OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Changes made between OpenBSD 7.1 and -current
- Implemented a rudimentary version of the roff(7)
\A
escape sequence for mandoc(1).
- Rewrote rpki-client(8) rsc.c using ASN.1 templates to implement the constrained versions of the RFC 3779 structures.
- Implemented
verify-required
certificate option in ssh-keygen(1).
- Implemented a
max-communities
filter match for bgpd.conf(5).
- Added sfgpio(4), a driver for the GPIO controller found on the SiFive FU740 SoC.
- Made grep(1) provide full context when using match count (
-m
).
- Added an ACL list for multiple users attaching to the tmux(1) socket.
- Made a first pass at providing kstats for mvneta(4) from the hardware counters.
- Limited locked memory to 64k.
- Fixed a crash in libpcap when it would walk off the end of the array performing frees.
- Made ssh(1) unconditionally call freezero(3) to guarantee that the password is removed from RAM even when sshpkt functions fail.
- Introduced a new daemon_execdir variable to rc.d(8) for changing to a specified directory before running rc_exec.
- Migrated tcpdump(8) printing of ASnumbers from the old asdot format to asplain format.
- Fixed non-transitive extended community handling in bgpd(8).
- Added RFC 9234 "BGP Role" support to tcpdump(8)
- Made mg(1) automatically delete trailing whitespace on RET in c-mode and auto-indent-mode.
- Stopped telling fdisk(8) that macppc HAS_MBR.
- Added support for the ehci(4) controller on marvell 3720 boards.
- Fixed a kernel panic in pf(4) if IP options with an ICMP payload were truncated. Such packets will now be dropped instead.
- Made xterm(1) use a much safer FD-passing idiom for updating utmp(5).
- Added kernel locking in nfsrv_rcv() because NFS subsystem is not MP-safe yet.
- Converted KVA allocation to kmalloc(9) on hppa, mips64, and sparc64.
- Repaired a FILE leak in resolvd(8).
- Replaced rc.d(8) $rcexec variable with an rc_exec function. This will require a mechanical change from
${rcexec}
to rc_exec
in rc.d scripts. Kept compatibility to give people a chance to fix their custom scripts.
- Fixed system(3) to ignore SIGINT and SIGQUIT until the shell exits.
- Made vmm(4) load the vmcs before reading vcpu registers. This fixes vmctl(8) send on Intel hosts using vmd(8).
- Changed the semantics of "hid_none" for hid_start_parse(3) to allow matching of all possible kinds of report IDs.
- Made mandoc(1)'s roff_expand() parse left-to-right rather than right-to-left.
- Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules installed in arbitrary slots.
- Released LibreSSL 3.5.3.
- Boosted mvclock(4)'s priority such that it wins against syscon(4).
- Unlocked umask(2).
- Corrected veb(4) to avoid calling if_enqueue from an smr critical section.
- Added an additional vmm(4) fault type, fixing vm receive.
- Updated nsd(8) to upstream version 4.5.0.
- Corrected reorder_kernel to also handle redirecting stderr to logged output when $KERNEL_DIR.tgz exists.
- Arranged scp(1) so it won't ftruncate(2) files early when in sftp(1) mode.
- Added login.conf.d to mtree(8).
- Fixed iwx(4) setting of HT/VHT bits in rate flags of the Tx command that could cause a firmware panic.
- Added /etc/login.conf.d/* to changelist(5).
- Elminated a race condition in kqueue(2)'s knote_remove().
- Prevented use of "-u" when fdisk(8) is operating on GPT formatted disks.
- Made the CPU frequency scaling duration relative to the load when in automatic mode on battery.
- Fixed rwlock(9) implementation to be fair to writers. Previously, readers could grab the lock even if writers were waiting first.
- Aligned fdisk(8) logic with that used in the kernel to allow the protective EFI GPT partition to be in MBR partitions 0-3, not just 0.
- Added support for AX210/AX211 devices to iwx(4).
- Added preliminary support for decoding RSC objects in filemode to rpki-client(8).
- Allowed ssh-keygen(1) existing -U (use agent) flag to work with "-Y sign" operations.
- Fixed rebooting a received vm in vmd(8).
- Backported an upstream zlib fix for CRC calculation.
- Updated zlib to version 1.2.12.
- Fixed the watchdog in the installer so that the watchdog is reset after each download and each set installation.
- Added check to acme-client(1) to ensure the challenge token is turned into a filename that is base64url encoded.
- Added error handling to kbd(8) for when setting the keyboard encoding fails.
- Changed IN_EXPERIMENTAL (aka 240/4) to no longer be considered not forwardable.
- Introduced a mutex for ratecheck(9) and ppsratecheck(9).
- Imported the HDKF code from OpenSSL 1.1.1o into crypto(3).
- Bypassed rpki-client(8) timeout in file mode.
- Merged the UVM swap-backed and object-backed inactive page lists.
- Standardized memory units to bytes in vmm(4), vmctl(8), and vmd(8).
- Rate limited uvn_flush errors during pageout messages, preventing slowdown of system boot when a filesystem is full.
- Made pf(4) more paranoid about IGMP/MKP messages.
- Activated parallel IP forwarding, starting 4 softnet tasks but limiting the usage to the number of CPUs.
- Disabled bcmgenet DMA as part of hardware reset, preventing the hardware from ending up in a partially initialized state during netboot.
- Installed useful btrace(8) scripts in /usr/share/btrace.
- Prevented out-of-bounds array access with binaries that use unsupported relocations on amd64.
- Enabled running of IP input and forwarding with a shared netlock.
- Enabled pkg_add(1) caching by default.
- Updated libdrm to version 2.4.110.
- Altered sndiod(8) to wait until the buffer is drained before closing the device.
- Changed pf(4) handling of IGMP and ICMP6 MLD packets to allow multicast control packets to work by default.
- Introduced sio_flush(3) to stop playback immediately.
- Fixed a potential leak of an SK device in ssh(1).
- Fixed a memory leak on the session-bind path of ssh-agent(1).
- Protected the global lists with a mutex and moved rttimer entries into a temporary list to make route timers MP safe.
- Decoupled IP input and forwarding from protocol input to allow parallel IP processing while the upper layers are still not MP safe.
- Removed the ASN.1 decoder tag/length cache (TLC) from crypto(3).
- Added dt(4) tracepoints for vmm(4) vm exit reporting.
- Added cpu frequency sensors for each core on CPUs that have MPERF/APERF support.
- Reimplemented the page allocation code using bus_dma(9) APIs to make sure DMA addresses are translated properly on architectures with an IOMMU. This fixed amdgpu(4) and radeondrm(4) on powerpc, sparc64, and arm64 machines.
- Updated libX11 to version 1.7.5.
- Updated xterm(1) to version 372.
- Extended ksmn(4) to show CCD temperatures if available.
- Increased rx buffer size on uaq(4) to 62kB.
- Added missing uuid_dec_le() to init_fp() so fdisk(8) -A works on big-endian architectures.
- Updated vi(1) to apply expandtab to the output of a ! command.
- Protected arp(4), ND6, and pppoe(4) with the kernel lock so that IP forwarding can be run in parallel.
- Updated various wireless drivers to use memset(3) to initialize ieee80211_rxinfo struct properly.
- Prevented a crash in vi(1) when cursor key support is disabled.
- Introduced dedicated link entries for snapshots to pfsync(4).
- Repaired rge(4) hardware vlan tagging.
- Changed crypto(3) to avoid expensive RFC 3779 checks during certificate verification.
- Updated Mesa to version 21.3.8.
- Added concatenated JSON output to rpki-client(8) filemode.
- Made ssh(1) try to continue running local I/O for channels in OPEN state during transport rekeying to allow escapes to work in the client if the connection stalls during a rekey event.
- Made rpki-client(8) hard error when parse_filepath() is passed an unknown repository id.
- Restored vte(4) original MDC speed control register value on vte_reset, needed for Vortex86DX3 machines.
- Enabled kstat(4) and kstat(1).
- Fixed kbd(8) so it doesn't fail silently when executed by a regular user.
- Made device matching in iwx(4) more similar to linux iwlwifi.
- Allowed more than one CRL URI in certificates for rpki-client(8)
- Made use of the fact that repositories are unique objects in pkg_add(1) and annotated the quirks repository as cached, allowing for a large speed increase.
- Relaxed address availability check for multicast(4) binds so processes listening for the same multicast address do not need to be the same UID.
- Fixed witness lock issue found where pfsync(4) holds the mutex and an interrupt grabs the kernel lock.
- Updated afterboot(8) to direct the user to use binary packages.
- Changed to a simpler formula to calculate a default kern.maxthread value: 2*NPROCESS.
- Simplified machine command handling in ddb(4).
- Fixed openrsync(1) on sparc64 by eliminating a redundant second conversion of the int value from little to host endian.
- Extended rpki-client(8) -f filemode to decode and print TAL details.
- Changed compress(1) to print a more accurate message when -v is used with -k.
- Added missing arches (aarch64, mipsel64, powerpc64) to categories in sendbug(1).
- Fixed calculation of the width of spanned columns in mandoc(1).
- Fixed memory leak in ipmi(4) get_sdr on failure.
- Added support for more power sensors to ipmi(4).
- Added support for switching from glass console to serial console on arm64 systems that default to glass console.
- Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.