This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Converted 't_lock', 'r_keypair_lock' and 'c_lock' rwlock(9)s to corresponding mutex(9)es.
Switched to using whois.internic.net for whois(1) -i.
Added validation for IPv4 packet options in divert(4).
Fixed detection of qcpas0 driver on x13s when booted in ACPI mode.
Separated ssh(1) parsing of string array options from applying them to the active configuration. Fixed some cases where the config parser improperly rejected valid configuration.
Started flushing the D-cache before disabling the cache on armv7 in efiboot.
Added a workaround for an 88100 errata where FPU imprevise exceptions could be raised in error.
Imported mwx(4), a driver for Mediatek MT7921 and MT7922 802.11ax devices.
Handled /reserved-memory nodes from device trees on arm64.
Added multithreading to vmd(8)'s vionet, allowing RX and TX to operate independently to reduce overall network latency for guests and alleviate the TX side dominating cpu time.
Added the 7.6 fw key.
Implemented disassociation (RUN->AUTH/INIT) in the qwx(4) driver state machine.
Made bwfm(4) work with MAC addresses set via ifconfig lladdr.
Fixed a deadlock in openrsync(1) when big files are synced using the hash algorithm.
Fixed pthread errors which could lead to crashes on sparc64.
Prevented ioctl(WSKBDIO_GETENCODINGS) NULL dereference when sysctl machdep.forceukbd is enabled with no USB keyboard attached.
Removed dt(4) clock interrupt staggering to reduce profiling overhead.
Enabled the pool gc thread on m88k MULTIPROCESSOR kernels.
Synced with unbound(8) to fix CVE-2023-50387 and CVE-2023-50868, usable to cause high CPU load and potentially denial of service with specifically crafted DNSSEC responses.
Added two new values for the tmux(1) destroy-unattached option to destroy sessions only if they are not members of sessions groups.
Disabled hardclock() on secondary CPUs, reducing every system's normal clock interrupt rate by (HZ - HZ/10) per secondary CPU.
Moved dt(4) interval/profile entry points from the fixed-frequency hardclock() to a dedicated clock interrupt callback so probes can fire at arbitrary frequencies.
Added risc-v support code for clang -msave-restore.
Added a netstat counter for route cache.
Used the 'sb-mtx' mutex(9) to protect 'sb_timeo_nsecs'.
Stopped sending route messages while rebooting after a panic, to prevent an additional panic in the knote(9) layer.
Update timezone info to include Kazakhstan's switch to unified UTC+5 and Palestine time change after Ramadan.
Made btrace(8) print statistics on stderr to be able to redirect bt(5) script output.
Added a DMA constraint for the x13s.
Reworked socket buffers locking for shared netlock, introducing 'sb_mtx' mutex(9) to protect sockbuf.
Prevented cpu spinning when a vio(4) device would be activated by a driver but before virtqueues were provided.
Removed Softdep.
Added new amd64-only sysctl machdep.retpoline which says whether the cpu requires retpoline.
Implemented Multiple Message MSI support on arm64, currently working only on systems that use agintcmsi(4) as the MSI controller combined with the dwpcie(4) Hots/PCIe bridge.
Implemented qwx_tx() in qwx(4), enabling the 4-way handshake.
Ensured that smtpd(8) only processes the .forward file of the alternate delivery user provided in a dispatcher, and no other recipient .forward file.
Disallowed custom commands and file reading in a .forward file, allowing only forwarding addresses and users, so that smtpd(8) can't execute custom commands set by root in a .forward.
Reverted smtpd(8) to running lmtp deliveries as the recipient user, not SMTPD_USER (_smtpd).
Implemented the basics of the qwx(4) data frame Rx path, allowing our net80211 stack to see the initial WPA handshake packet sent by the AP.
Added sximmc(4) Allwinner D1 support and enabled it on riscv64.
In aucat(1), fixed MIDI control of the levels of individual files.
Added a route generation number that is updated whenever the routing table changes, allowing discarding of older cached routes without waiting for socket closure or invalidation.
Forced -fno-stack-protector on "boot block" that can't have a stack protector (alpha and sparc64).
Set -fno-stack-protector in NORMAL_C_NOP, used to compile mcount.c, ensuring there is never a stack protector prologue/epilogue in the functions in that file.
Enabled the openssl(1) command line tool to generate ECDSA certificates and CMS products.
Added the sxitimer(4) driver to riscv64 to be able to trigger external interrupts on the Allwinner D1.
Added sxirtc(4) support for newer SoCs that store the data as number of days since the Unix epoch instead of a calendar date.
Tagged packets going out a sec(4) interface to prevent route/encap loops.
Implemented a workaround to a T-Head page attribute extension violating the RISC-V specification. This is designed to make use of the Svpbmt extension and gets us closer to booting OpenBSD on an Allwinner D1 SoC.
Introduced pipex_iterator() to perform 'pipex_session_list' for each walkthrough with 'pipex_list_mtx' mutex(9) relocking.
Forced Apple backlight update after resume.
Updated to zlib 1.3.1.
Explicitly disabled eephy(4) Energy-Efficient Ethernet (EEE) on Marvell E151x.
Changed igc(4) default duplex setting and simplied the setup of srrctl.BSIZEPKT.
Made login.conf(5) and crypt_newhash(3) and the underlying code consistent regarding bcrypt,a instead of blowfish,a.
Added apldcp(4), a driver to control the display coprocessor integrated on Apple SoCs.
Added apldrm(4), a driver providing kernel mode setting (KMS) functionality for the graphics hardware integrated on Apple SoCs.
Reduced static binary size by switching to use of libc-private __hash_open() in /etc files cases where the dbopen(3) function otherwise pulls in all three database backends.
Increased buffer size to avoid truncating styles in tmux(1).
Created a new libc-private function for when getpwnam(3) reaches out to yp(8) which can skip socket/address work which isn't needed. Reduces text segment by ~100k in most static binaries and removes 5-7 system call stubs, which might matter for non-pledged binaries which otherwise lack socket(2).
Rewrote assorted imsg code to use new ibuf API.
Disallowed madvise(2) and msync(2) memory/mapping destructive ops on immutable memory regions for these operationS, instead returning EPERM.
Increased max VM mem size to 128GB by removing vmd(8) limit.
Improved formatting for pax(1) extended header times.
Replaced pinsyscall(2) with the new pinsyscalls(2) which handles all system calls.
Made mktemp(3) callback-driven and split into multiple files so only the necessary system calls will be reachable from the binary.
Implemented Multiple Message MSI support on amd64 to aid qwx(4) development.
Completed base program conversion to use imsg_get_fd() in place of imsg.fd.
Used solock() instead of netlock within fill_ifile(), making all socket types protected.
Fixed core file writing when a file map into memory has later been truncated to be smaller than the mapping.
Updated drm to linux 6.6.12.
Made the kernel read pinsyscall tables out of PT_OPENBSD_SYSCALLS in the main program or ld.so, and accept a submission of that information for libc.so from ld.so via pinsyscalls(2). At system call invocation, the syscall number is matched to the specific address from which it must come.
Patched X server and Xwayland vulnerabilities CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409.
Added an iked(8) debug message when no policy is found.
Ensured a proper string is returned by getaddrinfo(3) when AI_CANONNAME or AI_FQDN is set.
Added arm64 support for bringing up RTKit while !cold.
Implemented 'pfctl(8) -a "*" -sT' behavior to print all tables attached to every anchor loaded to pf(4) (to join the existing "" -sr, which shows the rules found in every anchor).
Prevented vio(4) panics by polling device status after issuing device reset to avoid a potential race condition.
Changed ld.so to only load the first libc version encountered requested and substituting it for all further loads, ensuring that the libc version requested by an executable itself is the one loaded.
Provided a more complete implementation of the drm "component" APIs.
Switched to sending UDP packets in parallel now that sending UDP packets via datagram socket is MP safe.
Fixed Linux NFS clients freezing after five minutes of inactivity.
Extended rpki-client(8) -P to work for Trust Anchor certificates.
Made DSA key support compile-time optional, defaulting to on.
Split UDP PCB table into IPv4 and IPv6 tables, reducing contention on the per table lock.
Prevented a potential bnxt(4) crash after failure to bring up a queue.
Added instruction length to vm exit information to allow vmd(8) to manipulate the instruction pointer after io emulation, preparation for emulating string-based io instructions.
Added a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval.
Converted bgpd(8) parent processing imsg handling over to new imsg API.
Deleted support for FFS filesystems before the in-inode symlink optimization.
Implemented acpi(4) RootPathString support in the LoadTable() AML function, fixing OpenBSD boot on an older version of Hyper-V.
Made syscalls error out if taking more than six arguments.
Updated xserver to 21.1.10.
Added certificate revocation timestamps to rpki-client(8) filemode warning messages.
Prevented use after free of TLS context at syslogd(8) shutdown.
Changed ftp(1) to avoid use of the interactive shell if -o is given.
Synced loongson login class limits with octeon.
For amd64 cdXX.iso and installXX.iso, created an EFI system partition image containing the EFI boot loaders to be installed as an El Torito boot image, making the install CDs bootable in EFI mode.
Used the inpcb table mutex to set addresses, protecting all remaining write access to inp_faddr and inp_laddr.
Added a workaround for clang which has a broken -fno-zero-initialized-in-bss implementation.
Changed the default logic to set nkmempages to use physical memory / 4 for up to 1G physmem, and add an extra 16MB per 1G of memory additional. Clamped this down depending on available kernel virtual address space.
Adapted arm64 implementation of per-CPU caching for the page table page (vp) pool and the PTE descriptor (pted) pool to the riscv64 pmap implementation.
Fixed syscall number bounds check computations.
Imposed constraints on RPKI Trust Anchors.
When invoking ssh_config(5) KnownHostsCommand to determine the order of host key algorithms to request, ensure that the hostname passed to the command is decorated with the port number for ports other than 22.
Extended imsg and ibuf API with useful getter methods.
Created a duplicate entry for kbind(2) (which self-protects) to force the kernel's pinsyscall(2) code to skip validation, rather than labelling it illegal.
Removed support for syscall(2), the "indirection system call," a dangerous alternative entry point for all system calls and incompatible with the precision system call entry point scheme we are heading towards.
Turned 'pflowstats' statistics counters into per-CPU counters to make them mpsafe.
Ensured the syscall table entries for libc and ld.so are aligned on a 4-byte boundary.
Implemented per-CPU caching for the page table page (vp) pool and the PTE descriptor (pted) pool in the arm64 pmap implementation. This significantly reduces the side-effects of lock contention on the kernel map lock and leads to significant speedups on machines with many CPU scores.
Synchronized datasize-cur limit for staff with the default class on armv7/i386/loongson/macppc/sparc64.
Added an rpki-client(8) log warning when a manifest replay is detected and when the same manifestNumber is recycled across multiple issuances of that manifest.
Turned 'pflow_softc' list into SMR list.
Introduced ampchwm(4), a driver to access the Ampere Altra Fine-Grained Power Telemetry.
Added accounting flag and lastcomm(1) report for syscall pinning violations.
Added a step to flush EPTs after enabling VMX mode in vmm(4).
Added a new label "sigcodecall" inside every sigtramp definition, used to caculate the start of the syscall for SYS_sigreturn and pinned system calls.
Populated the non-LOAD openbsd.syscalls section (and PT_OPENBSD_SYSCALL) with {uint offset, uint syscall#} entries in libc and ld.so.
Fixed support for devices that attach multiple uaudio(4) drivers.
Added basic write support for pax(1) format archives.
Fixed sndiod(8) server abort after wrong call to slot->ops->exit().
Added inpcb table mutex protecting addr and port during bind(2) and connect(2).
Added services entries for Matter, a protocol for discovery and comms with "smart home"/IoT devices which runs over TCP or UDP over v6 over various physical/network layers.
Protected the socket receive buffer in IP multicast routing.
Made smtpd(8) reject headers that start with a space or tab.
Removed eephy(4) "disable auto-negotiation" workaround for Marvell Alaska PHYs.
Protected access to the gnu warning map with a mutex to avoid random crashes.
Made malloc(3) save backtraces to show in leak dump with depth of backtrace set via malloc option D (aka 1), 2, 3 or 4.
Made uthum(4) TEMPer{1,2} devices display minus degC.
Enabled smtpd(8) DSN (delivery status notification) for the implicit socket and an smtpd.conf(5) 'no-dsn' option for "listen on socket".
Made rtm_senddesync_timer() timeout(9) handler mpsafe.
Changed to running TCP syn cache timer without kernel lock.
Deferred relayd(8) relay_read_http header parsing until after line continuation, preventing potential request smuggling attacks.
Added mpii(4) support for new SAS HBAs (codenamed Aero and Sea, sold as Broadcom HBA 9500, Dell HBA350/5, Lenovo ThinkSystem 440 HBA, Supermicro AOC-S3808/16), which shared a hardware problem resulting in reads of some registers returning all zeros under transient conditions.
Increased the number of address ranges in acpi attach args from 4 to 8.
Prevented short-circuiting of localhost resolution when AI_NUMERICHOST is set.
Added mkhybrid(8) '-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot image, in addition to or instead of the x86 boot image, to the output file.
Prevented erroring out when .gcc_except_table relocs point at discarded sections, allowing fortran ports and others to build on riscv64.
Changed to only enable BTI and PAC by default on arm64.
Disabled LOAD_STACK_GUARD on OpenBSD/armv7.
Prevented exit(2) from being called by a crt0 helper function with no debugging information by aborting instead.
Built and installed tzdata.zi and leap-seconds.list, now expected by third-party software.
Corrected renewal of expired certificates in iked(8).
Switched to using tset(1) -I for all terminals, not just xterm.
Increased mips64 MAXTSIZ and octeon login class limits to accommodate llvm-16.
Added an installer fallback IPv6 addres for ftplist1.openbsd.org.
Made three context switches machine-independent: when a process forks and the new proc needs to be scheduled by proc_trampoline, cpu_hatch: when booting APs, and sched_exit: when a proc exits.
Added evp(3) chacha aliases for OpenSSL compatibility.
Made umb(4) delete any existing v4 address before setting a new one, allowing keeping of a working default route when the address changes.