OpenBSD Journal

OpenBSD Journal

pinning all system calls

Contributed by rueda on from the pincall-wizard dept.

Theo de Raadt (deraadt@) posted to tech@ regarding restrictions on the addresses from which system calls can be made.

In addition to providing background, the post contains information (and a patch) for an imminent change - the introduction of a new syscall, pinsyscalls(2) [link not working at the time of writing because change not yet committed], which specifies the addresses from which individual system calls are permitted.

pinsyscalls(2) will be called only from the shared library linker, ld.so(1).

malloc(3) leak detection gains backtraces

Contributed by rueda on from the ottomalloc-has-your-back(trace) dept.

Otto Moerbeek (otto@), the author of OpenBSD's malloc(3) implementation, has comitted another great feature - backtraces for leak detection:

CVSROOT:	/cvs
Module name:	src
Changes by:	otto@cvs.openbsd.org	2023/12/04 00:01:45

Modified files:
	lib/libc/stdlib: malloc.3 malloc.c 

Log message:
Save backtraces to show in leak dump. Depth of backtrace set by
malloc option D (aka 1), 2, 3 or 4.  No performance impact if not
used.  ok asou@

Otto's original message to tech@ includes an example use of the feature.

clang(1)/llvm updated to version 16

Contributed by rueda on from the clang goes the compiler dept.

In a long series of commits, Robert Nagy (robert@) updated clang(1)/llvm in -current to version 16:

CVSROOT:	/cvs
Module name:	src
Changes by:	robert@cvs.openbsd.org	2023/11/11 11:01:31

Log message:
    import of llvm from LLVM 16.0.6
    
    Status:
    
    Vendor Tag:	LLVM
    Release Tags:	LLVM_16_0_6
    
    U src/gnu/llvm/llvm/.clang-format
    U src/gnu/llvm/llvm/.clang-tidy
    U src/gnu/llvm/llvm/.gitattributes
[…]
    U src/gnu/llvm/llvm/utils/vscode/llvm/syntaxes/ll.tmLanguage.yaml
    U src/gnu/llvm/llvm/utils/yaml-bench/CMakeLists.txt
    U src/gnu/llvm/llvm/utils/yaml-bench/YAMLBench.cpp
    
    67 conflicts created by this import.
    Use the following command to help the merge:
    
    cvs checkout -jLLVM:yesterday -jLLVM src/gnu/llvm/llvm

Naturally, this has involved supporting work elsewhere in base, and in ports.

LibreSSL 3.8.2 Released

Contributed by grey on from the for users who weren't already on 7.4 dept.

A new stable release of LibreSSL is out, and should be arriving on a mirror near you shortly.

Brent Cook (bcook@)'s announcement reads:

We have released LibreSSL 3.8.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.8.x branch, also available with OpenBSD 7.4

Read more…

Disruptive amd64 snapshot coming

Contributed by rueda on from the firing-the-disruptors dept.

Theo de Raadt (deraadt@) posted to tech@ a message entitled disruptive amd64 snapshot coming. It reads:

There is a pretty disruptive amd64 snapshot coming, so anyone who is
using snapshots for critical stuff should take a pause.  (This warning
about a development step is unusual, I won't make it common practice).

Of course, on non-critical amd64 systems running snapshots, this is a good opportunity to test (and report any problems).

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

OpenBSD Errata

OpenBSD 7.4

0092023-12-10 RELIABILITY A race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
0082023-12-10 RELIABILITY vmm(4) restored stale GDTR & TR values on vm exit which could lead to memory corruption or kernel deadlocks.
0072023-11-29 SECURITY A crafted regular expression when compiled by perl can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038
0062023-11-21 RELIABILITY httpd(8): Avoid a NULL dereference when handling a malformed fastcgi request.
0052023-11-21 RELIABILITY Overlong sequences of UTF-8 combining characters could crash tmux(1).
0042023-11-21 RELIABILITY Simple passwords which were 8 characters long caused ospfd(8) to send out packets with invalid checksum.

Unofficial RSS feed of OpenBSD errata

OpenBSD 7.3

0222023-12-10 RELIABILITY vmm(4) restored stale GDTR & TR values on vm exit which could lead to memory corruption or kernel deadlocks.
0212023-11-29 SECURITY A crafted regular expression when compiled by perl can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038
0202023-11-21 RELIABILITY httpd(8): Avoid a NULL dereference when handling a malformed fastcgi request.
0192023-10-25 SECURITY A network buffer that had to be split at certain length could crash the kernel.
0182023-10-25 SECURITY Fix several input validation errors in the X server. CVE-2023-5367 CVE-2023-5380 CVE-2023-5574
0172023-10-03 SECURITY Fix several input validation errors in libX11 and libXpm. CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]