This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Prevented the generation of corrupt OSPF Router (Type 1) LSAs in ospfd(8) and ospf6d(8).
Prevented a panic in m_copydata(9) in ip6_pullexthdr() due to an invalid or corrupted hop6 option.
Prevented a panic when a WPA2-enabled athn(4) hostap interface is reconfigured while the queue contains frames.
Correctly disabled reading with the private community when read-write is set to disabled in snmpd.conf(5).
Corrected handling of invalid ssh.com private keys using ssh-keygen(1) -i.
Prevented a tmux(1) crash when removing the automatic-rename option.
Prevented an occasional synchronization problem when playing youtube videos in chromium.
Added an expandtab option to vi(1) which expands tabs to spaces in insert mode and when shifting and indenting/outdenting, similiar to the expandtab option in vim.
Prevented a segfault by ensuring vmd(8) correctly terminates vm processes.
Configured abcrtc(4) to allow trickle charging of a connected battery or capacitor.
Added the ifconfig(8) 'nomimo' nwflag which disables MIMO in 11n mode, allowing working around packet loss in 11n mode if the wireless network device has unused antenna connectors.
Fixed an issue in smtpd(8) where usernames always expanded to the @ wildcard if defined in the virtual alias file.
Added tcpci(4), a driver supporting TCPCI-compliant USB Type-C port controllers.
Added dsxrtc(4), a driver for the Maxim DS3231/DS3232 I2C RTC.
Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15.
Increased the default number of audio devices to 4.
Added bcmgpio(4), a driver for the Broadcom BCM283x GPIO controller.
Added iked(8) support for switching rdomain on ipsec(4) encryption/decryption, configurable per policy with the new 'rdomain' option in iked.conf(5).
Added support for automatically moving traffic between rdomains on ipsec(4) encryption or decryption, reducing the attack surface for network sidechannel attacks.
Stored local-address by address family in bgpd(8), allowing configuration of both an IPv4 and IPv6 local-address on a group with correct binding of neighbors. Introduced 'no local-address' to reset a previously-set local address back to zero.
Correctly parsed "0/0" as the default route when specifying the classless-[ms-]static-routes options in dhcpd.conf(5).
Indicated the marked pane in tmux(1) choose mode in reverse, and added keys to set (m) and clear it (M), and to jump to the starting pane (H).
Added bcmsdhost(4), a driver for the Broadcom "sdhost" SD controller found on the Raspberry Pi.
Allowed tmux(1) main-pane-width and height to be specified as percentages.
Added bcmdmac(4), a driver for the DMA controller found on BCM283x SoCs.
Added support for the additional sdhc(4) controller found on the Raspberry Pi.
Prevented mcx(4) interface lockups due to completion queue overflow.
Added a -groups option to the openssl(1) s_server, allowing EC groups to be configured.
Added quirks for the sdhc(4) controller on the Raspberry Pi, providing microSD card or WiFi support depending on the firmware configuration.
Added support for hardware with sdhc(4) controllers on busses only supporting 32-bit access.
Added bcmirng(4), a driver for the RNG200 random number generator found on the Raspberry Pi 4.
Fixed brightness keys on the x395 and other thinkpads with AMD graphics.
Added bcmclock(4), a driver for the BCM283X CPRMAN clock controller.
Added bcmmbox(4), a driver for the VideoCore messagebox interface on BCM283X.
Added bcmpcie(4), a driver for the PCIe controller found on the Raspberry Pi 4.
Disabled MSI for the AMD Hudson2 azalia(4) HDA to fix random lock ups.
Disabled access for regular users to /dev/audio* and /dev/rmidi*, creating these devices owned by root:_sndiod.
Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the "options" field in crontab(5) to "flags".
Corrected inappropriate rate selection in uaudio(4) preventing recording on devices supporting fewer rates for recording than playback.
Fixed brightness controls on certain machines where the initial brightness values are returned out of range.
Added the ikectl(8) "show sa" command to print information about the state of negotiated IKE SAs, their Child SAs and the resulting IPsec flows.
Enabled backlight control use on the Pinebook Pro via wsconsctl(8).
Fixed snmp(1) agent address parsing to allow IPv6 addresses to be used based on format, allow those without brackets to skip the port if it results in a nonsensical address (allowing use of ::1), and try to connect to the address immediately.
Fixed a crash when no device ports have been registered in ofw.
Taught i386 boot(8), cdboot(8) and pxeboot(8) about ffs2.
Switched USB to use non-coherent buffers for data transfers, dramatically improving performance on some ARM SoCs where the USB controller is not coherent with the caches.
Added an ikectl(8) "reset id" command to reset all SAs from policies with matching destination IDs.
Resolved syscall speculation in armv7 cpus as in arm64, changing the system call ABI to skip two instructions and inserting speculation-blocking sequences.
Blocked apmd(8) autoaction for 60 seconds after resume, preventing spurious suspend/resume cycles.
Allowed hppa boot(8) to read from an ffs2 filesystem.
Added /dev/drm[0-3] on arm64.
Added a tmux(1) -d flag to run-shell to wait for delay before running the command (or delay with no command).
Added a tmux(1) copy-mode -H flag to hide the position marker in the top right.
Added tmux(1) C-g to cancel command prompt with vi(1) keys as well as emacs, and q in command mode.
Modified tmux(1) -S server socket to be created with umask 177 rather than 117.
Allowed alpha boot(8) to read from an ffs2 filesystem and adapted its custom installboot to deal with ffs2. Also fixed the partition read code to deal with offsets greater than 2G.
Used lfence in place of stac/clac on pre-SMAP CPUs to protect against Load-Value-Injection attacks against the kernel.
Fixed a kernel crash due to unlimited recursion caused by local outbound UDP broadcast/multicast packets sent by a spliced socket.
Added a policy relookup to iked(8) to replace the default policy based on a received cryptographic parameter proposal.
Added ure(4) support for Lenovo OneLine Plus Dock Ethernet.
Prevented a panic due to missing sysctl(2) input validation.
Prevented a kernel hang when no unlocked ffs_softdep worklist items could be processed.
Adapted biosboot(8) so that it can read boot(8) from an ffs2 filesystem.
Fixed "ipmi0: sendcmd fails" errors when there is an ipmi(4) sensor which is enumerated but has failed to be read.
Improved ucom(4) to fix firmware upload on some microcontroller boards using DTR and RTS as signaling lines to reset the device and enter the bootloader.
Generated three different BIRD outputs with rpki-client(8) -B: v1 with IPv4 and IPv6 routes, and v2.
Added a PCI attachment driver for com(4) to support memory-mapped PCI devices which are part of a Low Power Subsystem (LPSS).
Implemented microsecond resolution using microuptime(9) to avoid a hard hang when starting X on Intel Cherry Trail Atom processors.
Allowed amd64 boot(8) to read from an ffs2 filesystem. Enabled ffs2 for floppy.
Enabled the Rockchip video drivers.
Implemented the page fault handler for CMA GEM buffers and made drm(4) attach to rkdrm(4), making KMS work on the RK3399 SoC.
Stopped counting pages mapped as PROT_NONE against the RLIMIT_DATA limit, helping code which reserves large chunks of address space but populates it sparsely.
Fixed MiRA's sub-frame error rate computation.
Allowed loongson boot(8) to read from an ffs2 filesystem.
Fixed endian swapping in xhci(4), allowing it to work again on octeon and other big endian architectures.
Added rkdwhdmi(4), a driver for the HDMI transmitter found on the Rockchip RK3399 SoC.
Added a workaround for delayed SMR dispatch, starting the SMR thread when all CPUs are ready for scheduling.
Added the $REQUEST_SCHEME variable to httpd.conf(5), allowing preservation of the original connection type (http or https) for redirect locations.
Increased throughput of the ifq pressure drop mechanism for bwfm(4).
Fixed security vulnerabilities in smtpd(8). Corrected an out-of-bounds read in smtpd allowing an attacker to inject arbitrary commands into the envelope file to be executed as root, and ensured privilege revocation in smtpctl(8) to prevent arbitrary commands from being run with the _smtpq group. Released OpenSMTPD 6.6.4.
Added retries and timeouts for test packets to radiusctl(8).
Added usb(4) device support for an AMD hub on the APU2 and a Synaptics vendor id and two fingerprint readers.
Fixed a tcpdump(8) crash when printing the contents of a malformed packet where the packet length was smaller than the size of the usbpcap header.
Added openssl(1) s_client -tls1_3 and -notls1_3 options.
Addressed an arm64 speculative execution issue by changing the arm64 system call ABI to skip two instructions and inserting a barrier after each system call.
Fixed an issue where a vmm(4) guest could write to host memory by passing bogus addresses in pvclock(4).
Added -a to the list-keys command in tmux(1) to also list keys without notes with -N.
Introduced iwx(4), a driver for Intel AX200 WiFi devices.
Prevented buffer overflows with uthum(4) by not assuming the report length given by the hardware is necessarily smaller than the length of the on-stack buffer.
Pushed the KERNEL_LOCK() inside pgsigio() and selwakeup(), allowing separate addressing of the three subsystems: signal, poll/select and kqueue.
Fixed host(1) to provide the correct name of the server to query.
Allowed use of window-htile and window-vtile with the "empty" group clients in cwm(1).
Extended the ipsecctl(8) parser to set the udpencap flag and port number of an SA.
Added ssh(1) -Q key-sig option for all key and signature types, teaching ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query.
Made acpivout(4) stop calling ACPI methods directly to allow changing brightness other ways on certain machines, including the x395.
Fixed a security vulnerability in smtpd(8) which could lead to a privilege escalation on mbox deliveries and unprivileged code execution on lmtp deliveries. Released OpenSMTPD 6.6.2.
Added support for the urtwn(4) tp-link tl-wn823n (TRL8192EU).
Added tmux(1) support for adding a note to a key binding with bind-key -N and using this to add descriptions to the default key binding. Using list-keys -N shows key bindings with notes. Changed the default ? binding to show a readable summary of keys.
Set the default brightness level on attachment for pwmbl(4).
Enabled mmhub power gating on picasso within amdgpu(4).
Fixed ftp(1) tls_handshake() usage, which would break ftp if an handshake wasn't successfully completed in one try.
Fixed ssh-keygen(1) not displaying the authenticator touch prompt.
Fixed support for additional I2C busses in piixpm(4) for older SB800 SMBus controllers. Prevented sensors from attaching four times on old AMD machines.
Added support for TLSv1.3 as a protocol to libtls, making tls_config_set_protocols(3) recognize and handle "tlsv1.3".
Introduced a new mdoc(7) macro .Tg ("tag") to explicitly mark a place as defining a term.
Invalidated the knote(9) list of uhid(4) after device detach, preventing a crash that can happen when kqueue still holds references to knotes pointing to the device.
Implemented ldomctl(8) "panic -c" to panic a guest domain (and enter ddb(4)).
Renamed ssh-add(1) -O to -K to load resident keys from a FIDO authenticator.
Implemented a df subcommand for snmp(1) which outputs disk and memory information in a df(1) format.
Implemented a -Cs option in snmp(1) for snmp walk and bulkwalk, allowing subsections of a tree to be skipped.
Added a -p command line option to iked(8) allowing configuration of the UDP encapsulation port.
Implemented "start -c" in ldomctl(8) to automatically connect to the console.
Allowed pfctl(8) to recursively flush rules and tables.
Removed IPsec flow blocking unencrypted IPv6 traffic in iked(8).
Fixed acpivout(4) screen brightness adjustment through function keys, better supporting machines using exponential brightness scaling.
Updated to libXt 1.2.0, xauth 1.1, xhost 1.0.8, viewres 1.0.6, fonttosfnt 1.1.0 and libXmu 1.1.3.
Added amlsm(4), a driver for the "secure monitor" firmware interface.
Added amltemp(4), a driver for the temperature sensors on various Amlogic SoCs.
Fixed Etron EJ168 USB 3.0 Host Controllers via USB 2 devices.
Introduced *sleep_nsec(9) to allow sleeping for a specified minimum duration, allowing use at the syscall layer and elsewhere within the kernel where this minimum duration is required.
Updated to xorgproto 2019.2, libX11 1.6.9, libXi 1.7.10, libXvMC 1.0.12, libxkbfile 1.1.0 and libXpm 3.5.13.
Allowed freeing of anons as a list of pages rather than one at a time, allowing for more efficient memory freeing.
Introduced a -n option to ldomctl(8) to validate the configuration file and exit.
Prevented a use-after-free causing crashes with uhidev(4) devices.
Fixed RAID volume WWIDs for mpii(4) LSI controllers on sparc64, allowing autoconf(9) to identify the volume as the root device and boot off hardware RAID.
Added timeout_set_flags(9) and TIMEOUT_INITIALIZER_FLAGS(9), allowing the caller to initialize timeouts with arbitrary flags.
Added the ability to download FIDO2 resident keys from a token via the ssh-keygen(1) -K option and save public/private keys into the current directory.
Introduced option filter-pf-addresses to snmpd.conf(5), allowing the OPENBSD-PF-MIB::pfTblAddrTable tree to be filtered out when many prefixes are stored in pf tables, reducing CPU usage during bulk walks.
Introduced efficient page freeing in reverse order from uvm, greatly improving cases of massive page freeing.
Prevented read-only tmux(1) clients from limiting the size.
Stopped performing a top-level sort(1) when -c is used with a -k field.
Implemented support for generating FIDO2 resident keys. "ssh-add -O" will load resident keys from a FIDO2 token and add them to an ssh-agent. Removed the -x option currently used for the FIDO/U2F-specific key flags, now under -O.
Removed single letter flags for moduli generation in ssh-keygen(1) and moved all moduli generation options to under the -O flag. Breaks existing ssh-keygen commandline syntax for moduli-related operations.
Updated perl to 5.30.1.
Stopped switching to new APs found during background scans with RSSI levels which will also trigger background scans, helping to prevent repeated switching in areas where APs are tuned for low transmit range.
Added support for regex searches in tmux(1) copy mode.
Stopped generating "cpu" nodes for disabled CPUs in ACPI mode for efiboot, fixing booting on ACPI machines where the MADT table lists CPUs which are disabled.
Added point-to-point ospf6d(8) support for broadcast interfaces.
Introduced TIMEOUT_SCHEDULED flag and tos_scheduled statistic to timeout(9).
Ensured rdr-to with loopback destination will work even when IP forwarding is disabled.
Added amdgpio(4), a driver for the GPIO controller found on newer AMD SoC/chipsets.
Added arm64 support for lldb.
Prevented ftp(1) from following remote redirects to local files.
Allowed forwarding of a different agent socket to a specified path in ssh(1).
Reduced stalling with lossy wifi by improving net80211 handling of the Rx block ack sequence number window and queue.
Disabled TSX when MSR_ARCH_CAPABILITIES sets TSX_CTRL on amd64 and i386. Currently, TSX is disabled unconditionally when possible even if TAA_NO is set.
Fixed rpki-client(8) -j option, which had not been producing any output.
Validated authentication lengths in ripd(8) before use to prevent crashes.
Made rpki-client(8) work with the existing cache and not exit if rsync(1) exits non-zero.
Allowed ssh(1) security keys to act as host keys as well as user keys.
Added support for gen2 negotiation to rkpcie(4) and enabled gen2 link state training when the dtb is configured with max-link-speed = 2.
Introduced a bypass keyword to smtpd(8) so that built-in filters can bypass processing when a condition is met.
Updated to libXfont2 2.0.4.
Updated to font/util 1.3.2.
Updated to font/encodings 1.0.5.
Tightened permissions for USB device nodes.
Removed gpr(4).
Used ssh-sk-helper for all security key signing operations and security key enrollment. Most ssh(1) tools no longer need to link against libfido2 or interact with /dev/uhid* directly.
Added support for CIDR in a: spf atoms in smtpd(8).
Attached pvclock(4) with a lower priority in case of unstable tsc rather than not attaching at all.
Prevented an overflow due to xen(4) failing to release the interrupt source when unmasking the interrupt.
Fixed empty response packages sent out by ripd(8) when entries are skipped due to split-horizon simple.
Swapped smtpd(8) filter response protocol fields to match query protocol. Filters used will need updating.
Re-enabled "syscall call-from" checking.
Modified -z mode verification in signify(1) to save the header and output it, so signify -zV >saved.tgz will keep the signature for later checks.
Reduced the maximum number of frame buffers for uvideo(4) to allow running higher resolutions without running out of kernel memory.
Removed kernel VM86 support.
Added a check when IP forwarding is disabled to ensure packet destination address matches interface address.
Reset the login class each time through the loop when using -L (loop) mode with su(1). Fixes CVE-2019-19519.
Retired piixpcib(4).
Stopped hardcoding the cache directory for rpki-client(8). Cache and output directory will use defaults for root users and must be specified by non-root users.
Enabled full use of jumbo frames on bnx(4) devices.
Added DEBUG_PKG_CACHE functionality to pkg_add(1), fetching debug patches when packages are installed.
Fixed xenodm(1) to use the libc authentication layer correctly.
Fixed insufficient username validation performed by libc's authentication privilege separation layer and added additional validation points, further validating in login(1) and su(1).
Rewrote dhcpv6 parsing in tcpdump(8) to match the rfc, correctly handling dhcpv6 messages.
Assumed grep(1) -R passed with "." rather than printing a warning by default.
Reverted switch to tickless backend.
Allowed forcing specific domains to be resolved by specific resolvers in unwind.conf(5), handling typical split-horizon setups.
Simplified sysupgrade(8) directory check and creation (/home/_syspatch). It can now be a symlink.
Accepted netmask for IPv6 properly in ifconfig(8).
Added a create-vdisk command to ldomctl(8) analogous to amd64's vmctl(8) create.
Added uvm_objfree to uvm to efficiently free all pages from a uvm object, used in the buffer cache for considerable speedup when freeing pages.
Added rkemmcphy(4), a driver for the RK3399's eMMC PHY.
Added support for the RK3399's eMMC clock to rkclock(4).
Introduced msyscall(2), permitting system calls from selected code regions only: the main program, ld.so(1), libc.so and sigtramp. This is intended to harden against a mixture of W^X failures and JIT bugs allowing syscall misinterpretation.
Allowed use of mail-from and rctp-to as for and from parameters in smtpd.conf(5).
Computed RSSI on 9k iwm(4) devices as for previous generations, fixing spurious signal strength values of over 100%.
Added a tmux(1) p format modifier for padding to width.
Stored smtp(1) session usernames in an envelope, allowing the ruleset to match specific users or mailing addresses.
Added "no-touch-required" options to ssh-keygen(1) and sshd(8) to disable touch requirement for authorized_keys and certificates.
Added an sshd_config(5) PubkeyAuthOptions directive allowing specification of whether sshd(8) should check whether user presence was tested before a security key was made.
Withdrew all proposals on slaacd(8) startup to prevent indefinite retention of nameservers on interfaces no longer flagged for autoconf.
Prevented a timeout in ssh(1) when the server doesn't immediately send a banner, such as with multiplexers like sslh.
Introduced a "trusted" modifier to ntpd(8), for peers which should be on a local net, used in situations where https constraints cannot be used but auto settime is desired.
Stopped connecting to available open wifi networks when an interface is marked up. This behavior must now be explicitly enabled with ifconfig(8) join "".
Lowered the priority of APs which fail to connect in the ifconfig(8) join list, allowing switching wifi networks by moving between them without having to down/up the interface or suspend/resume.
Triggered a background scan when root runs the ifconfig(8) scan command, updating the list of cached APs for future scans and forcing a search for a better AP to roam to.
Switched 8260 and 8265 iwm(4) devices to -34 firmware.
Added initial infrastructure for U2F/FIDO support in ssh(1).
Constrained and corrected the routes being deleted when applying a new lease in dhclient(8) and corrected route comparison. This corrects a network failure with "arpresolve: ... route contains no information".
Added an ASR resolver type to unwind(8), using the libc asynchronous resolver directly with DHCP-provided nameservers. Switched to the ASR resolver rather than DHCP when behind a captive portal.
Made background scans less frequent when choosing the same AP.
Began marking stale prefixes in the Adj-RIB-out during graceful reload of bgpd(8) and fixed prefix_withdraw to check the correct prefix flags before removing a prefix from the update or withdraw tree.
Reverted change to nc(1) fixing the -N flag due to regress failures for tls.
Added sxisid(4), a driver to read the on-chip eFuses.
Added new -N name option to ftp(1), allowing calling scripts to change the progname and produce better error messages.
Updated timezone information to reflect DST changes for Fiji and Norfolk Island.
Rewrote the time validity check for mtfs in rpki-client(8) to correctly account for the timezone.
Added the system clock interface nanoboottime(9), returning the UTC time at which the system booted in seconds and nanoseconds.
Added sxipwm(4) and pwmbl(4), drivers which jointly add support for the backlight controller on the Pinebook.
On newer ThinkPads reporting HKEY version > 1, allowed acpivout(4) to claim backlight controls rather than wscons(4), allowing use of the fine-grained backlight BCL steps defined in acpi(4).
Changed acpivout(4) to increment and decrement screen brightness based only on brightness level changes of 5% or higher.
Prevented an infinite loop when aborting ulpt(4)'s pipe after an I/O error.
Implemented the "parallel boot" feature on compatible sparc64 firmware.
Corrected a memory leak in unwind(1) when the list of DHCP resolvers doesn't change.
Stopped checking whether the IPv6 source address of a neighbor advertisement is from a neighbor's address, not required in accordance with RFC 4861.
Added support for dynamic queue allocation (DQA) to iwm(4).
Corrected cache flush operations on arm64 which were being incorrectly treated as write operations. This fixes a bug where cache flushing caused Firefox to abort.
Fixed the -N flag for nc(1) to shut down the socket when input stops, or when tls is in use and either side of the socket goes away.
Fixed a potential NULL dereference for revoked hostkeys in ssh(1).
Added support for percentage sizes to tmux(1) resize-pane ("-x 10%") and changed split-window and join-pane -l to accept similar percentages, deprecating the -p option.
Made sparc64 autoconf(4) try to match the devid against the bootpath if link->port_wwn doesn't work, helping when booting off of an mpii(4) controller.