OpenBSD 7.8 Released

Contributed by rueda on 2025-10-11 from the noble-puffy-prize dept.

The OpenBSD project has announced OpenBSD 7.8, its 59^th release.

The new release contains a number of significant improvements, including but certainly not limited to:

Preliminary support for Raspberry Pi 5 added [See earlier report]
New profiling subsystem [See earlier report]
TCP input now runs in parallel [See earlier report]
Parallel TCP input has been optimised [See earlier report]
vmm(4)/vmd(8) now support SEV-ES on AMD processors
vmd(8) send/receive functionality was removed [See commit]
watch(1) utility added [See earlier report]
New acpiwmi(4) driver for ACPI Windows Management Instrumentation (WMI) [See earlier report]
New EFI boot(8) "machine fwsetup" command for rebooting into the firmware user interface
The installer now prefers disks over 1GB [See earlier report]
rc.d(8) and rcctl(8) gained "-q" options [See commits]
Font caching no longer runs as root [See earlier report]
New erspan(4) driver for ERSPAN Type II collection [See earlier report]
LLDP daemon and tool have been added [See earlier report]
bpflogd(8) has been added [See earlier report]
pkg_add -u no longer advises file removal [See earlier report]
Yubikey OTP support disabled [See earlier report]
acme-client(1) now supports draft-ietf-acme-profiles-00 specifications for certificate profiles, such as those offered by Let's Encrypt - see acme-client.conf(5) "profile" keyword
TearFree option backported to modesetting(4) driver [See earlier report]
libpng has been bundled into libfreetype for improved font rendering [See commits]
stdio(3)'s FILE is now opaque [See earlier report]
clang(1)/llvm/lld(1) updated to version 19 [See earlier report]
C++ library updated [See earlier report]
OpenSMTPD 7.7.0p0 [See earlier report]
LibreSSL 4.2.0[See earlier report]
OpenSSH 10.2 [See earlier reports on releases of versions 10.2 & 10.1]:
- ssh-agent(1) and sshd(8) listener sockets moved from /tmp to under ~/.ssh/agent [See earlier report]
- DSA signature support removed [See earlier report]
- New ssh(1) configuration directive, RefuseConnection [See earlier report]
- It is now possible to use Ed25519 keys hosted on PKCS#11 tokens [See earlier report]
- ssh(1) now issues a warning when the connection negotiates a non-post-quantum key agreement algorithm
- OpenSSH will now adapt IP QoS to actual sessions and traffic [See earlier report]

See the full changelog for more details of the changes made over this latest six month development cycle.

The Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8).

Readers are encouraged to celebrate the new release by donating to the project to support further development of our favourite OS!

1 comment (8:00 ago)

In `-current`, `chromium` (and derivatives) now have VA-API support

Contributed by rueda on 2025-10-18 from the smooth-and-cool dept.

Following a discussion on ports@, Robert Nagy (robert@) committed VA-API [hardware-assisted video - see previous report] support to the chromium, iridium, and ungoogled-chromium ports.

Note that:

Updated (binary) packages for amd64 are just starting to become available.
Intel GPUs requires ports graphics/intel-media-driver [and/]or graphics/intel-vaapi-driver.
~~Firefox already has VA-API support.~~

Update:
Now disabled again. Plus, we were wrong about Firefox. Thanks for the comments!

2 comments (1d19:15 ago)

WPA3 support for OpenBSD 802.11 wireless funded by NLNet Foundation

Contributed by Peter N. M. Hansteen on 2025-10-16 from the WiFi all chirpy dept.

The project to implement WPA3 support for OpenBSD 802.11 wireless has now been funded by a grant from the NLNet Foundation.

The work is to be carried out by Stefan Sperling (stsp@) and Chirpy Software.

The announcement states,

This project delivers the second open-source implementation of WPA3, the current industry standard for Wi-Fi encryption, specifically for the OpenBSD operating system. Its code can also be integrated by other operating systems to enable modern Wi-Fi encryption, thereby enhancing the diversity and resilience of the global IT ecosystem.

The project has an October 2025 start date, which likely means that work to implement even better Wi-Fi support in our favorite operating system is already under way. Read more from the announcement at the NLNet Foundation website.

We look forward to seeing the tangible results in future commits!

No comments

LibreSSL 4.2.0 Released

Contributed by Peter N. M. Hansteen on 2025-10-14 from the TLS SSLithers out dept.

The LibreSSL project has announced their latest release LibreSSL 4.2.0, with numerous improvements. The release announcement reads,

List:       openbsd-announce
Subject:    LibreSSL 4.2.0 Released
From:       Brent Cook <busterb () gmail ! com>
Date:       2025-10-14 14:19:28

We have released LibreSSL 4.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 4.2.x branch, also to be available with OpenBSD 7.8

It includes the following changes from LibreSSL 4.1.0:

OpenSSH 10.2 released

Contributed by Peter N. M. Hansteen on 2025-10-10 from the SSH! A more perfect 10 dept.

Cranking up the heat for the upcoming OpenBSD 7.8 release, the OpenSSH project has issued OpenSSH 10.2.

This is a bugfix release that supersedes the previously announced OpenSSH 10.1 in time for the general release.

From the release notes:

Changes since OpenSSH 10.1
==========================

This is a bugfix release, primarily to fix a problem that rendered
ssh(1) unusable when ControlPersist was enabled.

OpenBSD `-current` is now "`7.8-current`"

Contributed by rueda on 2025-10-02 from the no^Wsomething-to-see-here dept.

Jonathan Gray (jsg@) updated the version of OpenBSD -current from "7.8" to "7.8-current".

Those running the latest-and-greatest [via a sufficiently new snapshot or built from source] no longer need to use "-D snap" with pkg_add(1) (and pkg_info(1)).

No comments

OpenSSH 10.1 released

Contributed by Peter N. M. Hansteen on 2025-10-06 from the SSH! silently released dept.

The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.

The release was marked by a very unobtrusive sequence of www commits, with the first saying simply

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: www
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-10-06 7:11:57

CVSROOT:	/cvs
Module name:	www
Changes by:	djm@cvs.openbsd.org	2025/10/06 01:11:57

Added files:
	openssh/txt    : release-10.1 

Log message:
openssh-10.1 release notes

which points to the OpenSSH 10.1 release notes, giving a fuller description of the new release.

If you're running -current or jumping snapshot to snapshot, you should already be running code equal to or very close to this.

No comments

Game of Trees 0.120 released

Contributed by rueda on 2025-10-04 from the again-and-again-and dept dept.

Version 0.120 of Game of Trees has been released (and the port updated):

disable gotwebd authentication if it is not enabled in /etc/gotwebd.conf

ensure that GOTWEBD_LOGIN_TIMEOUT is used consistently at build time

prevent date-specific gotsysd regress failures due to asctime_r whitespace

make gotwebd refuse to start up if the _gotwebd user is root

make gotwebd warn if the webserver's user is set to root in /etc/gotwebd.conf

add /etc/gotwebd.conf parameters for hiding repositories

reject bad hostnames provided to the gotsh weblogin command

allow gotwebd to optionally display a login hint when authentication fails

No comments

LibreSSL 4.1.1 and 4.0.1 released

Contributed by grey on 2025-10-01 from the errata, a CVE, bug fixes and version bumps, oh my dept.

LibreSSL version 4.1.1 and 4.0.1 have been released.

The 4.1.1 release notes read:

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

Wed, Oct 01
- 13:22 Game of Trees 0.119 released (0)
- 04:40 OpenBSD -current has moved to version 7.8 (0)
Fri, Sep 26
- 14:16 OpenBGPD 8.9 released (1)
Mon, Sep 22
- 06:13 rpki-client 9.6 released (0)
Fri, Sep 12
- 12:49 Full BSDCan 2025 video playlist(s) available (2)
Thu, Sep 11
- 04:59 OpenBSD enters 7.8-beta (1)
Wed, Sep 10
- 04:59 Game of Trees 0.118 released (0)
Wed, Sep 03
- 06:42 Preliminary support for Raspberry Pi 5 (0)
Fri, Aug 22
- 17:15 C++ library update in -current (0)

OpenBSD Errata

OpenBSD 7.8

None yet

OpenBSD 7.7

010	2025-09-30 SECURITY Fix out-of-bounds read and write, memory leaks and incorrect error check for CMS enveloped data.
009	2025-09-30 SECURITY In libexpat fix denial of service due to memory exhaustion. CVE-2025-59375 CVE-2024-8176
008	2025-07-01 RELIABILITY TIOCUCNTL ioctl(2) could crash the kernel if called with a non-file argument.
007	2025-07-01 SECURITY Previous fix for X11 server was incomplete. CVE-2025-49176
006	2025-06-17 SECURITY Multiple X11 server issues. CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
005	2025-06-17 RELIABILITY In acme-client(1), handle as yet unobserved "processing" state when fetching an issued certificate by retrying instead of giving up.

OpenBSD Resources

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve:

Options are available.

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]