OpenSSH 10.4/10.4p1 released!
Contributed by grey on from the PQ now with draft-miller ML-DSA 44 and Ed25519 support dept.
OpenBSD Journal
Contributed by grey on from the PQ now with draft-miller ML-DSA 44 and Ed25519 support dept.
relayd(8) and httpd(8) TLS settings update.Contributed by Janne Johansson on from the is it secret, is it safe? dept.
Both
relayd(8)
and
httpd(8)
now have the "secure" list of allowed crypto methods for
HTTPS, which include
TLSv1.3 and the TLSv1.2 AEAD cipher suites.
The previous list was "HIGH:!aNULL" which contain non-perfect-forward-security
methods and this change may cause old clients to not be able to connect.
Contributed by Peter N. M. Hansteen on from the where-would-sir-like-his-640kB? dept.
jsg@), but following this commit, OpenBSD/amd64 kernels now have a 512GB address space.
The commit message innocently reads,
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Jonathan Gray <jsg () cvs ! openbsd ! org> Date: 2026-06-22 0:27:33 Message-ID: 162f075352ec66cd () cvs ! openbsd ! org CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/06/21 18:27:33 Modified files: sys/arch/amd64/include: vmparam.h Log message: raise the size of amd64 kernel virtual address space from 4G to 512G
syslogd(8) privileged and non-privileged parts now separate binariesContributed by Peter N. M. Hansteen on from the logged, separately dept.
syslogd(8) system logger has already for a while now fork(2)ed the
privileged from the non-privileged parts.
Now Alexander Bluhm (bluhm@) decided it's time to split these parts into separate binaries in order to provide even better separation. The final commit message reads,
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Alexander Bluhm <bluhm () openbsd ! org> Date: 2026-06-11 15:41:33 CVSROOT: /cvs Module name: src Changes by: bluhm@cvs.openbsd.org 2026/06/11 09:41:33 Modified files: usr.sbin/syslogd: Makefile privsep.c syslogd.c syslogd.h etc/rc.d : syslogd Added files: usr.sbin/syslogd: Makefile.inc parent.c usr.sbin/syslogd/parent: Makefile usr.sbin/syslogd/syslogd: Makefile Log message: Provide a separate executable file for syslogd parent.
httpd(8) and smtpd(8)Contributed by Peter N. M. Hansteen on from the the joy of relinking dept.
sshd(8) was the first of the network-facing daemons to get the random treatment (see this previous report).
Now
in a
series
of
commits
that
split
one
daemon
(smptd(8))
into
six
separate binaries, Theo de Raadt (deraadt@) is bringing httpd(8) and smptd(8), both common in network facing configrations, into the random relink at boot fold.
llvm/clang(1)/lld(1) updated to version 22.1.6Contributed by rueda on from the catch 22 dept.
In -current,
Robert Nagy (robert@)
updated
clang(1),
llvm,
and lld(1)
to version 22.1.6:
https://marc.info/?l=openbsd-cvs&m=178005264089753&w=2
https://marc.info/?l=openbsd-cvs&m=178005271889792&w=2
https://marc.info/?l=openbsd-cvs&m=178005276789832&w=2
Yes, that's a lot of churn, all for the better we think.
Work on ports compliance continues.
Contributed by grey on from the now with fewer NULL dereferences and more bug fixes dept.
Contributed by grey on from the sha256 support finally heeding John Gilmore's warning dept.
Contributed by rueda on from the seven-nine the sixtieth dept.
The OpenBSD project has announced OpenBSD 7.9, its 60th release.
The new release contains a number of significant improvements, including but certainly not limited to:
MAXCPU value on OpenBSD/amd64 increased to 255 [See earlier report]sysctl hw.blockcpu [See earlier report]amd64, implemented delayed hiberation [See earlier report]amd64 and arm64 platformsdrm(4) code updated to linux 6.18.16 [See earlier report]sysctl(8) machdep.vmmode to indicate status as a host or guest [See commit]vmboot (on amd64), a tiny kernel for booting SEV VMs, which allows sysupgrade(8) to work [See commit]vmd(8)'s virtio scsi device to a subprocess [See earlier report]nhi(4), a driver for USB4 controllers, which allows modern laptops with AMD CPUs to reach the appropriate low power idle states during S0ix suspend. [See commit]sysugprade(8) handling of low disk space in /usr [See earlier report]fw_update(8) now checks dmesg(8) output in addition to dmesg.boot [See earlier report]amd64, added support for loading kernels from the EFI system partition [See commit]pledge(2) "tmppath" promise has been retired [See earlier reports]veb(4) [See commit]trunk(4) [See earlier report]pf(4) enhancements:nat-to and rdr-to in pfctl -s ruleshttpd.conf(5) "no banner" configuration directive to suppress generation of "Server" header [See commit]relayd(8), added support for PROXY protocol in TCP relaysacme-client(1), added support for IP Address certificateschromium (and derivatives) gained VA-API support [See earlier report]chromium (and derivatives) gained (Open) Widevine support support [See earlier report]See the full changelog for more details of the changes made over this latest six month development cycle.
The
Installation Guide
details how to get the system up and running with a fresh install,
while those who already run earlier releases should follow the
Upgrade Guide,
in most cases using
sysupgrade(8).
Readers are encouraged to celebrate the new release by donating to the project to support further development of our favourite OS!
Donate to OpenBSD
We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.
OpenBSD 7.9
| 003 | 2026-06-02 RELIABILITY In vmd(8), fix a variety of crashing bugs and misbehavior of -b flag. |
| 002 | 2026-06-02 RELIABILITY Fixes for a variety of crashing bugs in smtpd(8). |
| 001 | 2026-06-02 SECURITY Multiple vulnerabilites in the X server dri2, sync, saver and Xkb extensions. |
OpenBSD 7.8
| 039 | 2026-06-02 RELIABILITY In vmd(8), fix a variety of crashing bugs. |
| 038 | 2026-06-02 RELIABILITY Fixes for a variety of crashing bugs in smtpd(8). |
| 037 | 2026-06-02 SECURITY Multiple vulnerabilites in the X server dri2, sync, saver and Xkb extensions. |
| 036 | 2026-05-08 SECURITY In iked(8), address sizes were not checked. |
| 035 | 2026-05-08 RELIABILITY Due to insufficient checks in NFS server, the kernel could crash. |
| 034 | 2026-05-08 SECURITY libexpat uses more entropy to protect against hash flooding. CVE-2026-41080 |
Users wishing RSS/RDF summary files of OpenBSD Journal
can retrieve: 
Options are available.
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]