`malloc(3)` leak detection gains backtraces

Contributed by rueda on 2023-12-05 from the ottomalloc-has-your-back(trace) dept.

Otto Moerbeek (otto@), the author of OpenBSD's malloc(3) implementation, has comitted another great feature - backtraces for leak detection:

CVSROOT:	/cvs
Module name:	src
Changes by:	otto@cvs.openbsd.org	2023/12/04 00:01:45

Modified files:
	lib/libc/stdlib: malloc.3 malloc.c 

Log message:
Save backtraces to show in leak dump. Depth of backtrace set by
malloc option D (aka 1), 2, 3 or 4.  No performance impact if not
used.  ok asou@

Otto's original message to tech@ includes an example use of the feature.

No comments

Game of Trees 0.94 released

Contributed by rueda on 2023-11-29 from the again-and-again-and dept.

Version 0.94 of Game of Trees has been released (and the port updated):

* got 0.94; 2023-11-29
  see git repository history for per-change authorship information

No comments

OpenIKED 7.3 released

Contributed by rueda on 2023-11-20 from the Ike, IPSec my keys dept.

Tobias Heider (tobhe@) has announced the release of version 7.3 of OpenIKED:

We have released OpenIKED 7.3, which will be arriving in the OpenIKED
directory of your local OpenBSD mirror soon.

No comments

OpenSMTPD 7.4.0p1 Released

Contributed by rueda on 2023-11-16 from the we actually deliver dept.

Omar Polo (op@) has announced the release of version 7.4.0p1 of OpenSMTPD.

It is a bugfix release.

No comments

`clang(1)`/`llvm` updated to version 16

Contributed by rueda on 2023-11-12 from the clang goes the compiler dept.

In a long series of commits, Robert Nagy (robert@) updated clang(1)/llvm in -current to version 16:

CVSROOT:	/cvs
Module name:	src
Changes by:	robert@cvs.openbsd.org	2023/11/11 11:01:31

Log message:
    import of llvm from LLVM 16.0.6
    
    Status:
    
    Vendor Tag:	LLVM
    Release Tags:	LLVM_16_0_6
    
    U src/gnu/llvm/llvm/.clang-format
    U src/gnu/llvm/llvm/.clang-tidy
    U src/gnu/llvm/llvm/.gitattributes
[…]
    U src/gnu/llvm/llvm/utils/vscode/llvm/syntaxes/ll.tmLanguage.yaml
    U src/gnu/llvm/llvm/utils/yaml-bench/CMakeLists.txt
    U src/gnu/llvm/llvm/utils/yaml-bench/YAMLBench.cpp
    
    67 conflicts created by this import.
    Use the following command to help the merge:
    
    cvs checkout -jLLVM:yesterday -jLLVM src/gnu/llvm/llvm

Naturally, this has involved supporting work elsewhere in base, and in ports.

1 comment (24d1:49 ago)

LibreSSL 3.8.2 Released

Contributed by grey on 2023-11-03 from the for users who weren't already on 7.4 dept.

A new stable release of LibreSSL is out, and should be arriving on a mirror near you shortly.

Brent Cook (bcook@)'s announcement reads:

We have released LibreSSL 3.8.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.8.x branch, also available with OpenBSD 7.4

No comments

Disruptive amd64 snapshot coming

Contributed by rueda on 2023-10-27 from the firing-the-disruptors dept.

Theo de Raadt (deraadt@) posted to tech@ a message entitled disruptive amd64 snapshot coming. It reads:

There is a pretty disruptive amd64 snapshot coming, so anyone who is
using snapshots for critical stuff should take a pause.  (This warning
about a development step is unusual, I won't make it common practice).

Of course, on non-critical amd64 systems running snapshots, this is a good opportunity to test (and report any problems).

4 comments (35d12:25 ago)

OpenSMTPD 7.4.0p0 Released

Contributed by Peter N. M. Hansteen on 2023-10-25 from the RECPT to me dept.

Hot on the heels of the release of OpenBSD 7.4, Omar Polo (op@) has announced the release of OpenSMTPD 7.4.0p0. The announcement reads,

Subject:    OpenSMTPD 7.4.0p0 Released
From:       Omar Polo <op () openbsd ! org>
Date:       2023-10-25 7:33:43

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

No comments

OpenBSD's built-in memory leak detection

Contributed by rueda on 2023-10-20 from the staying-afloat dept.

As announced on the misc@ mailing list, Otto Moerbeek (otto@), the author of OpenBSD's malloc(3) implementation [a.k.a. "otto malloc"], has written a tutorial on the new malloc(3) leak detection available in OpenBSD 7.4

Read it at: OpenBSD's built-in memory leak detection

Since the publication of that write-up, Otto has committed further enhancements:

CVSROOT:	/cvs
Module name:	src
Changes by:	otto@cvs.openbsd.org	2023/10/22 06:19:26

Modified files:
	lib/libc/stdlib: malloc.3 malloc.c 

Log message:
When option D is active, store callers for all chunks; this avoids
the 0x0 call sites for leak reports. Also display more info on
detected write of free chunks: print the info about where the chunk
was allocated, and for the preceding chunk as well.
ok asou@

2 comments (24d4:35 ago)

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

Mon, Oct 16
- 13:06 OpenBSD 7.4 Released (3)
- 12:04 OpenBGPD 8.3 released (0)
Sat, Oct 07
- 11:31 p2k23 - OpenBSD Ports Hackathon Dublin 2023 (0)
Thu, Oct 05
- 08:09 rpki-client 8.6 released (0)
- 08:09 E-mail Filters In C (0)
Wed, Oct 04
- 15:41 OpenSSH 9.5 released (0)
Mon, Oct 02
- 13:50 OpenBGPD 8.2 released (0)
Wed, Sep 27
- 10:32 Introduction to sysclean(8) (1)
- 05:25 -current has moved to 7.4 (0)

OpenBSD Errata

OpenBSD 7.4

007	2023-11-29 SECURITY A crafted regular expression when compiled by perl can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038
006	2023-11-21 RELIABILITY httpd(8): Avoid a NULL dereference when handling a malformed fastcgi request.
005	2023-11-21 RELIABILITY Overlong sequences of UTF-8 combining characters could crash tmux(1).
004	2023-11-21 RELIABILITY Simple passwords which were 8 characters long caused ospfd(8) to send out packets with invalid checksum.
003	2023-11-21 RELIABILITY patch(1) with explicit patchfile did not work in 7.4 due to overeager unveil(2) restrictions.
002	2023-10-25 SECURITY A network buffer that had to be split at certain length could crash the kernel.

OpenBSD 7.3

021	2023-11-29 SECURITY A crafted regular expression when compiled by perl can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038
020	2023-11-21 RELIABILITY httpd(8): Avoid a NULL dereference when handling a malformed fastcgi request.
019	2023-10-25 SECURITY A network buffer that had to be split at certain length could crash the kernel.
018	2023-10-25 SECURITY Fix several input validation errors in the X server. CVE-2023-5367 CVE-2023-5380 CVE-2023-5574
017	2023-10-03 SECURITY Fix several input validation errors in libX11 and libXpm. CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789
016	2023-09-21 SECURITY npppd(8) could crash by a l2tp message which has an AVP with wrong length.

OpenBSD Resources

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve:

Options are available.

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]