RSS

OpenBSD 6.6

31 Ottobre 2019

OpenBSD

OpenBSD

Il progetto OpenBSD è sistema operativo UNIX basato su 4.4 BSD ed è gratuito e multipiattaforma. OpenBSD supporta l’emulazione binaria di molti programmi da Solaris, FreeBSD, Linux, BSD/OS, SunOS e HP-UX.

Versione 6.6

Questa versione contiene (in Inglese):

 

  • General improvements and bugfixes:
    • Fixed support for amd64 machines with greater than 1023GB physical memory.
    • drm(4) updates.
    • The octeon platform is now using clang(1) as the base system compiler.
    • The powerpc architecture is now provided with clang(1), in addition to aarch64, amd64, armv7, i386, mips64el, sparc64.
    • Disabled gcc in base on armv7 and i386.
    • Prevented dhclient(8) from repeatedly obtaining a new lease when the mtu is given in a lease.
    • Prevented more than one thread from opening a wscons(4) device in read/write mode.
    • Allowed non-root users to become owner of the drm(4) device when they are the first to open it.
    • Added regular expression support for the format search, match and substitute modifiers in tmux(1).
    • Added a -v flag to source-file in tmux(1) to show the commands and line numbers.
    • Added simple menus usable with mouse or keyboard in tmux(1). Introduced the command “display-menu” to show a menu bound to the mouse on status line by default, and added menus in tree, client and buffer modes.
    • Changed the behavior of swap-window -d in tmux(1) to match swap-pane.
    • Allow panes to be empty in tmux(1), and enabling output to be piped to them with split-window or display-message -I.
    • Adjusted tmux(1) to automatically scroll when dragging to create a selection with the mouse when the cursor reaches the top or bottom line.
    • Fixed a tmux(1) crash when killing the current window, and other bugfixes.
  • SMP-Improvements, System call unlocking:
  • Improved hardware support, including:
    • Implemented Linux compatible acpi(4) interfaces and enabled the ACPI support code in radeon(4) and amdgpu(4).
    • Implemented backlight control for amdgpu(4), allowing setting of the backlight using wsconsctl(8).
    • Both sets of speakers work by default on the ThinkPad X1C7.
    • Added amdgpu(4), an AMD Radeon GPU video driver.
    • Added TSC synchronization for multiprocessor machines and re-enabled TSC as the default amd64 time source.
    • Added support for Realtek ALC285 in azalia(4).
    • Added uvideo(4) support for the KSMedia 8-bit IR format and for dual functions on integrated USB cameras.
    • Added the aplgpio(4) driver for the GPIO controllers on Intel’s Apollo Lake SoC.
    • Implemented MSI-X support on sparc64.
    • Skipped PCI host bridges and devices not present with acpi(4) when establishing the mapping between ACPI device nodes and PCI devices.
    • Added the ukspan(4) driver for the Keyspan USA19HS USB serial adapter.
    • Improved support for SAS3 controllers, made device enumeration during boot more reliable, and enabled 64bit DMA for io in mpii(4).
    • Fixed MSI/MSI-X on arm64 machines with agintc(4).
    • Added MSI-X support in acpipci(4), pciecam, dwpcie(4) and rkpcie(4).
    • Improved support for type4 devices in the ubcmtp(4) multi-touch trackpad driver.
    • Support for virtio(4) 1.0 specification for PCI devices.
    • Improved support for the AR9271 chipset in athn(4) .
    • Repaired support for athn(4) 9280 1T2R devices (broken since OpenBSD 6.5).
    • Added support for the trackpad and trackpoint of the Dell Precision 7520 laptop.
    • Added the Colemak keyboard layout.
    • New fusbtc(4) driver for the Fairchild FUSB302 USB Type-C controller.
    • Added a fallback to ehci(4) which enables the USB ports on the RockPro64.
    • Added support for more Intel 300 Series PCH devices to ichiic(4).
    • Added mcx(4) driver for Mellanox ConnectX-4 (and later) Ethernet controllers.
    • Added support for the cryptographic coprocessor found on newer AMD Ryzen CPUs/APUs.
    • Improved the envy(4) codec API and used it on ESI [email protected] cards.
    • Enabled EnvyHT-specific sample rates (above 96kHz) on the host controller for envy(4) devices.
    • Added support for the USB serial adapter found in Juniper SRX 300 to uslcom(4).
    • Updated shared drm code, inteldrm(4) and radeondrm(4) to linux 4.19.78. This adds support for Intel Broxton/Apollo Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake, and Comet Lake hardware.
    • Made startx(1) and xinit(1) work again on modern systems using inteldrm(4), radeondrm(4) and amdgpu(4).
    • Added mcprtc(4), a driver for the Microchip MCP79400 RTC and similar.
    • Added I2C clock gates to mvclock(4).
    • Added support for MSI-X to bnxt(4).
    • Added octpip(4), a driver for the Octeon packet input processing unit.
    • Added the octiic(4) driver for OCTEON two-wire serial interfaces.
    • Enabled nvme(4) on octeon.
    • Added octpcie(4), a driver for the PCIe controller found on OCTEON II and OCTEON III.
    • Fixed random kernel hangs on some sparc64 machines by blocking interrupts while sending an IPI on sunv4 (as on sun4u).
    • ure(4) now supports RTL8153B devices, adding support for Ethernet on Lenovo USB-C docks.
    • Added new ksmn(4) driver for temperature sensor on AMD Family 17h CPUs.
    • Explicitly disable BCM4331 wifi chips present in 2011-2012 Apple Mac systems. Fixes an interrupt storm that consumes about 50% of CPU0 on affected machines.
  • Improved arm64 hardware support, including:
    • Added support for Ampere eMAG CPU based systems.
    • Added support to amlclock(4) for obtaining CPU clock frequency.
    • Enabled amlmmc(4), a driver for the SD/MMC controller found on various Amlogic SoCs.
    • Implemented setting the CPU clock for Allwinner A64 SoCs in sxiccmu(4).
    • Added amldwusb(4), amlusbphy(4) and amlpciephy(4), drivers for the USB controller and PHYs on the Amlogic G12A/B SoCs.
    • Added imxtmu(4), a driver to support the temperature sensors on i.MX8M SoCs.
    • Added amlrng(4), a simple random number generator driver for Amlogic SoCs.
    • Added amclock(4), a driver for the Amlogic SoC clocks.
    • Added amluart(4), a driver for the UARTs found on various Amlogic SoCs.
    • Added support for the SMBus System Interfaces (SSIF) to ipmi(4).
    • PXE booting using U-Boot works now.
    • Added clock support to sxisyscon(4), a driver for the system controller found on various Allwinner SoCs.
    • Implemented smbios(4) support on arm64.
    • Added ucrcom(4), a driver for the serial console of chromebooks.
    • Enabled mvmdio(4) and mvneta(4) on arm64.
    • Added pinctrl(4) support for ‘pinconf-single’ devices and support for bias and drive-strength properties, needed for HiSilicon SoCs.
    • Added mvdog(4), a driver to support the watchdog on the Armada 3700 SoC.
    • Added support for the Allwinner H6 to sxipio(4) and sxiccmu(4).
    • Added mviic(4), a driver to support the I2C controller on the Armada 3700 SoC.
    • Added mvuart(4) to support the Armada 3720’s serial console.
    • Added support for the Armada 3720 clocks to mvclock(4).
    • Added support for the Armada 3720 pinctrl controller to mvpinctrl(4). This controller also includes GPIO controller functionality.
    • Added the RK3328 and RK3399 GMAC clocks to rkclock(4).
    • Increased MAXCPUs to 32 in arm64, allowing use of all cores on the Ampere eMAG.
    • Added support for the Cortex-A65 CPU.
    • Implemented interrupt controller functionality in rkgpio(4), allowing use of the fusbtc(4) interrupt on the RockPro64.
  • IEEE 802.11 wireless stack improvements:
    • Repaired the ifconfig(8) ‘nwflag’ command (broken since OpenBSD 6.4).
    • Added a new ‘stayauth’ nwflag which can be set to ignore deauth frames. This is useful when deauth frames are being spoofed by an attacker.
    • Repaired the ifconfig(8) ‘mode’ command to properly force a wireless interface into 11a/b/g/n mode.
    • Made 11n Tx rate selection more sensitive to transmission failures.
    • Fixed automatic use of HT protection in 11n hostap mode.
    • Fixed WPA APs occasionally appearing as non-WPA APs during AP selection.
    • Fixed some eligible APs being ignored during AP selection after a roaming failure.
    • Added support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.
    • Made net80211 expose reasons for association failures to have ifconfig(8) display them in “scan” output and on the ieee80211(9) status line.
    • Made all wireless drivers submit a batch of received packets to the network stack during one interrupt if possible, rather than submitting each packet individually. Prevents packet loss under high load due to backpressure from the network stack.
  • Generic network stack improvements:
    • Enabled TCP and UDP checksum offloading by default for ix(4).
    • Added tpmr(4), a 802.1Q two-port MAC relay implementation.
    • Added iavf(4), a driver for Intel SR-IOV Virtual Functions of Intel 700 series Ethernet controllers.
    • Added aggr(4), a dedicated driver to implement 802.1AX link aggregation.
    • Added port protection support to switch(4). Domain membership is checked for unicast, flooded (broadcast) and local (host-network-bound, e.g. trunk) traffic.
    • Disabled mobileip(4).
    • Added support to ifconfig(8) for getting and setting rxprio, finishing support for RFC 2983. Implemented configuring rxprio in vlan(4), gre(4), mpw(4), mpe(4), mpip(4), etherip(4) and bpe(4).
    • Implemented Tx mitigation by calling the hardware transmit routine per several packets rather than for individual packets. Defers calls to the transmit routine to a network taskq, or until a backlog of packets has built up.
    • Stopped using splnet(9) when running the network stack now that it is using the NET_LOCK for protection, reducing latency spikes.
    • Added support for reading SFPs to some ethernet cards.
  • Installer improvements:
    • Allowed quoted SSIDs in the installer, rather than ignoring those containing whitespace.
    • Introduced sysupgrade(8) that can be used to upgrade OpenBSD unattended.
    • A syspatch was provided which adds sysupgrade(8) to 6.5, so unattended upgrades to 6.6 can be performed on amd64/arm64/i386 with # syspatch && sysupgrade.
    • Created an octeon bootloader which is a modified kernel. To use this bootloader, the firmware must be configured to load file “boot” instead of “bsd”.
    • Included mount_nfs(8) on the amd64 CD ramdisk.
    • Added tee(1) to the ramdisk, and display a moving progress bar during auto upgrade/install.
    • Repaired and improved v6 default route selection, fixing autoinstalls.
    • Added sysupgrade(8) support to the sparc64 bootloader.
    • The DHCP configuration is now preserved when restarting an install.
    • The installer now remembers ‘autoconf’ when restarting an install.
    • Stopped prompting for disks that do not contain a root partition during upgrades. This defaults to the correct disk when full disk encryption is in use, and will be useful for future unattended upgrades.
  • Security improvements:
    • unveil(2) is now used in 77 userland programs to redact filesystem access.
    • Various changes in unveil(2) to improve application behavior when encountering hidden filesystem paths.
    • ps(1) can show which processes have called unveil(2) with the u and U flags in STATE field.
    • ps(1) can show the list of pledge(2) options processes use with the -o pledge option.
    • Further and improved mitigations against Spectre side-channel vulnerability in Intel CPUs built since 2012.
    • Mitigations for Intel’s Microarchitectural Data Sampling vulnerability, using the new CPU VERW behavior if available or by using the proper sequence from Intel’s “Deep Dive” doc in the return-to-userspace and enter-VMM-guest paths. Updated vmm(4) to pass through the MSR bits so that guests can apply the optimal mitigation.
    • Rewrote doas(1) environment inheritance not to inherit, and instead reset to the target user’s values by default.
    • Prepare the amd64 BIOS bootloader for loading the kernel at a random virtual address (future work).
    • Introduced malloc_conceal(3) and calloc_conceal(3), which return memory in pages marked MAP_CONCEAL and call freezero(3) on free(3).
    • Make ‘systat pf’ not require root permissions (systat(1)).
    • Added support for the EFI Random Number Generator Protocol, using it to XOR random data into the buffer we feed the kernel for amd64.
    • Added information about system call memory write protection and stack mapping violations to system accounting. Now daily(8) will print a list of affected processes and lastcomm(1) will flag violations with ‘M’.

 

Risorse

La distribuzione può essere scaricata da:

Il sito web della dstribuzione è: http://www.openbsd.org/

Screenshot

OpenBSD 5.3

OpenBSD 5.3

Conclusioni

Si può aggiornare dalla versione precedente.

Subscribe

Subscribe to our e-mail newsletter to receive updates.

No comments yet.

Leave a Reply