The version control system gameoftrees 0.98 has been released and should soon show up in OpenBSD -current packages. An update for the -portable version will follow as well.The main improvements in the new release are listed in the release notes as
The OpenBSD toolbox for network debugging just got better.In a recentthreadon tech@ titled pfctl show fragment info,Alexander Bluhm (bluhm@)posted a patch to enable packet reassembly statistics inpfctl(8).Several other developers joined in,and Claudio Jeker (claudio@) suggested thatsystat(8)should too be enhanced to display packet reassembly data inpf(4) related views.This suggestion was well received, and the resulting code has now been committed,Read more...
The work to improve the capabilities of the network stack is about to take a noticeable step forward. In a message to tech@ titled parallel raw IP input, Alexander Bluhm (bluhm@) posted a patch that he describes as
A series of commits by Jeremie Courreges-Anglas (jca@)has modifiedtar(1)such that its default write format (for archives) is that ofpax(1).The message with the finalcommitcaptures the gist of the change:
A series of commits by Jeremie Courreges-Anglas (jca@)has modifiedtar(1)such that its default write format (for archives) is that ofpax(1).The message with the finalcommitcaptures the gist of the change:
The OpenSMTPD project has released its first post-OpenBSD 7.5 version, OpenSMTPD 7.5.0p0, with a number of notable improvements.The announcement reads,
The OpenSMTPD project has released its first post-OpenBSD 7.5 version, OpenSMTPD 7.5.0p0, with a number of notable improvements.The announcement reads,
It's been 20 years since the first undeadly.org post appeared.At that point in our history, we had been enjoying frequent updates to the OpenBSD Journal at the deadly.org site for more than four years, and most of us thought it was an April's Fool prank when the the editors announced that they were ceasing publication, effective immediately on April 1st, 2004.Fortunately, Daniel Hartmeier quickly realized the announcement was not a joke, and went to work on a functionally equivalent CGI binary written in C and negotiated to take over the archive of existing articles. The rescued (resurrected?) site went live at undeadly.org on April 9th, 2004.At the time, the eagerly anticipated upcoming release was OpenBSD 3.5 (which we covered on April 30th of that year). As the release song strongly hints, the introduction of the CARP redundancy protocol was a major item in that release. The release also introduced the OpenBSD/amd64 platform, and included a number of improvements in hardware support and security, with privilege separation introduced in several daemons and important utilities. All the details can be had at the OpenBSD 3.5 release page.It's been 20 years, what have we got to show for it?We hope you have been enjoying the site's updates, and we hope that undeadly.org has been a positive factor in promoting all things OpenBSD. The site and its editors have every intention of going on running the site.If you want to help out, please submit items about OpenBSD that you find noteworthy.We value your submissions even more than your comments.All the best from the undeadly.org editors.
Every six months, spring and fall, a new OpenBSD release emerges on the web and familiar download mirrors.The OpenBSD project has released OpenBSD 7.5, the project's 56 release, with numerous improvements and support for 14 hardwareplatforms.Notable enhancements and new features include
Every six months, spring and fall, a new OpenBSD release emerges on the web and familiar download mirrors.The OpenBSD project has released OpenBSD 7.5, the project's 56 release, with numerous improvements and support for 14 hardwareplatforms.Notable enhancements and new features include
In what can only be called a great stride forward in routing security, Sebastian Benoit (benno@)announcedthe availability of rpki-clientversion 9.0.The announcement reads,
A clear sign that the OpenBSD 7.5 release cycle is entering the final phases just emerged.In this commit, Theo de Raadt (deraadt@) changed the version string to 7.5:
Hot on the heels ofqwx(4)[see earlier report], and soon after going -beta, -current has gained another new wi-fi driver -mwx(4).Claudio Jeker (claudio@)committedthe import:
If you run recent OpenBSD on certain amd64 or aarch64 platforms, indirect branching to an "unexpected" location will crash your program, in order to prevent ROP attacks and similar ways to have your program execute code where it shouldn't.The OpenBSD compiler will insert an extra instruction in all the places where a branch is supposed to land, and if it lands anywhere else, a CPU fault is raised and your program gets an "Illegal Instruction".Previously, crashes of this kind have looked more or less like any other kind of fault where code is executing random data or from random locations, but since the kernel knows when this has happened, we can make it explicit that the fault is due to missing branch target instructions, which will help a lot when debugging.Link to the commit here.
It's that time of the year again.With thiscommit,Theo de Raadt (deraadt@)changed the version string for the OpenBSD development branch(i.e. -current)to 7.5-beta:
Rafael Sadowski (rsadowski@) has added a new post to his Shut up and hack series, titledEffortless OpenBSD Audio and Desktop Screen Recording Guide,where he takes the reader through the steps needed to configureyour OpenBSD system for audio and video recording.The post even includes ayoutube videowhere he demonstrates recording while he is putting final touches on the blog post.You can take in the blog post here:Effortless OpenBSD Audio and Desktop Screen Recording Guide.
While you were likely busy celebrating the new year,OpenBSDdeveloper Solene Rapenne (solene@)found the time to write an article detailing variousOpenBSD workstation hardening tips.It's a useful collection of things you could do to secure your environment and customize your setup to best fill your needs.Enjoy!
In a message to the tech@ mailing list, Theo de Raadt (deraadt@) gave a summary of progress so far, along with a patch for testing what will likely be the next steps in the process.The message leads in,
As announced by Damien Miller OpenSSH 9.6/9.6p1 has been released.The complete release notes may be found here: https://www.openssh.com/releasenotes.html#9.6.Among notable changes, this release includes a fix for the Terrapin Attack.Read more...
Theo de Raadt (deraadt@)postedto tech@ regarding restrictions on theaddresses from which system calls can be made.In addition to providing background,the post contains information (and a patch)for an imminent change - the introduction of a newsyscall,pinsyscalls(2)[link not working at the time of writing because change not yet committed],which specifies the addresses from which individualsystem calls are permitted.pinsyscalls(2) will be called only fromthe shared library linker,ld.so(1).