux(1) control mode.
+ Changed tmux(1) search-again with vi keys to work like vi(1).
* OpenSMTPD 6.9.0
+ Introduced smtp(1) -a to perform authentication before
sending a message.
+ Fixed a memory leak in smtpd(8) resolver.
+ Prevented a crash due to premature release of resources by
the smtpd(8) filter state machine.
+ Switch to libtls internally.
+ Change the way SNI works in smtpd.conf(5). TLS listeners may
be configured with multiple certificates. The matching is
based on the names included in these certificates.
+ Allow to specify tls protocols and ciphers per listener and
relay action.
* LibreSSL 3.3.2
+ New Features
o Support for DTLSv1.2.
o Continued rewrite of the record layer for the legacy
stack.
o Numerous bugs and interoperability issues were fixed in
the new verifier. A few bugs and incompatibilities
remain, so this release uses the old verifier by default.
o The OpenSSL 1.1 TLSv1.3 API is not yet available.
+ Portable Improvements
o Added '--enable-libtls-only' build option, which builds
and installs a statically-linked libtls, skipping
libcrypto and libssl. This is useful for systems that
ship with OpenSSL but wish to also package libtls.
o Update getentropy on Windows to use Cryptography Next
Generation (CNG). wincrypt is deprecated and no longer
works with newer Windows environments, such as in Windows
Store apps.
+ API and Documentation Enhancements
o Add a number of RPKI OIDs from RFC 6482, 6484, 6493,
8182, 8360, draft-ietf-sidrops-rpki-rta, and
draft-ietf-opsawg-finding-geofeeds.
o Add support for SSL_get_shared_ciphers(3) with TLSv1.3.
o Add DTLSv1.2 methods.
o Implement SSL_is_dtls(3) and use it internally in place
of the SSL_IS_DTLS macro.
o Provide EVP_PKEY_new_CMAC_KEY(3).
o Add missing prototype for d2i_DSAPrivateKey_fp(3) to
x509.h.
o Add DTLSv1.2 to openssl(1) s_server and s_client protocol
message logging.
o Provide SSL_use_certificate_chain_file(3).
o Provide SSL_set_hostflags(3) and SSL_get0_peername(3).
o Provide various DTLSv1.2 specific functions and defines.
o Document meaning of '*' in the genrsa output.
o Updated documentation for SSL_get_shared_ciphers(3).
o Add documentation for SSL_get_finished(3).
o Document EVP_PKEY_new_CMAC_key(3).
o Document SSL_use_certificate_chain_file(3).
o Document SSL_set_hostflags(3) and SSL_get0_peername(3).
o Update SSL_get_version(3) manual for DTLSv.1.2 support.
o Make supported protocols and options for DHE params more
prominent in tls_config_set_protocols(3).
o Various documentation improvements around TLS methods.
+ Compatibility Changes
o Make openssl(1) s_server ignore -4 and -6 for
compatibility with OpenSSL.
o Set SO_REUSEADDR on the server socket in the openssl(1)
ocsp command.
o Send a host header with OCSP queries to make openssl(1)
ocsp work with some widely used OCSP responders.
o Add ability to ocspcheck(8) to parse a port in the
specified OCSP URL.
o Implement auto chain for the TLSv1.3 server since some
software relies on this.
o Implement key exporter for TLSv1.3.
o Align SSL_get_shared_ciphers(3) with OpenSSL. This takes
into account that it never returned server ciphers, so
now it will fail when called from the client side.
o Sync cert.pem with Mozilla NSS root CAs except "GeoTrust
Global CA".
o Make SSL{_CTX,}_get_{min,max}_proto_version(3) return a
version of zero if the minimum or maximum has been set to
zero to match OpenSSL's behavior.
o Add DTLSv1.2 support to openssl(1) s_client/s_server.
+ Testing and Proactive Security
o Malformed ASN.1 in a certificate revocation list or a
timestamp response token can lead to a NULL pointer
dereference.
o Pull in fix for EVP_CipherUpdate(3) overflow from
OpenSSL.
o Use EXFLAG_INVALID to handle out of memory and parse
errors in x509v3_cache_extensions().
o Refactor and clean up ocspcheck(8) and add regression
tests.
+ Internal Improvements
o Further cleanup of the DTLS record handling.
o Continue the replacement of the TLSv1.2 record layer by
reimplementing the read side of the TLSv1.2 record
handling.
o Replace DTLSv1_enc_data() with TLSv1_1_enc_data().
o Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c.
o Add const to ssl_ciphers and tls1[23]_sigalgs* to push
them into .data.rel.ro and .rodata, respectively.
o Add a const qualifier to srtp_known_profiles.
o Simplify TLS method by removing the client and server
specific methods internally.
o Avoid casting away const in ssl_ctx_make_profiles().
o Avoid explicitly conditioning an assert on DTLS1_VERSION
to make the assert work for newer DTLS versions.
o Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL.
o Add a flag to mark DTLS methods as DTLS to have an easy
way to recognize DTLS methods that avoids inspecting the
version number.
o Mark a few more internal static tables const.
o Switch finish{,_peer}_md_len from an int to a size_t.
o Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE
as size for cert_verify_md[], finish_md[] and
peer_finish_md[]. The factor 2 was a historical artefact.
o Free struct members in tls13_record_layer_free() in their
natural order for reviewability.
o Use consistent names in tls13_{client,server}_finished_
{recv,send}().
o Add tls13_secret_{init,cleanup}() and use them throughout
the TLSv1.3 code base.
o Move the read MAC key into the TLSv1.2 record layer.
o Make tls12_record_layer_free() NULL safe.
o Split the record protection from the TLSv1.2 record
layer.
o Clean up sequence number handling in the new TLSv1.2
record layer.
o Clean up sequence number handling in DTLS.
o Clean up dtls1_reset_seq_numbers().
o Factor out code for explicit IV length, block size and
MAC length from
tls12_record_layer_open_record_protected_cipher().
o Provide record layer overhead for DTLS.
o Provide functions to determine if TLSv1.2 record
protection is engaged.
o Add code to handle change of cipher state in the new
TLSv1.2 record layer.
o Mop up now unused dtls1_build_sequence_numbers()
function.
o Allow setting a keypair on a tls context without
specifying the private key, and fake it internally in
libtls. This removes the need for privsep engines like
relayd to use bogus keys.
o Skip the private key check for fake private keys.
o Move the private key setup from tls_configure_ssl_keypair
() to a helper function with proper error checking.
o Change the internal tls_configure_ssl_keypair() function
to return -1 instead of 1 on failure.
o Move sequence numbers into the new TLSv1.2 record layer.
o Move AEAD handling into the new TLSv1.2 record layer.
o Factor out legacy stack version checks.
o Correct handshake MAC/PRF for various TLSv1.2 cipher
suites which were originally added with the default
handshake MAC and PRF rather than the SHA256 handshake
MAC and PRF.
o Absorb ssl3_get_algorithm2() into
ssl_get_handshake_evp_md().
o Use dtls1_record_retrieve_buffered_record() to load
buffered application data.
o Enforce read ahead with DTLS.
o Remove bogus DTLS checks that disabled ECC and OCSP.
o Clean up and simplify dtls1_get_cipher().
o Group HelloVerifyRequest decoding and add missing check
for trailing data.
o Revise HelloVerifyRequest handling for DTLSv1.2.
o Handle DTLS1_2_VERSION in various places.
o Rename the "truncated" label into "decode_err" and the
"f_err" label into "fatal_err".
o Factor out and change some of the legacy client version
code.
o Simplify version checks in the TLSv1.3 client. Ensure
that the server announced TLSv1.3 and nothing higher and
check that the legacy_version is set to TLSv1.2 as
required by RFC 8446.
o Only use TLS versions internally rather than both TLS and
DTLS versions since the latter are the one's complement
of the human readable version numbers, which means that
newer versions decrease in value.
o Identify DTLS based on the version major value.
o Move handling of cipher/hash based cipher suites into the
new record layer.
o Add tls12_record_protection_unused() and call it from CCS
functions.
o Move key/IV length checks closer to usage sites. Also add
explicit checks against EVP_CIPHER_{iv,key}_length().
o Replace two handrolled tls12_record_protection_engaged().
o Improve internal version handling: add handshake fields
for our minimum version, our maximum version and the TLS
version negotiated during the handshake. Convert most of
the internal code to use these version fields.
o Guard against future internal use of TLS1_get_{client,}
_version() macros.
o Remove the internal ssl_downgrade_max_version() function
which is no longer needed.
o Add support for DTLSv1.2 version handling.
o Remove no longer needed read ahead workarounds in the
s_client and s_server.
o Split TLSv1.3 record protection from record layer.
o Move the TLSv1.3 handshake struct inside the shared
handshake struct.
o Fully initialize rrec in
tls12_record_layer_open_record_protected() to avoid
confusing some static analyzers.
o Use tls_set_errorx() on OCSP_basic_verify() failure since
the latter does not set errno.
o Convert openssl(1) x509 to new option handling and do the
usual clean up that goes along with it.
o Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake
data.
o Rename new_cipher to cipher to align naming with keyblock
or other parts of the handshake data.
o Move the TLSv1.2 record number increment into the new
record layer.
o Move finished and peer finished into the handshake
struct.
o Remove pointless assignment in SSL_get0_alpn_selected().
o Add some error checking to openssl(1) x509.
+ Bug Fixes
o Move point-on-curve check to set_affine_coordinates to
avoid verifying ECDSA signatures with unchecked public
keys.
o Fix SSL_is_server(3) to behave as documented by
re-introducing the client-specific methods.
o Avoid undefined behavior due to memcpy(NULL, NULL, 0).
o Make SSL_get{,_peer}_finished() work when used with
TLSv1.3.
o Correct the return value type from ERR_peek_error() to a
long.
o Avoid use of uninitialized in ASN1_time_parse() which
could happen on parsing UTCTime if the caller did not
initialize the passed struct tm.
o Destroy the mutex in a tls_config object on
tls_config_free().
o Free alert_data and phh_data in tls13_record_layer_free
(). These could leak if SSL_shutdown(3) or tls_close(3)
were called after closing the underlying socket().
o Gracefully handle root certificates being both trusted
and untrusted.
o Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the
new verifier.
o Use the legacy verifier when building auto chains for
TLS.
o Search the intermediates only after searching the root
certs in the new verifier to avoid problems with the
legacy callback.
o Bail out early after finding a single chain in the new
verifier, if we have been called via the legacy verifier
API.
o Set (invalid and likely incomplete) chain on the xsc on
chain build failure prior to calling the callback. This
is required by various callers, including auto chain.
o Remove direct assignment of aead_ctx to avoid a leak.
o Fail early in legacy exporter if the master secret is not
available to avoid a segfault if it is called when the
handshake is not completed.
o Only print the certificate file once on verification
failure.
o Fix an off-by-one in x509_verify_set_xsc_chain() to make
sure that the new validator checks for EXFLAG_CRITICAL in
x509_vfy_check_chain_extension() for all untrusted certs
in the chain. Take into account that the root is not
necessarily trusted.
o Avoid passing last and depth to x509_verify_cert_error()
on ENOMEM.
o Fix two bugs in the legacy verifier that resulted from
refactoring of X509_verify_cert(3) for the new verifier:
a return value was incorrectly treated as boolean, making
it insufficient to decide whether validation should carry
on or not.
o Fix checks for memory caps of constraints names. There
are internal caps on the number of name constraints and
other names, that the new name constraints code allocates
per cert chain. These limits were checked too late,
making them only partially effective.
o Fix a copy-paste error - skid was confused with an akid
when checking for EXFLAG_INVALID. This broke OCSP
validation with certain mirrors.
o Avoid a use-after-scope in tls13_cert_add().
o Avoid mangled output in BIO_debug_callback().
o Fix client initiated renegotiation by replacing use of
s->internal-type with s->server.
o Avoid transcript initialization when sending a TLS
HelloRequest, fixing server initiated renegotiation.
o Avoid leaking param->name in x509_verify_param_zero().
o Avoid a leak in an error path in openssl(1) x509.
o When sending an alert in TLSv1.3, only set its error code
when no other error was set previously. Certain clients
rely on specific SSL_R_ error codes to identify that they
are dealing with a self signed cert.
o When switching from the TLSv1.3 stack to the legacy stack
include a TLS record header. This is necessary if there
is more than one handshake message in the TLS plaintext
record.
o Fix resource handling on error in OCSP_request_add0_id().
o Make sure there is enough room for stashing the handshake
message when switching to the legacy TLS stack.
o Fix a memory leak in the openssl(1) s_client.
o Unbreak DTLS retransmissions for flights that include a
CCS.
o If x509_verify() fails, ensure that the error is set on
both the x509_verify_ctx() and its store context to make
some failures visible from SSL_get_verify_result().
o Use the X509_STORE_CTX get_issuer() callback from the new
X.509 verifier to fix hashed certificate directories.
o Only check BIO_should_read(3) on read and
BIO_should_write(3) on write. Previously,
BIO_should_write(3) was also checked after read and
BIO_should_read(3) after write which could cause stalls
in software that uses the same BIO for read and write.
o In openssl(1) verify, also check for error on the store
context since the return value of X509_verify_cert(3) is
unreliable in presence of a callback that returns 1 too
often.
o Handle additional certificate error cases in the new
X.509 verifier. Keep track of the errors encountered if a
verify callback tells the verifier to continue and report
them back via the error on the store context. This mimics
the behavior of the old verifier that would persist the
first error encountered while building the chain.
o Report specific failures for "self signed certificates"
in a way compatible with the old verifier since software
relies on the error code.
o Plug a large memory leak in the new verifier caused by
calling X509_policy_check(3) repeatedly.
o Avoid leaking memory in x509_verify_chain_dup().
* OpenSSH 8.5
+ Security fixes
o ssh-agent(1): fixed a double-free memory corruption that
was introduced in OpenSSH 8.2 . We treat all such memory
faults as potentially exploitable. This bug could be
reached by an attacker with access to the agent socket.
On modern operating systems where the OS can provide
information about the user identity connected to a
socket, OpenSSH ssh-agent and sshd limit agent socket
access only to the originating user and root. Additional
mitigation may be afforded by the system's malloc(3)/free
(3) implementation, if it detects double-free conditions.
The most likely scenario for exploitation is a user
forwarding an agent either to an account shared with a
malicious user or to a host with an attacker holding root
access.
+ Potentially incompatible changes
o ssh(1), sshd(8): this release changes the
first-preference signature algorithm from ECDSA to
ED25519.
o ssh(1), sshd(8): set the TOS/DSCP specified in the
configuration for interactive use prior to TCP connect.
The connection phase of the SSH session is time-sensitive
and often explicitly interactive. The ultimate
interactive/bulk TOS/DSCP will be set after
authentication completes.
o ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for
aes256-cbc before it was standardized in RFC4253 (2006),
has been deprecated and disabled by default since OpenSSH
7.2 (2016) and was only briefly documented in ssh.1 in
2001.
o ssh(1), sshd(8): update/replace the experimental
post-quantum hybrid key exchange method based on
Streamlined NTRU Prime coupled with X25519.
The previous sntrup4591761x25519-sha512@tinyssh.org
method is replaced with
sntrup761x25519-sha512@openssh.com. Per its designers,
the sntrup4591761 algorithm was superseded almost two
years ago by sntrup761. (Note that both the updated
method and the one that it replaced are disabled by
default.)
o ssh(1): disable CheckHostIP by default. It provides
insignificant benefits while making key rotation
significantly more difficult, especially for hosts behind
IP-based load-balancers.
+ New Features
o ssh(1): this release enables UpdateHostkeys by default
subject to some conservative preconditions:
# The key was matched in the UserKnownHostsFile (and
not in the GlobalKnownHostsFile).
# The same key does not exist under another name.
# A certificate host key is not in use.
# known_hosts contains no matching wildcard hostname
pattern.
# VerifyHostKeyDNS is not enabled.
# The default UserKnownHostsFile is in use.
We expect some of these conditions will be modified or
relaxed in future.
o ssh(1), sshd(8): add a new LogVerbose configuration
directive for that allows forcing maximum debug logging
by file/function/line pattern-lists.
o ssh(1): when prompting the user to accept a new hostkey,
display any other host names/addresses already associated
with the key.
o ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
o ssh(1): add a ssh_config KnownHostsCommand option that
allows the client to obtain known_hosts data from a
command in addition to the usual files.
o ssh(1): add a ssh_config PermitRemoteOpen option that
allows the client to restrict the destination when
RemoteForward is used with SOCKS.
o ssh(1): for FIDO keys, if a signature operation fails
with a "incorrect PIN" reason and no PIN was initially
requested from the user, then request a PIN and retry the
operation. This supports some biometric devices that fall
back to requiring PIN when reading of the biometric
failed, and devices that require PINs for all hosted
credentials.
o sshd(8): implement client address-based rate-limiting via
new sshd_config(5) PerSourceMaxStartups and
PerSourceNetBlockSize directives that provide more
fine-grained control on a per-origin address basis than
the global MaxStartups limit.
+ Bugfixes
o ssh(1): Prefix keyboard interactive prompts with "
(user@host)" to make it easier to determine which
connection they are associated with in cases like scp -3,
ProxyJump, etc. bz#3224
o sshd(8): fix sshd_config SetEnv directives located inside
Match blocks. GHPR#201
o ssh(1): when requesting a FIDO token touch on stderr,
inform the user once the touch has been recorded.
o ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the
effective value (for most platforms) at 24 days. bz#3229
o ssh(1): consider the ECDSA key subtype when ordering host
key algorithms in the client.
o ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes
keyword to PubkeyAcceptedAlgorithms. The previous name
incorrectly suggested that it control allowed key
algorithms, when this option actually specifies the
signature algorithms that are accepted. The previous name
remains available as an alias. bz#3253
o ssh(1), sshd(8): similarly, rename HostbasedKeyTypes
(ssh) and HostbasedAcceptedKeyTypes (sshd) to
HostbasedAcceptedAlgorithms.
o sftp-server(8): add missing lsetstat@openssh.com
documentation and advertisement in the server's
SSH2_FXP_VERSION hello packet.
o ssh(1), sshd(8): more strictly enforce KEX state-machine
by banning packet types once they are received. Fixes
memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST
(oss-fuzz #30078).
o sftp(1): allow the full range of UIDs/GIDs for chown/
chgrp on 32bit platforms instead of being limited by
LONG_MAX. bz#3206
o Minor man page fixes (capitalization, commas, etc.) bz#
3223
o sftp(1): when doing an sftp recursive upload or download
of a read-only directory, ensure that the directory is
created with write and execute permissions in the interim
so that the transfer can actually complete, then set the
directory permission as the final step. bz#3222
o ssh-keygen(1): document the -Z, check the validity of its
argument earlier and provide a better error message if
it's not correct. bz#2879
o ssh(1): ignore comments at the end of config lines in
ssh_config, similar to what we already do for
sshd_config. bz#2320
o sshd_config(5): mention that DisableForwarding is valid
in a sshd_config Match block. bz3239
o sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
o ssh(1), sshd(8): fix potential integer truncation of
(unlikely) timeout values. bz#3250
o ssh(1): make hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets
instead of the key type. This makes
HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
* Ports and packages:
Many pre-built packages for each architecture:
+ aarch64: 10943
+ amd64: 11310
+ arm: XXX
+ i386: 10468
+ mips64: 8182
+ mips64el: XXX
+ powerpc: XXX
+ powerpc64: XXX
+ sparc64: 9642
Some highlights:
+ Asterisk 18.3.0
+ Audacity 2.4.2
+ CMake 3.19.4
+ Chromium 90.0.4430.72
+ Emacs 27.2
+ FFmpeg 4.3.2
+ GCC 8.4.0
+ GHC 8.10.3
+ GNOME 3.38
+ Go 1.16.2
+ JDK 8u282 and 11.0.10
+ KDE Applications 20.12.3
+ KDE Frameworks 5.80.0
+ Krita 4.4.3
+ LLVM/Clang 10.0.1
+ LibreOffice 7.0.5.2
+ Lua 5.1.5, 5.2.4 and 5.3.6
+ MariaDB 10.5.9
+ Mono 6.12.0.122
+ Mozilla Firefox 88.0 and ESR 78.10.0
+ Mozilla Thunderbird 78.10.0
+ Mutt 2.0.6 and NeoMutt 20210205
+ Node.js 12.16.1
+ OCaml 4.10.0
+ OpenLDAP 2.4.58
+ PHP 7.2.34, 7.3.27, 7.4.16 and 8.0.3
+ Postfix 3.5.10
+ PostgreSQL 13.2
+ Python 2.7.18, 3.8.8 and 3.9.2
+ Qt 5.15.2
+ R 4.0.5
+ Ruby 2.6.7, 2.7.3 and 3.0.1
+ Rust 1.51.0
+ SQLite 3.34.1
+ Shotcut 21.01.29
+ Sudo 1.9.6p1
+ Suricata 6.0.1
+ Tcl/Tk 8.5.19 and 8.6.8
+ TeX Live 2020
+ Vim 8.2.2580 and Neovim 0.4.4
+ Xfce 4.16
* As usual, steady improvements in manual pages and other
documentation.
* The system includes the following major components from outside
suppliers:
+ Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches,
freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 367,
xkeyboard-config 2.20, fonttosfnt 1.2.1 and more)
+ LLVM/Clang 10.0.1 (+ patches)
+ GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
+ Perl 5.32.1 (+ patches)
+ NSD 4.3.6
+ Unbound 1.13.1
+ Ncurses 5.7
+ Binutils 2.17 (+ patches)
+ Gdb 6.3 (+ patches)
+ Awk December 18, 2020 version
+ Expat 2.2.10
---------------------------------------------------------------------
How to install
Please refer to the following files on the mirror site for extensive
details on how to install OpenBSD 6.9 on your machine:
* .../OpenBSD/6.9/alpha/INSTALL.alpha
* .../OpenBSD/6.9/amd64/INSTALL.amd64
* .../OpenBSD/6.9/arm64/INSTALL.arm64
* .../OpenBSD/6.9/armv7/INSTALL.armv7
* .../OpenBSD/6.9/hppa/INSTALL.hppa
* .../OpenBSD/6.9/i386/INSTALL.i386
* .../OpenBSD/6.9/landisk/INSTALL.landisk
* .../OpenBSD/6.9/loongson/INSTALL.loongson
* .../OpenBSD/6.9/luna88k/INSTALL.luna88k
* .../OpenBSD/6.9/macppc/INSTALL.macppc
* .../OpenBSD/6.9/octeon/INSTALL.octeon
* .../OpenBSD/6.9/powerpc64/INSTALL.powerpc64
* .../OpenBSD/6.9/sgi/INSTALL.sgi
* .../OpenBSD/6.9/sparc64/INSTALL.sparc64
---------------------------------------------------------------------
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
OpenBSD/alpha:
If your machine can boot from CD, you can write install69.iso or
cd69.iso to a CD and boot from it. Refer to INSTALL.alpha for more
details.
OpenBSD/amd64:
If your machine can boot from CD, you can write install69.iso or
cd69.iso to a CD and boot from it. You may need to adjust your BIOS
options first.
If your machine can boot from USB, you can write install69.img or
miniroot69.img to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB, you can install
across the network using PXE as described in the included
INSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will
need to read INSTALL.amd64.
OpenBSD/arm64:
Write install69.img or miniroot69.img to a disk and boot from it
after connecting to the serial console. Refer to INSTALL.arm64 for
more details.
OpenBSD/armv7:
Write a system specific miniroot to an SD card and boot from it after
connecting to the serial console. Refer to INSTALL.armv7 for more
details.
OpenBSD/hppa:
Boot over the network by following the instructions in INSTALL.hppa
or the hppa platform page.
OpenBSD/i386:
If your machine can boot from CD, you can write install69.iso or
cd69.iso to a CD and boot from it. You may need to adjust your BIOS
options first.
If your machine can boot from USB, you can write install69.img or
miniroot69.img to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB, you can install
across the network using PXE as described in the included
INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will
need to read INSTALL.i386.
OpenBSD/landisk:
Write miniroot69.img to the start of the CF or disk, and boot
normally.
OpenBSD/loongson:
Write miniroot69.img to a USB stick and boot bsd.rd from it or boot
bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for
more details.
OpenBSD/luna88k:
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the
bootloader from the PROM, and then bsd.rd from the bootloader. Refer
to the instructions in INSTALL.luna88k for more details.
OpenBSD/macppc:
Burn the image from a mirror site to a CDROM, and power on your
machine while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /
6.9/macppc/bsd.rd
OpenBSD/octeon:
After connecting a serial port, boot bsd.rd over the network via DHCP
/tftp. Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/powerpc64:
To install, write install69.img or miniroot69.img to a USB stick,
plug it into the machine and choose the OpenBSD install menu item in
Petitboot. Refer to the instructions in INSTALL.powerpc64 for more
details.
OpenBSD/sgi:
To install, burn cd69.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System
Maintenance menu. Indigo/Indy/Indigo2 (R4000) systems will not boot
automatically from CD-ROM, and need a proper invocation from the PROM
prompt. Refer to the instructions in INSTALL.sgi for more details.
If your machine doesn't have a CD drive, you can setup a DHCP/tftp
network server, and boot using "bootp()/bsd.rd.IP##" using the kernel
matching your system type. Refer to the instructions in INSTALL.sgi
for more details.
OpenBSD/sparc64:
Burn the image from a mirror site to a CDROM, boot from it, and type
boot cdrom.
If this doesn't work, or if you don't have a CDROM drive, you can
write floppy69.img or floppyB69.img (depending on your machine) to a
floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for
details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or
your install will most likely fail.
You can also write miniroot69.img to the swap partition on the disk
and boot with boot disk:b.
If nothing works, you can boot over the network as described in
INSTALL.sparc64.
---------------------------------------------------------------------
How to upgrade
If you already have an OpenBSD 6.8 system, and do not want to
reinstall, upgrade instructions and advice can be found in the
Upgrade Guide.
---------------------------------------------------------------------
Notes about the source code
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys. This
file contains all the kernel sources you need to rebuild kernels. To
extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here. Using these files results in a much faster initial
CVS update than you could expect from a fresh checkout of the full
OpenBSD source tree.
---------------------------------------------------------------------
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
Go read the ports page if you know nothing about ports at this point.
This text is not a manual of how to use ports. Rather, it is a set of
notes meant to kickstart the user on the OpenBSD ports system.
The ports/ directory represents a CVS checkout of our ports. As with
our complete source tree, our ports tree is available via AnonCVS.
So, in order to keep up to date with the -stable branch, you must
make the ports/ tree available on a read-write medium and update the
tree with a command like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_9
[Of course, you must replace the server name here with a nearby
anoncvs server.]
Note that most ports are available as packages on our mirrors.
Updated ports for the 6.9 release will be made available if problems
arise.
If you're interested in seeing a port added, would like to help out,
or just would like to know more, the mailing list ports@openbsd.org
is a good place to know.