OpenBSD Journal

OpenBGPD 8.2 released

1 év 10 hónap óta
With a message from Claudio Jeker (claudio@), the OpenBSD project today announced the release of the OpenBSD BGP (Border Gateway Protocol) daemon OpenBGPD, version 8.2.

The announcement reads, From: Claudio Jeker <claudio () openbsd ! org> Date: Mon, 02 Oct 2023 10:22:39 +0000 To: openbsd-announce Subject: OpenBGPD 8.2 released We have released OpenBGPD 8.2, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon.

Read more…

Introduction to sysclean(8)

1 év 11 hónap óta

Many OpenBSD sysadmins find the sysclean(8) port useful for removing obsolete files following upgrades.

Sebastien Marie (semarie@), the author of sysclean(8), has written a piece giving an under-the-hood look at the operation of this handy utility. It's well worth reading for those interested in understanding how it works!

-current has moved to 7.4

1 év 11 hónap óta

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.4:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2023/09/26 07:27:32 Modified files: sys/conf : newvers.sh Log message: we are heading out of -beta

For those unfamiliar with the process: this is not the 7.4 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add (and pkg_info).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Viable ROP-free roadmap for i386/armv8/riscv64/alpha/sparc64

1 év 11 hónap óta

Theo de Raadt (deraadt@) posted to tech@ a detailed message explaining the past and (potential) future of anti-ROP measures in OpenBSD.

It's well worth reading its entirety. Highlights include:

Years later, Todd Mortimer and I developed RETGUARD. At the start of that initiative he proposed we protect all functions, to try to guard all the RET instructions, and therefore achieve a state we call "ROP-free". I felt this was impossible, but after a couple hurdles the RETGUARD performance was vastly better than the stack protector and we were able to protect all functions and get to ROP-free (on fixed-sized instruction architecures). Performance was acceptable to trade against improved security. […] We were able to enable RETGUARD on all functions because it was fast. […] On the other hand the RETGUARD approach uses an illegal instruction (of some sort), which is a speculation barrier. That prevents the cpu from heading off into an alternative set of weeds. It will go decode more instructions along the post-RET execution path. I filed that idea as interesting but did nothing with it. Until now.

Like we said earlier, it is worth reading the whole thing! This points forward to some remarkable improvements on several architectures, and those changes could be a clear benefit for other systems too.

-current has moved to 7.4-beta

1 év 11 hónap óta

With the following commit(s), Theo de Raadt (deraadt@) moved -current to version 7.4-beta:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2023/09/18 07:16:13 Modified files: share/mk : sys.mk etc/root : root.mail sys/conf : newvers.sh sys/arch/macppc/stand/tbxidata: bsd.tbxi usr.bin/signify: signify.1 Log message: crank to 7.4-beta

Snapshots are (already) available for several platforms. At the time of writing, there are a mixture of 7.3 and 7.4 files on at least some mirrors, so readers are advised that problems may occur.

(Regular readers will know what comes next…)

This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

p2k23 Hackathon Report: Volker Schlecht (volker@) on rust and erlang progress

1 év 11 hónap óta

We are pleased to have another p2k23 report, this time from Volker Schlecht (volker@) who writes:

"Ladies and Gentlemen, our plane is equipped with two engines, and I'm afraid I need to tell you that the one that you see to your right won't start right now…"
As with several other developers my trip to p2k23 didn't exactly start off as planned. Eventually the engine did start, though (and I'm glad to report it stayed on, too) and I made it to Dublin.

Read more…

3D printing on OpenBSD? Yes, that’s a thing!

1 év 11 hónap óta

Can you really do 3D printing from OpenBSD? Cue suspenseful music whilst I formulate my answer, which is: Yes.

If you aren’t familiar with the 3D printing process, it’s divided into several steps, vaguely analogous to writing, compiling and running a program in a compiled language.

Read more…

p2k23 Hackathon Report: Landry Breuil (landry@) on chasing memory corruptions

1 év 11 hónap óta
Next up in the series of p2k23 hackathon reports is this from Landry Breuil (landry@), who writes,

It's been a while since the last p2k19 in bucarest… and this time in a new place, city, country, lovely ireland with a lovely weather at this time of the year.

As usual, i wanted to play with things that were left on the side for a while (upgrading mail/stalwart stack to the new all-bundled-in-one layout to play with JMAP… or testing matthieu@'s work on wayland) - but i was of course mostly distracted from those interesting topics by …firefox, you guess it. Dammit, not again !

Read more…

p2k23 Hackathon Report: Jeremy Evans (jeremy@) on Ruby ports cleanup, database progress, and more

1 év 11 hónap óta

Next up in our reports from the p2k23 hackathon is one from Jeremy Evans (jeremy@). Jeremy writes:

My travel to Dublin started off not so great, with the airline figuring out they had to replace the copilot's chair in the cockpit after everyone had boarded, forcing everyone to deplane and then reboard an hour later. I ended up getting to Dublin a couple hours later than scheduled. This was the day before the hackathon started, so thankfully I didn't miss any hacking time. After I arrived, I took a brief nap, then found out where the hackroom was.

Read more…

p2k23 Hackathon Report: Marc Espie (espie@) on a flurry of packages activity

1 év 11 hónap óta
The p2k23 OpenBSD packages hackathon just concluded, and Marc Espie (espie@) wrote in with this report:

Off to Dublin, or almost.

This ports hackathon started with a reminder that real-life bugs do matter: my morning flight was cancelled and I arrived in Dublin late that day.

Turns out that air traffic uses named waypoints, which are supposed to be unique, but there's no central name registry, and two local waypoints ended up with the same name, which caused huge confusion in air traffic to Ireland: planes making large detours. As it turns out, there ARE some safety regulations, so crews can't fly forever, and Aer Lingus had to cancel my flight: no idea whether the plane didn't make it to Paris, or if the crew logged so many hours that they couldn't fly back.
(all of this info courtesy of sthen@ and mlarkin@, one being the thorough guy who always finds out the most obscure details, and the other one having actual flying experience)

Read more…

Game of Trees 0.92 released

2 év óta

Version 0.92 of Game of Trees has been released (and the port updated):

* got 0.92; 2023-08-29 see git repository history for per-change authorship information - allow modified files to be deleted during merges if content exists in repo - disallow overlapping repo and work tree in 'got checkout' - speed up opening of the work tree's file-index - speed up deltification by resizing block hash tables less often - add support for commit keywords to 'got log -x' - fix 'got log -dPp' diffstat duplication bug - improve out-of-date reporting accuracy in 'got branch -l' output - document that the log -d option implies log -P - prevent file-index corruption via deletion of missing locally-added files - prevent a double-free in got_worktree_commit - fix regression from 0.76: 'got diff' output matches /usr/bin/diff -p again - gotsh: do not set POLLOUT flag if there is no data to send, for portability - gotd: stop logging "unexpected end of file" when client decides to disconnect - make gotd flush pending messages before disconnecting the client upon success - gotwebd: fix bogus modification times displayed when show_repo_age is off - tog: show work tree base commit marker in the log view - tog: fix an infinite loop that could be triggered via log view search - plug a memory leak in tog's blame view - tog regress: prevent crash in ncurses when Ctrl-C is used to cancel test runs - tog regress: fix occasional failures due to commit timestamp mismatch - regress: nix 'set -A' kshism from tests for portability

Keystroke timing obfuscation added to ssh(1)

2 év óta

Damien Miller (djm@) has committed support for keystroke timing obfuscation to ssh(1):

CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2023/08/27 21:31:16 Modified files: usr.bin/ssh : clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h ssh_config.5 Log message: Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@

Read more…

Ellenőrizve
1 óra 7 perc ago
OpenBSD Journal
The OpenBSD Community.
Feliratkozás a következőre: OpenBSD Journal hírcsatorna