Fresh from the just concluded j2k25 hackathon in Nara, Japan, Rafael Sadowski (rsadowski@) has published his report on his blog:

Week 2: The j2k25 Japan Hackathon

We arrived in Nara during the late afternoon. After checking into our hotel, goda@, my wife and I headed straight to the hack room. My initial thought was to finally do some ports hacking to warm up and create a plan for the upcoming week. I hadn't had much opportunity for focused thinking during our busy week in Tokyo.

As soon as I booted OpenBSD, kn@ appeared. I was genuinely happy to see him again, and we spent the first half hour catching up. Then he mentioned we were about to head to the team event. This completely derailed my planned "first day" approach - instead of keyboard and OpenBSD work, the evening was filled with excellent food, beer, and funny conversations.

Reining in file system access is hard to get right, even for OpenBSD developers.

In a message to tech@ titled openat(2) is mostly useless, sadly Theo de Raadt (deraadt@) describes how the openat(2) family of system calls has failed to live up to expectations in practice, and he proposes changes that may improve the situation.

Theo writes,

List:       openbsd-tech
Subject:    openat(2) is mostly useless, sadly
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2025-05-28 14:03:29

The family of system calls related to openat(2) are mostly useless in
practice, rarely used. When they are used it is often ineffectively or
even with performance-reducing results.

     int
     openat(int fd, const char *path, int flags, ...);

These are the others:

Recently, Crystal Kolipe found that attaching softraid volumes as read-only devices did not work.

Then what to do?

Fix the code and make it work, of course!

The full story is available as “Stay, (write), protected!”, taking us through the steps of adding a feature to OpenBSD. Enjoy!

A new profiling subsystem is now in OpenBSD-current, from the hands of none other than Theo de Raadt (deraadt@) himself.

A longish sequence of commits introduced the changes incrementally, with a summary as follows:

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2025-05-24 6:49:17

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/05/24 00:49:17

Modified files:
	include        : unistd.h 
	sys/sys        : exec.h exec_elf.h gmon.h proc.h systm.h 
	sys/kern       : exec_elf.c init_sysent.c kern_exec.c 
	                 kern_exit.c kern_fork.c kern_pledge.c 
	                 subr_prof.c syscalls.master 

Log message:
In the old gprof profiling subsystem, the simplistic profil() syscall
told the kernel about the sample buffer, and then the normal exit-time
_mcleanup() would finalize the buffer, open()'ed a file and write out
the details.  This file opening has become increasingly impossible
because of our privsep / privdrop, chroot, setresuid uid-dropping,
pledge, unveil, and other efforts.  So people stopped using gprof.
Programs which needed profiling needed substantial mitigation removal
changes to put them under test.

Are you an OpenBSD user with a low power device such as a PC Engines APU2, with one or more em(4) network interfaces?

Darren Tucker (dtucker@) has a new diff out that may be of use to you, posted in a message to tech@:

List:       openbsd-tech
Subject:    em(4) TX interrupt mitigation
From:       Darren Tucker <dtucker () dtucker ! net>
Date:       2025-05-19 8:52:13

Hi.

TL;DR: if you use em(4), particularly on a low-power device such as a
pcengines APU2, please try this diff.

The em(4) driver has 5 interrupt mitigation timers[0].

Kirill A. Korinsky (kirill@) writes in with his guide to setting up an EdgeRouter 4 with OpenBSD/octeon to provide a failover gateway/router setup:

This article details the configuration process for setting up OpenBSD on an EdgeRouter 4 device to function as a home router, incorporating features such as private DNS resolution for clients and failover WAN connectivity.

Read the whole thing at Kirill's site.

erspan(4), the ERSPAN collection driver created by David Gwynne (dlg@) [and about which we recently reported] has been committed to the tree:

CVSROOT:	/cvs
Module name:	src
Changes by:	dlg@cvs.openbsd.org	2025/05/13 19:54:12

Modified files:
	sys/net        : if_gre.c 

Log message:
add support for the ERSPAN Type II protocol

ERSPAN is a specific GRE 0 protocol id with GRE sequence numbers
enabled, with it's own shim header, and then an Ethernet payload.

Version 0.112 of Game of Trees has been released (and the port updated):

• remove /tmp/got-importmsg temp files when import commit message is left empty
• rely on secondary _gotwebd groups if repos_path is not owned by _gotwebd group
• fix unrelated errors being reported if a histedit operation is aborted
• implement support for protected references in gotsys.conf and gotsysd
• plug memory leaks in some libexec helpers and in the gitconfig parser
• stop needlessly opening the repository whenever a work tree is opened

Omar Polo (op@) has announced the release of version 7.7.0p0 of OpenSMTPD:

[…]
Changes in this release:
========================

 - mail.lmtp: Correctly propagate LMTP permanent failures to smtpd.
 - Fixed connect filter request documentation in smtpd-filters.7.
 - Updated to new imsg APIs.
[…]

See the full release announcement for all the details.