www/plus76.html - view

Return to plus76.html CVS log

Up to [local] / www

File: [local] / www / plus76.html (download) (as text)

Revision 1.8, Sat Mar 14 21:13:23 2026 UTC (2 months, 3 weeks ago) by tj
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +1 -0 lines

start rolling pages for 7.9

<!doctype html>
<html lang=en id=plus>
<meta charset=utf-8>
<title>OpenBSD 7.6 Changelog</title>
<meta name="description" content="OpenBSD 7.6 changes">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/plus76.html">
<style>
strong {
	color: var(--red);
	font-weight: normal;
}

h3 {
	color: var(--blue);
}
</style>

<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.6 Changelog
</h2>
<hr>

<p>
This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the <a href="https://marc.info/?l=openbsd-cvs">archives</a>,
or use <a href="anoncvs.html#CVS">CVS</a>.

<p>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>,
<a href="plus35.html">3.5</a>,
<a href="plus36.html">3.6</a>,
<br>
<a href="plus37.html">3.7</a>,
<a href="plus38.html">3.8</a>,
<a href="plus39.html">3.9</a>,
<a href="plus40.html">4.0</a>,
<a href="plus41.html">4.1</a>,
<a href="plus42.html">4.2</a>,
<a href="plus43.html">4.3</a>,
<a href="plus44.html">4.4</a>,
<a href="plus45.html">4.5</a>,
<a href="plus46.html">4.6</a>,
<a href="plus47.html">4.7</a>,
<a href="plus48.html">4.8</a>,
<a href="plus49.html">4.9</a>,
<a href="plus50.html">5.0</a>,
<a href="plus51.html">5.1</a>,
<a href="plus52.html">5.2</a>,
<a href="plus53.html">5.3</a>,
<br>
<a href="plus54.html">5.4</a>,
<a href="plus55.html">5.5</a>,
<a href="plus56.html">5.6</a>,
<a href="plus57.html">5.7</a>,
<a href="plus58.html">5.8</a>,
<a href="plus59.html">5.9</a>,
<a href="plus60.html">6.0</a>,
<a href="plus61.html">6.1</a>,
<a href="plus62.html">6.2</a>,
<a href="plus63.html">6.3</a>,
<a href="plus64.html">6.4</a>,
<a href="plus65.html">6.5</a>,
<a href="plus66.html">6.6</a>,
<a href="plus67.html">6.7</a>,
<a href="plus68.html">6.8</a>,
<a href="plus69.html">6.9</a>,
<a href="plus70.html">7.0</a>,
<br>
<a href="plus71.html">7.1</a>,
<a href="plus72.html">7.2</a>,
<a href="plus73.html">7.3</a>,
<a href="plus74.html">7.4</a>,
<a href="plus75.html">7.5</a>,
<a href="plus77.html">7.7</a>,
<a href="plus78.html">7.8</a>,
<a href="plus79.html">7.9</a>,
<a href="plus.html">current</a>.
<br>

<p>
<h3>Changes made between OpenBSD 7.5 and 7.6</h3>
<p>

<ul>
<!-- 2024/09/24 -->
<li>Fixed sleeping race during malloc in <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> hw.disknames.
<li>Removed <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> -r toggle. Sysupgrade's primary aim is to upgrade from one release to the next, with the -s option available to install snapshots.
<!-- 2024/09/23 -->
<li>Increased the default buffer size for AF_UNIX from 8192 to 32768, avoiding a fatal error in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> that can be triggered when the network stack is pushed hard enough to consume most of the allowed memory.
<!-- 2024/09/21 -->
<li>Added a temporary method to force S0 over S3 via machdep.lidaction=-1. We are not ready to choose S0-over-S3 based on the S0ix bit in FADT, but this will allow testing.
<!-- 2024/09/20 -->
<li>Removed <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> EPT mprotect ioctl.
<!-- 2024/09/19 -->
<li>Allowed longer tx chains in <a href="https://man.openbsd.org/vio.4">vio(4)</a> so we can defragment less often when TCP segmentation offload is supported.
<li>Moved <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to 9.3.
<li>Moved to openssh-9.9.
<!-- 2024/09/18 -->
<li>Extended the <a href="https://man.openbsd.org/zic.8">zic(8)</a> input format to add support for %z, which expands to a UTC offset in as-short-as-possible ISO 8601 format, intended to better support zones that do not have an established abbreviation already.
<!-- 2024/09/17 -->
<!-- 2024/09/16 -->
<li>Changed <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> extended-keys behavior to allow applications to enter mode 2 but not turn extended keys off entirely.
<li>Added a <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> prefix-timeout option to allow setting a period after which to ignore the prefix key if no others are pressed.
<!-- 2024/09/15 -->
<li>Fixed kernel crashing due to invalid printables in ELF binaries.
<!-- 2024/09/14 -->
<li>Kept <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a> number of requests for a DAE server below 64 to avoid congestion.
<li>Added <a href="https://man.openbsd.org/radiusctl.8">radiusctl(8)</a> ipcp delete command to delete the specified session without requesting disconnection.
<li>Added a "Match invalid-user" predicate to <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> Match options, allowing writing Match conditions that trigger for invalid username.
<li>Added a "refuseconnection" penalty class to <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> PerSourcePenalties, allowing penalization of connection sources that have had connections dropped by the RefuseConnection option.
<li>Added a "RefuseConnection" option to <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> to terminate the connection at the first authentication request.
<li>Included pathname in some of the <a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a> passphrase prompts to better inform the user when ssh-keygen is invoked by other tools.
<!-- 2024/09/13 -->
<li>Added NVMe sensors based on information in the SMART/health log page, showing overall device health and temperature.
<!-- 2024/09/12 -->
<li>Made msdosfs transform a '/' char into '?' for 8.3 filenames as for Windows long names.
<li>Ensured file names passed back by readdir name validation do not include a '/' character to avoid unexpected path traversal on untrusted file systems.
<!-- 2024/09/11 -->
<li>Relaxed absolute path requirement back to what it was prior to OpenSSH 9.8, which incorrectly required that <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> start with an absolute path in inetd mode.
<li>Ignored <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> mouse move keys to prevent accidental prefix cancelation.
<li>Implemented AMD SEC support in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>. To enable SEV for a guest, use the parameter "sev" in the guest's vm section in vm.conf.5.
<li>In NFS, set the pointer to NULL after calling m_freem() on nmi_mrep or nmi_mreq to avoid a double free of the mbuf.
<li>Prevented potential crash when <a href="https://man.openbsd.org/fuse.4">fuse(4)</a> uses the ufs inode.
<!-- 2024/09/10 -->
<li>Prevented use of an uninitialized variable in NFS error handling.
<!-- 2024/09/09 -->
<!-- 2024/09/08 -->
<li>Fixed alert callback in the QUIC layer.
<li>Pulled post-quantum ML-KEM/x25519 key exchange out from compile-time flag now that an IANA codepoint has been assigned for the algorithm.
<!-- 2024/09/07 -->
<!-- 2024/09/06 -->
<li>Re-enabled AES-NI in libcrypto to help amd6 and i386 machines that previously benefited from it before a change in OPENSSL_cpu_caps().
<li>Allowed <a href="https://man.openbsd.org/dt.4">dt(4)</a> tracing interrupts by deferring the wakeup9 to a different context.
<!-- 2024/09/05 -->
<li>Made <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> parse user@host correctly for usernames containing '@' characters.
<li>Made <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> print mbuf chain and packet list by implementing /c and /p modifiers in ddb show mbuf.
<li>Updated libexpat to 2.6.3, including fixes for CVE-2024-45490, CVE-2024-45491, and CVE-2024-45492.
<!-- 2024/09/04 -->
<li>Set highest cpuid feature leaf based on host spu in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, fixing Linux guests on older Intel hardware.
<li>Removed <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> '-r' command line option.
<li>Updated unbound to 1.21.0.
<li>Added a workaround for vnode reuse bug resulting in a panic: vop_generic_badop.
<!-- 2024/09/03 -->
<li>Prevented VPID leakage in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> by allocating at vcpu init.
<!-- 2024/09/02 -->
<li>Allowed the <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> "include" directive to expand the same set of %-tokens that "Match Exec" and environment variables.
<li>Introduced revamped Greek <a href="https://man.openbsd.org/sshd_config.6">sshd_config(6)</a>.
<li>Added experimental support for hybrid post-quantum key exchange ML-KEM768 with ECDH/X25519 (disabled by default).
<!-- 2024/09/01 -->
<li>For AMD SEV, provided <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> in <a href="https://man.openbsd.org/ccp.4">ccp(4)</a> to shutdown guest.
<li>Pledged "vmm" for <a href="https://man.openbsd.org/ccp.4">ccp(4)</a> <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a>.
<!-- 2024/08/31 -->
<!-- 2024/08/30 -->
<li>Introduced <a href="https://man.openbsd.org/rport.4">rport(4)</a> for p2p I3 connectivity between route domains.
<!-- 2024/08/29 -->
<li>Made <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> display statistics about expensive mbuf operations, counting operations used to allocate mbufs or copy memory when memory layout is not optimal to find possible optimizations.
<li>Made <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> periodically reinitialize RRDP sessions to snapshot at random intervals, helping with garbage collection.
<!-- 2024/08/28 -->
<li>Prevented dropped packets from vio_encap() when using bounce buffers by defragmenting mbuf and trying again.
<li>Enabled per-cpu page cache on alpha.
<li>Fixed the <a href="https://man.openbsd.org/sed.1">sed(1)</a> case where the pattern space is empty but does not start with a NUL character, which might occur after using the D command.
<li>Fixed underlying pkey of RSA-PSS.
<!-- 2024/08/27 -->
<li>Prevented frequent disconnect/reconnect cycles with various PixArt/Logitech USB mice.
<li>Enabled AMD SEV support in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
<li>Displayed hyperlinks in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode and added copy_cursor_hyperlink format to get the hyperlink under the cursor.
<li>Added search_count and search_count_partial formats in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> copy mode.
<!-- 2024/08/26 -->
<!-- 2024/08/25 -->
<!-- 2024/08/24 -->
<li>Removed uvm_km_alloc(9) and uvm_km_allock1(9).
<!-- 2024/08/23 -->
<li>Replaced the last pieces of the original OpenBSD, dropping the Greek <a href="https://man.openbsd.org/sshd_config.6">sshd_config(6)</a> in favor of one about galley parts to match the Ship of Theseus theme.
<li>Enabled per-cpu page cache on mips64.
<li>Switched alpha to MI mplock code.
<!-- 2024/08/22 -->
<li>Deleted support for the older "zlib" negotiable compression support which had been left in place in OpenSSH to allow negotiation with non-OpenSSH daemons which lack a replacement delayed-compression option like "zlib@openssh.com" where compression begins after authentication.
<li>Unlocked ipip_sysctl().
<li>Introduced sysctl_securelevel() to modify 'securelevel' mp-safe. Made sysctl_securelevel_int() mp-safe. Unlocked KERN_ALLOWDT.
<li>Fixed merge of bounce buffer segments in amd64 bus dma.
<!-- 2024/08/21 -->
<li>Made <a href="https://man.openbsd.org/gprof.1">gprof(1)</a> output more compact.
<li>Unlocked ipip_sysctl().
<!-- 2024/08/20 -->
<li>Supported building a single packet out of multiple rx descriptors in <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
<li>Improved bus_dmamap_syncs for rx ring descriptors on <a href="https://man.openbsd.org/rge.4">rge(4)</a> hardware.
<li>Revamped <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> extended keys support to more closely match xterm1 and support mode 2 as well as mode 1.
<li>Added mirrored versions of the main-horizontal and main-vertical layouts when the <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> main pane is bottom or right instead of top or left.
<li>Unlocked KERN_MAXFILES.
<li>Fixed hanging network transmits when bounce buffers are enforced for <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
<li>Unlocked KERN_MAXPROC and KERN_MAXTHREAD from kern_vars.
<li>Unlocked etherip_sysctl().
<li>Unlocked igmp_sysctl(), pfsync_sysctl() and rip_sysctl().
<li>Unlocked sysctl_audio().
<!-- 2024/08/19 -->
<li>Prevented exposure of ssh1 key material in coredumps, etc. by placing shielded keys into memory allocated using <a href="https://man.openbsd.org/mmap.3">mmap(3)</a> with MAP_CONCEAL set.
<li>Fixed <a href="https://man.openbsd.org/cron.8">cron(8)</a> CVE-2024-43688: buffer underflow for very large step values.
<li>Enabled MXT_T7_POWER_MODE_DEEP_SLEEP for <a href="https://man.openbsd.org/iatp.4">iatp(4)</a>.
<li>Allowed REP to work with Unicode characters in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
<li>Retired inet_aton(3).
<!-- 2024/08/18 -->
<li>Ensured <a href="https://man.openbsd.org/softraid.4">softraid(4)</a> sensors are unregistered when the volumes are removed.
<li>Corrected <a href="https://man.openbsd.org/pms.4">pms(4)</a> child activate functions calling.
<li>Corrected audio drivers to inform children about suspend/resume related events.
<li>Added Meteor Lake support to <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>.
<li>Fixed an issue with hardware that sends an interrupt in response to a reset request when a level-triggered interrupt is used.
<li>Made task pool private for each instance of <a href="https://man.openbsd.org/apldcp.4">apldcp(4)</a> attached to DCP to avoid panic due to initializating the pool again.
<li>Prevented livelocks on amd64 by avoiding caching pages belonging to memory ranges with a 'use' count to keep low pages available and avoid their exhaustion.
<li>Plugged a memory leak in <a href="https://man.openbsd.org/qwx.4">qwx(4)</a>.
<!-- 2024/08/17 -->
<li>When resuming, run usb_attach_roothub() in DVACT_WAKEUP rather than DVACT_RESUME.
<li>Began printing "S0ix" instead of "S0" on the acpi: sleep states line when FADT indicates FADT_POWER_S0_IDLE_CAPABLE, assuming that for these machines the vendors agree S0 suspend is as good or better than S3.
<li>Skipped a FADT check on OpenBSD to prevent the GPU (and display) from remaining on in suspend-to-idle on some machines.
<li>Used the ACPI sleep state to determine whether to use the suspend or hibernate code paths in <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>, fixing (un)hibernate after changes to S0/S3.
<li>Allowed PPP interface to run in an rdomain and get a default route installed in the same routing domain.
<li>Fixed a <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> interrupt storm during resume.
<li>Fixed swapping of source and destination addresses in some <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> log messages.
<!-- 2024/08/16 -->
<li>Added missing child activate handling in <a href="https://man.openbsd.org/iatp.4">iatp(4)</a>.
<li>Eliminated some resume-hangs on <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> chips.
<li>Corrected <a href="https://man.openbsd.org/dwiic.4">dwiic(4)</a> to inform children of suspend/resume events and prevent sub-drivers racing against dwiic hardware re-initialization.
<li>Skipped Controller Save State (CSS) and Controller Restore State (CRS) on AMD 17h/1xh xHCI to avoid problem with resume after introduction of CRS to <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>.
<li>Added pledge and unveil to <a href="https://man.openbsd.org/rpcinfo.8">rpcinfo(8)</a>.
<li>Unlocked divert_sysctl() and divert6_sysctl().
<li>Atomically modify `hthreads' and move proc_free() out of KERNEL_LOCK().
<!-- 2024/08/15 -->
<li>Made <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> restore the saved state upon resume, needed for newer Intel xHCI controllers.
<li>Added BIOCSETFNR to <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>, like BIOCSETF without resetting the buffer or stats.
<!-- 2024/08/14 -->
<li>Introduced "rde rib Loc-RIB include filtered", a feature that includes filtered prefixes in the Loc-RIB, visible using bgpctl.8 show rib filtered. Added filtered support to <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>.
<li>Implemented bounce buffering for AMD SEV in amd64 bus dma.
<li>Pushed kernel lock down to net_sysctl() and mpls_sysctl().
<li>Introduced <a href="https://man.openbsd.org/qwz.4">qwz(4)</a>, a port of the Linux ath12k driver.
<li>Made sysctl_int() and sysctl_int_lower() mp-safe and unlocked KERN_HOSTID.
<li>Modified miniroot install instructions to reflect Apple machines can now also use USB type-A ports for installation.
<!-- 2024/08/13 -->
<li>Disabled interrupts more aggressively in DVACT_QUIESCE and DVACT_SUSPEND in <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to address false interrupts seen during S0 resume.
<li>Made <a href="https://man.openbsd.org/acpi.4">acpi(4)</a> use ACPI_WAK upon resume, potentially improving S3 resume on some rare machines.
<li>Fixed a bug in <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> .Ql handling which could corrupt output.
<li>Sync full virtqueue on <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> device reset.
<!-- 2024/08/12 -->
<li>Added -CRLfile option to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> cms, allowing verification of certs in a CMS object against additional CRLs.
<li>Run network protocol timer without kernel lock. TCP timers also run without kernel lock now. The whole TCP stack holds exclusive net lock, so additional kernel lock is useless.
<li>Implemented <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> report response for proc-filters as with built-in filters.
<li>Added a 'min-version' <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> RTR config option and defaulted to RTR version 1, ensuring a session cannot be suddenly downgraded. Made <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> print min-version of an RTR session.
<li>Attempted to leave a gap on the tx ring for <a href="https://man.openbsd.org/rge.4">rge(4)</a>/<a href="https://man.openbsd.org/re.4">re(4)</a> to keep entries on the ring from being overwritten, preventing confusion of the chip and the tx completion code.
<li>Removed <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> from the amd64 floppy.
<!-- 2024/08/11 -->
<li>Updated x11perf to 1.7.0.
<li>Fixed an <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> crash when printing decreased intensity unicode right quote using bit-mapped fonts.
<li>Made exit1() wait for <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> 'allprocess' loops to prevent possible kernel crash due to concurrent process exit1().
<li>Provided a per-architecture crypto_arch.h, to be used in a smiliar manner to bn_arch.h and allow for architecture-specific #defines and static inline functions.
<!-- 2024/08/10 -->
<li>Modified <a href="https://man.openbsd.org/igc.4">igc(4)</a> to allow use of jumbo frames while supporting strict alignment architectures.
<li>Fixed TX descriptors DMA syncs in <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> issues after resume by giving some AMD Ryzen hHCI controllers the extra time they need to transition from D3 into D0.
<!-- 2024/08/09 -->
<li>Improved config validation with <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> -n to prevent incompatibility with <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
<li>Added 2024 root zone trust anchor to <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
<li>Enabled GuC authentication of the HEVC/H.265 micro Controller (required for Low Power Encoding with the Intel Media Driver for VAAPI.
<!-- 2024/08/08 -->
<li>Unlocked KERN_MSGBUFSIZE and KERN_CONSBUFSIZE.
<li>Made <a hintelmpcf="https://man.openbsd.org/intelmpc.4">intelmpc(4)</a> print information about the residency counters advertised in the LPIT table.
<!-- 2024/08/07 -->
<li>Moved to 7.6-beta.
<!-- 2024/08/06 -->
<li>Unlocked udpctl_vars.
<li>Added code to handle EC events while suspended and registered the <a href="https://man.openbsd.org/acpibtn.4">acpibtn(4)</a> notify handlers as wakeup AML notify handlers, going back to sleep immediately if woken up for any other EC event.
<li>Ensured some Intel <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> controllers fully power down by issuing a "save state" command on suspend.
<li>Unlocked <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> net.inet.ip.directed-broadcast.
<li>Made the eMMC come up reliably on the RK3588 eMMC controller by resetting the status before executing a new command.
<li>Unlocked KERN_CLOCKRATE.
<li>Stopped using KERNEL_LOCK to protect the per process <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> list.
<!-- 2024/08/05 -->
<li>Restricted the <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> maximum wait time to 5 minutes.
<li>Unlocked KERN_BOOTTIME.
<li>Fixed reporting of critical battery state.
<li>Added battery sensors to <a href="https://man.openbsd.org/qcpas.4">qcpas(4)</a>.
<li>Fixed bridging IPv6 fragments with pf4 reassembly in <a href="https://man.openbsd.org/veb.4">veb(4)</a> and <a href="https://man.openbsd.org/bridge.4">bridge(4)</a>.
<li>Unlocked most of kern_vars' variables. Unlocked KERN_SOMAXCONN and KERN_SOMINCONN.
<li>Moved to take 'sysctl_lock' before kernel lock.
<!-- 2024/08/04 -->
<li>Updated libXtst to 1.2.5.
<li>Updated freetype to 2.13.2.
<li>Updated libX11 to 1.8.10.
<li>Added battery status support for the X1E80100.
<li>Introduced <a href="https://man.openbsd.org/intelpmc.4">intelpmc(4)</a>, a driver for the power management controller found on various Intel SoCs.
<!-- 2024/08/03 -->
<li>Updated <a href="https://man.openbsd.org/awk.1">awk(1)</a> to the July 28, 2024 version.
<!-- 2024/08/02 -->
<li>Fixed legacy protocol parsing in libtls.
<li>Pushed the kernel lock down to <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
<li>Fixed an issue with power-off of <a href="https://man.openbsd.org/xhci.4">xhci(4)</a> controllers.
<!-- 2024/08/01 -->
<li>Removed kernel lock from socket splice idle timeout.
<li>Bumped libsndio pkg-config version to 1.10.0.
<li>Fixed possible <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> crashes caused by a global table overread triggered by the client.
<!-- 2024/07/31 -->
<li>Added a random amount of time (up to 4 seconds) to the grace login time in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Added <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> at fdt support, allowing boot of the Samsung Galaxy Book4 Edge in DT mode.
<!-- 2024/07/30 -->
<li>Made the Samsung Galaxy Book4 Edge (x1e80100) boot in ACPI mode.
<!-- 2024/07/29 -->
<li>Set the target ACPI to S5 when powering down i386 and amd64 machines, rather than attempting to put devices into the D3 power state.
<li>Fixed dowait6() handling for multithreaded processes where the main thread has exited.
<!-- 2024/07/28 -->
<li>Added check in <a href="https://man.openbsd.org/pwd_mkdb.8">pwd_mkdb(8)</a> preventing creation of a <a href="https://man.openbsd.org/passwd.5">passwd(5)</a> entry too large for <a href="https://man.openbsd.org/getpwent.3">getpwent(3)</a>.
<li>Added <a href="https://man.openbsd.org/env.1">env(1)</a> "-u name" to remove a variable from the environment.
<!-- 2024/07/27 -->
<!-- 2024/07/26 -->
<li>Allowed running UDP input on multiple CPU in parallel.
<!-- 2024/07/25 -->
<li>Fixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> proxy multiplexing (-O proxy) bug that could crash the connection.
<li>Made <a href="https://man.openbsd.org/qcpas.4">qcpas(4)</a> explicitly request battery status updates and estimate the remaining battery (charge) time by using the reported rate.
<li>Updated xterm to 393.
<!-- 2024/07/24 -->
<li>Used a different mutex to protect the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> klist in logsoftc to keep log_mtx a leaf lock and let <a href="https://man.openbsd.org/printf.9">printf(9)</a> be used in most contexts again.
<!-- 2024/07/23 -->
<li>Fixed a bug where <a href="https://man.openbsd.org/sasyncd.8">sasyncd(8)</a> couldn't restore SAs.
<li>Fixed <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> failure to attach when interface number and interface index do not match and the wrong interface is claimed.
<li>Fixed delayed level setting on <a href="https://man.openbsd.org/audio.4">audio(4)</a> devices.
<!-- 2024/07/22 -->
<!-- 2024/07/21 -->
<li>Populated arm64 hwcap and hwcap2 based on recognized feature bits and sanitized values of the ID register values.
<li>Exported basic HWCAP bits to let applications detect Altivec and VSX on powerpc64.
<li>Exported basic HWCAP bits to let applications detect Altivec on powerpc.
<li>Added optimized character rendering case for 6 pixel wide fonts in rasops32_putchar().
<!-- 2024/07/20 -->
<li>Unlocked <a href="https://man.openbsd.org/udp.4">udp(4)</a> somove().
<!-- 2024/07/19 -->
<li>Unlocked <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> net.inet.ip.redirect and net.inet6.ip6.redirect.
<li>Relaxed socket lock assertion in UDP input and send.
<li>Unveiled2 /etc/gettytab.db in <a href="https://man.openbsd.org/getty.8">getty(8)</a>.
<li>Enabled VA-API gallium frontend.
<li>Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing.
<!-- 2024/07/18 -->
<!-- 2024/07/17 -->
<!-- 2024/07/16 -->
<!-- 2024/07/15 -->
<li>Added an error message for <a href="https://man.openbsd.org/sed.1">sed(1)</a> -i when the file is unwritable.
<li>Made the touchpad on the Samsung Galaxy Book4 Edge work via <a href="https://man.openbsd.org/qcgpio.4">qcgpio(4)</a>.
<li>Added <a href="https://man.openbsd.org/dwmshc.4">dwmshc(4)</a> support for the RK3588 eMMC controller.
<li>Added RK3588 eMMC clocks and resets to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
<!-- 2024/07/14 -->
<li>Fixed source and drain confusion in socket splicing somove().
<li>Added <a href="https://man.openbsd.org/radiusd_file.8">radiusd_file(8)</a> module, providing authentication by a local file.
<li>Added missing function <a href="https://man.openbsd.org/wcsnlen.3">wcsnlen(3)</a> (<a href="https://man.openbsd.org/wcslen.3">wcslen(3)</a> with a max len argument).
<li>Made <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> update the host cr3 in the vmcs to allow <a href="https://man.openbsd.org/vmx.4">vmx(4)</a> to restore the proper cr3 value on the next vm exit.
<li>Ensured users can define tables inside an anchor correctly in <a href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a>.
<li>Unlocked IPv6 <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> net.inet.ip6.forwarding from net lock.
<li>Added <a href="https://man.openbsd.org/elf_aux_info.3">elf_aux_info(3)</a>, designed to let userland peek at AT_HWCAP and AT_HWCAP2, using an interface from FreeBSD.
<!-- 2024/07/13 -->
<li>Ensured <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> can achieve RC6 and save a significant amount of power for SOi.
<li>Added RADIUS support to <a href="https://man.openbsd.org/iked.8">iked(8)</a>, including authentication, accounting and "Dynamic Authorization Extensions" (DAE).
<li>Marked IP protocol GRE as MP safe from socket layer.
<li>Stopped storing full IPv6 packet in common forwarding case.
<!-- 2024/07/12 -->
<li>Removed internet PCB mutex.
<li>Rewrote <a href="https://man.openbsd.org/dd.1">dd(1)</a> bytes/sec calculation to make signal handler safe on OpenBSD.
<li>Switched 'so_snd' of <a href="https://man.openbsd.org/udp.4">udp(4)</a> sockets to the new locking scheme.
<li>Fixed a potential race condition in <a href="https://man.openbsd.org/apldcp.4">apldcp(4)</a> where the screen could stay dark instead of waking up from suspend.
<li>Removed the net lock from <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> net.inet.ip.forwarding.
<!-- 2024/07/11 -->
<li>Used atomic operations to access integers in <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a>.
<li>Added Dynamic Authorization Extensions (DAE) for RADIUS server to <a href="https://man.openbsd.org/npppd.8">npppd(8)</a>.
<li>Used FEAT_RNG to feed entropy into the random subsystem on arm64 as on amd64.
<li>Updated libxcb to 1.17.0.
<li>Updated xcb-proto to 1.17.0.
<li>Updated appres to 1.0.7.
<!-- 2024/07/10 -->
<li>Added the flags NOPERM, STALLED, SWAPPABLE and DOOMED to <a href="https://man.openbsd.org/pstat.1">pstat(1)</a> -v output.
<li>Implemented support for deeper idle states offered by PSCI. (This reduces the idle power usage of the Vivobook S15 by almost 50%).
<li>Hooked up the Qualcomm UEFI Secure Application that handles EFI variables to <a href="https://man.openbsd.org/efi.4">efi(4)</a> to allow access to EFI variables through ioctls on /dev/efi.
<li>Updated libX11 to 1.8.9.
<!-- 2024/07/09 -->
<li>Introduced <a href="https://man.openbsd.org/radiusd_ipcp.8">radiusd_ipcp(8)</a>, a module providing IP configuration which manages the IP address pool.
<li>Added handling for C-u modifier in M-! and M-| to <a href="https://man.openbsd.org/mg.1">mg(1)</a>.
<li>Updated xcb-util-cursor to 0.1.5.
<li>Updated libXmu to 1.2.1.
<li>Updated libXext to 1.3.6.
<li>Updated libXdmcp to 1.1.5.
<li>Updated libXcursor to 1.2.2.
<li>Updated libXaw to 1.0.16.
<li>Implemented MSI multiple-vector support in <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a>.
<li>Enabled namespaced builds by default for libssl and libcrypto.
<!-- 2024/07/08 -->
<li>Fixed <a href="https://man.openbsd.org/mg.1">mg(1)</a> auto-indent-mode with custom tab widths.
<li>Prevented rewriting /etc/rc.conf.local unconditionally.
<li>Reworked per proc and per process time usage accounting, removing a SCHED_LOCK() dependency.
<!-- 2024/07/07 -->
<li>Removed SPKAC <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> subcommand.
<!-- 2024/07/06 -->
<!-- 2024/07/05 -->
<li>Skipped the non-working switch port (cnmac2) on the 5-ports EdgeRouter POE.
<!-- 2024/07/04 -->
<li>Implemented <a href="https://man.openbsd.org/qcspmi.4">qcspmi(4)</a> support for version 7 controllers.
<li>Added <a href="https://man.openbsd.org/qcgpio.4">qcgpio(4)</a> support for the ACPI PCIO pins necessary to support the keyboard, touchpad and touchscreen on the Qualcomm Snapdragon X Elite (X1E80100) laptops Asus Vivobook S15 and Lenovo Yoga Slim 7x.
<li>Implemented IPv6 forwarding IPsec only.
<!-- 2024/07/03 -->
<li>Mapped BUS_SPACE_MAP_PREFETCHABLE to Normal-NC on arm64, speeding up framebuffer access significantly.
<!-- 2024/07/02 -->
<li>Added Qualcomm Snapdragon X Elite (X1E80100) support.
<!-- 2024/07/01 -->
<li>Added support for the numpad on newer macppc Apple Powerbooks with <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>, with Num Lock set as Fn+F6.
<li>Added support for RADIUS accounting configurable in <a href="https://man.openbsd.org/radiusd.conf.5">radiusd.conf(5)</a>.
<li>Changed <a href="https://man.openbsd.org/radiusd.conf.5">radiusd.conf(5)</a> syntax for "module" to take a {} block and "authentication" to go without. Specifying a "module" path is now optional.
<li>Prevented OFW crash if temperature for a zone can't be read while polling it.
<li>Modified IPCP to use {D,NB}NS servers from RADIUS.
<!-- 2024/06/30 -->
<li>Moved to openssh-9.8.
<li>Retired <a href="https://man.openbsd.org/OpenBSD-7.5/dhclient.8">dhclient(8)</a>.  <a href="https://man.openbsd.org/dhcpleased.8">dchpleased(8)</a> now handles IPv4 DHCP lease acquisition.
<li>Added <a href="https://man.openbsd.org/rge.4">rge(4)</a> support for the Realtek RTL8126 chip.
<!-- 2024/06/29 -->
<li>Disabled <a href="https://man.openbsd.org/unwind.8">unwind(8)</a> shared cache between resolvers to prevent segfault after libunbound update.
<!-- 2024/06/28 -->
<!-- 2024/06/27 -->
<!-- 2024/06/26 -->
<li>Pushed socket re-lock to the <a href="https://man.openbsd.org/vnode.9">vnode(9)</a> release path within unp_detach().
<!-- 2024/06/25 -->
<li>Implemented RSA key exchange in constant time.
<li>Implemented sleep button and EC events as wakeup events in <a href="https://man.openbsd.org/acpi.4">acpi(4)</a>.
<!-- 2024/06/24 -->
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> "refresh-client -r" for control mode clients to provide OSC 10 and 11 responses to tmux so they can set the default foreground and background colors.
<li>Made <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> forward AC change notifications to <a href="https://man.openbsd.org/acpiac.4">acpiac(4)</a>, giving access to programs like <a href="https://man.openbsd.org/apm.8">apm(8)</a>.
<li>Added AMD SEV-related information provided by cpuid to <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a>.
<!-- 2024/06/23 -->
<li>Add support for ACPI firmware that provides the base address of individual GIC redistributors in the per-CPU GIC MADT table entries.
<li>Added RK3588 support to <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>.
<li>Enabled EPAN when available on arm64.
<!-- 2024/06/22 -->
<!-- 2024/06/21 -->
<!-- 2024/06/20 -->
<li>Allowed the EFI devicetree fixup protocol to specify the amount of space needed.
<li>Stopped sending ICMP redirect when IP forwarding is IPsec-only.
<li>Protected global vm and vcpu state in <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> with mutex.
<li>Enabled uvm percpu caches on luna88k.
<!-- 2024/06/19 -->
<!-- 2024/06/18 -->
<li>Used BUILDINFO to make sure <a href="https://man.openbsd.org/sysupgrade.1">sysupgrade(1)</a> doesn't install an older snapshot over a newer one.
<!-- 2024/06/17 -->
<li>Ensured loading a device tree using the "mach dtb" command gives firmware a chance to make modifications by using the EFI devicetree fixup protocol.
<li>Disabled the DSA signature algorithm by default.
<li>Added a "log" option to <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a> rules.
<li>Made <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> host handle disable/enable commands from <a href="https://man.openbsd.org/relayctl.8">relayctl(8)</a> correctly in case multiple redirect instances use the same host in <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> tables.
<!-- 2024/06/16 -->
<!-- 2024/06/15 -->
<!-- 2024/06/14 -->
<li>Switched AF_ROUTE sockets to the new locking scheme.
<li>Ignored universal ctags extended metadata in tagaddress, making <a href="https://man.openbsd.org/mg.1">mg(1)</a> search patterns work again.
<li>Made arc4random() depend on fewer subsystems by decoupling extract_entropy() from the enqueue_randomness() logic.
<!-- 2024/06/13 -->
<li>Made ssh-<a href="https://man.openbsd.org/keyscan.1">keyscan(1)</a> host/banner comments go to stderr instead of stdout and added a -q flag to silence them.
<li>Updated unbound to 1.20.0.
<li>Enabled uvm percpu caches on sparc64.
<!-- 2024/06/12 -->
<li>Split ssh PerSourcePenalties address tracking to use separate tables and optionally different overflow policies, preventing misbehavior from IPv6 addresses from affecting IPv4 connections.
<li>Added support for the AMD Platform Security Processor (PSP) to <a href="https://man.openbsd.org/ccp.4">ccp(4)</a>.
<li>Added RK3588 support to <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a>.
<!-- 2024/06/11 -->
<li>Avoided powering down PCI devices when rebooting (satisfying some machines).
<li>Enabled UVM percpu cache on riscv64.
<li>Clamped CPU clock frequencies to [min,max] range when determining the initial perflevel for arm, arm64 and riscv64.
<li>Added RK3588 TSADC clocks and resets to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
<!-- 2024/06/10 -->
<li>Enabled TCP Large Receive Offload in <a href="https://man.openbsd.org/vio.4">vio(4)</a> and introduced the guest offload feature to turn LRO off/on.
<li>Allowed multiple EKU OIDs for BGPsec certs in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<li>Fixed a bug in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> for BGPsec Router certs where key usage was ignored.
<!-- 2024/06/09 -->
<li>Introduced IFCAP_VLAN_HWOFFLOAD for <a href="https://man.openbsd.org/vio.4">vio(4)</a> to signal handware can handle checksum or TSO offloading with inline VLAN tags.
<li>Introduced a new <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> K_AUTH service to allow offloading the credentials to a table for non-<a href="https://man.openbsd.org/crypt.3">crypt(3)</a> authentication.
<li>Included BUILDINFO file in the iso/img files and installed it in the miniroot if available.
<li>Made <a href="https://man.openbsd.org/security.8">security(8)</a> silently ignore setuid changes in relinked binaries to reduce false positives.
<!-- 2024/06/08 -->
<li>Improved <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> x509_get_purpose() to recognize TA and EE certs in addition to differentiating between CA and BGPsec Router certs.
<li>Stopped <a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> from enforcing the next version key if installing a snapshot.
<!-- 2024/06/07 -->
<li>Ensured the deepest possible C-state is selected during suspend-to-idle on amd64 and i386.
<li>Enabled TCP Large Receive Offload in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a>.
<li>Reworked <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> trust anchor handling to prevent replay attacks where a man in the middle could supply valid TA certificates with outdated internet number resources.
<!-- 2024/06/06 -->
<li>Enabled PerSourcePenalties by default in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Added <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> ability to penalize problematic client behavior with penalties of increasing duration against the client'by enabling <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> option PerSourcePenalties. PerSourcePenaltyExemptList can be used to specify certain address ranges to exempt from penalties.
<!-- 2024/06/05 -->
<li>Added support for VLAN tag offloading to <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
<!-- 2024/06/04 -->
<li>Enabled -fret-clean on amd64 for libc, libcrypto, ld.so, kernel, and all the ssh tools.
<li>Added hibernation support for <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
<li>Enabled hibernate/resume to <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> disks with 4096 byte sectors.
<li>Ensured concurrent calls to dequeue_randomness() will use some different events.
<!-- 2024/06/03 -->
<!-- 2024/06/02 -->
<li>Added -fret-clean option (amd64 and i386 only at first) to the compiler, defaulting to off. This causes the caller to clean the return address off the stack after a callq completes.
<li>Changed pledge, MAP_STACK and pinsyscall failures to use <a href="https://man.openbsd.org/uprintf.9">uprintf(9)</a> rather than writing into <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a>.
<li>Introduced <a href="https://man.openbsd.org/dhcp6leased.8">dhcp6leased(8)</a>, a daemon to manage IPv6 prefix delegations.
<!-- 2024/06/01 -->
<li>Updated to xorgproto 2024.1.
<li>Fixed <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> server.device entries disappearing when usb devices are unplugged while in use.
<!-- 2024/05/31 -->
<li>Made <a href="https://man.openbsd.org/rad.8">rad(8)</a> honor prefixes delegated by DHCPv6.
<li>Added a warning when the deprecated <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> -r option is passed.
<!-- 2024/05/30 -->
<li>Ensured pmap_create() waits in the case of kernel virtual space shortage.
<!-- 2024/05/29 -->
<li>Fixed WEP on <a href="https://man.openbsd.org/athn.4">athn(4)</a> USB hostap, preventing potential "key not installed for sw crypto" panic.
<li>Added an implementation of "suspend-to-idle" on amd64, enabling suspend on machines that don't support S3.
<li>Converted SCHED_LOCK from a recursive kernel lock to a mutex.
<!-- 2024/05/28 -->
<li>Reworked the pmap ASID handling to not require the SCHED_LOCK.
<li>Added a reset attempt for <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> devices when firmware crashes.
<li>Made <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> offload TKIP and CCMP crypto to hardware, fixing ARP and IPv6 multicast with WPA2.
<!-- 2024/05/27 -->
<!-- 2024/05/26 -->
<li>Fixed suspend/resume for <a href="https://man.openbsd.org/ums.4">ums(4)</a> and <a href="https://man.openbsd.org/umt.4">umt(4)</a>.
<li>Prevented rkpmic4 power down after resume initiated by pressing the power button.
<li>Added <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> support for configuring sleep voltage settings based on device tree settings for the RK809.
<li>Implemented wakeup interrupts on amd64.
<!-- 2024/05/25 -->
<!-- 2024/05/24 -->
<li>Added "N" to search backwards in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> tree modes.
<li>Added support for NVMe passthrough commands to allow software to get information about <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> disks.
<li>Added <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> support for suspend/resume.
<li>Fixed <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> TCP-state not being updated for destination connection peer and reduced excessive pfsync traffic.
<li>Enabled UFS "Auto-Hibernation" in <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
<!-- 2024/05/23 -->
<li>Added support for Quectel EM060K to <a href="https://man.openbsd.org/umb.4">umb(4)</a>.
<!-- 2024/05/22 -->
<li>Added <a href="https://man.openbsd.org/mwx.4">mwx(4)</a> support for MT7922.
<li>Fixed in-place decryption for EVP_chacha20_poly1305(), fixing hangs during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256.
<!-- 2024/05/21 -->
<!-- 2024/05/20 -->
<!-- 2024/05/19 -->
<li>Mapped MSI-X in addition to MSI and INTx on <a href="https://man.openbsd.org/rge.4">rge(4)</a>.
<!-- 2024/05/18 -->
<!-- 2024/05/17 -->
<li>Switched AF_KEY sockets to the new locking scheme.
<li>Used <a href="https://man.openbsd.org/pathconfat.2">pathconfat(2)</a> to compare mtimes for the <a href="https://man.openbsd.org/pax.1">pax(1)</a> -u and -Z options when the target is "too old."
<li>Turned sblock() to sb_lock <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> wrapper for all sockets. With this unification, sblock() should always be taken before solock() in all involved paths.
<li>Added <a href="https://man.openbsd.org/pathconfat.2">pathconfat(2)</a>: <a href="https://man.openbsd.org/pathconf.2">pathconf(2)</a> but with at-fd and flags arguments, the latter supporting the ability to get timestamp resolution of symlinks.
<li>Made <a href="https://man.openbsd.org/rad.8">rad(8)</a> send source link-layer address option in router advertisements, preventing Apple devices from installing an unusable default route.
<li>Fixed signal handling and locking in <a href="https://man.openbsd.org/vio.4">vio(4)</a> sysctl path.
<!-- 2024/05/16 -->
<li>Created a new style relink-kit for <a href="https://man.openbsd.org/sshd-sesion.8">sshd-sesion(8)</a>.
<li>Fixed IPsec in use with IP forwarding 2 logic.
<!-- 2024/05/15 -->
<!-- 2024/05/14 -->
<li>Added CH9102 support to <a href="https://man.openbsd.org/uchcom.4">uchcom(4)</a>.
<li>Updated to perl-5.38.2.
<li>Ensured giving UTF-8 command line arguments to <a href="https://apropos.openbsd.org/apropos.1">apropos(1)</a> allows searching in UTF-8 and ISO-Latin-1 encoded manual pages if the <a href="https://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> was built makewhatis -T utf8.
<!-- 2024/05/13 -->
<li>Ignored button events for the first ten seconds after resume to prevent some ACPI implementations from initiating a power down.
<li>Updated libpciaccess to 0.18.1.
<li>Added <a href="https://man.openbsd.org/bio.4">bio(4)</a> support to <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>.
<li>Implemented hardware masking for MSI and MSI-X on amd64.
<!-- 2024/05/12 -->
<li>Added support for using the power button function of the RK809 to <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a>.
<li>Made <a href="https://man.openbsd.org/installboot.8">installboot(8)</a> run again after <a href="https://man.openbsd.org/fw_update.8">fw_update(8)</a> on Apple silicon to pick up Apple boot firmware.
<!-- 2024/05/11 -->
<li>Used %b to format amd64 cpu flag info in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> to include raw values and streamlined display of flag information.
<!-- 2024/05/10 -->
<li>Fixed a problem in <a href="https://man.openbsd.org/pax.1">pax(1)</a> where the file list output was fully-buffered when used as part of a pipeline.
<li>Unlocked <a href="https://man.openbsd.org/sigsuspend.2">sigsuspend(2)</a> and __thrsigdivert syscalls.
<!-- 2024/05/09 -->
<li>Enabled <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> on amd64.
<li>Added missing error checks to all calls under libexec and sbin in case of <a href="https://man.openbsd.org/ctime.3">ctime(3)</a> and <a href="https://man.openbsd.org/ctime.3">ctime_r(3)</a> failures when timestamps are far off.
<!-- 2024/05/08 -->
<li>Suppressed cache-info <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> lines when they are identical to the previous CPU (amd64).
<li>Forced MSS of TSO packets in hardware supported range in <a href="https://man.openbsd.org/ixl.4">ixl(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> monitor mode after firmware update.
<li>Prevented firmware panic when <a href="https://man.openbsd.org/iwx.4">iwx(4)</a> runs in monitor mode with addresses configured on the interface and leaving 11n/11ac mode directly for monitor mode.
<!-- 2024/05/07 -->
<li>Added <a href="https://man.openbsd.org/smtpd-tables.7">smtpd-tables(7)</a>, an API to implement <a href="https://man.openbsd.org/table.5">table(5)</a> for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>.
<!-- 2024/05/06 -->
<li>Added support for Tx checksum offloading to <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
<!-- 2024/05/05 -->
<li>Exposed <a href="https://man.openbsd.org/igc.4">igc(4)</a> hardware counters to <a href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
<!-- 2024/05/04 -->
<li>Updated <a href="https://man.openbsd.org/awk.1">awk(1)</a> to the May 4, 2024 version.
<li>Added TSO capabilities to <a href="https://man.openbsd.org/igc.4">igc(4)</a>.
<!-- 2024/05/03 -->
<li>Pushed solock() down to sosend() and removed it from soreceive() paths for <a href="https://man.openbsd.org/unix.4">unix(4)</a> sockets.
<li>Fixed <a href="https://man.openbsd.org/qwx.4">qwx(4)</a> display in <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> showing a mix of 802.11 modes after switching APs.
<li>Made <a href="https://man.openbsd.org/witness.4">witness(4)</a> display lock cycles longer than two locks.
<li>Made "show witness" display <a href="https://man.openbsd.org/witness.4">witness(4)</a> lock subtypes.
<li>Added support for Rx checksum offloading to <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
<!-- 2024/05/02 -->
<li>Made <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> discover new devices on SIGHUP and switch if a new device is higher priority (greater -F option number) than the current device.
<li>Aligned CRL and CSR version printing with certs.
<li>Fixed <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> IPv6 address parsing in file-backed <a href="https://man.openbsd.org/table.5">table(5)</a>.
<li>Added <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> "status -r" to limit the output of "vmctl status" to only running VMs.
<!-- 2024/05/01 -->
<li>Added per-CPU caches to the pmemrange allocator.
<!-- 2024/04/30 -->
<li>Pushed solock() down to sosend() for SOCK_RAW sockets.
<li>Fixed <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a> home-directory extension implementation.
<!-- 2024/04/29 -->
<li>Enabled <a href="https://man.openbsd.org/em.4">em(4)</a> on powerpc64.
<li>Dropped the <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> and <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> "continue" flag to simplify running a vcpu.
<!-- 2024/04/28 -->
<li>Allowed writing buffers larger than BUFSIZ or st_blksize, vastly improving write performance.
<li>Updated libxkbfile to 1.1.3.
<li>Updated libXvMC to 1.0.14.
<li>Updated libfontenc to 1.1.8.
<li>Updated util-macros to 1.20.1.
<li>Updated makedepend to 1.0.9.
<li>Updated gccmakedep to 1.0.4.
<li>Updated font-util to 1.4.1.
<li>Updated encodings to 1.1.0.
<li>Updated xorg-docs to 1.7.3.
<li>Updated xsm to 1.0.6.
<li>Updated xrefresh to 1.1.0.
<li>Updated xprop to 1.2.7.
<li>Updated xpr to 1.2.0.
<li>Updated xmore to 1.0.4.
<li>Updated xmessage to 1.0.7.
<li>Updated xlsfonts to 1.0.8.
<li>Updated xload to 1.2.0.
<li>Updated xkbutils to 1.0.6.
<li>Updated xfontsel to 1.1.1.
<li>Updated xev to 1.2.6.
<li>Updated xedit to 1.2.4.
<li>Updated mkfontscale to 1.2.3.
<li>Updated xauth to 1.1.3.
<li>Updated listres to 1.0.6.
<li>Updated iceauth to 1.0.10.
<li>Updated editres to 1.0.9.
<li>Updated bitmap to 1.1.1.
<!-- 2024/04/27 -->
<li>Updated xserver to 21.1.13.
<!-- 2024/04/26 -->
<!-- 2024/04/25 -->
<li>Updated <a href="https://man.openbsd.org/awk.1">awk(1)</a> to the Apr 22, 2024 version.
<li>Added <a href="https://man.openbsd.org/boot.8">boot.conf(8)</a> "machine idle [secs]" to halt at idle passphrase prompts for <a href="https://man.openbsd.org/efi.4">efi(4)</a> systems.
<li>Masked off MAC management counter interrupts to prevent an interrupt storm in <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>.
<!-- 2024/04/24 -->
<li>Used -mno-fpu when compiling sparc64 with clang.
<li>Added display of the current line number as percentage of the total lines in <a href="https://man.openbsd.org/vi.1">vi(1)</a> ruler.
<li>Removed <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> 'announce capabilities' as neighbor config stanza.
<!-- 2024/04/23 -->
<li>Implemented RFC 4191 Default Router Preferences in <a href="https://man.openbsd.org/rad.8">rad(8)</a>.
<li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> send Host: headers with CONNECT requests when tunneling TLS over an HTTP proxy.
<!-- 2024/04/22 -->
<li>Allowed the <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a> -F flag to be used on its own.
<li>Added display of <a href="https://man.openbsd.org/pf.4">pf(4)</a> fragment reassembly counters to <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
<li>Stopped <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> from falling back to no capabilities when there is an OPEN/optional attribute error.
<!-- 2024/04/21 -->
<li>Changed <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to require -x to enable P-256 support.
<li>Implemented rule 5.5 of RFC 6724 (Default Address Selection for IPv6) to prefer addresses in a prefix advertised by the next-hop.
<li>Mandated presence of CMS signing-time and disallowed binary-signing-time in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>-client8.
<!-- 2024/04/20 -->
<!-- 2024/04/19 -->
<li>Fixed <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a> alignment issue where a DMA transfer scheduled on an odd slot would fail.
<li>Permitted null requests (aka server pings) from non-reserved ports in nfs.
<!-- 2024/04/18 -->
<!-- 2024/04/17 -->
<li>Provided crypto constant time operations for uint8_t.
<li>Synced RPKI Trust Anchor constraints to nro-delegated-stats.
<li>Set <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> to Accept: */* HTTP header.
<li>Made <a href="https://man.openbsd.org/ftp.1">ftp(1)</a> send 'Accept */*' header.
<!-- 2024/04/16 -->
<li>Switched <a href="https://man.openbsd.org/tar.1">tar(1)</a> write default format to 'pax'.
<li>Fixed reading large <a href="https://man.openbsd.org/pax.1">pax(1)</a> extended records.
<li>Added <a href="https://man.openbsd.org/tar.1">tar(1)</a> -F option to select write format.
<li>Corrected detection of 'pax' format archives in <a href="https://man.openbsd.org/pax.1">pax(1)</a> append mode.
<li>Updated Spleen kernel fonts to version 2.1.0.
<li>Fixed key share negotiation in HRR case.
<li>Prevented toctu issues in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> static file serving and auto index generation.
<li>Use route cache function in IP input.
<li>Made raw IPv4 and IPv6 sockets handle input in parallel.
<!-- 2024/04/15 -->
<li>Switched <a href="https://man.openbsd.org/pax.1">pax(1)</a> to write archives using the 'pax' format by default. Ramdisk versions will keep using ustar for writing.
<li>Added <a href="https://man.openbsd.org/scandirat.3">scandirat(3)</a> from FreeBSD.
<li>Prevented a hang when the nvme controller has disconnected from the pcie bus.
<!-- 2024/04/14 -->
<li>Removed support for the <a href="https://man.openbsd.org/less.1">less(1)</a> LESSOPEN and LESSCLOSE environment variables.
<li>Implemented support for AVX-512.
<li>Escaped newlines in file names in <a href="https://man.openbsd.org/less.1">less(1)</a>.
<!-- 2024/04/13 -->
<li>Protected <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> activation with the vmm_softc rwlock.
<!-- 2024/04/12 -->
<li>Updated nsd to 4.9.1.
<li>Updated unbound to 1.19.3.
<li>Split single TCP inpcb table into IPv4 and IPv6 parts.
<!-- 2024/04/11 -->
<li>Added <a href="https://man.openbsd.org/uchcom.4">uchcom(4)</a> support for the CH343 uart.
<li>Prevented userland change of the interface loopback flag, preventing a potential kernel crash.
<!-- 2024/04/10 -->
<li>Added <a href="https://man.openbsd.org/mcx.4">mcx(4)</a> support for media types from the extended ethernet capabilities fields, fixing a gigabit SFP in the ConnectX-6 Lx.
<li>Made TCP debug code MP safe.
<li>Implemented TCP segmentation offload for <a href="https://man.openbsd.org/vio.4">vio(4)</a>.
<li>Fixed incorrect scaling when converting disk images in <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
<li>Added <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> option allow-set-title to forbid applications from changing the pane title.
<li>Prevented a crash if focusing a pane in <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> that is exiting.
<!-- 2024/04/09 -->
<li>Allowed operators to enforce the presence of certain capabilities in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> sessions.
<li>Added PCI support for <a href="https://man.openbsd.org/ufshci.4">ufshci(4)</a>.
<li>Increased RTR PDU limit to 48k and limited number of SPAS to 10,000 in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Removed the armv7 "cubie" miniroot.
<!-- 2024/04/08 -->
<!-- 2024/04/07 -->
<li>Updated xserver to 21.1.12.
<!-- 2024/04/06 -->
<li>Communicated cache-coherent DMA status on RISC-V via flags.
<li>Restricted use of direct mapping following support of RISC-V CPUs with MMUs with memory cacheability attributes.
<li>Prevented IP multicast <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> <a href="https://man.openbsd.org/mrtmfc.2">mrtmfc(2)</a> from writing outside of allocation.
<!-- 2024/04/05 -->
<li>Used <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> to ensure libc.so is still treated as xonly with the removal of <a href="https://man.openbsd.org/msyscall.2">msyscall(2)</a>.
<li>Removed <a href="https://man.openbsd.org/msyscall.2">msyscall(2)</a>.
<!-- 2024/04/04 -->
<!-- 2024/04/03 -->
<li>Stopped grabbing the kernel lock in <a href="https://man.openbsd.org/kbind.2">kbind(2)</a>.
<li>Enabled PAC in addition to BTI on arm64 such that JIT code matches the default branch protection provided by our base compiler.
<!-- 2024/04/02 -->
<li>Implemented and enabled TSO in <a href="https://man.openbsd.org/vmx.4">vmx(4)</a>.
<li>Implemented SO_ACCEPTCONN in <a href="https://man.openbsd.org/getsockopt.2">getsockopt(2)</a>.
<li>Deleted the msyscall mechanism, now replaced by the stricter mimmutable+pinsyscalls.
<li>Updated Mesa to 23.3.6.
<!-- 2024/04/01 -->
<li>Made <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> advertise SMTPUTF8 and 8BITMIME extensions in EHLO, fixing potential interoperability issues when the real MTA supports those extensions.
<li>Fixed a crash in <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when the device is disconnected and the clients are not migrated to another device.
<li>Created new-style relink kits for <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> and <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>.
<li>Updated libexpat to 2.6.2.
<li>Enforced the <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> rules on non-static/ld.so/libc.so text segments.
<li>Added clocks for the RK3588 PWM controller to <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>.
<!-- 2024/03/31 -->
<li>Restricted <a href="https://man.openbsd.org/listen.2">listen(2)</a> to sockets of type SOCK_STREAM or SOCK_SEQPACKET.
<li>Marked 'so_rcv' sockbuf of <a href="https://man.openbsd.org/udp.4">udp(4)</a> sockets as SB_OWNLOCK.
<!-- 2024/03/30 -->
<li>Prevented recursion inside <a href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> when scheduler tracepoints are enabled.
<li>Repaired malloc operation on systems where the <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> page size is larger than the mmu page size.
<!-- 2024/03/29 -->
<li>Stopped building the objective-C compiler.
<li>Used SBI calls to reboot or power down riscv64 machine when supported by firmware.
<li>Implemented Ed25519 signatures for CMS (RFC 8419).
<!-- 2024/03/28 -->
<li>Fixed access to Alder Lake-N and Elkhart Lake eMMC.
<!-- 2024/03/27 -->
<li>Removed pinsyscall(2) now that it has been replaced by <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>.
<li>Ensured the Milk-V Pioneer serial console is found.
<li>Introduced SB_OWNLOCK to mark sockets which 'so_rcv' buffer modified outside socket lock.
<li>Added support to have <a href="https://man.openbsd.org/bcmpcie.4">bcmpcie(4)</a> as both PCIe bus and simplebus to enable use of the Raspberry Pi 5's RP1 I/O controller.
<li>Fixed a crash in <a href="https://man.openbsd.org/ls.1">ls(1)</a> -l for files with bogus timestamp values.
<!-- 2024/03/26 -->
<li>Fixed memory detection on the Milk-V Pioneer board.
<li>Implemented support for the RISC-V UEFI Boot Protocol.
<li>Implemented the chmod a-x bsd.upgrade trick in the sparc64 ofwboot bootloader.
<li>Rejected setting invalid versions for certs, CRLs and CSRs.
<li>Used 'sb_mtx' to protect 'so_rcv' buffer of unix4 sockets.
<li>Added error code support to libtls.
<!-- 2024/03/25 -->
<li>Added VLAN_HWTAGGING capability to <a href="https://man.openbsd.org/igc.4">igc(4)</a>.
<li>Unlocked <a href="https://man.openbsd.org/shutdown.2">shutdown(2)</a>.
<li>Introduced <a href="https://man.openbsd.org/rpigpio.4">rpigpio(4)</a>, a driver for the RP1 GPIO controller on the Raspberry Pi 5.
<!-- 2024/03/24 -->
<li>Implemented resetting the PHY via a GPIO pin in <a href="https://man.openbsd.org/cad.4">cad(4)</a>, helping to enable the PHY on the Raspberry Pi 5.
<li>Removed obsolete <a href="https://whois.openbsd.org/whois.1">whois(1)</a> handle support.
<li>Converted libressl to use the BoringSSL style time conversions.
<!-- 2024/03/23 -->
<li>Added Meinberg PCI510 to <a href="https://man.openbsd.org/mbg.4">mbg(4)</a>.
<!-- 2024/03/22 -->
<li>Made local ports bound during <a href="https://man.openbsd.org/connect.2">connect(2)</a> unique per laddr rather than globally unique.
<li>Added <a href="https://patch.openbsd.org/patch.1">patch(1)</a> "-V none" to prevent making any backups.
<li>Fixed <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> call in the <a href="https://man.openbsd.org/lpd.8">lpd(8)</a> control process.
<li>Limited NFS connections to originate from a reserved port.
<li>Allowed any device sample encoding in <a href="https://aucat.openbsd.org/aucat.1">aucat(1)</a>.
<!-- 2024/03/21 -->
<li>Reduced <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> escape-time default to 10 milliseconds (from 500).
<li>Added display-menu -M to <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> to always turn mouse on in a menu.
<li>Added AUDIO_GETDEV ioctl to "audio" <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<!-- 2024/03/20 -->
<li>Added generic channel mapping in place of <a href="https://aucat.openbsd.org/aucat.1">aucat(1)</a> -j and -c options.
<!-- 2024/03/19 -->
<!-- 2024/03/18 -->
<li>Reduced <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> spam by only printing about PCI resource conflicts for resources that are enabled.
<li>Implemented Spectre-V4 mitigations for arm64.
<li>Exposed <a href="https://man.openbsd.org/aggr.4">aggr(4)</a> per port information via <a href="https://man.openbsd.org/kstat.1">kstat(1)</a>.
<!-- 2024/03/17 -->
<!-- 2024/03/16 -->
<li>Mitigated the RFDS (Register File Data Sampling) vulnerability present in Intel Atom CPUs (requires updated firmware).
<li>Made the LEDs work on the SolidRun ClearFog CN9130 Base.
<li>Fixed signed integer overflow in bnrand().
<!-- 2024/03/15 -->
<li>Trimmed output of <a href="https://whois.openbsd.org/whois.1">whois(1)</a> to suppress some uninformative output by default, still accessible verbatim by using whois -S.
<li>Set ORIGINAL_RECIPIENT in the environment of MDA scripts for <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> postfix compatibility.
<li>Prevented potential firmware errors in Intel wifi drivers when APs send an ADDBA request early.
<li>Extended Spectre-BHB mitigation support to Cortex-A57.
<!-- 2024/03/14 -->
<li>Cherry-picked libexpat fix for CVE-2024-28757, billion laughs attack.
<!-- 2024/03/13 -->
<li>Exposed arm64 BTI support to userland.
<!-- 2024/03/12 -->
<li>Enforced same-origin policy for HTTP redirects in <a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>.
<!-- 2024/03/11 -->
<li>Moved to 7.5-current.
</ul>