The OpenSSH project has announced their latest release, OpenSSH 10.0.

The announcement and release notes read:

OpenSSH 10.0/10.0p1 (2025-04-09)

OpenSSH 10.0 was released on 2025-04-09. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Potentially-incompatible changes
--------------------------------

 * This release removes support for the weak DSA signature
   algorithm, completing the deprecation process that began in
   2015 (when DSA was disabled by default) and repeatedly warned
   over the last 12 months.

If you have ever been irked by having to enter a sequence of sysctl(8) commands to achieve things like enabling forwarding for IPv4 and IPv6 both, help is at hand.

In a recent commit, Klemens Nanni (kn@) added functionality to have the classic command read multiple settings from a file:

Subject:    CVS: cvs.openbsd.org: src
From:       Klemens Nanni <kn () cvs ! openbsd ! org>
Date:       2025-04-05 14:09:06
Message-ID: f3c322a675a4cd33 () cvs ! openbsd ! org
[Download RAW message or body]

CVSROOT:	/cvs
Module name:	src
Changes by:	kn@cvs.openbsd.org	2025/04/05 08:09:06

Modified files:
	sbin/sysctl    : sysctl.8 sysctl.c 

Log message:
Add [-f file] to apply sysctl.conf in one go

We (undeadly.org editors) had not noticed ourselves, but Will Backman wrote in about the news that some OpenBSD code -- openrsync -- had been made available to a wider audience, courtesy of Apple:

"While Apple has been updating the rsync 2.6.9 command line tool it shipped with macOS as needed in response to security issues and other problems, the fact remains that Apple’s version of rsync up until macOS Sequoia was almost twenty years old and did not include any of the new features introduced in rsync versions which came after version 2.6.9."

"Now with macOS Sequoia, Apple has replaced rsync 2.6.9 with openrsync, an implementation of rsync which is not using any version of the GPL open source license."

You can read more at https://derflounder.wordpress.com/2025/04/06/rsync-replaced-with-openrsync-on-macos-sequoia/

The editors can confirm that on a fully updated Mac, man rsync will reveal that rsync is indeed the OpenBSD openrsync.

The OpenBSD 7.7 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.7 (dropping the "-beta"):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/03/30 14:43:36

Modified files:
	sys/conf       : newvers.sh 

Log message:
head out of -beta to 7.7

For those unfamiliar with the process:
this is not the 7.7 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Hitherto, fw_update(8) has gathered system information largely from /var/run/dmesg.boot (on the host on which it is invoked).

Andrew Hewus Fresh (afresh1@) has committed a change which allows specifying an arbitrary dmesg file. The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	afresh1@cvs.openbsd.org	2025/03/21 18:33:34

Modified files:
	usr.sbin/fw_update: fw_update.8 fw_update.sh 

Log message:
Allow using a different dmesg for driver detection

This also solves an issue that jmc@ was having with installing
downloaded firmware. (thanks for reporting)

It also adjusts detecting the OpenBSD version from the dmesg
instead of from sysctl while still allowing sysupgrade to override.

I see two main uses for this, the first being downloading firmware
to be used on a machine that doesn't have access to download for
itself.  The other would be for testing detection of devices in a
dmesg for a machine you don't have or that is hard to test such as
from the installer.

This is a very welcome change indeed!

At least one of the editors (and we suspect several of our readers) would have saved quite a bit of time while installing our favourite operating system on hardware that requires firmware that for some reason is not included in the install media, such as some recent-ish laptops.

It's that time of the year again. With the following commit, Theo de Raadt (deraadt@) changed the version of the OpenBSD development branch to 7.7-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/03/01 12:44:07

Modified files:
	sys/sys        : param.h 
	distrib/sets/lists/base: md.alpha md.hppa md.landisk md.luna88k 
	                         md.sparc64 
	distrib/sets/lists/comp: gcc.alpha gcc.hppa gcc.landisk 
	                         gcc.luna88k gcc.sparc64 
	etc/root       : root.mail 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	sys/conf       : newvers.sh 
	usr.bin/signify: signify.1 

Log message:
move to 7.7-beta

7.7-beta snapshots can be expected on the OpenBSD mirrors soon.

As always, this change should encourage testing and donation!

Version 0.110 of Game of Trees has been released (and the port updated):

• fix an endless loop in got-read-pack (regression from 0.109)
• change gotwebd diff algorithm from Myers to Patience diff
• gotd regress depends on p5-Net-Daemon now due to an added test case

Version 0.109 of Game of Trees has been released (and the port updated):

• fix gotd failing to protect references when the client sends an empty pack
• during pack generation, fix exclusion of commits via an ancestor commit
• fix a bogus "received unexpected privsep message" error from gotsh
• fix diffstat path order bug in field width computation
• gotwebd: preserve 'folder=' parameter when following More links

The OpenBGPD project (essentially a subproject of the OpenBSD project), have released their latest work in the OpenBGPD 8.8 release.

The release announcement reads,

Subject:    OpenBGPD 8.8 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2025-02-06 19:59:43

We have released OpenBGPD 8.8, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Improve default multiproto capability announcement selection.
      The default MP capability is only set if no other capability is
      configured on the neighbor.

    * The `reject as-set` configuration option now defaults to yes.
      Route announcements with AS_SET segments in the AS_PATH Attribute
      will be rejected. See draft-ietf-idr-deprecate-as-set-confed-set
      for more information.