This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
Fixed sleeping race during malloc in sysctl(2) hw.disknames.
Removed sysupgrade(8) -r toggle. Sysupgrade's primary aim is to upgrade from one release to the next, with the -s option available to install snapshots.
Increased the default buffer size for AF_UNIX from 8192 to 32768, avoiding a fatal error in sshd(8) that can be triggered when the network stack is pushed hard enough to consume most of the allowed memory.
Added a temporary method to force S0 over S3 via machdep.lidaction=-1. We are not ready to choose S0-over-S3 based on the S0ix bit in FADT, but this will allow testing.
Extended the zic(8) input format to add support for %z, which expands to a UTC offset in as-short-as-possible ISO 8601 format, intended to better support zones that do not have an established abbreviation already.
Changed tmux(1) extended-keys behavior to allow applications to enter mode 2 but not turn extended keys off entirely.
Added a tmux(1) prefix-timeout option to allow setting a period after which to ignore the prefix key if no others are pressed.
Fixed kernel crashing due to invalid printables in ELF binaries.
Kept radiusd(8) number of requests for a DAE server below 64 to avoid congestion.
Added radiusctl(8) ipcp delete command to delete the specified session without requesting disconnection.
Added a "Match invalid-user" predicate to sshd_config(5) Match options, allowing writing Match conditions that trigger for invalid username.
Added a "refuseconnection" penalty class to sshd_config(5) PerSourcePenalties, allowing penalization of connection sources that have had connections dropped by the RefuseConnection option.
Added a "RefuseConnection" option to sshd_config(5) to terminate the connection at the first authentication request.
Included pathname in some of the ssh-keygen(1) passphrase prompts to better inform the user when ssh-keygen is invoked by other tools.
Added NVMe sensors based on information in the SMART/health log page, showing overall device health and temperature.
Made msdosfs transform a '/' char into '?' for 8.3 filenames as for Windows long names.
Ensured file names passed back by readdir name validation do not include a '/' character to avoid unexpected path traversal on untrusted file systems.
Relaxed absolute path requirement back to what it was prior to OpenSSH 9.8, which incorrectly required that sshd(8) start with an absolute path in inetd mode.
Ignored tmux(1) mouse move keys to prevent accidental prefix cancelation.
Implemented AMD SEC support in vmd(8). To enable SEV for a guest, use the parameter "sev" in the guest's vm section in vm.conf.5.
In NFS, set the pointer to NULL after calling m_freem() on nmi_mrep or nmi_mreq to avoid a double free of the mbuf.
Prevented potential crash when fuse(4) uses the ufs inode.
Prevented use of an uninitialized variable in NFS error handling.
Fixed alert callback in the QUIC layer.
Pulled post-quantum ML-KEM/x25519 key exchange out from compile-time flag now that an IANA codepoint has been assigned for the algorithm.
Re-enabled AES-NI in libcrypto to help amd6 and i386 machines that previously benefited from it before a change in OPENSSL_cpu_caps().
Allowed dt(4) tracing interrupts by deferring the wakeup9 to a different context.
Made ssh(1) parse user@host correctly for usernames containing '@' characters.
Made ddb(4) print mbuf chain and packet list by implementing /c and /p modifiers in ddb show mbuf.
Updated libexpat to 2.6.3, including fixes for CVE-2024-45490, CVE-2024-45491, and CVE-2024-45492.
Set highest cpuid feature leaf based on host spu in vmm(4), fixing Linux guests on older Intel hardware.
Introduced rport(4) for p2p I3 connectivity between route domains.
Made netstat(1) display statistics about expensive mbuf operations, counting operations used to allocate mbufs or copy memory when memory layout is not optimal to find possible optimizations.
Made rpki-client(8) periodically reinitialize RRDP sessions to snapshot at random intervals, helping with garbage collection.
Prevented dropped packets from vio_encap() when using bounce buffers by defragmenting mbuf and trying again.
Enabled per-cpu page cache on alpha.
Fixed the sed(1) case where the pattern space is empty but does not start with a NUL character, which might occur after using the D command.
Fixed underlying pkey of RSA-PSS.
Prevented frequent disconnect/reconnect cycles with various PixArt/Logitech USB mice.
Displayed hyperlinks in tmux(1) copy mode and added copy_cursor_hyperlink format to get the hyperlink under the cursor.
Added search_count and search_count_partial formats in tmux(1) copy mode.
Removed uvm_km_alloc(9) and uvm_km_allock1(9).
Replaced the last pieces of the original OpenBSD, dropping the Greek sshd_config(6) in favor of one about galley parts to match the Ship of Theseus theme.
Enabled per-cpu page cache on mips64.
Switched alpha to MI mplock code.
Deleted support for the older "zlib" negotiable compression support which had been left in place in OpenSSH to allow negotiation with non-OpenSSH daemons which lack a replacement delayed-compression option like "zlib@openssh.com" where compression begins after authentication.
Unlocked ipip_sysctl().
Introduced sysctl_securelevel() to modify 'securelevel' mp-safe. Made sysctl_securelevel_int() mp-safe. Unlocked KERN_ALLOWDT.
Fixed merge of bounce buffer segments in amd64 bus dma.
Fixed an issue with hardware that sends an interrupt in response to a reset request when a level-triggered interrupt is used.
Made task pool private for each instance of apldcp(4) attached to DCP to avoid panic due to initializating the pool again.
Prevented livelocks on amd64 by avoiding caching pages belonging to memory ranges with a 'use' count to keep low pages available and avoid their exhaustion.
When resuming, run usb_attach_roothub() in DVACT_WAKEUP rather than DVACT_RESUME.
Began printing "S0ix" instead of "S0" on the acpi: sleep states line when FADT indicates FADT_POWER_S0_IDLE_CAPABLE, assuming that for these machines the vendors agree S0 suspend is as good or better than S3.
Skipped a FADT check on OpenBSD to prevent the GPU (and display) from remaining on in suspend-to-idle on some machines.
Used the ACPI sleep state to determine whether to use the suspend or hibernate code paths in amdgpu(4), fixing (un)hibernate after changes to S0/S3.
Allowed PPP interface to run in an rdomain and get a default route installed in the same routing domain.
Corrected dwiic(4) to inform children of suspend/resume events and prevent sub-drivers racing against dwiic hardware re-initialization.
Skipped Controller Save State (CSS) and Controller Restore State (CRS) on AMD 17h/1xh xHCI to avoid problem with resume after introduction of CRS to xhci(4).
Atomically modify `hthreads' and move proc_free() out of KERNEL_LOCK().
Made xhci(4) restore the saved state upon resume, needed for newer Intel xHCI controllers.
Added BIOCSETFNR to bpf(4), like BIOCSETF without resetting the buffer or stats.
Introduced "rde rib Loc-RIB include filtered", a feature that includes filtered prefixes in the Loc-RIB, visible using bgpctl.8 show rib filtered. Added filtered support to bgplgd(8).
Implemented bounce buffering for AMD SEV in amd64 bus dma.
Pushed kernel lock down to net_sysctl() and mpls_sysctl().
Introduced qwz(4), a port of the Linux ath12k driver.
Made sysctl_int() and sysctl_int_lower() mp-safe and unlocked KERN_HOSTID.
Modified miniroot install instructions to reflect Apple machines can now also use USB type-A ports for installation.
Disabled interrupts more aggressively in DVACT_QUIESCE and DVACT_SUSPEND in azalia(4) to address false interrupts seen during S0 resume.
Made acpi(4) use ACPI_WAK upon resume, potentially improving S3 resume on some rare machines.
Fixed a bug in mandoc(1) .Ql handling which could corrupt output.
Added -CRLfile option to openssl(1) cms, allowing verification of certs in a CMS object against additional CRLs.
Run network protocol timer without kernel lock. TCP timers also run without kernel lock now. The whole TCP stack holds exclusive net lock, so additional kernel lock is useless.
Implemented smtpd(8) report response for proc-filters as with built-in filters.
Added a 'min-version' bgpd(8) RTR config option and defaulted to RTR version 1, ensuring a session cannot be suddenly downgraded. Made bgpctl(8) print min-version of an RTR session.
Attempted to leave a gap on the tx ring for rge(4)/re(4) to keep entries on the ring from being overwritten, preventing confusion of the chip and the tx completion code.
Fixed an xterm(1) crash when printing decreased intensity unicode right quote using bit-mapped fonts.
Made exit1() wait for sysctl(2) 'allprocess' loops to prevent possible kernel crash due to concurrent process exit1().
Provided a per-architecture crypto_arch.h, to be used in a smiliar manner to bn_arch.h and allow for architecture-specific #defines and static inline functions.
Modified igc(4) to allow use of jumbo frames while supporting strict alignment architectures.
Enabled GuC authentication of the HEVC/H.265 micro Controller (required for Low Power Encoding with the Intel Media Driver for VAAPI.
Unlocked KERN_MSGBUFSIZE and KERN_CONSBUFSIZE.
Made intelmpc(4) print information about the residency counters advertised in the LPIT table.
Moved to 7.6-beta.
Unlocked udpctl_vars.
Added code to handle EC events while suspended and registered the acpibtn(4) notify handlers as wakeup AML notify handlers, going back to sleep immediately if woken up for any other EC event.
Ensured some Intel xhci(4) controllers fully power down by issuing a "save state" command on suspend.
Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing.
Added an error message for sed(1) -i when the file is unwritable.
Made the touchpad on the Samsung Galaxy Book4 Edge work via qcgpio(4).
Added dwmshc(4) support for the RK3588 eMMC controller.
Added RK3588 eMMC clocks and resets to rkclock(4).
Fixed source and drain confusion in socket splicing somove().
Added radiusd_file(8) module, providing authentication by a local file.
Skipped the non-working switch port (cnmac2) on the 5-ports EdgeRouter POE.
Implemented qcspmi(4) support for version 7 controllers.
Added qcgpio(4) support for the ACPI PCIO pins necessary to support the keyboard, touchpad and touchscreen on the Qualcomm Snapdragon X Elite (X1E80100) laptops Asus Vivobook S15 and Lenovo Yoga Slim 7x.
Implemented IPv6 forwarding IPsec only.
Mapped BUS_SPACE_MAP_PREFETCHABLE to Normal-NC on arm64, speeding up framebuffer access significantly.
Added Qualcomm Snapdragon X Elite (X1E80100) support.
Added support for the numpad on newer macppc Apple Powerbooks with ukbd(4), with Num Lock set as Fn+F6.
Added support for RADIUS accounting configurable in radiusd.conf(5).
Changed radiusd.conf(5) syntax for "module" to take a {} block and "authentication" to go without. Specifying a "module" path is now optional.
Prevented OFW crash if temperature for a zone can't be read while polling it.
Modified IPCP to use {D,NB}NS servers from RADIUS.
Added rge(4) support for the Realtek RTL8126 chip.
Disabled unwind(8) shared cache between resolvers to prevent segfault after libunbound update.
Pushed socket re-lock to the vnode(9) release path within unp_detach().
Implemented RSA key exchange in constant time.
Implemented sleep button and EC events as wakeup events in acpi(4).
Added tmux(1) "refresh-client -r" for control mode clients to provide OSC 10 and 11 responses to tmux so they can set the default foreground and background colors.
Made acpibat(4) forward AC change notifications to acpiac(4), giving access to programs like apm(8).
Added AMD SEV-related information provided by cpuid to dmesg(8).
Add support for ACPI firmware that provides the base address of individual GIC redistributors in the per-CPU GIC MADT table entries.
Made relayd(8) host handle disable/enable commands from relayctl(8) correctly in case multiple redirect instances use the same host in relayd(8) tables.
Switched AF_ROUTE sockets to the new locking scheme.
Ignored universal ctags extended metadata in tagaddress, making mg(1) search patterns work again.
Made arc4random() depend on fewer subsystems by decoupling extract_entropy() from the enqueue_randomness() logic.
Made ssh-keyscan(1) host/banner comments go to stderr instead of stdout and added a -q flag to silence them.
Updated unbound to 1.20.0.
Enabled uvm percpu caches on sparc64.
Split ssh PerSourcePenalties address tracking to use separate tables and optionally different overflow policies, preventing misbehavior from IPv6 addresses from affecting IPv4 connections.
Added support for the AMD Platform Security Processor (PSP) to ccp(4).
Reworked rpki-client(8) trust anchor handling to prevent replay attacks where a man in the middle could supply valid TA certificates with outdated internet number resources.
Added ssh(1) ability to penalize problematic client behavior with penalties of increasing duration against the client'by enabling sshd_config(5) option PerSourcePenalties. PerSourcePenaltyExemptList can be used to specify certain address ranges to exempt from penalties.
Enabled hibernate/resume to nvme(4) disks with 4096 byte sectors.
Ensured concurrent calls to dequeue_randomness() will use some different events.
Added -fret-clean option (amd64 and i386 only at first) to the compiler, defaulting to off. This causes the caller to clean the return address off the stack after a callq completes.
Changed pledge, MAP_STACK and pinsyscall failures to use uprintf(9) rather than writing into dmesg(8).
Introduced dhcp6leased(8), a daemon to manage IPv6 prefix delegations.
Updated to xorgproto 2024.1.
Fixed sndiod(8) server.device entries disappearing when usb devices are unplugged while in use.
Fixed in-place decryption for EVP_chacha20_poly1305(), fixing hangs during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256.
Mapped MSI-X in addition to MSI and INTx on rge(4).
Switched AF_KEY sockets to the new locking scheme.
Used pathconfat(2) to compare mtimes for the pax(1) -u and -Z options when the target is "too old."
Turned sblock() to sb_lock rwlock(9) wrapper for all sockets. With this unification, sblock() should always be taken before solock() in all involved paths.
Added pathconfat(2): pathconf(2) but with at-fd and flags arguments, the latter supporting the ability to get timestamp resolution of symlinks.
Made rad(8) send source link-layer address option in router advertisements, preventing Apple devices from installing an unusable default route.
Fixed signal handling and locking in vio(4) sysctl path.
Ensured giving UTF-8 command line arguments to apropos(1) allows searching in UTF-8 and ISO-Latin-1 encoded manual pages if the mandoc.db(5) was built makewhatis -T utf8.
Ignored button events for the first ten seconds after resume to prevent some ACPI implementations from initiating a power down.
Prevented firmware panic when iwx(4) runs in monitor mode with addresses configured on the interface and leaving 11n/11ac mode directly for monitor mode.
Deleted the msyscall mechanism, now replaced by the stricter mimmutable+pinsyscalls.
Updated Mesa to 23.3.6.
Made spamd(8) advertise SMTPUTF8 and 8BITMIME extensions in EHLO, fixing potential interoperability issues when the real MTA supports those extensions.
Fixed a crash in sndiod(8) when the device is disconnected and the clients are not migrated to another device.