OpenBSD

Fresh from the t2k19 hackathon comes a report from Anthony J. Bentley (bentley@), who writes: Seeing an Asia hackathon coming up was pretty exciting; I’d never been there before. I spent a month or so preparing by getting through the more mundane ... [More] things in my backlog, mostly new ports and updates. That left my time in Taipei open to focus on fixing some bugs and broken things. Read more… [Less]

Ken Westerback (krw@) writes in with his report from a2k19, the hackathon in New Zealand: Due to an earlier (pre-737Max) airplane problem on the flight back from n2k18 in Usti nad Labem, a loosely worded compensation coupon and the cooperation of ... [More] beck@ in exploiting said wording, I was able to fly Business Class over the Pacific and thus arrived well rested in BNE. Could have been even more rested if I hadn't had to rouse myself to raise a(nother) glass of champagne as we crossed the date line and it became someone's birthday. First world problems. The alert reader will have noted that BNE is not where a2k19 was. But beck@ and I had decided to personally drag various Australians onto the flight to Wellington the next day. Read more… [Less]

Ingo Schwarze wrote in with the announcement of a new mandoc release. Ingo writes, I just released mandoc-1.14.5. This is a regular maintenance release. As structural changes are quite limited, i expect it to be very stable, so all downstream systems are encouraged to upgrade from any earlier version. Read more…

We are delighted to have received an a2k19 hackathon report: Antoine Jacoutot (ajacoutot@) writes: Better (very) late than never… here's my small report about my a2k19 hackathon slacking time in Wellington (NZ). The "Antipodean" hackathon they ... [More] call it. Indeed, it took me 28h to get there from Paris via Singapore! Fortunately, I met with phessler@ and cheloha@ right on arrival at the airport. From there we went directly into town to visit the different bars with mlarkin@ as our guide :-). The challenge was to find a way to keep us awake (12h of jet lag for me), and going around 6 different bars did the trick :-) Read more… [Less]

SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what's going on underneath. Even more so once you start using the more advanced features such as the ssh-agent ... [More] , agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one's logins or ssh keys. Read more… [Less]

It's that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect. CVSROOT: /cvs Module name: src Changes by: ... [More] deraadt@cvs.openbsd.org 2019/02/26 15:24:41 Modified files: etc/root : root.mail share/mk : sys.mk sys/conf : newvers.sh sys/sys : ktrace.h param.h usr.bin/signify: signify.1 sys/arch/macppc/stand/tbxidata: bsd.tbxi Log message: crank to 6.5-beta [Less]

Landry Breuil (landry@) has committed a work-in-progress FAQ section "Virtual Private Networks (VPN)": CVSROOT: /cvs Module name: www Changes by: landry@cvs.openbsd.org 2019/02/22 15:07:05 Modified files: faq : index.html Added files: ... [More] faq : faq17.html Log message: Add a (wip!) VPN FAQ, because 'How do i VPN with OpenBSD?' seems to be a frequently asked question, and IPSec is hard. Now is the time to polish it in-tree. With feedback from solene@, tj@, tb@ & sthen@, thanks! ok tb@ tj@ [Less]

Todd Mortimer (mortimer@) has committed improvements to (the anti-ROP) "X86FixupGadgets" pass of clang(1) for amd64 and i386: CVSROOT: /cvs Module name: src Changes by: mortimer@cvs.openbsd.org 2019/02/22 08:28:43 Modified files: ... [More] gnu/llvm/lib/Target/X86: X86FixupGadgets.cpp X86InstrCompiler.td X86MCInstLower.cpp gnu/llvm/tools/clang/include/clang/Driver: Options.td gnu/llvm/tools/clang/lib/Driver/ToolChains: Clang.cpp share/man/man1 : clang-local.1 Log message: Improve the X86FixupGadgets pass: - Target all four kinds of return bytes (c2, c3, ca, cb) - Fix up instructions using both ModR/M and SIB bytes - Force alignment before instructions with return bytes in immediates - Force alignment before instructions that have return bytes in their encoding - Add a command line switch to toggle the functionality. ok deraadt@ This extends the previous work to cover even more cases which (previously potentially) could be exploited as return instructions. [Less]

Hrvoje Popovski wrote in to alert us that Martin Pieuchot (mpi@) has written a new blog post entitled Faster vlan(4) forwarding?, which leads in with Two years ago we observed that vlan(4) performances suffered from the locks added to the queueing ... [More] API. At that time, the use of SRP was also pointed out as a possible responsible for the regression. Since dlg@ recently reworked if_enqueue() to allow pseudo-drivers to bypass the use of queues, and their associated locks, let's dive into vlan(4) performances again. Read the whole thing here: Faster vlan(4) forwarding? [Less]

openrsync, a clean-room implementation of rsync, is being developed by Kristaps Dzonsons as part of the rpki-client(1) project [featured in an earlier article]. openrsync(1) has been imported into the tree (as "rsync") by Sebastian Benoit (benno@): ... [More] CVSROOT: /cvs Module name: src Changes by: benno@cvs.openbsd.org 2019/02/10 16:18:28 Added files: usr.bin/rsync : Makefile TODO.md blocks.c child.c client.c downloader.c extern.h fargs.c flist.c hash.c io.c log.c main.c md4.c md4.h mkpath.c receiver.c rsync.1 rsync.5 rsyncd.5 sender.c server.c session.c socket.c symlinks.c uploader.c Log message: Import Kristaps' openrsync into the tree. OK deraadt@ The "Security" section on the GitHub site contains a description of openrsync's use of OpenBSD's security features. At the time of writing, rsync is not yet linked to the build. [Less]