FreeBSD 15.0-BETA3 and OpenBSD 7.8 released with new features, NetBSD NAT64 enhancements and more.
Releases
FreeBSD 15.0-BETA3 Available: The third BETA build for the FreeBSD 15.0 release cycle is now available. ISO images for the amd64, armv7, aarch64, powerpc64, powerpc64le, and riscv64 architectures are FreeBSD mirror sites.
OpenBSD 7.8 Released: New Features, Security, and Performance: OpenBSD 7.8, the project’s 59th release, introduces key improvements like preliminary Raspberry Pi 5 support, parallel TCP input processing, and SEV-ES virtualization for AMD. Security enhancements include OpenSSH 10.2 (with DSA removal, PKCS#11 Ed25519 support, and QoS optimizations), LibreSSL 4.2.0, and OpenSMTPD 7.7.0p0. Developer tools like clang 19, LLVM/lld updates, and a new profiling subsystem improve performance, while lldpd and erspan(4) expand networking capabilities. Upgrades are streamlined via sysupgrade(8). Full details in the changelog.
BSDSec
OpenBSD syspatch errata fixes root disk aliasing issue: An errata patch for OpenBSD 7.8 addresses a bug in syspatch(8) where the utility fails due to confusion with aliased /dev/*rootdisk entries in the database created by dev_mkdb(8). The issue may occur when /usr is not a separate filesystem, causing syspatch to malfunction during updates. A temporary workaround involves modifying the syspatch script to disable filesystem checks, rerunning the patched version, and regenerating the device database. Binary updates are available for amd64, arm64, and i386 platforms, with source patches listed on the OpenBSD 7.8 errata page. The fix ensures reliable system patching without manual intervention.
FreeBSD Security Vulnerability in SO_REUSEPORT_LB UDP Handling: A critical vulnerability (CVE-2025-24934) in FreeBSD’s SO_REUSEPORT_LB socket option allows connected UDP sockets to receive packets from any host, violating the connect(2) contract and enabling spoofing attacks. The flaw stems from missing connection-state checks when adding sockets to load-balancing groups, affecting all supported FreeBSD versions. No workaround exists; users must patch via freebsd-update or manual source updates. Corrections were released on 2025-10-22 for branches 13.5, 14.3, and 15.0. Discovered by researchers at Hebrew University, the issue underscores risks in network socket implementations.
As always, it’s worth following BSDSec. RSS feed available.
News
Fall 2025 FreeBSD Vendor Summit registration open: The Fall 2025 FreeBSD Vendor Summit is scheduled for November 6–7 at NetApp’s headquarters, offering two days of collaboration between FreeBSD developers and industry partners. The event focuses on technical discussions, strategic planning, and direct engagement among participants, with a registration deadline of October 31 for printed badges. A full schedule is available on the FreeBSD Foundation’s event page, which also provides details on sessions and participation. Organized by the FreeBSD Foundation, the summit aims to strengthen partnerships and advance the development of the FreeBSD operating system.
FreeBSD eliminates root privileges and achieves reproducible builds: The FreeBSD Foundation has completed infrastructure improvements allowing the operating system to be built entirely without root privileges, enhancing security by reducing potential attack surfaces and privilege escalation risks. The changes—currently in the development branch and slated for FreeBSD 15.0—enable unprivileged builds of all release artifacts, including ISO images, VM images, and cloud disk images, simplifying automation and community contributions. Concurrently, FreeBSD introduced reproducible build processes that ensure identical source inputs produce byte-for-byte identical binaries by normalizing timestamps, stabilizing file ordering, and standardizing build environments. These advancements improve supply chain integrity, auditability, and long-term maintainability while enabling safer, containerized build pipelines for both official infrastructure and local development. The work was funded through a program commissioned by the Sovereign Tech Agency.
Let’s Help NetBSD Cross the Finish Line Before 2025 Ends: The NetBSD Foundation seeks community support to reach its $50,000 yearly funding goal, with $39,262 remaining before 2025 ends. Donations will advance key projects like RISC-V architecture support and Wi-Fi stack modernization, ensuring NetBSD stays relevant on laptops and embedded systems. Beyond technical upgrades, NetBSD promotes sustainability by extending hardware lifespan—repurposing old devices as firewalls, servers, or retro-gaming machines. The call-to-action urges donations or social media advocacy (#WhyIRunNetBSD) to bridge the gap.
BSD Now 634: Why Self-Host?: Why Self-host?, Advanced ZFS Dataset Management, Building a Simple Router with OpenBSD, Minimal pkgbase jails / chroots, WSL-For-FreeBSD, Yubico yubikey 5 nfc on FreeBSD, The Q3 2025 Issue of the FreeBSD Journal, and more.
Windows Subsystem for FreeBSD: This repository hosts work-in-progress efforts to run FreeBSD inside Windows Subsystem for Linux (WSL2) with minimal to no changes to the FreeBSD base system. The project builds on the open-source components of WSL2 to enable FreeBSD to boot and run seamlessly in a Windows environment.
BoxyBSD Launches Redesigned Website for Broader Accessibility: BoxyBSD, a non-profit project offering free BSD-based VPS hosting, has unveiled a modernized website to improve accessibility for beginners and experienced users alike. The redesign replaces the previous “geeky” interface with a cleaner, more intuitive layout, removing barriers for those new to BSD systems like FreeBSD, OpenBSD, and NetBSD. The update aims to attract a wider audience by simplifying navigation and emphasizing ease of use, while maintaining its non-profit, open-access ethos.
NetBSD Enhances NAT64 Protocol Translation in NPF: The NetBSD Blog details progress on the Google Summer of Code 2025 project to improve NAT64 protocol translation in NetBSD’s Packet Filter (NPF). The update explains how NAT64 rules (e.g., map wm0 algo "nat64") enable IPv6-to-IPv4 translation by embedding IPv4 addresses in IPv6 prefixes (e.g., 64:ff9b::/96). Key accomplishments include implementing core translation logic (npf_nat64_rwrheader), checksum recalculation, and extending npf.conf(5) syntax. Testing with tools like tcpdump and curl validated functionality. The project integrates NAT64 + DNS64, allowing IPv6-only clients to access IPv4 servers, with ongoing development planned. Source code is available on GitHub.
Tutorials
FreeBSD PKGBASE: A New Era for System Management: The article introduces PKGBASE, a new approach for managing FreeBSD’s base system using the pkg(8) package manager, which replaces the traditional freebsd-update(8) and base.txz/kernel.txz methods, offering greater flexibility and modularity. While the FreeBSD community is divided over this change, with debates on whether to use a single pkg(8) command for both base and third-party packages, the author highlights its advantages, such as the ability to install only necessary components and streamlined updates. However, the transition comes with critical warnings: executing pkg delete -fay on a PKGBASE system can destroy the installation, and users must avoid legacy update methods like freebsd-update(8) or make installworld to prevent system breakage.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!