OpenBSD Journal

Version 0.121of Game of Treeshas been released (and the portupdated):Read more...

In a move likely to be welcomed by users of streamingvideo services,Robert Nagy (robert@)hasadded aport forOpenWV (a free andopen-source reimplementation ofGoogle's WidevineCDM),andenabledits use with the chromium port:Read more...

Seasoned networkers will know to tell you that legacy IPv4 and modern IPv6 are, in fact, not directly compatible, and shipping traffic between IPv4 and IPv6 networks requires address family translation. On our favorite operating system and its siblings, that special case has been handled via the af-to option and special case rules since back in the OpenBSD 5.1 days.But that special case has always felt a bit awkward to some, and now David Gwynne (dlg@) is airing a patch on tech@ with a view to making af-to "less magical".In the message titled pf: make af-to less magical, David explains the motivation,

Seasoned networkers will know to tell you that legacy IPv4 and modern IPv6 are, in fact, not directly compatible, and shipping traffic between IPv4 and IPv6 network requires address family translation. On our favorite operating system and its siblings, that special case has been handled via the af-to option and special case rules since back in the OpenBSD 5.1 days.But that special case has always felt a bit awkward to some, and now David Gwynne (dlg@) is airing a patch on tech@ with a view to making af-to "less magical".In the message titled pf: make af-to less magical, David explains the motivation,

Following a recent series of commits by Helg Bredow (helg@) and Stefan Fritsch (sf@), OpenBSD/arm64 now works as a guest operating system under the Apple Hypervisor.The commits read

With these two commits, Mike Larkin (mlarkin@) set the stage for, and next up, bumped the maximum number of processors supported on OpenBSD/amd64 from 64 to 255.The first commit message reads,

The rkpi-client project has made a new release, rkpi-client 9.7, available with important new features and bug fixes.The announcement reads,

The rkpi-client project has made a new release, rkpi-client 9-7, available with important new features and bug fixes.The announcement reads,

David Gwynne (dlg@)has removed LACP mode from thetrunk(4) network driver.Thecommit messageexplains the reasoning:

Veteran OpenBSD developer Miod Vallat (miod@) has written another deep dive article on porting our favorite operating system to a new platform and maintaining the code, this time the OpenBSD/hppa platform.The piece titled The scariest boot loader code certainly lives up to the title!If you're the right type of person, you will know to set aside a goodly chunk of time for this piece.

The OpenBGPD project have announced their new release, OpenBGPD 9.0. The announcement reads,

Thanks to acommitby Andrew Hewus Fresh (afresh1@),fw_update(8)now checksthe output of [runtime]dmesg(8)in addition to the [boot-time] file/var/run/dmesg.boot.The commit message explains the rationale:

In a fascinating retrospective titled The story of Propolice, longtime OpenBSD developer Miod Vallat (miod@) tells the story of the early stack protection work on OpenBSD. This is also part of the early history of OpenBSD development, when Miod relates that the project

OpenBSD developer Job Snijders (job@) has updated therpki-client websiteto indicate the OpenBSD-associated project needs to raise[a total of] 300,000before the start of 2026 to continue work.If your company uses rpki-client, please consider working to arrange a donation!

In -current,Theo de Raadt (deraadt@) hasstartedthe transition to support for 52 disk partitions(on a subset of hardware architectures):

David Gwynne (dlg@) hasintroducedsource and state limiters,which provide a massive increase in the flexibilyof pf traffic limiting:

Several recent commits have improvedsysupgrade(8)handling of low free disk space in /usr:Firstly, Stuart Henderson (sthen@)modifiedthe installer to increase free space prior to installing:

Following the previous reverted attempt[see earlier report],Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromiumandungoogled-chromiumports.The iridiumport can be expected to follow on next update.Note that:

Omar Polo (op@) hasannouncedthat OpenSMTPD 7.8.0p0 has been released.Read on for salient changes from the release announcement:Read more...

Brent Cook hasannouncedthat LibreSSL4.1.2 and 4.2.1 have been released.Therelease notesread:Read more...

Would it be useful for our system security to let daemons use thebpf(4)interface to filter on the sockets they handle?In a recentmessageto tech@ titledbpf filtering on arbitrary sockets,Damien Miller (djm@) presents a preliminary patch and explains,

As some readers tell us whenever they have the chance, the veb(4) virtual Ethernet bridge device is an OpenBSD feature that can make certain setups a lot more manageable than otherwise possible.Now David Gwynne (dlg@) is fielding a patch on tech@ that would make veb(4) even more capable, by making the device vlan(4) aware.In the message to tech@, David explains:

The OpenBSD project hasannouncedOpenBSD 7.8,its 59 release.The new releasecontains a number of significant improvements, including but certainlynot limited to:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

The project to implementWPA3 support for OpenBSD 802.11 wirelesshas now been funded by a grant from the NLNet Foundation.The work is to be carried out by Stefan Sperling (stsp@) and Chirpy Software.The announcement states,

The LibreSSL project has announced their latest release LibreSSL 4.2.0, with numerous improvements. The release announcement reads,

Cranking up the heat for the upcoming OpenBSD 7.8 release, the OpenSSH project has issued OpenSSH 10.2. This is a bugfix release that supersedes the previously announced OpenSSH 10.1 in time for the general release.From therelease notes:

Jonathan Gray (jsg@) updated the versionofOpenBSD-currentfrom "7.8"to "7.8-current".Those running the latest-and-greatest[via a sufficiently new snapshot or built from source]no longer need to use"-D snap" withpkg_add(1)(andpkg_info(1)).

The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.The release was marked by a very unobtrusive sequence of www commits, with the first saying simply

Version 0.120of Game of Treeshas been released (and the portupdated):

LibreSSL version 4.1.1 and 4.0.1 have been released.The 4.1.1 release notes read:Read more...

Version 0.119of Game of Treeshas been released (and the port updated):Read more...

TheOpenBSD7.8 release cycle is entering its final phases...With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.8(dropping the "-beta"):

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

The OpenBSD projecthasannouncedthe release ofversion 9.6of rpki-client:Read more...

The BSDCan 2025 video playlist is now complete and available on bothPeertubeand Youtube.The OpenBSD focused talks are as follows:

Withthis commit,the development slows into release-mode preparing for the 7.8 release of OpenBSD.The commit message reads,

Version 0.118of Game of Treeshas been released (and the portupdated):

OpenBSD -currenthas gainedinitial support for theRaspberry Pi 5:

Rafael Sadowski (rsadowski@)completed updatesto C++ libraries in -current:

YubikeyOTPsupport has been disabled in -current.Thecommit messageexplains the rationale:

OpenSSHwill now adapt IP QoS to actual sessions and traffic.In a freshcommit,Damien Miller (djm@) introduced a significant change,which enables sshand sshdto set the IP QoS based on what connectionsand sessions are active.The commit message says,

Version 0.117of Game of Treeshas been released (and the portupdated):

In a recententryon his blog,OpenBSDdeveloper Ted Unangst (tedu@) asks,is OpenBSD 10x faster than Linux?.He explains,

OpenBSD users and aficionados are more likely than others to be familiar with the concept ofgreytrapping(the nastier kid sister ofgreylisting),as implemented via the OpenBSDspamd(8)spammer taunting software.The feature has now been around for 18 years, andundeadly.org co-editor Peter Hansteenfound that and another milestone to be a good reason to write a retrospective:

We have long been aware that OpenBSDand OpenSSHin general are at the very forefront of cryptography engineering.A recent data point here is that Damien Miller (djm@) justcommitteda newOpenSSH Post-Quantum CryptographyFAQ page to theOpenSSH web site:

A new opportunity for you to help improve the upcomingOpenBSD 7.8 release has turned up.If YOU have a USB webcam you are using or would like to use with our favorite operating system, Kirill Korinsky (kirill@) would like to hear from you after testing recent snapshots.Kirill'smessageto misc@ reads: