OpenBSD Journal

Tartalom átvétel OpenBSD Journal
The OpenBSD Community.
Frissült: 1 hét 2 nap

OpenBSD has started a massive strip-down and cleanup of OpenSSL

k, 2014-04-15 11:29
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The denizens of lobste.rs (and no doubt you, eagle-eyed reader!) have made note of the ongoing rototilling of the OpenSSL code in OpenBSD, and Joshua Stein (jcs@) has chimed in with a quick breakdown of the action thus far:

Changes so far to OpenSSL 1.0.1g since the 11th include:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

To clarify, not all of the cryptographic engines were removed; the padlock and aesni engines are still in place.

As always, it's heartening to see a concentrated effort on such a critical software component.

Kategóriák: *BSD

OpenBSD Foundation Funding Goals Reached

cs, 2014-04-10 21:38
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) writes in to tell us that the OpenBSD Foundation 2014 fundrasing campaign has reached its goals:

The OpenBSD Foundation is happy to report that the $150,000 goal of the 2014 fundraising campaign has been reached.

We wish to thank our contributors large and small. We will continue our fundraising efforts both in the current year and next year. Read more...

Kategóriák: *BSD

heartbleed vs malloc.conf (updated)

cs, 2014-04-10 15:40
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Ted Unangst (tedu@) has posted an article about how OpenSSL has managed to sidestep OpenBSD's malloc.conf(3) protections: About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.

As they say, read the whole thing.

Update:
tedu@ has a follow up post in which he finds a particularly nasty bug in the code which sidesteps the malloc.conf options, which means that it cannot, unpatched, be disabled: Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug I’m about to describe can only exist and go unnoticed precisely because the freelist is LIFO.

As they say, read this other thing.

Kategóriák: *BSD

Patches for OpenSSL bounds checking bug

k, 2014-04-08 08:56
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches for the so called heartbleed OpenSSL bug have been released by the OpenBSD project for OpenBSD 5.3-stable, OpenBSD 5.4-stable and OpenBSD 5.5

In the short statement contained in the commit message, Theo de Raadt (deraadt@) noted that OpenSSH is unaffected.

Read more...

Kategóriák: *BSD

OpenBSD 5.5 preorders have been enabled

p, 2014-03-28 10:16
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

OpenBSD 5.5 preorders have been enabled on the ordering page.

With this commit, Theo de Raadt (deraadt@) enabled pre-orders for the upcoming release:

Module name: www Changes by: deraadt@cvs.openbsd.org 2014/03/26 20:09:10 Modified files: . : errata55.html index.html older.html orders.html Log message: activate 5.5 pre-orders; wonder which of the regulars win this time

Pre-orders tend to arrive early (before official release date), grab the chance to have early access! You won't be the winner if you just learned about it now, since at least one guy on misc@ has already beaten you to it :-)

Kategóriák: *BSD

Call for testing: acpiec(4) clear events on attach and resume

p, 2014-03-28 08:10
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Paul Irofti (pirofti@) wrote in about his ongoing effort to untangle acpiec events. Paul writes,

The following patch attempts to fix an issue where multiple ACPI EC events pile up during suspend and fill a buffer that upon resume prevent further event notifications.

The fix clears up the event queue early on during resume and also upon initial acpiec(4) attach.

And of course there's a patch to test - description and download link after the fold.

Read more...

Kategóriák: *BSD

Call for Testing: upd(4)

cs, 2014-03-20 12:51
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Andre de Oliveira (andre@) has committed the upd(4) driver, which detects uninterruptible power supplies (UPS) attached to USB, which will show up in the dmesg: uhidev0 at uhub1 port 1 configuration 1 interface 0 "American Power Conversion Back-UPS RS 500 FW:30.j5.I USB FW:j5" rev 1.10/0.06 addr 2 uhidev0: iclass 3/0, 98 report ids upd0 at uhidev0 Read more...

Kategóriák: *BSD

hp300, mvme68k, and mvme88k Arches Move to the Attic

sze, 2014-03-19 21:25

In a recent commit, miod@ removed support for some of the older platforms that were supported by OpenBSD: Retire hp300, mvme68k and mvme88k ports. These ports have no users, keeping this hardware alive is becoming increasingly difficult, and I should heed the message sent by the three disks which have died on me over the last few days. Noone sane will mourn these ports anyway. So long, and thanks for the fish.

Kategóriák: *BSD

Heads Up: Apache Removed from Base

p, 2014-03-14 11:01
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

In a series of commits, Florian Obser (florian@) has unhooked Apache from the OpenBSD base build. This means you need to pay special attention when upgrading your systems:

/usr/sbin/httpd and the associated tools and files have been removed. Consider using nginx(8) for your http serving needs, but note that nginx is not a drop-in replacement. For people who need the old httpd(8) and cannot switch at this time, see the port www/apache-httpd-openbsd. Read more...

Kategóriák: *BSD

OpenSMTPd Now the Default MTA in OpenBSD

cs, 2014-03-13 07:29
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After a long time spent in the shadow of Sendmail, OpenSMTPd is now the default MTA in OpenBSD:

CVSROOT: /cvs Module name: src Changes by: tedu@cvs.openbsd.org 2014/03/12 12:21:34 Modified files: etc : crontab mailer.conf rc.conf etc/mail : smtpd.conf Log message: switch over to smtpd by default. ok deraadt gilles todd

A great deal of thanks to the OpenSMPTd developers for their work in making this possible!

Kategóriák: *BSD

USB 3.0 support beginning to emerge for -current

k, 2014-03-11 10:12
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

USB 3.0 support is coming to OpenBSD-current. In a series of commits commit dated March 8 2014 ending with this one, Martin Pieuchot (mpi@) added the beginnings of USB 3.0 support:

Module name: src Changes by: mpi@cvs.openbsd.org 2014/03/08 07:34:12 Modified files: sys/conf : files sys/dev/pci : files.pci Added files: sys/dev/usb : xhci.c xhcireg.h xhcivar.h sys/dev/pci : xhci_pci.c Log message: Dumb xhci(4) implementation. Read more...

Kategóriák: *BSD

From the trenches: espie@ reports on recent experiments in package building

p, 2014-03-07 14:52
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

In a recent post to the ports mailing list titled "dpb fun", Marc Espie (espie@) reported on tests running the OpenBSD distributed ports builder on larger than usual hardware and improvements that sprang from the test:

So, I got access to a bunch of fast machines through Yandex. Big kudoes to them. It allowed me to continue working on dpb optimizations for fast clusters, after some tentalizing glimpse into big clusters I got a few months ago thanks to some experiment led by Florian Obser.

The rest of the post follows after the fold, this looks like exciting times are ahead.

Read more...

Kategóriák: *BSD

Slashdot Taking Questions for Interview with Theo de Raadt

sze, 2014-03-05 23:28
Slashdot is soliciting questions for an interview with Theo de Raadt (deraadt@). So if you've some question you'd like to see the man at the top of the dogpile answer, head on over and drop it in the box.
Kategóriák: *BSD

OpenSMTPD 5.4.2 Released

sze, 2014-03-05 18:48
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Gilles Chehade (gilles@) writes in to let us know about the latest official release of OpenSMTPD:

OpenSMTPD 5.4.2 has just been released.

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux.

The archives are now available from the main site at www.OpenSMTPD.org

The rest of the release announcement below the fold. Read more...

Kategóriák: *BSD

Xorg can now run without privilege on OpenBSD

szo, 2014-02-22 21:44
Matthieu Herrb summarizes:
In OpenBSD-current, after this commit users of Intel and ATI Radeon graphics which support kernel mode setting (almost all of them) can set machdep.allowaperture back to 0 in the /etc/sysctl.conf configuration and still run the X server.
Read more...
Kategóriák: *BSD

Autoinstall Video Demonstration

szo, 2014-02-22 21:11
As a followup to our earlier story about automated installations, Robert Peichaer (rpe@) wrote in with a video that demonstrates how the new autoinstall works.

To play the video, click here.

This awesomeness will be part of OpenBSD 5.5, to be released on May 1st, 2014!

Kategóriák: *BSD

Status of GNOME 3 on OpenBSD

sze, 2014-02-19 10:40
Antoine Jacoutot writes in with an update on the current status of Gnome 3 on OpenBSD:

It's been a while since I wanted to write something about the state of GNOME as a day-to-day Desktop on OpenBSD. It's no secret amongst OpenBSD people that the company I work for maintains (amongst other things) a park of a few thousand OpenBSD Desktops around the world. Read more...
Kategóriák: *BSD

n2k14 hackathon report: claudio@

p, 2014-02-14 09:35
Claudio Jeker writes in with his take on the n2k14 hackathon:
I started this year with some nice hiking in New Zealand just before the hackathon. Once I ended up in Dunedin at the University of Otago there were two main things I wanted to do. First of all there was a rather serious bug in the graceful reload handling of bgpd which caused stale routes to remain in the RIB and FIB resulting in bad routing decisions. Read more...
Kategóriák: *BSD

n2k14 hackathon report: dlg@ on locking, midlayers, and network drivers

cs, 2014-02-13 16:13
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } David Gwynne (dlg@) tells us why he travelled all the way from Australia to come to New Zealand: The only real plan I had made leading up to the hackathon was to to do my best to move our SMP support forward. Despite that, I got distracted pretty soon after I turned up because of a discussion with krw@ about leftover work we had after the big restructure of the SCSI midlayer. Read more...
Kategóriák: *BSD

n2k14 hackathon report: kettenis@ on DRM, multiprocessor scalability, and making dump(8) work again on sun4v

cs, 2014-02-13 09:11
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our next report is from Mark Ketennis (ketennis@), who built foundations for future work: After some excellent tramping on New Zealands South Island, I arrived in Dunedin without any traces of a jetlag. As usual I did have some vague plans.

I brought the ThinkPad T400 that somebody recently donated because it has both inteldrm(4) and radeondrm(4). And together with Jonathan Gray (jsg@) I did end up doing some code cleanups.

But most of the hackathon I spent working with David Gwynne (dlg@) on some small steps on the long road to making OpenBSD scalable on MP systems. Read more...

Kategóriák: *BSD