OpenBSD Journal

Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more...

Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more…

Dave Voutila (dv@)committeda change which brings a multi-process model tovmd(8),enhancing both security and performance:

Dave Voutila (dv@)committeda change which brings a multi-process model tovmd(8),enhancing both security and performance:

Joshua Stein (jcs@) hascommittedviogpu(4),which provides support for thevirtio(4)GPUinterface(provided byQEMU and other virtual machines)to create a wscons(4)console.

Version 0.87ofGame of Treeshas been released (and the portupdated):

OpenBSD -current just grew a new tool for developers working on OpenBSD to detect unsafe behaviors in their code. OpenBSD lets you more easily track memory allocations and whether allocations are properly freed after use.In a message to tech@, Otto Moerbeek (otto@) announced the new functionality:

Calgary and elsewhere, 2023-04-10:The OpenBSD project today announced the release and general availability of its latest stable version, OpenBSD 7.3.Eagerly anticipated by users, engineers, enthusiasts and industry pundits all over the world, this release contains a number of improvements over earlier versions, including but not limited to

The LibreSSL project has announced a new stable release, LibreSSL 3.7.2. The announcement reads,

We recentlyreportedthat Theo de Raadt (deraadt@)was scheduled to present atCanSecWest.That's now happened, andslidesof Theo's presentation,Synthetic Memory Protections,can be found in theusual place.Video isavailableon the bird site.

Version 7.9 ofOpenBGPDhas beenreleased:

In a late-stage addition prior to the release ofOpenBSD 7.3,Mark Kettenis (kettenis@) hascommitted[more] aggressive randomisation of the stack locationfor all 64-bit architectures except alpha:Read more…

One small but significant step for routing security on the Internet happened Sunday 19th of March 2023 with the release of version 8.3 of rpki-client.The announcement reads,

With the followingcommit,Theo de Raadt (deraadt@) moved -current to version 7.3:

OpenBGPD 7.8 has been released and the announcement may be read here.

With a message to openbsd-announce and other lists, Brent Cook (bcook@) announced the release of LibreSSL 3.7.1, with numerous improvements.It is worth noting that this is the final version to be released before the upcoming OpenBSD 7.3 release.The announcement reads,

On 2023-03-15,the release ofversion 9.3ofOpenSSHwasannounced:Read more…

Dragos Ruiu recently announced that Theo de Raadt will be presenting at this year's CanSecWest, March 22-24 2023 in Vancouver, BC. Read more…

Version 0.86ofGame of Treeshas been released (and the portupdated):Read more…

Crystal Kolipe has written up more of her work on the console.This time, it regards bugs in the handling ofUTF-8:ExoticSilicon.com - fixing cringeworthy bugs in the OpenBSD console code.As Crystal pointed out in her email to Undeadly,Miod Vallat (miod@) hascommittedfixes.

Wladimir Palanthas written anarticleon use ofOpenSMTPDfilters, andprovided codeunder an MIT license for those who may wish to utilizethe techniques described therein.

Version 0.85ofGame of Treeshas been released (and the portupdated):Read more…

The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shellfrom the installer.Initial support, likely to be expanded upon, wascommittedby Klemens Nanni (kn@) onMarch 7, 2023.The commit reads,

Another piece from Florian Obser (florian@) just came out, titledDynamic host configuration, please.In the article, Florian details the steps to modern OpenBSDdynamic host configuration, including interface configuration, name resolution, routing and more.We also get an explanation of the various userland programs (most of them portable, some OpenBSD-specific) that make a modern OpenBSD laptop shine.You can read the full piece here, Dynamic host configuration, please.

It's that time of the year again. With this commit,Theo de Raadt (deraadt@) changed the version string for the development branch of OpenBSD to 7.3-beta.The commit reads,

We all know the OpenBSD is lead from Canada, but what is the status in that country by and large? Bringing up the subject, Katie McMillan wrote in, saying

Version 0.84ofGame of Treeshas been released (and the portupdated).Read more…

Theo de Raadt (deraadt@)posted totech@a message entitledpinsyscall, execve, and rop pivots, etc.It explainspinsyscall(2),OpenBSD's latest securityinnovation.We reproduce the posting below with added links:Read more…

Florian Obser wrote an extensive piece with great attention to detail titled: Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD.

Following a wide-ranging thread onmisc@with the subjectSafely remove USB drive,Crystal Kolipe wrote anarticleabout howOpenBSDhandles removable media, centered around theeject(1) command,also known as mt(1).The article leads in,

Rob Turner writes in about a practical guide to runningvxlan(4)over a WireGuard(wg(4))connection.Rob writes,

At the recently-concludedFOSDEM 2023conference,Stefan Sperling (stsp@)presented a talk onGame of Trees.Videoandslidesof Stefan's presentation are now available.

Hot on the heels ofsyspatches for OpenBSD 7.1 and 7.2,Brent Cook (bcook@)announcedthe release of versions 3.5.4 and 3.6.2 ofLibreSSL:

OpenSSH 9.2 was released on 2023-02-02. It is available from themirrors listed at https://www.openssh.com/.

Version 0.83ofGame of Treeshas been released (and the portupdated):Read more…

Theo de Raadt (deraadt@) postedto tech@ astatus report(and 2test programs)regarding execute-only (xonly).The report begins:

As part of her efforts in developing patches for the console(many of which have been committed recently),Crystal Kolipe created some patches for taking screenshots of theOpenBSD console.She wrote an in depth article,Coding new ioctls to produce screendumps from the console, about her work.We will look forward to further development and refinement on this.

Game of Trees 0.82 has been released (and the port updated).

Support for execute-only (xonly) code(on which wereported earlier)has been committed to -current by Theo de Raadt (deraadt@).The commitswere:Read more…

In atoot,Stefan Sperling (stsp@) announced:

As with library order randomisation(libc.so/libcrypto/ld.so)at bootand kernel relinking at boot,boot time relinking ofsshd(8)is now implemented in -current.Theo de Raadt committed thechanges:Read more…

Game of Trees 0.80 has been released (and the port updated).Read more…

On thetech@ mailing list,Theo de Raadt (deraadt@)has issued arequest for testingof patch(es) for execute-only (xonly)binaries on amd64.The message is quite long, but well worth reading in its entiretyfor those interested.Selected highlights include:

Todd Mortimer (mortimer@) hascommitted(to -current)retguardfor amd64 system calls:

The end of the year is rapidly approaching, and Rafael Sadowski (rsadowski@) has published the OpenBSD KDE Status Report 2022.The report leads in,

A new release of the OpenBSDrpki-client, a key component inBGP routing security is available.The announcement by Sebastian Benoit (benno@) reads,

A new development release of LibreSSL is out, and should be arriving on a mirror near you shortly.Brent Cook (bcook@)'s announcement reads,

A rewritten version of vmd(8)'s BIOS memory map handling could soon be appearing in -current. In a recent post to tech@ and supplemented by an accompanying post to ports@ since the changes touch on SeaBIOS, Dave Voutila (dv@) describes the changes and the motiviation for changing them, ie

Following the recent discovery of asecurity issue in FreeBSD's ping(8),OpenBSD developer Florian Obser(florian@) wanted to know if something similar lurkedin the OpenBSD code as well.The result of his investigation can be found in the article calledFuzzing ping(8) … and finding a 24 year old bug., which leads in,

Support for lladdr-tied configuration of(network) interfaces[on which wereported earlier]has beencommitted.Andrew Fresh (afresh1@)made the commit: