OpenBSD 7.8 Changelog

OpenBSD -current Changelog

This selection is intended to include all important and all user-visible changes. For a complete record of all changes, please see the "source-changes" mailing list, called "OpenBSD CVS" in the archives, or use CVS.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3,
5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0,
7.1, 7.2, 7.3, 7.4, 7.5, 7.6. 7.7, 7.8.

Changes made between OpenBSD 7.7 and 7.8

Prevent Xorg from frequently segfaulting on a machine with Intel i945G (gen 3).
Make ice(4) print the number of queues during attach.
Set dhcpleased(8) lower bound of five minutes to prefer IPv6.
Make async IOs daemon aware of pmemrange's OOM mechanism and fix a missing wakeup.
Fix freetype on luna88k.
Update device tree bindings for RK3568.
During sftp(1) uploads, avoid a condition where a failed write could be ignored if a subsequent write succeeded.
Fix dt(4) ustack probes running in interrupt context on i386.
Remove the no longer useful default spamd.conf.
Bump libressl version to 4.2.0.
Update unbound to 1.24.0.
Fix a regression in mandoc(1) horizontal spacing in the bottom margin.
Fix a mandoc(1) bug where formatting two compressed manual pages in a row failed to decompress the second one.
Bump bgpd(8) to 8.9.
Do not access VM spaces of exiting processes in sysctl(2).
Avoid 'non-zero mutex count: 1' panic when GuC submission is enabled on gen 12 Intel (Alder Lake, Meteor Lake).
Enable GuC submission on Meteor/Arrow Lake.
Add a 'mach fwsetup' command, which uses the EFI OsIndications feature to reboot the machine into the firmware setup interface, if supported.
Teach btrace(8) how to resolve addresses in callstacks to symbols.
Adapt acme-client(1) renewal calculation for shortlived certificates.
Make rpki-client(8) abort transfers from servers that send excessive data.
Log at level INFO when PerSourcePenalties actually blocks access to a source address range.
Add rge(4) support for RTL8127 Ethernet controller.
Install reject route for prefix delegation, preventing potential routing loops.
Fix TCP keepalive intervals.
Introduce new DL_PARTNUM2NAME() and DL_PARTNAME2NUM() inline functions to replace the unusable 'a'+partnum and partnum-'a' patterns throughout the tree.
Add bus_space(9) implementation for SEV-ES using the GHCB protocol, making OpenBSD work with SEV-ES on kvm/qemu in 1-vCPU VMs.
Update libexpat to version 2.7.3.
Bundle libpng 1.6.50 into libfreetype for displaying emojis.
Use 128 segments for DMA maps of TSO packets in ixl(4) and ice(4) for performance gain.
Do not limit numeric host address conversion by family in resolv.conf.
Add rpipwm(4), a driver for the PWM controller on the RP1 chip.
Add rpiclock(4), a driver for the clock controller on the RP1 chip.
Fix uninitialized firmware path being used in qwx(4) error messages.
Use checksum offloading in bridge(4).
Implement draft-ietf-acme-profiles for acme-client(1).
Fix reference counting for sigobject initialization.
Implement draft-ietf-acme-profiles for acme-client(1).
Fix reference counting for sigobject initialization.
Remove upper layer neighbor reachability hints.
Remove net.inet6.ip6.auto_flowlabel and always do flowlabels.
Stop logging to syslog when an IPv6 packet cannot be forwarded.
Use VLAN hardware tagging in bridge(4).
Set the cooling level of all cooling devices to 0 when we initialize a zone to prevent fans from staying on permanently.
Add pin muxing functionality to rpigpio(4).
Allow rad(8) to limit interface configured lifetimes.
Disable aggressive-nsec when "force" is in use in unwind.
Update to unbound 1.23.1.
Require unrestricted guest support for VMX hosts using vmm(4).
Add rpki-client(8) support for Router Keys in CCR output and filemode.
Remove support for v0 disklabels.
Emulate PKRU XSAVE area and features in vmm(4).
Double the size of the amd64 unhibernate chunk table for machines with large amounts of memory.
Make tcpdump -y IEEE802_11_RADIO show more useful information on qwx(4).
Fix HT capabilities announced by qwx(4) for Rx performance.
When adding certificates to an agent with ssh-add(1), set the expiry to the certificate expiry time plus a short (5 min) grace period (or disable with ssh-add -N).
Correct family test when setting Zenbleed chicken bit on i386.
Run ND6 timer at most once per second to stop taking netlock.
Limit softnet threads to number of CPU.
Implement Canonical Cache Representation filemode decoder in rpki-client(8)
Log optional NOTIFICATION data for UPDATE errors if verbose is set in bgpd(8).
Add support for power buttons to gpiokeys(4).
Allow generic AES implementation to be used as a fallback.
Add bcmstbintc(4), a driver for the L2 interrupt controller found on Broadcom Set-top Box SoCs.
Introduce tmux(1) new window option: tiled-layout-max-columns, which configures the maximum number of columns in the tiled layout.
Update to NSD 4.13.0.
Add softLRO support to bnxt(4).
Make iked(8) load multiple certificates as a certificate chain from a file.
Improve rules for %-expansion of username in ssh(1).
Make disklabel(8) detect overlapping partitions which can potentially happen when an autoallocated label is edited.
Add tmux(1) support for DECRQSS SP q (report cursor style), DECRQM ?12 (report cursor blink state) and DECRQM ?2004, ?1004, ?1006 (report mouse state).
Make looping over llinfo list in arptimer() MP safe.
Add Raspberry Pi 5 Model B support for arm64 RAMDISK.
Update unbound to 1.23.1.
Enable 64-bit DMA on bnxt(4).
Leave a spare slot on bnxt(4) Tx rings to avoid hardware lockups under load.
If the -l option is not given to man(1), never interpret "name" command line arguments as absolute or relative path names.
Remove experimental support for XMSS keys in ssh(1).
Add a 'mach fwsetup' command, which uses the EFI OsIndications feature to reboot the machine into the firmware setup interface, if supported.
Make strptime(3) support strftime's %v conversion.
Make the external PCIe port work on the rpi5.
Finish rpi4 support.
Make amdgpu(4) S3 suspend more reliable.
Fix the xonly crash in libunwind on powerpc64.
Add SMMUv3 support to smmu(4).
Add rpirtc(4), a driver for the firmware-managed RTC on the rpi5.
Make vi(1) 'p' command paste in the correct place.
Add Canonical Cache Representation output to rpki-client(8).
Add support for the BCM2712 PCIe controller.
Update build infrastructure for libunwind-, libcxxabi- and libcxx-19.1.7, giving us a modern c++ library in base.
Improve bwfm(4) stability on the Apple MacBook Air M2.
Add bcmmpi(4), a driver for the MSI controller found on the BCM2712 SoC that remaps MSI to GIC SPIs and acts as a companion MSI controller for bcmpcie(4).
Update build infrastructure for compiler-rt-19.1.7.
Import compiler-rt, libunwind, libcxxabi and libcxx from llvm-19.1.7.
Add cwmrc(5) window-snap-center function.
Add bcmstbrescal(4), a driver for the PCIe/SATA reset calibration controller found on the rpi5.
Add bcmstbreset(4), a driver for the reset controller found on the rpi5.
Add rpone(4), a driver for the Raspberry Pi RP1 chip.
Add support for the ifconfig "transceiver" command to ice(4).
Make -E a no-op in sshd-auth.
Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS) continually at runtime based on which sessions/channels are open.
Make gmtime(3) return time in UTC rather than GMT, as required by our own manpage, POSIX, C standards, and other OSes.
Support pre-UVC 1.5 devices in uvideo(4).
Implement support for "vmmc-supply", needed to power on the WiFi chip on the rpi5.
Fix booting certain linux guests in vmd(8) by loading the full SeaBIOS image in lower bios memory.
Add bcmstbpinctrl(4), a driver for the pin muxing controller found on the rpi5.
Add CPU feature detection for ADX on amd64.
Stop attaching Yubikey as keyboards to avoid accidental output from OTP support.
Unlock ICMPV6CTL_ND6_MAXNUDHINT case of icmp6_sysctl().
Remove net.inet6.ip6.soiikey sysctl.
Unlock the ICMPV6CTL_MTUDISC_*WAT cases of icmp6_sysctl().
Simplify vmd(8) ipc setup in proc.c, removing a security issue where an attacker controlling one end of an imsg channel could craft a message to cause out of bound access array access.
Update to pixman 0.46.4.
Mark vmwpvs interrupt handler mpsafe, and take the kernel lock around calls into the scsi midlayer to add and remove devices.
Have qwx(4) announce HT capabilities to make APs send packets more quickly.
Fix qwx(4) 11n mode against APs which support A-MSDU inside A-MPDU.
Handle ssh localtime_r() failure by returning "UNKNOWN-TIME" which is only used in user-visible contexts.
Make USB ports useable after s0ix resume on AMD 19h/7xh.
Add a warning when the ssh(1) connection negotiates a non-post quantum safe key agreement algorithm.
Add a new -q ("quiet") option to rc.d(8) and rcctl(8) to skip display of the script name and result.
Add support for the SDHC controllers found on the Raspberry Pi 5.
Add bcmstbgpio(4), a driver for the new GPIO controller found on the Raspberry Pi 5.
Increase vmd(8) guest bios area to fit 4 MiB images.
Unlock the KERN_MAXCLUSTERS case of kern_sysctl().
Remove net.inet6.ip6.soiikey sysctl(2).
SoftLRO: reduce max packet size by max_linkhdr as tcp_output() to avoid DMA errors while interacting with ixl(4) and oversized packets.
Avoid 'pci_intr_map_msix failed' error messages for devices with no virtqueues by not trying msix interrupts if unsupported.
Have ssh(1) and sshd(8) use the operating system default DSCP marking for non-interactive traffic for QoS.
Revert deprecation of the .HP macro in man(7).
Update xdriinfo to 1.0.8.
Update xdpyinfo to 1.4.0.
Update viewres to 1.0.8.
Update twm to 1.0.13.1.
Update smproxy to 1.0.8.
Update ssreg to 1.1.4.
Prevented a panic when doing a VT switch from the keyboard while resuming.
Unlock ICMPV6CTL_ND6_MMAXTRIES case of icmp6_sysctl().
Implement the POSIX-2024 close-on-fork flag (modified to be reset on exec).
Replace the flockfile backend with a per FILE recursive mutex.
Support Frame Based format and frame in uvideo.
Implement constant time EC scalar multiplication.
Unlock ICMPV6CTL_ND6_UMAXTRIES case of icmp6_sysctl().
Add 802.11n/HT support to qwx(4).
Add aplpmc(4), the equivalent of intelpmc(4) for machines with AMD CPUs.
Support H.264 format and frame in uvideo(4).
Upgrade vmd(8)'s virtio implementation to support v1.x.
Unlock ICMPV6CTL_ND6_DELAY and ICMPV6CTL_REDIRTIMEOUT cases of icmp6_sysctl().
Replace ieee80211_chan2mode() with ieee80211_node_abg_mode() to detect 11g APs properly.
Allow DMA memory above 4G on amd64 for virtio rings and descriptors.
Inherit PS_NOBTCFI at fork(2) to prevent BTCFI safeguards killing forked children.
Add experimental support for P-256 TA keys to rpki-client(8).
Set default IPQoS for interactive ssh sessions to Expedited Forwarding (EF).
Add background scan and roaming support to qwx(4).
Fix sleeping race in dt(4) ioctl(2).
Allow fdisk(8) creation/recovery of GPT partitions with arbitrary types.
Deprecate ssh(1) support for IPv4 type-of-service (TOS) IPQoS keywords.
Unlock ip6_sysctl().
Make apm and hw.cpuspeed work on Snapdragon X Elite machines.
Fix vi(1) crash with expandtab and running external commands.
Support ed25519 keys hosted on PKCS#11 tokens.
Remove unused sysctl_quad.
Prevent possible qwx(4) fatal firmware error while roaming between bands.
Remove sleeping malloc(9) from complicated locking sysctl(2) locks, but keep kernel lock only around sensordev_get() and sensor_find().
add a ssh_config(5) RefuseConnection option that, when encountered while processing an active section in a configuration file, terminates ssh(1) with an error message that contains the argument to the option.
Fix the match() and attach() functions for imt(4) and umt(4).
Add dt(4) trace points to rwlock(9).
Move AES-NI from EVP to AES for CCM mode.
Add m88k assembly version of bcopy(3), memcpy(3) and memmove(3).
Load the correct iwx(4) firmware on QuZ devices which use RF JF1/JF2.
Increase softnet kernel threads from 4 to 8.
Add initial support in qcdpc(4) and qcdrm(4) for the MSM Mobile Display Subsystem, with support for the AUX channel of the DisplayPort controllers and the backlight control on eDP panels.
Implement route sourceaddr handling in icmp6 reflection.
Use shared netlock and socket lock for closing sockets.
Add rtable_read(), a "reader" variant of rtable_walk, which doesn't give up the rtable lock when calling the rtentry handler.
Unlock shared netlock before socket lock.
Provide _fc-cache user/group to the installer.
Add watchdog(4) support to apldog(4).
Change ownership of the fontconfig cache to the _fc-cache user to run unprivileged when installing fonts.
On arm64 and riscv64, avoid multiple threads of a process continuously faulting on a single page when pmap_enter(9) is asked to enter a mapping that already exists.
Add cpu_xcall(9), an API for cpu xcalls (crosscalls), allowing dispatching of code to run on the specified cpu from an intr context.
Prevent a potential tipd(4) deadlock.
Make rpki-client(8) signature checks for certs more complete.
Fix various issues with arm64 backtraces.
Enable LTS in the octeon installer.
Add an MI mechanism for creating an (unmapped) guard page between the PCB and the kernel stack and enable on 64-bit architectures with 4k pages.
Prevent installing a corrupted /bsd on relink errors.
Fix potential refusal of new sshd(8) connections due to mistracking MaxStartups process exits.
Bump maximum message size in the messaging layer between sshd-session and sshd-auth from 256kb to 4MB and implement an early check with sshd(8) -t test mode for the user.
On Apple variants, enter DDB when exuart(4) detects a BREAK.
Avoid a 'pool busy: still out' panic seen when radeondrm(4) firmware is missing on non-efi installs.
Stop setting the .Lk URI in bold font in mandoc.
Allow SEV-ES enabled guests to run on vmm(4)/vmd(8).
Print GPT partitions in offset order rather than partition # order and add explicit descriptions of free chunks to fdisk(8).
Stop tar(1) from exiting silently if the mtime didn't fit in the ustar header when writing out the extended headers.
Update to xserver 21.1.18.
Enable iwx(4) for riscv64.
Provide accelerated SHA-1 for aarch64.
Use SoftLRO in ice(4), but default off.
Use VLAN hardware tagging in veb(4).
Show SEV or SEV-ES guestmode in dmesg when running with AMD SEV.
Consistently apply -v setting to partition displays in fdisk(8).
Ensure that syslogd(8) runs TLS handshake callback.
Remove the mandoc(1) -O option.
Fix memleak in syslogd(8) when a client aborts TLS connection.
add ALPN TLS option, so you can specify -T alpn=value in nc(1).
Prevent vmd(8) guests from reading outside pci config space.
Add TSO (TCP Segmentation Offload) support to ice(4).
Add iasuskbd(4), a driver to support the ASUS-specific keyboard features of the Vivobook S 15 with Qualcomm Snapdragon CPUs.
Remove specific divert6 netstat counters, use divert instead.
Move IP{,V6}CTL_MTUDISCTIMEOUT cases of ip{,6}_sysctl() out of netlock.
Fix and add time sensor to pvclock(4).
Allow fdisk(8) interactive editor's 'edit' to accept GPT partition names and menu descriptions as partition IDs.
Do not call ifq_restart() if no space has been made on the Tx ring in several drivers, preventing them from getting stuck in OACTIVE.
Add S: to list tmux(1) sessions with modifiers for sorting.
Switch solisten() from exclusive to shared netlock.
Have icmp_reflect use route sourceaddr, making it behave like the in_pcb source address selection.
Make sndiod(8) use per-program level controls instead of per-client.
Fix dead USB ports after suspend/resume on the Z13.
Remove sysctl for divert6 recv and send space.
Handle sockets that are closing in parallel.
Enable the interactive partition editor's 'edit' command to accept -R style compact GPT partition descriptions.
Introduce a generic powerbutton_event() function that does everything we expect from a power button event in a consistent manner, ensuring all drivers now prevent shutdown within the first 10 seconds after resume.
Update to xterm 399.
Provide m_pool_alloc() failures in mbstat, making the count visible in netstat(1) -m.
Remove newbsd.gdb rather than bsd.gdb from reorder_kernel, saving ~100M-250M on /usr/share.
Remove viomb(4) from all RAMDISK kernels.
Implement qcpwm support for the "high resolution" PWMs as found on the x1e80100 machines.
Make rpki-client(8) -v report particularly inefficient HTTP/RRDP transfers.
Import clang, lld and lldb from llvm-19.1.7.
Import llvm-19.1.7.
Fix socket leak in TCP SYN cache.
Implement support for wakeup interrupts in amdgpio(4), making it possible to resume laptops with AMD CPUs from S0ix suspend.
Allow port numbers in API URLs, letting acme-client(1) talk to Let's Encrypt's pebble server.
Change dhcpd(8) to use the rdomain/rtable it was started in.
Change to using the number of CPUs as the upper bound for the exponential backoff in mtx_enter() to prevent hangs on machines like the 80 CPU Ampere Altra.
Remove vmd(8) send & receive functionality.
Backport TearFree page flips for the modesetting driver from X.Org master.
Make OPENSSL_IA32_SSE2 the default for i386.
Fix deadline calculation against what timeouts actually run.
Add IPV6_RECVTCLASS to the authorized setsockopt operations for IPPROTO_IPV6 in pledge, fixing recent chromium browser with IPv6.
Remove http support from acme-client(1), using https for the API server per RFC 8555.
Remove TCP timeout reaper.
Implement acpicpu(4) for arm64.
Switch default encryption from 40-bit RC2 to AES-256 in openssl smime.
Switch default encryption from triple DES to AES-256 in openssl cms.
Disable hvn(4) TCP checksum offload, broken on newer hyper-v versions.
Harmonize netstat(1) ip4 and ip6 multicast counter output.
Move KERN_CPTIME, KERN_CPTIME2 and KERN_CPUSTATS sysctl cases out of locks.
Make mdoc(7) support the input syntax ".Lb libname [...]" with multiple arguments in the SYNOPSIS.
Update Mesa to 25.0.7.
Add support for DLT_RAW on erspan(4) interfaces.
Use add_protocol to integrate syncfd into the poll fd handling for dhcpd(8), preventing dhcpd sync setup failure.
Add ibufq API to support multithreaded use of ibufs.
Stop bogus "wsdisplay_switch2: not switching" rasops warnings.
Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position.
Implement charge limits on qcpas(4) firmware that support it.
Use timingsafe_memcmp when comparing authenticators to ensure constant-time behavior and avoid potential timing side channels.
Implement lid suspend/resume for lids that use a GPIO.
Let the last thread of a process teardown its VM space in exit1().
Export TCP send congestion window for IPv6 also to allow its display with netstat(1) -B.
Add option for vmd.8 to run guests in AMD SEV-ES mode and keyword "seves" for vm.conf(5) to enable it.
Allow linux guests to use kvm-clock in vmm(4).
Ignore inteldrm opregion backlight requests if we're using native backlight control, fixing some strange brightness changes.
Fix~5s delay on X client startup when ObscureKeystrokeTiming is enabled in openssh.
Fix an inteldrm(4) problem with GuC failing to initialise on hibernate resume.
Move the kernel to using nanoseconds for the sleep time argument instead of ticks. Userland functions don't change but precision is no longer lost converting nanoseconds into ticks.
Add producer/consumer locking, coordinating code producing or updated data and code wanting a consistent read of the data.
Fix pf(4) to allow TCP RST packets in the backwards window if ACK matches.
When there's more than one x11 channel in use in ssh(1), return lastused of most recently used x11 channel instead of the last one found.
Fix processing of GPIO events for pin numbers less than 256 with an _EVT method. Fixes power button on various thinkpads with AMD CPUs.
When fdisk(8) GPT_recover_partition() finds a partition offset of 0 use the first usable LBA of the largest chunk of free space.
Allow ssh(1) X11DisplayOffset to configure higher port ranges.
Provide an EC method that uses homogeneous projective coordinates.
Implement EC field element operations.
Disable libcrypto assembly on arm.
Introduced a new gprof profiling system using profil(2) system call and removed the monstartup(3) interface.
Add [-w percent] and /etc/apm/warnlow hook to apmd(8).
Switch the default PBMAC to hmacWithSHA256.
Switch default to PBES2 for openssl pkcs8 -topk8.
Have timeout_add_nsec/usec/msec wait at least their specified time.
Deprecate timeout_add_tv from timeout(9).
Pledge fc-cache(1) and mkfontscale(1).
Enable RSS in ice(4), and enable Tx/Rx across multiple queues.
Implement ice(4), Tx checksum offloading.
Update/improve FAT partition names in fdisk(8).
Add fdisk(8) -R to recover/create GPT or MBR from a file or partial GPT.
Add a tmux(1) set-default style attribute which replaces the current default colours and attributes completely.
Output the current name for PermitRootLogin's "prohibit-password" in sshd(8) -T instead of its deprecated alias "without-password".
Improve mtx_enter() for machines with a huge number of CPUs.
Add SOCKS4A support to nc(1) proxy (-X) mode.
Preallocate hibernate work area during boot to fix failures where the needed region can't be late-allocated.
Add acpitimer to amd64 RAMDISK_CD to fix crashes when installing from emulated IDE CD drives.
Improve vmstat(8) -m column display.
Establish the dt_deferred_wakeup() softintr as MPSAFE.
Back vmm(4) guest memory with UVM aobjs, simplifying how guest memory is represented and managed.
Add support for TSO to iavf(4).
Add Rx checksum offload support to ice(4).
Made acme-client(1) handle "processing" status by retrying.
Implement a ddb.suspend sysctl that will force "S0ix" suspend and skip suspend of inteldrm(4) and amdgpu(4) such that the display remains on during suspend.
Add -t and -V options from tzcode2013d to zdump(8).
Add acpiwmi(4), a basic WMI driver with support for ASUS laptops.
Import IIJ's iwatch as watch(1), which periodically executes a command and displays its output.
Stop offering http/nfs for offline installation.
Run IPv6 fragment reassembly in parallel.
Fix netstat(1) multicast route statistics.
Configure AMD SEV-ES in vmm(4).
Only include the basename of the security key in the gzip header when using signify(1) so as to avoid leaking paths.
Use per CPU counter for IPv6 multicast stats.
Skip filesystem mount time update in BOOT kernels to enable crude timekeeping across reboots without RTC and NTP.
Unify random seeding between the installer and rc(8).
Let AF_FRAME handle PTP and CFM type Ethernet packets.
Deprecate RW_SLEEPFAIL.
Default to a maximum of 4 threads for ld.lld(1).
Add GMAC-related RK3528 clock support.
Kill UVM_LK_ENTER/EXIT.
Use a FIFO queue for passing dead threads to the reaper, reducing latency with large numbers of CPUs and jobs.
In ksh(1) VI mode, prevent display corruption when the command line being edited starts with a UTF-8 continuation byte.
Allow packets being sent out pppoe(4) interfaces to bypass queues and go straight onto the underlying interface.
Disallow nc(1) -T with = when arguments are not key=value pairs.
Add support for the ERSPAN Type II protocol as erspan(4).
Correct fw_update deletion of files with spaces.
Make vmd(8) imsg objects opaque and sanitize char[]s.
Add R format modifier to tmux(1) to repeat an argument.
Add -E to run-shell to forward stderr as well as stdout in tmux(1).
Make EVFILT_TIMER mp-safe.
Added a sparc64-specific _raw flavour to the softintr routines for those drivers that need ot be able to schedule soft interrupts at actual hardware levels.
Fix an rm(1) bug where "mkdir exampledir; ln -s examplelink exampledir; rm examplelink/" didn't remove exampledir like POSIX requires.
Move ipsec-enc-alg, ipsec-auth-alg and ipsec-comp-alg sysctl(2) variables out of netlock.
Make sysctl(2) clear and fill memory within same mutex block.
Add missing multicast counter mfc_looksups and mfc_misses to netstat(1).
Add mp-safe multicast stats with per cpu counters.
Make lo(4).4 attach multiple interface queues, allowing local network connections to use multiple softnets.
Fix sign of %z output in zic(8), and add DST offset.
Cache socket lock during TCP input.
Introduce bpflogd(8) to capture packets from BPF and write them to a log file.
Avoid lock contention in futex(2) syscalls.
Unlock KERN_CONSBUF and KERN_MSGBUF.
Fix ftp(1) fetch behavior around bad URL command line arguments.
Remove DSA signature support from OpenSSH.
Add lldp(8) -s socket to allow connecting to an lldpd(8) on a different unix socket.
Move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). Add ssh-agent(1) -U, -u and -uu flags relating to socket cleanup and -T to return the socket to /tmp.
Fix race in TCP SYN cache get.
Add installer preference for disks bigger than 1G as default root disk.
Imported pkgconf 2.4.3.
Add RK3528 support to rkusbphy(4).
Allocate a uid/gid for lldpd(8) to run with as an _lldpd user.
Introduce lldp(8), a command line tool for interacting with lldpd(8).
Introduce lldpd(8), a daemon that acts as an LLDP agent on Ethernet interfaces.
Record which timeouts are running so timeout_barrier can do less work.
Make vmctl(8) show file path in error messages.
Add RK3528 support to rkclock(4).
Add an option variation-selector-always-wide to instruct tmux(1) not to always interpret VS16 as a wide character and assume the terminal does likewise.
Stop adding interfaces with blackhole and reject routes to the egress group, even if a default route points at them.
Enable af_frame, paving the way for lldp support in base.
Update to libSM 1.2.6.
Update to libICE 1.1.2.
Update to libX11 1.8.12.
Update to xtrans 1.6.0.
Stop allowing readdir and readdirplus NFS operations on non-directory vnodes.
Avoid timeout_del_barrier when cancelling the timeout in sleep_finish.
Prevent pkg_add(1) update from advising file removal appropriate only when deleting packages.
Make it possible to run the upper part of the fault handler in parallel.
Remove the functionality of fs.posix.setuid sysctl.
Fix pool corruption in qwx(4) devices when the interface goes down.
Run TCP input in parallel on multiple CPUs. Mark the protocol input function tcp_input() as MP-safe.
Add mqtt and secure-mqtt to etc/services.
Add psp(4) ioctl(2) to encrypt and measure state for AMD SEV-ES.
Add more features for boolean expressions in tmux(1) formats.
Add MI high-level software interrupt dispatcher, providing a common subsystem for the high-level allocation, scheduling, and dispatching of soft interrupts.
Allow tmux(1) bind -r and -N to change an existing key binding if no command is specified.
Make qcscm(4) attach at acpi(4) letting qcom machines that use qcscm also access EFI variables in ACPI mode.
Add RK3528 support to rkpinctrl(4).
Make bioctl(8) properly indicate key disk for RAID 1C.
Remove BS-AES and VP-AES from EVP.
Add a software implementation of TCP Large Receive Offload to ixl(4).
Take socket lock in TCP input in preparation to run tcp_input() in parallel.
Set ps_mtx child lock for witness(4).
Improve handling of lock nesting by witness(4).
Add support for the Realtek RTL8125D chip to the rge(4) driver and update microcode for RTL8125B.
Track upgrade.site(5) in etc/changelist.
Move to 7.7-current.