OpenBSD Journal

Tartalom átvétel OpenBSD Journal
The OpenBSD Community.
Frissült: 18 perc 1 másodperc

Heads Up: spamd(8) PF Rule Change

k, 2015-05-19 10:49
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

With a recent commit, Reyk Flöter (reyk@) flipped the switch on spamd(8)'s pf interfacement: hange spamd to use divert-to instead of rdr-to. divert-to has many advantages over rdr-to for proxies. For example, it is much easier to use, requires less code, does not depend on /dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK ioctl), saves us from additional port allocations by the rdr/NAT code, and even avoids potential collisions and race conditions that could theoretically happen with the lookup. Heads up: users will have to update their spamd PF rules from rdr-to to divert-to. spamd now also listens to 127.0.0.1 instead of "any" (0.0.0.0) by default which should be fine with most setups but has to be considered for some special configurations.

Those of you running spamd setups looking to upgrade need to double-check your pf configurations to make sure they still work the way you expect.

Kategóriák: *BSD

OpenBSD 5.7 CD 2 Incorrectly Pressed

p, 2015-05-15 17:37
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

OpenBSD project leader Theo de Raadt (deraadt@) outlined some issues with the CD plant, which led to an incorrectly-finished CD 2, some of which were, unfortunately, shipped prior to the issue being found.

Sadly, CD2 of the OpenBSD 5.7 shipped in a broken fashion due to errors at the manufacturing plant. Two mistakes were made.

In the rush after the first error, this error was not caught in time. Many people have received (or will soon receive) their package with this broken disc. Orders which have not yet shipped are being held back... because...

A repaired disc is on the way from the plant.

This will be shipped out to everyone, and will be inserted into the orders not yet shipped.

Kategóriák: *BSD

BSDNow Episode 089: Exclusive Disjunction

p, 2015-05-15 11:05

On this week's episode of BSDNow, the hosts interview Mike Larkin (mlarkin@) about how he got started in OpenBSD, his recent and upcoming work on W^X, and how that fits into the OpenBSD exploit mitigation ecosystem.

As always, they also have all the news and reviews in the world of all things BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube ]

Kategóriák: *BSD

OpenBSD 5.7 Shipping, First Pre-orders Arriving

p, 2015-05-08 14:30
After a delay due to unfortunate production problems (the first such delay in 20 years), the OpenBSD Store announced that all pre-orders had been shipped.

And it seemed like only moments later that Raf Czlonka was the first to report on the misc@ mailing list that his pre-ordered OpenBSD 5.7 CD set had arrived.

Even if you hadn't preordered, you still have a chance to order your CD set and other swag by visting the OpenBSD Store. If you want to support the project financially in other ways, the Donations page is, as always, a good place to start.

Kategóriák: *BSD

New disklabel(8) templates make for a more flexible autoinstall

k, 2015-05-05 14:30
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In a this commit, a first in a series, Henning Brauer (henning@) made disk allocations during automatic installs much more flexible via the introduction of diskablel templates. The matching installer bits came along via this commit by Robert Peichaer (rpe@).

Quoting the updated disklabel(8) man page,

A template for the automatic allocation can be passed to disklabel using -T option.

But the more exciting news is the template format:

Read more...

Kategóriák: *BSD

OpenBSD 5.7 Released

p, 2015-05-01 00:12
May 1st, 2015, Calgary, AB, CA and elsewhere:

OpenBSD 5.7 has been released. The brand new 5.7 subdirectory should now be available and filled up on all relevant mirrors for those of you who have yet to receive your CD orders.

The release announcement, posted on project mailing lists earlier today, and the release home page both mention some highlights of the new release, while the complete changelog for the release is available on the OpenBSD website.

While you are too late to be the first to preorder a shiny OpenBSD release CD set, you can order one of your own, as well as a very cool 5.7-release poster.

Kategóriák: *BSD

OpenBSD has accepted projects from Google Summer of Code 2015

sze, 2015-04-29 10:03
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The OpenBSD page for Google Summer of Code 2015 has been updated with the list of accepted projects for this year. Asynchronous USB Transfers From Userland
ARM SD/MMC Driver & Controller Driver In libsa For OpenBSD
Port HAMMER2 to OpenBSD
Implement KMS Driver For Cirrus Cards
Improving USB Userland Tools And ioctl(2)
Automating Module Porting
Many thanks to those that responded, and we wish the best of luck on all projects!
Kategóriák: *BSD

EU study recommends OpenBSD

h, 2015-04-27 10:54
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In this European Parliament study: “EU should finance key open source tools” pointed out to us by Paul Irofti (pirofti@), and especially at study 2, they come to the conclusion that:
"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts." Read more...
Kategóriák: *BSD

CfP extended for EuroBSDCon 2015

sze, 2015-04-22 09:34
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Due to overwhelming response, the deadline for submitting talks to EuroBSDCon has been extended:

Since there was a huge rush of submissions just on the very last day, we have decided to give a second chance for all of you that didn’t quite finish your talk or tutorial proposal in time for the deadline.

The new date is set to May 22nd, but you don’t have to wait until the very last moment. Send in your suggestions right away. We think there still is room for some more topics related to *BSD left to present.

For those of you who already have sent in yours, we are very happy to see so many good submissions. Don’t hesitate to add another topic to your submissions if you haven’t run out of good ideas yet.

If you've been sitting on that paper, now's the time to ship it!

Kategóriák: *BSD

BSDNow Episode 085: PIE in the Sky

k, 2015-04-21 09:34

A bit late out of the gate, Undeadly readers are likely interested in the latest episode of BSDNow, featuring news of Solaris working to include OpenBSD's pf as an option on upcoming releases, the Bay Area BSD User Group keeping a stream of videos from their meetings going, some long-form blogging about the OpenBSD ports system, a discussion about keeping your home firewalls up to date, LLVM growing a fuzzing library, and most especially an interview with Pascal Stumpf (pascal@), with an overview of the whys and hows of address space layout randomization (ASLR) and the work extending position-independent executable (PIE) to statically-linked binaries.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD

p2k15 Hackathon Report: schwarze@ on USE_GROFF

h, 2015-04-20 09:29
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ingo Schwarze (schwarze@) writes in with our fourth report from the p2k15 ports hackathon:

When groff was removed from the OpenBSD base system in October 2010, Marc Espie@ marked more than 3000 ports with the USE_GROFF bsd.port.mk(5) variable, meaning that their manuals were formatted with groff at port build time and the preformatted versions included in the package. Over time, as mandoc(1) matured and learnt to handle more and more syntax, the number of ports having USE_GROFF gradually decreased. Read more...

Kategóriák: *BSD

Solaris Admins: For A Glimpse Of Your Networking Future, Install OpenBSD

sze, 2015-04-15 11:45
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Undeadly's very own Peter Hansteen has written up some PF-on-Solaris-related email chatter: Roughly a week ago, on April 5th, 2015, parts of Oracle's roadmap for upcoming releases of their Solaris operating system was leaked in a message to the public OpenBSD tech developer mailing list. This is notable for several reasons, one is that Solaris, then owned and developed by (the now defunct) Sun Microsystems, was the original development platform for Darren Reed's IP Filter, more commonly known as IPF, which in turn was the software PF was designed to replace.

As they say, read the whole thing!

Kategóriák: *BSD

p2k15 Hackathon Report: stsp@ on wifi and games

k, 2015-04-14 00:55
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Stefan Sperling (stsp@) writes in with our third report from the p2k15 ports hackathon:

I spent the week before hackathon reviving a lingering work-in-progress implementation of a wireless driver for RTL8188CE devices. These are essentially urtwn(4) devices on the PCI bus instead of USB. The driver started out as a copy of urtwn(4) which I'm gradually moving over to PCI. With help from uwe@ I could clear some roadblocks that had prevented progress and got the driver up to the point where the firmware loading process completed successfully. Read more...

Kategóriák: *BSD

p2k15 Hackathon Report: krw@ on GPT support

h, 2015-04-13 22:20
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ken Westerback (krw@) writes in with our second report from the p2k15 ports hackathon:

Never has a hackathon accomplished so much in the presence of so many fire doors. It appears that the University of Exeter is fire door mad, with every door labelled a fire door that must always be closed or locked. Read more...

Kategóriák: *BSD

softraid(4) - RAID 5 Call for Testing

v, 2015-04-12 13:42
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Joel Sing (jsing@) has put out a call for testing for RAID 5 on softraid(4):

For those not following source-changes@, I have just re-enabled the RAID 5 discipline for softraid(4).

During the last two hackathons in Dunedin, the RAID 5 implementation was largely rewritten. As far as I am aware, the last missing part was the lack of ability to resume a partial rebuild, which has been fixed - it now needs further testing and usage so that any remaining issues can be found. Read more...

Kategóriák: *BSD

p2k15 Hackathon Report: landry@ on mozilla and more

szo, 2015-04-11 01:05
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Landry Breuil (landry@) writes in with our first report from the p2k15 ports hackathon:

This was a short hackathon for once, so I took the opportunity to visit london on the way couchsurfing for two days, then enjoyed a quiet train trip to exeter through the nice countryside of devon...

Had quite a bit of fun being the first one on-site at the university building, since the people at the desk weren't aware at all that an event was organized in their place - didnt know hackathons were such secret things :) Read more...

Kategóriák: *BSD

OpenNTPD 5.7p4 released

sze, 2015-03-25 20:12
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The OpenNTPD team has announced the availability of OpenNTPD 5.7p4, which adds

support for using HTTPS time constraints to validate NTP responses, in turn made possible by the LibreSSL supplied libtls

plus a number of important bug fixes.

You'll find the full text of the announcement after the fold:

Read more...

Kategóriák: *BSD

SSH Protocol 1 Now Disabled at Compile Time

k, 2015-03-24 18:34
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

As Damien Miller (djm@) announced on tech@, support for SSH version 1 is now no longer being included in OpenBSD SSH:

Hi,

I just committed a change to src/usr.bin/ssh/Makefile.inc to compile- time disable SSH protocol 1. This protocol is old, unsafe and really, really shouldn't be used at all any more.

If you have need of it, then you can re-enable it for yourself using the knob in Makefile.inc.

If you run into bugs related to this change, please tell openssh@openssh.com and we'll fix them quickly. We're deliberately doing this change early in the release cycle to flush out bugs and find out how many people are still using this terrible old protocol.

-d

Like the man says, report any bugs found! And this might be a good time to offer the hand of friendship and understanding to any and all vendors/packagers who still support v1 to join the rest of us in deprecating the lesser protocols.

Kategóriák: *BSD

Donation request for network SMP development

p, 2015-03-20 22:38
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Martin Pieuchot (mpi@) writes in about what's needed for further SMP improvements in the network stack:

If you've been following my contributions to OpenBSD's kernel, you already know that in the past years I've been working on the Network Stack to make it more SMP friendly.

All the network hackers present at s2k15 agreed to volunteer me to work on the next step: properly integrate the pseudo-drivers (carp(4), vlan(4), trunk(4)...) in order to take ether_input() out of the kernel lock. Read more...

Kategóriák: *BSD

OpenSSH 6.8 Released

p, 2015-03-20 15:07
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } This week has been full of other exciting news, so it may have been easy to miss that the OpenSSH team has released OpenSSH 6.8. The new release is billed as

This is a major release, containing a number of new features as well as a large internal re-factoring.

This is the OpenSSH version that will be in OpenBSD 5.7, with lots of goodies as well as some potentially backward-incompatible features. The full announcement is at http://www.openssh.com/txt/release-6.8, or look after the fold.

Read more...

Kategóriák: *BSD