This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Corrected sshd(8) initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user.
Updated timezone information to remove DST for Samoa.
Avoided a potential overread in x509_constraints_parse_mailbox().
Silently ignored invalid requests to change the encoding of a ucc(4) keyboard.
Changed dhcpleased(8) client identifier transmission to match other dhcp client implementations.
Fixed the ssh(1) "Allocated port" debug message for unix sockets.
Switched scp(1) back to using the original scp/rcp protocol by default for release.
Unlocked the top part of the VM fault handler on i386.
In pchgpio(4), worked around a BIOS bug on Lenovo Thinkpads based on Intel's Tiger Lake platform to properly restore the GPIO pin used for the touchpad interrupt upon resume.
Zeroed out potential passwords when freeing memory or handling parsing errors in iked(8).
Retried broadcast with dhcpleased(8) when the dhcp server is unreachable via unicast UDP.
Added a theoretical limit of 512 to the number of allocated vcpus in vmm(4).
Introduced /etc/bsd.re-config(5), which can be used to configure the kernel using config(8), allowing use of KARL while making changes to the GENERIC kernel.
Checked the installer's /tmp/i/hostname.* files for a configured IP address so that configurations without a broadcast address are detected as well.
Defaulted to using named curve parameter encoding in libcrypto.
Identified TPM2.0 devices and performed the 2.0-specific "suspend" command, allowing the lenovo xlr9 and xlnano using the latest BIOS (which added S3) to resume.
Stopped setting the highspeed bit on bcm2835-sdhci sdhc(4) controllers, fixing bwfm(4) wifi on the Raspberry Pi 3 Model B+.
Zeroed out iwx(4) Tx descriptors of frames which are done to prevent the device from writing to the former DMA address of a buffer which has been taken off the Tx ring.
Fixed a bug in iwx(4) Tx done interrupt processing which could cause fatal firmware errors under load and memory corruption.
Stopped ignoring SIGINT in sftp(1) while waiting for input if editline(3) is not used.
Imported Mesa 21.1.8.
Altered scp(1) to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Changed iwm(4) and iwx(4) to sleep for 1 second while loading firmware to match what iwn(4) does. This fixes some issues with suspend/resume.
Modified doas(1) to retry up to 3 times on password authentication failure.
Made rc(8) quietly attempt an early mount of /var/log in case someone has created it to avoid /var overflow issues.
Added http_proxy support to rpki-client(8) http handler.
Added aplpinctrl(4) driver for the Apple GPIO controller found on the M1 SoCs.
Changed the printing of the hibernate image size from bytes to megabytes.
Added "machine sysregs" command to ddb(4) on amd64.
Added support for obtaining sense status and source slot of a media to chio(1) and ch(4).
Added include and exclude options to rsync(1) usage message.
Made resolvd(8) accept dns proposals for the loopback addresses.
Implemented < and > operators in btrace(8) filters.
Changed usage of %n from a syslog warning to syslog and abort for printf(3) (and associated variants).
Increased hibernate writeout speed.
Disabled the RSA/SHA-1 signature algorithm by default in ssh(1).
Implemented -naccept in the s_server option of openssl(1).
Implemented reporting of supplemental groups in ps(1).
Changed traceroute(8) wait time to default to 3 seconds and allow setting of wait time as low as one second.
Altered passwd(1) to use stderr for printer error and informational messages. This allows easier parsing of what passwd(1) is doing if spawned from a GUI.
Fixed a crash with i915 graphics by removing bogus Linux code that tried to deal with something that is impossible on OpenBSD.
Fixed dwiic(4) timeouts requesting data from at least one touchpad.
Fixed automatic upgrade after fetching response file with dhcp.
Changed iwn(4), iwm(4), and iwx(4) devices to hide detailed firmware error reports by default.
Added veb(4) to the list of pseudo devices that ifconfig(8) can create.
Imported initial support for the SM2 cipher into LibreSSL.
Added the signify keys for 7.1 base sets, packages, and firmware.
Moved to 7.0-beta.
Set the uhidpp(4) battery level sensor status to unknown while charging to handle devices reporting zero during charge, preventing certain sensorsd.conf(5) actions from triggering inappropriately.
Fixed iostat(8) per-device values when systat(1) is in boot time mode ('b'), not normalizing based on the sleep interval.
Added a -B flag to tmux(1) to remove borders from popups and added a menu to popups as well as options to convert a popup into a pane.
Added to dhcpleased.conf(5) the ability to ignore routes or nameservers from a lease and to ignore servers entirely.
Prevented a loop when bwfm(4) receives an unsolicited association status event right after successful association.
Added pipe variants of the tmux(1) line copy commands.
Changed the default snmp(1) version to -v3 and removed the default community.
Made amd64 hw.setperf percentages proportional to the enhanced speed step frequencies on Intel processors. The default hw.setperf=99 corresponds to the maximum ordinary speed, and setting it to 100 enables turbo mode.
Ensured some programs (including sftp(1)) do not ignore Ctrl-C when awaiting user input.
Added support for two-character font names (BI, CW, CR, CB, CI) to the tbl(7) layout font modifier.
Added Tiger Lake LP (INT34C5) support to pchgpio(4).
Cleaned up the fdisk(8) MBR/GPT initialization code, making -g independent of -i, leaving four mutually exclusive initialization options (-i, -b, -u and -A) with the last option specified executed (allowing the existing -i -g to work as intended).
Added basic support for zero width joiners to tmux(1).
Fixed suspend/resume of machines with certain radeondrm(4) hardware.
Added RK3399 Type-C PHY clocks and PCIe PHY reference clocks to rkclock(4).
Delayed installation of sensors until a device with battery support is connected, allowing sensorsd(8) to pick up hotplugged uhidpp(4) devices.
Made window-linked and window-unlinked window options in tmux(1).
Corrected awk(1) -F null string behavior to ensure -F '' behaves consistently with -v FS="".
Made dhclient(8) defer to dhcpleased(8) when the inet autoconf flag is set. When run, dhclient will signal dhcpleased to request a new lease rather than requesting one itself.
Fixed an attachment problem for dwctwo(4) for certain devices issuing NAK interrupts during split transactions.
Fixed potential races in slaacd(8) and dhcpleased(8) when two processes are configuring the same IP.
Ensured MRT dumps containing add-path information will be dumped properly by bgpctl(8) (RFC 8050).
Implemented Extended Optional Parameters Length for BGP OPEN Message (RFC 9072) in bgpd(8), allowing sending of more than 255 bytes of optional parameters.
Passed make flags to kernel and lib builds, making hacking on ramdisks/the installer much faster.
Added a ForkAfterAuthentication directive to ssh_config(5), equivalent to ssh(1) -f.
Added a StdinNull directive to ssh_config(5) to prevent reading from stdin, equivalent to ssh(1) -n.
Let allowed signers files used by ssh-keygen(1) signatures support key lifetimes and verification mode to specify a signature time at which to check.
Fixed ix(4) with older amd64 and current riscv64 hardware if MSI is not enabled for the device.
Synced dwctwo(4) with the NetBSD-current code base, enabling the USB on-board ethernet controller through mue(4) and enabling the two USB uhub3 ports on the Raspberry Pi 3 Model B+.
Made dhcpleased(8) always configure provided routes, regardless of whether the address received in the lease is already configured.
Made slaacd(8) send rDNS proposals on ramdisks, allowing resolvd(8) to learn nameservers and update /etc/resolv.conf with IPv6 resolvers.
Updated Mesa to 21.1.5.
Introduced a short wait in rc(8) after netstart(8) finishes until an IPv4 or IPv6 default route is present before continuing boot. Fixed setups depending on working network and DNS resolution during early boot when using autoconfiguration (dhcpleased(8) or slaacd(8)).
Fixed a crash in mandoc(1) when an input file contains tbl(7) or eqn(7) input unsupported by -T man(1) output mode.
Updated libz to zlib 1.2.11.
Prevented athn(4) from calling ieee80211_find_rxnode() on bad frames in an attempt to prevent creation of bogus node cache entries.
Implemented various fixes addressing firmware errors in iwm(4) and iwx(4).
Added SMP support to risc64.
Defaulted to attempting RRDP first in rpki-client(8) -r.
Added rktcphy(4), a driver for the Type-C PHY controller found on the Rockchip RK3399.
Expanded info callback support for TLSv1.3.
Made tcpdump(8) split the 802.11 sequence number field into its sequence number and fragment number components rather than printing the whole field in decimal.
Made anonymous object reference counting independent from the KERNEL_LOCK().
Corrected a potential memory leak associated with pfsync(4) update requests.
Added basic radeondrm/X support for riscv64 and supported xf86-video-radeon and xf86-video-amdgpu drivers.
Allowed (w)hole disk allocation for GPT disks in arm64, using fdisk(8) -A when an Apple APFS ISC partition is detected and fdisk -ig otherwise. Created EFI SYS boot partitions only on ROOTDISK GPT disks.
Added titmp(4), a driver for the TI TMP451 temperature sensor.
Introduced locks around the global pf(4) state list.
Ensured the values for fdisk(8) -b and -l are treated as 512-byte block counts.
Fixed node leaks in iwm(4) and iwx(4) which caused the drivers to get stuck when roaming between access points.
Added vmd(8) support for variable length vionet rx descriptor chains.
Added an fdisk(8) -A option to initialize a GPT without removing special boot partitions.
Removed default communities, changed seclevel default from none to enc and only allowed SNMPv3 by default in snmpd(8). Changed default authentication to SHA-256 and privacy protocol to AES in snmpd(8) and snmp(1).
Made fdisk(8) available to architectures other than amd64 and i386 and extended the syntax to allow specification of the boot partition type and offset.
Stopped attempting to install a default route with route(8) in netstart(8) if using inet autoconf.
Increased the setitimer(2) timer limit to UINT_MAX seconds.
Introduced sfclock(4), a driver for the SiFive Power Reset Clocking Interrupt (PRCI).
Introduced sfcc(4), a driver for the SiFive level two cache controller.
Introduced plic(4), a driver for the RISC-V Platform-Level Interrupt Controller.
Implemented enhanced route refresh (RFC 7313) in bgpd(8).
Added simple BGP enhanced route refresh message decoding to tcpdump(8).
Fixed an iked(8) bug where no flows are added if a single address is configured in the config address instead of a pool.
Adjusted density for partitions on a 4k disk in newfs(8) when fragsize and density are not passed on the command line to ensure sufficient inodes to hold a src tree on a 2G fs.
Relaxed media length checking to allow EFT GPT partitions to be smaller than the full disk.
Prevented watchdog resets on some i.MX 64-bit machines with a recent U-Boot and watchdog enabled on boot in imxdog(8).
Added aplns(4) to provide support for Apple NVME storage as found in Apple M1 devices.
Relaxed criteria for recognizing GPT formatted media, allowing GPT disk images added with dd(1) onto larger physical media to be recognized by fdisk(8) and the kernel.
Improved bgpd(8) graceful restart capability handling.
Added aplspmi(4), a driver for the Apple SPMI controller.
Added aplpmu(4), a driver for the Apple "sera" SPMI power management unit that contains the RTC on Apple M1 systems.
Updated libexpat to 2.4.1.
Fixed futex(2) errno handling to match what Mesa expects and prevent failure to properly report timeouts.
Used so_lock to protect key management (PF_KEY) sockets.
Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified.
Allowed router solicitations from the unspecified address (::) in rad(8).
Updated libexpat to 2.3.0.
Worked around x86 machines that advertise the "hardware reduced" ACPI feature, advertise S4 and S5 support, but fail to populate the SLEEP_CONTROL_REG and SLEEP_STATUS_REG descriptions in the FADT. This fixed the ASUS Zenbook 14.
Limited the printf(1) \x escape sequence to two characters.
Added support for RTL8168FP/RTL8111FP/RTL8117 to re(4).
Added an 'expires' column to CSV & JSON output of rpki-client(8).
Worked around a problem with certain athn(4) hardware that caused problem when running in HostAP mode with clients that use Tx aggregation.
Disabled base-gcc on amd64.
Retired OpenBSD/sgi platform.
Changed int_TS_RESP_verify_token to avoid a double free.
Made kernel stop all threads when terminating via pledge_fail().
Made iwn(4), iwm(4) and iwx(4) keep track of beacon parameters at run-time.
Used relative reference URIs in Location header on directory redirects in httpd(8), adding support for front-ending httpd with a TLS-terminating gateway that forwards unencrypted http traffic.
Imported libc++ and libc++abi 11.1.0 releases.
Imported LLVM 11.1.0 release including clang, lld, and lldb.
Enabled dt(4) for GENERIC kernels on amd64, arm64, i386, and powerpc64.
Fixed vmctl(8) client "wait" state corruption in vmd(8) when a wait is canceled and restarted, allowing multiple waiting clients.
Implemented support for Rx aggregation offload in iwm(4) and iwx(4) and re-enabled de-aggregation of A-MSDUs in net80211 for all drivers capable of 11n mode.
Fixed an issue on machines where the EFI memory map has more than 64 entries.
Added gfrtc(4), a driver for the real-time clock interface of Google's Goldfish Android virtual hardware platform, used for the RTC on qemu-system-riscv64 -M virt.
Only skipped pf(4) once for packets injected by a divert-packet socket, allowing pf to still act later on a diverted packet.
Imported initial OpenBSD/riscv64 port.
Changed error reporting for bwfm(4) to use the long version of the firmware path. This makes it easier to find the correct files to add to the bwfm-firmware port.
Added protections against guests with bad virtio drivers to vmd(8)
Made kqueue(2) timer re-addition reset an existing timer to use the new timeout period.
Changed cwm(1) maximization and full-screen mode toggling to keep the cursor within the window, preventing focus loss.
Cleaned up TLS v1.2 certificate request handshake data. This fixed a bug where decoding was broken when the number of certificate types exceeded SSL3_CT_NUMBER.
Fixed __builtin_bitreverse32 on 32-bit powerpc, needed to build clang-11.
Added indication of whether an mg(1) function is unsuitable for a startup file.
Added keep-alive support to the rpki-client(8) HTTP module.
Added "dired-jump" command to mg(1) to open a dired buffer containing the current buffer's directory location.
Enabled all Thinkpad X1 Extreme 1 speakers and atmos dolby in azalia(4).