BSDEater
Flavors: OpenBSD | FreeBSD | NetBSD | Darwin | Dragonfly BSD | OS X | PC-BSD | MidnightBSD | MirBSD | DesktopBSD | GhostBSD | All
Home | Login | Forgot Pass | Register



BSDNow 082: SSL in the wild

DragonFlyBSD Digest - 2015-03-26 23:22:52 UTC
BSDTalk 082 is up, talking with Bernard Spil about LibreSSL adoption in FreeBSD ports.  There’s lots of other material listed – see the BSDTalk page for a summary of all the topics covered.
Comments (0) | Direct Link to Article

OpenNTPD 5.7p4 released

Undeadly.org - 2015-03-25 18:12:52 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }


The OpenNTPD team has announced the availability of OpenNTPD 5.7p4, which adds


support for using HTTPS time constraints to validate NTP responses, in turn made possible by the LibreSSL supplied libtls


plus a number of important bug fixes.

You'll find the full text of the announcement after the fold:


Read more...


Comments (0) | Direct Link to Article

bsdtalk252: Brian Callahan and devio.us

DragonFlyBSD Digest - 2015-03-24 22:42:32 UTC
BSDTalk 252 has 18 minutes of conversation with Brian Callahan, who runs devio.us, an OpenBSD-based shell provider.
Comments (0) | Direct Link to Article

SSH Protocol 1 Now Disabled at Compile Time

Undeadly.org - 2015-03-24 16:34:18 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }


As Damien Miller (djm@)
announced
on tech@, support for SSH version 1 is now no longer being included in OpenBSD SSH:


Hi,

I just committed a change to src/usr.bin/ssh/Makefile.inc to compile-
time disable SSH protocol 1. This protocol is old, unsafe and really,
really shouldn't be used at all any more.

If you have need of it, then you can re-enable it for yourself using
the knob in Makefile.inc.

If you run into bugs related to this change, please tell
[email protected] and we'll fix them quickly. We're deliberately
doing this change early in the release cycle to flush out bugs and
find out how many people are still using this terrible old protocol.

-d


Like the man says, report any bugs found! And this might be a good time to offer the hand of friendship and understanding to any and all vendors/packagers who still support v1 to join the rest of us in deprecating the lesser protocols.


Comments (0) | Direct Link to Article

2015-03-19 articles

Jeremy C Reed - 2015-03-23 20:40:25 UTC



I read a few interesting quotes in the print
January edition of the Texas Monthly magazine
while I waited for a tire change.
In
"It Takes a Thief",
Spike Lee was an executive producer for a new filmmakers project:

The whole time we were shooting, Spike would call me at least once
a week to see how it was going. And then, for the next seven years,
he hunted me down and challenged me to finish the film. He just
couldn't understand what was taking me so long. "Hey, this is not
something you can just throw away," he'd say. "You should really
finish it and get it out into the world."




That reminded me of some books I need to finish (especially
the BSD History and NetBSD books that people ask me about).



Another article was about a writer writing about an internment
camp in Texas.
The author of
"The Road From Crystal City"
was urged to write about the story years earlier,
but ``didn't give his suggestion much thought''.
When he did show up a few years later, the contact was dead.
But the son had his father's small file which contained a list
of the names of the incarcerated children.
``The children were now old men and women, who lived all over the
world. The next day, I started calling them.''



Again this reminded me of my history book, since some of my characters
are already deceased. (One died after I did brief email interview.)
This got me wondering again ... what other technologies or
even other important stories need to be researched before the
participants or the details are gone?



The third good article was about
"The Greatest Lawyer Who Ever Lived"
(only partially online).
Joe Jamail's $10.5 billion verdict in Pennzoil v. Texaco case in 1985 is
still the largest jury award in history.
He who grew up as a tough kid in Texas, dropped out
college twice, joined the military by lying about age, and
then tried to run away from military so was put into the brig.
After his successful service, came back and met a girl
whose dad didn't like him. After a couple years, they got married.
She encouraged him to go to law school.
``Everything I've ever accomplished was done to impress her,'' he said.
She wanted to donate money and she suggested 100's of millions
of dollars, which they did.



Comments (0) | Direct Link to Article

In Other BSDs for 2015/03/21

DragonFlyBSD Digest - 2015-03-21 13:54:36 UTC
Not done in a last-minute rush before the weekend, yay!  Done early cause I have to work over the weekend, boo! Tarsnap Mastery is out in print form.  (as is author Michael Lucas’s newest sci-fi) Active Directory and FreeBSD.  Might apply to all BSDs?  (via) GhostBSD 10.1-alpha1 is out.  (via) pfSense 2.1.1 is out. making security […]
Comments (0) | Direct Link to Article

Donation request for network SMP development

Undeadly.org - 2015-03-20 20:38:13 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }

Martin Pieuchot (mpi@) writes in about what's needed for further SMP improvements in the network stack:


If you've been following my contributions to OpenBSD's kernel, you
already know that in the past years I've been working on the Network
Stack to make it more SMP friendly.

All the network hackers present at s2k15 agreed to volunteer me to work
on the next step: properly integrate the pseudo-drivers (carp(4),
vlan(4), trunk(4)...) in order to take ether_input() out of the kernel
lock.

Read more...


Comments (0) | Direct Link to Article

OpenSSH 6.8 Released

Undeadly.org - 2015-03-20 13:07:47 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }

This week has been full of other exciting news, so it may have been easy to miss that the OpenSSH team has released OpenSSH 6.8. The new release is billed as


This is a major release, containing a number of new features as
well as a large internal re-factoring.


This is the OpenSSH version that will be in OpenBSD 5.7, with lots of goodies as well as some potentially backward-incompatible features. The full announcement is at http://www.openssh.com/txt/release-6.8, or look after the fold.


Read more...


Comments (0) | Direct Link to Article

2015-Mar-19

Jeremy C Reed - 2015-03-19 23:57:12 UTC



I am still working on my BSD History book. Seven cover ideas were
submitted to me. http://reedmedia.net/books/bsd-history/tmp-cover-designs/20150319/
(title unknown to the designer). They aren't really what I wanted.
I am thinking of having the cover mostly show a LS ADM-3A or HP
2645 terminal with a retro font like Glass TTY VT220. Any thought
on the above cover ideas? What do you suggest for cover? If you
want to share a better cover design, let me know. While I have you
here... title suggestions? (The book covers the
history of the Berkeley Software Distributions with numerous side
histories of the Unix operating system, popular Unix-related
software, retro hardware, open source licensing and the law, and
the beginnings of the Internet.)



Comments (0) | Direct Link to Article

OpenSSL 2015-03-19 Security Advisories - LibreSSL Largely Unaffected

Undeadly.org - 2015-03-19 14:51:21 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }


The response to today's much-anticipated unveiling of newly discovered OpenSSL vulnerabilities has been varied and loud as expected. However, the impact on the OpenBSD-initated LibreSSL project's code -- which has undergone extensive cleanup since LibreSSL forked off OpenSSL's code base in 2014 -- appears to be limited. Out of a total of 13 CVEs in OpenSSL's announcement, only five - CVE-2015-0207, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289 and CVE-2015-0209, still applied to LibreSSL's code.

The main takeaway from the announcement appears to be that the cleanup has been effective, however these 'crash-inducing' issues have now been fixed in LibreSSL:


CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences


The OpenSSL project provided information and patches to the LibreSSL project in advance of the announcements.

More, including information about OpenBSD 5.7, 5.6 and 5.6, after the fold.

Read more...


Comments (0) | Direct Link to Article

EuroBSDCon 2015 Call for Papers Is Out

Undeadly.org - 2015-03-18 13:32:01 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }

The EuroBSDCon 2015 conference organizers have announced the Call for Papers for the upcoming conference in Stockholm, Sweden.

Go to https://2015.eurobsdcon.org/call-for-papers/ for details; the full text of the announcement also follows after the fold.


Read more...


Comments (0) | Direct Link to Article

libXfont Errata

Undeadly.org - 2015-03-18 08:51:24 UTC


td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;}
a:visited {color:#303030!important;}
p {margin-top:1ex;margin-bottom:0;}
blockquote>p:first-child {margin-top:0;}
blockquote>p:last-child {margin-bottom:0;}
blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex;
margin:0 0 0 3ex !important; }
p+ul,p>ul {margin:0.5ex 0 0 0;}
pre {margin:0;}
tt {background-color:#f0f0f0; padding:0px; font-weight:500;}
.bqcode { background-color: #ffffff; border:1px solid #999;
padding: 0px; padding-left: 1em; }



Patches are now available to fix buffer overflows in libXfont. This issue
affects 5.5, 5.6, and the forthcoming 5.7 release.

For more details, refer to the X.org advisory:
http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/

5.5 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/023_libxfont.patch.sig

5.6 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig

Read more...


Comments (0) | Direct Link to Article

Next
Feeds from:
ArchBSD
BSDnow
BSDTalk
DiscoverBSD
DragonFlyBSD Digest
Freebsd.org-errata
Freebsd.orgNews
GhostBSD
Jeremy C Reed
OSNews
Slashdot
Topix.net
Undeadly.org


This site generally feeds most news about *BSD it can find.

If you have questions, remarks, proposals, please let us know at [email protected]

© www.bsdeater.org 2015