OpenBSD 7.9-beta tightens pledge(2), PF breaks 4 Gbps limit, and FreeBSD Raspberry Pi NAS guide and more.

Releases

No releases.

BSDSec

OpenBSD Errata: March 21, 2026 (expat sack): OpenBSD 7.7 and 7.8 have received security updates addressing vulnerabilities in the expat XML parsing library and a TCP selective acknowledgment (SACK) issue in the kernel. Binary patches are available for amd64, arm64, and i386 architectures through the syspatch utility, while source code fixes can be obtained from the official errata pages for each release. The updates were announced on March 20, 2026, with details provided by the OpenBSD project. No additional mitigation steps or workarounds were specified in the advisory.

As always, it’s worth following BSDSec. RSS feed available.

News

Valuable News – 2026/03/23 UNIX/BSD/Linux and tech roundup: The Valuable News weekly series curates notable updates, articles, and resources primarily focused on UNIX, BSD, and Linux systems, along with broader tech-related content. This edition highlights FreeBSD advancements, including Git weekly updates, security reports on login tracking, and tutorials like setting up a NAS on Raspberry Pi or using Docker containers on FreeBSD. OpenBSD developments feature PF queue performance breaking 4 Gbps and pledge(2) enhancements in the 7.9-beta release. Hardware discussions cover AMD’s Ryzen AI systems, NVIDIA’s new CPU ventures, and high-performance NVMe SSDs. Additional topics span AI integration on FreeBSD via Linux emulator, critiques of Wayland’s impact on Linux desktops, and retrospectives on tech pioneers like Tony Hoare. The roundup also includes multimedia content such as BSD Now podcasts, OpenBSD installation guides, and critiques of modern tech trends like “enshittifAIcation”.

OpenBSD’s init system explored: The OpenBSD init system is highlighted as a traditional and straightforward approach to system initialization, contrasting with more complex modern alternatives like systemd. It operates by executing a shell script during boot, allowing users to directly implement custom commands and configurations. This simplicity makes it an appealing option for those seeking transparency and control over their system’s startup process. The discussion also touches on broader concerns about systemd, including recent controversies such as the adoption of “slopcoding” practices and the integration of age verification mechanisms. These developments have prompted some users to reconsider alternatives like OpenBSD or systemd-free Linux distributions such as Void, aiming to maintain greater autonomy over their systems.

OpenBSD 7.9-beta tightens pledge(2) file access rules: OpenBSD 7.9-beta introduces stricter enforcement of the pledge(2) system call, removing previous exceptions that allowed certain files or devices to be opened without the “rpath” or “wpath” promises. The change affects programs relying on implicit access to paths like /dev/null, /etc/resolv.conf, and timezone databases, which now require explicit pledge() or unveil(2) permissions. Port maintainers are advised to test software on snapshots and update code to either open files before calling pledge(), add necessary promises, or configure unveil() for specific paths. The update particularly impacts Go-based software, which often implements its own libc-like functionality, and common use cases such as DNS resolution or null device access.

OpenBSD PF removes 4 Gbps queue limit: OpenBSD’s PF packet filter has resolved a long-standing 32-bit limitation in its HFSC traffic-shaping queues, which previously capped bandwidth at ~4.29 Gbps due to integer overflow. The constraint became problematic as 10G, 25G, and 100G network interfaces grew common, causing incorrect scheduling when values exceeded the limit. A new patch expands the kernel’s HFSC scheduler to use 64-bit integers, eliminating the bottleneck and enabling correct configuration of queues up to 999 Gbps, far exceeding current hardware capabilities. Existing configurations under 4 Gbps remain unaffected, while the update also fixes a display bug in pftop(1) that misreported higher bandwidth values.

BSD Now 655: No Reboot Required: This episode covers the implementation of jails in NetBSD, offering lightweight virtualization similar to FreeBSD’s feature. It also explores ARC and L2ARC memory caching optimizations for Proxmox environments using ZFS, along with a detailed breakdown of OpenBSD’s bsd.rd ramdisk structure. Additional topics include running Docker containers on FreeBSD, configuring Apple Time Machine backups within a FreeBSD jail, and a user’s perspective on switching from Linux to FreeBSD after decades.

OpenBSD Errata: March 19, 2026 (calendar): OpenBSD has issued errata patches for the calendar utility affecting versions 7.7 and 7.8, addressing unspecified issues in the software. Binary updates are available for amd64, arm64, and i386 architectures through the syspatch utility, allowing users to apply fixes without manual compilation. Source code patches are also provided on the official OpenBSD errata pages for both releases. The announcement follows standard OpenBSD procedures for distributing security and reliability updates outside regular release cycles. No additional details about the vulnerabilities or their severity were included in the advisory.

Jailrun — cross-platform orchestration for FreeBSD jails: Jailrun is an orchestration layer for FreeBSD jails. Define your stack in declarative UCL, run jrun up, and get jails wired together with port forwarding, process supervision, provisioning via Ansible, and instant clones via ZFS snapshots. Every component is transparent and accessible — nothing is hidden behind abstractions.

Valuable News – 2026/03/16: The Valuable News weekly series curates a summary of news, articles, and resources primarily related to UNIX, BSD, and Linux systems. This edition highlights key developments such as the release of FreeBSD 14.4, which introduces improved security, storage, and cloud support, alongside reviews and user experiences. It also covers OpenBSD’s transition to 7.9-beta, NetBSD security testing on ARM hardware, and updates to tools like Arkime 6 for network analysis.

FreeBSD’s enduring appeal through a sysadmin’s 20-year journey: A long-time sysadmin recounts discovering FreeBSD in 2002 after years with Linux, highlighting its superior documentation, stability, and performance on limited hardware. The FreeBSD Handbook became a foundational resource, emphasizing a philosophy of understanding before action, while features like jails, ZFS integration, and predictable upgrades reinforced its reliability for production environments. The author contrasts FreeBSD’s measured evolution with Linux’s rapid changes, praising its consistency across decades, including unchanged tool behavior and backward compatibility. Beyond technical strengths, the piece underscores the BSD community’s passion, collaboration, and resistance to commercialization, citing interactions with developers and the FreeBSD Foundation’s user-focused approach. The reflection concludes by framing FreeBSD as a tool built for longevity, where “The Power to Serve” manifests in both code and community ethos.

Tutorials

FreeBSD Raspberry Pi NAS setup guide: This guide demonstrates how to build a network-attached storage (NAS) system using FreeBSD 15.0 on a Raspberry Pi 4, leveraging ZFS for storage management and Samba for file sharing. The process involves downloading a pre-built FreeBSD image for the Pi, configuring necessary hardware like Ethernet and HDMI, and modifying the boot configuration for display compatibility. The tutorial covers creating a mirrored ZFS storage pool with external USB drives, installing and configuring Samba for cross-platform file sharing, and enabling network discovery via Avahi. While the setup is not recommended for production environments, it serves as an accessible introduction to FreeBSD’s storage capabilities and basic NAS implementation, with the added benefit of easy pool import/export functionality for portable storage needs.

Running Generative AI with Linuxulator and eGPU on FreeBSD: This guide details how to run generative AI workloads on FreeBSD using Linux binary compatibility (Linuxulator) and an external NVIDIA GPU (eGPU). The author initially faced dependency and Python compilation issues when attempting native FreeBSD execution, leading them to leverage FreeBSD’s Linux emulator to run AI tools like Real-ESRGAN (for image upscaling) and Fooocus (for image generation). The process involves configuring FreeBSD’s NVIDIA drivers, setting up a Rocky Linux 9 environment within /compat/linux, compiling Python 3.10 from source, and deploying a custom UVM workaround to enable GPU access. Performance and power consumption were comparable to native Linux setups, though the author acknowledges the complexity of maintaining version alignment between FreeBSD and Linux layers. The guide serves as a proof-of-concept for running AI tools on BSD systems while highlighting the trade-offs of relying on Linux emulation.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!