undeadly.org Open in urlscan Pro
2a02:898:28:500::1  Public Scan

Form analysis
1 forms found in the DOM

POST https://undeadly.org/cgi

<form action="https://undeadly.org/cgi" method="post" autocomplete="off" autocapitalize="none">
  <input type="hidden" name="action" value="search">
  <input id="f_q" type="text" name="q" required="">
  <input type="submit" title="We canardly search!" name="submit" value="Search site">
</form>

Text Content

OpenBSD Journal

Home Archives About Submit Story Create Account Login


OPENBSD JOURNAL


OPENBGPD 8.4 RELEASED

Contributed by Peter N. M. Hansteen on 2024-03-07 from the routed in a route,
bordering dept.

The OpenBSD Border Gateway Protocol (BGP) routing daemon OpenBGPD has a new
version out, version 8.4.

The release announcement reads,



> Subject:    OpenBGPD 8.4 released
> From:       Claudio Jeker <claudio () openbsd ! org>
> Date:       2024-03-07 13:12:51
> 
> We have released OpenBGPD 8.4, which will be arriving in the
> OpenBGPD directory of your local OpenBSD mirror soon.

Read more…

No comments


RPKI-CLIENT 9.0 RELEASED

Contributed by Peter N. M. Hansteen on 2024-03-03 from the key my route dept.

In what can only be called a great stride forward in routing security, Sebastian
Benoit (benno@) announced the availability of rpki-client version 9.0.

The announcement reads,

> Subject:    rpki-client 9.0 released
> From:       Sebastian Benoit <benno () openbsd ! org>
> Date:       2024-03-03 17:24:06
> 
> rpki-client 9.0 has just been released and will be available in the
> rpki-client directory of any OpenBSD mirror soon. It is recommended
> that all users update to this version for improved reliability.
> 
> rpki-client is a FREE, easy-to-use implementation of the Resource
> Public Key Infrastructure (RPKI) for Relying Parties (RP) to
> facilitate validation of BGP announcements. The program queries the
> global RPKI repository system and validates untrusted network inputs.
> The program outputs validated ROA payloads, BGPsec Router keys, and
> ASPA payloads in configuration formats suitable for OpenBGPD and BIRD,
> and supports emitting CSV and JSON for consumption by other routing
> stacks.



Read more…

No comments


OPENBSD -CURRENT DROPS -BETA TAG, GOES TO 7.5

Contributed by Peter N. M. Hansteen on 2024-02-29 from the puffing up the
versions again dept.

A clear sign that the OpenBSD 7.5 release cycle is entering the final phases
just emerged.

In this commit, Theo de Raadt (deraadt@) changed the version string to 7.5:

> From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
> Date:       2024-02-29 17:05:10
> 
> CVSROOT:	/cvs
> Module name:	src
> Changes by:	deraadt@cvs.openbsd.org	2024/02/29 10:05:10
> 
> Modified files:
> 	sys/conf       : newvers.sh 
> 
> Log message:
> move from 7.5-beta to 7.5

Read more…

No comments


IPV6 FOR PPP(4) ENABLED IN -CURRENT.

Contributed by Janne Johansson on 2024-02-28 from the upppgrading to the sixes
dept.

In this commit, Denis Fondras (denis@) added code to allow IPv6 over PPP. The
message reads,



> Subject:    CVS: cvs.openbsd.org: src
> From:       Denis Fondras <denis () cvs ! openbsd ! org>
> Date:       2024-02-28 16:08:34
> 
> CVSROOT:	/cvs
> Module name:	src
> Changes by:	denis@cvs.openbsd.org	2024/02/28 09:08:34
> 
> Modified files:
> 	share/man/man4 : ppp.4 
> 	sys/net        : if_ppp.c if_pppvar.h 
> 
> Log message:
> Enable IPv6 AF for ppp(4)
> 
> OK claudio@

With this one commit, the brave new world of IPv6 opens up to a whole chunk of
traditional-style Internet users.

No comments


MWX(4), ANOTHER NEW WI-FI DRIVER, ADDED TO -CURRENT

Contributed by rueda on 2024-02-23 from the it's-raining-wi-fi-drivers dept.

Hot on the heels of qwx(4) [see earlier report], and soon after going -beta,
-current has gained another new wi-fi driver - mwx(4). Claudio Jeker (claudio@)
committed the import:

> CVSROOT:	/cvs
> Module name:	src
> Changes by:	claudio@cvs.openbsd.org	2024/02/21 03:48:10
> 
> Modified files:
> 	sys/dev/pci    : files.pci 
> Added files:
> 	sys/dev/pci    : if_mwx.c if_mwxreg.h 
> 
> Log message:
> Import mwx(4) a driver for Mediatek MT7921 and MT7922 802.11ax devices
> 
> This is work in progress. Scan works, RX of packets is more or less there
> but TX does not work yet. The packets are passed to the chip but get stuck
> or ignored there. It is easy to hang the device or the system since device
> reset is not quite right (like many other bits).
> 
> Also this is only for MT7921 right now since I have no access to a MT7922
> device.
> 
> Lots of pushing from deraadt@ to commit this now.

So, WIP and MT7921-only [at this stage], but very promising.

No comments


NEW CODE FOR SIGILL FAULTS HELP IDENTIFY MISBRANCHES

Contributed by Janne Johansson on 2024-02-22 from the don't pee on the electric
fence dept.

If you run recent OpenBSD on certain amd64 or aarch64 platforms, indirect
branching to an "unexpected" location will crash your program, in order to
prevent ROP attacks and similar ways to have your program execute code where it
shouldn't.

The OpenBSD compiler will insert an extra instruction in all the places where a
branch is supposed to land, and if it lands anywhere else, a CPU fault is raised
and your program gets an "Illegal Instruction".

Previously, crashes of this kind have looked more or less like any other kind of
fault where code is executing random data or from random locations, but since
the kernel knows when this has happened, we can make it explicit that the fault
is due to missing branch target instructions, which will help a lot when
debugging.

Link to the commit here.

1 comment (12d5:01 ago)


OPENBSD -CURRENT MOVES TO 7.5-BETA

Contributed by Janne Johansson on 2024-02-17 from the springtime for Puffy dept.

It's that time of the year again. With this commit, Theo de Raadt (deraadt@)
changed the version string for the OpenBSD development branch (i.e. -current) to
7.5-beta:

> CVSROOT:	/cvs
> Module name:	src
> Changes by:	deraadt@cvs.openbsd.org	2024/02/17 09:13:24
> 
> Modified files:
> 	sys/sys        : param.h 
> 	etc/root       : root.mail 
> 	sys/conf       : newvers.sh 
> 	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
> 	share/mk       : sys.mk 
> 	usr.bin/signify: signify.1 
> 
> Log message:
> move to 7.5-beta

With the upcoming release expected to appear in May, testing is particularly
welcome.

7.5-beta snapshots are already appearing on the mirrors.

2 comments (5d4:56 ago)


NEW WI-FI DRIVER, QWX(4), ENABLED IN -CURRENT

Contributed by rueda on 2024-02-16 from the qwx my line dept.

Stefan Sperling (stsp@) tooted regarding the addition of qwx(4) to -current:

> The next set of #OpenBSD amd64/arm64 snapshots will start shipping the qwx
> driver for #ath11k QCNFA765 wifi devices.
> 
> My part-time effort on this driver started about a year ago, with much help
> from mpi@, @bluerise, kettenis@, and claudio@
> 
> https://marc.info/?l=openbsd-cvs&m=170801475321249&w=2
> 
> Edit: And I should mention that the OpenBSD Foundation supports this effort.
> Thanks to everyone who donated!

The QCNFA765 is found in some laptops.

The driver currently supports only 11a/b/g modes.

Thanks to Stefan, his helpers, and The OpenBSD Foundation!

No comments


RPKI-CLIENT 8.9 RELEASED

Contributed by rueda on 2024-02-14 from the key-toning dept.

Sebastian Benoit (benno@) announced the release of version 8.9 of rpki-client.

Updating is recommended for "improved reliability".


Read more…

No comments


DONATE!

Donate to OpenBSD


FEATURES

We are constantly on the lookout for stories of how you put OpenBSD to work.
Please submit any informative articles on how OpenBSD is helping your company.


EARLIER ARTICLES

 * Wed, Feb 14
   * 07:05 Game of Trees 0.96 released (0)
 * Sun, Feb 04
   * 11:29 Soft updates (softdep) support removed from -current (29)
 * Mon, Jan 29
   * 06:01 pinsyscalls(2) work summarized by Theo de Raadt (0)
 * Thu, Jan 25
   * 06:44 KMS for Apple silicon machines (0)
 * Thu, Jan 18
   * 08:07 pinsyscalls(2) working in anger (1)
 * Mon, Jan 15
   * 17:07 Effortless OpenBSD Audio and Desktop Screen Recording Guide (0)
 * Thu, Jan 11
   * 10:59 DSA removal from OpenSSH (0)
 * Wed, Jan 03
   * 10:32 OpenBSD workstation hardening tips (0)
 * Mon, Jan 01
   * 09:32 TSO for em(4) committed to -current (1)


OPENBSD ERRATA

OpenBSD 7.4

0142024-02-29 SECURITY vmm(4) did not restore GDTR limits properly on Intel
(VMX) CPUs. 0132024-02-13 SECURITY DNSSEC protocol vulnerabilities have been
discovered that render various DNSSEC validators victims of Denial Of Service
while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387
and CVE-2023-50868 in unwind(8) and unbound(8). 0122024-01-16 SECURITY Fix
multiple xserver heap buffer overflows, out of bounds memory accesses and memory
corruption. CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886
CVE-2024-0408 CVE-2024-0409 0112023-12-18 SECURITY An SSH protocol weakness (the
Terrapin Attack) exists that allows an on-path adversary to disable keystroke
timing obfuscation. 0102023-12-14 SECURITY Fix out of bounds memory accesses in
XRandR and XKB X server extensions. CVE-2023-6377 CVE-2023-6478 0092023-12-10
RELIABILITY A race condition between pf(4)'s processing of packets and
expiration of packet states may cause a kernel panic.



OpenBSD 7.3

0262024-02-13 SECURITY DNSSEC protocol vulnerabilities have been discovered that
render various DNSSEC validators victims of Denial Of Service while trying to
validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and
CVE-2023-50868 in unwind(8) and unbound(8). 0252024-01-16 SECURITY Fix multiple
xserver heap buffer overflows, out of bounds memory accesses and memory
corruption. CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886
CVE-2024-0408 CVE-2024-0409 0242023-12-18 SECURITY An SSH protocol weakness (the
Terrapin Attack) exists that allows an on-path adversary to disable keystroke
timing obfuscation. 0232023-12-14 SECURITY Fix out of bounds memory accesses in
XRandR and XKB X server extensions. CVE-2023-6377 CVE-2023-6478 0222023-12-10
RELIABILITY vmm(4) restored stale GDTR & TR values on vm exit which could lead
to memory corruption or kernel deadlocks. 0212023-11-29 SECURITY A crafted
regular expression when compiled by perl can cause a one-byte attacker
controlled buffer overflow in a heap allocated buffer. CVE-2023-47038




OPENBSD RESOURCES

 * OpenBSD
 * The OpenBSD Foundation
 * OpenBSD Ports Readme
 * MARC
 * Commits on FreshBSD
 * -stable commits
 * OpenBSD discussions
 * Hungarian OpenBSD news
 * OpenBSD on Lobsters
 * #openbsd toots / tweets
 * LinkedIn group


XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve:

Options are available.


CREDITS

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and
comments are copyright their respective authors, submission implies license to
publish on this web site. Contents of the archive prior to April 2nd 2004 as
well as images and HTML templates were copied from the fabulous original
deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with
httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a.
Not subject to death; immortal. [Obs.]