OpenBSD Journal

OpenBSD Journal

In -current, default write format for tar(1) changed to "pax"

Contributed by rueda on from the pax-in-our-time dept.

A series of commits by Jeremie Courreges-Anglas (jca@) has modified tar(1) such that its default write format (for archives) is that of pax(1). The message with the final commit captures the gist of the change:

Module name:	src
Changes by:	2024/04/16 17:09:35

Modified files:
	bin/pax        : options.c tar.1 

Log message:
Switch tar(1) write default format to 'pax'

Lets us store longer file names, link names, finer grained timestamps,
larger archive member files, etc; at the expense of larger uncompressed
archives and less widespread support across the ecosystem.  If you're
unhappy with the new defaults, you can use -F ustar.  Or you can help
fix bugs / find a better middle ground.

Prodding from various including job@ and deraadt@
ok sthen@ caspar@ millert@

OpenSMTPD 7.5.0p0 Released

Contributed by Peter N. M. Hansteen on from the Puffy still delivers dept.

The OpenSMTPD project has released its first post-OpenBSD 7.5 version, OpenSMTPD 7.5.0p0, with a number of notable improvements.

The announcement reads,

Subject:    OpenSMTPD 7.5.0p0 Released
From:       Omar Polo <op () openbsd ! org>
Date:       2024-04-10 8:38:12

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at

Read more…

20 years since "and we're just starting": turns 20 (2024-04-09)

Contributed by Peter N. M. Hansteen on from the 20 years a Puffyist dept.

It's been 20 years since the first post appeared.

At that point in our history, we had been enjoying frequent updates to the OpenBSD Journal at the site for more than four years, and most of us thought it was an April's Fool prank when the the editors announced that they were ceasing publication, effective immediately on April 1st, 2004.

Fortunately, Daniel Hartmeier quickly realized the announcement was not a joke, and went to work on a functionally equivalent CGI binary written in C and negotiated to take over the archive of existing articles. The rescued (resurrected?) site went live at on April 9th, 2004.

At the time, the eagerly anticipated upcoming release was OpenBSD 3.5 (which we covered on April 30th of that year). As the release song strongly hints, the introduction of the CARP redundancy protocol was a major item in that release. The release also introduced the OpenBSD/amd64 platform, and included a number of improvements in hardware support and security, with privilege separation introduced in several daemons and important utilities. All the details can be had at the OpenBSD 3.5 release page.

It's been 20 years, what have we got to show for it?

We hope you have been enjoying the site's updates, and we hope that has been a positive factor in promoting all things OpenBSD. The site and its editors have every intention of going on running the site.

If you want to help out, please submit items about OpenBSD that you find noteworthy.

We value your submissions even more than your comments.

All the best from the editors.

OpenBSD 7.5 released

Contributed by Peter N. M. Hansteen on from the Puffy's 56th dept.

Every six months, spring and fall, a new OpenBSD release emerges on the web and familiar download mirrors.

The OpenBSD project has released OpenBSD 7.5, the project's 56th release, with numerous improvements and support for 14 hardware platforms.

Notable enhancements and new features include

All this along with added support for various new hardware, numerous performance improvements and of course security enhancements.

See the OpenBSD 7.5 release page for a more detailed list, or the daily changelog for even more day to day detail.

As usual, the Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8) to upgrade their systems.

In addition to the base system, the new release comes with a number of prebuilt packages. The number of binary packages available for the more popular architectures are:

amd64: 12309
aarch64: 12145
i386: 10830
sparc64: 9432

Thanks to the developers for all the great work!

And to all OpenBSD users: Happy hacking!

LibreSSL 3.8.4 and 3.9.1 released

Contributed by Peter N. M. Hansteen on from the SSLaying the code flensing dept.

In a not-quite-unexpected announcement, the LibreSSL development team released the new versions. The announcement reads,

Subject:    LibreSSL 3.8.4 and 3.9.1 released
From:       Brent Cook <busterb () gmail ! com>
Date:       2024-03-28 4:47:28

We have released LibreSSL 3.8.4 and 3.9.1 which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. LibreSSL 3.9.1 is
the first stable release for the 3.9.x branch, and will also be
available with OpenBSD 7.5.

Read more…

Game of Trees 0.97 released

Contributed by rueda on from the again-and-again-and dept.

Version 0.97 of Game of Trees has been released (and the port updated).

* got 0.97; 2024-03-11
  see git repository history for per-change authorship information
- improve error messages shown upon execv failure 
- fix 'gotadmin pack' crash upon Ctrl-C due to invalid imsg_free()
- significantly speed up deltification of large files
- improve error handling in got_privsep_recv_imsg()

Just in time for the release of OpenBSD 7.5!

LibreSSL versions 3.8.3 and 3.9.0 released

Contributed by rueda on from the Just before a March new moon, new TLS library versions! dept.

The LibreSSL project has announced the release of version 3.8.3, and (development) version 3.9.0 of the software.

The announcement for version 3.8.3 reads:

WWe have released LibreSSL 3.8.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
second stable release for the 3.8.x branch.

It includes the following changes from LibreSSL 3.8.2

  * Portable changes
	  - Removed assert pop-ups with Windows debug builds.
	  - Fixed crashes and hangs in Windows ARM64 builds.
	  - Improved control-flow enforcement (CET) support.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Read more…

OpenBGPD 8.4 released

Contributed by Peter N. M. Hansteen on from the routed in a route, bordering dept.

The OpenBSD Border Gateway Protocol (BGP) routing daemon OpenBGPD has a new version out, version 8.4.

The release announcement reads,

Subject:    OpenBGPD 8.4 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2024-03-07 13:12:51

We have released OpenBGPD 8.4, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.5

0022024-04-11 RELIABILITY Install media for alpha architecture was broken due to strip(1) bug.
0012024-04-08 SECURITY Fix multiple heap buffer overread and data leakage in the X11 server Xi extension and use after free in the Render extention. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083

Unofficial RSS feed of OpenBSD errata

OpenBSD 7.4

0162024-04-08 SECURITY Fix multiple heap buffer overread and data leakage in the X11 server Xi extension and use after free in the Render extention. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083
0152024-03-18 SECURITY In libexpat fix billion laughs attack vulnerability CVE-2024-28757.
0142024-02-29 SECURITY vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.
0132024-02-13 SECURITY DNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).
0122024-01-16 SECURITY Fix multiple xserver heap buffer overflows, out of bounds memory accesses and memory corruption. CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409
0112023-12-18 SECURITY An SSH protocol weakness (the Terrapin Attack) exists that allows an on-path adversary to disable keystroke timing obfuscation.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]