-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathplus.html
685 lines (680 loc) · 48.9 KB
/
plus.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
<!doctype html>
<html lang=en id=plus>
<meta charset=utf-8>
<title>OpenBSD -current Changelog</title>
<meta name="description" content="OpenBSD -current changes">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/plus.html">
<style>
strong {
color: var(--red);
font-weight: normal;
}
h3 {
color: var(--blue);
}
</style>
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
-current Changelog
</h2>
<hr>
<p>
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the <a href="https://marc.info/?l=openbsd-cvs">archives</a>,
or use <a href="anoncvs.html#CVS">CVS</a>.
<p>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>,
<a href="plus35.html">3.5</a>,
<a href="plus36.html">3.6</a>,
<br>
<a href="plus37.html">3.7</a>,
<a href="plus38.html">3.8</a>,
<a href="plus39.html">3.9</a>,
<a href="plus40.html">4.0</a>,
<a href="plus41.html">4.1</a>,
<a href="plus42.html">4.2</a>,
<a href="plus43.html">4.3</a>,
<a href="plus44.html">4.4</a>,
<a href="plus45.html">4.5</a>,
<a href="plus46.html">4.6</a>,
<a href="plus47.html">4.7</a>,
<a href="plus48.html">4.8</a>,
<a href="plus49.html">4.9</a>,
<a href="plus50.html">5.0</a>,
<a href="plus51.html">5.1</a>,
<a href="plus52.html">5.2</a>,
<a href="plus53.html">5.3</a>,
<br>
<a href="plus54.html">5.4</a>,
<a href="plus55.html">5.5</a>,
<a href="plus56.html">5.6</a>,
<a href="plus57.html">5.7</a>,
<a href="plus58.html">5.8</a>,
<a href="plus59.html">5.9</a>,
<a href="plus60.html">6.0</a>,
<a href="plus61.html">6.1</a>,
<a href="plus62.html">6.2</a>,
<a href="plus63.html">6.3</a>,
<a href="plus64.html">6.4</a>,
<a href="plus65.html">6.5</a>,
<a href="plus66.html">6.6</a>,
<a href="plus67.html">6.7</a>,
<a href="plus68.html">6.8</a>,
<a href="plus69.html">6.9</a>,
<a href="plus70.html">7.0</a>,
<br>
<a href="plus71.html">7.1</a>,
<a href="plus72.html">7.2</a>,
<a href="plus73.html">7.3</a>,
<a href="plus74.html">7.4</a>,
<a href="plus75.html">7.5</a>,
<a href="plus76.html">7.6</a>.
<a href="plus77.html">7.7</a>,
<br>
<p>
<h3>Changes made between OpenBSD 7.6 and -current</h3>
<p>
<ul>
<!-- 2025/04/10 -->
<li>Released OpenSSH 10.0.
<!-- 2025/04/09 -->
<!-- 2025/04/08 -->
<li>Fixed a RRDP repo stall because of bad internal state in rpki-client.8.
<li>Allowed 8 DMA segments per frame on <a href="https://man.openbsd.org/ice.4">ice(4)</a>, providing a good throughput increase.
<!-- 2025/04/07 -->
<li>Disabled lazy cr3 switching on i386 as the implementation was incompatible with the locking to make the pmap mpsafe.
<li>Changed <a href="https://man.openbsd.org/rc.8">rc(8)</a>to only run <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> -f if the sysctl.conf file exists and is non-zero length.
<li>Fixed cpu idle percentage in <a href="https://man.openbsd.org/top.1">top(1)</a> on macppc
<!-- 2025/04/06 -->
<li>Fixed a (mostly) hypothetical race in <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> by making it return an error if called in a multi-threaded process.
<li>Make IPv6 link-local scope identifiers in "HTTP Server?" answers work in the installer.
<li>Made <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> only set BootOrder if our boot option isn't already part of it. This means sysupgrade (or reinstalls) will no longer set OpenBSD as the default OS if users change the boot order by some other means. Fresh installs will still make OpenBSD the default OS.
<!-- 2025/04/05 -->
<li>Replaced the <a href="https://man.openbsd.org/rc.8">rc(8)</a> shell parser with <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>'s new -f to apply /etc/sysctl.conf
<li>Added [-f file] to <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> to apply sysctl.conf in one go.
<!-- 2025/04/04 -->
<li>Enabled MSI-X interrupts for <a href="https://man.openbsd.org/ice.4">ice(4)</a> tx queues.
<li>Started clearing the OACTIVE flag on tx queues when <a href="https://man.openbsd.org/ixl.4">ixl(4)</a> is reset.
<li>Started clearing the OACTIVE flag on tx queues when <a href="https://man.openbsd.org/ice.4">ice(4)</a> is reset.
<!-- 2025/04/03 -->
<li>Added a counter for non-functional CAs to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<li>Fixed a potential buffer overflow from oversized USB chunks.
<!-- 2025/04/02 -->
<li>Added minimal gbr validation and printing fixes to <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> only align panes and windows, not sessions.
<li>Made <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> properly escape ASCII control characters in JSON rather than erroring.
<!-- 2025/04/01 -->
<li>Removed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>'s ability to enable DSA support.
<li>Started using <a href="https://man.openbsd.org/acpipci.4">acpipci(4)</a> on hypervisors. If the hypervisor cpuid bit is set, use acpipci to attach PCI busses. As virtualization is not that old, we can assume that in VMs we don't need the quirk for old, broken ACPI. This solves problems with PCI BAR access and recent seabios versions on qemu.
<li>Restricted <a href="https://man.openbsd.org/ice.4">ice(4)</a> firmware to features actually supported by the driver. Avoids traffic stalls due to firmware trying to use multiple queues, which the driver does not handle yet.
<li>Ported <a href="https://man.openbsd.org/ice.4">ice(4)</a> code for loading DDP firmware packages from FreeBSD. Loading firmware is a prerequisite for performance features such as checksum offload and TSO. These features are not yet implemented by our version of this driver and will be added during the next release cycle.
<!-- 2025/03/31 -->
<li>Added support setting the new variable PASSWDSKIP in /etc/daily.local to prevent <a href="https://man.openbsd.org/security.8">security(8)</a> from complaining about specific accounts that have no password. This is typically used for services like anoncvs and gotd.
<!-- 2025/03/30 -->
<!-- 2025/03/29 -->
<li>Updated libexpat to 2.7.1.
<li>Fixed scope of the sa_mpls sockaddr variable.
<!-- 2025/03/28 -->
<li>Changed to only opening bulk <a href="https://man.openbsd.org/usb.4">usb(4)</a> pipes once for the lifetime of the device.
<li>Allowed <a href="https://man.openbsd.org/ice.4">ice(4)</a> to work when phy type does not map to a known media type.
<li>Add support for QCA2066 to <a href="https://man.openbsd.org/qwx.4">qwx(4)</a>.
<li>Added <a href="https://man.openbsd.org/ice.4">ice(4)</a> to the <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> driver list.
<li>Started passing "ControlMaster no" to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> when invoked by <a href="https://man.openbsd.org/scp.1">scp(1)</a> and <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. This explicitly disables persistent session *creation* by scp and sftp. It will not prevent them from using an existing session if one has already been created.
<!-- 2025/03/27 -->
<li>Reset Tx/Rx ring software state when an <a href="https://man.openbsd.org/ice.4">ice(4)</a> interface is put down.
<!-- 2025/03/26 -->
<li>Fixed a crash with ifp->if_linkstatetask NULL pointer during <a href="https://man.openbsd.org/ice.4">ice(4)</a> attachment.
<!-- 2025/03/25 -->
<li>Updated <a href="https://man.openbsd.org/tzinfo.5">tzinfo(5)</a> to 2025bgtz from https://github.com/JodaOrg/global-tz.
<!-- 2025/03/24 -->
<li>Enable <a href="https://man.openbsd.org/mtxhci.4">mtxhci(4)</a> on armv7 and arm64.
<li>Added <a href="https://man.openbsd.org/mtxhci.4">mtxhci(4)</a>, a driver for the xHCI USB controller found on MediaTek SoCs.
<li>Made <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> use timespeccmp() and st_mtim intead of comparing st_mtime to fix comparison of files with modification times that differ by less than a second.
<li>Added a digit to vsz and rss to accomodate larger procs with <a href="https://man.openbsd.org/ps.1">ps(1)</a>.
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> correctly skip wide characters in hyperlinks.
<li>Made <a href="https://man.openbsd.org/test.1">test(1)</a> use timespeccmp() and st_mtim intead of comparing st_mtime to fix comparison of files with modification times that differ by less than a second.
<li>Started ignoring sub-nodes of non-functional nodes in the ACPI tree walk to fix doubel and triple attachments of the same PCIe root bridges.
<!-- 2025/03/23 -->
<li>Made <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> scan display wpa3.
<!-- 2025/03/21 -->
<li>Allowed using a different dmesg for <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> driver detection.
<li>Fixed mouse_hyperlink format in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
<li>Added S-Up and S-Down to move windows in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> tree mode.
<li>Prevented a theoretical <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> NULL deref in throughlocal_sftp.
<!-- 2025/03/18 -->
<!-- 2025/03/17 -->
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> NULL dereference for Match conditions missing arguments, e.g. "Match user".
<li>Started using shared net lock when calling <a href="https://man.openbsd.org/shutdown.2">shutdown(2)</a> on internet socket.
<!-- 2025/03/16 -->
<li>Updated libXau to 1.0.12
<!-- 2025/03/15 -->
<!-- 2025/03/14 -->
<li>Updated libexpat to version 2.7.0.
<!-- 2025/03/13 -->
<li>Implement <a href="https://man.openbsd.org/busdma.9">busdma(9)</a> bounce buffering for raw memory.
<!-- 2025/03/12 -->
<li>Removed the <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> assumption that the <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> and any configs included from it can fit in a (possibly enlarged) socket buffer.
<li>Adjusted the alignment when df prints inode columns. This makes 'df -hi' on systems with large partitions easier on the eyes.
<li>Provided an accelerated SHA-512 assembly implementation for aarch64.
<!-- 2025/03/11 -->
<li>Fixed the problem that skips the various checks for packets for broadcast mistakenly introduced by the revision 1.103 imported from NetBSD 24 years ago.
<!-- 2025/03/10 -->
<li>Reworked how processes are stopped because of a signal. Now multithreaded processes can be reliably stopped and continued. This should fix problems seen in golang, mpv and in our regress tests.
<!-- 2025/03/09 -->
<li>Updated to libfreetype 2.13.3.
<li>Made <a href="https://man.openbsd.org/security.8">security(8)</a> use GMT rather than the local timezone when checking for changes in device nodes and setuid files. Avoids false positives when changing timezones.
<!-- 2025/03/08 -->
<li>Fixed a <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> crash on close of anisochronous endpoint's webcam.
<!-- 2025/03/07 -->
<li>Provided an accelerated SHA-256 assembly implementation for aarch64 making use of the ARM CE found on many arm64 CPUs.
<!-- 2025/03/06 -->
<!-- 2025/03/05 -->
<!-- 2025/03/04 -->
<li>Fixed incorrect ICMP error translation in af-to NAT.
<!-- 2025/03/03 -->
<li>Prevented incorrect warnings indicating that a system won't boot after bootblocks have been installed but EFI variables haven't been set.
<!-- 2025/03/02 -->
<li>Cache route per softnet thread with netstack.
<li>Updated to xserver 21.1.16.
<li>Fixed RunTimeToEmpty on some EATON models in <a href="https://man.openbsd.org/upd.4">upd(4)</a>.
<li>Add %-token and environment variable expansion to SetEnv in <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>.
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> PerSourcePenalty incorrectly using "crash" penalty when LoginGraceTime was exceeded.
<!-- 2025/03/01 -->
<li>Fixed TCP checksum for IPv6 packets with extension headers.
<li>Moved to 7.7-beta.
<li>Added USB 3.0 speed support to <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> and <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>.
<!-- 2025/02/28 -->
<li>Allow <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> %-token and environment variable expansion in User, with the exception
of %r and %C which are self-referential.
<!-- 2025/02/27 -->
<li>Forced update of backlight level on init following 6.12 drm update.
<!-- 2025/02/26 -->
<li>Fixed moduser use-after-free when locking/unlocking an account.
<li>Support colorformat from <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> device.
<li>Added options to interactive <a href="https://man.openbsd.org/sdiff.1">sdiff(1)</a> merge for choosing both sides of a diff.
<!-- 2025/02/25 -->
<!-- 2025/02/24 -->
<!-- 2025/02/23 -->
<li>Fixed connector initialization in intel_dp_add_mst_connector(), avoiding NULL deref on certain docks.
<!-- 2025/02/22 -->
<!-- 2025/02/21 -->
<li>Introduced <a href="https://man.openbsd.org/calendar.1">calendar(1)</a> RECIPIENT_EMAIL.
<li>Prevented use of comma in hostnames in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Updated unbound to 1.22.0.
<!-- 2025/02/20 -->
<li>Abstracted <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> internal time into monotime and increased resolution to microseconds.
<!-- 2025/02/19 -->
<li>Added installboot -c option that sets up the machine to boot from the specified disk.
<!-- 2025/02/18 -->
<!-- 2025/02/17 -->
<li>Added use of Toeplitz hash for UDP and IPv6 TCP output, giving an improvement in traffic distribution over the queues and 20% performance increase with UDP send on v4/v6 and TCP send on v6 without pf.
<li>Pushed KERNEL_LOCK() inside __realpath(2).
<li>Made wakeup of parent process in dowait6 reliable even without kernel lock.
<li>Used ps_mtx to lock the child process that is being checked by dowait6.
<li>Introduced ps_trapped, a pointer to the struct proc that is stopped in the debugger trap.
<!-- 2025/02/16 -->
<li>Added support for reading eeprom pages for <a href="https://man.openbsd.org/aq.4">aq(4)</a> cards with SFP slots.
<!-- 2025/02/15 -->
<li>Fixed userland console output display on some Alder Lake machines after 6.12 drm update.
<!-- 2025/02/14 -->
<li>On amd64, with ACPI >= 5, assume UEFI and default to GPT.
<li>Added tunneldf support to <a href="https://man.openbsd.org/sec.4">sec(4)</a>.
<li>Added kern.audio.kbdcontrol <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable, allowing the volume keys on multimedia keyboards to be handled as regular keys if set to 0.
<li>Added "Match version" support to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, allowing matching on the local version of OpenSSH.
<li>Added support for "Match sessiontype" to <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>, allowing matching on the type of session requested.
<!-- 2025/02/13 -->
<li>Added <a href="https://man.openbsd.org/mtrng.4">mtrng(4)</a>, a driver supporting the 32-bit random number generator on MediaTek SoCs.
<!-- 2025/02/12 -->
<li>Use socket lock for inpcb notify.
<li>Changes to the per-process unveil datastructures can be raced by either pledge() [removing all path promises] or unveil() [adding new paths], against namei() inspecting in other thread system calls, use SINGLE_UNWIND.
<!-- 2025/02/11 -->
<li>Implemented support for SVE (Scalable Vector Extension) on arm64.
<!-- 2025/02/10 -->
<li>Introduced a pckbc@acpi attachment for use instead of pckbc@isa when interruption configuration will not be handled correctly, unbreaking keyboards including some from various ChromeBooks.
<!-- 2025/02/09 -->
<!-- 2025/02/08 -->
<li>Cache CRLs in issuer cache (libcrypto).
<!-- 2025/02/07 -->
<li>Reworked the "Default IPv6 router?" question in the installer to behave like the others.
<li>Respect checksum offloading in <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> and <a href="https://man.openbsd.org/dhcrelay6.8">dhcrelay6(8)</a>.
<li>Respect checksum offloading for incoming UDP in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>.
<!-- 2025/02/06 -->
<li>Prevented installation of path MTU routes for IPsec transport mode SAs.
<li>Updated drm to linux 6.12.12.
<!-- 2025/02/05 -->
<li>Limited net.bpf.maxbufsize <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> to a value that <a href="https://man.openbsd.org/malloc.9">malloc(9)</a> can handle.
<li>Fixed race in inpcb mutex to socket lock conversion.
<li>Restricted scanned channels appropriately when <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> runs in a fixed phy mode.
<li>Updated <a href="https://man.openbsd.org/awk.1">awk(1)</a> to the Jan 14, 2025 version.
<!-- 2025/02/04 -->
<li>Enabled reception and redistribution of EVPN NLRI to allow <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to act as an EVPN route-reflector.
<!-- 2025/02/03 -->
<li>Limited RX queue of loopback interfaces with 8192 packets, preventing unlimited queues from reaching mbuf limits and making network unusable on some architectures.
<!-- 2025/02/02 -->
<li>Added RSS/multiqueue support for AQC11x models ("aq2").
<li>Enabled PAC on hardware that uses the new QARMA3 cipher.
<!-- 2025/02/01 -->
<li>Forced 32-bit accesses when reading 8-bit or 16-bit registers, allowing use of <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> on a Cadence xHCI controller as seen on the Radxa Orion O6.
<!-- 2025/01/31 -->
<li>Optimized pmap teardown by skipping TLB flushes, giving ~5% performance boost for kernel build on arm64.
<li>Improved <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> default multiproto capability announcement selection.
<!-- 2025/01/30 -->
<li>Made <a href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> and wstpad filterops mp-safe.
<!-- 2025/01/29 -->
<li>Added missing pieces to run the lower fault handler in parallel (off by default).
<li>Made <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> reserve NAS-{Identifier,IP-Address,IPV6-Address} of Access-Request to delete the records before Accounting-Start with Acct-On or Acct-Off.
<li>Fall back to parsing the DBG2 table on arm64 if there's no SPCR table or usable serial console, allowing the user to use the port as serial console by entering "set tty com0" on the bootloader prompt.
<li>Made <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> 1.x the default if the hypervisor offers both 0.9 and 1.x.
<li>Added <a href="https://man.openbsd.org/mtintc.4">mtintc(4)</a> a driver supporting interrupt controllers found on MediaTek SoCs.
<li>Added L = Leaked to the flags list in the header of <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> show rib.
<li>Unlocked <a href="https://man.openbsd.org/open.2">open(2)</a> and <a href="https://man.openbsd.org/openat.2">openat(2)</a>.
<!-- 2025/01/28 -->
<li>Made iscsid send out all the values for session and connection params for each login stage, keeping control of what is selected, making it possible to connect to a lio target.
<!-- 2025/01/27 -->
<li>Changed <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> reject as-set from default no to yes.
<li>Updated to perl-5.40.1.
<!-- 2025/01/26 -->
<!-- 2025/01/25 -->
<li>Added <a href="https://man.openbsd.org/wg.4">wg(4)</a> logging of IP addresses of remote endpoints.
<!-- 2025/01/24 -->
<li>Made process_continue take a process as argument and prevented a possible panic in setrunnable.
<li>Provided a readable assembly implementation for MD5 on amd64.
<!-- 2025/01/23 -->
<li>When syslogd8 acting as logserver with TLS (-S) and client-certificates are used for authentication (-K), use the CN from the client's certificate as hostname.
<li>Fixed inpcb leak in divert attach.
<li>Made <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> support additional interval/profile units (hz, us, ms, s).
<li>Fixed out-of-band data in socket splicing.
<!-- 2025/01/22 -->
<li>Make single_thread_check() always return when deep is true and not suspend the curproc.
<li>Implemented <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a> handling of HeaderDigest and DataDigest params.
<li>Completely removed SB_MTXLOCK.
<li>Fixed riscv64 sigcode copying.
<li>Used `ws_mtx' <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> to make <a href="https://man.openbsd.org/wsmux.4">wsmux(4)</a> filterops mp-safe.
<!-- 2025/01/21 -->
<li>Unlocked <a href="https://man.openbsd.org/wskbd.4">wskbd(4)</a> kqueue filterops.
<!-- 2025/01/20 -->
<li>Pushed the KERNEL_LOCK() down to <a href="https://man.openbsd.org/namei.9">namei(9)</a> in <a href="https://man.openbsd.org/stat.2">stat(2)</a>, lstat(2) & fstatat(2)
<!-- 2025/01/19 -->
<li>Made mandoc "-T html" output translate ".%R RFC <number>" to a hyperlink to rfc-editor.org.
<!-- 2025/01/18 -->
<li>Implemented a new pmap_populate() interface on arm64 and riscv64 to help <a href="https://man.openbsd.org/pmap_enter.9">pmap_enter(9)</a> succeed when there's enough free physical memory but we can't allocate KVA to map that memory.
<!-- 2025/01/17 -->
<!-- 2025/01/16 -->
<li>Unveiled privileged child's write/create to mountdtab file, drop exec.
<li>Included ARIN's RPKI Trust Anchor Locator in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<!-- 2025/01/15 -->
<li>Synced <a href="https://man.openbsd.org/video.4">video(4)</a> V4L2 with Linux-6.13-rc7.
<li>Added <a href="https://man.openbsd.org/pkg-config.1">pkg-config(1)</a> support for relocatable .pc files.
<!-- 2025/01/14 -->
<li>Let <a href="https://man.openbsd.org/pppoe.4">pppoe(4)</a> data packets go through if_vinput instead of the pppoeinq, improving throughput and possibly reducing packet loss.
<li>Unlocked sysctl_malloc().
<li>Enabled multiqueue for <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
<!-- 2025/01/13 -->
<li>Made <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> bypass unknown pixelformat to consumer rather than rejecting unknown driver formats.
<li>Extended <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> nexthop encoding support (RFC8950) for the RIB.
<li>Stopped zeroing free pages to reduce time needed to suspend when there are many.
<!-- 2025/01/12 -->
<!-- 2025/01/11 -->
<!-- 2025/01/10 -->
<li>Made <a href="https://man.openbsd.org/security.8">security(8)</a> ignore <a href="https://man.openbsd.org/quota.1">quota(1)</a> files and all subdirectories of /var/mail when checking the ownership and mode of mailboxes.
<!-- 2025/01/09 -->
<li>Added 'socket' refcnt type to <a href="https://man.openbsd.org/dt.4">dt(4)</a>.
<li>Began adding <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> RFC 8950 support (IPv4 routes with IPv6 nexthop).
<li>Adjusted <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> config of announce statement to allow for RFC 8654 extended message support.
<!-- 2025/01/08 -->
<li>Increased the default count of /dev/videoX from 2 to 4.
<!-- 2025/01/07 -->
<li>Added LED support for <a href="https://man.openbsd.org/ikbd.4">ikbd(4)</a> keyboards.
<!-- 2025/01/06 -->
<li>Added <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> vxlan "[-]endpoint" command.
<li>Unlocked <a href="https://man.openbsd.org/fstat.2">fstat(2)</a>.
<!-- 2025/01/05 -->
<li>Unlocked <a href="https://man.openbsd.org/accept.2">accept(2)</a> for tcp sockets.
<!-- 2025/01/04 -->
<li>Updated to fontconfig 2.15.0.
<li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> devices that don't support sample rate changes.
<!-- 2025/01/03 -->
<li>Streamlined the BIRD output in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> and removed the -T option, structuring BIRD outputs similar to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> output.
<li>Released rpki-client 9.4.
<li>Reworked rwlocks to reduce pressure on the scheduler and SCHED_LOCK.
<!-- 2025/01/02 -->
<li>Made <a href="https://man.openbsd.org/nfsd.8">nfsd(8)</a> default to UDP when using only -n.
<li>Deprecated <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> -T.
<li>Replaced BIRD v1 output with BIRD v3 output in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<!-- 2025/01/01 -->
<li>Introduced reference counts on struct mount.
<li>Improved lldp output of <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option allowing users to override the width of individual Unicode codepoints.
<li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support for devices which report bulk and isochronous endpoints.
<!-- 2024/12/31 -->
<li>Abandoned hibernate or resume when an i/o or memory allocation fails.
<!-- 2024/12/30 -->
<!-- 2024/12/29 -->
<li>Ensured <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> fills v4l2_capability correctly (allowing some V4L consumers to use bus_info to identify the desired webcam when attempting to switch devices).
<!-- 2024/12/28 -->
<li>Adjusted rDNS lifetime to RFC 8106 default (minimum) value in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
<!-- 2024/12/27 -->
<li>Implemented zoneversion edns option (RFC 9660) in <a href="https://man.openbsd.org/dig.1">dig(1)</a>.
<!-- 2024/12/26 -->
<li>Run TCP output in parallel.
<!-- 2024/12/25 -->
<li>Prevented a possible crash in qemu where the clang -fzero-call-used-regs feature is used with retguard.
<!-- 2024/12/24 -->
<li>Set pltime to 0 in dhcp6leased when upstream interface goes down so clients form and prefer new addresses.
<li>Added preservation of fdisk info to libexec/security daily script.
<li>Limited hibernate writes to within the area of the swap partition allocated by uvm_hibswap() for hibernation.
<li>Added support for the 'AttribRawProcessBytes' attribute, which makes the HP Omnibook X 14 boot in ACPI mode.
<li>Made tcp_mss() MP safe so it can be called with socket lock.
<!-- 2024/12/23 -->
<li>Updated to util-macros 1.20.2.
<li>Updated to xprop 1.2.8.
<li>Updated to xlogo 1.0.7.
<li>Updated to xkbevd 1.1.6.
<li>Updated to xcompmgr 1.1.10.
<li>Updated to oclock 1.0.6.
<!-- 2024/12/22 -->
<li>Made uvideo forward error bits to the consumer, fixing the integrated cameras on ThinkPad T14 Gen 5, ThinkPad X1 nano 2 and Lenovo x13.
<li>Based offsets for ISOCHRONOUS IN frames on a fixed packet size, ensuring accuracy even with shorter frames.
<!-- 2024/12/21 -->
<li>Updated to xserver 21.1.15.
<!-- 2024/12/20 -->
<!-- 2024/12/19 -->
<li>Used per-sockbuf <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> to protect `'so_rcv' buffer of <a href="https://man.openbsd.org/tcp.4">tcp(4)</a> sockets.
<li>Implemented regulator-based signal voltage switch support in <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a>, fixing bootup on the MNT Reform2 with the RK3588 module.
<!-- 2024/12/18 -->
<li>Scheduled future <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> rejection of ultra long-lived TA certificates (02-02-2026/03-03-2027).
<!-- 2024/12/17 -->
<li>Let LLDP packets fall through to being handled on the port interfaces for <a href="https://man.openbsd.org/aggr.4">aggr(4)</a>.
<!-- 2024/12/16 -->
<li>Unlocked sysctl_video()
<!-- 2024/12/15 -->
<li>Added an AF_FRAME socket domain and an IFT_ETHER protocol family under it, allowing userland to use sockets to send and receive Ethernet frames.
<li>Made `video_filtops' mp-safe.
<li>Unlocked KERN_GLOBAL_PTRACE.
<!-- 2024/12/14 -->
<li>Unlocked KERN_WXABORT.
<!-- 2024/12/13 -->
<li>Implemented Notification Message Support for BGP Graceful Restart (RFC 8538) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<!-- 2024/12/12 -->
<li>Cached the Adj-RIB-Out for <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> sessions that have not been down for more than INTERVAL_SESSION_DOWN (3600) seconds.
<!-- 2024/12/11 -->
<!-- 2024/12/10 -->
<li>Corrected behavior of <a href="https://man.openbsd.org/sed.1">sed(1)</a> c command to match POSIX.
<!-- 2024/12/09 -->
<li>Added <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> support for extended messages (RFC 8654), extending the maximum message size of BGP from 4096 to 65535.
<!-- 2024/12/08 -->
<!-- 2024/12/07 -->
<li>Added ratelimits to logging of connections dropped by <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> PerSourcePenalties.
<!-- 2024/12/06 -->
<li>Allowed <a href="https://man.openbsd.org/glob.3">glob(3)</a> patterns for <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> AuthorizedKeysFile and AuthorizedPrincipalsFile directives.
<li>Provided a SHA-1 assembly implementation for amd64 using SHA-NI, providing a 2-2.5x performance gain on some Intel CPUs and many AMD CPUs.
<!-- 2024/12/05 -->
<li>Made <a href="https://man.openbsd.org/qcpon.4">qcpon(4)</a> query hardware for the button state to detect release even if the press event is missed, and to signal wakeup when the button is pressed.
<!-- 2024/12/04 -->
<li>Fixed <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a> -l output when the file contains CR characters.
<li>Provided a replacement assembly implementation for SHA-1 on amd64.
<li>Prevent integer overflow in x11 port handling in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> in cases of admin or user misconfiguration.
<li>Unlocked gre_sysctl().
<!-- 2024/12/03 -->
<li>Unlocked virtio.
<li>Added support for FIDO tokens that return no attestation data, e.g. recent WinHello.
<!-- 2024/12/02 -->
<li>In <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>, when AS0 TALs are provided, by default omit VRPs derived from them.
<li>Prefer AES-GCM to AES-CTR.
<li>Made pkg_add run <a href="https://man.openbsd.org/ldconfig.8">ldconfig(8)</a> after each updateset if the list of shared libraries was changed.
<!-- 2024/12/01 -->
<li>Added PercentLoad sensor to upd.4, reporting the % of the available UPS power drawn by output outlets.
<!-- 2024/11/30 -->
<li>Added <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a> support for Jabra PanaCast 20.
<!-- 2024/11/29 -->
<li>Added support for read/write of xmm/ymm registers to <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>.
<!-- 2024/11/28 -->
<!-- 2024/11/27 -->
<li>Added a missed abort of transfer pipe in <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>.
<li>Fixed argument of "Compression" directive in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> -G config dump.
<li>Fixed a powerpc64 bug where a pte could be put into an incorrect pteg, leading to a crash.
<li>Made lock changes to reduce lock contention in __thrsleep and __thrwakeup syscalls. go performance particularly benefits from this.
<!-- 2024/11/26 -->
<li>Added copy-mode-position-style and copy-mode-selection-style options to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Add <a href="https://man.openbsd.org/ptrace.2">ptrace(2)</a> commands used to read/write the XSAVE area of a traced process.
<li>Enabled rx/tx checksum offloading on <a href="https://man.openbsd.org/iavf.4">iavf(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/xbf.4">xbf(4)</a> and <a href="https://man.openbsd.org/xnf.4">xnf(4)</a> not attaching on XCP-ng 8.3/Xen 4.17.
<li>Let <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> pick the first attached dlt when attaching to an interface instead of the lowest numbered.
<!-- 2024/11/25 -->
<li>Started accounting for in-flight pages being written to disk when the page daemon is computing page shortage.
<li>Added <a href="https://man.openbsd.org/scmi.4">scmi(4)</a> mailbox transport and perf protocol for cpu frequency management on Snapdragon X Elite.
<!-- 2024/11/24 -->
<li>Added <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> support for the "post-power-on-delay-ms" in the MMC power sequencing.
<li>Added RK3399 support to <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>.
<li>Added <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> block list wildcard support using domains starting with '.'.
<li>Disabled small builtin EC curves.
<!-- 2024/11/23 -->
<li>Implemented <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> power down if the PMIC is marked as the system power controller in the device tree.
<!-- 2024/11/22 -->
<li>Started flushing the interrupt status register in <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> attach.
<!-- 2024/11/21 -->
<li>Ensured the correct address family propagates during IP deliver.
<li>Allowed the user to provide an alternative perfpolicy when on battery, extending the semantics of hw.perfpolicy to provide two buttons to specify desired behavior.
<li>Developed a new imsg API and applied it across the tree.
<!-- 2024/11/20 -->
<!-- 2024/11/19 -->
<!-- 2024/11/18 -->
<li>Taught <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> how to disassemble endbr64.
<!-- 2024/11/17 -->
<!-- 2024/11/16 -->
<li>Provided <a href="https://man.openbsd.org/tun.4">tun(4)</a> network offloads between the kernel and userland and introduced a new TUNSCAP ioctl .
<li>Added <a href="https://man.openbsd.org/qccpucp.4">qccpucp(4)</a>, a driver for the CPUSS Control Processor (CPUCP) mailbox controller.
<li>Provided a SHA-256 assembly implementation for amd64 using SHA-NI, providing a 3-5x performance gain on some Intel CPUs and many AMD CPUs.
<li>Removed sha512-x86_64.pl.
<li>Provided a replacement assembly implementation for SHA-512 on amd64.
<!-- 2024/11/15 -->
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> no-detach-on-destroy client option, useful for control mode clients.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> scrollbar style parameters width and pad.
<!-- 2024/11/14 -->
<li>Updated to xterm 395.
<li>Moved the hppa stack 1GB higher.
<!-- 2024/11/13 -->
<li>Enabled <a href="https://man.openbsd.org/ixv.4">ixv(4)</a> on RAMDISK_CD.
<li>Started taking into account how long the <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> DNS probe takes before deciding to punt.
<!-- 2024/11/12 -->
<li>Fixed <a href="https://man.openbsd.org/simplefb.4">simplefb(4)</a> colours for BPP16 and BPP24.
<li>Added support for BPP16 16-bit color EFI framebuffer format as offered by u-boot.
<li>Updated libexpat to 2.6.4.
<!-- 2024/11/11 -->
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> scrollbar mouse support.
<li>Allowed <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> specification of interface and queue bandwidths greater than ~4Gbit.
<li>Updated to libXcursor 1.2.3.
<li>Updated to xwud 1.0.7.
<li>Updated to xrandr 1.5.3.
<li>Updated to xmag 1.0.8.
<li>Updated to xkbprint 1.0.7.
<li>Updated to xcmsdb 1.0.7.
<li>Updated to xclipboard 1.1.5.
<li>Updated to xbacklight 1.2.4.
<li>Updated to fonttosnft 1.2.4.
<li>Updated to bdftopcf 1.1.2.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option to control the input buffer size.
<!-- 2024/11/10 -->
<li>Locked send socket buffer for fstat syscall.
<!-- 2024/11/09 -->
<li>Fixed a bug where <a href="https://man.openbsd.org/getty.8">getty(8)</a> dx flag was supposed to set decctlq, but was setting ixany instead.
<!-- 2024/11/08 -->
<li>Added <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> -l flag to list drivers or files.
<li>Made qcpas send APM_POWER_CHANGE events on AC/battery life changes, allowing upowerd to react.
<li>Used a mutex to make <a href="https://man.openbsd.org/psp.4">psp(4)</a> MP safe.
<li>Provided a replacement assembly implementation for SHA-256 on amd64.
<li>Changed luna88k disklabel labeloffset to 0.
<li>Made CPU frequencies human-readable with <a href="https://man.openbsd.org/systat.1">systat(1)</a> sensors -h.
<li>Implemented an interrupt depth counter for sparc64.
<li>Added support for MA devices to <a href="https://man.openbsd.org/iwx.4">iwx(4)</a>.
<li>Changed to only install a second copy of the bootloader if the EFI System Partition is at least 1MB to avoid filling up the tiny ESPs we used to create a few releases ago.
<li>Added <a href="https://man.openbsd.org/ice.4">ice(4)</a>, a driver for Intel E810 devices.
<!-- 2024/11/07 -->
<li>Added a helper to check if memory has been freed for a given request to improve speed of the page daemon loop.
<li>Optimized page daemon active and inactive list traversals when looking only for low pages.
<li>Added multi-line strings support to the <a href="https://man.openbsd.org/bt.5">bt(5)</a> script parser.
<!-- 2024/11/06 -->
<li>Made <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> log the username when rejecting by ipcp.
<li>Added an <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> "websafe-allow" option to override the default allow-list of FIDO application IDs.
<li>Added <a href="https://man.openbsd.org/wsconscfg.8">wsconscfg(8)</a> -g option to get the index of the current virtual terminal.
<!-- 2024/11/05 -->
<li>Added TLS support to <a href="https://man.openbsd.org/tcpbench.1">tcpbench(1)</a>.
<li>Implemented CSI s and CSI u to save and restore cursor position in <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>.
<li>Prevented a race where a mapped object is being truncated while we are spinning to unwire it.
<li>Implemented <a href="https://man.openbsd.org/psp.4">psp(4)</a> shutdown command and <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> PSP_IOC_SHUTDOWN, which will be used by <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> to reset <a href="https://man.openbsd.org/psp.4">psp(4)</a> on startup.
<li>Replaced rwlock with iterator in UDP input multicast loop, preventing a potential kernel crash.
<li>Correctly honored the count optional argument of the <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> break command, ensuring execution does not stop until the breakpoint is hit at least that many times.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> support for a scrollbar at the side of each pane using new options pane-scrollbars, pane-scrollbars-positions and pane-scrollbars-styles.
<li>Unlocked ptsignal, psignal and prsignal.
<li>Updated to libXi 1.8.2.
<li>Updated to libXfont2 2.0.7.
<li>Updated to xserver 21.1.14.
<li>Added support for CSI b control sequence (repeat last printed character) to the <a href="https://man.openbsd.org/wscons.4">wscons(4)</a> vt100 emulation.
<!-- 2024/11/04 -->
<li>Removed the ability to specify root/dump/swap on <a href="https://man.openbsd.org/st.4">st(4)</a>.
<li>Ignored extra groups that don't fit in the buffer passed to <a href="https://man.openbsd.org/getgrouplist.3">getgrouplist(3)</a>, reading only the maximum of sixteen.
<li>Made <a href="https://man.openbsd.org/getgrouplist.3">getgrouplist(3)</a> always return the total number of groups found.
<li>Implemented <a href="https://man.openbsd.org/aplsmc.4">aplsmc(4)</a> support for the new CHLS key used to control the battery charge level in newer SMC firmware.
<!-- 2024/11/03 -->
<li>Added iked "natt" option that forces negotiation of nat-t (and udpencap).
<li>Allowed <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> to download firmware without root.
<!-- 2024/11/02 -->
<li>Moved <a href="https://man.openbsd.org/dt.4">dt(4)</a> to using a ringbuffer per CPU.
<li>Improved <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> detection of gaps in ManifestIssuance.
<li>Updated APNIC trust anchor constraints for rpki.
<!-- 2024/11/01 -->
<li>Added <a href="https://man.openbsd.org/ixv.4">ixv(4)</a>, a driver for virtual functions of Intel 82598EB, 82559 and X540.
<li>Made macppc ofwboot sync instruction cache before entering kernel, preventing a potential boot failure.
<!-- 2024/10/31 -->
<!-- 2024/10/30 -->
<li>Implemented the AMD SEV <a href="https://man.openbsd.org/psp.4">psp(4)</a> download firmware command to load new firmware onto the chip and made the AMD SEV automatically load psp(4) firmware during <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> startup.
<li>Made <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> install a copy of the UEFI bootloader in /efi/openbsd on the EFI system partition, allowing creation of boot options for the firmware boot manager other OSes will leave alone.
<li>Made <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> print pppoe tags as hex dumps.
<li>Prevented <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a> running through time checks when an entry is definitely oversized.
<!-- 2024/10/29 -->
<li>Moved hfsc to keep time using nanoseconds.
<li>Included cdXX.iso in MDEXT on arm64.
<li>Fixed xkb buffer overflow.
<!-- 2024/10/28 -->
<li>Added support for client certificates to <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>.
<li>Set AP power state, fixing the SMC initialization on the M1 MacBook with the latest system firmware.
<li>Unlocked KERN_ALLOWKMEM.
<!-- 2024/10/27 -->
<!-- 2024/10/26 -->
<!-- 2024/10/25 -->
<li>Unlocked timeout_sysctl().
<li>Allowed control characters prefixed with C-v to be entered at the tmux.1 command prompt.
<!-- 2024/10/24 -->
<li>Added support for performing a sysupgrade.8 from a path.
<li>Promoted mlkem768x25519-sha256 to be the default key exchange.
<li>Mapped ucom unit number to cuaU number using the same scheme MAKEDEV uses, fixing problems with ucom units > 10.
<li>Stopped amd64 leak of kernel stack guard pages.
<!-- 2024/10/23 -->
<li>Made <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> drop all keys when it receives SIGUSR1.
<li>Reduced kernel lock contention when tearing down file-backed regions.
<!-- 2024/10/22 -->
<!-- 2024/10/21 -->
<li>Corrected reporting of print screen key in raw mode.
<!-- 2024/10/20 -->
<!-- 2024/10/19 -->
<li>Changed sdhc bus power behavior to no longer perform a power-off voltage switch request when the card is already operating at the requested voltage.
<!-- 2024/10/18 -->
<li>Started enforcing that elliptic curve parameters correspond to a built-in curve.
<li>Moved to send only a single reset during attach for <a href="https://man.openbsd.org/ihidev.4">ihidev(4)</a> devices, preventing issues with some devices like the built-in keyboard on the Thinkpad T14s Gen 6.
<!-- 2024/10/17 -->
<li>Reworked cert signature security level so it handles RSA-PSS and EdDSA certificates correctly and the handshake with such can progress a bit further. Of note, we check that the certs are actually suitable for use in TLS per RFC 8446 contrary to what OpenSSL does.
<li>Added <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a> support.
<li>Required control-escape character sequences passed to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> via the '-e ^x' commandline to be exactly two characters long to avoid a possible OOB read.
<li>Altered <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> _ssh_order_hostkeyalgs() to consider ECDSA curve type when arranging the hostkey algorithms. Code is unused in OpenSSH but others are using it.
<li>Allowed "-" as output file for <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a> module screening.
<li>Updated libdrm to 2.4.123
<!-- 2024/10/16 -->
<li>Moved the a.out specific defines and macros, but the MID_xxx values, from
<sys/exec.h> to <a.out.h>.
<!-- 2024/10/15 -->
<li>Moved to indicating that a process has stopped by setting PS_STOPPED flag.
<!-- 2024/10/14 -->
<!-- 2024/10/13 -->
<li>Stopped using the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> ObscureKeystrokeTiming mitigations if there has been traffic on a X11 forwarding channel recently. Should fix performance regressions with X11 Forwarding.
<li>Split the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection.
<li>Added sshd-auth to the binaries that relink at boot.
<!-- 2024/10/12 -->
<li>Made <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> -a mean all when downloading or installing, not just deleting.
<!-- 2024/10/11 -->
<li>Introduced a new build class to be used by the build user in <a href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>.
<li>Added firmware keys to the signify key bundles. <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> will now extract the firmware key also, allowing fw_update fetch the most up-to-date firmware before upgrading.
<!-- 2024/10/10 -->
<li>Allowed use of MSI with the QEMU default pc-i440fx machine.
<li>Neutered the tun/tap ioctls that try and modify interface flags.
<li>Made <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> always print account URI on first creation of an account key.
<li>Changed <a href="https://man.openbsd.org/ps.1">ps(1)</a> print the session id (PID of the session leader) instead of a pointer.
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> sixel_support format variable which is 1 if SIXEL is supported (always 0 on OpenBSD).
<!-- 2024/10/09 -->
<li>Made it possible to configure tcp md5 and ipsec on rtr in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<!-- 2024/10/08 -->
<li>Added the ablity for <a href="https://man.openbsd.org/bus_dmamem_alloc.9">bus_dmamem_alloc(9)</a> to recognize the BUS_DMA_64BIT flag and allocate memory for DMA without any 4GB restrictions on amd64.
<!-- 2024/10/07 -->
<li>Made <a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a> -v show the account URI from the Location header sent by the server in response to the newAccount API call.
<li>Updated unbound to 1.21.1.
<li>Provided a mechanism for getting required keys to <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> older machines, providing a new set of keybundles signed by older keys to allow sysupgrade to securely and automatically download the required key.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> prompt-cursor-colour and prompt-cursor-style to set the style of the cursor in the command prompt and remove the emulated cursor.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> initial-repeat-time option to allow the first repeat time to be increased and later reduced.
<li>Added support for AX88772D to <a href="https://man.openbsd.org/axen.4">axen(4)</a>.
<!-- 2024/10/06 -->
<li>Fixed the <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a> rx refill timeout to only refill rings that are currently empty, preventing possible corruption and crashes.
<li>Turned off finite field (a.k.a modp) Diffie-Hellman key exchange in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> by default.
<!-- 2024/10/05 -->
<li>Made scaling available for normal wsmouse.4 mice, not just touchpads.
<!-- 2024/10/04 -->
<li>Allowed boot loader to run as AMD SEV guest on QEMU with EFI.
<li>Allowed kernel boot on QEMU with AMD SEV.
<li>Added copy-mode-position-format to configure the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> position indicator.
<li>Added -y flag to disable <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> confirmation prompts in modes.
<li>Reworked <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode commands ("send-keys -X") to parse the arguments so that flags may be detected propertly rather than just looking for strings ("-O" and so on). Also added -C and -P flags to the copy commands. -C prevents the commands from sending the text to the clipboard and -P prevents them from adding the text as a paste buffer.
<li>Increased <a href="https://man.openbsd.org/psp.4">psp(4)</a> timeouts, allowing the EPYC 9124 time to attach.
<li>Added printing of number of queues and interrupt and ethernet address details to <a href="https://man.openbsd.org/mcx.4">mcx(4)</a>.
<!-- 2024/10/03 -->
<li>Increased rx mbuf size with lro in <a href="https://man.openbsd.org/vio.4">vio(4)</a>, helping tcp splice performance.
<!-- 2024/10/02 -->
<li>Improved the heuristic for detecting i2c devices (making type-A ports on the vivobook work in acpi mode).
<li>Added MSYSTEM to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> default update-environment.
<li>Improved responsiveness in OOM situations and made free target checks coherent.
<!-- 2024/10/01 -->
<li>Adjusted the ptrace interface to properly support single-threaded continue.
<li>Added a way to make the preview larger in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> tree mode.
<li>Fixed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> problems with pasted text being interpreted as extended keys.
<!-- 2024/09/30 -->
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> only use default-shell for popups, returning to /bin/sh for run-shell, if-shell and #().
<!-- 2024/09/29 -->
<li>Fixed grey color in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<!-- 2024/09/28 -->
<!-- 2024/09/27 -->
<!-- 2024/09/26 -->
<li>Added an ipi for executing INVEPT to flush EPT on remote cpus, a first step toward allowing guest memory not to be wired by UVM.
<!-- 2024/09/25 -->
<li>Corrected an indexing error that could leave stale data in the <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
<!-- 2024/09/24 -->
<li>Added <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> -R #.# to try to use a specific release version rather than the immediate +0.1.
<li>Reintroduced support for "Match criteria=argument" to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> for those using the unintentional syntax.
</ul>