Stefan Sperling (stsp@) has committed support for RAID 1C [mirroring and encryption] boot to -current on the amd64 platform:

CVSROOT:	/cvs
Module name:	src
Changes by:	stsp@cvs.openbsd.org	2022/08/12 14:17:46

Modified files:
	share/man/man4 : softraid.4 
	sys/arch/amd64/stand/efi32: efidev.c 
	sys/arch/amd64/stand/efi64: efidev.c 
	sys/arch/amd64/stand/efiboot: efidev.c 
	sys/arch/amd64/stand/libsa: biosdev.c softraid_amd64.c 
	sys/lib/libsa  : softraid.c 

Log message:
add support for booting from RAID 1C softraid(4) volumes on amd64

Only boot-loader changes are needed. Both installboot(8) and
the kernel already do what is required to make this work.

ok kn@

Tested:
biosboot on vmm: kn, stsp
biosboot and efiboot on server hardware: stsp

Support on the arm64 platform can be expected soon.

Great work, Stefan (and Klemens, and everyone else involved)!

Damien Miller (djm@) has committed home-directory request to sftp-server(8):

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2022/08/11 23:20:28

Modified files:
	usr.bin/ssh    : sftp-server.c PROTOCOL 

Log message:
sftp-server: support home-directory request

Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing expand-path@openssh.com, but uses a more official protocol name,
and so is a bit more likely to be implemented by non-OpenSSH clients.

From Mike Frysinger, ok dtucker@

In -current, /usr/games has been removed from the default $PATH. Theo Buehler (tb@) committed the change:

CVSROOT:	/cvs
Module name:	src
Changes by:	tb@cvs.openbsd.org	2022/08/10 01:40:37

Modified files:
	etc/skel       : dot.cshrc dot.profile 

Log message:
Remove games from the default $PATH in /etc/skel

The games are a playground for developers. Their code is very old and full
of bugs.

ok deraadt kn

So when you next sit down on a fresh snapshot install and want to do a quick rot13 or do a round of tetris, you may need to specify the full path.

Alternatively, you could dig into the code and see if you can fix a bug or two.

Damien Miller (djm@) committed a change randomising the rekeying interval in arc4random(3) (and friends):

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2022/07/30 23:10:36

Modified files:
	lib/libc/crypt : arc4random.c 

Log message:
Randomise the rekey interval a little. Previously, the chacha20
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.

Feedback deraadt@ visa@, ok tb@ visa@

With the following commit(s), Theo de Raadt (deraadt@) moved -current to version 7.2-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/07/20 09:12:39

Modified files:
	sys/conf       : newvers.sh 
	sys/sys        : param.h 
	etc/root       : root.mail 
	usr.bin/signify: signify.1 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 

Log message:
move to 7.2-beta.  this gets done very early, to avoid finding out
version number issues close to release

Snapshots are (already) available for several platforms.

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

For those who have been paying attention to the Game of Trees development list, there has been a lot going on with got(1). Apologies here at undeadly for having missed some release announcements!

Having written as much, got 0.74 was released on July 14th, 2022!

Release notes may be found here: https://gameoftrees.org/releases/CHANGES

The -portable release also got some attention, and those release notes may be found here: http://gameoftrees.org/releases/portable/CHANGELOG

Our favorite BGP daemon, OpenBGPD, has a new version 7.5 out. The announcement reads,

We have released OpenBGPD 7.5, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon.

A fairly critical component of routing security infrastructure, rpki-client, has a new release out, version 7.9.

The announcement leads in,

rpki-client 7.9 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads and BGPsec Router keys in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks.

Read the whole thing here and grab the new release at your favorite OpenBSD mirror.

Theo de Raadt (deraadt@) committed the change:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/07/02 11:21:32

Modified files:
	sbin/dhclient  : dhclient.c 

Log message:
dhclient(8) has been undergoing replacement with "ifconfig xxx inet auto"
for a couple of years, backed by dhcpleased(8), which provides much better
dns handling.  The next step is to make the dhclient simply execve
ifconfig in that way, and provide syslog warnings about deprecated options
along the way.  This way, we can find the last few dhclient users, and what
they are missing.
ok florian krw