OpenBSD Journal

Ted Unangst (tedu@)postedto the tech@mailing list regardingrecent changes to environment handling indoas(in -current):

Damien Miller (djm@) has just committed a new feature for SSH that should help protect against all the various memory side channel attacks that have surfaced recently.

Otto Moerbeek (otto@) has writtenan updateon his recent ntpd(8) work to the tech@ mailinglist:

Job Snijders (job@) hasimportedKristaps Dzonsons'rpki-client(discussed previously)into the tree:

Videos of presentations atBSDCan 2019are now (becoming) available from theYouTube channel.Links to the videos can now also be found in the usual place.

Our next hackathon report comes from Stefan Sperling (stsp@):

Florian Obser (florian@) hascommittedthe changes required to moveacme-client(1)in -current to theRFC 8555protocol used by theLet's Encrypt v02 API:

IntroductionThere have been some recent securityinnovationspreviously unreported here:

Ken Westerback of The OpenBSD Foundation wrote in with some excellent news on the 2019 fundraising campaign:

Next up with a report from g2k19 is Andrew Hewus Fresh(afresh1@):

Martin Pieuchot (mpi@) wrote in with a report from g2k19:

Otto Moerbeek (otto@) has been working on improving the behaviour of ntpd(8) during system boot, especially for machines whose time is way off (e.g. for machines without a battery-backed clock (RTC)).One recently committed improvement dealt with the problem of bad time in a DNSSEC environment, but Otto is working on more changes in this area.Read more…

With thiscommit,Reyk Floeter (reyk@) completed the addition ofServer Name Indication (SNI)torelayd(8):

With the latest hackathon finished, the subsequent BSDCan completed and its attendees having returned home, Claudio Jeker (claudio@) writes in with the first report from g2k19:

2019-04-24, Calgary, Alberta, Canada and elsewhere: With a message sent to relevant mailing lists, Theo de Raadt (deraadt@) announced that the OpenBSD project's 46th release, OpenBSD 6.5 is now generally available from mirror sites all over the world.Notable changes include but are not limited to:

After doing active development on it for about a month,i just released version 1.0.0 of the DocBook to mdoc converter,docbook2mdoc(1).The OpenBSD port was updated, too.In a nutshell, docbook2mdoc was brought from experimental statusto an early release that can be considered mostly usable forproduction, though no doubt there are still many rough edges.That's why i called it 1.0.0 and not 1.1.1.Read more…

The stream of t2k19 hackathon reports continues with this from Christian Weisgerber (naddy@):

Fresh from the recent t2k19 hackathon in Taipei, Florian Obser (florian@)writes in with this report:

A new hackathon report has arrived, this time from Stefan Sperling (stsp@), who writes:

Kenneth R Westerback (krw@) wrote in with areport on his recent participation int2k19:

Fresh from the t2k19 hackathon comes a report from Anthony J. Bentley (bentley@), who writes:Seeing an Asia hackathon coming up was pretty exciting; I’d never been there before. I spent a month or so preparing by getting through the more mundane things in my backlog, mostly new ports and updates. That left my time in Taipei open to focus on fixing some bugs and broken things.Read more…

Ken Westerback (krw@) writes in with his report froma2k19,the hackathon in New Zealand:

Ingo Schwarze wrote in with the announcement of a new mandoc release. Ingo writes,

We are delighted to have received ana2k19 hackathonreport: Antoine Jacoutot (ajacoutot@) writes:

SSH is an awesome tool. Logging into other machines securely is sopervasive to us sysadmins nowadays that few of us think about what'sgoing on underneath. Even more so once you start using the moreadvanced features such as the ssh-agent,agent-forwarding andProxyJump. Whendoing so, care must be taken in order to notcompromise one's logins or ssh keys.Read more…

It's that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.

Landry Breuil (landry@) hascommittedawork-in-progressFAQ section"Virtual Private Networks (VPN)":

Todd Mortimer (mortimer@) hascommittedimprovements to (the anti-ROP)"X86FixupGadgets" passofclang(1)for amd64 and i386:

Hrvoje Popovski wrote in to alert us that Martin Pieuchot (mpi@) has written a new blog post entitled Faster vlan(4) forwarding?, which leads in with

openrsync,a clean-room implementation ofrsync,is being developed byKristaps Dzonsonsas part ofthe rpki-client(1) project[featured in anearlier article].openrsync(1) has beenimported into the tree(as "rsync") by Sebastian Benoit (benno@):

Florian Obser (florian@) kindly wrote in with news on some recent work:

Fresh from thea2k19 hackathon,Joel Sing (jsing@) delivereda presentationat the2019 linux.conf.au.Video is now available.

Mike Larkin (mlarkin@) just committed support for 2TB of physical memory on the amd64 platform:

Peter Hessler (phessler@) hascommittedchangesto make it possible to join any open wifi network:Read more…

Withtwocommitsby Pratik Vyas (pd@),vmm(4) support for i386 host systems has been deleted (one can still run i386 guests under vmm on an amd64 host).The commit messages explain the reasoning behind this move:Read more…

Ian Darwin (ian@) wrote in to let us know that he's writtenan articlewhich is a follow-up to an Undeadlystory from a decade ago!The article provides a fine illustration of benefits of a bloat-freeOS.Thanks very much for the pointer, Ian.

Frederic Cambus (fcambus@) has just changed the default console font to Spleen, a font of his own creation:

Another major step forward just happened inmandoc(1)HTML output: paragraphs are now represented with real HTML<p> elements, and a number of cases were fixedin which mandoc used to generate output violating HTML syntax,mostly related to macros and requests that controlline fillingin paragraphs of text.Read more…

Tom Smyth has another article (and video) for us:

This contribution comes directly from Tom Smyth:

With the followingcommit,Theo de Raadt (deraadt@) released thesong for OpenBSD 6.2!

With thiscommit,Florian Obser (florian@) enabled DNSSEC validation in the defaultunbound.conf(5)in -current:

Gilles Chehade (gilles@) has written anotherpieceon progress inOpenSMTPDdevelopment.-current now has proc filters!

Otto Moerbeek (otto@) has issued aseries of Mastodon messagesexplaining some of the the virtues of OpenBSD'smalloc(3)implementation.They provide excellent reading in easily-digestible pieces.

Job Snijders (job@) has written anarticle at Mediumproposing rpki-client(1),a new, BSD-licensedRPKIvalidator.

Claudio Jeker (claudio@) wrote in to let us know that he and Job Snijders (job@) have writtenan article about OpenBGPDforRIPE Labs.

Right on the heels of the previous announcement, Kenneth R. Westerback (krw@) of the OpenBSD Foundation writes to inform us:

On his blog, joshua stein (jcs@) has a description of the hoops he jumped through to get stereo sound out of his Huawei Matebook X under OpenBSD (something that only worked under Windows with special drivers).His approach involves logging all PCI device accesses by running Windows in QEMU under Linux with VFIO, parsing that, and making the OpenBSD azalia(4) driver do the same.Thanks to joshua for the interesting write-up!

Kenneth R. Westerback (krw@) writes to inform us:

In this commit, Otto Moerbeek (otto@) moved malloc handling from a softlink in /etc to a sysctl instead.