OpenBSD Journal

The 5.9 festivities are starting earlier than usual this time around, with the songs being available before the OS! Accompanying the release media are the following tracks:"Doctor W^X" (mp3 | ogg)"Systemagic (Anniversary Edition)" (mp3 | ogg | lyrics)Seasoned OpenBSD users may notice that the second song is a reprisal of "Systemagic" from way back in the 3.1 release days.Enjoy the tunes! If you're an audio snob like a couple of us here at Undeadly, the uncompressed lossless versions can be found on the 5.9 CD set as always.

As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.

OpenBSD 5.9 is shaping up to be quite a big release, and pre-orders for the CD sets have just been activated.Read more...

There are no doubt many eyes on OpenBSD's continuing network SMP renovation. Hrvoje Popovski writes in to tell us about some performance testing he's been doing:

It's been a long time coming, but Linux Emulation is going away.

The list of accepted talks for this year's BSDCan conference has been announced, with the following OpenBSD-related ones being accepted:Reyk Floeter (reyk@), An OpenFlow Implementation for OpenBSDPeter Hessler (phessler@), Bidirectional Forwarding Detection (BFD) Implementation and Support in OpenBSDPeter Hansteen, Building the Network You Need with PF, the OpenBSD Packet FilterMike Belopuhov (mikeb@), Implementation of Xen PVHVM Drivers in OpenBSDAntoine Jacoutot (ajacoutot@), OpenBSD rc.d(8)Aaron Poffenberger, OpenSMTPD for the Real WorldHenning Brauer (henning@), Running an ISP on OpenBSDSebastian Benoit (benno@), Open Source RoutingThe event will be held on June 8-11th at the University of Ottawa in Canada.

Mark Kettenis (kettenis@) posted to tech@ asking Firefox users and others to test a patch that changes the threadsafe malloc(3) strategy from spinlocks to mutexes. Mark writes,

This is the most serious bug you'll hear about this week: the issues identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778.An early heads up came from Theo de Raadt in this mailing list posting.Until you are able to patch affected systems, the recommended workaround is to use

Those of you who have been following OpenBSD commits have no doubt noticed the recent work on supporting OpenBSD as a guest on theXen hypervisor.

Robert Nagy (robert@) has integrated quite a few patches to the OpenBSD port of the Chromium browser since its addition to the tree, but the latest one is quite significant. In his recent commit, pledge(2) support has been added.Read more...

In a continuing series of pledge(2) reports, Theo de Raadt (deraadt@) gives us the latest update before the 5.9 freeze.Read more...

Desktop users can feel just a bit safer now, as Alexandre Ratchov (ratchov@) has introduced some initial privilege separation to sndiod(1).Read more...

Fresh from the recently completed n2k15 hackathon, here comes Stefan Sperling's (stsp@) report:

Next up in our continuing series of n2k15 hackathon reports comes one from Martin Pieuchot (mpi@), who writes:

Our next report comes from the hackathon organizer himself, Reyk Floeter (reyk@).

The next n2k15 hackathon report comes from Ken Westerback (krw@).

Just in, this report from Vincent Gross (vgross@) on the recent n2k15 hackathon:

Next up in the ongoing series of n2k15 reports is Alexander Bluhm (bluhm@), who writes:

The second n2k15 hackathon report comes from Ted Unangst (tedu@), who writes:

Our first n2k15 hackathon report comes from Alexandr Nedvedicky (sashan@), who writes:

Ulf Brosziewski (bru@) writes to tech@:

Two OpenBSD developers gave presentations at this year's Hackfest security conference in Quebec. The videos of both are now online for your viewing pleasure:"Kernel W^X Improvements In OpenBSD" by Mike Larkin (mlarkin@) (slides)"Pledge: A New Security Technology in OpenBSD" by Theo de Raadt (deraadt@) (slides)

Renato Westphal (renato@) recently agreed to answer some questions in the wake ofcommittingeigrpd(8):

The long-anticipated native OpenBSD amd64 and i386 hypervisor vmm(4) has been committed, with userland tools, to the public CVS repository. If you've been following source changes closely, you probably noticed the series of commits like this one from Mike Larkin (mlarkin@), supplemented with one by Reyk Floeter (reyk@). In an announcement and overview sent to tech@, Mike writes:

In our ongoing series of ü2k15 hackathon reports, here is Mike Belopuhov's (mikeb@) entry:

The next hackathon report is from Florian Obser (florian@), who writes:

For those wondering about the ongoing integration progress of OpenBSD's pledge(2) subsystem, Theo de Raadt (deraadt@) has an informative update.

Our next u2k15 hackathon report comes from none other than Stefan Sperling (stsp@), who writes:

Stefan Sperling (stsp@) writes in to the tech@ list with a great announcement for WiFi users:

The next u2k15 hackathon report comes from Sebastian Reitenbach (sebastia@), with adventures from packages land:

The next report from the 2k15 hackathon comes from Joerg Jung (jung@), chronicling among other things the introduction of asmc(4):

Our next u2k15 report comes from Martin Pieuchot (mpi@):

Many moons ago, OpenBGPd was extensively used throughout the networking world as a Route Server. However, over the years, many have stopped using it and have migrated away to other implementations. Recently, I have been getting more involved with the networking community, so I decided to ask "why?"Read more...

Nicholas Marriott (nicm@) has replaced the aging version of less(1) in the OpenBSD base system with a more modern fork from illumos founder Garrett D'Amore.Read more...

Mike Larkin (mlarkin@) is making progress on vmm(4), the upcoming OpenBSD-native hypervisor. He shared a status update today on Twitter, showcasing a VM booting to multiuser login.Read more...

The first report to come in from the newly completed u2k15 hackathon in Berlin is from Ken Westerback (krw@), who writes:

Polish BSD news site beastie.pl has been conducting interviews with various OpenBSD developers for the 20th anniversary. Each one covers some background info on the interviewee, how and why they got into OpenBSD and what they're looking forward to. The series has just concluded, and you can find the complete list here:Read more...

Polish BSD news site beastie.pl has been conducting interviews with various OpenBSD developers for the 20th anniversary. Each one covers some background info on the interviewee, how and why they got into OpenBSD and what they're looking forward to. The series has just concluded, and you can find the complete list here:Read more...

No, that's not a typo; the videos for EuroBSDCon 2014 are finallyonline. The OpenBSD presentations were:

After recent discussions of revisiting W^X support in Mozilla Firefox, David Coppa (dcoppa@) has flipped the switch to enable it for OpenBSD users running -current.Read more...

October 18th, 2015: The OpenBSD team marks the 20th anniversary of the project today with the general availability of OpenBSD 5.8.

On this week'sepisodeofBSDNow,the hosts interview OpenBSD's Brandon Mercer (bmercer@) about how and why he became an OpenBSD developer, the unfortunate state of IT in the health care industry and how OpenBSD has a part to play in fixing that, and his insights into how OpenBSD's 1-year support cycle can help you to 'clean out your fridge' for better overall tech results.As always, they have a roundup of the week's odds and ends in the world of BSD.[Video|HD Video|MP3 Audio|OGG Audio|Torrent]

The first CD set arrived report to appear on misc@ was the one from M Wheeler, located somewhere in the UK, who wrote:

As noted in a previous story, the new pledge(2) privilege restriction syscall (formerly known as tame(2)) has been inserted into large swathes of the base system. Theo de Raadt (deraadt@) asked tech readers to look closely for any failures:

As mentioned in a previous article, the OpenSMTPD code has seen its first independent audit, which lead to a series of errata and commits. Now main OpenSMTPD developer Gilles Chehade (gilles@) posted a summary of the audit and recent events to the misc@opensmptd.org mailing list, with discussion of the bugs found and some forward-looking statements:

The tame(2) privilege restriction syscall has now been renamed to pledge(2) by Theo de Raadt in this commit:

This year's EuroBSDCon in Stockholm, Sweden was a quite successful conference with approximately 250 attendees and a fairly strong showing of OpenBSD developers presenting:

OpenSMTPD has bumped its version number a couple times in the last few days, and there's been some confusion about the included security fixes. This post will bring you up to speed on what's affected and what's not.Read more...

After recently publishing theslidesfrom his talk on the subject,Theo de Raadt (deraadt@) has justmailedthe masses, letting us know where we are withtame(2):

Our next l2k15 hackathon report comes from Bob Beck (beck@):