Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@) recently added a couple of notable features to OpenSSH:
Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying
List: openbsd-tech Subject: fix net80211 802.11g compatibility check From: Stefan Sperling <stsp () stsp ! name> Date: 2025-07-31 10:26:18 I have a WIP fix for qwx which relies on ieee80211_iserp_sta() to detect whether an AP supports 802.11g, rather than 802.11b only. And I encountered an access point which qwx could not connect to when my WIP fix is applied.
The initial commit message reads,
List: openbsd-ports-cvs Subject: CVS: cvs.openbsd.org: ports From: Antoine Jacoutot <ajacoutot () cvs ! openbsd ! org> Date: 2025-07-28 12:35:38 CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2025/07/28 06:35:38 Log message: Import cde-2.5.2 CDE - The Common Desktop Environment is X Windows desktop environment that was commonly used on commercial UNIX variants such as Sun Solaris, HP-UX and IBM AIX. Developed between 1993 and 1999, it has now been released under an Open Source licence by The Open Group.
Version 0.116 of Game of Trees has been released (and the port updated):
" ... anyone who’s ever had to investigate a security incident knows the harsh reality: logs are only as trustworthy as their protection against post-incident tampering. An attacker who gains root access isn’t going to politely leave their tracks in the log files – unless they physically can’t alter them anymore."
Read the whole thing, When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, over at Rafael's site!
In -current, the struct underlying stdio(3)'s FILE type has been made opaque, with library versions bumps across the board:
CVSROOT: /cvs Module name: src Changes by: yasuoka@cvs.openbsd.org 2025/07/16 09:33:05 Modified files: lib/libc : Symbols.list shlib_version lib/libc/hidden: stdio.h wchar.h lib/libc/stdio : Makefile.inc fclose.3 fclose.c findfp.c lib/libcrypto : shlib_version lib/libcurses : shlib_version lib/libedit : shlib_version lib/libexpat : shlib_version lib/libfido2 : shlib_version lib/libfuse : shlib_versionJob Snijders (job@) has added (to -current) a new utility, watch(1), for periodically executing a command and displaying its output.
The IIJ's iwatch was initially imported back in May, and has been reworked substantially before being linked to the build.
This was made possible by the efforts of Rafael Sadowski (rsadowski@) with the help of several others. The news was announced 2025-07-04 via a fediverse post and of course the commit message itself, where the description reads
Log message: Update Plasma 6.4 The most parts are straightforward as usual but in 6.4 the KDE Kwin team split kwin into kwin-x11 and kwin (wayland). This seems to be the sign that X11 is no longer of interest and we are focussing on Wayland.
List: openbsd-misc Subject: Console 4096 colours and blink attribute From: Crystal Kolipe <kolipe.c () exoticsilicon ! com> Date: 2025-07-04 13:58:41 Tired of having just 256 colours on your console instead of 4096? Do you miss the blink attribute from the old VGA text mode days? Want to learn how cool stuff like this is implemented? Look no further: https://research.exoticsilicon.com/articles/console_4096
Clicking that link will bring you a colorful article with all implementation details and links to the code for you to try out yourself.
Happy blink and 4k colors console day to all who celebrate!
We have started our first round of sign-up for #Git repository hosting.
Our first server for Git hosting is expected to be installed next week. Additional servers will be added as needed based on demand.
See https://gothub.org for an introduction to our project.
See https://gothub.org/features.html to get an idea about which features are already working and what is planned for the future.
See https://gothub.org/tiers.html for the initial service tier configurations and prices.
See https://gothub.org/signup.html for details about the sign-up process.
Do you have code that could need to be hosted, and/or money to send their way? Click the links!
Version 0.115 of Game of Trees has been released (and the port updated):
Version 0.114 of Game of Trees has been released (and the port updated):
List: openbsd-tech Subject: bge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix From: Stefan Sperling <stsp () stsp ! name> Date: 2025-06-20 10:12:14 A bug has been fixed by yasuaok@ in vmx(4) where the driver was calling ifq_restart() without actually having made any space on a full Tx ring. Calling ifq_restart() in this case can lead to a condition where the interface gets stuck in OACTIVE until the interface is reset with ifconfig.
Fresh from the recently concluded j2k25 hackathon comes this report from Klemens Nanni (kn@), who writes:
New country, lots of ramen, friends and new folks - heck, yes!
Having missed the last four (our five?, hard to tell…) hackathons, j2k25 aligned just right to finish our holidays with beautiful sights and culinary delights between streaks of hacking, leaving all else aside for a solid week - it was refreshing retreat and sparked plans to make another, even longer trip through Japan!
This time, I brought a few unfished and/or unanswered diffs, but also specifically wanted to look into unfamiliar code, now that folks were around to ask for advice and discuss with.
First, the installer and rc(8) were due for cleanup: common code for randomness seed files used by bootloaders and rc seemed unnecessarily different, so I synced their logic, style and comments wrt. subtle, yet important details around the sticky(8) bit:
The motivation is summarized as,
tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it better at replying with the ip that requests were sent to.
and the full message, with the subject dhcpd(8): use UDP sockets instead of BPF reads,
List: openbsd-tech Subject: dhcpd(8): use UDP sockets instead of BPF From: David Gwynne <david () gwynne ! id ! au> Date: 2025-06-13 3:29:20 tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it better at replying with the ip that requests were sent to. ive been hacking on this because of a problem at work, which i want to solve by setting up a bunch of "anycast" dhcp servers. ie, i want to have multiple dhcpd on separate servers with the same IP assigned as an alias on all of them.
In a long series of commits, Robert Nagy (robert@) updated clang(1)/llvm/lld(1) in -current to version 19.1.7 (from version 16.0.6):
CVSROOT: /cvs Module name: src Changes by: robert@cvs.openbsd.org 2025/06/11 06:54:56 Log message: import of llvm from LLVM 19.1.7 Status: Vendor Tag: LLVM Release Tags: LLVM_19_1_7 U src/gnu/llvm/llvm/.clang-format […]Those building from source should follow the instructions in Following -current and using snapshots before making the leap.
Kristaps Dzonsons (known for mandoc(1), rpki-client(8), and much more) has written an article, Source code sandboxing, on sandboxing from the perspective of developers. It compares the facilities available under several operating systems, and requests relevant contributions.
As Undeadly readers might expect, OpenBSD's pledge(2) and unveil(2) receive favourable appraisal.
Kristaps' article refers to Sandboxing Adoption in Open Source Ecosystems, an academic article published on the subject.
[In 2016, Undeadly published Kristaps Dzonsons on pledge(2).]
Following a discussion on tech@ [initiated by a post with patch from Ted Unangst (tedu@)], the "TearFree" option has been backported to the xenocara modesetting(4) driver in -current:
CVSROOT: /cvs Module name: xenocara Changes by: matthieu@cvs.openbsd.org 2025/06/09 12:18:36 Modified files: xserver/dix : pixmap.c xserver/hw/xfree86/common: xf86Mode.c xserver/hw/xfree86/drivers/modesetting: dri2.c driver.c driver.h drmmode_display.c drmmode_display.h dumb_bo.c meson.build modesetting.man pageflip.c present.c vblank.c xserver/hw/xfree86/modes: xf86Crtc.h xf86Rotate.c xserver/include: displaymode.h pixmap.h xserver/present: present.h present_screen.c Log message: Backport TearFree page flips for the modesetting driver from X.Org maaster. Work done by tedu@ based on previous diffs by jcs@ and stsp@. One bug fix in master by me. tested and ok tb@. commit on behalf of tedu@The option is on by default, so users of the relevant hardware can expect smooth(er) scrolling ahead.
He leads in with a TL;DR:
tl;dr
Consider playing with sysctl vfs.ffs.dirhash_maxmem to increase the maximum dirhash cache.
That said, it is worth your time to read the whole thing!
