OpenBSD Journal

Otto Moerbeek (otto@) has issued aseries of Mastodon messagesexplaining some of the the virtues of OpenBSD'smalloc(3)implementation.They provide excellent reading in easily-digestible pieces.

Job Snijders (job@) has written anarticle at Mediumproposing rpki-client(1),a new, BSD-licensedRPKIvalidator.

Claudio Jeker (claudio@) wrote in to let us know that he and Job Snijders (job@) have writtenan article about OpenBGPDforRIPE Labs.

Right on the heels of the previous announcement, Kenneth R. Westerback (krw@) of the OpenBSD Foundation writes to inform us:

On his blog, joshua stein (jcs@) has a description of the hoops he jumped through to get stereo sound out of his Huawei Matebook X under OpenBSD (something that only worked under Windows with special drivers).His approach involves logging all PCI device accesses by running Windows in QEMU under Linux with VFIO, parsing that, and making the OpenBSD azalia(4) driver do the same.Thanks to joshua for the interesting write-up!

Kenneth R. Westerback (krw@) writes to inform us:

In this commit, Otto Moerbeek (otto@) moved malloc handling from a softlink in /etc to a sysctl instead.

Gilles Chehade (gilles@) has writtenan articleon recent progress inOpenSMTPD.It begins:

Returning readers are likely aware that OpenBSD in its OpenBSD/amd64 and OpenBSD/i386 varieties comes with virtualization built in, brought to you by the vmm(4) subsystem.

Earlier this week the OpenBSD foundation received its first Silver donation from an individual contributor. Thank you John Carmack for the very generous contribution! The support will ensure that many important projects are moving forward and continue making impact.

Ken Westerback (krw@ when wearing his dev hat) wrote in with some great news:

The release of OpenBSD 6.4 has beenannounced:

Ingo Schwarze (schwarze@) writes in about fresh developments in mandoc(1):

EuroBSDcon 2018is now over, and slides for OpenBSD-related presentations are now availablefrom theusual place.As always, there's some great reading there (especially for those of uswho were unable to attend the conference).Unfortunately, there will not be any video this year.

Fresh from the just concluded n2k18 hackathon comes this report from Ken Westerback(krw@),who writes:

In ashortseriesofcommits,Carlos Cardenas (ccardenas@) added support forqcow2image support to vmd(8).[This builds on anearlier commitadding support for pluggable disk backends.]The code was written by Ori Bernstein, who posted his diffs (thread 1, thread 2) to the tech@openbsd.org mailing list in August.Read more…

Anton Lindqvist (anton@) gave a talk atBSD Users Stockholm Meetup #3 on the kernel coverage tracing kit he committed recently.Slidesare now available via theOpenBSD Events and Papers page.The slides contain a list of bugs found and fixed as a result of this work.See also:kcov(4)

Ken Westerback (krw@ when wearing his dev hat) wrote in withsome great news:

In amessage to tech@,Theo de Raadt (deraadt@)gives an update on the state-of-play regarding processor vulnerabilities:

Theo de Raadt (deraadt@) hascommitteda diff to mitigate the"Intel L1TF screwup" for the amd64 platform we reported on earlier:

Theo de Raadt (deraadt@)posted to the tech@ mailing list with some background on how the latest discovered Intel CPUissues relate to OpenBSD.

[Dr.] Brian Callahan (bcallah@) recently live-streamed(at twitch.tv/NewAstroCity)an interactive OpenBSD Porting Workshop.A recording of the workshop isnow available.

In aseriesofcommits,Todd Mortimer (mortimer@) has added RETGUARDfor the arm64 platform.We previously reported theaddition of RETGUARD for amd64.Read more…

Bob Beck (beck@ when wearing OpenBSD-only hat)has writtena tutorialon using libtls:

Ingo Schwarze (schwarze@ when wearing OpenBSD-only hat)wrote in to let us know about the new release:

Patrick Wildt (patrick@) has been experimenting with small I2C and SPI-connected displays, and withthis commit, it was enabled for armv7 and arm64 platforms as ssdfb(4) in -current.Read more…

For the g2k18 Ljubljana hackathon, i decided to try and get ridof as many small userland tasks as possible.Lots of them have been piling up over time.Read more…

In amessageto tech@, Theo de Raadt (deraadt@) discusses the state of development ofunveil(2)support in userland (and for a certain port):Read more…

A new g2k18 hackathon report has arrived, this time from Kenneth Westerback (krw@), who writes:

Philip Guenther (guenther@)and Bryan Steele (brynet@)have added more mitigations against speculative executionCPU vulnerabilitieson the amd64 platform.Read more…

rad(8) [as described in the g2k18 hackathonreport byFlorian Obser (florian@)]is now the only IPv6router advertisement daemon in -current, following the removal ofrtadvd(8).Advice on making the transition has beenadded to current.html

Claudio Jeker (claudio@) is next up with his report from Ljubljana:

Another g2k18 hackathon report has arrived, this one fromCarlos Cardenas (ccardenas@), who writes:

The next g2k18 report comes from Klemens Nanni (kn@), who writes:

Fresh from the just concluded hackathon in Ljubjlana comes our next report from Florian Obser(florian@) who writes:

Next in from Ljubljana is Matthieu Herrb (matthieu@):

Before winning the football world cup, the french were writing their hackathon reports. Here's the one from Antoine Jacoutot (ajacoutot@):

Theg2k18hackathon has just concluded, and already we have our first report.Marc Espie (espie@) wrote in:

In a change which is bound to be welcomed widely, -current has gained"auto-join" for Wi-Fi networks.Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committedthe work from the g2k18 hackathon in Ljubljana:

In this post, Paul Smith shows how to reduce buffer bloat and improve interactive traffic latencies.

Reyk Floeter (reyk@) hascommittedsupport for simple request rewrites tohttpd(8)/httpd.conf(5) [in -current]:

As part of ongoing mitigations against CPU vulnerabilities,-current has gained a new sysctl, "hw.smt",to control Simultaneous Multi Threading (SMT).This is disabled by default (only on Intel® CPUs, for now).Read more…

There have been more developments in the continuing work mitigatingagainst (Intel®, and potentially other) CPU vulnerabilities…Philip Guenther (guenther@)committed the following:Read more…

Reyk Floeter (reyk@) hascommitteda simple LDAP client to -current:

Earlier this month, Philip Guenther (guenther@)committed(to amd64 -current) a change from lazy to semi-eager FPU switchingto mitigate against rumored FPU state leakagein Intel® CPUs.Theo de Raadt (deraadt@) discussed this in hisBSDCan 2018session.Using information disclosed in Theo's talk,Colin Percivaldeveloped a proof-of-concept exploit in around 5 hours.This seems to have prompted an early end to an embargo(in which OpenBSD was not involved), and theofficial announcementof the vulnerability.

BSDCan 2018has concluded, and materials for (some of) the OpenBSD-related tutorials andtalks can be found inthe usual place.Highlights includethe unveiling of unveil(),hinted at by Bob Beck (beck@) in hisp2k18 report,and"Speculating about Intel", by Theo de Raadt (deraadt@). [An unofficial video of the latter presentation isavailable.]At the time of writing,officialvideo recordings are not yet available.

Todd Mortimer (mortimer@) hascommitted"RETGUARD" for clang (for amd64).This is a new anti-ROPsecurity mechanism, which uses random per-function cookiesto protect return addresses on the stack.Read more…

Joel Sing (jsing@) hascommittedCrypto Simplified Interface (CSI) to -current:

Gilles Chehade (gilles@) hascommitted(to -current) the newsmtpd.confgrammar discussed inhis p2k18 hackathon report.Read more…

Next up in the stream of p2k18 reports is one from Antoine Jacoutot (ajacoutot@):