OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
OpenSSH Security Advisory
Contributed by jcr on Sat Nov 9 18:29:43 2013 (GMT)
from the subcafinated dept.

An OpenSSH Security Advisory (partially quoted below) was released a few hours ago. Markus Friedl (markus@) found and fixed the issue in this commit. The change has also been back-ported to OpenBSD 5.4, and OpenBSD 5.3 has been upgraded to OpenSSH 6.4 to fix this issue. Errata for OpenBSD 5.4 and OpenBSD 5.3 have been updated, and patches are available.

    A memory corruption vulnerability exists in the post-
    authentication sshd process when an AES-GCM cipher
    ( or is
    selected during kex exchange.

    If exploited, this vulnerability might permit code execution
    with the privileges of the authenticated user and may
    therefore allow bypassing restricted shell/command

Please read the entire OpenSSH Security Advisory since it contains more information and may be updated.

[ 0 comments ] (flat) (expanded)

OpenBSD adds fuse(4) support for adding file systems in userland
Contributed by tbert on Fri Nov 8 08:28:19 2013 (GMT)
from the short-fuse dept.

With a tiny commit log message, Sylvestre Gallon (syl@) makes a wonderfully huge change. Of course, there were tons of other commit log messages leading up to enabling fuse(4) support in OpenBSD, but this one turned on the lights so to speak. We tracked down Sylvestre to get more information on his efforts...

Module name:	src
Changes by:	syl@	2013/11/01 07:54:45

Modified files:
	sys/conf       : GENERIC 
	lib            : Makefile 

Log message:
enable fuse.

ok deraadt@

[ 3 comments 1123d19:26 ago ] (flat) (expanded)

Heads Up: Syntax change for smtpd.conf(5)
Contributed by tbert on Thu Nov 7 07:32:15 2013 (GMT)
from the ch-ch-ch-changes dept.

Eric Faurot (eric@) has just committed an improved parser and format for the OpenSMTPD configuration file smtpd.conf(5). Since this is a change to both syntax and behaviour, you must check your configuration prior to upgrading. There are examples for configuration conversion on faq/current.html.

Module name:	src
Changes by:	2013/11/06 03:01:29

Modified files:
	usr.sbin/smtpd : bounce.c envelope.c lka.c lka_session.c mta.c 
	                 mta_session.c parse.y ruleset.c smtp.c 
	                 smtp_session.c smtpd.c smtpd.conf.5 smtpd.h 
	                 ssl.c ssl.h to.c 

Log message:
Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.

[ 0 comments ] (flat) (expanded)

OpenBSD adds support for XBox360 controllers
Contributed by tbert on Wed Nov 6 08:28:02 2013 (GMT)
from the control-freak dept.

With the following commit, Jeremy Evans (jeremy@) has added OpenBSD XBox360 controller support as a uhid(4) device. As always when faced with an interesting commit message, the correct thing for any self-respecting undeadly editor to do is, well, start begging the developer for an interview...

Module name:	src
Changes by:	jeremy@	2013/10/24 21:09:59

Modified files:
	sys/dev/usb    : uhidev.c 
Added files:
	sys/dev/usb    : uhid_rdesc.h 
Removed files:
	sys/dev/usb    : ugraphire_rdesc.h 

Log message:
Add support for Microsoft XBox 360 controller as a uhid. It doesn't use
the standard interface class and doesn't have a report descriptor, so
use a manually created one.

[ 4 comments 1167d18:01 ago ] (flat) (expanded)

b2k13 hackathon report: Henning Brauer (henning@) on Lazy IP Checksumming
Contributed by weerd on Tue Nov 5 10:08:10 2013 (GMT)
from the the-sum-of-all-evil-packets dept.

Henning Brauer (henning@) just sent in his report from the b2k13 hackathon, but there's also a short interview with Henning over on which you might enjoy.

Berlin was a really convenient hackathon location for me, since getting there from Hamburg feels like a little longer S-Bahn ride. The fast ICE train makes it only a 90 minute trip. I arrived half a day later than intended due to work interfering, but I quickly got going.

[ 0 comments ] (flat) (expanded)

OSPF over IPsec
Contributed by tbert on Tue Nov 5 07:52:47 2013 (GMT)
from the shortest-path-measuring-contest dept.

Maxim Bourmistrov (maxim<at>unixconn<dot>com) wrote in to tell us about his Open Shortest Path First (OSPF) over IP Security Protocol (IPsec).

While looking for a solution for OSPF over IPsec, I found a lot of articles about how to do this over gre(4). The other possibility is to use gif(4) instead. I've tested both and was not quite happy with results. The gre(4) approach had some generic issues and the gif(4) approach had problems with multicast at times. Yet, I need to have "OSPF over IPsec" up and running.

Luckily, I remembered Theos' presentation about vether(4). While Theos' presentation was mostly written from developer perspective and not from administrators point of view, he left some clues about how this can be done.

The info below is how I do "OSPF over IPsec", or should I say "OSPF on top on vether on top of gif on top of IPsec".

[ 10 comments 1170d30m ago ] (flat) (expanded)

BSDNow Interview With Henning Brauer (henning@)
Contributed by jcr on Sat Nov 2 00:05:57 2013 (GMT)
from the henning-loves-capitalism dept.

Allan, Kris, and TJ, the masterminds behind BSDNow, have released Episode 009 containing their interview of Henning Brauer (henning@) at EuroBSDCon 2013 in Malta. They also mention the recent work of Stefan Sperling (stsp@) on boot(8) support for keydisk-based softraid crypto volumes (undeadly will provide more in-depth coverage soon), the addition of XBox360 controller support by Jeremy Evans (jeremy@), and the previously covered addition of Unattended Installation support added by Uwe Stühler (uwe@).

[ 1 comment 1172d6:58 ago ] (flat) (expanded)

OpenBSD 5.4 Released!
Contributed by jcr on Fri Nov 1 14:43:12 2013 (GMT)
from the my-favorite-things dept.

November 1st 2013, Calgary, Alberta and elsewhere:

The OpenBSD project has announced the release of OpenBSD 5.4, the project's 35th release on a steady six month release cycle.

You can order a CDROM set to help support the project.

Notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions.

[ 4 comments 1168d1:50 ago ] (flat) (expanded)

b2k13 hackathon report: Landry Breuil (landry@) on mozilla and other porting projects
Contributed by jcr on Fri Nov 1 11:05:52 2013 (GMT)
from the what-if-mozilla-was-one-of-us dept.

Next in line with his tale from the b2k13 hackathon in Berlin is Landry Breuil (landry@):

I had no plans for this hackathon (as usual, you never manage to do anything you planned anyway) and all in all it went pretty well.

[ 0 comments ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Tuesday, October 29
13:39 OpenBSD Adds Unattended Installation Support (7)
Monday, October 28
21:02 Slow Brute Force Attacks On SSH (1)
Friday, October 25
08:50 b2k13 hackathon report: Florian Obser (florian@) on nginx.conf(5), slowcgi (1)
07:15 b2k13 hackathon report: Sebastian Reitenbach (sebastia@) on GNUstep sope sogo (0)
Thursday, October 24
12:37 AsiaBSDCon 2014 Announced (3)
07:32 b2k13 hackathon report: Mike Larkin (mlarkin@) on i386 and amd64 hibernation (0)
Wednesday, October 23
14:33 OpenBSD 5.4 preorders arriving in Europe (5)
06:51 b2k13 hackathon report: Miod Vallat (miod@) on UTF-8 wscons (30)
08:00 b2k13 hackathon report: Stefan Sperling (stsp@) on athn(4), softraid, ports (0)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata

OpenBSD Resources

Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]