This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Corrected LED GPIO pin for AR9287-based usb devices.
Added the ability to openrsync(1) to combine rsync:// and -e by splitting rsync_socket() into rsync_connect to establish a TCP connection to the remote daemon, and rsync_socket() to run the actual protocol.
Modified several daemons to avoid calling dup2(oldd, newd) when oldd == newd, preventing the descriptor from keeping CLOEXEC flag and being closed unexpectedly by exec().
Set -E disklabel(8) editing prompt to always display the disk device whose label is being edited and change '>' to '#' when in expert mode.
Adjusted unwind(8) to use getaddrinfo_async(3) when resolving captive portal hosts, rather than resolving internally.
Added retguard macros to set/jmp/longjmp on amd64.
Restricted the number of allowed wsmux(4) devices to prevent malloc from panicking when the device minor is sufficiently large.
Modified pfctl(8) to fail on invalid netmasks when filling tables, preventing CIDR networks with more than one "/" from being loaded into tables.
Began to use stricter validation checks for A-MPDUs in the net80211 input path, requiring RUN state to accept A-MPDUs and refusing them from unassociating cients in hostap mode.
Corrected AR9287 USB device EEPROM read offset.
Adjusted midi(4)-related flow control messages to be sent only once half the client buffer space has been consumed, avoiding sending unneeded messages on the network.
Set aucat(1) to wait until server disconnect to close the socket, preventing loss of the last bytes.
Added support for Exar XR21V1410 USB serial adapters and added the uxrcom(4) driver to allow disabling of hardware flow control.
Added wsconsctl(8) support for display of fontwidth and fontheight values.
Fixed interaction between ClientAliveInterval and RekeyLimit that could cause an ssh(1) connection to close incorrectly.
Added pci(4) power-down support for AR8152 ethernet controllers.
In vmm(4), use sgdt/sidt to reset the GDT/IDT limits after exiting the guest VM on VMX, preventing a default limit set too high on exit.
Modified adjtime(2) to se EINVAL if delta overflows 64 bits of microseconds to be consistent with practices elsewhere.
Introduced a new rwlock, tc_lock, which allows adjfreq(2) and the kern.timecounter.hardware sysctl(2) to read/write the active timecounter pointer and the .tc_adj_freq member of the active timecounter safely. This prevents torn read/writes when dropping KERNEL_LOCK and ensures the active timecounter doesn't change during an adjfreq(2) call.
Fixed ssh(1) authentication failures when 'AuthenticationMethods any' in a Match block overrides a more restrictive global default.
Created a warning-no-op for openrsync(1) indicating that -z support is not yet written.
ospfd(8) now aborts reloading if the router-id changes.
Fixed issues with pctr(4) and suspend. cpu(4) callback will now restore the pctr(4) settings after suspend/hibernate.
Modified ssl(8) to defer signal algorithm selection until the certificate is known and it is time for signature generation.
Added a chain member to CERT_PKEY and provided functions for manipulating it.
Increased the default RSA key size to 3072 bits in ssh(1). This provides security equivalent to 128 bits, which is the smallest symmetric cipher enabled by default.
Added the syspatch(8) signify key for OpenBSD 6.6.
Switched to precision scrolling in wstpad in wscons(4).
Adjusted unwind(8) to check resolvers based on change of state rather than at regular intervals. Resolvers are now rechecked when no longer behind a captive portal.
Added a fix to azalia(4) for the right-side speaker on the Dolby Atmos system of the Huawei Matebook 1, allowing it to play in stereo.
Modified signify(1) such that -n will zero the gzip timestamp.
Used the debugger mutex for 'ddb_mp_mutex' to prevent a race condition that could leave it locked if one CPU incremented 'db_active' while another was in the critical section.
Added a simple spinning mutex for ddb(4) which spins even if 'db_active' or 'panicstr' has been set and disables IPIs in the critical section.
Moved adjtimedelta into the timehands and adopted the lockless read protocol used for system boot time and uptime to ensure safe read/writes for adjtime(2) callers.
Corrected DMA channel number selection on the AR816x family of controllers in alc(4).
Added support for Meinberg DCF600USB devices to umbg(4).
Prevented render nodes from being flagged as primary nodes by drm(4).
Added -E option to specify an alternative escape character in cu(1).
Fixed rc.d(8) to correctly run an rdomain 0 rc.d daemon in rdomain 0 rather the current routing table when started from a non-default rdomain(4) shell.
Modified ixl(4) devices to run event callbacks directly in the atq processing, preventing multiple link state events from firing with the same callback and causing an infinite loop.
Changed the parsing of dhclient.conf(5) 'prepend' statements to 'supersede' and 'append' to 'default' when the option data cannot be prepended or appended to. A parsing warning will be issued to allow users to adjust their configuration files.
Began to ensure that outer ICMP packet destination IP and inner protocol packet source IP addresses match in ICMP and ICMP6 packets with pf(4), to prevent passage of nonsensical packets.
Corrected a bug in mandoc(4) where an empty final line of input could lead to a buffer overflow.
Merged Mesa 18.3.5.
Addressed an issue with uaudio(4) where a busy system could cause audio playback to cease when a status of USBD_IOERROR led to erroring out early in uaudio_pdata_intr().
Extended the #[] style syntax to allow status lines in tmux(1) to extend up to five lines in height, configurable with a single option. Added the 'align' option for alignment within the status lline array, entries in tree mode and pane status lines; 'list' for the window list and 'range' to configure ranges of text for mouse bindings.
Edited vmctl(8) to allow an existing VM to be started by referencing its ID.
Added kubsan(4), an undefined behavior sanitizer for the kernel, which will print findings about undefined behavior at runtime to the system console. This is limited to architectures using clang(1) as their default compiler and is not enabled by default.
Made changes to rasops(9) to correct font filtering. Invoking the -l option of wsfontload(8) will now allow display of all currently loaded fonts.
Added format variables for default tmux(1) variables in various modes. Added a -a display-message flag to list variables with values.
Fixed tmux(1) to forcibly kill the previous job before starting new.
Changed dwiic(4) to fetch timing parameters from ACPI and have it attach on Intel 300 series devices.
Improved and enabled isochronous transfers in xhci(4). This allows laptop cameras on many newer laptops to work properly.
Fixed rad(8) to only accept one ICMPv6 and one route socket. This fixed a scenario where the ICMPv6 socket was also used as the route socket for a short while.
Changed slaacd(8) and rad(8) to refuse a control socket if it already has one.
Fixed ieee80211(9) autojoin for WEP networks by actually saving the WEP auth key.
Added a -v flag to tmux(1) to aid with debugging formats such as the status line format.
Changed printing of bgpd(8) configuration to show options set to non-default values.
Added a fallback of direct serial hardware access to uefiboot(8) for those UEFI machines that have serial ports but whose firmware does not have the serial io protocol.
Made searching for uppercase characters in less(1) use mbtowc(3) rather than the buggy and outdated step_char() and correctly use iswupper(3) rather than isupper(3), further improving UTF-8 support.
Fixed the balancing of octciu(4) work queue interrupts.
Backported support for probing ARMv8 hardware acceleration capabilities on armv7 in preparation for adding support for the probing code for arm64.
Improved speed of C++ unwinding by implementing a red-black tree based cache in libunwind.
Cleaned up less(1) UTF-8 handling in backc() and do_append().
Modified tmux(1) to allow multiple modes to be open in a pane.
Changed tset(1) and ttys(5) to use hardware tabs as the default since almost all terminals now support them.
Added a new driver for USB Audio Class v2.0 devices to uaudio(4). The new driver maps audio blocks to USB transfers allowing precise synchronization and better reliability. This replaces the current one for USB Audio Class v1.0 devices.
Added copy_output() and underrun() methods to audio(4) to support drivers using bounce buffers (e.g. uaudio(4)).
Fixed delayed completions for isochronous transfers using uhci(4).
Separated fields output by pcidump(8) with commas since some fields are strings now.
Made slaacd(8)imsg(3) more paranoid for everything but the control socket.
Made vmd(8) to wait for the controlling end of a pty to become writeable before waiting for read events. This fixed an issue where a recent kqueue pty change caused vmd to hammer the log.
Added amdgpu to the list of possible driver firmware for fw_update(1).
Taught pcidump(8) about pci class and subclass names.
Moved adjtimedelta from kern_time.c to kern_tc.c in preparation for upcoming MP-safety changes to the timecounting layer.
Switched to the use of safe memory reclamation (SMR) in octcrypto(4/octeon) to reduce the need for atomic operations.
Made it possible to build xterm(1) with OPT_TRACE.
Changed acme-client(1) to use temporary strings for calls to basename(3) to make the code more portable, as basename can change the contents of its argument on other platforms.
Fixed 'announce inet none' for bgpd(8). It had cleared more than just the AFI/SAFI pairs where the AFI is inet.
Updated xf86-video-ati to 19.0.0. This fixes an Xorg segfault.
Made xterm(1) stop using its broken, hand-rolled wcwidth implementation in preference over the system wcwidth(3).
Changed acpithinkpad(4) to default to the ACPI method and fallback to the CMOS method if the ACPI method fails. This makes screen backlight changes work for the x260. Unmasked the microphone mute event which is needed on the x260.
Updated Spleen kernel fonts to the latest released version.
Updated the error message that disklabel(8) displays for the interactive 'n' command to show that -F or -f is required.
Fixed booting on 486s without cpuid by returning early in microcode loading if cpuid is not available.
Improved cleanup of the configuration on shutdown of bgpd(8). This helps to detect memory leaks.
Improved portability of OpenSSH by moving checks for lists of users or groups into their own functions.
Modified sshd(8) to reset last-seen time when sending a keepalive. This prevents premature termination of a connection when ClientAliveCount=1.
Fixed parsing of rules using "once" in pfctl(8). 'match one' and 'anchor "a" once' had been erroneously allowed.
Unmasked keyboard brightness and screen brightness events in acpithinkpad(4). This keeps wscons(4) keyboard.backlight in sync and allows reaction to screen brightness keys. On newer ThinkPads, made thinkpad_brightness{up,down} use the ACPI method for adjusting screen brightness. This fixes screen brightness on the x270, x280, t470s, t470p, x1c6 and potentially additional models.
Modified ixl(4) to ignore rx interrupts before the interface is running. This prevents a crash in cases where the PXE rom has left rx interrupts pending.
Changed Mesa build to include LLVM support on amd64 and i386 now that libelf and a shared libLLVM are included in base. This will allow building of the radeonsi Mesa driver, adding accelerated support for radeon parts built on the Graphics Core Next (GCN) architecture.
Increased UFS dirhash memory slightly to increase directory performance now that very tiny machines are less common.
The install*.fs and install*.iso files increased in size due to clang library changes.
Built and installed llvm includes, llvm-config and a shared libLLVM, required to build the radeonsi Mesa driver.
Applied a background initialization progress fix from mfii(4) to mfi(4).
Combined queue drops with errors as fails when showing interface stats in netstat(1). To view queue drops or errors alone, use -d or -e respectively.
Exposed interface queue drops in the interface view of sysstat(1). Queue drops and errors may be viewed with the use of 'd' and 'e' respectively, or as a combined statistic, using 'f'.
Added support for RFC 6455 Websockets connection upgrade to relayd(8).
Changed man(1) error message in cases where the manual page is not found and the architecture is unknown. It will now note the unknown architecture rather than the name of the manual page.
Finished removal of improper detection of input line breaks in mandoc(1), instead using the NODE_LINE flag.
Fixed an i386 segfault in ipsecctl(8) with the -ss option by adding padding to the struct sadb_x_counter to comply with alignment constraints documented in RFC 2367 (2.2).
Fixed a hang that could happen when more than one writer awaited a read-locked rwlock(9) by waking all waiters upon unlock.
Introduced handling of malloc(3) failure in nm(1) to prevent crashing with NULL pointer access.
Corrected an error where processing manual pages continued incrementing suffix numbering globally. The HTML formatter state is now reset after processing in mandoc(1).
Updated to libfontenc 1.1.4.
Removed use of unveil(2) from the unwind(8) main process to allow configuration reloading.
Increased the character limit for vm names to 64 for vmm(4).
Set a limit on the number of allowed stacked wsmux devices in wscons(4) to prevent exhaustion of the kernel stack.
Added a timeout to refill the rx ring when empty for em(4).
Fixed a crash where ld(1) would assume input files are ELF objects and try to free uninitialized memory.
Tied group number and name together during configuration in cwm(1).
Began UTF-8 cleanup of store_char() within less(1).
Increased accessibility for mandoc(1) through the addition of HTML sectioning elements.
Fixed bgpd(8) leak of non-dynamic objects on configuration reload when adding an already-present network to the list of announcements.
Improved handling of HT protection for 'mode 11n' hostap and switched to use of CTS-to-self frames rather than RTS/CTS for HT protection. Corrected ieee80211(9) misclassification of certain devices as 11a/g which led to unnecessary use of HT protection.
Corrected ieee80211(9) to pick up the AP's 11g ERP protection setting properly in 11n client mode.
Updated athn(4) to explicitly configure timing of control frames. The chip is updated with values for SIFS interval and ACK/RTS/CTS timeout with configuration changes, like ath9k in Linux.
Fixed two race conditions in sshd(8) relating to SIGHUP by extending messaging to communicate that it is safe for parent processes to restart.
Ensured expected behavior when setting PKCS11Provider=none in ssh(1).
Added new mmap(2) flag MAP_CONCEAL. Memory under MAP_CONCEAL is not written to the disk in the event of a core dump.
Ensured actions will not be carried out in cwm(1) using the last group when the requested one is not found.
Fixed bug where IPv6 fragments with malformed extension headers could be erroneously passed by or cause a panic in pf(4).
Set TLS handshakes to automatically complete as part of read/write calls to prevent attempts to read data that does not exist.
Added mpip(4), an IP tunnel interface for "IP Layer 2" over MPLS pseudowires. This can be used to quickly set up an IP tunnel over an MPLS fabric without the need to configure bgpd(8) and mpe(4) interfaces.
Modified iwm(4) to use CTS-to-self for HT protection if requested by the AP, rather than always using RTS.
Disabled RTS threshold by default for ieee80211(9). This has been replaced by a heuristic in 11n and is not clearly preferable in many situations. RTS will continue to be used for certain drivers and when 11g protection is enabled by the AP when 11b clients are around.
Implemented support for dynamic RTS threshold in MiRA, improving throughput and latency on 11n networks.
Fixed cases where iwn(4) scan misreported the channel of wifi networks.
Moved to 6.5 Beta.
Corrected return values for non-fatal TLS alerts to prevent attempted use of non-existent record data following user cancellation.
Improved handling of TLS errors in nc(1) to prevent silent failures.
Introduced safe memory reclamation (SMR), a mechanism for reclaiming shared objects that readers can access without locking. This provides a basis for read-copy-update operations. SMR-protected objects are not destroyed while readers are using them, and a callback may be scheduled with the use of smr_call(9) as an alternative to waiting.
Increased the built-in certificate validity for simple configurations in ikectl(8) from 365 to 4500 days, preventing the need to install new CA certificates on all client machines. Default validity for server certificates remains at 1 year.
Added bgpd(8) support for '*', local-as and neighbor-as for ext-community matching. If local-as/neighbor-as is used as an expansion of AS number then bgpd will default to the 4-byte AS type to encode the community.
Re-enabled interrupts on resume with RF switch disabled on iwn(4) devices.
Prevented packet loss due to rxr overfilling the ring buffer on ix(4) devices.
Implemented support for pwe3 ioctls.
Improved ixl(4) support to avoid a deadlock in ixl_down when calling ifq_barrier.
Replaced several hand-rolled functions with wcwidth(3) in less(1) in an ongoing effort to improve unicode support.
Restored dhclient(8) behavior of clearing existing addresses when setting a new address.
Fixed a regression introduced in OpenSSH 7.9 where the client reused the server's algorithm lists for KEX, ciphers and MACs. Removed the diffie-hellman-group-exchange-sha1 KEX method.
Added support for recognition of the following arm CPUs: Cortex A76AE, Cortex Deimos, Neoverse E1 and Neoverse N1.
Improved the clang(1) X86FixupGadgets pass to further reduce ROP gadgets produced during compilation. Added a command line switch to disable this functionality.
Changed ssdfb(4) to allow usage of mmap(2) so the framebuffer can be used outside of the kernel. Also allowed brightness levels to be changed.
Fixed an issue with xhci(4) transfers that could cause an "invalid CSW" error.
Changed rsync(1) --delete behavior to better interoperate with GPL rsync.
Added support for setting custom FastCGI parameters in httpd(8).
Adjusted ifconfig(8) to display whether bwfm(4) firmware is using 802.11AC.
Updated Mesa to 18.3.4. (Removed -fno-tree-pre from CFLAGS on sparc64 after the changes to login.conf removed the need to limit memory usage at build time).
Synchronized staff datasize-cur in login.conf(5) for hppa and sparc64 with the defaults for other architectures.
Implemented fixes for bgpctl(8) large community parsing.
Changed llvm PowerPC code generation to avoid generating unaligned floating point load and store instructions.
Fixed a race condition in wscons(4) involving the wsevsrc_* functions.
Made several improvements to the portability of bgpd code.
Added a vnode(9) error flag to prevent fsync(2) from reporting successful syncing when a past write failure has led to a buffer discard in vfs(9).
Added rsync(1) support for --port=PORT and ":port" in the rsync:// URL. Unlike in the original rsync, service names are supported.
Corrected usb(4) to publish a new attached device only once it is fully initialized, preventing a race condition.
Converted openssl(1) pkeyutl to the newer style of option handling.
Adjusted unwind(8) to restart the DoT resolver alongside the other resolvers when log verbosity changes.
Improved time interpretation for at(1) by assuming that a time that is already past refers to the next day.
Implemented the conv=fsync feature in dd(1) (mirroring GNU dd), performing an fsync(2) after the final write to output.
Added chown pledge(2) to rsync(1), allowing root to gift files to other uids.
Adjusted rsync(1) to set access time information with sub-second resolution.
Changed vmm(4) to allow guests to see PA bits in CPUID, removing an unintentional guest memory size limit of 64GB.
Fixed a case where ddb(4) would modify two variables instead of one on 64-bit architectures.
Relaxed userland stack pointer checking to allow PROT_NONE permissions on a page in addition to MAP_STACK.
Integrated group ID send/receive and remapping into rsync(1).
Added -g option and associated getpw pledge to rsync(1).
Simplified imsg communications and improved privilege separation of dhclient(8). resolv.conf.tail(5) will now be read (allowing additional details to be supplied) with each proposal.
Implemented support for -e and --rsh=name options in rsync(1).
Added long-opts aliases for single-letter options present in rsync(1). Added missing -no-OPT long options.
Adjusted bgpctl(8) show requests to handle the case where no neighbors are defined in bgpd(8).
Implemented handling of Certificate and CertificateVerify messages in TLSv1.3.
Began explicitly supporting VPNs in bgpd(8), redefining and changing the syntax of bgpd.conf(5). IMPORTANT NOTE: If MPLS VPNs are used, configuration will need to be adjusted.
Moved the on-disk trust anchor for unwind(8) to /var/db/unwind.key, as it doesn't need to be in a directory writable by group _unwind. Additionally, began tracking it in changelist(5).
Imported Kristaps' openrsync into the tree and began adjustment to match style(9) guidelines.
Removed the implicit RTF_MPATH flag that rt_ifa_add() set on new routes.
Simplified check for whether /usr/share is on an NFS filesystem in reorder_kernel.sh.
Corrected PPC target in llvm to reflect that a long double is the same as a double on OpenBSD/powerpc.
Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during ssh-keygen(1) with -D.
Adjusted pfctl(8) parser to insist anchor names must not be empty.
Further simplifed trust anchor handling in unwind(8), allowing removal of wpath and cpath pledges from the parent process.
Set logging of x509 peers' certificate subject names during tls client authentication in httpd(8).
Added Allwinner V3s support.
Adjusted scp(1) to accept shell-style brace alternations (e.g. "{foo,bar}") when verifying that filenames sent by the server match client requests.
Changed ssh(1) to log when a connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect.
Updated to xf86-video-apm 1.3.0, xf86-video-s3virge 1.11.0, xf86-video-chips 1.3.0, xf86-video-i128 1.4.0, xf86-video-neomagic 1.3.0 and xf86-video-i740 1.4.0.
Fixed ipv4 checksum calculation for mpls_input.c that was being performed in memory half the necessary size.
Fixed a race condition for install(1). This patch makes the -S option a no-op, its functionality becoming the default behavior.
Made clear in the documentation that httpd(8) supports fastcgi over TCP.
Imported unbound(8) 1.9.0 and updated unwind's copy of libunbound.
Removed rpath from the pledge in cut(1) when only stdin is used.
Rewrote trust anchor handling in unwind(8) to stop using libunbound's auto trust anchor feature, allowing tightening of the resolver process pledges.
Implemented processing of EncryptedExtensions in the ssl(3) TLSv1.3 client.
Added lock stack trace saving for witness(4). This setting is not enabled by default.
Adjusted bwfm(4) to correct possible memory leaks by changing it to consistently use m_freem(9) and adding an assert to identify overruns of the task ring queue.
Reworked fec(4) handling of descriptors and buffers. Added recovery in the case of a full transmission queue.
Improved handling of roff identifiers that end with a tab character in mandoc(1).
Enabled -msave-args when building an amd64 kernel with clang(1).
Increased datasize in login.conf(5) for sparc64 to accommodate Mesa.
Adjusted pfctl(8) to show the routing address selected by "route-to" when "pfctl -s states" is used.
Improved stack trace saving on amd64 and i386.
Added retries to acme-client(1) when not all challenges are validated.
Fixed wscons(4) to remove a potential use-after-free panic involving wskbclose().
Fixed ixl(4) calculation of physical function ID, improving the function of the second port on dual port cards.
Added libelf to allow future use by Mesa.
Applied connection timeouts from an initial ssh(1) attempt to subsequent attempts.
Fixed lost interrupts in fec(4) which could lead to full TX queues.
Incremented efiboot version to 0.14. This is the first version to support softraid(4).
Added kernel locking for clocks in clock_gettime.
Adjusted pf.conf(5) to allow non-numerical port specifications in line with other rules and added an error message regarding ranges without start values.
Fixed compilation of amd64 kernel when optimization is disabled.
Implemented -a ("archive" mode, synonymous with -RpP) for cp(1).
Adjusted fstat(1) to filter multiple pids and multiple users at the same time.
Switched i386 to use lld as the default linker.
Stopped accounting/updating priorities for idle threads, fixing an accounting bug where top(1) would report high CPU usage for idle threads of secondary CPUs right after booting.
Added a kernel fix for a potential panic when a negative value is used to index an array, validating in wscons(4) the user-supplied device index given to WSMXUIO_ADD_DEVICE.
Adjusted mpe(4) mpls rtable behaviour to match mpw(4), removing a special case in mpls_input. Reworked mpe_input to patch ipv4 checksum and handle ipv6.
Added 'uselease' statement to dhclient(8) to replace 'append,' 'default,' 'ignore,' 'prepend' and 'supersede' actions on lease-provided values.
Improved support for nmea(4) devices, providing altitude and ground speed values as sensors.
Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.
Made ssh-keyscan(1) return a non-zero exit status if it finds no keys.
Added a delay to fix pms(4) touchpad driver issue on ThinkPad X1 Gen6.
Tagged the start of witness(4) output with prefix "witness:" to allow easier data extraction.
Changed an abort(3) call to an _exit(2) in crypto(3) to guarantee termination of the running program without potentially leaving key material in core files.
Set ssh(1) to accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key, allowing pasting of fingerprints obtained through other means to have the client perform the comparison for you.
Forced progressmeter to update at the beginning and end of a transfer, fixing a bug where it wouldn't display on quick scp(1)/sftp(1) transfers.
Fixed a crash on long lines when switching to another file in vi(1).
Increased default datasize on arm64 to 768M to prepare for building clang 7.
Removed SHA224 and GOST-based signature algorithms from use in TLS 1.2.
Set route(8) to display the same flags in RTM_IFINFO messages as ifconfig(8).
Reworked mpw(4) to be an actual ethernet interface.
Removed support for obsolete "host/port" syntax in ssh(1). This is no longer commonly used and may be confused with CIDR notation.
Changed bridge(4) to only copy packets for span ports if the bridge is up.
Imported unwind(8), a hybrid validating stub and recursive resolver. It actively observes the local net to decide how best to resolve names.
Moved 802.11n rateset definitions out of MiRA to make them available to net80211 and drivers in general. Added short guard interval support.
Taught ldpd(8) to ask if a potential pseudowire interface is pwe3-capable.
Changed scp(1)/sftp(1) to sanitize scp filenames via snmprintf.
Allowed auto-incrementing of certificate serial number for certificates signed in a single command line for ssh-keygen(1).
Reworked how tcp(4) md5 signatures are configured in ldpd(8). Now configuration is allowed against a prefix in addition to a neighbour.
Added a specific panic to stop the kernel booting in case of an RPC error during NFS boot of a diskless(8) host.
Pledged video(1) in response to the newly-added promise.
Reordered PCI device assignment in vmd(8) to fix Linux network interface numbering. Previously, changing assigned disks would change the interface name under some Linux distributions.
IMPORTANT NOTE - if you have existing Linux guest VMs, you'll need to modify your configuration files on a one-time basis.
Increased maximum MTU of bnxt(4) to match the linux driver.
Provided SSL_get_client_ciphers() and SSL_get1_supported_ciphers() (part of the OpenSSL 1.1 API).
Added support to crypto(3) for xchacha20 and xchacha20-poly1305, extending the nonce range and allowing use of random nonces.
Modified syspatch not to return an error if a rollback is attempted when no patches have been installed.
Syspatch(8) now warns the user to reboot after installation of a new kernel and identifies the location of errata on the local machine.
Enables manual validity checking for constraints in the X.509 certificate in ntpd(8). This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.
AMD64 machines will now support 2TB of physical memory, extendable in the future.
Improved handling of CPUID[1].ECX[OSXSAVE] bit.
Adjusted bgpd(8) to use Adj-RIB-Out to push UPDATE messages to peers, improving memory usage.
Made handling of MSR_SMBASE and MSR_SMM_MONITOR_CTL more correct in vmm(4). These will now generategeneral protection fault as per spec.
Adjusted mac filters to allow viewing vlan traffic and arp requests on vlans in ixl(4).
Added refresh for arp(8) entries that are about to expire.
Added support in bgpd(8) and bgpctl(8) for group descriptions in control messages that accept a neighbor description.
Added support for ECDSA keys in PKCS#11 tokens.
Added a -T option to test whether ssh(1) keys in an agent are usable.
Imported xorgproto 2018.4.
Added support for a new kcov(4) trace mode called KCOV_MODE_TRACE_CMP to trace comparison instructions and switch statements, usable during fuzzing to generate even more coverage.
Set the shell to strip quotation marks from daemon_flags when starting a daemon with rc.d(8), making the details in pexp match what appears in the process list.
Restored correct display of treasure when snake runs over the money in snake(6). Adjusted cursor location during space warp and display of the pinball bonus.
Changed imsg header definitions to use standard types.
Added support for a "lsetstat@openssh.com" extension. This replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks.
Updated to exit syspatch(8) correctly after updating itself. Improvement to readability of patches to install on first boot.
For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where ospfd(8) and ospf6d(8) overwrite this information when "depend on" is used and the specified interface is down.
Added support for gpio(4) bus and improved card detection on Octeon systems.
Fixed an off-by-one error in pfkeyv2_sysctl_policydumper().
Improved support for Broadcom trackpad mouse ubcmtp(4) by validating interfaces and claiming them during *attach().
Validated interfaces for if_ral passed to *match().
Improved syslog(3) to support program names including "." and "_".
Updated xf86-video-ati to 18.1.0.
Set clang(1) to disable the correct performance options based on architecture. Clang now checks CPU architecture and not system architecture when setting protection flags.
Eliminated alloca(3) call from vioqcow2.c and replaced with malloc(3) to prevent known-location object placement by an attacker.
Implemented Event()/Signal()/Wait() AML operations for acpi(4).
Improved the "not my pool" searching loop in malloc(3) and made the number of pools variable. Optimization of multi-threaded case by adjusting default number of pools to 8.
Hacking on virtio(4), including defines, bug fixing and pci device list.
kern_time.c will not allow cancellation of ongoing adjtime(2) until after full permission checks.
Adjusted nc(1) to use memset(3) instead of bzero(3) for portability and POSIX compliance.
Improved portability of mandoc(1) to other operating systems. Improved html and css used for html generation.
Prevented radeondrm(4) from using aperture memory to overlap the framebuffer.
Improved ddb(4) readability by printing right-aligned hex values.
Fix for rcs(1) to allow correct lock resolution before expansion of keywords, so expansion can happen with the correct values and files don't show up as modified.
Added the ability for arm64 efiboot to boot from partitions other than "a".
Spleen font enabled in wsfont, along with font selection logic to allow selecting larger fonts when available at runtime in rasops(9).
Implemented an if_enqueue handler for vlan(4), bypassing the ifq handling for a performance improvement in particular configurations.
Disabled ret-protector and retpoline protections in the clang(1) compiler to regain build performance.
Adjusted httpd(8) to start when TLS is configured but keys and certificates are not yet present.
Fixed snmpd(8) child processes so they properly detach from the terminal.
Added the configuration option "fib-priority" to ospf6d(8) which allows setting a custom priority for routes ospf6d inserts into the kernel routing table.
Added the ability to pass sdmmc(4) the maximum segment size that a SD/MMC host controller can handle for DMA transfers.
Added the configuration option "fib-priority" to ospfd(8) which allows setting a custom priority for routes ospfd inserts into the kernel routing table.
Made bgpd(8) check to see if a control socket or address is in use before using it. If it is in use then abort startup or let a reload fail. Stopped sockets from being unlinked during a normal shutdown.
Changed vmd(8) so that when netbooting a vm using the "-B net" option vmd sets the hostname in the DHCP lease to the name of the vm. This makes for easier use of dedicated autoinstall response files for different vms.
Converted arithmetic(6) to use unsigned variables to avoid overflows.
Changed nc(1) to check for a range of ports only if the first argument is a digit. This removed the potential for confusing port ranges with hyphenated port names.
Added use of speed estimates to improve wscons(4) gesture detection.
Added a terminate imsg to stop long running commands in cases where bgpctl(8) exits before bgpd(8) finishes the work.
Added the new matching criteria "from rdns" to smtpd.conf(5) to allow matching of sessions based on the reverse DNS of the client.
Fixed a bug in wump(6) that caused nonsensical movement of the Wumpus.
Taught tcpdump(8) that LLDP has its own group address.
Folded ext-communities into filter_community so bgpd(8) can match multiple ext-communities at the same time. Adjusted bgpctl(8) to reflect this.
Fixed detection of MELTDOWN-proof Intel CPUs.
Added the ability to use a DUID to specify the root disk for octeon systems.
Modified the "-l" option of netstat(1) to show only the UDP sockets that can receive packets from any other host. (Sockets that are in a state similar to TCP sockets in the LISTEN state.)
Fixed tmux(1) parsing of empty colon-separated fields.
Changed wsmux(4) to return an error for ioctl(2) commands that are inappropriate when there are no child devices attached.
Made the freelist "best fit" code a little smarter so it will not use a block if half or more of the block would be wasted. This causes more effective re-use of blocks.
Made several improvements to mandoc(1) escape sequence handling and manual font selection.
Changed mg(1) to allow all non-ephemeral buffers to be toggled between writeable and read-only using "toggle-read-only-all".
Fixed printf statements of snmpctl(8) and snmpd(8) when they are compiled with -DDEBUG.
Added the ability to read from stdin using "-f -" to kdump(1).
Modified behavior of vmd(8) so the guest will stop or exit at the next reboot after "-B" is used to specify a specific boot device.
Fixed a bunch of cases where the dhcpd(8) "pf table handler" process did not exit during a number of failure conditions.
Made sure in iked(8) the prefixlen returned by mask2prefixlen6 is never bigger than 128 and that the daemon will exit when the mask is not contiguous.
Changed conversion of a netmask into a prefixlen to be more strict for eigrpd(8), ldpd(8), and snmpd(8).
Removed an ugly hack in the ssl(3) client certificate verification code that worked around broken GOST implementations.
Corrected ssh(1) calculation of initial bandwidth limits.
Modified rtwn(4) and urtwn(4) to handle 2 transmit chains in the computation of transmit power for the RTL8192UE.
Added support for "-" as an input file for stdin to sed(1), as specified by POSIX.
Added "-not" as a shell-friendly alias for "!" in find(1).
Added very experimental support for DNS over https (RFC 8484) to rebound(8)).
Introduced tx-mail and tx-rcpt report events for smtpd(8).
Made sure that when bgpd(8) is converting a netmask to prefixlen that it never returns a value bigger than 128.
Implemented a simple bgpd(8) ruleset optimizer that merges filter rules that differ only by filter sets.
Added a new "-B device" argument to vmctl(8) start to allow setting of the boot device. It allows kicking off an OpenBSD autoinstall by using 'vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img'.
Made it possible to define the bootdevice in vmd(8). If VMBOOTDEV_NET is used the internal dhcp server will pass "auto_install" as the boot file to the client and the boot loader will pass the MAC address of the first interface to the kernel to indicate PXE booting.
Implemented a time-based method for tracking motion states of touches in wscons(4).
Disabled pvclock(4) on old hardware that lacks a stable clock.
Stopped axen(4) from calling usbd_delay_ms() in an interrupt context.
Plugged a memory leak in host()'s error code path in bgpd(8).
Used the txprio setting to populate the tos in keepalive packets.
Added support for txprio settings on interfaces with ifconfig(8). This adds a txprio argument with a setting which can be changed to 'payload,' 'packet' or a number between 0 and 7.
Modified dhclient(8) to restart when an SSID change is noted in RTM_80211INFO, ensuring that the correct lease is discovered or renewed and the lease file is properly updated.
Added the new routing socket message RTM_80211INFO to provide details of 802.11 interface state changes and added support to route(8).
Added a mechanism for managing asyncronous IO signal registrations.
Set the hardmtu on ethernet encapsulated interfaces so the MTU can be raised above 1500.
Limited the number of interface units to the number of device minors, preventing the creation of tap(4) and tun(4) devices which can't be opened from userland because of the limit on the number of dev_t minor numbers.
Changed the proc message formatting API in smtpd(8) to accept NULL as a valid string.
Adjusted ripd(8) to accept 'interface ifX' without parameters.
Added implementation of the SM3 hashing function within crypto(3). The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China.
Added automatic threading initialization for crypto(3).
Fixed ssl(8) to free the server TLS transcript in case session reuse has failed.
Removed ethers(5) YP support from libc, allowing more effective use of pledge(2) in some programs.
Modified nc(1) to report to stderr in verbose mode when the listen system call has finished, allowing writing of race-free scripts as server status can be checked.
Cleaned up and simplified the ssl(8) handshake transcript code, providing a more readable API with code that uses a BUF_MEM instead of a BIO.
Fixed a case where if a server asked the client for a certificate that doesn't exist, a handshake transcript would be left behind in ssl(8).
Changed the default listen port for switchd(8) from 6633 to 6653, the IANA standardized OpenFlow port. When a listen port is not specified in switchd.conf(5), it will be randomized.
Used the original client border width to adjust initial placement of clients containing {P,US}Position requests where they are explicitly set to 'ignore' in cwmrc. This prevents unintentional client offset in cwm(1).
Fixed a problem associated with keeping default ribs alive and Adj-RIB-In/Out in bgpd(8). The RIB will only be recreated if the FIB distribution flags changed or the rtableid changed and there is a FIB.
Fixed clipping during float to integer conversions in aucat(1).
Fixed an error in tmux(1) by ensuring that a non-repeating key used when repeating be treated as an entirely new key press.
Tested TLS interoperability between LibreSSL and OpenSSL by implementing a simple SSL client and server in C, then creating four binaries by linking them with LibreSSL or OpenSSL to test API compatibility.
Defined TLS_CA_CERT_FILE rather than having every application create their own define for /etc/ssl/cert.pem.
Corrected unzooming and redrawing of panes in switch-client for tmux(1).
Adjusted ntpd(8) to be stricter with TLS configuration.
Updated the opensslfeatures.h to include all of the OPENSSL_NO_* flags that exist in ssl(8). Defined OPENSSL_NO_ASYNC, as libcrypto does not have built-in async features.
Fixed an error introduced to tcp(4) that broke setting of a fixed socket send buffer size due to out-of-sync algorithms.
Introduced a real Adj-RIB-Out to bgpd(8) and removed the update_rib introduced before 6.4.
Added a pledge(2) to ripe and rde in ripd(8) and used unveil(2) to remove file system access for the parent process.
Changed dhclient(1) to log "LLADDR changed" and "restarting" when LLADDR is modified and the restart is actually executed, no longer saying 'restarting' twice.
Adjusted smtpd(8) to apply filter rules only to filtered interfaces.
Explicitly disabled xdm-authorization-1 support in X(7) server.
Changed dhclient(8) to ignore incoming packets and routing socket messages and to cancel any pending protocol timeout when reacting to SIGHUP.
Modified top(1) to accept numeric user IDs, making 'top -U 0' and 'u-1000' work.
Modified getent(1) to prefer user names over numeric user IDs.
Disabled setuid on Xserver(1) in response to recent disclosure of vulnerabilities.
Fixed calculation of ASPATH_HEADER_SIZE by using offsetof() instead of the sizeof calculation in bgpd(8).
Disabled -logfile and -modulepath when running Xserver(1) with elevated privileges, as these could cause arbitrary overwriting of files (CVE-2018-14665).
Fixed a kernel resource leak in doaccept().
Added a 'terminal' colour which can be used instead of 'default' in style options for tmux(1).
Fixed bgplg(8) show ip bgp out/in, updated usage message and added missing neighbor argument. Added 'show ip bgp ovs' and 'show ip bgp ext-community' commands.
Switched alpha to futex(2)-based condvars, mutexes and semaphores.
Added missing unveil(2) of /etc/shells to su(1) for -m option.
Backported llvm's libunwind hardware floating point handling and added quad-precision floating-point support routines for mips64.
Enabled the integrated llvm assembler on mips64.
Adjusted CPU identification in amd64 to take the 'package' into account when calculating the 'smt' ID on modern AMD CPUs to avoid knocking out too many processor threads.
Added vmctl(8) support for creating and converting disk images from existing images.
Fixed slowcgi(8) calculation of the file descriptor limit before accepting a new connection. This prevents a failure when slowcgi is close to the file descriptor limit.
Changed ssh-keygen(1) to include the signing algorithm used by the CA when printing certificate contents.
Removed potential for a spurious end-of-RIB being sent by bgpd(8).
Corrected wrong results produced by join(1) during full and outer join operations.
Added support for windows larger than are visible on the attached client to tmux(1).
Adjusted time scheduler statistics so time spent spinning in interrupts is no longer accounted for within the system time of a process.
Fixed regression in pf(4) that caused quick on anchor rules to be ignored.
Adjusted bitmap tables and output routines of banner(6).
Added a linker script to assist lld with building biosboot(8).
Added traffic class of ipv6 headers to gre(4) encapsulation.
Addressed crashes when checking for duplicate user(8) entries.
Used the up_rib tree to withdraw all prefixes of a peer which is used to reload peers into a new RIB in bgpd(8). Removes one additional full RIB tree walker.
Rate-limited the interval over which a VM can reboot, preventing VM reboot loops in vmd(8). Three VM restarts less than six seconds apart are assumed to be unintentional, and the VM is stopped.
Made httpd(8) omit HSTS headers for unencrypted connections per RFC 6797.