OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4.
Changes made between OpenBSD 6.4 and -current
- Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage.
- Improved handling of two SMM-related MSRs in vmm(4).
- Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4).
- Added refresh for arp(8) entries that are about to expire.
- Added support in bgpd(8) and bgpctl(8) for group descriptions in control messages that accept a neighbor description.
- Added support for ECDSA keys in PKCS#11 tokens.
- Added a -T option to test whether ssh(1) keys in an agent are usable.
- Imported xorgproto 2018.4.
- Added support for a new kcov(4) trace mode called KCOV_MODE_TRACE_CMP to trace comparison instructions and switch statements, usable during fuzzing to generate even more coverage.
- Set the shell to strip quotation marks from daemon_flags when starting a daemon with snake(6). Adjusted cursor location during space warp and display of the pinball bonus.
- Changed imsg header definitions to use standard types.
- Fixed BN_is_prime_* calls in libcrypto(3), openssl(1), ssh(1) and sshd(8).
- Handled link state change interrupts in ixl(4).
- Serialized tc_windup() calls and modified some timehands.
- Committed refactored ssh(1) packet parsing API.
- Changes to dhclient(8) now handle changes to SSID or LLADDR by retrieving a new lease. This mproves performance when join connects to new networks.
- Improved join error handling inifconfig(8).
- Added a pwraction sysctl(8) that allows conversion of a power button into a sleep button if desired.
- Set an myx(4) on the large ramdisk for amd64.
- Finished randomizing remaining layers of pmap_kernel.
- Enabled ixl(4) on amd64.
- Added a TLS record handling implementation.
- Moved boottime into the timehands.
- Added a partial port of EC_KEY_METHOD from OpenSSL 1.1 to libcrypto. Added various apis from OpenSSL 1.1 to LibreSSL.
- Set removal of a currently active network from the join list to disconnect as well.
- Added "join any" option to allow users to automatically connect via join() to any open wifi network. Known networks are preferred.
- Increased the socket buffer size for sendsyslog(2) to 1 MB for fewer messages dropped by syslogd(8).
- Updated to libpixman 0.36.0 in xenocara.
- Added protective check for negative length integers in nfs clients and servers, as well as negative length NFS strings.
- Reconnected bfd(4) to the build after updating for sounlock() api change.
- Set dhclient(8) to ignore HUP signals. Starting a new dhclient will handle this use case by killing and executing a new copy.
- Began validating relative timeout before sleeping for futex(2).
- Began validating inputs to adjtime(2), settimeofday(2) and clock_settime(2).
- Changed the default digest type to sha256 for openssl(1). Added support for pbkdf2 with OpenSSL-compatible flags.
- Removed vmm(4) and disabled vmd(8) and vmctl(8) for i386 systems.
- Renamed TLS extension-handling functions to better fit TLSv1.3.
- Enabled use of a 64-bit register when required for inline assembly on sparc64, correcting sparc64 kernels compiled with clang(1).
- Continued work to prepare the network stack for fine-grained locking.
- Added support for the SSD1306 OLED display.
- Modified signify(1) and doas(1) to prevent passwords from being retained in memory when errors are encountered.
- Prevented users from specifying multiple join or nwid arguments in one ifconfig(8) call.
- Fixed crash conditions in unveil(2), along with some cases where unveil would return ENOENT instead of EACCESS.
- Enabled bwfm(4) in RAMDISK_CD for amd64, allowing use during installs.
- Laid groundwork for TLSv1.3.
- Added a -h flag to sftp(1) chown(8), chgrp(1), and chmod(1) commands to request they not follow symlinks.
- Added support for a "lsetstat@openssh.com" extension. This replicates the
functionality of the existing SSH2_FXP_SETSTAT operation but does not
follow symlinks.
- Updated to exit syspatch(8) correctly after updating itself. Improvement to readability of patches to install on first boot.
- For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where ospfd(8) and ospf6d(8) overwrite this information when "depend on" is used and the specified interface is down.
- Added Allwinner H3/H5 ohci(4) clocks.
- Repaired inter-word spacing of postscript and pdf outputting by mandoc(1).
- Corrected setting of default colours in tmux(1).
- "No data" frames will no longer be processed in ieee80211_input(9) before decryption and incorrectly counted as decryption failures.
- Characters that will not be copied are no longer highlightable in tmux(1).
- Allowed programs to set the Checking Disabled flag on DNS requests.
- Prevented ntpd(8) from starting when an instance is already running.
- Added support for building sparc64 kernels with clang(1).
- Fixed mailq(8) output for smtpctl(8).
- Code review and clean up of locate(1).
- Fixed minor issues in ksh(1).
- Modified ttyflags(8) to improve memory usage.
- Cleanup and improvement of dhclient(8).
- Redundant debug message removed for iwn(4).
- Added support for gpio(4) bus and improved card detection on Octeon systems.
- Fixed an off-by-one error in pfkeyv2_sysctl_policydumper().
- Improved support for Broadcom trackpad mouse ubcmtp(4) by validating interfaces and claiming them during *attach().
- Validated interfaces for if_ral passed to *match().
- Improved syslog(3) to support program names including "." and "_".
- Updated xf86-video-ati to 18.1.0.
- Set clang(1) to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.
- Enabled uhci(4) USB support for ARMv7.
- Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.
- Bug fixes for otus(4) devices based on the Atheros AR9001U chipset.
- Changed mandoc(1) html output to display tooltips using css exclusively.
- Clarified in documentation that OpenBSD ignores the LC_NUMERIC category as a safety practice, and outlined best practices for portable programs.
- Addition of the imxsrc(4) i.MX system reset controller driver, used to assert the reset pins for the PCIe controller, etc.
- Bug fixes in pfctl(8).
- Added abcrtc(4) Abracon AB1805 real-time clock driver.
- Eliminated alloca(3) call from vioqcow2.c and replaced with malloc(3) to prevent known-location object placement by an attacker.
- Implemented Event()/Signal()/Wait() AML operations for acpi(4).
- Improved the "not my pool" searching loop in malloc(3) and made the number of pools variable. Optimization of multi-threaded case by adjusting default number of pools to 8.
- Hacking on virtio(4), including defines, bug fixing and pci device list.
- kern_time.c will not allow cancellation of ongoing adjtime(2) until after full permission checks.
- Adjusted nc(1) to use memset(3) instead of bzero(3) for portability and POSIX compliance.
- Pledge(2) and unveil(2) unbound-anchor(8).
- Improved portability of mandoc(1) to other operating systems. Improved html and css used for html generation.
- Prevented radeondrm(4) from using aperture memory to overlap the framebuffer.
- Improved ddb(4) readability by printing right-aligned hex values.
- Fix for rcs(1) to allow correct lock resolution before expansion of keywords, so expansion can happen with the correct values and files don't show up as modified.
- Added the ability for arm64 efiboot to boot from partitions other than "a".
- Spleen font enabled in wsfontload(8), along with font selection logic to allow selecting larger fonts when available at runtime in rasops(9).
- Implemented an if_enqueue handler for vlan(4), bypassing the ifq handling for a performance improvement in particular configurations.
- Disabled ret-protector and retpoline protections in the clang(1) compiler to regain build performance.
- Adjusted httpd(8) to start when TLS is configured.