Timecounters available to userland in -current

Contributed by Janne Johansson on 2020-07-06 from the we're gonna party like its 199NaN dept.

In this commit, Paul Irofti (pirofti@) added support for reading timecounters in userland without making a syscall.

First powerpc64 snapshots available

Contributed by Paul 'WEiRD' de Weerd on 2020-07-06 from the powerpc64-to-the-people dept.

Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.

So, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.

2 comments (23:36 ago)

WireGuard imported into OpenBSD

Contributed by Janne Johansson on 2020-06-21 from the passive vpns with aggressive cryptos dept.

In the following commit (and a bunch of others), David Gwynne (dlg@) imported most of the code submitted recently by Jason A. Donenfeld and Matt Dunwoodie to allow you to use WireGuard natively on OpenBSD:

2 comments (23:34 ago)

Graphical view of the x86 OpenBSD boot process

Contributed by Janne Johansson on 2020-06-21 from the so detailed you might need to zoom in a lot dept.

Wesley Mouedine Assaby who runs the OpenBSD Jumpstart webpage with hints and tips for beginners about OpenBSD in general has produced a visualization of how PCs boot into OpenBSD.

1 comment (16d13:26 ago)

BSDCAN 2020 talk on Using OpenBGPd as a Control Plane for an ISP

Contributed by Tom Smyth on 2020-06-15 from the all routes nominal dept.

I presented a talk on how I used OpenBGPd as a control plane for my ISP. I cover areas such as Routing fundamentals, a lightning introduction to BGP. An interesting aspect of the design is how the OpenBSD / OpenBGPd is used to control the routing information in my ISP yet the forwarding of packets is offloaded to hardware Layer 3 switches. I also outline my favourite new feature of OpenBGPd max prefix out which I'm sure will save my blushes if/when I fat finger my Prefix filters (although if my hair cut is anything to go by it is clear I have no shame anyway!). You can check out the talk here! Tom would welcome comments and feedback on the talk. I hope the talk will help others in deploying OpenBGPd and OpenBSD in their networks.

I would also suggest that those interested in learning more about OpenBGPd check out Peter Hessler's Tutorial on OpenBGPd which served as an essential aid in getting comfortable in configuring BGP on OpenBSD / OpenBGPd. Peter usually runs the Tutorial in advance of BSD Conferences.

I would like to give a big shout out to the people who write the code in OpenBSD and OpenBGPd, and that your effort makes my life running my network and ISP easier.

A huge word of thanks is due to Dan Langielle and the BSDCAN2020 Volunteers who organised the virtual BSDCAN 2020 conference this year in quite difficult circumstances.

1 comment (2d5:17 ago)

DRM update committed

Contributed by Paul 'WEiRD' de Weerd on 2020-06-08 from the faster pixels dept.

Jonathan Gray (jsg@) has just committed an update to the DRM code to the tree. This update brings support for newer AMD and Intel graphics parts.

Date: Sun, 7 Jun 2020 22:48:16 -0600 (MDT)
From: Jonathan Gray <jsg@openbsd.org>
To: source-changes@openbsd.org
Subject: CVS: cvs.openbsd.org: src

CVSROOT:        /cvs
Module name:    src
Changes by:     jsg@cvs.openbsd.org     2020/06/07 22:48:16

Modified files:
        sys/arch/amd64/conf: Makefile.amd64
        sys/arch/arm64/conf: Makefile.arm64
        sys/arch/i386/conf: Makefile.i386
        ...

Log message:
update drm to linux 5.7

adds kernel support for
amdgpu:         vega20, raven2, renoir, navi10, navi14
inteldrm:       icelake, tigerlake

Thanks to the OpenBSD Foundation for sponsoring this work, kettenis@ for
helping, patrick@ for helping adapt rockchip drm and many developers for
testing.

As is clear from Jonathan's commit message, this work was sponsored by the OpenBSD Foundation - it shows how your financial support of the foundation can directly improve (in this case) hardware support. Many thanks to Jonathan for working on this.

4 comments (20d1:29 ago)

OpenBSD 6.7 and ffs2 FAQs

Contributed by rueda on 2020-05-28 from the filesystem-asked-questions dept.

Otto Moerbeek (otto@) posted to misc@ a useful summary of the state of play of FFS2 in the 6.7 release (and, to some extent, -current).

In his mail, Otto clarifies some things about the latest release:

In OpenBSD 6.7, ffs2 is the default for new filesystems during install (with some exceptions).
In OpenBSD 6.7, if you create a new filesystem manually (using newfs(8)) you will still get an FFS1 filesystem unless you force -O2 or if the filesystem will be larger than 1 TB.

10 comments (35d4:48 ago)

Installation images renamed from .fs to .img

Contributed by Paul 'WEiRD' de Weerd on 2020-05-18 from the imagine an image dept.

In a commit touching quite a few files, Theo recently renamed the installation images from installXX.fs to installXX.img:

Date: Sun, 17 May 2020 11:04:29 -0600 (MDT)
From: Theo de Raadt <deraadt@openbsd.org>
To: source-changes@openbsd.org
Subject: CVS: cvs.openbsd.org: src

CVSROOT:        /cvs
Module name:    src
Changes by:     deraadt@cvs.openbsd.org 2020/05/17 11:04:29

Modified files:
        distrib/alpha/miniroot: Makefile
        distrib/amd64/iso: Makefile
        ...
        bin/dd         : dd.1
        usr.sbin/ldomctl: ldomctl.8

Log message:
Change install images called *.fs to *.img.  These are UFS filesystem images,
but additionally have a bootblock in the first 8K (since UFS does not use that
space).  There are some UEFI direct-from-internet bootloaders that require
the name *.img.  So this makes things more convenient for those, while keeping
it consistant in all architectures.
ok kettenis beck kn

This means that with recent snapshots, you should use the .img file to prepare your installation medium, where you were previously using the .fs file. It also means that you can install 'direct-from-internet' on these fancy UEFI machines! Note that if you want to install the OpenBSD 6.7 release, you still need to use install67.fs.

No comments

OpenBSD 6.7 Released

Contributed by Peter N. M. Hansteen on 2020-05-04 from the eternal springtime for Puffy dept.

The OpenBSD project has released OpenBSD 6.7, marking the 48th release of our favorite operating system. The announcement message and the release page both have detailed information.

These are some highlights of the improvements in the present release:

For new installs on nearly all architectures the default file system is now FFS2, sporting 64-bit timestamps and block counters
There are numerous SMP improvements, including unlocking of several system calls
Hardware support in all architectures is much improved and expanded, with a number of new drivers including the iwx(4) driver for new Intel WiFi devices as well as significant expansion of arm64 and armv7 hardware support.
Enabled rpki-client(8), to support Origin Validation in BGP-speaking routers in the base install.
New versions of programs and subsystems maintained as part of OpenBSD but widely reused elsewhere:
- LibreSSL 3.1.1, which includes TLS 1.3 support enabled by default on the client side
- OpenSSH 8.3, which includes FIDO authenticator support [as reported previously]
- OpenSMTPD 6.7.0

See the release page and the daily changelog for a full list of changes since the previous release. Those upgrading from version 6.6 should read the Upgrade Guide.

Thanks to the developers for all the good work that goes into each release! To support further work on OpenBSD, please see the donations page for ways to contribute even if you can not offer up code yourself.

9 comments (47d6:49 ago)

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

Mon, May 18
- 06:37 First seed for OpenBSD/powerpc64 planted by kettenis@ (3)
Thu, May 14
- 13:06 Undeadly now also supports TLS 1.3 (2)
- 07:38 Using qemu guest agent on OpenBSD kvm/qemu guests (0)
Tue, May 12
- 08:00 WireGuard patchset for OpenBSD (1)
- 07:41 TLSv1.3 server code enabled in LibreSSL in -current (0)
Thu, Apr 30
- 06:35 Catch up 2020-04-30 (1)
Thu, Mar 26
- 08:36 Booting from an FFS2 filesystem (9)
Tue, Mar 24
- 16:26 Bob Beck Interview from EuroBSDCon 2018 (0)
Tue, Mar 03
- 09:43 p2k19 Hackathon Report: Rafael Sadowski on KDE+Qt5 progress, more (0)

OpenBSD Errata

OpenBSD 6.7

010	2020-06-11 RELIABILITY libcrypto may fail to build a valid certificate chain due to expired untrusted issuer certificates.
009	2020-06-08 RELIABILITY libc's resolver could get into a corrupted state.
008	2020-06-05 SECURITY Malicious HID descriptors could be misparsed.
007	2020-06-01 SECURITY Several problems in Perl's regular expression compiler could lead to corruption of the intermediate language state of a compiled regular expression.
006	2020-05-25 SECURITY Incorrect use of getpeername(2) storage for outgoing IPv6 connections corrupts stack memory. The nature of the corruption and existing mitigations appear to make this difficult to effectively target.
005	2020-05-22 SECURITY Specially crafted queries may crash unbound and unwind. Both can be tricked into amplifying an incoming query.

OpenBSD Resources

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve:

Options are available.

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]