OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
mdocml-1.12.3 Released
Contributed by tbert on Thu Jan 2 06:57:37 2014 (GMT)
from the man-of-docs dept.

Ingo Schwarze (schwarze@) wrote in to tell us about the new release of mdocml (mandoc):

I have just released version 1.12.3 of mdocml = mandoc on http://mdocml.bsd.lv/.

This is a stable maintenance and bugfix release not changing any major functionality or interfaces. All users and downstream distributions are encouraged to upgrade from whatever earlier version they happen to be using.

The two main new features are in mdoc(7) parsing and output: In the SYNOPSIS, function declarations now break the line at better places and indent more nicely. This was accomplished with help from Franco Fichtner (franco@DragonFlyBSD). And mdoc(7) macro arguments now handle the quoting of quote characters correctly, thanks to a patch from Tsugutomo ENAMI (enami@NetBSD). There are several additional bug fixes and tiny new features; for more details, see http://mdocml.bsd.lv/.

Read more...
[topicopenbsd]
[ 0 comments ] (flat) (expanded)

Heads Up: atexit(3) Moved
Contributed by tbert on Wed Jan 1 06:25:06 2014 (GMT)
from the cant-find-the-right-door dept.

Due to internal changes in how atexit(3) is implemented, upgrades from source require a special set of steps:

To support the use of atexit(3) in dynamically loaded shared objects, atexit(3) is now
provided by the C runtime startup files. If you want to upgrade via source you will need
to build and install new C runtime startup files first:

  cd /usr/src/lib/csu
  make clean
  make obj
  make depend
  make
  make install

Now you can follow the standard procedure outlined in release(8).

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

Boot-Time Randomness
Contributed by tbert on Mon Dec 30 16:57:31 2013 (GMT)
from the mathematically-impossible-to-guess-what-you-got-for-christmas dept.

Initial support for boot-time availability of high-quality random numbers has been committed:

From: Theo de Raadt 
To: tech@openbsd.org
Subject: Randomization from the bootblocks

Over the holidays I've written code to do something we've
talked about for a long time but never gotten around to.

The bootblocks are now capable of providing entropy to the
kernel very early on.

This requires an upgrade of the bootblocks and at least
/etc/rc (which saves an entropy file for future use).  Some
bootblocks will be able to use machine-dependent features
to improve the entropy even further (for instance using
random instructions or fast-running counters or such).

As a result, the kernel can start using arc4random()
exceedingly early on, even before interrupt entropy is
collected.  The randomization subsystem can hopefully
become simpler due to this early entropy.. there is more
work do here.

At least i386, amd64, macppc, sparc64, hppa, and loongson
are supported.  Hopefully the others are not far behind.

Because many in-kernel consumers of randomness are initialised very early, this means that the in-kernel protections derived from randomness should now be much better.

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

Heads Up: i386 moves to PIE
Contributed by tbert on Sun Dec 29 12:53:37 2013 (GMT)
from the cake-is-a-lie dept.

Following up on the commit that enabled the change, Theo de Raadt (deraadt@) wrote in to tech@ with a note concerning care to be taken during upgrades now that i386 runs PIE executables.

From: Theo de Raadt 
To: tech@cvs.openbsd.org
Subject: i386 switched to PIE

The i386 architecture has now been switched to PIE.  There is a small
performance hit, but this part of ASLR is valuable combined with
W^X and the stack protector.

This is a non-trivial upgrade, so please be careful.  Check the FAQ
for details or use a snapshot.

As it says in the commit message, special steps are required for upgrading from source, so check the instructions for doing so, if not upgrading via snapshots.

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

BSDNow Episode 016: Cryptocrystalline
Contributed by tbert on Tue Dec 24 14:43:36 2013 (GMT)
from the slacking-editors dept.

In BSDNow Episode 016: Cryptocrystalline there is an interview with Damien Miller (djm@ @damienmiller) titled "Cryptography in OpenBSD and OpenSSH" along with an article titled "Secure communications with OpenBSD and OpenVPN" and tutorial about "Full disk encryption in FreeBSD and OpenBSD"

The BSDNow show is recorded live on Wednesdays at 2pm Eastern Standard Time and then the live recording is edited into the video and audio files released the following Friday afternoon. Due to time constraints and live recordings, it's always best to check their website show notes and tutorial pages for updated information. As TJ said, "It's a community-driven project," so if you want to help out, you can send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Available audio and video recordings:
SD Video | HD Video | MP3 Audio | OGG Audio | Youtube | Torrent | iTunes MP3 | Roku

[topicbsdnow]
[ 0 comments ] (flat) (expanded)

strlcpy(3) Use in 3rd Party Software
Contributed by tbert on Tue Dec 24 13:03:02 2013 (GMT)
from the decoded-symbols dept.

Theo de Raadt (deraadt@) penned a missive titled "On the matter of strlcpy/strlcat acceptance by industry":

From time to time, there are people who say that strlcpy and strlcat
are stupid.

This is a little frustrating because we just want developers to have
an easier time writing/auditing string code to avoid overflows and
truncations, especially considering so many standard C APIs require
fixed length strings or have other limits, and will in the forceable
future.

You probably all know about the mainstream users of these functions,
like the Linux kernel, or MacOS, or the other BSD's, and Solaris.  But
there are many, many more, and it is time to show the global
strlcpy'ing deniers the reality.

I've collected some statistics to see how much upstream software use
these functions.

The (elided) rest of the message below the fold; the full lists of software can be found at the link to the mailing list archive.

Read more...
[topicopenbsd]
[ 1 comment 944d4:58 ago ] (flat) (expanded)

OpenSMTP Update(s)
Contributed by tbert on Tue Dec 24 15:33:06 2013 (GMT)
from the stuck-in-the-queue dept.

Gilles Chehade (gilles@) has a recent blog post up about recent and upcoming work on OpenSMTPd, the greatest thing ever to happen to email†.

When I wrote the last blog post, we had just released 5.3.2 which was a minor release that fixed a few non-critical bugs that were reported to us since the first major release a few months earlier.

A while later, we released another minor release, 5.3.3, that also fixed minor bugs and brought some new non-invasive features to deal with common use-cases reported by our increasing user base.

OpenSMTPD 5.3.3 was very stable, it's been running on busy servers at work and we did not experience any bug with it while accepting and routing millions of daily messages with remote hosts on several machines.

It was a nice release for what it's worth :-)

What now ?

Well, we didn't stop hacking on OpenSMTPD and since 5.3.3 we have gone through lots of simplifications and adding new features. There are actually so many changes that a blog post can't possibly go through all of it but I'll discuss some of the most important and visible ones.

We have released new major version 5.4.1 a few days ago, and the features that are described below are all part of it. It is a very good release IMO and you should definitely take time to switch your 5.3.x setups to this new one.

If you hadn't caught it before, his previous update is also worth going through to get a glimpse into how this project has been improving over the last year.

† statement may not be factual

[topicopensmtpd]
[ 1 comment 946d12:23 ago ] (flat) (expanded)

OpenBSD ruBSD Talks Online
Contributed by tbert on Mon Dec 23 08:03:36 2013 (GMT)
from the are-you-bsd? dept.

Fresh from a successful tour of the motherland, our fearless OpenBSD devs have placed their ruBSD 2013 talks online:

[topicopenbsd]
[ 5 comments 937d23:19 ago ] (flat) (expanded)

USENIX LISA 2013 Managing Access Using SSH Keys [video]
Contributed by tbert on Thu Dec 19 05:11:12 2013 (GMT)
from the a-usenix-conference-for-an-old-apple-product dept.

Tatu Ylönen invented the Secure Shell (SSH) protocol in 1995 and even the history of OpenSSH mentions how OpenSSH is a derivative of the original free ssh 1.2.12 he released. He is also the founder and CEO of SSH Communications Security which sells a commercial version of ssh. A few more details can be found on the USENIX LISA 2013 page for "Managing Access Using SSH Keys" but the audio and video files are linked below.

SSH user keys are ubiquitously used for accessing information systems by automated processes and system administrators. Many large organizations have hundreds of thousands of keys granting access, with many keys providing privileged access without auditing or controls. The talk educates the audience about risks arising from unmanaged access using SSH keys; discusses what is required by compliance mandates; outlines how to establish effective operational processes for provisioning, terminating, and monitoring SSH user key based access; and outlines how to understand and remediate SSH user keys in an existing environment.

Editor's note: This talk is, in no small part, a push for a commercial product; the issues raised in regards to lax management of SSH keys, however, are valid enough to warrant careful consideration of one's own key regime.

Available audio and video formats:
Video MP4 | Video WEBM | Audio MP3 | Audio OGG

[topicopenssh]
[ 0 comments ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Tuesday, December 17
08:19 tmpfs Enabled in -current (13)
Friday, December 13
15:04 BSDCan 2014 CFP (0)
Tuesday, December 10
09:39 FuguIta - An OpenBSD 5.4 + Patches LiveCD/LiveUSB (2)
Wednesday, December 04
09:02 ChaCha20 and Poly1305 in OpenSSH (5)
Tuesday, December 03
07:02 BSDNow Episode 013: Bridging the Gap - OpenBSD Router Part 2 (1)
Monday, December 02
07:57 Is Your Stack Protector Working? (7)
Thursday, November 28
02:50 Support For Shared Named Semaphores (0)
02:48 The 2013 Chuck Yerkes Award Goes To... (0)
Wednesday, November 27
02:51 OpenBSD Foundation Now Accepts Bitcoin Donations (3)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata
[xml]

OpenBSD Resources

XML/RSS/RDF
Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]