OpenBSD Journal

Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:

The OpenBSD presence at the just concluded BSDCan was quite strong, and here is the first trip report, from Phillipp Buehler:

Our next report from the d2k17 hackathon comes from Martin Pieuchot, who writes:

Alexander Bluhm (bluhm@) wrote in with a hackathon report:

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.Todd's message to tech says,

In amessage to the tech@ mailing list,Theo de Raadt (deraadt@) has announced a new randomization feature forkernel protection:

OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at https://blog.tintagel.pl/2017/06/09/openbsd-daily.html.

A new Microsoft Azure blog entry, Running OpenBSD on Azure, describes OpenBSD support:

Florian Obser (florian@) kindly supplied a report on his d2k17 activities:

Our next d2k17 report comes from Antoine Jacoutot (ajacoutot@), who writes:

Our second d2k17 report is from Ken Westerback (krw@), who writes:

The first report from the recently completed d2k17 hackathon comes from Stefan Sperling, who writes:

The flak reports by Ted Unangst (tedu@) continue with parts 620, 621, and 622.As always, there are plenty of interesting developments.Update: part 623

Relayd and Httpd Mastery, the latest book in the "Mastery" series by Michael W Lucas, is now available.From the author's page for the book:

Kenneth R Westerback of The OpenBSD Foundation (aka krw@, when wearing his dev hat) writes:

OpenBSD 6.1 was announced as the first release with no CD available for purchase.Now it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017.Bob Beck (beck@) writes in to tell us

Errata for OpenBSD 6.1 and 6.0 have been announced. The message to announce@openbsd.org [from T.J. Townsend (tj@)] reads:

In a series of commits starting here and ending with this one, Damien Miller completed the removal of all support for the now-historic SSHv1 protocol from OpenSSH. The final commit message, for the commit that removes the SSHv1 related regression tests, reads:

Landry Breuil, OpenBSD's firefox (and other Mozilla ports) maintainer, writes:Maybe i haven't talked about it enough on the lists, but since i'vebeen maintaining the various mozillas in the portstree (cvs log says istarted around firefox 3.6.something... 7 years ago. *sigh*) alot of things changed, so i wanted take the 6.1 release as an occasionto sum up the various ways one could run which version of which firefoxon which version of OpenBSD.Read more...

Every OpenBSD release since 3.0 (back in 2001) has had at least one relase song, and OpenBSD 6.1 is no different. Today, Theo de Raadt released the OpenBSD 6.1. The Songs page has download links, lyrics and a background story, which reads:

A series of commits, culminating in this one, have seen clang(1) added to the base system (as a non-default compiler) on the amd64 and i386 platforms:

April 11, 2017: The OpenBSD project has announced the availability of the newest release, OpenBSD 6.1:

Ian Darwin writes in about his work deploying the arm64 platform and the Raspberry Pi 3:So I have this empty white birdhouse-like thing in the yard, open at the front. It was intended to house the wireless remote temperature sensor from alow-cost weather station, which had previously been mounted on a dark-colored wall of the house (reading were really high when the sun reached that side of the house!).But when I put the sensor into the birdhouse, the signal is too weak for the weather station to receive it(the mounting post was put in place by a previous owner of our property, and is set deeply in concrete).So the next plan was to pop in a tiny OpenBSD computer with a uthum(4) temperature sensor and stream the temperature over WiFi.Read more...

While the world largely wasn't looking, there was a nano hackathon last month, Hackathon report - e2k17 Hackathon, Edmonton Alberta. Bob Beck (beck@) writes,

Mike Larkin (mlarkin@) writes on tech@:

Google's golang, collaboratively developed by Unix and C pioneers like Ken Thompson, Rob Pike et al has been very BSD friendly (the language itself is BSD licensed) and it just got even friendlier for OpenBSD's pledge mechanism.To quote the diff:"unix: add support for OpenBSD pledgePledge, the privilege-restricting syscall and mitigation mechanism,was missing from syscall_openbsd.go. As of the latest release, itis officially supported in 'stable'."Link to the full golang diff here: https://go.googlesource.com/sys/+/8fd966b47dbdd4faa03de0d06e3d733baeb9a1a9%5E%21/

On behalf of the EuroBSDCon 2017 Program Committee, here is the Call for Proposals for the EuroBSDCon 2017 conference which will take place in Paris, France from 21st through 24th of September 2017:

Ingo Schwarze (schwarze@) has written in with another (beautifully formatted)report on even more great mandoc(1)enhancements:Read more...

Ted Unangst (tedu@) continues his flak series with part 6 and part 7.

If you follow commits closely, via source-changes@ or otherwise, you may already know that mandoc has grown another useful feature. Ingo Schwarze sent us this very nicely formatted article about the new mandoc to markdown converter:Read more...

Ken Westerback (krw@ when wearing his developer hat) writes in with a summary:

Hrvoje Popovski kindly wrote in to point out that Martin Pieuchot (mpi@) has written a piece entitled What happened to my vlan?.The piece begins:

Ingo Schwarze (schwarze@) writes in:

Next up in our series of a2k17 hackathon reports is this one from Antoine Jacoutot, who writes:

Patrick Wildt (patrick@) reports on progress with arm64 platform support:

Our next a2k17 report comes from Martin Pieuchot (mpi@), who writes:

Still fresh from the just completed hackathon down under Ken Westerback writes,

Fresh from the newly completed a2k17 hackathon comes this report from Bob Beck:

Martin Pieuchot has written another article chronicling the modernization of the network stack. Martin writes,

Avoid possible side-channel leak of ECDSA private keys when signing.A source code patch exists which remedies this problem:for 6.0.for 5.9This is related to CVE-2016-7056 "ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)"Additional details can be read here: http://seclists.org/oss-sec/2017/q1/52Thanks to M:Tier https://stable.mtier.org for raising awareness on this patch.

OpenBSD as WiFi access points look set to be making a comeback in the near future. With this diff https://marc.info/?l=openbsd-tech&m=148396652007923&w=2, Stefan Sperling added 802.11n hostap mode, with full support initially for the Atheros chips supported by the athn(4) driver.

Michael W Lucas is offering the chance to get your name in his forthcoming book on relayd and httpd:

Ted Unangst (tedu@) continues his flak series with part 5.

Undeadly editor Peter Hansteen (pitrh) recently spoke to the Bergen (BSD and) Linux User Group (BLUG) on the subject "OpenBSD and you", and has shared the slides from the talk.These make a great resource for preaching to the as-yet-unconverted.

A new version of OpenSSH has been announced. Continue reading for the changelog of OpenSSH 7.4 below: Read more...

Ingo Schwarze (schwarze@) writes in:

Ted Unangst (tedu@) has written a flak entry entitled "openbsd changes of note".It gives an overview (with relevant links) of recent significant changes in -current.Update: there is now a second part.Update: there is now a third part.

Kristaps Dzonsons, of mandoc and acme-client (and more) fame, has written a detailed article entitled "why pledge(2) …or, how I learned to love web application sandboxing".The tl;dr section starts:

Today's big news comes from the OpenBSD Foundation, via director Ken Westerback. The official word from the foundation is:

The first report out of the just completed l2k16 (LibreSSL focused) hackathon comes from Ingo Schwarze, who writes: