OpenBSD Journal

OpenBSD Journal

resolvd(8) - daemon to handle nameserver configuration

Contributed by rueda on from the where do names come from dept.

With the following commit, Florian Obser (florian@) imported resolvd(8), a daemon for handling nameserver configuration:

CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2021/02/24 11:10:41

Added files:
	sbin/resolvd   : Makefile resolvd.8 resolvd.c 

Log message:
Import resolvd(8), a daemon to rewrite resolv.conf.
prodding deraadt

Since the initial import, resolvd(8) has seen:

  1. some significant reworking
  2. improvements to the man page
  3. linking to the build

Read more…

OpenBSD booting multi-user on Apple M1

Contributed by rueda on from the seM1-opened dept.

Mark Kettenis (kettenis@) is teasing OpenBSD booting multi-user on Apple M1 hardware:

So OpenBSD boots multi-user on the new Apple M1 hardware.  This still
has some hacks in it that need to be fixed, so don't expect support
for this in the tree right now.  But a big thank you to those that
contributed to the pool for getting us some hardware.

[…]

See the full post for the dmesg.

Congratulations to all those involved!

Catchup 2021-02-13

Contributed by rueda on from the Puffyish kernel churn dept.

Recent noteworthy things commited to -current and not previously reported include:

  • [2021-01-26] Patrick Wildt (patrick@) continues work [with help from Mark Kettenis (kettenis@)] on supporting the Apple M1.
  • [2021-02-06] Solène Rapenne (solene@) blogged about using 2FA with TOTP.
  • [2021-02-08] Stefan Sperling (stsp@) added a RAID1C (raid1 + crypto) softraid(8) discipline.
  • [2021-02-09] Patrick Wildt (patrick@) added lldb(1) (for amd64 and arm64 platforms).
  • [2021-02-09] maxburst feature removed from tcp_output by Jan Klemkov (jan@)
    [2021-02-09] PF_LOCK() activated by Patrick Wildt (patrick@)
    [2021-02-10] Vitaliy Makkoveev (mvs@) moved UNIX domain sockets out of the kernel lock
  • [2021-02-11] Jonathan Gray (jsg@) upgraded libdrm to version 2.4.104, with changes to the relevant devices (see FAQ).
  • [2021-02-12] Otto Moerbeek (otto@) has requested testing/review of a patch enhancing malloc(3) "junking".

All in all, this looks promising for the upcoming OpenBSD 6.9 release!

BREAKING pf(4) change: change route-to so it sends packets to IPs instead of interfaces.

Contributed by Peter N. M. Hansteen on from the route me up before you go-go dept.

Does your pf configuration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.

CVSROOT:	/cvs
Module name:	src
Changes by:	dlg@cvs.openbsd.org	2021/01/31 17:31:05

Modified files:
	sbin/pfctl     : parse.y pfctl_parser.c 
	share/man/man5 : pf.conf.5 
	sys/net        : if_pfsync.c pf.c pfvar.h 

Log message:
change route-to so it sends packets to IPs instead of interfaces.

this is a significant (and breaking) reworking of the policy based
routing that pf can do. the intention is to make it as easy as
nat/rdr to use, and more robust when it's operating.

This change is intended to make configuration and maintenance easier, but it runs a high risk of breaking existing configurations. Read on for the rest of David's commit message, with some background.

Read more…

OpenBSD KDE Status Report

Contributed by Rafael Sadowski on from the Vitamin K injections dept.

OpenBSD has managed to drop KDE3 and KDE4 in the 6.8 -> 6.9 release cycle. That makes me very happy because it was a big piece of work and long discussions. This of course brings questions: Kde Plasma 5 package missing.

After half a year of work, I managed to successfully update the Qt5 stack to the last LTS version 5.15.2. On the whole, the most work was updating QtWebengine. What a monster! With my CPU power at home, I can build it 1-2 times a day which makes testing a little bit annoying and time intensive.

But today we can be happy about an up-to-date KDE stack in OpenBSD. Currently - at the end of January - our stack is very up-to-date:

  • Qt 5.15.2
  • Qt Creator 4.14.0
  • KDE Frameworks 5.78.0
  • KDE Applications 20.12.1 (Almost everything!)
  • Kdevelop 5.6.1
  • Krita 4.4.2
  • KMyMoney 5.1.1
  • DigiKam 7.1.0

I try to keep KDE Applications 20.12.x stable until the 6.9 release.

Let's move on to the topic of KDE Plasma. The Plasma desktop and some other KDE applications have a strong dependence on Wayland. As long as there is no Wayland under OpenBSD, there will also be no KDE Plasma.

It can be observed that more and more KDE applications already prefer a strong dependency on Wayland. For example Spectacle.

In summary, no OpenBSD Wayland support, no KDE Plasma, and probably less and less KDE applications.

ujoy(4) added to -current

Contributed by rueda on from the the-joy-of-openbsd dept.

With the following commit, Thomas Frohwein (thfr@) added a joystick/gamecontroller driver to -current:

CVSROOT:	/cvs
Module name:	src
Changes by:	thfr@cvs.openbsd.org	2021/01/22 22:08:36

Modified files:
	etc            : MAKEDEV.common 
	etc/etc.alpha  : MAKEDEV.md 
	etc/etc.amd64  : MAKEDEV.md 
[…]
	sys/dev/usb    : files.usb uhid.c uhid.h 
	sys/sys        : conf.h 
Added files:
	share/man/man4 : ujoy.4 
	sys/dev/usb    : ujoy.c 

Log message:
introduce ujoy(4), a restricted subset of uhid(4) for gamecontrollers.
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.

input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@

Read more…

Block spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!

Contributed by Özgür Kazanççı & Jordan Geoghegan on from the blackhole-diversion-joy dept.

Introduction

Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.

It's compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.

Read more…

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.8

0142021-02-24 SECURITY A sequence of overlapping IPv4 fragments could crash the kernel in pf due to an assertion.
0132021-02-03 RELIABILITY Various interoperability issues and memory leaks were discovered in libcrypto and libssl.
0122021-01-13 RELIABILITY Use of bpf(4) on a carp interface could result in a use after free
0112021-01-11 RELIABILITY When an NDP entry is invalidated the associated layer 2 address is not invalidated.
0102020-12-24 RELIABILITY smtpd's filter state machine can prematurely release resources leading to a crash.
0092020-12-08 RELIABILITY Process exit in multithreaded programs could result in the wrong exit code being reported.

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]