This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
Changes made between OpenBSD 6.9 and -current
- Avoided "mac clock not ready" panics in iwm(4) and iwx(4).
- Added hid_get_report_desc_data() to usbhid(3) to access raw report descriptor data.
- Fixed overlap check in disklabel(1) autoalloc code.
- Added initial arm64 support for installing on a disk with a GPT.
- Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to iked(8) as sntrup761x25519.
- Added cad(4), a driver for Cadence GEM.
- Prevented watchdog resets on some i.MX 64-bit machines with a recent U-Boot and watchdog enabled on boot in imxdog(8).
- Added aplns(4) to provide support for Apple NVME storage as found in Apple M1 devices.
- Relaxed criteria for recognizing GPT formatted media, allowing GPT disk images added with dd(1) onto larger physical media to be recognized by fdisk(8) and the kernel.
- Improved bgpd(8) graceful restart capability handling.
- Added aplspmi(4), a driver for the Apple SPMI controller.
- Added aplpmu(4), a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
- Updated libexpat to 2.4.1.
- Fixed futex(2) errno handling to match what Mesa expects and prevent failure to properly report timeouts.
- Used so_lock to protect key management (PF_KEY) sockets.
- Added support for pf(4) divert-to on tpmr(4) and veb(4).
- Fixed a segmentation violation in ssh(1) in an UpdateHostKezs debug() message when the update removed more host keys than remain present.
- Created audio devices for armv7.
- Added apldwusb(4), a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
- Added apldart(4) support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
- Skipped inspecting non-udp packets on local interfaces for vmd(8).
- Added TLS options cafile=(path), nosni, noverify and servername=(name) to smtp(1).
- Fixed overflows when reading multiple bytes from AML over an i2c bus in acpi(4).
- Allowed specification of TLS ciphers and protocols in smtp(1).
- Added a meta viewport element to the HTML output for mandoc(1) -Thtml.
- Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
- Added PCI support to riscv64.
- Increased the maximum data size on powerpc64 to 32GB.
- Fixed a kernel crash in tty(4).
- Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB.
- Fixed ssh(1) to restore file descriptors to non-blocking mode on exit.
- Prevented guest virtio drivers from causing stack and buffer overflows in vmd(8).
- Fixed uaudio(4) on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
- Dropped fragmented 802.11 frames.
- Fixed a race condition in vmm(4) relating to incorrect physical cpu tracking.
- Fixed state key reference underflow when both state keys are identical in pf(4).
- Made additional free inodes on luna88k bsd.rd by specifying density=4096.
- Increased the default buffer space on PF_UNIX sockets to 8k and made the values tuneable via sysctl(2).
- Limited the number of concurrent RTR connects to 32 in bgpd(8).
- Prevented httpd(8) from trying to chunk encode an empty http body coming from an fcgi upstream.
- Prevented frame injection via forged 802.11n A-MSDUs.
- Updated en_US.UTF-8.src to Unicode 13.0.
- Implemented the tbl(7) layout modifiers "b" (bold) and "i" (italic) in mandoc(1) HTML output mode.
- Added pledge(8) for ftpd(8) user processes.
- Fixed IPsec(4) NAT-T to work with pipex(4).
- Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified.
- Allowed router solicitations from the unspecified address (::) in rad(8).
- Updated libexpat to 2.3.0.
- Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
- Limited the printf(1) \x escape sequence to two characters.
- Added support for RTL8168FP/RTL8111FP/RTL8117 to re(4).
- Added an 'expires' column to CSV & JSON output of rpki-client(8).
- Unlocked lseek(2).
- Unlocked the top part of the fault handler.
- Fixed hangs on riskv64 by replacing timer(4) with code based on the powerpc64 implementation of the randomized statclock code.
- Added support to binutils for riscv64.
- Prevented base pkg tools from looking under /usr/local in general.
- Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
- Added 802.11n Tx aggregation support to iwm(4).
- Worked around a problem with certain athn(4) hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
- Disabled base-gcc on amd64.
- Retired OpenBSD/sgi platform.
- Changed int_TS_RESP_verify_token to avoid a double free.
- Made kernel stop all threads when terminating via pledge_fail().
- Made iwn(4), iwm(4) and iwx(4) keep track of beacon parameters at run-time.
- Used relative reference URIs in Location header on directory redirects in httpd(8), adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
- Imported libc++ and libc++abi 11.1.0 releases.
- Imported LLVM 11.1.0 release including clang, lld, and lldb.
- Enabled dt(4) for GENERIC kernels on amd64, arm64, i386, and powerpc64.
- Fixed vmctl(8) client "wait" state corruption in vmd(8) when a wait is canceled and restarted, allowing multiple waiting clients.
- Implemented support for Rx aggregation offload in iwm(4) and iwx(4) and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
- Fixed an issue on machines where the EFI memory map has more than 64 entries.
- Added gfrtc(4), a driver for the real-time clock interface of Google's Goldfish Android virtual hardware platform, used for the RTC on qemu-system-riscv64 -M virt.
- Only skipped pf(4) once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
- Imported initial OpenBSD/riscv64 port.
- Changed error reporting for bwfm(4) to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
- Added protections against guests with bad virtio drivers to vmd(8)
- Made kqueue(2) timer re-addition reset an existing timer to use the new timeout period.
- Changed cwm(1) maximization and full-screen mode toggling to keep the cursor within the window, preventing focus loss.
- Cleaned up TLS v1.2 certificate request handshake data. This fixed a bug where decoding was broken when the number of certificate types exceeded SSL3_CT_NUMBER.
- Fixed __builtin_bitreverse32 on 32-bit powerpc, needed to build clang-11.
- Added indication of whether an mg(1) function is unsuitable for a startup file.
- Added keep-alive support to the rpki-client(8) HTTP module.
- Added "dired-jump" command to mg(1) to open a dired buffer containing the current buffer's directory location.
- Enabled all Thinkpad X1 Extreme 1 speakers and atmos dolby in azalia(4).
- Corrected multicast decryption for iwx(4).
- Moved to 6.9-current.