OpenBSD Journal

As some readers tell us whenever they have the chance, the veb(4) virtual Ethernet bridge device is an OpenBSD feature that can make certain setups a lot more manageable than otherwise possible.Now David Gwynne (dlg@) is fielding a patch on tech@ that would make veb(4) even more capable, by making the device vlan(4) aware.In the message to tech@, David explains:

The OpenBSD project hasannouncedOpenBSD 7.8,its 59 release.The new releasecontains a number of significant improvements, including but certainlynot limited to:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

The project to implementWPA3 support for OpenBSD 802.11 wirelesshas now been funded by a grant from the NLNet Foundation.The work is to be carried out by Stefan Sperling (stsp@) and Chirpy Software.The announcement states,

The LibreSSL project has announced their latest release LibreSSL 4.2.0, with numerous improvements. The release announcement reads,

Cranking up the heat for the upcoming OpenBSD 7.8 release, the OpenSSH project has issued OpenSSH 10.2. This is a bugfix release that supersedes the previously announced OpenSSH 10.1 in time for the general release.From therelease notes:

Jonathan Gray (jsg@) updated the versionofOpenBSD-currentfrom "7.8"to "7.8-current".Those running the latest-and-greatest[via a sufficiently new snapshot or built from source]no longer need to use"-D snap" withpkg_add(1)(andpkg_info(1)).

The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.The release was marked by a very unobtrusive sequence of www commits, with the first saying simply

Version 0.120of Game of Treeshas been released (and the portupdated):

LibreSSL version 4.1.1 and 4.0.1 have been released.The 4.1.1 release notes read:Read more...

Version 0.119of Game of Treeshas been released (and the port updated):Read more...

TheOpenBSD7.8 release cycle is entering its final phases...With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.8(dropping the "-beta"):

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

The OpenBSD projecthasannouncedthe release ofversion 9.6of rpki-client:Read more...

The BSDCan 2025 video playlist is now complete and available on bothPeertubeand Youtube.The OpenBSD focused talks are as follows:

Withthis commit,the development slows into release-mode preparing for the 7.8 release of OpenBSD.The commit message reads,

Version 0.118of Game of Treeshas been released (and the portupdated):

OpenBSD -currenthas gainedinitial support for theRaspberry Pi 5:

Rafael Sadowski (rsadowski@)completed updatesto C++ libraries in -current:

YubikeyOTPsupport has been disabled in -current.Thecommit messageexplains the rationale:

OpenSSHwill now adapt IP QoS to actual sessions and traffic.In a freshcommit,Damien Miller (djm@) introduced a significant change,which enables sshand sshdto set the IP QoS based on what connectionsand sessions are active.The commit message says,

Version 0.117of Game of Treeshas been released (and the portupdated):

In a recententryon his blog,OpenBSDdeveloper Ted Unangst (tedu@) asks,is OpenBSD 10x faster than Linux?.He explains,

OpenBSD users and aficionados are more likely than others to be familiar with the concept ofgreytrapping(the nastier kid sister ofgreylisting),as implemented via the OpenBSDspamd(8)spammer taunting software.The feature has now been around for 18 years, andundeadly.org co-editor Peter Hansteenfound that and another milestone to be a good reason to write a retrospective:

We have long been aware that OpenBSDand OpenSSHin general are at the very forefront of cryptography engineering.A recent data point here is that Damien Miller (djm@) justcommitteda newOpenSSH Post-Quantum CryptographyFAQ page to theOpenSSH web site:

A new opportunity for you to help improve the upcomingOpenBSD 7.8 release has turned up.If YOU have a USB webcam you are using or would like to use with our favorite operating system, Kirill Korinsky (kirill@) would like to hear from you after testing recent snapshots.Kirill'smessageto misc@ reads:

Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@)recently added a couple of notable features to OpenSSH:Read more...

The WiFI802.11standards are a gnarly lot, and checking for compatibility of the various sub-specifications has been known to drive even seasonedOpenBSD developers to the brink of distraction.Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying

Much longed for by some, remembered as a quaint memory by other greybeards,the classicCommon Desktop Environment(CDE) is being added to the ports collection. The initial commit message reads,

Version 0.116of Game of Treeshas been released (and the portupdated):

In a recent blog post When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, Rafael Sadowski (rsadowski@) takes a deep dive into an infrequently mentioned feature of our favorite operating system: file immutability and the chflags command. From the article:

In -current,the struct underlyingstdio(3)'sFILE typehas beenmade opaque, with library versions bumps across the board:

Inaseriesofcommits,Anthony J Bentley (bentley@)modified the system so that font caching runs asdedicated (unprivileged) user, "_fc-cache".fc-cache(1)has been usingpledge(2)since May.

Job Snijders (job@)has added (to -current) a new utility,watch(1),for periodically executing a command and displaying its output.TheIIJ'siwatchwas initiallyimportedback in May, and has beenreworked substantiallybefore beinglinked to the build.

Yes, you read that right:KDE 6.4.0 Plasmais now in OpenBSD packages.This was made possible by the efforts of Rafael Sadowski (rsadowski@) with the help of several others.The news was announced 2025-07-04 via afediverse postand of course thecommit messageitself, where the description reads

News from the Exotic Silicon front:Crystal Kolipe posted anupdateto misc@, saying

In afediverse poston 2025-07-04,the Game of Trees Hubannounced that they will be taking signups for repository hosting:

Version 0.115of Game of Treeshas been released (and the portupdated):

Version 0.114of Game of Treeshas been released (and the portupdated):

In a fediverse post,Stefan Sperling (stsp@) asks for testing of a potential fixfor a problem affecting a number of network interface drivers(namely bge,bnx,iavf,igc,ix,ixl,ngbe andpcn),pointing to amessageon tech@ with the subjectbge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix that reads

Fresh from the recently concludedj2k25 hackathon comes this report from Klemens Nanni (kn@), who writes:

In some cases, the currentdhcpd(8)is not quite as reliable as one would want in providing the requesteddata to the actual requestor.After some rounds of discussion and experimentation,David Gwynne (dlg@) is circulating adiffon tech@ that switches the daemon to useUDPsockets instead ofbpf.The motivation is summarized as,

In a long series ofcommits,Robert Nagy (robert@)updatedclang(1)/llvm/lld(1)in -current to version 19.1.7 (from version 16.0.6):

Kristaps Dzonsons(known formandoc(1),rpki-client(8),and much more)has written an article,Source code sandboxing,on sandboxingfrom the perspective of developers.It compares the facilities available under severaloperating systems, and requests relevantcontributions.As Undeadly readers might expect, OpenBSD'spledge(2)andunveil(2)receive favourable appraisal.Kristaps' article refers toSandboxing Adoption in Open Source Ecosystems,an academic article published on the subject.[In 2016, Undeadly publishedKristaps Dzonsons on pledge(2).]

Following adiscussion on tech@[initiated by a post with patch from Ted Unangst (tedu@)],the"TearFree" option has beenbackportedto the xenocaramodesetting(4)driver in -current:

Rafael Sadowski (rsadowski@),OpenBSD developer and prolific blogger,has been looking into file system performance optimizations on our favoriteoperating system, and is now sharing his tips and tricks inFFS optimizations with dirhash on his blog. He leads in with a TL;DR:

Version 0.113of Game of Treeshas been released (and the portupdated):