Support for UDP parallel input [on which we reported previously] has been committed to -current by Alexander Bluhm (bluhm@):

CVSROOT:	/cvs
Module name:	src
Changes by:	bluhm@cvs.openbsd.org	2024/07/26 08:38:20

Modified files:
	sys/netinet    : in_proto.c 
	sys/netinet6   : in6_proto.c 

Log message:
Run UDP input on multiple CPU in parallel.

UDP input is about to become faster and parallel on OpenBSD. In a message to tech@ titled UDP parallel input, Alexander Bluhm (bluhm@) offers a diff that enables parallel UDP input for -current.

The message reads,

List:       openbsd-tech
Subject:    UDP parallel input
From:       Alexander Bluhm <bluhm () openbsd ! org>
Date:       2024-07-23 13:40:21

Hi,

mvs@ has completed the final bits to make socket buffer MP safe for
UDP packets.  This means that we can run UDP input on multiple
threads.  Diff below activates this.

In this commit, Rafael Sadowski (rsadowski@) merged libva 2.22.0 into OpenBSD, enabling VA-API to accelerate video decoding and other hardware assisted operations:

In a recent post to tech@ titled let's make pf(4) anchors and tables better friends (possibly originating at the ongoing hackathon) Alexandr Nedvedicky (sashan@) introduced code to enable creating local tables inside anchors in pf(4) rulesets:

Date: Sat, 13 Jul 2024 14:32:21 +0200
From: Alexandr Nedvedicky <sashan () fastmail ! net>
To: tech@openbsd.org
Subject: let's make pf(4) anchors and tables better friends

Hello,

the change presented in diff below allows user to define table
inside the anchor. Consider rules here:

Version 0.101 of Game of Trees has been released (and the port updated).

* got 0.101; 2024-07-11
  see git repository history for per-change authorship information

Crystal Kolipe writes in about a new article posted by the crew at Exotic Silicon on fun things to do with OpenBSD --

Implementing a self-managed, dual-stacked VPN.

Today we're showing you how to use iked to tunnel both IPv4 as well as IPv6 to a remote server for a self-managed VPN. We're doing all this with utilities from the OpenBSD base system so the setup is nice and sleek, completely avoiding the need to install countless programs from ports.

Not only that, but we'll also show you how to isolate the VPN traffic in it's own routing domain so it can be used only when required, (or if you're really clever like us, you can even configure more than one simultaneously).

Of course, the setup supports inbound connections too, so you can run servers from diverse physical locations whilst using the inbound address space and connectivity of the datacentre. Stuck without IPv6 or inbound connectivity at home? Not anymore! All this excitement and even more is right here waiting for you in setting up an IPv6 capable VPN. Read it today!

While we were busy with other things, Theo de Raadt (deraadt@) is continuing the work on bringing the clang option to clean return addresses off the stack, as reported upon earlier, to OpenBSD/arm64.

Theo posted an early version of the code to tech@, saying

List:       openbsd-tech
Subject:    arm64 -fret-clean attempt
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2024-07-02 5:50:45

I've been trying to write -fret-clean for arm64.

On a return-stack architecture like amd64, the callee has to clean up the
word on the stack upon return.

arm64, like some other risc architectures, is a link-register architecture.
In this case, the return address is saved in some temporary location by
the caller, who loads it into the link register before returning.  Before
that moment, the caller has to clean it up.

In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.8:

OpenSSH 9.8 has just been released. This release includes a fix for a critical race condition in sshd that could be exploited for remote code execution so you should definitely patch or upgrade. It also contains a fix for a minor issue in ssh that saw the recently-added ObscureKeystrokeTiming feature work the opposite way as intended.

There are some new features too. Please see the release notes at https://openssh.com/releasenotes.html for more details

Friends, dhclient(8) in OpenBSD is no more, at least for those of us running -current.

For some of us it is basically in muscle memory to type doas dhclient $wifiinterface when visiting somewhere, but from this day forward we will rely on dhcpleased(8) to do its job, which in my own experience does admirably.

In this commit, Theo de Raadt (deraadt@), executed the removal.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2024-06-30 17:30:54

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2024/06/30 11:30:54

Modified files:
	distrib/sets/lists/base: mi 
	distrib/sets/lists/man: mi 
	etc            : Makefile 
	sbin           : Makefile 
Removed files:
	etc/examples   : dhclient.conf 
	sbin/dhclient  : Makefile bpf.c clparse.c conflex.c dhclient.8 
	                 dhclient.c dhclient.conf.5 dhclient.leases.5 
	                 dhcp.h dhcpd.h dhctoken.h dispatch.c kroute.c 
	                 log.c log.h options.c packet.c parse.c 
	                 privsep.c privsep.h