Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

Date: Wed, 15 Aug 2018 00:31:16 -0600
From: Theo de Raadt [elided]
To: tech@openbsd.org
Subject: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

These 3 issues all relate to a bug in Intel cpus

The cpu will speculatively honour invalid PTE against data in the
on-core L1 cache.  Memory disclosure occurs into the wrong context.

These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
are the currently public artifacts of this one bug.

[Dr.] Brian Callahan (bcallah@) recently live-streamed (at twitch.tv/NewAstroCity) an interactive OpenBSD Porting Workshop.

A recording of the workshop is now available.

In a series of commits, Todd Mortimer (mortimer@) has added RETGUARD for the arm64 platform.

We previously reported the addition of RETGUARD for amd64.

Bob Beck (beck@ when wearing OpenBSD-only hat) has written a tutorial on using libtls:

[…]

This tutorial is designed for people with some C experience on a POSIX, BSD like machine with the latest libtls installed. It focuses on changes that are necessary to make an existing program written in C that uses the POSIX sockets api to use TLS over those same connections.

[…]

Ingo Schwarze (schwarze@ when wearing OpenBSD-only hat) wrote in to let us know about the new release:

From: Ingo Schwarze [elided]
Date: Wed, 8 Aug 2018 22:21:13 +0200
To: discuss@mandoc.bsd.lv
Subject: mandoc-1.14.4 released

Hello,

after a full year of tranquil development, i just released mandoc-1.14.4.
This is a regular maintenance release.  As there are no major structural
changes, i expect it to be very stable, so all downstream systems are
encouraged to upgrade from any earlier version.

Patrick Wildt (patrick@) has been experimenting with small I2C and SPI-connected displays, and with this commit, it was enabled for armv7 and arm64 platforms as ssdfb(4) in -current.

For the g2k18 Ljubljana hackathon, i decided to try and get rid of as many small userland tasks as possible. Lots of them have been piling up over time.

In a message to tech@, Theo de Raadt (deraadt@) discusses the state of development of unveil(2) support in userland (and for a certain port):

A new g2k18 hackathon report has arrived, this time from Kenneth Westerback (krw@), who writes:

Other than missing a connection due to "seat maintenance" in YYZ, travel was uneventful. I arrived MUC (twelve hours late) and spent a week hacking with bluhm@ and mpi@ at Genua's Geekweek, to which bluhm@ had kindly arranged an invitation. I managed to start committing some disklabel(8) code refactoring otto@ and I have been discussing for a while. Mostly cleaning up partition offset and size rounding code. I also tightened up some dhcpd(8) man page ambiguity as requested by sthen@ and started by jmc@. I ok'ed a mpi@ fix for a dhclient(8) issue and reviewed and ok'ed various diffs from bluhm@.