OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7.
Changes made between OpenBSD 6.7 and -current
- Used an LFENCE instruction everywhere RDTSC is used for a time measurement, reducing the jitter in TSC skew measurements.
- Prevented ssh(1) port forwarding clients from keeping a connection alive when it should be terminated.
- Updated awk(1) to July 2, 2020 version.
- Initialized v4l2_requestbuffers for libv4l compatibility, allowing view of video encodings not directly supported by video(1).
- Fixed gpu hangs when starting Xorg seen with 4.19 and 5.7 drm.
- Removed support for the socket keyword in snmpd.conf(5).
- Removed the -f (force) option in rpki-client(8).
- Added support for the mcx(4) ConnectX-6 Dx.
- Introduced arch/powerpc64.
- Prevented creation of bogus sd(4) devices for nvme(4) namespaces which are configured but have size 0.
- Updated Spleen kernel fonts to version 1.8.0.
- Prevented possible libevent state corruption in vmd(8).
- Introduced a darker xenodm(1) login widget and a lower contrast default background.
- Allowed switching between alternate devices (-F) with sndioctl(1).
- Fixed a problem where switching to a vt and back was needed to see rc output and login prompt on some intel machines with skylake and newer graphics.
- Converted macppc, octeon and loongson to use machine-independent installboot.
- Updated to freetype 2.10.2.
- Switched the default CDDB database for cdio(1) to gnudb.gnudb.org:8880.
- Fixed merging of files that lack newlines for diff3(1), OpenRCS and OpenCVS.
- Allowed ssh-add(1) "-d -" to read keys to be deleted from stdin.
- Fixed variable shadowing in vpci(4) which led to a noticeable delay while attaching devices using multiple msi-x vectors.
- Introduced a framework for MII busses.
- Introduced mvpp(4), a driver for the Marvell Packet Processor v2 as used on the Armada 7K and 8K SoCs.
- Implemented rss/toeplitz support for ixl(4) 710 chips.
- Allowed sshd_config(5) longer than 256k.
- Ensured the STOP command sent by sd(4) on powerdown will not result in hanging the machine if commands to the USB mass storage fail.
- Modified ldapd(8) use of "ldaps" and "tls" keywords to enable only the libtls defaults for protocols and ciphers. The new "legacy" keyword can be used before these keywords in ldapd.conf(5) to enable them all.
- Enabled wg(4).
- Stopped incrementing openclass for a literal "[" in awk(1), allowing parsing of expressions such as "/[[/[]/".
- Increased pbuild datasize limit to 8G to allow Firefox to build with Rust 1.44.
- Implemented pci_intr_establish_cpu() for pyro(4) and vpci(4)-based sparc64 systems.
- Introduced gettime(9) and getuptime(9) and substituted these for time_second(9) and time_uptime(9) throughout the kernel to prevent split-read problems on 32-bit platforms.
- Introduced opalcons(4), a driver for the OPAL console.
- Added support for the Ericsson F5521gw Mobile Broadband Modem.
- Resolved a panic in bridge_ioctl() by ensuring the netlock is held when calling ioctl handlers and dropped for the wg(4)-specific ioctls.
- Enabled critical temperature detection in iwx(4) firmware.
- Added ssh(1) support for fido(4) WebAuthn (verification only).
- Added an ioctl allowing userland to access read-only support information about pci devices via the vpd register.
- Enabled nvme(4) on i386.
- Fixed vmd(8) ns8250 lockup due to a race condition, helping to prevent linux vm crashes when the return key is held on boot.
- Updated Spleen kernel fonts to version 1.7.1.
- Added wg(4), an in-kernel driver for Wireguard vpn communication.
- Added bcmtmon(4), a driver for the temperature sensor on the Raspberry Pi 4.
- Added bwfm(4) support for BCM4359 SDIO variants such as the AP6359SA module found on the RockPro64 WiFi module.
- Fixed a fatal firmware error at run-time on iwx(4).
- Added WPA2 (CCMP) crypto offload support to iwx(4).
- Added pcamux(4), a driver for the PCA8548 I2C switch.
- Added bge(4) support for the BCM5719 A1.
- Fixed broken HID descriptors of Elecom trackballs with 6 or 8 buttons.
- Fixed a crash in re(4).
- Enabled multiple queues on vmx(4).
- Added intrmap, an api that picks CPUs for devices to attach interruptions to.
- Added d and D keys to tmux(1) customize mode to reset to defaults.
- Added a symmetric toeplitz implementation with integration for nics, usable through the stoeplitz_to_key(9) API.
- Supported -T html -O tag for mandoc(1) by passing a file:// URI to the pager.
- Fixed an sdhc(4) panic on the MACCHIATObin due to unaligned memory access.
- Added support for the XIVE interrupt controller found on POWER9 CPUs.
- Added tmux(1) -b flags to insert a window before (like the existing -a for after) to break-pane, move-window and new-window.
- Implemented the gensub(), systime() and strftime() functions for awk(1).
- Fixed sndiod(8) crashes when USB devices are disconnected.
- Added netstat(1) -R to show a summary of rdomains with associated interfaces and tables.
- Added a tmux(1) -A option to pause a pane manually.
- Added escodec(4), a driver for the Everest ES8316 audio codec used on the Pinebook Pro.
- Added rkiis(4), a driver for the I25 controller found on the Rockchip RK3399.
- Added simpleamp(4), a driver for "simple audio amplifier," one of the aux devices for simpleaudio(4).
- Added simpleaudio(4), a driver for "simple audio cards." This is a wrapper connecting the I25 controller, the codec and some aux devices.
- Introduced a framework for digital audio interfaces.
- Populated a list of 256 brightness levels as a fallback when the device tree does not specify a list, making the Pinebook Pro display work with the dtb from Linux 5.7.
- Updated awk(1) through the June 5, 2020 version.
- Provided an optimized implementation of ffs(3) in the kernel on arm64/powerpc/powerpc64.
- Added cwfg(4), a driver for the Cellwise CW201x fuel gauge on the Pinebook Pro.
- Added opal(4), a driver that interacts with the OPAL firmware on powerpc64 and implements RTC functionality.
- Added IBM POWER9 host bridge pci(4) id.
- Prevented rcs(1) removal of locked revisions with rcs -orange, avoiding leaving behind a lock for a revision which no longer exists.
- Added Intel 200 Series HD Audio pci(4) id.
- Prevented a use-after-free when a wireless device is detached.
- Updated drm(4) to linux 5.7.
- Added Marvel 88SE9215 and 88SE9235 AHCI pci(4) ids.
- Prevented callers inspecting unrelated fields in the libc resolver function asr_run().
- Moved Powerbook5,4 audio from aoa(4) to snapper(4), adding the missing TAS3004 volume control.
- Added ssl(8) support for additional GOST curves and aliases for 256-bit GOST curves.
- Added support for pausing a tmux(1) pane when the output buffered for a control mode client is too far behind, controllable with refresh-client -f and -A.
- Prevented the HID parser from overflowing if a malicious device provides too many PUSH.
- Added support for the Cortex-A78 cpu.
- Improved TLSv1.3 client certificate selection to allow use of EC certificates.
- Fixed pf.conf(5) "route-to TABLE least-states" in an anchor.
- Updated perl(1) to 5.30.3.
- Introduced acpihid(4) for ACPI HID event and 5-button array devices.
- Added support for hardware vlan tagging to mcx(4).
- Added an SK hynix NVMe pci(4) id.
- Released LibreSSL 3.2.0.
- Added umstc(4), a driver for Microsoft Surface Type Cover keyboards.
- Began looking for non-expired certificates first when building a chain, making certificate validation possible for various sites that are serving expired AddTrust certificates.
- Improved CPU frequency scaling in automatic performance mode by removing accounting for offline CPUs.
- Added to ssh_config(5) a selection of keywords allowed to expand shell-style ${ENV} environment variables on the client side.
- Adjusted to complete group key renewal immediately if no station is associated when ieee80211_proto.c runs.
- Prevented a panic where athn(4) attempted to transmit old, unencryptable frames after switching to a new group key in hostap mode.
- Enabled building wsmoused(8) and wsfontload(8) on arm64 and armv7.
- Fixed display glitches on smaller screens or with larger fonts in efifb(4) associated with remapping and attaching.
- Enabled scrollback in simplefb(4).
- Prevented unconditional initialization of VGA on amd64 boot causing video distortion.
- Corrected getopt_long(3) parsing of a trailing dash in an option group, which was being incorrectly returned as an argument.
- Removed mail.local(8) support for world-writable mail spools.
- Added AES-GCM mode ciphers for IKEv2, configurable in iked.conf(5) with the new "ikesa enc" options aes-128-pcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
- Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
- Introduced detection of /etc/random.seed reuse.
- Reworked kernel loading with octboot(4), which now does not rely on a mounted filesystem.
- Prevented a fatal iwx(4) firmware error when the driver moves out of AUTH state.
- Rewrote m88k mutex code as a slight variation of the MI mutex code, potentially improving stability and rendering mutex spinning time visible in top(1).
- Allowed passage of unencrypted 802.11 frames during hardware decryption post-processing, fixing failure of some ral(4) devices to receive packets on encrypted networks.
- Added support to urtwn(4) for TP-Link TL-WN822N-EU v5 (and v4).
- Restricted ssh-agent(1) from signing web challenges for FIDO keys, preventing ssh-agent forwarding on a host that has FIDO keys attached from granting the ability for the remote side to also sign challenges for web authentication using those keys.
- Increased the default number of ldom and ttyV devices for sparc64 from eight to sixteen.
- Passed boothowto from the sparc64 bootloader to the kernel using .openbsd.bootdata.
- Added wsmoused(8) support to efifb(4).
- Added support for the ThingM blink(1) USB notification light.
- Stopped syslogd(8) from closing UDP sockets for sending messages when DNS lookup of a UDP loghost fails, alloiwing them to be used to send if DNS is working during the next SIGHUP.
- Made non-root filesystems FFS2 for landisk, sgi and luna88k.
- Made ldomctl(8) "init-system -n" check vcpu and memory constraints.
- Relaxed filename checks in syspatch(8) to allow use of hyphens.
- Adjusted dwpcie(4) timing to improve likelihood of a successful PCIe link on the i.MX8MM. Avoids a failure to detect em(4) on the HummingBoard Pulse.
- Added RB_GOODRANDOM passed from bootloader to kernel in boothowto, indicating confidence a "great seed" was loaded.
- Added an Atheros QCA986x/988x pci(4) ID.
- Enabled the FFS2 option on the luna88k ramdisk.
- Added support for the Marvell Xenon SDHC, used as storage on the Armada 3700 and 8040 SoCs. This should make eMMC7CD show up on the MACCHIATObin.
- Added support for the SD card detect pins on the Turris Mox.
- Added mkvpcie(4), a driver for the Aardvark PCIe controller found on the Armada 3700 SoC.
- Fixed the ksh(1) exit code when evaluating a || compound list to prevent termination of the shell when running under -e.
- Added an ASMedia ASM1182e PCIe switch pci(4) id.
- Fixed an uninitialized variable and potential stack overflow with IPv6 connections in smtpd(8).
- Implemented a carp(4) transmit bypassing the ifq on output, enqueuing the packet directly on the parent interface.
- Opened up a 4GB memory bus window for mvneta(4) on the Marvell Armada 3700, making the second ethernet controller/port work on the Turris Mox.
- Released OpenSMTPD 6.7.0p1.
- Moved back to FFS1 by default for MFS.
- Updated unbound(8) to 1.10.1.
- Added support for TLS 1.3 server to send certificate status messages with oscp staples.
- Released rpki-client(8) 6.7p0.
- Offloaded CCMP (WPA2) encryption and decryption to iwm(4) hardware, reducing CPU load during traffic bursts.
- Introduced a "dark mode" for directory listings and error pages in httpd(8).
- Made OpenBSD boot on the odroid c4 with power domain in amldwusb(4).
- Added amlpwrc(4), a driver for the power domain controller found on Amlogic SoCs.
- Fixed a hang in rpki-client(8) by properly waiting for exiting openrsync(1) processes.
- Made FFS2 the default for newfs(8).
- Changed install images called *.fs to *.img to accommodate some UEFI bootloaders.
- Restored VGA fonts on VT switch, preventing an unusable screen when switching to a VT with a custom VGA font from X.
- Added a decode error alert when a TLS server provides an empty certificate list.
- Began initial development of an OpenBSD/powerpc64 port.
- In tmux(1):
- Added an option to set the pane border lines style as single lines, double or heavy, simple or number (the pane numbers).
- Added a client flag 'active-pane' which stores the active pane in the client and allows it to be changed independently from the real active pane stored in the window.
- Added a -D flag to run in non-daemonized mode.
- Added a customize mode (C) where keys and options can be browsed and changed.
- Added M-+ and M-- to expand and collapse all items in tree mode.
- Changed refresh-client -F to -f and added -f flags to attach-session and switch-client.
- Added -e for new-session to set environment variables.
- Added the 'e' key in buffer mode to open the buffer in an editor.
- Added -W and -T flags to command-prompt to only complete a window and a target.
- Ensured that a TLSv1.3 server has provided a certificate before attempting validation.
- Implemented kqueue(2) support for video(4).
- Updated to xkbprint 1.0.5.
- Updated to libXxf86dga 1.1.5.
- Updated to libXrandr 1.5.2 and xrandr(1) 1.5.1.
- Updated to libxcb 1.14 and xcb-proto 1.14.
- Fixed CCMP replay checks with 11n Rx aggregation and CCMP hardware offloading.
- Disabled ohci(4) on the amd64 ramdisk kernel.
- Fixed dhclient(8) domain-search option processing.
- Enabled TLSv1.3 support in relayd(8).
- Set ddb(4) "/t" to show a trace via TID on all architectures.
- Updated nsd(8) to 4.3.1.
- Added -rls1_3 and -no_tls1_3 options to openssl(1) s_server.
- Preserved group/world read permission on known_hosts files across runs of ssh-keygen(1) "-Rf /path".
- Fixed an iked(8) policy lookup edge case for simultaneous transport and tunnel mode SAs.
- Enabled the TLSv1.3 server in openssl(1).
- Improved reporting of remaining power with batteries of different capacities in acpi(4).
- Allowed specifying -d multiple times in slowcgi(8).
- Added bgpctl(8) support for VPNv6 in the family option of the "show rib" command.
- Fixed two out-of-bounds array accesses in ioctl code pathways in wscons(4).
- Made "reason" parsing in bgpctl(8) more generic and introduced it to the "reload" command.
- Added an optional "domain name" acme-client.conf(5) option allowing use of multiple domain sections with the same name and creation of an rsa and an ecdsa key for the same domain name.
- Fixed a crash on landisk in unwind(8) due to cmsg buffer misalignment.
- Prevented hangs in existing processes due to an indefinite wait for flushing when closing a tty.
- Moved to 6.7-current.