Weekly release for w/c 8th of April 2024.
This update requires a reboot
-
For Intel CPUs that are vulnerable to Native Branch History Injection, the kernel now takes steps to scrub the CPU's Branch History Buffer (BHB) on certain context switches.
-
curl
has been updated to version 8.7.1, addressing: CVE-2024-2466, CVE-2024-2398, CVE-2024-2379 and CVE-2024-2004. -
Python has been updated to 3.11.9
-
A panic in ZFS in conjunction with SMB2 has been fixed.
-
A bug in
readline
that could cause crashes with unknown locales has been resolved. -
The system PCI and USB hardware databases have been updated.
-
For Intel CPUs which are not vulnerable to Post-barrier Return Stack Buffer (PBRSB) the kernel no longer spends time mitigating this.
Weekly release for w/c 18th of March 2024.
This update requires a reboot
-
AMD CPU microcode has been updated to 20240116.
-
Intel CPU microcode has been updated to 20240312.
-
Introduced a workaround for the recently published Intel Register File Data Sampling [RFDS] vulnerability in some Intel Atom CPUs - INTEL-SA-00898
-
Fix for a kernel panic in the SMB server caused by a race between cancel and completion functions - illumos 15985.
-
SHA-2 calculations that use libmd and a very large block size could produce incorrect hashes.
-
A POSIX normal lock would not properly deadlock on re-entry in a single-threaded application - illumos 16200.
-
Clock calibration in KVM environments now retrieves the clock frequency directly via an MSR. This fixes the calculation in environments such as AWS. This calibration method was previously only tried in VMWare guests.
-
Added support for e1000g I219 V17 and LM+V24-27,29 network cards.
-
The
ena
network driver has received a number of fixes that make it more stable on multi-processor instance types, and support for device reset has been added.
Weekly release for w/c 12th of February 2024.
This update requires a reboot
-
curl
updated to version 8.6.0 fixing CVE-2024-0853. -
libxml2
updated to version 2.11.7, fixing CVE-2024-25062.
-
The
ena
network driver has received a number of fixes that make it more stable in recent AWS EC2 instance types. -
Some improvements to PCI enumeration under BIOS boot as AWS EC2 guest have been integrated.
-
Timezone data has been updated to version 2024a.
Weekly release for w/c 29th of January 2024.
This is a non-reboot update
-
openssl
has been updated to version 3.1.5. Security fixes have been back-ported to the legacy 1.1 and 1.0 openssl packages. -
unzip
has been updated with a number of security fixes. -
OpenJDK packages have been updated to 1.8.402-06, 11.0.22+7 and 17.0.10+7.
-
unzip
now supports newer compression versions by virtue of being linked to libbz2. -
The virtio-scsi driver is now included in installation media and images to support installation in virtual environments with virtio-scsi boot disks.
-
The
zlib
package has been updated to version 1.3.1.
Weekly release for w/c 1st of January 2024.
This update requires a reboot
-
AMD CPU microcode has been updated to 20231205.
-
OpenSSH has been updated to version 9.6p1, containing mitigations for CVE-2023-48795, CVE-2023-46445, CVE-2023-46446, collectively known as the Terrapin attack.
-
A problem that could result in TCP data being lost during connection shutdown has been resolved.
-
Timezone data has been updated to 2023d.
-
A problem that could result in the unnecessary recompilation of python objects has been addressed. Updated
python-311
andcloud-init
packages have been published.
Weekly release for w/c 11th of December 2023.
This update requires a reboot
-
curl
has been updated to version 8.5.0. -
The OpenJDK packages have been upgraded to versions 1.8.392-08, 11.0.21+9 and 17.0.9+9.
-
perl
has been upgraded to version 5.63.3.
- A race condition in ZFS could cause a very recently written file to appear to
contain holes if inspected with
lseek(SEEK_DATA)
. This is very hard to hit in practice, although the GNUcp
command can trigger it and produce empty target files. The native illumos/OmniOScp
does not use lseek in this way and is unaffected.
Weekly release for w/c 13th of November 2023.
This update requires a reboot
-
Intel CPU microcode updated to 20231114, including a security update for INTEL-SA-00950.
-
AMD CPU microcode updated to 20231019.
- The UUID of a bhyve VM was changing on every zone restart. For VMs using cloud-init, this caused them to be considered as a new host on each cold boot.
Stable Release, 6th of Nov 2023
uname -a
shows omnios-r151048-24333ee74c
r151048 release repository: https://pkg.omnios.org/r151048/core
Upgrades are supported from the r151046 release only. If upgrading from an earlier version, upgrade in stages, referring to the table at https://omnios.org/upgrade.
-
OmniOS userland is now built with gcc version 13.
-
A number of improvements to datalink management have been integrated from upstream illumos. Known problems that could cause zones to get stuck while shutting down have been resolved.
-
A number of issues with managing interface state around IPv6 address have been resolved in this release.
-
Support for Zen 4 CPU performance counters has been added.
-
Use automatic IBRS on AMD Zen 4 platforms. This improves performance and reduces the overhead of virtual machine context switching.
-
A number of improvements to the in-kernel CIFS/SMB support have been imported from upstream illumos.
-
The lofi(4D) driver now supports DISCARD/TRIM.
-
Support for SMBIOS 3.7 has been added.
-
The
which
command has been replaced with an implementation written in C rather than in csh. The new version bases its decision on what the current user can execute on assigned privilege and not just file mode bits, so the output may be different in some cases. The new version does also not show csh alias expansions when invoked from csh, but note that tcsh is not affected by this as it has a built-inwhich
command. -
There is a new datalink property,
media
, which shows the media that is in use, as reported by the underlying driver. This new property is also present in the topology tree. -
The
ld
command parameter parsing has been tightened up, meaning that invalid combinations of options are now rejected as they should be. -
While it has always been supported,
make -w
is now documented in make(1). -
The svccfg(8) has gained a
-z
option, allowing it to operate on services within a non-global zone. -
ping
would fail if given an interval of 0.01 seconds. -
prtconf -dp
now works as the man page would suggest. Previously-d
was ignored in the presence of-p
. -
printmgr
has been removed. It has not been functional with modern java for a long time. -
snoop(8) can now capture into rotating output files via the new
-O
option. -
ucodeadm(8) has gained a
-t
option to specify the type of the microcode file being processed, rather than relying on the file name. -
dtrace
performance has been improved when setting up or tearing down many probes on systems with a high cpu count. -
truss
could fail to properly trace processes after switching data model.
-
The uuid library is now shipped with a pkg-config file to make using this easier from external software.
-
libuuid could previously produce invalid V4 UUIDs.
-
Name resolution for a DNS name which resolved only to multiple AAAA records would previously fail.
-
The getaddrinfo(3socket) function now supports being called with a socket type of ANY and with
AI_NUMERICSERV
present in the flags. -
A possible double free in
getallifaddrs()
has been fixed. -
strtonumx(3C) has been added as a companion to the existing
strtonum(3C)
function.
- A new experimental
emu
zone brand for running emulated systems (under qemu) is available. There is an example walk-through of using this to boot the experimental OmniOS aarch64/arm64 distribution in an emu-branded zone at https://omnios.org/setup/zadm
-
Booting a busybox distribution in an LX zone could previously corrupt the
/etc/init.d/networking
file in the zone. -
The
AT_SECURE
auxval is now always set for the root user. This improves compatibility with some applications. -
The
IPV6_RECVERR
socket option is now accepted by setsockopt(). It is implemented as a no-op, in the same way asIP_RECVERR
, but it no longer generates an error which sates some applications.
-
Guest page table population is now significantly faster, which improves guest boot times.
-
The
viona
virtual network driver now copies transmission buffers by default when handing them off. This improves situations when it was possible to starve the system of buffers on high bandwidth connections. -
A number of improvements have been made to the real-time clock within bhyve.
-
pkg list has gained
-o
and-F
options to control which columns are included in the output, and the format of that output. -
pkg list -i shows installable packages. These are packages which are available in the catalogue but are not installed on the current system image.
-
When packaging software, the
pkgdepend resolve
step would previously consume excessive memory.
-
NVMe 2.x devices are now supported, although currently only with NVMe 1.x features.
-
ATA PASS-THROUGH(16) is now supported. This enables the use of
smartctl
command on SATA disks without having to force the pass-through mode via-d sat,12
. -
Kernel support for newer AMD CPU revisions and socket types has been introduced.
-
The bundled firmware for cxgbe network cards has been updated to version 1.27.4.0.
-
The cxgbe driver now produces kstats for FEC events.
-
Version 13 of the
gcc
compiler has been added. -
The performance of the warning check phase of
nightly
has been significantly improved. -
The
header-nspr
,header-nss
andheader-idnkit
packages have been merged intolibrary/nspr
,library/nss
andlibrary/idnkit
respectively.
-
The
grub
boot loader is deprecated and will be removed in a future release. It will be supported in r151046 for the full LTS time frame, up to May 2026. If you have not yet migrated to the new boot loader, and would like assistance, please get in touch. -
Version 11 of the
gcc
compiler has been removed. Existing installed packages will be retained but no longer receive updates. -
OpenSSL 1.0.x and 1.1.1 are deprecated and reached end-of-support at the end of 2019 and in September 2023 respectively. OmniOS has transitioned to OpenSSL 3 and still ships older versions for backwards compatibility, but these are maintained solely on a best-efforts basis. If possible, recompile software to use OpenSSL 3.
-
Python 2 is now end-of-life and will not receive any further updates. The
python-27
package is still available for backwards compatibility but will be maintained only on a best-efforts basis. -
OpenSSH in OmniOS no longer provides support for GSSAPI key exchange. This was removed in release r151038.
Package | Old Version | New Version |
---|---|---|
archiver/gnu-tar | 1.34 | 1.35 |
compress/brotli | 1.0.9 | 1.1.0 |
compress/gzip | 1.12 | 1.13 |
compress/xz | 5.4.2 | 5.4.4 |
data/iso-codes | 4.13.0 | 4.15.0 |
database/sqlite-3 | 3.41.2 | 3.43.1 |
developer/gcc10 | 10.4.0 | 10.5.0 |
11.3.0 | Removed | |
developer/gcc12 | 12.2.0 | 12.3.0 |
developer/gcc13 | New | 13.2.0 |
developer/gnu-binutils | 2.40 | 2.41 |
developer/versioning/git | 2.40.1 | 2.42.0 |
developer/versioning/mercurial | 6.3.3 | 6.5.2 |
file/gnu-coreutils | 9.3 | 9.4 |
library/glib2 | 2.74.6 | 2.78.0 |
library/gmp | 6.2.1 | 6.3.0 |
2.3 | Removed | |
library/libxml2 | 2.10.4 | 2.11.5 |
library/mpfr | 4.2.0 | 4.2.1 |
library/nghttp2 | 1.52.0 | 1.56.0 |
4.35 | Removed | |
library/python-3/attrs-311 | 22.2.0 | 23.1.0 |
library/python-3/coverage-311 | 7.2.2 | 7.3.0 |
library/python-3/cryptography-311 | 39.0.2 | 41.0.3 |
library/python-3/meson-311 | 1.0.1 | 1.2.1 |
library/python-3/orjson-311 | 3.8.8 | 3.9.5 |
library/python-3/pip-311 | 23.0.1 | 23.2.1 |
library/python-3/pycodestyle-311 | 2.10.0 | 2.11.0 |
library/python-3/pyopenssl-311 | 23.0.0 | 23.2.0 |
library/python-3/pyyaml-311 | 6.0 | 6.0.1 |
library/python-3/rapidjson-311 | 1.10 | 1.11 |
library/python-3/setuptools-311 | 67.6.0 | 68.1.2 |
library/python-3/setuptools-rust-311 | 1.5.2 | 1.7.0 |
library/python-3/typing-extensions-311 | 4.5.0 | 4.7.1 |
library/security/openssl-11 | 1.1.1.22 | 1.1.1.23 |
library/security/openssl-3 | 3.0.12 | 3.1.4 |
library/unixodbc | 2.3.11 | 2.3.12 |
library/zlib | 1.2.13 | 1.3 |
media/xorriso | 1.5.4.2 | 1.5.6.2 |
network/dns/bind | 9.18.14 | 9.18.19 |
network/openssh | 9.3.2 | 9.4.1 |
network/openssh-server | 9.3.2 | 9.4.1 |
security/sudo | 1.9.13.3 | 1.9.14.3 |
service/network/chrony | 4.3 | 4.4 |
shell/pipe-viewer | 1.6.20 | 1.8.0 |
shell/tcsh | 6.24.7 | 6.24.10 |
system/data/hardware-registry | 2023.2.23 | 2023.8.24 |
system/library/dbus | 1.14.6 | 1.14.10 |
system/library/g++-runtime | 12 | 13 |
system/library/gcc-runtime | 12 | 13 |
system/library/gfortran-runtime | 12 | 13 |
system/library/gobjc-runtime | 12 | 13 |
system/library/libdbus | 1.14.6 | 1.14.10 |
system/library/mozilla-nss | 3.89 | 3.93 |
3.89 | Removed | |
system/library/pcap | 1.10.3 | 1.10.4 |
system/management/cloud-init | 23.1.1 | 23.1.2 |
system/management/snmp/net-snmp | 5.9.3 | 5.9.4 |
system/pciutils | 3.9.0 | 3.10.0 |
system/pciutils/pci.ids | 2.2.20230223 | 2.2.20230812 |
system/rsyslog | 8.2302.0 | 8.2308.0 |
system/test/fio | 3.34 | 3.35 |
system/virtualization/open-vm-tools | 12.2.0 | 12.3.0 |
system/zones/brand/emu | New | 0.5.11 |
text/gawk | 5.2.1 | 5.2.2 |
text/gnu-diffutils | 3.9 | 3.10 |
text/gnu-gettext | 0.21.1 | 0.22.2 |
text/gnu-grep | 3.10 | 3.11 |
text/groff | 1.22.4 | 1.23.0 |
text/less | 608 | 643 |
web/wget | 1.21.3 | 1.21.4 |
web/wget2 | 2.0.1 | 2.1.0 |