Due to hardware failure, the machine hosting undeadly has gone down last week. Thanks to the kind and swift help from OpenBSD.amsterdam, we're now back online. We will source new hardware for the original machine and hopefully move back again soon.

The LibreSSL project has announced the release of version 4.3.1 of the software:

We have released LibreSSL 4.3.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.

This is a development release for the 4.3.x branch, so we appreciate
early testing and feedback. There will be no further API and ABI changes
on the 4.3 branch.

It includes a build fix from 4.3.0 and the following changes:

Jonathan Gray (jsg@) updated the version of OpenBSD -current from "7.9" to "7.9-current".

Those running the latest-and-greatest [via a sufficiently new snapshot or built from source] no longer need to use "-D snap" with pkg_add(1) (and pkg_info(1)).

Routing security matters to all of us (even those of us who seldom give the subject any thought), and the rpki-client project announced the release of a new version of their Resource Public Key Infrastructure (RPKI) client, with a number of improvements.

The announcement reads,

List:       openbsd-announce
Subject:    rpki-client 9.8 released
From:       Sebastian Benoit <benno () openbsd ! org>
Date:       2026-04-14 23:20:42


rpki-client 9.8 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon. It is recommended
that all users upgrade to this version for improved reliability.

We're a little late reporting it but…

The familiar safeguard sysctl hw.smt is now deprecated, having been replaced by a more flexible mechanism which allows discriminating between different varieties of core type.

First, Theo de Raadt (deraadt@) enabled the mechanism for OpenBSD/amd64 in this commit:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/03/31 10:46:22

Modified files:
	sys/sys        : sched.h sysctl.h 
	sys/kern       : kern_sched.c kern_sysctl.c 
	sys/arch/amd64/amd64: identcpu.c machdep.c 
	sys/arch/amd64/include: cpu.h 
	lib/libc/sys   : sysctl.2 

Log message:
Some new intel machines have a new 3rd tier of cpus called LP-E which are
E-core (Atom) without L3 cache.  These v are Lethargic, and it sucks
when processes migrate to them.

OpenBSD 7.9 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.9 (dropping the "-beta"):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/13 11:22:23

Modified files:
	sys/conf       : newvers.sh 

Log message:
move out of -beta

For those unfamiliar with the process:
this is not the 7.9 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Every spring and autumn, the routing world can expect a new OpenBGPD release, and this time is no exception.

The OpenBGPD project have announced the availability of their newest release, version 9.1, with the following announcement:

List:       openbsd-announce
Subject:    OpenBGPD 9.1 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2026-04-13 14:37:12

We have released OpenBGPD 9.1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

Version 0.124 of Game of Trees has been released (and the port updated):

• make the chroot path directive in gotwebd.conf actually work
• fix a segfault in tog while using the & search feature
• plug a tree object leak in the gotd repo_write process
• fix gotd wrongly complaining about a missing gotsys.conf in pack files
• expand tabs in log messages displayed by tog diff to prevent misalignment
• prevent non-root users from blocking gotctl reload requests
• plug a memory leak in got-read-commit
• allow UTF-8 in gotsys.conf site owner names and repository descriptions
• reject non-UTF-8-encoded reference names in gotsys.conf
• make gotwebd display logged-in usernames in case of group-membership auth

The GotHub OpenBSD mirror mentioned in our report on the previous GoT release is now linked from the OpenBSD main page.

Bogus security bug reports generated by large language model (LLM) tool use are a well known irritant and time sink for open source projects.

As a consequence of one such report, Theo de Raadt (deraadt@) committed a change to pfsync(4) to rename an otherwise unused field in the pfsync(4) packet header.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2026-04-12 3:16:04

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/11 21:16:04

Modified files:
	sys/net        : if_pfsync.c if_pfsync.h 

Log message:
The pfcksum[] field in the pfsync packet header is not a hash of the
packet.  It provides absolutely no security benefits, keep reading to
find out.