OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
EuroBSDCon 2016 schedule has been released
Contributed by phessler on Thu Jul 28 09:45:36 2016 (GMT)
from the we-go-to-conferences-to-network-not-njetwork dept.

The EuroBSDCon 2016 talks and schedule have been released, and oh are we in for a treat!

All three major BSD's have a "how we made the network go fast" talk, nearly every single timeslot has a networking related talk, and most of the non-networking talks look fantastic as well.

The OpenBSD related talks are:

  • Embracing the BSD routing table - mpi@
  • rc.d(8) on OpenBSD - ajacoutot@
  • OpenBSD meets 802.11n - stsp@
  • OpenBSD: pf+rdomains create splendid multi-tenancy firewalls - Philipp Buehler (formerly known as pb@)
  • Dropping in 80Gbits (hopefully) of stateful firewalling capacity with PF and OpenOSPFd - Gareth Llewellyn
  • What we learnt from natively building packages on exotic archs - landry@
  • Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD - phessler@
  • Retrofitting privsep into ports tools - espie@
  • Why and how you ought to keep multibyte character support simple - ingo@
  • And an OpenBSD related tutorial is

  • OpenBSD: Building a test-environment for multi-tenancy firewalls - Philipp Buehler
  • We're very excited about this year's EuroBSDCon, looks to be a fantastic one. Register Now!

    [ 0 comments ] (flat) (expanded)

    OpenBSD 6.0 pre-orders up
    Contributed by tj on Wed Jul 27 13:42:55 2016 (GMT)
    from the full-bookshelf dept.

    Pre-orders for the 6.0 CD sets have just been activated.

    In addition, one of the six release songs has been released early.
    There will be another compilation CD titled "The songs 5.2 - 6.0" alongside the release.

    Head on over to the OpenBSD Store to pick up your CD set, poster, or both!

    This release has some of the coolest artwork yet.

    [ 1 comment 17:44 ago ] (flat) (expanded)

    n2k16 hackathon report: Stefan Sperling on dhclient bugs, iwm(4) issues
    Contributed by phessler on Mon Jul 25 09:51:27 2016 (GMT)
    from the al the bits that want to fly dept.

    The first report from the just-concluded n2k16 hackathon comes from Stefan Sperling, who writes:

    Because this network hackathon was scheduled very close to the 6.0 release I focused my efforts on fixing bugs.

    The first bug I encountered was that dhclient no longer works if DHCP return traffic has to pass through a bridge, and the member interface which receives the DHCP return traffic also has a dhclient instance running on it:

    [ 5 comments 1d14:33 ago ] (flat) (expanded)

    OpenBSD 6.0 to be released September 1, 2016
    Contributed by rueda on Mon Jul 25 10:08:16 2016 (GMT)
    from the now-we-are-6.0 dept.

    Theo de Raadt (deraadt@) has updated the (in-progress) OpenBSD 6.0 release page to indicate that release will occur earlier than is usual:

    CVSROOT:	/cvs
    Module name:	www
    Changes by:	2016/07/23 08:18:28
    Modified files:
    	.              : 60.html 
    Log message:
    the 6.0 release date will come as a surprise

    [ 4 comments 2d3:07 ago ] (flat) (expanded)

    usermount being removed from OpenBSD
    Contributed by rueda on Fri Jul 15 12:37:31 2016 (GMT)
    from the ain't-no-mountin' dept.

    The facility for allowing non-root users to mount file systems has been removed from OpenBSD-current due to security concerns.

    Specifically, the value of kern.usermount (as described in the mount(8) and sysctl(3) man pages) will be ignored in OpenBSD 6.0, and the kern.usermount system variable will be absent from later releases.

    Theo de Raadt (deraadt@) committed the change:

    CVSROOT:	/cvs
    Module name:	src
    Changes by:	2016/07/14 09:39:40
    Modified files:
    	sys/kern       : vfs_syscalls.c kern_sysctl.c 
    Log message:
    kern.usermount=1 is unsafe for everyone, since it allows any non-pledged
    program to call the mount/umount system calls.  There is no way any user
    can be expected to keep their system safe / reliable with this feature.
    Ignore setting to =1, and after release we'll delete the sysctl entirely.
    ok lots of people

    [ 13 comments 4d20:45 ago ] (flat) (expanded)

    Errata and patches released!
    Contributed by grey on Fri Jul 15 07:56:40 2016 (GMT)
    from the fuzz testers at work dept.

    Now would be a good time to check as a number of patches related to reliability and security have been released as follows.

    This appears to be in response to fuzz testing as documented further in this mailing list archive:

    Tim Newsham and Jesse Hertz of NCC Group appear to have done most of the research related to these discoveries so far, and I know at least one of them has had patches committed to the OpenBSD project in the past, so it is nice to see continual collaboration from professional researchers contributing back to project! Again, please check for links to source code patches to address these issues. Excerpted summaries of the issues discovered below:

    013: RELIABILITY FIX: July 14, 2016 All architectures Splicing sockets in a loop could cause a kernel spin.

    014: RELIABILITY FIX: July 14, 2016 All architectures Multiple processes exiting with a fd-passing control message on a shared socket could crash the system.

    015: RELIABILITY FIX: July 14, 2016 All architectures ufs_readdir failed to limit size of memory allocation, leading to panics.

    016: SECURITY FIX: July 14, 2016 All architectures The mmap extension __MAP_NOFAULT could overcommit resources and crash the system.

    017: RELIABILITY FIX: July 14, 2016 All architectures A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference.

    018: RELIABILITY FIX: July 14, 2016 All architectures Tick counting overflows could cause a kernel crash.

    019: RELIABILITY FIX: July 14, 2016 All architectures Invalid file descriptor use with kevent(2) could lead to a kernel crash.

    020: RELIABILITY FIX: July 14, 2016 All architectures Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic.

    [ 0 comments ] (flat) (expanded)

    mandoc-1.13.4 released
    Contributed by pitrh on Thu Jul 14 17:23:57 2016 (GMT)
    from the man up the man pages, dude dept.

    Ingo Schwarze wrote in about the new mandoc release,

    From: Ingo Schwarze <>
    Date: Thu, 14 Jul 2016 16:48:20 +0200
    Subject: mandoc-1.13.4 released


    mandoc = mdocml 1.13.4 is now publicly available from <>.

    After more than a year of development since 1.13.3, this is a regular maintenance release, fixing many bugs. This release contains almost the same mandoc code as the upcoming OpenBSD 6.0 release. Upgrading is recommended for all downstream projects.

    [ 0 comments ] (flat) (expanded)

    BSDCan 2016 Presentations Online
    Contributed by pitrh on Fri Jun 17 13:57:19 2016 (GMT)
    from the After the goat BOF dept.

    The BSDCan 2016 conference in Ottawa has just concluded, with a number of OpenBSD-themed talks. These are the talks by OpenBSD developers:

    Reyk Flöter: An OpenFlow implementation for OpenBSD - Introducing switchd(8) and more about SDN (slides)

    Henning Brauer: Running an ISP on OpenBSD - Why OpenBSD and several uncommon uses of it (slides)

    Peter Hessler: Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD. Or: A new protocol actually did improve our routing. (slides)

    Mike Belopuhov: Implementation of Xen PVHVM drivers in OpenBSD (slides)

    Antoine Jacoutot: OpenBSD rc.d(8) (slides)

    Sebastian Benoit: Opensource Routing - Running an enterprise network on OpenBSD (slides)

    In addition, two OpenBSD-centric tutorials were offered by people who are not themselves OpenBSD developers:

    Peter Hansteen: Building The Network You Need With PF, The OpenBSD Packet Filter (slides)

    Aaron Poffenberger: OpenSMTPD for the Real World (slides)

    [ 6 comments 38d21:02 ago ] (flat) (expanded)

    Understanding the modernization of the OpenBSD network stack, part 1: ART single thread performances
    Contributed by pitrh on Fri Jun 17 13:53:27 2016 (GMT)
    from the parallel bunches of tubes dept.

    Martin Pieuchot (mpi@) wrote in, saying

    OpenBSD network developers are doing some great work at modernizing and improving the network stack. But even if you're following tech@, it might be tricky to understand what's going on.

    [ 4 comments 34d16:41 ago ] (flat) (expanded)

    Support OpenBSD!

    Donate to OpenBSD

    Buy OpenBSD products


    We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

    Older Stuff
    Sunday, May 29
    15:41 ARMv7 now has a bootloader (0)
    Friday, May 27
    22:27 W^X now mandatory in OpenBSD (27)
    Wednesday, May 25
    13:34 Privilege Separation and Pledge (video) (3)
    Thursday, May 19
    11:27 p2k16 Hackathon Report: pirofti@ on octeon and TPM (1)
    Tuesday, May 17
    12:37 p2k16 Hackathon Report: jasper@ on gnome, puppet and more (1)
    Thursday, May 12
    03:28 SROP mitigation committed (3)
    Wednesday, May 11
    16:31 p2k16 Hackathon Report: krw@ on pdisk, softraid and more (1)
    Sunday, May 08
    14:09 p2k16 Hackathon Report: ajacoutot@ on Gnome, rc and rcctl improvements (2)
    Tuesday, May 03
    16:07 p2k16 Hackathon Report: naddy@ on graphics libs progress (yes, packages!) (1)

    Older Stuff...
    Yesterday's Edition...

    OpenBSD Errata

    OpenBSD Resources

    Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

    [ Home | Add Story | Archives | Polls | About ]

    Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]