30 April 2015

Puffy

Undeadly :: OpenBSD 5.7 Released

May 1st, 2015, Calgary, AB, CA and elsewhere:

OpenBSD 5.7 has been released. The brand new 5.7 subdirectory should now be available and filled up on all relevant mirrors for those of you who have yet to receive your CD orders.

The release announcement, posted on project mailing lists earlier today, and the release home page both mention some highlights of the new release, while the complete changelog for the release is available on the OpenBSD website.

While you are too late to be the first to preorder a shiny OpenBSD release CD set, you can order one of your own, as well as a very cool 5.7-release poster.

29 April 2015

Puffy

Undeadly :: OpenBSD has accepted projects from Google Summer of Code 2015

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The OpenBSD page for Google Summer of Code 2015 has been updated with the list of accepted projects for this year.
Asynchronous USB Transfers From Userland
ARM SD/MMC Driver & Controller Driver In libsa For OpenBSD
Port HAMMER2 to OpenBSD
Implement KMS Driver For Cirrus Cards
Improving USB Userland Tools And ioctl(2)
Automating Module Porting
Many thanks to those that responded, and we wish the best of luck on all projects!

27 April 2015

Puffy

Undeadly :: EU study recommends OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In this European Parliament study: “EU should finance key open source tools” pointed out to us by Paul Irofti (pirofti@), and especially at study 2, they come to the conclusion that:
"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."
Read more...

22 April 2015

Puffy

Undeadly :: CfP extended for EuroBSDCon 2015

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Due to overwhelming response, the deadline for submitting talks to EuroBSDCon has been extended:

Since there was a huge rush of submissions just on the very last day, we have decided to give a second chance for all of you that didn’t quite finish your talk or tutorial proposal in time for the deadline.

The new date is set to May 22nd, but you don’t have to wait until the very last moment. Send in your suggestions right away. We think there still is room for some more topics related to *BSD left to present.

For those of you who already have sent in yours, we are very happy to see so many good submissions. Don’t hesitate to add another topic to your submissions if you haven’t run out of good ideas yet.

If you've been sitting on that paper, now's the time to ship it!

20 April 2015

Puffy

Undeadly :: p2k15 Hackathon Report: schwarze@ on USE_GROFF

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ingo Schwarze (schwarze@) writes in with our fourth report from the p2k15 ports hackathon:

When groff was removed from the OpenBSD base system in October 2010, Marc Espie@ marked more than 3000 ports with the USE_GROFF bsd.port.mk(5) variable, meaning that their manuals were formatted with groff at port build time and the preformatted versions included in the package. Over time, as mandoc(1) matured and learnt to handle more and more syntax, the number of ports having USE_GROFF gradually decreased.
Read more...

15 April 2015

Puffy

Undeadly :: Solaris Admins: For A Glimpse Of Your Networking Future, Install OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Undeadly's very own Peter Hansteen has written up some PF-on-Solaris-related email chatter:

Roughly a week ago, on April 5th, 2015, parts of Oracle's roadmap for upcoming releases of their Solaris operating system was leaked in a message to the public OpenBSD tech developer mailing list. This is notable for several reasons, one is that Solaris, then owned and developed by (the now defunct) Sun Microsystems, was the original development platform for Darren Reed's IP Filter, more commonly known as IPF, which in turn was the software PF was designed to replace.

As they say, read the whole thing!

13 April 2015

Puffy

Undeadly :: p2k15 Hackathon Report: stsp@ on wifi and games

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Stefan Sperling (stsp@) writes in with our third report from the p2k15 ports hackathon:

I spent the week before hackathon reviving a lingering work-in-progress implementation of a wireless driver for RTL8188CE devices. These are essentially urtwn(4) devices on the PCI bus instead of USB. The driver started out as a copy of urtwn(4) which I'm gradually moving over to PCI. With help from uwe@ I could clear some roadblocks that had prevented progress and got the driver up to the point where the firmware loading process completed successfully.
Read more...

Undeadly :: p2k15 Hackathon Report: krw@ on GPT support

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ken Westerback (krw@) writes in with our second report from the p2k15 ports hackathon:

Never has a hackathon accomplished so much in the presence of so many fire doors. It appears that the University of Exeter is fire door mad, with every door labelled a fire door that must always be closed or locked.
Read more...

12 April 2015

Puffy

Undeadly :: softraid(4) - RAID 5 Call for Testing

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Joel Sing (jsing@) has put out a call for testing for RAID 5 on softraid(4):

For those not following source-changes@, I have just re-enabled the RAID 5 discipline for softraid(4).

During the last two hackathons in Dunedin, the RAID 5 implementation was largely rewritten. As far as I am aware, the last missing part was the lack of ability to resume a partial rebuild, which has been fixed - it now needs further testing and usage so that any remaining issues can be found.

Read more...

10 April 2015

Puffy

Undeadly :: p2k15 Hackathon Report: landry@ on mozilla and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Landry Breuil (landry@) writes in with our first report from the p2k15 ports hackathon:

This was a short hackathon for once, so I took the opportunity to visit london on the way couchsurfing for two days, then enjoyed a quiet train trip to exeter through the nice countryside of devon...

Had quite a bit of fun being the first one on-site at the university building, since the people at the desk weren't aware at all that an event was organized in their place - didnt know hackathons were such secret things :)

Read more...

25 March 2015

Puffy

Undeadly :: OpenNTPD 5.7p4 released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The OpenNTPD team has announced the availability of OpenNTPD 5.7p4, which adds

support for using HTTPS time constraints to validate NTP responses, in turn made possible by the LibreSSL supplied libtls

plus a number of important bug fixes.

You'll find the full text of the announcement after the fold:

Read more...

24 March 2015

Puffy

Undeadly :: SSH Protocol 1 Now Disabled at Compile Time

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

As Damien Miller (djm@) announced on tech@, support for SSH version 1 is now no longer being included in OpenBSD SSH:

Hi,

I just committed a change to src/usr.bin/ssh/Makefile.inc to compile- time disable SSH protocol 1. This protocol is old, unsafe and really, really shouldn't be used at all any more.

If you have need of it, then you can re-enable it for yourself using the knob in Makefile.inc.

If you run into bugs related to this change, please tell openssh@openssh.com and we'll fix them quickly. We're deliberately doing this change early in the release cycle to flush out bugs and find out how many people are still using this terrible old protocol.

-d

Like the man says, report any bugs found! And this might be a good time to offer the hand of friendship and understanding to any and all vendors/packagers who still support v1 to join the rest of us in deprecating the lesser protocols.

18 March 2015

Puffy

Undeadly :: EuroBSDCon 2015 Call for Papers Is Out

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The EuroBSDCon 2015 conference organizers have announced the Call for Papers for the upcoming conference in Stockholm, Sweden.

Go to https://2015.eurobsdcon.org/call-for-papers/ for details; the full text of the announcement also follows after the fold.

Read more...

Undeadly :: libXfont Errata

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches are now available to fix buffer overflows in libXfont. This issue affects 5.5, 5.6, and the forthcoming 5.7 release.

For more details, refer to the X.org advisory:
http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/

5.5 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/023_libxfont.patch.sig

5.6 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig

Read more...

17 March 2015

Puffy

Undeadly :: LibreSSL 2.1.5 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The LibreSSL team has released LibreSSL 2.1.5, which the team characterizes as

relatively small, focused on bug fixes before 2.2.x development begins along-side OpenBSD 5.8.

In what could be a useful test of the LibreSSL project's code cleanup operation, the team notes that

This or earlier LibreSSL releases may also address issues that are to be revealed by The OpenSSL Project Team on the 19th of March, 2015.

The LibreSSL team is not typically apprised of OpenSSL-related security issues in advance. We will address any previously-unknown issues that are found to affect LibreSSL in future releases.

You can read the full announcement here, and it also follows in full after the fold.

UPDATE 2015-03-17 16:20 CET: Bob Beck (beck@) now reports that the OpenSSL project has communicated details of the still-embargoed OpenSSL vulnerabilities to LibreSSL core developers.

Read more...

15 March 2015

Puffy

Undeadly :: OpenBSD @ AsiaBSDCon: httpd, PIE, and more

Slides from the AsiaBSDCon 2015 presentations are expected to appear on the OpenBSD web site (specifically the Presentations and Papers) page.

The first presentation to appear there was Reyk Floeter's OpenBSD's new httpd (slides), also with a paper version.

Other developers have been quite punctual too, publishing their presentations soon after their sessions at the conference:

Peter Hessler: The results of using BGP for realtime import and export of spam whitelist/blacklist entries
Ted Unangst: Pruning and Polishing: Keeping OpenBSD Modern
Henning Brauer: OpenBSD sucks
Pascal Stumpf: Converting OpenBSD to PIE (slides) plus paper

And finally, the OpenBSD Update from the work in progress session, given by Henning Brauer.

13 March 2015

Puffy

Undeadly :: OpenBSD 5.7 Preorders Started

Yes, you read that right!

Preorders of the upcoming OpenBSD 5.7 release have been enabled at the OpenBSD Store (based in the UK, ships worldwide).

The OpenBSD 5.7 release page is filling out nicely as we speak, and you can look up further details of what you have in store come May 1st by taking a peek at the detailed changelog page.

Now don't just stand there! Go ahead, order a CD set (or a few), or if you'll be downloading anyway, donate!

Update: The first copy has already been sold, just a few moments after the initial commit and before the actual announcement to misc@ (both by deraadt@) went out.

12 March 2015

Puffy

Undeadly :: FreeType Patches Available

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Patches for bugs in the FreeType library are available:

FreeType 2.5.5 contained more fixes for malformed font buffer overflows. Thanks to David Coppa for extracting the necessary patches from the Ubuntu package.

Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release already includes FreeType 2.5.5.

Read more...

Undeadly :: LibSSL Patch Available

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Patches for the recently-announced FREAK attack are now available:

When CVE-2015-0204 (RSA silently downgrades to EXPORT_RSA) was announced, it was labeled "Severity: Low". Our assessment at the time was that export ciphers had already been removed prior to the release of 5.6, and that the fix was not worth backporting to 5.5.

Then CVE-2015-0204 was renamed the FREAK attack. Now it has a fancy name so you know it's important.

Unfortunately, our original assessment was not entirely correct. Some of the features exploited by FREAK were not deleted until after 5.6, although this was not known until testing tools became available. We've corrected libssl by backporting the necessary changes to 5.6.

Read more...

07 March 2015

Puffy

Undeadly :: s2k15 Hackathon Report: tedu@ on UVM SMP

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our fourth report from the s2k15 hackathon comes from Ted Unangst:

Since s2k15 was, at least for some people, the SMP hackathon, I started my first project in that area. We currently have a few system calls that work without requiring the kernel lock because they only touch isolated parts of the data, but they aren't very exciting. getpid(), for example. I wanted to speed up a system call that may have some noticable results in a workload I use every day: compiling.

Read more...

05 March 2015

Puffy

Undeadly :: s2k15 Hackathon Report: Jonathan Gray on X Graphic Acceleration Improvements, afl fuzzer

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Our third report from the s2k15 hackathon comes from Jonathan Gray (jsg@):

During the recent s2k15 hackathon in Brisbane I made another attempt to get acceleration working on newer Southern Islands/Graphics Core Next Radeon parts. As there is no traditional EXA acceleration provided by the xf86-video-ati driver for these the only option is glamor. Glamor used to be an external library but is now distributed as part of the Xorg X server. It works by creating an EGL context and provides OpenGL based 2D acceleration.

Read more...

04 March 2015

Puffy

Undeadly :: LibreSSL 2.1.4

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook (bcook@) posted:
We have released LibreSSL 2.1.4, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.

This release adds a number of new security features, makes building privilege-separated programs simpler, and improves the libtls API.
Read more...

Undeadly :: Errata for X Server Infoleak

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } As reported by Ted Unangst (tedu@) on tech:

Patches are now available to fix an information leak in the XkbSetGeometry request of X servers. For more information, see the X.org advisory.

Read more...

03 March 2015

Puffy

Undeadly :: Summer of Code 2015 Project Ideas Announced

The OpenBSD foundation has published its Project Ideas List for this year's Google-sponsored Summer of Code. If you're a student with an appropriate background, this could be your chance to take a stab at contributing to the OpenBSD code base, with OpenBSD developers as your mentors.

The Foundation and the OpenBSD project do not guarantee that SOC projects are accepted into the OpenBSD code base, but it's worth trying, isn't it?

Check out the list and see if there's something there you want to spend most of the summer hacking on.

Undeadly :: Ted Unangst: Improving Browser Security

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In a recent post to misc@, Ted Unangst (tedu@), outlined some of his upcoming work on improving browser security. Ted writes,

A few words about a project I've started working on today with support from the OpenBSD Foundation.

Read more...

27 February 2015

Puffy

Undeadly :: Episode 078: From the Foundation (Part 2)

In this week's episode, the fellas from BSDNow interview Ken Westerback (krw@), one of the directors of the OpenBSD Foundation. They also talk about the nascent BSDCan 2015 schedule, Reyk Flöter's superfish-esque relayd.conf, OpenBSD on the Minnowboard Max, and all the odds and ends in the week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

26 February 2015

Puffy

Undeadly :: OpenBSD Foundation 2014/2015 News & Fundraising

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ken Westerback (krw@) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:

2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.

A detailed summary of the Foundation's activities in 2014 can be seen at

http://www.openbsdfoundation.org/activities.html

But here are some highpoints.

Read more...

21 February 2015

Puffy

Undeadly :: s2k15 Hackathon Report: krw@ on improvements in dhclient(8), fdisk(8) and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The second s2k15 hackathon reports comes from Ken Westerback (krw@), who writes:

I arrived in Brisbane with Theo in tow and was quickly whisked away by dlg@ to the lovely surroundings of St. Leo's college. The hackroom was across the street and very nice once you got past the giant turkey nest being contructed by a turkey on the sidewalk. Australian birds are weird. The net was especially good. Obviously somebody competent was running it and using a particularly good firewall.

Read more...

18 February 2015

Puffy

Undeadly :: s2k15 Hackathon Report: mpi@ on network stack SMP

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Martin Pieuchot (mpi@) writes in with his report from the s2k15 hackathon:

s2k15 was definitely a hackathon to get things started and for me, the 's' was clearly for SMP. I arrived a bit earlier to be able to finally meet and discuss with David (dlg@), our host, in order to define a strategy to continue moving some bits and pieces of the network stack out of the big lock.

And that's what we did. So we had a look at the glue between the network drivers and the stack and found a way to improve the integration of pseudo drivers in the Ethernet layer. The goal of this refactoring is to avoid recursion and decouple code paths in order to make it easier to turn every pseudo driver MP-safe. That's why I rapidly commited a new interface and then started to convert various drivers.

As usual I committed some bug fixes and other small cleanups in the nework stack and I also took advantage of the fact that Miod (miod@) was sitting next to me, to bother him with some powerpc related questions. We ended up fixing some small bugs for G5 machines. As a result they can now use radeondrm(4) and correctly see all their available memory.

I really enjoyed this shiny week of hacking, thank you very much David for hosting us here and thanks to Theo and the OpenBSD foundation for taking care of my flight and accomodation!

Thanks to Martin for being the first with his post-hackathon write-up!

Undeadly :: BSDNow Episode 076: Time for a Change

On this week's episode, the BSDNow folks interview Henning Brauer (henning@), featuring a cameo by the lovely and talented Ken Westerback (krw@) about OpenNTPD, especially in regards to the portable revival and later drool over the new security features.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

13 February 2015

Puffy

Undeadly :: OpenBSD booth at SCALE 13x

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Seth writes in to announce the OpenBSD booth at this year's SCALE 13x conference:

The OpenBSD vendor booth rides again this February at Scale 13x. As usual, we'll be peddling OpenBSD merchandise including the much sought after 5.6 CD sets, t-shirts, books, coffee mugs, posters and stickers.

Stop by to shoot the bull, stuff the donation jar, or just straighten out that keel with a shot of 'Puffy-go-go-juice' fresh from our on-site espresso machine. (Sadly, our drone shipment of Puffy-Bolivian-marching-powder is not going to make it this year)

If you can help staff the booth for at minimum 2-3 hours on both Saturday and Sunday, there's a free conference pass waiting on arrival with your name on it. Developers preferred, but anyone with a modicum of social skills is welcome to volunteer. Email Scale13xOpenBSD@hush.ai for more info.


It's being held on February 19th-22nd at the Hilton Los Angeles Airport in Los Angeles, California.

12 February 2015

Puffy

Undeadly :: OpenBSD Just Works

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After what appears to have been a very successful s2k15 hackathon, two significant thank you themed posts have appeared on OpenBSD mailing lists. The first came on misc@ from longtime user and supporter Diana Eichert, with the subject a thankyou to OpenBSD. Diana writes,

I don't post much any more, my OpenBSD systems "just work".

Just wanted to post a thank you to OpenBSD because it does
"just work".

You can check the entire message and followup thread here.

The second came from Henning Brauer (henning@), writing to tech@, with the subject A thanks to the donors, and a small request. Henning writes,

The OpenBSD foundation has just acquired 4 Dell r210s for my OpenBSD
development setup to replace their aging predecessors from 2007.

I would like to take the opportunity to thank everybody who has donated
to the foundation, you made this possible.

And here's a message to potential donors - you can help complete the setup for optimal development conditions:

To complete the setup, I need at least 2 single and one dual port
10GBaseT ix(4) cards. There is one previously donated on in Australia
that I could use, unfortunately we cannot quite figure out right
now whether it is single or dual - depending on that, I'll need 2
single or 1 single and 1 dual port one on top.

The machines come without the rackmount rails, having them would make
it considerably easier for me - for regular 4-post racks.

Henning also notes that for most efficient use of everybody's time, it would be best if the equipment 'just shows up'. You can read the rest of the message here.

If you can help make this happen, please dive in!

For other equipment requests, make sure to check the Hardware Wanted page, or go to the Donations page.

11 February 2015

Puffy

Undeadly :: Jazz concert with OpenBSD synths

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Everybody's favourite audio hacker Alexandre Ratchov (ratchov@) is inviting you to a concert in Grenoble (France). Read on to find out how this relates to OpenBSD:

Announcing a jazz concert here might sound off-topic, but for this one all synthesizers will run on a OpenBSD box. Unfortunately there are no sample recordings available on the web, only this site (in French).

For non-French speakers, the concert takes place at "the Hexagone" in the Grenoble area, Feb 27, 2015. You're welcome.

The music is experimental jazz using micro-tonal instruments, played by great jazz musicians: virtuoso flutist Magic Malik, Maxime Zampieri on the drums and Jean-Luc Lehr on the bass. We use acoustic instruments (fretless bass, drums) and synthesizers (flute-like synths, pads, and percussions). All synths and corresponding effect processors run on a OpenBSD/amd64 box.

There're few input midi(4) devices: a keyboard, a flute-like wind controller, a kit of drum pads, and control surface (bunch of knobs). They send short messages (aka midi events) whenever a key is pressed on the keyboard, the breath pressure changes on the wind controller, or a pad is hit with the stick. The synthesizer is a program (not published yet) that listens on a sndio(7) midithru port, calculates the wave corresponding to input midi events in real-time then sends the result for audio playback to a envy(4) based card. Then, the resulting analog signal is mixed with other analog sources (bass and microphones) and amplified. Everything is configured to have few milliseconds of latency between the moment a midi message arrives and the corresponding signal hits the amplifier.

The music is based on a theory developed by Frederic Faure which is too long to explain here, but it brings a unique sound by carefully choosing note pitches. So we use an additional program to calculate the pitch of each note submitted to the synth and to visualize various aspects of the theory to assist musicians, it also runs on the same box.

There will be a masterclass on this music presented by Malik, Frederic and me on Feb. 25, 2015. We'll discuss practical and theoretical aspects of this music, and if there's interest internals of the synths and the setup.

Maybe see you at the masterclass and/or for a beer after the concert.

So, if you happen to be in the neighbourhood, make sure to stop by. Thanks to Alexandre for his story!

10 February 2015

Puffy

Undeadly :: s2k15: Authenticated TLS 'constraints' in ntpd(8)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Reyk Flöter (reyk@) wrote in to tech@, talking about some work he'd done at s2k15:

Hi!

Theo, Henning, and me developed an idea to utilize TLS in some way for authenticated time in ntpd(8). We are not intending to use it as a direct time source, but as a "constraint" to verify the NTP responses. I came up with an implementation that has been designed to be an optional, non-intrusive feature that is now part of OpenBSD -current.

Read more...

09 February 2015

Puffy

Undeadly :: s2k15: the stack overflow that wasn't

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

From the trenches of s2k15:

There was a recent bug in OpenBSD install kernels. At random times during the install, messages like the following would appear:

/upgrade: //install.sub[168]: sleep: Cannot allocate memory
/upgrade: //install.sub[168]: cat: Cannot allocate memory
This is pretty unusual. sleep and cat are not usually memory intensive. Clearly, something had changed. There were a few initial suspects but they had been pretty well tested. What was different?

Read the whole thing to find out the answer!

08 February 2015

Puffy

Undeadly :: s2k15: warming up

Earlier this week, the s2k15 hackathon started down here in Brisbane Australia.

21 developers, all working on various projects, with several already hitting the tree.

Right now the biggest highlight is the iwm(4) driver, for new Intel 7260 wireless chips. This is found in newer Thinkpads, including your trusty editor's x240. Most of the work was done before the hackathon, but it was committed early, so we could continue working in the tree and make further improvements. The driver will show up in snapshots from Feb 8 or later.

Stay tuned for future improvements, and announcements from the s2k15 hackathon!

30 January 2015

Puffy

Undeadly :: My First OpenBSD Port

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Adam Wołk shares his experiences in porting the Otter web browser to OpenBSD:

[My first OpenBSD port] has just landed in the ports tree. It's been a fun ride, this post is a summary of the whole process from the perspective of a first time contributor. Note that this is not a tutorial, just my personal experiences of getting my first port accepted to the tree.

The article is a good overview of getting involved in the porting process; if you've ever been interested in how the process works, take a look!

21 January 2015

Puffy

Undeadly :: afl-fuzz - American Fuzzy Lop

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

I wanted to test the afl fuzzer that sort of recently entered the ports collection, ever since this webpage talked about how they give a jpeg decoder the string "Hello" in a file which it twists and mutates until the jpeg decoder no longer croaks on it, and it ends up actually being a valid jpeg image (though not very pretty). Read more...

14 January 2015

Puffy

Undeadly :: amd64 Kernel W^X

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt (deraadt@) announced that amd64 kernels now have W^X memory protection in the kernel:

Mike Larkin has been slow at informing the world, despite my prodding.
Probably started working on something else cool...
Read more...

09 January 2015

Puffy

Undeadly :: OpenNTPD 5.7p1 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook (bcook@), still flush from success in creating the portable version of LibreSSL, has turned his hand to to OpenNTPD:

After a long hiatus, the latest version of OpenNTPD is available once again in a portable release.

  • Support for a new build infrastructure based on the LibreSSL framework. Source code is integrated directly from the OpenBSD tree with few manual changes, easing maintenance.
  • Removed support for several OSes pending test reports and updated portability code.
  • Supports the Simple Network Time Protocol version 4 as described in RFC 5905
  • Added route virtualization (rdomain) support.
  • Added ntpctl(8), which allows for querying ntpd(8) at runtime.
  • Finer-grained clock adjustment via adjfreq / ntp_adjtime where available.
  • Improved latency on heavily-loaded machines.

Hopefully those who've repackaged the previous releases for their OSes will update in due course.

08 January 2015

Puffy

Undeadly :: Dissecting OpenBSD's divert(4) Part 1: Introduction

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Lawrence Teo (lteo@) has published the first in a series of posts about OpenBSD's divert(4) functionality:

For more than four years I have been using and tinkering with OpenBSD’s divert(4). At one point after OpenBSD 4.9 was released, I ran into an annoying bug in divert(4) that totally prevented me from using it. At the time I had no idea how to fix it, so I did the next best thing by filing a detailed bug report.

Eventually I realized that the bug isn’t going to fix itself, so I decided it was time to roll up my sleeves and wade into the code. So after 2.5 years of on-and-off tinkering and staring at the code and head-scratching and facedesking I finally fixed it, thanks to a ton of help from Bret Lambert (blambert@). The problem turned out to be due to checksums, which is another interesting topic but that’s a story for another day.

Mr. Teo promises more on the subject soon, so read the whole thing, and keep slavering for more!