OpenBSD Journal

OpenBSD Journal

a2k20 Hackathon Report: Ken Westerback on xhci(4), dhclient(8), and scsi

Contributed by rueda on from the Hobart-harbourside-hacking dept.

Ken Westerback (krw@) kindly wrote in with a report from last month's a2k20 hackathon in Hobart, Australia:

tl;dr -- excellent coffee fuelled lots of hacking in Hobart

I started my journey to Hobart via Sydney in a state of some anxiety. Air Canada's continuing reservation system troubles meant it was unclear until the last minute whether I would arrive in Sydney rested or frazelled. In the end all went well and I arrived at dtucker@'s place after a good sleep. After a pleasant evening with Darren, we caught our flight to Hobart the next morning without trouble. We found tedu@ had been on the same flight, despite not spotting him during boarding.

Read more…

u2k20 Hackathon Report: Tracey Emery on GotWeb

Contributed by Janne Johansson on from the web of game of gits dept.

Fresh in from u2k20 is this report from Tracey Emery, who visited the hackathon in Uckermark, Germany after getting invited by Stefan Sperling (stsp@):

Stefan Sperling and I started a discussion in November about a CGI program, which would work in httpd(8), use the Game of Trees library along with the kcgi library by Kristaps Dzonsons, to display repository information in a browser. I was getting frustrated with working on my own project and was looking for something else to hack on. So, I told Stefan that I'd take a crack at Gotweb.

Read more…

u2k20 Hackathon Report: Alexandr Nedvedicky on PF anchors work

Contributed by Peter N. M. Hansteen on from the puffing up for re-anchoring dept.

The first report from the just concluded u2k20 hackathon comes from Alexandr Nedvedicky (sashan@), who writes:
How to read a commit message (a.k.a. thank you Thomas for u2k20)

Commit messages just capture the brief summary of changes. Believe it or not, there is a story behind every single commit you may find in a project history. Especially if you read there a short phrase 'discussed with many' or 'input by many'. In cases like this you can always bet the story is not short.

Read more…

Firefox pkg for 6.6-stable will not receive latest updates. [Updated]

Contributed by Janne Johansson on from the old-code-rusts, new porters shine dept.

An update has now been committed to the -stable branch for the latest firefox version, and the package is available for updating!

Previously, solene@ wrote:
Dear OpenBSD users, due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won't receive updates for www/mozilla-firefox, so it will remain vulnerable to MFSA2020-03 and vulnerabilities that may appear after.

Read more…

Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019

Contributed by Tom Smyth on from the questioning the questions dept.

Tom Smyth writes in about an interview he did with Theo de Raadt in between g2k19, the general hackathon in Ottawa, and BSDCAN 2019:

Have you ever wondered about the whys and the hows Theo and his friends in OpenBSD relentlessly pursue security perfection in computer operating systems and the software that runs on them? Or perhaps you are more concerned with much deeper questions like : What operating system does Theo use on his Laptop? Who is his favourite developer? Who is his favourite user / sysadmin? Or you are just in need of some serious life tips on dealing with trolls?

Ok enough with the superficial questions… lets let Theo do the talking… check out the video here

A big Thank you goes to Theo for his time in the interview. I enjoyed making it with him, and I hope you all enjoy it, and I hope the wider public learn something new from it too.

Many thanks to Theo indeed, and also to Tom for doing the interview. We hope to see more soon!

e2k19 Hackathon Report: Stefan Sperling on GoT and wireless

Contributed by Paul 'WEiRD' de Weerd on from the games of snowy trees dept.

Next up from the snowy Elk Lakes area with his Hackathon Report is Stefan Sperling (stsp@):

My hike to the Elk Lakes hut was more pleasent this time compared to last time (s2k17). Partly because the weather was better overall this time around. And I knew what to expect and had planned ahead better. I had left my thick and heavy jacket at home which had turned out to be a nuisance, being too warm and too heavy for hiking. I packed a light and thin rain jacket instead to protect against wind and rain, but we didn't get either so the jacket stayed in the bag. My backpack still felt a bit heavy on the hike in, but that was due to lunch snacks which were all eaten up by the time we hiked back out.

Read more…

Meet Radiant Award Recipient Claudio Jeker

Contributed by rueda on from the radiant pufferfish dept.

The Internet Security Research Group and partners have announced that Claudio Jeker (claudio@) is the third Radiant Award recipient. From the announcement:

We’re excited to announce the third Radiant Award recipient, Claudio Jeker.

When we at ISRG think about the greatest threats to Web security today, the lack of Border Gateway Protocol (BGP) security might top our list. Claudio's passion for networking, his focus on security, and his talent as a software developer are enabling him to make great contributions to fixing this and other Web security problems. In particular, he is making great contributions to OpenBSD and OpenBGPD.

Congratulations Claudio!


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.6

0212020-02-24 SECURITY An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
0202020-02-17 SECURITY A missing range check in the vmm pvclock allows a guest to write to host memory.
0192020-01-30 SECURITY An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user.
0182020-01-30 RELIABILITY smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
0172020-01-17 SECURITY Execution Unit state was not cleared on context switch with Intel Gen9 graphics hardware.
0162019-12-20 SECURITY ripd(8) fails to validate authentication lengths.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]