OpenBSD Journal

OpenBSD Journal

OpenBSD 6.8 Released

Contributed by Peter N. M. Hansteen on from the hacker people, fun and friends dept.

On its 25th birthday, the OpenBSD project has released OpenBSD 6.8, the 49th release.

The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:

Those upgrading from 6.7 should consult the Upgrade Guide.

Thanks to the developers for all the good work that went into this excellent new release!

While your install sets download or when your packages update, please take the time to look at and use one or more of the recommended ways to support the project, such as making a donation, buying T-shirts. Corporate entities may prefer sending some money in the direction of the OpenBSD Foundation, which is a Canadian non-profit corporation.

Cryptographic Signing using ssh-keygen(1) with a FIDO Authenticator

Contributed by rueda on from the token-effort dept.

Introduction

Hitherto, releases of the fwobac software (which underlies Undeadly) have been unsigned. This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature. As signing is being performed manually, why not employ an additional [hardware] factor?

signify(1) does not support the use of FIDO authenticators. However, recent versions of OpenSSH do support signing using the [under-appreciated] -Y sign option of ssh-keygen(1), and with the recent addition of FIDO authenticator support to OpenSSH [as reported previously], we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.

Read more…

RETGUARD for powerpc and powerpc64 added to -current

Contributed by rueda on from the guard the power dept.

Todd Mortimer (mortimer@) has committed RETGUARD (see previous coverage) for the macppc (powerpc) and powerpc64 platforms:

CVSROOT:	/cvs
Module name:	src
Changes by:	mortimer@cvs.openbsd.org	2020/10/12 08:52:09

Modified files:
	gnu/llvm/clang/lib/Driver/ToolChains: Clang.cpp 
	gnu/llvm/llvm/lib/Target/PowerPC: CMakeLists.txt 
	                                  PPCAsmPrinter.cpp 
	                                  PPCFrameLowering.cpp 
	                                  PPCFrameLowering.h 
	                                  PPCInstrInfo.td 
	gnu/usr.bin/clang/libLLVMPowerPCCodeGen: Makefile 
Added files:
	gnu/llvm/llvm/lib/Target/PowerPC: PPCReturnProtectorLowering.cpp 
	                                  PPCReturnProtectorLowering.h 

Log message:
Add RETGUARD implementation for powerpc and powerpc64.

ok deraadt@ kettenis@

See the Innovations page for the full list of platforms on which RETGUARD is implemented.

k2k20 hackathon report: Rafael Sadowski on KDE and other packages progress

Contributed by Peter N. M. Hansteen on from the the kode, it moves dept.

Fresh off the k2k20 hackathon, Rafael Sadowski (rsadowski@) writes in:

Due to the pandemic, this hackathon seemed to be called very spontaneously. Fortunately, the hackathon was over a weekend. This enabled me to attend without missing any professional obligations. On Friday morning, shortly after sunrise, I took the train to Bad Liebenzell. On the train I worked for my employer until I reached Karlsruhe at about 11am. I swapped my MacBook for my OpenBSD ThinkPad T470s.

Read more…

k2k20 hackathon report: Florian Obser on DNS

Contributed by Paul 'WEiRD' de Weerd on from the unwinding with ze germans dept.

The fourth report from k2k20 comes from Florian Obser (florian@), who worked mostly on DNS related things:

I spent the week before the hackathon with monitoring the current pandemic situation. Will ze germans let me in? Will I put people at risk? In the end it all looked OK-ish and I booked my train ticket a day before leaving. Time to pack!

My current bag of holding is an Osprey Talon 22 and it fits an X1, roost laptop stand, Microsoft sculpt keyboard, assorted cables, toiletry bag and clothing for 6 days. Yes, this includes fresh underwear and T-Shirts for every day.

Read more…

k2k20 hackathon report: Klemens Nanni on network land decluttering

Contributed by rueda on from the hotwired or notwired dept.

Our next k2k20 report comes from Klemens Nanni (kn@):

I'd been looking forward to k2k20 just like my other hackathon with its unique atmosphere where getting work done in fact means holiday hacking with friends.

There was nothing big on my list but it had already grown into a rich assortment of issues and itches to scratch - this usually aligns well with the release cycle since it means focusing on regression fixes and polish during the -beta phase until the tree gets locked for release.

Read more…

k2k20 hackathon report: Martijn van Duren on snmp, agentx, and other progress

Contributed by rueda on from the furthering agency dept.

The k2k20 hackathon concluded recently, and we are please to have received a report from Martijn van Duren (martijn@):

I came to k2k20 on my motorcycle with my mask, a small backpack and a stack of projects burning on my laptop to get pushed. After a long ride ending on the lovely winding roads of the black forest I arrived at Burg Liebenzell slightly past noon, where I was greeted by a collection of other OpenBSD developers who just came back from lunch. After checking in and a quick lunch of my own I joined the rest in the hackroom where everything was set up in a wide circle giving every table plenty of room for privilege separation^W^Wsocial distancing.

Read more…

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.8

None yet

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]