"As seen here, PF is now enabled by default. The default pf.conf will now pass in all traffic, except for TCP port 6000 normally used by remote-X11. By having the X server still listen on port 6000 but let PF block incoming packets that aren't coming from localhost you can still use local X sessions that needs to talk to the TCP port or runs through a port forward from remote, but at the same time don't expose your machine on the network. Recent changes to PF, like having packet reassembly enabled on all packets by default, will now help clean incoming traffic."
The OpenBSD team has released OpenBSD 4.5. There have been lots of changes and bug fixes, but it's a rather daunting list that doesn't really lend itself towards a summary (hint), but I guess if you use OpenBSD you are perfectly capable of figuring this out yourself. You can get the new release from the download page.
O'Reilly interviewed 27 OpenBSD developers to present the new release. They discussed buffer cache improvements, the new malloc(), the work to make the math library more C99 compliant, what is new in the SCSI area, crypto support for softraid, a lot of fundamental work happened in PF, a new tool to merge configuration files during upgrades, the status of OpenCVS, some cool features of OpenSSH 5.1, the initial support for USB webcams, the never-ending work on improving and extending the sensors framework, and more.
The OpenBSD team has released OpenBSD 4.4. "As in our previous releases, 4.4 provides significant improvements, including new features, in nearly all areas of the system." Information on how you can obtain OpenBSD can be found on the OpenBSD website.
Theo de Raadt has lifted the veil off OpenBSD 4.3. "We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Boasting as always, but when it's justified, arrogance is a virtue.
Richard Stallman sent a message to OpenBSD-Misc, explaining why he doesn't recommend OpenBSD. "From what I have heard, OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public." His mail started a huge thread (that's just page 1) and since then he's under a blast of messages from Theo de Raadt and the OpenBSD users. De Raadt replied: "Richard, you are wrong. You said very clearly in your interview that the ports tree contains non-free software. It does not. It is just a scaffold of Makefiles containing URLs, and an occasional patch here or there. You are just plain wrong. And you are not enough of a man to admit that you are wrong. I may be unfriendly at times, but you are a power-misusing hypocritical liar who attacks projects that try harder than any others to only make free software available. Shame on you."
"After seeing Miod Vallat's commit to source-changes@ today, I thought it'd be nice to ask Miod a few questions about mvme88k and the work he did to enable multiprocessor support for the architecture (more information about this hardware platform is available the OpenBSD mvme88k page)."
OpenBSD 4.2 has been released. "We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Update: A what's new article at ONLamp.
A thread on the OpenBSD -misc mailing list began by discussing whether or not XEN had been ported to OpenBSD, "is it planned at some point to release a paravirtualized xen kernel for OpenBSD 4.3 or 4.4?" Later in the discussion it was suggested that virtualization should be a priority for security reasons, "virtualization seems to have a lot of security benefits." OpenBSD creator Theo de Raadt strongly disagreed with this assertion, "you've been smoking something really mind altering, and I think you should share it."
"A few weeks ago, the OpenBSD Project announced that the Portable C Compiler had been added to the OpenBSD source tree. There has already been some explanation of why the traditional GNU Compiler Collection is troublesome and why a new compiler is needed, but there are still some details left uncovered. In this interview, Theo de Raadt and Otto Moerbeek of the OpenBSD Project offer more information about PCC and GCC and where they are headed within the project."
"Yesterday the OpenBSD Foundation announced its inception as a legal entity in charge of donations of money and equipment for the OpenBSD operating system and its associated projects. Today we have an interview with Ken Westerback, one of the foundation's founding members."
"The OpenBSD Foundation is pleased to announce today it has completed its organization as a Canadian federal non-profit corporation and is ready for public interaction. The OpenBSD Foundation has been formed for the purpose of supporting the OpenBSD project, and related projects such as OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. In particular it will act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD in any way."
"If you're a software enthusiast who has never used OpenBSD before, you might enjoy installing it by yourself and figuring it out as you go. If, however, you're looking for a more practical approach to using OpenBSD 4.1 on a desktop or server machine, here's a quick guide to get you started in this spectacular operating system."
"OpenBSD 4.1 has just been released. Federico Biancuzzi interviewed several developers to discuss some of the new features for networking, active porting efforts (landisk and UltraSPARC III), work on SMP, and the improvements in spam fighting." More here.
OpenBSD 4.1 has been released. "We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system."
"I, Michael Buesch, am one of the maintainers of the GPL'd Linux wireless LAN driver for the Broadcom chip (bcm43xx). The Copyright holders of bcm43xx (which includes me) want to talk to you, OpenBSD bcw developers, about possible GPL license and therefore copyright violations in your bcw driver. We believe that you might have directly copied code out of bcm43xx (licensed under GPL v2), without our explicit permission, into bcw (licensed under BSD license)." The entire thread can be found here.
"Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well-documented, it is not always suitable for certain systems that do not have the OpenBSD compiler set installed for various reasons such as disk space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."
As recently reported on OpenBSD's errata page, a problem in the mbuf handling of IPv6 has been elevated to a security issue. This means that OpenBSD now has two remote exploits in 10 years, as already reflected on the OpenBSD Homepage. Theo advises to to update the system (or to block IPv6 using PF as a workaround).
Greg Kroah-Hartman's announcement for free Linux driver development included the necesssary legal framework to honor NDAs when creating GPL'd drivers. This allowance was discussed on the OpenBSD -misc mailing list. In a public exchange with Greg KH, Stephan Rickauer said: "Now these companies have a great excuse to keep specs locked up tight under NDA, while pretending to be 'open'. The OpenBSD project has made clear more than once how this will hurt Free Software in the long run. Signing NDA's ensures that Linux gets a working driver, sure, but the internals are indistinguishable from magic. It is a source code version of a blob." OpenBSD founder Theo de Raadt called the free driver effort a farce, "you are trying to make sure that maintainers of code - i.e. any random joe who wants to improve the code in the future - has less access to docs later on because someone signed an NDA to write it in the first place. You are making a very big mistake."
"We are pleased to announce the official release of OpenBSD 4.0. This is our 20th release on CD-ROM (and 21st via FTP). We remain proud of OpenBSD's record of ten years with only a single remote hole in the default install. As in our previous releases, 4.0 provides significant improvements, including new features, in nearly all areas of the system." More here. Update: First review here.