Bob Beck | 27 Jun 21:53 2016

OpenBSD 5.9 Errata for OCSP available

This errata fixes several issues in the OCSP code that could result in
the incorrect generation and parsing of OCSP requests. This remediates
a lack of error checking on time parsing in these functions, and
ensures that only
GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.

Issues reported, and fixes provided by Kazuki Yamaguchi <k <at>>
and Kinichiro Inoguchi <kinichiro.inoguchi <at>>

Patches for OpenBSD 5.9 are available at:

and have been committed to -current.

Portable LibreSSL releases will appear shortly.

La Empresa Familiar - En Línea

En línea y en Vivo / Para todo su Equipo con una sola Conexión 

La Empresa Familiar: Pros y cómo manejar los Contras
30 de junio - Online en Vivo - 10:00 a 13:00 y de 15:00 a 18:00Hrs       

Cuando usted piensa en una empresa familiar, ¿piensa en empresas pequeñas, regionales? ¿O en
consorcios internacionales como Walmart, Televisa o Bimbo? Los Walton, los Azcárraga y los Servige son
familias reales detrás de corporaciones que ahora cuentan a millones de colaboradores en todo el mundo,
y son la prueba de que la empresa que usted y su familia han creado puede llegar tan lejos como lo desee 

- Características de la empresa familiar

- Los conflictos en la empresa familiar

- Decisiones trascendentes

- Profesionalización de la empresa 

- Y mucho más.

¿Requiere la información a la Brevedad?
responda este email con la palabra: 
Info - Empresa familiar.
centro telefónico: 018002129393

Lic. Lic. Cinthya Santos
Líder de Proyecto
(Continue reading)

Bob Beck | 6 Jun 12:00 2016

libcrypto patch available for DSA security issue

Fixes are available to correct a problem that prevents the DSA signing
algorithm from running in constant time even if the flag

This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar

Patches are available for 5.8 and 5.9 at:

and have been commmitted to -current. 

Portably LibreSSL releases will appear shortly. 

Brent Cook | 1 Jun 04:37 2016

LibreSSL 2.4.0/2.3.5/2.2.8 Released

We have released a first development snapshot of LibreSSL 2.4.0 along
with two stable builds, 2.3.5 and 2.2.8. These should be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.

The 2.3.5 and 2.2.8 releases contain a reliability fix, correcting an
error when parsing certain ASN.1 elements over 16k in size.

The 2.4.0 release contains the following additional changes:

    * Implemented the IETF ChaCha20-Poly1305 cipher suites.

    * Changed default EVP_aead_chacha20_poly1305() implementation to the
      IETF version, which is now the default.

    * Many improvements to the CMake build infrastructure, including
      Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
      Inoguchi for this work.

    * Reworked error handling in libtls so that configuration errors are
      more visible.

    * Added missing error handling around bn_wexpand() calls.

    * Added explicit_bzero calls for freed ASN.1 objects.

    * Fixed X509_*set_object functions to return 0 on allocation failure.

    * Fixed password prompts from openssl(1) to properly handle ^C.

    * Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
(Continue reading)

Brent Cook | 31 May 02:04 2016

OpenNTPD 6.0p1 available

OpenNTPD 6.0p1 has just been released. It will be available from the mirrors
listed at shortly.

OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP server itself, redistributing the local clock.

Changes since OpenNTPD 5.9p1

    * Fixed a link failure on older Linux distributions and a build
      failure on FreeBSD.
    * Set MOD_MAXERROR to avoid unsynced time status when using
    * Fixed HTTP Timestamp header parsing to use strptime in a more
      portable fashion.
    * Hardened TLS for ntpd constraints, enabling server name
      verification. Thanks to Luis M. Merino.

The libtls library, as shipped with LibreSSL 2.3.2 or later, is
required to use the HTTPS constraint feature, though it is not
required to use OpenNTPD.

For detailed changes, see the changes either in the OpenBSD CVS repository or
the GitHub mirror.


SHA256 (openntpd-6.0p1.tar.gz) = b1ab80094788912adb12b33cb1f251cc58db39294c1b5c6376972f5f7ba577e8
(Continue reading)

Brent Cook | 30 May 05:18 2016

libcrypto errata update

A bug in the previous libcrypto errata caused an error when reading
ASN.1 elements over 16kb.

Patches for OpenBSD are available. Updated LibreSSL-portable releases
will be available later.

Kenneth R Westerback | 4 May 01:05 2016

DuckDuckGo is 2016 Gold Level Contributor to the OpenBSD Foundation

The OpenBSD Foundation is happy to announce that DuckDuckGo has
become the first Gold level contributor to the Foundation's 2016
fundraising campaign.

This donation is part DuckDuckGo's annual initiative to help fund
free and open source projects based on nominations from their

Donations to the Foundation can be made on our Donations Page at

We can be contacted regarding corporate sponsorship at

fundraising <at>

Ted Unangst | 3 May 16:32 2016

libcrypto errata

OpenSSL announced several issues today that also affect LibreSSL.

- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Thanks to OpenSSL for providing information and patches.

Refer to

Patches for OpenBSD are available:

Stuart Henderson | 1 May 15:37 2016

OpenBSD 5.9 errata 004

A problem in m_dup_pkt() can result in kernel crashes with carp(4).
Only 5.9 is affected.

A patch is available:

Brent Cook | 30 Mar 06:18 2016

OpenNTPD 5.9p1 released

OpenNTPD 5.9p1 has just been released. t will be available from the
mirrors listed at shortly.

OpenNTPD is a FREE, secure, and easy to use implementation of the
Network Time Protocol. It provides the ability to sync the local clock
to remote NTP servers and can act as NTP server itself, redistributing
the local clock.

Changes since OpenNTPD 5.7p4
* When a single "constraint" is specified, try all returned addresses
  until one succeeds, rather than the first returned address.
* Relaxed the constraint error margin to be proportional to the number
  of NTP peers, avoid constant reconnections when there is a bad NTP
* Removed disabled hotplug sensor support.
* Added support for detecting crashes in constraint subprocesses.
* Moved the execution of constraints from the ntp process to the
  parent process, allowing for better privilege separation since the
  ntp process can be further restricted.
* Added pledge(2) support.
* Updated to require LibreSSL 2.3.2 or greater.
* Fixed high CPU usage when the network is down.
* Fixed various memory leaks.
* Switched to RMS for jitter calculations.
* Unified logging functions with other OpenBSD base programs.

OpenNTPD portable-specific changes:

* Added support for syncing time with the Realtime Clock (RTC) on OSes
(Continue reading)

Theo de Raadt | 29 Mar 20:05 2016

OpenBSD 5.9 released - March 29

- OpenBSD 5.9 RELEASED -------------------------------------------------

March 29, 2016.

We are pleased to announce the official release of OpenBSD 5.9.
This is our 39th release on CD-ROM (and 40th via FTP/HTTP).  We remain
proud of OpenBSD's record of more than twenty years with only two remote
holes in the default install.

As in our previous releases, 5.9 provides significant improvements,
including new features, in nearly all areas of the system:

 - Processor support, including:
    o W^X policy enforced in the i386 kernel address space.

 - Improved hardware support, including:
    o New asmc(4) driver for the Apple System Management Controller.
    o New pchtemp(4) driver for the thermal sensor found on Intel X99,
      C610 series, 9 series and 100 series PCH.
    o New uonerng(4) driver for the Moonbase Otago OneRNG.
    o New dwiic(4) driver for the Synopsys DesignWare I2C controller.
    o New ikbd(4), ims(4), and imt(4) drivers for HID-over-i2c
      keyboards, mice and multitouch touchpads.
    o New efifb(4) driver for EFI frame buffer.
    o New viocon(4) driver for the virtio(4) console interface provided
      by KVM, QEMU, and others.
    o New xen(4) driver implementing Xen domU initialization and PVHVM
      device attachment.
(Continue reading)