OpenBSD Journal

OpenBSD Journal

OpenBSD 7.6 Released

Contributed by Peter N. M. Hansteen on from the splash them oars, Puffy dept.

The OpenBSD project has announced OpenBSD 7.6, its 57th release.

The new release contains a number of significant improvements, including but not limited to:

  • There is initial support for Qualcomm Snapdragon X Elite [arm64] laptops.
  • Initial support for Suspend-to-Idle has been added on amd64 and i386, enabling suspend on machines which do not support S3.
  • UDP parallel input has been enabled. [See earlier report]
  • Libva's VA-API (Video Acceleration API) was imported into xenocara. [See earlier report]
  • The default write format for tar(1) has changed to "pax". [See earlier report]
  • pfctl(8) and systat(1) now display fragment reassembly statistics. [See earlier report]
  • A configurable passphrase timeout for disk decryption at boot (a potential battery lifesaver) has been added. [See earlier report]
  • Local-to-anchor tables are now available in pf(4) rules. [See earlier report]
  • rport(4), a driver providing point-to-point interfaces for layer 3 connectivity between rdomain(4) instances, has been added.
  • dhcp6leased(8), a DHCPv6 client daemon for IPv6 PD has been added. [See earlier report]
  • dhclient(8) has been removed (now that dhcpleased(8) is well established). [See earlier report]
  • OpenSSH 9.9, featuring:

and of course there is the full changelog which details the changes made over this latest six month development cycle.

Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8) to upgrade their systems.

Now please dive in and enjoy the new release, and while the installer runs, please do donate to the project to support further development and more future goodies for us all!

Major change to sysupgrade(8) behaviour

Contributed by rueda on from the dumber-is-smarter dept.

There has been a significant change to the behaviour of sysupgrade(8):

CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2024/09/24 01:33:35

Modified files:
	usr.sbin/sysupgrade: sysupgrade.8 sysupgrade.sh 

Log message:
Remove -r toggle and generally be less smart.

The default is to install the next release. Snapshots are only
installed when invoked with -s.

Read more…

OpenBSD now enforcing no invalid NUL characters in shell scripts

Contributed by Peter N. M. Hansteen on from the feed me NUL, you go POOF dept.

Our favorite operating system is now changing the default shell (ksh) to enforce not allowing invalid NUL characters in input that will be parsed as parts of the script.

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2024-09-23 21:18:33

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2024/09/23 15:18:33

Modified files:
	bin/ksh        : shf.c 

Log message:
If during parsing lines in the script, ksh finds a NUL byte on the
line, it should abort ("syntax error: NUL byte unexpected").  There
appears to be one piece of software which is misinterpreting guidance
of this, and trying to depend upon embedded NUL.  During research,
every shell we tested has one or more cases where a NUL byte in the
input or inside variable contents will create divergent behaviour from
other shells.  (ie. gets converted to a space, is silently skipped, or
aborts script parsing or later execution).  All the shells are written
in C, and majority of them use C strings for everything, which means
they cannot embed a NUL, so this is not surprising.  It is quite
unbelievable there are people trying to rewrite history on a lark, and
expecting the world to follow alone.

Read more…

EuroBSDCon 2024 presentations

Contributed by rueda on from the Sláinte, Puffy! dept.

EuroBSDCon 2024 [in Dublin, Ireland] has now ended, and slides for many of the OpenBSD developer presentations are now available in the usual place.

Video of the individual presentations can be expected somewhat later. In the meantime, OpenBSD-related presentations [including those from non-developers] can be found in the recordings of the "Foyer B" streams.

In addition, there was a full day PF tutorial with some updates to the publicly available slides.

OpenSSH 9.9 released!

Contributed by grey on from the now with post-quantum key exchange! dept.

In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.9:

OpenSSH 9.9 has just been released. New features include support for hybrid ML-KEM X25519 post-quantum key exchange (using a formally-verified ML-KEM implementation), improved controls to drop and penalise unwanted connections, faster NTRUPrime key exchange code and more.

Read more…

OpenBGPD 8.6 released

Contributed by rueda on from the borderline routed dept.

Claudio Jeker (claudio@) announced the release of version 8.6 of OpenBGPD, the OpenBSD project's Border Gateway Protocol (BGP) daemon:

We have released OpenBGPD 8.6, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

Read more…

OpenBSD -current has moved to version 7.6

Contributed by rueda on from the here-we-go-again dept.

The OpenBSD 7.6 release cycle is entering its final phases…

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.6:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2024/09/17 07:39:17

Modified files:
	sys/conf       : newvers.sh 

Log message:
head into release

For those unfamiliar with the process: this is not the 7.6 release, but is part of the standard build-up to the release.

Remember: It's time to start using "-D snap" with pkg_add(1) (and pkg_info(1)).

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.6

None yet

Unofficial RSS feed of OpenBSD errata

OpenBSD 7.5

0102024-09-17 RELIABILITY Invalid ELF files could result in kernel crash.
0092024-09-17 SECURITY In readdir name validation exclude any '/' to avoid unexpected directory traversal on untrusted file systems.
0082024-09-17 SECURITY Avoid possible mbuf double free in NFS client and server implementation. Do not use uninitialized variable in error handling of NFS server.
0072024-09-17 SECURITY In libexpat add integer range checks. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
0062024-08-19 SECURITY cron(8) and crontab(1) can crash due to incorrect /step values. CVE-2024-43688
0052024-08-02 SECURITY sndiod(8) main process could crash due to buffer overread.

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]