OpenBSD Journal

OpenBSD Journal

Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022

Contributed by grey on from the Not in Ottawa? What even are space or time with Zoom? Why Zoom? dept.

Peter Hansteen, Massimiliano Stucchi and Tom Smyth gave a presentation on pf at BSDCan 2022. While a video recording from the event has yet to appear, the slides from their presentation may be viewed here:
https://home.nuug.no/~peter/pftutorial/

If you want to attend a session like this, the next chance is at EuroBSDCon in Vienna, September 15.

LibreSSL updated to 3.5.3

Contributed by grey on from the TLSten up! dept.

LibreSSL 3.5.3 was released on May 18th, 2022.

The release notes may be found here:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt

However, given the release notes are rather brief, they are quoted here in their entirety:

We have released LibreSSL 3.5.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

It includes the following reliability fix:

  * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing
    the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for
    reporting the issue and testing the fix.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Candlelit Console patch set to the framebuffer console

Contributed by Peter N. M. Hansteen on from the all night long dept.

Crystal Kolipe writes in about her work on the framebuffer console, and provides an article on

… how to add a 'night mode' to the OpenBSD framebuffer console to give the text a yellow tint for more comfortable night time viewing, along with quite a few other cosmetic tweaks such as adding support for strikethrough text and double underlining. The article explains how to dynamically adjust the colour pallette, add a new sysctl value, and add a new escape sequence to the console emulation code in the kernel.

Read more…

Parallel IP forwarding activated

Contributed by rueda on from the and-there-was-much-simultaneous-rejoicing dept.

Following much development and testing, parallel IP forwarding has been enabled in -current. The most recent of the relevant commits are:

CVSROOT:	/cvs
Module name:	src
Changes by:	bluhm@cvs.openbsd.org	2022/04/30 15:13:57

Modified files:
	sys/net        : if.c ifq.c 

Log message:
Run IP input and forwarding with shared netlock.  Also distribute
packets from the interface receive rings into multiple net task
queues.
Note that we still have only one softnet task.  So there will be
no concurrency yet, but we can notice wrong exclusive lock assertions.
Soon the final step will be to increase the NET_TASKQ define.
lots of testing Hrvoje Popovski; OK sashan@
and:

Read more…

pkg_add(1) speedup

Contributed by rueda on from the cache-me-if-you-can dept.

In -current, the performance of pkg_add(1) has been greatly enhanced by the enabling of caching by default:

CVSROOT:	/cvs
Module name:	src
Changes by:	espie@cvs.openbsd.org	2022/04/29 04:44:05

Modified files:
	usr.sbin/pkg_add/OpenBSD: PackageLocation.pm 
	usr.sbin/pkg_add/OpenBSD/PackageRepository: Cache.pm 
	                                            Installed.pm 

Log message:
finally, turn on caching by default

change the defines:
TEST_CACHING -> !NO_CACHING
TEST_CACHING_VERBOSE -> CACHING_VERBOSE
TEST_CACHING_RECHECK -> CACHING_RECHECK

okay with sthen@

syspatch71-001_wifi reissued

Contributed by rueda on from the back-on-track dept.

syspatch71-001_wifi was somewhat broken (in terms of the housekeeping rather than the functionality of the patch).

On those systems to which the faulty patch was applied, some manual intervention is required. Instructions for this are now on the errata page.

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.1

0052022-05-16 SECURITY Malicious PPPoE packets could corrupt kernel memory.
0042022-05-16 RELIABILITY libcrypto would incorrectly decode certain ASN.1 objects.
0032022-05-16 RELIABILITY The kernel could crash due to a race in kqueue.
0022022-05-05 RELIABILITY When using IPsec, the kernel could crash.
0012022-04-22 RELIABILITY Many wireless network drivers could not scan access points correctly.

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]