The OpenBSD project has announced the release of version 9.6 of rpki-client:

The BSDCan 2025 video playlist is now complete and available on both Peertube and Youtube.

The OpenBSD focused talks are as follows:

• A distributed filesystem for OpenBSD by Rob Keizer
  • PT
  • YT
• The state of 3d-printing from OpenBSD by Andrew Hewus Fresh
  • PT
  • YT
• Confidential Computing with OpenBSD The Next Step by Hans Jörg Höxer
  • PT
  • YT
• Adventures in porting a Wayland Compositor to NetBSD and OpenBSD by Jeff Frasca
  • PT
  • YT

With this commit, the development slows into release-mode preparing for the 7.8 release of OpenBSD.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2025-09-10 15:58:20

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/09/10 10:00:04

Modified files:
	etc/root       : root.mail 
	sys/sys        : param.h 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	usr.bin/signify: signify.1 
	sys/conf       : newvers.sh 

Log message:
crank to 7.8-beta

7.8-beta snapshots are already starting to appear on OpenBSD mirrors.

Time to bring out your odd machines and give snapshots a go, if we want 7.8 to be the best release yet.

Version 0.118 of Game of Trees has been released (and the port updated):

• security fix for -portable: gotwebd can be tricked into reading repositories outside its repos_path; bug introduced in got-0.111; OpenBSD is not affected
• make 'tog diff' show the repository name in names of patches written to /tmp
• plug memory leaks which were making gotwebd regress tests fail
• fix parallel processing of requests in gotwebd, improving responsiveness
• set gotwebd pledges according to address families of listening sockets
• run gotwebd fcgi parameter parsing in a dedicated process under pledge "stdio"
• make gotd commit notifications only show history which is unique to the branch
• enable sftp/scp support in the sshd_config file generated by gotsysd
• make gotsysd-managed repositories readable for the _gotd group

OpenBSD -current has gained initial support for the Raspberry Pi 5:

CVSROOT:	/cvs
Module name:	src
Changes by:	mglocker@cvs.openbsd.org	2025/09/01 12:56:04

Modified files:
	distrib/arm64/iso: Makefile 
	distrib/arm64/ramdisk: Makefile install.md list 

Log message:
Add Raspberry Pi 5 Model B support for RAMDISK.

Rafael Sadowski (rsadowski@) completed updates to C++ libraries in -current:

CVSROOT:	/cvs
Module name:	src
Changes by:	rsadowski@cvs.openbsd.org	2025/08/21 09:26:58

Modified files:
	gnu/lib/libcxx : Makefile 
	gnu/lib/libcxx/include/c++/v1: __config_site 
	gnu/lib/libcxxabi: Makefile 
	gnu/lib/libexecinfo: Makefile 
Added files:
	gnu/lib/libcxx/include/c++/v1: __assertion_handler 

Log message:
update build infrastructure for libunwind-, libcxxabi- and libcxx-19.1.7

This gives us a modern c++ lib in base!

Yubikey OTP support has been disabled in -current. The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/08/14 08:39:44

Modified files:
	sys/dev/usb    : ukbd.c 

Log message:
Most Yubikey ship with OTP support enabled out of the box (and generate
accidental output like cccccblddbkhelgbdjuughbjdcvrddggdcjvricrriuk).
Yubikey re-configuration requires crazy buggy and fragile tools using crazy
usb feature support, and therefore OTP disabling is very annoying.  We
make a policy decision to not attach these as keyboards anymore, because a
majority of users just want the FIDO functionality.  If you want to use OTP,
buy a different device from a different vendor or convince Yubikey to
significantly improve their tooling.
idea from kettenis

To be clear: this affects only the keyboard attachment of only Yubico devices. Therefore:

• USB security devices from other vendors are not affected.
• FIDO functionality of Yubikeys (and Yubico security keys) is not affected.
• login_yubikey(8) can no longer be used for local authentication purposes, but will still function for authentication of remote clients (so long as they support Yubikey OTP).

Running a patched kernel is the only way [at present] to reverse this change.

OpenSSH will now adapt IP QoS to actual sessions and traffic. In a fresh commit, Damien Miller (djm@) introduced a significant change, which enables ssh and sshd to set the IP QoS based on what connections and sessions are active.

The commit message says,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-08-18 3:43:01

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2025/08/17 21:43:01

Modified files:
	usr.bin/ssh    : sshd-session.c sshd-auth.c ssh.c session.c 
	                 serverloop.c packet.h packet.c mux.c misc.c 
	                 clientloop.c channels.h channels.c 

Log message:
Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS)
continually at runtime based on what sessions/channels are open.

Version 0.117 of Game of Trees has been released (and the port updated):

• regress: replace "sed -i" with ed(1) for portable in-place editing
• ensure that error messages from gotsysd libexec helpers get logged
• fix gotsysd using wrong auth and hmac labels in the generated gotd.conf
• preserve bad symlinks across merges during rebase and histedit
• improve binary files detection: detect any control characters, not just NUL
• gotwebd: fix race condition resulting in trucated html with trailing garbage
• make commit coloring faster and more accurate, producing smaller pack files
• improve selection of pack files for pinning in the open pack file cache
• regress: don't load global/home git configuration files while running tests
• make 'got clone' set a got.conf default branch for fetching only, not sending