Feed openbsd-journal OpenBSD Journal

Favorite IconOpenBSD Journal

Link http://undeadly.org/
Feed http://undeadly.org/cgi?action=rss
Updated 2025-08-29 01:16
C++ library update in -current
Rafael Sadowski (rsadowski@)completed updatesto C++ libraries in -current:
Yubikey OTP support disabled in -current
YubikeyOTPsupport has been disabled in -current.Thecommit messageexplains the rationale:
OpenSSH will now adapt IP QoS to actual sessions and traffic
OpenSSHwill now adapt IP QoS to actual sessions and traffic.In a freshcommit,Damien Miller (djm@) introduced a significant change,which enables sshand sshdto set the IP QoS based on what connectionsand sessions are active.The commit message says,
Game of Trees 0.117 released
Version 0.117of Game of Treeshas been released (and the portupdated):
is OpenBSD 10x faster than Linux? (tedu@)
In a recententryon his blog,OpenBSDdeveloper Ted Unangst (tedu@) asks,is OpenBSD 10x faster than Linux?.He explains,
Eighteen Years of Greytrapping Retrospective Published
OpenBSD users and aficionados are more likely than others to be familiar with the concept ofgreytrapping(the nastier kid sister ofgreylisting),as implemented via the OpenBSDspamd(8)spammer taunting software.The feature has now been around for 18 years, andundeadly.org co-editor Peter Hansteenfound that and another milestone to be a good reason to write a retrospective:
Post-Quantum Cryptography Advice Added to OpenSSH Website
We have long been aware that OpenBSDand OpenSSHin general are at the very forefront of cryptography engineering.A recent data point here is that Damien Miller (djm@) justcommitteda newOpenSSH Post-Quantum CryptographyFAQ page to theOpenSSH web site:
Call for testing: USB webcams
A new opportunity for you to help improve the upcomingOpenBSD 7.8 release has turned up.If YOU have a USB webcam you are using or would like to use with our favorite operating system, Kirill Korinsky (kirill@) would like to hear from you after testing recent snapshots.Kirill'smessageto misc@ reads:
Recent new features in OpenSSH
Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@)recently added a couple of notable features to OpenSSH:Read more...
Call for testing: Improved 802.11g AP compatibility check
The WiFI802.11standards are a gnarly lot, and checking for compatibility of the various sub-specifications has been known to drive even seasonedOpenBSD developers to the brink of distraction.Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying
Classic CDE (Common Desktop Environment) coming to OpenBSD
Much longed for by some, remembered as a quaint memory by other greybeards,the classicCommon Desktop Environment(CDE) is being added to the ports collection. The initial commit message reads,
Game of Trees 0.116 released
Version 0.116of Game of Treeshas been released (and the portupdated):
When Root Meets Immutable: OpenBSD chflags vs. Log Tampering
In a recent blog post When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, Rafael Sadowski (rsadowski@) takes a deep dive into an infrequently mentioned feature of our favorite operating system: file immutability and the chflags command. From the article:
stdio(3) change: FILE is now opaque
In -current,the struct underlyingstdio(3)'sFILE typehas beenmade opaque, with library versions bumps across the board:
Font caching no longer runs as root
Inaseriesofcommits,Anthony J Bentley (bentley@)modified the system so that font caching runs asdedicated (unprivileged) user, "_fc-cache".fc-cache(1)has been usingpledge(2)since May.
watch(1) utility added to -current
Job Snijders (job@)has added (to -current) a new utility,watch(1),for periodically executing a command and displaying its output.TheIIJ'siwatchwas initiallyimportedback in May, and has beenreworked substantiallybefore beinglinked to the build.
KDE Plasma 6.4 has landed in OpenBSD
Yes, you read that right:KDE 6.4.0 Plasmais now in OpenBSD packages.This was made possible by the efforts of Rafael Sadowski (rsadowski@) with the help of several others.The news was announced 2025-07-04 via afediverse postand of course thecommit messageitself, where the description reads
Blink and you'll miss it! 4096 colours and flashing text on the console!
News from the Exotic Silicon front:Crystal Kolipe posted anupdateto misc@, saying
Game of Trees Hub now taking signups for repository hosting
In afediverse poston 2025-07-04,the Game of Trees Hubannounced that they will be taking signups for repository hosting:
Game of Trees 0.115 released
Version 0.115of Game of Treeshas been released (and the portupdated):
Game of Trees 0.114 released
Version 0.114of Game of Treeshas been released (and the portupdated):
Call for testing: bge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix
In a fediverse post,Stefan Sperling (stsp@) asks for testing of a potential fixfor a problem affecting a number of network interface drivers(namely bge,bnx,iavf,igc,ix,ixl,ngbe andpcn),pointing to amessageon tech@ with the subjectbge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix that reads
j2k25 hackathon report from kn@: installer, low battery, and more
Fresh from the recently concludedj2k25 hackathon comes this report from Klemens Nanni (kn@), who writes:
dhcpd(8): use UDP sockets instead of BPF
In some cases, the currentdhcpd(8)is not quite as reliable as one would want in providing the requesteddata to the actual requestor.After some rounds of discussion and experimentation,David Gwynne (dlg@) is circulating adiffon tech@ that switches the daemon to useUDPsockets instead ofbpf.The motivation is summarized as,
clang(1)/llvm/lld(1) updated to version 19
In a long series ofcommits,Robert Nagy (robert@)updatedclang(1)/llvm/lld(1)in -current to version 19.1.7 (from version 16.0.6):
Source code sandboxing
Kristaps Dzonsons(known formandoc(1),rpki-client(8),and much more)has written an article,Source code sandboxing,on sandboxingfrom the perspective of developers.It compares the facilities available under severaloperating systems, and requests relevantcontributions.As Undeadly readers might expect, OpenBSD'spledge(2)andunveil(2)receive favourable appraisal.Kristaps' article refers toSandboxing Adoption in Open Source Ecosystems,an academic article published on the subject.[In 2016, Undeadly publishedKristaps Dzonsons on pledge(2).]
TearFree option backported to modesetting(4) driver
Following adiscussion on tech@[initiated by a post with patch from Ted Unangst (tedu@)],the"TearFree" option has beenbackportedto the xenocaramodesetting(4)driver in -current:
FFS optimizations with dirhash, as blogged by rsadowski@
Rafael Sadowski (rsadowski@),OpenBSD developer and prolific blogger,has been looking into file system performance optimizations on our favoriteoperating system, and is now sharing his tips and tricks inFFS optimizations with dirhash on his blog. He leads in with a TL;DR:
Game of Trees 0.113 released
Version 0.113of Game of Treeshas been released (and the portupdated):
Installing *BSD in 2025 part 2 – A critical look at OpenBSD’s installer
In a multi-part article, kraileth reviews the installers of various BSD operating systems.Part 2covers OpenBSD:
j2k25 - OpenBSD Hackathon Japan 2025 (rsadowski@)
Fresh from the just concludedj2k25 hackathonin Nara, Japan, Rafael Sadowski (rsadowski@) has published his report on his blog:
Making openat(2) and friends more useful in practice
Reining in file system access is hard to get right, even forOpenBSD developers. In a message to tech@ titledopenat(2) is mostly useless, sadlyTheo de Raadt (deraadt@) describes how theopenat(2)family of system calls has failed to live up to expectations in practice,and he proposes changes that may improve the situation.Theo writes,
Adventures in read-only softraid
Recently, Crystal Kolipe found that attachingsoftraidvolumes as read-only devices did not work.Then what to do?Fix the code and make it work, of course!The full story is available asStay, (write), protected!",taking us through the steps of adding a feature toOpenBSD. Enjoy!
New profiling subsystem committed to -current
A new profiling subsystem is now in OpenBSD-current, from the hands of none other than Theo de Raadt (deraadt@) himself.A longish sequence of commitsintroducedthechangesincrementally,with asummary as follows:
Call for testing: em(4) TX interrupt mitigation
Are you an OpenBSD user with a low power device such as aPC EnginesAPU2,with one or moreem(4)network interfaces?Darren Tucker (dtucker@) has a new diff out that may be of use to you,posted in amessageto tech@:
EdgeRouter 4 under OpenBSD with Failover WAN
Kirill A. Korinsky (kirill@)writes in with hisguideto setting up anEdgeRouter 4withOpenBSD/octeonto provide a failover gateway/router setup:
erspan(4) committed to -current
erspan(4),the ERSPAN collection driver created byDavid Gwynne (dlg@)[and about which we recentlyreported]has beencommittedto the tree:
Game of Trees 0.112 released
Version 0.112of Game of Treeshas been released (and the portupdated):
OpenSMTPD 7.7.0p0 released
Omar Polo (op@) hasannouncedthe release of version 7.7.0p0 ofOpenSMTPD:
erspan(4): ERSPAN Type II collection
Our favorite operating system is in the process of aquiring Encapsulated Remote Switch Port Analyzer (ERSPAN) support, in the form of a new virtual network interface, dubbed erspan(4).An early version of the code, but possibly close to being ready for further development in-tree waspresentedby David Gwynne (dlg@) in amessage to tech@:
Improved ACPI WMI support (may be) incoming
Over on tech@, Ted Unangst (tedu@) isairinga patch to introduce better support ACPI WMI,looking for tests and comments:
Optimisation of parallel TCP input
Alexander Bluhm (bluhm@) hascommittedchanges which eliminate contentionby caching the socket lock in TCP input:
bpflogd(8) imported into -current
Following its recent introduction on tech@[See earlier article],David Gwynne (dlg@)hascommittedbpflogd(8)to the tree:
LLDP daemon and tool committed to -current
Following its recent introduction on tech@[See earlier article],David Gwynne (dlg@)hascommittedlldpd(8)to the tree:
DSA signature support removed from OpenSSH
Damien Miller (djm@) hascompletedthe planned[See previousarticles]removal of DSA signature support from OpenSSH:
Call for testing: Last bits of DSA to be removed from OpenSSH
In a message to tech@ with the subject"die DSA die", Damien Miller (djm@) presents a diff that will remove the last bits of DSA support from OpenSSH:
ssh: listener sockets relocated from /tmp to ~/.ssh/agent
A longdiscussionon tech@(initiated by asuggestion/patch from Jesper Wallin)has culminated in Damien Miller (djm@)committingchanges which increase security by taking advantage of the use ofunveil(2)elsewhere in the OpenBSD ecosystem:
The installer now prefers disks over 1GB
Klemens Nanni (kn@) hascommittedthe his proposed change[Seeprevious article]such that theOpenBSD installer now prefers disks over 1GBwhen prompting for the root disk.The commit message explains the change:
Call for testing and comment: Make the installer prefer >1G disks
You can tell it's right after a release is cut when new ideas are fielded in patches to tech@.One such small but potentially important change that is being aired now is achangeto the installer to suggest the larger one when several disks are available. Klemens Nanni (kn@) describes the motivation for the change as
Call for Testing: Parallel fault handler
In apostto tech@,Martin Pieuchot (mpi@)has requested testing of a diff (against -current) to enablerunning the upper part of the fault handler in parallel:
12345678910...