OpenBSD Journal

OpenBSD Journal

RAID 1C boot support added

Contributed by rueda on from the redundant-inscrutability dept.

Stefan Sperling (stsp@) has committed support for RAID 1C [mirroring and encryption] boot to -current on the amd64 platform:

CVSROOT:	/cvs
Module name:	src
Changes by:	stsp@cvs.openbsd.org	2022/08/12 14:17:46

Modified files:
	share/man/man4 : softraid.4 
	sys/arch/amd64/stand/efi32: efidev.c 
	sys/arch/amd64/stand/efi64: efidev.c 
	sys/arch/amd64/stand/efiboot: efidev.c 
	sys/arch/amd64/stand/libsa: biosdev.c softraid_amd64.c 
	sys/lib/libsa  : softraid.c 

Log message:
add support for booting from RAID 1C softraid(4) volumes on amd64

Only boot-loader changes are needed. Both installboot(8) and
the kernel already do what is required to make this work.

ok kn@

Tested:
biosboot on vmm: kn, stsp
biosboot and efiboot on server hardware: stsp

Support on the arm64 platform can be expected soon.

Great work, Stefan (and Klemens, and everyone else involved)!

sftp-server(8) gains support for home-directory request

Contributed by rueda on from the ~goodness dept.

Damien Miller (djm@) has committed home-directory request to sftp-server(8):

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2022/08/11 23:20:28

Modified files:
	usr.bin/ssh    : sftp-server.c PROTOCOL 

Log message:
sftp-server: support home-directory request

Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing expand-path@openssh.com, but uses a more official protocol name,
and so is a bit more likely to be implemented by non-OpenSSH clients.

From Mike Frysinger, ok dtucker@

/usr/games removed from the default $PATH

Contributed by rueda on from the playground-police dept.

In -current, /usr/games has been removed from the default $PATH. Theo Buehler (tb@) committed the change:

CVSROOT:	/cvs
Module name:	src
Changes by:	tb@cvs.openbsd.org	2022/08/10 01:40:37

Modified files:
	etc/skel       : dot.cshrc dot.profile 

Log message:
Remove games from the default $PATH in /etc/skel

The games are a playground for developers. Their code is very old and full
of bugs.

ok deraadt kn

So when you next sit down on a fresh snapshot install and want to do a quick rot13 or do a round of tetris, you may need to specify the full path.

Alternatively, you could dig into the code and see if you can fix a bug or two.

Even more randomness

Contributed by rueda on from the and-how-would-sir-like-his-randomness? dept.

Damien Miller (djm@) committed a change randomising the rekeying interval in arc4random(3) (and friends):

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2022/07/30 23:10:36

Modified files:
	lib/libc/crypt : arc4random.c 

Log message:
Randomise the rekey interval a little. Previously, the chacha20
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.

Feedback deraadt@ visa@, ok tb@ visa@

-current has moved to 7.2-beta

Contributed by rueda on from the here-we-go-again dept.

With the following commit(s), Theo de Raadt (deraadt@) moved -current to version 7.2-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/07/20 09:12:39

Modified files:
	sys/conf       : newvers.sh 
	sys/sys        : param.h 
	etc/root       : root.mail 
	usr.bin/signify: signify.1 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 

Log message:
move to 7.2-beta.  this gets done very early, to avoid finding out
version number issues close to release

Snapshots are (already) available for several platforms.

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Game of Trees 0.74 released

Contributed by grey on from the new key bindings yet familiar for users of vi & less is more! dept.

For those who have been paying attention to the Game of Trees development list, there has been a lot going on with got(1). Apologies here at undeadly for having missed some release announcements!

Having written as much, got 0.74 was released on July 14th, 2022!

Release notes may be found here: https://gameoftrees.org/releases/CHANGES

The -portable release also got some attention, and those release notes may be found here: http://gameoftrees.org/releases/portable/CHANGELOG

Read more…

rpki-client 7.9 released

Contributed by Peter N. M. Hansteen on from the all keyed up dept.

A fairly critical component of routing security infrastructure, rpki-client, has a new release out, version 7.9.

The announcement leads in,

rpki-client 7.9 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads and BGPsec Router keys in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks.

Read the whole thing here and grab the new release at your favorite OpenBSD mirror.

In -current, dhclient(8) now just logs warnings and executes ifconfig(8)

Contributed by rueda on from the going-going- dept.

Theo de Raadt (deraadt@) committed the change:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/07/02 11:21:32

Modified files:
	sbin/dhclient  : dhclient.c 

Log message:
dhclient(8) has been undergoing replacement with "ifconfig xxx inet auto"
for a couple of years, backed by dhcpleased(8), which provides much better
dns handling.  The next step is to make the dhclient simply execve
ifconfig in that way, and provide syslog warnings about deprecated options
along the way.  This way, we can find the last few dhclient users, and what
they are missing.
ok florian krw

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.1

0092022-08-12 SECURITY A missing length check in zlib could lead to a heap buffer overflow.
0082022-08-02 RELIABILITY bgpd(8) could fail to invalidate nexthops and incorrectly leave them in the FIB or Adj-RIB-Out.
0072022-07-24 RELIABILITY cron(8) aborted due to strange poll timevals.
0062022-07-24 SECURITY Input validation failures in the X server request parsing code can lead to out of bounds memory accesses for authorized clients.
0052022-05-16 SECURITY Malicious PPPoE packets could corrupt kernel memory.
0042022-05-16 RELIABILITY libcrypto would incorrectly decode certain ASN.1 objects.

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]