OpenBSD security fixes for X server, smtpd, vmd, HardenedBSD’s Radicle migration, and FreeBSD Dev Summit 2026 details and more.

Releases

No releases.

BSDSec

OpenBSD releases security errata for X server, smtpd, and vmd: OpenBSD has issued errata patches addressing vulnerabilities in the X server, smtpd mail server, and vmd virtual machine daemon for versions 7.8 and 7.9. Binary updates are available for amd64, arm64, and i386 architectures through the syspatch utility, while source code patches can be obtained from the official errata pages.

As always, it’s worth following BSDSec. RSS feed available.

News

HardenedBSD May–June 2026 progress update: The HardenedBSD project detailed its May–June 2026 developments, highlighting the near-complete migration from self-hosted GitLab to Radicle for version control, though some workflow adjustments remain. Key priorities included fixing release image generation—particularly the disc1.iso—integrating Radicle into auto-sync processes, and replicating GitLab’s commit email functionality, with manual syncs performed interim. Recent FreeBSD security advisories prompted new builds for 16-CURRENT and 15-STABLE, though installer image issues persist, limiting testing to roughly two attempts per day. Infrastructure changes involved migrating ISP accounts, temporarily losing IPv6 tunnel support, while source updates addressed LLVM 21 compatibility, Radicle integration for core tools, and hardening improvements like sysctl node logic enhancements. Ports updates included fixes for multimedia/ffmpeg, pkg/2.7.5, and initial Radicle-based distfile downloads, alongside disabling PIE for devel/ccache4 and COMPAT32 for older misc/compat versions.

BSD Now 665: This episode of BSD Now highlights the release of OpenBSD 7.9, marking its 60th edition, alongside updates on FreeBSD’s critical infrastructure cleanup efforts. The show also features GhostBSD’s January 2026 financial report, Oracle’s reduced update frequency for Solaris 11.4, and a guide for running FreeBSD on a ThinkPad T14 Gen 2. Additional segments include NetBSD’s role in Apple Time Capsule devices, DragonFly BSD’s updated DPorts contribution guide, and a discussion on OpenJDK improvements for FreeBSD.

FreeBSD Developer Summit 2026 details and schedule: The Ottawa FreeBSD Developer Summit will take place June 17–18, 2026, co-located with BSDCan 2026 at the University of Ottawa, Canada. The event features two days of presentations, working groups, and hacker lounges, followed by BSDCan sessions from June 19–20. Key topics include kernel security research using LLMs, cloud integration strategies, FreeBSD Foundation updates, and discussions on the kernel scheduler and network stack improvements. Sponsored by the FreeBSD Foundation, the summit is open to all attendees, with registration available through the BSDCan website. Developer sessions will be held in the Desmarais Building, while evening activities and meals take place in the U90 Residence Hall. A detailed schedule lists talks, breaks, and collaborative working sessions across both days.

Tutorials

Configuring WireGuard between FreeBSD and OpenBSD: This guide details the step-by-step process of establishing a WireGuard VPN connection where a FreeBSD client initiates a connection to an OpenBSD monitoring server. On the OpenBSD side, the setup involves creating a WireGuard interface, generating keys, and configuring network settings via /etc/hostname.wg0. The FreeBSD configuration requires loading the if_wg kernel module, generating private and preshared keys, and setting up the interface using rc.conf and rc.local for persistence across reboots. The final step involves adding the FreeBSD peer details—including its public key, allowed IPs, and preshared key—to the OpenBSD configuration and restarting the interface. The connection is verified via ping, ensuring secure communication for metrics, logs, and alerts between the servers. The guide assumes OpenBSD 7.9 and FreeBSD 14.4 but notes compatibility with nearby releases.

Optimizing Database Performance with Direct IO and ZFS Cache Management: Database workloads differ significantly from traditional file storage, requiring specialized caching and I/O strategies to maintain performance and data consistency. This article examines how Direct IO functions within OpenZFS, detailing its interaction with the Adaptive Replacement Cache (ARC) and database buffer caches. It explores scenarios where bypassing the filesystem cache can enhance latency, throughput, and NVMe performance for database operations, including considerations for alignment requirements, compression benefits, and trade-offs between filesystem and database-managed caching. The discussion covers use cases where Direct IO improves predictability over raw performance, particularly with high-concurrency NVMe storage, while acknowledging that optimal configurations depend on factors like database type, data compressibility, and hardware capabilities. The piece concludes by emphasizing the importance of workload-specific testing to determine whether leveraging ZFS ARC or Direct IO delivers better results.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!