OpenBSD Journal

Tartalom átvétel OpenBSD Journal
The OpenBSD Community.
Frissült: 50 perc 36 másodperc

OpenNTPD 5.7p4 released

sze, 2015-03-25 20:12
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The OpenNTPD team has announced the availability of OpenNTPD 5.7p4, which adds

support for using HTTPS time constraints to validate NTP responses, in turn made possible by the LibreSSL supplied libtls

plus a number of important bug fixes.

You'll find the full text of the announcement after the fold:

Read more...

Kategóriák: *BSD

SSH Protocol 1 Now Disabled at Compile Time

k, 2015-03-24 18:34
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

As Damien Miller (djm@) announced on tech@, support for SSH version 1 is now no longer being included in OpenBSD SSH:

Hi,

I just committed a change to src/usr.bin/ssh/Makefile.inc to compile- time disable SSH protocol 1. This protocol is old, unsafe and really, really shouldn't be used at all any more.

If you have need of it, then you can re-enable it for yourself using the knob in Makefile.inc.

If you run into bugs related to this change, please tell openssh@openssh.com and we'll fix them quickly. We're deliberately doing this change early in the release cycle to flush out bugs and find out how many people are still using this terrible old protocol.

-d

Like the man says, report any bugs found! And this might be a good time to offer the hand of friendship and understanding to any and all vendors/packagers who still support v1 to join the rest of us in deprecating the lesser protocols.

Kategóriák: *BSD

Donation request for network SMP development

p, 2015-03-20 22:38
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Martin Pieuchot (mpi@) writes in about what's needed for further SMP improvements in the network stack:

If you've been following my contributions to OpenBSD's kernel, you already know that in the past years I've been working on the Network Stack to make it more SMP friendly.

All the network hackers present at s2k15 agreed to volunteer me to work on the next step: properly integrate the pseudo-drivers (carp(4), vlan(4), trunk(4)...) in order to take ether_input() out of the kernel lock. Read more...

Kategóriák: *BSD

OpenSSH 6.8 Released

p, 2015-03-20 15:07
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } This week has been full of other exciting news, so it may have been easy to miss that the OpenSSH team has released OpenSSH 6.8. The new release is billed as

This is a major release, containing a number of new features as well as a large internal re-factoring.

This is the OpenSSH version that will be in OpenBSD 5.7, with lots of goodies as well as some potentially backward-incompatible features. The full announcement is at http://www.openssh.com/txt/release-6.8, or look after the fold.

Read more...

Kategóriák: *BSD

OpenSSL 2015-03-19 Security Advisories - LibreSSL Largely Unaffected

cs, 2015-03-19 17:05
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The response to today's much-anticipated unveiling of newly discovered OpenSSL vulnerabilities has been varied and loud as expected. However, the impact on the OpenBSD-initated LibreSSL project's code -- which has undergone extensive cleanup since LibreSSL forked off OpenSSL's code base in 2014 -- appears to be limited. Out of a total of 13 CVEs in OpenSSL's announcement, only five - CVE-2015-0207, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289 and CVE-2015-0209, still applied to LibreSSL's code.

The main takeaway from the announcement appears to be that the cleanup has been effective, however these 'crash-inducing' issues have now been fixed in LibreSSL:

CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences

The OpenSSL project provided information and patches to the LibreSSL project in advance of the announcements.

More, including information about OpenBSD 5.7, 5.6 and 5.5, after the fold.

Read more...

Kategóriák: *BSD

EuroBSDCon 2015 Call for Papers Is Out

sze, 2015-03-18 15:32
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The EuroBSDCon 2015 conference organizers have announced the Call for Papers for the upcoming conference in Stockholm, Sweden.

Go to https://2015.eurobsdcon.org/call-for-papers/ for details; the full text of the announcement also follows after the fold.

Read more...

Kategóriák: *BSD

libXfont Errata

sze, 2015-03-18 10:51
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches are now available to fix buffer overflows in libXfont. This issue affects 5.5, 5.6, and the forthcoming 5.7 release.

For more details, refer to the X.org advisory:
http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/

5.5 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/023_libxfont.patch.sig

5.6 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig Read more...

Kategóriák: *BSD

LibreSSL 2.1.5 Released

k, 2015-03-17 18:04
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The LibreSSL team has released LibreSSL 2.1.5, which the team characterizes as

relatively small, focused on bug fixes before 2.2.x development begins along-side OpenBSD 5.8.

In what could be a useful test of the LibreSSL project's code cleanup operation, the team notes that

This or earlier LibreSSL releases may also address issues that are to be revealed by The OpenSSL Project Team on the 19th of March, 2015.

The LibreSSL team is not typically apprised of OpenSSL-related security issues in advance. We will address any previously-unknown issues that are found to affect LibreSSL in future releases.

You can read the full announcement here, and it also follows in full after the fold.

UPDATE 2015-03-17 16:20 CET: Bob Beck (beck@) now reports that the OpenSSL project has communicated details of the still-embargoed OpenSSL vulnerabilities to LibreSSL core developers.

Read more...

Kategóriák: *BSD

OpenBSD @ AsiaBSDCon: httpd, PIE, and more

v, 2015-03-15 21:30
Slides from the AsiaBSDCon 2015 presentations are expected to appear on the OpenBSD web site (specifically the Presentations and Papers) page.

The first presentation to appear there was Reyk Floeter's OpenBSD's new httpd (slides), also with a paper version.

Other developers have been quite punctual too, publishing their presentations soon after their sessions at the conference:

Peter Hessler: The results of using BGP for realtime import and export of spam whitelist/blacklist entries
Ted Unangst: Pruning and Polishing: Keeping OpenBSD Modern
Henning Brauer: OpenBSD sucks
Pascal Stumpf: Converting OpenBSD to PIE (slides) plus paper

And finally, the OpenBSD Update from the work in progress session, given by Henning Brauer.

Kategóriák: *BSD

OpenBSD 5.7 Preorders Started

p, 2015-03-13 09:30
Yes, you read that right!

Preorders of the upcoming OpenBSD 5.7 release have been enabled at the OpenBSD Store (based in the UK, ships worldwide).

The OpenBSD 5.7 release page is filling out nicely as we speak, and you can look up further details of what you have in store come May 1st by taking a peek at the detailed changelog page.

Now don't just stand there! Go ahead, order a CD set (or a few), or if you'll be downloading anyway, donate!

Update: The first copy has already been sold, just a few moments after the initial commit and before the actual announcement to misc@ (both by deraadt@) went out.

Kategóriák: *BSD

FreeType Patches Available

cs, 2015-03-12 10:46
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches for bugs in the FreeType library are available:

FreeType 2.5.5 contained more fixes for malformed font buffer overflows. Thanks to David Coppa for extracting the necessary patches from the Ubuntu package.

Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release already includes FreeType 2.5.5. Read more...

Kategóriák: *BSD

LibSSL Patch Available

cs, 2015-03-12 10:45
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Patches for the recently-announced FREAK attack are now available:

When CVE-2015-0204 (RSA silently downgrades to EXPORT_RSA) was announced, it was labeled "Severity: Low". Our assessment at the time was that export ciphers had already been removed prior to the release of 5.6, and that the fix was not worth backporting to 5.5.

Then CVE-2015-0204 was renamed the FREAK attack. Now it has a fancy name so you know it's important.

Unfortunately, our original assessment was not entirely correct. Some of the features exploited by FREAK were not deleted until after 5.6, although this was not known until testing tools became available. We've corrected libssl by backporting the necessary changes to 5.6. Read more...

Kategóriák: *BSD

s2k15 Hackathon Report: tedu@ on UVM SMP

szo, 2015-03-07 18:48
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our fourth report from the s2k15 hackathon comes from Ted Unangst:

Since s2k15 was, at least for some people, the SMP hackathon, I started my first project in that area. We currently have a few system calls that work without requiring the kernel lock because they only touch isolated parts of the data, but they aren't very exciting. getpid(), for example. I wanted to speed up a system call that may have some noticable results in a workload I use every day: compiling.

Read more...

Kategóriák: *BSD

s2k15 Hackathon Report: Jonathan Gray on X Graphic Acceleration Improvements, afl fuzzer

cs, 2015-03-05 10:38
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our third report from the s2k15 hackathon comes from Jonathan Gray (jsg@):

During the recent s2k15 hackathon in Brisbane I made another attempt to get acceleration working on newer Southern Islands/Graphics Core Next Radeon parts. As there is no traditional EXA acceleration provided by the xf86-video-ati driver for these the only option is glamor. Glamor used to be an external library but is now distributed as part of the Xorg X server. It works by creating an EGL context and provides OpenGL based 2D acceleration.

Read more...

Kategóriák: *BSD

LibreSSL 2.1.4

sze, 2015-03-04 11:24
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook (bcook@) posted:
We have released LibreSSL 2.1.4, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.

This release adds a number of new security features, makes building privilege-separated programs simpler, and improves the libtls API.
Read more...
Kategóriák: *BSD

Errata for X Server Infoleak

sze, 2015-03-04 10:50
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } As reported by Ted Unangst (tedu@) on tech:

Patches are now available to fix an information leak in the XkbSetGeometry request of X servers. For more information, see the X.org advisory. Read more...

Kategóriák: *BSD

Summer of Code 2015 Project Ideas Announced

k, 2015-03-03 23:53
The OpenBSD foundation has published its Project Ideas List for this year's Google-sponsored Summer of Code. If you're a student with an appropriate background, this could be your chance to take a stab at contributing to the OpenBSD code base, with OpenBSD developers as your mentors.

The Foundation and the OpenBSD project do not guarantee that SOC projects are accepted into the OpenBSD code base, but it's worth trying, isn't it?

Check out the list and see if there's something there you want to spend most of the summer hacking on.

Kategóriák: *BSD

Ted Unangst: Improving Browser Security

k, 2015-03-03 09:54
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In a recent post to misc@, Ted Unangst (tedu@), outlined some of his upcoming work on improving browser security. Ted writes,

A few words about a project I've started working on today with support from the OpenBSD Foundation.

Read more...

Kategóriák: *BSD

Episode 078: From the Foundation (Part 2)

p, 2015-02-27 11:48
In this week's episode, the fellas from BSDNow interview Ken Westerback (krw@), one of the directors of the OpenBSD Foundation. They also talk about the nascent BSDCan 2015 schedule, Reyk Flöter's superfish-esque relayd.conf, OpenBSD on the Minnowboard Max, and all the odds and ends in the week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD

OpenBSD Foundation 2014/2015 News & Fundraising

cs, 2015-02-26 10:51
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ken Westerback (krw@) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:

2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.

A detailed summary of the Foundation's activities in 2014 can be seen at

http://www.openbsdfoundation.org/activities.html

But here are some highpoints. Read more...

Kategóriák: *BSD