This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Made fw_update(8) download firmware to LOCALSRC when using filenames.
Made deroff(1) use a dynamically-allocated line buffer and resize as needed, fixing a buffer overflow for lines over 2048 bytes.
Used existing 'audio_lock' mutex(9) to make 'midi{read,write}_filtops' MP safe.
Had wg(4) copy the priority from the inner packet to the outer encrypted packet, so that higher priority packets are picked from hfsc queues for earlier transmission.
Disambiguated vmd(8) log messages per vm and device. Fixed updating log settings dynamically via vmctl(8). The "vmm" process now updates its own state properly, so settings survive vm reboots.
Improved the output of ddb(4) "show proc" command and added "/t" as an argument that can be used to specify a proc by TID instead of address.
Disabled utf-8 for non-multibyte locales in awk(1), making it possible to get the old awk behavior (where chars are bytes) by setting LC_CTYPE to C or POSIX.
Moved to 7.4-beta.
Updated awk(1) to the Sep 12, 2023 version, corresponding to the 2nd edition of "The AWK Programming Language" and adding support for UTF-8 and comma-separated value inputs.
Allowed counters_read(9) to take an optional scratch buffer, allowing the ddb(4) show uvmexp command to work in OOM situations.
Added tmux(1) source-file -t option to specify a target pane.
Used zero-copy approach and vectored io in vmd(8)/vioblk(4), reducing memcpy and multiple read/write syscalls per io transaction.
Implemented tuples in btrace(8), allowing export of per-CPU scheduling data.
Prevented unwind(8) entering a loop due to constant ENOBUF receipt.
Load amd patch into a malloc'd region to make it page aligned, avoiding a General-Protection Exception on patch loader wrmsr with A10-5700, TN-A1 00610f01 15-10-01.
Updated awk(1) to the Dec 15, 2022 version: Force hex escapes in strings to be no more than two characters, as they already are in regular expressions.
Added a request or response declaration feature used through the radiusd(8) module interface, allowing additional modules to modify RADIUS request or response messages.
Fixed scp(1) in SFTP mode recursive upload and download of directories that contain symlinks to other directories.
Treat consecutive paragraph indicators as different paragraphs in vi(1).
Allowed override of Subsystem directives in sshd(8) Match blocks.
Converted exclusive to shared net lock for ip_send() and ip6_send().
Reduced latency in vcpu work related to i/o by removing an ioctl(2) from the vcpu thread hotpath in vmd(8).
Switched the APMI CPUID mask to an include mask in vmm(4).
Fixed a problem with em(4) where the I217-LM would fail to receive packets for some of the programmed multicast addresses.
Fixed netstat(1) output of uses of current SYN cache left.
Made ssh-keygen(1) generate Ed25519 keys when invoked without arguments.
Set interactive mode for ssh(1) ControlPersist sessions if they originally requested a tty, enabling keystroke timing obfuscation for most ControlPersist sessions.
Allowed UDP for built-in inetd(8) services on 127.0.0.1.
Replaced perl's use of syscall(2) with a dispatcher to libc, removing the ability to do direct syscalls from perl.
Added tmux(1) Setulc1 for setting underline color for ANSI or 256 colors.
Used a hardware-based number of KDF rounds by default for passphrases in bioctl(8) using [-r auto].
Prevented a crash of iwm(4) when aircrack-ng attempts to inject frames via bpf in monitor mode.
Prevented virtio block device stalls due to race conditions with the i8259 in vmd(8).
Added tmux(1) detach-on-destroy "previous" and "next" argumennts to switch the client to the previous or next session in alphabetical order.
Corrected a bug where fw_update(8) exiting unexpectedly would mean the package database never unlocked.
Improved feedback from fw_update(8) by using a spinner to show status rather than printing only at the end.
Preempt a running proc even if there is no other process/thread queued on that CPU's runqueue. Should fix a problem where RLIMIT_CPU is unreliable on idle systems.
Fixed iwx(4) scan command such that the driver selects an SSID during bgscan, a possible fix for fatal firmware error 0x20002806.
Added -c to tmux(1) run-shell to set working directory.
Separated cpu_initclocks() from cpu_startclock() on all platforms, allowing the primary CPU an opportunity to perform clock interrupt preparation in a machine-independent manner.
Made alpha stop running an independent schedclock() and removed the scaffolding. All platforms now call schedclock() from statclock() at an effective schedhz of ~12.5.
Ensured the installer continues until passphrase is confirmed correctly with bioctl(8) rather than bailing out after three failed attempts.
Made bioctl(8) allow retry of passphrase on mismatch by default, like passwd(1).
Added the kqueue1() system call, adapted from NetBSD, identical to kqueue() except that the close-on-exec flag on the new file descriptor is determined by the O_CLOEXEC flag in the flags argument.
Check for and disable powerpc64 cores that fail to start.
Made bioctl(8) -s read passphrases without prompts or confirmation.
Replaced uvm_meter() with update_loadav() for calculating the loadavg, using a simple timeout instead of being called via schedcpu().
Fixed the radiusd(8) config parser to allow comment lines within the "client" block and improve error messages.
Added tmux(1) session, pane and user mouse range types for the status line and add format variables for mouse_status_line and mouse_status_range so they can be associated with different commands in the key bindings.
Removed per-AFI ASPA handling in bgpd(8) internals but continued to allow the old syntax in aspa-set tables.
Dropped MSDOSFS from i386 floppy.
Pledgedldd(1) "stdio rpath proc exec prot_exec", dropping either "proc" or "prot_exec" at the dlopen(3) vs. execve(2) split.
Added tmux(1) option menu-selected-style to configure the currently selected menu item.
Extended scheduler tracepoints to follow CPU jumping.
Avoided issuing syscalls on a file descriptor invalidated following a socket error condition in nc(1).
Improved pckbd(4) attachment to Chromebook keyboards.
Improved uwacom(4) support for Intuos S and One S tablets.
Prevented ihidev(4) power down if the device is already opened, for cases such as an ikbd(4) attaching to become the console keyboard, then userland opening it only once as an input device so it remains unusable after powering down.
Added iked(8) support for route-based sec(4) tunnels.
Prevented potential reuse of softraid CRYPTO volumes when installing.
Allowed libpcap to read files with additional link-layer type values, providing translation between DLT_* and LINKTYPE_* values.
Added .VARIABLES to make(1) to list all the names of global variables that have been set.
Corrected display of ldomctl(8) 'status' to show zero utilization for stopped guests.
Added support for route-based ipsec vpn negotiation with sec(4) via isakmpd(8) to ipsecctl(8) and added "interface secX" for use instead of specifying tunnel/transport modes and traffic selectors.
Supported configuring interface SAs for route-based ipsec vpns to isakmpd(8) with use of "Interface NUMBER".
Allowed userland to install (and see) security associations for route-based ipsec vpns.
Introduced sec(4), providing point-to-point tunnel interfaces for IPv4 and IPv6 protected by the ipsec(4) Encapsulating Security Payload (ESP) protocol.
Started adding support for route-based ipsec vpns.
Added support for 8bpp X server on LUNA.
Applied ssh(1) ConnectTimeout to multiplexing local socket connections.
Made sshd_config(5) AuthorizedPrincipalsCommand and AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection address/port 4-tuple) as expansion sequences.
Increased default KDF work-factor for OpenSSH format private keys from 16 to 24.
Fixed inline vlan-tag handling of forwarded LRO packets from ix(4).
Made ssh(1) -f (fork after authentication) work properly in multiplexed cases (including ControlPersist).
Isolated profil(2) and GPROF from statclock() now that we have a machine-independent interface to the clock interrupt hardware.
Stopped building unused dhclient.
Made the built-in keyboard on the Tadpole UltraBook IIe work.
Added a check before setting DE_CFG bit 9 to ensure compatibility with hypervisors not allowing msr writes to that bit.
Fixed wscons(4) scan code value for the print screen key.
Prevented the kernel from accessing random memory after receiving some specially crafted DCS or CSI terminal escape sequences by limiting wscons(4) escape sequence argument count to usable bounds.
Set DE_CFG[9], a chickenbit which stops Zenbleed.
Corrected dmesg(8) display of pciprobe output after boot block changes on i386.
Introduced qcsdam(4), a driver for the PMIC Shared Direct Access Memory found on Qualcomm SoCs.
Allow cwm(1) to cycle through windows of the same window class as the active window, default key binding to M-grave, respectively Alt-Tilde, like with other window managers.
Capped the size of numbers we check for primality to 32k to block a DoS vector.
Assigned wsdisplay0 to the glass console always for i386 and amd64 RAMDISK and RAMDISK_CD.
Fixed skipping of white space after parsing the username in /etc/crontab to make it consistent with how lines without usernames are parsed.
Used "early 2" to attach aplpmgr(4) to make sure it attachs before other core drivers that need to enable power domains.
Implemented "early 2" locator for mainbus(4) and simplebus to make drivers attach even earlier.
Separated ssh-pkcs11-helpers for each p11 module in ssh(1) and implemented reference counting, fixing some bugs making PKCS11 keys unusable after they have been deleted.
Disallowed remote addition of FIDO/PKCS11 provider libraries to ssh-agent(1) by default.
Fixed tmux(1) hang by correcting visited flag when the last window list is rebuilt by renumbering windows.
Enabled LRO for TCP by default in the network drivers (currently supported by ix(4) and lo(4)). LRO can be turned off per-interface with ifconfig(8) -tcplro.
With the update of the sleep API, implemented the linux emulation of their wait API, schedule() and set_current_state() in a less hacky way, removing some possible race conditions in the wait API.
Put the tipd(4) USB Type-C power delivery controller into the "S5" state during suspend, preventing USB devices from consuming power.
Added support for configuration tags to ssh(1). Added an ssh_config(5) "Tag" directive and corresponding "Match tag" predicate.
Added a ssh_config(5) "match localnetwork" predicate which may be used to vary the effective client configuration based on network location.
Implemented Pointer Authentication Code support on AArch64.
Fixed use of qcow base images in vmd(8) to avoid device failure during startup post-exec when trying to receive device state from the parent vm process.
Used unveil(2) to restrict patch(1) to its current working directory.
Ensured dhcrelay6(8) does not ignore the AF_LINK entries of carp(4) interfaces.
Pulled validation into local prefix parser in vmd(8).
Checked rcctl(8) input before trying to disable a non-existing daemon to prevent parsing bogus characters.
Made use of the deep idle state available on Apple M1/M2 cores in the idle loop and for suspend, resulting in power savings particularly when running in a state with high clock frequency.
Adressed incomplete validation of ELF program headers in execve(2) which could lead to a panic in vmcmd_map_readvn() with a malformed binary/interpreter.
Prevented GPROF kernel crash during resume by disabling _mcount() across suspend/resume in sleep_state().
Worked around a use after free in httpd(8) due to a malformed HTTP request when httpd is in fastcgi mode.
Prevented a session reset in bgpd(8) due to parser failure.
Used ssize_t instead of short for line lengths to lessen chance of underflow and segfault in patch(1) with excessive line length.
Reworked sleep_setup()/sleep_finish() to no longer hold the scheduler lock between calls.
Allow unveiled programs to dump core by passing BYPASSUNVEIL just for this vnode.
Prevented pax(1) from attempting to open a file when creating an archive file even if the file will be skipped due to a -s replacement with the empty string.
Enabled Indirect Branch Tracking for amd64 userland, using XSAVES/XRSTORS to save/restore the state and enabling it at exec-time (and for signal handling) if the PS_NOBTCFI flag isn"t set.
Added PS_NOBTCFI, a per-process flag indicating that Branch Target Control Flow Integrity has beendisabled for the process, to be used by the amd64 code.
Used mtx_init() to initialize stack-based mutexes, ensuring the mutex' lock_object has static storage duration.
Cleared knote(9)s when finishing wseventvar in wscons(4) to prevent a kernel crash.
Taught BFD tools how to handle NOBTCFI.
Converted tcp_now() time counter to 64 bit.
Registered a mapping of dwge(4) interfaces to ofw nodes/phandles.
Removed special cases for IBT/BTI introduced during development.
Added pfsync(4) specific locks, introduced pfsync support to partition states into independently-running slices, and made pf(4) state purges mpsafe.
Handled dwge(4) fixed-link configuration in the device tree.
Fixed boot of OpenBSD using Hyper-V on Windows 11.
Fixed error in the MSI-X interrupt establish loop for virtio(4) which could lead to fallback to shared IRQs.
Made softdep mounts a no-op.
Added iwm(4)/iwx(4) background scan task to the queue from which it will be deleted, ensuring proper cancellation during driver state transition.
Drop kernel lock before panic to avoid WITNESS report during fault on amd64.
Implemented support for the GPIOs on the JH7110, making it possible to reboot the VisionFive 2.
Restored (R)esize functionality to sparc64 disklabel(8).
Limited the number of transactions/tickets pf(4)'s pf_open_trans() can issue for each clone of /dev/pf to 512, avoiding use of all kernel memory by asking DIOCGETRULES for more tickets.
Fixed IPv6 forward counters and icmp6 redirect when TSO is enabled.
Fixed CVE-2023-3128: X servers could return values from XQueryExtension allowing Xlib to write out-of-bounds entries.
Added missing kernel lock around (*if_ioctl)().
Moved nd6_ifdetach() out of netlock.
Provided and optimized various quad word primitives, providing performance gain across most BN operations on aaarch64.
Prevented printing the last value twice in seq(1).
Added content-encoding compression support to rpki-client(8).
Implemented arm64 support for pointer authentication (PAC) in userland, making it possible to "sign" pointers with a hidden key and provide "tail CFI" similar to what retguard provides. (Disabled for x13s).
Introduced qcpas(4), a driver for the Peripheral Authentication Service found on Qualcomm SoCs.
Made the tlsv1.0 and tlsv1.1 options in relayd(8) do nothing in preparation for removal of these protocols.
Stopped calculating IP, TCP and UDP checksums on loopback interface.
Removed net lock from pf(4) ioctls DIOC{S,G}ETLIMIT.
Added both udp and tcp for https (HTTP/3 over QUIC) to /etc/services.
Ensured forced update of internal key for EVP_PKEY after modification, to handle fallout in several applications following a behavioral change in OpenSSL.
Fixed sshd_config(5) AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears previously in configuration.
Forced comport initialization for certain classes of device, preventing hang or reboot when com@acpi devices fail the comprobe1() check.
Introduced qcaoss(4), a driver for the Always On Subsystem found on Qualcomm SoCs.
Added IBT support to retpoline PLTs for X86_64, providing IBT support by default.
Fixed TSO for traffic to a local address on a physical interface.
Made ypldap(8) continue trying LDAP servers until full results are received.
Fixed booting from disks >8G on systems where the BIOS uses CHS.
Updated to freetype 2.13.0.
Prevented a self-deadlock of vmmaplk in uvm_map(9).
Introduced separate capabilities for TCP offloading, split into LRO (large receive offloading) and TSO (TCP segmentation offloading). LRO can be toggled via the ifconfig(8) tcprecvoffload option. (2023/06/07: Renamed "tcplro").
Implemented the TCP/IP layer for hardware TCP segmentation offload.
Turned on pointer-authentication on arm64 by default, effectively enabling -mbranch-protection=standard on arm64.
Improved vnconfig(8) emulation of a disktab entry (-t), enabling installboot(8) to know the vnd device should be treated as a floppy disk.
Gave softnet threads unique names by suffixing softnet with their index.
Made disklabel(8) use the d_type value provided by the kernel when creating, editing or printing a disklabel in the absence of the "disktype" command line parameter.
Removed the kernel lock from IPv6 neighbor discovery.
Added axppmic(4) support to the arm64 RAMDISK to support ethernet on the OrangePi One Plus (Allwinner H6).
Added display of interface names in front of ifconfig(8) error messages.
Added a fallback to load the arm64 kernel from the EFI system partition if booting from a disk without a BSD disklabel.
Send an unsolicited neighbor advertisement to the all-routers multicast address when configuring a new address on an interface to speed IPv6 initial packet return.
Prevented bootloader attempts to write to read-only softraid on amd64, sparc64 and i386.
Enabled softraid(4) in the riscv64 ramdisk kernel, allowing disk crypto install.
Made dwqe(4) handle fixed-link configuration in the device tree.
Randomized the order of TLS extensions.
Taught the vmd(8)vmm(4) process how to exec, using execvp(3) to launch vm children with new address spaces and introducing use of unveil(2) into the vmm and vm processes.
Stopped setting ri->ri_bs in viogpu(4) to prevent a panic caused by rasops accessing its uninitialized content.
Introduced iosf(4), a driver for the Intel OnChip System Fabric.
Call pfkeyv2_sysctl_policydumper() with shared netlock.
Protected rtable_setsource() and rtable_getsource() with exclusive and shared netlock respectively.
Added a new PT_OPENBSD_NOBTCFI "segment type" to indicate that the kernel should not enforce branch target control flow integrity for a binary. Implemented support for PT_OPENBSD_NOBTCFI in lld(1), which can be set using the -z nobtcfi option.
Stopped advertising non-removable sdmmc(4) devices as removable to the scsi layer.
Added dwmshc(4) support for Designware Mobile Storage Host Controllers.
Added arm64 support for loading files from the EFI system partition.
Removed kernel lock from ifa_ifwithaddr() and ifa_ifwithdstaddr().
Mapped MSI-X in addition to MSI and INTx on xhci(4), as it is supported by the xHCI controller on Qemu, which will switch from shared INTx to device-specific MSI-X interrupts.
Fixed legacy interrupts on machines that use PNP0C0F PCI interrupt link devices in acpipci(4).
Call sysctl_ifnames(), sysctl_iflist() and sysctl_dumpentry() with shared netlock.
Added support for upstreamed AP806/CP110 bindings in mvtemp(4).
Made -mbranch-protection=bti the default on OpenBSD.
Introduced rkusbphy(4), a driver for the usb2phy on Rockchip SoCs.
Introduced rkiovd(4), a driver for the IO voltage domains on Rockchip SoCs.
Implemented regulator notifiers called when the voltage/current for a regulator is changed or when a regulator is initialized when it attaches for the first time.
Introduced ngbe(4), a driver for the WangXun WX1860 series Gigabit Ethernet device.
Significantly reduced ypldap(8) memory usage when updating larger directories.
Updated timezone data to include reversion of DST change in Lebanon.
Introduced a bgpd(8) semaphore to protect intermediate state from different RTR sessions from leaking into the RDE.
Made mg(1) fall back to /bin/sh if $SHELL is undefined.
Implemented branch target protection using the branch target identification feature introduced in Armv8.5, providing "head-CFI" to complement retguard's "tail-CFI."
Added dmesg(8) display of arm64 BT and SBSS features.
Added a tmux(1) format to show if there are unseen changes while in a node.
Prevented write to clients attached to different sessions in tmux(1) passthrough.
Added tilde and environment variable expansion to ssh_config(5) RevokedHostKeys.
Added a check to scp(1) to ensure a local source file exists before opening an SFTP connection to a remote server.
