76.html

<!doctype html>
<html lang="en" id="release">
<head>
<meta charset=utf-8>

<title>OpenBSD 7.6</title>
<meta name="description" content="OpenBSD 7.6">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/76.html">
</head><body>
<h2 id="OpenBSD">
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.6
</h2>

<table>
<tr>
<td>
<a href="images/LifeIsButADream.jpg">
<img width="227" height="303" src="images/LifeIsButADream-s.gif" alt="Life is but a dream"></a>
<td>
Released Oct 8, 2024. (57th OpenBSD release)<br>
Copyright 1997-2024, Theo de Raadt.<br>
<br>
Artwork by Sue Doeksen.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
    a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.6/</code> directory on
    one of the mirror sites.
<li>Have a look at <a href="errata76.html">the 7.6 errata page</a> for a list
    of bugs and workarounds.
<li>See a <a href="plus76.html">detailed log of changes</a> between the
    7.5 and 7.6 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
    pubkeys for this release:<p>

<table class=signify>
<tr><td>
openbsd-76-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/openbsd-76-base.pub">
RWTkuwn4mbq8ouJbfO4VfNH8+FdiZUosz2qIR0V0C9bm6CnVEt7CGkV0
</a><tr><td>
openbsd-76-fw.pub:
<td>
RWTjkGqNGXmQxWRiGhZYwI3lUuv1LNutoO7ERDCfFwLB/Lkp1aCsS4QP
<tr><td>
openbsd-76-pkg.pub:
<td>
RWQnLSfWlibGntNj6cqS87rZEmqv1VWMbGSskBTuNKxiSg5hgBpTvzJz
<tr><td>
openbsd-76-syspatch.pub:
<td>
RWRzQWJ4ipcCDeYWQNJJ2gBVTP8KZTxaD0aELC/SNplE3ynVDEHWaPQR
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>

<hr>

<section id="new">
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.6.
For a comprehensive list, see the <a href="plus76.html">changelog</a> leading to 7.6.
<p>
With this release all files that existed in the <a
href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/conf/newvers.sh?rev=1.1&content-type=text/x-cvsweb-markup">first
commit</a> in the OpenBSD source repository have been updated, modified or replaced
at some point in time, reaching OpenBSD of Theseus.

<ul>

<li>Platforms specific improvements:
  <ul>
  <li>arm64:
    <ul>
    <li>Implemented Spectre-V4 mitigations for arm64.
    <li>Extended Spectre-BHB mitigation support to Cortex-A57.
    <li>Enable Enhanced Privileged Access Never (EPAN) when available on arm64.
    <li>Recognise Cortex-A520AE (Hayes AE) and Cortex-A720AE (Hunter AE) CPUs
    <li>Made the LEDs work on the SolidRun ClearFog CN9130 Base.
    <li>Added Qualcomm Snapdragon X Elite (X1E80100) support.
    <li>Implemented support for deeper idle states offered by PSCI, reducing idle power usage.
    <li>Populate arm64 HWCAP and HWCAP2 flags based on recognized feature bits and sanitized values of the ID register values.
    <li>Made the Samsung Galaxy Book4 Edge (x1e80100) boot in ACPI mode.
    <li>Used FEAT_RNG to feed entropy into the random subsystem on arm64 as on amd64.

    </ul>
  <li>amd64:
    <ul>
    <li>Mitigated the RFDS (Register File Data Sampling) vulnerability present in Intel Atom CPUs (requires updated firmware).
    <li>Implemented support for AVX-512.
    <li>Shortening of the <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> output by suppressing cache-info lines when they are identical to the previous CPU.
    <li>Streamlined the display of flag information of amd64 CPU flags in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a>.
    <li>Added AMD Secure Encrypted Virtualization (SEV)-related information provided by cpuid to <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a>.
    <li>Implemented bounce buffering for AMD SEV in amd64 bus dma.
    <li>Implemented hardware masking for MSI and MSI-X on amd64.
    <li>Implemented wakeup interrupts on amd64.
    <li>Ensure that the deepest possible C-state is selected during suspend-to-idle on amd64 and i386.
    <li>Set the target ACPI to S5 when powering down amd64 (and i386) machines, rather than attempting to put devices into the D3 power state.
    <li>Prevented livelocks on amd64 by avoiding caching pages belonging to memory ranges with a 'use' count to keep low pages available and avoid their exhaustion.
    </ul>
  <li>riscv64:
    <ul>
    <li>Use SBI calls to reboot or power down when supported by firmware.
    <li>Communicate cache-coherent DMA status via DMA tag for <a href="https://man.openbsd.org/mainbus.4">mainbus(4)</a>.
    <li>Support for Milk-V Pioneer board.
    <li>Enabled UVM percpu cache on riscv64.
    </ul>
  <li>powerpc:
    <ul>
    <li>Exported basic HWCAP bits to let applications detect Altivec and VSX on powerpc64.
    <li>Exported basic HWCAP bits to let applications detect Altivec on powerpc.
    </ul>
  <li>mips64:
    <ul>
    <li>Enabled uvm per-cpu page cache on mips64 (as well as sparc64 and luna88k)
    </ul>
  <li>alpha:
    <ul>
    <li>Switched alpha to MI mplock code.
    </ul>
  <li>More platform specific changes can be found in the <a href="#hardware_support">hardware support</a> section below.
  </ul>

<li>Various kernel improvements:
  <ul>
  <li>Reduced <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> output by only printing about PCI resource conflicts for resources that are enabled.
  <li>Deleted the msyscall mechanism, now replaced by the stricter <a href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a> and <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>.
  <li>Changed <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>, <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>'s MAP_STACK and <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> failures to use <a href="https://man.openbsd.org/uprintf.9">uprintf(9)</a> rather than writing into <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a>.

  <li>Made <a href="https://man.openbsd.org/witness.4">witness(4)</a> display lock cycles longer than two locks.
  <li>Made "show witness" display <a href="https://man.openbsd.org/witness.4">witness(4)</a> lock subtypes in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
  <li>Made <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> print mbuf chain and packet list by implementing /c and /p modifiers in ddb show mbuf.
  <li>Repair printing of backtraces on arm64 ddb(4).

  <li>Added <a href="https://man.openbsd.org/pathconfat.2">pathconfat(2)</a>: <a href="https://man.openbsd.org/pathconf.2">pathconf(2)</a> but with at-fd and flags arguments, the latter supporting the ability to get timestamp resolution of symlinks.
  <li>Ensure that <a href="https://man.openbsd.org/pmap_create.9">pmap_create(9)</a> waits in the case of kernel virtual space shortage.

  <li>Made arc4random() depend on fewer subsystems by decoupling extract_entropy() from the enqueue_randomness() logic.
  <li>Ensure that concurrent calls to dequeue_randomness() will use some different events.

  <!-- suspend/resume -->
  <li>Work to support S0 sleep states, improving the suspend/resume experience on modern hardware.
  <ul>
    <li>Added an implementation of "suspend-to-idle" on amd64, enabling suspend on machines that don't support S3.
    <li>Began printing "S0ix" instead of "S0" on the acpi: sleep states line when FADT indicates FADT_POWER_S0_IDLE_CAPABLE, assuming that for these machines the vendors agree S0 suspend is as good or better than S3.
    <li>Added a temporary method to force S0 over S3 via machdep.lidaction=-1. We are not ready to choose S0-over-S3 based on the S0ix bit in FADT, but this will allow testing.
    <li>Fixed suspend/resume related bugs in many drivers.
  </ul>

  <!-- fixed crashes/bugs -->
  <li>Made exit1() wait for <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> 'allprocess' loops to prevent possible kernel crash due to concurrent process exit1().
  <li>Prevented potential crash when <a href="https://man.openbsd.org/fuse.4">fuse(4)</a> uses the ufs inode.
  <li>Ensure that in all filesystems file names passed back by readdir name validation do not include a '/' character to avoid unexpected path traversal on untrusted file systems.
  <li>Fixed kernel crashing due to invalid pin tables in ELF binaries.
  <li>Increased the default buffer size for AF_UNIX from 8192 to 32768, avoiding a fatal error in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> that can be triggered when the network stack is pushed hard enough to consume most of the allowed memory.
  </ul>

<li id="SMP_Improvements">SMP Improvements
  <ul>
  <li>Network
    <ul>
    <li>Allowed running UDP input on multiple CPU in parallel.
    <li>Made raw IPv4 and IPv6 sockets handle input in parallel.
    <li>Various improvements in the locking of unix4 and udp sockets.
    <li>Pushed socket lock down to sosend() for SOCK_RAW sockets.
    <li>Pushed socket lock down to sosend() and removed it from soreceive()
	  paths for <a href="https://man.openbsd.org/unix.4">unix(4)</a>
	  sockets.
    <li>Switched AF_ROUTE sockets to the new locking scheme.
    <li>Mark the IP protocol GRE as MP safe from socket layer.
    <li>Removed kernel lock from socket splice idle timeout.
    <li>Removed kernel lock from <a href="https://man.openbsd.org/shutdown.2">shutdown(2)</a> system call.
    <li>Run network protocol timer without kernel lock. TCP timers also run without kernel lock now.
    <li>Stopped using KERNEL_LOCK to protect the per process <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> list.
    </ul>
  <li>Sysctl
    <ul>
    <li>Used atomic operations to access integers in
	<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>
	making it mp-safe.
    <li>Removed net lock from
	<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
	net.inet.ip.forwarding, net.inet6.ip6.forwarding,
	net.inet6.ip6.redirect, net.inet.ip.directed-broadcast.
    <li>Pushed kernel lock down to net_sysctl() to unlock uipc, bpf,
	pflow and pipex sysctl.
    <li>Removed kernel lock from various sysctl kern variables.
    </ul>

  <li>Stopped grabbing the kernel lock in <a href="https://man.openbsd.org/kbind.2">kbind(2)</a>.
  <li>Added per-CPU caches to the pmemrange allocator.
  <li>Unlocked <a href="https://man.openbsd.org/sigsuspend.2">sigsuspend(2)</a> and __thrsigdivert syscalls.
  <li>Converted SCHED_LOCK from a recursive kernel lock to a mutex.
  <li>Reworked per proc and per process time usage accounting, removing a SCHED_LOCK() dependency.
  </ul>

<li>Direct Rendering Manager and graphics drivers
  <ul>
  <li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
      to Linux 6.6.52.
  <li>Support for Meteor Lake in
      <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>.
  </ul>

<li>VMM/VMD improvements
  <ul>
  <li>Improve exposure of CPU features to virtual machines.
  <li>Fixed incorrect scaling when converting disk images in <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
  <li>Dropped the <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> "continue" flag to simplify running a vcpu.
  <li>Added <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> "status -r" to limit the output of "vmctl status" to only running VMs.
  <li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> update the host cr3 in the vmcs to allow <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> to restore the proper cr3 value on the next vm exit.
  <li>Enabled AMD SEV support in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
  <li>Added <a href="https://man.openbsd.org/psp.4">psp(4)</a> ioctls to the "vmm" pledge to support AMD SEV and add an additional ioctl to support shutdown.
  <li>Set highest cpuid feature leaf based on host CPU in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, fixing Linux guests on older Intel hardware.
  <li>Implemented AMD SEV support in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. To enable SEV for a guest, use the parameter "sev" in the guest's vm section in vm.conf.5.
  <li>Fixed VPID leak on Intel VMX hosts.
  <li>Add ret-clean operation to interrupt dispatch assembly code.
  <li>Fixed DHCP request intercept when using local interfaces with <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
  </ul>

<li>Various new userland features:
  <ul>
  <li>Added <a href="https://man.openbsd.org/scandirat.3">scandirat(3)</a> from FreeBSD.
  <li>Added <a href="https://man.openbsd.org/elf_aux_info.3">elf_aux_info(3)</a>, designed to let userland peek at AT_HWCAP and AT_HWCAP2, using an interface from FreeBSD.
  <li>Added missing function <a href="https://man.openbsd.org/wcsnlen.3">wcsnlen(3)</a> to find length of a wide string (i.e. <a href="https://man.openbsd.org/wcslen.3">wcslen(3)</a> with a max len argument).
  <li>Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing.
  <li>Added the option "-u name" to <a href="https://man.openbsd.org/env.1">env(1)</a> to remove a variable from the environment.

  </ul>

<li>Various bugfixes and tweaks in userland:
  <ul>
  <li>Throughout the source tree, add missing error checks to calls of <a href="https://man.openbsd.org/gmtime.3">gmtime(3)</a> and <a href="https://man.openbsd.org/localtime.3">localtime(3)</a>.
  <li>Added missing error checks to all calls under libexec and sbin in case of <a href="https://man.openbsd.org/ctime.3">ctime(3)</a> and <a href="https://man.openbsd.org/ctime.3">ctime_r(3)</a> failures when timestamps are far off.
  <li>Audited programs that parse IP-adresses and replaced <a href="https://man.openbsd.org/inet_aton.3">inet_aton(3)</a> with better functions such as  <a href="https://man.openbsd.org/gethostbyname.3">gethostbyname(3)</a>, <a href="https://man.openbsd.org/getnameinfo.3">getnameinfo(3)</a>, <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a>, and <a href="https://man.openbsd.org/inet_pton.3">inet_pton(3)</a>.

  <!-- audio -->
  <li>Added generic channel mapping in place of <a href="https://man.openbsd.org/aucat.1">aucat(1)</a> -j and -c options.
  <li>Allowed any device sample encoding in <a href="https://man.openbsd.org/aucat.1">aucat(1)</a>.
  <li>Fixed a crash in <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when the device is disconnected and the clients are not migrated to another device.
  <li>Made <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> discover new devices on SIGHUP and switch if a new device is higher priority (greater -F option number) than the current device.
  <li>Fixed <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> server.device entries disappearing when usb devices are unplugged while in use.
  <li>Fixed possible <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> crashes caused by a global table overread triggered by the client.

   <!-- pax -->
  <li>Switched <a href="https://man.openbsd.org/pax.1">pax(1)</a> to write archives using the 'pax' format by default. Ramdisk versions will keep using ustar for writing.
  <li>Corrected detection of 'pax' format archives in <a href="https://man.openbsd.org/pax.1">pax(1)</a> append mode.
  <li>Fixed a problem in <a href="https://man.openbsd.org/pax.1">pax(1)</a> where the file list output was fully-buffered when used as part of a pipeline.
  <li>Fixed reading large <a href="https://man.openbsd.org/pax.1">pax(1)</a> extended records.
  <li>Switched <a href="https://man.openbsd.org/tar.1">tar(1)</a> write default format to 'pax'.
  <li>Added <a href="https://man.openbsd.org/tar.1">tar(1)</a> -F option to select write format.
  <li>Used <a href="https://man.openbsd.org/pathconfat.2">pathconfat(2)</a> to compare mtimes for the
	<a href="https://man.openbsd.org/pax.1">pax(1)</a> -u and -Z options when the target is "too old."

  <!-- various -->
  <li>Added <a href="https://man.openbsd.org/patch.1">patch(1)</a> "-V none" to prevent making any backups.
  <li>Fixed <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> call in the <a href="https://man.openbsd.org/lpd.8">lpd(8)</a> control process.
  <li>Fixed a crash in <a href="https://man.openbsd.org/ls.1">ls(1)</a> -l for files with bogus timestamp values.
  <li>Repaired malloc operation on systems where the <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> page size is larger than the mmu page size.
  <li>In <a href="https://man.openbsd.org/btrace.8">btrace(8)</a>, cache ELF .symtab, .strtab entries in sorted array to improve lookup cost from O(n) to O(lg n).
  <li>In libc, allow writing buffers larger than BUFSIZ or st_blksize, vastly improving write performance.
  <li>Made <a href="https://man.openbsd.org/security.8">security(8)</a> silently ignore setuid changes in relinked binaries to reduce false positives.
  <li>Added the flags NOPERM, STALLED, SWAPPABLE and DOOMED to <a href="https://man.openbsd.org/pstat.8">pstat(8)</a> -v output.
  <li>Rewrote <a href="https://man.openbsd.org/dd.1">dd(1)</a> bytes/sec calculation to make signal handler safe on OpenBSD.
  <li>Added check in <a href="https://man.openbsd.org/pwd_mkdb.8">pwd_mkdb(8)</a> preventing creation of a <a href="https://man.openbsd.org/passwd.5">passwd(5)</a> entry too large for <a href="https://man.openbsd.org/getpwent.3">getpwent(3)</a>.
  <li>Fixed <a href="https://man.openbsd.org/cron.8">cron(8)</a> CVE-2024-43688: buffer underflow for very large step values.
  <li>Escaped newlines in file names in <a href="https://man.openbsd.org/less.1">less(1)</a>.
  <li>Removed support for the <a href="https://man.openbsd.org/less.1">less(1)</a> LESSOPEN and LESSCLOSE environment variables.
  <li>Allowed the <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a> -F flag (Force trim logs) to be used on its own.

  <!-- editors -->
  <li>Added display of the current line number as percentage of the total lines in <a href="https://man.openbsd.org/vi.1">vi(1)</a> ruler.
  <li>Ignored universal ctags extended metadata in tagaddress, making <a href="https://man.openbsd.org/mg.1">mg(1)</a> search patterns work again.
  <li>Fixed <a href="https://man.openbsd.org/mg.1">mg(1)</a> auto-indent-mode with custom tab widths.
  <li>Added handling for C-u modifier in M-! and M-| to <a href="https://man.openbsd.org/mg.1">mg(1)</a>.
  <li>Added an error message for <a href="https://man.openbsd.org/sed.1">sed(1)</a> -i when the file is unwritable.
  <li>Fixed a bug in <a href="https://man.openbsd.org/sed.1">sed(1)</a> where the pattern space is empty but does not start with a NUL character, which might occur after using the D command.

  <!-- ZZZ what does this mean? -->
  <li>Ensure that giving UTF-8 command line arguments to <a
	href="https://man.openbsd.org/apropos.1">apropos(1)</a> allows
	searching in UTF-8 and ISO-Latin-1 encoded manual pages if the <a
	href="https://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> was built
	makewhatis -T utf8.
  <li>Fixed a bug in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> .Ql handling which could corrupt output.
  <li>Made <a href="https://man.openbsd.org/gprof.1">gprof(1)</a> output more compact.
  </ul>

<li id="hardware_support">Improved hardware support and driver bugfixes, including:
  <ul>
  <!-- rk* -->
  <li>Added clocks for the RK3588 PWM controller to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
  <li>Added RK3588 TSADC clocks and resets to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
  <li>Added RK3588 eMMC clocks and resets to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
  <li>Added RK3588 support to <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a>.
  <li>Added support for using the power button function of the RK809 to <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>.
  <li>Added <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> support for configuring sleep voltage settings based on device tree settings for the RK809.
  <li>Prevented <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> power down after resume initiated by pressing the power button.
  <li>Added RK3588 support to <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>.
  <li>Added <a href="https://man.openbsd.org/dwmshc.4">dwmshc(4)</a> support for the RK3588 eMMC controller.
  <li>Made the eMMC come up reliably on the RK3588 eMMC controller by resetting the status before executing a new command.

  <li>Added PCI support for <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
  <li>Enabled UFS "Auto-Hibernation" in <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
  <li>Added <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> support for suspend/resume.
  <li>Added hibernation support in <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
  <li>Added <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> at fdt support, allowing boot of the Samsung Galaxy Book4 Edge in DT mode.
  <li>Fixed <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> alignment issue where a DMA transfer scheduled on an odd slot would fail.
  <li>Enabled <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> on amd64.
  <li>Added CH9102 support to <a href="https://man.openbsd.org/uchcom.4">uchcom(4)</a>.
  <li>Added support for the numpad on newer macppc Apple Powerbooks with <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>, with Num Lock set as Fn+F6.
  <li>Added <a href="https://man.openbsd.org/uchcom.4">uchcom(4)</a> support for the CH343 uart.

  <!-- nvme -->
  <li>Prevented a hang when the <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> controller has disconnected from the pcie bus.
  <li>Added support for NVMe passthrough commands to allow software to get information about <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> disks.
  <li>Enabled hibernate/resume to <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> disks with 4096 byte sectors.
  <li>Added <a href="https://man.openbsd.org/bio.4">bio(4)</a> support to <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>.
  <li>Added <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> sensors based on information in the SMART/health log page, showing overall device health and temperature.

  <!-- acpi -->
  <li>Made <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> forward AC change notifications to <a href="https://man.openbsd.org/acpiac.4">acpiac(4)</a>, giving access to programs like <a href="https://man.openbsd.org/apm.8">apm(8)</a>.
  <li>Implemented sleep button and EC events as wakeup events in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
  <li>Added <a href="https://man.openbsd.org/qcgpio.4">qcgpio(4)</a> support for the ACPI PCIO pins necessary to support the keyboard, touchpad and touchscreen on the Qualcomm Snapdragon X Elite (X1E80100) laptops Asus Vivobook S15 and Lenovo Yoga Slim 7x.
  <li>Made the touchpad on the Samsung Galaxy Book4 Edge work via <a href="https://man.openbsd.org/qcgpio.4">qcgpio(4)</a>.

  <!-- various -->
  <li>Added Meinberg PCI510 to <a href="https://man.openbsd.org/mbg.4">mbg(4)</a>.
  <li>Introduced <a href="https://man.openbsd.org/rpigpio.4">rpigpio(4)</a>, a driver for the RP1 GPIO controller on the Raspberry Pi 5.
  <li>Added support to have <a href="https://man.openbsd.org/bcmpcie.4">bcmpcie(4)</a> as both PCIe bus and simplebus to enable use of the Raspberry Pi 5's RP1 I/O controller.
  <li>Fixed access to Alder Lake-N and Elkhart Lake eMMC.
  <li>Added <a href="https://man.openbsd.org/psp.4">psp(4)</a> driver for the AMD Platform Security Processor.
  <li>Prevent a crash in the openfirmware driver if the temperature for a zone can't be read while polling it.
  <li>Implemented <a href="https://man.openbsd.org/qcspmi.4">qcspmi(4)</a> support for version 7 controllers.
  <li>Implemented MSI multiple-vector support in <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a>.
  <li>Hooked up the Qualcomm UEFI Secure Application that handles EFI variables to <a href="https://man.openbsd.org/efi.4">efi(4)</a> to allow access to EFI variables through ioctls on /dev/efi.
  <li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> failure to attach when interface number and interface index do not match and the wrong interface is claimed.
  <li>Fixed delayed level setting on <a href="https://man.openbsd.org/audio.4">audio(4)</a> devices.
  <li>Introduced <a href="https://man.openbsd.org/intelpmc.4">intelpmc(4)</a>, a driver for the power management controller found on various Intel SoCs.
  <li>Added battery sensors to <a href="https://man.openbsd.org/qcpas.4">qcpas(4)</a>.
  <li>Corrected audio drivers to inform children about suspend/resume related events.
  <li>Ensure that <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> sensors are unregistered when the volumes are removed.

  <!-- group everything suspend/hibernate/resume related -->
  <li>Fixed suspend/resume for <a href="https://man.openbsd.org/ums.4">ums(4)</a> and <a href="https://man.openbsd.org/umt.4">umt(4)</a>.
  <li>Ensure that some Intel <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> controllers fully power down by issuing a "save state" command on suspend.
  <li>Fixed <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> issues after resume by giving some AMD Ryzen hHCI controllers the extra time they need to transition from D3 into D0.
  <li>Made <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> use ACPI_WAK upon resume, potentially improving S3 resume on some rare machines.
  <li>Made <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> restore the saved state upon resume, needed for newer Intel xHCI controllers.
  <li>Skipped Controller Save State (CSS) and Controller Restore State (CRS) on AMD 17h/1xh xHCI to avoid problem with resume after introduction of CRS to <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
  <li>Corrected <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> to inform children of suspend/resume events and prevent sub-drivers racing against dwiic hardware re-initialization.
  <li>Eliminated some resume-hangs on <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> chips.
  <li>Added missing child activate handling in <a href="https://man.openbsd.org/iatp.4">iatp(4)</a>.
  </ul><!-- end hardware support and driver bugfixes -->

<li>New or improved network hardware support:
  <ul>
  <li>Implemented resetting the PHY via a GPIO pin in <a href="https://man.openbsd.org/cad.4">cad(4)</a>, helping to enable the PHY on the Raspberry Pi 5.
  <li>Fixed TCP Segmentation Offload bugs in <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
  <li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> support for media types from the extended Ethernet capabilities fields, fixing a gigabit SFP in the ConnectX-6 Lx.
  <li>Enabled <a href="https://man.openbsd.org/em.4">em(4)</a> on powerpc64.
  <!-- igc -->
  <li>Added VLAN hardware tagging in <a href="https://man.openbsd.org/igc.4">igc(4)</a>.
  <li>Fixed jumbo frames in <a href="https://man.openbsd.org/igc.4">igc(4)</a> for strict alignment architectures.
  <li>Exposed <a href="https://man.openbsd.org/igc.4">igc(4)</a> hardware counters to <a href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
  <!-- dwqe -->
  <li>Added support for checksum offloading to <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
  <li>Added VLAN hardware tagging in <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
  <li>Improved stability of <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
  <!-- rge -->
  <li>Mapped MSI-X in addition to MSI and INTx on <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
  <li>Fixed TX descriptors DMA syncs in <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
  <li>Added <a href="https://man.openbsd.org/rge.4">rge(4)</a> support for the Realtek RTL8126 chip.
  <li>Improved bus_dmamap_syncs for rx ring descriptors on <a href="https://man.openbsd.org/rge.4">rge(4)</a> hardware.
  <li>Supported building a single packet out of multiple rx descriptors in <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
  <li>Attempted to leave a gap on the tx ring for <a href="https://man.openbsd.org/rge.4">rge(4)</a>/<a href="https://man.openbsd.org/re.4">re(4)</a> to keep entries on the ring from being overwritten, preventing confusion of the chip and the tx completion code.
  <!-- virtual -->
  <li>Prevented VPID leakage in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> by allocating at vcpu init.
  <li>Implemented TCP Segmentation Offload in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a>, <a href="https://man.openbsd.org/igc.4">igc(4)</a> and <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
  <li>Implemented TCP Large Receive Offload in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> and <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
  <li>Enable checksum offloading and TCP Segmentation Offload for <a href="https://man.openbsd.org/vlan.4">vlan(4)</a> via <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
  <li>Improved stability of <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
  </ul>

<li>Added or improved wireless network drivers:
  <ul>
  <li>Fixed <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> display
	in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
	showing a mix of 802.11 modes after switching APs.
  <li>Added a reset attempt for <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> devices when firmware crashes.
  <li>Made <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> offload TKIP and CCMP crypto to hardware, fixing ARP and IPv6 multicast with WPA2.
  <li>Plugged a memory leak in <a href="https://man.openbsd.org/qwx.4">qwx(4)</a>.
  <li>Fixed a <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> interrupt storm during resume.

  <li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> monitor mode after firmware update.
  <li>Prevented firmware panic when <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> runs in monitor mode with addresses configured on the interface and leaving 11n/11ac mode directly for monitor mode.
  <li>Added support for Quectel EM060K to <a href="https://man.openbsd.org/umb.4">umb(4)</a>.
  <li>Fixed WEP on <a href="https://man.openbsd.org/athn.4">athn(4)</a> USB hostap, preventing potential "key not installed for sw crypto" panic.
  </ul>

<li>IEEE 802.11 wireless stack improvements and bugfixes:
  <ul>
  <li>Prevented potential firmware errors in Intel wifi drivers when
	APs send an ADDBA request early.
  </ul>

<li>Installer, upgrade and bootloader improvements:
  <ul>
  <li>Implemented support for the RISC-V UEFI Boot Protocol.
  <li>Implemented the chmod a-x bsd.upgrade trick in the sparc64 ofwboot bootloader.
  <li>Added <a href="https://man.openbsd.org/boot.8">boot.conf(8)</a> "machine idle [secs]" to halt at idle passphrase prompts for <a href="https://man.openbsd.org/efi.4">efi(4)</a> systems.
  <li>Made <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> run again after <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> on Apple silicon to pick up Apple boot firmware.
  <li>Stopped <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> from enforcing the next version key if installing a snapshot.
  <li>Included BUILDINFO file in the iso/img files and installed it in the miniroot if available, to be used in the future in <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>.
  <li>Use BUILDINFO to make sure <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> doesn't install an older snapshot over a newer one.
  <li>Ensure that loading a device tree using the "mach dtb" command gives firmware a chance to make modifications by using the EFI devicetree fixup protocol.
  <li>Apple machines can now also use USB type-A ports for installation.
  </ul>

<li>Security improvements:
  <ul>
  <li>Added <a
	href="https://marc.info/?l=openbsd-tech&m=171661784618821&w=2">-fret-clean</a>
	option to the compiler, defaulting to off. This new option causes the
	caller to clean the return address off the stack after a call
	completes. The -fret-clean option was then enabled on amd64 for libc,
	libcrypto, ld.so, kernel, and all the ssh tools.
  <li>Expose branch target identification (BTI) to userland and make
	LLVM generate code with BTI instructions.
  <li>Enabled PAC in addition to BTI on arm64 such that JIT code
	matches the default branch protection provided by our base compiler.
  <li>Limit NFS connections to originate from a reserved port, but
	permit null requests (aka server pings) from non-reserved ports in
	nfs.
  <li>Made local ports bound during <a
	href="https://man.openbsd.org/connect.2">connect(2)</a> unique per
	laddr rather than globally unique.
  <li>Enforced the <a
	href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> rules
	on non-static/ld.so/libc.so text segments.
  <li>Added pledge and unveil to <a
	href="https://man.openbsd.org/rpcinfo.8">rpcinfo(8)</a>.
  <li>Added AUDIO_GETDEV ioctl to "audio" <a
	href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
  </ul>

<li>New features in the network stack:
  <ul>
  <li>Made PPP interfaces to run in an <a
	href="https://man.openbsd.org/rdomain.4">rdomain(4)</a> and install
	a default route in the same routing domain.
  <li>Introduced <a href="https://man.openbsd.org/rport.4">rport(4)</a> for
      point-to-point layer 3 connectivity between routing domains.
      Similar to <a href="https://man.openbsd.org/pair.4">pair(4)</a>
      but is more efficient as it does not add Ethernet headers.
  <li>Implement IPv6 forwarding IPsec only (sysctl
	net.inet6.ip6.forwarding = 2),the equivalent to net.inet.ip.forwarding
	= 2 for IPv4.
  <li>Added BIOCSETFNR to <a
	href="https://man.openbsd.org/bpf.4">bpf(4)</a>, like BIOCSETF without
	resetting the buffer or stats.
  <li>Implemented SO_ACCEPTCONN in <a
	href="https://man.openbsd.org/getsockopt.2">getsockopt(2)</a> which can
	be used to check if <a
	href="https://man.openbsd.org/listen.2">listen(2)</a> was called and
	the socket is accepting connections.
  </ul>
<li>Further changes and bugfixes in the network stack:
  <ul>
  <li>Expose <a href="https://man.openbsd.org/aggr.4">aggr(4)</a> per
	port information via <a
	href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
  <li>Restrict <a
	href="https://man.openbsd.org/listen.2">listen(2)</a> to sockets of
	type SOCK_STREAM or SOCK_SEQPACKET.
  <li>Prohibit userland changes of the interface loopback flag,
	preventing a potential kernel crash.
  <li>Split single TCP inpcb hash table into separate hash tables for
	IPv4 and IPv6, to help the ongoing work to <a href="#SMP_Improvements">improve SMP</a> performance.
  <li>Use route cache function in IP input.
  <li>Implemented rule 5.5 of RFC 6724 (Default Address Selection for
	IPv6) to prefer addresses in a prefix advertised by the next-hop.
  <li>Stop storing full IPv6 packet in common forwarding case. Instead
	of storing a copy of the full IPv6 packet for the possible need to
	generate an ICMP6 packet. Instead only store the header. In most cases
	this can be kept on the stack resulting in speedup and less memory
	use.
  <li>Fixed bridging IPv6 fragments with pf reassembly. When output by
	<a href="https://man.openbsd.org/veb.4">veb(4)</a> and <a
	href="https://man.openbsd.org/bridge.4">bridge(4)</a>, the packets
	were not refragmented.
  <li>Fixed source and drain confusion in socket splicing somove(),
	improving performance in a corner case.
  <!-- ipsec -->
  <li>Drop packets if forwarding of IPsec packets only (sysctl net.inet.ip.forwarding = 2) is configured, but no IPsec policy is defined.
  <li>If IP forwarding is IPsec only, do not send ICMP redirect and do not accept ICMP redirect packets.
  </ul>

<li>The following changes were made to the <a
	href="https://man.openbsd.org/pf.4">pf(4)</a> firewall:
  <ul>
  <li>Added display of <a href="https://man.openbsd.org/pf.4">pf(4)</a> fragment reassembly counters to <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
  <li>Fixed <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> TCP-state not being updated for destination connection peer and reduced excessive pfsync traffic.
  <li>Allow users to define tables inside an anchor in the same way they can define global tables in <a href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a>. Previously this required a separate <code>pfctl -a foo -t bar</code> invocation.
  </ul>

<li>Routing daemons and other userland network improvements:
<ul>
  <li>IPsec support was improved:
  <ul>
   <li>Added RADIUS support to <a
	href="https://man.openbsd.org/iked.8">iked(8)</a>, including
	authentication, accounting and "Dynamic Authorization Extensions"
	(DAE).
   <li>Fixed a bug where <a
	href="https://man.openbsd.org/sasyncd.8">sasyncd(8)</a> couldn't
	restore SAs.
  </ul>

  <li>More RADIUS changes:
  <ul>
   <li>In <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>,
	modified IPCP to use nameservers from RADIUS.
   <li>Added Dynamic Authorization Extensions (DAE) for RADIUS server
	to <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>.
   <li>Added support for RADIUS accounting configurable in <a
	href="https://man.openbsd.org/radiusd.conf.5">radiusd.conf(5)</a>.
   <li>Changed <a
	href="https://man.openbsd.org/radiusd.conf.5">radiusd.conf(5)</a>
	syntax for "module" to take a {} block and "authentication" to go
	without. Specifying a "module" path is now optional.
   <li>Introduced <a href="https://man.openbsd.org/radiusd_ipcp.8">radiusd_ipcp(8)</a>, a module providing IP configuration which manages the IP address pool.
   <li>Added <a href="https://man.openbsd.org/radiusd_file.8">radiusd_file(8)</a> module, providing authentication by a local file.
   <li>Kept <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> number of requests for a DAE server below 64 to avoid congestion.
   <li>Added <a href="https://man.openbsd.org/radiusctl.8">radiusctl(8)</a> ipcp delete command to delete the specified session without requesting disconnection.
  </ul>

  <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
  <ul>
   <li>Repair a withdraw desynchronization problem in bgpd(8).
   <li>Double peer description length to 64 characters.
   <li>Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.
   <li>Sessions over IPv6 link-local addresses are now always considered
      to be connected.
   <li>Allow operators to enforce the presence of certain capabilities.
   <li>Improve capability negotiation and remove 'announce capabilities'.
      The 'announce capabilities [yes|no]' neighbor config option needs to be
      removed from configuration files. Instead individual capabilities
      need to be disabled.
   <li>Improve negotiation of the multi-protocol capability and the fallback
      to IPv4 only mode.
   <li>Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).
   <li>Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.
   <li>Convert the remaining session engine parsers to the new ibuf API.
   <li>Filtered prefixes are now included in the Local-RIB if the config
      option 'rde rib Loc-RIB include filtered' is set.
   <li>Add 'bgpctl show rib filtered' to show filtered prefixes.
   <li>Add 'min-version' RTR config option and default to RTR version 1.
      Set min-version to 2 to enable draft-ietf-sidrops-8210bis-14 and
      ASPA support or better define the ASPA table in the config.
   <li>Adjust RTR ASPA pdu parser to follow draft-ietf-sidrops-8210bis-14
   <li>Check the max_prefix and max_out_prefix limits on config reload.
   <li>Fix race condition between TCP-MD5 key removal and session closure
      to ensure all messages are sent with the proper TCP-MD5 signature.
   <li>Fix 'nexthop qualify via bgp' by re-evaluating the nexthops when
      a BGP route is added to the FIB.
   <li>Handle the CLUSTER_LIST attribute according to RFC7606.
   <li>Fix some undefined or non-portable behaviour when handling
      NULL / 0-sized objects.
  </ul>

  <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw
	these and more changes:
  <ul>
  <li>Impose <a href="https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rrdp-same-origin">same-origin policy</a> for RRDP.
  <li>Introduce <a
	href="https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-ta-tiebreaker">tiebreaking</a>
	for trust anchors.  This prevents certain forms of replay attack.
  <li>Fix internal identification of CA resource certificates.
  <li>Verify self-signage for trust anchors.
  <li>Introduce a check for filenames as presented by publication points.
  <li>Improved compliance with RFCs 6487 and 8209 for certificates and CRLs.
  <li>Presence of CMS signing-time is now enforced and presence of
    CMS binary-signing-time is disallowed, per RFC 9589.
  <li>Lowered the maximum acceptable manifest number to 2^159 - 1.
  <li>Limit number of validated ASPAs per customer ASID.
  <li>Ensure synchronization jobs are stopped when the timeout is reached.
  <li>Fix a corner case in repository handling. If the last RRDP repository
    failed to load, rpki-client would fail to fall back to rsync due to an
    ordering bug in the event loop.
  <li>Improve detection of duplicate file paths. Only trigger a duplicate
    error if a valid path is revisited otherwise a bad CA could prevent
    legitimate files from being considered valid.
  <li>Normalize internal representation of the caRepository to have a
    trailing slash and ensure that the rpkiManifest is a file inside it.
  <li>Avoid a quadratic complexity issue in ibuf_realloc() due to misuse of
    recallocarray(). Transferring a manifest with a large FileAndHash
    list across a privsep boundary could cost significant resources.
  <li>RRDP sessions are periodically reinitialized to snapshot at random
    intervals.
  <li>Signed Prefix List statistics are now only emitted when rpki-client
    is run with -x.
  <li>The -r command line option formerly enabling RRDP has long been the
    default and is now removed.
  <li>The <a href="https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-crl-numbers">CRL number extension</a> in CRLs is checked to be in the range [0..2^159-1].
    The CRL number is otherwise ignored.
  </ul>

  <li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
  <ul>
	<li>Set ORIGINAL_RECIPIENT in the environment of MDA scripts for postfix compatibility.
	<li>Add documentation on the expected behaviour and environment of MDAs.
        <li>Fixed <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> IPv6 address parsing in file-backed <a href="https://man.openbsd.org/table.5">table(5)</a>.
	<li>Added <a href="https://man.openbsd.org/smtpd-tables.7">smtpd-tables(7)</a>, an API to implement <a href="https://man.openbsd.org/table.5">table(5)</a> for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
	<li>Introduced a new <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> K_AUTH service to allow offloading the credentials to a table for non-<a href="https://man.openbsd.org/crypt.3">crypt(3)</a> authentication.
	<li>Implemented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> report response for proc-filters as with built-in filters.
  </ul>
  <li>Network auto configuration improvements:
  <ul>
	<li>Introduced <a
		href="https://man.openbsd.org/dhcp6leased.8">dhcp6leased(8)</a>, a
		daemon to acquire IPv6 prefix delegations from DHCPv6 servers.
	<li>Made <a href="https://man.openbsd.org/rad.8">rad(8)</a> honor
		prefixes delegated by DHCPv6.
	<li>Implemented RFC 4191 Default Router Preferences in <a
		href="https://man.openbsd.org/rad.8">rad(8)</a>.
	<li>Made <a href="https://man.openbsd.org/rad.8">rad(8)</a> send
		source link-layer address option in router advertisements, preventing
		Apple devices from installing an unusable default route.
	<li>Removed <a
		href="https://man.openbsd.org/OpenBSD-7.5/dhclient.8">dhclient(8)</a> binary.
  </ul>
<!-- OTHER -->
  <li>Many other changes in various network programs and libraries:
  <ul>
	<li>Audited programs that parse IP-addresses and replaced <a href="https://man.openbsd.org/inet_aton.3">inet_aton(3)</a> with better functions such as 
		<a
		href="https://man.openbsd.org/gethostbyname.3">gethostbyname(3)</a>,
		<a href="https://man.openbsd.org/getnameinfo.3">getnameinfo(3)</a>, <a
		href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a>, and
		<a href="https://man.openbsd.org/inet_pton.3">inet_pton(3)</a>.
	<li>Trimmed output of <a
		href="https://man.openbsd.org/whois.1">whois(1)</a> to suppress some
		uninformative output by default, still accessible verbatim by using
		whois -S.
	<li>Removed obsolete <a
		href="https://man.openbsd.org/whois.1">whois(1)</a> contact handle
		support.
	<li>Made <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>
		advertise SMTPUTF8 and 8BITMIME extensions in EHLO, fixing potential
		interoperability issues when the real MTA supports those extensions.
	<li>Prevented TOCTOU issues in <a
		href="https://man.openbsd.org/httpd.8">httpd(8)</a> static file
		serving and auto index generation.
	<li>Added a "log" option to <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a> rules.
	<li>Made <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> host handle disable/enable commands from <a href="https://man.openbsd.org/relayctl.8">relayctl(8)</a> correctly in case multiple redirect instances use the same host in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> tables.
	<li>Improved config validation in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> to prevent incompatibility with the length of names of redirects and tags in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
	<li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> send HTTP
		'Accept */*' headers.
	<li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> send Host: headers with CONNECT requests when tunneling TLS over an HTTP proxy.
	<li>Added the 2024 root zone trust anchor to <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
	<li>Made <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> display statistics about expensive mbuf operations, counting operations used to allocate mbufs or copy memory when memory layout is not optimal to find possible optimizations.

  </ul>
</ul><!-- Routing daemons and other userland network improvements -->

<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a> improvements and bug fixes:
  <ul>
  <li>Reduced <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> escape-time default to 10 milliseconds (from 500).
  <li>Added display-menu -M to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to always turn mouse on in a menu.
  <li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option allow-set-title to forbid applications from changing the pane title.
  <li>Prevented a crash if focusing a pane in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> that is exiting.
  <li>Added "N" to search backwards in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> tree modes.
  <li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> "refresh-client -r" for control mode clients to provide OSC 10 and 11 responses to tmux so they can set the default foreground and background colors.
  <li>Changed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> extended-keys behavior to allow applications to enter mode 2 but not turn extended keys off entirely.
  <li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> prefix-timeout option to allow setting a period after which to ignore the prefix key if no others are pressed.
  <li>Ignored <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> mouse move keys to prevent accidental prefix cancelation.
  <li>Displayed hyperlinks in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode and added copy_cursor_hyperlink format to get the hyperlink under the cursor.
  <li>Added search_count and search_count_partial formats in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
  <li>Revamped <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> extended keys support to more closely match xterm1 and support mode 2 as well as mode 1.
  <li>Added mirrored versions of the main-horizontal and main-vertical layouts when the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> main pane is bottom or right instead of top or left.
  <li>Allowed REP to work with Unicode characters in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
  </ul>

<li>LibreSSL version 4.0.0
  <ul>
  <li>Portable changes
    <ul>
    <li>Added initial Emscripten support in CMake builds.
    <li>Removed timegm() compatibility layer since all uses were replaced
        with OPENSSL_timegm(). Cleaned up the corresponding test harness.
    <li>The mips32 platform is no longer actively supported.
    </ul>
  <li>Internal improvements
    <ul>
    <li>Cleaned up parts of the conf directory. Simplified some logic,
        fixed memory leaks.
    <li>Simplified X509_check_trust() internals to be somewhat readable.
    <li>Removed last internal uses of gmtime() and timegm() and replaced
        them with BoringSSL's POSIX time conversion API.
    <li>Removed unnecessary stat calls in by_dir.
    <li>Split parsing and processing of TLS extensions to ensure that
        extension callbacks are called in a predefined order.
    <li>Cleaned up the MD4 and MD5 implementations.
    <li>Assembly functions are no longer exposed in the public API, they
        are all wrapped by C functions.
    <li>Removed assembly implementations of legacy ciphers on legacy
        architectures.
    <li>Merged most multi-file implementations of ciphers into one or two
        C files.
    <li>Removed the cache of certificate validity. This was added for
        performance reasons which no longer apply since BoringSSL's time
        conversion API isn't slow. Also, a recently added error check led
        to obscure, undesirable validation failures.
    <li>Stopped calling OPENSSL_cpuid_setup() from the .init section on
        amd64 and i386.
    <li>Rewrote various BN conversion functions.
    <li>Improved certification request internals.
    <li>Removed unused DSA methods.
    <li>Improved X.509v3 extension internals. Fixed various bugs and leaks
        in X509V3_add1_i2d() and X509V3_get_d2i(). Their implementations
        now vaguely resemble code.
    <li>Rewrote BN_bn2mpi() using CBB.
    <li>Made most error string tables const.
    <li>Removed handling for SSLv2 client hello messages.
    <li>Improvements in the openssl(1) speed app's signal handler.
    <li>Cleaned up various X509v3_* extension API.
    <li>Unified the X.509v3 extension methods.
    <li>Cleaned up cipher handling in SSL_SESSION.
    <li>Removed get_cipher from SSL_METHOD.
    <li>Rewrote CRYPTO_EX_DATA from scratch. The only intentional change of
        behavior is that there is now a hard limit on the number of indexes
        that can be allocated.
    <li>Removed bogus connect() call from netcat.
    <li>Uses of atoi() and strtol() in libcrypto were replaced with
        strtonum().
    <li>Introduced crypto_arch.h which will contain the architecture
        dependent code and defines rather than the public opensslconf.h.
    <li>OPENSSL_cpu_caps() is now architecture independent.
    <li>Reorganized the DES implementation to use fewer files and removed
        optimizations for ancient processors and compilers.
    </ul>
  <li>New features
    <ul>
    <li>Added CRLfile option to the cms command of openssl(1) to specify
        additional CRLs for use during verification.
    </ul>
  <li>Documentation improvements
    <ul>
    <li>Removed documentation of no longer existing API.
    <li>Unified the description of the obsolete ENGINE parameter that
        needs to remain in many functions and should always be NULL.
    </ul>
  <li>Compatibility changes
    <ul>
    <li>Protocol parsing in libtls was changed. The unsupported TLSv1.1
        and TLSv1.0 protocols are ignored and no longer enable or disable
        TLSv1.2 in surprising ways.
    <li>The dangerous EVP_PKEY*_check(3) family of functions was removed.
        The openssl(1) pkey and pkeyparam commands no longer support the
        -check and -pubcheck flags.
    <li>The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),
        all SHA-2, and HMAC() no longer support returning a static buffer.
        Callers must pass in a correctly sized buffer.
    <li>Support for Whirlpool was removed. Applications still using this
        should honor OPENSSL_NO_WHIRLPOOL.
    <li>Removed workaround for F5 middle boxes.
    <li>Removed the useless pem2.h, a public header that was added since
        it was too hard to add a single prototype to one file.
    <li>Removed conf_api.h and the public API therein.
    <li>Removed ssl2.h, ssl23.h and ui_compat.h.
    <li>Numerous conf and attribute functions were removed. Some unused
        types were removed, others were made opaque.
    <li>Removed the deprecated HMAC_Init() function.
    <li>Removed OPENSSL_load_builtin_modules().
    <li>Removed X509_REQ_{get,set}_extension_nids().
    <li>X509_check_trust() and was removed, X509_VAL was made opaque.
    <li>Only specified versions can be set on certs, CRLs and CSRs.
    <li>Removed unused PEM_USER and PEM_CTX types from pem.h.
    <li>Removed typedefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,
        STORE_METHOD, and SSL_AEAD_CTX.
    <li>i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.
    <li>SPKAC support was removed from openssl(1).
    <li>Added TLS1-PRF support to the EVP interface.
    <li>Support for attributes in EVP_PKEYs was removed.
    <li>The X509at_* API is no longer public.
    <li>SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
        were added to libssl.
    <li>The completely broken UI_UTIL password API was removed.
    <li>The OpenSSL pkcs12 command and PKCS12_create() no longer support
        setting the Microsoft-specific Local Key Set and Cryptographic
        Service Provider attributes.
    </ul>
  <li>Bug fixes
    <ul>
    <li>Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match
        their documentation. They always set an RFC 5280 conformant time.
    <li>Improved standards compliance for supported groups and key shares
        extensions:
        <ul>
        <li>Duplicate key shares are disallowed.
        <li>Duplicate supported groups are disallowed.
        <li>Key shares must be sent in the order of supported groups.
        <li>Key shares will only be selected if they match the most
  	  preferred supported group by client preference order.
        </ul>
    <li>Fixed signed integer overflow in bnrand().
    <li>Prevent negative zero from being created via BN_clear_bit() and
        BN_mask_bits(). Avoids a one byte overread in BN_bn2mpi().
    <li>Add guard to avoid contracting the number linear hash buckets
        to zero, which could lead to a crash due to accessing a zero
        sized allocation.
    <li>Fixed i2d_ASN1_OBJECT() with an output buffer pointing to NULL.
    <li>Implemented RSA key exchange in constant time. This is done by
        decrypting with RSA_NO_PADDING and checking the padding in libssl
        in constant time. This is possible because the pre-master secret
        is of known length based on the size of the RSA key.
    <li>Rewrote SSL_select_next_proto() using CBS, also fixing a buffer
        overread that wasn't reachable when used as intended from an
        ALPN callback.
    <li>Avoid pushing a spurious error onto the error stack in
        ssl_sigalg_select().
    <li>Made fatal alerts fatal in QUIC.
    </ul>
  </ul>

<li>OpenSSH 9.8 and OpenSSH 9.9
  <ul>
  <li>Security fixes
    <ul>
    <li>Fix a critical race condition in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> that could be used to obtain remote code execution.
    <li>Fix a logic error in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> that rendered the ObscureKeystrokeTiming option ineffective.
    </ul>
  <li>New features
    <ul>
    <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> and <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> now support a new hybrid post-Quantum key exchange algorithm "mlkem768x25519-sha256" based on the recently-standardised FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) with ECDH using the X25519 group.
    <li>Support for DSA keys is now disabled at compile time in all OpenSSH tools.
    <li>Support for pre-authentication compression has been removed from <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> (it was removed from the server a long time ago).
    <li>The existing default post-quantum key exchange "sntrup761x25519-sha512@openssh.com" is now significantly faster in both <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> and <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, and is now available under the assigned name "sntrup761x25519-sha512".
    <li>Split <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> into two separate processes: a listener binary and a new sshd-session binary that handles each connection.
    <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a> will now penalise clients that connect without completing authentication, crash the server or perform other unwelcome activities. This behaviour is controlled via the PerSourcePenalties and PerSourcePenaltyExemptList <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> options.
    <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> now allows the HostkeyAlgorithms option to disable the implicit fallback from certificate host keys to plain host keys.
    <li>The <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> Include directive can now expand environment variables as well as the same set of %-tokens that are accepted for "Match Exec".
    <li>Add a new RefuseConnection directive to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> that will cause the connection to be immediately refused, and a corresponding "refuseconnection" penalty class that allows clients that have connections so refused to be penalised.
    <li>Add a new <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> "invalid-user" Match predicate that allows matching on invalid usernames, e.g. to allow penalisation of account/password guessers.
    <li>Add additional protection to private keys from being included in core dumps.
    </ul>
  <li>Bugfixes
    <ul>
    <li>Many bugfixes. Please see the <a href="https://www.openssh.com/releasenotes.html#9.9">release notes</a> for the full list.
    </ul>
  </ul>

<li>Ports and packages:
  <p>Many pre-built packages for each architecture:
  <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
  <ul style="column-count: 3">
    <li>aarch64:    12148
    <li>amd64:      12312
    <li>arm:        8177
    <li>i386:       10534
    <li>mips64:     8629
    <li>powerpc:    9809
    <li>powerpc64:  8314
    <li>riscv64:    10377
    <li>sparc64:    8797
  </ul>

  <p>Some highlights:
  <ul style="column-count: 3">
    <li>Asterisk 16.30.1, 18.24.3 and 20.9.3
    <li>Audacity 3.6.3
    <li>CMake 3.30.1
    <li>Chromium 128.0.6613.137
    <li>Emacs 29.4
    <li>FFmpeg 4.4.5
    <li>GCC 8.4.0 and 11.2.0
    <li>GHC 9.6.6
    <li>GNOME 46
    <li>Go 1.23.1
    <li>JDK 8u402, 11.0.24, 17.0.12 and 21.0.4
    <li>KDE Applications 24.05.2
    <li>KDE Frameworks 6.5.0
    <li>KDE Plasma 6.1.4
    <li>Krita 5.2.3
    <li>LLVM/Clang 13.0.0, 16.0.6 and 17.0.6
    <li>LibreOffice 24.8.1.2
    <li>Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.7
    <li>MariaDB 10.9.8
    <li>Mono 6.12.0.199
    <li>Mozilla Firefox 130.0.1 and ESR 128.2.0
    <li>Mozilla Thunderbird 128.2.3
    <li>Mutt 2.2.13 and NeoMutt 20240425
    <li>Node.js 20.17.0
    <li>OCaml 4.14.2
    <li>OpenLDAP 2.6.8
    <li>PHP 8.1.29, 8.2.23 and 8.3.11
    <li>Postfix 3.9.0
    <li>PostgreSQL 16.4
    <li>Python 2.7.18, 3.11.10
    <li>Qt 5.15.13 (+ kde patches) and 6.6.3
    <li>R 4.4.1
    <li>Ruby 3.1.6, 3.2.5 and 3.3.5
    <li>Rust 1.81.0
    <li>SQLite 3.44.2
    <li>Shotcut 24.04.28
    <li>Sudo 1.9.15.5
    <li>Suricata 7.0.6
    <li>Tcl/Tk 8.5.19 and 8.6.13
    <li>TeX Live 2023
    <li>Vim 9.1.707 and Neovim 0.10.1
    <li>Xfce 4.18.1
  </ul>
  <p>

<li>As usual, steady improvements in manual pages and other documentation.

<li>The system includes the following major components from outside suppliers:
  <ul><!-- all checked/updated 2024-09-21 -->
    <li>Xenocara (based on X.Org 7.7 with xserver 21.1.13 + patches,
        freetype 2.13.2, fontconfig 2.14.2, Mesa 23.3.6, xterm 393,
        xkeyboard-config 2.20, fonttosfnt 1.2.3 and more)
    <li>LLVM/Clang 16.0.6 (+ patches)
    <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    <li>Perl 5.38.2 (+ patches)
    <li>NSD 4.9.1
    <li>Unbound 1.21.0
    <li>Ncurses 6.4
    <li>Binutils 2.17 (+ patches)
    <li>Gdb 6.3 (+ patches)
    <li>Awk July 28, 2024
    <li>Expat 2.6.3
    <li>zlib 1.3.1 (+ patches)
  </ul>
</ul>
</section>

<hr>

<section id="install">
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 7.6 on your machine:

<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/alpha/INSTALL.alpha">
	.../OpenBSD/7.6/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/amd64/INSTALL.amd64">
	.../OpenBSD/7.6/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/arm64/INSTALL.arm64">
	.../OpenBSD/7.6/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/armv7/INSTALL.armv7">
	.../OpenBSD/7.6/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/hppa/INSTALL.hppa">
	.../OpenBSD/7.6/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/i386/INSTALL.i386">
	.../OpenBSD/7.6/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/landisk/INSTALL.landisk">
	.../OpenBSD/7.6/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/loongson/INSTALL.loongson">
	.../OpenBSD/7.6/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/luna88k/INSTALL.luna88k">
	.../OpenBSD/7.6/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/macppc/INSTALL.macppc">
	.../OpenBSD/7.6/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/octeon/INSTALL.octeon">
	.../OpenBSD/7.6/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/powerpc64/INSTALL.powerpc64">
	.../OpenBSD/7.6/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/riscv64/INSTALL.riscv64">
	.../OpenBSD/7.6/riscv64/INSTALL.riscv64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/7.6/sparc64/INSTALL.sparc64">
	.../OpenBSD/7.6/sparc64/INSTALL.sparc64</a>
</ul>
</section>

<hr>

<section id="quickinstall">
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!

<h3>OpenBSD/alpha:</h3>

<p>
If your machine can boot from CD, you can write <i>install76.iso</i> or
<i>cd76.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.

<h3>OpenBSD/amd64:</h3>

<p>
If your machine can boot from CD, you can write <i>install76.iso</i> or
<i>cd76.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.

<p>
If your machine can boot from USB, you can write <i>install76.img</i> or
<i>miniroot76.img</i> to a USB stick and boot from it.

<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.

<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.

<h3>OpenBSD/arm64:</h3>

<p>
If your machine can boot from CD, you can write <i>install76.iso</i> or
<i>cd76.iso</i> to a CD and boot from it.

<p>
To boot from disk, write <i>install76.img</i> or <i>miniroot76.img</i> to a
disk and boot from it after connecting to the serial console.  Refer to
INSTALL.arm64 for more details.

<h3>OpenBSD/armv7:</h3>

<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console.  Refer to INSTALL.armv7 for more details.

<h3>OpenBSD/hppa:</h3>

<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.

<h3>OpenBSD/i386:</h3>

<p>
If your machine can boot from CD, you can write <i>install76.iso</i> or
<i>cd76.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.

<p>
If your machine can boot from USB, you can write <i>install76.img</i> or
<i>miniroot76.img</i> to a USB stick and boot from it.

<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.

<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.

<h3>OpenBSD/landisk:</h3>

<p>
Write <i>miniroot76.img</i> to the start of the CF
or disk, and boot normally.

<h3>OpenBSD/loongson:</h3>

<p>
Write <i>miniroot76.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.

<h3>OpenBSD/luna88k:</h3>

<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.

<h3>OpenBSD/macppc:</h3>

<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.

<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/7.6/macppc/bsd.rd</i>

<h3>OpenBSD/octeon:</h3>

<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.

<h3>OpenBSD/powerpc64:</h3>

<p>
To install, write <i>install76.img</i> or <i>miniroot76.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.

<h3>OpenBSD/riscv64:</h3>

<p>
To install, write <i>install76.img</i> or <i>miniroot76.img</i> to a
USB stick, and boot with that drive plugged in.
Make sure you also have the microSD card plugged in that shipped with the
HiFive Unmatched board.
Refer to the instructions in INSTALL.riscv64 for more details.

<h3>OpenBSD/sparc64:</h3>

<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.

<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy76.img</i> or <i>floppyB76.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.

<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.

<p>
You can also write <i>miniroot76.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.

<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>

<hr>

<section id="upgrade">
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 7.5 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade76.html">Upgrade Guide</a>.
</section>

<hr>

<section id="sourcecode">
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout.  Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>

<hr>

<section id="ports">
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided.  To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point.  This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_7_6</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 7.6 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
</body>
</html>