OpenBSD 7.9 Released

The OpenBSD project has announced OpenBSD 7.9, its 60^th release.

The new release contains a number of significant improvements, including but certainly not limited to:

• MAXCPU value on OpenBSD/amd64 increased to 255 [See earlier report]
• Preparations for supporting 52 disk partitions [See earlier report]
• Introduced selective blocking of cores from the scheduler with sysctl hw.blockcpu [See earlier report]
• Delayed hibernation support on OpenBSD/amd64 laptops [See earlier report]
• On amd64, implemented delayed hiberation [See earlier report]
• Parallel fault handling enabled on amd64 and arm64 platforms
• drm(4) code updated to linux 6.18.16 [See earlier report]
• Added sysctl(8) machdep.vmmode to indicate status as a host or guest [See commit]
• Added vmboot (on amd64), a tiny kernel for booting SEV VMs, which allows sysupgrade(8) to work [See commit]
• Made OpenBSD run as a guest under Apple Hypervisor [See earlier report]
• Converted vmd(8)'s virtio scsi device to a subprocess [See earlier report]
• Added nhi(4), a driver for USB4 controllers, which allows modern laptops with AMD CPUs to reach the appropriate low power idle states during S0ix suspend. [See commit]
• Added basic implementation of the low-level FUSE API
• Improved sysugprade(8) handling of low disk space in /usr [See earlier report]
• fw_update(8) now checks dmesg(8) output in addition to dmesg.boot [See earlier report]
• On amd64, added support for loading kernels from the EFI system partition [See commit]
• The pledge(2) "tmppath" promise has been retired [See earlier reports]
• Enabled IPv6 autoconf [SLAAC] by default in installer [See commit]
• Private VLAN (PVLAN) support added to veb(4) [See commit]
• LACP support removed from trunk(4) [See earlier report]
• Multiple pf(4) enhancements:
  • Source and state limiters introduced [See earlier report]
  • Print both nat-to and rdr-to in pfctl -s rules
• Added httpd.conf(5) "no banner" configuration directive to suppress generation of "Server" header [See commit]
• In relayd(8), added support for PROXY protocol in TCP relays
• In acme-client(1), added support for IP Address certificates
• OpenBGPD 9.1 [See earlier reports on releases of versions 9.0 & 9.1]
• rpki-client 9.8 [See earlier reports on releases of versions 9.7 & 9.8]
• LibreSSL 4.3.1 [See earlier report]
• OpenSSH 10.3 [See earlier report]
  • Several security enhancements were added
  • Added ssh(1) escape ~I showing information about the current SSH connection [See commit]
• chromium (and derivatives) gained VA-API support [See earlier report]
• chromium (and derivatives) gained (Open) Widevine support support [See earlier report]

See the full changelog for more details of the changes made over this latest six month development cycle.

The Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8).

Readers are encouraged to celebrate the new release by donating to the project to support further development of our favourite OS!

Migrating mail servers from exim to OpenSMTPD (smtpd) is fun and useful

However, that software has had its share of security issues over the years, and during the preparations for the OpenBSD 7.9 release, the ports maintainers decided that

"History of security issues + setuid root is a terrible combo."

This meant that the mail service needed to migrate to something else, and Peter wrote up a short article about migrating a multi-domain, multi-site setup to smtpd: OpenSMTPD Is The Mail Server For The Future. The article has a working configuration and advice on how to proceed.