OpenBSD Journal

[Dr.] Brian Callahan (bcallah@) recently live-streamed(at twitch.tv/NewAstroCity)an interactive OpenBSD Porting Workshop.A recording of the workshop isnow available.

In aseriesofcommits,Todd Mortimer (mortimer@) has added RETGUARDfor the arm64 platform.We previously reported theaddition of RETGUARD for amd64.Read more…

Bob Beck (beck@ when wearing OpenBSD-only hat)has writtena tutorialon using libtls:

Ingo Schwarze (schwarze@ when wearing OpenBSD-only hat)wrote in to let us know about the new release:

Patrick Wildt (patrick@) has been experimenting with small I2C and SPI-connected displays, and withthis commit, it was enabled for armv7 and arm64 platforms as ssdfb(4) in -current.Read more…

For the g2k18 Ljubljana hackathon, i decided to try and get ridof as many small userland tasks as possible.Lots of them have been piling up over time.Read more…

In amessageto tech@, Theo de Raadt (deraadt@) discusses the state of development ofunveil(2)support in userland (and for a certain port):Read more…

A new g2k18 hackathon report has arrived, this time from Kenneth Westerback (krw@), who writes:

Philip Guenther (guenther@)and Bryan Steele (brynet@)have added more mitigations against speculative executionCPU vulnerabilitieson the amd64 platform.Read more…

rad(8) [as described in the g2k18 hackathonreport byFlorian Obser (florian@)]is now the only IPv6router advertisement daemon in -current, following the removal ofrtadvd(8).Advice on making the transition has beenadded to current.html

Claudio Jeker (claudio@) is next up with his report from Ljubljana:

Another g2k18 hackathon report has arrived, this one fromCarlos Cardenas (ccardenas@), who writes:

The next g2k18 report comes from Klemens Nanni (kn@), who writes:

Fresh from the just concluded hackathon in Ljubjlana comes our next report from Florian Obser(florian@) who writes:

Next in from Ljubljana is Matthieu Herrb (matthieu@):

Before winning the football world cup, the french were writing their hackathon reports. Here's the one from Antoine Jacoutot (ajacoutot@):

Theg2k18hackathon has just concluded, and already we have our first report.Marc Espie (espie@) wrote in:

In a change which is bound to be welcomed widely, -current has gained"auto-join" for Wi-Fi networks.Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committedthe work from the g2k18 hackathon in Ljubljana:

In this post, Paul Smith shows how to reduce buffer bloat and improve interactive traffic latencies.

Reyk Floeter (reyk@) hascommittedsupport for simple request rewrites tohttpd(8)/httpd.conf(5) [in -current]:

As part of ongoing mitigations against CPU vulnerabilities,-current has gained a new sysctl, "hw.smt",to control Simultaneous Multi Threading (SMT).This is disabled by default (only on Intel® CPUs, for now).Read more…

There have been more developments in the continuing work mitigatingagainst (Intel®, and potentially other) CPU vulnerabilities…Philip Guenther (guenther@)committed the following:Read more…

Reyk Floeter (reyk@) hascommitteda simple LDAP client to -current:

Earlier this month, Philip Guenther (guenther@)committed(to amd64 -current) a change from lazy to semi-eager FPU switchingto mitigate against rumored FPU state leakagein Intel® CPUs.Theo de Raadt (deraadt@) discussed this in hisBSDCan 2018session.Using information disclosed in Theo's talk,Colin Percivaldeveloped a proof-of-concept exploit in around 5 hours.This seems to have prompted an early end to an embargo(in which OpenBSD was not involved), and theofficial announcementof the vulnerability.

BSDCan 2018has concluded, and materials for (some of) the OpenBSD-related tutorials andtalks can be found inthe usual place.Highlights includethe unveiling of unveil(),hinted at by Bob Beck (beck@) in hisp2k18 report,and"Speculating about Intel", by Theo de Raadt (deraadt@). [An unofficial video of the latter presentation isavailable.]At the time of writing,officialvideo recordings are not yet available.

Todd Mortimer (mortimer@) hascommitted"RETGUARD" for clang (for amd64).This is a new anti-ROPsecurity mechanism, which uses random per-function cookiesto protect return addresses on the stack.Read more…

Joel Sing (jsing@) hascommittedCrypto Simplified Interface (CSI) to -current:

Gilles Chehade (gilles@) hascommitted(to -current) the newsmtpd.confgrammar discussed inhis p2k18 hackathon report.Read more…

Next up in the stream of p2k18 reports is one from Antoine Jacoutot (ajacoutot@):

Next up in our series of p2k18 hackathon reports is from Paul Irofti (pirofti@), who writes:

Peter Hessler (phessler@) writes about his time in Nantes:

Eric Faurot (eric@) is next with his report on what he did in Nantes:

Stefan Sperling (stsp@) kindly sent in a report on his activities around p2k18:

Our next p2k18 report comes from Christian "naddy" Weisgerber, who writes:

Landry Breuil (landry@) has an extensive report for our readers:

Next up with a p2k18 report is Jasper Lievisse Adriaanse (jasper@):

Next up with a p2k18 report is Bob Beck (beck@):

Next up is the report from Ken Westerback (krw@):

The latest p2k18 hackathon report comes from Gilles Chehade (gilles@),who writes:

As more and more developers arrive back home from France, more reports arrive to you to keep you informed of what happened in Nantes. This time, it's Philip Guenther (guenther@) who writes in with his report:

Next up in our series of p2k18 reports is that from Klemens Nanni (kn@):

Here is another report from the just concluded p2k18 hackathon, from Marc Espie (espie@), who writes:

Working at p2k18, Theo de Raadt (deraadt@) hascommittedSpectre Variant 2 mitigations:

Working at p2k18, Eric Faurot (eric@) hascommitteda simple SMTP client to -current:

Ken Westerback (krw@ when wearing his developer hat) writes:

In this commit, visa@ submitted code (disabled for now) to use built-in accelerationon octeon CPUs, much like AESNI for x86s.I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.Read more…

The MAP_STACK anti-ROP mechanism described in a recentarticlehas beencommittedto-current.Thecommit messageincludes:

Landry Breuil (landry@ when wearing his developer hat) wrotein…

April 2, 2018: The OpenBSDproject has announced the availability of the newest release,OpenBSD 6.3: