OpenBSD 7.8

What's New

This is a partial list of new features and systems included in OpenBSD 7.8. For a comprehensive list, see the changelog leading to 7.8.

Platforms specific improvements:
- arm64:
  - ...
- amd64:
  - ...
- Other architectures:
  - ...
- More platform specific changes can be found in the hardware support section below.
Various kernel improvements:
- ...
- Suspend/Hibernate Support
  - ...
- Bugfixes
  - ...
SMP Improvements
- Up to 8 softnet threads are used to handle network input. The number of threads is also limited by number of CPU.
- TCP stack is now running in parallel on multiple CPUs. Up to 8 threads are used to process TCP traffic. Note that each connection can only be handled by one CPU. Use multiple streams and a network interface capable of multi queue to distribute packets.
- IPv6 fragment reassembly is now running in parallel.
- IPv6 destination option and routing header parsing is now running in parallel.
- System calls close(2) and listen(2) run without exclusive net lock.
Direct Rendering Manager and graphics drivers
- ...
VMM/VMD improvements
- On AMD processors SEV-ES technology is supported to start confidential virtual machines. SEV-ES works for vmm/vmd hypervisor and for OpenBSD guests on KVM/qemu.
Various new userland features:
- ...
Various bugfixes and tweaks in userland:
- ...
Improved hardware support and driver bugfixes, including:
- ...
New or improved network hardware support:
- Intel E810 network devices ice(4) are supported for 100 and 25 GBit in QSPF and SFP variants.
Added or improved wireless network drivers:
- ...
Installer, upgrade and bootloader improvements:
- ...
- ...
- ...
- ...
Security improvements:
- ...
New features in the network stack:
- Some network drivers allow to use soft LRO for TCP. If the hardware does not support to concatenate received TCP packets, this can be done at driver level. As the upper layers handle less packets, performance improves. Currently the feature is disabled by default, activate with ifconfig(8) tcplro. Software LRO has been implemented for bnxt(4), ixe(4), ixl(4).
Further changes and bugfixes in the network stack:
- Output of netstat(1) for multicast route and divert protocol statistics have been improved.
- For divert(4) protocols sysctl(8) knobs have been consolidated.
- ARP and ND6 list use iterators to be MP safe. This also avoids a race when timeouts handled multipath link layer entries.
- TCP keepalive intervals have been fixed.
The following changes were made to the pf(4) firewall:
- The check whether a TCP RST packes belongs to a connection was too strict. Now resetting a TCP state also works if there were gaps in the sequence number space due to lost packets.
Routing daemons and other userland network programs saw the following improvements:
- ...
- In smtpd(8),
  - ...
- In bgpd(8),
  - In verbose mode log the NOTIFICATION data for UPDATE errors.
  - Fix a busy loop error in the pfkey handling.
  - Introduce monotime - an internal time API using microsecond resolution.
  - Fix accounting of the pending update counter
  - Use new ibufq interface instead of handrolling the same.
  - Large refactoring of internal APIs to make the code easier to share and cleaner.
- In rpki-client(8),
  - The parser process now uses parallel threads for object validation. The new -p option can be used to adjust the number of threads.
  - Support for Canonical Cache Representation has been added. CCR is a new DER-encoded data interchange format to support audit trail keeping, validated payload dissemination, and analytics pipelines. https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-ccr
  - Certificate parsing and validation has been completely reworked. In particular, a more stringent set of compliance checks based on RFC 6487, RFC 8209, and RFC 8608 is imposed on end entity certificates.
  - Filemode is now able to detect most file types without recourse to the file name extension.
  - Experimental support for P-256 Trust Anchor keys was added.
  - Marshalling and unmarshalling of privsep messages was improved.
  - In verbose mode, warnings are emitted about uncompressed HTTP/RRDP transfers larger than one megabyte. Publication server operators are strongly encouraged to offer gzip compressed HTTP content-encoding, see draft-ietf-sidrops-publication-server-bcp, section 6.3.
  - emit all key identifiers (AKI and SKI) encoded in JSON as bare hex strings without colons.
  - Fixed numerous minor issues flagged by the Coverity static analyzer.
tmux(1) improvements and bug fixes:
- ...
LibreSSL version 4.2.0
- Portable changes
  - ...
- Internal improvements
  - Cleaned up code implementing block cipher modes of operation. Includes untangling a horrible #ifdef mess and removing a few instances of undefined behavior.
  - Removed assembly implementations of AES using bit slicing (BS-AES) and vector permutation (VP-AES).
  - Removed OPENSSL_SMALL_FOOTPRINT and OPENSSL_FIPSAPI.
  - Implemented constant time EC field element operations to allow elliptic curve operations without bignum arithmetic.
  - Implemented an EC method using homogeneous projective coordinates. This will allow exception-free elliptic curve arithmetic in constant time in future releases.
  - Started cleaning up the openssl speed implementation.
  - The last SIGILL-based CPU capability detection was removed. Instead, capabilities are now detected using a constructor on library load, which improves the incomplete coverage by calls to OPENSSL_init_crypto() on various entry points.
  - Rework and simplify AES handling in EVP. In particular, AES-NI is now handled in the AES internal code and no longer requires the use of EVP.
  - Added a public API for ML-KEM. This is not yet documented in a manpage and may not be in its final form. This will be used to support X25519MLKEM768 in libssl.
- Compatibility changes
  - Removed the -msie_hack option from the openssl(1) ca subcommand.
  - Removed parameters of the 239-bit prime curves from X9.62, H.5.2: prime239v1, prime239v2, prime239v3.
  - Increased default MAC salt length used by PKCS12_set_mac(3) to 16 per recommendation of NIST SP 800-132.
  - Encrypted PKCS#8 key files now use a default password-based key derivation function that is acceptable in the present millenium.
  - const corrected EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}().
  - X509_CRL_verify() now checks that the AlgorithmIdentifiers in the signature and the tbsCertList are identical.
  - Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
  - Removed BIO_s_log(), X509_PKEY_{new,free}(), PEM_X509_INFO_read() and PEM_X509_INFO_write_bio().
  - Re-expose the ASN.1 Boolean template items.
  - opensslconf.h is now machine-independent.
- New features
  - Allow specifying ALPN in nc(1) via -Talpn="http/1.1,http:/1.0".
- Bug fixes
  - Avoid pointer arithmetic on NULL for memory BIOs.
  - Fix leaks and use-after-frees in PKCS7 attribute handling.
  - Ensure p and q in RSA private key have a minimum distance of 2^(bits/2 - 100) as specified in NIST SP 800-56B Revision 2.
- Security fixes
  - Fix out-of-bounds read and write, memory leaks and incorrect error check for CMS enveloped data.
- Documentation
  - Rewrote most of the EC documentation from scratch to be at least somewhat accurate and intelligible.
  - Updated documentation for SMIME_{read,write}* to match reality.
- Testing and proactive security
  - Added a testing framework that will help deduplicating lots of ad-hoc code in the regression tests.
  - Converted the Wycheproof testing framework to use testvectors_v1. This in combination with a few new tests significantly increases regress coverage.
OpenSSH 10.1
- Security fixes
  - ssh(1): disallow control characters in usernames passed via the commandline or expanded using %-sequences from the configuration file, and disallow \0 characters in ssh:// URIs.
    If an ssh(1) commandline was constructed using usernames or URIs obtained from an untrusted source, and if a ProxyCommand that uses the %u expansion was configured, then it may be possible for an attacker to inject shell expressions that may be executed when the proxy command is started.
    We strongly recommend against using untrusted inputs to construct ssh(1) commandlines.
    This change also relaxes the validity checks in one small way: usernames supplied via the configuration file as literals (i.e. that have no % expansion characters) are not subject to these validity checks. This allows usernames that contain arbitrary characters to be used, but only via configuration files. This is done on the basis that ssh's configuration is trusted.
    This issue was reported by David Leadbeater.
- Potentially incompatible changes
  - ssh(1): add a warning when the connection negotiates a non-post quantum safe key agreement algorithm.
    This warning has been added due to the risk of "store now, decrypt later" attacks. More details at the OpenSSH Post-Quantum Cryptography page.
    This warning may be controlled via a new WarnWeakCrypto ssh_config option, defaulting to on. This option is likely to control additional weak crypto warnings in the future.
  - ssh(1), sshd(8): major changes to handling of DSCP marking/IPQoS
    Both the client and the server have changed the default DSCP (a.k.a IPQoS) values and the way these values are selected at runtime.
    Both endpoints now use Expedited Forward (EF) for interactive traffic by default. This provides better prioritisation, especially on wireless media (cf. RFC 8325). Non-interactive traffic now uses the operating system default DSCP marking. Both the interactive and non-interactive DSCP values may be overridden via the IPQoS keyword in ssh_config(5) and sshd_config(5).
    The DSCP value selected may now change over the course of a connection. ssh(1) and sshd(8) will automatically select between the interactive and non-interactive IPQoS values depending on the type of SSH channels open. E.g. if an sftp session is using the connection, then the non-interactive value will be used.
    This is important now that the default interactive IPQoS is EF (Expedited Forwarding), as many networks are configured to allow only relatively small amounts of traffic of this class and they will aggressively deprioritise the entire connection if this is exceeded.
  - ssh(1), sshd(8): deprecate support for IPv4 type-of-service (TOS) keywords in the IPQoS configuration directive.
    Type of Service (ToS) was deprecated in the late nineties and replaced with the Differentiated Services architecture. Diffserv has significant advantages for operators because this mechanism offers more granularity.
    OpenSSH switched its default IPQoS from ToS to DSCP values in 2018.
    IPQoS configurations with 'lowdelay', 'reliability', or 'throughput' will be ignored and instead the system default QoS settings apply. Additionally, a debug message is logged about the deprecation with a suggestion to use DSCP.
  - ssh-add(1): when adding certificates to an agent, set the expiry to the certificate expiry time plus a short (5 min) grace period.
    This will cause the agent to automatically remove certificates shortly after they expire. A new ssh-add -N option disables this behaviour.
  - All: remove experimental support for XMSS keys. This was never enabled by default. We expect to implement a new post-quantum signature scheme in the near future.
  - ssh-agent(1), sshd(8): move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).
    This ensures processes that have restricted filesystem access that includes /tmp do not ambiently have the ability to use keys in an agent.
    Moving the default directory has the consequence that the OS will no longer clean up stale agent sockets, so ssh-agent now gains this ability.
    To support $HOME on NFS, the socket path includes a truncated hash of the hostname. ssh-agent will by default only clean up sockets from the same hostname.
    ssh-agent(1) gains some new flags: -U suppresses the automatic cleanup of stale sockets when it starts. -u forces a cleanup without keeping a running agent, -uu forces a cleanup that ignores the hostname. -T makes ssh-agent put the socket back in /tmp.
- New features
  - ssh(1), sshd(8): add SIGINFO handlers to log active channel and session information.
  - sshd(8): when refusing a certificate for user authentication, log enough information to identify the certificate in addition to the reason why it was being denied. Makes debugging certificate authorisation problems a bit easier.
  - ssh(1), ssh-agent(1): support ed25519 keys hosted on PKCS#11 tokens.
  - ssh(1): add a ssh_config(5) RefuseConnection option that, when encountered while processing an active section in a configuration terminates ssh(1) with an error message that contains the argument to the option.
    This may be useful for expressing reminders or warnings in config files, for example:
```
          Match host foo
              RefuseConnection "foo is deprecated, use splork instead"
        
```
  - sshd(8): make the X11 display number check relative to X11DisplayOffset. This will allows people to use X11DisplayOffset to configure much higher port ranges if they really want, while not changing the default behaviour.
  - unit tests: the unit test framework now includes some basic benchmarking capabilities. Run with "make UNITTEST_BENCHMARK=yes".
- Bugfixes
  - sshd(8): fix mistracking of MaxStartups process exits in some situations. At worst, this could cause all MaxStartups slots to fill and sshd to refuse new connections.
  - ssh(1): fix delay on X client startup when ObscureKeystrokeTiming is enabled.
  - sshd(8): increase the maximum size of the supported configuration from 256KB to 4MB, which ought to be enough for anybody. Fail early and visibly when this limit is breached.
  - sftp(1): during sftp uploads, avoid a condition where a failed write could be ignored if a subsequent write succeeded. This is unlikely but technically possible because sftp servers are allowed to reorder requests.
  - sshd(8): avoid a race condition when the sshd-auth process exits that could cause a spurious error message to be logged.
  - sshd(8): log at level INFO when PerSourcePenalties actually blocks access to a source address range. Previously this was logged at level VERBOSE, which hid enforcement actions under default config settings.
  - sshd(8): GssStrictAcceptor was missing from sshd -T output; fix
  - sshd(8): Make the MaxStartups and PerSourceNetBlockSize options first-match-wins as advertised.
  - ssh(1): fix an incorrect return value check in the local forward cancellation path that would cause failed cancellations not to be logged.
  - sshd(8): make "Match !final" not trigger a 2nd pass ssh_config parsing pass (unless hostname canonicalisation or a separate "Match final" does).
  - ssh(1): better debug diagnostics when loading keys. Will now list key fingerprint and algorithm (not just algorithm number) as well as making it explicit which keys didn't load.
  - All: fix a number of memory leaks found by LeakSanitizer, Coverity and manual inspection.
  - sshd(8): : Output the current name for PermitRootLogin's "prohibit-password" in sshd -T instead of its deprecated alias "without-password".
  - ssh(1): make writing known_hosts lines more atomic by writing the entire line in one operation and using unbuffered stdio.
    Usually writes to this file are serialised on the "Are you sure you want to continue connecting?" prompt, but if host key checking is disabled and connections were being made with high concurrency then interleaved writes might have been possible.
Ports and packages:
Many pre-built packages for each architecture:
- aarch64: xxx
- amd64: xxx
- arm: xxx
- i386: xxx
- mips64: xxx
- powerpc: xxx
- powerpc64: xxx
- riscv64: xxx
- sparc64: xxx
Some highlights:
- Asterisk 16.30.1, 18.26.1, 20.13.0 and 22.3.0
- Audacity 3.7.3
- CMake 3.31.6
- Chromium 135.0.7049.52
- Emacs 30.1
- FFmpeg 6.1.2
- GCC 8.4.0 and 11.2.0
- GHC 9.8.3
- GNOME 47
- Go 1.24.1
- JDK 8u442, 11.0.26, 17.0.14 and 21.0.6
- KDE Applications 24.12.3
- KDE Frameworks 6.12.0
- KDE Plasma 6.3.3
- Krita 5.2.9
- LLVM/Clang 13.0.0, 16.0.6, 18.1.8 and 19.1.7
- LibreOffice 25.2.1.2
- Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.7
- MariaDB 11.4.5
- Mono 6.12.0.199
- Mozilla Firefox 137.0 and ESR 128.9.0
- Mozilla Thunderbird 128.9.0
- Mutt 2.2.14 and NeoMutt 20250113
- Node.js 22.14.0
- OCaml 4.14.2
- OpenLDAP 2.6.9
- PHP 8.2.28, 8.3.19 and 8.4.5
- Postfix 3.10.1
- PostgreSQL 17.4
- Python 2.7.18 and 3.12.9
- Qt 5.15.16 (+ kde patches) and 6.8.2
- R 4.4.2
- Ruby 3.2.8, 3.3.7 and 3.4.2
- Rust 1.86.0
- SQLite 3.49.1
- Shotcut 25.01.25
- Sudo 1.9.16p1
- Suricata 7.0.7
- Tcl/Tk 8.5.19 and 8.6.16
- TeX Live 2024
- Vim 9.1.1265 and Neovim 0.10.4
- Xfce 4.20.0
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.8 with xserver 21.1.16 + patches, freetype 2.13.3, fontconfig 2.15.0, Mesa 23.3.6, xterm 395, xkeyboard-config 2.20, fonttosfnt 1.2.4 and more)
- LLVM/Clang 16.0.6 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.40.1 (+ patches)
- NSD 4.9.1
- Unbound 1.22.0
- Ncurses 6.4
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)
- Awk 20250116
- Expat 2.7.1
- zlib 1.3.1 (+ patches)

Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!

OpenBSD/alpha:

If your machine can boot from CD, you can write install78.iso or cd78.iso to a CD and boot from it. Refer to INSTALL.alpha for more details.

OpenBSD/amd64:

If your machine can boot from CD, you can write install78.iso or cd78.iso to a CD and boot from it. You may need to adjust your BIOS options first.

If your machine can boot from USB, you can write install78.img or miniroot78.img to a USB stick and boot from it.

If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.amd64 document.

If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.

OpenBSD/arm64:

Depending on your hardware, you can write install78.iso or cd78.iso to a CD and boot from it, or write a system specific miniroot to an SD card and boot from it after connecting to the serial console. Refer to INSTALL.armv64 for more details.

OpenBSD/armv7:

Write a system specific miniroot to an SD card and boot from it after connecting to the serial console. Refer to INSTALL.armv7 for more details.

OpenBSD/hppa:

Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.

OpenBSD/i386:

If your machine can boot from CD, you can write install78.iso or cd78.iso to a CD and boot from it. You may need to adjust your BIOS options first.

If your machine can boot from USB, you can write install78.img or miniroot78.img to a USB stick and boot from it.

If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.i386 document.

If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.

OpenBSD/landisk:

Write miniroot78.img to the start of the CF or disk, and boot normally.

OpenBSD/loongson:

Write miniroot78.img to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details.

OpenBSD/luna88k:

Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details.

OpenBSD/macppc:

Burn the install78.iso image from a mirror site to a CDROM, and power on your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot.

Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /7.8/macppc/bsd.rd

OpenBSD/octeon:

After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details.

OpenBSD/powerpc64:

To install, write install78.img or miniroot78.img to a USB stick, plug it into the machine and choose the OpenBSD install menu item in Petitboot. Refer to the instructions in INSTALL.powerpc64 for more details.

OpenBSD/riscv64:

To install, write install78.img or miniroot78.img to a USB stick, and boot with that drive plugged in. Make sure you also have the microSD card plugged in that shipped with the HiFive Unmatched board. Refer to the instructions in INSTALL.riscv64 for more details.

OpenBSD/sparc64:

Burn the image from a mirror site to a CDROM, boot from it, and type boot cdrom.

If this doesn't work, or if you don't have a CDROM drive, you can write floppy78.img or floppyB78.img (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

You can also write miniroot78.img to the swap partition on the disk and boot with boot disk:b.

If nothing works, you can boot over the network as described in INSTALL.sparc64.