OpenBSD Journal

Ted Unangst just sent an announcement of LibreSSL patches

The second p2k16 report comes from first time hackathon attendee Theo Buehler, who writes:

Our very first p2k16 hackathon report comes from none other than Marc Espie, who writes:

With the p2k16 hackathon just coming to a close, Marc Espie has revealed one of the new things he worked on.

Theo (deraadt@) writes in to the tech@ mailing list, with a clever idea that we would like to try.

OpenBSD developers from around the world have just gathered in Nantes, France for the p2k16 hackathon. This event is technically a ports hackathon, but many non-porters have showed up too, which means you can expect a variety of different improvements.As an early example, ajacoutot@ has just set sysmerge to run automatically during the upgrade process.Head over to the hackathons page to see the artwork, and stay tuned to Undeadly for some post-hackathon reports.

We here at Undeadly are looking to move the site to HTTPS-only. It's been discussed for quite a while, but there's one roadblock that we're looking for some help to overcome.Read more...

On behalf of the EuroBSDCon 2016 Program Committee, here is the Call for Papers for the EuroBSDCon 2016 conference which will take place in Belgrade, Serbia from 22nd through 25th of September 2016.

The release of OpenBSD 5.9, previously scheduled for the usual May 1st, has just been officially announced!

With this commit, mpi@ enabled the new ART routing table implementation, which paves way for more MP network stack improvements down the line.

Errata patches were recently issued for an IPv6 bug that affects users of both OpenBSD 5.7 and 5.8, as well as a patch for pledge in the upcoming 5.9 release.Quoting the patch:

This year's AsiaBSDCon has come to an end, with a number of OpenBSD-related talks being presented. Two developers were also invited to the smaller "bhyvecon" event to discuss vmm(4) and future plans.Antoine Jacoutot (ajacoutot@) - OpenBSD rc.d(8) (slides | paper)Henning Brauer (henning@) - Running an ISP on OpenBSD (slides)Mike Belopuhov (mikeb@) - Implementation of Xen PVHVM drivers in OpenBSD (slides | paper)Mike Belopuhov (mikeb@) - OpenBSD project status update (slides)Mike Larkin (mlarkin@) - OpenBSD vmm Update (slides)Reyk Floeter (reyk@) - OpenBSD vmd Update (slides)Videos will likely be uploaded later on. And finally, you can usually find most of the OpenBSD-related presentations at openbsd.org/papers. Future conferences can also be seen at openbsd.org/events.html.

After much internal discussion, OpenBSD has officially discontinued support for the VAX architecture. In a series of commits, Theo de Raadt puts the platform to rest.Read more...

For safety and usability, xterm(1) now uses UTF-8 mode by default.

The 5.9 festivities are starting earlier than usual this time around, with the songs being available before the OS! Accompanying the release media are the following tracks:"Doctor W^X" (mp3 | ogg)"Systemagic (Anniversary Edition)" (mp3 | ogg | lyrics)Seasoned OpenBSD users may notice that the second song is a reprisal of "Systemagic" from way back in the 3.1 release days.Enjoy the tunes! If you're an audio snob like a couple of us here at Undeadly, the uncompressed lossless versions can be found on the 5.9 CD set as always.

As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.

OpenBSD 5.9 is shaping up to be quite a big release, and pre-orders for the CD sets have just been activated.Read more...

There are no doubt many eyes on OpenBSD's continuing network SMP renovation. Hrvoje Popovski writes in to tell us about some performance testing he's been doing:

It's been a long time coming, but Linux Emulation is going away.

The list of accepted talks for this year's BSDCan conference has been announced, with the following OpenBSD-related ones being accepted:Reyk Floeter (reyk@), An OpenFlow Implementation for OpenBSDPeter Hessler (phessler@), Bidirectional Forwarding Detection (BFD) Implementation and Support in OpenBSDPeter Hansteen, Building the Network You Need with PF, the OpenBSD Packet FilterMike Belopuhov (mikeb@), Implementation of Xen PVHVM Drivers in OpenBSDAntoine Jacoutot (ajacoutot@), OpenBSD rc.d(8)Aaron Poffenberger, OpenSMTPD for the Real WorldHenning Brauer (henning@), Running an ISP on OpenBSDSebastian Benoit (benno@), Open Source RoutingThe event will be held on June 8-11th at the University of Ottawa in Canada.

Mark Kettenis (kettenis@) posted to tech@ asking Firefox users and others to test a patch that changes the threadsafe malloc(3) strategy from spinlocks to mutexes. Mark writes,

This is the most serious bug you'll hear about this week: the issues identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778.An early heads up came from Theo de Raadt in this mailing list posting.Until you are able to patch affected systems, the recommended workaround is to use

Those of you who have been following OpenBSD commits have no doubt noticed the recent work on supporting OpenBSD as a guest on theXen hypervisor.

Robert Nagy (robert@) has integrated quite a few patches to the OpenBSD port of the Chromium browser since its addition to the tree, but the latest one is quite significant. In his recent commit, pledge(2) support has been added.Read more...

In a continuing series of pledge(2) reports, Theo de Raadt (deraadt@) gives us the latest update before the 5.9 freeze.Read more...

Desktop users can feel just a bit safer now, as Alexandre Ratchov (ratchov@) has introduced some initial privilege separation to sndiod(1).Read more...

Fresh from the recently completed n2k15 hackathon, here comes Stefan Sperling's (stsp@) report:

Next up in our continuing series of n2k15 hackathon reports comes one from Martin Pieuchot (mpi@), who writes:

Our next report comes from the hackathon organizer himself, Reyk Floeter (reyk@).

The next n2k15 hackathon report comes from Ken Westerback (krw@).

Just in, this report from Vincent Gross (vgross@) on the recent n2k15 hackathon:

Next up in the ongoing series of n2k15 reports is Alexander Bluhm (bluhm@), who writes:

The second n2k15 hackathon report comes from Ted Unangst (tedu@), who writes:

Our first n2k15 hackathon report comes from Alexandr Nedvedicky (sashan@), who writes:

Ulf Brosziewski (bru@) writes to tech@:

Two OpenBSD developers gave presentations at this year's Hackfest security conference in Quebec. The videos of both are now online for your viewing pleasure:"Kernel W^X Improvements In OpenBSD" by Mike Larkin (mlarkin@) (slides)"Pledge: A New Security Technology in OpenBSD" by Theo de Raadt (deraadt@) (slides)

Renato Westphal (renato@) recently agreed to answer some questions in the wake ofcommittingeigrpd(8):

The long-anticipated native OpenBSD amd64 and i386 hypervisor vmm(4) has been committed, with userland tools, to the public CVS repository. If you've been following source changes closely, you probably noticed the series of commits like this one from Mike Larkin (mlarkin@), supplemented with one by Reyk Floeter (reyk@). In an announcement and overview sent to tech@, Mike writes:

In our ongoing series of ü2k15 hackathon reports, here is Mike Belopuhov's (mikeb@) entry:

The next hackathon report is from Florian Obser (florian@), who writes:

For those wondering about the ongoing integration progress of OpenBSD's pledge(2) subsystem, Theo de Raadt (deraadt@) has an informative update.

Our next u2k15 hackathon report comes from none other than Stefan Sperling (stsp@), who writes:

Stefan Sperling (stsp@) writes in to the tech@ list with a great announcement for WiFi users:

The next u2k15 hackathon report comes from Sebastian Reitenbach (sebastia@), with adventures from packages land:

The next report from the 2k15 hackathon comes from Joerg Jung (jung@), chronicling among other things the introduction of asmc(4):

Our next u2k15 report comes from Martin Pieuchot (mpi@):

Many moons ago, OpenBGPd was extensively used throughout the networking world as a Route Server. However, over the years, many have stopped using it and have migrated away to other implementations. Recently, I have been getting more involved with the networking community, so I decided to ask "why?"Read more...

Nicholas Marriott (nicm@) has replaced the aging version of less(1) in the OpenBSD base system with a more modern fork from illumos founder Garrett D'Amore.Read more...

Mike Larkin (mlarkin@) is making progress on vmm(4), the upcoming OpenBSD-native hypervisor. He shared a status update today on Twitter, showcasing a VM booting to multiuser login.Read more...

The first report to come in from the newly completed u2k15 hackathon in Berlin is from Ken Westerback (krw@), who writes: