Feed openbsd-journal OpenBSD Journal

Favorite IconOpenBSD Journal

Link http://undeadly.org/
Feed http://undeadly.org/cgi?action=rss
Updated 2024-03-05 04:32
rpki-client 9.0 released
In what can only be called a great stride forward in routing security, Sebastian Benoit (benno@)announcedthe availability of rpki-clientversion 9.0.The announcement reads,
OpenBSD -current drops -beta tag, goes to 7.5
A clear sign that the OpenBSD 7.5 release cycle is entering the final phases just emerged.In this commit, Theo de Raadt (deraadt@) changed the version string to 7.5:
IPv6 for ppp(4) enabled in -current.
In thiscommit,Denis Fondras (denis@) added code to allowIPv6 overPPP.The message reads,
mwx(4), another new wi-fi driver, added to -current
Hot on the heels ofqwx(4)[see earlier report], and soon after going -beta, -current has gained another new wi-fi driver -mwx(4).Claudio Jeker (claudio@)committedthe import:
New code for SIGILL faults help identify misbranches
If you run recent OpenBSD on certain amd64 or aarch64 platforms, indirect branching to an "unexpected" location will crash your program, in order to prevent ROP attacks and similar ways to have your program execute code where it shouldn't.The OpenBSD compiler will insert an extra instruction in all the places where a branch is supposed to land, and if it lands anywhere else, a CPU fault is raised and your program gets an "Illegal Instruction".Previously, crashes of this kind have looked more or less like any other kind of fault where code is executing random data or from random locations, but since the kernel knows when this has happened, we can make it explicit that the fault is due to missing branch target instructions, which will help a lot when debugging.Link to the commit here.
OpenBSD -current moves to 7.5-beta
It's that time of the year again.With thiscommit,Theo de Raadt (deraadt@)changed the version string for the OpenBSD development branch(i.e. -current)to 7.5-beta:
New wi-fi driver, qwx(4), enabled in -current
Stefan Sperling (stsp@)tootedregarding the addition ofqwx(4)to -current:
rpki-client 8.9 released
Sebastian Benoit (benno@)announcedthe release ofversion 8.9ofrpki-client.Updating is recommended for "improved reliability".
Game of Trees 0.96 released
Version 0.96of Game of Treeshas been released (and the portupdated).
Soft updates (softdep) support removed from -current
Support forsoft updates(softdep),disabled since before the 7.4 release [seeearlier report],has beenremoved from -currentby Bob Beck (beck@):
pinsyscalls(2) work summarized by Theo de Raadt
In apostto tech@, Theo de Raadt (deraadt@) summarizes the multi-year effort to make certain attack vectors unavailable on OpenBSD:
KMS for Apple silicon machines
Mark Kettenis (kettenis@)committedsupport forKernel Mode-Setting (KMS)on Apple silicon(arm64)machines:
pinsyscalls(2) working in anger
Theo de Raadt (deraadt@)has committed (to -current) the remaining parts required to getpinsyscalls(2)working in anger.The commits were:
Effortless OpenBSD Audio and Desktop Screen Recording Guide
Rafael Sadowski (rsadowski@) has added a new post to his Shut up and hack series, titledEffortless OpenBSD Audio and Desktop Screen Recording Guide,where he takes the reader through the steps needed to configureyour OpenBSD system for audio and video recording.The post even includes ayoutube videowhere he demonstrates recording while he is putting final touches on the blog post.You can take in the blog post here:Effortless OpenBSD Audio and Desktop Screen Recording Guide.
DSA removal from OpenSSH
The OpenSSH projecthasannouncedthe timeline for the removal ofDSA support from OpenSSH:
OpenBSD workstation hardening tips
While you were likely busy celebrating the new year,OpenBSDdeveloper Solene Rapenne (solene@)found the time to write an article detailing variousOpenBSD workstation hardening tips.It's a useful collection of things you could do to secure your environment and customize your setup to best fill your needs.Enjoy!
TSO for em(4) committed to -current
Following therecent CFT,Marcus Glocker (mglocker@) hascommitted[to -current]TSO forem(4):
Update on pinsyscalls(2) progress from Theo de Raadt
In a message to the tech@ mailing list, Theo de Raadt (deraadt@) gave a summary of progress so far, along with a patch for testing what will likely be the next steps in the process.The message leads in,
rpki-client 8.8 released
Sebastian Benoit (benno@)announcedthe release ofversion 8.8ofrpki-client.It's basically a bug-fix release; see therelease announcementfor details.
WIP port of the Linux ath11k driver
Stefan Sperling (stsp@)hascommittedto -currenta WIPdriver for Qualcomm ath11kwi-fi adapters(such as that found in theLenovo ThinkPad X13s):
Call For Testing: Add TSO support for em(4)
In a recent message to tech@,Marcus Glocker (mglocker@), asks users running -current fortesting of a potenially performance enhancing diff:
KDE Plasma now linked to packages build on -current
KDE Plasma is now fully functional on OpenBSD and available via the package system. To install, a simple
rpki-client 8.7 released
Sebastian Benoit (benno@)announcedthe release ofversion 8.7ofrpki-client:
OpenSSH 9.6 released!
As announced by Damien Miller OpenSSH 9.6/9.6p1 has been released.The complete release notes may be found here: https://www.openssh.com/releasenotes.html#9.6.Among notable changes, this release includes a fix for the Terrapin Attack.Read more...
syscall(2) removed from -current
The work described in Theo de Raadt'spost(see our previous article)continues:
pinning all system calls
Theo de Raadt (deraadt@)postedto tech@ regarding restrictions on theaddresses from which system calls can be made.In addition to providing background,the post contains information (and a patch)for an imminent change - the introduction of a newsyscall,pinsyscalls(2)[link not working at the time of writing because change not yet committed],which specifies the addresses from which individualsystem calls are permitted.pinsyscalls(2) will be called only fromthe shared library linker,ld.so(1).
Game of Trees 0.95 released
Version 0.95of Game of Treeshas been released (and the portupdated):
malloc(3) leak detection gains backtraces
Otto Moerbeek (otto@), the author of OpenBSD'smalloc(3)implementation, hascomittedanother great feature - backtraces for leak detection:
Game of Trees 0.94 released
Version 0.94of Game of Treeshas been released (and the portupdated):
OpenIKED 7.3 released
Tobias Heider (tobhe@) hasannouncedthe release ofversion 7.3ofOpenIKED:
OpenSMTPD 7.4.0p1 Released
Omar Polo (op@) hasannouncedthe release of version 7.4.0p1 ofOpenSMTPD.It is a bugfix release.
clang(1)/llvm updated to version 16
In a long series ofcommits,Robert Nagy (robert@)updatedclang(1)/llvmin -current to version 16:
LibreSSL 3.8.2 Released
A new stable release of LibreSSL is out, and should be arriving on amirrornear you shortly.Brent Cook (bcook@)'sannouncement reads:
Disruptive amd64 snapshot coming
Theo de Raadt (deraadt@)posted totech@a message entitleddisruptive amd64 snapshot coming.It reads:
OpenSMTPD 7.4.0p0 Released
Hot on the heels of the release of OpenBSD 7.4, Omar Polo (op@) has announced the release of OpenSMTPD 7.4.0p0. The announcement reads,
OpenBSD's built-in memory leak detection
Asannouncedon themisc@mailing list,Otto Moerbeek (otto@),the author of OpenBSD'smalloc(3)implementation[a.k.a. "otto malloc"],has written atutorial on the newmalloc(3) leak detection available in OpenBSD 7.4Read it at:OpenBSD's built-in memory leak detectionSince the publication of that write-up,Otto hascommittedfurther enchancements:
OpenBSD's built-in memory leak detection
Asannouncedon themisc@mailing list,Otto Moerbeek (otto@),the author of OpenBSD'smalloc(3)implementation[a.k.a. "otto malloc"],has written atutorial on the newmalloc(3) leak detection available in OpenBSD 7.4Read it at:OpenBSD's built-in memory leak detectionSince the publication of that write-up,Otto hascommittedfurther enhancements:
OpenBSD 7.4 Released
The OpenBSD project has announced the release ofOpenBSD 7.4,the 55 release of the OpenBSD operating system.The new release contains a number of innovations and improvements across a number of areas, including
OpenBGPD 8.3 released
The release of version 8.3 ofOpenBGPDhas beenannounced.This version contains a few fixes.
p2k23 - OpenBSD Ports Hackathon Dublin 2023
Rafael Sadowski (rsadowski@)bloggedabout his participation inp2k23.Perhaps most notable is his work in portingKDEPlasma.Read all about it athttps://rsadowski.de/posts/2023-10-09-p2k23-dublin-openbsd-hackathon/.There is some further discussion of the work in a thread titled NEW: KDE Plasma (x11/kde-plasma) on the ports@ mailing list.
rpki-client 8.6 released
Version 8.6ofrpki-client, the FREE, easy-to-use implementation of the ResourcePublic Key Infrastructure (RPKI)for Relying Parties (RP),has beenreleased.This version includes new compliance checks,random shuffling of processing of Manifest entries,and [non-random!] code shuffling.See the announcement for more details.This is another hint that a new OpenBSDreleaseis about to happen, and soon.
E-mail Filters In C
Jay Eptinxa has published a detailed write-up,entitledE-mail Filters In C,of his work creating aspamd(8)-likegreylistingsmtpd(8)filter.Thanks to Crystal Kolipe for letting us know!
OpenSSH 9.5 released
OpenSSH 9.5has beenreleased.This releases features the keystroke timing obfuscationon which we reportedearlier.
OpenBGPD 8.2 released
With a message from Claudio Jeker (claudio@), the OpenBSD project today announced the release of the OpenBSDBGP(Border Gateway Protocol) daemon OpenBGPD, version 8.2.The announcement reads,
Introduction to sysclean(8)
ManyOpenBSDsysadminsfind thesysclean(8)portuseful for removing obsolete files following upgrades.Sebastien Marie (semarie@),theauthorof sysclean(8),has written apiecegiving an under-the-hoodlook at the operation of this handy utility.It's well worth reading for those interested in understandinghow it works!
-current has moved to 7.4
With the followingcommit,Theo de Raadt (deraadt@) moved -current to version 7.4:
Viable ROP-free roadmap for i386/armv8/riscv64/alpha/sparc64
Theo de Raadt (deraadt@) posted totech@a detailedmessageexplaining the past and (potential) future ofanti-ROPmeasures in OpenBSD.It's well worth reading its entirety.Highlights include:
OpenBSD/arm64 on Hetzner Cloud
Frederic Cambus (fcambus@) wrote a blogpost about running OpenBSD on the arm64-based cloudservers provided by Hetzner. For now, only -current will work,because the new viogpu(4)driver[on which wereported earlier]is needed.Head on over to Frederic's blog for the full story!
EuroBSDCon 2023 presentations
EuroBSDCon 2023has now ended,and slides for many of the OpenBSD developer presentationsare now available in theusual place.Video of the presentations can be expected somewhat later.Slides from the tutorial"Network Management with the OpenBSD Packet Filter Toolset"arealso available.
Game of Trees 0.93 released
Version 0.93 of Game of Trees has been released (and the port updated).Read more...