Issue 262
Published January 14, 2026

OpenBSD deprecates LACP, CheriBSD enhances FreeBSD with CHERI security and more.

Releases

No releases.

BSDSec

No security announcements. As always, it’s worth following BSDSec. RSS feed available.

News

OpenBSD removes LACP support from trunk(4) driver: The OpenBSD project has deprecated LACP (Link Aggregation Control Protocol) functionality in the trunk(4) network driver, as announced by developer David Gwynne. The decision stems from the availability of a more robust implementation in aggr(4), which already handles LACP with improved performance and maintainability. The removal also addresses technical debt, as trunk(4)’s LACP code relied on the outdated netlock mechanism in the Ethernet stack, complicating future optimizations. While other trunking protocols like failover and load balancing remain in trunk(4), the project encourages users to migrate to aggr(4), with migration guidance provided in the FAQ. The change reflects ongoing efforts to modernize OpenBSD’s networking infrastructure.

Valuable News – 2026/01/12: The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX/BSD/Linux ecosystems, with occasional broader tech and life topics. This edition highlights FreeBSD advancements, including guides on NFSv4 with Linux clients, Restic backups, and Mandatory Access Control (MAC) frameworks like portacl and biba, alongside tools such as the ZFS management GUI ZfDash and the lightweight Dovecot brute-force blocker doveguard.

BSD Now 645 covers Oracle Solaris 11.4 SRU 87 and Perl’s cultural decline: This episode of BSD Now highlights the release of Oracle Solaris 11.4 SRU 87, detailing its latest updates and improvements. It also examines the cultural factors behind Perl’s decline, contrasting them with technical limitations. Additional topics include a user’s transition from Linux to FreeBSD for simplicity, a 2025 overview of mixed DNS server deployments, and updates from HardenedBSD. The episode further explores FreeBSD’s integration of JSON support in its base system, ongoing development efforts, and community feedback on projects like Flua.

CheriBSD brings CHERI hardware capabilities to FreeBSD: CheriBSD is a modified version of FreeBSD designed to leverage CHERI (Capability Hardware Enhanced RISC Instructions) architectures, such as Arm’s Morello and CHERI-RISC-V platforms. Developed by SRI International and the University of Cambridge, it integrates memory protection and software compartmentalization features through CHERI’s capability-based security model. This model extends traditional hardware architectures with 128-bit capabilities that enforce fine-grained memory access control, reducing vulnerabilities like buffer overflows and use-after-free errors. CheriBSD supports a mix of over 10000 pre-built memory-safe packages and 260000 memory-unsafe packages, allowing compatibility with existing software while offering enhanced security for new applications. However, adoption is currently limited by the requirement for specialized CHERI-enabled hardware, and some features like DTrace and optional kernel modules are not supported.

Tutorials

(Video) A Quick Look at the WC Command in GhostBSD or FreeBSD: The wc command in FreeBSD is used to count lines, words, characters, and bytes in a file or from input you provide. Whether you’re analysing logs, reading large datasets, or just checking the size of your scripts, wc gives a quick summary.

Adding a Port to FreeBSD Ports: This guide outlines the process of adding new software to the FreeBSD Ports collection, replacing the deprecated shar(1) tool with a git(1)-based workflow. It begins with creating a port directory containing essential files like Makefile, distinfo, and pkg-descr, then demonstrates how to test the port locally before submission. Common issues such as checksum and size mismatches are addressed, along with troubleshooting steps. The guide also covers generating a git diff for submission via the FreeBSD Bugzilla system, including screenshots of the submission form. Additionally, it briefly discusses updating existing ports and critiques the trend of vendor-specific variables in port configurations. The author notes past frustrations with contributing to official documentation but emphasizes the practicality of sharing knowledge through personal platforms.

FreeBSD and Poudriere in High Security Environments: This article details configuring FreeBSD and Poudriere to function in high-security environments with restricted internet access, relying on a dedicated proxy server. It begins by explaining how to set up a FreeBSD host to use a proxy for package management with pkg(8), including modifying repository configurations to remove the pkg+ prefix and changing the mirror_type to none. The guide also covers fetching and updating the FreeBSD Ports tree using gitup and configuring system-wide proxy settings. For Poudriere, the article outlines the necessary configurations in /usr/local/etc/poudriere.conf, including proxy environment variables and package fetch settings, to ensure successful package building. The process involves troubleshooting with tools like ktrace and kdump to identify and resolve issues related to proxy usage, ultimately achieving a fully functional Poudriere setup in a restricted network environment.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.