OpenBSD Journal

Ingo Schwarze (schwarze@) writes in with an analysis of the issues found by afl in mandoc:After realizing that I have nine topics for my BSDCan talk and that I can't cover them all in the depth they deserve, here are a few more details about afl and mandoc than I can't cover in the talk. Not a spoiler, there is still plenty of material for the talk!Read more...

On this week'sepisodeofBSDNow,Marc Espie (espie@) talks about dpb, OpenBSD's distributed package builder,which runs the binary package builds in Theo'sbasement.He talks about why it came about, the security measures built in, and the minimalistic and works-out-of-the-box configuration, among other things.The hosts also talk about their experiences at the recent BSDCan, and,ss usual, they have the roundup of the news, big and small, in the world of allthings BSD.[Video|HD Video|MP3 Audio|OGG Audio|Torrent]

Alexandre Ratchov (ratchov@)posteda call for testing of a newaudio(4)driver:

Brent Cook (bcook@) hasannouncedthe latest LibreSSL releases, which contain fixes for several CVEs:

Windows admins rejoice! Microsoft's PowerShell Teamannouncedfuture support for SSH, specificallyOpenSSH:

With a recentcommit,Reyk Flöter (reyk@) flipped the switch onspamd(8)'spf interfacement:

OpenBSD project leader Theo de Raadt (deraadt@) outlined some issues with the CD plant, which led to an incorrectly-finished CD 2, some of which were, unfortunately, shipped prior to the issue being found.

On this week'sepisodeof BSDNow, the hosts interview Mike Larkin (mlarkin@) abouthow he got started in OpenBSD, hisrecentand upcoming work on W^X,and how that fits into the OpenBSD exploit mitigation ecosystem.As always, they also have all the news and reviews in the world of all things BSD.[Video | HD Video|MP3 Audio|OGG Audio|Torrent| YouTube]

After a delay due to unfortunate production problems (the first such delay in 20 years), the OpenBSD Store announced that all pre-orders had been shipped.And it seemed like only moments later that Raf Czlonka was the first to report on the misc@ mailing list that his pre-ordered OpenBSD 5.7 CD set had arrived.Even if you hadn't preordered, you still have a chance to order your CD set and other swag by visting the OpenBSD Store. If you want to support the project financially in other ways, the Donations page is, as always, a good place to start.

In a this commit, a first in a series, Henning Brauer (henning@) made disk allocations during automatic installs much more flexible via the introduction of diskablel templates. The matching installer bits came along via this commit by Robert Peichaer (rpe@).Quoting the updated disklabel(8) man page,

May 1st, 2015, Calgary, AB, CA and elsewhere:OpenBSD 5.7 has been released. The brand new 5.7 subdirectory should now be available and filled up on all relevant mirrors for those of you who have yet to receive your CD orders.The release announcement, posted on project mailing lists earlier today, and the release home page both mention some highlights of the new release, while the complete changelog for the release is available on the OpenBSD website.While you are too late to be the first to preorder a shiny OpenBSD release CD set, you can order one of your own, as well as a very cool 5.7-release poster.

The OpenBSD page for Google Summer of Code 2015 has been updated with the list of accepted projects for this year.

Due to overwhelming response, the deadline for submitting talks to EuroBSDCon has beenextended:

A bit late out of the gate, Undeadly readers are likely interested in thelatest episodeofBSDNow,featuring news of Solaris working to include OpenBSD's pf as an option on upcoming releases,the Bay Area BSD User Group keeping a stream of videos from their meetings going,some long-form blogging about the OpenBSD ports system,a discussion about keeping your home firewalls up to date,LLVM growing a fuzzing library, and most especially aninterview with Pascal Stumpf (pascal@), with an overview of the whys and hows of address space layout randomization (ASLR) and the work extending position-independent executable (PIE) to statically-linked binaries.[Video|HD Video|MP3 Audio|OGG Audio|Torrent]

Ingo Schwarze (schwarze@) writes in with our fourth report from the p2k15 ports hackathon:

Undeadly's very own Peter Hansteen haswritten upsome PF-on-Solaris-relatedemail chatter:

Stefan Sperling (stsp@) writes in with our third report from the p2k15 ports hackathon:

Ken Westerback (krw@) writes in with our second report from the p2k15 ports hackathon:

Joel Sing (jsing@) has put out acall for testingfor RAID 5 onsoftraid(4):

Landry Breuil (landry@) writes in with our first report from the p2k15 ports hackathon:

The OpenNTPD team has announced the availability of OpenNTPD 5.7p4, which adds

As Damien Miller (djm@)announcedon tech@, support for SSH version 1 is now no longer being included in OpenBSD SSH:

Martin Pieuchot (mpi@) writes in about what's needed for further SMP improvements in the network stack:

This week has been full of other exciting news, so it may have been easy to miss that the OpenSSH team has released OpenSSH 6.8. The new release is billed as

The response to today's much-anticipated unveiling of newly discovered OpenSSL vulnerabilities has been varied and loud as expected. However, the impact on the OpenBSD-initated LibreSSL project's code -- which has undergone extensive cleanup since LibreSSL forked off OpenSSL's code base in 2014 -- appears to be limited. Out of a total of 13 CVEs in OpenSSL's announcement, only five - CVE-2015-0207, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289 and CVE-2015-0209, still applied to LibreSSL's code.The main takeaway from the announcement appears to be that the cleanup has been effective, however these 'crash-inducing' issues have now been fixed in LibreSSL:

The EuroBSDCon 2015 conference organizers have announced the Call for Papers for the upcoming conference in Stockholm, Sweden.Go to https://2015.eurobsdcon.org/call-for-papers/ for details; the full text of the announcement also follows after the fold.Read more...

The LibreSSL team has released LibreSSL 2.1.5, which the team characterizes as

Slides from the AsiaBSDCon 2015 presentations are expected to appear on the OpenBSD web site (specifically the Presentations and Papers) page.The first presentation to appear there was Reyk Floeter's OpenBSD's new httpd (slides), also with a paper version.Other developers have been quite punctual too, publishing their presentations soon after their sessions at the conference:Peter Hessler: The results of using BGP for realtime import and export of spam whitelist/blacklist entries

Yes, you read that right!

Patches for bugs in the FreeType library areavailable:

Our fourth report from the s2k15 hackathon comes from Ted Unangst:

Our third report from the s2k15 hackathon comes from Jonathan Gray (jsg@):

Brent Cook (bcook@)posted:

As reported by Ted Unangst (tedu@) ontech:

The OpenBSD foundation has published its Project Ideas List for this year's Google-sponsored Summer of Code. If you're a student with an appropriate background, this could be your chance to take a stab at contributing to the OpenBSD code base, with OpenBSD developers as your mentors.The Foundation and the OpenBSD project do not guarantee that SOC projects are accepted into the OpenBSD code base, but it's worth trying, isn't it?Check out the list and see if there's something there you want to spend most of the summer hacking on.

In this week'sepisode,the fellas fromBSDNowinterview Ken Westerback (krw@), one of the directors of theOpenBSD Foundation. They also talk about the nascent BSDCan 2015schedule,Reyk Flöter's superfish-esquerelayd.conf,OpenBSD on the Minnowboard Max,and all the odds and ends in the week's BSD news.[Video|HD Video|MP3 Audio| OGG Audio|Torrent]

Ken Westerback (krw@)wrote inon behalf of theOpenBSD Foundationto let us know what happened last year, and what's in store for us now:

The second s2k15 hackathon reports comes from Ken Westerback (krw@), who writes:

Martin Pieuchot (mpi@) writes in with his report from the s2k15 hackathon:

On this week'sepisode,theBSDNowfolks interview Henning Brauer (henning@), featuring a cameo by the lovely and talented Ken Westerback (krw@) aboutOpenNTPD,especially in regards to theportable revivaland later drool over the newsecurity features.[Video|HD Video|MP3 Audio|OGG Audio|Torrent]

Seth writes in to announce the OpenBSD booth at this year's SCALE 13x conference:

After what appears to have been a very successful s2k15 hackathon, two significant thank you themed posts have appeared on OpenBSD mailing lists. Thefirst came on misc@ from longtime user and supporter Diana Eichert, with the subject a thankyou to OpenBSD. Diana writes,

Everybody's favourite audio hacker Alexandre Ratchov (ratchov@) is inviting you to a concert in Grenoble (France). Read on to find out how this relates to OpenBSD:

Reyk Flöter (reyk@)wrote into tech@, talking about some work he'd done ats2k15:

From the trenches ofs2k15:

Earlier this week, the s2k15 hackathon started down here in Brisbane Australia.