OpenBSD Journal

OpenBSD Journal

OpenSSH 9.1 is almost ready for release. Please help testing!

Contributed by Peter N. M. Hansteen on from the SSH! Test now! dept.

An important message from Damien Miller (djm@) turned up on mailing lists and elsewhere, saying,

From: Damien Miller <djm () mindrot ! org>
Date: Wed, 28 Sep 2022 00:03:37 +0000
To: openssh-unix-dev
Subject: Call for testing: openssh-9.1


OpenSSH 9.1p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from

You can read the whole message here or continue after the fold -

Read more…

A Few of My Favorite Things About The OpenBSD Packet Filter Tools

Contributed by Peter N. M. Hansteen on from the it's all fun and games until dept.

While recovering after EuroBSDCon and starting to gear up for the much anticipated next OpenBSD release, our co-editor Peter Hansteen found the time to do a remote Sunday lunch talk (slides) for SEMIBUG titled A Few of My Favorite Things About The OpenBSD Packet Filter Tools (full text, blog with trackers).

The full text of the talk is also available here, without trackers.

Topics covered: PF basics, state tracking tricks, greytrapping, traffic shaping, with pointers to further material.

All good fun while we are waiting for the next bit thing.

OpenBGPD 7.6 released

Contributed by Peter N. M. Hansteen on from the do bgp me those routes dept.

OpenBGPD, our favorite BGP daemon, has a new release, version 7.6.

The release announcement leads in,

We have released OpenBGPD 7.6, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

   * Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate
     nexthops and incorrectly leave them in the FIB or Adj-RIB-Out. 

   * Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter

   * Switch various static hash tables to RB trees improving performance
     on large systems

   * Export per neighbor pending update and withdraw statistics

   * Fix race between a neighbor session reset and its update message backlog

   * Improve handling of nexthop reachability state changes

   * Further improve portability of the FIB handling code

Read more…

A summary piece on spam fighting and spamd(8) in particular and 300,000 imaginary friends

Contributed by Peter N. M. Hansteen on from the keeping the bots busy dept.

In a recent piece titled The Things Spammers Believe - A Tale of 300,000 Imaginary Friends, co-editor Peter Hansteen summarizes more than 15 years (yes, it has been that long) of improving the noise levels in mail feeds.

The main tools are what comes in the base system of our favorite operating system, with particular focus on spamd(8) and the greytrapping feature.

The article leads in with

It finally happened. Today, I added the three hundred thousandth (yes, 300,000th) spamtrap address to my greytrapping setup, for the most part fished out of incoming traffic here, for spammers to consume.

and is liberally sprinkled with references to other relevant material.

The article is also available in a trackerless (aside from the server's ordinarily rotated log) version.

-current has moved to 7.2

Contributed by rueda on from the here-we-go-again dept.

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.2:

Module name:	src
Changes by:	2022/09/11 08:27:09

Modified files:
	sys/conf       : 

Log message:
drop the -beta

For those unfamiliar with the process: this is not the 7.2 release, but is part of the standard build-up to the release.

It's time to start using "-D snap" with pkg_add (and pkg_info).

(Regular readers will know what comes next…) This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

rpki-client 8.0 released

Contributed by Peter N. M. Hansteen on from the route me keyed dept.

A new version of the OpenBSD rpki-clientRPKI validator to support BGP Origin Validation, version 8.0 has been released.

The announcement reads,

rpki-client 8.0 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of BGP announcements. The program queries the
global RPKI repository system and validates untrusted network inputs.
The program outputs validated ROA payloads, BGPsec Router keys, and
ASPA payloads in configuration formats suitable for OpenBGPD and BIRD,
and supports emitting CSV and JSON for consumption by other routing

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.2

None yet

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]