OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7.
Changes made between OpenBSD 6.7 and -current
- Added pcamux(4), a driver for the PCA8548 I2C switch.
- Added bge(4) support for the BCM5719 A1.
- Fixed broken HID descriptors of Elecom trackballs with 6 or 8 buttons.
- Fixed a crash in re(4).
- Enabled multiple queues on vmx(4).
- Added intrmap, an api that picks CPUs for devices to attach interruptions to.
- Added d and D keys to tmux(1) customize mode to reset to defaults.
- Added a symmetric toeplitz implementation with integration for nics, usable through the stoeplitz_to_key(9) API.
- Supported -T html -O tag for mandoc(1) by passing a file:// URI to the pager.
- Fixed an sdhc(4) panic on the MACCHIATObin due to unaligned memory access.
- Added support for the XIVE interrupt controller found on POWER9 CPUs.
- Added tmux(1) -b flags to insert a window before (like the existing -a for after) to break-pane, move-window and new-window.
- Implemented the gensub(), systime() and strftime() functions for awk(1).
- Fixed sndiod(8) crashes when USB devices are disconnected.
- Added netstat(1) -R to show a summary of rdomains with associated interfaces and tables.
- Added a tmux(1) -A option to pause a pane manually.
- Added escodec(4), a driver for the Everest ES8316 audio codec used on the Pinebook Pro.
- Added rkiis(4), a driver for the I25 controller found on the Rockchip RK3399.
- Added simpleamp(4), a driver for "simple audio amplifier," one of the aux devices for simpleaudio(4).
- Added simpleaudio(4), a driver for "simple audio cards." This is a wrapper connecting the I25 controller, the codec and some aux devices.
- Introduced a framework for digital audio interfaces.
- Populated a list of 256 brightness levels as a fallback when the device tree does not specify a list, making the Pinebook Pro display work with the dtb from Linux 5.7.
- Updated awk(1) through the June 5, 2020 version.
- Provided an optimized implementation of ffs(3) in the kernel on arm64/powerpc/powerpc64.
- Added cwfg(4), a driver for the Cellwise CW201x fuel gauge on the Pinebook Pro.
- Added opal(4), a driver that interacts with the OPAL firmware on powerpc64 and implements RTC functionality.
- Added IBM POWER9 host bridge pci(4) id.
- Prevented rcs(1) removal of locked revisions with rcs -orange, avoiding leaving behind a lock for a revision which no longer exists.
- Added Intel 200 Series HD Audio pci(4) id.
- Prevented a use-after-free when a wireless device is detached.
- Updated drm(4) to linux 5.7.
- Added Marvel 88SE9215 and 88SE9235 AHCI pci(4) ids.
- Prevented callers inspecting unrelated fields in the libc resolver function asr_run().
- Moved Powerbook5,4 audio from aoa(4) to snapper(4), adding the missing TAS3004 volume control.
- Added ssl(8) support for additional GOST curves and aliases for 256-bit GOST curves.
- Added support for pausing a tmux(1) pane when the output buffered for a control mode client is too far behind, controllable with refresh-client -f and -A.
- Prevented the HID parser from overflowing if a malicious device provides too many PUSH.
- Added support for the Cortex-A78 cpu.
- Improved TLSv1.3 client certificate selection to allow use of EC certificates.
- Fixed pf.conf(5) "route-to TABLE least-states" in an anchor.
- Updated perl(1) to 5.30.3.
- Introduced acpihid(4) for ACPI HID event and 5-button array devices.
- Added support for hardware vlan tagging to mcx(4).
- Added an SK hynix NVMe pci(4) id.
- Released LibreSSL 3.2.0.
- Added umstc(4), a driver for Microsoft Surface Type Cover keyboards.
- Began looking for non-expired certificates first when building a chain, making certificate validation possible for various sites that are serving expired AddTrust certificates.
- Improved CPU frequency scaling in automatic performance mode by removing accounting for offline CPUs.
- Added to ssh_config(5) a selection of keywords allowed to expand shell-style ${ENV} environment variables on the client side.
- Adjusted to complete group key renewal immediately if no station is associated when ieee80211_proto.c runs.
- Prevented a panic where athn(4) attempted to transmit old, unencryptable frames after switching to a new group key in hostap mode.
- Enabled building wsmoused(8) and wsfontload(8) on arm64 and armv7.
- Fixed display glitches on smaller screens or with larger fonts in efifb(4) associated with remapping and attaching.
- Enabled scrollback in simplefb(4).
- Prevented unconditional initialization of VGA on amd64 boot causing video distortion.
- Corrected getopt_long(3) parsing of a trailing dash in an option group, which was being incorrectly returned as an argument.
- Removed mail.local(8) support for world-writable mail spools.
- Added AES-GCM mode ciphers for IKEv2, configurable in iked.conf(5) with the new "ikesa enc" options aes-128-pcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
- Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
- Introduced detection of /etc/random.seed reuse.
- Reworked kernel loading with octboot(4), which now does not rely on a mounted filesystem.
- Prevented a fatal iwx(4) firmware error when the driver moves out of AUTH state.
- Rewrote m88k mutex code as a slight variation of the MI mutex code, potentially improving stability and rendering mutex spinning time visible in top(1).
- Allowed passage of unencrypted 802.11 frames during hardware decryption post-processing, fixing failure of some ral(4) devices to receive packets on encrypted networks.
- Added support to urtwn(4) for TP-Link TL-WN822N-EU v5 (and v4).
- Restricted ssh-agent(1) from signing web challenges for FIDO keys, preventing ssh-agent forwarding on a host that has FIDO keys attached from granting the ability for the remote side to also sign challenges for web authentication using those keys.
- Increased the default number of ldom and ttyV devices for sparc64 from eight to sixteen.
- Passed boothowto from the sparc64 bootloader to the kernel using .openbsd.bootdata.
- Added wsmoused(8) support to efifb(4).
- Added support for the ThingM blink(1) USB notification light.
- Stopped syslogd(8) from closing UDP sockets for sending messages when DNS lookup of a UDP loghost fails, alloiwing them to be used to send if DNS is working during the next SIGHUP.
- Made non-root filesystems FFS2 for landisk, sgi and luna88k.
- Made ldomctl(8) "init-system -n" check vcpu and memory constraints.
- Relaxed filename checks in syspatch(8) to allow use of hyphens.
- Adjusted dwpcie(4) timing to improve likelihood of a successful PCIe link on the i.MX8MM. Avoids a failure to detect em(4) on the HummingBoard Pulse.
- Added RB_GOODRANDOM passed from bootloader to kernel in boothowto, indicating confidence a "great seed" was loaded.
- Added an Atheros QCA986x/988x pci(4) ID.
- Enabled the FFS2 option on the luna88k ramdisk.
- Added support for the Marvell Xenon SDHC, used as storage on the Armada 3700 and 8040 SoCs. This should make eMMC7CD show up on the MACCHIATObin.
- Added support for the SD card detect pins on the Turris Mox.
- Added mkvpcie(4), a driver for the Aardvark PCIe controller found on the Armada 3700 SoC.
- Fixed the ksh(1) exit code when evaluating a || compound list to prevent termination of the shell when running under -e.
- Added an ASMedia ASM1182e PCIe switch pci(4) id.
- Fixed an uninitialized variable and potential stack overflow with IPv6 connections in smtpd(8).
- Implemented a carp(4) transmit bypassing the ifq on output, enqueuing the packet directly on the parent interface.
- Opened up a 4GB memory bus window for mvneta(4) on the Marvell Armada 3700, making the second ethernet controller/port work on the Turris Mox.
- Released OpenSMTPD 6.7.0p1.
- Moved back to FFS1 by default for MFS.
- Updated unbound(8) to 1.10.1.
- Added support for TLS 1.3 server to send certificate status messages with oscp staples.
- Released rpki-client(8) 6.7p0.
- Offloaded CCMP (WPA2) encryption and decryption to iwm(4) hardware, reducing CPU load during traffic bursts.
- Introduced a "dark mode" for directory listings and error pages in httpd(8).
- Made OpenBSD boot on the odroid c4 with power domain in amldwusb(4).
- Added amlpwrc(4), a driver for the power domain controller found on Amlogic SoCs.
- Fixed a hang in rpki-client(8) by properly waiting for exiting openrsync(1) processes.
- Made FFS2 the default for newfs(8).
- Changed install images called *.fs to *.img to accommodate some UEFI bootloaders.
- Restored VGA fonts on VT switch, preventing an unusable screen when switching to a VT with a custom VGA font from X.
- Added a decode error alert when a TLS server provides an empty certificate list.
- Began initial development of an OpenBSD/powerpc64 port.
- In tmux(1):
- Added an option to set the pane border lines style as single lines, double or heavy, simple or number (the pane numbers).
- Added a client flag 'active-pane' which stores the active pane in the client and allows it to be changed independently from the real active pane stored in the window.
- Added a -D flag to run in non-daemonized mode.
- Added a customize mode (C) where keys and options can be browsed and changed.
- Added M-+ and M-- to expand and collapse all items in tree mode.
- Changed refresh-client -F to -f and added -f flags to attach-session and switch-client.
- Added -e for new-session to set environment variables.
- Added the 'e' key in buffer mode to open the buffer in an editor.
- Added -W and -T flags to command-prompt to only complete a window and a target.
- Ensured that a TLSv1.3 server has provided a certificate before attempting validation.
- Implemented kqueue(2) support for video(4).
- Updated to xkbprint 1.0.5.
- Updated to libXxf86dga 1.1.5.
- Updated to libXrandr 1.5.2 and xrandr(1) 1.5.1.
- Updated to libxcb 1.14 and xcb-proto 1.14.
- Fixed CCMP replay checks with 11n Rx aggregation and CCMP hardware offloading.
- Disabled ohci(4) on the amd64 ramdisk kernel.
- Fixed dhclient(8) domain-search option processing.
- Enabled TLSv1.3 support in relayd(8).
- Set ddb(4) "/t" to show a trace via TID on all architectures.
- Updated nsd(8) to 4.3.1.
- Added -rls1_3 and -no_tls1_3 options to openssl(1) s_server.
- Preserved group/world read permission on known_hosts files across runs of ssh-keygen(1) "-Rf /path".
- Fixed an iked(8) policy lookup edge case for simultaneous transport and tunnel mode SAs.
- Enabled the TLSv1.3 server in openssl(1).
- Improved reporting of remaining power with batteries of different capacities in acpi(4).
- Allowed specifying -d multiple times in slowcgi(8).
- Added bgpctl(8) support for VPNv6 in the family option of the "show rib" command.
- Fixed two out-of-bounds array accesses in ioctl code pathways in wscons(4).
- Made "reason" parsing in bgpctl(8) more generic and introduced it to the "reload" command.
- Added an optional "domain name" acme-client.conf(5) option allowing use of multiple domain sections with the same name and creation of an rsa and an ecdsa key for the same domain name.
- Fixed a crash on landisk in unwind(8) due to cmsg buffer misalignment.
- Prevented hangs in existing processes due to an indefinite wait for flushing when closing a tty.
- Moved to 6.7-current.