OpenBSD -current Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0,
7.1, 7.2, 7.3, 7.4, 7.5, 7.6. 7.7, 7.8, 7.9.

Changes made between OpenBSD 7.9 and -current

• Fix an issue where dwqe(4), e.g. on a veb(4), doesn't recover when the link is done but packets are bridged.
• Fix enabling of super-speed for Rockchip USB PHY.
• Moved bgpd(8) version to 9.0.
• Extend tcpdump(8) for printing of DHCPv6 information.
• Enable SMMUv3 support on FDT-based systems.
• Add rkusbdpphy(4), a driver for the USB DP Combo PHY on Rockchip SoCs.
• Add RK3588 USBDP Combo PHY related clocks and resets to rkclock.
• Rename acpihid(4) into inthid(4).
• Add printing of netbios and dns servers in ipcp to tcpdump(8).
• Import perl-5.42.0.
• Scan both dmesg.boot and dmesg(8) output for devices with fwupdate.
• Add tmux.1 focus-follows-mouse option.
• Added support for the Genesys Logic GL9755 SDHC controller (which includes the SDHC controller on some of the Apple Silicon laptops).
• Reworked the bgpd(8) adj-rib-out code to be global with a peer bitmap.
• Add aggr(4) support to arm64 RAMDISK and i386/amd64 RAMDISK_CD.
• Change ssh to require all certificates to include principals sections.
• Add "ssh -O channels user@host" multiplexing command for a running mux process to show information about channels currently open.
• Fix ftp(1) http_time() to use GMT, not UTC, per RFC 9110.
• Restore relayd(8) relay_http_time() use of GMT.
• Made pcidump(8) print bridge windows when they are "open".
• Restore httpd(8) server_http_time() use of GMT.
• Detect invalid sshd_config(5) Subsystem directives inside Match blocks at sshd(8) startup rather than failing later.
• Fix race in vmm(4) vm termination path.
• Add support for synchronized output mode (DECSET 2026) to tmux(1).
• Make tmux(1) clock mode seconds synchronized to the second.
• Added an 'invaliduser' penalty to the list of possible PerSourcePenalities in sshd_config(5).
• Update to unbound 1.24.2
• Update timezone information to 2025cgtz.
• Increase urndis(4) buffer size to 16k.
• Make hmac(sha256) the default hmac for the openssl(1) speed benchmark.
• Add display of the close-on-fork flag as 'f' in R/W column to fstat(1).
• Replace the cas spinlock in kernel mutexes with a "parking" lock.
• Enable USBVERBOSE on riscv64.
• Introduced a bitmap API to bgpd(8).
• Implement a per-peer pending prefix queue and lookup table and a pending attribute queue and lookup table for bgpd.8 performance.
• Make tcpdump show the 802.11 QoS TID with -v.
• Handle calls to freeaddrinfo(NULL) instead of crashing.
• Add a GssDelegateCreds option for the server (sshd_config.8), controlling whether it accepts delgated credentials offered by the client.
• Add cdpcie.4, a driver for the Cadence PCIe controller, supporting the variant found on the Sophgo SG2042 SoC.
• Improve keydisk partition detection in the installer.
• Implement "StorageD3Enable" support in acpi(4).
• Disable Panel Self Refresh (PSR) in amdgpu to avoid a potential hang on a ThinkPad X13 gen 6.
• Add an ssh.1 -Oconninfo command that shows connection information, similar to the ~I escapechar.
• Rework and improve tlb shootdown on alpha.
• Update to libpng 1.6.52. Fixes CVE-2025-66293.
• Add support for sha256-psk to ieee80211.
• Make pthread_set_name_np(3) succeed with long thread names instead of silently failing.
• Enable 802.11 AKM SHA256-PSK by default if the driver supports PMF.
• Add support for 802.11 AKM SHA256-PSK to ifconfig.8.
• Add sgmsi(4), a driver for the MSI controller implementation on Sophgo SG2042 SoCs.
• Use per cpu refs in the input path instead of one refcnt per port to improve performance on tpmr.4, veb.4 and aggr.4.
• Add PMF support to qwx.4.
• Add PMF support to iwx.4 and make MLD devices remove crypto keys from firmware.
• Add PMF support to iwm.4.
• Fix KDF sha256 inputs to match the implementation in w1.fi hostap.
• Fix a race in vmd(8) vm pause barrier usage.
• Enable parallel fault handling on amd64 and arm64.
• Add local hostname, pid, and compression stats to the ssh(1) ~I escape connection info.
• Add support for loading files (kernels) from the efi system partition.
• Add httpd "no banner" option to suppress Server header.
• Use 32-bit direct kernel launch for both amd64 and i386 in vmd.8.
• Add Escape option ~I that shows information about the current ssh.1 connection.
• Enable fall-back audio devices by default in sndiod.
• Add seconds to tmux(1) clock mode.
• Fix vmd(8) segfault during vmmci timeout firing.
• Improve chances of qwx.4 receiving the initial WPA handshake message.
• Add iasuskbd.4 support for special keys on the ASUS I2C laptop keyboards.
• Improve acpi(4) handling of PCI bridges.
• Allow cd(4)/vioscsi(4) in confidential VM mode.
• Allow vlan tags (and therefore vlan interfaces) on top of vports.
• Add Private VLAN support to veb(4) as per RFC 5517.
• Added support for blocking reads to fuse(4).
• Handle uaudio(4) devices with a single clock exposed in multiple domains.
• Allow tmux(1) show-messages to work without a client.
• Change powerpc64 memory barriers to "sync".
• Only display port numbers in acme-client(1) Host headers when it's not 443.
• Unlock the IGMP slow timeout.
• Switch m88k to PIE by default.
• Fix the ice(4) "too many data commands" error on TSO packets.
• Eliminate double escaping of sshd-auth log messages.
• Update to fontconfig 2.17.1.
• Add support for non-default config file paths to unbound(8) rc.d script.
• Enable IPv6 autoconf (SLAAC) by default.
• Add XOR and MOD operations to bpf(4).
• Fix llvm x86 frame lowering for -msave-args.
• Add ispi(4) driver for Intel LPSS SPI controller.
• Allow uhidev(4) to attach to and work with devices that don't have an input interrupt endpoint.
• Begin transition to 52-partition support.
• Update codel implementation to comply with RFCs 8289 and 8290.
• In IPFIX/Netflow v10, add NAT template with post-NAT source and destination IP address and ports, allowing use of pflow to track internal to external translations.
• Enable ice(4) on sparc64.
• Stop allowing root to bypass bpf(4) BIOCLOCK.
• Added vmboot, a tiny kernel that allows sysupgrade(8) to work for vmd(8) VMs.
• Introduce global interface queue limit.
• Make sysupgrade fail if "df /usr" says the filesystem is over 90% full, rather than potentially completely breaking the system.
• Make libsndio restart the audio(4) device upon underrun.
• Fix mesa detection of the wayland platform since it cannot be built with HAVE_WAYLAND_PLATFORM (due to wayland living in ports).
• Introduce source and state limiters in pf(4).
• Remove the KB_IOPENER option from wscons(4).
• Make ssh-agent(1) escape SSH_AUTH_SOCK paths that are sent to the shell as setenv commands. Unbreaks ssh-agent for home directory paths that contain whitespace.
• Made tpmr(4) work with ether_offload_ifcap like veb(4) and bridge(4). make tpmr work with ether_offload_ifcap like veb and bridge.
• Allow bpf(4) in tun_dev_read see VLAN tags when IFCAP_VLAN_HWTAGGING is enabled.
• Update to xkbcomp 1.4.7.
• Update to xinit 1.4.4.
• Update to xserver 21.1.20.
• Update to xhost 1.0.10.
• Update to xgc 1.0.7.
• Update to xgamma 1.0.8.
• Update to xeyes 1.3.1.
• Change the default "tagged" operation for ifconfig(8) and brconfig(8) to add VLAN ids rather than replace them.
• Allow the ifconfig(8) and brconfig(8) "tagged" operation to accept multiple vids and/or ranges of vids.
• Change envy(4) and uaudio(4) devices to return the product name as the display name.
• Add an audio(9) driver interface to expose the hardware's display name.
• Fix a panic when autodial (link1) on pppoe(4) tries to run.
• Let veb(4) decline untagged packets with a "passthrough" setting.
• Add nhi(4), a driver for USB4 controllers.
• Before extracting on an upgrade, remove share/relink/*, not just share/relink/usr/lib/*.
• Disabled xterm(1) use of luit.
• Add ifconfig(8) support for managing a vlan aware bridge, ie, veb(4).
• Update to xterm 403.
• Make veb(4) a vlan aware bridge.
• Support ed25519 signatures via libcrypto.
• Move smtpd(8) to 7.8.
• Fix smtpd(8) dying if a malformed imsg is sent on the local socket.
• Tweak PCI device power management such that drivers can change their own power state. Let xhci(4) power itself down such that its companion USB4 controller can go to sleep in its DVACT_POWERDOWN implementation.
• Turn on SoftLRO by default on bnxt(4) and ice(4).
• Add -l flag to tmux(1) command-prompt to disable splitting into multiple prompts.
• Support case insensitive search in tmux(1) modes in the same way as copy mode (like emacs, so all-lowercase means case insensitive).
• Enable iwx(4) on i386.
• Update to xf86-input-synaptics 1.10.0.
• Update to xf86-input-keyboard 2.1.0.
• Allow the disklabel(8) 'd'elete editor command to zero out FS_UNUSED partitions despite current value of d_npartitions.
• Arm the pfctl(8) restore atexit(3) handler if and only if the pf(4) limits are being changed.
• Add rge(4) support for RTL8126 chip revision 0x64a00000.
• Update to xcb-util-cursor 0.1.6.
• Update to libxshmfence 1.3.3.
• Update to libxcvt 0.1.3.
• Update to libXxf86vm 1.1.6.
• Update to libXv 1.0.13.
• Update to libXt 1.3.1.
• Update to libXres 1.2.3.
• Update to libXpresent 1.0.2.
• Add image/avif to mime.types.
• Update to libXft 2.3.9.
• Update to libXfixes 6.0.2.
• Update to libXScrnSaver 1.2.5.
• Unlock socket splicing.
• Unlock icmp6_sysctl().
• Switch m88k (luna88k) to gcc4.
• Update unbound to 1.24.1.
• Add sysctl(8) machdep.vmmode to indicate status as a host or guest (and SEV mode).
• Add a LOCKED flag to bridge ports.
• Dynamically determine the possible partition names to show in the disklabel(8) editor a(dd) command help message.
• Expose subordinate CA relationships in the CCR output for rpki-client(8) (per draft-spaghetti-sidrops-rpki-ccr-04).
• Make umb(4) uplink and downlink speeds visible as kstats.
• Add SMU support to amdpmc(4).
• Make ice(4) work on sparc64.
• Improve stfclock(4) JH7110 support.
• Add RK3588 support to rkrng(4).
• Enable ice(4) on arm64.
• Fix association to access points which have all 802.11b rates disabled.
• Update to openssh-10.2.
• Use multiple txqs to spread traffic handling over softnet threads in rport(4).
• Implement "checksum offload" between rport(4) pairs, allowing the kernel to skip ip/tcp/udp checksum calculation for packets between rdomains.