OpenBSD Journal

Game of Trees 0.77 released

2 év 10 hónap óta

Version 0.77 of Game of Trees has been released (and the port updated):

* got 0.77; 2022-10-24 - disallow integrating into references outside refs/heads/ (jrick) - gotwebd.conf: add syntax for defining macros and document them (op) - simplify the way 'got patch' opens a tempfile when reading from stdin - lots of refactoring to allow gotd(8) code to run without libexec helpers - more refactoring to allow gotd(8) to stream packfile data on network sockets - add missing error checking around some unlink(2) syscalls - don't crash if delta cache is missing while combining deltas; for dev builds - allow got_object_parse_tree() to reuse entries buffer allocations for speed - show a more useful error if the size of a packed object won't fit in 64 bits - switch integers used for counting objects while indexing packs to unsigned - refresh cached list of pack index paths while searching a packed object - introduce gotd(8) and gotsh(1); WIP and not yet provided in binary packages - close parent's end of imsg pipe before waiting for a child process to exit - fix detection of SIGTERM in tog; this signal was accidentally being ignored - avoid printing harmless errors that can occur when tog exits due to Ctrl-C

Of particular note is the introduction of [WIP] gotd(8)/gotd.conf(5) and gotsh(1), which provide networking support for got(1). Great stuff!

OpenBSD 7.2 Released

2 év 10 hónap óta
The OpenBSD project today announced the release of the most recent version of our favorite operating system, OpenBSD 7.2.

This is the 53rd release from the OpenBSD project. Highlights of the new release include:

As always, the release is available for download from mirror sites all over the world; be sure to pick one that is near you, network-wise! Those upgrading from the 7.1 release (or earlier) should consult the Upgrade Guide.

Also remember to support the project with a donation, perhaps buy some swag from the OpenBSD Store, and if you are at all corporate, please go to the OpenBSD Foundation and see about becoming an official sponsor.

Thanks from all of us to the developers for delivering yet another awesome release!

Further memory protections committed to -current

2 év 10 hónap óta

In a long series of commits, Theo de Raadt (deraadt@) has added support for the immutable memory mappings on which we reported earlier. We see:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/06 21:20:58 Modified files: sys/sys : exec_elf.h Log message: Add identifiers for the new "mutable bss" section, ".openbsd.mutable" is 0x65a3dbe5. Also add PF_MUTABLE as a segment flag for later use.

Read more…

OpenBGPD 7.7 released

2 év 10 hónap óta
A new version of OpenBGPD, the OpenBSD and portable BGP daemon, has has been released.

The announcement notes some key improvements in this release:

Subject: OpenBGPD 7.7 released From: Claudio Jeker <claudio () openbsd ! org> Date: 2022-10-06 21:25:58 We have released OpenBGPD 7.7, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon.

Read more…

LibreSSL 3.6.0 released

2 év 10 hónap óta
Signalling another turn of the seasons, Brent Cook (bcook@) announced that a new release of LibreSSL is out. The announcement reads:

We have released LibreSSL 3.6.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is a development release for the 3.6.x branch, and we appreciate additional testing and feedback before the final release coming soon with OpenBSD 7.2. It includes the following changes:

Read more…

OpenSSH 9.1 is almost ready for release. Please help testing!

2 év 10 hónap óta

An important message from Damien Miller (djm@) turned up on mailing lists and elsewhere, saying,

From: Damien Miller <djm () mindrot ! org> Date: Wed, 28 Sep 2022 00:03:37 +0000 To: openssh-unix-dev Subject: Call for testing: openssh-9.1 Hi, OpenSSH 9.1p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/

You can read the whole message here or continue after the fold -

Read more…

A Few of My Favorite Things About The OpenBSD Packet Filter Tools

2 év 11 hónap óta
While recovering after EuroBSDCon and starting to gear up for the much anticipated next OpenBSD release, our co-editor Peter Hansteen found the time to do a remote Sunday lunch talk (slides) for SEMIBUG titled A Few of My Favorite Things About The OpenBSD Packet Filter Tools (full text, blog with trackers).

The full text of the talk is also available here, without trackers.

Topics covered: PF basics, state tracking tricks, greytrapping, traffic shaping, with pointers to further material.

All good fun while we are waiting for the next bit thing.

OpenBGPD 7.6 released

2 év 11 hónap óta
OpenBGPD, our favorite BGP daemon, has a new release, version 7.6.

The release announcement leads in,

We have released OpenBGPD 7.6, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate nexthops and incorrectly leave them in the FIB or Adj-RIB-Out. * Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter * Switch various static hash tables to RB trees improving performance on large systems * Export per neighbor pending update and withdraw statistics * Fix race between a neighbor session reset and its update message backlog * Improve handling of nexthop reachability state changes * Further improve portability of the FIB handling code

Read more…

A summary piece on spam fighting and spamd(8) in particular and 300,000 imaginary friends

2 év 11 hónap óta
In a recent piece titled The Things Spammers Believe - A Tale of 300,000 Imaginary Friends, undeadly.org co-editor Peter Hansteen summarizes more than 15 years (yes, it has been that long) of improving the noise levels in mail feeds.

The main tools are what comes in the base system of our favorite operating system, with particular focus on spamd(8) and the greytrapping feature.

The article leads in with

It finally happened. Today, I added the three hundred thousandth (yes, 300,000th) spamtrap address to my greytrapping setup, for the most part fished out of incoming traffic here, for spammers to consume.

and is liberally sprinkled with references to other relevant material.

The article is also available in a trackerless (aside from the server's ordinarily rotated log) version.

-current has moved to 7.2

2 év 11 hónap óta

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.2:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/09/11 08:27:09 Modified files: sys/conf : newvers.sh Log message: drop the -beta

For those unfamiliar with the process: this is not the 7.2 release, but is part of the standard build-up to the release.

It's time to start using "-D snap" with pkg_add (and pkg_info).

(Regular readers will know what comes next…) This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

rpki-client 8.0 released

2 év 11 hónap óta
A new version of the OpenBSD rpki-client – RPKI validator to support BGP Origin Validation, version 8.0 has been released.

The announcement reads, rpki-client 8.0 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads, BGPsec Router keys, and ASPA payloads in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks.

Read more…

Game of Trees 0.75 released

2 év 11 hónap óta

Stefan Sperling (stsp@) noted the release of version 0.75 of Game of Trees:

Version control system #gameoftrees 0.75 has been released.

This is the first release which ships gotwebd, a Fast-CGI Git repository web server written by @basepr1me and lots of help by @op and others. In the long term, gotwebd will replace its ancestor, the gotweb CGI program. If you already run gotweb then please try gotwebd and let us know about any issues.
[…]

g2k22 Hackathon Report: Martijn van Duren on snmpd(8) improvements

2 év 11 hónap óta

We are delighted to have received a report on the recently-concluded g2k22 hackathon. Martijn van Duren (martijn@) writes:

Coming to Bad Liebenzell for the 3rd year in a row I knew what to expect, but the scenery still continues to amaze me. Driving through the black forest was a nice little escape before plunging back into the SNMP world.

One of the biggest misconceptions I've seen floating around and one of my biggest irks with snmpd(8) was its privilege separation situation. While true that snmpd(8) always had multiple processes it was never used to any meaningful degree. The engine process (snmpe) handled everything snmp related: Handling packets/connections, de-/encoding the BER, handling authentication, finding the correct object and retrieving the data from the proper source (usually the kernel). Because some metrics fell outside the scope of pledge it also ran without the pledge seat belt. The engine however does run inside a /var/empty chroot, this is where the other (parent) process comes into play. When a trap (notification) is received and covered by "trap handle" it's forwarded to the parent process, which then executes the "command".

Read more…

OpenBSD may soon gain further memory protections: immutable userland mappings

2 év 11 hónap óta
In a September 1st post to tech@ titled immutable userland mappings, Theo de Raadt (deraadt@) gave us a preview of code that may soon land in -current. The message leads in,

In the last few years, I have been improving the strictness of userland memory layout. An example is the recent addition of MAP_STACK and msyscall(). The first one marks pages that are stack, so that upon entry to the kernel we can check if the stack-pointer is pointing in the stack range. If it isn't, the most obvious conclusion is that a ROP pivot has occured, and we kills the process. The second one marks the region which contains syscall traps, if upon entry to the kernel the PC is not in that region, we know somone is trying to do system calls via an unapproved method.

Read more…

Ellenőrizve
49 perc 1 másodperc ago
OpenBSD Journal
The OpenBSD Community.
Feliratkozás a következőre: OpenBSD Journal hírcsatorna