GhostBSD 26.1-R15.0p2 integrates FreeBSD 15.0 with ZSH, XLibre, and WireGuard, OpenBSD CPU scheduling tweaks, and FreeBSD’s Beach Cleaning Project for security and more.
Releases
GhostBSD 26.1-R15.0p2 released with FreeBSD 15.0 integration: GhostBSD 26.1-R15.0p2 introduces a major update by transitioning to FreeBSD 15.0-RELEASE, incorporating upstream improvements like expanded hardware support and security enhancements. Key changes include switching the default shell to zsh, adopting XLibre as the default display server, and adding Enterprise WPA (802.1X/EAP) and WireGuard support in NetworkMGR. Update Station now handles boot environment-based major version upgrades, while Software Station features faster package searches via bisect-based algorithms. The release also refreshes the visual identity with new wallpapers, icon themes, and theme variants, though existing users upgrading will retain their current display server (Xorg or otherwise). Notable fixes address UEFI boot issues, missing installers in XFCE, and VirtualBox EFI mode compatibility, with a known post-upgrade issue involving invisible panels (resolved by logging out and back in).
BSDSec
OpenBSD Errata: April 17, 2026 (pgrp): Errata patches for kernel fork process group have been released for OpenBSD 7.7 and 7.8. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.
FreeBSD 13.5 and stable/13 branch reaching end-of-life on April 30, 2026: FreeBSD 13.5 and its stable/13 branch will officially reach end-of-life on April 30, 2026, after which the FreeBSD Security Team will no longer provide updates or support. Users are advised to transition to newer releases such as those in the stable/14 or stable/15 branches, which have extended support timelines through 2028 and 2029, respectively. The announcement includes a table of currently supported releases, including FreeBSD 14.3, 14.4, and 15.0, along with their respective end-of-life dates. Further details and security advisories can be found on the FreeBSD Security Team’s official page. This marks the conclusion of the 13.x series lifecycle in the FreeBSD project.
As always, it’s worth following BSDSec. RSS feed available.
News
Valuable News – 2026/04/20: The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX/BSD/Linux ecosystems, filtering relevant content from overwhelming information streams. This edition highlights GhostBSD 26.1-R15.0p2 with XLibre and ZSH, a migration guide from Proxmox to FreeBSD for home servers, and Podman’s integration on FreeBSD without systemd. It also covers OpenSSL 4.0.0, OpenBSD’s CPU scheduling tweaks, and ZFS optimizations like L2ARC for RAM constraints.
FreeBSD’s Beach Cleaning Project enhances security and maintainability: The FreeBSD Foundation’s Beach Cleaning Project focused on improving the security and long-term sustainability of FreeBSD’s base system by addressing often-overlooked infrastructure challenges. A key achievement was upgrading OpenSSL from version 3.0 to 3.5 LTS, extending security support alignment with FreeBSD 15’s lifecycle and reducing maintenance burdens. The project also created a machine-readable inventory of over 1,000 components in the base system, including 73 third-party imports, while developing tools for SBOM generation, security risk assessment, and maintainer tracking. These improvements provide better visibility into dependencies, ownership, and vulnerabilities, while automated workflows ensure easier future maintenance. The initiative serves as a model for other open-source projects facing similar challenges in software transparency and long-term infrastructure management.
Playing with FreeBSD: ” “What’s all the fuss about FreeBSD? What is it, anyway?”, I remember these thoughts going through my head, sometime last year. There were quite a few people posting enthusiastically about FreeBSD on the Fediverse. Having used Linux for many years, I was vaguely aware of the idea that BSD is some flavour of Unix—a family of free and open source computer operating systems. My curiosity was triggered, and I decided to learn more about it. I guess even the Fediverse has influencers. (…)” — a blog post by Ruben Verweij.
AsiaBSDCon 2026 trip report highlights key sessions and networking: The AsiaBSDCon 2026 conference and FreeBSD Developer Summit took place over four days at National Taiwan Normal University in Taipei, with the first two days dedicated to developer discussions and the latter two to the main conference. A sponsored attendee from Laos missed the first day due to flight delays but participated in sessions including an IPv6 tutorial, discussions on OS development acceleration, and talks on Bhyve management, cloud-native networking in FreeBSD jails, and memory safety with CHERI. The attendee also met with organizers to discuss LibreOffice’s FreeBSD lifecycle integration and the growth of the FreeBSD community in Laos, expressing hopes to host AsiaBSDCon 2028. The event provided technical insights, networking opportunities, and potential future collaborations for regional BSD communities.
AsiaBSDCon 2026 trip report highlights key developments and collaborations: The AsiaBSDCon 2026 conference in Taipei featured a two-day FreeBSD Developer Summit followed by a main conference, with sessions covering topics like FreeBSD on WSL 2, Ansible integration, and LLVM kernel debugging. Notable presentations included Kenichi Yasukata’s portable TCP/IP stack design, Pierre Pronchery’s smolBSD container-oriented NetBSD images, and George Neville-Neil’s runtime reoptimization for heterogeneous hardware. Brooks Davis also discussed the CheriBSD upstreaming effort, demonstrating its effectiveness in catching memory bugs, while Minsoo Choo engaged in productive discussions on hybrid scheduling and IntelHFI patches.
Tutorials
Compensating for RAM Constraints with L2ARC on ZFS: ZFS relies on RAM for its Adaptive Replacement Cache (ARC) to optimize read performance, but memory limitations can degrade efficiency when the working dataset exceeds available RAM. The L2ARC extends caching to fast secondary storage like SSDs, acting as a secondary read cache to mitigate performance loss from constrained RAM. While not as efficient as the ARC, it uses a ring buffer design for sequential writes, reducing overhead and improving read speeds for frequently accessed data. However, L2ARC introduces metadata overhead in RAM, requiring careful sizing to avoid starving the primary ARC of resources. Effective use involves selecting appropriate workloads, tuning parameters like l2arc_mfuonly to prioritize frequently used data, and monitoring performance metrics to validate improvements.
FreeBSD verimg(8) tool for automated image creation and installation: The verimg(8tool is a lightweight alternative to FreeBSD’s release.shfor creating custom VM images and performing unattended installations. Designed to address reliability issues with release.shit automates the process of fetching FreeBSD sources, building packages, setting up ZFS-based storage, and installing a minimal system with optional third-party packages. The tool supports both VM image creation (default) and direct installation to a mounted directory, with configurable options for image size, FreeBSD version, package selection, and ZFS pool naming. It also includes ccache(1integration to accelerate builds and detailed logging for troubleshooting. While currently limited to raw disk images and basic ZFS configurations, future updates may add geli(8encryption and additional format support. The project is open-source and available on GitHub.
NetBSD full-disk encryption setup guide: This guide details a manual installation of NetBSD 11.0_RC3 with full-disk encryption using the cryptographic device driver (CGD) on an amd64 UEFI system. The process involves creating a four-partition layout: an EFI system partition (ESP), a minimal root partition for booting, an auto-encrypted swap partition, and an encrypted system partition hosting /var, /usr, and /home. The tutorial covers disk preparation, CGD configuration with AES-XTS 512-bit encryption, disklabel creation, and system setup—including network configuration, user management, and fstab adjustments. It also addresses common pitfalls like device permissions and keymap settings during boot. The guide assumes a wired network connection and disabled Secure Boot, providing step-by-step commands for partitioning, encryption, and post-installation configuration.
OpenBSD introduces granular CPU scheduling with sysctl hw.blockcpu: OpenBSD has deprecated the hw.smt sysctl in favor of a more granular mechanism called hw.blockcpu, which allows administrators to exclude specific CPU core types from the scheduler.
Redundant DHCP and DNS with OpenBSD and FreeBSD: This guide details setting up a fault-tolerant DHCP and DNS infrastructure using OpenBSD on an ODROID HC4 and FreeBSD on a Raspberry Pi Zero 2W. The DNS redundancy leverages Unbound on both systems, with clients configured to query both resolvers for automatic failover, while DHCP synchronization uses OpenBSD’s dhcpd(8) with its built-in -y and -Y flags to maintain lease consistency across servers. Configuration files for Unbound and DHCP are replicated between systems, with minor path adjustments for FreeBSD, and TLS certificate handling requires the ca_root_nss package on FreeBSD. The setup ensures continuous service during maintenance by distributing workloads across distinct hardware and operating systems, reducing single points of failure.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!