Routing security matters to all of us (even those of us who seldom give the subject any thought), and the rpki-client project announced the release of a new version of their Resource Public Key Infrastructure (RPKI) client, with a number of improvements.

The announcement reads,

List:       openbsd-announce
Subject:    rpki-client 9.8 released
From:       Sebastian Benoit <benno () openbsd ! org>
Date:       2026-04-14 23:20:42


rpki-client 9.8 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon. It is recommended
that all users upgrade to this version for improved reliability.

We're a little late reporting it but…

The familiar safeguard sysctl hw.smt is now deprecated, having been replaced by a more flexible mechanism which allows discriminating between different varieties of core type.

First, Theo de Raadt (deraadt@) enabled the mechanism for OpenBSD/amd64 in this commit:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/03/31 10:46:22

Modified files:
	sys/sys        : sched.h sysctl.h 
	sys/kern       : kern_sched.c kern_sysctl.c 
	sys/arch/amd64/amd64: identcpu.c machdep.c 
	sys/arch/amd64/include: cpu.h 
	lib/libc/sys   : sysctl.2 

Log message:
Some new intel machines have a new 3rd tier of cpus called LP-E which are
E-core (Atom) without L3 cache.  These v are Lethargic, and it sucks
when processes migrate to them.

OpenBSD 7.9 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.9 (dropping the "-beta"):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/13 11:22:23

Modified files:
	sys/conf       : newvers.sh 

Log message:
move out of -beta

For those unfamiliar with the process:
this is not the 7.9 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Every spring and autumn, the routing world can expect a new OpenBGPD release, and this time is no exception.

The OpenBGPD project have announced the availability of their newest release, version 9.1, with the following announcement:

List:       openbsd-announce
Subject:    OpenBGPD 9.1 released
From:       Claudio Jeker <claudio () openbsd ! org>
Date:       2026-04-13 14:37:12

We have released OpenBGPD 9.1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

Version 0.124 of Game of Trees has been released (and the port updated):

• make the chroot path directive in gotwebd.conf actually work
• fix a segfault in tog while using the & search feature
• plug a tree object leak in the gotd repo_write process
• fix gotd wrongly complaining about a missing gotsys.conf in pack files
• expand tabs in log messages displayed by tog diff to prevent misalignment
• prevent non-root users from blocking gotctl reload requests
• plug a memory leak in got-read-commit
• allow UTF-8 in gotsys.conf site owner names and repository descriptions
• reject non-UTF-8-encoded reference names in gotsys.conf
• make gotwebd display logged-in usernames in case of group-membership auth

The GotHub OpenBSD mirror mentioned in our report on the previous GoT release is now linked from the OpenBSD main page.

Bogus security bug reports generated by large language model (LLM) tool use are a well known irritant and time sink for open source projects.

As a consequence of one such report, Theo de Raadt (deraadt@) committed a change to pfsync(4) to rename an otherwise unused field in the pfsync(4) packet header.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2026-04-12 3:16:04

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/04/11 21:16:04

Modified files:
	sys/net        : if_pfsync.c if_pfsync.h 

Log message:
The pfcksum[] field in the pfsync packet header is not a hash of the
packet.  It provides absolutely no security benefits, keep reading to
find out.

As we approach the 60th OpenBSD release: 7.9, the OpenSSH project has released OpenSSH 10.3.

From the Release notes:

Regular readers will be aware that Miod Vallat (miod@) is documenting the adventures of porting OpenBSD to various architectures in his OpenBSD Stories collection.

The latest addition is OpenBSD on Motorola 88000 processors, where the first two of a planned total of nine chapters have been published.

The first chapter, The Forsaken RISC Architecture, takes us through some background and pre-history of the architecture.

The second chapter, A New Hope, gives insight into the early porting efforts.

We very much look forward to seeing the further chapters of the OpenBSD on Motorola 88000 processors saga.

David Leadbeater (dgl@) posted to ports@ a message, entitled Pledge changes in 7.9-beta, which explains the consequences for porters of the recent pledge(2)/unveil(2) changes in -current (and, to some extent, 7.8). Whilst targeted at porters, it provides a good overview for anyone interested in the changes.

The message reads: