Thank you to all the developers for such a great release! Sysupgrade went
flawlessly on my cloud instances, router, and laptop host. Keep up the great
work!
On Mon, Apr 10, 2023, at 6:52 AM, Theo de Raadt wrote:
>
> ------------------------------------------------------------------------
> - OpenBSD 7.3 RELEASED -------------------------------------------------
>
> April 10, 2023.
>
> We are pleased to announce the official release of OpenBSD 7.3.
> This is our 54th release. We remain proud of OpenBSD's record of more
> than twenty years with only two remote holes in the default install.
>
> As in our previous releases, 7.3 provides significant improvements,
> including new features, in nearly all areas of the system:
>
> - Various kernel improvements:
> o Added waitid(2), wait for process state change.
> o Added pinsyscall(2), specify the call stub for a specific system
> call.
> o Added getthrname(2) and setthrname(2), get or set thread name.
> o Added WTRAPPED option for waitid(2) to control whether CLD_TRAPPED
> state changes, i.e., ptrace(2) on a process, are reported.
> o Introduced clockintr(9), a machine-independent clock interrupt
> scheduler. Switched all architectures to use this new kernel
> subsystem.
> o Added a priority queue to clockintr(9).
> o Introduced a new kern.autoconf_serial sysctl(8) that can be used
> by userland to monitor state changes of the kernel device tree.
> o Fixed pmap(9) bugs involving entering an executable mapping for a
> page before synchronizing the data and instruction cache on arm64
> and riscv64.
> o Removed copystr(9) from public API.
> o Add getnsecruntime(9) to the kernel timecounting API. Together
> with getbinruntime(), it provides a fast, monotonic clock that
> only advances while the system is not suspended.
> o Add detection for Spectre-BHB Branch History Injection
> vulnerability related CLRBHB, ECBHB and CSV2_3/HCXT feature bits.
> o Prevent detaching ("bioctl -d detach") of a boot volume on a RAID
> managed by bioctl(8).
> o On arm64, avoid using 1GB mappings for the identity map in the
> early kernel bootstrap phase and when booting the secondary CPUs.
> This avoids accidentally mapping memory regions that should not be
> mapped (i.e. secure memory) as all mapped memory can be accessed
> speculatively.
> o Added arm64 detection of EPAN feature bit. Enhanced Privileged
> Access Never (EPAN) allows Privileged Access Never to be used with
> Execute-only mappings.
> o On arm64, add a machdep.lidaction sysctl(8) for aplsmc(4) Apple
> Silicon laptops.
> The arm64 default for the machdep.lidaction is 1, making the
> system suspend when the lid is closed. aplsmc(4) provides support
> for the lid position sensor.
> o Changed arm64 suspend idle loop from WFE to WFI, avoiding spurious
> wakeups while other CPUs are still active.
> o Added new dt(4) tracing ioctl DTIOCARGS to get the type of probe
> arguments.
>
> - SMP Improvements
> o Unlocked mmap(2), munmap(2), and mprotect(2).
> o Unlocked sched_yield(2).
> o Added support for per-cpu event counters, to be used for clock and
> IPI counters where the event counted occurs across all CPUs in the
> system.
> o Moved pf(4) purge tasks out from under the kernel lock.
> o Unlocked ioctl(2) SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and
> SIOCGIFGLIST.
> o Protected interface tables in pf(4) with PF_LOCK(), allowing
> removal of NET_LOCK() protection from the ioctl(2) code path in
> pf.
> o Unlocked getsockopt(2) and setsockopt(2).
> o Completed removing kernel lock from IPv6 read ioctls.
> o Unlocked minherit(2).
> o Made tun(4) and tap(4) event filters MP-safe.
> o Unlocked utrace(2).
> o Stopped holding the vm_map lock while flushing pages in msync(2)
> and madvise(2). Prevents a 3-thread deadlock between msync(2),
> page-fault and mmap(2).
> o Unlocked select(2), pselect(2), poll(2), and ppoll(2).
>
> - Direct Rendering Manager and graphics drivers
> o Updated drm(4) to Linux 6.1.15
> o amdgpu(4): Added support for Ryzen 7000 "Raphael", Ryzen 7020
> series "Mendocino", Ryzen 7045 series "Dragon Range", Radeon RX
> 7900 XT/XTX "Navi 31", Radeon RX 7600M (XT), 7700S, and 7600S
> "Navi 33."
> o Fixed frame buffer corruption and additional bugs after wakeup on
> Apple Silicon laptops and the Lenovo x13s.
> o Added support for the backlight connector property to amdgpu(4) as
> in inteldrm(4), making xbacklight(1) work when using the Xorg
> modesetting driver.
>
> - VMM/VMD improvements
> o Updated vmm(4) to allow guests to read MSR_HWCR and MSR_PSTATEDEF,
> which is necessary to determine the TSC frequency on AMD families
> 17h and 19h.
> o Allocated reference for vm and vcpu SLISTs in vmm(4), keeping vmm
> from triggering excessive wakeup calls while iterating through the
> list of vms while servicing an ioctl(2).
> o Set vmm(4) RAX guest register state based on VMCB.
> o Removed locking in vmm(4) vmm_intr_pending, reducing slowdowns due
> to requests for a lock held while the VM is running.
> o Increased speed of delivery of interrupts to a running vcpu in
> vmm(4).
> o Made vmm(4) treat vcpu lists as immutable, removing the need to
> reference count individual vcpu objects and use a rwlock.
> o Implemented zero-copy operations on virtqueues in vmd(8).
> o Provided a detailed e820 memory map when booting vmd(8) guests
> with SeaBIOS. When a vm initializes memory ranges, we now track
> what each range represents. This information can be used to supply
> the e820 memory map to SeaBIOS via the fw_cfg interface allowing
> it to properly communicate memory ranges to a guest operating
> system. With this special cases in ports can be removed.
> o Added thread names to vm processes in vmd(8), visible in ps(1).
> o Hid the WAITPKG cpu feature from vmm(4) guests, preventing invalid
> instruction exceptions. Also added WAITPKG feature identification
> to i386 and amd64.
> o Changed vmd(8) to only open /dev/vmm once, having the parent
> process send the fd to the vmm child process.
> o Restricted vmm(4) exposed cpuid extended feature flags.
> o Adjusted vmd(8) error paths to avoid removal of
> configuration-defined (known) VMs on error.
> o Stopped being paranoid about hypervisor correct PKU handling.
> Added saving and restoring guest PKRU to vmm(4). Expose the PKU
> cpuid bit to the guest if in use on the host.
> o Made vmd(8) scan the PCI bus to determine bootorder strings.
>
> - Various new userland features:
> o Added kdump(1) argument support for msyscall, pledge, unveil,
> __realpath, ypconnect and __tmpfd.
> o Added mimmutable(2) and munmap(2) reporting to kdump(1).
> o Added lastcomm(1) reporting for process kills due to execve(2)
> from non-pinned syscall address.
>
> - Various bugfixes and tweaks in userland:
> o Allow TZ to contain absolute paths starting with
> /usr/share/zoneinfo. All absolute paths were ignored in 7.2 to
> avoid unveil(2) violations.
> o Made ldomctl(8) accept more descriptive name-based paths in
> addition to number-based paths in ldom.conf(5).
> o Dropped support for $rc_exec in rc.subr(8). The rc_exec function
> should be used instead.
> o Excluded /tmp/*.shm files from /tmp cleaning in daily(8). Removing
> them interferes with programs that use shared memory via
> shm_open(3).
> o Added zap-to-char and zap-up-to-char to mg(1). Bound zap-to-char
> to M-z.
> o Fixed handling of escaped backslashes in vi(1) ex_range.
> o Added support to gunzip(1) for zip files that contain a single
> member.
> o Fixed ed(1) to print bytes read/written and the ? prompt to
> stdout, not stderr.
> o Modified the vmstat view in systat(1) to measure elapsed time
> using clock_gettime(2).
> o Implemented periodic display in iostat(8).
> o Corrected top(1) display of online CPUs which can change based on
> the sysctl(2) sysctl setting.
> o Added support for a personal units(1) library by passing -f
> multiple times.
> o Changed df(1) to round up fractional percentages.
> o Fixed unbounded variable expansion in pkg-config(1).
> o Switched to use llvm-strip(1) on architectures that use ld.lld(1).
> o Made rc(8) reorder libraries in parallel to netstart(8), as this
> does not depend on network access.
> o Made rc(8) print the name of each library before relinking as a
> signal to the operator that boot has not stalled.
> o Added the audioctl(8) -w option to display variables periodically.
> o Added short options for timeout(1) --foreground and
> --preserve-status.
> Added signal as a full argument name for timeout(1) -s.
> o Fixed .wav files generated by aucat(1) by using extended header
> format.
> o In disklabel(8), use the size of the largest chunk of free space,
> not the total of all such chunks, when checking for sufficient
> space to add a partition.
> o Extended disklabel(8) template parsing to allow "[mount point] *"
> as the specification for putting the maximum available free space
> into a partition. Extended command line parsing to allow "T-" as
> the specification to read the template from stdin.
> o Repaired disklabel(8) to check for D_VENDOR flag in d_flags, not
> d_secpercyl.
> o Removed remnents of DEC standard 144 bad sector code from
> disklabel(8) and disktab(5).
> o Removed last references to d_drivedata field from disklabel(8)
> o Enhanced disklabel(8) auto allocation to use all possible free
> space.
> o Enhanced disklabel(8) to ensure valid partition offsets and sizes
> after rounding.
> o Enhanced disklabel(8) simple editor to allow '*' when the action
> is 'delete'.
> o Removed disklabel(8) code related to defunct disk types 'hd' and
> 'svnd'.
> o Repaired fdisk(8) to set the correct 'bootable' bit in GPT
> partitions.
> o Repaired fdisk(8) to use GPT_UUID_NBSD_UFS for NetBSD GPT
> partition entries.
> o Added UEFI defined GPT partition type GPT_UUID_LEGACY_MBR to the
> partition types fdisk(8) recognizes.
> o Enhanced fdisk(8) to avoid spurious warnings when editing unused
> GPT partition.
> o Fixed cdio(1) error displays and plugged a leak in the error path.
> o Removed pointless :ob#0:pb#0:[tb=swap:] and :pb#N:ob#0: lines from
> various disktab(5) entries.
>
> - Improved hardware support and driver bugfixes, including:
> o Suspend/Resume improvements
> - Extended arm64 suspend/resume to include support for parking
> CPUs in a WFE/WFI loop.
> - Put CPUs in the lowest P-state before the final suspend step,
> needed for systems where we park CPUs in a low-power idle
> state ourselves.
> o system-on-chip devices
> - Added support for the Rockchip RK3566/RK3568 SoCs.
> - Added support for the Rockchip RK3568 processor.
> - Added support for the RK3568 PCIe controller to dwpcie(4).
> - Added qcdwusb(4), a driver controlling the interface logic
> for the Synopsys DesignWare USB 3.0 controller found on
> various Qualcomm Snapdragon SoCs.
> - Added support for the PCIe controller on the Qualcomm
> SC8280XP to dwpcie(4).
> - Added qcpmicgpio(4), a driver for the GPIO block inside the
> Qualcomm PMICs.
> - Added qcpmic(4), a driver for the SPMI-connected PMICs found
> on Qualcomm SoCs.
> - Added qcspmi(4), a driver for the SPMI PMIC Arbiter found on
> Qualcomm SoCs.
> - Added qcpdc(4), a driver for the Qualcomm Power Domain
> controller found on Qualcomm SoCs.
> - Added qcpwm(4), a driver for the PWM found on Qualcomm SoCs.
> - Added qcpon(4), a driver for the Qualcomm PMIC block that
> hosts the powerkey and reset input.
> - In rkgpio(4), handled different register layouts in modern
> Rockchip SoCs as seen in the RK356x and RK3588.
> - Added support for RK356x TSADC clocks to rkclock(4).
> - Added GMAC-related RK356x clocks to rkclock(4).
> - Added RK3588 support to rkclock(4) and rkpinctrl(4).
> - Added mvortc(4), a driver for the RTC on the ARMADA 38x
> series.
> - Added mvodog(4), a driver for the watchdog on the ARMADA 38x
> series.
> - Implemented rkpinctrl(4) support for explicit routing to use
> alternative pin muxings.
> - Added ytphy(4), a driver for the MotorComm YT8511 PHY.
> - Made rktemp(4) work on RK356x with U-Boot.
> - Added initialization code for RK356x in dwpcie(4) to prevent
> kernel hangs.
> - Implemented setting the parent clock for RK356x in
> rkclock(4).
> - Added dwpcie(4) code to bring up the PCIe controller on the
> RK356x.
> - Added rkpciephy(4), a driver for the PCIe 3.0 PHY found on
> the RK356x.
> - Added rkcomphy(4), a driver for the "naneng" combo PHY found
> on the RK356x (and RK3588). Only PCIe, SATA and USB3 support
> are implemented.
> o Improved support for Apple arm64 hardware
> - Made aplhidev(4) recognize M1 laptops with touchbars and
> translated Fn+(1-10,-,=) keys to F1-F12 on these systems.
> - Added suspend/resume support to aplns(4).
> - Implemented wakeup interrupt support in aplintc(4).
> - Added suspend/resume support to control the power domain to
> aplsart(4).
> - Made the power button function as a wakeup button during
> suspend in aplsmc(4).
> - Added aplpwm(4), a driver for the PWM controller found on
> Apple Silicon.
> - Improve Apple support by increasing the apliic(4) transfer
> completion timeout to 100ms to accommodate USB Type-C PD
> chips.
> - Added tipd(4), a driver fixing USB hotplug of type-C
> connectors on Apple Silicon hardware.
> - Improved aplpmu(4) range check to protect against overflow.
> - Added aplefuse(4), a driver for the eFuses on Apple Silicon
> SoCs.
> - Enabled aplpcie(4) power management for PCI devices.
> - Disable the screen backlight with aplsmc(4) on Apple Silicon
> laptops when the lid is closed.
> o X13s support
> - Worked around incomplete ACPI tables on the Lenovo x13s by
> loading the alternate device tree binaries from disk.
> - Set console output to the framebuffer on Lenovo x13s
> machines.
> - Made the USB ports work after a suspend/resume cycle on the
> x13s.
> o Improved audio devices
> - Made aplaudio(4) calculate the bit clock based on numbers of
> channels, bytes/sample and sample rate.
> - Set sncodec(4) and tascodec(4) default volume to -30dB
> instead of the hardware default of 0dB (maximum).
> - Added sncodec(4), a driver for the TI SNO12776/TAS2764
> digital amplifier.
> o Other changes
> - Added support for the Wacom One M CTL-672 tablet to
> uwacom(4).
> - Hooked up the same USB device drivers on riscv64 as done in
> the arm64 architecture kernel.
> Enabled access to usb(4), ugen(4), ulpt(4), ucom(4) and
> ujoy(4).
> - Added uftdi(4) support for FTDI FT232R.
> - Added uhidpp(4) support for Bolt receivers and the Unified
> Battery feature often found on newer Logitech HID++ hardware.
> - Converted more RTC drivers to use todr_attach(). Quality of
> the RTC is set such that "discrete" RTC chips are preferred
> over RTCs integrated on a SoC.
> - Added support for the DS1339 RTC as found on the PiJuice.
> - Added qcrtc(4), a driver for the RTC found on Qualcomm PMICs.
> - Improved qcrtc(4) RTC reliability.
> - Added cursor back tab support to wscons(4) VT100 emulation.
> Added aixterm bright color sequences (SGR 90-97 and 100-107).
> - Added missing wscons(4) bounds checks when processing
> terminal escape sequences.
> - Replaced broken UTF-8 logic in wscons(4) with a better one
> borrowed from Citrus.
> - Introduced pijuice(4), an apm/sensor driver for the PiJuice
> HAT UPS.
> - Added pwmleds(4), a driver for PWM controlled LEDs.
> - Implemented dwpcie(4) support for the (optional) MSI
> controller of the Synopsys DesignWare PCIe host bridge.
> - Added icc(4) driver for I2C Consumer Control devices.
> - Prevented a possible crash when a ugen(4) device is detached.
> - Implemented wakeup interrupt handling in agintc(4).
> - Enabled pcagpio(4) and pcamux(4), making the SFP port on the
> ClearFog Base (CN9130) work.
> - Adopted a workaround for a bug in the ARM generic timer on
> the A64, disabling userland timecounter support on affected
> hardware pending a similar libc workaround.
> - Made amd64 cpuid recognize protection keys for Protection Key
> Supervisor (PKS).
> - Implemented access to EFI variables ESRT through an ioctl(2)
> interface compatible with what FreeBSD and NetBSD have.
> Created /dev/efi on amd64 and arm64.
> - Added dwge(4) support for "enhanced descriptor" mode found on
> some variants of the Synopsys DesignWare GMAC.
> - Removed the elansc(4) driver for AMD Elan SC520 System
> Controller.
> - Made ppb(4) bus range available after detaching, fixing
> unplugging and replugging thunderbolt devices that were
> plugged in when the machine was booted.
> - Reworked the arm64 architecture cpu_init_secondary() function
> to allow use for both initial powerup and wakeup from deeper
> sleep states.
> - Added ufshci(4), a driver for Universal Flash Storage (UFS)
> Host Controllers.
> - Added scmi(4), a driver for the ARM System Control and
> Management Interface.
> - Added support for the Shenzhen Tangcheng Technology TCS4525
> voltage regulator to fanpwr(4).
> - Added psci(4) (ARM Power State Coordination Interface)
> support for available deep idle states as advertised in
> device trees.
> - Added eephy(4), found on the Turris Omnia WAN port, to armv7.
> - Added polling to tipmic(4) driver when starting from a cold
> boot, fixing a hang on boot.
> - Added a workaround for Intel Braswell/Cherry Trail mwait
> hang.
> - Added the Armada 380 temperature sensor to mvtemp(4) and
> enabled the driver on armv7.
>
> - New or improved network hardware support:
> o Enabled em(4) IPv4, TCP and UDP checksum offloading and hardware
> VLAN tagging on devices with 82575, 82576, i350 and i210 chipsets.
> o Improved mcx(4) performance by using interrupt-based command
> completion.
> o Fixed a panic seen with rge(4) RTL8125 with MCLGETL.
> o Add dwqe(4), a driver for the Synopsys DesignWare Ethernet QoS
> controller used on the NXP i.MX8MP, the Rockchip RK35xx series and
> Intel Elkhart Lake.
> o Worked around an issue on the StarFive JH7100 SoC to make dwge(4)
> Ethernet work reliably on the StarFive VisionFive 1 board.
> o In mvneta(4), passed MII flags depending on the phy mode specified
> in the device tree, making the WAN port work on the Turris Omnia.
>
> - Added or improved wireless network drivers:
> o Bumped tsleep timeout for bwfm(4) PCI devices to help prevent
> failures loading firmware, particularly on Apple M2 laptops.
> o Implemented alternative mailbox handling mechanism required by
> newer bwfm(4) firmware.
> o Fixed bwfm(4) issues with suspend/resume and possible firmware
> crashes on the M2 MacBook Air.
> o Prevented an iwx(4) firmware error when authentication to the AP
> times out.
> o Fixed a crash in iwx(4) when connecting to WEP networks via
> ifconfig(8) join.
> o Fixed an alignment issue in iwx(4) Rx descriptors.
> o Avoided trying to remove keys while doing crypto in hardware if
> the station is not active in iwx(4) firmware, fixing a firmware
> panic.
> o Prevented potential panics by disallowing the iwx(4) init task
> from running in parallel to wakeup code during resume.
> o Switched all iwx(4) devices to -77 firmware images.
> o Upgraded firmware images for iwm(4) 9260 and 9560 devices.
> o Made iwx(4) get the primary channel number from AP beacon info,
> preventing problems on 40/80Mhz channels if there is a mismatch.
> o Fixed iwx(4) session protection event duration.
>
> - IEEE 802.11 wireless stack improvements and bugfixes:
> o Made net80211 drop beacons received on secondary HT/VHT channels,
> preventing iwm(4) firmware panics and making association work with
> 11ac APs which transmit beacons on channels other than their
> primary.
> o Made WEP encryption work on bwfm(4).
>
> - Installer, upgrade and bootloader improvements:
> o Made installer answers ! and (S)hell drop into a ksh(1)
> environment rather than the more limited sh(1).
> o Added support for configuring interfaces by lladdr (MAC).
> o Made the installer skip interface configuration questions when no
> interfaces are available.
> o Fixed resizing partitions on an auto-allocated disk that had a
> boot partition.
> o Stopped the installer from asking to initialize disks that have
> softraid(4) chunks.
> o Made efiboot fdt support device trees with NOPs in them (like the
> kernel version).
> o Improved the default choice for the installer's install media disk
> question to show the first disk that (a) is not the root disk and
> (b) is not a disk with softraid chunks (hosting the root disk, for
> example).
> o Stopped offering WEP in the installer if not supported.
> o Fixed lock file error on installer exit/abort.
> o Made installboot(8) -p support softraid(4).
> o Made installboot(8) silently skip softraid(4) keydisks.
> o Fixed passing explicit stages files to installboot(8).
> o Added mount_nfs(8) to the sparc64 installer, to fetch sets over
> NFS.
> o Copy the apple-boot firmware to EFI system partition, enabling
> automatic bootloader updates on Apple Silicon computers.
> o Made the installer stop printing MD post installation instructions
> on upgrades.
> o Made it possible to set keyboard layout(s) in arm64's installer.
> o Added initial support in the installer for guided disk encryption
> for amd64, i386, riscv64 and sparc64.
> o Added passing of boot device information from the bootloader to
> the kernel on luna88k.
> o Switched luna88k boot loader to MI boot code.
> o Made the luna88k bootloader display a puffy boot logo.
> o Made ls(1) work correctly in the luna88k bootloader.
> o Made time(1) work correctly in the luna88k bootloader.
> o Removed dangerous user-settable "addr" variable from MI
> bootloader, only compiling tty-related code on platforms where it
> makes sense for the bootloader to control it.
> o Added "machine poweroff" command on luna88k bootloader.
> o Switched alpha to machine-independent boot blocks.
> o Switched all architectures' ramdisks (except alpha's and
> luna88k's) to use installboot(8) -p.
> o Fixed ofwboot OpenFirmware map call to unbreak boot on some
> machines.
> o Reduced ofwboot.net size after libz update to unbreak netboot on
> some machines.
> o Made riscv64 bootloader support boot from RAID 1C softraid
> volumes.
> o Made installboot(8) support softraid(4) on riscv64.
> o Stopped creating defunct Vax (ra, rx), HP-300 (hd) and Sparc (xy,
> xd) devices in /dev.
>
> - Security improvements:
> o Permissions (RWX, MAP_STACK, etc.) on address space regions can be
> made immutable, so that mmap(2), mprotect(2) or munmap(2) fail
> with EPERM. Most of the program static address space is now
> automatically immutable (main program, ld.so, main stack,
> load-time shared libraries, and dlopen()'d libraries mapped
> without RTLD_NODELETE). Programmers can request non-immutable
> static data using the "openbsd.mutable" section, or manually bring
> immutability to (page aligned heap objects) using mimmutable(2).
> The main internal data of malloc(3) is marked immutable.
> o Some architectures now have non-readable code ("xonly"), both from
> the perspective of userland reading its own memory, or the kernel
> trying to read memory in a system call. Many sloppy practices in
> userland code had to be repaired to allow this. The linker
> (ld.lld(1)) option --execute-only is enabled by default. In order
> of development: arm64, riscv64, hppa, amd64, powerpc64, powerpc
> (G5 only), octeon, and sparc64 (sun4u only; unfinished).
> o On all architectures which lack hardware-enforcement of xonly,
> system calls are now prevented from reading (via
> copyin(9)/copyinst) inside the program's main text, ld.so text,
> sigtramp text, or libc.so text.
> o These can still benefit from switching to --execute-only binaries
> if the cpu generates different traps for instruction-fetch versus
> data-fetch. The VM system will not allow memory to be read before
> it was executed which is valuable together with library relinking.
> Architectures switched over include loongson.
> o ld.so(1) and crt0 register the location of the execve(2) stub with
> the kernel using pinsyscall(2), after which the kernel only
> accepts an execve call from that specific location.
> o Added execve(2) violations of pinsyscall(2) policy to the daily
> mail, available by setting rc.conf.local(5) accounting=YES.
> o Added retguard (consistency-check the return address on the stack)
> to amd64 syscalls.
> o sshd random relinking at boot: Randomly relink and install
> sshd(8), resulting in a sshd binary with unknown address layout
> after every reboot.
> o Add another mitigation against classic BROP on systems without
> execute-only mmu hardware-enforcement. A range-checking wrapper in
> front of copyin(9) and copyinstr(9) ensures the userland source
> address doesn't overlap the main program text and other text
> segments, thereby making these address ranges unreadable to the
> kernel. No programs have been discovered which require reading
> their own text segments with a system call.
> o On arm64, introduce mitigation of the Spectre-BHB (Branch History
> Injection) CPU vulnerability by using core-specific trampoline
> vectors.
> o Enabled the arm64 Data Independent Timing (DIT) feature in both
> the kernel and userland on CPUs that support it to mitigate timing
> side-channel attacks.
>
> - Changes in the network stack:
> o Made /dev/pf a clonable device to better track kernel resources
> used by processes.
> o Modified TCP receive buffer size auto-scaling to use the smoothed
> RTT (SRTT) instead of the timestamp option, which improves
> performance on high latency networks if the timestamp option isn't
> available.
> o Relaxed the requirement for multicast support of interfaces for
> configuring IPv6. This allows non-multicast interfaces such as
> point-to-point interfaces and the NBMA / point-to-multipoint
> interfaces like mpe(4), mgre(4) and wg(4) to work with IPv6.
> o Use the new getnsecruntime(9) timer to check the TCP_KEEPALIVE
> timer only against the system runtime, not the uptime. Prevents
> TCP connections to fail after waking up from suspend.
> o Used stoeplitz (symmetric Toeplitz hash algorithm) to generate a
> hash/flowid for pf(4) state keys. With this change, pf will hash
> traffic the same way that hardware using a stoeplitz key will hash
> incoming traffic on rings. stoeplitz is also used by the TCP stack
> to generate a flow id, which is used to pick which transmit ring
> is used on nics with multiple queues, too. Using the same
> algorithm throughout the stack encourages affinity of packets to
> rings and softnet threads the whole way through.
> o Prevented possible kernel crashes by dropping TCP packets with
> destination port 0 in pf(4) and the stack.
> o Fixed an endian swap bug causing problems with vlan(4) on em(4)
> sparc64 systems.
> o Denied "pipex no" tunnel setting for pppx(4) interfaces.
> o Fixed pfsync(4) crashing on pf_state_key removal.
> o Fixed a panic in pfsync(4) when there is no data ready for bulk
> transfer.
> o Turned off TCP Segmentation Offload (TSO) if interface is added to
> layer 2 devices.
> o Improved vnet(4) to work better in busy conditions.
> o Added a bpf(4) timeout (BIOCSWTIMEOUT) between capturing a packet
> and making the buffer readable, preventing, for example, pflogd(8)
> waking every half second even if there is nothing to read. By
> default this buffer is infinite and must be filled to become
> readable.
> o Avoided enabling TSO on interfaces which are already attached to a
> bridge.
>
> - Routing daemons and other userland network improvements:
> o IPsec support was improved:
> - Added iked(8) support for configuring multiple name servers.
> - Synced proc.c from vmd(8) to iked(8) to enable fork + exec
> for all processes. This gives each process a fresh and unique
> address space to further improve randomization of ASLR and
> stack protector.
> o In bgpd(8), bgpctl(8) and bgplgd(8):
> - Improved performance by optimising the output filters.
> - Add Autonomous System Provider Authorization (ASPA)
> validation based on draft-ietf-sidrops-aspa-verification-12
> - Introduce avs (ASPA validation state) filter and bgpctl
> filter argument.
> - Add ASPA support for the RTR protocol based on
> draft-ietf-sidrops-8210bis-10.
> - Improve open policy (RFC 9234) support and enable the
> capability automatically if a role is specified for the peer.
> - Introduce a per-neighbor 'role' configuration option to
> specify the session role used by ASPA verification and the
> open policy capability. The 'announce policy' statement was
> simplified at the same time.
> - Improve startup behaviour by introducing a small delay before
> opening the connection to a new peer.
> - Support for aspa-set table config which can be provided by
> rpki-client(8).
> - Make it possible to filter the RIB by invalid and leaked
> prefixes in bgpctl and bgplgd.
> - Add OpenMetrics output to bgpctl for various BGP statistics
> and add /metrics endpoint to bgplgd.
> - Fix of incorrect length checks that allowed an out-of-bounds
> read in bgpd.
> o rpki-client(8) saw some changes:
> - Add a new '-H' command line option to create a shortlist of
> repositories to synchronize to. For example, when invoking
> "rpki-client -H rpki.ripe.net -H chloe.sobornost.net", the
> utility will not connect to any other hosts other than the
> two specified through the -H option.
> - Add support for validating Geofeed (RFC 9092) authenticators.
> To see an example download https://sobornost.net/geofeed.csv
> and run "rpki-client -f geofeed.csv"
> - Add support for validating Trust Anchor Key (TAK) objects.
> TAK objects can be used to produce new Trust Anchor Locators
> (TALs) signed by and verified against the previous Trust
> Anchor. See draft-ietf-sidrops-signed-tal for the full
> specification.
> - Log lines related to RRDP/HTTPS connection problems now
> include the IP address of the problematic endpoint (in
> brackets).
> - Improve the error message when an invalid filename is
> encountered in the rpkiManifest field in the Subject Access
> Information (SIA) extension.
> - Emit a warning when unexpected X.509 extensions are
> encountered.
> - Restrict the ROA ipAddrBlocks field to only allow two
> ROAIPAddressFamily structures (one per address family). See
> draft-ietf-sidrops-rfc6482bis.
> - Check the absence of the Path Length constraint in the Basic
> Constraints extension.
> - Restrict the SIA extension to only allow the signedObject and
> rpkiNotify accessMethods.
> - Check that the Signed Object access method is present in ROA,
> MFT, ASPA, TAK, and GBR End-Entity certificates.
> - In addition to the 'rsync://' scheme, also permit other
> schemes (such as 'https://') in the SIA signedObject access
> method.
> - Check that the KeyUsage extension is set to nothing but
> digitalSignature on End-Entity certificates.
> - Check that the KeyUsage extension is set to nothing but
> keyCertSign and CRLSign on CA certificates.
> - Check that the ExtendedKeyUsage extension is absent on CA
> certificates.
> - Fix a bug in the handling of the port of http_proxy.
> - The '-r' command line option has been deprecated.
> - Filemode (-f) output is now presented as a text based table.
> - The 'expires' key in the JSON/CSV/OpenBGPD output formats is
> now calculated with more accuracy. The calculation takes into
> account the nextUpdate value of all intermediate CRLs in the
> signature path towards the trust anchor, in addition to the
> expiry moment of the leaf-CRL and CAs.
> - Handling of CRLs and Manifests in the face of inconsistent
> RRDP delta publications has been improved. A copy of an
> alternative version of the applicable CRL is kept in the
> staging area of the cache directory, in order to increase the
> potential for establishing a complete publication point, in
> cases where a single publication point update was smeared
> across multiple RRDP delta files.
> - The OpenBGPD configuration output now includes validated
> Autonomous System Provider Authorization (ASPA) payloads as
> an 'aspa-set {}' configuration block.
> - When rpki-client is invoked with increased verbosity ('-v'),
> the current RRDP Serial and Session ID are shown to aid
> debugging.
> - Self-signed X.509 certificates (such as Trust Anchor
> certificates) now are considered invalid if they contain an
> X.509 AuthorityInfoAccess extension.
> - Signed Objects where the CMS signing-time attribute contains
> a timestamp later then the X.509 certificate's notAfter
> timestamp are considered invalid.
> - Manifests where the CMS signing-time attribute contains a
> timestamp later then the Manifest eContent nextUpdate
> timestamp are considered invalid.
> - Any objects whose CRL Distribution Points extension contains
> a CRLIssuer, CRL Reasons, or nameRelativeToCRLIssuer field
> are considered invalid in accordance with RFC 6487 section
> 4.8.6.
> - For every X.509 certificate the SHA-1 of the Subject Public
> Key is calculated and compared to the Subject Key Identifier
> (SKI). If a mismatch is found the certificate is not trusted.
> - Require the outside-TBS signature OID for every X.509
> intermediate CA certificate and CRL to be
> sha256WithRSAEncryption.
> - Require the RSA key pair modulus and public exponent
> parameters to strictly conform to the RFC 7935 profile.
> - Ensure there is no trailing garbage present in Signed Objects
> beyond the self-embedded length field.
> - Require RRDP Session IDs to strictly be version 4 UUIDs.
> - When decoding and validating an individual RPKI file using
> filemode (rpki-client -f file), display the signature path
> towards the trust anchor and the timestamp when the signature
> path will expire.
> - When decoding and validating an individual RPKI file using
> filemode (rpki-client -f file), display the optional CMS
> signing-time, non-optional X.509 notBefore timestamp and
> non-optional X.509 notAfter timestamp.
> o Updated zlib to 1.2.13.
> o Fixed a long-standing bug in a libreadline header that broke the
> interactive Python command line interface.
> o Switched tftpd(8) to default to read-only unless -w is specified
> for write access (the previous default).
> o Stopped printing the prompt for non-interactive usage of tftp(1).
> o Changed rarpd(8) to only unveil /tftpboot if -t is specified.
> o Added client certificate authentication and an optional SASL
> EXTERNAL bind to ypldap(8).
> o Adjusted ipv6 address width to align the display columns better in
> the output of ndp(8), route(8) and netstat(1) as already available
> in systat(1)'s netstat.
> o Used stravis(3) to sanitize redirect URIs from ftp(1) fetch before
> printing.
> o Prevent an unwind(8) crash when a TCP query is larger than the
> length field indicated.
> o Preserve the original order of nameservers as configured via
> resolv.conf(5) in resolvd(8).
> o Restrict the characters allowed in the hostname argument of
> getaddrinfo(3) to the set [A-z0-9-_.]. Additionally, two
> consecutive dots ('.') are not allowed nor can the string start
> with - or '.'. This removes characters like '$', '`', '\n' or '*'
> that can traverse the DNS without problems but have special
> meaning as in a shell.
> o Fixed a number of out of bounds reads in DNS response parsing of
> the async DNS resolver in libc.
> o Added ifconfig(8) -M (mac) to find the mac address on an interface
> and print it.
> o Added support for configuring interfaces by lladdr to support
> interface configurations bound to a specific hardware device. The
> "if" part of the hostname.if(5) configuration file can now be a
> MAC address.
> o Limited display of wireguard peers by ifconfig(8) to when either a
> wireguard interface is specified or the flag "-A" is used.
> o Implemented the RFC 8781 PREF64 router advertisement option in
> rad(8) which is used to communicate NAT64 prefixes to hosts.
> o Moved the documentation of flag mappings displayed by "route show"
> from the netstat(1) manpage to route(8).
> o Improvements in nc(1):
> - Stop claiming connection success in UDP mode unless true.
> - Do not test the connection in non-interactive mode. The test
> writes characters to the socket which can corrupt data that
> is possibly piped into nc.
> - Some refactoring and code cleanup.
> o Improvements in acme-client(1):
> - Added support for newlines inside the alternative names block
> in acme-client.conf(5).
> - Use proper data structures for retrieving subject alternative
> names in certificates rather than printing them to a buffer
> and tokenizing and parsing the undocumented string.
> - Simplified, corrected and modernized the use of libcrypto
> interfaces.
> - Plugged various memory leaks.
> - Use ASN1_TIME_to_tm(3) instead of a poor man's hand-rolled
> version of it.
> - Use timegm(3) instead of mktime(3) to eliminate time-zone
> variation.
> - Encode Subject Alternative Name (SAN) entries before
> printing.
> - Prevent acme-client(1) from leaking an http get request when
> receiving a redirect without a location header.
> o Prevented smtpd(8) abort due to a connection from a local, scoped
> ipv6 address.
> o Fixed a potential NULL dereference in the unpriv child expanding
> %{mda} in smtpd(8).
> o Corrected the order of arguments for calls to shutdown(2) on the
> route socket of slaacd(8), dhcpleased(8) and unwind(8).
> o Made route(8) sourceaddr print the used addresses for inet and
> inet6, or "default" if no sourceaddr is set and the default
> algorithm is used.
> o Added -mpls option to the route(8) monitor command. It can be used
> to restrict displayed route messages to the mpls address family.
> o Fixed rsync(1) handling of port numbers in
> rsync://host[:port]/module URLS.
> o Made tcpdrop(8) accept netstat-style address.port syntax.
> o Ensured pfctl(8) correctly adds addresses to the
> undefined/inactive table.
> o Switched tftpd(8) to default to read-only unless -w is specified
> for write access (the previous default).
> o Changed rarpd(8) to only unveil /tftpboot if -t is specified.
> o Fixed the DIOCIGETIFACES ioctl so all network interfaces and
> interface groups are reported in pfctl(8).
>
> - tmux(1) improvements and bug fixes:
> o Added scroll-top and scroll-bottom tmux(1) commands to scroll so
> cursor is at the top or bottom respectively.
> o Added a -T flag to tmux(1) capture-pane to capture up to the last
> used cell and not the full width of the pane.
> o Preserved the marked pane when renumbering windows in tmux(1).
> o Added modified tab key sequences to tmux(1).
> o Changed tmux(1) to only set the extended flag when searching,
> which allows send-keys to work.
> o Added a -l flag to tmux(1) display-message to disable format
> expansion.
> o Fixed a tmux(1) crash when there are no window buffers.
> o Fixed tmux(1) C-S-Tab without extended keys.
> o Added tmux(1) send-keys -K to handle keys directly as if typed.
> o Made tmux(1) tty-keys accept \007 as terminator to OSC 10 or 11.
> o Made tmux(1) recognize pasted texts wrapped in bracket paste
> sequences, rather than only forwarding to the program inside.
> o Supported -1 without -N for list-keys in tmux(1).
> o Added a flag to tmux(1) display-menu to select the menu item
> chosen first.
> o Added Backtab key support to tmux(1)
> o Disallowed multiple consecutive line separators in tmux(1) menu.
> o Extended display-message to work for control clients in tmux(1).
> o Added -f to list-clients in tmux(1).
> o Added a tmux(1) L modifier like P, W, S to loop over clients.
>
> - LibreSSL version 3.7.2
> o New features
> - Added Ed25519 support both as a primitive and via OpenSSL's
> EVP interfaces.
> - X25519 is now also supported via EVP.
> - The OpenSSL 1.1 raw public and private key API is available
> with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and
> EVP_PKEY_X25519. Poly1305 is not currently supported via this
> interface.
> - Added EVP_CIPHER_meth_*() setter API.
> - Added various X.509 accessor functions.
> o Compatibility changes
> - BIO_read() and BIO_write() now behave more closely to OpenSSL
> 3 in various corner cases.
> o Bug fixes
> - Added EVP_chacha20_poly1305() to the list of all ciphers.
> - Fixed potential leaks of EVP_PKEY in various printing
> functions
> - Fixed potential leak in OBJ_NAME_add().
> - Avoid signed overflow in i2c_ASN1_BIT_STRING().
> - Cleaned up EVP_PKEY_ASN1_METHOD related tables and code.
> - Fixed long standing bugs BN_GF2m_poly2arr() and
> BN_GF2m_mod().
> - Fixed segfaults in BN_{dec,hex}2bn().
> - Fixed NULL dereference in x509_constraints_uri_host()
> reachable only in the process of generating certificates.
> - Fixed a variety of memory corruption issues in BIO chains
> coming from poor old and new API: BIO_push(), BIO_pop(),
> BIO_set_next().
> - Avoid potential divide by zero in BIO_dump_indent_cb()
> - Fixed a memory leak, a double free and various other issues
> in BIO_new_NDEF().
> - Fixed various crashes in the openssl(1) testing utility.
> - Do not check policies by default in the new X.509 verifier.
> - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
> - Added missing error checking in PKCS7.
> - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
> o Documentation improvements
> - Numerous improvements and additions for ASN.1, BIO, BN, and
> X.509.
> - The BN documentation is now considered to be complete.
> - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3),
> BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and
> BIO_dump_indent_cb(3) as intentionally undocumented.
> - Documented various BIO_* interfaces.
> - Documented ED25519_keypair(3), ED25519_sign(3), and
> ED25519_verify(3).
> - Documented EVP_PKEY raw private/public key interfaces.
> - Documented ASN1_buf_print(3).
> - Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and
> RSA_get0_*.
> - Merged documentation of UI_null() from OpenSSL 1.1
> - Various spelling and other documentation improvements.
> o Internal improvements
> - Remove dependency on system timegm() and gmtime() by
> replacing traditional Julian date conversion with POSIX
> epoch-seconds date conversion from BoringSSL.
> - Removed old and unused BN code dealing with primes.
> - Started rewriting name constraints code using CBS.
> - Removed support for the HMAC PRIVATE KEY.
> - Reworked DSA signing and verifying internals.
> - Rewrote the TLSv1.2 key exporter.
> - Cleaned up and refactored various aspects of the legacy TLS
> stack.
> - Initial overhaul of the BIGNUM code:
> # Added a new framework that allows architecture-dependent
> replacement implementations for bignum primitives.
> # Imported various s2n-bignum's constant time assembly
> primitives and switched amd64 to them.
> # Lots of cleanup, simplification and bug fixes.
> - Changed Perl assembly generators to move constants into
> .rodata, allowing code to run with execute-only permissions.
> - Capped the number of iterations in DSA and ECDSA signing
> (avoiding infinite loops), added additional sanity checks to
> DSA.
> - ASN.1 parsing improvements.
> - Cleanup and improvements in EC code, including always
> clearing EC groups and points on free.
> - Various openssl(1) improvements.
> - Various nc(1) improvements.
> o Security fixes
> - A malicious certificate revocation list or timestamp response
> token would allow an attacker to read arbitrary memory.
>
> - OpenSSH 9.3 and OpenSSH 9.2
> This release of OpenBSD includes the changes made to OpenSSH since
> release 9.1:
> o Security
> - ssh-add(1): when adding smartcard keys to ssh-agent(1) with
> the per-hop destination constraints (ssh-add -h ...) added in
> OpenSSH 8.9, a logic error prevented the constraints from
> being communicated to the agent. This resulted in the keys
> being added without constraints. The common cases of
> non-smartcard keys and keys without destination constraints
> are unaffected. This problem was reported by Luci Stanescu.
> - ssh(1): Portable OpenSSH provides an implementation of the
> getrrsetbyname(3) function if the standard library does not
> provide it, for use by the VerifyHostKeyDNS feature. A
> specifically crafted DNS response could cause this function
> to perform an out-of-bounds read of adjacent stack data, but
> this condition does not appear to be exploitable beyond
> denial-of-service to the ssh(1) client.
> The getrrsetbyname(3) replacement is only included if the
> system's standard library lacks this function and portable
> OpenSSH was not compiled with the ldns library (--with-ldns).
> getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS
> to fetch SSHFP records. This problem was found by the
> Coverity static analyzer.
> - sshd(8): fix a pre-authentication double-free memory fault
> introduced in OpenSSH 9.1. This is not believed to be
> exploitable, and it occurs in the unprivileged pre-auth
> process that is subject to chroot(2) and is further sandboxed
> on most major platforms.
> - ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
> option would ignore its first argument unless it was one of
> the special keywords "any" or "none", causing the permission
> list to fail open if only one permission was specified.
> bz3515
> - ssh(1): if the CanonicalizeHostname and
> CanonicalizePermittedCNAMEs options were enabled, and the
> system/libc resolver did not check that names in DNS
> responses were valid, then use of these options could allow
> an attacker with control of DNS to include invalid characters
> (possibly including wildcards) in names added to known_hosts
> files when they were updated. These names would still have to
> match the CanonicalizePermittedCNAMEs allow-list, so
> practical exploitation appears unlikely.
> o Potentially-incompatible changes
> - ssh(1): add a new EnableEscapeCommandline ssh_config(5)
> option that controls whether the client-side ~C escape
> sequence that provides a command-line is available. Among
> other things, the ~C command-line could be used to add
> additional port-forwards at runtime.
> This option defaults to "no", disabling the ~C command-line
> that was previously enabled by default. Turning off the
> command-line allows platforms that support sandboxing of the
> ssh(1) client (currently only OpenBSD) to use a stricter
> default sandbox policy.
> o New features
> - ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256
> when outputting SSHFP fingerprints to allow algorithm
> selection. bz3493
> - sshd(8): add a `sshd -G` option that parses and prints the
> effective configuration without attempting to load private
> keys and perform other checks. This allows usage of the
> option before keys have been generated and for configuration
> evaluation and verification by unprivileged users.
> - sshd(8): add support for channel inactivity timeouts via a
> new sshd_config(5) ChannelTimeout directive. This allows
> channels that have not seen traffic in a configurable
> interval to be automatically closed. Different timeouts may
> be applied to session, X11, agent and TCP forwarding
> channels.
> - sshd(8): add a sshd_config UnusedConnectionTimeout option to
> terminate client connections that have no open channels for a
> length of time. This complements the ChannelTimeout option
> above.
> - sshd(8): add a -V (version) option to sshd like the ssh
> client has.
> - ssh(1): add a "Host" line to the output of ssh -G showing the
> original hostname argument. bz3343
> - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1)
> to allow control over some SFTP protocol parameters: the copy
> buffer length and the number of in-flight requests, both of
> which are used during upload/download. Previously these could
> be controlled in sftp(1) only. This makes them available in
> both SFTP protocol clients using the same option character
> sequence.
> - ssh-keyscan(1): allow scanning of complete CIDR address
> ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is
> passed, then it will be expanded to all possible addresses in
> the range including the all-0s and all-1s addresses. bz#976
> - ssh(1): support dynamic remote port forwarding in escape
> command-line's -R processing. bz#3499
> o Bugfixes
> - scp(1), sftp(1): fix progressmeter corruption on wide
> displays; bz3534
> - ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing
> usability of private keys as some systems are starting to
> disable RSA/SHA1 in libcrypto.
> - sftp-server(8): fix a memory leak. GHPR363
> - ssh(1), sshd(8), ssh-keyscan(1): remove vestigial protocol
> compatibility code and simplify what's left.
> - Fix a number of low-impact Coverity static analysis findings.
> These include several reported via bz2687
> - ssh_config(5), sshd_config(5): mention that some options are
> not first-match-wins.
> - Rework logging for the regression tests. Regression tests
> will now capture separate logs for each ssh and sshd
> invocation in a test.
> - ssh(1): make `ssh -Q CASignatureAlgorithms` work as the
> manpage says it should; bz3532.
> - ssh(1): ensure that there is a terminating newline when
> adding a new entry to known_hosts; bz3529
> - ssh(1): when restoring non-blocking mode to stdio fds,
> restore exactly the flags that ssh started with and don't
> just clobber them with zero, as this could also remove the
> append flag from the set. bz3523
> - ssh(1): avoid printf("%s", NULL) if using
> UserKnownHostsFile=none and a hostkey in one of the system
> known hosts file changes.
> - scp(1): switch scp from using pipes to a socket-pair for
> communication with its ssh sub-processes, matching how
> sftp(1) operates.
> - sshd(8): clear signal mask early in main(); sshd may have
> been started with one or more signals masked (sigprocmask(2)
> is not cleared on fork/exec) and this could interfere with
> various things, e.g. the login grace timer. Execution
> environments that fail to clear the signal mask before
> running sshd are clearly broken, but apparently they do
> exist.
> - ssh(1): warn if no host keys for hostbased auth can be
> loaded.
> - sshd(8): Add server debugging for hostbased auth that is
> queued and sent to the client after successful
> authentication, but also logged to assist in diagnosis of
> HostbasedAuthentication problems. bz3507
> - ssh(1): document use of the IdentityFile option as being
> usable to list public keys as well as private keys. GHPR352
> - sshd(8): check for and disallow MaxStartups values less than
> or equal to zero during config parsing, rather than failing
> later at runtime. bz3489
> - ssh-keygen(1): fix parsing of hex cert expiry times specified
> on the command-line when acting as a CA.
> - scp(1): when scp(1) is using the SFTP protocol for transport
> (the default), better match scp/rcp's handling of globs that
> don't match the globbed characters but do match literally
> (e.g. trying to transfer a file named "foo.[1]"). Previously
> scp(1) in SFTP mode would not match these pathnames but
> legacy scp/rcp mode would. bz3488
> - ssh-agent(1): document the "-O no-restrict-websafe"
> command-line option.
> - ssh(1): honour user's umask(2) if it is more restrictive then
> the ssh default (022).
>
> - Ports and packages:
> o Pre-built packages are available for the following architectures on
> the day of release:
> - aarch64 (arm64): 11561
> - amd64: 11764
> - i386: 10572
> - mips64: 8936
> - powerpc64: 8474
> - riscv64: 10191
> - sparc64: 9325
> o Packages for the following architectures will be made available as
> their builds complete:
> - arm
> - powerpc
>
> - Some highlights:
>
> o Asterisk 16.30.0, 18.17.0 and o Mozilla Thunderbird 102.9.0
> 20.2.0 o Mutt 2.2.9 and NeoMutt 20220429
> o Audacity 3.2.5 o Node.js 18.15.0
> o CMake 3.25.2 o OCaml 4.12.1
> o Chromium 111.0.5563.110 o OpenLDAP 2.6.4
> o Emacs 28.2 o PHP 7.4.33, 8.0.28, 8.1.16 and
> o FFmpeg 4.4.3 8.2.3
> o GCC 8.4.0 and 11.2.0 o Postfix 3.5.17 and 3.7.3
> o GHC 9.2.7 o PostgreSQL 15.2
> o GNOME 43.3 o Python 2.7.18, 3.9.16, 3.10.10
> o Go 1.20.1 and 3.11.2
> o JDK 8u362, 11.0.18 and 17.0.6 o Qt 5.15.8 and 6.4.2
> o KDE Applications 22.12.3 o R 4.2.1
> o KDE Frameworks 5.103.0 o Ruby 3.0.5, 3.1.3 and 3.2.1
> o Krita 5.1.5 o Rust 1.68.0
> o LLVM/Clang 13.0.0 o SQLite 2.8.17 and 3.41.0
> o LibreOffice 7.5.1.2 o Shotcut 22.12.21
> o Lua 5.1.5, 5.2.4, 5.3.6 and o Sudo 1.9.13.3
> 5.4.4 o Suricata 6.0.10
> o MariaDB 10.9.4 o Tcl/Tk 8.5.19 and 8.6.13
> o Mono 6.12.0.182 o TeX Live 2022
> o Mozilla Firefox 111.0 and o Vim 9.0.1388 and Neovim 0.8.3
> ESR 102.9.0 o Xfce 4.18
>
> - As usual, steady improvements in manual pages and other documentation.
>
> - The system includes the following major components from outside suppliers:
> o Xenocara (based on X.Org 7.7 with xserver 21.1.6 + patches,
> freetype 2.12.1, fontconfig 2.14, Mesa 22.3.4, xterm 378,
> xkeyboard-config 2.20, fonttosfnt 1.2.2, and more)
> o LLVM/Clang 13.0.0 (+ patches)
> o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
> o Perl 5.36.0 (+ patches)
> o NSD 4.6.1
> o Unbound 1.17.0
> o Ncurses 5.7
> o Binutils 2.17 (+ patches)
> o Gdb 6.3 (+ patches)
> o Awk September 12, 2022 version
> o Expat 2.5.0
>
> ------------------------------------------------------------------------
> - SECURITY AND ERRATA --------------------------------------------------
>
> We provide patches for known security threats and other important
> issues discovered after each release. Our continued research into
> security means we will find new security problems -- and we always
> provide patches as soon as possible. Therefore, we advise regular
> visits to
>
> https://www.OpenBSD.org/security.html
> <https://www.openbsd.org/security.html>
> and
> https://www.OpenBSD.org/errata.html
> <https://www.openbsd.org/errata.html>
>
> ------------------------------------------------------------------------
> - MAILING LISTS AND FAQ ------------------------------------------------
>
> Mailing lists are an important means of communication among users and
> developers of OpenBSD. For information on OpenBSD mailing lists, please
> see:
>
> https://www.OpenBSD.org/mail.html <https://www.openbsd.org/mail.html>
>
> You are also encouraged to read the Frequently Asked Questions (FAQ) at:
>
> https://www.OpenBSD.org/faq/ <https://www.openbsd.org/faq/>
>
> ------------------------------------------------------------------------
> - DONATIONS ------------------------------------------------------------
>
> The OpenBSD Project is a volunteer-driven software group funded by
> donations. Besides OpenBSD itself, we also develop important software
> like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
> filter, the quality work of our ports development process, and many
> others. This ecosystem is all handled under the same funding umbrella.
>
> We hope our quality software will result in contributions that maintain
> our build/development infrastructure, pay our electrical/internet costs,
> and allow us to continue operating very productive developer hackathon
> events.
>
> All of our developers strongly urge you to donate and support our future
> efforts. Donations to the project are highly appreciated, and are
> described in more detail at:
>
> https://www.OpenBSD.org/donations.html
> <https://www.openbsd.org/donations.html>
>
> ------------------------------------------------------------------------
> - OPENBSD FOUNDATION ---------------------------------------------------
>
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (https://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts. In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses.
>
> There may also be exposure benefits since the Foundation may be
> interested in participating in press releases. In turn, the Foundation
> then uses these contributions to assist OpenBSD's infrastructure needs.
> Contact the foundation directors at [email protected] for
> more information.
>
> ------------------------------------------------------------------------
> - HTTPS INSTALLS -------------------------------------------------------
>
> OpenBSD can be easily installed via HTTPS downloads. Typically you need
> a single small piece of boot media (e.g., a USB flash drive) and then
> the rest of the files can be installed from a number of locations,
> including directly off the Internet. Follow this simple set of
> instructions to ensure that you find all of the documentation you will
> need while performing an install via HTTPS.
>
> 1) Read either of the following two files for a list of HTTPS mirrors
> which provide OpenBSD, then choose one near you:
>
> https://www.OpenBSD.org/ftp.html <https://www.openbsd.org/ftp.html>
> https://ftp.openbsd.org/pub/OpenBSD/ftplist
>
> As of April 10, 2023, the following HTTPS mirror sites have the
> 7.3 release:
>
> https://cdn.openbsd.org/pub/OpenBSD/7.3/ Global
> https://ftp.eu.openbsd.org/pub/OpenBSD/7.3/ Stockholm, Sweden
> https://ftp.hostserver.de/pub/OpenBSD/7.3/ Frankfurt, Germany
> https://ftp.bytemine.net/pub/OpenBSD/7.3/ Oldenburg, Germany
> https://ftp.fr.openbsd.org/pub/OpenBSD/7.3/ Paris, France
> https://mirror.aarnet.edu.au/pub/OpenBSD/7.3/ Brisbane,
> Australia
> https://ftp.usa.openbsd.org/pub/OpenBSD/7.3/ CO, USA
> https://ftp5.usa.openbsd.org/pub/OpenBSD/7.3/ CA, USA
> https://mirror.esc7.net/pub/OpenBSD/7.3/ TX, USA
> https://openbsd.cs.toronto.edu/pub/OpenBSD/7.3/ Toronto, Canada
> https://cloudflare.cdn.openbsd.org/pub/OpenBSD/7.3/ Global
> https://fastly.cdn.openbsd.org/pub/OpenBSD/7.3/ Global
>
> The release is also available at the master site:
>
> https://ftp.openbsd.org/pub/OpenBSD/7.3/ Alberta, Canada
>
> However it is strongly suggested you use a mirror.
>
> Other mirror sites may take a day or two to update.
>
> 2) Connect to that HTTPS mirror site and go into the directory
> pub/OpenBSD/7.3/ which contains these files and directories.
> This is a list of what you will see:
>
> ANNOUNCEMENT armv7/ octeon/ root.mail
> README hppa/ openbsd-73-base.pub sparc64/
> SHA256 i386/ packages/ src.tar.gz
> SHA256.sig landisk/ packages-stable/ sys.tar.gz
> alpha/ loongson/ ports.tar.gz xenocara.tar.gz
> amd64/ luna88k/ powerpc64/
> arm64/ macppc/ riscv64/
>
> It is quite likely that you will want at LEAST the following
> files which apply to all the architectures OpenBSD supports.
>
> README - generic README
> root.mail - a copy of root's mail at initial login.
> (This is really worthwhile reading).
>
> 3) Read the README file. It is short, and a quick read will make
> sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
> for example, amd64. This is a list of what you will see:
>
> BOOTIA32.EFI* bsd* floppy73.img pxeboot*
> BOOTX64.EFI* bsd.mp* game73.tgz xbase73.tgz
> BUILDINFO bsd.rd* index.txt xfont73.tgz
> INSTALL.amd64 cd73.iso install73.img xserv73.tgz
> SHA256 cdboot* install73.iso xshare73.tgz
> SHA256.sig cdbr* man73.tgz
> base73.tgz comp73.tgz miniroot73.img
>
> If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
> and install73.iso. The install73.iso file (roughly 626MB in size)
> is a one-step ISO-format install CD image which contains the various
> *.tgz files so you do not need to fetch them separately.
>
> If you prefer to use a USB flash drive, fetch install73.img and
> follow the instructions in INSTALL.amd64.
>
> 5) If you are an expert, follow the instructions in the file called
> README; otherwise, use the more complete instructions in the
> file called INSTALL.amd64. INSTALL.amd64 may tell you that you
> need to fetch other files.
>
> 6) Just in case, take a peek at:
>
> https://www.OpenBSD.org/errata.html
> <https://www.openbsd.org/errata.html>
>
> This is the page where we talk about the mistakes we made while
> creating the 7.3 release, or the significant bugs we fixed
> post-release which we think our users should have fixes for.
> Patches and workarounds are clearly described there.
>
> ------------------------------------------------------------------------
> - X.ORG FOR MOST ARCHITECTURES -----------------------------------------
>
> X.Org has been integrated more closely into the system. This release
> contains X.Org 7.7. Most of our architectures ship with X.Org, including
> amd64, sparc64 and macppc. During installation, you can install X.Org
> quite easily using xenodm(1), our simplified X11 display manager forked
> from xdm(1).
>
> ------------------------------------------------------------------------
> - PACKAGES AND PORTS ---------------------------------------------------
>
> Many third party software applications have been ported to OpenBSD and
> can be installed as pre-compiled binary packages on the various OpenBSD
> architectures. Please see https://www.openbsd.org/faq/faq15.html for
> more information on working with packages and ports.
>
> Note: a few popular ports, e.g., NSD, Unbound, and several X
> applications, come standard with OpenBSD and do not need to be installed
> separately.
>
> ------------------------------------------------------------------------
> - SYSTEM SOURCE CODE ---------------------------------------------------
>
> The source code for all four subsystems can be found in the
> pub/OpenBSD/7.3/ directory:
>
> xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
>
> The README (https://ftp.OpenBSD.org/pub/OpenBSD/7.3/README
> <https://ftp.openbsd.org/pub/OpenBSD/7.3/README>) file
> explains how to deal with these source files.
>
> ------------------------------------------------------------------------
> - THANKS ---------------------------------------------------------------
>
> Ports tree and package building by Jeremie Courreges-Anglas,
> Visa Hankala, Stuart Henderson, Peter Hessler, George Koehler,
> Kurt Mosiejczuk, and Christian Weisgerber. Base and X system builds by
> Kenji Aoyama, Theo de Raadt, and Miod Vallat. Release art by
> George Mager.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use. We would also like
> to thank those who bought our previous CD sets. Those who did not
> support us financially have still helped us with our goal of improving
> the quality of the software.
>
> Our developers are:
>
> Aaron Bieber, Adam Wolk, Aisha Tammy, Alexander Bluhm,
> Alexander Hall, Alexandr Nedvedicky, Alexandr Shadchin,
> Alexandre Ratchov, Andrew Fresh, Anil Madhavapeddy,
> Anthony J. Bentley, Antoine Jacoutot, Anton Lindqvist, Asou Masato,
> Ayaka Koshibe, Benoit Lecocq, Bjorn Ketelaars, Bob Beck,
> Brandon Mercer, Brent Cook, Brian Callahan, Bryan Steele,
> Can Erkin Acar, Caspar Schutijser, Charlene Wendling,
> Charles Longeau, Chris Cappuccio, Christian Weisgerber,
> Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller,
> Daniel Dickman, Daniel Jakots, Darren Tucker, Dave Voutila,
> David Coppa, David Gwynne, David Hill, Denis Fondras, Edd Barrett,
> Eric Faurot, Florian Obser, Florian Riehm, Frederic Cambus,
> George Koehler, George Rosamond, Gerhard Roth, Giannis Tsaraias,
> Gilles Chehade, Giovanni Bechis, Gleydson Soares,
> Gonzalo L. Rodriguez, Greg Steuck, Helg Bredow, Henning Brauer,
> Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze,
> Inoguchi Kinichiro, James Hastings, James Turner, Jan Klemkow,
> Jason McIntyre, Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas,
> Jeremy Evans, Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani,
> Jonathan Gray, Jonathan Matthew, Jordan Hargrave, Josh Rickmar,
> Joshua Sing, Joshua Stein, Juan Francisco Cantero Hurtado,
> Kazuya Goda, Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner,
> Kevin Lo, Kirill Bychkov, Klemens Nanni, Kurt Miller,
> Kurt Mosiejczuk, Landry Breuil, Lawrence Teo, Lucas Raab,
> Marc Espie, Marcus Glocker, Mark Kettenis, Mark Lumsden,
> Markus Friedl, Martijn van Duren, Martin Natano, Martin Pieuchot,
> Martin Reindl, Martynas Venckus, Matthew Dempsky, Matthias Kilian,
> Matthieu Herrb, Michael Mikonos, Mike Belopuhov, Mike Larkin,
> Miod Vallat, Moritz Buhl, Nam Nguyen, Nayden Markatchev,
> Nicholas Marriott, Nigel Taylor, Okan Demirmen, Omar Polo,
> Ori Bernstein, Otto Moerbeek, Paco Esteban, Pamela Mosiejczuk,
> Pascal Stumpf, Patrick Wildt, Paul Irofti, Pavel Korovin,
> Peter Hessler, Philip Guenther, Pierre-Emmanuel Andre, Pratik Vyas,
> Rafael Sadowski, Rafael Zalamena, Raphael Graf, Remi Locherer,
> Remi Pointel, Renato Westphal, Ricardo Mestre, Richard Procter,
> Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha,
> Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie,
> Solene Rapenne, Stefan Fritsch, Stefan Hagen, Stefan Kempf,
> Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson,
> Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler,
> Theo de Raadt, Thomas Frohwein, Tim van der Molen, Tobias Heider,
> Tobias Stoeckmann, Todd C. Miller, Todd Mortimer, Tom Cosgrove,
> Tracey Emery, Ulf Brosziewski, Uwe Stuehler, Vadim Zhukov,
> Vincent Gross, Visa Hankala, Vitaliy Makkoveev, Yasuoka Masahiko,
> Yojiro Uo
>
>
