On its 25th birthday,
the OpenBSD project has released
the 49th release.
The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:
Those upgrading from 6.7 should consult the
Thanks to the developers for all the good work that went into this
excellent new release!
While your install sets download or when your packages update, please take the time to look at and use one or more of the recommended ways to support the project, such as making a donation, buying T-shirts. Corporate entities may prefer sending some money in the direction of the OpenBSD Foundation, which is a Canadian non-profit corporation.
Hitherto, releases of the
software (which underlies
have been unsigned.
This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature.
As signing is being performed manually, why not employ an additional [hardware] factor?
does not support the use of FIDO authenticators.
However, recent versions of
OpenSSH do support signing
using the [under-appreciated]
-Y sign option of
and with the recent addition of FIDO authenticator support to OpenSSH
[as reported previously],
we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.
Todd Mortimer (
for the macppc (powerpc) and powerpc64 platforms:
Module name: src
Changes by: firstname.lastname@example.org 2020/10/12 08:52:09
Add RETGUARD implementation for powerpc and powerpc64.
ok deraadt@ kettenis@
page for the full list of platforms on which RETGUARD is implemented.
schwarze@) writes in about a side project he's been working on to do his own accounting:
Sometimes, it happens to me that i make little progress with the
work i planned to do (so let's not talk about the badly needed
mandoc release today) and instead end up doing work that wasn't
planned at all.
Fresh off the k2k20 hackathon, Rafael Sadowski (
Due to the pandemic, this hackathon seemed to be called very spontaneously.
Fortunately, the hackathon was over a weekend. This enabled me to attend
without missing any professional obligations. On Friday morning, shortly after
sunrise, I took the train to Bad Liebenzell. On the train I worked for my
employer until I reached Karlsruhe at about 11am. I swapped my MacBook for my
OpenBSD ThinkPad T470s.
The fourth report from k2k20 comes from Florian Obser (
florian@), who worked mostly on DNS related things:
I spent the week before the hackathon with monitoring the current
pandemic situation. Will ze germans let me in? Will I put people at
risk? In the end it all looked OK-ish and I booked my train ticket a
day before leaving. Time to pack!
My current bag of holding is an Osprey Talon 22 and it fits an X1,
roost laptop stand, Microsoft sculpt keyboard, assorted cables,
toiletry bag and clothing for 6 days. Yes, this includes fresh
underwear and T-Shirts for every day.
Our next k2k20 report comes from Klemens Nanni (
I'd been looking forward to k2k20 just like my
other hackathon with its unique
atmosphere where getting work done in fact means holiday hacking with friends.
There was nothing big on my list but it had already grown into a rich assortment
of issues and itches to scratch - this usually aligns well with the release
cycle since it means focusing on regression fixes and polish during the -beta
phase until the tree gets locked for release.
Fresh off the just-finished k2k20 hackathon, here is a report from Bob Beck
We have a saying about hackathons - They are for starting something,
or for finishing something. This time for me was a "finishing
something" - I landed the new x509 certificate chain validation in
concluded recently, and we are please to have
received a report from Martijn van Duren (
I came to k2k20 on my motorcycle with my mask, a small backpack and a
stack of projects burning on my laptop to get pushed. After a long ride
ending on the lovely winding roads of the black forest I arrived at
Burg Liebenzell slightly past noon, where I was greeted by a collection
of other OpenBSD developers who just came back from lunch. After
checking in and a quick lunch of my own I joined the rest in the
hackroom where everything was set up in a wide circle giving every table
plenty of room for privilege separation^W^Wsocial distancing.
Martijn van Duren (
Module name: src
Changes by: email@example.com 2020/09/12 09:06:12
libexec : Makefile
libexec/login_ldap: Makefile aldap.c aldap.h bind.c login_ldap.8
login_ldap.c login_ldap.h search.c util.c
The code is based login_ldap port, but uses our own aldap implementation
instead of openldap. It also uses a stand alone configuration file
instead of login.conf, since setting this up might contain information
not destined for everyone to see.
"Go for it" deraadt@
example configuration file