Feed openbsd-journal OpenBSD Journal

OpenBSD Journal

Link http://undeadly.org/
Feed http://undeadly.org/cgi?action=rss
Updated 2022-12-05 12:00
OpenIKED 7.2 released
On December 1st, 2022 the OpenIKED project announced a new stable version, OpenIKED 7.2.Read more…
Help the OpenBSD Foundation Reach Its 2022 Funding Goal
The OpenBSD Foundation, which is central to funding the OpenBSD project, needs your help to reach its 2022 Fundraising Goal of $300,000.At the time of writing, the amount raised in 2022 stands at a little over 50% of the stated goal.The Foundation needs your help to sustainably fund the project. Please head over to the Foundation's donations page, and make sure you drag your employer over there too!With about 30 days left in 2022, we know we can do it!
lladdr-tied Config Support May Soon Land in ifconfig(8) and netstart(8)
It started with a thread on misc@ with the subject"Locking network card configuration"where the problem description is, when two or more network interfaces are attached to the same USB bus, their numbering may not be entirely predictable.The question is, what workarounds are possible?The thread, where several developers offered their insights, and which soon migrated to tech@ with the subject switched to "lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)" and later "lladdr support for netstart/hostname.if" turned up several suggestions, with several patches, and potential support for link level address (MAC address) tied configuration via a new hostname.MAC(5) file to supplement the more familiarhostname.if(5) config file, complete with correspondingifconfig(8) options.Please read the messages and patches, and if you have useful input for the developers on this, please chime in via tech@ or in comments here if you prefer.Once again, an interesting feature that may materialize for testing in snapshots in the near future.
Next steps toward mimmutable, from deraadt@
In a recent message to the tech mailing list, Theo de Raadt (deraadt@) summarized the state of the new memory protections work. The thread also includes a followup from Otto Moerbeek (otto@) on consequent changes to the memory allocation mechanisms.Theo writes,
Call for testing on updated Apple M1/M2 bootloader code
Tobias Heider (tobhe@) posted to tech@ asking people with access to the relevant hardware to test updates to the arm64 bootloader code:
Game of Trees 0.79 released.
Version 0.79ofGame of Treeshas been released (and the portupdated):
mmap(2), munmap(2), and mprotect(2) unlocked
Martin Pieuchot (mpi@) hascommitteda change unlocking themmap(2),munmap(2),andmprotect(2)system calls:
Game of Trees 0.78 released
Version 0.78ofGame of Treeshas been released (and the portupdated):
LibreSSL 3.6.1 released
Brent Cook (bcook@) hasannouncedthe release ofLibreSSLverion 3.6.1:
Videos from EuroBSDcon 2022 now available.
We had previously reported on EuroBSDcon 2022. As of October 27th, 2022 the EuroBSDcon YouTube channel has been updated with a variety of OpenBSD related talk recordings for those who didn't catch the streams live, with the salient ones linked below:
Game of Trees 0.77 released
Version 0.77ofGame of Treeshas been released (and the portupdated):
OpenBSD 7.2 Released
The OpenBSD project today announced the release of the most recent version of our favorite operating system, OpenBSD 7.2.This is the 53 release from the OpenBSD project. Highlights of the new release include:
Further memory protections committed to -current
In a long series of commits,Theo de Raadt (deraadt@)has added support for the immutable memory mappingson which wereported earlier.We see:
OpenBGPD 7.7 released
A new version of OpenBGPD, the OpenBSD and portable BGP daemon, has has been released.The announcement notes some key improvements in this release:
LibreSSL 3.6.0 released
Signalling another turn of the seasons, Brent Cook (bcook@) announced that a new release of LibreSSL is out. The announcement reads:
OpenSSH 9.1/9.1p1 released
OpenSSH 9.1has been released.It is primarily a bug-fix release.Version 9.1 will be part of theOpenBSD 7.2 release.
OpenBSD.app - search packages
Another site for searching OpenBSD packages has appeared- OpenBSD.app.The site, which supports full text search,is run by Aaron Bieber (abieber@ when hisOpenBSD hat isn't askew).He commentedonLobsters.
OpenSSH 9.1 is almost ready for release. Please help testing!
An important message from Damien Miller (djm@) turned up on mailing lists and elsewhere, saying,
A Few of My Favorite Things About The OpenBSD Packet Filter Tools
While recovering after EuroBSDCon and starting to gear up for the much anticipated next OpenBSD release, our co-editor Peter Hansteen found the time to do a remote Sunday lunch talk (slides) for SEMIBUG titled A Few of My Favorite Things About The OpenBSD Packet Filter Tools (full text, blog with trackers). The full text of the talk is also available here, without trackers.Topics covered: PF basics, state tracking tricks, greytrapping, traffic shaping, with pointers to further material.All good fun while we are waiting for the next bit thing.
Game of Trees 0.76 released.
Game of Trees 0.76 was released on September 23rd, 2022.
Running a Docker Host under OpenBSD using vmd(8)
Joel Carnat has written ablog entryon using dockerunder and fromOpenBSD.It starts:
EuroBSDCon 2022
EuroBSDCon 2022is currently underway.Slides for some of the OpenBSD sessions are alreadyavailablefrom the the usual place on theOpenBSD web site.At the time of writing, it's not too late to catchlive streamsof the final day of the conference!
OpenBGPD 7.6 released
OpenBGPD, our favorite BGP daemon,has a new release, version 7.6.The release announcement leads in,
A summary piece on spam fighting and spamd(8) in particular and 300,000 imaginary friends
In a recent piece titled The Things Spammers Believe - A Tale of 300,000 Imaginary Friends, undeadly.org co-editor Peter Hansteen summarizes more than 15 years (yes, it has been that long) of improving the noise levels in mail feeds.The main tools are what comes in the base system of our favorite operating system, with particular focus on spamd(8) and the greytrapping feature.The article leads in with
-current has moved to 7.2
With the followingcommit,Theo de Raadt (deraadt@) moved -current to version 7.2:
rpki-client 8.0 released
A new version of the OpenBSD rpki-client – RPKI validator to support BGP Origin Validation, version 8.0 has been released.The announcement reads,
Game of Trees 0.75 released
Stefan Sperling (stsp@)notedthe release ofversion 0.75ofGame of Trees:
g2k22 Hackathon Report: Martijn van Duren on snmpd(8) improvements
We are delighted to have received a report onthe recently-concludedg2k22 hackathon.Martijn van Duren (martijn@) writes:
OpenBSD may soon gain further memory protections: immutable userland mappings
In a September 1st post to tech@ titled immutable userland mappings, Theo de Raadt (deraadt@) gave us a preview of code that may soon land in -current. The message leads in,
ps(1) gains support for tree-like display of processes
Following adiscussion on tech@,Job Snijders (job@),committedtops(1)support for displaying the parent/child hierarchy of processesas an ASCII art tree:
rcctl(8) gains a "configtest" action
Antoine Jacoutot (ajacoutot@)hasaddeda "configtest"action torcctl(8):
Portable OpenSSH commits now SSH-signed
Damien Miller (djm@)notesthat all (new) commits to the portableOpenSSHrepository are now signed usinggit'sSSH signature support.Further details areon the OpenSSH developmentmailing list:
Several /sbin daemons are now dynamically-linked
Ina pairofcommits,Theo de Raadt (deraadt@)changed many daemons in /sbinto be dynamically linked. First this, which had some of us a little mystified:
BSDCan 2022 videos are available
Video recordings fromBSDCan 2022are nowavailable.OpenBSD-related sessions include:
RAID 1C boot support added
Stefan Sperling (stsp@)hascommittedsupport for RAID 1C[mirroring and encryption]boot to -current on the amd64 platform:
sftp-server(8) gains support for home-directory request
Damien Miller (djm@) has committedhome-directory requesttosftp-server(8):
/usr/games removed from the default $PATH
In -current, /usr/gameshas been removed from the default$PATH.Theo Buehler (tb@)committed the change:
Even more randomness
Damien Miller (djm@)committed a changerandomising the rekeying interval inarc4random(3)(and friends):
-current has moved to 7.2-beta
With the followingcommit(s),Theo de Raadt (deraadt@) moved -currentto version 7.2-beta:
Game of Trees 0.74 released
For those who have been paying attention to the Game of Trees development list, there has been a lot going on with got(1). Apologies here at undeadly for having missed some release announcements!
OpenBGPD 7.5 released
Our favorite BGP daemon, OpenBGPD, has a new version 7.5 out. The announcement reads,
rpki-client 7.9 released
A fairly critical component of routing security infrastructure, rpki-client, has a new release out, version 7.9.The announcement leads in,
In -current, dhclient(8) now just logs warnings and executes ifconfig(8)
Theo de Raadt (deraadt@)committedthe change:
r2k22 Hackathon Report: Job Snijders (job@) on rpki-client and more
The first r2k22 hackathon report is in, from Job Snijders (job@), who writes:
(Almost) 0 Dependency Websites with OpenBSD & AsciiDoc
Courtney Allen has published a blog post about how to run a website and blog almost exclusively on things that are in the OpenBSD base system already, only adding AsciiDoc to the mix.The lead in reads,
Analyzing locks in OpenBSD’s Kernel with Domain-Specific Knowledge
Christian Ludwig "wrote a tool to statically analyze spl(9) kernel locking in OpenBSD. It even found some bugs."His write up is here: https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebbHis code for the Lock Balancing Checker referenced in the write up is available under an ISC license and can be obtained here: https://github.com/chrissicool/lbc
Notable OpenBSD news you may have missed, 2022-06-28 edition
Here are a few recent OpenBSD news items that we almost missed ourselves:
Differences between base and ports LLVM in OpenBSD
Frederic Cambus (fcambus@)has written ablog entryregarding the significant differences between the versions ofLLVM inbase andports.
OpenBGPD 7.4 released
We wouldn't blame you if you it slipped under yourRADAR thatOpenBGPD 7.4 was released,since it doesn't appear to have been mentioned on the OpenBGPD website yet.However, the release notes may be found inthis mailing list postfrom June 14th, 2022:
Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022
Peter Hansteen, Massimiliano Stucchi and Tom Smyth gave a presentation on pf at BSDCan 2022. While a video recording from the event has yet to appear, the slides from their presentation may be viewed here: