Ted Unangst | 27 Jul 19:29 2015

new errata for TCP, exec, and patch

A few patches are now available. Please consult the website for details.

OpenBSD 5.6 errata:

 027: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 028: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
 A source code patch exists which remedies this problem.

 029: SECURITY FIX: July 26, 2015   All architectures
 The patch utility could be made to invoke arbitrary commands via the obsolete
 SCCS and RCS support when processing a crafted input file. This patch deletes
 the SCCS and RCS support.
 A source code patch exists which remedies this problem.

OpenBSD 5.7 errata:

 010: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 011: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
(Continue reading)

Kenneth R Westerback | 8 Jul 16:11 2015

Microsoft Now OpenBSD Foundation Gold Contributor

The OpenBSD Foundation is happy to announce that Microsoft has made
a significant financial donation to the Foundation. This donation
is in recognition of the role of the Foundation in supporting the
OpenSSH project. This donation makes Microsoft the first Gold level
contributor in the OpenBSD Foundation's 2015 fundraising campaign.

Donations to the Foundation can be made on our Donations Page at


We can be contacted regarding corporate sponsorship at

fundraising <at> openbsdfoundation.org.

Brent Cook | 8 Jul 14:49 2015

LibreSSL 2.2.1 released

We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code improvements, and feature removal. Also note
that SSLv3 support has not been removed yet, but it should happen soon.

Notable changes in this release are:

  * Assorted build fixes for musl, HP-UX, Mingw, and Solaris.

  * Initial support for Windows 2009, 2003, and XP.

  * Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API

  * Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL

  * Removed Dynamic Engine support

  * Removed MDC-2DES support

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Doug Hogan | 12 Jun 01:20 2015

LibreSSL errata

Patches are now available to fix a few issues in LibreSSL's libcrypto.

CVE-2015-1788 - Malformed ECParameters causes infinite loop
CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL.

Several other issues did not apply or were already fixed and one low
severity issue is under review.  For more information, see

Thanks to the OpenSSL team for providing patches.

5.7 patch:

5.6 patch:

Gilles Chehade | 11 Jun 21:41 2015

smtpd errata

Patches are now available for 5.6 and 5.7 which fix an smtpd errata.

5.6 errata 25 and 5.7 errata 8:
Fix multiple reliability issues in smtpd:
a local user can cause smtpd to fail by writing an invalid imsg to control socket.
a local user can prevent smtpd from serving new requests by exhausting descriptors.





Gilles Chehade

https://www.poolp.org                                           <at> poolpOrg

Brent Cook | 11 Jun 18:35 2015

LibreSSL 2.1.7 and 2.2.0 released

We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.

We have also released LibreSSL 2.1.7, which contains additional security

  * AIX Support - thanks to Michael Felt

  * Cygwin Support - thanks to Corinna Vinschen

  * Refactored build macros, support packaging libtls independently.
    There are more pieces required to support building and using OpenSSL
    with libtls, but this is an initial start at providing an
    independent package for people to start hacking on.

  * Removal of OPENSSL_issetugid and all library getenv calls.
    Applications can and should no longer rely on environment variables
    for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
    supported with the openssl(1) command.

  * libtls API and documentation additions

  * Various bug fixes and simplifications to libssl and libcrypto

  * Fixes for the following issues are integrated into LibreSSL 2.1.7
    and LibreSSL 2.2.0:
    - CVE-2015-1788 - Malformed ECParameters causes infinite loop
(Continue reading)

Miller, Vincent (Rick | 4 May 20:30 2015

Verisign Announces vBSDcon 2015

Following the success of the inaugural vBSDcon, Verisign has elected to host a second vBSDcon in Reston, Va
at the Sheraton Reston hotel the weekend of September 11, 2015.  vBSDcon is a technical conference focused
on the BSD family of operating systems including, but not limited to, FreeBSD, OpenBSD, NetBSD, and
others.  Any user, developer, engineer, or innovator involved with any of the BSD family of operating
systems will want to mark these dates.  vBSDcon will feature plenary talks, Birds of a Feather
discussions, lightning talks, and much more.  Full details are available at http://www.vBSDcon.com/.

Additionally, While vBSDcon currently does not operate an “official” call for presentations,
proposals will be accepted until June.  Anyone wishing to submit a talk is invited to do so by emailing
vBSDcon <at> verisign.com.  The event agenda is expected to be finalized and published in mid-June.

We look forward to seeing you September 11, 2015!

Vincent (Rick) Miller
Systems Engineer
vmiller <at> verisign.com

t: 703-948-4395  m: 703-581-3068
12061 Bluemont Way, Reston, VA  20190


“This message (including any attachments) is intended only for the use of the individual or entity to
which it is addressed, and may contain information that is non-public, proprietary, privileged,
confidential and exempt from disclosure under applicable law or may be constituted as attorney work
product. If you are not the intended recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If you have received this
message in error, notify sender immediately and delete this message immediately.”
(Continue reading)

Theo de Raadt | 1 May 07:05 2015

5.7 CDs delayed

Sorry, 5.7 CDs will be delayed because of an error at the production

We all hoped it would be resolved before release day, or at most a day
or so after.  It has dragged on.

First delay in nearly 20 years.  That is kind of crazy, isn't it.

Of course the online release is out like clockwork.

Stefan Sperling | 1 May 00:06 2015

OpenBSD 5.7 Released

May 1, 2015.

We are pleased to announce the official release of OpenBSD 5.7.
This is our 37th release on CD-ROM (and 38th via FTP/HTTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 5.7 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
    o New xhci(4) driver for USB 3.0 host controllers.
    o New umcs(4) driver for MosChip Semiconductor 78x0 USB multiport
      serial adapters.
    o New skgpio(4) driver for Soekris net6501 GPIO and LEDs.
    o New uslhcom(4) driver for Silicon Labs CP2110 USB HID based UART.
    o New nep(4) driver for Sun Neptune 10Gb Ethernet devices.
    o New iwm(4) driver for Intel 7260, 7265, and 3160 wifi cards.
    o The rtsx(4) driver now supports RTS5227 and RTL8411B card readers.
    o The bge(4) driver now supports jumbo frames on various additional
      BCM57xx chipsets.
    o The ciss(4) driver now supports HP Gen9 Smart Array/Smart HBA
    o The mpi(4) and mfi(4) drivers now have mpsafe interrupt handlers
      running without the big lock.
    o The ppb(4) driver now supports PCI bridges that support
      subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI
      bridge), and devices with 64-bit BARs behind PCI-PCI bridges as
      seen on SPARC T5-2 systems.
    o The puc(4) driver now supports Winchiphead CH382 devices.
(Continue reading)

Philip Guenther | 30 Apr 22:38 2015

tar/pax/cpio patch available

Patches are now available for 5.6 and 5.7 which fix security issues
in the combined tar, pax, and cpio program's handling of malicious
archives, as well as archives with large pax extension headers.

Our thanks to Daniel Cegielka for reporting this.

Note that the patches for 5.6 and 5.7 have several differences, so be
sure to download the correct version.





OpenBSD 5.7 errata 7, Apr 30, 2015:

tar/pax/cpio had multiple issues:
 * extracting a malicious archive could create files outside of the
   current directory without using pre-existing symlinks to 'escape',
   and could change the timestamps and modes on preexisting files

 * tar without -P would permit extraction of paths with ".." components

 * there was a buffer overflow in the handling of pax extension headers,

(Continue reading)

Philip Guenther | 30 Apr 22:38 2015

kernel patch available

Patches are now available for 5.6 and 5.7 which fix local security
issues in the kernel's handling of malformed ELF executables, which
could be used to panic the kernel or view some kernel memory.

Our thanks to Alejandro Hernandez for test cases and Maxime Villard
for providing the basis for one of the changes.





untrusted comment: signature from openbsd 5.7 base secret key

OpenBSD 5.7 errata 6, Apr 30, 2015:

Missing validity checks in the kernel ELF loader meant malformed binaries
could trigger kernel panics or view kernel memory.

Apply by doing:
    cd /usr/src
    signify -Vep /etc/signify/openbsd-57-base.pub -x 006_elf.patch.sig -m - | \
        patch -p0

(Continue reading)