OpenBSD Journal

Rafael Sadowski (rsadowski@) has added a new post to his Shut up and hack series, titledEffortless OpenBSD Audio and Desktop Screen Recording Guide,where he takes the reader through the steps needed to configureyour OpenBSD system for audio and video recording.The post even includes ayoutube videowhere he demonstrates recording while he is putting final touches on the blog post.You can take in the blog post here:Effortless OpenBSD Audio and Desktop Screen Recording Guide.

The OpenSSH projecthasannouncedthe timeline for the removal ofDSA support from OpenSSH:

While you were likely busy celebrating the new year,OpenBSDdeveloper Solene Rapenne (solene@)found the time to write an article detailing variousOpenBSD workstation hardening tips.It's a useful collection of things you could do to secure your environment and customize your setup to best fill your needs.Enjoy!

Following therecent CFT,Marcus Glocker (mglocker@) hascommitted[to -current]TSO forem(4):

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) gave a summary of progress so far, along with a patch for testing what will likely be the next steps in the process.The message leads in,

Sebastian Benoit (benno@)announcedthe release ofversion 8.8ofrpki-client.It's basically a bug-fix release; see therelease announcementfor details.

Stefan Sperling (stsp@)hascommittedto -currenta WIPdriver for Qualcomm ath11kwi-fi adapters(such as that found in theLenovo ThinkPad X13s):

In a recent message to tech@,Marcus Glocker (mglocker@), asks users running -current fortesting of a potenially performance enhancing diff:

KDE Plasma is now fully functional on OpenBSD and available via the package system. To install, a simple

Sebastian Benoit (benno@)announcedthe release ofversion 8.7ofrpki-client:

As announced by Damien Miller OpenSSH 9.6/9.6p1 has been released.The complete release notes may be found here: https://www.openssh.com/releasenotes.html#9.6.Among notable changes, this release includes a fix for the Terrapin Attack.Read more...

The work described in Theo de Raadt'spost(see our previous article)continues:

Theo de Raadt (deraadt@)postedto tech@ regarding restrictions on theaddresses from which system calls can be made.In addition to providing background,the post contains information (and a patch)for an imminent change - the introduction of a newsyscall,pinsyscalls(2)[link not working at the time of writing because change not yet committed],which specifies the addresses from which individualsystem calls are permitted.pinsyscalls(2) will be called only fromthe shared library linker,ld.so(1).

Version 0.95of Game of Treeshas been released (and the portupdated):

Otto Moerbeek (otto@), the author of OpenBSD'smalloc(3)implementation, hascomittedanother great feature - backtraces for leak detection:

Version 0.94of Game of Treeshas been released (and the portupdated):

Tobias Heider (tobhe@) hasannouncedthe release ofversion 7.3ofOpenIKED:

Omar Polo (op@) hasannouncedthe release of version 7.4.0p1 ofOpenSMTPD.It is a bugfix release.

In a long series ofcommits,Robert Nagy (robert@)updatedclang(1)/llvmin -current to version 16:

A new stable release of LibreSSL is out, and should be arriving on amirrornear you shortly.Brent Cook (bcook@)'sannouncement reads:

Theo de Raadt (deraadt@)posted totech@a message entitleddisruptive amd64 snapshot coming.It reads:

Hot on the heels of the release of OpenBSD 7.4, Omar Polo (op@) has announced the release of OpenSMTPD 7.4.0p0. The announcement reads,

Asannouncedon themisc@mailing list,Otto Moerbeek (otto@),the author of OpenBSD'smalloc(3)implementation[a.k.a. "otto malloc"],has written atutorial on the newmalloc(3) leak detection available in OpenBSD 7.4Read it at:OpenBSD's built-in memory leak detectionSince the publication of that write-up,Otto hascommittedfurther enchancements:

Asannouncedon themisc@mailing list,Otto Moerbeek (otto@),the author of OpenBSD'smalloc(3)implementation[a.k.a. "otto malloc"],has written atutorial on the newmalloc(3) leak detection available in OpenBSD 7.4Read it at:OpenBSD's built-in memory leak detectionSince the publication of that write-up,Otto hascommittedfurther enhancements:

The OpenBSD project has announced the release ofOpenBSD 7.4,the 55 release of the OpenBSD operating system.The new release contains a number of innovations and improvements across a number of areas, including

The release of version 8.3 ofOpenBGPDhas beenannounced.This version contains a few fixes.

Rafael Sadowski (rsadowski@)bloggedabout his participation inp2k23.Perhaps most notable is his work in portingKDEPlasma.Read all about it athttps://rsadowski.de/posts/2023-10-09-p2k23-dublin-openbsd-hackathon/.There is some further discussion of the work in a thread titled NEW: KDE Plasma (x11/kde-plasma) on the ports@ mailing list.

Version 8.6ofrpki-client, the FREE, easy-to-use implementation of the ResourcePublic Key Infrastructure (RPKI)for Relying Parties (RP),has beenreleased.This version includes new compliance checks,random shuffling of processing of Manifest entries,and [non-random!] code shuffling.See the announcement for more details.This is another hint that a new OpenBSDreleaseis about to happen, and soon.

Jay Eptinxa has published a detailed write-up,entitledE-mail Filters In C,of his work creating aspamd(8)-likegreylistingsmtpd(8)filter.Thanks to Crystal Kolipe for letting us know!

OpenSSH 9.5has beenreleased.This releases features the keystroke timing obfuscationon which we reportedearlier.

With a message from Claudio Jeker (claudio@), the OpenBSD project today announced the release of the OpenBSDBGP(Border Gateway Protocol) daemon OpenBGPD, version 8.2.The announcement reads,

ManyOpenBSDsysadminsfind thesysclean(8)portuseful for removing obsolete files following upgrades.Sebastien Marie (semarie@),theauthorof sysclean(8),has written apiecegiving an under-the-hoodlook at the operation of this handy utility.It's well worth reading for those interested in understandinghow it works!

With the followingcommit,Theo de Raadt (deraadt@) moved -current to version 7.4:

Theo de Raadt (deraadt@) posted totech@a detailedmessageexplaining the past and (potential) future ofanti-ROPmeasures in OpenBSD.It's well worth reading its entirety.Highlights include:

Frederic Cambus (fcambus@) wrote a blogpost about running OpenBSD on the arm64-based cloudservers provided by Hetzner. For now, only -current will work,because the new viogpu(4)driver[on which wereported earlier]is needed.Head on over to Frederic's blog for the full story!

EuroBSDCon 2023has now ended,and slides for many of the OpenBSD developer presentationsare now available in theusual place.Video of the presentations can be expected somewhat later.Slides from the tutorial"Network Management with the OpenBSD Packet Filter Toolset"arealso available.

Version 0.93 of Game of Trees has been released (and the port updated).Read more...

With the followingcommit(s),Theo de Raadt (deraadt@) moved -currentto version 7.4-beta:

We are pleased to have anotherp2k23report, this time from Volker Schlecht (volker@)who writes:

Can you really do 3D printing from OpenBSD? Cue suspenseful musicwhilst I formulate my answer, which is: Yes.If you aren't familiar with the 3D printing process, it's dividedinto several steps, vaguely analogous to writing, compiling and runninga program in a compiled language.Read more...

Next up in the series of p2k23 hackathon reports is this from Landry Breuil (landry@), who writes,

Next up in our reports from thep2k23 hackathonis one from Jeremy Evans (jeremy@).Jeremy writes:

The p2k23 OpenBSD packages hackathon just concluded, and Marc Espie (espie@) wrote in with this report:

Version 0.92of Game of Treeshas been released (and the portupdated):

Damien Miller (djm@) hascommittedsupport for keystroke timing obfuscation tossh(1):

As alluded to with the recent"Call for testing"message on the openssh-unix-devmailing list, OpenSSH 9.4 has been released!The complete release notes may be read here:https://www.openssh.com/releasenotes.html#9.4p1

The routed IPSec mode we reported on earlier has now been committed to -current by David Gwynne (dlg@), likely to be a prominent item for the upcoming OpenBSD 7.4 release.The main log message:

Version 8.5of rpki-client,OpenBSD'simplementation of the Resource Public Key Infrastructure (RPKI)for Relying Parties (RP),has been released.Features include:

The buzzword bug of the week is Zenbleed, which affects various AMD processors and is explained in more detail here. On OpenBSD, the latest -current snapshots already have the fixes, and errata patches will go out for the supported releases (7.2 and 7.3) shortly.In a post to the tech@ list, Theo de Raadt described the situation:

Thanks toaseriesofcommitsby Jonathan Gray (jsg@),-current now has support for microcode (updates)for AMD (amd64 and i386) processors: