Issue 232
Published May 07, 2025

FreeBSD 14.3-BETA1 and DragonFly 6.4.1 released, OpenBSD updates SSH security, and more.

Releases

FreeBSD 14.3-BETA1 Available: The first BETA build for the FreeBSD 14.3 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64, and riscv64 architectures are FreeBSD mirror sites.

DragonFly 6.4.1 Released: DragonFly 6.4.1, a bugfix upgrade to version 6.4, has been released and is available for download. This release focuses on addressing bugs and improving stability.

BSDSec

OpenBSD Releases NFS Server Patches for Versions 7.6 and 7.7: Errata patches for the NFS server have been released for OpenBSD 7.6 and 7.7. These updates address vulnerabilities and are available for amd64, arm64, and i386 platforms via the syspatch utility. Source code patches can be found on the respective errata pages. Users are encouraged to apply these updates to ensure system security.

As always, it’s worth following BSDSec. RSS feed available.

News

Call for Testing: OpenSSH to Remove Last Remnants of DSA Support: OpenSSH is preparing to remove the final traces of DSA support, as announced by Damien Miller. This change aims to streamline the codebase but requires community testing to ensure compatibility, especially for interoperability tests. Users are encouraged to assist with testing before the changes are finalized. This follows earlier efforts to phase out DSA, aligning OpenSSH with modern cryptographic standards.

OpenBSD Enhances SSH Security by Relocating Agent Sockets: OpenBSD has implemented a security enhancement by moving SSH agent listener sockets from /tmp to ~/.ssh/agent. This change leverages the unveil(2) mechanism to prevent processes with restricted filesystem access, such as Firefox, from accessing SSH keys. The update also introduces new ssh-agent flags for managing stale sockets and supports NFS home directories. This improvement aims to enhance SSH security for users on the OpenBSD platform.

OpenBSD Installer Update: Preferring Disks Over 1GB for Root: The OpenBSD installer has been updated to prefer disks larger than 1GB as the default root disk during installation. This change aims to avoid selecting smaller or less suitable disks, such as install media or external drives, as the default option. The update modifies the disk selection process to prioritize larger disks, enhancing user convenience. This improvement is expected to streamline the installation process by reducing the need for manual adjustments.

Valuable News 2025-05-05: The “Valuable News” weekly series provides summaries of news, articles, and other interesting content, primarily related to UNIX/BSD/Linux systems. The series aims to filter essential information from the vast amount of data available online, making it easier for readers to stay informed without sifting through irrelevant content. This edition highlights various updates and tutorials related to UNIX/BSD/Linux, including custom XKB layouts, FPU emulation, and FreeBSD projects.

NYC*BUG May 2025 Meeting: FreeBSD Laptop Desktop Working Group + DJ-BSD Redux: The New York City BSD User Group (NYC*BUG) is hosting a meeting on May 14, 2025, focused on the FreeBSD Laptop and Desktop Working Group, with a DJ-BSD redux session. Charlie Li, a FreeBSD Ports committer, will lead an informal discussion on using FreeBSD for desktops and laptops, sharing insights into daily usage, development, and community involvement. The event will be held at NYU Tandon Engineering Building in Brooklyn, with remote participation via streaming and IRC for Q&A. RSVP is required for attendance.

NetBSD AGM2025: Annual General Meeting on May 17, 21:00 UTC: The NetBSD Foundation will host its 2025 Annual General Meeting on May 17 at 21:00 UTC. The event will take place in the netbsd-agm channel on irc.libera.chat, featuring presentations on technical direction, project services, and publicity, followed by a Q&A session. A full transcript will be available for those unable to attend. The meeting aims to engage the community and discuss the project’s future.

OpenBSD Installer Update: Prefer Disks Larger Than 1G for Installation: A proposed change to the OpenBSD installer aims to improve disk selection by prioritizing disks larger than 1G when multiple options are available. Currently, the installer defaults to the first detected disk (sd0), which can lead to issues if smaller USB sticks or install media are detected before the intended disk. The suggested update would reshuffle the list of valid root disks, placing smaller disks last. This change is intended to simplify the installation process without altering upgrade behavior for systems with smaller root disks and larger data disks. Feedback is being sought from the community to evaluate the proposal.

HardenedBSD April 2025 Status Report: Key Updates and Changes: April was a busy month for HardenedBSD, with several updates and improvements. The team fixed vulnerabilities and enhanced tools like hbsdcontrol. Notably, the build cadence for OS releases will slow to once per quarter due to dependency calculation delays in FreeBSD’s package manager. Collaborations with the Radicle project and a FreeBSD hackathon focused on Rust integration were also highlighted. Updates to build scripts for pkgbase support were made, with experimental repos planned for July.

BSD Now 609: Toe-Dipping in Amsterdam: Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking, Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator, OpenZFS Cheat Sheet, Dipping my toes in OpenBSD in Amsterdam, SSH keys from a command: sshd’s AuthorizedKeysCommand directive, How to move bhyve VM and Jail container from one host to another host, and more.

Testing Request: Parallel Fault Handler in OpenBSD: Martin Pieuchot has requested community testing for a diff enabling parallel execution of the upper fault handler in OpenBSD. This update aims to improve performance by allowing concurrent processing. Testers are encouraged to report back with dmesg logs to evaluate the impact on their systems. The change builds on recent commits that introduced the necessary code. Feedback is crucial for further development.

LibreSSL 4.1.0 Released: LibreSSL 4.1.0 has been released, featuring enhancements and bug fixes. This version includes improvements to elliptic curve cryptography, new SHA assembly implementations, and better CPU capabilities detection. It also introduces compatibility changes and new features like the tls_peer_cert_common_name() API. The release aligns with OpenBSD 7.7 and reflects modern, safe programming practices.

OpenBSD Update: pkg_add -u Stops Advising File Removal: Klemens Nanni has updated OpenBSD’s pkg_add -u command to no longer advise users to remove files during updates, addressing confusion caused by misleading messages. Previously, the command displayed messages intended for pkg_delete(1), leading to unnecessary file deletions. This change improves clarity and accuracy during package updates, enhancing the user experience. The update is part of ongoing efforts to refine OpenBSD’s package management system.

Tutorials

Tab completion with CDPATH in ksh: In this blog post, Dane Harrigan explains how he added tab completion of paths in CDPATH to cd, in ksh.

Run FreeBSD, OpenBSD & NetBSD VMs in Incus: Incus is a versatile platform that supports running BSD-based virtual machines, including FreeBSD, OpenBSD, and NetBSD. This guide explains how to use cloud images to set up these systems quickly and efficiently. The process involves downloading pre-configured cloud images, using the incus-migrate tool for migration, and launching the VMs. Incus simplifies management by treating BSD VMs similarly to containers or other VMs, making it a practical solution for testing, development, or deployment. With ready-to-use images and straightforward steps, Incus provides a reliable way to integrate BSD systems into your virtualization infrastructure.

Building a Modern OpenBSD Home Router: A Comprehensive Guide: This article details the process of building a secure and functional home router using OpenBSD. The author discusses the limitations of consumer routers and explores the hardware and software setup, including PPP and IPv6 configurations. The guide covers choosing compatible hardware, configuring interfaces, and establishing IPv4 and IPv6 connectivity. It also provides insights into turning a client into a router, setting up DHCP, and implementing firewall rules with pf. The author concludes with future tasks such as configuring NTP and DNS services.

Owning the Stack: FreeBSD and ZFS for Infrastructure Independence: In a world of opaque software licensing and vendor lock-in, FreeBSD and ZFS offer a path to infrastructure independence. This article explores how these open-source technologies provide long-term technical stability, architectural transparency, and operational autonomy. It highlights the risks of proprietary software, the advantages of FreeBSD’s permissive licensing, and ZFS’s robust file system integration. Additionally, it discusses how these tools align with global data sovereignty laws and offer practical solutions for modern enterprises seeking control over their infrastructure.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.