Game of Trees 0.105 released
Contributed by grey on from the plugging leaks dept.
Version 0.105 of Game of Trees has been released (and the port updated).
OpenBSD Journal
Contributed by grey on from the plugging leaks dept.
Version 0.105 of Game of Trees has been released (and the port updated).
Contributed by rueda on from the again-and-again-and dept.
Version 0.104 of Game of Trees has been released (and the port updated).
* got 0.104; 2024-10-22 see git repository history for per-change authorship information - gotd.conf: document the macro syntax - tog: prevent a segfault upon unexpected object type in ref list view - fix pack file creation in the presence of tagged tag objects - plugged some memory leaks - fix a crash when unstaging a file which has been removed from disk - gotwebd: fix out of bounds access while handling the configuration
Contributed by Peter N. M. Hansteen on from the it's real crypto, bro dept.
The release announcement reads,
Subject: LibreSSL 4.0.0 Released From: Brent Cook <busterb () gmail ! com> We have released LibreSSL 4.0.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This is the first stable release for the 4.0.x branch, also available with OpenBSD 7.6 It includes the following change from LibreSSL 3.9.2: * Portable changes - Added initial Emscripten support in CMake builds. - Removed timegm() compatibility layer since all uses were replaced with OPENSSL_timegm(). Cleaned up the corresponding test harness. - The mips32 platform is no longer actively supported. - Fixed Windows support for dates beyond 2038.
sshd(8)
splitting continuesContributed by rueda on from the puffy-does-the-splits-again dept.
sshd-auth
as a separate binary.
The commit message summarizes why this makes sense,
Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes.
The code is in snapshots as we type.
Read the whole thing after the fold -
Contributed by rueda on from the delivered by Puffy dept.
Omar Polo (op@
) has
announced
the release of version 7.6.0p0 of
OpenSMTPD.
The changes (including the table protocol change on which we reported earlier) are:
- Introduced a new K_AUTH service to allow offloading the credentials to a proc table for non-crypt(3) authentication. Helps with use cases like LDAP or custom auth. - Implement report responses for proc-filters too. - Changed the table protocol to a simpler text-based one. Existing proc tables needs to be updated since old ones won't work. The new protocol is documented in smtpd-tables(7). - Fixed the parsing of IPv6 addresses in file-backed table(5) - Document expected MDA behavior and the environment set by OpenSMTPD. - Set ORIGINAL_RECIPIENT in the environment of MDA scripts for compatibility with postfix. - Updated the bundled libtls.
See the release announcement for full details.
Contributed by Peter N. M. Hansteen on from the splash them oars, Puffy dept.
The OpenBSD project has announced OpenBSD 7.6, its 57th release.
The new release contains a number of significant improvements, including but not limited to:
tar(1)
has changed to "pax". [See earlier report]pfctl(8)
and systat(1)
now display fragment reassembly statistics. [See earlier report]pf(4)
rules. [See earlier report]rport(4)
, a driver providing point-to-point interfaces for layer 3 connectivity between rdomain(4)
instances, has been added.dhcp6leased(8)
,
a DHCPv6 client daemon for IPv6 PD has been added. [See earlier report]dhclient(8)
has been removed (now that dhcpleased(8)
is well established). [See earlier report]sshd(8)
has been split into multiple binaries. [See earlier report]and of course there is the full changelog which details the changes made over this latest six month development cycle.
Installation Guide
details how to get the system up and running with a fresh install,
while those who already run earlier releases should follow the
Upgrade Guide,
in most cases using
sysupgrade(8)
to upgrade their systems.
Now please dive in and enjoy the new release, and while the installer runs, please do donate to the project to support further development and more future goodies for us all!
sysupgrade(8)
behaviourContributed by rueda on from the dumber-is-smarter dept.
There has been a significant
change
to the behaviour of
sysupgrade(8)
:
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2024/09/24 01:33:35 Modified files: usr.sbin/sysupgrade: sysupgrade.8 sysupgrade.sh Log message: Remove -r toggle and generally be less smart. The default is to install the next release. Snapshots are only installed when invoked with -s.
Contributed by rueda on from the snap-no-more dept.
Theo de Raadt (deraadt@
)
updated
the
version of
OpenBSD
-current to "7.6-current".
Those running the latest-and-greatest
[via a sufficiently new snapshot or built from source]
no longer need to use
"-D snap
" with
pkg_add(1)
(and
pkg_info(1)
).
Contributed by Peter N. M. Hansteen on from the feed me NUL, you go POOF dept.
The commit message reads,
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Theo de Raadt <deraadt () cvs ! openbsd ! org> Date: 2024-09-23 21:18:33 CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2024/09/23 15:18:33 Modified files: bin/ksh : shf.c Log message: If during parsing lines in the script, ksh finds a NUL byte on the line, it should abort ("syntax error: NUL byte unexpected"). There appears to be one piece of software which is misinterpreting guidance of this, and trying to depend upon embedded NUL. During research, every shell we tested has one or more cases where a NUL byte in the input or inside variable contents will create divergent behaviour from other shells. (ie. gets converted to a space, is silently skipped, or aborts script parsing or later execution). All the shells are written in C, and majority of them use C strings for everything, which means they cannot embed a NUL, so this is not surprising. It is quite unbelievable there are people trying to rewrite history on a lark, and expecting the world to follow alone.
Donate to OpenBSD
We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.
OpenBSD 7.6
005 | 2024-11-15 SECURITY In libexpat fix crash within function XML_ResumeParser. CVE-2024-50602 |
004 | 2024-10-31 RELIABILITY Updating Apple Silicon system firmware to the latest version cripples OpenBSD. This disabled the onboard WiFi. |
003 | 2024-10-29 RELIABILITY mlkem768x25519-sha256 byte order bug on big-endian machines. |
002 | 2024-10-29 SECURITY Fix memory allocation error in the Xkb X11 server extension. CVE-2024-9632 |
001 | 2024-10-14 SECURITY Querying a maliciously constructed DNS zone could result in degraded performance or denial of service. CVE-2024-8508 |
OpenBSD 7.5
014 | 2024-11-15 SECURITY In libexpat fix crash within function XML_ResumeParser. CVE-2024-50602 |
013 | 2024-10-31 RELIABILITY Updating Apple Silicon system firmware to the latest version cripples OpenBSD. This disabled the onboard WiFi. |
012 | 2024-10-29 SECURITY Fix memory allocation error in the Xkb X11 server extension. CVE-2024-9632 |
011 | 2024-10-14 SECURITY Querying a maliciously constructed DNS zone could result in degraded performance or denial of service. CVE-2024-8508 |
010 | 2024-09-17 RELIABILITY Invalid ELF files could result in kernel crash. |
009 | 2024-09-17 SECURITY In readdir name validation exclude any '/' to avoid unexpected directory traversal on untrusted file systems. |
Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve:
Options are available.
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]