OpenBSD Journal

The next developers' hackathon report is from Marc Espie, who writes:

Next up in the g2k16 hackathon reports series is Adam Wolk. Adam writes:

Next up in our series of g2k16 hackathon reports is this one from Martin Natano:

Next in the g2k16 series is the Otto Moerbeek's report. Otto writes,

The first developer report from the just concluded g2k16 hackathon comes from Mike Larkin, who writes:

LLVM Core and Clang (C/C++/Objective-C compiler) of the LLVM Project have been imported into -current.Pascal Stumpf (pascal@) committed the addition:

Support for the zaurus platform has been removed from -current.Philip Guenther (guenther@) committed the change:

September 1st, 2016: The OpenBSD team announces the availability of 6.0!

Kristaps Dzonsons' Let's Encrypt client, letskencrypt, has been imported into OpenBSD-current as acme-client.letskencrypt, which has previously been available as a port, is a privilege-separated Let's Encrypt (ACME protocol) client written in C.Read more...

EuroBSDcon 2016(see earlier article) is on from 22 to 25 September 2016, in Belgrade, Serbia.Early registrationends 2016-08-24 23:59 CEST, so get in now for discounted prices on great (Open)BSD talks and tutorials!

Joel Sing (jsing@) has added server-side Server Name Indication (SNI) support to libtls and, based on that, to httpd.Read more...

As a result of apparent lack of maintenance, Theo de Raadt has disabled tmpfs.

Our next report comes from Philip Guenther, who writes,

Our next report comes from Ken Westerback (krw@), who writes,

The EuroBSDCon 2016 talks and schedule have been released, and oh are we in for a treat!All three major BSD's have a "how we made the network go fast" talk, nearly every single timeslot has a networking related talk, and most of the non-networking talks look fantastic as well.The OpenBSD related talks are:

Pre-orders for the 6.0 CD sets have just been activated.In addition, one of the six release songs has been released early.

Theo de Raadt (deraadt@) has updated the (in-progress) OpenBSD 6.0 release page to indicate that release will occur earlier than is usual:

The first report from the just-concluded n2k16 hackathon comes from Stefan Sperling, who writes:

The facility for allowing non-root users to mount file systems has been removed fromOpenBSD-current due to security concerns.Specifically, the value of kern.usermount(as described in the mount(8) and sysctl(3) man pages) will be ignored in OpenBSD 6.0,and the kern.usermount system variable will be absent from later releases.Theo de Raadt (deraadt@) committed the change:

Now would be a good time to check http://www.openbsd.org/errata59.html as a number of patches related to reliability and security have been released as follows.This appears to be in response to fuzz testing as documented further in this mailing list archive: http://marc.info/?l=oss-security&m=146853062403622&w=2Tim Newsham and Jesse Hertz of NCC Group appear to have done most of the research related to these discoveries so far, and I know at least one of them has had patches committed to the OpenBSD project in the past, so it is nice to see continual collaboration from professional researchers contributing back to project!Again, please check http://www.openbsd.org/errata59.html for links to source code patches to address these issues. Excerpted summaries of the issues discovered below:

Ingo Schwarze wrote in about the new mandoc release,

The BSDCan 2016 conference in Ottawa has just concluded, with a number of OpenBSD-themed talks. These are the talks by OpenBSD developers:Reyk Flöter: An OpenFlow implementation for OpenBSD - Introducing switchd(8) and more about SDN (slides)Henning Brauer: Running an ISP on OpenBSD - Why OpenBSD and several uncommon uses of it (slides)Peter Hessler: Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD. Or: A new protocol actually did improve our routing. (slides)Mike Belopuhov: Implementation of Xen PVHVM drivers in OpenBSD (slides)Antoine Jacoutot: OpenBSD rc.d(8) (slides)Sebastian Benoit: Opensource Routing - Running an enterprise network on OpenBSD (slides)In addition, two OpenBSD-centric tutorials were offered by people who are not themselves OpenBSD developers:Peter Hansteen: Building The Network You Need With PF, The OpenBSD Packet Filter (slides)Aaron Poffenberger: OpenSMTPD for the Real World (slides)

Martin Pieuchot (mpi@) wrote in, saying

Progress on the armv7 platform continues, and Jonathan Gray writes in to the arm@ mailing list with some promising news:

Traditional Unix has allowed memory to be mapped W | X. Everyone now knows that’s a bad practice from a security standpoint, but the software ecosystem hasn't made much progress in this area. Theo de Raadt has just committed a change to begin blocking W^X violations in OpenBSD.

This year's dotSecurity conference featured a presentation from OpenBSD founder Theo de Raadt, titled "Privilege Separation and Pledge."The video is now available here, in addition to the slides.

The next hackathon report comes from Paul Irofti, who writes:

Our next report comes from Jasper Lievisse Adriaanse, who writes:

In a recent email, Theo de Raadt explains the SROP mitigation technique, a recent team effort.

The next hackathon report comes from Ken Westerback, who writes:

Our next p2k16 report comes from Antoine Jacoutot, who writes:

The next report in our p2k16 series is from Landry Breuil, who writes:

Fresh from the p2k16 hackathon comes this report from Christian Weisgerber, who writes:

OpenBSD Foundation director Ken Westerback (krw@) writes in with some great news:

Ted Unangst just sent an announcement of LibreSSL patches

The second p2k16 report comes from first time hackathon attendee Theo Buehler, who writes:

Our very first p2k16 hackathon report comes from none other than Marc Espie, who writes:

With the p2k16 hackathon just coming to a close, Marc Espie has revealed one of the new things he worked on.

Theo (deraadt@) writes in to the tech@ mailing list, with a clever idea that we would like to try.

OpenBSD developers from around the world have just gathered in Nantes, France for the p2k16 hackathon. This event is technically a ports hackathon, but many non-porters have showed up too, which means you can expect a variety of different improvements.As an early example, ajacoutot@ has just set sysmerge to run automatically during the upgrade process.Head over to the hackathons page to see the artwork, and stay tuned to Undeadly for some post-hackathon reports.

We here at Undeadly are looking to move the site to HTTPS-only. It's been discussed for quite a while, but there's one roadblock that we're looking for some help to overcome.Read more...

On behalf of the EuroBSDCon 2016 Program Committee, here is the Call for Papers for the EuroBSDCon 2016 conference which will take place in Belgrade, Serbia from 22nd through 25th of September 2016.

The release of OpenBSD 5.9, previously scheduled for the usual May 1st, has just been officially announced!

With this commit, mpi@ enabled the new ART routing table implementation, which paves way for more MP network stack improvements down the line.

Errata patches were recently issued for an IPv6 bug that affects users of both OpenBSD 5.7 and 5.8, as well as a patch for pledge in the upcoming 5.9 release.Quoting the patch:

This year's AsiaBSDCon has come to an end, with a number of OpenBSD-related talks being presented. Two developers were also invited to the smaller "bhyvecon" event to discuss vmm(4) and future plans.Antoine Jacoutot (ajacoutot@) - OpenBSD rc.d(8) (slides | paper)Henning Brauer (henning@) - Running an ISP on OpenBSD (slides)Mike Belopuhov (mikeb@) - Implementation of Xen PVHVM drivers in OpenBSD (slides | paper)Mike Belopuhov (mikeb@) - OpenBSD project status update (slides)Mike Larkin (mlarkin@) - OpenBSD vmm Update (slides)Reyk Floeter (reyk@) - OpenBSD vmd Update (slides)Videos will likely be uploaded later on. And finally, you can usually find most of the OpenBSD-related presentations at openbsd.org/papers. Future conferences can also be seen at openbsd.org/events.html.

After much internal discussion, OpenBSD has officially discontinued support for the VAX architecture. In a series of commits, Theo de Raadt puts the platform to rest.Read more...

For safety and usability, xterm(1) now uses UTF-8 mode by default.

The 5.9 festivities are starting earlier than usual this time around, with the songs being available before the OS! Accompanying the release media are the following tracks:"Doctor W^X" (mp3 | ogg)"Systemagic (Anniversary Edition)" (mp3 | ogg | lyrics)Seasoned OpenBSD users may notice that the second song is a reprisal of "Systemagic" from way back in the 3.1 release days.Enjoy the tunes! If you're an audio snob like a couple of us here at Undeadly, the uncompressed lossless versions can be found on the 5.9 CD set as always.

As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.