OpenBSD 7.8 release

The release of the free UNIX-like operating system OpenBSD 7.8 is presented. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers that denied Theo access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, proactive security and integrated cryptographic tools. The size of the full installation ISO image of the base OpenBSD 7.8 system is 597 MB.

Beyond the operating system itself, the OpenBSD project is known for its components, which have been adopted by other systems and have established themselves as some of the most secure and high-quality solutions. These include: LibreSSL (a fork of OpenSSL), OpenSSH, the PF packet filter, the OpenBGPD and OpenOSPFD routing daemons, the OpenNTPD NTP server, and the mail server. server OpenSMTPD, a text terminal multiplexer (similar to GNU screen), tmux, the identd daemon with an implementation of the IDENT protocol, a BSDL alternative to the GNU groff package — mandoc, a protocol for organizing fault-tolerant systems CARP (Common Address Redundancy Protocol), a lightweight HTTP server, and the OpenRSYNC file synchronization utility.

Major changes:

• The ARM64 port adds support for Raspberry Pi 5 boards, implements the acpicpu driver, and enables apm (Advanced Power Management) and sysctl hw.cpuspeed support on devices with Qualcomm Snapdragon X Elite chips.
• Support for the FD_CLOFORK (close-on-fork) flag has been implemented for closing file descriptors for child processes after calling the fork() function. Compared to other implementations, this flag is cleared after calling the exec() function for security and convenience reasons.
• A subsystem for performing high-level operations of allocation, scheduling and dispatching of software interrupts (soft interrupt dispatcher) has been added.
• The kernel has been converted to use nanoseconds instead of timer ticks when executing the sleep function, avoiding the loss of precision due to conversions from nanoseconds to ticks and back when initiating operations from library functions in user space.
• Improved compatibility with file systems based on the FUSE (Filesystem in Userspace) mechanism, which use the libfuse library in their implementation.
• Improved support for sleep and standby modes. Workspace pre-allocation for sleep mode during boot is now supported. Support for using standby mode when connecting devices via GPIO is now available. Support for suspending laptops with AMD CPUs when using the S0ix low-power mode has been added. The ddb.suspend sysctl has been implemented, allowing the inteldrm and amdgpu drivers to be suspended, allowing the screen to remain active. Improved reliability of the S3 standby mode when using the amdgpu graphics driver.
• Support for multiprocessor systems (SMP) has been improved. TCP stack execution is now parallelized across different CPU cores. Up to eight threads (but no more than the number of CPU cores) can now be used to process TCP traffic and incoming network packets. Parallel execution of IPv6 packet fragment reassembly and IPv6 routing parameter parsing operations has been implemented. The close() and listen() system calls are now free of global locks.
• The implementation of the drm (Direct Rendering Manager) framework is synchronized with the kernel Linux 6.12.50 (previous release: 6.12.21). New qcdrm and qcdpc drivers have been added for the Qualcomm Snapdragon DRM subsystem and the Qualcomm DisplayPort controller.
• Support for OpenBSD operation has been implemented virtual machines kvm/qemu when using the AMD SEV-ES (Encrypted State) extension for guest system security. The vmd hypervisor now supports running guests in AMD SEV-ES mode. The "seves" parameter has been added to vm.conf to enable this. The emulated Virtio devices network, block, entropy, and scsi have been updated to support the Virtio 1.2 specification.
• The pkg-config utility has been migrated from its own Perl implementation to use the pkgconf 2.4.3 toolkit, written in C.
• The iwatch program is used as a watch utility that periodically runs commands and displays their output.
• The security script, which performs periodic security checks, now supports GPT/MBR backups. The "-R" option has been added to the fdisk utility for restoring a GPT/MBR backup from a file.
• The "-w percent" option and the /etc/apm/warnlow handler have been added to the apmd background process to organize the display of a warning when the battery charge drops below the specified level.
• A new profiling system, gprof, has been implemented, using the profil system call.
• Expanded hardware support and added new drivers:
  • acpiwmi — Windows Management Instrumentation.
  • amdpmc is the AMD power management controller.
  • bcmmip — MSI BCM2712 controller.
  • bcmstbgpio — Broadcom GPIO controller.
  • bcmstbintc is the Broadcom interrupt controller.
  • bcmstbpinctrl — Broadcom pin multiplexing.
  • bcmstbrescal - Broadcom reset calibration controller.
  • bcmstbreset - Broadcom reset controller.
  • rpone - Raspberry Pi RP1 peripheral controller.
  • rpiclock — Raspberry Pi RP1 clock controller.
  • rpipwm - Raspberry Pi RP1 PWM controller.
  • rpirtc — Raspberry Pi real-time clock.
  • iasuskbd(4) — ASUS I2C HID.
• Support for the H.264 codec has been added to the uvideo webcam driver.
• Added background process lldpd with implementation of LLDP (Link Layer Discovery Protocol) protocols and lldp utility for managing it.
• Added background process bpflogd to capture network packets using bpf (Berkeley Packet Filter) and write them to the log in tcpdump format.
• In iked, the IKEv2 protocol implementation for IPsec, the ability to load multiple certificates from a file has been added.
• The LibreSSL library has been updated to version 4.2.0, which introduces an API for using the ML-KEM (CRYSTALS-Kyber) key exchange algorithm, which is resistant to brute-force attacks on a quantum computer.
• OpenSSH has been updated. A list of changes can be found in the OpenSSH 10.1 and 10.2 announcements:
• The number of ports for the AMD64 architecture is now 12651 (up from 12593), for aarch64—12506 (up from 12446), and for i386—10457 (up from 10429). Application versions in the ports include:
  • Asterisk 22.5.2
  • Audacity 3.7.5
  • CMake 3.31.8
  • Chromium 141.0.7390.54
  • Emacs 30.2
  • ffmpeg 6.1.3
  • GCC 8.4.0 and 11.2.0
  • GHC 9.8.3
  • GNOME 48
  • Go 1.25.1
  • JDK 8u462, 11.0.28, 17.0.16, 21.0.8 and 25.0.0
  • KDE Applications 25.08.1
  • KDE Framework 6.18.0
  • KDE Plasma 6.4.5
  • Krita 5.2.13
  • LLVM/Clang 19.1.7, 20.1.8 and 21.1.2
  • LibreOffice 25.8.1.1
  • Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.7
  • MariaDB 11.4.7
  • Mono 6.12.0.199
  • Mozilla Firefox 143.0.3 and ESR 140.3.1
  • Mozilla Thunderbird 143.3.1
  • Mutt 2.2.15 and NeoMutt 20250905
  • Node.js 22.20.0
  • OCaml 4.14.2
  • OpenLDAP 2.6.10
  • PHP 8.2.29, 8.3.26 and 8.4.13
  • Postfix 3.5.25 and 3.10.1
  • PostgreSQL 17.6
  • Python 2.7.18 and 3.12.11
  • Qt 5.15.16 (+ patches from kde) and 6.8.3
  • R4.5.1
  • Ruby 3.2.9, 3.3.9 and 3.4.6
  • Rest 1.90.0
  • SQLite 3.50.4
  • Shotcut 25.08.16
  • Sudo 1.9.17p2
  • Meerkat 7.0.7
  • Tcl/Tk 8.5.19 and 8.6.16
  • TeX Live 2025
  • Vim 9.1.1706 and Neovim 0.11.4
  • Xfce 4.20.0
• Updated third party components included with OpenBSD 7.8:
  • Xenocara graphics stack based on X.Org 7.7 with xserver 21.1.18 + patches, freetype 2.13.3, fontconfig 2.15.0, Mesa 25.0.7, xterm 399, xkeyboard-config 2.20, fonttosfnt 1.2.4.
  • LLVM/Clang 19.1.7 (+ patches)
  • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
  • Perl 5.40.1 (+ patches)
  • NSD 4.3.0
  • Unbound 1.24.0
  • Ncurses 6.4
  • Binutils 2.17 (+ patches)
  • Gdb 6.3 (+ patches)
  • Awk 20250116/XNUMX/XNUMX
  • Expat 2.7.3
  • zlib 1.3.1 (+ patches)

  Source: opennet.ru