The BSDCan 2025 video playlist is now complete and available on both Peertube and Youtube.

The OpenBSD focused talks are as follows:

• A distributed filesystem for OpenBSD by Rob Keizer
  • PT
  • YT
• The state of 3d-printing from OpenBSD by Andrew Hewus Fresh
  • PT
  • YT
• Confidential Computing with OpenBSD The Next Step by Hans Jörg Höxer
  • PT
  • YT
• Adventures in porting a Wayland Compositor to NetBSD and OpenBSD by Jeff Frasca
  • PT
  • YT

With this commit, the development slows into release-mode preparing for the 7.8 release of OpenBSD.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2025-09-10 15:58:20

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/09/10 10:00:04

Modified files:
	etc/root       : root.mail 
	sys/sys        : param.h 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	usr.bin/signify: signify.1 
	sys/conf       : newvers.sh 

Log message:
crank to 7.8-beta

7.8-beta snapshots are already starting to appear on OpenBSD mirrors.

Time to bring out your odd machines and give snapshots a go, if we want 7.8 to be the best release yet.

Version 0.118 of Game of Trees has been released (and the port updated):

• security fix for -portable: gotwebd can be tricked into reading repositories outside its repos_path; bug introduced in got-0.111; OpenBSD is not affected
• make 'tog diff' show the repository name in names of patches written to /tmp
• plug memory leaks which were making gotwebd regress tests fail
• fix parallel processing of requests in gotwebd, improving responsiveness
• set gotwebd pledges according to address families of listening sockets
• run gotwebd fcgi parameter parsing in a dedicated process under pledge "stdio"
• make gotd commit notifications only show history which is unique to the branch
• enable sftp/scp support in the sshd_config file generated by gotsysd
• make gotsysd-managed repositories readable for the _gotd group

OpenBSD -current has gained initial support for the Raspberry Pi 5:

CVSROOT:	/cvs
Module name:	src
Changes by:	mglocker@cvs.openbsd.org	2025/09/01 12:56:04

Modified files:
	distrib/arm64/iso: Makefile 
	distrib/arm64/ramdisk: Makefile install.md list 

Log message:
Add Raspberry Pi 5 Model B support for RAMDISK.

Rafael Sadowski (rsadowski@) completed updates to C++ libraries in -current:

CVSROOT:	/cvs
Module name:	src
Changes by:	rsadowski@cvs.openbsd.org	2025/08/21 09:26:58

Modified files:
	gnu/lib/libcxx : Makefile 
	gnu/lib/libcxx/include/c++/v1: __config_site 
	gnu/lib/libcxxabi: Makefile 
	gnu/lib/libexecinfo: Makefile 
Added files:
	gnu/lib/libcxx/include/c++/v1: __assertion_handler 

Log message:
update build infrastructure for libunwind-, libcxxabi- and libcxx-19.1.7

This gives us a modern c++ lib in base!

Yubikey OTP support has been disabled in -current. The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/08/14 08:39:44

Modified files:
	sys/dev/usb    : ukbd.c 

Log message:
Most Yubikey ship with OTP support enabled out of the box (and generate
accidental output like cccccblddbkhelgbdjuughbjdcvrddggdcjvricrriuk).
Yubikey re-configuration requires crazy buggy and fragile tools using crazy
usb feature support, and therefore OTP disabling is very annoying.  We
make a policy decision to not attach these as keyboards anymore, because a
majority of users just want the FIDO functionality.  If you want to use OTP,
buy a different device from a different vendor or convince Yubikey to
significantly improve their tooling.
idea from kettenis

To be clear: this affects only the keyboard attachment of only Yubico devices. Therefore:

• USB security devices from other vendors are not affected.
• FIDO functionality of Yubikeys (and Yubico security keys) is not affected.
• login_yubikey(8) can no longer be used for local authentication purposes, but will still function for authentication of remote clients (so long as they support Yubikey OTP).

Running a patched kernel is the only way [at present] to reverse this change.

OpenSSH will now adapt IP QoS to actual sessions and traffic. In a fresh commit, Damien Miller (djm@) introduced a significant change, which enables ssh and sshd to set the IP QoS based on what connections and sessions are active.

The commit message says,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-08-18 3:43:01

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2025/08/17 21:43:01

Modified files:
	usr.bin/ssh    : sshd-session.c sshd-auth.c ssh.c session.c 
	                 serverloop.c packet.h packet.c mux.c misc.c 
	                 clientloop.c channels.h channels.c 

Log message:
Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS)
continually at runtime based on what sessions/channels are open.

Version 0.117 of Game of Trees has been released (and the port updated):

• regress: replace "sed -i" with ed(1) for portable in-place editing
• ensure that error messages from gotsysd libexec helpers get logged
• fix gotsysd using wrong auth and hmac labels in the generated gotd.conf
• preserve bad symlinks across merges during rebase and histedit
• improve binary files detection: detect any control characters, not just NUL
• gotwebd: fix race condition resulting in trucated html with trailing garbage
• make commit coloring faster and more accurate, producing smaller pack files
• improve selection of pack files for pinning in the open pack file cache
• regress: don't load global/home git configuration files while running tests
• make 'got clone' set a got.conf default branch for fetching only, not sending

In a recent entry on his blog, OpenBSD developer Ted Unangst (tedu@) asks, is OpenBSD 10x faster than Linux?. He explains,

Here’s a little benchmark complements of Jann Horn. It’s unexpectedly slow on Linux. OpenBSD is so fast, I had to modify the program slightly to measure itself, as the time utility is missing sufficient precision to even record nonzero.

Go on, read the rest over at Ted's blog for some fun tidbits on performance and benchmarks.