OpenBSD Journal

Landry Breuil (landry@) hascommittedawork-in-progressFAQ section"Virtual Private Networks (VPN)":

Todd Mortimer (mortimer@) hascommittedimprovements to (the anti-ROP)"X86FixupGadgets" passofclang(1)for amd64 and i386:

Hrvoje Popovski wrote in to alert us that Martin Pieuchot (mpi@) has written a new blog post entitled Faster vlan(4) forwarding?, which leads in with

openrsync,a clean-room implementation ofrsync,is being developed byKristaps Dzonsonsas part ofthe rpki-client(1) project[featured in anearlier article].openrsync(1) has beenimported into the tree(as "rsync") by Sebastian Benoit (benno@):

Florian Obser (florian@) kindly wrote in with news on some recent work:

Fresh from thea2k19 hackathon,Joel Sing (jsing@) delivereda presentationat the2019 linux.conf.au.Video is now available.

Mike Larkin (mlarkin@) just committed support for 2TB of physical memory on the amd64 platform:

Peter Hessler (phessler@) hascommittedchangesto make it possible to join any open wifi network:Read more…

Withtwocommitsby Pratik Vyas (pd@),vmm(4) support for i386 host systems has been deleted (one can still run i386 guests under vmm on an amd64 host).The commit messages explain the reasoning behind this move:Read more…

Ian Darwin (ian@) wrote in to let us know that he's writtenan articlewhich is a follow-up to an Undeadlystory from a decade ago!The article provides a fine illustration of benefits of a bloat-freeOS.Thanks very much for the pointer, Ian.

Frederic Cambus (fcambus@) has just changed the default console font to Spleen, a font of his own creation:

Another major step forward just happened inmandoc(1)HTML output: paragraphs are now represented with real HTML<p> elements, and a number of cases were fixedin which mandoc used to generate output violating HTML syntax,mostly related to macros and requests that controlline fillingin paragraphs of text.Read more…

Tom Smyth has another article (and video) for us:

This contribution comes directly from Tom Smyth:

With the followingcommit,Theo de Raadt (deraadt@) released thesong for OpenBSD 6.2!

With thiscommit,Florian Obser (florian@) enabled DNSSEC validation in the defaultunbound.conf(5)in -current:

Gilles Chehade (gilles@) has written anotherpieceon progress inOpenSMTPDdevelopment.-current now has proc filters!

Otto Moerbeek (otto@) has issued aseries of Mastodon messagesexplaining some of the the virtues of OpenBSD'smalloc(3)implementation.They provide excellent reading in easily-digestible pieces.

Job Snijders (job@) has written anarticle at Mediumproposing rpki-client(1),a new, BSD-licensedRPKIvalidator.

Claudio Jeker (claudio@) wrote in to let us know that he and Job Snijders (job@) have writtenan article about OpenBGPDforRIPE Labs.

Right on the heels of the previous announcement, Kenneth R. Westerback (krw@) of the OpenBSD Foundation writes to inform us:

On his blog, joshua stein (jcs@) has a description of the hoops he jumped through to get stereo sound out of his Huawei Matebook X under OpenBSD (something that only worked under Windows with special drivers).His approach involves logging all PCI device accesses by running Windows in QEMU under Linux with VFIO, parsing that, and making the OpenBSD azalia(4) driver do the same.Thanks to joshua for the interesting write-up!

Kenneth R. Westerback (krw@) writes to inform us:

In this commit, Otto Moerbeek (otto@) moved malloc handling from a softlink in /etc to a sysctl instead.

Gilles Chehade (gilles@) has writtenan articleon recent progress inOpenSMTPD.It begins:

Returning readers are likely aware that OpenBSD in its OpenBSD/amd64 and OpenBSD/i386 varieties comes with virtualization built in, brought to you by the vmm(4) subsystem.

Earlier this week the OpenBSD foundation received its first Silver donation from an individual contributor. Thank you John Carmack for the very generous contribution! The support will ensure that many important projects are moving forward and continue making impact.

Ken Westerback (krw@ when wearing his dev hat) wrote in with some great news:

The release of OpenBSD 6.4 has beenannounced:

Ingo Schwarze (schwarze@) writes in about fresh developments in mandoc(1):

EuroBSDcon 2018is now over, and slides for OpenBSD-related presentations are now availablefrom theusual place.As always, there's some great reading there (especially for those of uswho were unable to attend the conference).Unfortunately, there will not be any video this year.

Fresh from the just concluded n2k18 hackathon comes this report from Ken Westerback(krw@),who writes:

In ashortseriesofcommits,Carlos Cardenas (ccardenas@) added support forqcow2image support to vmd(8).[This builds on anearlier commitadding support for pluggable disk backends.]The code was written by Ori Bernstein, who posted his diffs (thread 1, thread 2) to the tech@openbsd.org mailing list in August.Read more…

Anton Lindqvist (anton@) gave a talk atBSD Users Stockholm Meetup #3 on the kernel coverage tracing kit he committed recently.Slidesare now available via theOpenBSD Events and Papers page.The slides contain a list of bugs found and fixed as a result of this work.See also:kcov(4)

Ken Westerback (krw@ when wearing his dev hat) wrote in withsome great news:

In amessage to tech@,Theo de Raadt (deraadt@)gives an update on the state-of-play regarding processor vulnerabilities:

Theo de Raadt (deraadt@) hascommitteda diff to mitigate the"Intel L1TF screwup" for the amd64 platform we reported on earlier:

Theo de Raadt (deraadt@)posted to the tech@ mailing list with some background on how the latest discovered Intel CPUissues relate to OpenBSD.

[Dr.] Brian Callahan (bcallah@) recently live-streamed(at twitch.tv/NewAstroCity)an interactive OpenBSD Porting Workshop.A recording of the workshop isnow available.

In aseriesofcommits,Todd Mortimer (mortimer@) has added RETGUARDfor the arm64 platform.We previously reported theaddition of RETGUARD for amd64.Read more…

Bob Beck (beck@ when wearing OpenBSD-only hat)has writtena tutorialon using libtls:

Ingo Schwarze (schwarze@ when wearing OpenBSD-only hat)wrote in to let us know about the new release:

Patrick Wildt (patrick@) has been experimenting with small I2C and SPI-connected displays, and withthis commit, it was enabled for armv7 and arm64 platforms as ssdfb(4) in -current.Read more…

For the g2k18 Ljubljana hackathon, i decided to try and get ridof as many small userland tasks as possible.Lots of them have been piling up over time.Read more…

In amessageto tech@, Theo de Raadt (deraadt@) discusses the state of development ofunveil(2)support in userland (and for a certain port):Read more…

A new g2k18 hackathon report has arrived, this time from Kenneth Westerback (krw@), who writes:

Philip Guenther (guenther@)and Bryan Steele (brynet@)have added more mitigations against speculative executionCPU vulnerabilitieson the amd64 platform.Read more…

rad(8) [as described in the g2k18 hackathonreport byFlorian Obser (florian@)]is now the only IPv6router advertisement daemon in -current, following the removal ofrtadvd(8).Advice on making the transition has beenadded to current.html

Claudio Jeker (claudio@) is next up with his report from Ljubljana:

Another g2k18 hackathon report has arrived, this one fromCarlos Cardenas (ccardenas@), who writes: