OpenBSD Journal

OpenBSD Journal

g2k18 hackathon report: Florian Obser on rtadvd(8) -> rad(8) progress (actually, rewrite)

Contributed by Peter N. M. Hansteen on from the sixing up the routes is totally rad dept.

Fresh from the just concluded hackathon in Ljubjlana comes our next report from Florian Obser (florian@) who writes:
Sometimes you have to roll the hard six.

I have been trying to bolt a standard OpenBSD parse.y based config file onto rtadvd(8) for about a year now. I could not do it. The code base is just too weird. There are other bugs lurking as well and I have a hard time fixing them.

Read more…

g2k18 hackathon report: Matthieu Herrb on font caches and xenodm

Contributed by Paul 'WEiRD' de Weerd on from the cache-this dept.

Next in from Ljubljana is Matthieu Herrb (matthieu@):

I spent the first day and a half chasing an issue that many people have been experiencing: the first X start after an install or upgrade from a snapshot was slow. The direct cause of this is well-known: it's the fontconfig library (used by all applications that do font rendering) that re-builds its font cache (~/.cache/fontconfig/) because of newly installed fonts.

Except that normally, OpenBSD X sets ship a pre-computed, system-wide cache (/var/cache/fontconfig/) that should avoid this. So what is the problem ?

Read more…

g2k18 hackathon report: Antoine Jacoutot on porting

Contributed by Paul 'WEiRD' de Weerd on from the super-valuable-grenouille dept.

Before winning the football world cup, the french were writing their hackathon reports. Here's the one from Antoine Jacoutot (ajacoutot@):

g2k18 was my third General Hackathon in Ljubljana, Slovenia. I love it there, it's a great place to host such an event: perfect location (city center), beautiful city, cheap yet very nice food etc.

My goal for the week was to remove a few items from my overgrowing TODO list.

Read more…

OpenBSD gains Wi-Fi "auto-join"

Contributed by rueda on from the puffy-on-the-go dept.

In a change which is bound to be welcomed widely, -current has gained "auto-join" for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:

CVSROOT:	/cvs
Module name:	src
Changes by:	phessler@cvs.openbsd.org	2018/07/11 14:18:09

Modified files:
	sbin/ifconfig  : ifconfig.8 ifconfig.c 
	sys/net80211   : ieee80211_ioctl.c ieee80211_ioctl.h 
	                 ieee80211_node.c ieee80211_node.h 
	                 ieee80211_var.h 

Log message:
Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Read more…

Fixing bufferbloat with PF and OpenBSD

Contributed by Janne Johansson on from the thinning the bloated puffer dept.

In this post, Paul Smith shows how to reduce buffer bloat and improve interactive traffic latencies.

Long time ago, Daniel Hartmeier wrote a nice piece on how to prioritize ACKs and small packets using ALTQ in PF to sustain download speeds on (mostly) assymetric links, but since then PF and queuing has undergone quite a few changes.

To see an example on how the new rulesets should look, and how to score more internet points on speed tests, head over to his article.

httpd(8) Gains Simple Request Rewrites

Contributed by rueda on from the and-there-was-much-rejoicing dept.

Reyk Floeter (reyk@) has committed support for simple request rewrites to httpd(8)/ httpd.conf(5) [in -current]:

CVSROOT:        /cvs
Module name:    src
Changes by:     r...@cvs.openbsd.org    2018/06/20 10:43:05

Modified files:
        usr.sbin/httpd : config.c httpd.conf.5 httpd.h parse.y 
                         server_http.c 

Log message:
Add support for simple one-off internal rewrites.

For example:

location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}

Requested by many.

Ok benno@

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.3

0112018-06-21 SECURITY Perl's Archive::Tar module could be made to write files outside of its working directory.
0102018-06-17 SECURITY Intel CPUs speculatively access FPU registers even when the FPU is disabled, so data (including AES keys) from previous contexts could be discovered if using the lazy-save approach.
0092018-06-14 SECURITY DSA and ECDSA signature generation can potentially leak secret information to a timing side-channel attack.
0082018-05-17 RELIABILITY A malicious packet can cause a kernel crash when using IPsec over IPv6.
0072018-05-08 RELIABILITY Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations from working.
0062018-05-08 RELIABILITY Incorrect handling of fragmented IPsec packets could result in a system crash.

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]