Hitherto, fw_update(8) has gathered system information largely from /var/run/dmesg.boot (on the host on which it is invoked).

Andrew Hewus Fresh (afresh1@) has committed a change which allows specifying an arbitrary dmesg file. The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	afresh1@cvs.openbsd.org	2025/03/21 18:33:34

Modified files:
	usr.sbin/fw_update: fw_update.8 fw_update.sh 

Log message:
Allow using a different dmesg for driver detection

This also solves an issue that jmc@ was having with installing
downloaded firmware. (thanks for reporting)

It also adjusts detecting the OpenBSD version from the dmesg
instead of from sysctl while still allowing sysupgrade to override.

I see two main uses for this, the first being downloading firmware
to be used on a machine that doesn't have access to download for
itself.  The other would be for testing detection of devices in a
dmesg for a machine you don't have or that is hard to test such as
from the installer.

This is a very welcome change indeed!

At least one of the editors (and we suspect several of our readers) would have saved quite a bit of time while installing our favourite operating system on hardware that requires firmware that for some reason is not included in the install media, such as some recent-ish laptops.

It's that time of the year again. With the following commit, Theo de Raadt (deraadt@) changed the version of the OpenBSD development branch to 7.7-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/03/01 12:44:07

Modified files:
	sys/sys        : param.h 
	distrib/sets/lists/base: md.alpha md.hppa md.landisk md.luna88k 
	                         md.sparc64 
	distrib/sets/lists/comp: gcc.alpha gcc.hppa gcc.landisk 
	                         gcc.luna88k gcc.sparc64 
	etc/root       : root.mail 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	sys/conf       : newvers.sh 
	usr.bin/signify: signify.1 

Log message:
move to 7.7-beta

7.7-beta snapshots can be expected on the OpenBSD mirrors soon.

As always, this change should encourage testing and donation!

Version 0.110 of Game of Trees has been released (and the port updated):

• fix an endless loop in got-read-pack (regression from 0.109)
• change gotwebd diff algorithm from Myers to Patience diff
• gotd regress depends on p5-Net-Daemon now due to an added test case

Version 0.109 of Game of Trees has been released (and the port updated):

• fix gotd failing to protect references when the client sends an empty pack
• during pack generation, fix exclusion of commits via an ancestor commit
• fix a bogus "received unexpected privsep message" error from gotsh
• fix diffstat path order bug in field width computation
• gotwebd: preserve 'folder=' parameter when following More links

The OpenBGPD project (essentially a subproject of the OpenBSD project), have released their latest work in the OpenBGPD 8.8 release.

The release announcement reads,

Subject:    OpenBGPD 8.8 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2025-02-06 19:59:43

We have released OpenBGPD 8.8, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Improve default multiproto capability announcement selection.
      The default MP capability is only set if no other capability is
      configured on the neighbor.

    * The `reject as-set` configuration option now defaults to yes.
      Route announcements with AS_SET segments in the AS_PATH Attribute
      will be rejected. See draft-ietf-idr-deprecate-as-set-confed-set
      for more information.

Version 0.108 of Game of Trees has been released (and the port updated):

• add ssh -i identity-file support to commands which use the network
• make 'got import' output independent of readdir(3) entry order
• avoid full file content comparisons in 'got status' for speed
• tog: fix NULL deref when log view T keymap is used on worktree entry
• tog: fix a deadlock (hang) in the log view implementation
• tog: plug a memory leak
• tog: do not exit if a tag pointing at a non-commit is selected in ref view
• tog: do not mark an incorrect base commit in nested log views
• tog: fix NULL deref when scrolling small tree views down
• tog: avoid showing a negative log view entry index
• tog: do not apply a pointless count modifier to the H, &, p keymaps
• tog: do not make users wait for the worktree diff to quit out of tog
• gotwebd: make parent process drop root privileges
• gotwebd: drop read access to /var/www from parent process
• gotwebd: rename "socket" processes to "server"
• gotadmin cleanup: pack the repository before removing objects
• gotadmin cleanup: do not delete directly referenced trees and blobs
• gotadmin cleanup: do not delete objects reachable via nested tags
• regress: skip test memleak_send_basic in sha256 mode; expected to fail
• regress: make seq(1) invocations portable to fix test failures on linux
• regress/gotwebd: implement paginated commits test

There's also a toot which mentions some ongoing work.

As announced by Job Snijders on the FediVerse rpki-client 9.4 has been released.

The complete release notes from https://cdn.openbsd.org/pub/OpenBSD/rpki-client/rpki-client-9.4.txt are below:

Version 0.107 of Game of Trees has been released (and the port updated):

• gotwebd.css styling tweaks
• hide ssh debug output during fetch/send -v, keep showing it at -vv and -vvv
• discern mixed-commit worktree diffs with commit ID headers
• gotwebd: avoid printf("%s", NULL) when path parameter is not in query
• implement a regression test harness for gotwebd
• fix free() called with bogus pointer in 'got fetch'; regression from 0.106
• ensure config privsep children get collected upon error to prevent zombies
• fix some fprintf(3) failure checks
• gotwebd: replace strftime(3) with asctime_r(3) for the sake of consistency
• tweak gotwebd log message levels, and log requests in verbose (-v) mode
• prevent out-of-bounds read during gotwebd fcgi record debugging
• implement tog work tree diff support via log view and CLI
• improve error reporting when 'got patch' encounters malformed patches
• improve got_opentemp_named_fd error reporting by showing the path template
• add ssh -J jumphost support to got and cvg commands which use the network
• add regression tests checking for memory leaks with Otto malloc and ktrace
• got tag: change -s signer to -S signer
• got tag: provide one-line output mode via new -s option
• tog: use wtimeout(3) instead of nodelay(3) to honour our display refresh rate
• switch got_pathlist data store from TAILQ to RB-tree
• plug many memory leaks, some of which affected gotwebd in particular

There has long been some concern in the networking communities, particularly the routing security part, about the use of very long lived Trust Anchor (TA) certificates in routing infrastructure.

Today Job Snijders (job@) commited code to rpki-client(8) to implement a gradual phase in of a stricter policy on TA certificates lifetimes.

The commit message reads,

Subject:    CVS: cvs.openbsd.org: src
From:       Job Snijders <job () cvs ! openbsd ! org>
Date:       2024-12-18 16:38:40


CVSROOT:	/cvs
Module name:	src
Changes by:	job@cvs.openbsd.org	2024/12/18 09:38:40

Modified files:
	usr.sbin/rpki-client: cert.c 

Log message:
Schedule future rejection of ultra long-lived TA certificates

The RPKI ecosystem suffers from a partially unmitigated risk related to
long-lived Trust Anchor certificate issuances.