-
Notifications
You must be signed in to change notification settings - Fork 42
/
71.html
1707 lines (1607 loc) · 84.8 KB
/
71.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!doctype html>
<html lang=en id=release>
<head>
<meta charset=utf-8>
<title>OpenBSD 7.1</title>
<meta name="description" content="OpenBSD 7.1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/71.html">
</head><body>
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.1
</h2>
<table>
<tr>
<td>
<a href="images/TheGreatWaveOffCalgary.png">
<img width="227" height="303" src="images/TheGreatWaveOffCalgary-s.gif" alt="The Great Wave off Calgary"></a>
<td>
Released Apr 21, 2022. (52nd OpenBSD release)<br>
Copyright 1997-2022, Theo de Raadt.<br>
<br>
Artwork by Luc Houweling.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/7.1/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata71.html">the 7.1 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus71.html">detailed log of changes</a> between the
7.0 and 7.1 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-71-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/7.1/openbsd-71-base.pub">
RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5</a>
<tr><td>
openbsd-71-fw.pub:
<td>
RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v
<tr><td>
openbsd-71-pkg.pub:
<td>
RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V
<tr><td>
openbsd-71-syspatch.pub:
<td>
RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 7.1.
For a comprehensive list, see the <a href="plus71.html">changelog</a> leading
to 7.1.
<ul>
<li>New/extended platforms:
<ul>
<li>Support for Apple Silicon Macs has improved and is ready for general use:
<ul>
<li>Added <a href="https://man.openbsd.org/aplspi.4">aplspi(4)</a>, a driver for the SPI controller found on the Apple M1 SoC.
<li>Added <a href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a> support for the keyboard/touchpad on Apple M1 laptops.
<li>Introduced <a href="https://man.openbsd.org/aplpmgr.4">aplpmgr(4)</a>, a driver for the power management controller found on Apple SoCs.
<li>Introduced <a href="https://man.openbsd.org/aplmbox.4">aplmbox(4)</a>, a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs.
<li>Introduced <a href="https://man.openbsd.org/apliic.4">apliic(4)</a>, a driver for the I2C controller found on Apple SoCs.
<li>Added the chip ids used on Apple M1 Pro/Max and Apple T2 Macs to <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
<li>Rewrote arm64 kernel FPU handling code to fix the random crashes seen with SMP kernels on Apple M1.
<li>Restricted the <a href="https://man.openbsd.org/pci.4">pci(4)</a> ioctl interface to devices detected by the kernel, preventing Xorg PCI probes from breaking the WiFi chip on M1 macs.
<li>Introduced <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>, a driver for the SMC found on Apple M1 SoCs.
<li>Introduced <a href="https://man.openbsd.org/aplnco.4">aplnco(4)</a>, a driver for the Numerically-controlled oscillator (NCO) clock which drives the audio clocks on Apple silicon.
<li>Introduced <a href="https://man.openbsd.org/tascodec.4">tascodec(4)</a>, a driver for the TI TAS2770/TAS5770 digital audio amplifier codec found on Apple M1 Macs.
<li>Introduced <a href="https://man.openbsd.org/apldma.4">apldma(4)</a>, a driver for the DMA controller found on Apple SoCs.
<li>Added support to explicitly power on some PCIe devices on the M1 and M1 Pro/Max through a GPIO controlled by the SMC.
<li>Added <a href="https://man.openbsd.org/aplcpu.4">aplcpu(4)</a>, a driver to control the CPU performance levels on Apple SoCs.
<li>Modified <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> to support a newer interrupt controller, making OpenBSD run on M1 Pro/Max machines.
<li>Added nvmem support to <a href="https://man.openbsd.org/aplpmu.4">aplpmu(4)</a> and made it available on Apple SPMI PMUs.
<li>Added RTC support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
<li>Made the arm64 ramdisk installer fetch <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> firmware from the EFI System Partition on Apple Silicon devices for use during installation and addition to the newly installed system.
<li>Added support for controlling keyboard LEDs to <a
href="https://man.openbsd.org/aplhidev.4">aplhidev(4)</a>.
<li>Added basic GPIO support to <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
<li>Ensured <a href="https://man.openbsd.org/apldart.4">apldart(4)</a> keeps the DART enabled in front of the display controller to preserve its access to the framebuffer and continued display.
<li>Fixed reading motherboard time on Apple machines with old SMC firmware.
<li>Implemented reboot/powerdown support in <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a>.
<li>Implemented <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a> support for multiple dies, making OpenBSD work on the M1 Ultra.
</ul>
<li>Support for other <a href="arm64.html">arm64</a> architecture hardware was also improved with the following changes:
<ul>
<li>Introduced <a
href="https://man.openbsd.org/gpiocharger.4">gpiocharger(4)</a>, a
driver providing support for battery chargers connected to GPIO pins,
such as those found on the Pinebook Pro.
<li>Introduced <a
href="https://man.openbsd.org/gpioleds.4">gpioleds(4)</a> for arm64, a
driver providing support for LEDs connected to GPIO pins, such as
those found on the Pinebook Pro.
<li>Added <a href="https://man.openbsd.org/gpiokeys.4">gpiokeys(4)</a>
for arm64, a driver which handles events triggered by GPIO keys such
as lid status and power button.
<li>Added pclk clock used by <a
href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> on RK3399 to <a
href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
<li>Introduced <a
href="https://man.openbsd.org/mpfclock.4">mpfclock(4)</a>, a driver
for the PolarFire SoC MSS clock controller.
<li>Introduced <a
href="https://man.openbsd.org/cdsdhc.4">cdsdhc(4)</a>, a driver for
the Cadence SD/SDIO/eMMC host controller.
<li>Introduced <a
href="https://man.openbsd.org/mpfiic.4">mpfiic(4)</a>, a driver for
the PolarFire SoC MSS I2C controller.
<li>Introduced <a
href="https://man.openbsd.org/mpfgpio.4">mpfgpio(4)</a>, a driver for
the PolarFire SoC MSS GPIO controller.
<li>Enabled <a href="https://man.openbsd.org/cduart.4">cduart(4)</a>
on arm64.
<li>Added <a
href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a> support
for the CP115 block found on Marvell CN9K SoCs.
<li>Added <a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>
support for the AP807 block found on Marvell CN9K SoCs.
</ul>
<li>Changes on other architectures:
<ul>
<li>Enabled <a href="https://man.openbsd.org/uhid.4">uhid(4)</a>/<a
href="https://man.openbsd.org/fido.4">fido(4)</a> on riscv64.
<li>Allowed riscv64 installation on a disk with a GPT.
<li>Added missing locking to <a
href="https://man.openbsd.org/pmap_extract.9">pmap_extract(9)</a> and
<a href="https://man.openbsd.org/pmap_unwire.9">pmap_unwire(9)</a> on
arm64 and riscv64.
<li>Improved stack unwinding on riscv64 in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Fixed kernel stack alignment on riscv64.
<li>Fixed RISC-V lld link code when dealing with object files created with "ld -b".
<li>Made sure nothing can map address zero on RISC-V.
<li>Made sure armv7,arm64 and risc-v FDT bootloader code does not write beyond the FDT data structure.
<li>Fixed booting from an IDE block device on the Sun Blade 100.
<li>Fixed <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> console colors on sparc64.
<li>Enabled <a href="https://man.openbsd.org/dt.4">dt(4)</a> on
macppc.
<li>Increased <a href="https://man.openbsd.org/ddb.1">ddb(1)</a>
access to registers on macppc and powerpc64.
<li>Enabled enforcing of RLIMIT_MEMLOCK on powerpc64.
<li>Allowed <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> trace
through interrupt on macppc.
</ul>
</ul>
<li>Various kernel improvements:
<ul>
<li>Made futexes work in shared anonymous memory.
<li>Improved tracking of mbuf memory usage in the whole system.
<li>Switched to using long filenames by default with <a
href="https://man.openbsd.org/mount_msdos.8">mount_msdos(8)</a>.
<li>Fixed memory leak in <a
href="https://man.openbsd.org/fuse.4">fuse(4)</a> when calling <a
href="https://man.openbsd.org/namei.9">namei(9)</a>.
<li>Fixed establishing legacy INTx interrupts on machines without a
(usable) MSI interrupt controller.
<li>Cleaned up irrelevant uses of 3rd mode_t parameter for <a
href="https://man.openbsd.org/open.2">open(2)</a>/<a
href="https://man.openbsd.org/openat.2">openat(2)</a>, unused when not
creating files.
<li>Reworked garbage collector for <a
href="https://man.openbsd.org/unix.4">unix(4)</a> sockets to prevent
potential kernel panics.
<li>Changed the power management <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>
hw.perfpolicy to "auto" at startup, defaulting to 100%
performance with AC power connected and using the auto algorithm when
on battery.
<li>Aligned memory allocation for USB device drivers and USB HC
drivers, enlarging the USB memory pool.
<li>Prevent panic in <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> while
rebooting if softraid has been disabled.
<li>Fixed hibernate setups where removal of a <a
href="https://man.openbsd.org/umass.4">umass(4)</a> device results in
a renumbered <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> boot device.
<li>Fix hibernate on newer hardware by allowing more memory ranges.
<li>If CPU sleep state S4 is not available, use S5 for the
ACPI-transitions in hibernate support.
<li>Added code to update hw.power whenever AC state changes on
resume.
<li>Fixed a panic by prohibiting renames of tmpfs mount-points.
<li>Fixed double free after allocation failure in <a
href="https://man.openbsd.org/bpf.4">bpf(4)</a>.
</ul>
<li>SMP Improvements
<ul>
<li>Made pipe event filters MP-safe.
<li>Set klist lock for sockets to make socket event filters MP-safe.
<li>Implemented <a href="https://man.openbsd.org/poll.2">poll(2)</a>,
<a href="https://man.openbsd.org/select.2">select(2)</a>, <a
href="https://man.openbsd.org/ppoll.2">ppoll(2)</a> and <a
href="https://man.openbsd.org/pselect.2">pselect(2)</a> on top of
kqueue.
<li>Unlocked top part of UVM fault handler on mips64.
<li>Unlocked the <a href="https://man.openbsd.org/kevent.2">kevent(2)</a> system call.
<li>Made the kqread event filter MP-safe.
<li>Reduced the time overhead of <a
href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>-based <a
href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
href="https://man.openbsd.org/select.2">select(2)</a> systems calls by
keeping knotes between the system calls.
<li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a>
and <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>
syscalls.
<li>Prevented <a
href="https://man.openbsd.org/select.2">select(2)</a> from blocking if
registering found pending events.
<li>Protected <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>
input and output with the kernel lock to allow forwarding of non-ipsec
traffic in parallel.
<li>Unlocked the bottom part of the uvm fault handler.
<li>Unlocked <a href="https://man.openbsd.org/getpeername.2">getpeername(2)</a>.
<li>Made <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> MP-safe.
<li>Implemented the <a
href="https://man.openbsd.org/poll.2">poll(2)</a> system call on top
of the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>
subsystem, obsoleting the old, non-MP-safe poll backend.
<li>Made <a href="https://man.openbsd.org/audio.4">audio(4)</a> event filters MP-safe.
<li>Unlocked <a href="https://man.openbsd.org/getsockname.2">getsockname(2)</a>.
<li>Added kernel interfaces for atomic load and store functions for int and long to be used in reference counted struct members.
</ul>
<li>Direct Rendering Manager
<ul>
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a>
to Linux 5.15.26
<li><a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>:
support for Elkhart Lake, Jasper Lake, Rocket Lake
<li><a href="https://man.openbsd.org/drm.4">amdgpu(4)</a>:
support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU,
Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish",
Navi 24 "Beige Goby"
</ul>
<li>VMM/VMD improvements
<ul>
<li>Retired <a href="https://man.openbsd.org/OpenBSD-7.0/switch.4">
switch(4)</a> support in <a href="https://man.openbsd.org/vmd.8">
vmd(8)</a>.
<li>Fixed a bug where <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
would exit when requesting a new VM and hitting memory resource
limits.
<li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> state
corruption on Intel hosts.
<li>Fixed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> cpuid leaf
clamping when the host has an invariant TSC.
<li>Added quiesce/wakeup hooks to <a href="https://man.openbsd.org/vmm.4">
vmm(4)</a> allowing Intel hosts to suspend and hibernate safely with
running guests.
<li>Added a new login class for <a href="https://man.openbsd.org/vmd.8">
vmd(8)</a> on amd64.
<li>Fixed broken <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>
"boot device cdrom" feature after a fix in seabios.
<li>Reintroduced support for <a
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> <code>start -B net
-b bsd.rd</code>, which emulates a PXE boot and performs an
autoinstall.
<li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> <a
href="https://man.openbsd.org/dt.4">dt(4)</a> tracepoints amd64-only.
</ul>
<li>Various new userland features:
<ul>
<li>Added <a
href="https://man.openbsd.org/realpath.1">realpath(1)</a>, a wrapper
for <a href="https://man.openbsd.org/realpath.3">realpath(3)</a> for
use in ports.
<li>Added <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> "ls
rogue" to show daemons which are running but not set as "enabled" in
<a href="https://man.openbsd.org/rc.conf.local.8">rc.conf.local(8)</a>.
<li>Implemented probe variables in BPFtrace (<a
href="https://man.openbsd.org/bt.5">bt(5)</a>).
<li>Provided common <a
href="https://man.openbsd.org/btrace.8">btrace(8)</a> scripts
kprofile.bt (to save kernel stackframes and produce flamegraphs) and
runqlat.bt (to measure the latency of the scheduler runqueues).
<li>DNSSEC support: Implemented RFC6840 (AD flag processing) in the libc resolver, if
using trusted name servers specified with 'trust-ad' in <a
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
<li>Enabled support for displaying an estimated battery recharge time
in <a href="https://man.openbsd.org/apm.8">apm(8)</a> and <a
href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
<li>Introduced support for storing capability databases in
/etc/login.conf.d, allowing easy addition of custom login classes from
packages and made <a
href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> look for the login
class in both login.conf and login.conf.d/${class}.
<li>Added a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
cache of regions between 128k and 2M to accommodate programs
allocating and deallocating regions of these sizes quickly.
<li>Added <a href="https://man.openbsd.org/pax.1">pax(1)</a> support
for mtime/atime/ctime extended headers (in not-SMALL builds).
<li>Added -k flag to <a
href="https://man.openbsd.org/gzip.1">gzip(1)</a> and <a
href="https://man.openbsd.org/gunzip.1">gunzip(1)</a> to retain
(de)compressed file.
<li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --compare-dest, allowing specification of additional directories to check for files to be available.
<li>Implemented <a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a> --max-size and --min-size.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>Reliability and performance of
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>:
fixed a bug which resulted in a "XXX" warning for
"shouldn't ever happen" situations in a scenario that
was actually harmless.
Also, massive improvement of performances in scenarios like
texlive updates, by reducing filesystem names churn when
updated files didn't change.
<li>Enabled subpixel rendering in FreeType.
<li>Updated xorg-server to 21.1.3, leaving in place an earlier change
to compute the screen resolution from dimensions returned by the
screen, reverted by upstream.
<li>Allowed bare numbers for key and mouse bindings in <a
href="https://man.openbsd.org/cwm.1">cwm(1)</a>.
<li>Added a <a href="https://man.openbsd.org/cwm.1">cwm(1)</a>
"group-last" command that shows only the previously active group.
<li>Fixed glass console and <a href="https://man.openbsd.org/getty.8">getty(8)</a> interference with Xorg on arm64.
<li>Fixed octal escape parsing in <a
href="https://man.openbsd.org/tr.1">tr(1)</a> backslash().
<li>Added <a href="https://man.openbsd.org/uniq.1">uniq(1)</a>
support for arbitrarily long input lines.
<li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> ignore
trailing newlines when comparing lines.
<li>Made <a href="https://man.openbsd.org/uniq.1">uniq(1)</a> skip()
each input line only once, improving performance.
<li>Increased <a href="https://man.openbsd.org/tee.1">tee(1)</a> I/O
buffer size from 8KB to 64KB.
<li>Improved performance of <a
href="https://man.openbsd.org/rev.1">rev(1)</a>.
<li>Made <a href="https://man.openbsd.org/ed.1">ed(1)</a> flush all
stdio streams before running a shell command.
<li>Prevented a file descriptor leak in <a
href="https://man.openbsd.org/touch.1">touch(1)</a> after <a
href="https://man.openbsd.org/futimens.2">futimens(2)</a> failure.
<li>Added <a href="https://man.openbsd.org/seq.1">seq(1)</a>, a
command to print sequences of numbers.
<li>Set cpuspeed to 0 in <a
href="https://man.openbsd.org/apm.8">apm(8)</a> when hw.cpuspeed
cannot be retrieved.
<li>Copied the <a href="https://man.openbsd.org/cos.3">cos(3)</a>
cosine software implementation from FreeBSD-13, and disabled assembly
implementations of trig functions on x86 platforms.
<li>Added optimization for tiny x in <a
href="https://man.openbsd.org/cos.3">cos(3)</a> and <a
href="https://man.openbsd.org/sin.3">sin(3)</a> trigonometry
functions.
<li>Switched <a href="https://man.openbsd.org/aucat.1">aucat(1)</a>
internal sample representation and default file encoding to 24-bit.
<li>Switched <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
internal sample representation to 24-bit fixed point.
<li>Allowed passing a different signal than SIGTERM in the default
rc_stop() function in <a
href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>.
<li>Improved and simplified timer handling in <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> "stop" and "reload".
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
-b available on all architectures.
<li>Removed the constraint that <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b block
count and block offset must be greater than 63.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b
partitions other than EFI System partitions DOSACTIVE.
<li>Switched to using <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -b to create boot
partitions on multiple architectures.
<li>Removed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
"disk" editing command.
<li>Prevented <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
from initializing an MBR to have overlapping partitions 0 and 3.
<li>Allowed <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> to
extend the default OpenBSD partition to the end of the disk, rather
than truncating at the end of the last full cylinder.
<li>Corrected GPT checksums written by <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> on big-endian
architectures to be little-endian as per spec.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
preserve BIOS boot partition.
<li>Made <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> -A
preserve the EFI System partition on GPT disks with Apple APFS partitions.
<li>Removed the builtin MBR from <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
<li>Removed the "rpath" and "wpath" pledges from <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>.
<li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
creates the default OpenBSD MBR partition only when there is space for it.
<li>Ensured <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
does not set MBR DOSACTIVE flag on unused partitions when initializing MBR.
<li>Reduced the alignment space <a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
inserts before the start of the default OpenBSD partition.
<li>Merged bugfixes from upstream into <a
href="https://man.openbsd.org/less.1">less(1)</a> including fixes for
the prompt hiding feature (CTRL-P) and an integer overflow.
<li>Fixed possible use after free with long lines in <a
href="https://man.openbsd.org/less.1">less(1)</a>.
<li>Fixed file descriptor leak of /dev/tty on <a
href="https://man.openbsd.org/doas.1">doas(1)</a> auth failure.
<li>Replaced <a href="https://man.openbsd.org/lrint.3">lrint(3)</a>,
<a href="https://man.openbsd.org/lrintf.3">lrintf(3)</a>, <a
href="https://man.openbsd.org/llrint.3">llrint(3)</a> and <a
href="https://man.openbsd.org/llrintf.3">llrintf(3)</a>
implementations from NetBSD with the existing FreeBSD implementations
we were already using for <a
href="https://man.openbsd.org/lrintl.3">lrintl(3)</a> and <a
href="https://man.openbsd.org/llrintl.3">llrintl(3)</a>.
<li>In various games, call <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
later to prevent it from killing various games using ncurses when both
stdout and stderr are redirected to a non-tty.
<li>Switched LLD_ARCHs (architectures using the LLVM <a
href="https://man.openbsd.org/ld.lld.1">ld.lld(1)</a> linker) to also
user the LLVM archiver <a
href="https://man.openbsd.org/llvm-ar.1">llvm-ar(1)</a>.
<li>Added openvpn ports (udp/1194 & tcp/1194) to /etc/services.
<li>Prevented an access to uninitialized memory in <a
href="https://man.openbsd.org/awk.1">awk(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/vi.1">vi(1)</a> recovery
mode.
<li>Extended and reordered the process accounting information
structure <a href="https://man.openbsd.org/acct.5">acct(5)</a>. Flag
Day for the <a href="https://man.openbsd.org/acct.2">acct(2)</a> file
format.
<li>Fixed <a
href="https://man.openbsd.org/setusercontext.3">setusercontext(3)</a>
error when /etc/login.conf is not present.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>Added support to <a
href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a> for Cannon
Lake H and Tiger Lake H platforms.
<li>Ensured use of the correct encoding in xenocara when /etc/kbdtype
is present with an attached <a
href="https://man.openbsd.org/ucc.4">ucc(4)</a> keyboard.
<li>Added support for tpm2 CRB interface to <a
href="https://man.openbsd.org/tpm.4">tpm(4)</a>, fixing recent S4
regressions on the Surface Go 2 caused by a firmware change.
<li>Ensured armv7 and arm64 efiboot allocate fresh memory for the
device tree with at least one page of free space to extend into. This
fixes booting on VMWare Fusion.
<li>Stopped binding audio devices exposed by <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> to physical
devices. <!-- XXX check this -->
<li>Fixed handling of interrupts shared between multiple <a
href="https://man.openbsd.org/dwiic.4">swiic(4)</a> devices.
<li>Introduced <a
href="https://man.openbsd.org/iicmux.4">iicmux(4)</a>, a driver that
switches between I2C busses connected to a single I2C controller by
using the pin muxing facilities of an SoC.
<li>Introduced <a
href="https://man.openbsd.org/pcyrtc.4">pcyrtc(4)</a>, a driver for
the NXP PCF85063A/TP RTC chips.
<li>Fixed a panic when running <a
href="https://man.openbsd.org/utvfu.4">utvfu(4)</a> on <a
href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
<li>Added <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a>
support for interrupts represented by ACPI PCI Interrupt Link Devices,
making PCI interrupts work on QEMU's SBSA target.
<li>Added handling of multi-port controllers to <a
href="https://man.openbsd.org/uslcom.4">uslcom(4)</a>.
<li>Make <a href="https://man.openbsd.org/com.4">com(4)</a> attach
over <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> on amd64.
<li>Added address locators for the ACPI "bus" and used these to fix
the order of the <a href="https://man.openbsd.org/com.4">com(4)</a>
devices to match the traditional order on the ISA bus.
<li>Added Intel Jasper Lake to the <a
href="https://man.openbsd.org/azalia.4">azalia(4)</a> audio driver.
<li>Ensured <a href="https://man.openbsd.org/azalia.4">azalia(4)</a>
matches on Intel 300 Series audio, fixing attaching on the Dell G3
3590.
<li>Added Synopsys Designware UART support to <a
href="https://man.openbsd.org/com.4">com(4)</a>.
<li>Fixed an issue where <a
href="https://man.openbsd.org/com.4">com(4)</a> would attach for a
disabled serial port leading to misdirection of the hardware variant
and a subsequent hang when /etc/rc runs <a
href="https://man.openbsd.org/ttyflags.8">ttyflags(8)</a> -a.
<li>Fixed <a href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> for
Jasper Lake eMMC.
<li>Improved how quirks are handled on <a
href="https://man.openbsd.org/sdhc.4">sdhc(4)</a>-compatible drivers.
<li>Enabled <a
href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> use with the
Surface Go 3.
<li>Fixed suspend/resume issues with <a
href="https://man.openbsd.org/com.4">com(4)</a> at <a
href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
<li>Correlated <a
href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> and <a
href="https://man.openbsd.org/ucc.4">ucc(4)</a> devices
to adjust the volume of the correct audio device
rather than the first one attached.
<li>Enabled FIFO support in <a
href="https://man.openbsd.org/pluart.4">pluart(4)</a>.
<li>Added support for XBox One game controller.
<li>Stopped suspending the <a
href="https://man.openbsd.org/tpm.4">tpm(4)</a> device upon
hibernation, preventing some systems from hanging when hibernating a
second time.
<li>Fixed <a href="https://man.openbsd.org/hilkbd.4">hilkbd(4)</a>
Swedish keyboard layout on non-PS/2 style keyboards.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Added support to <a
href="https://man.openbsd.org/umb.4">umb(4)</a> for SIMCom SIM7600.
<li>Fixed an interrupt storm on <a
href="https://man.openbsd.org/dwge.4">dwge(4)</a> variants which
support Energy Efficient Ethernet when connected to a switch which
does so as well.
<li>Made <a href="https://man.openbsd.org/dwge.4">dwge(4)</a> and <a
href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> MP-safe.</li>
<li>Added <a href="https://man.openbsd.org/igc.4">igc(4)</a>, a
driver for the Intel 2.5Gb Ethernet controllers.
<li>Implemented <a href="https://man.openbsd.org/em.4">em(4)</a>
support for selecting SMGII or SerDes mode depending on the plugged-in
SFP transceiver and for reading out transceiver information via <a
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Enabled hardware vlan tagging for <a
href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
<li>Re-enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>
IPv4, TCP4/6 and UDP4/6 checksum offloading. \ <li>Enabled receive
checksum offloading on <a
href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
<li>Prevented a possible deadlock in <a
href="https://man.openbsd.org/cad.4">cad(4)</a>.
<li>Prevented <a href="https://man.openbsd.org/aq.4">aq(4)</a> nics
from writing to mbufs taken off the ring when the interface was taken
down.
<li>Fixed receive filter handling and vlan packet reception in <a
href="https://man.openbsd.org/aq.4">aq(4)</a>.
<li>Enabled vlan and checksum offloads in <a
href="https://man.openbsd.org/aq.4">aq(4)</a>.
<li>Enabled interrupt moderation in <a
href="https://man.openbsd.org/aq.4">aq(4)</a>, aiming at around 20k
per second.
<li>Fixed <a href="https://man.openbsd.org/ure.4">ure(4)</a> vlan
transmission with hw tagging.
<li>Added preliminary <a
href="https://man.openbsd.org/ure.4">ure(4)</a> support for RTL8156B
and bug fixes for RTL8153/RTL8156.
<li>Reworked <a href="https://man.openbsd.org/ix.4">ix(4)</a>
checksum/vlan offloading and enabled it for IPv6.
<li>Enabled IP header checksum offloading in <a
href="https://man.openbsd.org/ix.4">ix(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/msk.4">msk(4)</a> operation
after interface state changes.
<li>Enabled <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> on arm64.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Introduced <a href="https://man.openbsd.org/mtw.4">mtw(4)</a>, a
driver for MediaTek MT7601U USB wifi devices, enabled on amd64, i386, macppc, and arm64.
<li>Added 802.11n Tx aggregation support to the <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> driver.
<li>Added support for 802.11n 40MHz channels, and 802.11ac 80MHz channels, to the <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers.
<li>Reset the Tx watchdog timer when a block ack notification is received by
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware to prevent spurious device timeouts.
<li>Prevent invalid net80211 state transitions in the
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers
to avoid a potential hang.
<li>Fixed a panic when <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> cannot find firmware
at boot time.
<li>Fixed <a href="https://man.openbsd.org/iwm.4">iwm(4)</a>
performance drop after roaming between APs in 11n mode.
<li>When roaming with <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a>, keep the old BSSID available for use by firmware
commands which tear down device state before switching to the new AP.
<li>Fix race conditions in the <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and
<a href="https://man.openbsd.org/iwx.4">iwx(4)</a> drivers while roaming between APs with
outstanding frames on transmit queues.
<li>Reverted to use <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> firmware v17 on Intel
AC 7265, fixing instability issues on X1 Carbon gen3.
<li>Explicitly stop <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> Rx block ack sessions when
roaming between access points.
<li>Fixed monitor mode on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Let <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> and <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> use per-Tx-queue
interface timers to ensure the Tx watchdog triggers if a particular Tx queue gets
stuck.
<li>Switched <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> to new -67 firmware images, and updated <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> 9260 and 9560 firmware, to address INTEL-SA-00509.
<li>Made <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> attach to PCI devices with product ID 0x31dc, part of the 9560 chip family.
<li>Fixed wrong pointer assignment causing the <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>
driver to read Rx block ack request information from the wrong offset.
<li>Fixed and reenabled use of probe requests during scans on <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Fixed attach of multiple <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> or <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> interfaces in the same machine.
<li>Fixed <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> with 4965 devices.
<li>Improved roaming stability on <a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, particularly with wpa_supplicant.
<li>Added relicensed wireless firmwares from Realtek for <a
href="https://man.openbsd.org/rsu.4">rsu(4)</a>, <a
href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> devices, allowing
these devices to work without requiring a separate firmware download.
<li>Added a workaround for buggy <a
href="https://man.openbsd.org/athn.4">athn(4)</a> devices to prevent
filling up the node cache when used in hostap mode.
<li>Applied a workaround in <a
href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a> to fix an
external abort under load with <a
href="https://man.openbsd.org/athn.4">athn(4)</a>.
<li>Made <a href="https://man.openbsd.org/athn.4">athn(4)</a> attach
to the Sony UWA-BR100.
<li>Fixed "(null node)" panics on <a href="https://man.openbsd.org/run.4">run(4)</a>.
<li>Disabled minimum power consumption in <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> hostap mode,
improving connection reliability when used as an access point.
<li>Added support for the BCM4387 to <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
<li>Improved TX performance on <a
href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> RTL8192EU devices.
<li>Fix TX rate used by <a
href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> and <a
href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> for RTS frames.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>Added an ADDBA_OFFLOAD capability for wifi devices to manage Tx block ack sessions entirely in firmware.
<li>Added support for 40MHz channels to net80211 Tx rate adaptation in 11n mode.
<li>Added monitoring of 20/40MHz channel width changes in beacons sent by our access point, notifying drivers when the channel width has changed.
<li>Introduced an optional background-scan handler for wireless drivers, which drivers can use to take control of the device teardown sequence, ensuring that race conditions between firmware state and net80211 state are avoided.
<li>Taught the net80211 stack to remove corresponding frames from ic_pwrsaveq when a power-saving client decides to leave our hostap interface, preventing a panic in the <a
href="https://man.openbsd.org/athn.4">athn(4)</a> driver.
<li>Added initial 802.11ac (VHT) support to the wifi stack.
<li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> show 802.11ac VHT capability and operation IEs with the IEEE802_11_RADIO data link type (-y) in verbose (-v) mode.
<li>Added 802.11ac/VHT TX rate adaptation support to net80211.
<li>When choosing networks during SSID selection, give a higher score to 11ac and 11n access points, prioritizing 11ac.
<li>When choosing from a set of access points for a given SSID, prefer APs on 5GHz channels over APs on 2GHz channels. This was already supposed to happen in earlier OpenBSD releases but did not always work as intended.
</ul>
<li>Generic network stack improvements and bugfixes:
<ul>
<li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> $nr incorrect macro expansion.
<li>Fixed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> rdr-to rules failing on certain port ranges when explicitly specified.
<li>Ensured the <a href="https://man.openbsd.org/pf.4">pf(4)</a> "set prio" values are checked consistently.
<li>Made "set skip on ..." in <a
href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> dynamic, with
this, "set skip" can be used on interfaces that are not configured
yet.
<li>Protected <a
href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> tdb flags and
lists with a mutex to prevent crashes involving pfsync, IPsec and
parallel forwarding.
<li>Added support for PPP IPCP extensions for DNS to <a
href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
<li>Added display of DNS information from <a
href="https://man.openbsd.org/sppp.4">sppp(4)</a> to <a
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Switched to calculating <a
href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> session duration
using system uptime rather than UTC.
<li>Fixed <a href="https://man.openbsd.org/veb.4">veb(4)</a> vport
handling to prevent improper drop of packets leaving a vport
interface.
<li>Prevented tweaks to <a
href="https://man.openbsd.org/tun.4">tun(4)</a> if_flags when the
NET_LOCK isn't held.
<li>Prevented reopening of <a
href="https://man.openbsd.org/tun.4">tun(4)</a>/<a
href="https://man.openbsd.org/tap.4">tap(4)</a> interfaces which are
being destroyed.
<li>Rewrote <a href="https://man.openbsd.org/vxlan.4">vxlan(4)</a> to
operate independently of <a
href="https://man.openbsd.org/bridge.4">bridge(4)</a>, create and bind
udp sockets and prevent loops.
<li>Stopped hiding the mtu on "bridge" interfaces which do handle l3
traffic in <a
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Added mbuf tags to prevent output loops in <a
href="https://man.openbsd.org/etherip.4">etherip(4)</a>.
<li>Added rtable capability to <a
href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>,
allowing to specify the rtable a process uses.
<li>Made <a href="https://man.openbsd.org/su.1">su(1)</a> honor the
login class routing table when doing a full login with su -l.
<li>Fix IP output routines on raw sockets so route sourceaddr can
take effect using <a
href="https://man.openbsd.org/sendto.2">sendto(2)</a> or similar.
<li>Ensured <a
href="https://man.openbsd.org/pcap_lookupdev.3">pcap_lookupdev(3)</a>
matches only on complete interface names.
</ul>
<li>Installer and upgrade improvements:
<ul>
<li>Corrected installer to understand "inet autoconf" properly in <a
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
<li>Stopped prompting whether to fall back to HTTP in the installer,
making the fallback automatic.
<li>Used <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
"join" command by default in <a
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files,
replacing the old "nwid".
<li>Replace custom bootloader installation code with <a
href="https://man.openbsd.org/installboot.8">installboot(8)</a> on
riscv64 and armv7 architecture installations.
<li>New logic for <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> to avoid
excessive moving of files during updates when possible.
<li>Documented OpenBSD installation and upgrade customization using the <a
href="https://man.openbsd.org/install.site.5">install.site(5)</a> file.
<li>Corrected "!" escape handling in the installer when accepting WEP/WPA passphrase.
<li>Prevented a potential race which could make <a
href="https://man.openbsd.org/umount.8">umount(8)</a> fail spuriously
in the installer.
<li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -e
work with ramdisk kernels.
<li>Made <a href="https://man.openbsd.org/config.8">config(8)</a> -c
cmdfile use lines from the command file for all input, not just
commands. This allows complex actions like changing device parameters.
<li>Ensured that an interrupted arm64 install from the ramdisk kernel
can be restarted.
<li>Made redistributable firmwares available across all architectures.
<li>Returned to a shell-script based <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>, written
to be usable by the install script, allowing earlier retrieval of
downloaded firmwares.
<li>Stopped <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> from
downloading SHA256.sig when not needed, to allow installing local
files without network access.
<li>Modified the installer to use <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to install
non-free firmware files if present on the install media.
<li>Made <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a>
re-download existing files with failed checksums.
<li>Made <a
href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> use the
/snapshots directory only on -current snapshot installations.
</ul>
<li>Security improvements:
<ul>
<li>Clear the length of keys in <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> alongside keys themselves.
<li>Removed hifn(4), safe(4) and ubsec(4) crypto drivers.
<li>Added call to <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to restrict <a href="https://man.openbsd.org/stty.1">stty(1)</a> -f filesystem access.
<li>Disabled <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> mouse tracking by default.
<li>On arm64 architectures, use "rng-seed" and "kaslr-seed" properties from the device tree to mix extra entropy into the random pool.
<li>Made <a href="https://man.openbsd.org/apmd.8">apmd(8)</a> replace /etc/random.seed for hibernate-resumes.
<li>Restricted <a
href="https://man.openbsd.org/usbhidctl.1">usbhidctl(1)</a> and <a
href="https://man.openbsd.org/usbhidaction.1">usbhidaction(1)</a> file
system access with <a
href="https://man.openbsd.org/unveil.2">unveil(2)</a>.
<li>Added <a href="https://man.openbsd.org/ps.1">ps(1)</a> status flag "c" to indicate a process is chrooted.
<li>In <a
href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a> <a
href="https://man.openbsd.org/unveil.2">unveil(2)</a> "/dev" read-only
instead of using <a
href="https://man.openbsd.org/chroot.2">chroot(2)</a>.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li><i>switchd(8)</i>, the software-defined networking (SDN) sflow
controller was removed. While interesting the OpenFlow implementation
never managed to really get into a usable state.
<li>Switched <a href="https://man.openbsd.org/nsd.8">nsd(8)</a> to enable default DNS cookies on, matching behavior as released in OpenBSD 7.0.
<li>Ensured enabled resolvers are honored by <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> to keep unused forwarders disabled properly.
<li>Installed missing scope identifiers for IPv6 link-local addresses for <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> and <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>.
<li>Allowed interface names as scope-id in IPv6 link-local addresses in <a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
<li>Let <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> probe for DNS64 presence with an absolute name, so asr doesn't add search domains and retry.
<li>Stopped duplicating "Connection: close" headers in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>, only adding it if it's not a websocket response.
<li>Modified <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> examples to use TLS rather than the plaintext protocols.
<li>Stopped ignoring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>.
<li>Made the <a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> host name DHCP option configurable.
<li>Prevented a crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> due to updating an interface which no longer exists.
<li>Prevented a potential crash when <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> receives more than 7 nameservers.
<li>Fixed crash in <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> when receiving a negative length field for DNS labels.
<li>Fix <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>, create permissions are required for databases.
<li>Made <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> start listening on interface in 'down' state. Interfaces can come up later, at which point dhcpd(8) will start receiving packets.
<li>Added a basic printer for EAPOL packets to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>Made <a href="https://man.openbsd.org/ping.8">ping(8)</a> print out the source address and sequence number when the signature on an icmp echo reply doesn't match.
<li>Rate limit <a href="https://man.openbsd.org/rad.8">rad(8)</a> router advertisements according to RFC 4861.
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
<ul>
<li>Stop verifying the cert or CA for a relay using opportunistic TLS.
<li>Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> behavior.
</ul>
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> received new features and bugfixes:
<ul>
<li>Respond with 400 Bad Request when a client sends header lines without a colon.
<li>Added protocol version checking.
<li>Annotated an <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> 413 error with "request body too large" in the error log.
<li>Corrected <a
href="https://man.openbsd.org/httpd.8">httpd(8)</a> version string
checking, responding with 505 Version Not Supported rather than 400
Bad Request when the version format is incorrect.
<li>Stop sending content alongside responses to HEAD requests.
<li>Added support for custom error pages.
<li>Added a gzip-static option to <a
href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>,
allowing delivery of precompressed files with content-encoding gzip.
<li>Improved handling of static compressed gzip files.
</ul>
<li>IPsec support was improved:
<ul>
<li>Made <a href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> proto config option accept a list to allow specifying multiple protocols for a single policy.
<li>Fixed removal of SAs that could not be flushed with <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -F.
<li>Changed <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to log a warning when proto is NULL rather than dereferencing it.
<li>Fixed broken key exchange negotiation with matching proposals in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> "show certinfo" to show trusted CAs and certificates.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -V to display the version.
<li>Fixed a bug where <a href="https://man.openbsd.org/iked.8">iked(8)</a> sent zero-prefixed NAT-T messages on port 500, causing parsing errors.
<li>Improved message fragment retransmissions for <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Make sure <a href="https://man.openbsd.org/iked.8">iked(8)</a> vroute messages are correctly aligned, fixes autoconfiguration of addresses on octeon.
</ul>
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> was
made more resilient regarding untrusted input. The following
bugfixes and improvements were made:
<ul>
<li>Added support for validating BGPsec Router Public Keys.
<li>Fix issues with chunked transfer encoding in the RRDP HTTP client.
<li>Cleanup and improvement of how IO is handled.
<li>Improvements in the way X509 certificates are verified.
<li>Limit the number of concurrent rsync processes.
<li>Fix CRLF in tal files.
<li>Enforce the correct namespace of rrdp files.
<li>Fail certificate verification if a certificate contains unknown
critical extensions.
<li>Improve cleanup of rrdp directory contents.
<li>Introduce a validated cache which holds all the files that have
successfully been verified by rpki-client.
<li>Add a new option '-f <file>' to validate a signed object in a file
against the RPKI cache.
<li>Add various RFC 6488 compliance checks to improve the CMS parser.
<li>Improve RRDP replication through less aggressive cache cleanup.
<li>Add a check whether a given Manifest EE certificate is listed on the
applicable CRL.
<li>For forward compatibility permit ASPA object to appear on Manifests.
<li>Various improvements to the '-f <file>' diagnostic option to
now also validate files containing Trust Anchor certs and CRLs.
<li>Do not apply timezone offsets when converting X509 times. X509
times are in UTC and comparing them to times in different timezones
would cause validity problems.
</ul>
<li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
<ul>
<li>The <a href="https://man.openbsd.org/bgpd.8">bgpd</a> login
class datasize attribute (in <a
href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>) was set
to either 16G or 1G, depending on architecture.
<li>Macro expansion in the config file was improved. It is now possible
to expand 'set large-community $myAS:$location:$transit'.
<li>Added a "port" option to "listen on" and the "neighbor" section
in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> to make it
possible to bind and connect to non-default ports.
<li>The RIB codebase was refactored in order to add multipath
support in an upcoming release.
</ul>
</ul>
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
<ul>
<li>Fixed a crash in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> when a session with
multiple clients is destroyed but tmux does not close completely due
to other sessions.
<li>Fixed a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
redraw problem on automargin terminals.
<li>Fixed a problem with repeat in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
<li>Added -T to set a popup title in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added -s and -S to <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> display-popup to set
popup and border style.
<li>Fixed application-set fg and bg in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> panes.
<li>Added a way to force a color to RGB in <a
href="https://man.openbsd.org/tmux.1">tmux(1)</a> and a format to
display it.
<li>Added a cursor-colour option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added a cursor-style option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added a pane-border-format pane option to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Added attempts to turn on less-capable mouse modes when <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> turns on more-capable ones, in case the terminal doesn't support the desired mode.
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to show arrows for the active pane indicator.
<li>Added a key in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode to toggle the position indicator.
<li>Added an option in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to set the character for unused areas of the terminal.
<li>Add <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to control if it scrolls into history on clear.
<li>Added OSC 7 capability to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> for setting titles.
</ul>
<li>LibreSSL version 3.5.2
<ul>
<li>New Features
<ul>
<li>The RFC 3779 API was ported from OpenSSL.<br>
Many bugs were fixed, regression tests were added and the code was cleaned up.
<li>Certificate Transparency was ported from OpenSSL.<br>
Many internal improvements were made, resulting in cleaner and safer code.<br>
Regress coverage was added. libssl does not yet make use of it.
</ul>
<li>Portable Improvements
<ul>
<li>Enabled ASAN CI on Linux platform.<br>
<li>Fixed various POSIX compliance and other portability issues<br>
found by the port to the Sortix operating system.
<li>Add libmd as platform specific libraries for Solaris.<br>
<li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br>
<li>Enabled and scheduled Coverity scans.<br>
</ul>
<li>Compatibility Changes
<ul>
<li>Most structs that were previously defined in the following headers
are now opaque as they are in OpenSSL 1.1:<br>
bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
x509.h, x509v3.h, x509_vfy.h
<li>Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_<br>
OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
of using something consistent with the previous naming.<br>
Various test suites expect these names (instead of checking for the much
more sensible cipher numbers).<br>
The old names are still accepted as aliases.
<li>Subject alternative names and name constraints are now validated
when they are added to certificates.<br>
Various interoperability problems with stacks that validate
certificates more strictly than OpenSSL can be avoided this way.
<li>Attempt to opportunistically use the host name for SNI in s_client
<li>Allow non-standard name constraints of the form @domain.com.
</ul>
<li>Bug fixes
<ul>
<li>Avoid infinite loop for custom curves of order 1.<br>
<li>Avoid infinite loop on parsing DSA private keys.<br>
<li>Prevent a malicious certificate from causing an infinite loop.<br>
<li>In some situations, the verifier would discard the error on an
unvalidated certificate chain.<br>
This would happen when the verification callback was in use,
instructing the verifier to continue unconditionally.<br>
This could lead to incorrect decisions being made in software.
<li>Avoid an infinite loop in SSL_shutdown()
<li>Handle zero byte reads/writes that trigger handshakes in the
TLSv1.3 stack.
<li>A long standing memleak in libtls CRL handling was fixed
<li>Allow name constraints with a leading dot.
<li>Fix NULL dereferences in openssl(1) cms option parsing.
<li>Do not zero the computed cofactor on ec_guess_cofactor() success.
<li>Bound cofactor in EC_GROUP_set_generator() to reduce the number of
bogus groups that can be described with nonsensical parameters.
<li>Avoid various potential segfaults in EVP_PKEY_CTX_free() in low
memory conditions.
</ul>
<li>Internal Improvements