OpenBSD Journal

OpenBSD Journal

Theo on the latest Intel issues

Contributed by Paul 'WEiRD' de Weerd on from the the gift that keeps on giving dept.

Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

Date: Wed, 15 Aug 2018 00:31:16 -0600
From: Theo de Raadt [elided]
Subject: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

These 3 issues all relate to a bug in Intel cpus

The cpu will speculatively honour invalid PTE against data in the
on-core L1 cache.  Memory disclosure occurs into the wrong context.

These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
are the currently public artifacts of this one bug.

Read more…

Happy Bob's Libtls tutorial

Contributed by rueda on from the sane-APIs dept.

Bob Beck (beck@ when wearing OpenBSD-only hat) has written a tutorial on using libtls:


This tutorial is designed for people with some C experience on a POSIX, BSD like machine with the latest libtls installed. It focuses on changes that are necessary to make an existing program written in C that uses the POSIX sockets api to use TLS over those same connections.


mandoc-1.14.4 released

Contributed by rueda on from the i'm-mandoc(1)-fly-me dept.

Ingo Schwarze (schwarze@ when wearing OpenBSD-only hat) wrote in to let us know about the new release:

From: Ingo Schwarze [elided]
Date: Wed, 8 Aug 2018 22:21:13 +0200
Subject: mandoc-1.14.4 released


after a full year of tranquil development, i just released mandoc-1.14.4.
This is a regular maintenance release.  As there are no major structural
changes, i expect it to be very stable, so all downstream systems are
encouraged to upgrade from any earlier version.

Read more…

g2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more

Contributed by Peter N. M. Hansteen on from the refactor the factors dept.

A new g2k18 hackathon report has arrived, this time from Kenneth Westerback (krw@), who writes:

Other than missing a connection due to "seat maintenance" in YYZ, travel was uneventful. I arrived MUC (twelve hours late) and spent a week hacking with bluhm@ and mpi@ at Genua's Geekweek, to which bluhm@ had kindly arranged an invitation. I managed to start committing some disklabel(8) code refactoring otto@ and I have been discussing for a while. Mostly cleaning up partition offset and size rounding code. I also tightened up some dhcpd(8) man page ambiguity as requested by sthen@ and started by jmc@. I ok'ed a mpi@ fix for a dhclient(8) issue and reviewed and ok'ed various diffs from bluhm@.

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.3

0162018-08-04 RELIABILITY Incorrect initialization of the FPU caused floating point exceptions when running on Xen.
0152018-07-31 SECURITY IO port permissions were incorrectly restricted.
0142018-07-31 SECURITY On AMD CPUs, set a chicken bit which turns LFENCE into a serialization instruction against speculation.
0132018-07-25 RELIABILITY When an IPsec key expired, the kernel could panic due to unfinished timeout tasks.
0122018-07-25 RELIABILITY A regular user could trigger a kernel panic by executing an invalid ELF binary.
0112018-06-21 SECURITY Perl's Archive::Tar module could be made to write files outside of its working directory.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]