Weekly release for w/c 18th of November 2024.
This is a non-reboot update
-
curl
updated to version 8.11.0 -
expat
updated to version 2.6.4 -
wget
updated to version 1.25.0 -
OpenJDK packages updated to versions 1.8.432-06, 11.0.25+9 and 17.0.13+11.
Weekly release for w/c 21st of October 2024.
This is a non-reboot update
-
The
gcc10
compiler has been updated to understand that various illumos kernel functions that take format strings can now understand the%j
and%z
length modifiers. -
gcc 14.2.0-il-1 has been added as a new
gcc14
package. -
Meson has been upgraded from version 1.0.1 to 1.5.1.
Weekly release for w/c 30th of September 2024.
This update requires a reboot
- Intel CPU microcode has been updated to 20240910.
-
The SMB client now has support for the SMB3 encryption feature. Encryption can also be required on illumos SMB server shares by including
encrypt=required
in the share properties. -
The
pkg
client has been updated to consider unknown variants asfalse
by default. This enables developers to useonu
with recent versions of illumos gate.
Weekly release for w/c 9th of September 2024.
This is a non-reboot update
-
Python updated to version 3.11.10
-
Expat updated to version 2.6.3
Weekly release for w/c 2nd of September 2024.
This is a non-reboot update
-
OpenSSL updated to version 3.0.15.
-
Git updated to version 2.40.3
- The
bhyve
branded zone can now handle up to 16 VNICs.
Weekly release for w/c 29th of July 2024.
This is a non-reboot update
-
Curl updated to version 8.9.1.
-
OpenJDK packages updated to versions 1.8.422-05, 11.0.24+8 and 17.0.12+7.
Weekly release for w/c 22nd of July 2024.
This update requires a reboot
- AMD CPU Microcode updated to version 20240710.
- The compatibility copy of the PCI IDs file in
/usr/share/pci.ids.gz
delivered bypkg://system/pciutils/pci.ids
was mistakenly empty. This file has been removed and the same package now provides a symbolic link from/usr/share/pci.ids
to/usr/share/hwdata/pci.ids
to support software which incorrectly assumes the wrong location.
Weekly release for w/c 1st of July 2024.
This is a non-reboot update
- The
openssh
andopenssh-server
packages have been updated to mitigate the regreSSHion security vulnerability.
Weekly release for w/c 24th of June 2024.
This update requires a reboot
-
The
ena
driver has been updated fixing a panic under heavy traffic. -
rsync
is now built with IPv6 support.
Weekly release for w/c 3rd of June 2024.
This update requires a reboot
-
OpenSSL packages have been updated to versions 3.0.14 and 1.1.1w-2.
-
OpenJDK packages have been updated to versions 1.8.412-08, 11.0.23+9 and 17.0.11+9.
- Support for 38xx HBAs has been added to the
mpt_sas
driver.
Weekly release for w/c 27th of May 2024.
This update requires a reboot
-
ncurses
has been updated to version 6.4.20240309. -
tmux
has been updated to version 3.3a, and patched to resolve CVE-2022-47016.
-
The algorithm for picking a hot spare to use in a ZFS pool has been updated so that spares are first sorted in ascending size order. This means that the smallest appropriate usable spare will be selected.
-
Added support for Open File Descriptor (OFD) locks to the
lx
zone brand in order to support systemd v254 and newer. -
The bhyve emulated USB tablet device which is used for mouse support under VNC has been fixed so that it works properly with Linux guests running newer kernel versions.
-
If given a very large input (2^29 bytes or more), the illumos crypto code could previously produce incorrect SHA1 hashes. This has been resolved in this update.
Weekly release for w/c 8th of April 2024.
This update requires a reboot
-
For Intel CPUs that are vulnerable to Native Branch History Injection, the kernel now takes steps to scrub the CPU's Branch History Buffer (BHB) on certain context switches.
-
curl
has been updated to version 8.7.1, addressing: CVE-2024-2466, CVE-2024-2398, CVE-2024-2379 and CVE-2024-2004. -
Python has been updated to 3.11.9
-
A bug in
readline
that could cause crashes with unknown locales has been resolved. -
The system PCI and USB hardware databases have been updated.
-
For Intel CPUs which are not vulnerable to Post-barrier Return Stack Buffer (PBRSB) the kernel no longer spends time mitigating this.
Weekly release for w/c 18th of March 2024.
This update requires a reboot
-
AMD CPU microcode has been updated to 20240116.
-
Intel CPU microcode has been updated to 20240312.
-
Introduced a workaround for the recently published Intel Register File Data Sampling [RFDS] vulnerability in some Intel Atom CPUs - INTEL-SA-00898
-
Fix for a kernel panic in the SMB server caused by a race between cancel and completion functions - illumos 15985.
-
SHA-2 calculations that use libmd and a very large block size could produce incorrect hashes.
-
A POSIX normal lock would not properly deadlock on re-entry in a single-threaded application - illumos 16200.
-
Clock calibration in KVM environments now retrieves the clock frequency directly via an MSR. This fixes the calculation in environments such as AWS. This calibration method was previously only tried in VMWare guests.
-
Added support for e1000g I219 V17 and LM+V24-27,29 network cards.
-
The
ena
network driver has received a number of fixes that make it more stable on multi-processor instance types, and support for device reset has been added.
Weekly release for w/c 12th of February 2024.
This update requires a reboot
-
curl
updated to version 8.6.0 fixing CVE-2024-0853. -
libxml2
updated to version 2.11.7, fixing CVE-2024-25062.
-
The
ena
network driver has received a number of fixes that make it more stable in recent AWS EC2 instance types. -
Some improvements to PCI enumeration under BIOS boot as AWS EC2 guest have been integrated.
-
Timezone data has been updated to version 2024a.
Weekly release for w/c 29th of January 2024.
This is a non-reboot update
-
openssl
has been updated to version 3.0.13. Security fixes have been back-ported to the legacy 1.1 and 1.0 openssl packages. -
unzip
has been updated with a number of security fixes. -
OpenJDK packages have been updated to 1.8.402-06, 11.0.22+7 and 17.0.10+7.
-
unzip
now supports newer compression versions by virtue of being linked to libbz2. -
The virtio-scsi driver is now included in installation media and images to support installation in virtual environments with virtio-scsi boot disks.
Weekly release for w/c 1st of January 2024.
This update requires a reboot
-
AMD CPU microcode has been updated to 20231205.
-
OpenSSH has been updated to version 9.6p1, containing mitigations for CVE-2023-48795, CVE-2023-46445, CVE-2023-46446, collectively known as the Terrapin attack.
-
A problem that could result in TCP data being lost during connection shutdown has been resolved.
-
Timezone data has been updated to 2023d.
-
A problem that could result in the unnecessary recompilation of python objects has been addressed. Updated
python-311
andcloud-init
packages have been published.
Weekly release for w/c 11th of December 2023.
This update requires a reboot
-
curl
has been updated to version 8.5.0. -
The OpenJDK packages have been upgraded to versions 1.8.392-08, 11.0.21+9 and 17.0.9+9.
-
perl
has been upgraded to version 5.63.3.
- A race condition in ZFS could cause a very recently written file to appear to
contain holes if inspected with
lseek(SEEK_DATA)
. This is very hard to hit in practice, although the GNUcp
command can trigger it and produce empty target files. The native illumos/OmniOScp
does not use lseek in this way and is unaffected.
Weekly release for w/c 13th of November 2023.
This update requires a reboot
-
Intel CPU microcode updated to 20231114, including a security update for INTEL-SA-00950.
-
AMD CPU microcode updated to 20231019.
- The
pgrep
utility could print out the wrong process name and arguments when the-o
or-n
option was used in conjunction with-f
or-v
.
Weekly release for w/c 23rd of October 2023.
This is a non-reboot update
openssl
updated to version 3.0.12, fixing CVE-2023-5363
Weekly release for w/c 09th of October 2023.
This is a non-reboot update
curl
updated to version 8.4.0, fixing CVE-2023-38545, CVE-2023-38546.
- pkgdepend(1) used an excessive amount of memory when performing the resolution step.
Weekly release for w/c 18th of September 2023.
This is a non-reboot update
-
Curl has been updated to version 8.3.0
-
OpenJDK has has been updated to 11.0.20.1+1 and 17.0.8.1+1
-
Python has been updated to version 3.11.5
-
OpenSSL has been updated to version 3.0.11
Weekly release for w/c 21st of August 2023.
This update requires a reboot
-
bhyve: fully reset the fwctl state if the guest requests it CVE-2023-3494.
-
Update Intel CPU microcode to 20230808. Contains mitigations for CVE-2022-40982, CVE-2022-41804, CVE-2023-23908.
-
Update AMD CPU microcode to 20230808. Contains mitigations for CVE-2023-20569.
-
screen
has been updated to version 4.9.1 which includes a fix for CVE-2023-24626. Note that this exploit required thatscreen
be installed set-uid, which it is not be default on OmniOS.
-
bhyve: take more care around
VM_MAXCPU
. A priviliged user could trigger a kernel panic. -
LX: always set the
AT_SECURE
auxval to better emulate Linux and fix problems with recentdconf
OS-8480. -
The version of the nettle cryptography library bundled with chrony has been updated.
Weekly release for w/c 31st of July 2023.
This is a non-reboot update
-
OpenSSL packages updated to versions 3.0.10 / 1.1.1v / 1.0.2u-1, resolving CVE-2023-3817, CVE-2023-3446, CVE-2023-2975.
-
OpenJDK 8 has been updated to version 1.8.0u382-b05.
Weekly release for w/c 24th of July 2023.
This update requires a reboot
-
AMD CPU microcode updated to 20230719, mitigating CVE-2023-20593 on some Zen2 processors.
-
Intel CPU microcode updated to 20230512, refer to Intel's release notes for details.
Weekly release for w/c 17th of July 2023.
This update requires a reboot
-
OpenSSH updated to version 9.3p2, fixing CVE-2023-38408.
-
The prgetsecflags() interface leaked a small (4 byte) portion of kernel stack memory - illumos 15788.
-
OpenJDK packages have been updated to 11.0.20+8 and 17.0.8+7.
-
Various improvements to the SMB idmap service have been backported:
- illumos 14306
- illumos 15556
- illumos 15564
Most notably, it was previously possible to get flurries of log messages
of the form
Can't get SID for ID=0 type=0
and this is now resolved.
-
The UUID generation library could produce invalid V4 UUIDs.
-
An issue with python header files that could cause some third party software to fail compilation has been resolved.
Weekly release for w/c 19th of June 2023.
This update requires a reboot
-
Python has been updated to version 3.11.4;
-
Vim has been updated to version 9.0.1443.
-
SMB NetLogon Client Seal support;
-
Windows clients could get disconnected when copying files to an SMB share;
-
%ymm registers were not correctly restored after signal handler;
-
The
svccfg
command now supports a-z
flag to manage services within zones; -
The startup timeout for the
system/zones
service has been increased to resolve problems when starting a large number of bhyve zones in parallel in conjunction with a memory reservoir configuration; -
Use automatic IBRS when available;
-
blkdev
andlofi
did not properly initialise cmlb minor nodes; -
The ping command would fail when invoked with
-I 0.01
; -
In exceptional circumstances, a zone could become stuck during halt due to lingering IP references;
-
An issue with resolving DNS names which have only multiple AAAA records has been resolved;
-
Improvements within the
nvme
driver to resolve a race and allow it to bind to devices that are under a legacy PCI root; -
In exception circumstances, the system could panic when dumping a userland process core.
Weekly release for w/c 29th of May 2023.
This is a non-reboot update
-
Curl has been updated to version 8.1.2, fixing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322.
-
OpenSSL has been updated to versions 1.1.1u and 3.0.9, fixing CVE-2023-2650. OpenSSL 1.0.2 has also been patched against this.
Stable and Long-Term-Supported (LTS) Release, 1st of May 2023
uname -a
shows omnios-r151046-82ebda23c9
r151046 release repository: https://pkg.omnios.org/r151046/core
Upgrades are supported from the r151038, r151040, r151042 and r151044 releases only. If upgrading from an earlier version, upgrade in stages, referring to the table at https://omnios.org/upgrade.
-
Python has been upgraded to version 3.11, replacing version 3.10 used in the previous release.
-
NVMe devices are now identified using their namespace GUID, if supported. This may result in the device ID of any NVMe drives changing on the first boot into this release, with accompanying messages on the console.
-
Joining a windows domain via
smbadm join
now automatically updates the local administrators group to include domain administrators. If necessary,smbadm remove-member
can be used to adjust membership. -
SMB now supports 256-bit ciphers.
-
SMB now has a new configuration option to enable support for short names. Only very old applications on old clients need short names, however it is necessary to support running the Windows Protocol Test Suites.
-
The omnios-build framework has seen extensive changes as a result of introducing support for building packages for different architectures. Many packages can now be built for 64-bit ARM by passing
-a aarch64
to the build script, and a regularly updated testing image is maintained at https://downloads.omnios.org/media/braich/.
-
The
which
command has been replaced. The new version fixes a number of issues with the old but will no-longer show aliases when invoked from the csh. -
csh
itself is now mediated and will automatically be replaced bytcsh
if that package is installed. To switch /usr/bin/csh back to the illumos version, invoke:pfexec pkg set-mediator -I illumos csh
-
nvmeadm
has been updated to show and refer to namespaces by their namespace IDs, rather than an index. There have also been changes in thelist
sub-command to better support namespaces. -
smbadm
has been enhanced with the ability to read credentials from stdin. -
The
ls
command can now show SIDs instead of ephemeral IDs. Refer to ls(1), in particular the section that discusses the-n
option. -
pcieadm
has been updated so that its help messages include the list of available fields. -
find
's -useracl and -groupacl options could produce false positive matches due to ignoring an ACL entry's type. -
The
cxgbetool
command now accepts instance names rather than device paths, making it easier to use. -
The
media/cdrtools
package has been replaced bymedia/xorriso
which provides compatiblecdrecord
andmkisofs
utilities.
-
The
isatty()
function has been updated so that it always setserrno
when returning 0. Although both behaviours are compliant with the POSIX standard, some third party software incorrectly expects errno to be set. -
When retrieving a list of interface addresses via the
SIOCGLIFCONF
ioctl, thesin6_scope_id
field is now filled in. -
libpcre2 now includes 16 and 32-bit character support.
- There have been several improvements to zone networking so that links created directly within a zone are now properly cleaned up. In general, cleaning up links on zone halt is much improved.
-
The
virtio-viona
network driver now supports a control queue and promiscuous mode. -
A new
kstat
has been added to show details of the vmm reservoir. -
The virtio 9p buffers have been expanded to improve performance.
-
bhyve supports more customisation of
smbios
data via the-B
option and via configuration file directives. -
The emulated
nvme
driver has been updated as a result of additional compliance testing.
-
The ZFS
autoexpand
property now works for root pools. -
It is now possible to directly import a root pool from a
/devices
path. -
zpool list
no longer truncates long device names to 64 characters. -
zfs allow
could display incorrect information for filesystems which hadallow -c
set but notallow -s
.
- The
snoop
command has been split into its own package.
- The bundled firmware in the
cxgbe
driver has been updated to version 1.27.1.0.
-
ctfdump
now additionally displays bitfield member offsets in bytes and fractions of bytes. -
errc
,verrc
,warnc
andvwarnc
functions have been added to libc. -
ld
now fills out more of thePT_DYNAMIC
section which resolves inter-operability problems with recently releasedbinutils
. -
intro(9F) has been rewritten and extended to better introduce kernel programming topics.
-
The
gcc12
compiler has a new-fforce-omit-frame-pointer
that can be used for building things that absolutely require the frame pointer to be omitted. This hinders the debugability of the generated artefacts with tools such asmdb
anddtrace
. -
gcc
has been updated to allow the%h
and%hh
length modifiers in kernel code.
-
The
grub
boot loader is deprecated and is scheduled for removal in the r151048 release. It will be supported in r151046 for the full LTS time frame, up to May 2026. If you have not yet migrated to the new boot loader, and would like assistance, please get in touch. -
The Service Location Protocol (SLP) service that was provided by the
service/network/slp
package is no longer shipped with OmniOS. SLP is a legacy protocol that has a number of known security problems, such as CVE-2023-29552. -
OpenSSH in OmniOS no longer provides support for GSSAPI key exchange. This was removed in release r151038.
-
Python 2 is now end-of-life and will not receive any further updates. The
python-27
package is still available for backwards compatibility but will be maintained only on a best-efforts basis. -
OpenSSL 1.0.x is deprecated and reached end-of-support at the end of 2019. OpenSSL 1.1.1 will reach end-of-support in September 2023. OmniOS has transitioned to OpenSSL 3 and still ships OpenSSL 1.1.1 for compatibility. The OpenSSL 1.0.2 libraries are also retained for backwards compatibility but are maintained solely on a best-efforts basis.
Package | Old Version | New Version |
---|---|---|
compress/xz | 5.2.6 | 5.4.2 |
data/iso-codes | 4.11.0 | 4.13.0 |
database/sqlite-3 | 3.39.4 | 3.41.2 |
developer/build/gnu-make | 4.3 | 4.4.1 |
developer/gnu-binutils | 2.39 | 2.40 |
developer/nasm | 2.15.5 | 2.16.1 |
developer/swig | 4.0.2 | 4.1.1 |
developer/versioning/git | 2.37.7 | 2.40.1 |
developer/versioning/mercurial | 6.2.2 | 6.3.3 |
file/gnu-coreutils | 9.1 | 9.3 |
library/c++/sigcpp | 3.2.0 | 3.4.0 |
library/expat | 2.4.9 | 2.5.0 |
library/glib2 | 2.74.0 | 2.74.6 |
library/libffi | 3.4.3 | 3.4.4 |
library/mpc | 1.2.1 | 1.3.1 |
library/mpfr | 4.1.0 | 4.2.0 |
library/ncurses | 6.3 | 6.4 |
library/nghttp2 | 1.50.0 | 1.52.0 |
library/nspr | 4.34.1 | 4.35 |
library/nspr/header-nspr | 4.34.1 | 4.35 |
library/pcre2 | 10.40 | 10.42 |
library/python-3/attrs-311 | 22.1.0 | 22.2.0 |
library/python-3/coverage-311 | 6.4.4 | 7.2.2 |
library/python-3/crossenv-311 | New | 1.4.0 |
library/python-3/cryptography-311 | 38.0.1 | 39.0.2 |
library/python-3/jsonschema-311 | 4.16.0 | 4.17.3 |
library/python-3/meson-311 | 0.63.2 | 1.0.1 |
library/python-3/orjson-311 | 3.8.0 | 3.8.8 |
library/python-3/pip-311 | 22.2.2 | 23.0.1 |
library/python-3/pycodestyle-311 | 2.9.1 | 2.10.0 |
library/python-3/pyopenssl-311 | 22.0.0 | 23.0.0 |
library/python-3/pyrsistent-311 | 0.18.1 | 0.19.3 |
library/python-3/rapidjson-311 | 1.8 | 1.10 |
library/python-3/setuptools-311 | 65.3.0 | 67.6.0 |
library/python-3/typing-extensions-311 | 4.3.0 | 4.5.0 |
library/readline | 8.1.2 | 8.2 |
3.1 | Removed | |
media/xorriso | New | 1.5.4.2 |
network/dns/bind | 9.18.7 | 9.18.14 |
network/openssh | 9.0.1 | 9.3.1 |
network/openssh-server | 9.0.1 | 9.3.1 |
network/rsync | 3.2.6 | 3.2.7 |
network/service/isc-dhcp | 4.4.3 | 4.4.3.1 |
network/snoop | New | 0.5.11 |
network/socat | 1.7.4.3 | 1.7.4.4 |
3.10.11 | Removed | |
runtime/python-311 | New | 3.11.3 |
security/sudo | 1.9.12.2 | 1.9.13.3 |
service/network/ntpsec | 1.2.1 | 1.2.2 |
0.5.11 | Removed | |
shell/bash | 5.1.16 | 5.2.15 |
shell/tcsh | 6.24.1 | 6.24.7 |
system/bhyve/firmware | 20220329 | 20230201 |
system/data/hardware-registry | 2022.9.9 | 2023.2.23 |
system/data/urxvt-terminfo | 9.30 | 9.31 |
system/library/dbus | 1.14.2 | 1.14.6 |
system/library/libdbus | 1.14.2 | 1.14.6 |
system/library/mozilla-nss | 3.83 | 3.89 |
system/library/mozilla-nss/header-nss | 3.83 | 3.89 |
system/library/pcap | 1.10.1 | 1.10.3 |
system/management/cloud-init | 22.3 | 23.1.1 |
system/pciutils | 3.8.0 | 3.9.0 |
system/pciutils/pci.ids | 2.2.20220909 | 2.2.20230223 |
system/rsyslog | 8.2208.0 | 8.2302.0 |
system/test/fio | 3.32 | 3.34 |
system/virtualization/open-vm-tools | 12.1.0 | 12.2.0 |
text/gawk | 5.2.0 | 5.2.1 |
text/gnu-diffutils | 3.8 | 3.9 |
text/gnu-gettext | 0.21 | 0.21.1 |
text/gnu-grep | 3.8 | 3.10 |
text/gnu-sed | 4.8 | 4.9 |