OpenBSD Journal

Version 0.91of Game of Treeshas been released (and the portupdated):

As announced by Damien Miller: "We've just made an OpenSSH release to fix a remotely exploitable RCE vulnerability in ssh-agent's PKCS#11 support (CVE-2023-38408). Details at https://openssh.com/releasenotes.html#9.3p2Thanks to the Qualys Security Advisory Team for finding and reporting this bug."This appears to impact every version of OpenSSH's ssh-agent from 5.5 onwards.

Theo de Raadt (deraadt@)has updatedinnovations.htmlto include an item regarding the work which has been doneto enforce indirect branch target restriction(on theamd64[Intel]andarm64platforms).Thecommit messageprovides some detail:

Version 8.1 of OpenBGPD, the OpenBSD Border Gateway Protocol (BGP) routing daemon, has just been released.The announcement reads,

An anonymous submitter reminded us that Marc Espie (espie@) posted a summary of the state of OpenBSD packages in a message to the tech mailing list with the subject pkg_*: the road forward.Marc writes,

Matthieu Herrb (matthieu@) has written some noteson his work at the (recently-concluded)g2k23 hackathonin Tallinn, Estonia.His article,Wayland on OpenBSD,starts:

The majorpfsync(4)rewrite on which werecently reportedhas beencommittedto -current by David Gwynne (dlg@).As it says in the commit message

A low key leak from the ongoing g2k23 hackathon comes the news thatsoft updates(akasoftdep) will, for now, be a no-opon OpenBSD-current.The commit message by Bob Beck (beck@) reads,

A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current.In a message to the tech@ mailing list on July 4th, 2023, David Gwynne (dlg@) presented a diff that adds a new virtual network interface dubbed sec(4). The message reads,

Version 0.90ofGame of Treeshas been released (and the portupdated):Read more...

A major rewrite of pfsync(4), the state table synchronization tool for redundant pf(4) setups is in the works.In a recent message to tech@, David Gwynne (dlg@) describes the multi-year process behind the diff contained in the message,

Theo de Raadt (deraadt@)committedchanges which result intheshutdown(8)andreboot(8)commands(in -current)requiring membership of the the (new) group"_shutdown".The commit message explains the rationale:Read more...

TheOpenBSD projecthas releasedversion 7.3.0p0of OpenSMTPD, the project'sSMTPserver.Theannouncementreads in part:

Version 0.89ofGame of Treeshas been released (and the portupdated):

TheLibreSSL projecthas announced the release of versions3.6.3 and3.7.3,and (development) version3.8.0of the software.Theannouncementfor versions 3.6.3 and 3.7.3 reads:

Thanks to the followingcommitby Todd Miller (millert@),cron(8)now supports random values in a rangewith a step value(i.e."<lo>~<hi>/<step>"incrontab(5) entries):

Thanks to the followingcommitby Todd Miller (millert@),cron(8)now supports random values in a rangewith a step value(i.e."<lo>~<hi>/<step>"incrontab(5) entries):

The OpenBSD project has released a new version ofOpenBGPD,the OpenBSD Border Gateway Protocol (BGP) routing daemon,version 8.0.Theannouncementreads,

The OpenBSD project has released a new version ofOpenBGPD,the OpenBSD Border Gateway Protocol (BGP) routing daemon,version 8.0.Theannouncementreads,

Version 8.4ofrpki-clienthas beenreleased, with a number of improvements and new features:

Version 8.4ofrpki-clienthas beenreleased, with a number of improvements and new features:

Version 0.88ofGame of Treeshas been released (and the portupdated):

Version 0.88ofGame of Treeshas been released (and the portupdated):

Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more...

Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more…

Dave Voutila (dv@)committeda change which brings a multi-process model tovmd(8),enhancing both security and performance:

Dave Voutila (dv@)committeda change which brings a multi-process model tovmd(8),enhancing both security and performance:

Joshua Stein (jcs@) hascommittedviogpu(4),which provides support for thevirtio(4)GPUinterface(provided byQEMU and other virtual machines)to create a wscons(4)console.

Version 0.87ofGame of Treeshas been released (and the portupdated):

OpenBSD -current just grew a new tool for developers working on OpenBSD to detect unsafe behaviors in their code. OpenBSD lets you more easily track memory allocations and whether allocations are properly freed after use.In a message to tech@, Otto Moerbeek (otto@) announced the new functionality:

Calgary and elsewhere, 2023-04-10:The OpenBSD project today announced the release and general availability of its latest stable version, OpenBSD 7.3.Eagerly anticipated by users, engineers, enthusiasts and industry pundits all over the world, this release contains a number of improvements over earlier versions, including but not limited to

The LibreSSL project has announced a new stable release, LibreSSL 3.7.2. The announcement reads,

We recentlyreportedthat Theo de Raadt (deraadt@)was scheduled to present atCanSecWest.That's now happened, andslidesof Theo's presentation,Synthetic Memory Protections,can be found in theusual place.Video isavailableon the bird site.

Version 7.9 ofOpenBGPDhas beenreleased:

In a late-stage addition prior to the release ofOpenBSD 7.3,Mark Kettenis (kettenis@) hascommitted[more] aggressive randomisation of the stack locationfor all 64-bit architectures except alpha:Read more…

One small but significant step for routing security on the Internet happened Sunday 19th of March 2023 with the release of version 8.3 of rpki-client.The announcement reads,

With the followingcommit,Theo de Raadt (deraadt@) moved -current to version 7.3:

OpenBGPD 7.8 has been released and the announcement may be read here.

With a message to openbsd-announce and other lists, Brent Cook (bcook@) announced the release of LibreSSL 3.7.1, with numerous improvements.It is worth noting that this is the final version to be released before the upcoming OpenBSD 7.3 release.The announcement reads,

On 2023-03-15,the release ofversion 9.3ofOpenSSHwasannounced:Read more…

Dragos Ruiu recently announced that Theo de Raadt will be presenting at this year's CanSecWest, March 22-24 2023 in Vancouver, BC. Read more…

Version 0.86ofGame of Treeshas been released (and the portupdated):Read more…

Crystal Kolipe has written up more of her work on the console.This time, it regards bugs in the handling ofUTF-8:ExoticSilicon.com - fixing cringeworthy bugs in the OpenBSD console code.As Crystal pointed out in her email to Undeadly,Miod Vallat (miod@) hascommittedfixes.

Wladimir Palanthas written anarticleon use ofOpenSMTPDfilters, andprovided codeunder an MIT license for those who may wish to utilizethe techniques described therein.

Version 0.85ofGame of Treeshas been released (and the portupdated):Read more…

The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shellfrom the installer.Initial support, likely to be expanded upon, wascommittedby Klemens Nanni (kn@) onMarch 7, 2023.The commit reads,

Another piece from Florian Obser (florian@) just came out, titledDynamic host configuration, please.In the article, Florian details the steps to modern OpenBSDdynamic host configuration, including interface configuration, name resolution, routing and more.We also get an explanation of the various userland programs (most of them portable, some OpenBSD-specific) that make a modern OpenBSD laptop shine.You can read the full piece here, Dynamic host configuration, please.

It's that time of the year again. With this commit,Theo de Raadt (deraadt@) changed the version string for the development branch of OpenBSD to 7.3-beta.The commit reads,

We all know the OpenBSD is lead from Canada, but what is the status in that country by and large? Bringing up the subject, Katie McMillan wrote in, saying

Version 0.84ofGame of Treeshas been released (and the portupdated).Read more…