OpenBSD -current Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0,
7.1, 7.2, 7.3, 7.4, 7.5, 7.6. 7.7, 7.8.

Changes made between OpenBSD 7.8 and -current

• Implement draft-ietf-acme-profiles for acme-client(1).
• Fix reference counting for sigobject initialization.
• Remove upper layer neighbor reachability hints.
• Remove net.inet6.ip6.auto_flowlabel and always do flowlabels.
• Stop logging to syslog when an IPv6 packet cannot be forwarded.
• Use VLAN hardware tagging in bridge(4).
• Set the cooling level of all cooling devices to 0 when we initialize a zone to prevent fans from staying on permanently.
• Add pin muxing functionality to rpigpio(4).
• Allow rad(8) to limit interface configured lifetimes.
• Disable aggressive-nsec when "force" is in use in unwind.
• Update to unbound 1.23.1.
• Require unrestricted guest support for VMX hosts using vmm(4).
• Add rpki-client(8) support for Router Keys in CCR output and filemode.
• Remove support for v0 disklabels.
• Emulate PKRU XSAVE area and features in vmm(4).
• Double the size of the amd64 unhibernate chunk table for machines with large amounts of memory.
• Make tcpdump -y IEEE802_11_RADIO show more useful information on qwx(4).
• Fix HT capabilities announced by qwx(4) for Rx performance.
• When adding certificates to an agent with ssh-add(1), set the expiry to the certificate expiry time plus a short (5 min) grace period (or disable with ssh-add -N).
• Correct family test when setting Zenbleed chicken bit on i386.
• Run ND6 timer at most once per second to stop taking netlock.
• Limit softnet threads to number of CPU.
• Implement Canonical Cache Representation filemode decoder in rpki-client(8)
• Log optional NOTIFICATION data for UPDATE errors if verbose is set in bgpd(8).
• Add support for power buttons to gpiokeys(4).
• Allow generic AES implementation to be used as a fallback.
• Add bcmstbintc(4), a driver for the L2 interrupt controller found on Broadcom Set-top Box SoCs.
• Introduce tmux(1) new window option: tiled-layout-max-columns, which configures the maximum number of columns in the tiled layout.
• Update to NSD 4.13.0.
• Add softLRO support to bnxt(4).
• Make iked(8) load multiple certificates as a certificate chain from a file.
• Improve rules for %-expansion of username in ssh(1).
• Make disklabel(8) detect overlapping partitions which can potentially happen when an autoallocated label is edited.
• Add tmux(1) support for DECRQSS SP q (report cursor style), DECRQM ?12 (report cursor blink state) and DECRQM ?2004, ?1004, ?1006 (report mouse state).
• Make looping over llinfo list in arptimer() MP safe.
• Add Raspberry Pi 5 Model B support for arm64 RAMDISK.
• Update unbound to 1.23.1.
• Enable 64-bit DMA on bnxt(4).
• Leave a spare slot on bnxt(4) Tx rings to avoid hardware lockups under load.
• If the -l option is not given to man(1), never interpret "name" command line arguments as absolute or relative path names.
• Remove experimental support for XMSS keys in ssh(1).
• Add a 'mach fwsetup' command, which uses the EFI OsIndications feature to reboot the machine into the firmware setup interface, if supported.
• Make strptime(3) support strftime's %v conversion.
• Make the external PCIe port work on the rpi5.
• Finish rpi4 support.
• Make amdgpu(4) S3 suspend more reliable.
• Fix the xonly crash in libunwind on powerpc64.
• Add SMMUv3 support to smmu(4).
• Add rpirtc(4), a driver for the firmware-managed RTC on the rpi5.
• Make vi(1) 'p' command paste in the correct place.
• Add Canonical Cache Representation output to rpki-client(8).
• Add support for the BCM2712 PCIe controller.
• Update build infrastructure for libunwind-, libcxxabi- and libcxx-19.1.7, giving us a modern c++ library in base.
• Improve bwfm(4) stability on the Apple MacBook Air M2.
• Add bcmmpi(4), a driver for the MSI controller found on the BCM2712 SoC that remaps MSI to GIC SPIs and acts as a companion MSI controller for bcmpcie(4).
• Update build infrastructure for compiler-rt-19.1.7.
• Import compiler-rt, libunwind, libcxxabi and libcxx from llvm-19.1.7.
• Add cwmrc(5) window-snap-center function.
• Add bcmstbrescal(4), a driver for the PCIe/SATA reset calibration controller found on the rpi5.
• Add bcmstbreset(4), a driver for the reset controller found on the rpi5.
• Add rpone(4), a driver for the Raspberry Pi RP1 chip.
• Add support for the ifconfig "transceiver" command to ice(4).
• Make -E a no-op in sshd-auth.
• Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS) continually at runtime based on which sessions/channels are open.
• Make gmtime(3) return time in UTC rather than GMT, as required by our own manpage, POSIX, C standards, and other OSes.
• Support pre-UVC 1.5 devices in uvideo(4).
• Implement support for "vmmc-supply", needed to power on the WiFi chip on the rpi5.
• Fix booting certain linux guests in vmd(8) by loading the full SeaBIOS image in lower bios memory.
• Add bcmstbpinctrl(4), a driver for the pin muxing controller found on the rpi5.
• Add CPU feature detection for ADX on amd64.
• Stop attaching Yubikey as keyboards to avoid accidental output from OTP support.
• Unlock ICMPV6CTL_ND6_MAXNUDHINT case of icmp6_sysctl().
• Remove net.inet6.ip6.soiikey sysctl.
• Unlock the ICMPV6CTL_MTUDISC_*WAT cases of icmp6_sysctl().
• Simplify vmd(8) ipc setup in proc.c, removing a security issue where an attacker controlling one end of an imsg channel could craft a message to cause out of bound access array access.
• Update to pixman 0.46.4.
• Mark vmwpvs interrupt handler mpsafe, and take the kernel lock around calls into the scsi midlayer to add and remove devices.
• Have qwx(4) announce HT capabilities to make APs send packets more quickly.
• Fix qwx(4) 11n mode against APs which support A-MSDU inside A-MPDU.
• Handle ssh localtime_r() failure by returning "UNKNOWN-TIME" which is only used in user-visible contexts.
• Make USB ports useable after s0ix resume on AMD 19h/7xh.
• Add a warning when the ssh(1) connection negotiates a non-post quantum safe key agreement algorithm.
• Add a new -q ("quiet") option to rc.d(8) and rcctl(8) to skip display of the script name and result.
• Add support for the SDHC controllers found on the Raspberry Pi 5.
• Add bcmstbgpio(4), a driver for the new GPIO controller found on the Raspberry Pi 5.
• Increase vmd(8) guest bios area to fit 4 MiB images.
• Unlock the KERN_MAXCLUSTERS case of kern_sysctl().
• Remove net.inet6.ip6.soiikey sysctl(2).
• SoftLRO: reduce max packet size by max_linkhdr as tcp_output() to avoid DMA errors while interacting with ixl(4) and oversized packets.
• Avoid 'pci_intr_map_msix failed' error messages for devices with no virtqueues by not trying msix interrupts if unsupported.
• Have ssh(1) and sshd(8) use the operating system default DSCP marking for non-interactive traffic for QoS.
• Revert deprecation of the .HP macro in man(7).
• Update xdriinfo to 1.0.8.
• Update xdpyinfo to 1.4.0.
• Update viewres to 1.0.8.
• Update twm to 1.0.13.1.
• Update smproxy to 1.0.8.
• Update ssreg to 1.1.4.
• Prevented a panic when doing a VT switch from the keyboard while resuming.
• Unlock ICMPV6CTL_ND6_MMAXTRIES case of icmp6_sysctl().
• Implement the POSIX-2024 close-on-fork flag (modified to be reset on exec).
• Replace the flockfile backend with a per FILE recursive mutex.
• Support Frame Based format and frame in uvideo.
• Implement constant time EC scalar multiplication.
• Unlock ICMPV6CTL_ND6_UMAXTRIES case of icmp6_sysctl().
• Add 802.11n/HT support to qwx(4).
• Add aplpmc(4), the equivalent of intelpmc(4) for machines with AMD CPUs.
• Support H.264 format and frame in uvideo(4).
• Upgrade vmd(8)'s virtio implementation to support v1.x.
• Unlock ICMPV6CTL_ND6_DELAY and ICMPV6CTL_REDIRTIMEOUT cases of icmp6_sysctl().
• Replace ieee80211_chan2mode() with ieee80211_node_abg_mode() to detect 11g APs properly.
• Allow DMA memory above 4G on amd64 for virtio rings and descriptors.
• Inherit PS_NOBTCFI at fork(2) to prevent BTCFI safeguards killing forked children.
• Add experimental support for P-256 TA keys to rpki-client(8).
• Set default IPQoS for interactive ssh sessions to Expedited Forwarding (EF).
• Add background scan and roaming support to qwx(4).
• Fix sleeping race in dt(4) ioctl(2).
• Allow fdisk(8) creation/recovery of GPT partitions with arbitrary types.
• Deprecate ssh(1) support for IPv4 type-of-service (TOS) IPQoS keywords.
• Unlock ip6_sysctl().
• Make apm and hw.cpuspeed work on Snapdragon X Elite machines.
• Fix vi(1) crash with expandtab and running external commands.
• Support ed25519 keys hosted on PKCS#11 tokens.
• Remove unused sysctl_quad.
• Prevent possible qwx(4) fatal firmware error while roaming between bands.
• Remove sleeping malloc(9) from complicated locking sysctl(2) locks, but keep kernel lock only around sensordev_get() and sensor_find().
• add a ssh_config(5) RefuseConnection option that, when encountered while processing an active section in a configuration file, terminates ssh(1) with an error message that contains the argument to the option.
• Fix the match() and attach() functions for imt(4) and umt(4).
• Add dt(4) trace points to rwlock(9).
• Move AES-NI from EVP to AES for CCM mode.
• Add m88k assembly version of bcopy(3), memcpy(3) and memmove(3).
• Load the correct iwx(4) firmware on QuZ devices which use RF JF1/JF2.
• Increase softnet kernel threads from 4 to 8.
• Add initial support in qcdpc(4) and qcdrm(4) for the MSM Mobile Display Subsystem, with support for the AUX channel of the DisplayPort controllers and the backlight control on eDP panels.
• Implement route sourceaddr handling in icmp6 reflection.
• Use shared netlock and socket lock for closing sockets.
• Add rtable_read(), a "reader" variant of rtable_walk, which doesn't give up the rtable lock when calling the rtentry handler.
• Unlock shared netlock before socket lock.
• Provide _fc-cache user/group to the installer.
• Add watchdog(4) support to apldog(4).
• Change ownership of the fontconfig cache to the _fc-cache user to run unprivileged when installing fonts.
• On arm64 and riscv64, avoid multiple threads of a process continuously faulting on a single page when pmap_enter(9) is asked to enter a mapping that already exists.
• Add cpu_xcall(9), an API for cpu xcalls (crosscalls), allowing dispatching of code to run on the specified cpu from an intr context.
• Prevent a potential tipd(4) deadlock.
• Make rpki-client(8) signature checks for certs more complete.
• Fix various issues with arm64 backtraces.
• Enable LTS in the octeon installer.
• Add an MI mechanism for creating an (unmapped) guard page between the PCB and the kernel stack and enable on 64-bit architectures with 4k pages.
• Prevent installing a corrupted /bsd on relink errors.
• Fix potential refusal of new sshd(8) connections due to mistracking MaxStartups process exits.
• Bump maximum message size in the messaging layer between sshd-session and sshd-auth from 256kb to 4MB and implement an early check with sshd(8) -t test mode for the user.
• On Apple variants, enter DDB when exuart(4) detects a BREAK.
• Avoid a 'pool busy: still out' panic seen when radeondrm(4) firmware is missing on non-efi installs.
• Stop setting the .Lk URI in bold font in mandoc.
• Allow SEV-ES enabled guests to run on vmm(4)/vmd(8).
• Print GPT partitions in offset order rather than partition # order and add explicit descriptions of free chunks to fdisk(8).
• Stop tar(1) from exiting silently if the mtime didn't fit in the ustar header when writing out the extended headers.
• Update to xserver 21.1.18.
• Enable iwx(4) for riscv64.
• Provide accelerated SHA-1 for aarch64.
• Use SoftLRO in ice(4), but default off.
• Use VLAN hardware tagging in veb(4).
• Show SEV or SEV-ES guestmode in dmesg when running with AMD SEV.
• Consistently apply -v setting to partition displays in fdisk(8).
• Ensure that syslogd(8) runs TLS handshake callback.
• Remove the mandoc(1) -O option.
• Fix memleak in syslogd(8) when a client aborts TLS connection.
• add ALPN TLS option, so you can specify -T alpn=value in nc(1).
• Prevent vmd(8) guests from reading outside pci config space.
• Add TSO (TCP Segmentation Offload) support to ice(4).
• Add iasuskbd(4), a driver to support the ASUS-specific keyboard features of the Vivobook S 15 with Qualcomm Snapdragon CPUs.
• Remove specific divert6 netstat counters, use divert instead.
• Move IP{,V6}CTL_MTUDISCTIMEOUT cases of ip{,6}_sysctl() out of netlock.
• Fix and add time sensor to pvclock(4).
• Allow fdisk(8) interactive editor's 'edit' to accept GPT partition names and menu descriptions as partition IDs.
• Do not call ifq_restart() if no space has been made on the Tx ring in several drivers, preventing them from getting stuck in OACTIVE.
• Add S: to list tmux(1) sessions with modifiers for sorting.
• Switch solisten() from exclusive to shared netlock.
• Have icmp_reflect use route sourceaddr, making it behave like the in_pcb source address selection.
• Make sndiod(8) use per-program level controls instead of per-client.
• Fix dead USB ports after suspend/resume on the Z13.
• Remove sysctl for divert6 recv and send space.
• Handle sockets that are closing in parallel.
• Enable the interactive partition editor's 'edit' command to accept -R style compact GPT partition descriptions.
• Introduce a generic powerbutton_event() function that does everything we expect from a power button event in a consistent manner, ensuring all drivers now prevent shutdown within the first 10 seconds after resume.
• Update to xterm 399.
• Provide m_pool_alloc() failures in mbstat, making the count visible in netstat(1) -m.
• Remove newbsd.gdb rather than bsd.gdb from reorder_kernel, saving ~100M-250M on /usr/share.
• Remove viomb(4) from all RAMDISK kernels.
• Implement qcpwm support for the "high resolution" PWMs as found on the x1e80100 machines.
• Make rpki-client(8) -v report particularly inefficient HTTP/RRDP transfers.
• Import clang, lld and lldb from llvm-19.1.7.
• Import llvm-19.1.7.
• Fix socket leak in TCP SYN cache.
• Implement support for wakeup interrupts in amdgpio(4), making it possible to resume laptops with AMD CPUs from S0ix suspend.
• Allow port numbers in API URLs, letting acme-client(1) talk to Let's Encrypt's pebble server.
• Change dhcpd(8) to use the rdomain/rtable it was started in.
• Change to using the number of CPUs as the upper bound for the exponential backoff in mtx_enter() to prevent hangs on machines like the 80 CPU Ampere Altra.
• Remove vmd(8) send & receive functionality.
• Backport TearFree page flips for the modesetting driver from X.Org master.
• Make OPENSSL_IA32_SSE2 the default for i386.
• Fix deadline calculation against what timeouts actually run.
• Add IPV6_RECVTCLASS to the authorized setsockopt operations for IPPROTO_IPV6 in pledge, fixing recent chromium browser with IPv6.
• Remove http support from acme-client(1), using https for the API server per RFC 8555.
• Remove TCP timeout reaper.
• Implement acpicpu(4) for arm64.
• Switch default encryption from 40-bit RC2 to AES-256 in openssl smime.
• Switch default encryption from triple DES to AES-256 in openssl cms.
• Disable hvn(4) TCP checksum offload, broken on newer hyper-v versions.
• Harmonize netstat(1) ip4 and ip6 multicast counter output.
• Move KERN_CPTIME, KERN_CPTIME2 and KERN_CPUSTATS sysctl cases out of locks.
• Make mdoc(7) support the input syntax ".Lb libname [...]" with multiple arguments in the SYNOPSIS.
• Update Mesa to 25.0.7.
• Add support for DLT_RAW on erspan(4) interfaces.
• Use add_protocol to integrate syncfd into the poll fd handling for dhcpd(8), preventing dhcpd sync setup failure.
• Add ibufq API to support multithreaded use of ibufs.
• Stop bogus "wsdisplay_switch2: not switching" rasops warnings.
• Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position.
• Implement charge limits on qcpas(4) firmware that support it.
• Use timingsafe_memcmp when comparing authenticators to ensure constant-time behavior and avoid potential timing side channels.
• Implement lid suspend/resume for lids that use a GPIO.
• Let the last thread of a process teardown its VM space in exit1().
• Export TCP send congestion window for IPv6 also to allow its display with netstat(1) -B.
• Add option for vmd.8 to run guests in AMD SEV-ES mode and keyword "seves" for vm.conf(5) to enable it.
• Allow linux guests to use kvm-clock in vmm(4).
• Ignore inteldrm opregion backlight requests if we're using native backlight control, fixing some strange brightness changes.
• Fix~5s delay on X client startup when ObscureKeystrokeTiming is enabled in openssh.
• Fix an inteldrm(4) problem with GuC failing to initialise on hibernate resume.
• Move the kernel to using nanoseconds for the sleep time argument instead of ticks. Userland functions don't change but precision is no longer lost converting nanoseconds into ticks.
• Add producer/consumer locking, coordinating code producing or updated data and code wanting a consistent read of the data.
• Fix pf(4) to allow TCP RST packets in the backwards window if ACK matches.
• When there's more than one x11 channel in use in ssh(1), return lastused of most recently used x11 channel instead of the last one found.
• Fix processing of GPIO events for pin numbers less than 256 with an _EVT method. Fixes power button on various thinkpads with AMD CPUs.
• When fdisk(8) GPT_recover_partition() finds a partition offset of 0 use the first usable LBA of the largest chunk of free space.
• Allow ssh(1) X11DisplayOffset to configure higher port ranges.
• Provide an EC method that uses homogeneous projective coordinates.
• Implement EC field element operations.
• Disable libcrypto assembly on arm.
• Introduced a new gprof profiling system using profil(2) system call and removed the monstartup(3) interface.
• Add [-w percent] and /etc/apm/warnlow hook to apmd(8).
• Switch the default PBMAC to hmacWithSHA256.
• Switch default to PBES2 for openssl pkcs8 -topk8.
• Have timeout_add_nsec/usec/msec wait at least their specified time.
• Deprecate timeout_add_tv from timeout(9).
• Pledge fc-cache(1) and mkfontscale(1).
• Enable RSS in ice(4), and enable Tx/Rx across multiple queues.
• Implement ice(4), Tx checksum offloading.
• Update/improve FAT partition names in fdisk(8).
• Add fdisk(8) -R to recover/create GPT or MBR from a file or partial GPT.
• Add a tmux(1) set-default style attribute which replaces the current default colours and attributes completely.
• Output the current name for PermitRootLogin's "prohibit-password" in sshd(8) -T instead of its deprecated alias "without-password".
• Improve mtx_enter() for machines with a huge number of CPUs.
• Add SOCKS4A support to nc(1) proxy (-X) mode.
• Preallocate hibernate work area during boot to fix failures where the needed region can't be late-allocated.
• Add acpitimer to amd64 RAMDISK_CD to fix crashes when installing from emulated IDE CD drives.
• Improve vmstat(8) -m column display.
• Establish the dt_deferred_wakeup() softintr as MPSAFE.
• Back vmm(4) guest memory with UVM aobjs, simplifying how guest memory is represented and managed.
• Add support for TSO to iavf(4).
• Add Rx checksum offload support to ice(4).
• Made acme-client(1) handle "processing" status by retrying.
• Implement a ddb.suspend sysctl that will force "S0ix" suspend and skip suspend of inteldrm(4) and amdgpu(4) such that the display remains on during suspend.
• Add -t and -V options from tzcode2013d to zdump(8).
• Add acpiwmi(4), a basic WMI driver with support for ASUS laptops.
• Import IIJ's iwatch as watch(1), which periodically executes a command and displays its output.
• Stop offering http/nfs for offline installation.
• Run IPv6 fragment reassembly in parallel.
• Fix netstat(1) multicast route statistics.
• Configure AMD SEV-ES in vmm(4).
• Only include the basename of the security key in the gzip header when using signify(1) so as to avoid leaking paths.
• Use per CPU counter for IPv6 multicast stats.
• Skip filesystem mount time update in BOOT kernels to enable crude timekeeping across reboots without RTC and NTP.
• Unify random seeding between the installer and rc(8).
• Let AF_FRAME handle PTP and CFM type Ethernet packets.
• Deprecate RW_SLEEPFAIL.
• Default to a maximum of 4 threads for ld.lld(1).
• Add GMAC-related RK3528 clock support.
• Kill UVM_LK_ENTER/EXIT.
• Use a FIFO queue for passing dead threads to the reaper, reducing latency with large numbers of CPUs and jobs.
• In ksh(1) VI mode, prevent display corruption when the command line being edited starts with a UTF-8 continuation byte.
• Allow packets being sent out pppoe(4) interfaces to bypass queues and go straight onto the underlying interface.
• Disallow nc(1) -T with = when arguments are not key=value pairs.
• Add support for the ERSPAN Type II protocol as erspan(4).
• Correct fw_update deletion of files with spaces.
• Make vmd(8) imsg objects opaque and sanitize char[]s.
• Add R format modifier to tmux(1) to repeat an argument.
• Add -E to run-shell to forward stderr as well as stdout in tmux(1).
• Make EVFILT_TIMER mp-safe.
• Added a sparc64-specific _raw flavour to the softintr routines for those drivers that need ot be able to schedule soft interrupts at actual hardware levels.
• Fix an rm(1) bug where "mkdir exampledir; ln -s examplelink exampledir; rm examplelink/" didn't remove exampledir like POSIX requires.
• Move ipsec-enc-alg, ipsec-auth-alg and ipsec-comp-alg sysctl(2) variables out of netlock.
• Make sysctl(2) clear and fill memory within same mutex block.
• Add missing multicast counter mfc_looksups and mfc_misses to netstat(1).
• Add mp-safe multicast stats with per cpu counters.
• Make lo(4).4 attach multiple interface queues, allowing local network connections to use multiple softnets.
• Fix sign of %z output in zic(8), and add DST offset.
• Cache socket lock during TCP input.
• Introduce bpflogd(8) to capture packets from BPF and write them to a log file.
• Avoid lock contention in futex(2) syscalls.
• Unlock KERN_CONSBUF and KERN_MSGBUF.
• Fix ftp(1) fetch behavior around bad URL command line arguments.
• Remove DSA signature support from OpenSSH.
• Add lldp(8) -s socket to allow connecting to an lldpd(8) on a different unix socket.
• Move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). Add ssh-agent(1) -U, -u and -uu flags relating to socket cleanup and -T to return the socket to /tmp.
• Fix race in TCP SYN cache get.
• Add installer preference for disks bigger than 1G as default root disk.
• Imported pkgconf 2.4.3.
• Add RK3528 support to rkusbphy(4).
• Allocate a uid/gid for lldpd(8) to run with as an _lldpd user.
• Introduce lldp(8), a command line tool for interacting with lldpd(8).
• Introduce lldpd(8), a daemon that acts as an LLDP agent on Ethernet interfaces.
• Record which timeouts are running so timeout_barrier can do less work.
• Make vmctl(8) show file path in error messages.
• Add RK3528 support to rkclock(4).
• Add an option variation-selector-always-wide to instruct tmux(1) not to always interpret VS16 as a wide character and assume the terminal does likewise.
• Stop adding interfaces with blackhole and reject routes to the egress group, even if a default route points at them.
• Enable af_frame, paving the way for lldp support in base.
• Update to libSM 1.2.6.
• Update to libICE 1.1.2.
• Update to libX11 1.8.12.
• Update to xtrans 1.6.0.
• Stop allowing readdir and readdirplus NFS operations on non-directory vnodes.
• Avoid timeout_del_barrier when cancelling the timeout in sleep_finish.
• Prevent pkg_add(1) update from advising file removal appropriate only when deleting packages.
• Make it possible to run the upper part of the fault handler in parallel.
• Remove the functionality of fs.posix.setuid sysctl.
• Fix pool corruption in qwx(4) devices when the interface goes down.
• Run TCP input in parallel on multiple CPUs. Mark the protocol input function tcp_input() as MP-safe.
• Add mqtt and secure-mqtt to etc/services.
• Add psp(4) ioctl(2) to encrypt and measure state for AMD SEV-ES.
• Add more features for boolean expressions in tmux(1) formats.
• Add MI high-level software interrupt dispatcher, providing a common subsystem for the high-level allocation, scheduling, and dispatching of soft interrupts.
• Allow tmux(1) bind -r and -N to change an existing key binding if no command is specified.
• Make qcscm(4) attach at acpi(4) letting qcom machines that use qcscm also access EFI variables in ACPI mode.
• Add RK3528 support to rkpinctrl(4).
• Make bioctl(8) properly indicate key disk for RAID 1C.
• Remove BS-AES and VP-AES from EVP.
• Add a software implementation of TCP Large Receive Offload to ixl(4).
• Take socket lock in TCP input in preparation to run tcp_input() in parallel.
• Set ps_mtx child lock for witness(4).
• Improve handling of lock nesting by witness(4).
• Add support for the Realtek RTL8125D chip to the rge(4) driver and update microcode for RTL8125B.
• Track upgrade.site(5) in etc/changelist.
• Move to 7.7-current.