OpenBSD Journal

Recent new features in OpenSSH

3 nap 19 óra óta

Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@) recently added a couple of notable features to OpenSSH:

Read more…

Call for testing: Improved 802.11g AP compatibility check

5 nap 16 óra óta
The WiFI 802.11 standards are a gnarly lot, and checking for compatibility of the various sub-specifications has been known to drive even seasoned OpenBSD developers to the brink of distraction.

Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying

List: openbsd-tech Subject: fix net80211 802.11g compatibility check From: Stefan Sperling <stsp () stsp ! name> Date: 2025-07-31 10:26:18 I have a WIP fix for qwx which relies on ieee80211_iserp_sta() to detect whether an AP supports 802.11g, rather than 802.11b only. And I encountered an access point which qwx could not connect to when my WIP fix is applied.

Read more…

Classic CDE (Common Desktop Environment) coming to OpenBSD

6 nap 19 óra óta
Much longed for by some, remembered as a quaint memory by other greybeards, the classic Common Desktop Environment (CDE) is being added to the ports collection.

The initial commit message reads,

List: openbsd-ports-cvs Subject: CVS: cvs.openbsd.org: ports From: Antoine Jacoutot <ajacoutot () cvs ! openbsd ! org> Date: 2025-07-28 12:35:38 CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2025/07/28 06:35:38 Log message: Import cde-2.5.2 CDE - The Common Desktop Environment is X Windows desktop environment that was commonly used on commercial UNIX variants such as Sun Solaris, HP-UX and IBM AIX. Developed between 1993 and 1999, it has now been released under an Open Source licence by The Open Group.

Read more…

Game of Trees 0.116 released

1 hét 3 nap óta

Version 0.116 of Game of Trees has been released (and the port updated):

  • make our pack-refs header format align with the expectations of git 2.50.0
  • fix bogus "bad offset in pack file" errors wrongly raised by gotd
  • fix gotd branch protection rejecting commits that already exist on server
  • pick a default branch to clone when the server does not advertise HEAD symref
  • do not clobber changes staged via stage -p during "got revert"
  • enforce additional restrictions on reference names specified in gotsys.conf
  • change gotwebd favicons to show the smiley fish only
  • fix gotd reload when /etc/gotd-secrets.conf is used
  • fix bogus "raw object has unexpected size" errors during deltification
  • fix bug in delta block stretch size calculation resulting in invalid deltas
  • fix gotsysd behaviour when the anonymous user is removed from gotsys.conf
  • add support for email and http/json notifications to gotsysd and gotsys.conf

When Root Meets Immutable: OpenBSD chflags vs. Log Tampering

2 hét 4 nap óta
In a recent blog post When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, Rafael Sadowski (rsadowski@) takes a deep dive into an infrequently mentioned feature of our favorite operating system: file immutability and the chflags command. From the article:

" ... anyone who’s ever had to investigate a security incident knows the harsh reality: logs are only as trustworthy as their protection against post-incident tampering. An attacker who gains root access isn’t going to politely leave their tracks in the log files – unless they physically can’t alter them anymore."

Read the whole thing, When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, over at Rafael's site!

stdio(3) change: FILE is now opaque

2 hét 5 nap óta

In -current, the struct underlying stdio(3)'s FILE type has been made opaque, with library versions bumps across the board:

CVSROOT: /cvs Module name: src Changes by: yasuoka@cvs.openbsd.org 2025/07/16 09:33:05 Modified files: lib/libc : Symbols.list shlib_version lib/libc/hidden: stdio.h wchar.h lib/libc/stdio : Makefile.inc fclose.3 fclose.c findfp.c lib/libcrypto : shlib_version lib/libcurses : shlib_version lib/libedit : shlib_version lib/libexpat : shlib_version lib/libfido2 : shlib_version lib/libfuse : shlib_version

Read more…

KDE Plasma 6.4 has landed in OpenBSD

1 hónap óta
Yes, you read that right: KDE 6.4.0 Plasma is now in OpenBSD packages.

This was made possible by the efforts of Rafael Sadowski (rsadowski@) with the help of several others. The news was announced 2025-07-04 via a fediverse post and of course the commit message itself, where the description reads

Log message: Update Plasma 6.4 The most parts are straightforward as usual but in 6.4 the KDE Kwin team split kwin into kwin-x11 and kwin (wayland). This seems to be the sign that X11 is no longer of interest and we are focussing on Wayland.

Read more…

Blink and you'll miss it! 4096 colours and flashing text on the console!

1 hónap óta
News from the Exotic Silicon front: Crystal Kolipe posted an update to misc@, saying

List: openbsd-misc Subject: Console 4096 colours and blink attribute From: Crystal Kolipe <kolipe.c () exoticsilicon ! com> Date: 2025-07-04 13:58:41 Tired of having just 256 colours on your console instead of 4096? Do you miss the blink attribute from the old VGA text mode days? Want to learn how cool stuff like this is implemented? Look no further: https://research.exoticsilicon.com/articles/console_4096

Clicking that link will bring you a colorful article with all implementation details and links to the code for you to try out yourself.

Happy blink and 4k colors console day to all who celebrate!

Game of Trees Hub now taking signups for repository hosting

1 hónap óta
In a fediverse post on 2025-07-04, the Game of Trees Hub announced that they will be taking signups for repository hosting:

We have started our first round of sign-up for #Git repository hosting.

Our first server for Git hosting is expected to be installed next week. Additional servers will be added as needed based on demand.

See https://gothub.org for an introduction to our project.

See https://gothub.org/features.html to get an idea about which features are already working and what is planned for the future.

See https://gothub.org/tiers.html for the initial service tier configurations and prices.

See https://gothub.org/signup.html for details about the sign-up process.

Do you have code that could need to be hosted, and/or money to send their way? Click the links!

Game of Trees 0.115 released

1 hónap 1 hét óta

Version 0.115 of Game of Trees has been released (and the port updated):

  • make errors reported by gotsys-apply-conf actually visible
  • stop trying to start gotd from gotsys-apply-conf if gotd is not running
  • fix infinite loop in got_pack_repaint_parent_commits() and got-read-pack
  • fix creation of gotd.conf deny rules in gotsys-write-conf
  • add support for global repository access rules to gotsysd.conf
  • fix segfault due to double-free in got-read-gotconfig

Game of Trees 0.114 released

1 hónap 1 hét óta

Version 0.114 of Game of Trees has been released (and the port updated):

  • preserve author timestamps when rebasing commits
  • stop running ssh with -q by default; -q hides host key fingerprint errors
  • fix gotsys-read-conf crash when ssh key comments are missing in gotsys.conf
  • relax repository path permission checks in gotsys-repo-create
  • add gotsys apply -w option which waits until sysconf has been run
  • fix gotsysd getting stuck due to missing final messages from libexec helpers
  • plug a file descriptor leak in the gotsysd libexec process

Call for testing: bge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix

1 hónap 1 hét óta
In a fediverse post, Stefan Sperling (stsp@) asks for testing of a potential fix for a problem affecting a number of network interface drivers (namely bge, bnx, iavf, igc, ix, ixl, ngbe and pcn), pointing to a message on tech@ with the subject bge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix that reads

List: openbsd-tech Subject: bge/bnx/iavf/igc/ix/ixl/ngbe/pcn: ifq_restart() fix From: Stefan Sperling <stsp () stsp ! name> Date: 2025-06-20 10:12:14 A bug has been fixed by yasuaok@ in vmx(4) where the driver was calling ifq_restart() without actually having made any space on a full Tx ring. Calling ifq_restart() in this case can lead to a condition where the interface gets stuck in OACTIVE until the interface is reset with ifconfig.

Read more…

j2k25 hackathon report from kn@: installer, low battery, and more

1 hónap 2 hét óta

Fresh from the recently concluded j2k25 hackathon comes this report from Klemens Nanni (kn@), who writes:

New country, lots of ramen, friends and new folks - heck, yes!

Having missed the last four (our five?, hard to tell…) hackathons, j2k25 aligned just right to finish our holidays with beautiful sights and culinary delights between streaks of hacking, leaving all else aside for a solid week - it was refreshing retreat and sparked plans to make another, even longer trip through Japan!

This time, I brought a few unfished and/or unanswered diffs, but also specifically wanted to look into unfamiliar code, now that folks were around to ask for advice and discuss with.

First, the installer and rc(8) were due for cleanup: common code for randomness seed files used by bootloaders and rc seemed unnecessarily different, so I synced their logic, style and comments wrt. subtle, yet important details around the sticky(8) bit:

Read more…

dhcpd(8): use UDP sockets instead of BPF

1 hónap 3 hét óta
In some cases, the current dhcpd(8) is not quite as reliable as one would want in providing the requested data to the actual requestor. After some rounds of discussion and experimentation, David Gwynne (dlg@) is circulating a diff on tech@ that switches the daemon to use UDP sockets instead of bpf.

The motivation is summarized as,

tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it better at replying with the ip that requests were sent to.

and the full message, with the subject dhcpd(8): use UDP sockets instead of BPF reads,

List: openbsd-tech Subject: dhcpd(8): use UDP sockets instead of BPF From: David Gwynne <david () gwynne ! id ! au> Date: 2025-06-13 3:29:20 tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it better at replying with the ip that requests were sent to. ive been hacking on this because of a problem at work, which i want to solve by setting up a bunch of "anycast" dhcp servers. ie, i want to have multiple dhcpd on separate servers with the same IP assigned as an alias on all of them.

Read more…

clang(1)/llvm/lld(1) updated to version 19

1 hónap 3 hét óta

In a long series of commits, Robert Nagy (robert@) updated clang(1)/llvm/lld(1) in -current to version 19.1.7 (from version 16.0.6):

CVSROOT: /cvs Module name: src Changes by: robert@cvs.openbsd.org 2025/06/11 06:54:56 Log message: import of llvm from LLVM 19.1.7 Status: Vendor Tag: LLVM Release Tags: LLVM_19_1_7 U src/gnu/llvm/llvm/.clang-format […]

Those building from source should follow the instructions in Following -current and using snapshots before making the leap.

Source code sandboxing

1 hónap 3 hét óta

Kristaps Dzonsons (known for mandoc(1), rpki-client(8), and much more) has written an article, Source code sandboxing, on sandboxing from the perspective of developers. It compares the facilities available under several operating systems, and requests relevant contributions.

As Undeadly readers might expect, OpenBSD's pledge(2) and unveil(2) receive favourable appraisal.

Kristaps' article refers to Sandboxing Adoption in Open Source Ecosystems, an academic article published on the subject.

[In 2016, Undeadly published Kristaps Dzonsons on pledge(2).]

TearFree option backported to modesetting(4) driver

1 hónap 3 hét óta

Following a discussion on tech@ [initiated by a post with patch from Ted Unangst (tedu@)], the "TearFree" option has been backported to the xenocara modesetting(4) driver in -current:

CVSROOT: /cvs Module name: xenocara Changes by: matthieu@cvs.openbsd.org 2025/06/09 12:18:36 Modified files: xserver/dix : pixmap.c xserver/hw/xfree86/common: xf86Mode.c xserver/hw/xfree86/drivers/modesetting: dri2.c driver.c driver.h drmmode_display.c drmmode_display.h dumb_bo.c meson.build modesetting.man pageflip.c present.c vblank.c xserver/hw/xfree86/modes: xf86Crtc.h xf86Rotate.c xserver/include: displaymode.h pixmap.h xserver/present: present.h present_screen.c Log message: Backport TearFree page flips for the modesetting driver from X.Org maaster. Work done by tedu@ based on previous diffs by jcs@ and stsp@. One bug fix in master by me. tested and ok tb@. commit on behalf of tedu@

The option is on by default, so users of the relevant hardware can expect smooth(er) scrolling ahead.

FFS optimizations with dirhash, as blogged by rsadowski@

1 hónap 3 hét óta
Rafael Sadowski (rsadowski@), OpenBSD developer and prolific blogger, has been looking into file system performance optimizations on our favorite operating system, and is now sharing his tips and tricks in FFS optimizations with dirhash on his blog.

He leads in with a TL;DR:

tl;dr

Consider playing with sysctl vfs.ffs.dirhash_maxmem to increase the maximum dirhash cache.

That said, it is worth your time to read the whole thing!

Ellenőrizve
56 perc 33 másodperc ago
OpenBSD Journal
The OpenBSD Community.
Feliratkozás a következőre: OpenBSD Journal hírcsatorna