OpenBSD 7.9 release with hardware/software updates, NetBSD 11.0 RC4 testing phase, and OpenBSD mail server migration from exim to OpenSMTPD and more.
Releases
OpenBSD 7.9 released: OpenBSD 7.9, released on May 19, 2026, marks the project’s 60th release and introduces significant updates across multiple architectures and subsystems. This version adds support for new hardware, including the SpacemiT K1 SoC on riscv64, RK3588/RK3576 SoCs on arm64, and Apple Virtualization compatibility. Security enhancements include stricter pledge(2) and unveil(2) handling, removal of the ‘tmppath’ pledge promise, and fixes for potential vulnerabilities in OpenSSH, LibreSSL, and rpki-client. Networking improvements feature VLAN-aware bridges in veb(4), IPv6 autoconf (SLAAC) enabled by default, and updates to pf(4) with source/state limiters. The release also updates core components like OpenSSH 10.3, LibreSSL 4.3.0, and includes over 13,000 pre-built packages for amd64, with highlights like GNOME 49, KDE Plasma 6.6.4, and Firefox 150.0. The installer now supports loading files from the EFI system partition on amd64, and the system includes updated manual pages and documentation.
NetBSD 11.0 RC4 released for final testing: The NetBSD project has announced the fourth release candidate for NetBSD 11.0, marking what is hoped to be the final testing phase before the official release. This version includes fixes for defects found in earlier candidates, such as performance improvements for the ftp(1) client, updates to tmux(1), reliability enhancements for blocklistd(8), and corrections in the Mesa library. Additionally, it incorporates recent security updates for bundled third-party software like OpenSSH, OpenSSL, Postfix, and Bind. Installation images are available in both CD-sized and full-featured DVD formats, with separate builds for ARM-based devices. Users are encouraged to test the release and report any issues via NetBSD’s mailing lists or problem-reporting system.
BSDSec
No security announcements.
As always, it’s worth following BSDSec. RSS feed available.
News
Valuable News – 2026/05/18: The Valuable News weekly roundup for May 18, 2026, curates key updates across UNIX/BSD/Linux ecosystems, hardware innovations, and security developments. Highlights include ZFS advancements like time-aware optimizations and passkey-based encryption unlocking, alongside FreeBSD 15.1-BETA3 updates featuring OpenZFS improvements and Wayland/KDE integration. OpenBSD and NetBSD contributions, such as Game of Trees 0.125 and NetBSD 11.0 RC4, are also covered.
386BSD - Installation on real hardware: This videe shows getting 386BSD up and running on real hardware. The video is really long but if you are only interested in seeing 386BSD, and are not interested on what/how they have done and/or how the system boots etc, you can watch up until about the 50 minute mark.
NetBSD AGM 2026 scheduled for June 6th at 14:00 UTC: The NetBSD Foundation has announced its 2026 Annual General Meeting (AGM) will take place publicly on June 6th at 14:00 UTC in the #netbsd-agm channel on irc.libera.chat. The event will feature presentations on NetBSD’s technical direction, project infrastructure, and administrative updates, followed by a moderated Q&A session. Attendees can join via their preferred IRC client or the provided web interface, with a full transcript available afterward for those unable to participate live. Time zone conversions are listed to accommodate global attendees, though the fixed UTC timing may pose scheduling challenges for some regions. The AGM serves as an opportunity for the community to engage with the NetBSD Foundation’s board and core teams.
OpenBSD mail server migration from exim to OpenSMTPD: The OpenBSD project removed the exim mail server from its ports collection due to persistent security vulnerabilities and its use of setuid root privileges. This decision prompted a migration to OpenSMTPD, the project’s built-in mail server daemon, which offers a more secure and modern alternative. Peter Hansteen documented the process of transitioning a multi-domain mail setup from exim to OpenSMTPD, providing a working configuration and practical guidance in his article OpenSMTPD Is The Mail Server For The Future. The shift reflects OpenBSD’s ongoing emphasis on security and simplicity, while ensuring compatibility with existing mail service requirements. The article serves as a technical reference for administrators facing similar migration needs.
Apple’s Time Capsule faces obsolescence due to macOS 27 dropping AFP support: Apple is preparing to remove support for the Apple Filing Protocol (AFP) in macOS 27, a move that will impact users of the discontinued Time Capsule devices, which rely on AFP and the outdated SMB1 protocol. While the last Time Capsule was released in 2013 and discontinued in 2018, users with newer models may still find the devices useful for storage. However, the removal of AFP support in macOS 27 will render these devices largely unusable unless users keep an older macOS version. An open-source solution, TimeCapsuleSMB, allows users to add Samba 4 and SMB3 support to their Time Capsules, extending their functionality. This project highlights how open-source software can mitigate the effects of proprietary vendors discontinuing support for older hardware.
OpenBSD proposes timeout option for pf(4) overload tables: A patch submitted by Alexandr Nedvedicky introduces a timeout parameter for OpenBSD’s pf(4) overload tables, allowing administrators to automatically expire entries after a specified duration instead of relying on manual pfctl expire commands or crontab entries. Currently, overload tables—used for adaptive firewall rules like blocking brute-force attacks—fill indefinitely, requiring periodic manual cleanup. The proposed change would let administrators define how long an IP address remains in a table, addressing a long-standing limitation highlighted by developers like dlg@. The patch is under discussion on the tech@ mailing list, with feedback sought on its potential adoption, impact on existing setups, and whether it constitutes a breaking change. Testing is encouraged on the latest -current branch, though the feature remains a work in progress.
Tutorials
Configuring dhcpd and unbound in FreeBSD jails: A guide details migrating DHCP and DNS services from a Raspberry Pi to a FreeBSD server while isolating them in separate jails for security. The setup involves creating ZFS datasets for each jail, configuring network bridges for IP assignment, and using devfs rulesets to grant necessary device access—particularly for dhcpd’s BPF requirements. The dhcpd jail is optimized to run as a single process with synchronization flags for redundancy, while the unbound jail leverages FreeBSD’s built-in local_unbound with custom configurations for LAN-wide DNS resolution, DNSSEC validation, and DNS-over-TLS support. Logs and cron tasks are centralized on the host to simplify management, with syslog sockets shared between the host and jails. The solution maintains compatibility with an existing OpenBSD-based redundant setup, ensuring seamless lease management and DNS zone synchronization.
(Video) Installing and using Sylve in FreeBSD: Sylve is a simple and lightweight web GUI to manage FreeBSD jails and bhyve virtual machines. This video shows how to install Sylve, and how to get a first jail and virtual machine running. It also shows how to get XFCE4 running on a virtual machine.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!