and friends now log an error and abort when confronted with format %n.
now has client-side support for DNS configuration.
[See earlier report.]
speed has been boosted through asynchronous handling of probe packets and DNS.
[See earlier report.]
are both enabled by default and provide the standard mechanism for
configuring IPv4 addresses by DHCP.
[See previousreports.] The combination also makes nameserver information gathered via slaacd usable in dynamic configurations.
remains available for special cases.
A "nameserver" command was added to
allowing sending DNS nameserver prooposals to
resolvd(8) over the routing socket.
In LibreSSL 3.4.1,
support has been added for the OpenSSL 1.1.1
The "new" X.509 validator is enabled,
allowing verification of modern certificate chains.
Those upgrading from the 6.9 release (or earlier) should consult the
While your install sets download or when your packages update,
please take the time to look at and use one or more of the recommended ways to support the project, such as making a
Corporate entities may prefer to send money to
The OpenBSD Foundation,
a Canadian non-profit corporation.
You can also get
and help OpenBSD visibility.
Also, don't forget to listen to the release song
and check out the lyrics.
Thanks to the developers for all the excellent work that has gone into this
great new release!
Here's the reason: one of the two root certificates
behind the (excellent)
CA service has expired.
A bug in (the "legacy" verifier of)
The syspatches (for OpenBSD 6.8,
032, for OpenBSD 6.9,
018) mitigate the unfortunate situation.
However, your syspatch may fail if your local mirror uses a
Let's Encrypt certificate.
In that case, the best advice may be to try a mirror that does not
use a Let's Encrypt certificate just to get past this speed bump.
Module name: src
Changes by: email@example.com 2021/09/08 17:31:39
usr.bin/ssh : scp.1 scp.c
Use the SFTP protocol by default. The original scp/rcp protocol remains
available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
In a recent
to tech@ Martin Pieuchot (mpi@) wrote about
analysis of kernel lock contention.
We reproduce the message(s) here, reformatted with his permission.
Unlocking UVM [virtual memory - Ed.]
faults makes build time decrease a lot and improve the
overall latency of mixed userland workload. In other words it gives
a smoother feeling for "desktop usage": it is now possible to do 'make
-j17' and watch a HD video at the same time.
Module name: src
Changes by: firstname.lastname@example.org 2021/09/03 03:13:00
usr.sbin/traceroute: Makefile traceroute.8 traceroute.c
Make traceroute(8) faster by sending probes and doing DNS async.
Traditional traceroute would send one probe and then wait for up to 5
seconds for a reply and then send the next probe. On a lossy link that
eventually ends in a black hole this would take about 15 minutes and
people would hit control-c in anger.
This rewrites the traceroute engine to use libevent and asr's async
DNS interface. Probes are now send every 30ms or as soon as we get an
answer back. With that we got the 15 minute worse case down to about
A minor adjustment that is possible with this is to delay printing a
line until we get to a line with answers. This has two effects:
1) If there are intermediate hops that don't answer, output pauses for
a bit so we keep the visual cue of "something might be wrong here".
2) If there is a black hole at the end, we don't print out many "* * *"
lines and thus scrolling the interesting bits out of the terminal.
We collapse those lines and just print
64 * * *
at the end.
Unfortunately the -c option to send udp probes to a fixed port had to
go for now. But we should be able to add it back.
"Once you have seen the new one you can't go back to the old one" &
enthusiastic OK deraadt@
"I am very distressed that florian went to bed without committing it"
links to recordings showing the
behaviours with an earlier version of this work.