------------------------------------------------------------------------
- OpenBSD 7.6 RELEASED -------------------------------------------------

October 8, 2024.

We are pleased to announce the official release of OpenBSD 7.6.
This is our 57th release. We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.

As in our previous releases, 7.6 provides significant improvements,
including new features, in nearly all areas of the system.

With this release all files that existed in the first commit in the
OpenBSD source repository have been updated, modified or replaced at some
point in time, reaching OpenBSD of Theseus.

- Platforms specific improvements:
o arm64:
- Implemented Spectre-V4 mitigations for arm64.
- Extended Spectre-BHB mitigation support to Cortex-A57.
- Enable Enhanced Privileged Access Never (EPAN) when available
on arm64.
- Recognise Cortex-A520AE (Hayes AE) and Cortex-A720AE (Hunter
AE) CPUs
- Made the LEDs work on the SolidRun ClearFog CN9130 Base.
- Added Qualcomm Snapdragon X Elite (X1E80100) support.
- Implemented support for deeper idle states offered by PSCI,
reducing idle power usage.
- Populate arm64 HWCAP and HWCAP2 flags based on recognized
feature bits and sanitized values of the ID register values.
- Made the Samsung Galaxy Book4 Edge (x1e80100) boot in ACPI
mode.
- Used FEAT_RNG to feed entropy into the random subsystem on
arm64 as on amd64.
o amd64:
- Mitigated the RFDS (Register File Data Sampling)
vulnerability present in Intel Atom CPUs (requires updated
firmware).
- Implemented support for AVX-512.
- Shortening of the dmesg(8) output by suppressing cache-info
lines when they are identical to the previous CPU.
- Streamlined the display of flag information of amd64 CPU
flags in dmesg(8).
- Added AMD Secure Encrypted Virtualization (SEV)-related
information provided by cpuid to dmesg(8).
- Implemented bounce buffering for AMD SEV in amd64 bus dma.
- Implemented hardware masking for MSI and MSI-X on amd64.
- Implemented wakeup interrupts on amd64.
- Ensure that the deepest possible C-state is selected during
suspend-to-idle on amd64 and i386.
- Set the target ACPI to S5 when powering down amd64 (and i386)
machines, rather than attempting to put devices into the D3
power state.
- Prevented livelocks on amd64 by avoiding caching pages
belonging to memory ranges with a 'use' count to keep low
pages available and avoid their exhaustion.
o riscv64:
- Use SBI calls to reboot or power down when supported by
firmware.
- Communicate cache-coherent DMA status via DMA tag for
mainbus(4).
- Support for Milk-V Pioneer board.
- Enabled UVM percpu cache on riscv64.
o powerpc:
- Exported basic HWCAP bits to let applications detect Altivec
and VSX on powerpc64.
- Exported basic HWCAP bits to let applications detect Altivec
on powerpc.
o mips64:
- Enabled uvm per-cpu page cache on mips64 (as well as sparc64
and luna88k)
o alpha:
- Switched alpha to MI mplock code.
o More platform specific changes can be found in the hardware
support section below.

- Various kernel improvements:
o Reduced dmesg(8) output by only printing about PCI resource
conflicts for resources that are enabled.
o Deleted the msyscall mechanism, now replaced by the stricter
mimmutable(2) and pinsyscalls(2).
o Changed pledge(2), mmap(2)'s MAP_STACK and pinsyscalls(2) failures
to use uprintf(9) rather than writing into dmesg(8).
o Made witness(4) display lock cycles longer than two locks.
o Made "show witness" display witness(4) lock subtypes in ddb(4).
o Made ddb(4) print mbuf chain and packet list by implementing /c
and /p modifiers in ddb show mbuf.
o Repair printing of backtraces on arm64 ddb(4).
o Added pathconfat(2): pathconf(2) but with at-fd and flags
arguments, the latter supporting the ability to get timestamp
resolution of symlinks.
o Ensure that pmap_create(9) waits in the case of kernel virtual
space shortage.
o Made arc4random() depend on fewer subsystems by decoupling
extract_entropy() from the enqueue_randomness() logic.
o Ensure that concurrent calls to dequeue_randomness() will use some
different events.
o Work to support S0 sleep states, improving the suspend/resume
experience on modern hardware.
- Added an implementation of "suspend-to-idle" on amd64,
enabling suspend on machines that don't support S3.
- Began printing "S0ix" instead of "S0" on the acpi: sleep
states line when FADT indicates FADT_POWER_S0_IDLE_CAPABLE,
assuming that for these machines the vendors agree S0 suspend
is as good or better than S3.
- Added a temporary method to force S0 over S3 via
machdep.lidaction=-1. We are not ready to choose S0-over-S3
based on the S0ix bit in FADT, but this will allow testing.
- Fixed suspend/resume related bugs in many drivers.
o Made exit1() wait for sysctl(2) 'allprocess' loops to prevent
possible kernel crash due to concurrent process exit1().
o Prevented potential crash when fuse(4) uses the ufs inode.
o Ensure that in all filesystems file names passed back by readdir
name validation do not include a '/' character to avoid unexpected
path traversal on untrusted file systems.
o Fixed kernel crashing due to invalid printables in ELF binaries.
o Increased the default buffer size for AF_UNIX from 8192 to 32768,
avoiding a fatal error in sshd(8) that can be triggered when the
network stack is pushed hard enough to consume most of the allowed
memory.

- SMP Improvements
o Network
- Allowed running UDP input on multiple CPU in parallel.
- Made raw IPv4 and IPv6 sockets handle input in parallel.
- Various improvements in the locking of unix4 and udp sockets.
- Pushed socket lock down to sosend() for SOCK_RAW sockets.
- Pushed socket lock down to sosend() and removed it from
soreceive() paths for unix(4) sockets.
- Switched AF_ROUTE sockets to the new locking scheme.
- Mark the IP protocol GRE as MP safe from socket layer.
- Removed kernel lock from socket splice idle timeout.
- Removed kernel lock from shutdown(2) system call.
- Run network protocol timer without kernel lock. TCP timers
also run without kernel lock now.
- Stopped using KERNEL_LOCK to protect the per process
kqueue(2) list.
o Sysctl
- Used atomic operations to access integers in sysctl(2) making
it mp-safe.
- Removed net lock from sysctl(8) net.inet.ip.forwarding,
net.inet6.ip6.forwarding, net.inet6.ip6.redirect,
net.inet.ip.directed-broadcast.
- Pushed kernel lock down to net_sysctl() to unlock uipc, bpf,
pflow and pipex sysctl.
- Removed kernel lock from various sysctl kern variables.
o Stopped grabbing the kernel lock in kbind(2).
o Added per-CPU caches to the pmemrange allocator.
o Unlocked sigsuspend(2) and __thrsigdivert syscalls.
o Converted SCHED_LOCK from a recursive kernel lock to a mutex.
o Reworked per proc and per process time usage accounting, removing
a SCHED_LOCK() dependency.

- Direct Rendering Manager and graphics drivers
o Updated drm(4) to Linux 6.6.52.
o Support for Meteor Lake in inteldrm(4).

- VMM/VMD improvements
o Improve exposure of CPU features to virtual machines.
o Fixed incorrect scaling when converting disk images in vmctl(8).
o Dropped the vmm(4) and vmd(8) "continue" flag to simplify running
a vcpu.
o Added vmctl(8) "status -r" to limit the output of "vmctl status"
to only running VMs.
o Made vmm(4) update the host cr3 in the vmcs to allow vmx(4) to
restore the proper cr3 value on the next vm exit.
o Enabled AMD SEV support in vmm(4).
o Added psp(4) ioctls to the "vmm" pledge to support AMD SEV and add
an additional ioctl to support shutdown.
o Set highest cpuid feature leaf based on host CPU in vmm(4), fixing
Linux guests on older Intel hardware.
o Implemented AMD SEV support in vmd(8). To enable SEV for a guest,
use the parameter "sev" in the guest's vm section in vm.conf.5.
o Fixed VPID leak on Intel VMX hosts.
o Add ret-clean operation to interrupt dispatch assembly code.
o Fixed DHCP request intercept when using local interfaces with
vmd(8).

- Various new userland features:
o Added scandirat(3) from FreeBSD.
o Added elf_aux_info(3), designed to let userland peek at AT_HWCAP
and AT_HWCAP2, using an interface from FreeBSD.
o Added missing function wcsnlen(3) to find length of a wide string
(i.e. wcslen(3) with a max len argument).
o Imported libva 2.22.0, an implementation for VA-API (video
acceleration API). VA-API provides access to graphics hardware
acceleration capabilities for video processing.
o Added the option "-u name" to env(1) to remove a variable from the
environment.

- Various bugfixes and tweaks in userland:
o Throughout the source tree, add missing error checks to calls of
gmtime(3) and localtime(3).
o Added missing error checks to all calls under libexec and sbin in
case of ctime(3) and ctime_r(3) failures when timestamps are far
off.
o Audited programs that parse IP-adresses and replaced inet_aton(3)
with better functions such as gethostbyname(3), getnameinfo(3),
getaddrinfo(3), and inet_pton(3).
o Added generic channel mapping in place of aucat(1) -j and -c
options.
o Allowed any device sample encoding in aucat(1).
o Fixed a crash in sndiod(8) when the device is disconnected and the
clients are not migrated to another device.
o Made sndiod(8) discover new devices on SIGHUP and switch if a new
device is higher priority (greater -F option number) than the
current device.
o Fixed sndiod(8) server.device entries disappearing when usb
devices are unplugged while in use.
o Fixed possible sndiod(8) crashes caused by a global table overread
triggered by the client.
o Switched pax(1) to write archives using the 'pax' format by
default. Ramdisk versions will keep using ustar for writing.
o Corrected detection of 'pax' format archives in pax(1) append
mode.
o Fixed a problem in pax(1) where the file list output was
fully-buffered when used as part of a pipeline.
o Fixed reading large pax(1) extended records.
o Switched tar(1) write default format to 'pax'.
o Added tar(1) -F option to select write format.
o Used pathconfat(2) to compare mtimes for the pax(1) -u and -Z
options when the target is "too old."
o Added patch(1) "-V none" to prevent making any backups.
o Fixed chroot(2) call in the lpd(8) control process.
o Fixed a crash in ls(1) -l for files with bogus timestamp values.
o Repaired malloc operation on systems where the malloc(3) page size
is larger than the mmu page size.
o In btrace(8), cache ELF .symtab, .strtab entries in sorted array
to improve lookup cost from O(n) to O(lg n).
o In libc, allow writing buffers larger than BUFSIZ or st_blksize,
vastly improving write performance.
o Made security(8) silently ignore setuid changes in relinked
binaries to reduce false positives.
o Added the flags NOPERM, STALLED, SWAPPABLE and DOOMED to pstat(8)
-v output.
o Rewrote dd(1) bytes/sec calculation to make signal handler safe on
OpenBSD.
o Added check in pwd_mkdb(8) preventing creation of a passwd(5)
entry too large for getpwent(3).
o Fixed cron(8) CVE-2024-43688: buffer underflow for very large step
values.
o Escaped newlines in file names in less(1).
o Removed support for the less(1) LESSOPEN and LESSCLOSE environment
variables.
o Allowed the newsyslog(8) -F flag (Force trim logs) to be used on
its own.
o Added display of the current line number as percentage of the
total lines in vi(1) ruler.
o Ignored universal ctags extended metadata in tagaddress, making
mg(1) search patterns work again.
o Fixed mg(1) auto-indent-mode with custom tab widths.
o Added handling for C-u modifier in M-! and M-| to mg(1).
o Added an error message for sed(1) -i when the file is unwritable.
o Fixed a bug in sed(1) where the pattern space is empty but does
not start with a NUL character, which might occur after using the
D command.
o Ensure that giving UTF-8 command line arguments to apropos(1)
allows searching in UTF-8 and ISO-Latin-1 encoded manual pages if
the mandoc.db(5) was built makewhatis -T utf8.
o Fixed a bug in mandoc(1) .Ql handling which could corrupt output.
o Made gprof(1) output more compact.

- Improved hardware support and driver bugfixes, including:
o Added clocks for the RK3588 PWM controller to rkclock(4).
o Added RK3588 TSADC clocks and resets to rkclock(4).
o Added RK3588 eMMC clocks and resets to rkclock(4).
o Added RK3588 support to rktemp(4).
o Added support for using the power button function of the RK809 to
rkpmic(4).
o Added rkpmic(4) support for configuring sleep voltage settings
based on device tree settings for the RK809.
o Prevented rkpmic(4) power down after resume initiated by pressing
the power button.
o Added RK3588 support to rkusbphy(4).
o Added dwmshc(4) support for the RK3588 eMMC controller.
o Made the eMMC come up reliably on the RK3588 eMMC controller by
resetting the status before executing a new command.
o Added PCI support for ufshci(4).
o Enabled UFS "Auto-Hibernation" in ufshci(4).
o Added ufshci(4) support for suspend/resume.
o Added hibernation support in ufshci(4).
o Added ufshci(4) at fdt support, allowing boot of the Samsung
Galaxy Book4 Edge in DT mode.
o Fixed ufshci(4) alignment issue where a DMA transfer scheduled on
an odd slot would fail.
o Enabled ufshci(4) on amd64.
o Added CH9102 support to uchcom(4).
o Added support for the numpad on newer macppc Apple Powerbooks with
ukbd(4), with Num Lock set as Fn+F6.
o Added uchcom(4) support for the CH343 uart.
o Prevented a hang when the nvme(4) controller has disconnected from
the pcie bus.
o Added support for NVMe passthrough commands to allow software to
get information about nvme(4) disks.
o Enabled hibernate/resume to nvme(4) disks with 4096 byte sectors.
o Added bio(4) support to nvme(4).
o Added nvme(4) sensors based on information in the SMART/health log
page, showing overall device health and temperature.
o Made acpibat(4) forward AC change notifications to acpiac(4),
giving access to programs like apm(8).
o Implemented sleep button and EC events as wakeup events in
acpi(4).
o Added qcgpio(4) support for the ACPI PCIO pins necessary to
support the keyboard, touchpad and touchscreen on the Qualcomm
Snapdragon X Elite (X1E80100) laptops Asus Vivobook S15 and Lenovo
Yoga Slim 7x.
o Made the touchpad on the Samsung Galaxy Book4 Edge work via
qcgpio(4).
o Added Meinberg PCI510 to mbg(4).
o Introduced rpigpio(4), a driver for the RP1 GPIO controller on the
Raspberry Pi 5.
o Added support to have bcmpcie(4) as both PCIe bus and simplebus to
enable use of the Raspberry Pi 5's RP1 I/O controller.
o Fixed access to Alder Lake-N and Elkhart Lake eMMC.
o Added psp(4) driver for the AMD Platform Security Processor.
o Prevent a crash in the openfirmware driver if the temperature for
a zone can't be read while polling it.
o Implemented qcspmi(4) support for version 7 controllers.
o Implemented MSI multiple-vector support in dwpcie(4).
o Hooked up the Qualcomm UEFI Secure Application that handles EFI
variables to efi(4) to allow access to EFI variables through
ioctls on /dev/efi.
o Fixed uaudio(4) failure to attach when interface number and
interface index do not match and the wrong interface is claimed.
o Fixed delayed level setting on audio(4) devices.
o Introduced intelpmc(4), a driver for the power management
controller found on various Intel SoCs.
o Added battery sensors to qcpas(4).
o Corrected audio drivers to inform children about suspend/resume
related events.
o Ensure that softraid(4) sensors are unregistered when the volumes
are removed.
o Fixed suspend/resume for ums(4) and umt(4).
o Ensure that some Intel xhci(4) controllers fully power down by
issuing a "save state" command on suspend.
o Fixed xhci(4) issues after resume by giving some AMD Ryzen hHCI
controllers the extra time they need to transition from D3 into
D0.
o Made acpi(4) use ACPI_WAK upon resume, potentially improving S3
resume on some rare machines.
o Made xhci(4) restore the saved state upon resume, needed for newer
Intel xHCI controllers.
o Skipped Controller Save State (CSS) and Controller Restore State
(CRS) on AMD 17h/1xh xHCI to avoid problem with resume after
introduction of CRS to xhci(4).
o Corrected dwiic(4) to inform children of suspend/resume events and
prevent sub-drivers racing against dwiic hardware
re-initialization.
o Eliminated some resume-hangs on dwiic(4) chips.
o Added missing child activate handling in iatp(4).

- New or improved network hardware support:
o Implemented resetting the PHY via a GPIO pin in cad(4), helping to
enable the PHY on the Raspberry Pi 5.
o Fixed TCP Segmentation Offload bugs in ixl(4).
o Added mcx(4) support for media types from the extended Ethernet
capabilities fields, fixing a gigabit SFP in the ConnectX-6 Lx.
o Enabled em(4) on powerpc64.
o Added VLAN hardware tagging in igc(4).
o Fixed jumbo frames in igc(4) for strict alignment architectures.
o Exposed igc(4) hardware counters to kstat(1).
o Added support for checksum offloading to dwqe(4).
o Added VLAN hardware tagging in dwqe(4).
o Improved stability of dwqe(4).
o Mapped MSI-X in addition to MSI and INTx on rge(4).
o Fixed TX descriptors DMA syncs in rge(4).
o Added rge(4) support for the Realtek RTL8126 chip.
o Improved bus_dmamap_syncs for rx ring descriptors on rge(4)
hardware.
o Supported building a single packet out of multiple rx descriptors
in rge(4).
o Attempted to leave a gap on the tx ring for rge(4)/re(4) to keep
entries on the ring from being overwritten, preventing confusion
of the chip and the tx completion code.
o Prevented VPID leakage in vmx(4) by allocating at vcpu init.
o Implemented TCP Segmentation Offload in vmx(4), igc(4) and vio(4).
o Implemented TCP Large Receive Offload in vmx(4) and vio(4).
o Enable checksum offloading and TCP Segmentation Offload for
vlan(4) via vio(4).
o Improved stability of vio(4).

- Added or improved wireless network drivers:
o Fixed qwx(4) display in ifconfig(8) showing a mix of 802.11 modes
after switching APs.
o Added a reset attempt for qwx(4) devices when firmware crashes.
o Made qwx(4) offload TKIP and CCMP crypto to hardware, fixing ARP
and IPv6 multicast with WPA2.
o Plugged a memory leak in qwx(4).
o Fixed a qwx(4) interrupt storm during resume.
o Fixed iwx(4) monitor mode after firmware update.
o Prevented firmware panic when iwx(4) runs in monitor mode with
addresses configured on the interface and leaving 11n/11ac mode
directly for monitor mode.
o Added support for Quectel EM060K to umb(4).
o Fixed WEP on athn(4) USB hostap, preventing potential "key not
installed for sw crypto" panic.

- IEEE 802.11 wireless stack improvements and bugfixes:
o Prevented potential firmware errors in Intel wifi drivers when APs
send an ADDBA request early.

- Installer, upgrade and bootloader improvements:
o Implemented support for the RISC-V UEFI Boot Protocol.
o Implemented the chmod a-x bsd.upgrade trick in the sparc64 ofwboot
bootloader.
o Added boot.conf(8) "machine idle [secs]" to halt at idle
passphrase prompts for efi(4) systems.
o Made installboot(8) run again after fw_update(8) on Apple silicon
to pick up Apple boot firmware.
o Stopped sysupgrade(8) from enforcing the next version key if
installing a snapshot.
o Included BUILDINFO file in the iso/img files and installed it in
the miniroot if available, to be used in the future in
sysupgrade(8).
o Use BUILDINFO to make sure sysupgrade(8) doesn't install an older
snapshot over a newer one.
o Ensure that loading a device tree using the "mach dtb" command
gives firmware a chance to make modifications by using the EFI
devicetree fixup protocol.
o Apple machines can now also use USB type-A ports for installation.

- Security improvements:
o Added -fret-clean option to the compiler, defaulting to off. This
new option causes the caller to clean the return address off the
stack after a call completes. The -fret-clean option was then
enabled on amd64 for libc, libcrypto, ld.so, kernel, and all the
ssh tools.
o Expose branch target identification (BTI) to userland and make
LLVM generate code with BTI instructions.
o Enabled PAC in addition to BTI on arm64 such that JIT code matches
the default branch protection provided by our base compiler.
o Limit NFS connections to originate from a reserved port, but
permit null requests (aka server pings) from non-reserved ports in
nfs.
o Made local ports bound during connect(2) unique per laddr rather
than globally unique.
o Enforced the pinsyscalls(2) rules on non-static/ld.so/libc.so text
segments.
o Added pledge and unveil to rpcinfo(8).
o Added AUDIO_GETDEV ioctl to "audio" pledge(2).

- New features in the network stack:
o Made PPP interfaces to run in an rdomain(4) and install a default
route in the same routing domain.
o Introduced rport(4) for point-to-point layer 3 connectivity
between routing domains. Similar to pair(4) but is more efficient
as it does not add Ethernet headers.
o Implement IPv6 forwarding IPsec only (sysctl
net.inet6.ip6.forwarding = 2),the equivalent to
net.inet.ip.forwarding = 2 for IPv4.
o Added BIOCSETFNR to bpf(4), like BIOCSETF without resetting the
buffer or stats.
o Implemented SO_ACCEPTCONN in getsockopt(2) which can be used to
check if listen(2) was called and the socket is accepting
connections.

- Further changes and bugfixes in the network stack:
o Expose aggr(4) per port information via kstat(1).
o Restrict listen(2) to sockets of type SOCK_STREAM or
SOCK_SEQPACKET.
o Prohibit userland changes of the interface loopback flag,
preventing a potential kernel crash.
o Split single TCP inpcb hash table into separate hash tables for
IPv4 and IPv6, to help the ongoing work to improve SMP
performance.
o Use route cache function in IP input.
o Implemented rule 5.5 of RFC 6724 (Default Address Selection for
IPv6) to prefer addresses in a prefix advertised by the next-hop.
o Stop storing full IPv6 packet in common forwarding case. Instead
of storing a copy of the full IPv6 packet for the possible need to
generate an ICMP6 packet. Instead only store the header. In most
cases this can be kept on the stack resulting in speedup and less
memory use.
o Fixed bridging IPv6 fragments with pf reassembly. When output by
veb(4) and bridge(4), the packets were not refragmented.
o Fixed source and drain confusion in socket splicing somove(),
improving performance in a corner case.
o Drop packets if forwarding of IPsec packets only (sysctl
net.inet.ip.forwarding = 2) is configured, but no IPsec policy is
defined.
o If IP forwarding is IPsec only, do not send ICMP redirect and do
not accept ICMP redirect packets.

- The following changes were made to the pf(4) firewall:
o Added display of pf(4) fragment reassembly counters to pfctl(8)
and systat(1).
o Fixed pfsync(4) TCP-state not being updated for destination
connection peer and reduced excessive pfsync traffic.
o Allow users to define tables inside an anchor in the same way they
can define global tables in pf.conf(5). Previously this required a
separate pfctl -a foo -t bar invocation.

- Routing daemons and other userland network improvements:
o IPsec support was improved:
- Added RADIUS support to iked(8), including authentication,
accounting and "Dynamic Authorization Extensions" (DAE).
- Fixed a bug where sasyncd(8) couldn't restore SAs.
o More RADIUS changes:
- In npppd(8), modified IPCP to use nameservers from RADIUS.
- Added Dynamic Authorization Extensions (DAE) for RADIUS
server to npppd(8).
- Added support for RADIUS accounting configurable in
radiusd.conf(5).
- Changed radiusd.conf(5) syntax for "module" to take a {}
block and "authentication" to go without. Specifying a
"module" path is now optional.
- Introduced radiusd_ipcp(8), a module providing IP
configuration which manages the IP address pool.
- Added radiusd_file(8) module, providing authentication by a
local file.
- Kept radiusd(8) number of requests for a DAE server below 64
to avoid congestion.
- Added radiusctl(8) ipcp delete command to delete the
specified session without requesting disconnection.
o In bgpd(8),
- Repair a withdraw desynchronization problem in bgpd(8).
- Double peer description length to 64 characters.
- Improve handling of bgpd AFI IPv4 sessions over IPv6 only
links.
- Sessions over IPv6 link-local addresses are now always
considered to be connected.
- Allow operators to enforce the presence of certain
capabilities.
- Improve capability negotiation and remove 'announce
capabilities'. The 'announce capabilities [yes|no]' neighbor
config option needs to be removed from configuration files.
Instead individual capabilities need to be disabled.
- Improve negotiation of the multi-protocol capability and the
fallback to IPv4 only mode.
- Mark RTR and IPv6 BGP packets with DSCP CS6 (network
control).
- Increase RTR PDU limit to 48k and limit number of SPAS to
10'000.
- Convert the remaining session engine parsers to the new ibuf
API.
- Filtered prefixes are now included in the Local-RIB if the
config option 'rde rib Loc-RIB include filtered' is set.
- Add 'bgpctl show rib filtered' to show filtered prefixes.
- Add 'min-version' RTR config option and default to RTR
version 1. Set min-version to 2 to enable
draft-ietf-sidrops-8210bis-14 and ASPA support or better
define the ASPA table in the config.
- Adjust RTR ASPA pdu parser to follow
draft-ietf-sidrops-8210bis-14
- Check the max_prefix and max_out_prefix limits on config
reload.
- Fix race condition between TCP-MD5 key removal and session
closure to ensure all messages are sent with the proper
TCP-MD5 signature.
- Fix 'nexthop qualify via bgp' by re-evaluating the nexthops
when a BGP route is added to the FIB.
- Handle the CLUSTER_LIST attribute according to RFC7606.
- Fix some undefined or non-portable behaviour when handling
NULL / 0-sized objects.
o rpki-client(8) saw these and more changes:
- Impose same-origin policy for RRDP.
- Introduce tiebreaking for trust anchors. This prevents
certain forms of replay attack.
- Fix internal identification of CA resource certificates.
- Verify self-signage for trust anchors.
- Introduce a check for filenames as presented by publication
points.
- Improved compliance with RFCs 6487 and 8209 for certificates
and CRLs.
- Presence of CMS signing-time is now enforced and presence of
CMS binary-signing-time is disallowed, per RFC 9589.
- Lowered the maximum acceptable manifest number to 2^159 - 1.
- Limit number of validated ASPAs per customer ASID.
- Ensure synchronization jobs are stopped when the timeout is
reached.
- Fix a corner case in repository handling. If the last RRDP
repository failed to load, rpki-client would fail to fall
back to rsync due to an ordering bug in the event loop.
- Improve detection of duplicate file paths. Only trigger a
duplicate error if a valid path is revisited otherwise a bad
CA could prevent legitimate files from being considered
valid.
- Normalize internal representation of the caRepository to have
a trailing slash and ensure that the rpkiManifest is a file
inside it.
- Avoid a quadratic complexity issue in ibuf_realloc() due to
misuse of recallocarray(). Transferring a manifest with a
large FileAndHash list across a privsep boundary could cost
significant resources.
- RRDP sessions are periodically reinitialized to snapshot at
random intervals.
- Signed Prefix List statistics are now only emitted when
rpki-client is run with -x.
- The -r command line option formerly enabling RRDP has long
been the default and is now removed.
- The CRL number extension in CRLs is checked to be in the
range [0..2^159-1]. The CRL number is otherwise ignored.
o In smtpd(8),
- Set ORIGINAL_RECIPIENT in the environment of MDA scripts for
postfix compatibility.
- Add documentation on the expected behaviour and environment
of MDAs.
- Fixed smtpd(8) IPv6 address parsing in file-backed table(5).
- Added smtpd-tables(7), an API to implement table(5) for
smtpd(8).
- Introduced a new smtpd(8) K_AUTH service to allow offloading
the credentials to a table for non-crypt(3) authentication.
- Implemented smtpd(8) report response for proc-filters as with
built-in filters.
o Network auto configuration improvements:
- Introduced dhcp6leased(8), a daemon to acquire IPv6 prefix
delegations from DHCPv6 servers.
- Made rad(8) honor prefixes delegated by DHCPv6.
- Implemented RFC 4191 Default Router Preferences in rad(8).
- Made rad(8) send source link-layer address option in router
advertisements, preventing Apple devices from installing an
unusable default route.
- Removed dhclient(8) binary.
o Many other changes in various network programs and libraries:
- Audited programs that parse IP-addresses and replaced
inet_aton(3) with better functions such as gethostbyname(3),
getnameinfo(3), getaddrinfo(3), and inet_pton(3).
- Trimmed output of whois(1) to suppress some uninformative

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)