25 July 2014

Puffy

Undeadly :: BSDNow Episode 047: DES Challenge IV

On this week's episode, BSDNow interviews FreeBSD Security Officer Dag-Erling Smørgrav, links back to Undeadly g2k14 hackathon reports, and discusses the week's BSD news and hearsay.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

24 July 2014

Puffy

Undeadly :: g2k14: Landry Breuil on Taming Mozilla

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

As is now an habit, i had made zero plans for this hackathon, i had some unfinished stuff lying around, and no real big task ahead. Firefox 31 betas were already working for me, and only needed actual testing.

Read more...

Undeadly :: Minimalist HTTP Daemon Activated in Base

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Reyk Flöter (reyk@) recently committed the rc(8) glue to make his forked-from-relayd http server usable:

CVSROOT:	/cvs
Module name:	src
Changes by:	reyk@cvs.openbsd.org	2014/07/22 11:37:16

Modified files:
	usr.sbin       : Makefile 
	etc            : Makefile changelist rc.conf 
Added files:
	etc/rc.d       : httpd 

Log message:
Enable httpd(8) in the builds to get more testing, feedback and
improvements.  It is not "finished" but serves static files.

ok deraadt@
Read more...

Undeadly :: Interview: Brent Cook Talks About Porting LibreSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Undeadly was able to get a few minutes of time with Brent Cook (bcook@), who worked on the official LibreSSL port:

Undeadly: Tell us about yourself; who are you, and how did you get involved with the LibreSSL porting effort?

bcook@: My name is Brent Cook. I'm a generalist programmer by day, mostly working on low-level system stuff. I'm also a code performance junky, and I also play piano and saxophone, gigging occasionally around Austin, TX.

Read more...

23 July 2014

Puffy

Undeadly :: g2k14: Matthieu Herrb on Bringing X Forward

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Matthieu Herrb (matthieu@), who is the mad Frenchman who maintains Xenocara, writes in to share his g2k14 experience:

My main projects (multitouch, dhcpv6) didn't make any progress as I was distracted into X sets tweaks at the request of a few other hackers.

Read more...

22 July 2014

Puffy

Undeadly :: LibreSSL 2.0.3 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) has announced the release of LibreSSL 2.0.3:

We have released an update, LibreSSL 2.0.3 - which should
be arriving in the LibreSSL directory of an OpenBSD mirror near
you very soon. 
                                                                                
This release includes a number of portability fixes based on the
the feedback we have received from the community. It also includes
some improvements to the fork detection support. 
                                                                                
As noted before, we welcome feedback from the broader community.                
                                                                                
Enjoy,                                                                          
                                                                                
-Bob 

21 July 2014

Puffy

Undeadly :: g2k14: Ken Westerback on DHCP and dump(8)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }
Having missed Ljubljana 1, I looked forward to Ljubljana 2 with great expectations. I was not disappointed! Mitja ran a great hackathon with a nice site and an excellent city around it.
Read more...

Undeadly :: g2k14: Stefan Sperling on wireless drivers

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }
I spent most of this hackathon looking at problems in wifi drivers.

I wasn't exactly sure in advance which problems I wanted to work on. So I packed a bunch of hardware, including several USB wifi adapters, (rsu(4), 2x run(4), rum(4), urtwn(4), zyd(4)), some miniPCIe cards (an unsupported cousin of urtwn(4) named Realtek 8188CE, unsupported athn(4) AR9485, bwi(4)), two laptops, and an access point. This left me with more than enough toys for a week.
Read more...

Undeadly :: g2k14: Florian Obser in IPv6 land

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }
I arrived in Ljubljana somewhat tired so I started the first day off with some light ping(8) and ping6(8) hacking. Some unifdef(1) application for
#ifdef FEATURE_THAT_EXISTS_SINCE_FOREVER_BUT_MAYBE_WE_DONT_HAVE_IT and some cleanup by hand. The idea is to have ping(8) and ping6(8) be the same binary like traceroute(8) and traceroute6(8).
Read more...

Undeadly :: g2k14: Ingo Schwarze on manly stuff

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }
In the week right before the hackathon, I have done quite a bit of work cleaning up mandoc(1) warning and error messages. The goal is to provide more, more precise, and more readily understandable information to the user, in particular mentioning in the messages which section titles, macro names, and arguments each individual message is related to, and which workaround or fallback mandoc(1) has chosen, if any.
Read more...

19 July 2014

Puffy

Undeadly :: g2k14: Sebastian Benoit on chasing down annoyances

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0; pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Sebastian Benoit (benno@) lets us know what he did to make his life easier at g2k14:

For me the hackathon started before arriving in Ljubljana. On my trip I noticed that there was something wrong with my ssh connections: some did not work. So I started debugging in Munich Airport and the result was a quick fix for a recent bug in ssh-add.

Read more...

Undeadly :: g2k14: Jasper Lievisse Adriaanse on bootloader hacking

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

This hackathon started out for me with my usual routine of fixing some bugs in Puppet, add more facts to Facter and dig into pkg-config.

Read more...

Undeadly :: g2k14: Jonathan Gray on driver improvements for X

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Jonathan Gray (jsg@) writes in to let us know why he spent 30 hours in coach to be with us:

One of the first things I did at g2k14 was import the Mesa update I've been working on for some time now. I've been tracking the Mesa git for a few months and submitting patches to reduce the amount of pain involved and given the local diff isn't too large anymore it seemed like a decent time to update. Shortly before the hackathon I ran into a problem getting Mesa to build on i386 however. It turns out there is an i386 only codepath that does a sysctl to check if SSE is enabled. This turned out to be a problem because sysctl.h pulls in uvm_extern.h which then pulls in a bunch of kernel headers including mutex.h which meant that Mesa's mtx_init() collided with the kernel's mtx_init(). Theo spent some time cleaning up the sysctl and uvm headers so they wouldn't include anywhere near as many definitions, and that work had already been committed when I arrived at the hackathon.

Read more...

18 July 2014

Puffy

Undeadly :: g2k14: Paul Irofti on the long road to octhci(4)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

I came to the hackathon with a single goal: working on the driver for the USB host controller interface found on the octeon machines.

Read more...

Undeadly :: BSDNow Episode 046: Network Iodometry

In this week's episode of BSDNow, they interview Brian Drury of FreeBSD, talk about Allan Jude's trip to Cambridge on BSD grounds, and teach you how to DNS your way out of a restrictive network.

[ MP3 | OGG | Video | HD Video | HD Torrent Feed ]

Undeadly :: g2k14: Brent Cook on the portable LibreSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } A new developer with the OpenBSD project, Brent Cook (bcook@) writes in:

As unusual as it sounds for someone working with the OpenBSD project, I'm not primarily an OpenBSD user. I actually use a Mac and Linux equally, and even do fair amount of Windows development. Some might say my involvement was more of a survival of the fittest.

Read more...

Undeadly :: g2k14: Miod Vallat on LibreSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Long time listener, many time caller, Miod Vallat (miod@) writes in:

There are two kinds of hackathons.

Those were you pack your headphones, and don't use them. And those where you forget to pack them, and wish you hadn't.

As a veteran hackathon attendee, I packed my headphones, of course. And I was more than happy to keep them packed, as the pace of the hackathon was so hectic it was better to relax by talking to people than to relax by listening to music.

Read more...

15 July 2014

Puffy

Undeadly :: g2k14: Theo de Raadt on security and configurations

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } OpenBSD project leader Theo de Raadt (deraadt@) writes in from g2k14:

In the two weeks leading up to Slovenia I worked with Bob Beck on the replacement functions that would be needed to emulate getentropy(2). During the start of the hackathon there was a final bit of work to ensure Bob and Brent Cook were on their way with that.
Read more...

Undeadly :: g2k14: Martin Pelikan on ext4, filesystems in general

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Martin Pelikan writes in with this report from g2k14:

My initial plan was to bring our base to a state where LLVM's libcpp could be compiled, giving us C++11 support. After I read up on the latest POSIX locale additions, other developers made it clear that more library version cranks will be necessary in order not to break ports. After the first diff was ready, I set up a base system build to check if it breaks. And then my life has changed...

Read more...

Undeadly :: g2k14: World of KDE4, Vadim Zhukov (zhuk@)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Hot on the heels of a successful hackathon, Vadim Zhukov (zhuk@) wrote in with this report on his efforts:

I came to hackathon with a short but heavy TODO list:

1. Finish KDE 4.13.2 and prepare 4.13.3 (official announce to be done Jul 15);
2. Import at least some stuff from semi-official openbsd-wip ports repository to official CVS;
3. Fix the long-standing issue with kded4 constantly eating CPU;
4. Continue hacking on Samba 4.x;
5. Enable ext2fs in RAMDISK_CD for amd64.
6. Put in CVS some stuff under ports/infrastructure/ I've developed for last months.
7. Put in CVS the man-pages-posix port.

Read more...

14 July 2014

Puffy

Undeadly :: g2k14: Marc Espie on ports and packages

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Yet another report from the recently completed g2k14 hackathon, this time from Marc Espie (espie@) who writes

First time in Slovenia. Took a few hours off to see the city, managing to escape the thunderstorms. Somewhat interesting mix, never seen that mixture of eastern european, southern europe, and tourist places.
Read more...

Undeadly :: g2k14: Henning Brauer on IPv6, bpf, vlan surgery

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our second g2k14 report comes from Henning Brauer (henning@), who writes:

g2k14 has been weird: I, for the most part, wrote IPv6 code. No, that doesn't mean I'd suddenly think inet6 is any good. But let's start from the beginning.

Read more...

13 July 2014

Puffy

Undeadly :: g2k14: Bob Beck on LibReSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) was the first developer to submit a report from the just concluded g2k14 hackathon:

Well, this was certainly not the hackathon I would have predicted several months ago for me. Had you asked me in January what I'd be doing here it would have been wading into uvm, kernel lock, buffer cache, and other such things in the kernel.

Then LibreSSL happened.

Read more...

Undeadly :: Second Release of LibreSSL Portable Available

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) announced the second release of LibreSSL-portable:

We have released an update, LibreSSL 2.0.1

This release includes a number of portability fixes based on the
initial feedback we have received from the community.  This includes
among other things two new configure options to set OPENSSLDIR and
ENGINESDIR. We have removed a few hardcoded compiler options that
were problematic on some systems as well as -Werror. We have also
re-synced with the latest OpenBSD sources as a number of issues
were fixed upstream. This release also includes pkg-config support.

As noted before, we welcome feedback from the broader community.

Enjoy,
-Bob
Bob also writes:
Also starting with this release the directory includes SHA256
signatures which are signed using signify.

The signify public key for libressl is:

untrusted comment: LibreSSL Portable public key
RWQg/nutTVqCUVUw8OhyHt9n51IC8mdQRd1b93dOyVrwtIXmMI+dtGFe   

11 July 2014

Puffy

Undeadly :: First Release of LibreSSL Portable Available

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) announced the release of LibreSSL-portable:

The first release of LibreSSL portable has been released. LibreSSL
can be found in the LibreSSL directory of your favorite OpenBSD mirror.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
will soon.

libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux, Solaris, Mac OSX, and FreeBSD.

This is intended as an initial release to allow the community to start
using and providing feedback. We will be adding support for
other platforms as time and resources permit.

As always, donations (http://www.openbsdfoundation.org/donations.html)
are appreciated to assist in our efforts.

Enjoy,

-Bob

09 July 2014

Puffy

Undeadly :: g2k14 headsup: relayd(8) filtering language changed

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } From the in-progress g2k14 hackathon in Ljubljana, Slovenia comes early news of what we'll see in upcoming OpenBSD releases. The relayd(8) filtering language has been replaced, with a more readable and flexible grammar inspired by pf(4).

The commit by Reyk Floeter (reyk@) has a CVS log message that reads:

Read more...

01 July 2014

Puffy

Undeadly :: BSDNow Episode 043: Package Design

BSDNow interviews OpenBSD's own Marc Espie about his work on the ports and package system.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube | Show Notes ]

18 June 2014

Puffy

Undeadly :: PF Tutorial Rolls Past 200,000 Unique Visitors

As you may have heard via Twitter, the PF tutorial by Peter N. M. Hansteen -- a BSD conferences favorite and the predecessor of The Book of PF (with the third edition soon to be in "early access" availability) -- just saw its 200,000th unique visitor and has had somewhat in excess of 3 million page views.

Author Peter Hansteen comments, "It's good to see that the thing is still widely read and referenced. I'll keep working on that and the book for as long at is makes sense.", and continues, "But please do remember that I would have had noting to write about without a vital OpenBSD project producing high quality stuff. Please remember to not just buy the book, but also donate to the project to help keep it running."

You heard the man, now go ahead, read and donate!

13 June 2014

Puffy

Undeadly :: BSDNow Episode 041: Commit This Bit

The folks at BSDNow interview Benedict Reuschling of FreeBSD and provide their take on the week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

05 June 2014

Puffy

Undeadly :: sendmail(8) Patch In -stable Fixes Local Snooping Vulnerability

For those of you who are still using sendmail(8) on OpenBSD 5.4 or 5.5, it's patch and update time.

The vulnerability known as CVE-2014-3956 could allow local users to interfere with open SMTP connections, and it is strongly advised that any sendmail users out there patch their systems without undue delay.

Patches are available for OpenBSD 5.4 and OpenBSD 5.5 as patch 011 and patch 007 respectively.

It is worth noting that from OpenBSD 5.6 onwards (to be released November 1st, 2014), OpenSD's own OpenSMTPD will be the default MTA.

03 June 2014

Puffy

Undeadly :: Call for Testing: ld.so Malloc Improvements

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Otto Moerbeek (otto@) continues his mastery of all things memory allocation, extending some of the libc malloc features to ld.so(1):

ld.so has a very basic malloc. This diff changes it to use a (somewhat stripped) libc malloc with all the randomization and other goodness.

Read more...

30 May 2014

Puffy

Undeadly :: BSDNow Episode 039: The Friendly Sandbox

In this week's episode of BSDNow, the fellas interview John Anderson about capsicum sandboxing, present a tutorial about securing DNS lookups, and go over the weeks' news and events.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

27 May 2014

Puffy

Undeadly :: Theo de Raadt and Bob Beck to Present at the Calgary UUG

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

A bit late ourselves on a late announcement, but Theo de Raadt (deraadt@) and Bob Beck (beck@) will be giving a presentation in Calgary:

I'm sorry for the late public announcement...

Tomorrow (Tuesday) Bob Beck will be hurtling down the Highway from Edmonton to Calgary.

Then in the evening, he and I will present at the local calgary unix group meeting about recent changes in LibreSSL, OpenBSD, and how the OpenBSD Foundation fits into this.

http://www.cuug.ab.ca/

Anyone in the area who is able to attend probably should.

26 May 2014

Puffy

Undeadly :: Preventing the next Heartbleed

An Anonymous Coward writes in to tell us about sightings of secrets-related privsep in the wild:

The developer known by the pseudonym insane coder, who authored the popular pro-LibreSSL review LibreSSL: The good and the bad, has presented a solution for preventing common coding mistakes resulting in another Heartbleed:

To protect against exploiting such bugs, one should ensure that buffer overflows do not have access to memory containing private data. The memory containing private keys and similar kinds of data should be protected, meaning nothing should be allowed to read from them, not even the web server itself.

He then talks about using memory protection and process separation to isolate a server's private keys from anything which can be exploited to send them over the network.

This technique has already been utilized in an stunnel-like server, and it remains to be seen when others will follow.

Thanks for the tip, Anonymous Coward!

Astute readers will note that this technique has already been utilized in relayd(8) and smtpd(8).

Undeadly :: 5.5 Errata #006: X Font Service Protocol Erratum

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } As described in an email from Errata-meister Tedu on OpenBSD-Announce, from http://www.openbsd.org/errata55.html:

X Font Service Protocol & Font metadata file handling issues in libXfont
    CVE-2014-0209: integer overflow of allocations in font metadata file parsing
    CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
    CVE-2014-0211: integer overflows calculating memory needs for xfs replies

Please see the advisory for more information.
http://lists.x.org/archives/xorg-announce/2014-May/002431.html
Check out the build details after the break. Read more...

21 May 2014

Puffy

Undeadly :: OpenBSD Webcast on O'Reilly

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Michael W. Lucas, author of the books SSH Mastery, Sudo Mastery, DNSSEC Mastery, and Absolute OpenBSD, writes in to let us know that he'll be talking OpenBSD up on the interwebs:

I'll be doing a webcast on O'Reilly's community site called "Beyond Security: OpenBSD's Real Purpose." This will go out live on Tuesday, 27 May, 1PM EDT. I'll take questions at the end.

The talk will focus on OpenBSD as a pressure cooker to change the world. If only I had a really good example of this whole "pressure cooker" idea from, say, the last month or so, then the talk would feel really current and attract a lot of interest from the outside world.

If only, indeed!

Undeadly :: EuroBSDCon 2014 submissions deadline extended until June 2nd, 2014

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Co-editor and writer of many words about OpenBSD, Peter Hansteen, who is also on the EuroBSDCon 2014 program committe, wrote in to tell us that the deadline for submissions to the EuroBSDCon 2014 conference has been extended until June 2nd 2014.

Read more...

20 May 2014

Puffy

Undeadly :: OpenBSD Presentations from BSDCan Online

Another BSDCan has come and gone, and for those of you who missed the fun, the OpenBSD presentations are now online:

Undeadly :: BSDNow interview with bcallah@ and abieber@

On the May 21 episode of BSD Now, OpenBSD developers Brian Callahan (bcallah@) and Aaron Bieber (abieber@) are being interviewed on their roles in founding, running, and maintaining *BSD User Groups. Brian is an admin of the New York City *BSD User Group (NYC*BUG) and Aaron recently founded the Colorado *BSD User Group (CoBUG).

If you've ever wanted to know how to get involved with your local BUG, or even how to find like-minded *BSD users in your area, this is the interview for you!

For those of you who want to experience it live, the show airs on Wednesdays at 2:00PM Eastern time (18:00 UTC).

19 May 2014

Puffy

Undeadly :: Conference Report: BSDCan 2014

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Long-time Editor and OpenBSD committer Peter Hessler (phessler@) writes in with a report from the recently ended BSDCan.
BSDCan started for me with a long flight over from Europe. 9 hours before I collected one of my favourite souvenirs from a trip (the passport stamp), pop into Tim Hortons to grab a coffee (North American drip coffee is just that. Drip.) before running to bounce up to Ottawa.
Read more...

17 May 2014

Puffy

Undeadly :: BSDCan 2014 Day 2: LibreSSL, mandoc

Day 2 of BSDCan 2014 is in progress, with more news from OpenBSD developers. In addition to the crowd-pleasing LibreSSL talk by Bob Beck (beck@) we covered already, the other OpenBSD item of the day was Ingo Schwarze's presentation on new trends in mandoc. This is certain to make your favorite operating system's documentation even more useable.

There is also a lunchtime OpenBSD, libressl and stuff BOF session that may produce interesting results.

15 May 2014

Puffy

Undeadly :: LibreSSL Talk to be Given at BSDCAN

Due to a last-minute cancellation, Bob Beck (beck@) has stepped up and will be presenting a LibreSSL talk.

Those of you who've never heard Herr Beck give a talk before are in for a treat.

In case you're wondering, no, you do not have to sit up front to hear him.

14 May 2014

Puffy

Undeadly :: Freelist Recycling Tweaks in OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Recently, Ted Unangst (tedu@) committed a tweak for malloc(3) freelists:

CVSROOT:	/cvs
Module name:	src
Changes by:	tedu@cvs.openbsd.org	2014/05/12 13:02:20

Modified files:
	lib/libc/stdlib: malloc.c 

Log message:
change to having four freelists per size, to reduce another source of
deterministic behavior. four selected because it's more than three, less
than five. i.e., no particular reason.

and astute readers will recall a similarly-themed change for kernel pool(9) freelists.

These changes make it much harder for bugs which require the immediate recycling of freed memory, an example of which was famously unearthed during the heartbleed fallout, to go undiscovered.

12 May 2014

Puffy

Undeadly :: Poll: Are Frequent Password Changes Actually Useful?

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Book of PF author and Undeadly editor Peter Hansteen asks the following question:

Does enforced password change at set intervals actually enhance security?

Given the increasing sophistication of password cracking techniques, and potentially insecure methods for two-factor authentication, what can administrators do to strike the balance between utility and security?

09 May 2014

Puffy

Undeadly :: BSDNow Episode 036: Let's Get RAID

BSDNow Episode 36 is out, with the titular segment featuring RAID setups on both FreeBSD and OpenBSD.

In OpenBSD content, the episode covers the release of 5.5, the recent work to unhitch OpenSSH from OpenSSL, and incestuously links back to jasper@'s m2k14 report.

It also features an overview of the April issue of BSDMag, an interview with FreeBSD developer David Chisnall, using FreeBSD in the cloud, a new episode of BSDTalk, and a weekly update from PCBSD.

Undeadly :: LibreSSL Will be Portable

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Although much internet hand wringing has been performed in the service of "Won't someone think of the child^H^H^H^H^Hportability!", the OpenBSD devs are making changes in OpenBSD itself which will make the upcoming release of LibreSSL more easily portable to other operating systems:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2014/05/08 15:43:49

Modified files:
	lib/libc/stdlib: Makefile.inc malloc.c 
Added files:
	lib/libc/stdlib: reallocarray.c 

Log message:
move reallocarray() to a seperate file so that -portable applications
can avoid reinventing the wheel
ok guenther schwarze

reallocarray(3) was added to address issues found in the OpenSSL source, and now exists as a single, freely-licensed, easily-included file for any and all who require it to make LibreSSL work on their system, as long as that system isn't Irix running Visual C 1.5.2.

08 May 2014

Puffy

Undeadly :: Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code (beck@ interview)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Over at Servicevirtualization.com, Bob Beck (beck@) was interviewed for a piece called Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code about the Heartbleed bug and the subsequent LibreSSL fork. A favorite quote:

ServiceVirtualization: What can organizations do to ensure they are building applications using high-quality, open-source components?

Beck: This is not an open source problem. It’s a problem with any codebase you incorporate or reuse. Examine where they come from, have competent developers look at what they are bringing in, and know what the motivations of the organization is that is developing them. OpenBSD can stand well on its own track record. We are security-focused developers.

07 May 2014

Puffy

Undeadly :: New Compiler Capabilities: -fstack-shuffle and Return Value Guards

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Martynas Venckus (martynas@) has committed a pair of security-related enhancements to OpenBSD's gcc(1), improving the bug- and exploit-resistance of the entire system.

The first, a new -fstack-shuffle option, hopes to find bugs that were slipping through due to the ordering of variables on the stack.

CVSROOT:        /cvs
Module name:    src
Changes by:     martynas@cvs.openbsd.org        2014/05/06 17:22:33

Modified files:
        gnu/gcc/gcc    : cfgexpand.c common.opt

Log message:
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.

Discussed with Theo at m2k14 hackathon.  "oh god yes" tedu@, "oh nice" djm@
Read more...

05 May 2014

Puffy

Undeadly :: Android's C Library Has 173 Files of Unchanged OpenBSD Code

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } On may 2, 2014, a message with the somewhat arcane subject libc: #define to remove support for %n from printf(3)? from the main Android libc maintainer turned up on tech@, where part of the lead in was,

i maintain Android's C library which, as you may know, contains a lot of OpenBSD code. i've been working to clean up our mess and get us back in sync with upstream, and currently have 173 files that are exactly the same as current upstream OpenBSD. (more than we have from the other two BSDs put together.)

There's more after the fold: Read more...

Undeadly :: When Porting LibreSSL, Don't Assume Your OS Is As Sane As OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

OpenBSD users and developers know to appreciate that our favorite operating system is a sanely constructed, modern Unix with a well deserved reputation for an emphasis on security. That is perhaps one of the reasons why the LibreSSL initiative has caused so much excitement, to the point where several people have independently started efforts to port the OpenBSD project's work in progress LibreSSL code to other platforms.

Now blogger Insane Coder comes out with a stern warning to LibreSSL porters in two articles (here and here).

The main takeway is:

OpenBSD functions may be more secure than counterparts elsewhere

Read more...

02 May 2014

Puffy

Undeadly :: OpenBSD is Now Distributing Signed Patches

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After the inaugural email appeared, Ted Unangst (tedu@) clarified the new policy regarding the announcement of patches:

Starting today, we're going to try sending patches out via email so you don't miss them.

Several previous errata have also been recently published for OpenBSD 5.4 and 5.5. We won't be mailing them out individually since they aren't new, but you should check the web site for details.

Refer to http://www.openbsd.org/errata55.html and errata54.html.

(Also note that OpenBSD 5.3 is officially end of life and will not be receiving any more patches.)

He sent a separate, longer email explaining in greater depth the new policy: Read more...

Undeadly :: m2k14 report: jasper@ on puppet, misc ports and Octeon

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Jasper Lievisse Adriaanse (jasper@) managed to stay out of the libressl flensing, concentrating on some long standing bug and patch pushing:

When I arrived in Marocco I had a few small things I wanted to look at, which I naturally ended up spending most of my time on. While Puppet generally works great on OpenBSD, the port itself was in dire need of some cleaning and pushing patches upstream. While working on the port I finally sat down to iron out some (the last?) bugs in the "ensure => latest" patch we have to update packages to their latest version. Moving Puppet and all the related components of the stack to use Ruby 2.0 (instead of 1.9) concludes my work on Puppet for m2k14.

Read more...

Undeadly :: BSDNow Episode 035: Puffy Firewall

The latest BSDNow episode is a PF special, featuring various news, some of which you've seen here, and an interview with Book of PF author (and undeadly.org co-editor) Peter Hansteen about our favorite operating system and related matters. The Episode 35 home page has videos in various formats.

01 May 2014

Puffy

Undeadly :: m2k14: Antoine Jacoutot on GNOME, Heimdal, and Further Heartbleed Fallout

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Antoine Jacoutot (antoine@) tells us about the wrangling of mythical beings, big and small:

Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 "unprepared" about what I was going to do.

Read more...

Puffy

GCU OpenBSD :: 5.5 sur l’échelle de l’awesomeness

GCU^WBSD n’est pas mort, y’a encore des news! Pendant que certains vendent du muguet ou profitent d’un jour de congé bien mérité, d’autres poussent des trucs sur des mirrors.

Au menu des nouveautés pour cette release:

  • le passage de time_t en 64-bits, pour être safe en 2038. Ca parait pas grand chose, mais c’est énormément de travail – plus d’infos. C’est dailleurs le sujet de la traditionelle release song.

  • les sets d’installs et les paquets sont maintenant signés par signify(1). Oui, nous sommes bien en 2014.

  • un mode d’installation scripté est disponible dans l’installeur, et des images iso à dumper sur des clefs usb sont fournies. Il était déja possible d’installer OpenBSD depuis une clef usb, c’est maintenant encore plus simple!

  • coté hardware, le support du multiprocesseur sur alpha, OpenBSD/vax est passé à GCC3, ont été ajoutés un certain nombre de nouveaux drivers (ubcmtp(4), qla(4)…) pour le support matériel ainsi que le support virtuel : vmx(4), vmwpvs(4), vioscsi(4)… qui a dit qu’OpenBSD supportait mal la virtualisation en client ?

  • le support de KMS dans radeondrm(4) et inteldrm(4) a été mis à jour pour correspondre au noyau Linux 3.8.13.19, et la console framebuffer utilise aussi KMS!

  • coté réseau, relayd(1) supporte maintenant Perfect Forward Secrecy, et un nouveau système de queuing (Hierarchical Fair Service Curve ou HFSC) a été intégré dans pf. ALTQ disparait en 5.6.

  • une impressionante liste de changements dans iked(8) (support d’OCSP, authentification par clef RSA, allocation d’IP aux clients via un pool d’adresses) et smtpd(8) (support partiel de DSN et ENHANCEDSTATUSCODES, de SNI, beaucoup d’améliorations dans smtpctl(8))

  • le générateur de nombres aléatoire est maintenant initialisé dès le boot pour plus de parano!

  • tmpfs a été importé depuis NetBSD/Bitrig. DIE DIE DIE mfs.

  • Dans les ports/packages, GNOME 3.10.2, KDE 4.11.5 (FINALLY \o/), toujours Xfce 4.10, Firefox 26, Chromium 32, 4 différentes versions de ruby, 2 de python, 2 de php.. tout ce qu’il faut pour faire un desktop, ou un serveur de dev/web.

  • Et enfin, une foultitude d’autres changements dans OpenSSH, mais la je vais vous laisser aller lire la liste comme des grands.

Of course, un guide d’upgrade est fourni, faire spécialement attention à cause du changement d’ABI causé par time_t..

Stay tuned for 5.6, qui va roxer des mamans ours avec des choses comme smtpd et nginx par défaut, libressl, nsd/unbound, et plein d’autres trucs qui brillent!

Par gaston

Puffy

Undeadly :: OpenBSD 5.5 Released

As you can now easily tell from the OpenBSD main web site, OpenBSD 5.5 has been released.

Looking at the release announcement and other sources such as the release page, it's easy to see that there are numerous goodies in store for you: A whole new traffic shaping system to replace ALTQ, 64-bit time_t, cryptographically signed base sets and packages, automatic installation features, improved hardware support, and more.

And if you haven't already, a good way to say a big thank you to Theo and the other developers is to go to the orders site and buy CD sets, T-shirts and other items. Direct donations are welcome too, of course.

30 April 2014

Puffy

Undeadly :: Privilege Separated Key Handling added to relayd(8) and smtpd(8)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In the space of only a few days Reyk Floeter (reyk@) added privilege separated private key handling for two important network-facing daemons, relayd(8) and smtpd(8).

The model was introduced to relayd(8) in this commit on April 18, 2014, and on April 29, 2014 the privilege separated key handling was added to smptd(8) too in this commit.

One more data point for why OpenBSD 5.6 will be, for lack of a better word, awesome.

Read more...

29 April 2014

Puffy

Undeadly :: Compiling OpenSSH No Longer Requires Linking in OpenSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } It's a move that has been mulled and polished on and off for a while before the Heartbleed kerfuffle that lead to our own LibreSSL fork, but with this commit Markus Friedl (markus@) has made linking with OpenSSL optional for building OpenSSH.

Read more...

Undeadly :: Tedu Kerberos from LibreSSL?

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) of tedu fame writes in to tech@ asking whether or not there are users of Kerberos or SRP (Secure Remote Password) who need the functionality:

Hi there. I'm trying to find somebody who is actually using either Kerberos or SRP support in libssl. I'm inclined to remove support for them. While the bulk of the code sits off to the side, the integration requires adding several additional cases to some of the most critical paths.

For reference, OpenBSD hasn't ever compiled support for either of these features and I haven't seen many complaints. The code has all the hallmarks of something that somebody needed once, threw over the fence, and has been barely maintained on life support ever since. That said, we'd rather not be too hasty in deleting it because unbeknownst to us, it could be useful.

We're looking for somebody to stand up and say "Not only do I need SRP support, but I'm sufficiently invested that I'd like to help maintain it."

Note that I'm not looking for negative responses. You don't need to tell me you think it's ok to delete these features. I already think that.

Also note that I'm not really interested in rumors or whispers. You don't need to tell me that it's possible somebody else uses Kerberos. I know it's possible, that's why I'm asking. I'd like to know who.

Thanks.

If you or one of your loved ones has a need for this, speak now or resurrect the code from the attic.

Undeadly :: OpenBSD Foundation's Google Summer of Code Projects Announced

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The Directors of the OpenBSD Foundation have announced the OpenBSD projects for this year's Google Summer of Code:

The OpenBSD Foundation is very pleased to announce that Google has granted us five student slots for GSOC 2014.

The five projects that we will undertaking as a result are:

  1. Proper YACC parsers for dhcpd and dhclient.
  2. Systemd-like support for ports.
  3. Capsicum.
  4. GPT and UEFI.
  5. Improved dhcpd.

Kudos to the winning students and the generous volunteers who will serve as mentors for the projects.

We're looking forward to seeing the results of the student's work, mentored by notable OpenBSD developers!

25 April 2014

Puffy

Undeadly :: m2k14: Stuart Henderson on Triage

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Stuart Henderson (sthen@) was the first developer to submit a report from the recent m2k14 hackathon:

I set off for Marrakech planning to look at updating DB in ports and taking care of changes needed in ports for a UVM diff for mpi@, but ended up getting swept away by the wave of destruction in ports from removal of the dangerous RAND_egd API in libssl, removal of Heimdal Kerberos from the base OS and (to a lesser extent) the final removal of altq, so frequent port builds and mopping up were the order of the day, and other projects were put on the back-burner.

Read more...

22 April 2014

Puffy

Undeadly :: It's Official: The OpenSSL Overhaul Is A Fork: Welcome LibreSSL in OpenBSD 5.6

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Yes, it's official. The recent work in cleaning up OpenSSL is now officially a fork, with its own website and donation link.

The project's name going forward is LibreSSL, and according to the (so far spartan) website, the first release will be included in OpenBSD 5.6, which is expected to be released November 1st, 2014.

Read more...

Undeadly :: Faster and more capable whatis(1)/apropos(1)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Not one to get lost in the OpenSSL/m2k14 shuffle, Ingo Schwarze (schwarze@) has, after much work and improvement, updated the man page search functionality:

Date: Fri, 18 Apr 2014 04:00:48 -0600 (MDT)
From: Ingo Schwarze 
To: source-changes@cvs.openbsd.org
Subject: CVS: cvs.openbsd.org: src

CVSROOT:        /cvs
Module name:    src
Changes by:     schwarze@cvs.openbsd.org        2014/04/18 04:00:48

Modified files:
        etc            : weekly
        libexec        : Makefile
        usr.bin        : Makefile
        usr.bin/mandoc : Makefile
        usr.sbin/pkg_add/OpenBSD: Add.pm Delete.pm Paths.pm PkgCreate.pm
        share/man      : Makefile
        share/man/man8 : daily.8

Log message:
Switch to the new makewhatis(8)/apropos(1)/whatis(1) combo.
"commit the switch now" espie@  "go for it" deraadt@

See the apropos(1) manual for a description of what's new.
On machines where you want the full functionality,
run "sudo makewhatis" and put "MAKEWHATISARGS=' '" into weekly.local(8).
Otherwise, when upgrading via source, run "sudo makewhatis -Q".
Read more...

19 April 2014

Puffy

Undeadly :: ALTQ removed from -current

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In between all the OpenSSL sound and fury it could have been easy to miss, but one of the likely Big News candidates for OpenBSD 5.6 just happened: Removal of the ALTQ traffic shaping system.

The commit message by Henning Brauer (henning@) reads:

CVSROOT:	/cvs
Module name:	src
Changes by:	henning@cvs.openbsd.org	2014/04/19 04:07:44

Modified files:
	sys/conf       : GENERIC 

Log message:
-option ALTQ
Read more...

18 April 2014

Puffy

Undeadly :: One week of OpenSSL cleanup

After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls.

Then Jonathan Grey (jsg@) and Reyk Flöter (reyk@) come next, followed by a group of late starters. Also, an honorable mention for Christian Weisgerber (naddy@), who has been fixing issues in ports related to this work.

All combined, there've been over 250 commits cleaning up OpenSSL. In one week. Some of these are simple or small changes, while other commits carry more weight. Of course, occasionally mistakes get made but these are also quickly fixed again, but the general direction is clear: move the tree forward towards a better, more readable, less buggy crypto library.

17 April 2014

Puffy

Undeadly :: m2k14: Hackathon Begins

As is their wont, a number of developers have congregated for another hackathon, this time in sunny Morocco.

You can, of course, follow the commits on source-changes, but the war cries that lead us down the road to Valhalla are being collected for your inspiration and amusement at OpenSSL Valhalla Rampage.

As always, it is your donations that make it possible for our berserkers to greet the Valkyries!

15 April 2014

Puffy

Undeadly :: OpenBSD has started a massive strip-down and cleanup of OpenSSL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The denizens of lobste.rs (and no doubt you, eagle-eyed reader!) have made note of the ongoing rototilling of the OpenSSL code in OpenBSD, and Joshua Stein (jcs@) has chimed in with a quick breakdown of the action thus far:

Changes so far to OpenSSL 1.0.1g since the 11th include:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

To clarify, not all of the cryptographic engines were removed; the padlock and aesni engines are still in place.

As always, it's heartening to see a concentrated effort on such a critical software component.

10 April 2014

Puffy

Undeadly :: OpenBSD Foundation Funding Goals Reached

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) writes in to tell us that the OpenBSD Foundation 2014 fundrasing campaign has reached its goals:

The OpenBSD Foundation is happy to report that the $150,000 goal of the 2014 fundraising campaign has been reached.

We wish to thank our contributors large and small. We will continue our fundraising efforts both in the current year and next year.

Read more...

Undeadly :: heartbleed vs malloc.conf (updated)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Ted Unangst (tedu@) has posted an article about how OpenSSL has managed to sidestep OpenBSD's malloc.conf(3) protections:

About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.

As they say, read the whole thing.

Update:
tedu@ has a follow up post in which he finds a particularly nasty bug in the code which sidesteps the malloc.conf options, which means that it cannot, unpatched, be disabled:

Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug I’m about to describe can only exist and go unnoticed precisely because the freelist is LIFO.

As they say, read this other thing.

09 April 2014

Puffy

OpenBSD Errata :: 003 SECURITY

  All architectures
Missing hostname check for HTTPS connections in the ftp(1) utility.

08 April 2014

Puffy

Undeadly :: Patches for OpenSSL bounds checking bug

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches for the so called heartbleed OpenSSL bug have been released by the OpenBSD project for OpenBSD 5.3-stable, OpenBSD 5.4-stable and OpenBSD 5.5

In the short statement contained in the commit message, Theo de Raadt (deraadt@) noted that OpenSSH is unaffected.

Read more...

Puffy

OpenBSD Errata :: 002 SECURITY

  All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents.