The long spring (or fall) wait is over, the OpenBSD project today formally released OpenBSD 7.1, the 52nd release of our favorite open source operating system.

As usual, the release page lists the main highlights of the new release, which include

• OpenBSD/arm64 contains greatly improved support for Apple M1 systems [See earlier article].
• loongson platform retired.
• Many improvements to wireless networking. iwm(4) and iwx(4) have gained 80MHz channel support [See earlier article]. mtw(4), a driver for MediaTek MT7601U Wi-Fi devices, was added [See earlier article].
• Utility realpath(1) has been added.
• httpd(8) gained support for customised error pages and pre-compressed gzip files.
• Sysctl hw.perfpolicy is now set to auto by default at startup.
• igc(4), a driver for Intel 2.5Gb Ethernet controllers, has been added.
• Mouse tracking is now disabled by default in xterm(1). Setting X resource allowMouseOps to true reinstates the earlier behaviour.
• OpenSSH has been updated to version 9.0 [See earlier article].
  • This includes support for ssh-agent restriction [See earlier article].
  • Post-quantum KEX algorithm sntrup761x25519-sha512@openssh.com is now the default.
  • sftp(1) client has gained a "cp" command that supports server-side copying of files (using the new "copy-data" protocol extension).
• The login class capability database now supports /etc/login.conf.d/${class}, and this is used by the ports system.
• Base now includes (optional) support for minimal runtime detection of undefined behaviour. As described in clang-local(1), this requires use of clang(1)'s -fsanitize-minimal-runtime flag.

The new release supports 13 distinct hardware platforms with thousands of prebuilt packages for all platforms.

If you want to delve further into the details before (or while, after) installing or upgrading to the new release, the detailed changelog has all the details. Those upgrading from the 7.0 release (or earlier) should consult the Upgrade Guide.

If you enjoy this release, please remember to donate to the project as a way of saying thanks to the developers for their work.

Claudio Jeker (claudio@) has just announced the release of OpenBGPD 7.3. He writes:

We have released OpenBGPD 7.3, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Macro expansion in the config file is improved. It is now possible
      to expand 'set large-community $myAS:$location:$transit'.

    * Add initial FIB support for Linux. Routes can be added and removed.
      Nexthop tracking and dynamic interface detection are not yet implemented. 

    * Major refactoring in the RIB codebase to add multipath support in
      an upcoming release.

OpenBGPD-portable is known to compile and run on FreeBSD, and
the Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Version 9.0 of OpenSSH has been released. Notable changes include:

• scp(1) uses the SFTP protocol by default.
• ssh(1)/sshd(8) use the "sntrup761x25519-sha512@openssh.com" post-quantum key exchange (KEX) algorithm by default.
• ssh-agent restriction [See earlier article] is supported.
• The sftp(1) client has gained a "copy"/"cp" command that supports server-side copying of files (using the new "copy-data" protocol extension).

OpenBSD 7.1 will include the new release.

In a message to tech@ (and arm64@), Mark Kettenis (kettenis@) wrote:

It has taken a while, but I'm pleased to announce that OpenBSD/arm64
works well enough on Apple M1 systems for some wider testing.  A major
milestone was reached with the release of the Asahi Linux installer:

  https://asahilinux.org/2022/03/asahi-linux-alpha-release/

This provides an easy way to add UEFI "firmware" to your Apple M1
machine which is required to boot OpenBSD/arm64.  The basic steps are:
[…]

Hrvoje Popovski writes in with some result from his performance tests, like he did a few years ago:

I've tested Alexander Bluhm's (bluhm@) parallel ip forwarding diff and i've got some nice results. Readers should be aware that bluhm@'s diff sets NET_TASKQ=4 which means that forwarding will use 4 CPU threads and that this diff will affect only network cards that have multiqueue support (at the time of writing those cards are ix(4), ixl(4), and mcx(4). In my tests I was sending 14Mpps UDP packet over ix(4) interfaces which have 16 queues:

ix0 at pci10 dev 0 function 0 "Intel 82599" rev 0x01, msix, 16 queues
ix1 at pci10 dev 0 function 1 "Intel 82599" rev 0x01, msix, 16 queues

OpenBSD box is Supermicro AS-1114S-WTRT with 24 x AMD EPYC 7413 24-Core Processor, 2650.37 MHz CPUs so this box is nice to test those 16 queues.

For undeadly readers, our Errata column on the right side of the web site automatically updates and as of March 15th, 2022 some of you may have already noticed that there is a new security fix related to LibreSSL. Salient excerpt from the release notes as follows:

"* A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google."

Subsequently, LibreSSL 3.5.1 (the development branch for those tracking -current/7.1-beta), 3.4.3 (the stable branch for those tracking 7.0-release) and 3.3.6 (the last supported branch for those stragglers still on OpenBSD 6.9) have been released!

Please see https://www.libressl.org/releases.html for more details and release notes specific to each version. It appears that the same bug was present in OpenSSL and has been fixed there too.

Following a request-for-testing thread on tech@, Stefan Sperling (stsp@) has committed some IEEE 802.11ac support to iwx(4):

CVSROOT:	/cvs
Module name:	src
Changes by:	stsp@cvs.openbsd.org	2022/03/14 09:08:50

Modified files:
	sys/dev/pci    : if_iwx.c if_iwxreg.h if_iwxvar.h 

Log message:
Add initial support for 802.11ac (VHT) to the iwx(4) driver.

This makes it possible to use 80MHz channels and VHT-specific MCS.
Other 11ac features remain disabled for now.

Tested:
ax200: Matthias Schmidt, phessler, dv, kevlo, Joel Carnat, hrvoje, jmc, stsp
ax201: mlarkin, stsp
iwm (regression testing): stsp

As always, thanks Stefan!

James Hastings (hastings@) has committed mtw(4), a driver for MediaTek MT7601U USB Wi-Fi devices:

CVSROOT:	/cvs
Module name:	src
Changes by:	hastings@cvs.openbsd.org	2021/12/20 06:59:02

Added files:
	sys/dev/ic     : mtwreg.h 
	sys/dev/usb    : if_mtw.c if_mtwvar.h 

Log message:
Add mtw(4), a driver for MediaTek MT7601U wifi devices.

Ported from run(4) with legacy chipsets removed.
Not yet enabled in the build.

ok stsp@ jmatthew@

As of February 24th, 2022, LibreSSL's development branch has been updated to version 3.5.0.

The complete release notes may be viewed here:

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt

There is a lot there which would be best to read in its entirety rather than attempting to summarize here. However, for the sake of emphatic repetition and encouragement from the community at large, this quote seems salient and worth sharing:

This is a development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.