21 April 2014

Puffy

Undeadly :: Call for Testing: vlan(4) improvements

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Henning Brauer (henning@) writes in to let us know that he has some vlan(4) improvements in the pipeline:

so, on vlan, to insert the vlan tag, we right now:
-copy (most of) the existing ethernet header into a ether_vlan_header
 on the stack
-fill the extra fields (tag, inside ether type) in ether_vlan_header
-set the ether type
-m_adj() to make room for the extra space ether_vlan_header needs
-m_copyback the ether_vlan_header into the mbuf

that involves moving data around, which isn't all that cheap.

now it turns out it is trivial to have ether_output prepend the
ether_vlan_header instead of the regular ethernet header, which makes
the vlan tagging essentially free in most cases.

you need a very current src tree to test this, relies on the code
shuffling in if_ethersubr.c I did a few hours ago.

If you have a setup that involves vlan(4), you can test by applying the patch and pushing some packets. As always, widespread testing is key to the continued quality of our releases.

19 April 2014

Puffy

Undeadly :: ALTQ removed from -current

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In between all the OpenSSL sound and fury it could have been easy to miss, but one of the likely Big News candidates for OpenBSD 5.6 just happened: Removal of the ALTQ traffic shaping system.

The commit message by Henning Brauer (henning@) reads:

CVSROOT:	/cvs
Module name:	src
Changes by:	henning@cvs.openbsd.org	2014/04/19 04:07:44

Modified files:
	sys/conf       : GENERIC 

Log message:
-option ALTQ
Read more...

18 April 2014

Puffy

Undeadly :: One week of OpenSSL cleanup

After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls.

Then Jonathan Grey (jsg@) and Reyk Flöter (reyk@) come next, followed by a group of late starters. Also, an honorable mention for Christian Weisgerber (naddy@), who has been fixing issues in ports related to this work.

All combined, there've been over 250 commits cleaning up OpenSSL. In one week. Some of these are simple or small changes, while other commits carry more weight. Of course, occasionally mistakes get made but these are also quickly fixed again, but the general direction is clear: move the tree forward towards a better, more readable, less buggy crypto library.

17 April 2014

Puffy

Undeadly :: m2k14: Hackathon Begins

As is their wont, a number of developers have congregated for another hackathon, this time in sunny Morocco.

You can, of course, follow the commits on source-changes, but the war cries that lead us down the road to Valhalla are being collected for your inspiration and amusement at OpenSSL Valhalla Rampage.

As always, it is your donations that make it possible for our berserkers to greet the Valkyries!

15 April 2014

Puffy

Undeadly :: OpenBSD has started a massive strip-down and cleanup of OpenSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The denizens of lobste.rs (and no doubt you, eagle-eyed reader!) have made note of the ongoing rototilling of the OpenSSL code in OpenBSD, and Joshua Stein (jcs@) has chimed in with a quick breakdown of the action thus far:

Changes so far to OpenSSL 1.0.1g since the 11th include:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

To clarify, not all of the cryptographic engines were removed; the padlock and aesni engines are still in place.

As always, it's heartening to see a concentrated effort on such a critical software component.

10 April 2014

Puffy

Undeadly :: OpenBSD Foundation Funding Goals Reached

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) writes in to tell us that the OpenBSD Foundation 2014 fundrasing campaign has reached its goals:

The OpenBSD Foundation is happy to report that the $150,000 goal of the 2014 fundraising campaign has been reached.

We wish to thank our contributors large and small. We will continue our fundraising efforts both in the current year and next year.

Read more...

Undeadly :: heartbleed vs malloc.conf (updated)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Ted Unangst (tedu@) has posted an article about how OpenSSL has managed to sidestep OpenBSD's malloc.conf(3) protections:

About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.

As they say, read the whole thing.

Update:
tedu@ has a follow up post in which he finds a particularly nasty bug in the code which sidesteps the malloc.conf options, which means that it cannot, unpatched, be disabled:

Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug I’m about to describe can only exist and go unnoticed precisely because the freelist is LIFO.

As they say, read this other thing.

09 April 2014

Puffy

OpenBSD Errata :: 003 SECURITY

  All architectures
Missing hostname check for HTTPS connections in the ftp(1) utility.

08 April 2014

Puffy

Undeadly :: Patches for OpenSSL bounds checking bug

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches for the so called heartbleed OpenSSL bug have been released by the OpenBSD project for OpenBSD 5.3-stable, OpenBSD 5.4-stable and OpenBSD 5.5

In the short statement contained in the commit message, Theo de Raadt (deraadt@) noted that OpenSSH is unaffected.

Read more...

Puffy

OpenBSD Errata :: 002 SECURITY

  All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents.

28 March 2014

Puffy

Undeadly :: Call for testing: acpiec(4) clear events on attach and resume

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Paul Irofti (pirofti@) wrote in about his ongoing effort to untangle acpiec events. Paul writes,

The following patch attempts to fix an issue where multiple ACPI EC events pile up during suspend and fill a buffer that upon resume prevent further event notifications.

The fix clears up the event queue early on during resume and also upon initial acpiec(4) attach.

And of course there's a patch to test - description and download link after the fold.

Read more...

20 March 2014

Puffy

Undeadly :: Call for Testing: upd(4)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Andre de Oliveira (andre@) has committed the upd(4) driver, which detects uninterruptible power supplies (UPS) attached to USB, which will show up in the dmesg:

uhidev0 at uhub1 port 1 configuration 1 interface 0 "American Power Conversion Back-UPS RS 500 FW:30.j5.I USB FW:j5" rev 1.10/0.06 addr 2
uhidev0: iclass 3/0, 98 report ids
upd0 at uhidev0
Read more...

19 March 2014

Puffy

Undeadly :: hp300, mvme68k, and mvme88k Arches Move to the Attic

In a recent commit, miod@ removed support for some of the older platforms that were supported by OpenBSD:

Retire hp300, mvme68k and mvme88k ports. These ports have no users, keeping
this hardware alive is becoming increasingly difficult, and I should heed the
message sent by the three disks which have died on me over the last few days.

Noone sane will mourn these ports anyway. So long, and thanks for the fish.

15 March 2014

Puffy

OpenBSD Errata :: 001 RELIABILITY

  All architectures
Memory corruption happens during ICMP reflection handling. ICMP reflection is disabled by default.

14 March 2014

Puffy

Undeadly :: Heads Up: Apache Removed from Base

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

In a series of commits, Florian Obser (florian@) has unhooked Apache from the OpenBSD base build. This means you need to pay special attention when upgrading your systems:

/usr/sbin/httpd and the associated tools and files have been removed. Consider using nginx(8) for your http serving needs, but note that nginx is not a drop-in replacement. For people who need the old httpd(8) and cannot switch at this time, see the port www/apache-httpd-openbsd.

Read more...

13 March 2014

Puffy

Undeadly :: OpenSMTPd Now the Default MTA in OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After a long time spent in the shadow of Sendmail, OpenSMTPd is now the default MTA in OpenBSD:

CVSROOT:	/cvs
Module name:	src
Changes by:	tedu@cvs.openbsd.org	2014/03/12 12:21:34

Modified files:
	etc            : crontab mailer.conf rc.conf 
	etc/mail       : smtpd.conf 

Log message:
switch over to smtpd by default.
ok deraadt gilles todd

A great deal of thanks to the OpenSMPTd developers for their work in making this possible!

11 March 2014

Puffy

Undeadly :: USB 3.0 support beginning to emerge for -current

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

USB 3.0 support is coming to OpenBSD-current. In a series of commits commit dated March 8 2014 ending with this one, Martin Pieuchot (mpi@) added the beginnings of USB 3.0 support:

Module name:	src
Changes by:	mpi@cvs.openbsd.org	2014/03/08 07:34:12

Modified files:
	sys/conf       : files 
	sys/dev/pci    : files.pci 
Added files:
	sys/dev/usb    : xhci.c xhcireg.h xhcivar.h
	sys/dev/pci    : xhci_pci.c

Log message:
Dumb xhci(4) implementation.
Read more...

07 March 2014

Puffy

Undeadly :: From the trenches: espie@ reports on recent experiments in package building

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

In a recent post to the ports mailing list titled "dpb fun", Marc Espie (espie@) reported on tests running the OpenBSD distributed ports builder on larger than usual hardware and improvements that sprang from the test:

So, I got access to a bunch of fast machines through Yandex. Big kudoes to them. It allowed me to continue working on dpb optimizations for fast clusters, after some tentalizing glimpse into big clusters I got a few months ago thanks to some experiment led by Florian Obser.

The rest of the post follows after the fold, this looks like exciting times are ahead.

Read more...

05 March 2014

Puffy

Undeadly :: Slashdot Taking Questions for Interview with Theo de Raadt

Slashdot is soliciting questions for an interview with Theo de Raadt (deraadt@). So if you've some question you'd like to see the man at the top of the dogpile answer, head on over and drop it in the box.

Undeadly :: OpenSMTPD 5.4.2 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Gilles Chehade (gilles@) writes in to let us know about the latest official release of OpenSMTPD:

OpenSMTPD 5.4.2 has just been released.

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux.

The archives are now available from the main site at www.OpenSMTPD.org

The rest of the release announcement below the fold. Read more...

Undeadly :: BSDCan 2014 Registrations Open

Registration for the 2014 version of the main and longest running North American BSD conference, BSDCan, is now open. The conference takes place in Ottawa, Canada, on the University of Ottawa campus May 14-15 (tutorials) and May 16-17 (talks). You can register for the conference here.

On the program we have OpenBSD developers

Paul Irofti on Porting OpenBSD to Octeon
Peter Hessler on BGP for spamd synchronization
Henning Brauer on 10 years of OpenBGPd
Ingo Schwarze on New trends in mandoc
Read more...

28 February 2014

Puffy

Undeadly :: Call for Testing: USB Installation Images

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Chris Cappuccio (chris@) announced the need for testing USB installer images on tech@:

Here are some potential USB installer images for OpenBSD/amd64 5.5

http://www.nmedia.net/chris/install55.fs
http://www.nmedia.net/chris/miniroot55.fs

The install55.fs contains full installation packages. The miniroot55.fs is a ramdisk-kernel only (for network installation or troubleshooting.)

Please test either on as many amd64 machines as you can with any USB flash and any USB-CF adapters that you have.

Report failures and success of each image ASAP. Test as many flash types (USB, CF-USB, old USB, new USB...) as you can.

SPECIFICALLY, IF you have a boot failure, I need to see the dmesg output (and the fdisk and disklabel output from the machine if possible to boot it another way). Any error messages displayed from the boot blocks or BIOS are also essential.

A follow-up email gives the instructions for creating the installation media:

The installation entails:

dd if=miniroot55.fs of=/dev/rsd2c

Assuming your USB key is identified as 'sd2' after you plug it in (Be careful not to write over a system disk!)

Also you can use physdiskwrite or other tools on Windows or other platforms. All tests are welcome.

As the man says, download, install, and report. If you want to make USB installer images a regular offering, your efforts are required.

Undeadly :: Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow And nfsen

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } "Have you ever wanted to know what's really going on in your network?", Peter Hansteen asks in his most recent coloumn, Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow And nfsen,. He goes on to explain how to use your OpenBSD tools (mostly in the base system, the rest available through one pkg_add invocation) to see the hidden life of your network.

It's all easier with OpenBSD, but with some variations the tools Peter mentions will work on any unixlike system.

25 February 2014

Puffy

Undeadly :: OpenBSD Participating in Google Summer of Code 2014

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In an email to the OpenBSD community, Bob Beck (beck@) has announced that The OpenBSD Foundation will represent OpenBSD in the Google Summer of Code 2014:

The OpenBSD Foundation is pleased to announce that we have been accepted as a mentoring organization for Google Summer of Code 2014. As such if you are a student who qualifies to apply for GSOC, you will be able to find us in Google's Summer of Code Application process.

We have an ideas page which is located at http://www.openbsdfoundation.org/gsoc2014.html

I will repeat my usual disclaimer here on behalf of the foundation - doing anything with GSOC does *not* guarantee the result will end up in OpenBSD or any related project. That having been said we hope to be able to put some mentors together with students to accomplish things that may become useful to the community at large.

This will be our first year doing this, so we hope to learn from the experience and see if it will work out in future years.

-Bob Beck - The OpenBSD Foundation.

The list of project ideas is varied, long, and, most importantly, interesting. Anyone who meets the criteria for participation should take a peek and put their name in the hat for anything that strikes their fancy.

Undeadly :: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Henning Brauer (henning@) wrote in with his report on the recent hackathon in New Zealand as well as events immediately before and after:

I flew to New Zealand a good week before the hackathon in Dunedin to hike with benno@ and Anja. Fortunately, we didn't plan ahead, all of that had been moot anyway - Qantas didn't feel like getting Anja's bag to NZ and couldn't even tell where it might be (I knew better than to fly Qantas after making that mistake last year), not even a day later - at that point we would have been in the mountains already under normal circumstances. So we went to buy some replacement gear and took off 2 days after arrival.

We went over the Mr. Robert ridge line to Angelus Lake, to continue on an unmarked "trail" towards hopeless hut and almost got stuck in a 500m high rock wall with rain and heavy heavy gusts - it was fun. When we returned after 3 days, we found our car broken into and almost all of our stuff stolen, including 5 laptops and most of our clothes. Most of Anja's stuff was safely at some Airport in Qantas possession, but I didn't even have underwear any more.

Read more...

Undeadly :: How to create a USB flash installer for OpenBSD

Chris Cappuccio wrote in with a procedure to create USB thumbdrive install media:

Luke Tymowski said on Twitter that if you search the Google for instructions on how to create a bootable USB flash OpenBSD installer, you get lots of conflicting instructions. So I thought I'd set the record straight, at least for i386/amd64. It's easy if you already have OpenBSD installed.
Read more...

24 February 2014

Puffy

GCU OpenBSD :: j’ai jamais vu un type distribuer autant de pains a la fois

Ca sera dans OpenBSD 5.5, mais c’est déja possible depuis quelques mois en -current : l’installation automatique d’un OpenBSD de bout en bout via PXE, en utilisant un fichier de configuration pour répondre à toutes les questions de l’installer. Et tout ca tient toujours dans un bsd.rd de moins de 9Mo… rpe@ en parlait déja ici sur undeadly, et une vidéo vient d’être publiée montrant la facilité de déroulement de la chauze.

Par gaston

22 February 2014

Puffy

Undeadly :: EuroBSDCon 2014 Call for Papers Open, proposals accepted until May 19th

The 2014 EuroBSDCon conference will be in Sofia, Bulgaria September 25 through 28, with two days of tutorials and meetings followed by two days of talks.

The Call for Papers announcement has been sent to major projects' mailing lists, and you are invited to head over to the conference web site and look around. The Call for Papers page is live now.

The OpenBSD project is represented by Janne Johansson (jj@) and Peter Hansteen (Book of PF author and undeadly editor) on the program committee.

Do you have an idea for a good, OpenBSD-themed talk or tutorial? Now is the time to write up an abstract and submit!

19 February 2014

Puffy

Undeadly :: Status of GNOME 3 on OpenBSD

Antoine Jacoutot writes in with an update on the current status of Gnome 3 on OpenBSD:

It's been a while since I wanted to write something about the state of GNOME as a day-to-day Desktop on OpenBSD. It's no secret amongst OpenBSD people that the company I work for maintains (amongst other things) a park of a few thousand OpenBSD Desktops around the world.
Read more...

14 February 2014

Puffy

Undeadly :: n2k14 hackathon report: claudio@

Claudio Jeker writes in with his take on the n2k14 hackathon:
I started this year with some nice hiking in New Zealand just before the hackathon. Once I ended up in Dunedin at the University of Otago there were two main things I wanted to do. First of all there was a rather serious bug in the graceful reload handling of bgpd which caused stale routes to remain in the RIB and FIB resulting in bad routing decisions.
Read more...

13 February 2014

Puffy

Undeadly :: n2k14 hackathon report: dlg@ on locking, midlayers, and network drivers

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } David Gwynne (dlg@) tells us why he travelled all the way from Australia to come to New Zealand:
The only real plan I had made leading up to the hackathon was to to do my best to move our SMP support forward. Despite that, I got distracted pretty soon after I turned up because of a discussion with krw@ about leftover work we had after the big restructure of the SCSI midlayer.
Read more...

12 February 2014

Puffy

Undeadly :: n2k14 hackathon report: jsg@ on Mesa, LLVM dependencies, and Static Analysis

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Jonathan Gray (jsg@) tells us what he was up to down under:

I started the hackathon by updating libdrm to 2.4.51 which adds some interfaces required by the development versions of Mesa, and Mesa to 9.2.5 which corrects some minor bugs in the earlier 9.2.3 version we had.

I tried to look into building the development versions of Mesa again but this turned out to be painful for a few reasons. When Mesa switched build systems to autotools a few years back they broke builds on systems that don't have Linux/SVR4 style shared library versioning as they create symlinks to libraries by name instead of using libtool to infer a name. Various patches have been suggested to resolve this but none have been accepted. And now they build DRI3 support by default which requires udev.

Read more...

Undeadly :: n2k14 hackathon report: jmatthew@ on fibre channel and assorted other hardware doodads

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Jonathan Matthew (jmatthew@) tells us about his efforts to improve drivers:
Since about Christmas time, I've been working on a new driver for QLogic Fibre Channel controllers to replace isp(4), which, to put it mildly, is not the best driver in the tree. Shortly before the hackathon, I had my new driver working with one generation of hardware (ISP23xx) on amd64 and sparc64.

During the week, I added support for an older generation (ISP2200), almost got a newer generation (ISP24xx) working, and figured out how to deal with loop and fabric changes that occur after attach time.

At the moment it looks like I'll add a separate driver for ISP24xx and later generations rather than trying to fit that into qla(4), as the hardware changes between ISP23xx and ISP24xx are significant.

Other possible projects I had in mind, such as making Octeon USB work and looking at the AHCI implementations found in various ARM systems, remained totally untouched, but may happen later.

Work on qla(4) is continuing, and we aim to make it the default driver for at least some QLogic FC devices in OpenBSD 5.5.

Undeadly :: Call for Testing: iwn(4)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Mark Kettenis (kettenis@) has put out a call for testing for iwn(4) devices:
I'm looking for people with one of the following unsupported Intel wireless chips:

Intel Centrino Wireless-N 2200 (shows up as Wireless-N 2000 in dmesg)
Intel Centrino Wireless-N 135
Intel Centrino Wireless-N 105

If you have one of these, please try the attached diff. It might give you a working iwn(4).

Thanks,

Mark

This patch has subsequently been committed; if you have an iwn device, please find the time to test and report success and failure.

04 February 2014

Puffy

Undeadly :: n2k14 Hackathon Report: krw@ on dhcp and disk labels

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Kenneth Westerback writes in with his report from the n2k14 hackathon:
I came to n2k14 with two goals. The first was to fix a problem with writing disklabels on MBR partitioned disk drives with non-512-byte sectors. The second was to finish some dhclient work I started at t2k13 and some other long-standing nits in dhclient.
Read more...

29 January 2014

Puffy

Undeadly :: Call for Testing: acpiasus(4)

Paul Irofti (pirofti@) posted to tech@ a call for owners of ASUS laptops to test a diff that may fix attach behaviours:
It seems to me that the activate function was registered as a detach
function. This diff puts the activate function in the proper cfattach
position.


Index: dev/acpi/acpiasus.c
===================================================================
RCS file: /cvs/src/sys/dev/acpi/acpiasus.c,v
retrieving revision 1.15
diff -u -p -r1.15 acpiasus.c
--- dev/acpi/acpiasus.c	6 Dec 2013 21:03:02 -0000	1.15
+++ dev/acpi/acpiasus.c	29 Jan 2014 12:57:26 -0000
@@ -88,7 +88,7 @@ extern int wskbd_set_mixervolume(long, l
 
 struct cfattach acpiasus_ca = {
 	sizeof(struct acpiasus_softc), acpiasus_match, acpiasus_attach,
-	acpiasus_activate
+	NULL, acpiasus_activate
 };
 
 struct cfdriver acpiasus_cd = {

As he says in his follow-up email, "People with asus, please test and report back on both success and failure."

26 January 2014

Puffy

Undeadly :: n2k14 hackathon report: deraadt@ on random seeds, signing and hibernation

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our second n2k14 hackathon report comes from Theo de Raadt (deraadt@), who writes,
I came to this hackathon with a few targets. I really wanted a break from the recent funding issues. It was time to dig into code.
Read more...

24 January 2014

Puffy

Undeadly :: n2k14 Hackathon Report: guenther@ on threading, time_t cleanup and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Philip Guenther (guenther@) was the first to write in with a report from the n2k14 hackathon in Dunedin, New Zealand:

I had come to Dunedin with a possible fix for an annoying threading bug in the kernel ptracing code. It's a bit complicated in the locking of the single-threading logic, and I wanted to see what kettenis@ thought about it. I noted a second problem (tsleep being called recursively) which was "easy to fix", so I started on that and discovered that it was, of course, much more complicated then I expected. Trying to work out how to fix *that* led to the subtle tangle which is exit1(). So I worked on simplifying the exit logic so that exiting threads in multi-threaded processes completely skip the zombie and wait logic. Most of that went in early; as I write this there's one last change to remove the "alternate exit signal" support for Linux compat, as it's unused by modern programs.
Read more...

21 January 2014

Puffy

Undeadly :: Signed Installs, Upgrades, and Packages

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Marc Espie (espie@) lets the cat out of the bag:
It's probably time to talk about it.

Yes, we are now distributing signed packages.  A lot of people have probably
noticed because there was a key mismatch on at least one batch of signed
packages.

Obviously, we haven't finished testing yet.

Don't read too much into that.  "Signed packages" just mean you can use
an insecure medium, such as ftp, to download packages: if the key matches,
it means the package hasn't been tampered with since it was signed.

The cryptographic framework used to sign packages is called signify(1),
mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo
and I.

The signing framework in pkg_add/pkg_create is much older than that, if
was written for x509 a few years ago, but signify(1) will probably be more
robust and ways simpler.  In particular, there's no "chain-of-trust", so
you keep complete control on the sources YOU trust.

Signatures should be transparent in use: the package is opened, the 
packing-list signature is checked, and then files are checksummed while
extracted against the packing-list embedded checksums (there are provisions
to ensure any dangerous meta-data is also encoded in the packing-list as
@mode/@user/@group annotations.

So, barring problems, you shouldn't even notice signatures.

And Theo de Raadt (deraadt@) talks about signed base sets for installations and upgrades: Read more...

Puffy

OpenBSD Errata :: 004 SECURITY

A problem exists in nginx(8) which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request. This issue was assigned CVE-2013-4547.

19 January 2014

Puffy

OpenBSD Errata :: 005 RELIABILITY

In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of the application. The i386, amd64, vax and m68k platforms aren't affected.

15 January 2014

Puffy

Undeadly :: ruBSD: interviews with Theo and Henning

Last December Russian tech giant Yandex organised first ruBSD event in Moscow. OpenBSD developers Theo de Raadt, Henning Brauer and Mike Belopuhov gave three talks on different topics. There were interviews with Theo and Henning recorded as well. Theo spoke about current adoption of mitigation techniques in other OSes and state of OpenBSD project. Henning gave a history overview of PF.

All talks and interviews available online and for download.

Theo de Raadt: Exploit Mitigation Techniques: an Update After 10 Years (slides, video and interview)
Henning Brauer: OpenBSD's pf: Design, Implementation and Future (slides, video and interview)
Mike Belopuhov: OpenBSD: Where is crypto headed? (slides and video)

13 January 2014

Puffy

Undeadly :: Urgent Request for Funding OpenBSD HQ's Electricity

OpenBSD supports a wide range of hardware architectures, and for practical and logistical reasons there are few places in the world that have them all in one place except OpenBSD headquarters, see eg this picture, which shows a subset of the machines involved in building OpenBSD releases.

But keeping all this hardware running involves a considerable electricity bill, and Theo de Raadt (deraadt@) is asking for help, preferably in the form of a company willing to specifically sponsor the project's electricity bill.

See the message to openbsd-misc titled Request for Funding our Electricity for details, and if you are in a position to move on this, please do whatever it takes.

Undeadly :: OpenBSD-current is now 5.5-beta

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Yes, folks, it's that time of the year again. With this commit, Theo de Raadt (deraadt@) cranked the version strings and turned 5.4-current into 5.5-beta.

Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt 
Date:       2014-01-12 11:26:10

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2014/01/12 04:26:09

Modified files:
	sys/conf       : newvers.sh 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	etc/root       : root.mail 
	sys/sys        : param.h 
	share/mk       : sys.mk 

Log message:
crank to 5.5beta

You know the drill, folks: Time to head over to the changelog page and see what the upcoming goodies are (newqueue and automated install comes to mind), then install and test! New snapshots with a 5.5-beta version tag should be appearing on your favorite mirror shortly (and has been spotted at the .eu mirror).

11 January 2014

Puffy

OpenBSD Errata :: 003 RELIABILITY

An unprivileged user may hang the system.

07 January 2014

Puffy

OpenBSD Errata :: 001 RELIABILITY

A crash can happen on pflow(4) interface destruction.

OpenBSD Errata :: 002 SECURITY

A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange. Review the gcmrekey advisory for a mitigation.

02 January 2014

Puffy

Undeadly :: mdocml-1.12.3 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Ingo Schwarze (schwarze@) wrote in to tell us about the new release of mdocml (mandoc):

I have just released version 1.12.3 of mdocml = mandoc on http://mdocml.bsd.lv/.

This is a stable maintenance and bugfix release not changing any major functionality or interfaces. All users and downstream distributions are encouraged to upgrade from whatever earlier version they happen to be using.

The two main new features are in mdoc(7) parsing and output: In the SYNOPSIS, function declarations now break the line at better places and indent more nicely. This was accomplished with help from Franco Fichtner (franco@DragonFlyBSD). And mdoc(7) macro arguments now handle the quoting of quote characters correctly, thanks to a patch from Tsugutomo ENAMI (enami@NetBSD). There are several additional bug fixes and tiny new features; for more details, see http://mdocml.bsd.lv/.

Read more...

01 January 2014

Puffy

Undeadly :: Heads Up: atexit(3) Moved

Due to internal changes in how atexit(3) is implemented, upgrades from source require a special set of steps:

To support the use of atexit(3) in dynamically loaded shared objects, atexit(3) is now
provided by the C runtime startup files. If you want to upgrade via source you will need
to build and install new C runtime startup files first:

  cd /usr/src/lib/csu
  make clean
  make obj
  make depend
  make
  make install

Now you can follow the standard procedure outlined in release(8).

30 December 2013

Puffy

Undeadly :: Boot-Time Randomness

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Initial support for boot-time availability of high-quality random numbers has been committed:

From: Theo de Raadt 
To: tech@openbsd.org
Subject: Randomization from the bootblocks

Over the holidays I've written code to do something we've
talked about for a long time but never gotten around to.

The bootblocks are now capable of providing entropy to the
kernel very early on.

This requires an upgrade of the bootblocks and at least
/etc/rc (which saves an entropy file for future use).  Some
bootblocks will be able to use machine-dependent features
to improve the entropy even further (for instance using
random instructions or fast-running counters or such).

As a result, the kernel can start using arc4random()
exceedingly early on, even before interrupt entropy is
collected.  The randomization subsystem can hopefully
become simpler due to this early entropy.. there is more
work do here.

At least i386, amd64, macppc, sparc64, hppa, and loongson
are supported.  Hopefully the others are not far behind.

Because many in-kernel consumers of randomness are initialised very early, this means that the in-kernel protections derived from randomness should now be much better.

29 December 2013

Puffy

Undeadly :: Heads Up: i386 moves to PIE

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Following up on the commit that enabled the change, Theo de Raadt (deraadt@) wrote in to tech@ with a note concerning care to be taken during upgrades now that i386 runs PIE executables.
From: Theo de Raadt 
To: tech@cvs.openbsd.org
Subject: i386 switched to PIE

The i386 architecture has now been switched to PIE.  There is a small
performance hit, but this part of ASLR is valuable combined with
W^X and the stack protector.

This is a non-trivial upgrade, so please be careful.  Check the FAQ
for details or use a snapshot.

As it says in the commit message, special steps are required for upgrading from source, so check the instructions for doing so, if not upgrading via snapshots.