OpenBSD -current Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0,
7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9.

Changes made between OpenBSD 7.9 and -current

• Fixed tmux(1) cursor calculation when the status line is at the top.
• Added -H flag to tmux(1) capture-pane to show hyperlinks.
• Added -L to show line numbers with tmux(1) capture-pane and -F to show line flags.
• Enabled suspend/resume for qwz(4).
• Clear entire lines when removing from tmux(1) history or freeing.
• Adapt to pmap(9)'s new random direct map by also extracting pmap_direct_base with nlist.
• Redraw entire session when making a new tmux(1) pane.
• Added -g flag to tmux(1) kill-session to kill all sessions in a group.
• Imported updated moduli(5).
• Added X25519MLKEM768 to the ssl(3) ECDHE curves list.
• Made ufshci(4) survive a suspend on the Samsung Galaxy Book4 Edge.
• Made ssl(3) correctly handle failure to buffer DTLS messages.
• Fixed TLSv1.2 with X25519MLKEM768 in ssl(3).
• Properly set up pci(4) interrupts in multivec mode if we have multiple msix vectors but only one queue.
• Fixed interrupt barriers for the integrated MSI controller.
• Random-relink smtpd(8) and httpd(8) at boot.
• On amd64, place the pmap(9) direct map at a random location.
• Added an explicit-seed variant of the ssh(1) keygen function.
• Added signature malleability and pubkey validity checks to sshd(8) ed25519 verification.
• Made relayd(8) strip Content-Length for chunked messages (RFC 9112 section 6.1).
• httpd(8) now rejects CL.TE request framing (per RFC 9112 sections 6.1 and 6.3).
• Made relayd(8) reject obs-fold to prevent parser differentials (RFC 9112 5.2).
• Made httpd(8) reject obs-fold with 400 (RFC 9112 5.2).
• Fixed roaming between APs with qwx(4).
• Always allow data frame interrupts in qwx(4) while the interface is UP.
• Deleted __tmpfd(2) which is not used.
• Fixed uvideo(4) UVIDEO_FLAG_VENDOR_CLASS attach, broken since r1.147.
• Implemented mwx_reg_addr() for mwx(4) 7921 and 7925; L1 reg access for 7921 and 7925.
• Detect all possible variants that mwx(4) will cover (MT7920, MT7921, MT7922 and MT7925).
• Improved checking of elf(5) notes; prevent out of bounds access.
• Stopped daily(8) from deleting /tmp/run/user/* direct subdirectories.
• Fixed vblank timer, and many other bugfixes for amdgpu(4).
• Enabled the GXTP7936 touchscreen on the Samsung Galaxy Book4 Edge,
• Made pstat(8) -d fail when encountering an error doing kvm_read.
• Refactor code to account for acct(8) and quotactl(8) being able to see files beyond unveil.
• Replaced the existing SHA-1 implementation in libc.
• Refactored error check for timegm(3) in ntpd(8).
• Fixed uploads using httpd(8) chunked transfer-encoding.
• Fixed vmd(8) emulation for Linux guests, broken by too-strict memory safety checks.
• Cleaned up tls signature algorithm handling.
• Large refactoring of sshd(8) config management code.
• Fixed strlen(NULL) crash when X11 channel was created before x11-req SSH_MSG_CHANNEL_REQUEST was sent.
• Made sshd(8) force domain name received from the system resolver to lowercase.
• Fixed two one-byte out-of-cound reads in sshd(8).
• Made sshd_config(5) DisableForwarding=yes override PermitTunnel=yes.
• Stricter validation of transport state passed from the preauth to postauth sshd(8) process.
• Enforce a maximum size for usernames in ssh-agent(1) agent key use constraints.
• Fixed ssh(1) client use-after-free on error path if cipher_init() fails.
• Disallowed ssl(3) wildcard matching of a TLD specified as a FQDN.
• Fixed heap buffer overread in rs(1) column counting loop.
• Added support for Apple AIC interrupt controller v3 (found on M3 and later SoCs).
• Handle sections that specify alignment as 0 when loading an elf(5) interpreter (i.e. ld.so).
• Validate size of chunks copied to piglet during hibernate unpacking of disk image.
• Validate on-disk image sizes against integer overflow when reading chunks in unhibernate.
• Prevent disk image overreads when reading the chunktable in unhibernate.
• Disable kbind() and pinsyscalls() for static binaries at the correct time (inside exec_elf_makecmds).
• Unbroke and updated powerpc retguard for llvm 22.
• Fixed uvm fault panic introduced by new OF_getpropstr() function.
• Imported llvm/lld/clang/lldb from LLVM-21.1.6
• Added support for 40MHz channels to qwx(4).
• Made qwx(4) only allocate a new mbuf when a free Rx ring slot is available.
• Avoid calling bus_dmamap_create() from interrupt context in qwx(4).
• Handle country code events sent by qwx(4) firmware to make association more reliable.
• Properly free exec_package allocations in check_exec() error paths.
• Fixed timegm(3) invocations in acme-client(1).
• Unbreak vmd(8) when using images supplied with vmctl(8) -b.
• Introduced new FDT functions OF_getpropstr() and OF_freepropstr().
• Stopped leak in kernel stack contents in struct reg and struct fpreg.
• Added bounds checks to host-side vioscsi(4) array index values.
• Stopped vio(4) calling fatalx on malformed guest-provided descriptor lengths.
• Stopped privileged guest's ability to force host-side vioblk(4) reset or terminate.
• Reset qwx(4) command ring 'queued' counter when the command ring gets reset.
• Ensure that qwx(4) nq flags are always cleared when switching net80211 state.
• Fixed number of tx/rx streams set in qwx(4) mac config.
• Brought back the bgpd(8) path_id_tx hack for regular peers.
• In bgpd(8), improved mrt_dump_entry_mp() calculation handling, avoid overflow.
• Bumped limit for the build user to 2560M for loongson and octeon.
• Added new nwflag uapsd to ifconfig(8).
• Allow iwx(4) to enable uAPSD when supported by AP.
• Added support of uAPSD to ieee80211(9).
• Avoid infinite loop when parsing PFKEY replies in iked(8), isakmpd(8), bgpd(8), and ldpd(8).
• Fixed signed integer overflow in ul(1) column position tracking.
• Had bgpd(8) make sure the nexthop attribute is present if there is any nlri data.
• On nvme(4), properly use I/O submission queue entry size reported by controller.
• Added a "--" argv to the execvp of bgpctl(8) tp appease GNU libc.
• Stopped bgpd(8) failing hard on version mismatch; ignore extra end-of-params messages.
• Improved bgpd(8) handling of unknown extended communities.
• Increased the bgpd(8) MRT attribute buffer to MAX_EXT_PKTSIZE so it works in all cases.
• Fixed use-after-free in bgpd(8) rib_remove and parse.y.
• Allow glob(3) patterns in the logfile_name field of newsyslog.conf(5),
• Added ssh-agent(1) -V to print version, use it to test the binary is functional after relinking
• Made smtpd(8) clear userinfo before sending over imsg.
• Made smtpd(8) reject oversized sockaddr payloads received over privsep IPC.
• Zero the temporary smtpd(8) envelope parsing buffers before use to strengthen privsep.
• Clear pending asynchronous lookups at teardown, for stronger smtpd(8) privsep.
• Validate encrypted smtpd(8) queue buffer sizes before processing auth tag and IV data.
• Read ufs directory data through UFS_BUFATOFF() instead of routing into a kernel buffer.
• Added 802.11n with 40Mhz width to qwz(4).
• Fixed linking the riscv64 kernel with llvm 22.
• Avoid NULL-deref in iked(8) ocsp_connect_finish() and a potential double-free on oc_path.
• Imported unbound(8) 1.25.1.
• Add samsabi(4) driver for the Samsung Advanced BIOS Interface (SABI).
• Multiple bugfixes for amdgpu(4) VCN and JPEG v4.* ring.
• Fixed SMU7 voltage dependency on amdgpu(4) display clock.
• Fixed amdgpu(4) xgmi max speed reporting.
• Various net80211 bugfixes
• Stopped tmux(1) crashing when freeing layout cell.
• Added missing argument to tmux(1) %unlinked-window-renamed.
• Let qwz(4) handle QoS in native WiFi frames.
• Preserve tildes in ksh(1) completion.
• In dhcp6leased(8) and slaacd(8), ignore packages with invalid prefixlen.
• Added support for acme-client(1) external account binding.
• Attach ksmn(4) on 19h/1x devices, eg AMD EPYC 9354P 32-Core Processor.
• Removed relayd(8) X509_dup() call that leaks memory; add error checks for X509_set_*.
• For bgpctl(8) 'show mrt detail' print the last change time as an ISO format time.
• Added support for the RK8600 regulator used for cpu voltage on Radxa Zero 3 boards.
• Fixed vmd(8) crash if the admin enabled the agentx socket, and set custom permissions.
• Only allow __pledge_open(2) to open regular files in the /usr/share/zoneinfo directory.
• Added bgpd(8) force_update flag to force pend_prefix_add() calls in adjout_prefix_update().
• Made bgpd(8) respect RTR min-version in downgrade path and properly closing the connection.
• Allow list elements to be added or removed by sndioctl(8).
• Added the sndiod(8) server.mode control making the setting dynamic, changeable via sndioctl(1).
• Increase tmux(1) escape delay if the buffer contains a partial paste end.
• Walk all covering routes for bgpctl(8) 'show rib out .'
• Added more AMD "Krackan Point" device ids.
• Fixed qwz(4) memory leak when freeing rx descriptors.
• Stopped qwz(4) calling bus_dmamap_create(9) for rxbufs from interrupt context.
• Stopped zeroing already zeroed buffer in sysctl(2) sysctl_sysvipc().
• Implement bounce buffers for arm64.
• Improved bgpd(4) add-path send parser. Error out if max is used with best.
• Adjusted handling of limits in bgpd(4) up_generate_addpath().
• Made qwx(4) send the PMF good-bye deauth frame when hopping out of RUN state.
• Ensure no new tasks get scheduled while IFF_RUNNING is in qwx_stop(). Prevents qwz(4) crash.
• Make qwx(4) prefer ic_bss over the ephemeral node in the scan tree.
• Set correct wqx(4) firmware listen_intval in units of beacons.
• Add peer to qwx(4) firmware after starting the vdev, not before. Fixes a firmware crash.
• In relayd(8), added support for the MKCALENDAR HTTP method
• Fixed debug build of relayd(8).
• Add sambat(4) battery monitor for the SAM060B EC, as found on the Samsung Galaxy Book4 Edge.
• Avoid calling bus_dmamap_destroy() from interrupt context in qwz(4).
• Fix mix of character block size checks in find(1).
• Keep the cached ifstated(8) test status and execution time consistent across state re-entry.
• Introduce a maximum size for a single bgpctl(8) flowspec NLRI of 4000 bytes.
• In rpki-client(8), switch subordinates in CCR manifests to a simple queue
• Various fixes to the bgpctl(8) flowspec parser.
• Add 802.11n support to qwx(4). Advertise HT capabilities and pass HT/QoS peer association.
• Ask qwx(4) firmware to move into M3 state before resetting the device.
• Avoid calling bus_dmamap_destroy() from interrupt context in qwx(4).
• Added support for Intel E610 Ethernet devices to the ix(4) driver.
• Fixed incorrect FeatureCtrlMask setting on amdgpu(4) smu v14.0.x.
• Gate amdgpu(4) VM CPU HDP flush on reset lock.
• In amdgpu(4), use SMUIO 15.0.0 offsets for TSC upper and lower count.
• Clear amdgpu(4) VRAM on allocation to prevent stale data exposure.
• Force unmapping on error in drm(4) drm_gpusvm_get_pages.
• Fixed tmux(1) crash caused by including unattached clients on sorted list
• httpd(8) will now advertise Vary: Accept-Encoding whenever gzip-static is enabled.
• Made httpd(8) advertise static file revalidation, preserving Last-Modified and If-Modified-Since flow.
• Added tmux(1) new-pane command
• Let relayd(8) support multiple resolvable addresses.
• Let relayd(8) handle HTTP responses without bodies.
• In relayd(8), use explicit_bzero in ssl_password_cb.
• Made rpki-client(8) exclude hidden files and directories when synchronising via rsync.
• In rpki-client(8), limited the length of filenames in some ASN.1 fields to 255.
• Ensure ssl(1) X509V3_EXT_print() only returns 0 and 1.
• Fixed signed integer overflow in lex(1) repetition count.
• Allow explicit paths for certificates, keys and OCSP staples in (5).
• Made __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much more strict.
• Get qwz(4) in to an initial working state (assoc/rx/tx).
• Added interrupt-names property to the acpi(4) timer node.
• Avoid possibility a crafted dhcpleased(8) imsg could read the stack.
• Validate size of imsg_dhcp.len in dhcpleased(8).
• Ensure imsg is zeroed in dhcpleased(8) send_routes_withdraw.
• Mitigate AMD Zen-2 cache corruption.
• Limit the maximum value of shminfo.shmseg to prevent `size' overflow in sys_shmat().
• Added extended message capability to checks for what the bgpd(8) peer has enabled.
• Extra field checks in disklabel(8)
• Zero out the ktrace(1) signal structure ktr_psig before filling in to provide to userland.
• Made bgpd(8) return an error on unhandled imsg types in the adj-rib-out case.
• Stopped ssh(1) validating bad cipher/mac lists arguments as valid.
• Fixed ssh(1) NULL deref during pubkey auth.
• Fixed incomplete strncmp() check in rpki-client(8).
• Updated libexpat to version 2.8.1, to fix CVE-2026-45186.
• Fixed bgpd(8) port configuring on little endian systems.
• Extra size checks for bgpd(8) ibuf_set_maxsize().
• Added a guarded .note.GNU-stack section to crypto assembly files.
• Dropbear recently added a -Q option; make ssh(1) use it to query KEX if available.
• Fixed infinite loop in tmux(1) due to underflow when redrawing scrollbar.
• Fixed tmux(1) control mode teardown ordering for queued pane output.
• Introduce MAX_ADDPATH_COUNT (set to 100) and use this for the bgpd(8) add-path.
• Fixed signed overflow in ieee80211_40mhz_valid_secondary_below().
• Updated libexpat to version 2.8.0.
• Widen httpd(8) server flags to 64-bit integers.
• In bgpd(8) merge_peers() also set local_bgpid for cloned peers, not only regular peers.
• Switched some loops from pointer to int arithmetic, to avoid infinite loop with newer llvm.
• In smte(4/riscv64), improved error checking of received packets.
• Moved bpf(4) for outgoing packets later in the transmit path.
• Fixed regular MSI interrupts on the SpacemiT K1 SoC.
• In ssl(8) s_socket(), do not fail the accept on reverse DNS lookup failure.
• Further fixes for mandoc(1) '-T lint' regression.
• Added kernel support for the vector extension on riscv64.
• In ssl(8) s_client(), avoid two out of bounds writes.
• Implemented RSSI reporting for mwx(4).
• Record extension lengths in ssl(8) ClientHello hashing
• Avoid leaking memory when mbuf chain allocations fail in tun(4) tun_dev_write().
• Fix off-by-one in rpki-client(8) ip_addr_check_overlap().
• Fixed shortlist and skiplist checks in rpki-client(8).
• Detect out of bound reads from an int overflow in the bpf(4) bpf_mem backends.
• Loop counters converted from from uint8_t to u_int in bgpd(8).
• Fixed semop(2) semaphore id being destroyed/replaced during context switch.
• In patch(1), solved an infinite loop on malformed ed(1) script input.
• Made ifconfig(8) build without trunklacp.h.
• Reduce maximum configurable stale time to CAPA_GR_TIMEMASK (4095) in bgpd(8).
• Fixed leak of key memory in getpwent(3) yp_next().
• In bgpd(8) session_graceful_restart() also arm the SessionDown timer
• Use a define based instruction separator in SHA assembly, to match more assemblers.
• Stopped ipsec(4) overflowing the maximum packet size in the IP header.
• Prevent size_t underflow on a malformed packets in agentx(3) and snmpd(8).
• Made bgpd(8) check xp->rdesession to know if the RDE has the session running or not.
• Improved path_calc_hash() in bgpd(8)
• Fixed 'treat as withdraw' handling for invalid bgpd(8) ORIGIN attributes.
• Fixed two memory accounting issues in bgpd(8) chash.
• Added Emacs-style re-centre-top-bottom to tmux(1).
• Fixed deepsleep register for jpeg 5_0_0 and 5_0_2 and zero-size GDS range init in amdgpu(4).
• Avoid use of uninitialised ssl(8) decode_error variable.
• Added time limits to some tmux(1) loops.
• Added bounds check for the sparc64 relocation flags table.
• Fixed ip(4) build with ENCDEBUG defined, broken by rev 1.409.
• Ensure elf(5) header and program header fit into the shared library when loading.
• Fixed mandoc(1) regression so -T lint or -W style is used with multiple relative file names.
• Fixed memory size calculation in open_wmemstream(3)
• Fixed a pledge(2) in vfs(9).
• Corrected bounds test in amdgpu(4).
• Altered smtpd(8) code to avoid false bug reports from LLM scanners.
• Fixed potential information leak from an uninitialised ktrace(1) stack variable.
• Added missing flags to tmux(1) screen_mode_to_string.
• Additional checks on TLV encoding in bgpd(8).
• Added more error checks and safeguards to rpki-client.
• Limit all bgpd(8) ASPATH attributes to 750 elements.
• In bgpd(8), prevent overflow of the uint8_t length value in attr_optadd.
• Re-evaluate bgpd(8) prefixes if just PREFIX_FLAG_FILTERED changed.
• Classify ssh(1) dynamic-tcpip channels as bulk, not interactive (bz3958).
• Centralise speed benchmark timer handling in openssl(1).
• Now working on 7.9-current.