OpenBSD Journal

OpenBSD Journal

OpenSSH 10.1 released

Contributed by Peter N. M. Hansteen on from the SSH! silently released dept.

The OpenSSH project has released OpenSSH 10.1, which is also the release that will be part of the upcoming OpenBSD 7.8 release.

The release was marked by a very unobtrusive sequence of www commits, with the first saying simply 

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: www
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-10-06 7:11:57


CVSROOT:	/cvs
Module name:	www
Changes by:	djm@cvs.openbsd.org	2025/10/06 01:11:57

Added files:
	openssh/txt    : release-10.1 

Log message:
openssh-10.1 release notes

which points to the OpenSSH 10.1 release notes, giving a fuller description of the new release.

If you're running -current or jumping snapshot to snapshot, you should already be running code equal to or very close to this.

No comments

Game of Trees 0.120 released

Contributed by rueda on from the again-and-again-and dept dept.

Version 0.120 of Game of Trees has been released (and the port updated):

  • disable gotwebd authentication if it is not enabled in /etc/gotwebd.conf
  • ensure that GOTWEBD_LOGIN_TIMEOUT is used consistently at build time
  • prevent date-specific gotsysd regress failures due to asctime_r whitespace
  • make gotwebd refuse to start up if the _gotwebd user is root
  • make gotwebd warn if the webserver's user is set to root in /etc/gotwebd.conf
  • add /etc/gotwebd.conf parameters for hiding repositories
  • reject bad hostnames provided to the gotsh weblogin command
  • allow gotwebd to optionally display a login hint when authentication fails

No comments

OpenBSD -current has moved to version 7.8

Contributed by rueda on from the here-we-go-again dept.

The OpenBSD 7.8 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.8 (dropping the "-beta"):

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2025-09-30 14:49:51

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/09/30 08:49:51

Modified files:
	sys/conf       : newvers.sh 

Log message:
move out of -beta

For those unfamiliar with the process:
this is not the 7.8 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

No comments

OpenBGPD 8.9 released

Contributed by rueda on from the you-smell-an-OpenBSD-release dept.

Claudio Jeker (claudio@) announced the release of version 8.9 of OpenBGPD, the OpenBSD project's Border Gateway Protocol (BGP) daemon:

We have released OpenBGPD 8.9, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * In verbose mode log the NOTIFICATION data for UPDATE errors.

    * Fix a busy loop error in the pfkey handling for OpenBSD and FreeBSD.

    * Introduce monotime - an internal time API using microsecond
      resolution.

    * Fix accounting of the pending update counter

    * Use new ibufq interface instead of handrolling the same.

    * Large refactoring of internal APIs to make the code easier to share
      and cleaner.

Read more…

1 comment (6d6:48 ago)

Full BSDCan 2025 video playlist(s) available

Contributed by Patrick McEvoy bsdtv on from the ottawatch - Puffy edition, g dept.

The BSDCan 2025 video playlist is now complete and available on both Peertube and Youtube.

The OpenBSD focused talks are as follows:

  • A distributed filesystem for OpenBSD by Rob Keizer
  • The state of 3d-printing from OpenBSD by Andrew Hewus Fresh
  • Confidential Computing with OpenBSD The Next Step by Hans Jörg Höxer
  • Adventures in porting a Wayland Compositor to NetBSD and OpenBSD by Jeff Frasca

2 comments (11d18:10 ago)

OpenBSD enters 7.8-beta

Contributed by Janne Johansson on from the seven eight nine dept.

With this commit, the development slows into release-mode preparing for the 7.8 release of OpenBSD.

The commit message reads, 

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2025-09-10 15:58:20

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/09/10 10:00:04

Modified files:
	etc/root       : root.mail 
	sys/sys        : param.h 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	usr.bin/signify: signify.1 
	sys/conf       : newvers.sh 

Log message:
crank to 7.8-beta

7.8-beta snapshots are already starting to appear on OpenBSD mirrors.

Time to bring out your odd machines and give snapshots a go, if we want 7.8 to be the best release yet.

No comments

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

OpenBSD Errata

OpenBSD 7.7

0102025-09-30 SECURITY Fix out-of-bounds read and write, memory leaks and incorrect error check for CMS enveloped data.
0092025-09-30 SECURITY In libexpat fix denial of service due to memory exhaustion. CVE-2025-59375 CVE-2024-8176
0082025-07-01 RELIABILITY TIOCUCNTL ioctl(2) could crash the kernel if called with a non-file argument.
0072025-07-01 SECURITY Previous fix for X11 server was incomplete. CVE-2025-49176
0062025-06-17 SECURITY Multiple X11 server issues. CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
0052025-06-17 RELIABILITY In acme-client(1), handle as yet unobserved "processing" state when fetching an issued certificate by retrying instead of giving up.

Unofficial RSS feed of OpenBSD errata

OpenBSD 7.6

0232025-09-30 SECURITY Fix out-of-bounds read and write, memory leaks and incorrect error check for CMS enveloped data.
0222025-09-30 SECURITY In libexpat fix denial of service due to memory exhaustion. CVE-2025-59375 CVE-2024-8176
0212025-07-01 RELIABILITY TIOCUCNTL ioctl(2) could crash the kernel if called with a non-file argument.
0202025-07-01 SECURITY Previous fix for X11 server was incomplete. CVE-2025-49176
0192025-06-17 SECURITY Multiple X11 server issues. CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
0182025-06-17 RELIABILITY In acme-client(1), handle as yet unobserved "processing" state when fetching an issued certificate by retrying instead of giving up.

Unofficial RSS feed of OpenBSD errata

OpenBSD Resources

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]