OpenBSD Journal

The next b2k16 hackathon report comes from Daniel Jakots, who writes:

New contributor doctrit writes,An interesting news article title caught my attention and I was pleasantly surprised to find OpenBSD having a prominent place within the article's content. 8^)

The first report from the b2k16 hackathon comes from Antoine Jacoutot, who writes:

Your next b2k16 report comes form Jeremy Evans, who writes:

Our next b2k16 report comes from Landry Breuil, who writes:

Five OpenBSD 6.0 CD-ROM copies were signed by 40 developers during theg2k16 Hackathon in Cambridge, UK. These copies are being auctioned sequentially on ebay.CD set #1 (Sep 29th + 5 days) sold for $4200CD set #2 (Oct 4th + 3 days) sold for $3000CD set #3 (Oct 8th + 3 days) sold for $817CD set #4 (Oct 11th + 3 days) sold for $635CD set #5 (Oct 14th + 3 days) sold for $1024All proceeds will be donated to the OpenBSD Foundationto support and further the development of free software based on the OpenBSD operating system.Read more...

With a small commit, OpenBSD now has a hypervisor and virtualization in-tree. This has been a lot of hard work by Mike Larkin, Reyk Flöter, and many others.VMM requires certain hardware features (Intel Nehalem or later, and virtualization enabled in the BIOS) in order to provide VM services, and currently only supports OpenBSD guests.

Alexander Bluhm (bluhm@) contributed our next report (which even includes a picture):

The g2k16 hackathon must have been a really great one, because here is yet another report, this time from Patrick Wildt, who writes:

The g2k16 hackathon reports keep coming, and we love it! In this fresh report, Martin Pieuchot writes,

Ted Unangst (tedu@) has written an item regarding doas:

Matthieu Herrb supplied our next g2k16 report:

Vincent Gross supplied the next hackathon report:

Here's yet another g2k16 hackathon report, this one from Antoine Jacoutot, who writes:

Next up in the series of g2k16 hackathon reports is this one from Florian Obser, who writes:

Next up with a g2k16 Hackathon report is Jasper Lievisse Adriaanse:

DragonFly BSD has joined HardenedBSD and TrueOS (formerly PC-BSD) in adopting LibreSSL in the base system:

Next up in our series of g2k16 hackathon reports is Christian Weisgerber, who writes:

Our next g2k16 report comes from Brent Cook (bcook@), who writes:

Next in our series of g2k16 hackathon reports is Ted Unangst, who writes:

The next g2k16 developer report comes from Giovanni Bechis, who writes:

The next developers' hackathon report is from Marc Espie, who writes:

Next up in the g2k16 hackathon reports series is Adam Wolk. Adam writes:

Next up in our series of g2k16 hackathon reports is this one from Martin Natano:

Next in the g2k16 series is the Otto Moerbeek's report. Otto writes,

The first developer report from the just concluded g2k16 hackathon comes from Mike Larkin, who writes:

LLVM Core and Clang (C/C++/Objective-C compiler) of the LLVM Project have been imported into -current.Pascal Stumpf (pascal@) committed the addition:

Support for the zaurus platform has been removed from -current.Philip Guenther (guenther@) committed the change:

September 1st, 2016: The OpenBSD team announces the availability of 6.0!

Kristaps Dzonsons' Let's Encrypt client, letskencrypt, has been imported into OpenBSD-current as acme-client.letskencrypt, which has previously been available as a port, is a privilege-separated Let's Encrypt (ACME protocol) client written in C.Read more...

EuroBSDcon 2016(see earlier article) is on from 22 to 25 September 2016, in Belgrade, Serbia.Early registrationends 2016-08-24 23:59 CEST, so get in now for discounted prices on great (Open)BSD talks and tutorials!

Joel Sing (jsing@) has added server-side Server Name Indication (SNI) support to libtls and, based on that, to httpd.Read more...

As a result of apparent lack of maintenance, Theo de Raadt has disabled tmpfs.

Our next report comes from Philip Guenther, who writes,

Our next report comes from Ken Westerback (krw@), who writes,

The EuroBSDCon 2016 talks and schedule have been released, and oh are we in for a treat!All three major BSD's have a "how we made the network go fast" talk, nearly every single timeslot has a networking related talk, and most of the non-networking talks look fantastic as well.The OpenBSD related talks are:

Pre-orders for the 6.0 CD sets have just been activated.In addition, one of the six release songs has been released early.

Theo de Raadt (deraadt@) has updated the (in-progress) OpenBSD 6.0 release page to indicate that release will occur earlier than is usual:

The first report from the just-concluded n2k16 hackathon comes from Stefan Sperling, who writes:

The facility for allowing non-root users to mount file systems has been removed fromOpenBSD-current due to security concerns.Specifically, the value of kern.usermount(as described in the mount(8) and sysctl(3) man pages) will be ignored in OpenBSD 6.0,and the kern.usermount system variable will be absent from later releases.Theo de Raadt (deraadt@) committed the change:

Now would be a good time to check http://www.openbsd.org/errata59.html as a number of patches related to reliability and security have been released as follows.This appears to be in response to fuzz testing as documented further in this mailing list archive: http://marc.info/?l=oss-security&m=146853062403622&w=2Tim Newsham and Jesse Hertz of NCC Group appear to have done most of the research related to these discoveries so far, and I know at least one of them has had patches committed to the OpenBSD project in the past, so it is nice to see continual collaboration from professional researchers contributing back to project!Again, please check http://www.openbsd.org/errata59.html for links to source code patches to address these issues. Excerpted summaries of the issues discovered below:

Ingo Schwarze wrote in about the new mandoc release,

The BSDCan 2016 conference in Ottawa has just concluded, with a number of OpenBSD-themed talks. These are the talks by OpenBSD developers:Reyk Flöter: An OpenFlow implementation for OpenBSD - Introducing switchd(8) and more about SDN (slides)Henning Brauer: Running an ISP on OpenBSD - Why OpenBSD and several uncommon uses of it (slides)Peter Hessler: Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD. Or: A new protocol actually did improve our routing. (slides)Mike Belopuhov: Implementation of Xen PVHVM drivers in OpenBSD (slides)Antoine Jacoutot: OpenBSD rc.d(8) (slides)Sebastian Benoit: Opensource Routing - Running an enterprise network on OpenBSD (slides)In addition, two OpenBSD-centric tutorials were offered by people who are not themselves OpenBSD developers:Peter Hansteen: Building The Network You Need With PF, The OpenBSD Packet Filter (slides)Aaron Poffenberger: OpenSMTPD for the Real World (slides)

Martin Pieuchot (mpi@) wrote in, saying

Progress on the armv7 platform continues, and Jonathan Gray writes in to the arm@ mailing list with some promising news:

Traditional Unix has allowed memory to be mapped W | X. Everyone now knows that’s a bad practice from a security standpoint, but the software ecosystem hasn't made much progress in this area. Theo de Raadt has just committed a change to begin blocking W^X violations in OpenBSD.

This year's dotSecurity conference featured a presentation from OpenBSD founder Theo de Raadt, titled "Privilege Separation and Pledge."The video is now available here, in addition to the slides.

The next hackathon report comes from Paul Irofti, who writes:

Our next report comes from Jasper Lievisse Adriaanse, who writes:

In a recent email, Theo de Raadt explains the SROP mitigation technique, a recent team effort.