This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
Changes made between OpenBSD 6.9 and -current
- Fixed a read buffer overrun in X509_CERT_AUX_print(3).
- Switched iwm(4) to newer firmware images available in iwm-firmware-20210512. This provides FragAttacks fixes for the updated devices.
- Avoided a potential buffer overflow in backslash escaping in awk(1).
- Reverted drm_mm to the 5.7.y version to prevent X startup failures on laptops with raven ridge and picasso apus using amdgpu.
- Updated drm(4) to linux 5.10.47.
- Fixed iwx(4) against access points using TKIP as the group cipher.
- Introduced CPU_IS_RUNNING() and used it in scheduler-related code to prevent waiting on non-running CPUs.
- Disallowed the use of an empty list between "while" and "do" in ksh(1).
- Updated libdrm to 2.4.107.
- Allowed spaces to appear in usernames for scp(1) local to remote and scp -3 remote to remote copies.
- Displayed provider ID for a umb(4) SIM in ifconfig(8).
- Fixed a crash in mandoc(1) when an input file contains tbl(7) or eqn(7) input unsupported by -T man(1) output mode.
- Updated libz to zlib 1.2.11.
- Prevented athn(4) from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
- Implemented various fixes addressing firmware errors in iwm(4) and iwx(4).
- Added SMP support to risc64.
- Defaulted to attempting RRDP first in rpki-client(8) -r.
- Added rktcphy(4), a driver for the Type-C PHY controller found on the Rockchip RK3399.
- Expanded info callback support for TLSv1.3.
- Made tcpdump(8) split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
- Made anonymous object reference counting independent from the KERNEL_LOCK().
- Enabled dt(4) on sparc64.
- Added btrace(8) display of time spent in userland when analyzing the kernel stack in the flame graph tool and fixed a parsing bug.
- Implemented 64-bit DMA mode in cad(4).
- Added riscv64 drm(4) support.
- Corrected a potential memory leak associated with pfsync(4) update requests.
- Added basic radeondrm/X support for riscv64 and supported xf86-video-radeon and xf86-video-amdgpu drivers.
- Allowed (w)hole disk allocation for GPT disks in arm64, using fdisk(8) -A when an Apple APFS ISC partition is detected and fdisk -ig otherwise. Created EFI SYS boot partitions only on ROOTDISK GPT disks.
- Added titmp(4), a driver for the TI TMP451 temperature sensor.
- Introduced locks around the global pf(4) state list.
- Ensured the values for fdisk(8) -b and -l are treated as 512-byte block counts.
- Fixed node leaks in iwm(4) and iwx(4) which caused the drivers to get stuck when roaming between access points.
- Added vmd(8) support for variable length vionet rx descriptor chains.
- Added an fdisk(8) -A option to initialize a GPT without removing special boot partitions.
- Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in snmpd(8). Changed default authentication to SHA-256 and privacy protocol to AES in snmpd(8) and snmp(1).
- Made fdisk(8) available to architectures other than amd64 and i386 and extended the syntax to allow specification of the boot partition type and offset.
- Stopped attempting to install a default route with route(8) in netstart(8) if using inet autoconf.
- Increased the setitimer(2) timer limit to UINT_MAX seconds.
- Introduced sfclock(4), a driver for the SiFive Power Reset Clocking Interrupt (PRCI).
- Introduced sfcc(4), a driver for the SiFive level two cache controller.
- Introduced plic(4), a driver for the RISC-V Platform-Level Interrupt Controller.
- Implemented enhanced route refresh (RFC 7313) in bgpd(8).
- Added simple BGP enhanced route refresh message decoding to tcpdump(8).
- Fixed an iked(8) bug where no flows are added if a single address is configured in the config address instead of a pool.
- Added Broadcom BCM5725 to brgphy(4).
- Implemented classless static routes dhcp option in dhcpleased(8).
- Fixed a panic due to pfsync(4) deferral timeout handling.
- Fixed an issue preventing applications from selecting the non-ALTIVEC code path on macppc.
- Enabled nvme on riscv64.
- Introduced sfuart(4), a driver for the SiFive UART, and added support for it as a console.
- Added the ability for fdisk(8) to recognize "HiFive! FSBL" and "HiFive! BBL" GPT partitions.
- Enabled dwpcie(4) on riscv64 and added support for the PCIe host bridge found on the SiFive FU740 SoC.
- Made fdisk(8) always create an EFI SYS partition if the -b option is specified when initializing a GPT.
- Limited the workaround for AMD errata 400 ("APIC Timer Interrupt Does Not Occur in Processor C-States")to family 0fh and 10h.
- Serialized the internals of kqueue(2) with a mutex.
- Ensured a USB mouse will attach if otherwise qualified even if the usage report does not include X and Y usages.
- Prevented interleaved stack traces in ddb(4) from multiple CPUs.
- Added -F for tmux(1) command-prompt and used it to fix "Rename" on the window menu.
- Added different tmux(1) command histories for different types of prompts.
- Fixed tmux(1) problems with xterm in VT340 mode.
- Added an "always" value to the extended-keys option to always forward those keys to applications inside tmux(1).
- Added the Spleen 12x24 and 16x32 font on amd64's RAMDISK_CD and RAMDISK kernels.
- Prevented a hang in sshd(8) when interrupted.
- Enabled MSI-X support for powerpc64.
- Added libexecinfo, a library providing backtrace functions.
- Stopped fatal error in amdgpu(4) on failing to map visible VRAM.
- Prevented stack overflow in vmd(8) due to large dhcp packets on local interfaces.
- Ensured (W)hole disk partitioning cannot be used if an "APFS ISC" is found on the disk, required for Apple M1 machines to boot.
- Used installboot(8) on arm64 ramdisks.
- Matched host certificates against host public keys in sshd(8), allowing use of certificates with private keys held in an ssh-agent.
- Released OpenBGPD 7.0.
- Unlocked connect(2).
- Prevented a race condition which could result in sshd(8) not shutting down until the next time it receives a new connection.
- Allowed ssh_config(5) SetEnv to override $TERM.
- Disabled PPGTT on Intel machines with cherryview/braswell graphics to avoid memory corruption.
- Implemented multicast support in mvpp(4).
- Adjusted density for partitions on a 4k disk in newfs(8) when fragsize and density are not passed on the command line to ensure sufficient inodes to hold a src tree on a 2G fs.
- Relaxed media length checking to allow EFT GPT partitions to be smaller than the full disk.
- Added GPT support to armv7 installboot(8).
- Added arm64 support for booting from disks with 4k sectors.
- Allowed locking of a randomly assigned lladdr in vmd(8).
- Enabled pool cache on knote(9) pool.
- Unlocked setrtable(2).
- Added RTLD_NODELETE support.
- Introduced per-CPU panic(9) message buffers.
- Prevented crashes on amd64 when TLB entries which should have been invalidated were used.
- Fixed iwx(4) firmware reloading after a failure to parse the firmware file.
- Attached unsupported video devices to uvideo(4) but not video(1), rather than leaving it unmatched.
- Added a -R flag to usbhidctl(1) to dump the raw report descriptor bytes.
- Fixed a problem in iked(8) where no flows are loaded when a single config address without pool is configured.
- Avoided "mac clock not ready" panics in iwm(4) and iwx(4).
- Added hid_get_report_desc_data() to usbhid(3) to access raw report descriptor data.
- Fixed overlap check in disklabel(1) autoalloc code.
- Added initial arm64 support for installing on a disk with a GPT.
- Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to iked(8) as sntrup761x25519.
- Added cad(4), a driver for Cadence GEM.
- Prevented watchdog resets on some i.MX 64-bit machines with a recent U-Boot and watchdog enabled on boot in imxdog(8).
- Added aplns(4) to provide support for Apple NVME storage as found in Apple M1 devices.
- Relaxed criteria for recognizing GPT formatted media, allowing GPT disk images added with dd(1) onto larger physical media to be recognized by fdisk(8) and the kernel.
- Improved bgpd(8) graceful restart capability handling.
- Added aplspmi(4), a driver for the Apple SPMI controller.
- Added aplpmu(4), a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
- Updated libexpat to 2.4.1.
- Fixed futex(2) errno handling to match what Mesa expects and prevent failure to properly report timeouts.
- Used so_lock to protect key management (PF_KEY) sockets.
- Added support for pf(4) divert-to on tpmr(4) and veb(4).
- Fixed a segmentation violation in ssh(1) in an UpdateHostKezs debug() message when the update removed more host keys than remain present.
- Created audio devices for armv7.
- Added apldwusb(4), a glue driver for the Synopsys DesignWare USB 3 controllers found on the Apple M1 SoC.
- Added apldart(4) support for a DART with two sets of registers, needed to support the Synopsis DesignWare USB 3 controller.
- Skipped inspecting non-udp packets on local interfaces for vmd(8).
- Added TLS options cafile=(path), nosni, noverify and servername=(name) to smtp(1).
- Fixed overflows when reading multiple bytes from AML over an i2c bus in acpi(4).
- Allowed specification of TLS ciphers and protocols in smtp(1).
- Added a meta viewport element to the HTML output for mandoc(1) -Thtml.
- Fixed __ppc_lock for page faults that recursively grab the lock on powerpc.
- Added PCI support to riscv64.
- Increased the maximum data size on powerpc64 to 32GB.
- Fixed a kernel crash in tty(4).
- Disabled global page table mappings when using PCID to prevent crashes when not flushed from TLB.
- Fixed ssh(1) to restore file descriptors to non-blocking mode on exit.
- Prevented guest virtio drivers from causing stack and buffer overflows in vmd(8).
- Fixed uaudio(4) on certain machines such as the RPI4 by adding a pre-DMA-write barrier after data is stored to memory.
- Dropped fragmented 802.11 frames.
- Fixed a race condition in vmm(4) relating to incorrect physical cpu tracking.
- Fixed state key reference underflow when both state keys are identical in pf(4).
- Made additional free inodes on luna88k bsd.rd by specifying density=4096.
- Increased the default buffer space on PF_UNIX sockets to 8k and made the values tuneable via sysctl(2).
- Limited the number of concurrent RTR connects to 32 in bgpd(8).
- Prevented httpd(8) from trying to chunk encode an empty http body coming from an fcgi upstream.
- Prevented frame injection via forged 802.11n A-MSDUs.
- Updated en_US.UTF-8.src to Unicode 13.0.
- Implemented the tbl(7) layout modifiers "b" (bold) and "i" (italic) in mandoc(1) HTML output mode.
- Added pledge(8) for ftpd(8) user processes.
- Fixed IPsec(4) NAT-T to work with pipex(4).
- Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified.
- Allowed router solicitations from the unspecified address (::) in rad(8).
- Updated libexpat to 2.3.0.
- Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
- Limited the printf(1) \x escape sequence to two characters.
- Added support for RTL8168FP/RTL8111FP/RTL8117 to re(4).
- Added an 'expires' column to CSV & JSON output of rpki-client(8).
- Unlocked lseek(2).
- Unlocked the top part of the fault handler.
- Fixed hangs on riskv64 by replacing timer(4) with code based on the powerpc64 implementation of the randomized statclock code.
- Added support to binutils for riscv64.
- Prevented base pkg tools from looking under /usr/local in general.
- Tweaked net80211 RA heuristics to avoid picking Tx rate choices that may be too optimistic.
- Added 802.11n Tx aggregation support to iwm(4).
- Worked around a problem with certain athn(4) hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
- Disabled base-gcc on amd64.
- Retired OpenBSD/sgi platform.
- Changed int_TS_RESP_verify_token to avoid a double free.
- Made kernel stop all threads when terminating via pledge_fail().
- Made iwn(4), iwm(4) and iwx(4) keep track of beacon parameters at run-time.
- Used relative reference URIs in Location header on directory redirects in httpd(8), adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
- Imported libc++ and libc++abi 11.1.0 releases.
- Imported LLVM 11.1.0 release including clang, lld, and lldb.
- Enabled dt(4) for GENERIC kernels on amd64, arm64, i386, and powerpc64.
- Fixed vmctl(8) client "wait" state corruption in vmd(8) when a wait is canceled and restarted, allowing multiple waiting clients.
- Implemented support for Rx aggregation offload in iwm(4) and iwx(4) and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
- Fixed an issue on machines where the EFI memory map has more than 64 entries.
- Added gfrtc(4), a driver for the real-time clock interface of Google's Goldfish Android virtual hardware platform, used for the RTC on qemu-system-riscv64 -M virt.
- Only skipped pf(4) once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
- Imported initial OpenBSD/riscv64 port.
- Changed error reporting for bwfm(4) to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
- Added protections against guests with bad virtio drivers to vmd(8)
- Made kqueue(2) timer re-addition reset an existing timer to use the new timeout period.
- Changed cwm(1) maximization and full-screen mode toggling to keep the cursor within the window, preventing focus loss.
- Cleaned up TLS v1.2 certificate request handshake data. This fixed a bug where decoding was broken when the number of certificate types exceeded SSL3_CT_NUMBER.
- Fixed __builtin_bitreverse32 on 32-bit powerpc, needed to build clang-11.
- Added indication of whether an mg(1) function is unsuitable for a startup file.
- Added keep-alive support to the rpki-client(8) HTTP module.
- Added "dired-jump" command to mg(1) to open a dired buffer containing the current buffer's directory location.
- Enabled all Thinkpad X1 Extreme 1 speakers and atmos dolby in azalia(4).
- Corrected multicast decryption for iwx(4).
- Moved to 6.9-current.