* got 0.94; 2023-11-29 see git repository history for per-change authorship information
We have released OpenIKED 7.3, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.
CVSROOT: /cvs Module name: src Changes by: email@example.com 2023/11/11 11:01:31 Log message: import of llvm from LLVM 16.0.6 Status: Vendor Tag: LLVM Release Tags: LLVM_16_0_6 U src/gnu/llvm/llvm/.clang-format U src/gnu/llvm/llvm/.clang-tidy U src/gnu/llvm/llvm/.gitattributes […] U src/gnu/llvm/llvm/utils/vscode/llvm/syntaxes/ll.tmLanguage.yaml U src/gnu/llvm/llvm/utils/yaml-bench/CMakeLists.txt U src/gnu/llvm/llvm/utils/yaml-bench/YAMLBench.cpp 67 conflicts created by this import. Use the following command to help the merge: cvs checkout -jLLVM:yesterday -jLLVM src/gnu/llvm/llvm
Naturally, this has involved supporting work elsewhere in base, and in ports.
Brent Cook (
We have released LibreSSL 3.8.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release for the 3.8.x branch, also available with OpenBSD 7.4
There is a pretty disruptive amd64 snapshot coming, so anyone who is using snapshots for critical stuff should take a pause. (This warning about a development step is unusual, I won't make it common practice).
Of course, on non-critical amd64 systems running snapshots, this is a good opportunity to test (and report any problems).
op@) has announced the release of OpenSMTPD 7.4.0p0. The announcement reads,
Subject: OpenSMTPD 7.4.0p0 Released From: Omar Polo <op () openbsd ! org> Date: 2023-10-25 7:33:43 OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases. It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX. The archives are now available from the main site at www.OpenSMTPD.org
Otto Moerbeek (
the author of OpenBSD's
[a.k.a. "otto malloc"],
has written a
tutorial on the new
malloc(3) leak detection available in OpenBSD 7.4
Read it at: OpenBSD's built-in memory leak detection
Since the publication of that write-up, Otto has committed further enhancements:
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2023/10/22 06:19:26 Modified files: lib/libc/stdlib: malloc.3 malloc.c Log message: When option D is active, store callers for all chunks; this avoids the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@
The new release contains a number of innovations and improvements across a number of areas, including
- Mandatory enforcement of indirect branch targets [See earlier report].
viogpu(4), a VirtIO GPU driver [See earlier report].
vmd(8)has moved to a multi-process model for
virtio(4)block and network devices [See earlier report].
- Virtual machine owners can now override the boot kernel [See earlier report].
malloc(3)now has built-in leak detection [See earlier report]. Chunk sizes are now fine-grained, and all chunks in the delayed free list are checked for write-after-free.
- In LibreSSL 3.8.2, TLSv1.0 and TLSv 1.1 are disabled in
libssl. Ed25519 certificates are now supported in
- In OpenSSH 9.5,
ssh-kengen(1)generates Ed25519 keys by default. Keystroke timing obfuscation has been added to
ssh(1)[See earlier report]. The fingerprint of a newly generated host key is printed on first boot [See commit].
cron(8)now supports random ranges with steps [See earlier report].
reboot(8)now require membership of group
_shutdown[See earlier report].
sec(4)for Route Based IPSec VPNs [See earlier reports].
- Soft updates (softdep) have been disabled for future VFS work [See earlier report].
- There has been a major rewrite of
pfsync(4)[See earlier report].
- AMD processor microcode update is now supported [See earlier report].
ifconfig(8)has a new
wgdescr[iption]option which allows labelling peers.
as well as the general churn of optimizations and fixes across the system.
As always, the release is available for download from mirror sites all over the world; be sure to pick one that is near you, network-wise! Those upgrading from the 7.3 release (or earlier) should consult the Upgrade Guide.
Thanks again to the developers for the dedicated effort that went into producing this new release!