OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5.
Changes made between OpenBSD 6.5 and -current
- Removed ld.so-local stack-protector handling functions on retguard systems, as hard-traps are used.
- Set the REQUEST_URI CGI variable to the requested URI and query string instead of the rewritten ones in httpd(8).
- Fixed integer overflow with an excessively large number of kqueue(2) events.
- Added support for more Intel 300 Series PCH to ichiic(4).
- Moved bgpd(8) pfkey socket to the parent process. The refreshing of the keys is done whenever the session state changes to IDLE or ACTIVE, which should behave better when reloading configs with auth changes.
- Fixed a bug in pkg_info(1) -S where version elements were ignored.
- Ensured mcx(4) completion queues are always rearmed to prevent rx or tx completion stalling.
- Adjusted unwind(8) to try to resolve the DNSSEC trust anchor only if we have a validating resolver context.
- To restore lockf(3) detection, introduced a list for all pending blocked locks to be scanned before waiting on a blocking lock in order to determine whether sleeping would cause a deadlock.
- Enforced store/load order when setting or clearing AST flag on mips64, preventing an unlikely case with inter-CPU ASTs where the receiving CPU uses stale state. Ensured that the clearing store is performed before other memory accesses, preventing potential loss of an AST request.
- Issued a write-write barrier before sending IPI on mips64, preventing a receiving CPU from observing an old state when processing the interrupt.
- Made the interrupt and trap return paths check for ASTs with interrupts disabled, fixing unintentional delay of ASTs on MP mips64.
- Fixed reloading of network statements that have no fixed prefix specification in bgpd(8).
- Fixed a logic error when configuring the alc(4) driver to use msi.
- Fixed the case where switchd(8) does not save a copy of a packet needing forwarding.
- Added support for the EFI Random Number Generator Protocol, using it to XOR random data into the buffer we feed the kernel for amd64.
- Relaxed a check in knote(9) to prevent a panic without KERNEL_LOCK().
- Began to assume eDP is present on port A when there is no VBT, making inteldrm(4) work on a Gemini Lake system (HP Stream Laptop 14-cb1XX) where finding the VBT fails.
- Improved the interaction among efifb(4), inteldrm(4) and radeondrm(4) for a serial console by introducing a 'primary' device, the one set up and used by firmware. This should help X to work correctly out of the box with multiple cards or with a serial console.
- Added mcx(4) driver for Mellanox ConnectX-4 (and later) Ethernet controllers.
- Began to allow panes to be empty in tmux(1), allowing output to be piped to them with split-window or display-message -I.
- Adjusted installer to remember 'autoconf' if install restarts.
- Added a 'forwarded' log format extending the 'combined' log format for httpd(8), allowing tracking of request origins behind a proxy. This format is compatible with log analyzers like GoAccess and Webalizer.
- Fixed endless loop / OOB write on 64 bit systems with large buffers.
- Improved man(1) matching for requests for a specific section.
- Renamed the -c option in sysupgrade(8) to -s to indicate snapshots, and implemented a -r option to force an upgrade to the next release.
- Added a -n option to sysupgrade(8) for a no-reboot option.
- Adjusted sysupgrade(8) to only fetch and upgrade if a new snapshot is available.
- Avoided opening httpd(8) log files on 'no log,' preventing startup failures where the log/directory is missing but logging is disabled anyway.
- Avoided running the activate function for a partially-attached ehci(4) driver, preventing a panic during suspend for the Realtek DASH ehci.
- Added support for the cryptographic coprocessor found on newer AMD Ryzen CPUs/APUs.
- Allowed non-root users to become master when they are the first to open a drm(4) device.
- Increased datasize and maxproc for the pbuild class in login.conf(5).
- Used the proper UAC-v2.0 request in uaudio(4) to read the device controls, fixing STALL errors in mixer requests causing the mixer to be unusable.
- Protected tun(4) wakeup with KERNEL_LOCK, rather than NET_LOCK.
- Pulled cdfs and cdrom production into the full ramdisk build for i386.
- Added a 'set_rate' method to the envy(4) codec API, allowing card-specific codec initialization code called when the sample rate is changed. Implemented this method for ESI Juli@ cards, switching the AK5385 and AK4358 chips among single-, double- and quad-speed modes depending on host sample rate and suppressing aliasing noise.
- Enabled mvmdio(4) and mvneta(4) on arm64.
- Enabled EnvyHT-specific sample rates (above 96kHz) on the host controller for envy(4) devices.
- Added support for the Armada 3720 pinctrl controller to mvpinctrl(4). This controller also includes GPIO controller functionality.
- Added mvuart(4) to support the Armada 3720's serial console.
- Added support for the Armada 3720 clocks to mvclock(4) and added mvuart(4) to support the serial console.
- Allowed enabling of regulators with the 'regulator-always-on' property.
- Added unveil(2) to chpass(1).
- Fixed user options crash in tmux(1).
- Began the process of making Makefiles more similar across architectures.
- Restricted hotplugd(8) filesystem access with unveil(2).
- Fixed a memory leak in window tree search in tmux(1).
- Added an equivalent test for master in drm_fb_helper_is_bound() for drm(4). This prevents black screens on hotplugging a new display with X(7) running, which required a vt switch.
- Added a check to ospfd(8) and ospf6d(8) that any "depend on" interfaces are in the same rdomain.
- Changed default Ruby version in ports(7) to 2.6.
- Removed the KERNEL_LOCK from the bridge(4) output fast-path.
- Cranked BUFCACHEPERCENT back down to 20 after the increase to 80 exposed a few problems.
- Started a cleanup of boot media creation and made the process use the new vnconfig(8) vnd-auto-allocate mode.
- Removed the need for the -A option from vnconfig(8).
- Silenced all of the OKs from signify(1) while it is verifying the install sets for sysupgrade(8).
- Modified syspatch(8) to default to using cdn.openbsd.org if there isn't a proper /etc/installurl.
- Changed sysupgrade(8) to re-verify the signature only for SHA256 when checking the old files.
- Regenerated moduli(5).
- Imported libdrm 2.4.98.
- Removed vnconfig(8) functionality from mount_vnd(8).
- Added sysupgrade(8), a tool to upgrade OpenBSD to the next release or a new snapshot.
- Split vnconfig(8) out of mount_vnd(8).
- Extended the maximum size of the bgpd(8) shutdown communication message to 255 bytes. Made the same adjustment to bgpctl(8).
- Fixed a potential panic in inteldrm(4) caused by an interrupt coming in before the interrupt handler is set up.
- Adjusted tmux(1) to automatically scroll when dragging to create a selection with the mouse when the cursor reaches the top or bottom line.
- Added support for the USB serial adapter found in Juniper SRX 300 to uslcom(4).
- Used unveil(2) to restrict file system access in relayd(8) to read only.
- Added a watchdog for unattended upgrade to reboot after 30 minutes in case the script halts.
- Changed most bootloaders to boot from /bsd.upgrade if it is present.
- Implemented SIOCGIFSFFPAGE in bnxt(4) so that ifconfig(1) can get transceiver information from it.
- Added the pci(4) product id for the VMware nvme(4) interface.
- Added support for ccp(4) at acpi(4).
- Added pinctrl(4) support for 'pinconf-single' devices and support for bias and drive-strength properties, needed for HiSilicon SoCs.
- Added the octiic(4) driver for OCTEON two-wire serial interfaces.
- Removed file name and line number output from witness(4), along with the wrapper for mutexes.
- Added -no-clear variants of copy-selection and copy-pipe to tmux(1) which do not clear the selection after copying.
- Checked for linkstate instead of IF_STA_POINTTOPOINT for originating router LSAs for P2P interfaces in ospfd(8), making 'passive' work on P2P interfaces.
- Modified vmm(4) to flush guest TLB entries if the guest disables paging.
- Began to change only the clock frequency and skip setting voltage on arm64 systems supporting DVFS which do not expose a regulator.
- Added support for official Linux device tree bindings and the 'stub' clocks handling CPU clock frequency on the Hi3670.
- Stopped prompting for disks that do not contain a root partition during upgrades. This defaults to the correct disk when full disk encryption is in use, and will be useful for future unattended upgrades.
- Set vlan(4) to use if_vinput instead of if_input, bypassing ifiqs and improving vlan input speeds.
- Added if_vinput so pseudo (ethernet) interfaces can bypass ifiqs, running interface input handlers directly rather than queuing the packets for a nettq to run and improving performance.
- Disabled mobileip(4).
- Added support for rxprio to gre(4).
- Implemented the roff(7) .break request, preventing infinite loops.
- Built clang(1) on powerpc.
- Used IPL_TTY to prevent 'locking against myself' panics for drm/i915.
- Fixed crashes seen with the 'intel' X driver with the new inteldrm(4) kernel driver by fixing rbtree_postorder_for_each_entry_safe() implementation.
- Fixed unreliable 'ifconfig mode' with some wireless drivers by interpreting ENETRESET from ifm_change() as success in ifmedia_ioctl().
- Added stdio pledge(2) to nl(1) after opening a file but before doing operations.
- Completed conversion of rdsetroot(8) to -lelf on alpha.
- Adjusted dma-range bufcache to 80% from 20%, to learn the downsides of this change based on user reports.
- Avoided an underflow in the rip6 delivered counter in netstat(1).
- Fixed netstat(1) statistics so 'netstat -s -f inet6 -p rip6' correctly copies out rip6counters, not ip6counters.
- Adapted radeon_detach_kms() to struct drm_device being split from drm softc. Avoids uvm_fault() when firmware is missing and radeondrm(4) is forcibly detached.
- Added a subsystem lock for vfs_lockf.c, allowing calling lf_advlock() and lf_purgelocks() without the kernel lock.
- Implemented factored-out txprio and rxprio checks.
- Implemented rxprio in mpw(4), mpe(4) and mpip(4). Added rxprio support to etherip(4) and bpe(4).
- Added support to ifconfig(8) for getting and setting rxprio, finishing support for RFC 2983. Implemented configuring rxprio in vlan(4).
- Modified pfctl(8) to always check for namespace collisions on table commands.
- Fixed pfctl(8) table definition parsing as unprivileged user, printing a brief notice if -v was given to help find duplicate definitions by hand.
- Modified sshd(8) -T to assume any attribute not provided by -C does not match, allowing it to work when sshd_config(5) contains a Match directive with or without -C.
- Released OpenSSH 8.0.
- Switched powerpc to big PIC to allow clang(1) to build libc++abi and libc++.
- Used txprio to control the use of exp as a priority field for mpw(4), mpip(4) and mpe(4). Intermediate LSPs can use the exp field to manage prioritization of encapsulated traffic.
- Prevented attaching drivers to devices for which a driver was attached early with simplebus on armv7 and arm64.
- Adjusted myx(4) i2c reads to read only one byte at a time, increasing reliability.
- Fixed sff page reads for myx(4) devices on little endian architectures.
- Rewrote rdsetroot(8) using libelf(3).
- Imported xf86-video-amdgpu 19.0.1 for amd64 and i386.
- Implemented tx mitigation by calling the hardware transmit routine per several packets rather than for individual packets. Defers calls to the transmit routine to a network taskq, or until a backlog of packets has built up.
- Introduced 'pfctl -FR' to reset pfctl(8) settings to defaults.
- Removed old -vlan and -vlandev code from ifconfig(8), using these instead as aliases for -vnetid and -parent.
- Added basic support to ifconfig(8) to display xfp and qsfp+ information.
- Implemented SIOCGIFSFFPAGE to allow ifconfig(8) to get transceiver information from myx(4) devices.
- Applied strvis(3) to strings from USB devices in usbdevs(8).
- Removed the potential for double-frees in copied cipher data by zeroing and freeing following EVP_CIPHER_CTX_copy() in evp(3). Used calloc(3) when allocating cipher_data to avoid use of uninitialized memory.
- Updated shared drm code, inteldrm(4) and radeondrm(4) to linux 4.19.34. This adds support for Intel Broxton/Apollo Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake, Cannon Lake and Ice Lake hardware.
- Stopped using splnet(9) when running the network stack now that it is using the NET_LOCK for protection, reducing latency spikes.
- Increased information displayed for -v and -vv options for tcpdump(8) during md5 authentication.
- Added missing compatibles for newer Linux kernel bindings to mvpinctrl(4).
- Fixed a leak in SSL_dup_CA_list() in ssl(3).