OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
OpenBSD is Now Distributing Signed Patches
Contributed by weerd on Fri May 2 10:30:57 2014 (GMT)
from the significant-signs dept.

After the inaugural email appeared, Ted Unangst (tedu@) clarified the new policy regarding the announcement of patches:

Starting today, we're going to try sending patches out via email so you don't miss them.

Several previous errata have also been recently published for OpenBSD 5.4 and 5.5. We won't be mailing them out individually since they aren't new, but you should check the web site for details.

Refer to http://www.openbsd.org/errata55.html and errata54.html.

(Also note that OpenBSD 5.3 is officially end of life and will not be receiving any more patches.)

He sent a separate, longer email explaining in greater depth the new policy:

Read more...
[topicsecurity]
[ 3 comments 784d12:54 ago ] (flat) (expanded)

m2k14 report: jasper@ on puppet, misc ports and Octeon
Contributed by tbert on Fri May 2 08:44:23 2014 (GMT)
from the master-of-puppets dept.

Jasper Lievisse Adriaanse (jasper@) managed to stay out of the libressl flensing, concentrating on some long standing bug and patch pushing:

When I arrived in Marocco I had a few small things I wanted to look at, which I naturally ended up spending most of my time on. While Puppet generally works great on OpenBSD, the port itself was in dire need of some cleaning and pushing patches upstream. While working on the port I finally sat down to iron out some (the last?) bugs in the "ensure => latest" patch we have to update packages to their latest version. Moving Puppet and all the related components of the stack to use Ruby 2.0 (instead of 1.9) concludes my work on Puppet for m2k14.

Read more...
[topicm2k14]
[ 0 comments ] (flat) (expanded)

BSDNow Episode 035: Puffy Firewall
Contributed by tbert on Fri May 2 06:18:40 2014 (GMT)
from the Puffy the fire-breather dept.

The latest BSDNow episode is a PF special, featuring various news, some of which you've seen here, and an interview with Book of PF author (and undeadly.org co-editor) Peter Hansteen about our favorite operating system and related matters. The Episode 35 home page has videos in various formats.

[topicbsdnow]
[ 1 comment 783d13:36 ago ] (flat) (expanded)

m2k14: Antoine Jacoutot on GNOME, Heimdal, and Further Heartbleed Fallout
Contributed by tbert on Thu May 1 17:37:35 2014 (GMT)
from the who-then-will-sound-the-gjallarhorn dept.

Antoine Jacoutot (antoine@) tells us about the wrangling of mythical beings, big and small:

Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 "unprepared" about what I was going to do.

Read more...
[topicm2k14]
[ 0 comments ] (flat) (expanded)

OpenBSD 5.5 Released
Contributed by jj on Thu May 1 15:32:48 2014 (GMT)
from the warp in time dept.

As you can now easily tell from the OpenBSD main web site, OpenBSD 5.5 has been released.

Looking at the release announcement and other sources such as the release page, it's easy to see that there are numerous goodies in store for you: A whole new traffic shaping system to replace ALTQ, 64-bit time_t, cryptographically signed base sets and packages, automatic installation features, improved hardware support, and more.

And if you haven't already, a good way to say a big thank you to Theo and the other developers is to go to the orders site and buy CD sets, T-shirts and other items. Direct donations are welcome too, of course.

[topic55]
[ 7 comments 774d19:52 ago ] (flat) (expanded)

Privilege Separated Key Handling added to relayd(8) and smtpd(8)
Contributed by tbert on Wed Apr 30 16:31:33 2014 (GMT)
from the don't want to bleed all over the keys dept.

In the space of only a few days Reyk Floeter (reyk@) added privilege separated private key handling for two important network-facing daemons, relayd(8) and smtpd(8).

The model was introduced to relayd(8) in this commit on April 18, 2014, and on April 29, 2014 the privilege separated key handling was added to smptd(8) too in this commit.

One more data point for why OpenBSD 5.6 will be, for lack of a better word, awesome.

Read more...
[topicopenbsd]
[ 3 comments 787d21:09 ago ] (flat) (expanded)

Compiling OpenSSH No Longer Requires Linking in OpenSSL
Contributed by pitrh on Tue Apr 29 18:38:36 2014 (GMT)
from the SSH! SSLide closer! dept.

It's a move that has been mulled and polished on and off for a while before the Heartbleed kerfuffle that lead to our own LibreSSL fork, but with this commit Markus Friedl (markus@) has made linking with OpenSSL optional for building OpenSSH.

Read more...
[topicopenssh]
[ 11 comments 787d19:45 ago ] (flat) (expanded)

m2k14: Ken Westerback on Installation, Disklabel Bugs, and Experiments in Sleep Deprivation
Contributed by tbert on Wed Apr 30 04:53:46 2014 (GMT)
from the no-sleep-until-dhcp-lease-expires dept.

Frequent contributor Ken Westerback (krw@) writes in with his report from the Sunny Climes of Marrakech...

I arrived in Marrakesh with guenther@, and after the usual hard bargaining (how much? 100MAD. OK) we got the taxi to take us to the hotel and were guided to the hackroom by logan@.

I immediately started to work on improved dhclient daemonization. This lasted a few hours until LibreSSL exploded on the scene. Spent a day or two working on some bits of LibreSSL but returned to more quiet waters after rewriting b_sock.c and failing to figure out how these changes could be tested.

I worked with rpe@ and halex@ on improving network configuration in the install scripts. I fixed a timestamp problem in msdosfs. I worked with otto@ on a disklabel bug, fixed a bug in dhclient related to multiple lease offers, worked with sthen@ to make dhclient's -L option more useful for monitoring programs like 'entr', and fixed various buglets in dhclient.

I also experimented with staying up late with henning@ but getting up early with guenther@. I don't recommend this. Excellent hacking facilities and nice job of organization by Loganaden! The 90 minute off-the-cuff lecture by guenther@ to a surprise audience of students was a priceless tour de force aided by multimedia maestro reyk@

Many thanks to Ken for braving the time dilution qualities of henning@ and guenther@ for us.

[topicm2k14]
[ 0 comments ] (flat) (expanded)

Tedu Kerberos from LibreSSL?
Contributed by tbert on Tue Apr 29 06:29:51 2014 (GMT)
from the alas-poor-srp-we-hardly-knew-ye dept.

Ted Unangst (tedu@) of tedu fame writes in to tech@ asking whether or not there are users of Kerberos or SRP (Secure Remote Password) who need the functionality:

Hi there. I'm trying to find somebody who is actually using either Kerberos or SRP support in libssl. I'm inclined to remove support for them. While the bulk of the code sits off to the side, the integration requires adding several additional cases to some of the most critical paths.

For reference, OpenBSD hasn't ever compiled support for either of these features and I haven't seen many complaints. The code has all the hallmarks of something that somebody needed once, threw over the fence, and has been barely maintained on life support ever since. That said, we'd rather not be too hasty in deleting it because unbeknownst to us, it could be useful.

We're looking for somebody to stand up and say "Not only do I need SRP support, but I'm sufficiently invested that I'd like to help maintain it."

Note that I'm not looking for negative responses. You don't need to tell me you think it's ok to delete these features. I already think that.

Also note that I'm not really interested in rumors or whispers. You don't need to tell me that it's possible somebody else uses Kerberos. I know it's possible, that's why I'm asking. I'd like to know who.

Thanks.

If you or one of your loved ones has a need for this, speak now or resurrect the code from the attic.

[topicopenbsd]
[ 4 comments 788d8:01 ago ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Tuesday, April 29
03:43 OpenBSD Foundation's Google Summer of Code Projects Announced (0)
Friday, April 25
11:44 m2k14: Stuart Henderson on Triage (6)
12:20 KerberosV removed from -current (0)
Wednesday, April 23
22:18 It's Official: The OpenSSL Overhaul Is A Fork: Welcome LibreSSL in OpenBSD 5.6 (56)
Tuesday, April 22
15:02 Faster and more capable whatis(1)/apropos(1) (5)
Monday, April 21
17:19 Call for Testing: vlan(4) improvements (Update updated) (1)
Saturday, April 19
11:44 ALTQ removed from -current (2)
Friday, April 18
15:28 One week of OpenSSL cleanup (21)
Thursday, April 17
14:03 m2k14: Hackathon Begins (0)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata
[xml]

OpenBSD Resources

XML/RSS/RDF
Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]