OpenBSD
-current Changelog
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Changes made between OpenBSD 7.1 and -current
- Restrict pledge("vminfo") callers to read-only swapctl(2) operations.
- Set default sleep value of ico(1) to 10ms.
- Updated xcb-protos to version 1.15.2.
- Added handling for framebuffers where the first pixel isn't page-aligned to wsfb(4).
- Added support for using the power button to wake up from suspend to axppmic(4).
- Implemented support for framebuffers that don't start on a page boundary (like those on the new 14" and 16" Macbook Pro).
- Added the yp_connect(2) system call.
- Changed ypbind(8) to immediately reach out to learn the TCP port number for a remote ypserv(8) once we've learned the UDP port number and append the answer to the binding file.
- Updated xrefresh(1) to version 1.0.7.
- Updated xmessage(1) to version 1.0.6.
- Updated xmag(1) to version 1.0.7.
- Updated xkbutils(1) to version 1.0.5.
- Updated xev(1) to version 1.2.5.
- Updated xwud(1) to version 1.0.6.
- Updated xpr(1) to version 1.1.0.
- Updated xmodmap(1) to version 1.0.11.
- Updated xfontsel(1) to version 1.1.0.
- Updated xconsole(1) to version 1.0.8.
- Updated xclipboard(1) to version 1.1.4.
- Fixed an interrupt storm upon suspend on Amlogic arm64 boards.
- Added sxirintc(4), a driver for the "wake up" interrupt controller found on various Allwinner SoCs.
- Added the openssl(1) ciphers -s option to show only the ciphers supported by the specified SSL method.
- Implemented the fundamentals for suspend/resume on arm64.
- Implemented the Baillie-PSW primality test in crypto(3).
- Added an implementation of the integer square root using a variant of Newton's method with adaptive precision to crypto(3).
- Stopped building lldb(1) support libraries on arches where lldb is not installed.
- Added a method (ESC D) to enter ddb(4) on serial drivers that do not have a true BREAK mechanism.
- Bumped rpki-client(8) version to 7.9.
- Made the EFI bootloader provide the extra parameters necessary to use non-standard UARTs as console.
- Switched bootloaders to the extended BOOTARG_CONSDEV struct.
- Added send side RFC 7911 (ADD-PATH) support to bgpd(8).
- Added llvm-profdata(1) to base so that ports can benefit from profiled builds.
- Added anti-feline input protection to fdisk(8) by refusing to process input of excessive length.
- Added iked(8) support for sending certificate chains with intermediate CAs in multiple CERT payloads.
- Fixed a bug in cron(8) where it could exit silently if ppoll(2) exited. Now it will log to syslog(3) instead of stderr.
- Retired NexGen CPU identification code.
- Added support for hyperlinks with capture-pane -e and a mouse_hyperlink format to tmux(1).
- Updated capitals and countries in quiz(6).
- Got rid of mandoc(1) archaic table markup for header and footer lines in favor of flexbox CSS. Rendering now adapts to browser windows of arbitrary narrowness.
- Added xhci(4) support for the dual role controllers integrated on the Qualcomm Snapdragon 8cx gen 3 SoC.
- Improved accessibility of man.cgi(8).
- Bumped to LibreSSL 3.6.0.
- Made iked(8) ignore any CERT payload after the first rather than failing the exchange when more than one CERT payload is received.
- Updated to xorgproto version 2022.1.
- Updated to Xft(3) version 2.3.4.
- Updated to Xcursor(3) version 1.2.1.
- Made netstart(8) create virtual interfaces up front if specified on the command line.
- Implemented dig(1) support for SVCB and HTTPS record types.
- Made timeout(1) -s accept HUP like kill(1) and GNU timeout(1) do.
- Changed dhclient(8) to defer to dhcpleased(8) by doing execve ifconfig and providing syslog warnings about deprecated options.
- Made unix(4) domain sockets locking per-socket rather than coarse locking of the entire domain sockets layer.
- Fixed a bwfm(4) crash during USB detach.
- Added reference counting of vms and vcpus to vmm(4).
- Introduced a blocklist backend and keyword to snmpd(8) which deprecates filter-pf-addresses.
- Added ssl(3) checks to ensure we do not initiate or negotiate handshakes with versions below the minimum required by the security level.
- Updated to nsd(8) 4.6.0.
- Added tmux(1) support for OSC 8 hyperlinks.
- Fixed an off by one error in a vmd(8) vm memory range check.
- Added -m option to ts(1).
- Unlocked the pledge(2) system call.
- Added ts(1), a timestamp utility.
- Added support for using non-standard UARTs (such as the Synopsys DesignWare UART) as an early console.
- Added support for the Synopsys DesignWare UART found on the Ryzen Embedded V1000 SoCs to com(4).
- Ensured that uvm_swap_get() will always sleep rather than returning an error. Previously an error could be returned to the fault handler which would result in processes dying when a system was under a lot of memory pressure.
- Made the page daemon consider pmemrange regions when trying to free pages from the inactive list. Previously the page daemon could use a lot of CPU without freeing a page because the global limits were satisfied.
- Ensured progress in the swapper by pre-allocating pages in a DMA-reachable region.
- Ensure uvm_swap_io() can succeed, even in out of memory situations, by reserving a second segment for the page daemon.
- Added bgplgd(8), a fastcgi daemon that provides a REST JSON API to bgpctl(8).
- Fixed pf(4) syncookies during fast tcp port reuse.
- Altered installer behavior so the vlan(4) question won't be asked unless another network interface exists.
- Started allowing arguments to the sftp(1) -D option. (e.g. sftp -D "/usr/libexec/sftp-server -el debug3")
- Reworked the rttimer code to fix icmp_pmtu_timeout crashes.
- Introduced Large Receive Offloading of TCP segment offloading for ix(4). Also added a tso option to ifconfig(8) to enable and disable this feature.
- Unlocked kbind(2).
- Fixed a lock order reversal in nfs_inactive().
- Added support for RFC 9234 (Route Leak Prevention and Detection Using Roles) to bgpd(8).
- Allowed the pluart(4) baud rate to be changed.
- Added rpki-client(8) skiplist option.
- Fixed a panic triggered by ifconfig bnxt0 down by changing bnxt(4) devices to not run rx and tx interrupt handlers when the interface is not running.
- Fixed bwfm(4) ifconfig media display on devices with sta_info command version 3.
- Fixed missing interrupts for trackpads on some machines after resume by making sure amdgpio(4) restores pin configuration on resume.
- Implemented privilege separation in xlock(1).
- Added the --null flag to grep(1) which makes grep print an ASCII NUL byte after the file name to make the output unambiguous.
- Updated xsm(1) to version 1.0.5.
- Updated xlsfonts(1) to version 1.0.7.
- Updated xload(1) to version 1.1.4.
- Updated xedit(1) to version 1.2.3.
- Moved the wait for autoconf interfaces from rc(8) to netstart(8) to fix tunnel interfaces that depend on working autoconf interfaces.
- Updated xdpyinfo(1) to version 1.3.3.
- Updated xclock(1) to version 1.1.1.
- Updated xcalc(1) to version 1.1.1.
- Increased the disklabel(8) auto partitioner's maximum size for /usr to 30G.
- Updated xauth(1) to version 1.1.2.
- Updated setxkbmap(1) to version 1.3.3.
- Updated mkfontscale(1) to version 1.2.2.
- Updated listres(1) to version 1.0.5.
- Updated iceauth(1) to version 1.0.9.
- Updated editres(1) to version 1.0.8.
- Updated bitmap(1) to version 1.1.0.
- Updated appres(1) to version 1.0.6.
- Improved accessibility of mandoc(1) -T html -O toc output by using the <nav> element in the DPUB-ARIA doc-toc role.
- Fixed crypto(3) prime recognition when doing trial divisions.
- Fixed gzip byte counts with 32-bit integers.
- Fixed an issue where a device could show up 32 times by only probing device 0 on PCI busses corresponding to a PCIe root port or a PCIe switch/bridge downstream port.
- Bumped MAXCPUS to 256 on arm64.
- Ensured cursor remains on selected item on menu in tmux(1).
- Bumped bgpd(8) version to 7.4.
- Fixed a logic bug in pf_find_state() that could cause pf(4) to incorrectly block a packet.
- Added stftemp(4), a driver for the temperature sensor integrated on the StarFive JH7100 SoC.
- Fixed a missing kqueue(2) wakeup to fix a Go test hang.
- Implemented CPU_BUSY_CYCLE with the riscv64 ZiHintPause extension.
- Fixed bugs in the handling of tap inputs in wscons(4).
- Restored ETHERTYPE_NHRPA case to tcpdump(1).
- Added gpiorestart(4), a driver that resets a SoC/board/machine using a GPIO pin.
- Stopped refusing valid IPv6 addresses in -X connect SOCKS support of nc(1).
- Added the -b option to sysupgrade(8) to set an alternative base directory to which the installation files will be downloaded to.
- Added stfpinctrl(4), a driver for the pinctrl/gpio block found on the StarFive JH7100 SoC.
- Fixed a pf(4) NULL dereference panic triggered by relayd(8).
- Updated unbound to 1.16.0.
- Removed the unused uvm_km_valloc_prefer_wait(9) and uvm_km_free_wakeup(9) functions.
- Fixed rpki-client(8) path validation of AS numbers.
- Bumped pbuild's datasize-cur from 2G to 3G on i386.
- Added stfclock(4), a driver for the clock controller found on the StarFive JH7100 SoC.
- Imported libdrm 2.4.111.
- Matched groff behavior to allow arbitrary argument delimiters for \C in mandoc(1).
- Iterated the tied algorithm in pkg_add(1) to prevent O(n^2) behavior when packages contain several hundred copies of the same file.
- Added handling of 9k devices which do not support antenna B to iwm(4).
- Fixed multiple memory leaks in awk(1).
- Made SetEnv directives first-match-wins in both ssh_config(5) and sshd_config(5).
- Dropped DSA keys from the SSH keys generated by default by ssh-keygen -A.
- Allowed btrace(8) to execute the END probe upon receiving a SIGTERM signal.
- Changed dump(8) to not treat the first argument as a 4.3BSD option string if it contains a '/'.
- Ensured that when running sysupgrade(8) on -stable that it will move to the next release, not -current.
- Implemented and enabled IPv4, TCP, and UDP checksum offloading for igc(4).
- Enabled aq(4) on arm64.
- Implemented a rudimentary version of the roff(7)
\A
escape sequence for mandoc(1).
- Rewrote rpki-client(8) rsc.c using ASN.1 templates to implement the constrained versions of the RFC 3779 structures.
- Implemented
verify-required
certificate option in ssh-keygen(1).
- Implemented a
max-communities
filter match for bgpd.conf(5).
- Added sfgpio(4), a driver for the GPIO controller found on the SiFive FU740 SoC.
- Made grep(1) provide full context when using match count (
-m
).
- Added an ACL list for multiple users attaching to the tmux(1) socket.
- Made a first pass at providing kstats for mvneta(4) from the hardware counters.
- Limited locked memory to 64k.
- Fixed a crash in libpcap when it would walk off the end of the array performing frees.
- Made ssh(1) unconditionally call freezero(3) to guarantee that the password is removed from RAM even when sshpkt functions fail.
- Introduced a new daemon_execdir variable to rc.d(8) for changing to a specified directory before running rc_exec.
- Migrated tcpdump(8) printing of ASnumbers from the old asdot format to asplain format.
- Fixed non-transitive extended community handling in bgpd(8).
- Added RFC 9234 "BGP Role" support to tcpdump(8)
- Made mg(1) automatically delete trailing whitespace on RET in c-mode and auto-indent-mode.
- Stopped telling fdisk(8) that macppc HAS_MBR.
- Added support for the ehci(4) controller on marvell 3720 boards.
- Fixed a kernel panic in pf(4) if IP options with an ICMP payload were truncated. Such packets will now be dropped instead.
- Made xterm(1) use a much safer FD-passing idiom for updating utmp(5).
- Added kernel locking in nfsrv_rcv() because NFS subsystem is not MP-safe yet.
- Converted KVA allocation to kmalloc(9) on hppa, mips64, and sparc64.
- Repaired a FILE leak in resolvd(8).
- Replaced rc.d(8) $rcexec variable with an rc_exec function. This will require a mechanical change from
${rcexec}
to rc_exec
in rc.d scripts. Kept compatibility to give people a chance to fix their custom scripts.
- Fixed system(3) to ignore SIGINT and SIGQUIT until the shell exits.
- Made vmm(4) load the vmcs before reading vcpu registers. This fixes vmctl(8) send on Intel hosts using vmd(8).
- Changed the semantics of "hid_none" for hid_start_parse(3) to allow matching of all possible kinds of report IDs.
- Made mandoc(1)'s roff_expand() parse left-to-right rather than right-to-left.
- Fixed luna88k MULTIPROCESSOR kernels booting with CPU modules installed in arbitrary slots.
- Released LibreSSL 3.5.3.
- Boosted mvclock(4)'s priority such that it wins against syscon(4).
- Unlocked umask(2).
- Corrected veb(4) to avoid calling if_enqueue from an smr critical section.
- Added an additional vmm(4) fault type, fixing vm receive.
- Updated nsd(8) to upstream version 4.5.0.
- Corrected reorder_kernel to also handle redirecting stderr to logged output when $KERNEL_DIR.tgz exists.
- Arranged scp(1) so it won't ftruncate(2) files early when in sftp(1) mode.
- Added login.conf.d to mtree(8).
- Fixed iwx(4) setting of HT/VHT bits in rate flags of the Tx command that could cause a firmware panic.
- Added /etc/login.conf.d/* to changelist(5).
- Elminated a race condition in kqueue(2)'s knote_remove().
- Prevented use of "-u" when fdisk(8) is operating on GPT formatted disks.
- Made the CPU frequency scaling duration relative to the load when in automatic mode on battery.
- Fixed rwlock(9) implementation to be fair to writers. Previously, readers could grab the lock even if writers were waiting first.
- Aligned fdisk(8) logic with that used in the kernel to allow the protective EFI GPT partition to be in MBR partitions 0-3, not just 0.
- Added support for AX210/AX211 devices to iwx(4).
- Added preliminary support for decoding RSC objects in filemode to rpki-client(8).
- Allowed ssh-keygen(1) existing -U (use agent) flag to work with "-Y sign" operations.
- Fixed rebooting a received vm in vmd(8).
- Backported an upstream zlib fix for CRC calculation.
- Updated zlib to version 1.2.12.
- Fixed the watchdog in the installer so that the watchdog is reset after each download and each set installation.
- Added check to acme-client(1) to ensure the challenge token is turned into a filename that is base64url encoded.
- Added error handling to kbd(8) for when setting the keyboard encoding fails.
- Changed IN_EXPERIMENTAL (aka 240/4) to no longer be considered not forwardable.
- Introduced a mutex for ratecheck(9) and ppsratecheck(9).
- Imported the HDKF code from OpenSSL 1.1.1o into crypto(3).
- Bypassed rpki-client(8) timeout in file mode.
- Merged the UVM swap-backed and object-backed inactive page lists.
- Standardized memory units to bytes in vmm(4), vmctl(8), and vmd(8).
- Rate limited uvn_flush errors during pageout messages, preventing slowdown of system boot when a filesystem is full.
- Made pf(4) more paranoid about IGMP/MKP messages.
- Activated parallel IP forwarding, starting 4 softnet tasks but limiting the usage to the number of CPUs.
- Disabled bcmgenet DMA as part of hardware reset, preventing the hardware from ending up in a partially initialized state during netboot.
- Installed useful btrace(8) scripts in /usr/share/btrace.
- Prevented out-of-bounds array access with binaries that use unsupported relocations on amd64.
- Enabled running of IP input and forwarding with a shared netlock.
- Enabled pkg_add(1) caching by default.
- Updated libdrm to version 2.4.110.
- Altered sndiod(8) to wait until the buffer is drained before closing the device.
- Changed pf(4) handling of IGMP and ICMP6 MLD packets to allow multicast control packets to work by default.
- Introduced sio_flush(3) to stop playback immediately.
- Fixed a potential leak of an SK device in ssh(1).
- Fixed a memory leak on the session-bind path of ssh-agent(1).
- Protected the global lists with a mutex and moved rttimer entries into a temporary list to make route timers MP safe.
- Decoupled IP input and forwarding from protocol input to allow parallel IP processing while the upper layers are still not MP safe.
- Removed the ASN.1 decoder tag/length cache (TLC) from crypto(3).
- Added dt(4) tracepoints for vmm(4) vm exit reporting.
- Added cpu frequency sensors for each core on CPUs that have MPERF/APERF support.
- Reimplemented the page allocation code using bus_dma(9) APIs to make sure DMA addresses are translated properly on architectures with an IOMMU. This fixed amdgpu(4) and radeondrm(4) on powerpc, sparc64, and arm64 machines.
- Updated libX11 to version 1.7.5.
- Updated xterm(1) to version 372.
- Extended ksmn(4) to show CCD temperatures if available.
- Increased rx buffer size on uaq(4) to 62kB.
- Added missing uuid_dec_le() to init_fp() so fdisk(8) -A works on big-endian architectures.
- Updated vi(1) to apply expandtab to the output of a ! command.
- Protected arp(4), ND6, and pppoe(4) with the kernel lock so that IP forwarding can be run in parallel.
- Updated various wireless drivers to use memset(3) to initialize ieee80211_rxinfo struct properly.
- Prevented a crash in vi(1) when cursor key support is disabled.
- Introduced dedicated link entries for snapshots to pfsync(4).
- Repaired rge(4) hardware vlan tagging.
- Changed crypto(3) to avoid expensive RFC 3779 checks during certificate verification.
- Updated Mesa to version 21.3.8.
- Added concatenated JSON output to rpki-client(8) filemode.
- Made ssh(1) try to continue running local I/O for channels in OPEN state during transport rekeying to allow escapes to work in the client if the connection stalls during a rekey event.
- Made rpki-client(8) hard error when parse_filepath() is passed an unknown repository id.
- Restored vte(4) original MDC speed control register value on vte_reset, needed for Vortex86DX3 machines.
- Enabled kstat(4) and kstat(1).
- Fixed kbd(8) so it doesn't fail silently when executed by a regular user.
- Made device matching in iwx(4) more similar to linux iwlwifi.
- Allowed more than one CRL URI in certificates for rpki-client(8)
- Made use of the fact that repositories are unique objects in pkg_add(1) and annotated the quirks repository as cached, allowing for a large speed increase.
- Relaxed address availability check for multicast(4) binds so processes listening for the same multicast address do not need to be the same UID.
- Fixed witness lock issue found where pfsync(4) holds the mutex and an interrupt grabs the kernel lock.
- Updated afterboot(8) to direct the user to use binary packages.
- Changed to a simpler formula to calculate a default kern.maxthread value: 2*NPROCESS.
- Simplified machine command handling in ddb(4).
- Fixed openrsync(1) on sparc64 by eliminating a redundant second conversion of the int value from little to host endian.
- Extended rpki-client(8) -f filemode to decode and print TAL details.
- Changed compress(1) to print a more accurate message when -v is used with -k.
- Added missing arches (aarch64, mipsel64, powerpc64) to categories in sendbug(1).
- Fixed calculation of the width of spanned columns in mandoc(1).
- Fixed memory leak in ipmi(4) get_sdr on failure.
- Added support for more power sensors to ipmi(4).
- Added support for switching from glass console to serial console on arm64 systems that default to glass console.
- Allowed bsd.rd and bsd/bsd.mp to boot on Oracle Cloud amd64 instances.