27 February 2015

Puffy

Undeadly :: Episode 078: From the Foundation (Part 2)

In this week's episode, the fellas from BSDNow interview Ken Westerback (krw@), one of the directors of the OpenBSD Foundation. They also talk about the nascent BSDCan 2015 schedule, Reyk Flöter's superfish-esque relayd.conf, OpenBSD on the Minnowboard Max, and all the odds and ends in the week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

26 February 2015

Puffy

Undeadly :: OpenBSD Foundation 2014/2015 News & Fundraising

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ken Westerback (krw@) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:

2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.

A detailed summary of the Foundation's activities in 2014 can be seen at

http://www.openbsdfoundation.org/activities.html

But here are some highpoints.

Read more...

21 February 2015

Puffy

Undeadly :: s2k15 Hackathon Report: krw@ on improvements in dhclient(8), fdisk(8) and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The second s2k15 hackathon reports comes from Ken Westerback (krw@), who writes:

I arrived in Brisbane with Theo in tow and was quickly whisked away by dlg@ to the lovely surroundings of St. Leo's college. The hackroom was across the street and very nice once you got past the giant turkey nest being contructed by a turkey on the sidewalk. Australian birds are weird. The net was especially good. Obviously somebody competent was running it and using a particularly good firewall.

Read more...

18 February 2015

Puffy

Undeadly :: s2k15 Hackathon Report: mpi@ on network stack SMP

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Martin Pieuchot (mpi@) writes in with his report from the s2k15 hackathon:

s2k15 was definitely a hackathon to get things started and for me, the 's' was clearly for SMP. I arrived a bit earlier to be able to finally meet and discuss with David (dlg@), our host, in order to define a strategy to continue moving some bits and pieces of the network stack out of the big lock.

And that's what we did. So we had a look at the glue between the network drivers and the stack and found a way to improve the integration of pseudo drivers in the Ethernet layer. The goal of this refactoring is to avoid recursion and decouple code paths in order to make it easier to turn every pseudo driver MP-safe. That's why I rapidly commited a new interface and then started to convert various drivers.

As usual I committed some bug fixes and other small cleanups in the nework stack and I also took advantage of the fact that Miod (miod@) was sitting next to me, to bother him with some powerpc related questions. We ended up fixing some small bugs for G5 machines. As a result they can now use radeondrm(4) and correctly see all their available memory.

I really enjoyed this shiny week of hacking, thank you very much David for hosting us here and thanks to Theo and the OpenBSD foundation for taking care of my flight and accomodation!

Thanks to Martin for being the first with his post-hackathon write-up!

Undeadly :: BSDNow Episode 076: Time for a Change

On this week's episode, the BSDNow folks interview Henning Brauer (henning@), featuring a cameo by the lovely and talented Ken Westerback (krw@) about OpenNTPD, especially in regards to the portable revival and later drool over the new security features.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

13 February 2015

Puffy

Undeadly :: OpenBSD booth at SCALE 13x

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Seth writes in to announce the OpenBSD booth at this year's SCALE 13x conference:

The OpenBSD vendor booth rides again this February at Scale 13x. As usual, we'll be peddling OpenBSD merchandise including the much sought after 5.6 CD sets, t-shirts, books, coffee mugs, posters and stickers.

Stop by to shoot the bull, stuff the donation jar, or just straighten out that keel with a shot of 'Puffy-go-go-juice' fresh from our on-site espresso machine. (Sadly, our drone shipment of Puffy-Bolivian-marching-powder is not going to make it this year)

If you can help staff the booth for at minimum 2-3 hours on both Saturday and Sunday, there's a free conference pass waiting on arrival with your name on it. Developers preferred, but anyone with a modicum of social skills is welcome to volunteer. Email Scale13xOpenBSD@hush.ai for more info.


It's being held on February 19th-22nd at the Hilton Los Angeles Airport in Los Angeles, California.

12 February 2015

Puffy

Undeadly :: OpenBSD Just Works

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After what appears to have been a very successful s2k15 hackathon, two significant thank you themed posts have appeared on OpenBSD mailing lists. The first came on misc@ from longtime user and supporter Diana Eichert, with the subject a thankyou to OpenBSD. Diana writes,

I don't post much any more, my OpenBSD systems "just work".

Just wanted to post a thank you to OpenBSD because it does
"just work".

You can check the entire message and followup thread here.

The second came from Henning Brauer (henning@), writing to tech@, with the subject A thanks to the donors, and a small request. Henning writes,

The OpenBSD foundation has just acquired 4 Dell r210s for my OpenBSD
development setup to replace their aging predecessors from 2007.

I would like to take the opportunity to thank everybody who has donated
to the foundation, you made this possible.

And here's a message to potential donors - you can help complete the setup for optimal development conditions:

To complete the setup, I need at least 2 single and one dual port
10GBaseT ix(4) cards. There is one previously donated on in Australia
that I could use, unfortunately we cannot quite figure out right
now whether it is single or dual - depending on that, I'll need 2
single or 1 single and 1 dual port one on top.

The machines come without the rackmount rails, having them would make
it considerably easier for me - for regular 4-post racks.

Henning also notes that for most efficient use of everybody's time, it would be best if the equipment 'just shows up'. You can read the rest of the message here.

If you can help make this happen, please dive in!

For other equipment requests, make sure to check the Hardware Wanted page, or go to the Donations page.

11 February 2015

Puffy

Undeadly :: Jazz concert with OpenBSD synths

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Everybody's favourite audio hacker Alexandre Ratchov (ratchov@) is inviting you to a concert in Grenoble (France). Read on to find out how this relates to OpenBSD:

Announcing a jazz concert here might sound off-topic, but for this one all synthesizers will run on a OpenBSD box. Unfortunately there are no sample recordings available on the web, only this site (in French).

For non-French speakers, the concert takes place at "the Hexagone" in the Grenoble area, Feb 27, 2015. You're welcome.

The music is experimental jazz using micro-tonal instruments, played by great jazz musicians: virtuoso flutist Magic Malik, Maxime Zampieri on the drums and Jean-Luc Lehr on the bass. We use acoustic instruments (fretless bass, drums) and synthesizers (flute-like synths, pads, and percussions). All synths and corresponding effect processors run on a OpenBSD/amd64 box.

There're few input midi(4) devices: a keyboard, a flute-like wind controller, a kit of drum pads, and control surface (bunch of knobs). They send short messages (aka midi events) whenever a key is pressed on the keyboard, the breath pressure changes on the wind controller, or a pad is hit with the stick. The synthesizer is a program (not published yet) that listens on a sndio(7) midithru port, calculates the wave corresponding to input midi events in real-time then sends the result for audio playback to a envy(4) based card. Then, the resulting analog signal is mixed with other analog sources (bass and microphones) and amplified. Everything is configured to have few milliseconds of latency between the moment a midi message arrives and the corresponding signal hits the amplifier.

The music is based on a theory developed by Frederic Faure which is too long to explain here, but it brings a unique sound by carefully choosing note pitches. So we use an additional program to calculate the pitch of each note submitted to the synth and to visualize various aspects of the theory to assist musicians, it also runs on the same box.

There will be a masterclass on this music presented by Malik, Frederic and me on Feb. 25, 2015. We'll discuss practical and theoretical aspects of this music, and if there's interest internals of the synths and the setup.

Maybe see you at the masterclass and/or for a beer after the concert.

So, if you happen to be in the neighbourhood, make sure to stop by. Thanks to Alexandre for his story!

10 February 2015

Puffy

Undeadly :: s2k15: Authenticated TLS 'constraints' in ntpd(8)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Reyk Flöter (reyk@) wrote in to tech@, talking about some work he'd done at s2k15:

Hi!

Theo, Henning, and me developed an idea to utilize TLS in some way for authenticated time in ntpd(8). We are not intending to use it as a direct time source, but as a "constraint" to verify the NTP responses. I came up with an implementation that has been designed to be an optional, non-intrusive feature that is now part of OpenBSD -current.

Read more...

09 February 2015

Puffy

Undeadly :: s2k15: the stack overflow that wasn't

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

From the trenches of s2k15:

There was a recent bug in OpenBSD install kernels. At random times during the install, messages like the following would appear:

/upgrade: //install.sub[168]: sleep: Cannot allocate memory
/upgrade: //install.sub[168]: cat: Cannot allocate memory
This is pretty unusual. sleep and cat are not usually memory intensive. Clearly, something had changed. There were a few initial suspects but they had been pretty well tested. What was different?

Read the whole thing to find out the answer!

08 February 2015

Puffy

Undeadly :: s2k15: warming up

Earlier this week, the s2k15 hackathon started down here in Brisbane Australia.

21 developers, all working on various projects, with several already hitting the tree.

Right now the biggest highlight is the iwm(4) driver, for new Intel 7260 wireless chips. This is found in newer Thinkpads, including your trusty editor's x240. Most of the work was done before the hackathon, but it was committed early, so we could continue working in the tree and make further improvements. The driver will show up in snapshots from Feb 8 or later.

Stay tuned for future improvements, and announcements from the s2k15 hackathon!

30 January 2015

Puffy

Undeadly :: My First OpenBSD Port

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Adam Wołk shares his experiences in porting the Otter web browser to OpenBSD:

[My first OpenBSD port] has just landed in the ports tree. It's been a fun ride, this post is a summary of the whole process from the perspective of a first time contributor. Note that this is not a tutorial, just my personal experiences of getting my first port accepted to the tree.

The article is a good overview of getting involved in the porting process; if you've ever been interested in how the process works, take a look!

21 January 2015

Puffy

Undeadly :: afl-fuzz - American Fuzzy Lop

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

I wanted to test the afl fuzzer that sort of recently entered the ports collection, ever since this webpage talked about how they give a jpeg decoder the string "Hello" in a file which it twists and mutates until the jpeg decoder no longer croaks on it, and it ends up actually being a valid jpeg image (though not very pretty). Read more...

14 January 2015

Puffy

Undeadly :: amd64 Kernel W^X

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt (deraadt@) announced that amd64 kernels now have W^X memory protection in the kernel:

Mike Larkin has been slow at informing the world, despite my prodding.
Probably started working on something else cool...
Read more...

09 January 2015

Puffy

Undeadly :: OpenNTPD 5.7p1 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook (bcook@), still flush from success in creating the portable version of LibreSSL, has turned his hand to to OpenNTPD:

After a long hiatus, the latest version of OpenNTPD is available once again in a portable release.

  • Support for a new build infrastructure based on the LibreSSL framework. Source code is integrated directly from the OpenBSD tree with few manual changes, easing maintenance.
  • Removed support for several OSes pending test reports and updated portability code.
  • Supports the Simple Network Time Protocol version 4 as described in RFC 5905
  • Added route virtualization (rdomain) support.
  • Added ntpctl(8), which allows for querying ntpd(8) at runtime.
  • Finer-grained clock adjustment via adjfreq / ntp_adjtime where available.
  • Improved latency on heavily-loaded machines.

Hopefully those who've repackaged the previous releases for their OSes will update in due course.

08 January 2015

Puffy

Undeadly :: Dissecting OpenBSD's divert(4) Part 1: Introduction

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Lawrence Teo (lteo@) has published the first in a series of posts about OpenBSD's divert(4) functionality:

For more than four years I have been using and tinkering with OpenBSD’s divert(4). At one point after OpenBSD 4.9 was released, I ran into an annoying bug in divert(4) that totally prevented me from using it. At the time I had no idea how to fix it, so I did the next best thing by filing a detailed bug report.

Eventually I realized that the bug isn’t going to fix itself, so I decided it was time to roll up my sleeves and wade into the code. So after 2.5 years of on-and-off tinkering and staring at the code and head-scratching and facedesking I finally fixed it, thanks to a ton of help from Bret Lambert (blambert@). The problem turned out to be due to checksums, which is another interesting topic but that’s a story for another day.

Mr. Teo promises more on the subject soon, so read the whole thing, and keep slavering for more!

02 January 2015

Puffy

Undeadly :: OpenBSD Moves to 5.7-beta

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Theo de Raadt (deraadt@) has moved OpenBSD to 5.7-beta:
CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2015/01/01 08:50:27

Modified files:
	etc/root       : root.mail 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	sys/conf       : newvers.sh 
	sys/sys        : param.h 

Log message:
move to 5.7-beta

As always, your testing is needed to ensure that any bugs are found and squashed early!

24 December 2014

Puffy

Undeadly :: Heads Up: Snapshot Upgrades for Static PIE

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After much work by Pascal Stumpf (pascal@) and Mark Kettenis (kettenis@), Kurt Miller (kurt@), and no doubt others whose contributions were both significant and appreciated, static binaries can now be compiled as position-independent executables:

New snapshots for a few architectures use static PIE binaries
in /bin, /sbin (and a handful in /usr/bin and /usr/sbin as well).

(amd64 and sparc64 leading the way, the rest will follow)

This is yet another non-trivial conversion.  Surely some will try to
use the instructions in current.html to build through this hump
manually.  And surely some will fail, since it is a bit tricky.
Please don't bother the lists in that case.

If in doubt -- upgrade using a snapshot.  Thanks.

As Theo says, snapshot upgrades to get over the hurdle; it would behoove us to do some testing to ensure no bugs were introduced.

As always, a great deal of thanks goes to those who work to improve OpenBSD!

19 December 2014

Puffy

Undeadly :: BSDNow Episode 068: Just the Essentials

It's Michael W. Lucas week at Undeadly, as this week's episode of BSDNow features a lengthy interview with the man.

Additionally, they have more conference videos, a comparison of FreeBSD and OpenBSD security features, the OpenSMTPD folks (hi gilles@!) write about the work they've been doing, a review of httpd(8), and all the week's odds and ends in the world of BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

18 December 2014

Puffy

Undeadly :: Michael W. Lucas' Sudo Talk Online

Michael W. Lucas, author of Absolute OpenBSD, SSH Mastery, and Sudo Mastery (among others!) has given a talk, titled "Sudo: You're Doing it Wrong", now online:

It runs just over an hour, so make sure you bring a snack!

11 December 2014

Puffy

Undeadly :: Dec 10th Errata

Ted Unangst (tedu@) has announced the availability of patches for three separate issues.

The first errata addresses the recent DNS server issue

Three new errata to announce.

Malicious DNS servers could cause a denial of service with an endless series of delegations. This affects named (BIND) and unbound. There is a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have patches for BIND at this time.

Missing memory barriers (and other bugs) made virtio devices unreliable. Patches available for 5.5 and 5.6.

Lots and lots of security bugs in the X server have finally been fixed. http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ Patches are available for 5.5 and 5.6.

For 5.6: http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig

For 5.5: http://www.openbsd.org/errata55.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig

09 December 2014

Puffy

Undeadly :: Libressl 2.1.2 released.

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook writes to tech@openbsd.org:
We have released LibreSSL 2.1.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.
Read more...

05 December 2014

Puffy

Undeadly :: memcpy vs memmove

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) took the time to write up a short history of the trials and tribulations that have accompanied the recent attention being paid to the memcpy(3) and memmove(3) routines:

memcpy vs memmove

A few notes about memcpy vs memmove and some related items as well.

memcpy

The C standard specifies two functions for copying memory regions, memcpy and memmove. The important difference is that it is undefined behavior to call memcpy with overlapping regions. One must use memmove for that. As the names imply, memcpy copies data from one region to another, while memmove moves data within a region. (It’s also perfectly acceptable to memmove between different regions.)

This subtle but important distinction allows memcpy to be optimized more aggressively. In the case of memmove between overlapping regions, care must be taken not to destroy the contents of the source before they are done copying. This is easiest to see with a naive implementation of a copy loop.

Read the whole thing; it's an exciting journey into the world of bug-hunting!

Undeadly :: Two New Kernel Errata

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In an email to tech@, Ted Unangst (tedu@) lets us know about two new kernel bugs for which patches exist:

Patches are now available for 5.5 and 5.6 which fix two kernel errata.

5.5 errata 16 and 5.6 errata 10: Several bugs were fixed that allowed a crash from remote when an active pipex session exists.

5.5 errata 17 and 5.6 errata 11: An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.

Users who don't use don't use PPPOE or PIPEX are not affected, but can still apply the patches.

Links:

http://www.openbsd.org/errata55.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/016_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/017_pppoe.patch.sig

and

http://www.openbsd.org/errata56.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig

04 December 2014

Puffy

Undeadly :: BSDCan 2015 Call for Papers

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } BSDCan has announced their call for papers:

BSDCan is an enormously successful grass-roots style conference. It brings together a great mix of *BSD developers and users for a nice blend of both developer-centric and user-centric presentations, food, and activities.

Please follow the instructions for submitting a proposal to BSDCan 2015.

BSDCan 2015 will be held 12-13 June 2015 (Fri/Sat), in Ottawa. We are now requesting proposals for talks. We do not require academic or formal papers. If you wish to submit a formal paper, you are welcome to, but it is not required.

The talks should be written with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.

If you have anything you think is worthwhile to share, write it up and send it in!

03 December 2014

Puffy

Undeadly :: Call for Testing: openssl(1)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt has just committed a conversion of the openssl(1) client and server implementations from select(2) to poll(2):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2014/12/02 12:44:49

Modified files:
	usr.bin/openssl: s_client.c s_server.c 

Log message:
convert select() to poll().  This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile.  Please test and report any failures.
Assistance from millert, bcook, and jsing.

Users of this functionality are encouraged to put these changes through the wringer to shake out any bugs that may have been introduced or uncovered.

02 December 2014

Puffy

Undeadly :: LibreSSL Windows Port Status Update

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Brent Cook (bcook@) wrote in to let us know that he's completed the initial work to get LibreSSL working on Win32 platforms:

I got a Windows 8.1 box running this weekend and spent some quality time making poll(2) emulation more robust, so that it can deal with more of the select->poll conversions in openssl(1) coming in the future. I also got the upstream poll conversion patches themselves in better working order. This Windows port is now achieved without any #ifdefs or odd workarounds. So, it should be possible to maintain support without having too many new warts in the LibreSSL tree.

So, what can it do now? Well, you can run this command in a powershell window:

.\apps\openssl.exe s_server -cert tests\server.pem

and this in another:

.\apps\openssl.exe s_client

and type on the console back and forth interactively. You can also run this from powershell and still get the expected result:

cat .\README | apps\openssl.exe s_client -connect 127.0.0.1:4433

No big deal for those fancy 'everything works like a file' operating systems, but Windows very special in its handling of sockets vs. console IO vs pipes. Performance-wise, it's currently about 50x slower than Cygwin's native openssl.exe, but I have not begun to optimize anything yet.

https://github.com/busterb/portable/commits/win32-minimal

https://github.com/busterb/openbsd/commits/win32-minimal

- Brent

A big thanks to him for his work in making this happen!

21 November 2014

Puffy

Undeadly :: BSDNow Episode 064: Rump Kernels Revisited

On this week's episode, the intrepid hosts talk about the import of SipHash to the OpenBSD kernel, Theo de Raadt (deraadt@)'s talk (slides) about arc4random, an interview with Justin Cormack of NetBSD, and videos from MeetBSD coming online.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

20 November 2014

Puffy

Undeadly :: Call for Testing: 64-bit PCI Bridge Support

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Mark Kettenis (kettenis@) wrote a message to tech@ asking for volunteers to test a patch to squash a few bugs in the PCI code:

Hi All,

dlg@ managed to get access to a machine that actually uses 64-bit PCI
addresses behind a bridge.  This triggered some bugs in the so far
untested code.  Quelle suprprise!

I'd appreciate it if some people can verify that this doesn't break
other systems.  In particular I'm looking for testers on server-type
machines, both i386 and amd64.

Thanks,

Mark

If you have such a machine, you should make sure that this doesn't introduce any issues for you. As always, quality releases depend on widespread testing!

18 November 2014

Puffy

Undeadly :: Perl Updated to 5.20.1

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Andrew Fresh (afresh1@) has updated Perl in base to 5.20.1:
CVSROOT:	/cvs
Module name:	src
Changes by:	afresh1@cvs.openbsd.org	2014/11/17 13:53:21

Log message:
    Import perl-5.20.1

Additionally, he wrote in to give us a quick intro to what he thinks are some of the more interesting changes to be found: Read more...

14 November 2014

Puffy

Undeadly :: BSDNow Episode 063: A Man's man(1)

This week, on BSDNow, the hosts talk about the recent MeetBSD, mention chatter on the Tor mailing lists about adding more OpenBSD nodes, interview with Kristaps Džonsons, the original author of mandoc(1), and all the odds and ends in the BSD universe.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

10 November 2014

Puffy

Undeadly :: USB 3.0 Enabled in -current

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

For those of you who missed it on Friday, Martin Pieuchot (mpi@) enabled USB 3.0 support in OpenBSD:

CVSROOT:	/cvs
Module name:	src
Changes by:	mpi@cvs.openbsd.org	2014/11/07 09:44:18

Modified files:
	sys/arch/i386/conf: GENERIC 
	sys/arch/amd64/conf: GENERIC 

Log message:
Enable xhci(4).  Most of the features are here, USB 1.x devices only work
if they are connected to the root hub and isochronous transfers are not
supported for the moment.

Let me know if your controller/device do not work.  In this case attach a
dmesg of a kernel build with XHCI_DEBUG.

ok deraadt@

Not everyone missed it, of course, with problem reports and fixes being seen over the weekend.

For those of you who'd been looking forward to using those blue USB ports of yours, now's the time to plug in as many 3.0 devices as you can find!

Edit: Of course, just about the time we publish this story, USB1.x devices are now supported on a USB3.x controller.

07 November 2014

Puffy

Undeadly :: Improving bcd(6)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) has written a blog post about fixing bugs in bcd(6), keeping with the recent trend of finding and fixing ancient bugs:

Owing to its BSD heritage, OpenBSD ships with a few games installed in /usr/games. Quite a few, in fact. There are more programs in games (46) than in /bin (43). Some of them aren’t really games, but more like toys, but nevertheless there they are. They aren’t exactly the focus of OpenBSD, but they’re still part of the system and do get the occasional maintenance update.

One such game is bcd, which prints out punch card looking diagrams of input strings. I made a few improvements to it recently.

As they say, read the whole thing.

02 November 2014

Puffy

GCU OpenBSD :: Pruitt Igoe

Derrière ce nom cryptique se cache une métaphore.. ainsi la construction de l’Operating System next-génération-qui-fait-son-bonhomme-de-chemin-tranquillement se poursuit, quand d’autres courent à leur destruction (suivez mon regard).

Aujourd’hui donc est disponible OpenBSD 5.6, avec son thème graphique & lyrique basé sur Apocalypse Now.

La grande nouveauté est l’apparition de LibreSSL, le fork d’OpenSSL. Enormément de commits ont eu lieu pour simplifier, sécuriser et améliorer cette librairie cruciale pour la confidentialité de nos échanges.

Les sets contenant la configuration dans /etc ont été remaniés, et les exemples sont maintenant pour la plupart dans /etc/examples/.

IPv6 est désactivé par défaut sur toutes les interfaces (pas d’IP link-local), comme IPv4 – il faut l’activer explicitement, ca évite les surprises.

Un serveur httpd(8) basique écrit à partir du code de relayd(8) est disponible en tech preview. Il remplacera nginx dans le basesystem en 5.7, son code étant maintenant considéré trop complexe.

OpenSMTPD remplace sendmail comme serveur de mail par défaut.

Un peu de nettoyage dans l’arbre… Kerberos (trop complexe), le support bluetooth (non maintenu), ALTQ (remplacé par HFSC), Apache(remplacé par nginx/httpd), ppp(8), pppoe(8) (utilisez pppd(8)), lynx(1), uucpd(8) et les TCP Wrappers ont été supprimés.

Beaucoup de ciphers/MAC obsolètes/insécures ont été désactivées par défaut dans OpenSSH. Ne vous étonnez pas de ne plus arriver à vous connecter depuis un vieux OpenSSH 4…

Cette nouvelle version peut être commandée sur OpenBSD store (uk), ou récupérée sur un des miroirs le plus proche de chez vous tel que ftp.fr.

Par gaston