In a move that would have gone unnoticed by most but will be appreciated by OpenBSD/amd64 laptop users, Mark Kettenis (kettenis@) committed support for delayed hibernation with the new machdep.hibernatedelay sysctlThe commit message reads,
In an unusually extensive commit, Jonathan Gray (jsg@) has upgraded the drm(4) (Direct Rendering Manager) subsystem in OpenBSD-current.Coming at this point in the development cycle, this foreshadows what will be in the upcoming OpenBSD 7.9 release (yes, we're aware that link does not work yet).Also worth noting is Jonathan's note in the commit message,
You may have heard already that afourth editionofThe Book of PF was on the way.It is now shipping, and when author andundeadly.orgco-editor Peter Hansteen finally got his author copies,he wrote a blog post titledThe Book of PF, 4th Edition: It's Here, It's Real.Like Peter says in the article, we would like to encourage readers who can afford it, tosupportthe OpenBSD project.And there are pictures, of the book and the resident philosopher.
Some readers will be aware that Miod Vallat (miod@) has been chronicling some of the more challenging parts of OpenBSD development in his OpenBSD stories collection for a while now.The latest entry is the full OpenBSD on SGI: a rollercoaster story, which is also available in six parts,A missed opportunity, 1988-1998
A long standing and somewhat odd conflict between two OpenBSD security mechanisms, pledge(2) and unveil(2) has been resolved by eliminating the tmppath promise from what pledge(2) offers.The commit by Theo de Raadt (deraadt@) comes with an explanation in the commit message, which reads
Dave Voutila (dv@)has continued his work on movingvmd(8)to a multi-process model.(Undeadlyfirst reportedon this in 2023.)This time thevirtio scsi device has beenconverted to a subprocess:
In a move likely to be welcomed by users of streamingvideo services,Robert Nagy (robert@)hasadded aport forOpenWV (a free andopen-source reimplementation ofGoogle's WidevineCDM),andenabledits use with the chromium port:Read more...
Seasoned networkers will know to tell you that legacy IPv4 and modern IPv6 are, in fact, not directly compatible, and shipping traffic between IPv4 and IPv6 networks requires address family translation. On our favorite operating system and its siblings, that special case has been handled via the af-to option and special case rules since back in the OpenBSD 5.1 days.But that special case has always felt a bit awkward to some, and now David Gwynne (dlg@) is airing a patch on tech@ with a view to making af-to "less magical".In the message titled pf: make af-to less magical, David explains the motivation,
Seasoned networkers will know to tell you that legacy IPv4 and modern IPv6 are, in fact, not directly compatible, and shipping traffic between IPv4 and IPv6 network requires address family translation. On our favorite operating system and its siblings, that special case has been handled via the af-to option and special case rules since back in the OpenBSD 5.1 days.But that special case has always felt a bit awkward to some, and now David Gwynne (dlg@) is airing a patch on tech@ with a view to making af-to "less magical".In the message titled pf: make af-to less magical, David explains the motivation,
Following a recent series of commits by Helg Bredow (helg@) and Stefan Fritsch (sf@), OpenBSD/arm64 now works as a guest operating system under the Apple Hypervisor.The commits read
With these two commits, Mike Larkin (mlarkin@) set the stage for, and next up, bumped the maximum number of processors supported on OpenBSD/amd64 from 64 to 255.The first commit message reads,
Veteran OpenBSD developer Miod Vallat (miod@) has written another deep dive article on porting our favorite operating system to a new platform and maintaining the code, this time the OpenBSD/hppa platform.The piece titled The scariest boot loader code certainly lives up to the title!If you're the right type of person, you will know to set aside a goodly chunk of time for this piece.
Thanks to acommitby Andrew Hewus Fresh (afresh1@),fw_update(8)now checksthe output of [runtime]dmesg(8)in addition to the [boot-time] file/var/run/dmesg.boot.The commit message explains the rationale:
In a fascinating retrospective titled The story of Propolice, longtime OpenBSD developer Miod Vallat (miod@) tells the story of the early stack protection work on OpenBSD. This is also part of the early history of OpenBSD development, when Miod relates that the project
OpenBSD developer Job Snijders (job@) has updated therpki-client websiteto indicate the OpenBSD-associated project needs to raise[a total of] 300,000before the start of 2026 to continue work.If your company uses rpki-client, please consider working to arrange a donation!
Several recent commits have improvedsysupgrade(8)handling of low free disk space in /usr:Firstly, Stuart Henderson (sthen@)modifiedthe installer to increase free space prior to installing:
Following the previous reverted attempt[see earlier report],Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromiumandungoogled-chromiumports.The iridiumport can be expected to follow on next update.Note that:
Would it be useful for our system security to let daemons use thebpf(4)interface to filter on the sockets they handle?In a recentmessageto tech@ titledbpf filtering on arbitrary sockets,Damien Miller (djm@) presents a preliminary patch and explains,
As some readers tell us whenever they have the chance, the veb(4) virtual Ethernet bridge device is an OpenBSD feature that can make certain setups a lot more manageable than otherwise possible.Now David Gwynne (dlg@) is fielding a patch on tech@ that would make veb(4) even more capable, by making the device vlan(4) aware.In the message to tech@, David explains:
The OpenBSD project hasannouncedOpenBSD 7.8,its 59 release.The new releasecontains a number of significant improvements, including but certainlynot limited to:
Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:
Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:
Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:
The project to implementWPA3 support for OpenBSD 802.11 wirelesshas now been funded by a grant from the NLNet Foundation.The work is to be carried out by Stefan Sperling (stsp@) and Chirpy Software.The announcement states,
Cranking up the heat for the upcoming OpenBSD 7.8 release, the OpenSSH project has issued OpenSSH 10.2. This is a bugfix release that supersedes the previously announced OpenSSH 10.1 in time for the general release.From therelease notes:
Jonathan Gray (jsg@) updated the versionofOpenBSD-currentfrom "7.8"to "7.8-current".Those running the latest-and-greatest[via a sufficiently new snapshot or built from source]no longer need to use"-D snap" withpkg_add(1)(andpkg_info(1)).
The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.The release was marked by a very unobtrusive sequence of www commits, with the first saying simply
TheOpenBSD7.8 release cycle is entering its final phases...With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.8(dropping the "-beta"):
OpenBSD Journal