OpenBSD Journal

OpenBSD Journal

New versions of LibreSSL released

Contributed by rueda on from the scrambled and liberated dept.

The LibreSSL project has announced the release of versions 3.6.3 and 3.7.3, and (development) version 3.8.0 of the software.

The announcement for versions 3.6.3 and 3.7.3 reads:

We have released LibreSSL 3.6.3 and 3.7.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

They include the following fixes:

  * Bug fix
    - Hostflags in the verify parameters would not propagate from an
      SSL_CTX to newly created SSL.
  * Reliability fix
    - A double free or use after free could occur after SSL_clear(3).

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

The announcement for version 3.8.0 reads:

Read more…

cron(8) now supports random ranges with steps

Contributed by rueda on from the not-a-random-walk dept.

Thanks to the following commit by Todd Miller (millert@), cron(8) now supports random values in a range with a step value (i.e. "<lo>~<hi>/<step>" in crontab(5) entries):

CVSROOT:	/cvs
Module name:	src
Changes by:	millert@cvs.openbsd.org	2023/05/06 17:06:27

Modified files:
	usr.sbin/cron  : crontab.5 entry.c macros.h 

Log message:
Support random offsets when using ranges with a step value in cron.
This extends the random range syntax to support step values.  Instead
of choosing a random number between the high and low values, the
field is treated as a range with a random offset less than the step
value.  This can be used to avoid thundering herd problems where
multiple machines contact a server all at the same time via cron jobs.

The syntax is similar to the existing range/step syntax but uses a
random range.  For example, instead of "0-59/10" in the minutes
field, "0~59/10" can be used to run a command every 10 minutes where
the first command starts at a random offset in the range [0,9].
The high and low numbers are optional, "~/10" can be used instead.

Requested by job@, OK phessler@

OpenBGPD 8.0 released

Contributed by Peter N. M. Hansteen on from the routed to gates dept.

The OpenBSD project has released a new version of OpenBGPD, the OpenBSD Border Gateway Protocol (BGP) routing daemon, version 8.0. The announcement reads,

From: Claudio Jeker <claudio () openbsd ! org>
Date: Thu, 04 May 2023 16:24:30 +0000
To: openbsd-announce
Subject: OpenBGPD 8.0 released

We have released OpenBGPD 8.0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

Read more…

rpki-client 8.4 released

Contributed by rueda on from the key issues dept.

Version 8.4 of rpki-client has been released, with a number of improvements and new features:

rpki-client 8.4 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of BGP announcements. The program queries the
global RPKI repository system and validates untrusted network inputs.
The program outputs validated ROA payloads, BGPsec Router keys, and
ASPA payloads in configuration formats suitable for OpenBGPD and BIRD,
and supports emitting CSV and JSON for consumption by other routing
stacks.

Read more…

Game of Trees 0.88 released!

Contributed by grey on from the speed improvements as requested dept.

Version 0.88 of Game of Trees has been released (and the port updated):

* got 0.88; 2023-04-29
  see git repository history for per-change authorship information
- tog: always use alternate charset for vertical/horizontal line
- several tog regression test suite improvements
- run the tog tests as part of the default regress set
- tog: resize log view if toggling fullscreen from child view
- when finding changed paths iterate tree entries in on-disk order for speed
- cache fulltext data in delta cache to improve speed with long delta chains
- gotwebd: fix logic error in gotweb_render_index

vmd(8) moves to a multi-process model

Contributed by rueda on from the this isn't your Queen's bhyve dept.

Dave Voutila (dv@) committed a change which brings a multi-process model to vmd(8), enhancing both security and performance:

CVSROOT:	/cvs
Module name:	src
Changes by:	dv@cvs.openbsd.org	2023/04/27 16:47:27

Modified files:
	usr.sbin/vmd   : Makefile dhcp.c vioqcow2.c vioraw.c virtio.c 
	                 virtio.h vm.c vmd.c vmd.h vmm.c 
Added files:
	usr.sbin/vmd   : vioblk.c vionet.c 

Log message:
vmd(8): introduce multi-process model for virtio devices.

Isolate virtio network and block device emulation in dedicated
processes, forked and exec'd from the vm process. This allows for
tightening pledge promises to just "stdio".

Communication between the vcpu's and these devices now occurs via
imsg channels, which adds the benefit of not always blocking the
vcpu thread while emulating the device.

Read more…

viogpu(4), a VirtIO GPU driver, added to -current

Contributed by rueda on from the consoleation-prize dept.

Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console.

CVSROOT:	/cvs
Module name:	src
Changes by:	jcs@cvs.openbsd.org	2023/04/20 13:28:31

Modified files:
	share/man/man4 : Makefile 
	sys/arch/amd64/conf: GENERIC 
	sys/arch/arm64/conf: GENERIC RAMDISK 
	sys/dev/pv     : files.pv virtio.c virtioreg.h 
	sys/dev/wscons : wsconsio.h 
Added files:
	share/man/man4 : viogpu.4 
	sys/dev/pv     : viogpu.c viogpu.h 

Log message:
add viogpu, a VirtIO GPU driver

works enough to get a console on qemu with more work to come from
others

feedback from miod
ok patrick

Great stuff! This moves us closer to having a fully functional wscons console on virtual machines in those specific environments too. We will be watching further development closely.

Game of Trees 0.87 released

Contributed by rueda on from the again-and-again-and dept.

Version 0.87 of Game of Trees has been released (and the port updated):

* got 0.87; 2023-04-19
  see git repository history for per-change authorship information
- add gitwrapper(1)
- tog: resume blame and diff search from the first line
- fix crash in got log due to NULL-deref in got_object_blob_close
- add support for protecting references against 'got send -f' to gotd
- fix spurious empty packfile error from gotd when rewinding a branch
- tog: implement automated test harness
- update the base commit ID of unmodified files if the blob ID matches
- fix rebase/histedit -a leaving some files on the temporary branch
- make 'got revert' and 'got rm' work on non-existent directories
- got: flush stdout before printing the error in main()
- when aborting rebase/histedit/merge, unlink files added by merged changes
- fix 'got commit' using a bad parent commit ID when worktree is out-of-date
- allow no-op merge commits to be created
- fix sending merge commits
- show how to fetch a pull request in got.1 pull request example section

A highlight of this release is the addition of gitwrapper(1), a utility facilitating co-existence with git.

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.3

0042023-05-26 SECURITY A double free or use after free could occur after SSL_clear(3).
0032023-05-26 RELIABILITY IP address inheritance was handled incorrectly in rpki-client(8).
0022023-05-16 RELIABILITY Avoid fatal errors in bgpd(8) due to incorrect refcounting and mishandling of ASPA objects. Fix bgpctl(8) 'show rib in' by renaming 'invalid' into 'disqualified'.
0012023-05-03 RELIABILITY A new ASPA object appeared in the RPKI ecosystem and exposed bugs in bgpd(8) and rpki-client(8).

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]