This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.4,
7.5,
current.
Changes made between OpenBSD 7.2 and 7.3
- Added rkpciephy(4), a driver for the PCIe 3.0 PHY found on the RK356x.
- Fixed a potential NULL dereference in the unpriv child expanding %{mda} in smtpd(8).
- Added dwpcie(4) code to bring up the PCIe controller on the RK356x.
- Bumped LibreSSL version to 3.7.2.
- Fixed a number of out of bounds reads in DNS response parsing.
- Made WEP encryption work on bwfm(4).
- Released OpenSSH 9.3.
- Made route(8) sourceaddr print the used addresses for inet and inet6, or "default" if no sourceaddr is set and the default algorithm is used.
- Fixed amdgpu(4) failing to init on Steam Deck after drm 6.1 update.
- Switched alpha to machine-independent boot blocks.
- Made rpki-client(8) filemode display the moment the signature path will expire and print details for .cer certificates.
- Extended bgpctl(8) show rib with new options "invalid" and "leaked." Extended bgplgd(8) to handle these options.
- Fixed usbpcap handler to properly detect overflows using TCHECK macros.
- Added "machine poweroff" command on luna88k bootloader.
- Added Kingston NV2 NVMe drive.
- Added rkcomphy(4), a driver for the "naneng" combo PHY found on the RK356x (and RK3588). Only PCIe, SATA and USB3 support are implemented.
- Enabled mvtemp(4) on armv7.
- Added the Armada 380 temperature sensor to mvtemp(4).
- Bumped bgpd(8) to version 7.8.
- Added new dt(4) ioctl DTIOCARGS to get the type of probe arguments.
- Implemented setting the parent clock for RK356x in rkclock(4).
- Compiled the bgpd(8) output filter rules into per peer filter rules, for a potential substantial speedup.
- Implemented ASPA support in bgpd(8) RTR.
- Added a workaround for Intel Braswell/Cherry Trail mwait hang.
- Improved bgpd(8) support for RFC9234.
- Improved vnet(4) to work better in busy conditions.
- Added a bpf(4) timeout (BIOCSWTIMEOUT) between capturing a packet and making the buffer readable, preventing for example pflogd(8) waking every half second even if there is nothing to read. By default this buffer is infinite and must be filled to become readable.
- Added a priority queue to clockintr(9).
- Stopped offering WEP in the installer if not supported.
- Avoided enabling TSO on interfaces which are already attached to a bridge.
- Switched loongson ramdisk to use installboot(8) -p.
- Added initial support in the installer for guided disk encryption for amd64, i386, riscv64 and sparc64.
- Added initialization code for RK356x in dwpcie(4) to prevent kernel hangs.
- Replaced broken UTF-8 logic in wscons(4) with a better one borrowed from Citrus.
- Switched all iwx(4) devices to -77 firmware images.
- Made iwx(4) get the primary channel number from AP beacon info, preventing problems on 40/80Mhz channels if there is a mismatch.
- Avoided trying to remove keys while doing crypto in hardware if the station is not active in iwx(4) firmware, fixing a firmware panic.
- Fixed iwx(4) session protection event duration.
- Added support for the new iwx(4) SCD_QUEUE_CONFIG command, required for adding/removing Tx queues on new firmware versions.
- Added support for the iwx(4) BAID allocation config command, required to set up Rx aggregation on new firmware.
- Added support for iwx(4) RLC config command, IWX_STA_MAC_DATA_API_S_VER_2 API, and PHY context cmd version 4.
- Added support for iwx(4) rate_n_flags API version 2 and removed fixed Tx rate support.
- Added support for iwx(4) TLC config command v4.
- Added support for iwx(4) firmware alive response version 6.
- Made rktemp(4) work on RK356x with U-Boot.
- Implemented rkpinctrl(4) support for explicit routing to use alternative pin muxings.
- Added ytphy(4), a driver for the MotorComm YT8511 PHY.
- Synced proc.c from vmd(8) to enabled fork + exec for all processes.
- Enforced a lower bound of 80 bits for ECDSA.
- Capped the number of iterations in DSA and ECDSA signing.
- Moved to 7.3-beta.
- Added polling to tipmic(4) driver when starting from a cold boot, fixing a hang on boot.
- Added execve(2) violations of pinsyscall(2) policy to the daily mail, available by setting rc.conf.local(5) accounting=YES.
- Made rpki-client(8) filemode print the certification path towards the Trust Anchor.
- Added mvortc(4), a driver for the RTC on the ARMADA 38x series.
- Added mvodog(4), a driver for the watchdog on the ARMADA 38x series.
- Added eephy(4), found on the Turris Omnia WAN port, to armv7.
- In mvneta(4), passed MII flags depending on the phy mode specified in the device tree, making the WAN port work on the Turris Omnia.
- Turned off TSO if interface is added to layer 2 devices.
- Added a kernel-facing API for clockintr(9).
- Added missing wscons(4) bounds checks when processing terminal escape sequences.
- Worked around an issue on the StarFive JH7100 SoC to make dwge(4) ethernet work reliably on the StarFive VisionFive 1 board.
- Added RK3588 support to rkclock(4) and rkpinctrl(4).
- In rkgpio(4), handled different register layouts in modern Rockchip SoCs as seen in the RK356x and RK3588.
- Unlocked select(2), pselect(2), poll(2), and ppoll(2).
- Changed luna88k to use the default bsd.prog.mk "install" target.
- Switched mips64 ld.lld(1) to execute-only.
- Disabled jump tables by default on sparc64 in preparation for default execute-only.
- Stopped holding the vm_map lock while flushing pages in msync(2) and madvise(2). Prevents a 3-thread deadlock between msync(2), page-fault and mmap(2).
- Removed dangerous user-settable "addr" variable from MI bootloader, only compiling tty-related code on platforms where it makes sense for the bootloader to control it.
- Made time(1) work correctly in the luna88k bootloader.
- Fixed ssh(1) progressmeter corruption on wide displays.
- Added lastcomm(1) reporting for process kills due to execve(2) from non-pinned syscall address
- Attached Apollo Lake HD Audio device to azalia(4), enabling audio.
- Made rpki-client(8) ensure there is no trailing garbage in signed objects.
- Fixed a possible freeze in execve(2) when a dual-cpu macppc started daemons during boot.
- Improved the default choice for the installer's install media disk question.
- Made pinsyscall(2) always available for pledged processes.
- Added psci(4) support for available deep idle states as advertised in device trees.
- Prevented potential panics by disallowing the iwx(4) init task from running in parallel to wakeup code during resume.
- Used pinsyscall(2) to tell the kernel the location of the execve stub in libc.so, so it must be called from that region in non-static binaries or else the process will be killed.
- Made the kernel validate the execve(2) libc stub location.
- Fixed MAC address register offsets in dwqe(4).
- Unlocked utrace(2).
- Added pinsyscall(2), to tell the kernel the location of the syscall stub in libc.so for a specified syscall.
- Relaxed kernel lock assertion within tsleep(9).
- Fixed a panic in pfsync(4) when there are no data ready for bulk transfer.
- Added GMAC-related RK356x clocks to rkclock(4).
- Corrected the order of arguments for shutdown(2) in slaacd(8), dhcpleased(8) and unwind(8).
- Updated perl(1) to 5.36.0.
- Fixed rsync(1) handling of port numbers in rsync://host[:port]/module URLS.
- Added -mpls to the route(8) monitor case.
- Added scmi(4), a driver for the ARM System Control and Management Interface.
- Added support for RK356x TSADC clocks to rkclock(4).
- Added dwqe(4), a driver for the Synopsis DesignWare Ethernet QoS controller used on the NXP i.MX8MP, the Rockchip RK35XX series and Intel Elkhart Lake.
- Added support for the Shenzhen Tangcheng Technology TCS4525 voltage regulator to fanpwr(4).
- Made efiboot fdt support device trees with NOPs in them (like the kernel version).
- Fixed an alignment issue in iwx(4) Rx descriptors.
- Ensured execute-only rules are applied to forked processes.
- Removed backwards compatible padded functions in the kernel.
- Made ls(1) work correctly in the luna88k bootloader.
- Added iked(8) support for configuring multiple name servers.
- Made tun(4) and tap(4) event filters MP-safe.
- Allowed ssh-keygen(1) and ssh-keyscan(1) to accept -0hashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection.
- Added an sshd(8) -G option that parses and prints the effective configuration without attempting to load private keys and perform other checks.
- Stopped the installer from asking to initialize disks that have softraid(4) chunks.
- Ensured there is a terminating newline when adding a new entry to ssh(1) known_hosts.
- Prevented an openssl(1) crash upon inspecting malformed PKCs7 files.
- Switched sparc64 to default --execute-only.
- Fixed arbitrary memory read in x509 GENERAL_NAME_cmp().
- Extended disklabel(8) template parsing to allow "[mount point] *" as the specification for putting the maximum available free space into a partition, and extended command line parsing to allow "T-" as the specification to read the template from stdin.
- Added a tmux(1) L modifier like P, W, S to loop over clients.
- Made vmd(8) scan the pci bus to determine bootorder strings.
- Prevented smtpd(8) abort due to a connection from a local, scoped ipv6 address.
- Made tcpdrop(8) accept netstat-style address.port syntax.
- Added -f to list-clients in tmux(1).
- Disallowed multiple consecutive line separators in tmux(1) menu.
- Extended display-message to work for control clients in tmux(1).
- Switched mips64 to default --execute-only.
- Made ld.bfd(1) default to --execute-only on mips64.
- Switched mips64 linker scripts to the templates that order .rodata before .text.
- Added ufshci(4), a driver for Universal Flash Storage (UFS) Host Controllers.
- Made ld.bfd(1) default to --execute-only on amd64.
- Set sncodec(4) and tascodec(4) default volume to -30dB instead of the hardware default of 0dB (maximum).
- Added sncodec(4), a driver for the TI SNO12776/TAS2764 digital amplifier.
- Added ASPA to bgplg(8).
- Added ASPA to bgplgd(8) FastCGI server.
- Made sparc64 ld.lld(1) --execute-only by default (but ld.lld(1) is not the default).
- Made --execute-only ld.lld(1) the default on powerpc.
- Fixed vlans on em(4) sparc64 systems.
- Denied "pipex no" tunnel setting for pppx(4) interfaces.
- Enabled i386 and alpha ld.so(1) execute-only text LOAD.
- Fixed resizing partitions on an auto-allocated disk that had a boot partition.
- Mitigated against classic BROP on systems without execute-only mmu hardware-enforcement.
- Added execute-only support for macppc G5.
- Enabled --execute-only ld.so(1) for powerpc.
- Reworked arm64 cpu_init_secondary() to allow use for both initial powerup and wakeup from deeper sleep states.
- Replaced selwakeup() with KNOTE() in pppac(4) and pppx(4).
- Added saving and restoring guest pkru to vmm(4).
- Stopped being paranoid about hypervisor correct PKU handling.
- Permitted --execute-only ld.lld(1) on powerpc, not as default.
- Switched powerpc ld.so(1) to --execute-only.
- Made it possible to set keyboard layout(s) on arm64's ramdisk.
- Permitted --execute-only ld.lld(1) on i386, not as default.
- Made --execute-only ld.lld(1) the default on powerpc64.
- Switched to use llvm-strip(1) on architectures that use ld.lld(1).
- Made ld.lld(1) --execute-only work on powerpc64.
- Fixed unbounded variable expansion in pkg-config(1).
- Switched armv7 gptimer(4) to clockintr(9).
- Implemented powerpc64 execute-only mappings by using the Virtual Page Class Key Protection mechanism provided by modern POWER CPUs.
- Permitted execute-only on ppc64 ld.lld(1), not as default.
- Fixed a crash in iwx(4) when connecting to WEP networks via ifconfig(8) join.
- Implemented bgpctl(8) "show rib avs invalid" to show all invalid ASPA paths.
- Hooked up the same USB device drivers as arm64/conf/GENERIC on riscv64 GENERIC and enabled access to usb(4), ugen(4), ulpt(4), ucom(4) and ujoy(4).
- Printed the ASPA validation state (avs) in various bgpctl(8) show rib outputs.
- Implemented ASPA validation and reload logic on ASPA set changes in bgpd(8).
- For execute-only, added a specific routine to fetch instructions from sparc64 userland when doing floating-point emulation.
- Matched unknown ATI display devices as amdgpu in fw_update(8).
- Made ptrace(2) use compatible with execute-only.
- Added Backtab key support to tmux(1)
- Adjusted vmd(8) error paths to avoid removal of configuration-defined (known) VMs on error.
- Enabled ld.lld(1) --exec-only by default on amd64.
- Improved qcrtc(4) RTC reliability.
- Added a flag to tmux(1) display-menu to select the menu item chosen first.
- Marked amd64 ld.so(1) execute-only.
- On amd64 cpu with the PKU feature, forced the PKU register to inhibit data read against PKU key1 memory on every exit from kernel to userland and abort the process on (some) traps into the kernel if the register is changed, offering execute-only functionality on most modern intel and AMD cpus.
- Made ppb(4) bus range available after detaching, fixing unplugging and replugging thunderbolt devices that were plugged in when the machine was booted.
- Revised arm64 implementation of pmap_protect(9) in preparation for execute-only support.
- Restricted vmm(4) exposed cpuid extended feature flags.
- Created and installed sshd(8) random relink kit.
- Added a sshd(8) -V (version) option.
- Disabled policy checks by default in the X.509 verifier.
- Made the installer skip interface configuration questions when no interfaces are available.
- Supported -1 without -N for list-keys in tmux(1).
- Removed the elansc(4) driver for AMD Elan SC520 System Controller.
- Added a configurable sshd_config(5) UnusedConnectionTimeout option to terminate client connections that have no open channels.
- Switched arm amptimer(4) and agtimer(4/armv7) to clockintr(9).
- Switched armv7 dmtimer(4) and sxitimer(4) to clockintr(9).
- In disklabel(8), used the size of the largest chunk of free space, not the total of all such chunks, when checking for sufficient space to add a partition.
- Changed arm64 suspend idle loop from WFE to WFI, avoiding spurious wakeups while other CPUs are still active.
- Changed vmd(8) to only open /dev/vmm once, having the parent process send the fd to the vmm child process.
- Added dwge(4) support for "enhanced descriptor" mode found on some variants of the Synopsys DesignWare GMAC.
- Changed the ld.lld(1) default to --execute-only on amd64 and sparc64.
- Created /dev/efi on amd64 and arm64.
- Implemented access to EFI variables ESRT through an ioctl(2) interface compatible with what FreeBSD and NetBSD have.
- Made amd64 cpuid recognize protection keys for supervisor mode (PKS).
- Fixed .wav files generated by aucat(1) by using extended header format.
- Added aspa-set to openbgpd config output in rpki-client(8), which can be disabled with the -A flag.
- Switched sparc64 to clockintr(9).
- Added a "Host" line to the output of ssh(1) -G showing the original host argument.
- Made tmux(1) recognize pasted texts wrapped in bracket paste sequences, rather than only forwarding to the program inside.
- Made "!" drop into a ksh(1) environment rather than the more limited sh(1) during install.
- Added signal as a full argument name for timeout(1) -s.
- Prevented possible kernel crashes by dropping TCP packets with destination port 0 in pf(4) and the stack.
- Added cursor back tab support to wscons(4) VT100 emulation.
- Added aixterm bright color sequences (SGR 90-97 and 100-107).
- Implemented execute-only mappings on sun4u.
- Added ld.so(1) linker scripts on m88k and sh.
- Prepared the mips64 (octeon, loongson) kernel to run --execute-only ld.so(1).
- Switched hppa, arm64 and riscv64 to --execute-only by default.
- Added ASPA validation functions to the bgpd(8) RDE.
- Enabled TLB read inhibit on OCTEON Plus and newer SoCs.
- Added mips64 TLB bypass for instruction emulation.
- Added MIPS64r2 TLB read inhibit support.
- Added retguard to amd64 syscalls.
- Prepared hppa ld.so(1) to support execute-only text.
- Switched luna88k boot loader to MI boot code.
- Fixed frame buffer corruption and additional bugs after wakeup on Apple Silicon laptops and the Lenovo x13s.
- Added short options for timeout(1) --foreground and --preserve-status.
- Hid the WAITPKG cpu feature from vmm(4) guests, preventing invalid instruction exceptions. Also added WAITPKG feature identification to i386 and amd64.
- Set the arm64 default for the machdep.lidaction sysctl(8) to 1.
- Implemented suspend on lid close for aplsmc(4).
- Generated "combreloc" scripts for the new ld.bfd(1) linker script template.
- Adopted a workaround for a bug in the ARM generic timer on the A64, disabling userland timecounter support on affected hardware pending a similar libc workaround.
- Prepared riscv64 ld.so(1) for execute-only.
- Adjusted hppa linker scripts to make it possible to make .text execute-only.
- Implemented --execute-only (and made --no-execute-only do the opposite) for ld.bfd(1) pending changes to the linker scripts.
- Made hppa assembly code avoid reads from .text and built C code using -fno-jump-tables to prepare it for execute-only.
- Made tmux(1) tty-keys accept \007 as terminator to OSC 10 or 11.
- Added thread names to vm processes in vmd(8).
- Added the audioctl(8) -w option to display variables periodically.
- Made ld.lld(1) accept --executable-only on aarch64, riscv64 and mips64.
- Made net80211 drop beacons received on secondary HT/VHT channels, preventing iwm(4) firmware panics and making association work with 11ac APs which transmit beacons on channels other than their primary.
- Made use of the PA-RISC architecture supporting execute-only mappings with a "remain at privilege level 3" gateway page.
- Removed copystr(9) from public API.
- Added an sshd_config(5) ChannelTimeouts directive that allows configurable channel inactivity timeouts.
- Ensured that the signal trampoline can be PROT_EXEC everywhere.
- Added a dummy --no-execute-only option to ld.bfd(1) for compatibility with ld.lld(1) architectures, useful for ports.
- Ensured pfctl(8) correctly adds addresses to the undefined/inactive
table.
- Suppressed sftp(1) "Connection closed" messages in quiet mode.
- Added a per eBGP session role to bgpd.conf(5).
- Made rpki-client(8) print RRDP Session ID and Serial in verbose mode.
- Disabled display backlights on Apple Silicon laptops when suspending in
gpiobl(4).
- Fixed the alpha check for BWX extensions, repairing operations on 21164
processors lacking BWX.
- Fixed a bug in ssh(1) PermitRemoteOpen where it ignored initial arguments other than "any" or "none."
- Used stoeplitz to generate a hash/flowid for pf(4) state keys.
- Changed df(1) to round up fractional percentages.
- Enabled aplpcie(4) power management for PCI devices.
- Updated drm(4) to linux 6.1.2.
- Updated libcbor to 0.10.0.
- Let luna88k's bootloader pass RB_GOODRANDOM to the kernel.
- Fixed bwfm(4) issues with suspend/resume and possible firmware crashes on the M2 Macbook Air.
- Added uftdi(4) support for FTDI FT232R.
- Implemented iostat(8) periodic display with setitimer(2).
- Implemented execute-only mappings in RISC-V.
- Provided a detailed e820 memory map when booting vmd(8) guests with SeaBIOS.
- Repaired ddb(4) input on macppc adb(4) machines.
- Made rc(8) reorder libraries in parallel to netstart(8), as this does not depend on network access.
- Added support for a personal units(1) library by passing -f multiple times.
- Made the USB ports work after a suspend/resume cycle on the x13s.
- Made .text (and .btext) execute-only on arm64.
- Enabled pcagpio(4) and pcamux(4), making the SFP port on the ClearFog Base (CN9130) work.
- Built libc with executable-only ELF .text segments on arm64.
- Implemented zero-copy operations on virtqueues in vmd(8).
- Added arm64 detection of EPAN feature bit.
- Avoided use of 1GB mappings
- Prevented an iwx(4) firmware error when authentication to the AP times out.
- Allowed configuration of interfaces by lladdr in the installer.
- Moved the flag mappings displayed by "route show" from netstat(1) to route(8).
- Implemented wakeup interrupt handling in agintc(4).
- Fixed a panic seen with rge(4) RTL8125 with MCLGETL.
- Added kdump(1) argument support for msyscall, pledge, unveil, __realpath, ypconnect and __tmpfd.
- Added mimmutable(2) and munmap(2) reporting to kdump(1).
- Prevented a possible crash when a ugen(4) device is detached.
- Added WTRAPPED option for waitid(2) to control whether CMD_TRAPPED state changes are reported.
- Prevented bioctl(8) -d detach of the boot volume.
- Stopped claiming nc(1) connection success in udp mode unless true.
- Encoded unexpected SANs before printing in acme-client(1).
- Disabled the keyboard on the Samsung Galaxy Book Go pending interrupt storm fix in qcgpio(4).
- Unlocked minherit(2).
- Added aplefuse(4), a driver for the eFuses on Apple Silicon SoCs.
- Corrected top(1) display of online CPUs.
- Added tmux(1) send-keys -K to handle keys directly as if typed.
- Prioritized lladdr over name/unit in hostname.if(5) processing.
- Added a -X option to scp(1) and sftp(1) to allow control over the SFTP copy buffer length and number of inflight requests.
- Fixed pfsync(4) crashing on pf_state_key removal.
- Made acme-client(1) use time checks which eliminate time-zone variation.
- Added rpki-client(8) -m flag to output a metrics file written in OpenMetrics format, as in bgpctl(8).
- Improved speed of access to the runtime clock for networking purposes such as in the tcp timer, where the clock should not advance while suspended.
- Added tipd(4), a driver fixing USB hotplug of type-C connectors on Apple Silicon hardware.
- Improved aplpmu(4) range check to protect against overflow.
- Bumped to LibreSSL 3.7.1.
- Began using evcount_percpu() with platform interrupt counters on octeon.
- Increased apliic(4) transfer completion timeout to 100ms to accommodate USB Type-C PD chips.
- Fixed handling of escaped backslashes in vi(1) ex_range.
- Switched alpha to clockintr(9).
- Mitigated Spectre-BHB by using core-specific trampoline vectors.
- Added detection for Spectre-BHB related CLRBHB, ECBHB and CSV2_3/HCXT feature bits.
- Added server debugging for hostbased ssh(1) authentication.
- Prevented a panic on macppc: vref used where vget required.
- Set bgpctl(8) to prefer CLOCK_MONOTONIC to gettimeofday(2) when measuring elapsed time.
- Set console output to the framebuffer on the Lenovo x13s.
- Worked around incomplete ACPI tables on the Lenovo x13s by loading the alternate device tree binaries from disk.
- Applied Spectre mitigations to libkern on amd64.
- Implemented support in aplpinctrl(4) for shared interrupts.
- Switched to clockintr(9) on hppa, m88k, luna88k, sh, landisk and i386.
- Added support for configuring hostname.if(5) by lladdr.
- Added support for the backlight connector property to amdgpu(4) as in inteldrm(4), making xbacklight(1) work when using the Xorg modesetting driver.
- Triggered a kevent when changing the backlight to allow Xorg drivers an opportunity to notice the update of the backlight connector property.
- Made aplaudio(4) calculate the bit clock based on numbers of channels, bytes/sample and sample rate.
- Modified the vmstat view in systat(1) to measure elapsed time using clock_gettime(2).
- Changed ld.so(1) to map certain regions of memory as immutable when loading shared libraries.
- Completed removing kernel lock from IPv6 read ioctls.
- Used shared socket/net lock for IP sockets.
- Unlocked getsockopt(2) and setsockopt(2).
- Added configtest for snmpd(8) to rc.d(8).
- Added uhidpp(4) support for the Unified Battery feature often found in newer Logitech HID++ hardware.
- Switched to clockintr(9) on powerpc, powerpc64 and macppc.
- Fixed booting bsd.rd from 7.2 or newer with vmd(8).
- Made rc(8) print the name of each library before relinking as a signal to the operator that boot has not stalled.
- Tightened the pledge(2) after ssh(1) session establishment.
- Added ssh_config(5) EnableEscapeCommandline option, controlling whether the -C escape is available (defaults to no).
- Implemented dwpcie(4) support for the (optional) MSI controller of the Synopsis Designware PCIe host bridge.
- Decreased netlock pressure in pppx(4), potentially increasing performance.
- Added arm64 lid_action sysctl(8) for aplsmc(4) Apple Silicon laptops.
- Added support for authenticating geofeed data CSV files in rpki-client(8) filemode.
- Added ifconfig(8) -M (mac) to find the mac address on an interface and print it.
- Disabled screen backlight with aplsmc(4) on Apple Silicon laptops when the lid is closed.
- Prevented an unwind(8) crash when a tcp query is larger than the length field indicated.
- Added pwmleds(4), a driver for PWM controlled LEDs.
- Protected interface tables in pf(4) with PF_LOCK(), allowing removal of NET_LOCK() protection from the ioctl(2) code path in pf.
- Copied apple-boot firmware to EFI system partition, enabling automatic bootloader updates on Apple Silicon computers.
- Improved mcx(4) performance by using interrupt-based command completion.
- Added aplpwm(4), a driver for the PWM controller found on Apple Silicon.
- Made aplhidev(4) wait for a reply when switching the touchpad into raw mode, preventing SMC crashes on machines with firmware from macOS 12.6.1.
- Fixed the DIOCIGETIFACES ioctl so all network interfaces and interface groups are reported in pfctl(8).
- Switched riscv64, mips64, loongson and octeon to clockintr(9).
- Wired up HMAC to raw private key methods for Ruby's OpenSSL gem.
- Fixed ed(1) to print bytes read/written and the ? prompt to stdout, not stderr.
- Began implementing ASPA support in bgpd(8).
Placed mutexes after struct vm_map fields inspected bylibkvm and procmap(8).
- Aded rpki-client(8) shortlist functionality, companion to skiplist, which will connect only to the hosts specified when using -H at least once, followed by FQDN.
- Prevented Ed25519 signature malleability in accordance with RFC 8032.
- Added restrictions to the input getaddrinfo(3) will attempt to resolve.
- Added apple-boot firmware for Apple arm64 machines in fw_update(8) patterns.
- Unlocked SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and SIOCGIFGLIST.
- Updated NSD to 4.6.1.
- Fixed delays with mips64 clock due to missing clock trigger on loongson.
- Relaxed the list of interfaces supporting IPv6 to allow non-multicast interfaces to support IPv6.
- Increased the size of amd64 EFI partition to accommodate newer x86 firmware updating methods.
- Preserved original order of nameservers written resolv.conf(5) in resolvd(8).
- Ensured installboot(8) correctly warns on offline softraid(4) data chunks.
- Fixed pmap(9) bugs involving entering an executable mapping for a page before synchronizing the data and instruction cache on arm64 and riscv64.
- Removed the legacy interactive mode from openssl(1).
- Moved pf(4) purge tasks out from under the kernel lock.
- Added icc(4), a driver to handle Customer Control keyboards attached to an i2c bus.
- Added a mutex to pf(4) pf_state.
- Handled ssh(1) dynamic remote port forwarding in escape commandline's -R processing.
- Bumped LibreSSL to 3.7.
- Ported EVP raw key API from OpenSSL to deal with Curve25519 based keys.
- Added suspend/resume support to control the power domain to aplsart(4).
- Added qcpdc(4), a driver for the Qualcomm Power Domain controller found on Qualcomm SoCs.
- Made the power button function as a wakeup button during suspend in aplsmc(4).
- Put CPUs in the lowest P-state before the final suspend step, needed for systems where we park CPUs in a low-power idle state ourselves.
- Cleaned up multiple devices from retired architectures.
- Changed the default procmap(1) output to -a format.
- Added support for per-cpu event counters, to be used for clock and IPI counters where the event counted occurs across all CPUs in the system.
- Hooked up gpiobl(4) to the screen burner instead of wsdisplay(4) brightness control, allowing automatic screen blanking with X and wscons(4) once wsfb(4) is fixed.
- Allowed IPPROTO_TCP:TCP_NODELAY in pledge(2) "stdio".
- Added qcpwm(4), a driver for the PWM found on Qualcomm SoCs.
- Implemented wakeup interrupt support in aplintc(4).
- Prevented acme-client(1) from leaking an http get request when receiving a redirect without a location header.
- Made rpki-client(8) error out upon receipt of an ROA payload with too many ipAddrBlocks.
- Added suspend/resume support to aplns(4).
- Adjusted ipv6 address width to allow aligned display in ndp(8), route(8) and netstat(1) as already available in systat(1)'s netstat.
- Made vmm(4) treat vcpu lists as immutable, removing the need to reference count individual vcpu objects and use a rwlock.
- Used stravis(3) to sanitize redirect URIs from ftp(1) fetch before printing.
- Reworked BoringSSL ED25519 API to conform to RFC and align with OpenSSL API and X25519 API.
- Made aplpmgr(4) work as a reset controller.
- Added display of the MPLS label of an L3VPN route in bgpctl(8) show fib output.
- Marked sched_yield(2) as NOLOCK.
- Translated Fn+(1-10,-,=) keys to F1-F12 on M1 laptops with touchbars.
- Made aplhidev(4) recognize M1 laptops with touchbars.
- Added qcrtc(4), a driver for the RTC found on Qualcomm PMICs.
- Added qcpon(4), a driver for the Qualcomm PMIC block that hosts the powerkey and reset input.
- Added qcpmicgpio(4), a driver for the GPIO block inside the Qualcomm PMICs.
- Added qcpmic(4), a driver for the SPMI-connected PMICs found on Qualcomm SoCs.
- Added qcspmi(4), a driver for the SPMI PMIC Arbiter found on Qualcomm SoCs.
- Increased speed of delivery of interrupts to a running vcpu in vmm(4).
- Allowed KERN_AUTOCONF_SERIAL sysctl(8) in processes under a pledge(2).
- Added gpiobl(4), a driver for gpio controlled display backlights, to allow screen shutoff for Apple Silicon laptops until a proper display controller driver is implemented.
- Implemented alternative mailbox handling mechanism required by newer bwfm(4) firmware.
- Removed locking in vmm(4) vmm_intr_pending, reducing slowdowns due to requests for a lock held while the VM is running.
- Switched amd64 and arm64 to the clockintr(9) subsystem.
- Extended arm64 suspend/resume to include support for parking CPUs in a WFE/WFI loop.
- Made installboot skip softraid(4) keydisks silently.
- Switched libressl to use BoringSSL's date conversion scheme.
- Marked mmap(2), munmap(2), and mprotect(2) as NOLOCK.
- Fixed tmux(1) C-S-Tab without extended keys.
- Added support for the PCIe controller on the Qualcomm SC8280XP to dwpcie(4).
- Implemented the "halt" IPI in aplintc(4).
- Introduced a new kern.autoconf_serial sysctl(8) that can be used by userland to monitor state changes of the kernel device tree.
- Set vmm(4) RAX guest register state based on VMCB.
- Modified TCP receive buffer size auto-scaling to use the smoothed RTT (SRTT) instead of the timestamp option, which improves performance on high latency networks if the timestamp option isn't available.
- Set up logger(1) traps earlier to ensure kernel relinking does not fail silently without log trace when /usr is mounted read-only.
- Fixed ssh-keygen(1) parsing of hex cert expiry time.
- Allocated reference for vm and vcpu SLISTs in vmm(4), keeping vmm from triggering excessive wakeup calls while iterating through the list of vms while servicing an ioctl(2).
- Enabled em(4) IPv4, TCP and UDP checksum offloading and VLAN HW tagging for 82575, 82576, i350 and i210.
- Enabled Ed25519 internal to libcrypto.
- Added FDT-based attachment for qcgpio(4) and qciic(4).
- Made /dev/pf a clonable device.
- Changed character drawing depth when "pseudo" framebuffer depth is changed on luna88k.
- Added qcdwusb(4), a driver controlling the interface logic for the Synopsis DesignWare USB 3.0 controller found on various Qualcomm Snapdragon SoCs.
- Disabled smmu(4) for the Qualcomm SC8280XP on FDT attachment as on ACPI.
- Mark TEXTREL binaries immutable after text relocations complete.
- Mark library RELRO sections immutable after final PROT_READ.
- Made octeon ramdisk installer use installboot(8) -p.
- Made static TEXTREL binaries perform the mimmutable(2) operations themselves since a loader may want to perform text relocations inside mprotect permission flips.
- Added mount_nfs(8) to the sparc64 installer, to fetch sets over NFS.
- Introduced clockintr(9), a machine-independent clock interrupt controller.
- Made the /var/run/ld.so.hints file mapping immutable.
- Taught ld.so(1) how to call the mimmutable(2) system call.
- Added powerpc64 userspace timecounting support.
- Made the kernel skip immutability of all non-writable memory segments for TEXTREL binaries. crt0 and ld.so(1) will call mimmutable(2) later.
- Made azalia(4) match on Intel 500 Series HD Audio.
- Intalled a fault handler for amd64 EFI firmware.
- Flushed memory writes before remote sfence.vma in riscv64 pmap.
- Enabled smbios0 on arm64 ramdisk to provide the correct hw.version info to the code mitigating crashes on the x13s.
- Constrained KeyUsage and ExtendedKeyUsage on both CA and EE certificates in rpki-client(8).
- Changed riscv64 pmap to flush writes before remote sfence.vma to prevent some crashes on Unmatched machines.
- Fixed a tmux(1) crash when there are no window buffers.
- Added a -l flag to tmux(1) display-message to disable format expansion.
- Implemented RFC 9323 (A Profile for RPKI Signed Checkists) support in rpki-client(8).
- Changed tmux(1) to only set the extended flag when searching, which allows send-keys to work.
- Added modified tab key sequences to tmux(1).
- Updated vmm(4) to allow guests to read MSR_HWCR and MSR_PSTATEDEF, which is necessary to determine the TSC frequency on AMD families 17h and 19h.
- Updated timezone information to 2022fgtz.
- Removed unfinished user accounting from vmd(8).
- Stopped attaching to the multiport USB controller on Lenovo X13s machines since it leads to hard resets.
- Improved ssh-keyscan(1) to accept CIDR address ranges for targets to scan.
- Updated libexpat to 2.5.0.
- Limited display of wireguard peers by ifconfig(8) to when either a wireguard interface is specified or the flag "-A" is used.
- Implemented the waitid(2) system call which is now part of POSIX and used by Mozilla.
- Increased ssh(1) paranoia when dealing with host/domain names coming from the resolver by refusing to follow CNAMEs with invalid characters and never writing a name with bad characters to a known_hosts file.
- Improved scp(1) handling of globbing when using the SFTP protocol for transport.
- Stopped netstart(8) from waiting for autoconf during a dry-run (-n).
- Made sure apldma(4) driver is attached before allocating a channel. Prevents a crash on M2 Macbook Air.
- Introduced pijuice(4), an apm/sensor driver for the PiJuice HAT UPS.
- Bumped tsleep timeout for bwfm(4) PCI devices to help prevent failures loading firmware, particularly on Apple M2 laptops.
- Synced pbuild class for powerpc64 and riscv64 to amd64 and arm64, increasing to 8G.
- Added support to gunzip(1) for zip files that contain a single member.
- Bumped pbuild's login.conf datasize-cur to 8G on arm64.
- Added hw.power, machdep.lidaction, and machdep.pwraction support for macppc.
- Allowed changing of immutable RW regions to R for recent chrome renderers.
- Made the read-only relro portion of static binaries mimmutable(2).
- Adapted sigaltstack(2) to work on mimmutable regions allowing the stack to be marked immutable again.
- Automatically marked immutable certain regions in program and ld.so(1) LOADs.
- Added hooks to disable and enable GPIO interrupts.
- Added support for the Rockchip RK3568 processor.
- Added zap-to-char and zap-up-to-char to mg(1). Bound zap-to-char to M-z.
- Stopped attempting to use EFI runtime services on UEFI versions before 2.1.
- Updated base libz to 1.2.13.
- Updated unbound(8) to 1.17.0.
- Excluded /tmp/*.shm files from /tmp cleaning in daily(8). Removing them interferes with programs that use shm_open(3).
- Dropped support for $rc_exec in rc.subr(8). The rc_exec function should be used instead.
- Added support for the DS1339 RTC as found on the PiJuice.
- Initialized last_updown in bgpd(8) so that it is reported correctly for peers that never managed to establish a connection.
- Fixed misidentification of mpii(4) RAID 1E.
- Implemented uncached mapping on the StarFive JH7100 SoC.
- Converted more RTC drivers to use todr_attach(). Quality of the RTC is set such that "discrete" RTC chips are preferred over RTCs integrated on a SoC.
- Fixed ofwboot OpenFirmware "map" call. This fixed booting on some sparc64 machines.
- Fixed a potential crypto(3) divide by zero in BIO_dump_indent_cb().
- Fixed crypto(3) ASN.1 indefinite length encoding.
- Implemented openmetric output via the bgpctl(8) show metric command.
- Preserved the marked pane when renumbering windows in tmux(1).
- Improved the clickpad/touchpad detection in hidmt.
- Fixed a bug in the initialization mechanism of wsmouse(4).
- Went back to the old approach to sigaltstack(2) but added checks for assuring it is a non-syscall region and protection needing to be exactly RW besides the existing placement in a new anonymous mapping.
- Converted the remaining I2C RTC drivers to use todr_attach().
- Implemented the RFC 8781 PREF64 router advertisement option in rad(8).
- Added passing of boot device information from the bootloader to the kernel on luna88k.
- Fixed a crash when using virtio(4) with agintc(4) by properly implementing LPI interrupts.
- Added support for the RK3568 PCIe controller to dwpcie(4).
- Implemented support for message based interrupts on arm64.
- Added client certificate authentication and an optional SASL EXTERNAL bind to ypldap(8).
- Allowed assigning a quality number to RTC implementations so the "best" RTC can be chosen if a system has more than one.
- Had the kernel inform the user if the disklabel(5) is obsolete.
- Added support for the Rockchip RK817 PMIC.
- Restored recalculation of the checksum of normalized packets in pf(4).
- Fixed memory leak in the error path of cdio(1).
- Added support for the Rockchip RK3566/RK3568 SoCs.
- Added support for newlines inside the alternative names block in acme-client.conf.
- Added support for Qualcomm SoCs to sdhc(4).
- Marked the signal trampoline and timekeep regions immutable at execve(2) time.
- Added support for the Wacom One M CTL-672 tablet to uwacom(4).
- Added support for showing the entry immutable bit to procmap(1).
- Added a mimmutable(2) stub to libc and cranked the minor revision.
- Added support for the new "openbsd.mutable" section to ld.bfd(1), ld.lld(1), readelf(1), and objdump(1).
- Added the new mimmutable(2) system call, which locks the permissions (PROT_*) of memory mappings so they cannot be changed by later mmap(2), mprotect(2), or munmap(2) calls, which will error with EPERM instead.
- Added identifiers for the new "mutable bss" ELF section.
- Fixed sparc64's ofwboot.net after it was broken by the last libz update.
- Made ssh(1) honor the user's umask if it is more restrictive than the ssh default.
- Increased the number of vdsp(4) devices created by default on sparc64 to 24.
- Made ldomctl(8) accept more descriptive name-based paths in addition to number-based paths in ldom.conf(5).
- Made installboot(8) skip softraid(4) keydisks.
- Switched tftpd(8) to default to read-only unless -w is specified for write access (the previous default).
- Enabled the Data Independent Timing feature in both the kernel and userland on arm64 CPUs that support it to mitigate timing side-channel attacks.
- Stopped printing the prompt for non-interactive usage of tftp(1).
- Changed rarpd(8) to only unveil /tftpboot if -t is specified.
- Added support for a clean shutdown with the power button to dapmic(4).
- Kept system calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9).
- Enabled use of absolute paths starting with /usr/share/zoneinfo while still rejecting other absolute paths for TZ.
- Removed "config file" support from makesyscalls.sh since it was only used for long-removed compat layers.
- Fixed incorrect range check for size in setvbuf(3).
- Fixed memory corruptions with sysv semaphores due to sleeps in copyin(9), copyout(9), and malloc(8).
- Added scroll-top and scroll-bottom tmux(1) commands to scroll so cursor is at the top or bottom respectively.
- Added a -T flag to tmux(1) capture-pane to capture up to the last used cell and not the full width of the pane.
- Changed use of here documents in install.sub to eliminate the need for escaping and improve readability.
- Moved to 7.2-current.