On this week's episode, the intrepid hosts talk about the import of SipHash to the OpenBSD kernel, Theo de Raadt (deraadt@)'s talk (slides) about arc4random, an interview with Justin Cormack of NetBSD, and videos from MeetBSD coming online.
Mark Kettenis (kettenis@) wrote a message to tech@ asking for volunteers to test a patch to squash a few bugs in the PCI code:
Hi All, dlg@ managed to get access to a machine that actually uses 64-bit PCI addresses behind a bridge. This triggered some bugs in the so far untested code. Quelle suprprise! I'd appreciate it if some people can verify that this doesn't break other systems. In particular I'm looking for testers on server-type machines, both i386 and amd64. Thanks, Mark
If you have such a machine, you should make sure that this doesn't introduce any issues for you. As always, quality releases depend on widespread testing!
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2014/11/17 13:53:21 Log message: Import perl-5.20.1
Additionally, he wrote in to give us a quick intro to what he thinks are some of the more interesting changes to be found: Read more...
This week, on BSDNow, the hosts talk about the recent MeetBSD, mention chatter on the Tor mailing lists about adding more OpenBSD nodes, interview with Kristaps Džonsons, the original author of mandoc(1), and all the odds and ends in the BSD universe.
For those of you who missed it on Friday, Martin Pieuchot (mpi@) enabled USB 3.0 support in OpenBSD:
CVSROOT: /cvs Module name: src Changes by: email@example.com 2014/11/07 09:44:18 Modified files: sys/arch/i386/conf: GENERIC sys/arch/amd64/conf: GENERIC Log message: Enable xhci(4). Most of the features are here, USB 1.x devices only work if they are connected to the root hub and isochronous transfers are not supported for the moment. Let me know if your controller/device do not work. In this case attach a dmesg of a kernel build with XHCI_DEBUG. ok deraadt@
For those of you who'd been looking forward to using those blue USB ports of yours, now's the time to plug in as many 3.0 devices as you can find!
Edit: Of course, just about the time we publish this story, USB1.x devices are now supported on a USB3.x controller.
Owing to its BSD heritage, OpenBSD ships with a few games installed in /usr/games. Quite a few, in fact. There are more programs in games (46) than in /bin (43). Some of them aren’t really games, but more like toys, but nevertheless there they are. They aren’t exactly the focus of OpenBSD, but they’re still part of the system and do get the occasional maintenance update.
One such game is bcd, which prints out punch card looking diagrams of input strings. I made a few improvements to it recently.
As they say, read the whole thing.
Derrière ce nom cryptique se cache une métaphore.. ainsi la construction de l’Operating System next-génération-qui-fait-son-bonhomme-de-chemin-tranquillement se poursuit, quand d’autres courent à leur destruction (suivez mon regard).
La grande nouveauté est l’apparition de LibreSSL, le fork d’OpenSSL. Enormément de commits ont eu lieu pour simplifier, sécuriser et améliorer cette librairie cruciale pour la confidentialité de nos échanges.
Les sets contenant la configuration dans /etc ont été remaniés, et les exemples sont maintenant pour la plupart dans /etc/examples/.
IPv6 est désactivé par défaut sur toutes les interfaces (pas d’IP link-local), comme IPv4 – il faut l’activer explicitement, ca évite les surprises.
Un serveur httpd(8) basique écrit à partir du code de relayd(8) est disponible en tech preview. Il remplacera nginx dans le basesystem en 5.7, son code étant maintenant considéré trop complexe.
OpenSMTPD remplace sendmail comme serveur de mail par défaut.
Un peu de nettoyage dans l’arbre… Kerberos (trop complexe), le support bluetooth (non maintenu), ALTQ (remplacé par HFSC), Apache(remplacé par nginx/httpd), ppp(8), pppoe(8) (utilisez pppd(8)), lynx(1), uucpd(8) et les TCP Wrappers ont été supprimés.
Beaucoup de ciphers/MAC obsolètes/insécures ont été désactivées par défaut dans OpenSSH. Ne vous étonnez pas de ne plus arriver à vous connecter depuis un vieux OpenSSH 4…
EDIT: as pointed out both in the comments below and privately, this renames not the installed SSL library, but the new "ressl" API library. Our apologies for the confusion.
Joel Sing (jsing@) has renamed the the installed LibreSSL library:
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2014/10/31 07:46:17 Modified files: include : Makefile lib : Makefile share/mk : bsd.README bsd.prog.mk Added files: lib/libtls : Makefile shlib_version tls.c tls.h tls_client.c tls_config.c tls_init.3 tls_internal.h tls_server.c tls_util.c tls_verify.c Removed files: lib/libressl : Makefile ressl.c ressl.h ressl_client.c ressl_config.c ressl_init.3 ressl_internal.h ressl_server.c ressl_util.c ressl_verify.c shlib_version Log message: Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many
On this week's episode of BSDNow, the hosts talk about brave missionaries to the Linux continent, the ongoing auction for the first signed copy of The Book of PF, 3rd Edition, the imminent release of OpenBSD 5.6, and interview John-Marc Gurney about updating the FreeBSD IPSEC stack, wherein he shares his thoughts regarding cross-pollination between the BSD IPSEC stacks.
All that and other odds and ends in the week's BSD news.
Hi misc@ Just received my 5.6 disks in the post! Thanks to all the developers for your continued work in making another great OpenBSD release. Cheers Fred -- 5.6 in the wild: https://twitter.com/fcbsd/status/525618236667482112
Reports are coming in from all over the world from people getting their CDs early, the obvious benefit to pre-ordering. If you haven't ordered yet, you can still do so over at http://www.openbsdeurope.com/, or if you don't need physical media (you'll miss out on the stickers), you can simply make a donation.
Please also consider getting your employer to order sets or make a donation if you use OpenBSD in your organisation.
According to http://www.oxide.org/cvs/OpenBSD.html OpenBSD just passed its three hundred thousandth commit.Read more...
I have integrated the traditional man(1) program - yes, the one to display manual pages - into mandoc(1). For apropos(1), whatis(1), and mandoc(1), the unified interface described below has now been enabled in OpenBSD-current since August 26, 2014.Read more...
Bob Beck (beck@) has announced the release of LibreSSL 2.1.0:
We have released LibreSSL 2.1.0 - which should be arriving in the LIbreSSL directory of an OpenBSD mirror near you very soon. This release continues on with further work from after OpenBSD 5.6 code freeze. Our intention is to finalize LibreSSL 2.1 with OpenBSD 5.7 As noted before, we welcome feedback from the broader community. Enjoy, -Bob
As of September 23, all OpenBSD ports can be individually built without sudo(1).Read more...
OpenBSD 5.6 CD sets are available for pre-order
Be the first kid on your block to serve up man pages in a brand-spanking-new httpd(8)!
I've just committed changes to pkg_create that will help mirrors synch by using much less bandwidth.Read more...
In this episode of BSDNow, Kris and Allan go over the week's BSD odds and ends, including mention of an interesting article about using a Linux rescue image to bootstrap a headless OpenBSD installation on remote machines. Headlining is an interview with the FreeBSD wireless stack maintainer, Adrian Chadd.
In the first of several commits, Matthieu Herrb (matthieu@) has removed sendmail from the release:
CVSROOT: /cvs Module name: src Changes by: email@example.com 2014/09/15 16:25:57 Modified files: gnu/usr.sbin : Makefile Log message: Unlink sendmail from the build. ok krw@ ajacoutot@
Users of OpenSMTPd can rejoice in having no work to do; others will have to install sendmail from packages.
This summer I, along with my mentors Landry Breuil and Antoine Jacoutot, worked on systemd shim-like replacements for four D-Bus daemons systemd provides, namely hostnamed, localed, timedated, and logind.Read more...
Ted Unangst (tedu@) wrote a blog post about his replacement of the simple LRU buffer cache algorithm with a 2Q-ish one:
Since the dawn of time, the OpenBSD buffer cache replacement algorithm has been LRU. It’s not always ideal, but it often comes close enough and it’s simple enough to implement that it’s remained the tried and true classic for a long time. I just changed the algorithm to one modelled somewhat after the 2Q algorithm by Johnson and Shasha. (PDF)Read more...
Log message:Read more...
remove nginx from the base system in favor of OpenBSD's own httpd(8)
After many years of being the default DNS server, BIND has been disabled in OpenBSD base:
This week the hosts set up SSL on nginx and an interview about the FreeBSD community and utilisation in the commercial server space, along with the week's BSD-world odds and ends.
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2014/08/21 11:00:34 Modified files: usr.sbin/syslogd: privsep.c syslogd.c Log message: Send and receive UDP syslog packets on the IPv6 socket. OK henning@
Google EMEA Women in Tech Conference and Travel grants for female computer scientists
As part of Google's ongoing commitment to encourage women to excel in computing and technology, Google is pleased to offer Women in Tech Travel and Conference Grants to attend the EuroBSDcon 2014 conference.
5 grants, are offered which include:
- Free registration for the conference
- Up to 1000 EUR towards travel costs (to be paid after the conference)
Antoine Jacoutot (ajacoutot@) has just committed committed a tool for managing rc.conf.local(8), in order to make it simpler for automated management systems such as Puppet or Ansible to interface with the operating system configuration:
CVSROOT: /cvs Module name: src Changes by: email@example.com 2014/08/19 08:08:20 Added files: usr.sbin/rcctl : Makefile rcctl.8 rcctl.sh Log message: Introduce rcctl(8), a simple utility for maintaining rc.conf.local(8). # rcctl usage: rcctl enable|disable|status|action [service [flags [...]]] Lots of man page improvement from the usual suspects (jmc@ and schwarze@) not hooked up yet but committing now so work can continue in-tree agreed by several
after more than seven months of active development including two hackathons, i have just released mandoc = mdocml 1.13.1 on <http://mdocml.bsd.lv/>.
Finally a hackathon where I did not have to spend 90% of my time under ports/x11/gnome \o/ (but of course, I had to cd into it anyway...). Besides some regular tweaks and updates in there, I worked on the gnome.port.mk MODULE to make it more generic and allow non-GNOME ports to benefit from some of its goodies (like xdg triggers and such) without ending up with unneeded build dependencies or things being only relevant to GNOME.Read more...
We have released LibreSSL 2.0.5, which should be arriving in the LibreSSL directory of an OpenBSD mirror near you. This version forward-ports security fixes from OpenSSL 1.0.1i, including fixes for the following CVEs: CVE-2014-3506
CVE-2014-3508 (partially vulnerable)
LibreSSL 2.0.4 was not found vulnerable to the following CVEs: CVE-2014-5139
We welcome feedback and support from the community as we continue to work on LibreSSL. Thank you, Brent
With the g2k14 hackathon starting on tuesday, I saw the commits and chatter from the hackathon. sadly, my original plan was to stay at work mostly since I am out of vacation days for the year. Thursday morning, I see that not only were a few more hackathon shirts being printed for attendees that wanted more, but also last-minute flights to Ljubljana were actually affordable. I nudged claudio@, who works at the desk next to me "hey, want to go to the hackathon for the weekend?"Read more...
Christian Weisgerber wrote in with this report from g2k14:
I updated the gettext port, of course. What'd you think I'd do at a hackathon?
The most interesting thing I worked on at g2k14 started out with a question: Why exactly do we run the fake step as root? (Hint: FreeBSD's corresponding stage infrastructure does not.)
On this week's episode, the BSDNow crew gabs about the BSD tribe, continues the recursive Undeadly mentions, interviews LibreSSL portable maintainer Brent Cook (bcook@), and Bob Beck (beck@) writes in to let the hosts know about arc4random-related FreeBSD porting issues.
It’s possible to misuse NAT to load balance outbound traffic across multiple internet connections from different service providers,see the Load Balance Outgoing Traffic section of PF FAQ.
The shortfall with this configuration is when implemented alongside unstable links, forwarding will continue to be attempted over the links which are down, this will cause issues such as long hangs for users behind the NAT while connections time out. To mitigate this,
ifstatedcan be used to smooth things over.
Read the rest at geeklan.co.uk, Sevan's blog site.
I'm looking for a few people to test some additional radeondrm fixes from the recently released Linux 126.96.36.199: https://lkml.org/lkml/2014/7/25/621
In particular on newer asics with displayport/eDP as I can only test on r100/lvds at the moment.
Despite being in the same room as many other LibreSSL developers for the first time (since the beginning of LibreSSL at least), I didn't do too much work on that front. I did remove the compression feature (as made famous by the CRIME attack; not all protocols or deployments are vulnerable, but we're also aiming for a simpler feature set overall) and made a few other cleanups. While it's very helpful to be in the same room as other hackers to exchange ideas, having everyone pounding on the source at the same time is a little troublesome so I elected to stay out of the way.
The latest episode of BSDTalk involves our very own Ingo Schwarze (schwarze@):
bsdtalk243 - mandoc with Ingo Schwarze
Interview about mandoc with Ingo Schwarze. The project webpage describes mandoc as "a suite of tools compiling mdoc, the roff macro language of choice for BSD manual pages, and man, the predominant historical language for UNIX manuals."
Recorded at BSDCan 2014.