OpenBSD Journal

Sebastian Benoit (benno@) announced the release of version 8.8 of rpki-client.

It's basically a bug-fix release; see the release announcement for details.

Stefan Sperling (stsp@) has committed to -current a WIP driver for Qualcomm ath11k wi-fi adapters (such as that found in the Lenovo ThinkPad X13s):

CVSROOT: /cvs Module name: src Changes by: stsp@cvs.openbsd.org 2023/12/28 10:36:29 Modified files: sys/arch/amd64/conf: GENERIC RAMDISK_CD sys/arch/arm64/conf: GENERIC RAMDISK sys/conf : files sys/dev/pci : files.pci Added files: sys/dev/ic : qwx.c qwxreg.h qwxvar.h sys/dev/pci : if_qwx_pci.c Log message: Introduce qwx(4), a work-in-progress port of the Linux ath11k driver. This driver is not working yet. Scanning almost works but a lot more work remains to be done. So far most of the porting work was done by myself, with some help from mpi, patrick, and kettenis. Obviously this driver remains disabled for now. Enable relevant lines in the kernel config if you want to help out with development. At present firmware files must be obtained manually and placed in the directory /etc/firmware/qwx/WCN6855/hw2.1/ This will be improved later. Thanks to the OpenBSD Foundation for supporting this effort.

So summing up, thanks to support from the OpenBSD Foundation, work on support for this popular hardware has started, and is progressing towards useable status.

It's not quite there yet, but this being early in the cycle, there is reason to hope for official support status by the time of the upcoming release.

In a recent message to tech@, Marcus Glocker (mglocker@), asks users running -current for testing of a potenially performance enhancing diff:

List: openbsd-tech Subject: Add TSO support for em(4) From: Marcus Glocker <marcus () nazgul ! ch> Date: 2023-12-21 22:42:39 As already discussed with claudio@ and Paul over chat. This diff adds TSO support for the em(4) 82575, 82576, 82580, I350, and I210 chip sets. This is more or less and adaption from what the FreeBSD driver does.

Read more…

KDE Plasma is now fully functional on OpenBSD and available via the package system. To install, a simple

$ pkg_add kde-plasma

is sufficient (also see the twitter post and the final commits here and here).

Congratulations to Rafael Sadowski (rsadowski@) on the completion of this mammoth effort.

Sebastian Benoit (benno@) announced the release of version 8.7 of rpki-client:

rpki-client 8.7 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon.

Read more…

As announced by Damien Miller OpenSSH 9.6/9.6p1 has been released.

The complete release notes may be found here: https://www.openssh.com/releasenotes.html#9.6.

Among notable changes, this release includes a fix for the Terrapin Attack.

Read more…

The work described in Theo de Raadt's post (see our previous article) continues:

• pinsyscalls(2) has been committed.
• syscall(2) has been removed from -current:

  Read more…

Theo de Raadt (deraadt@) posted to tech@ regarding restrictions on the addresses from which system calls can be made.

In addition to providing background, the post contains information (and a patch) for an imminent change - the introduction of a new syscall, pinsyscalls(2) [link not working at the time of writing because change not yet committed], which specifies the addresses from which individual system calls are permitted.

pinsyscalls(2) will be called only from the shared library linker, ld.so(1).

Version 0.95 of Game of Trees has been released (and the port updated):

* got 0.95; 2023-12-08 see git repository history for per-change authorship information

Read more…

Otto Moerbeek (otto@), the author of OpenBSD's malloc(3) implementation, has comitted another great feature - backtraces for leak detection:

CVSROOT: /cvs Module name: src Changes by: otto@cvs.openbsd.org 2023/12/04 00:01:45 Modified files: lib/libc/stdlib: malloc.3 malloc.c Log message: Save backtraces to show in leak dump. Depth of backtrace set by malloc option D (aka 1), 2, 3 or 4. No performance impact if not used. ok asou@

Otto's original message to tech@ includes an example use of the feature.

Version 0.94 of Game of Trees has been released (and the port updated):

* got 0.94; 2023-11-29 see git repository history for per-change authorship information

Read more…

Tobias Heider (tobhe@) has announced the release of version 7.3 of OpenIKED:

We have released OpenIKED 7.3, which will be arriving in the OpenIKED directory of your local OpenBSD mirror soon.

Read more…

Omar Polo (op@) has announced the release of version 7.4.0p1 of OpenSMTPD.

It is a bugfix release.

In a long series of commits, Robert Nagy (robert@) updated clang(1)/llvm in -current to version 16:

CVSROOT: /cvs Module name: src Changes by: robert@cvs.openbsd.org 2023/11/11 11:01:31 Log message: import of llvm from LLVM 16.0.6 Status: Vendor Tag: LLVM Release Tags: LLVM_16_0_6 U src/gnu/llvm/llvm/.clang-format U src/gnu/llvm/llvm/.clang-tidy U src/gnu/llvm/llvm/.gitattributes […] U src/gnu/llvm/llvm/utils/vscode/llvm/syntaxes/ll.tmLanguage.yaml U src/gnu/llvm/llvm/utils/yaml-bench/CMakeLists.txt U src/gnu/llvm/llvm/utils/yaml-bench/YAMLBench.cpp 67 conflicts created by this import. Use the following command to help the merge: cvs checkout -jLLVM:yesterday -jLLVM src/gnu/llvm/llvm

Naturally, this has involved supporting work elsewhere in base, and in ports.

A new stable release of LibreSSL is out, and should be arriving on a mirror near you shortly.

Brent Cook (bcook@)'s announcement reads:

We have released LibreSSL 3.8.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release for the 3.8.x branch, also available with OpenBSD 7.4

Read more…

Theo de Raadt (deraadt@) posted to tech@ a message entitled disruptive amd64 snapshot coming. It reads:

There is a pretty disruptive amd64 snapshot coming, so anyone who is using snapshots for critical stuff should take a pause. (This warning about a development step is unusual, I won't make it common practice).

Of course, on non-critical amd64 systems running snapshots, this is a good opportunity to test (and report any problems).

Hot on the heels of the release of OpenBSD 7.4, Omar Polo (op@) has announced the release of OpenSMTPD 7.4.0p0. The announcement reads,

Subject: OpenSMTPD 7.4.0p0 Released From: Omar Polo <op () openbsd ! org> Date: 2023-10-25 7:33:43 OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases. It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX. The archives are now available from the main site at www.OpenSMTPD.org

Read more…

As announced on the misc@ mailing list, Otto Moerbeek (otto@), the author of OpenBSD's malloc(3) implementation [a.k.a. "otto malloc"], has written a tutorial on the new malloc(3) leak detection available in OpenBSD 7.4

Read it at: OpenBSD's built-in memory leak detection

Since the publication of that write-up, Otto has committed further enhancements:

CVSROOT: /cvs Module name: src Changes by: otto@cvs.openbsd.org 2023/10/22 06:19:26 Modified files: lib/libc/stdlib: malloc.3 malloc.c Log message: When option D is active, store callers for all chunks; this avoids the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@

The OpenBSD project has announced the release of OpenBSD 7.4, the 55th release of the OpenBSD operating system.

The new release contains a number of innovations and improvements across a number of areas, including

• Mandatory enforcement of indirect branch targets [See earlier report].
• viogpu(4), a VirtIO GPU driver [See earlier report].
• vmd(8) has moved to a multi-process model for virtio(4) block and network devices [See earlier report].
• Virtual machine owners can now override the boot kernel [See earlier report].
• malloc(3) now has built-in leak detection [See earlier report]. Chunk sizes are now fine-grained, and all chunks in the delayed free list are checked for write-after-free.
• In LibreSSL 3.8.2, TLSv1.0 and TLSv 1.1 are disabled in libssl. Ed25519 certificates are now supported in openssl(1) ca and req.
• In OpenSSH 9.5, ssh-kengen(1) generates Ed25519 keys by default. Keystroke timing obfuscation has been added to ssh(1) [See earlier report]. The fingerprint of a newly generated host key is printed on first boot [See commit].
• cron(8) now supports random ranges with steps [See earlier report].
• shutdown(8)/reboot(8) now require membership of group _shutdown [See earlier report].
• sec(4) for Route Based IPSec VPNs [See earlier reports].
• Soft updates (softdep) have been disabled for future VFS work [See earlier report].
• There has been a major rewrite of pfsync(4) [See earlier report].
• AMD processor microcode update is now supported [See earlier report].
• ifconfig(8) has a new wgdescr[iption] option which allows labelling peers.

as well as the general churn of optimizations and fixes across the system.

Package counts (packages prebuilt for this release) for the more popular architectures are
i386: 10603,
amd64: 11845,
aarch64: 11508,
sparc64: 8469,
powerpc64: NNNNN,
--> with more to follow as bulk builds complete.

As always, the release is available for download from mirror sites all over the world; be sure to pick one that is near you, network-wise! Those upgrading from the 7.3 release (or earlier) should consult the Upgrade Guide.

Thanks again to the developers for the dedicated effort that went into producing this new release!

The release of version 8.3 of OpenBGPD has been announced.

This version contains a few fixes.