-
Notifications
You must be signed in to change notification settings - Fork 42
/
69.html
2153 lines (1856 loc) · 89.4 KB
/
69.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 6.9</title>
<meta name="description" content="OpenBSD 6.9">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/69.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
6.9
</h2>
<table>
<tr>
<td>
<a href="images/nice.png">
<img width="227" height="303" src="images/nice-s.gif" alt="Nice"></a>
<td>
Released May 1, 2021. (50th OpenBSD release)<br>
Copyright 1997-2021, Theo de Raadt.<br>
<br>
6.9 Song:
<a href="lyrics.html#69">"Vetera Novis"</a>.
<br>
Artwork by Joy San.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/6.9/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata69.html">the 6.9 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus69.html">detailed log of changes</a> between the
6.8 and 6.9 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-69-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/openbsd-69-base.pub">
RWQQsAemppS46LT4dNnAtVUZt51ResyNU35n4OH9yl/r7JcR3B75fO4V</a>
<tr><td>
openbsd-69-fw.pub:
<td>
RWQmtywnZCJ0lWWc2wr0Ity/Ys498gmQksAi2dSmpW5IwkjEH/OXYPaF
<tr><td>
openbsd-69-pkg.pub:
<td>
RWSG2ib5ZXSfQUmO/SK6MkA6wDVmjQ+7PHIUtEokG4TNnTghJnJ7NtkR
<tr><td>
openbsd-69-syspatch.pub:
<td>
RWQukL+0K9o9dQ7z3X8mPAftyJDzxmsm9ojLck+Yi9Q+YGEPqdxDK4ke
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 6.9.
For a comprehensive list, see the <a href="plus69.html">changelog</a> leading
to 6.9.
<ul>
<li>New/extended platforms:
<ul>
<li>Support for the <a href="powerpc64.html">powerpc64</a> platform was improved:
<ul>
<li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a
driver for the framebuffer of the Aspeed BMC found on many POWER8 and
POWER9 systems.
<li>Added bsd.mp to powerpc64's installXX.{img,iso}.
<li>Added RETGUARD implementation for powerpc and powerpc64.
<li>Added a workaround for PCIO devices that cannot address the full
64-bit PCI address space to powerpc64. Needed for <a
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon
GPUs only implement 36, 40, or 44 bits of address space.
<li>Added limited emulation of unaligned access in the powerpc64 kernel.
<li>Added support for netbooting to the powerpc64 RAMDISK kernel.
<li>Fixed booting on powerpc64 machines with memory banks higher in
physical address space, needing a larger TCE table.
<li>Introduced power-saving mode on POWER9 CPUs.
<li>Enabled floating-point exceptions on powerpc64.
<li>Added support for <a
href="https://man.openbsd.org/ipmi.4">ipmi(4)</a> on PowerNV systems.
</ul>
<li>Preliminary support was added for devices using the Apple M1 SoC:
<ul>
<li>Recognized Apple Icestorm/Firestorm cores on arm64.
<li>Added support for BCM4378 chips, as found on the Apple M1 SoCs, to
<a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
<li>Added <a href="https://man.openbsd.org/exuart.4">exuart(4)</a>
support for the UART found on the Apple M1 SoC.
<li>Added <a href="https://man.openbsd.org/apldog.4">apldog(4)</a>, a
driver for the watchdog on Apple M1 SoCs, allowing reboot of the
machine.
<li>Added <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a>,
a driver for the interrupt controller found on Apple M1 SoCs.
<li>Added <a href="https://man.openbsd.org/aplpcie.4">aplpcie(4)</a>,
a driver for the PCIe host bridge on Apple M1 SoCs.
<li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a>,
a driver for the IOMMU on Apple M1 SoCs.
<li>Added support for CPUs with 8-bit ASIDs such as those on
Apple's M1 SoC.
</ul>
<li>The arm64 platform support was improved with the following changes:
<ul>
<li>Optimized arm64 <a
href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a
href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a
href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte
copies if possible.
<li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
<li>Added clock support for i.MX8MP SoCs.
<li>Added support for the VF610 I2C controller to <a
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
<li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a
driver for the Synopsys DesignWare GPIO controller.
<li>Added <a
href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support
for the "Always On" GPIOs.
<li>Made large read and write transactions work in <a
href="https://man.openbsd.org/amliic.4">amliic(4)</a>.
<li>Added support for the PCIe controller found on Amlogic
G12A/G12B/SM1 SoCs to <a
href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a>.
<li>Implemented legacy interrupt support to <a
href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a>.
<li>Added <a href="https://man.openbsd.org/cryptox.4">cryptox(4)</a>,
a driver for armv8 cryptographic extensions.
<li>Added support for PCIe on the NanoPi R4S to <a
href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
<li>Added <a href="https://man.openbsd.org/smmu.4">smmu(4)</a>, a
driver for the ARM System MMU.
<li>Introduced an IOVA early-allocation scheme in <a
href="https://man.openbsd.org/smmu.4">smmu(4)</a>, mitigating the
performance penalty of typical IOVA allocation designs.
<li>Introduced Guard Pages in <a
href="https://man.openbsd.org/smmu.4">smmu(4)</a>, to spot misuse
and misconfiguration of I/O devices more easily.
<li>Added support for RK809 to <a
href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>, as seen on the
Rock Pi N10 with the rk3399pro.
<li>Added support for <a
href="https://man.openbsd.org/sdhc.4">sdhc(4)</a> on the Raspberry Pi
in ACPI mode.
<li>Enabled <a href="https://man.openbsd.org/ixl.4">ixl(4)</a> on arm64.
<li>Updated device-tree bindings for <a
href="https://man.openbsd.org/cwfg.4">cwfg(4)</a> battery capacity
driver to correct attaching and account for monitoring interval
change, making cwfg(4) export values under hw.sensors as expected when
using a Pinebook Pro.
<li>Added ARMv8-5 instruction set related CPU features to arm64.
</ul>
</ul>
<li>Various kernel improvements:
<ul>
<li>Added the RAID1C (encrypted raid1) <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> discipline,
encrypting data like the CRYPTO discipline and accepting multiple
chunks during creation and assembly like the RAID1 discipline.
<li>Corrected raidlevel verification specified by the -c option in <a
href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>.
<li>Introduced kern.video.record for <a
href="https://man.openbsd.org/video.4">video(4)</a> devices, a privacy feature analog
to the kern.audio.record <a
href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a
href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By
default, kern.video.record will be set to zero and blank all data
delivered by drivers attaching to <a
href="https://man.openbsd.org/video.4">video(4)</a>.
<li>Allowed a process to open a <a
href="https://man.openbsd.org/video.4">video(4)</a> device multiple
times. Fixes webcam usage with Firefox and BigBlueButton.
<li>Enabled multiple opens of a <a
href="https://man.openbsd.org/video.4">video(4)</a> device as
described in the V4L2 specification.
<li>Added basic support for kclock timeouts to <a
href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
<li>Changed the <a href="https://man.openbsd.org/pool.9">pool(9)</a>
timeouts to use the system uptime instead of ticks.
<li>Ensured <a href="https://man.openbsd.org/sleep.3">sleep(3)</a>
calls <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a>
if seconds is zero, now delegating all decisions about whether or not
to yield the CPU.
<li>Added a top-level 'reboot' command to <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a>
check for uninitialized (or zeroed) lock usage.
<li>Added fd close notification for kqueue-based <a
href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
href="https://man.openbsd.org/select.2">select(2)</a>.
<li>Added a global "nowake" channel for threads avoiding <a
href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a
href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>.
<li>Added trace points for <a
href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a
href="https://man.openbsd.org/free.9">free(9)</a>, making them
traceable via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a
href="https://man.openbsd.org/btrace.8">btrace(8)</a>.
<li>Added <a href="https://man.openbsd.org/btrace.8">btrace(8)</a> -n
(no action) mode, which parses the program and then exits.
<li>Fixed a boot-time crash on sparc64 due to mutex use during the
message buffer initialization.
<li>Prevented a panic in some ACPI firmware that provided invalid
memory regions in their reserved memory region reporting table.
<li>Added a barrier between reading the cqe flags and the command ID
to prevent completion of the wrong SCSI I/O for <a
href="https://man.openbsd.org/nvme.4">nvme(4)</a> drives.
<li>Prevented attachment of <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>
devices of zero size.
<li>Introduced new function <a
href="https://man.openbsd.org/if_unit.9">if_unit(9)</a>, returning a
pointer to the interface descriptor corresponding to the unique name.
<li>Clear interrupts on luna88k processors more efficiently at boot
time.
<li>Added <a
href="https://man.openbsd.org/acpiiort.4">acpiiort(4)</a>, a driver
for the ACPI I/O Remapping Table.
<li>Updated clock interrupt count atomically on mips64.
<li>Prevented an amd64 kernel crash with protection fault due to an
invalid offset when reading /dev/kmem.
<li>Permitted access to kern.somaxconn sysctl information when the
unix <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> is used,
allowing Go programs to use "unix" without also including "inet".
<li>Excluded the first page and added a guard page between I/O
virtual address space allocations on arm64.
<li>Prevented attachment of SCSI devices that fail to provide
adequate INQUIRY data.
</ul>
<li>SMP Improvements
<ul>
<li>Introduced "if_cloners_lock" rwlock and used it to serialize
if_clone_{create,destroy}(), avoiding multiple race conditions.
<li>Introduced a system-wide mutex that serializes msgbuf operations.
<li>Made <a
href="https://man.openbsd.org/uvm_pagealloc.9">uvm_pagealloc(9)</a> of
the physical memory allocator mp-safe.
<li>Unlocked <a href="https://man.openbsd.org/getppid.2">getppid(2)</a>.
<li>Introduced locking for amaps and anons, improving build performance.
<li>Moved UNIX domain sockets out of the kernel lock, using the new
"unp_lock" <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> as
solock()'s backend to protect the whole layer.
<li>Unlocked <a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>.
<li>Used per-CPU counter for fault and stats counters reached in uvm_fault().
</ul>
<li>Direct Rendering Manager
<ul>
<li>Fixed <a
href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>
backlight commands when using
<a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on
macppc.
<li>Fixed a <a
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
panic on macppc with Powerbook5,6 and RV350.
<li>Fixed DRI3 support on <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a
href="https://man.openbsd.org/ati.4">ati(4)</a>.
<li>/dev/dri/ device nodes are created to be more compatible with Linux.
</ul>
<li>VMM/VMD improvements
<ul>
<li>Prevented memory corruption or improper page access in <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> due to improper TLB
flushing for now by wiring the pages used by virtual machines.
<li>Removed the ability of <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a> to boot from kernels
in raw/qcow2 images.
<li>Made <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
properly indicate VMs are stopping instead of "running" with "vmctl
status".
<li>Simplify argument parsing of
<code><a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> stop</code>
thereby avoiding a
<a href="https://man.openbsd.org/printf.3">printf(3)</a> "%s" NULL,
a use of uninitialized and a dead else branch.
<li>Cleaned up events on <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a> pause or resume and
fixed an issue leading to broken serial console by cleanly tearing
down and restoring emulated device state on vm send/receive.
<li>Propagated host-side <a
href="https://man.openbsd.org/tap.4">tap(4)</a> lladdr to guest vm
process to allow unicast dhcp and bootp renewals with <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>'s built-in dhcp
server.
<li>Added <a href="https://man.openbsd.org/veb.4">veb(4)</a> to the
list of supported bridges for <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
<li>Improved MSR exit handling in <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> on SVM and VMX
hosts preventing invalid reads and fixing support for 9front.
<li>Added ability to boot compressed ramdisks to <a
href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
</ul>
<li>Various new userland features:
<ul>
<li>Added <a
href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog"
option to avoid <a
href="https://man.openbsd.org/syslog.3">syslog(3)</a>.
<li>Allowed specific <a
href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used
for play-only and rec-only modes.
<li>Use an 8th order FIR low-pass filter for resampling in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> and for <a
href="https://man.openbsd.org/aucat.1">aucat(1)</a>, removing most of
the aliasing noise during resampling.
<li>Disabled <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
autovolume by default and set the default volume to 127. Setting "-w
on" will replicate the previous behavior of automatically decreasing
playback volume when new programs start playing.
<li>Allowed mixing of alternative devices (-F) with different
capabilities in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> by treating any
device as full-duplex.
<li>Fixed visibility of <a
href="https://man.openbsd.org/sndioctl.1">sndioctl(1)</a> output when
used through a pipe.
<li>Enabled build and install of <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>.
<li>Added <a href="https://man.openbsd.org/logger.1">logger(1)</a>
support to <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>, <a
href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a> and <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for daemons logging
to stdout/stderr.
<li>Added a configurable button mapping for tap gestures on touchpads
to <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>.
<li>Made <a href="https://man.openbsd.org/wscons.4">wscons(4)</a>
touchpad tap detection less restrictive for multi-finger taps and
improved tap detection.
<li>Enable <a
href="https://man.openbsd.org/man4/arm64/apm.4">apm(4)</a> on arm64 to
display meaningful information about battery use and capacity.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>Fixed a pledge violation in <a
href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting
input from a file containing ^T would cause csh(1) to perform a tty
ioctl operation against a non-tty.
<li>Made <a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a> work
again when fewer than 3 patches are available.
<li>Stopped exempting file systems from <a
href="https://man.openbsd.org/security.8">security(8)</a> on the basis
of nodev and nosuid options, which may not be used for file systems
mounted beneath.
<li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a>
to stop reporting disk status and networking statistics.
<li>Made <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify
a version when it uses <a
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid
the situation where upgrading a pre-6.8 snapshot to 6.8 release with
"-r" would install firmware packages from snapshots.
<li>Increased speed of the dependency check pass for <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
<li>Prevented process exit in multithreaded programs from reporting
the wrong error code.
<li>Allowed booting of amd64/i386 from GPT formatted disks larger than 4TB.
<li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a>
-n flag, correctly enumerate files with more than INT_MAX lines.
<li>Fixed a memory leak in ld.so's malloc.
<li>Added a "xenodm" login class for <a
href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> and increased
openfiles to 512 to avoid running out of file descriptors with a busy
desktop.
<li>Stopped <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>
from adding authorizations for TCP connections by default and added
"listenTCP" to explicitly add authorizations for existing IP addresses
on startup.
<li>Skip adding the IPv6 link local addresses for TCP listener
authorizations in <a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>,
matching what is done by
<a href="https://man.openbsd.org/startx.1">startx(1)</a>.
<li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>.
<li>Improve pledge in <a
href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added
pledge to the "-C" code path.
<li>Improved performance of <a
href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s cache.
<li>Made editing GPT in <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> safer by
defaulting offset to the beginning of the largest free space and
preventing the creation of overlapping partitions.
<li>Fixed a crash that could occur in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when a USB
device is unplugged.
<li>Append .html suffixes to temporary files in <a
href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> to allow
recognition by browsers.
<li>Allow specification of a path to the <a
href="https://man.openbsd.org/mg.1">mg(1)</a> startup file on the
command line.
<li>Added a "batch" mode to <a
href="https://man.openbsd.org/mg.1">mg(1)</a> via the "-b" command
line option, which will initialize a pty, run the specified file of mg
commands and then exit.
<li>Inverted the <a href="https://man.openbsd.org/mg.1">mg(1)</a> "R"
indicator to mean that a "*" next to a file's name indicates that it
is read-only. Made the active buffer indicator more visible by
changing it to ">".
<li>Fixed <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
redrawing of a multiline PS1 prompt in vi mode and added support for
^R (redraw) in insert mode.
<li>Used <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> to
restrict filesystem access in <a
href="https://man.openbsd.org/apmd.8">apmd(8)</a>.
<li>Removed the 30s minimum delay for <a
href="https://man.openbsd.org/xlock.1">xlock(1)</a> timeouts.
<li>Stopped deleting the control socket on exit in <a
href="https://man.openbsd.org/apmd.8">apmd(8)</a>, as deleting
the socket after calling <a
href="https://man.openbsd.org/unveil.2">unveil(2)</a> would cause an
unveil violation.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>Corrected accounting of zero length Transfer Descriptors in <a
href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running
out of free Transfer Ring Blocks.
<li>Moved mfokclock(4) from loongson to make it available for other
platforms and renamed it to <a
href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>.
<li>Fixed brightness setting on MacBooks.
<li>Added AMD Vi and Intel VTD IOMMU support. This creates separate
domains for each PCI device and can provide protection against invalid
memory access.
<li>Enabled brightness keys on powerbooks where the keyboard attaches
as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>.
<li>Set initial default display brightness on macppc via
of_setbrightness() to ensure <a
href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in
sync.
<li>Added support for the PL2303HXN series chips to <a
href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>.
<li>Added support for the PCA9547 I2C mux to <a
href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>.
<li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>
with ACPI support.
<li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a
driver for ACPI generic event devices, used on various
systems to implement power button handling.
<li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>,
a driver for the GPIO controllers found on modern Intel PCHs.
<li>Added ACPI support to <a
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
<li>Fixed panics on the HoneyComb LX2K with <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
<li>Fixed very old <a
href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the
INQUIRY command succeeds but with a residue equal to the requested
bytes.
<li>Added Gemini Lake I2C id to <a
href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>, making the
touchpad work on the Teclast F7 Plus laptop.
<li>Introduced <a href="https://man.openbsd.org/ujoy.4">ujoy(4)</a>, a
restricted subset of <a
href="https://man.openbsd.org/uhid.4">uhid(4)</a> for game controllers
which uses /dev/ujoy/* device nodes.
<li>Set up <a href="https://man.openbsd.org/ims.4">ims(4)</a> devices
in X11 to behave like touchpads.
<li>Stopped relying on USB devices to correctly present their
indices, instead searching for the correct interfaces. This fixes E+
Corp. DAC Audio devices.
<li>Introduced <a
href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>, a driver for
Logitech HID++ devices.
<li>Separated reading of general and touchpad-specific <a
href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> settings and
corrected identification of device type when reading touchpad
parameters fails.
<li>Added support for 30-bit color modes to <a
href="https://man.openbsd.org/simplefb.4">simplefb(4)</a>
and <a href="https://man.openbsd.org/wsfb.4">wsfb(4)</a>.
<li>Made loongson kernels recognize Lynloong LM9002/9003 and LM9013 models.
<li>Use native display resolution 1368x768 for Lynloong all-in-one computers.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Fixed link state change behavior in 82598 <a
href="https://man.openbsd.org/ix.4">ix(4)</a> chips.
<li>Fixed issues with network stopping after the first down/up cycle
in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada
Ethernet device.
<li>Added SFP+ support to ofw, including support for direct attach cables.
<li>Added 10G media support to <a
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
<li>Added support for 1000base-x and 2500base-x connections to <a
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
<li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a
driver for Marvel "SOHO" switches.
<li>Enabled auto-negotiation on the SerDes links, allowing
in-band-status to work between <a
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a
href="https://man.openbsd.org/mvsw.4">mvsw(4)</a> on the ClearFog GT
8K.
<li>Added support for the i.MX8MP PCIe clocks, USB clocks and second
ethernet.
<li>Added Wake on LAN support to <a
href="https://man.openbsd.org/rge.4">rge(4)</a>.
<li>Enabled IPv4 and TCP/UDP checksum offload on transmission in <a
href="https://man.openbsd.org/ogx.4">ogx(4)</a>.
<li>Raised the maximum number of queues/interrupts from 1 to 16 on <a
href="https://man.openbsd.org/mcx.4">mcx(4)</a> devices.
<li>Added support for the Netgear ProSecure UTM25 to octeon.
<li>Added vid/pid table to <a
href="https://man.openbsd.org/umb.4">umb(4)</a> allowing matching to
alternate configurations.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Fixed the <a href="https://man.openbsd.org/athn.4">athn(4)</a> and
<a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a> drivers
in client mode against access points which use WPA1/TKIP as
the group cipher.
<li>Added multicast support to <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6.
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
repeated DEAUTH and loss/restoration of link.
<li>Introduced a delay to work around an issue in <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> on the BCM43602 that
was triggering "unexpected pairwise key update" errors.
<li>Enabled <a href="https://man.openbsd.org/athn.4">athn(4)</a> for arm64.
<li>Implemented a new 802.11n Tx rate adaptation algorithm ("RA") for
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a>,
<a href="https://man.openbsd.org/iwn.4">iwn(4)</a>, and
<a href="https://man.openbsd.org/athn.4">athn(4)</a>.
<li>Fixed association problems with the <a
href="https://man.openbsd.org/ipw.4">ipw(4)</a> and <a
href="https://man.openbsd.org/iwi.4">iwi(4)</a> drivers.
<li>Made <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> attach to
AX201 devices with PCI IDs 0x34f0 and 0x06f0. Needs <a
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a>.
<li>Fixed a problem where <a
href="https://man.openbsd.org/iwn.4">iwn(4)</a> firmware would
generate bogus block ack requests and stall traffic.
<li>Fixed automatic channel selection in the <a
href="https://man.openbsd.org/athn.4">athn(4)</a> driver
when running in hostap or monitor mode.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>Fixed length calculations in <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> when there are
multiple MPDUs in one packet.
<li>Fixed 802.11n interoperability with access points that offer
management frame protection.
<li>Flush the A-MPDU reorder buffer after gap timeout to prevent
frames from remaining in the buffer until the next frame
is received.
<li>Avoid spurious "input packet decapsulations failed" errors in
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with
A-MSDU enabled.
<li>Fixed automatic selection of the 11a/b/g/n/ac operating mode when
the interface is running as an access point.
<li>Ensured crypto keys are installed before the link is brought up.
</ul>
<li>Generic network stack improvements and bugfixes:
<ul>
<li>Removed the maxburst feature from tcp_output().
Sending out TCP segments was limited to 4 packets per burst.
This did not scale well on high bandwidth, high latency links.
Especially when the receiving side delays ACK packets
aggressively, the maxburst limitation could seriously reduce
TCP throughput per connection.
<li>Added a MONITOR feature to interfaces. Packets received on these
interfaces do not enter the network stack for further processing. This
can be used to watch traffic, for example with <a
href="https://man.openbsd.org/bpf.4">bpf(4)</a> without risk of the packets
interfering with the system.
<li>Added etherbridge, the internals of a reusable learning bridge
interface providing common code reusable for other drivers needing a
mac learning bridge.
<li>Introduced <a href="https://man.openbsd.org/veb.4">veb(4)</a>, a
Virtual Ethernet Bridge driver.
<li>Added the ability to force the selection of source IP address for
programs that do not specify a source IP, overriding the default
source IP selection algorithm. This is configurable via <a
href="https://man.openbsd.org/route.8">route(8)</a>
<code>sourceaddr</code> command.
<li>Bring interfaces up when autoconfiguration for inet or inet6 is
enabled (AUTOCONF4 or AUTOCONF6 flags).
<li>Adjust terminology in <a
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to refer to
"temporary address extensions" rather than the former "privacy
extensions," including the addition of an AUTOCONF6TEMP flag (to
replace the negative flag "INET6_NOPRIVACY"). The autoconfprivacy
option in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
has been deprecated.
<li>Made it possible to disable the "autoconf" flag but keep
"temporary" enabled in <a
href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>For IPv6 addresses, added tracking of address proposal creation
times to be able to establish total lifetime. This information is used
to renew pltime/vltime of privacy addresse per RFC 4941.
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6
response to an IPv6 packet.
<li>Use the toeplitz hash algorithm to set a flowid for tcp packets,
which in turn is used to choose the tx ring on network cards with
multiple rings.
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc
by keeping track of allowed ips pointer correctly.
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> ioctl to
handle multiple wgpeers.
<li>Fixed a race between tx/rx handshakes in <a
href="https://man.openbsd.org/wg.4">wg(4)</a>.
<li>Prevented a potential hang when trying to remove a <a
href="https://man.openbsd.org/tun.4">tun(4)</a> interface.
<li>Used the correct rdomain when adding and deleting routes with <a
href="https://man.openbsd.org/mpip.4">mpip(4)</a> and <a
href="https://man.openbsd.org/mpw.4">mpw(4)</a>.
<li>Made <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
"-mplslabel" work with <a
href="https://man.openbsd.org/mpw.4">mpw(4)</a>.
</ul>
<li>Installer and upgrade improvements:
<ul>
<li>Prevented a race in <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep
which could cause autoinstall to fail by calling <a
href="https://man.openbsd.org/ftp.1">ftp(1)</a> without a local
address.
<li>Fixed hangs on amd64 bsd.rd due to misreported core clock
frequency on newer Intel Comet Lake models.
<li>Began distributing the gzip'd version of bsd.rd on all platforms
with boot methods supporting it.
<li>Fixed a problem which prevented use of <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> when an
interface failed to come up and <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> didn't
notice link-timeout expiration.
<li>Prevented <a
href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> from
adjusting the swap 'b' partition size if physmem is zero to keep the
auto-allocate code from putting a filesystem on that partition.
<li>Emulate "[inet] autoconf" <a
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> lines
with "dhcp" so users testing <a
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> will
still be able to upgrade manually while the installer uses only <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Restored <a
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
to the group of network configuration files used during upgrades.
</ul>
<li>Security improvements:
<ul>
<li>Added notices to syslog whenever the "%n" format string component
of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used.
<li>Removed workaround permitting Go executables to do syscalls
directly, forcing them to use shared libc like all other dynamic
binaries.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>The <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> daemon saw the following changes:
<ul>
<li>Introduced <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
<code>rde evaluate all</code> to reduce path hiding in IXP
route-server environments.
<li>Added RTR support to <a href="https://man.openbsd.org/bgpd.8">OpenBGPD</a>.
<li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
"show rtr" to display basic information about RTR sessions.
<li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
"show sets" to display information about the roa-set, as-sets and
prefix-sets loaded into <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Properly implemented "rde med compare strict" in <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and ensured that the
order of prefixes is always correct.
<li>Introduced a send hold timer in <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to detect stalls on
the sending side of a TCP connection, acting as a last resort to
detect faulty peers.
<li>Introduced the <a
href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> per
neighbor and global config option "reject as-set yes/no" to allow
rejection of received UPDATES with AS_SET segments. These rejected
prefixes can be viewed with <a
href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> "show rib in
error".
<li>No longer allow configuration of the same neighbor multiple
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> tables now track
prefixes correctly even when received by multiple sessions.
<li>Fixed a memory leak when parsing <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists.
</ul>
<li>The <a
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and <a
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> routing
daemons were refactored to keep the code similar to
changes in other routing daemons and to improve maintainability.<br>
Additionally, support for point-to-point interfaces in <a
href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> was fixed and <a
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> now works with
point-to-point interfaces which use a common IP address.
<li>The <a href="https://man.openbsd.org/pf.4">pf(4)</a> packet filter and its userland utility:
<ul>
<li>Relaxed checks in <a
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a
href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid
routing domain, even if it does not yet exist.
<li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>
detect and reject bogus ranges before loading the ruleset to prevent a
panic.
<li>Changed route-to in <a
href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> to send
packets to IPs instead of interfaces.
<li>Changed pf_route so <a
href="https://man.openbsd.org/pf.4">pf(4)</a> only runs when packets
enter and leave the stack. Running the same packet through pf multiple
times creates confusion for the state table. By default, pf states are
floating, meaning that packets are matched to states regardless of
which interface they're going over. This diff avoids multiple pf(4)
traversals of one packet causing confusion in the state table.
<li>Prevented the kernel from being stuck in an endless recursion
during TCP path MTU discovery when <a
href="https://man.openbsd.org/pf.4">pf(4)</a> changes the routing
table when sending packets.
<li>When cutting off the head of an overlapping fragment during <a
href="https://man.openbsd.org/pf.4">pf(4)</a> reassembly, reinserted
the fragment into the lookup table with the correct index.
<li>Improved
<a href="https://man.openbsd.org/tftpd.8">tftpd(8)</a> logging to report the reasons
a transfer failed.
</ul>
<li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
<ul>
<li>Added support to request IP addresses as IKEv2 initiator to <a
href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr
0.0.0.0' is configured, any address will be accepted.
<li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept
ANY dynamic address with 'request addr 0.0.0.0'.
<li>Added 'dynamic' keyword to <a
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow
configuration of flows to dynamically assigned addresses.
<li>Added the 'any' keyword to <a
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for
requests to allow "request address any".
<li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a>
support for ASN1_DN ipsec identifiers.
<li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a>
"from dynamic," installing flows where "dynamic" is replaced by the
received dynamic IP address.
<li>Made sure not to replace 0.0.0.0 with a dynamic address in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network
address.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s
socket option to specify a control socket.
<li>Used a counter instead of random IV for AES-GCM in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the
risk of random collisions.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
support for multiple address pools.
<li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a>
"set stickyaddress" option, which attempts to assign the same "config
address" when an IKESA is negotiated with the DSTID of an existing
IKESA.
<li>Ensured rekeying of every child SA in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> support
for RSASSA-PSS signature verification (RFC 7427).
<li>Corrected the first packet of an <a
href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> SA to have
sequence number 1.
<li>Accepted reject and blackhole routes for IPsec PMTU discovery.
<li>Prevented leaking of ipsec_hosts in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> when building
hosts_list.
<li>Prevented initiation of new additional SAs for each policy upon
every <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> config
reload.
<li>Fixed "any" and "dynamic" keywords for flows in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> and added proper
IPv6 support.
<li>Created a path MTU host route for <a
href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> over IPv6.
<li>Added support for INVALID_KE_PAYLOAD in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> CREATE_CHILD_SA
exchange.
<li>Added support for RSA-PSS PKCS1 signatures to <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Fixed path MTU discovery for ESP tunnels in IPv6.
<li>Upgraded to OpenSSL 1.1 compatible crypto API in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added an optional "group none" transform for child SAs in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> to ensure the
ability to negotiate optional PFS.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
dynamic address configuration for roadwarrior clients, with a new
"iface" config option which can be used to specify an interface for
the virtual addresses received from the peer.
<li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a>
interop problem with strongswan if make-before-break is enabled.
</ul>
<li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements:
<ul>
<li>Prevented a crash due to
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port
443 with missing TLS certificates.
<li>Created a new "location (found|notfound)" option for
<a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow
testing for resource path existence.
<li>Fixed detection of duplicate locations in <a
href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Fixed leak of access and error log filenames on config reload in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Avoid leaking the log message in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s
server_sendlog.
<li>Incorrect order of
<a href="https://man.openbsd.org/close.2">close(2)</a> and
<a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a>
together with a bug in libssl led to leaking memory in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
for each TLS connection.
<li>Fixed the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
example configuration not to generate errors when running without TLS
keys already in place.
<li>Optimized disk reads of
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
by using st_blocksize as high water mark instead of
the socket buffer size.
<li>Do not compare TLS config params for non-TLS servers.
This allows using <code>listen on * port 80</code> and
<code>listen on * port 443</code> in the same server block in
<a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a>.
</ul>
<li><a
href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>
received the following new features and bugfixes:
<ul>
<li>Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support
as a 'technology preview'. To use it, the "-r" flag needs to be used.
<li>Support the use of more than one URI in the TAL file,
sorting with a preference for https.
<li>Validation of ghostbuster records (RFC 6493).
<li>Fixed checks of the manifest validity interval.
<li>The rsync connection is now killed when the rsync server stalls.
<li>Limited the URL embedded in .cer files to
alphanumeric characters and punctuation.
<li>Added a "-V" option to show version.
<li>Included the default cert.pem file path in tls_load_file error
messages.
</ul>
<li>The <a href="https://man.openbsd.org/dig.1">dig(1)</a> DNS
utility received the following updates:
<ul>
<li>Implemented RFC 8914 Extended DNS Errors for <a
href="https://man.openbsd.org/dig.1">dig(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS
Client Subnet option (+subnet=).
<li>Fixed IPv6 link-local address handling for nameservers to talk to
and for address to bind to in <a
href="https://man.openbsd.org/dig.1">dig(1)</a>.
<li>Implemented ZONEMD (RFC 8976) in <a
href="https://man.openbsd.org/dig.1">dig(1)</a> to convey a message
digest of the content of a DNS zone.
</ul>
<li>Changes to <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>:
<ul>
<li>Fixed incorrect behavior when using <a
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to
change the lease renew/rebind/expiry timing.
<li>Allowed the provision of <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on
"dhcp" lines in <a
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
<li>Converted all timers from
<a
href="https://man.openbsd.org/time.3">time(3)</a> values
to <a
href="https://man.openbsd.org/clock_gettime.2">clock_gettime(2)</a>
CLOCK_MONOTONIC values.
<li>Removed -L command line option.
<li>Improved debug output.
<li>Improved re-acquisition of a previous address by immediately
accepting any OFFER for the address, rather than waiting for
'select-timeout' to expire.
<li>Exit immediately if the -c option specifies a non-existent file.
<li>Exit immediately if the -i option contains invalid information.
</ul>
<li>Two new daemons, <a
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a> and <a
href="https://man.openbsd.org/resolvd.8">resolvd(8)</a> were added.
These work alongside with <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> and <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a> to provide a
coherent and simple automatic configuration of network interfaces and
DNS resolution.<br>
The two daemons are not enabled by default for now, but can be tested
by enabling them with <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>.
<ul>
<li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>
implements the DHCP protocol to acquire IPv4 address leases from
servers.
<li><a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>
manages the content of <a
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a> based
on nameserver proposals from
<a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>,
<a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, and
drivers like <a href="https://man.openbsd.org/umb.4">umb(4)</a>.
</ul>
<li>Changes to snmp related tools:
<ul>
<li><a href="https://man.openbsd.org/agentx.3">libagentx(3)</a> moved its
API prefix from subagentx_ to agentx_.
<li><a href="https://man.openbsd.org/agentx.3">agentx_varbind_integer(3)</a>
now accepts an int32_t as per SMI/RFC 2578.
<li><a href="https://man.openbsd.org/agentx.3">agentx_varbind_unsigned32(3)</a>
has been added as an alias for
<a href="https://man.openbsd.org/agentx.3">agentx_varbind_gauge32(3)</a>.
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> no
longer accepts the old <code>listen on address [tcp|udp]</code>
syntax. Only the new <code>listen on [tcp|udp] address</code>
syntax is now supported.
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> now fully
implements RFC3584 Trapv1 to Trapv2 conversion for the
<code>trap handle</code>.
<li>sysUpTime and snmpTrapOID now respect
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>'s -N flag,
similar to the other values sent by the <code>trap handle</code>.
<li><a href="https://man.openbsd.org/snmpd.conf.5">snmpd.conf(5)</a> now
accepts the <code>read</code>, <code>write</code>, and
<code>notify</code> keywords. This allows for request type
filtering per <code>listen on</code> statement and custom
<code>trap handle</code> ports.
<li><a href="https://man.openbsd.org/snmp.1">snmp(1)</a> now has initial
support for SMI enums. For now only TruthValue is implemented
on ifPromiscuousMode and ifConnectorPresent.
<li><a href="https://man.openbsd.org/snmp.1">snmp(1)</a> now interprets
the "u" data type as unsigned integer.
</ul>