OpenBSD Journal

Veteran OpenBSD developer Miod Vallat (miod@) has written another deep dive article on porting our favorite operating system to a new platform and maintaining the code, this time the OpenBSD/hppa platform.The piece titled The scariest boot loader code certainly lives up to the title!If you're the right type of person, you will know to set aside a goodly chunk of time for this piece.

The OpenBGPD project have announced their new release, OpenBGPD 9.0. The announcement reads,

Thanks to acommitby Andrew Hewus Fresh (afresh1@),fw_update(8)now checksthe output of [runtime]dmesg(8)in addition to the [boot-time] file/var/run/dmesg.boot.The commit message explains the rationale:

In a fascinating retrospective titled The story of Propolice, longtime OpenBSD developer Miod Vallat (miod@) tells the story of the early stack protection work on OpenBSD. This is also part of the early history of OpenBSD development, when Miod relates that the project

OpenBSD developer Job Snijders (job@) has updated therpki-client websiteto indicate the OpenBSD-associated project needs to raise[a total of] 300,000before the start of 2026 to continue work.If your company uses rpki-client, please consider working to arrange a donation!

In -current,Theo de Raadt (deraadt@) hasstartedthe transition to support for 52 disk partitions(on a subset of hardware architectures):

David Gwynne (dlg@) hasintroducedsource and state limiters,which provide a massive increase in the flexibilyof pf traffic limiting:

Several recent commits have improvedsysupgrade(8)handling of low free disk space in /usr:Firstly, Stuart Henderson (sthen@)modifiedthe installer to increase free space prior to installing:

Following the previous reverted attempt[see earlier report],Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromiumandungoogled-chromiumports.The iridiumport can be expected to follow on next update.Note that:

Omar Polo (op@) hasannouncedthat OpenSMTPD 7.8.0p0 has been released.Read on for salient changes from the release announcement:Read more...

Brent Cook hasannouncedthat LibreSSL4.1.2 and 4.2.1 have been released.Therelease notesread:Read more...

Would it be useful for our system security to let daemons use thebpf(4)interface to filter on the sockets they handle?In a recentmessageto tech@ titledbpf filtering on arbitrary sockets,Damien Miller (djm@) presents a preliminary patch and explains,

As some readers tell us whenever they have the chance, the veb(4) virtual Ethernet bridge device is an OpenBSD feature that can make certain setups a lot more manageable than otherwise possible.Now David Gwynne (dlg@) is fielding a patch on tech@ that would make veb(4) even more capable, by making the device vlan(4) aware.In the message to tech@, David explains:

The OpenBSD project hasannouncedOpenBSD 7.8,its 59 release.The new releasecontains a number of significant improvements, including but certainlynot limited to:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

Followinga discussionon ports@,Robert Nagy (robert@)committed VA-API[hardware-assisted video- see previous report]support to thechromium,iridium,and ungoogled-chromiumports.Note that:

The project to implementWPA3 support for OpenBSD 802.11 wirelesshas now been funded by a grant from the NLNet Foundation.The work is to be carried out by Stefan Sperling (stsp@) and Chirpy Software.The announcement states,

The LibreSSL project has announced their latest release LibreSSL 4.2.0, with numerous improvements. The release announcement reads,

Cranking up the heat for the upcoming OpenBSD 7.8 release, the OpenSSH project has issued OpenSSH 10.2. This is a bugfix release that supersedes the previously announced OpenSSH 10.1 in time for the general release.From therelease notes:

Jonathan Gray (jsg@) updated the versionofOpenBSD-currentfrom "7.8"to "7.8-current".Those running the latest-and-greatest[via a sufficiently new snapshot or built from source]no longer need to use"-D snap" withpkg_add(1)(andpkg_info(1)).

The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.The release was marked by a very unobtrusive sequence of www commits, with the first saying simply

Version 0.120of Game of Treeshas been released (and the portupdated):

LibreSSL version 4.1.1 and 4.0.1 have been released.The 4.1.1 release notes read:Read more...

Version 0.119of Game of Treeshas been released (and the port updated):Read more...

TheOpenBSD7.8 release cycle is entering its final phases...With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.8(dropping the "-beta"):

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

Claudio Jeker (claudio@)announcedthe release of version 8.9 ofOpenBGPD,the OpenBSD project'sBorder Gateway Protocol (BGP) daemon:

The OpenBSD projecthasannouncedthe release ofversion 9.6of rpki-client:Read more...

The BSDCan 2025 video playlist is now complete and available on bothPeertubeand Youtube.The OpenBSD focused talks are as follows:

Withthis commit,the development slows into release-mode preparing for the 7.8 release of OpenBSD.The commit message reads,

Version 0.118of Game of Treeshas been released (and the portupdated):

OpenBSD -currenthas gainedinitial support for theRaspberry Pi 5:

Rafael Sadowski (rsadowski@)completed updatesto C++ libraries in -current:

YubikeyOTPsupport has been disabled in -current.Thecommit messageexplains the rationale:

OpenSSHwill now adapt IP QoS to actual sessions and traffic.In a freshcommit,Damien Miller (djm@) introduced a significant change,which enables sshand sshdto set the IP QoS based on what connectionsand sessions are active.The commit message says,

Version 0.117of Game of Treeshas been released (and the portupdated):

In a recententryon his blog,OpenBSDdeveloper Ted Unangst (tedu@) asks,is OpenBSD 10x faster than Linux?.He explains,

OpenBSD users and aficionados are more likely than others to be familiar with the concept ofgreytrapping(the nastier kid sister ofgreylisting),as implemented via the OpenBSDspamd(8)spammer taunting software.The feature has now been around for 18 years, andundeadly.org co-editor Peter Hansteenfound that and another milestone to be a good reason to write a retrospective:

We have long been aware that OpenBSDand OpenSSHin general are at the very forefront of cryptography engineering.A recent data point here is that Damien Miller (djm@) justcommitteda newOpenSSH Post-Quantum CryptographyFAQ page to theOpenSSH web site:

A new opportunity for you to help improve the upcomingOpenBSD 7.8 release has turned up.If YOU have a USB webcam you are using or would like to use with our favorite operating system, Kirill Korinsky (kirill@) would like to hear from you after testing recent snapshots.Kirill'smessageto misc@ reads:

Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@)recently added a couple of notable features to OpenSSH:Read more...

The WiFI802.11standards are a gnarly lot, and checking for compatibility of the various sub-specifications has been known to drive even seasonedOpenBSD developers to the brink of distraction.Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying

Much longed for by some, remembered as a quaint memory by other greybeards,the classicCommon Desktop Environment(CDE) is being added to the ports collection. The initial commit message reads,

Version 0.116of Game of Treeshas been released (and the portupdated):

In a recent blog post When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, Rafael Sadowski (rsadowski@) takes a deep dive into an infrequently mentioned feature of our favorite operating system: file immutability and the chflags command. From the article:

In -current,the struct underlyingstdio(3)'sFILE typehas beenmade opaque, with library versions bumps across the board:

Inaseriesofcommits,Anthony J Bentley (bentley@)modified the system so that font caching runs asdedicated (unprivileged) user, "_fc-cache".fc-cache(1)has been usingpledge(2)since May.

Job Snijders (job@)has added (to -current) a new utility,watch(1),for periodically executing a command and displaying its output.TheIIJ'siwatchwas initiallyimportedback in May, and has beenreworked substantiallybefore beinglinked to the build.

Yes, you read that right:KDE 6.4.0 Plasmais now in OpenBSD packages.This was made possible by the efforts of Rafael Sadowski (rsadowski@) with the help of several others.The news was announced 2025-07-04 via afediverse postand of course thecommit messageitself, where the description reads