OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4.
Changes made between OpenBSD 6.4 and -current
- Added Dynastream ANTUSB-2 to uscom(4) devices.
- Removed -S from install commands across the tree.
- Updated xterm to version 344.
- Reworked iwm(4) Tx rate selection to increase Tx throughput, especially on clean channels.
- Removed 11n support from AMRR in ieee80211(9).
- Replaced several hand-rolled functions with wcwidth(3) in less(1) in an ongoing effort to improve unicode support.
- Restored dhclient(8) behavior of clearing existing addresses when setting a new address.
- Fixed a regression introduced in OpenSSH 7.9 where the client reused the server's algorithm lists for KEX, ciphers and MACs. Removed the diffie-hellman-group-exchange-sha1 KEX method.
- Added support for recognition of the following arm CPUs: Cortex A76AE, Cortex Deimos, Neoverse E1 and Neoverse N1.
- Updated the en_US.UTF-8 locale(1) to Unicode 10.
- Improved the clang(1) X86FixupGadgets pass to further reduce ROP gadgets produced during compilation. Added a command line switch to disable this functionality.
- Changed ssdfb(4) to allow usage of mmap(2) so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed.
- Fixed an issue with xhci(4) transfers that could cause an "invalid CSW" error.
- Changed rsync(1) --delete behavior to better interoperate with GPL rsync.
- Implemented --numeric-ids in rsync(1).
- Updated Xau(3) to 1.0.9.
- Added TLSv1.3 alert handling to ssl(3).
- Fixed an endless loop in sysctl(8) when sysctl(2) fails to retrieve sensor data.
- Changed aucat(1) to use reallocarray(3) in place of potentially problematic usage of malloc(3).
- Added Cortex A76 to the list of arm64 CPUs not affected by spectre variant 2 branch injection attacks.
- Removed atomic_* operations in the tx start and completion paths of ix(4).
- Addressed inconsistent behavior when ksh(1) evaluates arithmetical expressions.
- Fixed tcp-md5 issues in bgpd(8) by making sure to set the sockaddr length field on the pfkey socket.
- Repaired a regression in stmpd(8) 'hostnames' mapping to select hostname based on the IP address of a listener.
- Prevented a panic in timeout_add(9) by rejecting negative input to vmm(4) to allow preservation and restoration of guest debug registers.
- Completed various adjustments to allow for future support of flow-aware transport of pseudowires (RFC 6391).
- Changed ether_output to use a routes gateway address (if available) for AF_MPLS frames.
- Simplified NFS checking in rc(8) reorder_libs().
- Added support for setting custom FastCGI parameters in httpd(8).
- Adjusted ifconfig(8) to display whether bwfm(4) firmware is using 802.11AC.
- Updated Mesa to 18.3.4. (Removed -fno-tree-pre from CFLAGS on sparc64 after the changes to login.conf removed the need to limit memory usage at build time).
- Synchronized staff datasize-cur in login.conf(5) for hppa and sparc64 with the defaults for other architectures.
- Implemented fixes for bgpctl(8) large community parsing.
- Changed llvm PowerPC code generation to avoid generating unaligned floating point load and store instructions.
- Fixed a race condition in wscons(4) involving the wsevsrc_* functions.
- Made several improvements to the portability of bgpd code.
- Added a vnode(9) error flag to prevent fsync(2) from reporting successful syncing when a past write failure has led to a buffer discard in vfs(9).
- Added rsync(1) support for --port=PORT and ":port" in the rsync:// URL. Unlike in the original rsync, service names are supported.
- Corrected usb(4) to publish a new attached device only once it is fully initialized, preventing a race condition.
- Converted openssl(1) pkeyutl to the newer style of option handling.
- Adjusted unwind(8) to restart the DoT resolver alongside the other resolvers when log verbosity changes.
- Improved time interpretation for at(1) by assuming that a time that is already past refers to the next day.
- Implemented the conv=fsync feature in dd(1) (mirroring GNU dd), performing an fsync(2) after the final write to output.
- Added chown pledge(2) to rsync(1), allowing root to gift files to other uids.
- Adjusted rsync(1) to set access time information with sub-second resolution.
- Changed vmm(4) to allow guests to see PA bits in CPUID, removing an unintentional guest memory size limit of 64GB.
- Fixed a case where ddb(4) would modify two variables instead of one on 64-bit architectures.
- Relaxed userland stack pointer checking to allow PROT_NONE permissions on a page in addition to MAP_STACK.
- Added support for -o, -D and -a in rsync(1).
- Changed dpath pledge(2) to allow mkfifoat(2) and mknodat(2).
- Allowed configuration of the rdomain for mpe(4) and mpw(4) interfaces.
- Removed casts to (unsigned) to avoid range reduction bugs from parse.y based parsers.
- Updated perl(1) to 5.28.1.
- Added support for server and client finished messages in ssl(3) TLSv1.3 client implementation.
- Added a new futex(2)-based rwlock(9) implementation. The existing rwlock implementation will be used for architectures lacking atomic primitives.
- Changed socket(2) options to allow calling of SO_PEERCRED on sockets created with socketpair(2).
- Adapted rsync(1) to use md4 from crypto(3).
- Integrated group ID send/receive and remapping into rsync(1).
- Added -g option and associated getpw pledge to rsync(1).
- Simplified imsg communications and improved privilege separation of dhclient(8). resolv.conf.tail(5) will now be read (allowing additional details to be supplied) with each proposal.
- Implemented support for -e and --rsh=name options in rsync(1).
- Added long-opts aliases for single-letter options present in rsync(1). Added missing -no-OPT long options.
- Adjusted bgpctl(8) show requests to handle the case where no neighbors are defined in bgpd(8).
- Implemented handling of Certificate and CertificateVerify messages in TLSv1.3.
- Began explicitly supporting VPNs in bgpd(8), redefining and changing the syntax of bgpd.conf(5). IMPORTANT NOTE: If MPLS VPNs are used, configuration will need to be adjusted.
- Moved the on-disk trust anchor for unwind(8) to /var/db/unwind.key, as it doesn't need to be in a directory writable by group _unwind. Additionally, began tracking it in changelist(5).
- Imported Kristaps' openrsync into the tree and began adjustment to match style(9) guidelines.
- Removed the implicit RTF_MPATH flag that rt_ifa_add() set on new routes.
- Simplified check for whether /usr/share is on an NFS filesystem in reorder_kernel.sh.
- Corrected PPC target in llvm to reflect that a long double is the same as a double on OpenBSD/powerpc.
- Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during ssh-keygen(1) with -D.
- Adjusted pfctl(8) parser to insist anchor names must not be empty.
- Further simplifed trust anchor handling in unwind(8), allowing removal of wpath and cpath pledges from the parent process.
- Set logging of x509 peers' certificate subject names during tls client authentication in httpd(8).
- Added Allwinner V3s support.
- Adjusted scp(1) to accept shell-style brace alternations (e.g. "{foo,bar}") when verifying that filenames sent by the server match client requests.
- Changed ssh(1) to log when a connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect.
- Updated to xf86-video-apm 1.3.0, xf86-video-s3virge 1.11.0, xf86-video-chips 1.3.0, xf86-video-i128 1.4.0, xf86-video-neomagic 1.3.0 and xf86-video-i740 1.4.0.
- Fixed ipv4 checksum calculation for mpls_input.c that was being performed in memory half the necessary size.
- Fixed a race condition for install(1). This patch makes the -S option a no-op, its functionality becoming the default behavior.
- Fixed stack info leak in execve(2).
- Made clear in the documentation that httpd(8) supports fastcgi over TCP.
- Imported unbound(8) 1.9.0 and updated unwind's copy of libunbound.
- Removed rpath from the pledge in cut(1) when only stdin is used.
- Rewrote trust anchor handling in unwind(8) to stop using libunbound's auto trust anchor feature, allowing tightening of the resolver process pledges.
- Implemented processing of EncryptedExtensions in the ssl(3) TLSv1.3 client.
- Added lock stack trace saving for witness(4). This setting is not enabled by default.
- Adjusted bwfm(4) to correct possible memory leaks by changing it to consistently use m_freem(9) and adding an assert to identify overruns of the task ring queue.
- Reworked fec(4) handling of descriptors and buffers. Added recovery in the case of a full transmission queue.
- Improved handling of roff identifiers that end with a tab character in mandoc(1).
- Fixed a possible memory leak in tcp_usrreq().
- Replaced overlapping memcpy(3) with memmove(3) in getpathname() for fsck_ffs(8) and fsck_ext2fs(8).
- Added display of rcpt address for RCPT errors in smtpd(8).
- Added -b to display-panes like run-shell in tmux(1).
- Fixed addend handling for relaxing R-PPC-PLTREL24 relocations in ld.bfd(1), making -Wl and -relax work well enough to link base clang on macppc.
- Fixed a potential out-of-bounds read when regcomp(3) is passed a bad expression.
- Adjusted ps(1) to work in single user mode where /var/run is unavailable or in cases where /dev does not exist.
- Added an example unwind.conf(5). (Note that unwind(8) works without a config file in many cases).
- Converted openssl(1) pkey to the newer style of option handling.
- Added handling of Cisco's Encapsulated Remote Switch Port Analyzer (ERSPAN) protocol to tcpdump(8).
- Fixed printing of major and minor from dev_t in various parts of the tree.
- Fixed NULL-deference crash in ssh(1) in the PKCS#11 code.
- Fixed a potential mbuf double free in the out-of-band soreceive() path.
- Added support for defining variables through the environment in pkg-config(1).
- Implemented as-override in bgpd(8), a feature where the neighbor AS is replaced by the local AS in AS paths.
- Added --validate flag to pkg-config(1) and updated version to 0.29.0.
- Added a pthread_get_name_np(3) to match pthread_set_name_np(3) in pthreads(3).
- Fixed an undefined case when neither -msave-args or -mno-save-args are specified in LLVM.
- Imported libc++, libc++abi and libunwind version 7.0.1.
- Adjusted members of glob_t to match POSIX in glob(3). IMPORTANT NOTE: This required a libc major version bump.
- Implementing parsing and processing of TLSv1.3 ServerHello messages in ssl(4).
- Fixed a panic caused by bwfm(4) by handling control messages that exceed MLEN.
- Applied a fix to update the caller-supplied pointer in semundo_adjust() to prevent a potential use-after-free panic.
- Allowed tun(4) access to AF_MPLS packets from userland.
- Converted openssl(1) rsautl to the newer style of option handling.
- Improved support for Marvell wi-fi microcontroller SoCs with the creation of the mvgicp(4) driver.
- Fixed exception handling issues with clang++(1) on platforms not using ld.lld(1) as the default linker.
- Added captive portal detection for unwind(8).
- Enabled -msave-args when building an amd64 kernel with clang(1).
- Increased datasize in login.conf(5) for sparc64 to accommodate Mesa.
- Adjusted pfctl(8) to show the routing address selected by "route-to" when "pfctl -s states" is used.
- Improved stack trace saving on amd64 and i386.
- Added retries to acme-client(1) when not all challenges are validated.
- Fixed wscons(4) to remove a potential use-after-free panic involving wskbclose().
- Fixed ixl(4) calculation of physical function ID, improving the function of the second port on dual port cards.
- Added libelf to allow future use by Mesa.
- Applied connection timeouts from an initial ssh(1) attempt to subsequent attempts.
- Fixed lost interrupts in fec(4) which could lead to full TX queues.
- Incremented efiboot version to 0.14. This is the first version to support softraid(4).
- Added kernel locking for clocks in clock_gettime.
- Adjusted pf.conf(5) to allow non-numerical port specifications in line with other rules and added an error message regarding ranges without start values.
- Fixed compilation of amd64 kernel when optimization is disabled.
- Improved mandoc(1) tbl(7) centering in mdoc(7) documents.
- Implemented booting from softraid on arm64.
- Modified unwind(8) to grant non-privileged users access to status information. Use of reload and logging commands requires root.
- Enabled unused IQ/ADC calibration code in the athn(4) driver. Complete and enable noisefloor calibration code.
- Adjusted tc_setclock not to rewind the system uptime during resume/unhibernate.
- Corrected handling of TLS sigalgs extensions for TLSv1.0/TLSv1.1 for ssl(3).
- Modified bwfm(4) to query firmware for RSSI levels and current transmit rate on behalf of ifconfig(1).
- Implemented -msave-args in clang(1)/llvm.
- Updated compiler-rt to 7.0.1.
- Enabled CRYPTO for arm64 RAMDISK to allow use of softraid(4) crypto during installation.
- Fixed a bug in calendar(1) that led to duplicate display of events when -B was used.
- Improved imsg processing in unwind(8) to be more paranoid, excepting the control socket (so users can't bring down unwind).
- Adjusted pckbc(4) to discard unwanted mouse events from the keyboard input channel while on the console.
- Modified mail.lmtp(8) to strip carriage returns from lmtp responses.
- Added a dedicated sysctl(2) node for witness(4).
- Imported Mesa 18.3.2.
- Modified rtwn(4) to accept control frames in monitor mode.
- Made -N and -r mutually exclusive in pfctl(8), allowing either disabling DNS or enabling additional reverse lookups, not both.
- Enabled ixl(4) on sparc64.
- Implemented -a ("archive" mode, synonymous with -RpP) for cp(1).
- Adjusted fstat(1) to filter multiple pids and multiple users at the same time.
- Switched i386 to use lld as the default linker.
- Stopped accounting/updating priorities for idle threads, fixing an accounting bug where top(1) would report high CPU usage for idle threads of secondary CPUs right after booting.
- Implemented the ability to break into ddb(4) using imxuart(4).
- Modified ld.lld(1) to produce binaries compatible with the W^X implementation on i386.
- Unveiled _PATH_DEVDB in su(1) and wall(1) due to the use of ttyname(3).
- Added domain-s (DNS over TLS) to services(5).
- Imported LLVM 7.0.1 release.
- Implemented DNS over TLS (DoT) in unwind(8).
- Added a kernel fix for a potential panic when a negative value is used to index an array, validating in wscons(4) the user-supplied device index given to WSMXUIO_ADD_DEVICE.
- Adjusted mpe(4) mpls rtable behaviour to match mpw(4), removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6.
- Added 'uselease' statement to dhclient(8) to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values.
- Improved support for nmea(4) devices, providing altitude and ground speed values as sensors.
- Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.
- Made ssh-keyscan(1) return a non-zero exit status if it finds no keys.
- Added a delay to fix pms(4) touchpad driver issue on ThinkPad X1 Gen6.
- Tagged the start of witness(4) output with prefix "witness:" to allow easier data extraction.
- Changed an abort(3) call to an _exit(2) in crypto(3) to guarantee termination of the running program without potentially leaving key material in core files.
- Fixed a double free in ldap(1).
- Eliminated a bug wherein the ttl 0 could be incorrectly decremented to ttl 255 for incoming mpls packets.
- Fixed microsecond output of timestamp deltas (-tttt) for tcpdump(8).
- Enabled ccp(4) on arm64 and armv7 ramdisks.
- Set ssh(1) to accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key, allowing pasting of fingerprints obtained through other means to have the client perform the comparison for you.
- Forced progressmeter to update at the beginning and end of a transfer, fixing a bug where it wouldn't display on quick scp(1)/sftp(1) transfers.
- Fixed a crash on long lines when switching to another file in vi(1).
- Increased default datasize on arm64 to 768M to prepare for building clang 7.
- Removed SHA224 and GOST-based signature algorithms from use in TLS 1.2.
- Set route(8) to display the same flags in RTM_IFINFO messages as ifconfig(8).
- Reworked mpw(4) to be an actual ethernet interface.
- Removed support for obsolete "host/port" syntax in ssh(1). This is no longer commonly used and may be confused with CIDR notation.
- Changed bridge(4) to only copy packets for span ports if the bridge is up.
- Imported unwind(8), a hybrid validating stub and recursive resolver. It actively observes the local net to decide how best to resolve names.
- Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support.
- Added the apm(4) subsystem to arm64.
- Taught ldpd(8) to ask if a potential pseudowire interface is pwe3-capable.
- Changed scp(1)/sftp(1) to sanitize scp filenames via snmprintf.
- Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for ssh-keygen(1).
- Reworked how tcp(4) md5 signatures are configured in ldpd(8). Now configuration is allowed against a prefix in addition to a neighbour.
- Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a diskless(8) host.
- Pledged video(1) in response to the newly-added promise.
- Reordered PCI device assignment in vmd(8) to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions.
IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis.
- Increased maximum MTU of bnxt(4) to match the linux driver.
- Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API).
- Added support to crypto(3) for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces.
- Modified syspatch not to return an error if a rollback is attempted when no patches have been installed.
- Syspatch(8) now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine.
- Removed undocumented 24 hour limits for timeouts from select(2), pselect(2), poll(2) and ppoll(2).
- Added a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
- Switched sntrup implementation source from supercop to libpqcrypto in ssh(1).
- Added the ability to parse epoch seconds to strptime(3). Added a -f pformat flag to parse the given time with strptime to date(1).
- Fixed problem where unveil(2) system call can leak memory.
- Added video promise to pledge(2), allowing ioctls on video(4) devices selected from video(1) and firefox wbrtc implementation.
- Introduced a dedicated entry point data structure for file locks.
- Provided the initial TLSv1.3 client implementation in LibreSSL.
- Introduced -v flags for ssh-add and ssh-pkcs11-helper in ssh(1).
- Improved logging to record actual time values and specify whether a TLS certificate is not yet valid or expired when using ntpd(8) constraints.
- Factored out several functions duplicated between client and server for ssh(1).
- Removed obsolete SSH v.1 functions in ssh(1).
- Enables manual validity checking for constraints in the X.509 certificate in ntpd(8). This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.
- AMD64 machines will now support 2TB of physical memory, extendable in the future.
- Improved handling of CPUID[1].ECX[OSXSAVE] bit.
- Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage.
- Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in vmm(4). These will now generategeneral protection fault as per spec.
- Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4).
- Added refresh for arp(8) entries that are about to expire.
- Added support in bgpd(8) and bgpctl(8) for group descriptions in control messages that accept a neighbor description.
- Added support for ECDSA keys in PKCS#11 tokens.
- Added a -T option to test whether ssh(1) keys in an agent are usable.
- Imported xorgproto 2018.4.
- Added support for a new kcov(4) trace mode called KCOV_MODE_TRACE_CMP to trace comparison instructions and switch statements, usable during fuzzing to generate even more coverage.
- Set the shell to strip quotation marks from daemon_flags when starting a daemon with rc.d(8), making the details in pexp match what appears in the process list.
- Restored correct display of treasure when snake runs over the money in snake(6). Adjusted cursor location during space warp and display of the pinball bonus.
- Changed imsg header definitions to use standard types.
- Fixed BN_is_prime_* calls in libcrypto(3), openssl(1), ssh(1) and sshd(8).
- Handled link state change interrupts in ixl(4).
- Serialized tc_windup() calls and modified some timehands.
- Committed refactored ssh(1) packet parsing API.
- Changes to dhclient(8) now handle changes to SSID or LLADDR by retrieving a new lease. This mproves performance when join connects to new networks.
- Improved join error handling inifconfig(8).
- Added a pwraction sysctl(8) that allows conversion of a power button into a sleep button if desired.
- Set an ssh(1) password prompt to begin with a carriage return to obscure portions of a password entered too early.
- Enabled myx(4) on the large ramdisk for amd64.
- Finished randomizing remaining layers of pmap_kernel.
- Enabled ixl(4) on amd64.
- Added a TLS record handling implementation.
- Moved boottime into the timehands.
- Added a partial port of EC_KEY_METHOD from OpenSSL 1.1 to libcrypto. Added various apis from OpenSSL 1.1 to LibreSSL.
- Set removal of a currently active network from the join list to disconnect as well.
- Added "join any" option to allow users to automatically connect via join() to any open wifi network. Known networks are preferred.
- Increased the socket buffer size for sendsyslog(2) to 1 MB for fewer messages dropped by syslogd(8).
- Updated to libpixman 0.36.0 in xenocara.
- Added protective check for negative length integers in nfs clients and servers, as well as negative length NFS strings.
- Reconnected bfd(4) to the build after updating for sounlock() api change.
- Set dhclient(8) to ignore HUP signals. Starting a new dhclient will handle this use case by killing and executing a new copy.
- Began validating relative timeout before sleeping for futex(2).
- Began validating inputs to adjtime(2), settimeofday(2) and clock_settime(2).
- Changed the default digest type to sha256 for openssl(1). Added support for pbkdf2 with OpenSSL-compatible flags.
- Removed vmm(4) and disabled vmd(8) and vmctl(8) for i386 systems.
- Renamed TLS extension-handling functions to better fit TLSv1.3.
- Enabled use of a 64-bit register when required for inline assembly on sparc64, correcting sparc64 kernels compiled with clang(1).
- Continued work to prepare the network stack for fine-grained locking.
- Added support for the SSD1306 OLED display.
- Modified signify(1) and doas(1) to prevent passwords from being retained in memory when errors are encountered.
- Prevented users from specifying multiple join or nwid arguments in one ifconfig(8) call.
- Fixed crash conditions in unveil(2), along with some cases where unveil would return ENOENT instead of EACCESS.
- Enabled bwfm(4) in RAMDISK_CD for amd64, allowing use during installs.
- Laid groundwork for TLSv1.3.
- Added a -h flag to sftp(1) chown(8), chgrp(1), and chmod(1) commands to request they not follow symlinks.
- Added support for a "lsetstat@openssh.com" extension. This replicates the
functionality of the existing SSH2_FXP_SETSTAT operation but does not
follow symlinks.
- Updated to exit syspatch(8) correctly after updating itself. Improvement to readability of patches to install on first boot.
- For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where ospfd(8) and ospf6d(8) overwrite this information when "depend on" is used and the specified interface is down.
- Added Allwinner H3/H5 ohci(4) clocks.
- Repaired inter-word spacing of postscript and pdf outputting by mandoc(1).
- Corrected setting of default colours in tmux(1).
- "No data" frames will no longer be processed in ieee80211_input(9) before decryption and incorrectly counted as decryption failures.
- Characters that will not be copied are no longer highlightable in tmux(1).
- Allowed programs to set the Checking Disabled flag on DNS requests.
- Prevented ntpd(8) from starting when an instance is already running.
- Added support for building sparc64 kernels with clang(1).
- Fixed mailq(8) output for smtpctl(8).
- Code review and clean up of locate(1).
- Fixed minor issues in ksh(1).
- Modified ttyflags(8) to improve memory usage.
- Cleanup and improvement of dhclient(8).
- Redundant debug message removed for iwn(4).
- Added support for gpio(4) bus and improved card detection on Octeon systems.
- Fixed an off-by-one error in pfkeyv2_sysctl_policydumper().
- Improved support for Broadcom trackpad mouse ubcmtp(4) by validating interfaces and claiming them during *attach().
- Validated interfaces for if_ral passed to *match().
- Improved syslog(3) to support program names including "." and "_".
- Updated xf86-video-ati to 18.1.0.
- Set clang(1) to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.
- Enabled uhci(4) USB support for ARMv7.
- Antiquated mincore(2) will not be needed and was removed, eliminating an interface that exposed physical machine information unnecessarily.
- Bug fixes for otus(4) devices based on the Atheros AR9001U chipset.
- Changed mandoc(1) html output to display tooltips using css exclusively.
- Clarified in documentation that OpenBSD ignores the LC_NUMERIC category as a safety practice, and outlined best practices for portable programs.
- Addition of the imxsrc(4) i.MX system reset controller driver, used to assert the reset pins for the PCIe controller, etc.
- Bug fixes in pfctl(8).
- Added abcrtc(4) Abracon AB1805 real-time clock driver.
- Eliminated alloca(3) call from vioqcow2.c and replaced with malloc(3) to prevent known-location object placement by an attacker.
- Implemented Event()/Signal()/Wait() AML operations for acpi(4).
- Improved the "not my pool" searching loop in malloc(3) and made the number of pools variable. Optimization of multi-threaded case by adjusting default number of pools to 8.
- Hacking on virtio(4), including defines, bug fixing and pci device list.
- kern_time.c will not allow cancellation of ongoing adjtime(2) until after full permission checks.
- Adjusted nc(1) to use memset(3) instead of bzero(3) for portability and POSIX compliance.
- Pledge(2) and unveil(2) unbound-anchor(8).
- Improved portability of mandoc(1) to other operating systems. Improved html and css used for html generation.
- Prevented radeondrm(4) from using aperture memory to overlap the framebuffer.
- Improved ddb(4) readability by printing right-aligned hex values.
- Fix for rcs(1) to allow correct lock resolution before expansion of keywords, so expansion can happen with the correct values and files don't show up as modified.
- Added the ability for arm64 efiboot to boot from partitions other than "a".
- Spleen font enabled in wsfontload(8), along with font selection logic to allow selecting larger fonts when available at runtime in rasops(9).
- Implemented an if_enqueue handler for vlan(4), bypassing the ifq handling for a performance improvement in particular configurations.
- Disabled ret-protector and retpoline protections in the clang(1) compiler to regain build performance.
- Adjusted httpd(8) to start when TLS is configured.