UDP input is about to become faster and parallel on OpenBSD. In a message to tech@ titled UDP parallel input, Alexander Bluhm (bluhm@) offers a diff that enables parallel UDP input for -current.
The message reads,
List: openbsd-tech
Subject: UDP parallel input
From: Alexander Bluhm <bluhm () openbsd ! org>
Date: 2024-07-23 13:40:21
Hi,
mvs@ has completed the final bits to make socket buffer MP safe for
UDP packets. This means that we can run UDP input on multiple
threads. Diff below activates this.
Contributed by
Cabal
on
from the fast pixels dept.
In this commit, Rafael Sadowski (rsadowski@) merged libva 2.22.0 into OpenBSD, enabling VA-API to accelerate video decoding and other hardware assisted operations:
Date: Sat, 13 Jul 2024 14:32:21 +0200
From: Alexandr Nedvedicky <sashan () fastmail ! net>
To: tech@openbsd.org
Subject: let's make pf(4) anchors and tables better friends
Hello,
the change presented in diff below allows user to define table
inside the anchor. Consider rules here:
Contributed by
Peter N. M. Hansteen
on
from the networking with puffy to the sixes dept.
Crystal Kolipe writes in about a new article posted by the crew at Exotic Silicon on fun things to do with OpenBSD --
Implementing a self-managed, dual-stacked VPN.
Today we're showing you how to use iked to tunnel both IPv4 as well as IPv6 to a remote server for a self-managed VPN. We're doing all this with utilities from the OpenBSD base system so the setup is nice and sleek, completely avoiding the need to install countless programs from ports.
Not only that, but we'll also show you how to isolate the VPN traffic in it's own routing domain so it can be used only when required, (or if you're really clever like us, you can even configure more than one simultaneously).
Of course, the setup supports inbound connections too, so you can run servers from diverse physical locations whilst using the inbound address space and connectivity of the datacentre. Stuck without IPv6 or inbound connectivity at home? Not anymore!
All this excitement and even more is right here waiting for you in setting up an IPv6 capable VPN. Read it today!
While we were busy with other things, Theo de Raadt (deraadt@) is continuing the work on bringing the clang option to clean return addresses off the stack, as reported upon earlier, to OpenBSD/arm64.
Theo posted an early version of the code to tech@, saying
List: openbsd-tech
Subject: arm64 -fret-clean attempt
From: "Theo de Raadt" <deraadt () openbsd ! org>
Date: 2024-07-02 5:50:45
I've been trying to write -fret-clean for arm64.
On a return-stack architecture like amd64, the callee has to clean up the
word on the stack upon return.
arm64, like some other risc architectures, is a link-register architecture.
In this case, the return address is saved in some temporary location by
the caller, who loads it into the link register before returning. Before
that moment, the caller has to clean it up.
Contributed by
Peter N. M. Hansteen
on
from the SSH! listen to the sound of bugs fixed dept.
In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.8:
OpenSSH 9.8 has just been released. This release includes a fix for a critical race condition in sshd that could be exploited for remote code execution so you should definitely patch or upgrade. It also contains a fix for a minor issue in ssh that saw the recently-added ObscureKeystrokeTiming feature work the opposite way as intended.
Friends, dhclient(8) in OpenBSD is no more, at least for those of us running -current.
For some of us it is basically in muscle memory to type doas dhclient $wifiinterface when visiting somewhere, but from this day forward we will rely on dhcpleased(8) to do its job, which in my own experience does admirably.
In this commit, Theo de Raadt (deraadt@), executed the removal.
We are constantly on the lookout for stories of how you put OpenBSD to work.
Please submit any informative articles on how OpenBSD is helping your company.
2024-04-08SECURITYFix multiple heap buffer overread and data leakage in the X11 server Xi extension and use after free in the Render extension. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083
2024-04-08SECURITYFix multiple heap buffer overread and data leakage in the X11 server Xi extension and use after free in the Render extension. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083
2024-02-13SECURITYDNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).