Released Oct 16, 2023. (55th OpenBSD release) Copyright 1997-2023, Theo de Raadt. Artwork by Jessica Scott.
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via |
This is a partial list of new features and systems included in OpenBSD 7.4. For a comprehensive list, see the changelog leading to 7.4.
O_CLOEXEC
flag.
<uchar.h>
declaring the
types char32_t
and char16_t
and the
functions c32rtomb(3),
mbrtoc32(3),
c16rtomb(3), and
mbrtoc16(3).
${.VARIABLES}
in
make(1),
listing the names of all global variables that have been set.
-u
option to select
utrace(2)
tracepoints by label.
--size-only
and
--ignore-times
.
/bin/sh
if $SHELL
is undefined.
/var/db/libc.tags
again.
-s
mode, allowing non-interactive use.
ATA_SMART_READ
and
ATA_SMART_THRESHOLD
revisions mismatch, as long as
checksums are OK.
test -t
in
ksh(1).
pkg_add -u
now also works if -stable packages
are available.
hw.battery.charge*
.
Support them with
acpithinkpad(4)
and aplsmc(4).
hw.ucomnames
sysctl(2).
/bsd.upgrade
to prevent re-upgrade, like other
architectures.
_shutdown
group. The idea is that system
administrators can now remove most users from the excessively
powerful operator
group, which in particular
provides read access to disk device nodes.
net.inet6.icmp6.nd6_queued
to show the number of packets
waiting for an ND6 response, analogous to ARP.
pass all
rule so all
forms of neighbor advertisements are allowed in either direction.
keep state
and nat-to
actions for unsolicited ICMP error responses.
Tighten the rule matching logic so ICMP error responses
no longer match keep state
rule.
In typical scenarios, ICMP errors (if solicited) should match
existing state. The change is going to bite firewalls which deal
with asymmetric routes. In those cases the keep state
action should be relaxed to sloppy or new no state
rule to explicitly match ICMP errors should be added.
NULL
pointer
access when a group description is specified but it is invalid,
unsupported, or memory allocation or key generation fails.
ext-community * *
matching which also affects
filters removing all ext-communities.
bgpctl show rib 192.0.2.0/24 detail
.
Also add various flowspec specific commands.
GRACEFUL_SHUTDOWN
filter rule in
the example config to only match on ebgp sessions.
LINKTYPE_*
values in pcap headers written
on foreign operating systems.
ndp -d
.
tlsv1.0
and tlsv1.1
options
in relayd(8)
do nothing, as one should use the default tlsv1.2
instead.
--enable-libtls-only
is specified at configure time.
-O2
into the compiler flags,
instead using flags from the CMake build type instead.
Release
. This can be overridden
during configuration.
ssh -Q CASignatureAlgorithms
only list signature
algorithms that are valid for CA signing. Previous behaviour was
to list all signing algorithms, including certificate algorithms.
ssh-keygen -l
on multiple keys where one has a comment
and other following keys do not.
Many pre-built packages for each architecture:
Some highlights:
Please refer to the following files on the mirror site for extensive details on how to install OpenBSD 7.4 on your machine:
Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!
If your machine can boot from CD, you can write install74.iso or cd74.iso to a CD and boot from it. Refer to INSTALL.alpha for more details.
If your machine can boot from CD, you can write install74.iso or cd74.iso to a CD and boot from it. You may need to adjust your BIOS options first.
If your machine can boot from USB, you can write install74.img or miniroot74.img to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.
Write install74.img or miniroot74.img to a disk and boot from it after connecting to the serial console. Refer to INSTALL.arm64 for more details.
Write a system specific miniroot to an SD card and boot from it after connecting to the serial console. Refer to INSTALL.armv7 for more details.
Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.
If your machine can boot from CD, you can write install74.iso or cd74.iso to a CD and boot from it. You may need to adjust your BIOS options first.
If your machine can boot from USB, you can write install74.img or miniroot74.img to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.
Write miniroot74.img to the start of the CF or disk, and boot normally.
Write miniroot74.img to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details.
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details.
Burn the image from a mirror site to a CDROM, and power on your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot.
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /7.4/macppc/bsd.rd
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details.
To install, write install74.img or miniroot74.img to a USB stick, plug it into the machine and choose the OpenBSD install menu item in Petitboot. Refer to the instructions in INSTALL.powerpc64 for more details.
To install, write install74.img or miniroot74.img to a USB stick, and boot with that drive plugged in. Make sure you also have the microSD card plugged in that shipped with the HiFive Unmatched board. Refer to the instructions in INSTALL.riscv64 for more details.
Burn the image from a mirror site to a CDROM, boot from it, and type boot cdrom.
If this doesn't work, or if you don't have a CDROM drive, you can write floppy74.img or floppyB74.img (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
You can also write miniroot74.img to the swap partition on the disk and boot with boot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64.
If you already have an OpenBSD 7.3 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide.
src.tar.gz
contains a source archive starting at /usr/src
.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
# mkdir -p /usr/src # cd /usr/src # tar xvfz /tmp/src.tar.gz
sys.tar.gz
contains a source archive starting at /usr/src/sys
.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys # cd /usr/src # tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as described here. Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree.
A ports tree archive is also provided. To extract:
# cd /usr # tar xvfz /tmp/ports.tar.gz
Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. Rather, it is a set of notes meant to kickstart the user on the OpenBSD ports system.
The ports/ directory represents a CVS checkout of our ports. As with our complete source tree, our ports tree is available via AnonCVS. So, in order to keep up to date with the -stable branch, you must make the ports/ tree available on a read-write medium and update the tree with a command like:
# cd /usr/ports # cvs -d [email protected]:/cvs update -Pd -rOPENBSD_7_4
[Of course, you must replace the server name here with a nearby anoncvs server.]
Note that most ports are available as packages on our mirrors. Updated ports for the 7.4 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list [email protected] is a good place to know.