OpenBSD 7.9 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.9 (dropping the "-beta"):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/13 11:22:23

Modified files:
	sys/conf       : newvers.sh 

Log message:
move out of -beta

For those unfamiliar with the process:
this is not the 7.9 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Every spring and autumn, the routing world can expect a new OpenBGPD release, and this time is no exception.

The OpenBGPD project have announced the availability of their newest release, version 9.1, with the following announcement:

List:       openbsd-announce
Subject:    OpenBGPD 9.1 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2026-04-13 14:37:12

We have released OpenBGPD 9.1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

Version 0.124 of Game of Trees has been released (and the port updated):

• make the chroot path directive in gotwebd.conf actually work
• fix a segfault in tog while using the & search feature
• plug a tree object leak in the gotd repo_write process
• fix gotd wrongly complaining about a missing gotsys.conf in pack files
• expand tabs in log messages displayed by tog diff to prevent misalignment
• prevent non-root users from blocking gotctl reload requests
• plug a memory leak in got-read-commit
• allow UTF-8 in gotsys.conf site owner names and repository descriptions
• reject non-UTF-8-encoded reference names in gotsys.conf
• make gotwebd display logged-in usernames in case of group-membership auth

The GotHub OpenBSD mirror mentioned in our report on the previous GoT release is now linked from the OpenBSD main page.

Bogus security bug reports generated by large language model (LLM) tool use are a well known irritant and time sink for open source projects.

As a consequence of one such report, Theo de Raadt (deraadt@) committed a change to pfsync(4) to rename an otherwise unused field in the pfsync(4) packet header.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2026-04-12 3:16:04

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/11 21:16:04

Modified files:
	sys/net        : if_pfsync.c if_pfsync.h 

Log message:
The pfcksum[] field in the pfsync packet header is not a hash of the
packet.  It provides absolutely no security benefits, keep reading to
find out.

As we approach the 60th OpenBSD release: 7.9, the OpenSSH project has released OpenSSH 10.3.

From the Release notes:

Regular readers will be aware that Miod Vallat (miod@) is documenting the adventures of porting OpenBSD to various architectures in his OpenBSD Stories collection.

The latest addition is OpenBSD on Motorola 88000 processors, where the first two of a planned total of nine chapters have been published.

The first chapter, The Forsaken RISC Architecture, takes us through some background and pre-history of the architecture.

The second chapter, A New Hope, gives insight into the early porting efforts.

We very much look forward to seeing the further chapters of the OpenBSD on Motorola 88000 processors saga.

David Leadbeater (dgl@) posted to ports@ a message, entitled Pledge changes in 7.9-beta, which explains the consequences for porters of the recent pledge(2)/unveil(2) changes in -current (and, to some extent, 7.8). Whilst targeted at porters, it provides a good overview for anyone interested in the changes.

The message reads:

OpenBSD's PF packet filter has long supported HFSC traffic shaping with the queue rules in pf.conf(5). However, an internal 32-bit limitation in the HFSC service curve structure (struct hfsc_sc) meant that bandwidth values were silently capped at approximately 4.29 Gbps, ” the maximum value of a u_int ".

With 10G, 25G, and 100G network interfaces now commonplace, OpenBSD devs making huge progress unlocking the kernel for SMP, and adding drivers for cards supporting some of these speeds, this limitation started to get in the way. Configuring bandwidth 10G on a queue would silently wrap around, producing incorrect and unpredictable scheduling behaviour.

A new patch widens the bandwidth fields in the kernel's HFSC scheduler from 32-bit to 64-bit integers, removing this bottleneck entirely. The diff also fixes a pre-existing display bug in pftop(1) where bandwidth values above 4 Gbps would be shown incorrectly.

In a move that would have gone unnoticed by most but will be appreciated by OpenBSD/amd64 laptop users, Mark Kettenis (kettenis@) committed support for delayed hibernation with the new machdep.hibernatedelay sysctl

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Mark Kettenis <<ettenis () cvs ! openbsd ! org>
Date:       2026-03-11 16:18:42

CVSROOT:	/cvs
Module name:	src
Changes by:	kettenis@cvs.openbsd.org	2026/03/11 10:18:42