The LibreSSL project has announced the release of versions 3.6.3 and 3.7.3, and (development) version 3.8.0 of the software.

The announcement for versions 3.6.3 and 3.7.3 reads:

We have released LibreSSL 3.6.3 and 3.7.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

They include the following fixes:

  * Bug fix
    - Hostflags in the verify parameters would not propagate from an
      SSL_CTX to newly created SSL.
  * Reliability fix
    - A double free or use after free could occur after SSL_clear(3).

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

The announcement for version 3.8.0 reads:

Thanks to the following commit by Todd Miller (millert@), cron(8) now supports random values in a range with a step value (i.e. "<lo>~<hi>/<step>" in crontab(5) entries):

CVSROOT:	/cvs
Module name:	src
Changes by:	millert@cvs.openbsd.org	2023/05/06 17:06:27

Modified files:
	usr.sbin/cron  : crontab.5 entry.c macros.h 

Log message:
Support random offsets when using ranges with a step value in cron.
This extends the random range syntax to support step values.  Instead
of choosing a random number between the high and low values, the
field is treated as a range with a random offset less than the step
value.  This can be used to avoid thundering herd problems where
multiple machines contact a server all at the same time via cron jobs.

The syntax is similar to the existing range/step syntax but uses a
random range.  For example, instead of "0-59/10" in the minutes
field, "0~59/10" can be used to run a command every 10 minutes where
the first command starts at a random offset in the range [0,9].
The high and low numbers are optional, "~/10" can be used instead.

Requested by job@, OK phessler@

The OpenBSD project has released a new version of OpenBGPD, the OpenBSD Border Gateway Protocol (BGP) routing daemon, version 8.0. The announcement reads,

From: Claudio Jeker <claudio () openbsd ! org>
Date: Thu, 04 May 2023 16:24:30 +0000
To: openbsd-announce
Subject: OpenBGPD 8.0 released

We have released OpenBGPD 8.0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

Version 8.4 of rpki-client has been released, with a number of improvements and new features:

rpki-client 8.4 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of BGP announcements. The program queries the
global RPKI repository system and validates untrusted network inputs.
The program outputs validated ROA payloads, BGPsec Router keys, and
ASPA payloads in configuration formats suitable for OpenBGPD and BIRD,
and supports emitting CSV and JSON for consumption by other routing
stacks.

Version 0.88 of Game of Trees has been released (and the port updated):

* got 0.88; 2023-04-29
  see git repository history for per-change authorship information
- tog: always use alternate charset for vertical/horizontal line
- several tog regression test suite improvements
- run the tog tests as part of the default regress set
- tog: resize log view if toggling fullscreen from child view
- when finding changed paths iterate tree entries in on-disk order for speed
- cache fulltext data in delta cache to improve speed with long delta chains
- gotwebd: fix logic error in gotweb_render_index

Dave Voutila (dv@) has added another feature to virtualisation on OpenBSD. Thanks to the following commit, it is now possible for the owners of virtual machines to override the boot kernel:

Dave Voutila (dv@) committed a change which brings a multi-process model to vmd(8), enhancing both security and performance:

CVSROOT:	/cvs
Module name:	src
Changes by:	dv@cvs.openbsd.org	2023/04/27 16:47:27

Modified files:
	usr.sbin/vmd   : Makefile dhcp.c vioqcow2.c vioraw.c virtio.c 
	                 virtio.h vm.c vmd.c vmd.h vmm.c 
Added files:
	usr.sbin/vmd   : vioblk.c vionet.c 

Log message:
vmd(8): introduce multi-process model for virtio devices.

Isolate virtio network and block device emulation in dedicated
processes, forked and exec'd from the vm process. This allows for
tightening pledge promises to just "stdio".

Communication between the vcpu's and these devices now occurs via
imsg channels, which adds the benefit of not always blocking the
vcpu thread while emulating the device.

Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console.

CVSROOT:	/cvs
Module name:	src
Changes by:	jcs@cvs.openbsd.org	2023/04/20 13:28:31

Modified files:
	share/man/man4 : Makefile 
	sys/arch/amd64/conf: GENERIC 
	sys/arch/arm64/conf: GENERIC RAMDISK 
	sys/dev/pv     : files.pv virtio.c virtioreg.h 
	sys/dev/wscons : wsconsio.h 
Added files:
	share/man/man4 : viogpu.4 
	sys/dev/pv     : viogpu.c viogpu.h 

Log message:
add viogpu, a VirtIO GPU driver

works enough to get a console on qemu with more work to come from
others

feedback from miod
ok patrick

Great stuff! This moves us closer to having a fully functional wscons console on virtual machines in those specific environments too. We will be watching further development closely.

Version 0.87 of Game of Trees has been released (and the port updated):

* got 0.87; 2023-04-19
  see git repository history for per-change authorship information
- add gitwrapper(1)
- tog: resume blame and diff search from the first line
- fix crash in got log due to NULL-deref in got_object_blob_close
- add support for protecting references against 'got send -f' to gotd
- fix spurious empty packfile error from gotd when rewinding a branch
- tog: implement automated test harness
- update the base commit ID of unmodified files if the blob ID matches
- fix rebase/histedit -a leaving some files on the temporary branch
- make 'got revert' and 'got rm' work on non-existent directories
- got: flush stdout before printing the error in main()
- when aborting rebase/histedit/merge, unlink files added by merged changes
- fix 'got commit' using a bad parent commit ID when worktree is out-of-date
- allow no-op merge commits to be created
- fix sending merge commits
- show how to fetch a pull request in got.1 pull request example section

A highlight of this release is the addition of gitwrapper(1), a utility facilitating co-existence with git.