114 min listen
296: It’s Alive: OpenBSD 6.5
FromBSD Now
ratings:
Length:
62 minutes
Released:
May 3, 2019
Format:
Podcast episode
Description
OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode.
Headlines
OpenBSD 6.5 Released
Changelog
Mirrors
6.5 Includes
OpenSMTPD 6.5.0
LibreSSL 2.9.1
OpenSSH 8.0
Mandoc 1.14.5
Xenocara
LLVM/Clang 7.0.1 (+ patches)
GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Many pre-built packages for each architecture:
aarch64: 9654
amd64: 10602
i386: 10535
Mount your ZFS datasets anywhere you want
ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.
When you create zpool maintank, the default mountpoint is /maintank.
You might be happy with that, but you don’t have to be content. You can do magical things.
Some highlights are:
mount point can be inherited
not all filesystems in a zpool need to be mounted
each filesystem (directory) can have different ZFS characteristics
In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.
News Roundup
Branch for netbsd 9 upcoming, please help and test -current
Folks,
once again we are quite late for branching the next NetBSD release (NetBSD 9).
Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.
On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.
On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:
please test -current, on all the various machines you have
especially interesting would be test results from uncommon architectures
or strange combinations (like the sparc userland on sparc64 kernel issue
I ran in yesterday)
Please test, report success, and file PRs for failures!
We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.
We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.
Our goal is to have an unprecedented short release cycle this time. But..
we always say that upfront.
LibreSSL 2.9.1 Released
We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable release
from the 2.9 series, which is also included with OpenBSD 6.5
It includes the following changes and improvements from LibreSSL 2.8.x:
API and Documentation Enhancements
CRYPTO_LOCK is now automatically initialized, with the legacy
callbacks stubbed for compatibility.
Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.
Added more OPENSSLNO* macros for compatibility with OpenSSL.
Partial port of the OpenSSL ECKEYMETHOD API for use by OpenSSH.
Implemented further missing OpenSSL 1.1 API.
Added support for XChaCha20 and XChaCha20-Poly1305.
Added support for AES key wrap constructions via the EVP interface.
Compatibility Changes
Added pbkdf2 key derivation support to openssl(1) enc.
Changed the default digest type of openssl(1) enc to sha256.
Changed the default digest type of openssl(1) dgst to sha256.
Changed the default digest type of openssl(1) x509 -fingerprint to sha256.
Changed the default digest type of openssl(1) crl -fingerprint to sha
Headlines
OpenBSD 6.5 Released
Changelog
Mirrors
6.5 Includes
OpenSMTPD 6.5.0
LibreSSL 2.9.1
OpenSSH 8.0
Mandoc 1.14.5
Xenocara
LLVM/Clang 7.0.1 (+ patches)
GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Many pre-built packages for each architecture:
aarch64: 9654
amd64: 10602
i386: 10535
Mount your ZFS datasets anywhere you want
ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility.
When you create zpool maintank, the default mountpoint is /maintank.
You might be happy with that, but you don’t have to be content. You can do magical things.
Some highlights are:
mount point can be inherited
not all filesystems in a zpool need to be mounted
each filesystem (directory) can have different ZFS characteristics
In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.
News Roundup
Branch for netbsd 9 upcoming, please help and test -current
Folks,
once again we are quite late for branching the next NetBSD release (NetBSD 9).
Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that.
On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later.
On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:
please test -current, on all the various machines you have
especially interesting would be test results from uncommon architectures
or strange combinations (like the sparc userland on sparc64 kernel issue
I ran in yesterday)
Please test, report success, and file PRs for failures!
We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may.
We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go.
Our goal is to have an unprecedented short release cycle this time. But..
we always say that upfront.
LibreSSL 2.9.1 Released
We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable release
from the 2.9 series, which is also included with OpenBSD 6.5
It includes the following changes and improvements from LibreSSL 2.8.x:
API and Documentation Enhancements
CRYPTO_LOCK is now automatically initialized, with the legacy
callbacks stubbed for compatibility.
Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.
Added more OPENSSLNO* macros for compatibility with OpenSSL.
Partial port of the OpenSSL ECKEYMETHOD API for use by OpenSSH.
Implemented further missing OpenSSL 1.1 API.
Added support for XChaCha20 and XChaCha20-Poly1305.
Added support for AES key wrap constructions via the EVP interface.
Compatibility Changes
Added pbkdf2 key derivation support to openssl(1) enc.
Changed the default digest type of openssl(1) enc to sha256.
Changed the default digest type of openssl(1) dgst to sha256.
Changed the default digest type of openssl(1) x509 -fingerprint to sha256.
Changed the default digest type of openssl(1) crl -fingerprint to sha
Released:
May 3, 2019
Format:
Podcast episode
Titles in the series (100)
1: BGP & BSD: We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists! by BSD Now