OpenBSD Journal
Contributed by grey on from the In these days of WFH and VPN vendors dept.
OpenIKED 7.1 was released on May 23rd, 2022.
The complete release notes may be read here:
https://ftp.openbsd.org/pub/OpenBSD/OpenIKED/openiked-7.1-relnotes.txt
Contributed by grey on from the TLSten up! dept.
LibreSSL 3.5.3 was released on May 18th, 2022.
The release notes may be found here:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt
However, given the release notes are rather brief, they are quoted here in their entirety:
We have released LibreSSL 3.5.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following reliability fix:
* Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing
the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for
reporting the issue and testing the fix.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
Contributed by Peter N. M. Hansteen on from the all night long dept.
… how to add a 'night mode' to the OpenBSD framebuffer console to give the text a yellow tint for more comfortable night time viewing, along with quite a few other cosmetic tweaks such as adding support for strikethrough text and double underlining. The article explains how to dynamically adjust the colour pallette, add a new sysctl value, and add a new escape sequence to the console emulation code in the kernel.
Contributed by rueda on from the and-there-was-much-simultaneous-rejoicing dept.
Following much development and testing, parallel IP forwarding has been enabled in -current. The most recent of the relevant commits are:
and:CVSROOT: /cvs Module name: src Changes by: bluhm@cvs.openbsd.org 2022/04/30 15:13:57 Modified files: sys/net : if.c ifq.c Log message: Run IP input and forwarding with shared netlock. Also distribute packets from the interface receive rings into multiple net task queues. Note that we still have only one softnet task. So there will be no concurrency yet, but we can notice wrong exclusive lock assertions. Soon the final step will be to increase the NET_TASKQ define. lots of testing Hrvoje Popovski; OK sashan@
pkg_add(1) speedupContributed by rueda on from the cache-me-if-you-can dept.
In -current, the performance of
pkg_add(1)
has been greatly enhanced by the
enabling of caching by default:
CVSROOT: /cvs Module name: src Changes by: espie@cvs.openbsd.org 2022/04/29 04:44:05 Modified files: usr.sbin/pkg_add/OpenBSD: PackageLocation.pm usr.sbin/pkg_add/OpenBSD/PackageRepository: Cache.pm Installed.pm Log message: finally, turn on caching by default change the defines: TEST_CACHING -> !NO_CACHING TEST_CACHING_VERBOSE -> CACHING_VERBOSE TEST_CACHING_RECHECK -> CACHING_RECHECK okay with sthen@
Contributed by rueda on from the back-on-track dept.
syspatch71-001_wifi was somewhat broken (in terms of the housekeeping rather than the functionality of the patch).
On those systems to which the faulty patch was applied, some manual intervention is required. Instructions for this are now on the errata page.
Contributed by grey on from the Not many new features, but a lot of bug and compatibility fixes dept.
Hot on the heels of OpenBSD 7.1's release, LibreSSL has been updated to 3.5.2!
The complete release notes may be read here: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt
Contributed by Peter N. M. Hansteen on from the [northern] springtime for OpenBSD dept.
As usual, the release page lists the main highlights of the new release, which include
iwm(4) and
iwx(4)
have gained 80MHz channel support
[See earlier article].
mtw(4),
a driver for MediaTek MT7601U Wi-Fi devices, was added
[See earlier article].realpath(1)
has been added.httpd(8)
gained support for
customised error pages and
pre-compressed gzip files.hw.perfpolicy
is now set to auto by default at startup.igc(4),
a driver for Intel 2.5Gb Ethernet controllers, has been added.xterm(1).
Setting X resource
allowMouseOps
to true reinstates the earlier behaviour.ssh-agent
restriction [See earlier article].sftp(1)
client has gained a "cp" command that supports server-side copying
of files (using the new "copy-data" protocol extension)./etc/login.conf.d/${class},
and this is used by the ports system.clang-local(1),
this requires use of
clang(1)'s
-fsanitize-minimal-runtime
flag.The new release supports 13 distinct hardware platforms with thousands of prebuilt packages for all platforms.
If you want to delve further into the details before (or while, after) installing or upgrading to the new release, the detailed changelog has all the details. Those upgrading from the 7.0 release (or earlier) should consult the Upgrade Guide.
If you enjoy this release, please remember to donate to the project as a way of saying thanks to the developers for their work.
Contributed by Paul 'WEiRD' de Weerd on from the Dogs For Zorba dept.
Claudio Jeker (claudio@) has just announced the release of OpenBGPD 7.3. He writes:
We have released OpenBGPD 7.3, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* Macro expansion in the config file is improved. It is now possible
to expand 'set large-community $myAS:$location:$transit'.
* Add initial FIB support for Linux. Routes can be added and removed.
Nexthop tracking and dynamic interface detection are not yet implemented.
* Major refactoring in the RIB codebase to add multipath support in
an upcoming release.
OpenBGPD-portable is known to compile and run on FreeBSD, and
the Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.
We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.
Donate to OpenBSD
We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.
OpenBSD 7.1
| 005 | 2022-05-16 SECURITY Malicious PPPoE packets could corrupt kernel memory. |
| 004 | 2022-05-16 RELIABILITY libcrypto would incorrectly decode certain ASN.1 objects. |
| 003 | 2022-05-16 RELIABILITY The kernel could crash due to a race in kqueue. |
| 002 | 2022-05-05 RELIABILITY When using IPsec, the kernel could crash. |
| 001 | 2022-04-22 RELIABILITY Many wireless network drivers could not scan access points correctly. |
Users wishing RSS/RDF summary files of OpenBSD Journal
can retrieve:
Options are available.
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]