OpenBSD Journal

UDP input is about to become faster and parallel on OpenBSD. In a message to tech@ titled UDP parallel input, Alexander Bluhm (bluhm@) offers a diff that enables parallel UDP input for -current.The message reads,

In this commit, Rafael Sadowski (rsadowski@) merged libva 2.22.0 into OpenBSD, enabling VA-API to accelerate video decoding and other hardware assisted operations:Read more...

In a recent post to tech@ titled let's make pf(4) anchors and tables better friends (possibly originating at the ongoing hackathon) Alexandr Nedvedicky (sashan@) introduced code to enable creating local tables inside anchors in pf(4) rulesets:

Version 0.101of Game of Treeshas been released (and the portupdated).

Crystal Kolipe writes in about a new article posted by the crew at Exotic Silicon on fun things to do with OpenBSD --

While we were busy with other things, Theo de Raadt (deraadt@) is continuing the work on bringing the clang option to clean return addresses off the stack, as reported upon earlier, to OpenBSD/arm64.Theo posted an early version of the code to tech@, saying

In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.8:

Friends, dhclient(8) in OpenBSD is no more, at least for those of us running -current.For some of us it is basically in muscle memory to type doas dhclient $wifiinterface when visiting somewhere, but from this day forward we will rely on dhcpleased(8) to do its job, which in my own experience does admirably.In this commit, Theo de Raadt (deraadt@), executed the removal.The commit message reads,

Patrick McEvoy aka BSDTV writes in,

The OpenBGPD project announced that a new version the Border Gateway Protocol dameon, OpenBGPD 8.5 has been released. The release comes with a number of new features and refinements, and marks another step in the development of secure and reliable routing management.The announcement reads:

Sebastian Benoit (benno@)announcedthe release ofversion 9.1ofrpki-client, the essential component for routing security.See the fullannouncement for further details.Here are some key excerpts from the release announcement:Read more...

In a fediverse post, Stefan Sperling (stsp@) announced a new hosting service:

When a new processor is released, how long would you expect it to take before your favorite operating system adds support for it?In the case of OpenBSD/arm64, the time lag can occasionally be measured in days if not hours.In a recent message to tech@, Patrick Wildt (patrick@) premiered the patch to add support for the Qualcomm Snapdragon Elite X processor the day after it was officially released.Patrick's message reads,

In a recent commit, Damien Miller (djm@) introduced the new sshd(8) configurations options, PerSourcePenalties and PerSourcePenaltyExemptList, to provide a built in facility in sshd(8) itself to penalize undesirable behavior, and to shield specific clients from penalty, respectively. The commit message reads,

In a recent commit, Damien Miller (djm@) introduced the new sshd(8) configurations options, PerSourcePenalties and PerSourcePenaltyExemptList, to provide a built in facility in sshd(8) itself to penalize undesirable behavior, and to shield specific clients from penalty, respectively. The commit message reads,

As noted earlier, OpenBSD-current now has IPv6 prefix delegation available via the new dhcp6leased(8) deamon.Now before he committed the code, Florian Obser (florian@) wrote a blog post on the process of developing the new program in a piece called DHCPv6-PD - First steps.The prologue leads in,

Version 0.100of Game of Treeshas been released (and the portupdated).

Florian Obser (florian@) hascommitted(to -current)dhcp6leased(8),a DHCPv6 client for handlingPrefix Delegation(PD):

Theo de Raadt (deraadt@)hascommitted-fret-clean forclang:

Future versions of OpenBSD may include core system libraries and binaries built with logic to remove return addresses off the stack. With this in place, whole classes of bugs would be harder to exploit.In a message to the tech@ mailing list titled clang -fret-clean: cleaning return addresses off stack, Theo de Raadt (deraadt@) explains how this would work and includes code to implement the feature for the X86 architecture only:

As you may be aware, OpenBSD runs on Apple Silicon M series processors, thanks to the efforts of the OpenBSD/arm64 developers.For those running our favorite operating system alongside the Apple product, sometimes special measures are needed, though.Mark Kettenis (kettenis@) sent a message titled Important message for Apple Silicon OpenBSD/arm64 users to the misc@ and arm@ mailing lists, warning about possible firmware issues:

With the followingcommit,Damien Miller (djm@)commenced the process of splittingsshd(8)into multiple binaries:

Is the classical TCP congestion control mechanism known asNagle's algorithm(RFC 896 - Congestion Control) headed for the scrap heap of history?A recent post on tech@ titled Add sysctl to disable Nagle's algorithm (RFC 896 - Congestion Control) from Job Snijders (job@) with a patch to implement the disabling sysctl indicates that some at least think that deprecation is in order.The message leads in,

TheLibreSSL projecthasannouncedthe release of [bugfix] version3.9.2of the software:

Version 0.99of Game of Treeshas been released (and the portupdated).

Regular readers will be aware that OpenBSD ships with its own mail server implementation, OpenSMTPD, in its base system.In a recent message to the tech@ mailing list, Omar Polo (op@) asked for comments or oks for a patches implementing a change of table protocols. A little later, Gilles Chehade (gilles@) posted to the misc@opensmtpd.org mailing list with the backstory for this change.The message follows in full below (apparently the otherwise fine marc.info archive site no longer archives the list):

Regular readers will be aware that OpenBSD ships with its own mail server implementation, OpenSMTPD in its base system.In a recent message to the tech@ mailing list, Omar Polo (op@) asked for comments or oks for a patches implementing a change of table protocols. A little later, Gilles Chehade (gilles@) posted the backstory to the misc@opensmtpd.org mailing list with the backstory for this change.The message follows in full below (apparently the otherwise fine marc.info archive site no longer archives the list):

Have you had your laptop accidentally un-hibernate while you weren't looking, leaving you with a totally drained battery?Now OpenBSD-current has a fix for that, thanks to this commit by Klemens Nanni (kn@). The commit message reads,

The version control system gameoftrees 0.98 has been released and should soon show up in OpenBSD -current packages. An update for the -portable version will follow as well.The main improvements in the new release are listed in the release notes as

The OpenBSD toolbox for network debugging just got better.In a recentthreadon tech@ titled pfctl show fragment info,Alexander Bluhm (bluhm@)posted a patch to enable packet reassembly statistics inpfctl(8).Several other developers joined in,and Claudio Jeker (claudio@) suggested thatsystat(8)should too be enhanced to display packet reassembly data inpf(4) related views.This suggestion was well received, and the resulting code has now been committed,Read more...

The work to improve the capabilities of the network stack is about to take a noticeable step forward. In a message to tech@ titled parallel raw IP input, Alexander Bluhm (bluhm@) posted a patch that he describes as

A series of commits by Jeremie Courreges-Anglas (jca@)has modifiedtar(1)such that its default write format (for archives) is that ofpax(1).The message with the finalcommitcaptures the gist of the change:

A series of commits by Jeremie Courreges-Anglas (jca@)has modifiedtar(1)such that its default write format (for archives) is that ofpax(1).The message with the finalcommitcaptures the gist of the change:

The OpenSMTPD project has released its first post-OpenBSD 7.5 version, OpenSMTPD 7.5.0p0, with a number of notable improvements.The announcement reads,

The OpenSMTPD project has released its first post-OpenBSD 7.5 version, OpenSMTPD 7.5.0p0, with a number of notable improvements.The announcement reads,

It's been 20 years since the first undeadly.org post appeared.At that point in our history, we had been enjoying frequent updates to the OpenBSD Journal at the deadly.org site for more than four years, and most of us thought it was an April's Fool prank when the the editors announced that they were ceasing publication, effective immediately on April 1st, 2004.Fortunately, Daniel Hartmeier quickly realized the announcement was not a joke, and went to work on a functionally equivalent CGI binary written in C and negotiated to take over the archive of existing articles. The rescued (resurrected?) site went live at undeadly.org on April 9th, 2004.At the time, the eagerly anticipated upcoming release was OpenBSD 3.5 (which we covered on April 30th of that year). As the release song strongly hints, the introduction of the CARP redundancy protocol was a major item in that release. The release also introduced the OpenBSD/amd64 platform, and included a number of improvements in hardware support and security, with privilege separation introduced in several daemons and important utilities. All the details can be had at the OpenBSD 3.5 release page.It's been 20 years, what have we got to show for it?We hope you have been enjoying the site's updates, and we hope that undeadly.org has been a positive factor in promoting all things OpenBSD. The site and its editors have every intention of going on running the site.If you want to help out, please submit items about OpenBSD that you find noteworthy.We value your submissions even more than your comments.All the best from the undeadly.org editors.

Every six months, spring and fall, a new OpenBSD release emerges on the web and familiar download mirrors.The OpenBSD project has released OpenBSD 7.5, the project's 56 release, with numerous improvements and support for 14 hardwareplatforms.Notable enhancements and new features include

Every six months, spring and fall, a new OpenBSD release emerges on the web and familiar download mirrors.The OpenBSD project has released OpenBSD 7.5, the project's 56 release, with numerous improvements and support for 14 hardwareplatforms.Notable enhancements and new features include

In a not-quite-unexpected announcement, the LibreSSL development team released the new versions. The announcement reads,

OpenSSH 9.7/9.7p1 has been released.

Version 0.97of Game of Treeshas been released (and the portupdated).

TheLibreSSL projecthas announced the release of version3.8.3,and (development) version3.9.0of the software.Theannouncementfor version 3.8.3 reads:

The OpenBSDBorder Gateway Protocol (BGP) routing daemonOpenBGPDhas a new version out, version 8.4.The release announcement reads,

In what can only be called a great stride forward in routing security, Sebastian Benoit (benno@)announcedthe availability of rpki-clientversion 9.0.The announcement reads,

A clear sign that the OpenBSD 7.5 release cycle is entering the final phases just emerged.In this commit, Theo de Raadt (deraadt@) changed the version string to 7.5:

In thiscommit,Denis Fondras (denis@) added code to allowIPv6 overPPP.The message reads,

Hot on the heels ofqwx(4)[see earlier report], and soon after going -beta, -current has gained another new wi-fi driver -mwx(4).Claudio Jeker (claudio@)committedthe import:

If you run recent OpenBSD on certain amd64 or aarch64 platforms, indirect branching to an "unexpected" location will crash your program, in order to prevent ROP attacks and similar ways to have your program execute code where it shouldn't.The OpenBSD compiler will insert an extra instruction in all the places where a branch is supposed to land, and if it lands anywhere else, a CPU fault is raised and your program gets an "Illegal Instruction".Previously, crashes of this kind have looked more or less like any other kind of fault where code is executing random data or from random locations, but since the kernel knows when this has happened, we can make it explicit that the fault is due to missing branch target instructions, which will help a lot when debugging.Link to the commit here.

It's that time of the year again.With thiscommit,Theo de Raadt (deraadt@)changed the version string for the OpenBSD development branch(i.e. -current)to 7.5-beta: