 |
Damien Miller (djm@) Responds to Plaintext Recovery Attack Against SSH
|
Contributed by ray on Fri Nov 21 16:29:58 2008 (GMT)
from the DON'T-PANIC! dept.
Damien Miller (djm@) issued the following advisory regarding the recent attack against SSH:
OpenSSH Security Advisory: cbc.adv
Regarding the "Plaintext Recovery Attack Against SSH" reported as
CPNI-957037:
The OpenSSH team has been made aware of an attack against the SSH
protocol version 2 by researchers at the University of London.
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
information, we are unable to properly assess its impact.
Read more...
|
![[topicopenssh]](images/topicopenssh.gif)
|
[ 1 comment 4:12 ago ] (flat) (expanded)
|
|
Request for testing: Ethernet driver cleanup
|
Contributed by ray on Thu Nov 20 17:23:45 2008 (GMT)
from the low-level-packet-scrubbing dept.
Brad Smith (brad@) sent a big diff to tech@ that needs testing:
The following diff is the next step of some further cleaning
of the Ethernet ioctl handling code in the Ethernet drivers.
This takes advantage of the addition of MTU and multicast
handling to ether_ioctl() so some some duplicate code can be
removed from the individual drivers and simplifies things
a bit.
This needs testing with pretty much every NIC supported. Please
send me a dmesg with whatever you are able to test.
This mainly affects multicast handling which is used by things
such as IPv6, CARP and OSPF.
If you use networking, please test this diff!
Yes, this means you!
|
![[topicopenbsd]](images/topicopenbsd.gif)
|
[ 22 comments 4:39 ago ] (flat) (expanded)
|
|
Multi-channel multi stream improvements to aucat
|
Contributed by ray on Wed Nov 19 21:08:51 2008 (GMT)
from the multi-multi-multi dept.
Alexandre Ratchov and Jacob Meuser had an interesting e-mail exchange recently:
From: Jacob Meuser
Date: Sun, Nov 16, 2008 at 6:17 PM
Subject: Re: CVS: cvs.openbsd.org: src
To: source-changes@
On Sun, Nov 16, 2008 at 01:44:03PM -0700, Alexandre Ratchov wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: ratchov@ 2008/11/16 13:44:03
>
> Modified files:
> usr.bin/aucat : aucat.1 aucat.c listen.c sock.c
>
> Log message:
> allow aucat to listen on multiple sockets. Each socket carries its
> channel and volume settings allowing multiple configuration to
> coexist. Mostly useful for envy(4)-like devices, but can be used
> to force different apps to use different settings.
OMG! that's the coolest thing ever! thank you thank you thank you!!!
now *all* multi-channel devices can has multi-stream capabilities.
e.g. I can do VoIP on DAC and ADC channels 0 and 1, and play music
on DAC channels 2 and 3, and the person I'm calling doesn't hear
the music I'm playing on 2 and 3. so cool!
is this even possible on NetBSD/FreeBSD/linux???
Very cool stuff is happening in the audio department, great job guys!
|
|
[ 23 comments 9:08 ago ] (flat) (expanded)
|
|
Developer Blog: Large Piece of PIE
|
Contributed by ray on Tue Nov 18 21:56:15 2008 (GMT)
from the secure-pie-operating-system dept.
Kurt Miller (kurt@) writes,
PIE support changes were committed recently to gcc, csu and gdb.
- gcc: to add -fpie/-fPIE and -pie arguments
- csu: to compile the C Start Up objects position independent
- gdb: to add PIE debugging support
These changes build on top of prior work that enhanced ld.so to grok PIE, kernel changes to recognize and load PIE binaries, converting csu asm to be pic compatible and ld.so bug fixes for some relocations.
Read more...
|
![[topicblog]](images/topicblog.gif)
|
[ 13 comments 1d10:02 ago ] (flat) (expanded)
|
|
Damien Bergamini discusses WPA
|
Contributed by johan on Sat Nov 15 22:50:30 2008 (GMT)
from the is-wire-less-wire-more? dept.
Federico Biancuzzi wrote to us about the latest issue of BSD Magazine which is dedicated to OpenBSD, read on for his story:
The following interview with wireless developer Damien Bergamini has been published in the recent BSD Magazine issue fully dedicated to OpenBSD. Now that release 4.4 is out, I am happy to be able to share this interview that covers the new support for WPA, a topic that didn't make the traditional release interview.
Read more...
|
![[topicnews]](images/topicnews.jpg)
|
[ 23 comments 13:42 ago ] (flat) (expanded)
|
|
Developer Blog - gilles@ on smtpd
|
Contributed by weerd on Wed Nov 12 08:51:52 2008 (GMT)
from the you've-got-mail dept.
Very recently, Gilles Chehade (gilles@) imported his smtpd into OpenBSD base. Since then, there's been some activity around the code in cvs. To give users some insight into the reasons for writing smtpd and the design behind it, Gilles writes in with a developer blog on smtpd.
I had been running Postfix for four or five years when I decided to switch to sendmail.
Postfix had a license that prevented it from getting commited into base, which meant it
would not get audited and would force me to go through more work to keep it updated and
reinstalled after each OpenBSD reinstall ... twice a year. I had rather simple needs so
the stock sendmail would do just fine.
Read more...
|
|
[ 98 comments 4d14:10 ago ] (flat) (expanded)
|
|
PACSEC 2008: Tokyo, Nov 12/13
|
Contributed by ray on Wed Nov 12 02:22:39 2008 (GMT)
from the ima-nanji-desu-ka? dept.
Kevin Kadow wrote,
From the people who brought you CanSecWest, EUSecWest and BA-Con, the sixth annual PacSec conference will be held November 12/13, 2008, at Aoyama Diamond Hall in Tokyo, Japan.
While not shown on the OpenBSD event calendar, there should be a presence, as the conference is sponsored in part by OpenBSD Support Japan, Inc.
PacSec is a single-track conference with simultaneous English/Japanese translation, while the final agenda is not yet available, a list of presentations is available (scroll to end).
Editor's note: sorry for the late notice, it was my fault, not the submitter's. Flame me!
|
![[topicconf]](images/topicconf.jpg)
|
[ 2 comments 9d12:34 ago ] (flat) (expanded)
|
|
OpenCon 2008 Registration Open
|
Contributed by sean on Mon Nov 10 19:25:00 2008 (GMT)
from the open-open-open dept.
Registration is now open for OpenCon 2008,
the "first conference entirely dedicated to OpenBSD".
More info is available at
their web site,
including
the registration page
and
the schedule.
OpenCon is also
looking for sponsors,
so if you or your company can help out, it would be greatly appreciated.
Many developers will be there, including:
- Gilles Chehade (gilles@)
- Claudio Jeker (claudio@)
- Gordon W. Klok (gwk@)
- Felix Kronlage (fkr@)
- Ken Westerback (krw@)
We always hear good things about this conference.
Any previous attendees care to share some stories of past OpenCons?
|
|
[ 3 comments 11d9:17 ago ] (flat) (expanded)
|
|
pcc 1.0 road map seeks funding
|
Contributed by ray on Fri Nov 7 16:37:53 2008 (GMT)
from the gcc-annihilation dept.
Michael Dexter writes,
Anders Magnusson <ragge@> has teamed up with BSD Fund to raise funds to
bring pcc to a usable 1.0 status and
map out a solid, all-BSD toolchain. Support for an alternative to GCC in OpenBSD has been steadily growing
and this effort aims to turn that concern into code.
Please help spread the word to sympathetic employers and philanthropists,
and US donors qualify for a tax deduction.
|
|
[ 49 comments 8:01 ago ] (flat) (expanded)
|
|
|
|
|
|
|
|
Features
|
|
We are constantly on the lookout for stories of how you put OpenBSD to work.
Please submit any informative articles on how OpenBSD is helping your company.
|
|
|
OpenBSD Errata
|
| 2008-11-19 | 006 RELIABILITY Due to changes in the options handling this caused problems with some DHCP clients such as Solaris/OpenSolaris and some embedded routers not accepting DHCP offers.
|
| 2008-11-07 | 005 RELIABILITY A software bug could cause memory allocation to cause a kernel panic accessing an array out of its bounds, when physical memory is exhausted.
|
| 2008-11-06 | 004 RELIABILITY Fix httpd(8)'s mod_proxy module which is broken on 64-bit architectures. Due to the bug this will result in child processes crashing when utilizing proxy rules during an HTTP session.
|
| 2008-11-06 | 003 RELIABILITY Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this can result in TCP connections between two IPs being reset instead of accepted if being received on a socket in the TIME_WAIT state.
|
![[xml]](images/xml.gif)
|
|
|
|
XML/RSS/RDF
|
|
Users wishing RSS/RDF summary files of OpenBSD Journal,
can retrieve:
|
|
|
|
|
