Feed openbsd-journal OpenBSD Journal

Favorite IconOpenBSD Journal

Link http://undeadly.org/
Feed http://undeadly.org/cgi?action=rss
Updated 2024-03-28 19:47
OpenSSH 9.0 released
Version 9.0ofOpenSSHhas been released.Notable changes include:
OpenBSD/arm64 on Apple M1 systems
In amessage to tech@(and arm64@),Mark Kettenis (kettenis@) wrote:
Testing parallel forwarding
Hrvoje Popovski writes in with some result from his performance tests, like he did a few years ago:
LibreSSL 3.5.1 development branch as well as 3.4.3 (stable) and 3.3.6 released
For undeadly readers, our Errata column on the right side of the web site automatically updates and as of March 15th, 2022 some of you may have already noticed that there is a new security fix related to LibreSSL. Salient excerpt from the release notes as follows:
iwx(4) gains 11ac 80MHz channel support
Following a request-for-testingthreadon tech@,Stefan Sperling (stsp@)hascommittedsomeIEEE 802.11acsupport toiwx(4):
mtw(4), a driver for MediaTek MT7601U Wi-Fi devices
James Hastings (hastings@) hascommittedmtw(4),a driver forMediaTek MT7601UUSBWi-Fi devices:
LibreSSL 3.5.0 development branch released
As of February 24th, 2022, LibreSSL's development branch has been updated to version 3.5.0.
OpenSSH updated to 8.9
On February 23rd, 2022 OpenSSH was updated to version 8.9.
-current has moved to 7.1-beta
With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.1-beta:
Recent developments in OpenBSD, 2022-02-21 summary
Recent things of interest include:
New 'Reckless guide to OpenBSD' published
Crystal Kolipe writes in, saying
A proof of concept: running OpenBSD on the PinePhone
Crystal Kolipe has donea four partmulti-part write upabout getting OpenBSD running on aPinePhone here:
LibreSSL update
A long list of recent LibreSSLcommits by Theo Buehler (tb@)culminated inbumps to library versions:
DRM updated
Johathan Gray (jsg@) hasupdatedDRMto Linux 5.15.14 (with support for several additional chips):
SSH Agent Restriction
Damien Miller (djm@) justnoted on social media that he has committed(starting here)changes which allow control overssh-agent(1)key-forwarding based on destination host and forwarding path.A detailed description isavailableon theOpenSSH site.
Clang upgraded to version 13
After much preparatory work in base and ports,clang(1)has been upgraded to version 13.0.0 (on the relevant platforms).Patrick Wildt (patrick@) made thecommits.
Catchup 2021-11-03
Interesting developments (in -current) sinceOpenBSD 7.0 include:
OpenBSD 7.0 released
The OpenBSD projecthas releasedOpenBSD 7.0,the project's 51 release.As usual, the release pageoffers highlights, installation and upgrade instructions, as well as links toother resources such as thedetailed changelog.Notable improvements include, but are not limited to:
Catchup 2021-10-08
In the run-up to the OpenBSD 7.0 release, we note several recent interestingthings previously unreported:
Realtek wireless firmwares imported!
As a result of a licence change byRealtek,that company's wireless firmware images are now included in the tree.The followingcommitby Kevin Lo (kevlo@)explains the details:Read more…
September 30th, 2021 syspatches: some assembly might be required
Did you just runsyspatch(8)and see it fail?Here's the reason: one of the two root certificatesbehind the (excellent)Let's EncryptCA service has expired.A bug in (the "legacy" verifier of)LibreSSLalso contributed.The syspatches (for OpenBSD 6.8,032, for OpenBSD 6.9,018) mitigate the unfortunate situation.However, your syspatch may fail if your local mirror uses aLet's Encrypt certificate.Patch-22!In that case, the best advice may be to try a mirror that does notuse a Let's Encrypt certificate just to get past this speed bump.Read more…
EuroBSDCon 2021 videos are available
EuroBSDCon 2021was held [virtually] earlier this month.Videos of the presentation arenow available.Amongst the OpenBSD-related presentations is that byMarc Espie (espie@) -Debug Packages in OpenBSD(slides,video).
By default, scp(1) now uses SFTP protocol
Thanks to acommitby Damien Miller (djm@),scp(1) (in -current)now defaults to using theSFTP protocol:
Unlocking UVM faults yields significant performance boost
In a recentmessageto tech@ Martin Pieuchot (mpi@) wrote aboutanalysis of kernel lock contention.We reproduce the message(s) here, reformatted with his permission.
traceroute(8) gets speed boost
Florian Obser (florian@)has committeda significant speed boost fortraceroute(8):
xterm gets unveiled
With the followingcommit,Matthieu Herrb (matthieu@)gavexterm(1)someunveil(2)goodness:
iked(8) gains client-side support for DNS configuration
With the followingcommit,Tobias Heider (tobhe@)added client-side support for DNS configurationto iked(8):
timeout(1) utility imported
Job Snijders (job@)importedthetimeout(1)utility from NetBSD:
Fair Internet bandwidth management on a network using OpenBSD
OpenBSD Journal co-editor Solène Rapenne (solene@) writes,
Hibernate time reduced
Theo de Raadt (deraadt@)committeda change which significantly reduceshibernatetime on machines with larger amounts of RAM:
RSA/SHA1 signature type disabled by default in OpenSSH
In amessage to tech@Damien Miller (djm@)explained the consequences of his recentcommit:
(open)rsync gains include/exclude support
Claudio Jeker (claudio@) hascommittedsupport for simple include and exclude casesin (open)rsync:
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too)
OpenBSD Journal co-editor Peter Hansteen writes in, saying
-current has moved to 7.0-beta
With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.0-beta:
Introducing dhcpleased(8)
Now enabled by default on OpenBSD -current is dhcpleased(8), a dynamic host configuration protocol daemon written by florian@ (Florian Obser), who spoke with us about his work:I suppose this is either the KAME project's fault, or if we don't want to go that far back, Theo's fault. At g2k16 he floated the idea of a network configuration daemon. It would collect "proposals" for IP addresses, default routes andDNS configuration from various sources (DHCP,IPv6 router advertisements, umb(4), etc.),make some policy decisions, configure the network, and set resolv.conf(5)Read more…
dhcpleased(8) and resolvd(8) enabled in base, replacing dhclient(8)
Florian Obser (florian@) has enableddhcpleased(8)andresolvd(8)[on both of which wereportedearlier]in base.
Progress in support for the riscv64 platform
Since ourprevious report,there has been significant progress on support for riscv64:
Opening a Garage Door Using OpenBSD on a Raspberry Pi
Sven G is back with another tale of using a Raspberry Pi in his garage:
The state of toolchains in OpenBSD
Frederic Cambus (fcambus@) hasbloggedabout the recent history and current state of toolchains on OpenBSD.It provides a good explanation of how and why things got to where they stand.
OpenBSD 6.9 released
The OpenBSD project has releasedOpenBSD 6.9, the project's 50th release. As usual the release page offers highlights, installation and upgrade instructions as well as links to other resources such as the detailed changelog.Notable improvements include, but are not limited to
Initial Support for the riscv64 Architecture
With the followingcommit,Dale Rahn (drahn@)imported initial support for the64-bitRISC-Varchitecture:
My Dog's Garage Runs OpenBSD
We received a contribution from Sven G, about checking the temperature in the garage where his dog sleeps with OpenBSD:
A working D compiler on OpenBSD
Dr. Brian Robert Callahan (bcallah@)blogged about his work in getting D compiler(s) working under OpenBSD.The first paragraph reads:
EuroBSDCon 2021 Call for Papers open
Hoping to be able to make a conference in Vienna in September (and doing it digitally if not), the EuroBSDCon is now accepting submissions for presentations and tutorials.
What security does a default OpenBSD installation offer? (by solene@)
In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation. The first paragraph of the introduction reads,
dhcpleased(8) - DHCP client daemon
With the followingcommit,Florian Obser (florian@) importeddhcpleased(8),DHCP daemon to acquire IPv4 address leasesfrom servers, plusdhcpleasectl(8),a utility to control the daemon:
resolvd(8) - daemon to handle nameserver configuration
With the followingcommit,Florian Obser (florian@) importedresolvd(8),a daemon for handling nameserver configuration:
Introducing veb(4) - a new Virtual Ethernet Bridge
In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver:Read more…
OpenBSD booting multi-user on Apple M1
Mark Kettenis (kettenis@) isteasingOpenBSD booting multi-user on Apple M1 hardware:
Catchup 2021-02-13
Recent noteworthy things commited to -current and not previously reported include:
12345678910...