The initial list of 21 'low hanging fruit' videos from EuroBSDcon 2024 has been released with more to follow:

Here is the EuroBSDcon 2024 playlist.

The OpenBSD highlights include:

Confidential Computing with OpenBSD - Hans Jörg Höxer

Building a SD-WAN appliance suitable for Australian Health Sector NFP/NGO - Jason Tubnor

A Packet's Journey Through the OpenBSD Network Stack - Alexander Bluhm

OpenBSD vs. IPv6 - Florian Obser

Global anycast using OpenBSD on a budget - Rob Keizer

Why rewrite fw_update(8)? - Andrew Hewus Fresh<br>

vmd's multi-process device emulation: 2 releases later - Dave Voutila

Puffy does Realtime Hypermedia - Patrick Marchand

The rest (see the conference schedule) will appear soon, pending some necessary post-processing.

Enjoy this bunch, and do come back for the rest soon!

(As noted in his toot,) Rafael Sadowski (radowski@) has written a blog entry entitled dpb - distributed ports builder, which describes his dpb(1) setup.
It is likely to be of interest to those getting started with porting software to OpenBSD.

The article sets out its purpose as,

The goal is to provide an overview of how to configure a single instance for port building with minimal effort. Whether you’re trying dpb(1) for the first time or looking for a straightforward guide, I hope this documentation will be useful both for beginners and for myself, as a reference for future setups since I don’t have an Ansible playbook for it ;).

So maybe an Ansible playbook is up next? Anyway, a good read for prospective and current porters. Enjoy!

Jeremie Courreges-Anglas (jca@) committed a change which is likely to be welcomed by laptop users:

CVSROOT:	/cvs
Module name:	src
Changes by:	jca@cvs.openbsd.org	2024/11/21 04:58:45

Modified files:
	sys/kern       : sched_bsd.c 
	lib/libc/sys   : sysctl.2 

Log message:
Let the user provide an alternative perfpolicy when on battery

The current behavior of "auto", which implies running at full speed when
on AC power, does not fit all the hardware and use cases. For some people
it results in more power consumption, more heat, more noise, etc.

Extend the semantics of hw.perfpolicy and provide two buttons to
specify the desired behavior:

sysctl hw.perfpolicy=<policy while on ac>[,<policy while on battery>]

Keep the default behavior of "high,auto". People can opt for "auto,auto"
or simply "auto" instead.

No objection from deraadt@, input and ok sobrado@ sthen@

This is now in snapshots, so please test if you run those!

Soon, unwind will have support wildcard in blacklist.

Here, a change that makes any domain in the blacklist that starts with '.', which is not a legal name due to an empty label, is treated as any subdomain on that zone.

This means that .example.com blocks all requests to any subdomain of example.com, but allows example.com.

Changes: https://marc.info/?l=openbsd-cvs&m=173244784522937&w=2

Version 0.106 of Game of Trees has been released (and the port updated).

• prevent gotd from exiting with pending notifications if client disconnects
• convert got to the new imsg API
• gotwebd: improve performance of repository age calculations
• gotwebd: ensure child processes inherit non-default config

Version 0.105 of Game of Trees has been released (and the port updated).

Version 0.104 of Game of Trees has been released (and the port updated).

* got 0.104; 2024-10-22
  see git repository history for per-change authorship information
- gotd.conf: document the macro syntax
- tog: prevent a segfault upon unexpected object type in ref list view
- fix pack file creation in the presence of tagged tag objects
- plugged some memory leaks
- fix a crash when unstaging a file which has been removed from disk
- gotwebd: fix out of bounds access while handling the configuration

The LibreSSL project, a closely associated subproject of the OpenBSD project, has announced the availability of their new stable release, LibreSSL 4.0.0, which comes with a number of improvements and a sprinkling of fixes.

The release announcement reads,

Subject:    LibreSSL 4.0.0 Released
From:       Brent Cook <busterb () gmail ! com>

We have released LibreSSL 4.0.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 4.0.x branch, also available with OpenBSD 7.6

It includes the following change from LibreSSL 3.9.2:

  * Portable changes
    - Added initial Emscripten support in CMake builds.
    - Removed timegm() compatibility layer since all uses were replaced
      with OPENSSL_timegm(). Cleaned up the corresponding test harness.
    - The mips32 platform is no longer actively supported.
    - Fixed Windows support for dates beyond 2038.

The work of improving ssh security by segregating functionality into separate binaries contiues, this time by introducing sshd-auth as a separate binary.

The commit message summarizes why this makes sense,

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.

The code is in snapshots as we type.

Read the whole thing after the fold -