Improved vnet(4) to work better in busy conditions.
+
+
Added a bpf(4) timeout (BIOCSWTIMEOUT) between capturing a packet and making the buffer readable, preventing for example pflogd(8) waking every half second even if there is nothing to read. By default this buffer is infinite and must be filled to become readable.
+
Disabled jump tables by default on sparc64 in preparation for default execute-only.
+
Stopped holding the vm_map lock while flushing pages in msync(2) and madvise(2). Prevents a 3-thread deadlock between msync(2), page-fault and mmap(2).
+
+
Removed dangerous user-settable "addr" variable from MI bootloader, only compiling tty-related code on platforms where it makes sense for the bootloader to control it.
+
Made time(1) work correctly in the luna88k bootloader.
+
+
+
Fixed ssh(1) progressmeter corruption on wide displays.
+
Added lastcomm(1) reporting for process kills due to execve(2) from non-pinned syscall address
+
Attached Apollo Lake HD Audio device to azalia(4), enabling audio.
+
Made rpki-client(8) ensure there is no trailing garbage in signed objects.
+
+
Fixed a possible freeze in execve(2) when a dual-cpu macppc started daemons during boot.
+
Improved the default choice for the installer's install media disk question.
+
Made pinsyscall(2) always available for pledged processes.
+
Added psci(4) support for available deep idle states as advertised in device trees.
+
Prevented potential panics by disallowing the iwx(4) init task from running in parallel to wakeup code during resume.
+
+
+
+
Used pinsyscall(2) to tell the kernel the location of the execve stub in libc.so, so it must be called from that region in non-static binaries or else the process will be killed.
+
Made the kernel validate the execve(2) libc stub location.
+
+
Fixed rsync(1) handling of port numbers in rsync://host[:port]/module URLS.
+
Added -mpls to the route(8) monitor case.
+
+
Added scmi(4), a driver for the ARM System Control and Management Interface.
+
Added support for RK356x TSADC clocks to rkclock(4).
+
Added dwqe(4), a driver for the Synopsis DesignWare Ethernet QoS controller used on the NXP i.MX8MP, the Rockchip RK35XX series and Intel Elkhart Lake.
+
Added support for the Shenzhen Tangcheng Technology TCS4525 voltage regulator to fanpwr(4).
+
Made efiboot fdt support device trees with NOPs in them (like the kernel version).
+
Fixed an alignment issue in iwx(4) Rx descriptors.
+
Ensured execute-only rules are applied to forked processes.
+
+
+
Removed backwards compatible padded functions in the kernel.
+
+
Made ls(1) work correctly in the luna88k bootloader.
+
Added iked(8) support for configuring multiple name servers.
+
Allowed ssh-keygen(1) and ssh-keyscan(1) to accept -0hashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection.
+
Added an sshd(8) -G option that parses and prints the effective configuration without attempting to load private keys and perform other checks.
+
Stopped the installer from asking to initialize disks that have softraid(4) chunks.
+
Ensured there is a terminating newline when adding a new entry to ssh(1) known_hosts.
+
+
Prevented an openssl(1) crash upon inspecting malformed PKCs7 files.
+
+
Switched sparc64 to default --execute-only.
+
Fixed arbitrary memory read in x509 GENERAL_NAME_cmp().
+
Extended disklabel(8) template parsing to allow "[mount point] *" as the specification for putting the maximum available free space into a partition, and extended command line parsing to allow "T-" as the specification to read the template from stdin.
+
Added a tmux(1) L modifier like P, W, S to loop over clients.
+
+
Made vmd(8) scan the pci bus to determine bootorder strings.
+
Prevented smtpd(8) abort due to a connection from a local, scoped ipv6 address.
+
Made tcpdrop(8) accept netstat-style address.port syntax.
+
On amd64 cpu with the PKU feature, forced the PKU register to inhibit data read against PKU key1 memory on every exit from kernel to userland and abort the process on (some) traps into the kernel if the register is changed, offering execute-only functionality on most modern intel and AMD cpus.
+
Made ppb(4) bus range available after detaching, fixing unplugging and replugging thunderbolt devices that were plugged in when the machine was booted.
+
+
Revised arm64 implementation of pmap_protect(9) in preparation for execute-only support.
+
In disklabel(8), used the size of the largest chunk of free space, not the total of all such chunks, when checking for sufficient space to add a partition.
+
+
+
Changed arm64 suspend idle loop from WFE to WFI, avoiding spurious wakeups while other CPUs are still active.
+
Changed vmd(8) to only open /dev/vmm once, having the parent process send the fd to the vmm child process.
+
Added dwge(4) support for "enhanced descriptor" mode found on some variants of the Synopsys DesignWare GMAC.
+
Changed the ld.lld(1) default to --execute-only on amd64 and sparc64.
+
Created /dev/efi on amd64 and arm64.
+
Implemented access to EFI variables ESRT through an ioctl(2) interface compatible with what FreeBSD and NetBSD have.
+
+
Made amd64 cpuid recognize protection keys for supervisor mode (PKS).
+
Fixed .wav files generated by aucat(1) by using extended header format.
+
Added aspa-set to openbgpd config output in rpki-client(8), which can be disabled with the -A flag.
+
+
Prepared the mips64 (octeon, loongson) kernel to run --execute-only ld.so(1).
+
Switched hppa, arm64 and riscv64 to --execute-only by default.
+
Added ASPA validation functions to the bgpd(8) RDE.
+
+
Enabled TLB read inhibit on OCTEON Plus and newer SoCs.
+
Added mips64 TLB bypass for instruction emulation.
+
Added MIPS64r2 TLB read inhibit support.
+
Added retguard to amd64 syscalls.
+
Prepared hppa ld.so(1) to support execute-only text.
+
Switched luna88k boot loader to MI boot code.
+
Fixed frame buffer corruption and additional bugs after wakeup on Apple Silicon laptops and the Lenovo x13s.
+
Added short options for timeout(1) --foreground and --preserve-status.
+
+
Hid the WAITPKG cpu feature from vmm(4) guests, preventing invalid instruction exceptions. Also added WAITPKG feature identification to i386 and amd64.
+
Set the arm64 default for the machdep.lidaction sysctl(8) to 1.
+
Generated "combreloc" scripts for the new ld.bfd(1) linker script template.
+
Adopted a workaround for a bug in the ARM generic timer on the A64, disabling userland timecounter support on affected hardware pending a similar libc workaround.
+
Added the audioctl(8) -w option to display variables periodically.
+
Made ld.lld(1) accept --executable-only on aarch64, riscv64 and mips64.
+
Made net80211 drop beacons received on secondary HT/VHT channels, preventing iwm(4) firmware panics and making association work with 11ac APs which transmit beacons on channels other than their primary.
+
Made use of the PA-RISC architecture supporting execute-only mappings with a "remain at privilege level 3" gateway page.
+
+
Removed copystr(9) from public API.
+
+
Added an sshd_config(5) ChannelTimeouts directive that allows configurable channel inactivity timeouts.
+
Ensured that the signal trampoline can be PROT_EXEC everywhere.
+
Added a dummy --no-execute-only option to ld.bfd(1) for compatibility with ld.lld(1) architectures, useful for ports.
+
Ensured pfctl(8) correctly adds addresses to the undefined/inactive
+ table.
+
+
Suppressed sftp(1) "Connection closed" messages in quiet mode.
+
Added a per eBGP session role to bgpd.conf(5).
+
+
Made rpki-client(8) print RRDP Session ID and Serial in verbose mode.
+
Disabled display backlights on Apple Silicon laptops when suspending in
+ gpiobl(4).
+
+
Fixed the alpha check for BWX extensions, repairing operations on 21164
+ processors lacking BWX.
+
Fixed a bug in ssh(1) PermitRemoteOpen where it ignored initial arguments other than "any" or "none."
+
+
Used stoeplitz to generate a hash/flowid for pf(4) state keys.
+
Changed df(1) to round up fractional percentages.
+
Enabled aplpcie(4) power management for PCI devices.
+
+
Added tmux(1) send-keys -K to handle keys directly as if typed.
+
Prioritized lladdr over name/unit in hostname.if(5) processing.
+
Added a -X option to scp(1) and sftp(1) to allow control over the SFTP copy buffer length and number of inflight requests.
+
Fixed pfsync(4) crashing on pf_state_key removal.
+
Made acme-client(1) use time checks which eliminate time-zone variation.
+
Added rpki-client(8) -m flag to output a metrics file written in OpenMetrics format, as in bgpctl(8).
+
+
+
Improved speed of access to the runtime clock for networking purposes such as in the tcp timer, where the clock should not advance while suspended.
+
+
Added tipd(4), a driver fixing USB hotplug of type-C connectors on Apple Silicon hardware.
+
Improved aplpmu(4) range check to protect against overflow.
+
Bumped to LibreSSL 3.7.1.
+
+
+
Began using evcount_percpu() with platform interrupt counters on octeon.
+
Increased apliic(4) transfer completion timeout to 100ms to accommodate USB Type-C PD chips.
+
Fixed handling of escaped backslashes in vi(1) ex_range.
+
Added support for authenticating geofeed data CSV files in rpki-client(8) filemode.
+
Added ifconfig(8) -M (mac) to find the mac address on an interface and print it.
+
Disabled screen backlight with aplsmc(4) on Apple Silicon laptops when the lid is closed.
+
Prevented an unwind(8) crash when a tcp query is larger than the length field indicated.
+
Added pwmleds(4), a driver for PWM controlled LEDs.
+
Protected interface tables in pf(4) with PF_LOCK(), allowing removal of NET_LOCK() protection from the ioctl(2) code path in pf.
+
Copied apple-boot firmware to EFI system partition, enabling automatic bootloader updates on Apple Silicon computers.
+
Improved mcx(4) performance by using interrupt-based command completion.
+
Added aplpwm(4), a driver for the PWM controller found on Apple Silicon.
+
Made aplhidev(4) wait for a reply when switching the touchpad into raw mode, preventing SMC crashes on machines with firmware from macOS 12.6.1.
+
Fixed the DIOCIGETIFACES ioctl so all network interfaces and interface groups are reported in pfctl(8).
+
Switched riscv64, mips64, loongson and octeon to clockintr(9).
+
Wired up HMAC to raw private key methods for Ruby's OpenSSL gem.
+
Fixed ed(1) to print bytes read/written and the ? prompt to stdout, not stderr.
+
Began implementing ASPA support in bgpd(8).
+ Placed mutexes after struct vm_map fields inspected bylibkvm and procmap(8).
+
Aded rpki-client(8) shortlist functionality, companion to skiplist, which will connect only to the hosts specified when using -H at least once, followed by FQDN.
+
Prevented Ed25519 signature malleability in accordance with RFC 8032.
+
Added restrictions to the input getaddrinfo(3) will attempt to resolve.
+
Added apple-boot firmware for Apple arm64 machines in fw_update(8) patterns.
+
Unlocked SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and SIOCGIFGLIST.
+
Updated NSD to 4.6.1.
+
Fixed delays with mips64 clock due to missing clock trigger on loongson.
+
Relaxed the list of interfaces supporting IPv6 to allow non-multicast interfaces to support IPv6.
+
Increased the size of amd64 EFI partition to accommodate newer x86 firmware updating methods.
+
Handled ssh(1) dynamic remote port forwarding in escape commandline's -R processing.
+
Bumped LibreSSL to 3.7.
+
Ported EVP raw key API from OpenSSL to deal with Curve25519 based keys.
+
Added suspend/resume support to control the power domain to aplsart(4).
+
Added qcpdc(4), a driver for the Qualcomm Power Domain controller found on Qualcomm SoCs.
+
Made the power button function as a wakeup button during suspend in aplsmc(4).
+
Put CPUs in the lowest P-state before the final suspend step, needed for systems where we park CPUs in a low-power idle state ourselves.
+
Cleaned up multiple devices from retired architectures.
+
Changed the default procmap(1) output to -a format.
+
Added support for per-cpu event counters, to be used for clock and IPI counters where the event counted occurs across all CPUs in the system.
+
Hooked up gpiobl(4) to the screen burner instead of wsdisplay(4) brightness control, allowing automatic screen blanking with X and wscons(4) once wsfb(4) is fixed.
+
Allowed IPPROTO_TCP:TCP_NODELAY in pledge(2) "stdio".
+
Added qcpwm(4), a driver for the PWM found on Qualcomm SoCs.
+
Implemented wakeup interrupt support in aplintc(4).
+
Prevented acme-client(1) from leaking an http get request when receiving a redirect without a location header.
+
Made rpki-client(8) error out upon receipt of an ROA payload with too many ipAddrBlocks.
+
Translated Fn+(1-10,-,=) keys to F1-F12 on M1 laptops with touchbars.
+
Made aplhidev(4) recognize M1 laptops with touchbars.
+
Added qcrtc(4), a driver for the RTC found on Qualcomm PMICs.
+
Added qcpon(4), a driver for the Qualcomm PMIC block that hosts the powerkey and reset input.
+
Added qcpmicgpio(4), a driver for the GPIO block inside the Qualcomm PMICs.
+
Added qcpmic(4), a driver for the SPMI-connected PMICs found on Qualcomm SoCs.
+
Added qcspmi(4), a driver for the SPMI PMIC Arbiter found on Qualcomm SoCs.
+
Increased speed of delivery of interrupts to a running vcpu in vmm(4).
+
Allowed KERN_AUTOCONF_SERIAL sysctl(8) in processes under a pledge(2).
+
Added gpiobl(4), a driver for gpio controlled display backlights, to allow screen shutoff for Apple Silicon laptops until a proper display controller driver is implemented.
+
Implemented alternative mailbox handling mechanism required by newer bwfm(4) firmware.
+
Removed locking in vmm(4) vmm_intr_pending, reducing slowdowns due to requests for a lock held while the VM is running.
+
Switched amd64 and arm64 to the clockintr(9) subsystem.
+
Extended arm64 suspend/resume to include support for parking CPUs in a WFE/WFI loop.
+
Made installboot skip softraid(4) keydisks silently.
+
Switched libressl to use BoringSSL's date conversion scheme.
+
Introduced a new kern.autoconf_serial sysctl(8) that can be used by userland to monitor state changes of the kernel device tree.
+
Set vmm(4) RAX guest register state based on VMCB.
+
Modified TCP receive buffer size auto-scaling to use the smoothed RTT (SRTT) instead of the timestamp option, which improves performance on high latency networks if the timestamp option isn't available.
+
Set up logger(1) traps earlier to ensure kernel relinking does not fail silently without log trace when /usr is mounted read-only.
+
Fixed ssh-keygen(1) parsing of hex cert expiry time.
+
Allocated reference for vm and vcpu SLISTs in vmm(4), keeping vmm from triggering excessive wakeup calls while iterating through the list of vms while servicing an ioctl(2).
+
Enabled em(4) IPv4, TCP and UDP checksum offloading and VLAN HW tagging for 82575, 82576, i350 and i210.
+
Made static TEXTREL binaries perform the mimmutable(2) operations themselves since a loader may want to perform text relocations inside mprotect permission flips.
+
Added mount_nfs(8) to the sparc64 installer, to fetch sets over NFS.
+
Introduced clockintr(9), a machine-independent clock interrupt controller.
+
Made the /var/run/ld.so.hints file mapping immutable.
+
Made the kernel skip immutability of all non-writable memory segments for TEXTREL binaries. crt0 and ld.so(1) will call mimmutable(2) later.
+
Made azalia(4) match on Intel 500 Series HD Audio.
+
Intalled a fault handler for amd64 EFI firmware.
+
Flushed memory writes before remote sfence.vma in riscv64 pmap.
+
Enabled smbios0 on arm64 ramdisk to provide the correct hw.version info to the code mitigating crashes on the x13s.
+
Constrained KeyUsage and ExtendedKeyUsage on both CA and EE certificates in rpki-client(8).
Changed riscv64 pmap to flush writes before remote sfence.vma to prevent some crashes on Unmatched machines.
Fixed a tmux(1) crash when there are no window buffers.
Added a -l flag to tmux(1) display-message to disable format expansion.
***************
*** 164,169 ****
--- 696,702 ----
Added hw.power, machdep.lidaction, and machdep.pwraction support for macppc.
Allowed changing of immutable RW regions to R for recent chrome renderers.
+
Made the read-only relro portion of static binaries mimmutable(2).
Adapted sigaltstack(2) to work on mimmutable regions allowing the stack to be marked immutable again.
Automatically marked immutable certain regions in program and ld.so(1) LOADs.
***************
*** 191,196 ****
--- 724,730 ----
Improved the clickpad/touchpad detection in hidmt.
Fixed a bug in the initialization mechanism of wsmouse(4).
+
Went back to the old approach to sigaltstack(2) but added checks for assuring it is a non-syscall region and protection needing to be exactly RW besides the existing placement in a new anonymous mapping.
Converted the remaining I2C RTC drivers to use todr_attach().
Implemented the RFC 8781 PREF64 router advertisement option in rad(8).
***************
*** 204,209 ****
--- 738,744 ----
Added client certificate authentication and an optional SASL EXTERNAL bind to ypldap(8).
Allowed assigning a quality number to RTC implementations so the "best" RTC can be chosen if a system has more than one.
+
Had the kernel inform the user if the disklabel(5) is obsolete.
Added support for the Rockchip RK817 PMIC.
Restored recalculation of the checksum of normalized packets in pf(4).
***************
*** 235,240 ****
--- 770,776 ----
Changed rarpd(8) to only unveil /tftpboot if -t is specified.
Added support for a clean shutdown with the power button to dapmic(4).
+
Kept system calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9).
Enabled use of absolute paths starting with /usr/share/zoneinfo while still rejecting other absolute paths for TZ.