OpenBSD Journal

Here is another report from the just concluded p2k18 hackathon, from Marc Espie (espie@), who writes:

Working at p2k18, Theo de Raadt (deraadt@) hascommittedSpectre Variant 2 mitigations:

Working at p2k18, Eric Faurot (eric@) hascommitteda simple SMTP client to -current:

Ken Westerback (krw@ when wearing his developer hat) writes:

In this commit, visa@ submitted code (disabled for now) to use built-in accelerationon octeon CPUs, much like AESNI for x86s.I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.Read more…

The MAP_STACK anti-ROP mechanism described in a recentarticlehas beencommittedto-current.Thecommit messageincludes:

Landry Breuil (landry@ when wearing his developer hat) wrotein…

April 2, 2018: The OpenBSDproject has announced the availability of the newest release,OpenBSD 6.3:

Recently, Theo de Raadt (deraadt@)describeda new type of mitigation he has been working on together with Stefan Kempf (stefan@):

Mike Larkin (mlarkin@) has just given a presentation atbhyvecon Tokyo 2018.The slides are nowavailable (as PDF).In addition to the excellent summary of the state-of-play forvmmand friends, the presentation offers a tantalizing glimpse at possible futuredirections.Update: videois available

Good news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:

Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:

The recent changes in -current mitigating the Meltdown vulnerability have been backported to the6.1 and6.2(amd64) releases, and thesyspatch update (for 6.2) is now available.Happy syspatching, and don't forget to show your appreciation bydonating to the project.

Meltdown mitigation is coming to OpenBSD. Philip Guenther (guenther@) has just committed a diff that implements a new mitigation technique to OpenBSD: Separation of page tables for kernel and userland. This fixes the Meltdown problems that affect most CPUs from Intel. Both Philip and Mike Larkin (mlarkin@) spent a lot of time implementing this solution, talking to various people from other projects on best approaches.In the commit message, Philip briefly describes the implementation:Read more…

As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:Read more…

Remi Locherer wrote in:

Details of the2018 campaign have been added to the Foundation's website. The goal for theyear is for $300,000. The total for "smaller" donations has alreadytaken the OpenBSD community to bronze level sponsorship!Please show your support by contributing.

Patrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called "microinstructions". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.Read more…

ITWirehas publishedan articleregarding Theo de Raadt's (deraadt@) reaction to theMeltdown/Spectre disclosures.One choice quote reads:

If you run a mail service, you probably like to have greylisting in place, via spamd(8) or similar means. However, there are some sites that simply do not play well with greylisting, and for those it's useful to extract SPF information to identify their valid outgoing SMTP hosts. Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.This feature is still in need of testing, so please grab a snapshot and test!

Amessage to tech@from Philip Guenther (guenther@) provides the first publicinformation from developers regarding the OpenBSD response to the recentlyannouncedCPU vulnerabilities:

In amessage to misc@,Tom Smyth wrote (in part):

In amessage to tech@,Theo de Raadt (deraadt@) provided some insights into ongoingwork on pledge(2):

arm64 is now anofficially supported platform for OpenBSD.As some readers will have noticed,there's nowsyspatch(8) support, too.Theo de Raadt (deraadt@) committed the following change:

Bob Beck (beck@) writes:

Another p2k17 hackathon report is just in, from Antoine Jacoutot (ajacoutot@), who writes:

Our dear friend Bob Beck (beck@) writes:

A new p2k17 hackathon report has arrived, this one from Florian Obser, who writes:

Landry Breuil (landry@) sent in our next report from the recent ports hackathon:

The next p2k17 report comes from Anthony J. Bentley (bentley@):

The next p2k17 report comes from Sebastian Reitenbach (sebastian@):

The latest hackathon report to come in today came from Christian Weisgerber (naddy@):

The p2k17 hackathon reports keep flowing in, here's one from Jeremy Evans (jeremy@):

Here is a new p2k17 hackathon report from Paul Irofti (pirofti@), who writes:

A new p2k17 hackathon report is in, from Marc Espie, who writes:

The p2k17 hackathon has concluded, and we have our first report.Matthias Kilian (kili@) wrote in:

In amessage to tech@,Theo de Raadt (deraadt@) wrote:

A few days ahead of the date hinted at by the work-in-progress release page, OpenBSD 6.2 was released today, October 9th 2017.Notable changes in this release are as always numerous, and include:Read more…

Robert Nagy (robert@) wrote in with a fascinating story of hunting down arecent problem with ports:

TheEvents and Paperspage of theOpenBSD websitehas been updated to includelinksfor the recently-concludedEuroBSDcon 2017.Rather than reproduce the links here, we suggest readers head over tothe authoritative source.Video recordings of individual presentations are not available at the time of writing,but may be found when themulti-session room recordingsare up.Update:Events and Papersnow has links to individual videos, and aplaylistis available.(Thanks Mevene and espie!)

The next hackathon reports comes from Ken Westerback (krw@), who writes:

After a few quiet days, here is a new t2k17 hackathon report, from Jasper Lievisse Adriaanse. Jasper writes,

Kenneth R Westerback (krw@ when wearing hisdeveloper hat) wrote in to let us know:

The flak reports by Ted Unangst (tedu@) continue withpart 627.Update: Part 628Update: Part 629

Hrvoje Popovski directed our attention to a new blog post from mpi@ discussing one improvements in the performance of the networking stack.

The next t2k17 hackathon report comes from first time hackathon participant Aaron Bieber, who writes:

Next up in our series of t2k17 hackathon reports is this one from Philip Guenther:

Our next hackathon report comes from Andrew Hewus Fresh, who writes: