Brent Cook | 29 Aug 18:37 2015
Picon

LibreSSL 2.2.3 Released

We have released LibreSSL 2.2.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is based on the stable OpenBSD 5.8 branch, fixing a bug
that affects interoperability with some SSL clients.

 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
   include TLS extensions, resulting in such handshakes being aborted.
   This release corrects the handling of such messages. Thanks to
   Ligushka from github for reporting the issue.

 * Added install target for cmake builds. Thanks to TheNietsnie from
   github.

 * Updated pkgconfig files to correctly report the release version
   number, not the individual library ABI version numbers. Thanks to
   Jan Engelhardt for reporting the issue.

The LibreSSL project continues improvement of the codebase to reflect
modern, safe programming practices. We welcome feedback and improvements
from the broader community. Thanks to all of the contributors who helped
make this release possible.

Brent Cook | 6 Aug 03:25 2015
Picon

LibreSSL 2.2.2 released

We have released LibreSSL 2.2.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release marks the end of the OpenBSD 5.8 development cycle,
featuring expanded portable build support, code improvements, removal of
obsolete workarounds.

SSLv3 deprecation continues with its removal from openssl(1) and new
linker warnings on supported platforms, indicating if a program is still
using the SSLv3-only methods. We are working with upstream software
providers to update programs that were not ready for SSLv3 support to be
removed entirely yet.

 * Switched 'openssl dhparam' default from 512 to 2048 bits

 * Reworked openssl(1) option handling

 * More CRYPTO ByteString (CBC) packet parsing conversions

 * Fixed 'openssl pkeyutl -verify' to exit with a 0 on success

 * Fixed dozens of Coverity issues including dead code, memory leaks,
   logic errors and more.

 * Ensure that openssl(1) restores terminal echo state after reading a
   password.

 * Incorporated fix for OpenSSL Issue #3683

 * LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped
(Continue reading)

Ted Unangst | 27 Jul 19:29 2015

new errata for TCP, exec, and patch

A few patches are now available. Please consult the website for details.

OpenBSD 5.6 errata:
http://www.openbsd.org/errata56.html

 027: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 028: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
 A source code patch exists which remedies this problem.

 029: SECURITY FIX: July 26, 2015   All architectures
 The patch utility could be made to invoke arbitrary commands via the obsolete
 SCCS and RCS support when processing a crafted input file. This patch deletes
 the SCCS and RCS support.
 A source code patch exists which remedies this problem.

OpenBSD 5.7 errata:
http://www.openbsd.org/errata57.html

 010: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 011: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
(Continue reading)

Kenneth R Westerback | 8 Jul 16:11 2015
Picon

Microsoft Now OpenBSD Foundation Gold Contributor

The OpenBSD Foundation is happy to announce that Microsoft has made
a significant financial donation to the Foundation. This donation
is in recognition of the role of the Foundation in supporting the
OpenSSH project. This donation makes Microsoft the first Gold level
contributor in the OpenBSD Foundation's 2015 fundraising campaign.

Donations to the Foundation can be made on our Donations Page at

www.openbsdfoundation.org/donations.html

We can be contacted regarding corporate sponsorship at

fundraising <at> openbsdfoundation.org.

Brent Cook | 8 Jul 14:49 2015
Picon

LibreSSL 2.2.1 released

We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code improvements, and feature removal. Also note
that SSLv3 support has not been removed yet, but it should happen soon.

Notable changes in this release are:

  * Assorted build fixes for musl, HP-UX, Mingw, and Solaris.

  * Initial support for Windows 2009, 2003, and XP.

  * Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API

  * Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL

  * Removed Dynamic Engine support

  * Removed MDC-2DES support

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Doug Hogan | 12 Jun 01:20 2015

LibreSSL errata

Patches are now available to fix a few issues in LibreSSL's libcrypto.

CVE-2015-1788 - Malformed ECParameters causes infinite loop
CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL.

Several other issues did not apply or were already fixed and one low
severity issue is under review.  For more information, see
https://www.openssl.org/news/secadv_20150611.txt

Thanks to the OpenSSL team for providing patches.

5.7 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig
http://www.openbsd.org/errata57.html

5.6 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig
http://www.openbsd.org/errata56.html

Gilles Chehade | 11 Jun 21:41 2015

smtpd errata

Patches are now available for 5.6 and 5.7 which fix an smtpd errata.

5.6 errata 25 and 5.7 errata 8:
Fix multiple reliability issues in smtpd:
a local user can cause smtpd to fail by writing an invalid imsg to control socket.
a local user can prevent smtpd from serving new requests by exhausting descriptors.

Links:

http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig

http://www.openbsd.org/errata57.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig

--

-- 
Gilles Chehade

https://www.poolp.org                                           <at> poolpOrg

Brent Cook | 11 Jun 18:35 2015
Picon

LibreSSL 2.1.7 and 2.2.0 released

We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.

We have also released LibreSSL 2.1.7, which contains additional security
fixes.

  * AIX Support - thanks to Michael Felt

  * Cygwin Support - thanks to Corinna Vinschen

  * Refactored build macros, support packaging libtls independently.
    There are more pieces required to support building and using OpenSSL
    with libtls, but this is an initial start at providing an
    independent package for people to start hacking on.

  * Removal of OPENSSL_issetugid and all library getenv calls.
    Applications can and should no longer rely on environment variables
    for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
    supported with the openssl(1) command.

  * libtls API and documentation additions

  * Various bug fixes and simplifications to libssl and libcrypto

  * Fixes for the following issues are integrated into LibreSSL 2.1.7
    and LibreSSL 2.2.0:
    - CVE-2015-1788 - Malformed ECParameters causes infinite loop
(Continue reading)

Miller, Vincent (Rick | 4 May 20:30 2015
Picon

Verisign Announces vBSDcon 2015

Following the success of the inaugural vBSDcon, Verisign has elected to host a second vBSDcon in Reston, Va
at the Sheraton Reston hotel the weekend of September 11, 2015.  vBSDcon is a technical conference focused
on the BSD family of operating systems including, but not limited to, FreeBSD, OpenBSD, NetBSD, and
others.  Any user, developer, engineer, or innovator involved with any of the BSD family of operating
systems will want to mark these dates.  vBSDcon will feature plenary talks, Birds of a Feather
discussions, lightning talks, and much more.  Full details are available at http://www.vBSDcon.com/.

Additionally, While vBSDcon currently does not operate an “official” call for presentations,
proposals will be accepted until June.  Anyone wishing to submit a talk is invited to do so by emailing
vBSDcon <at> verisign.com.  The event agenda is expected to be finalized and published in mid-June.

We look forward to seeing you September 11, 2015!

--
Vincent (Rick) Miller
Systems Engineer
vmiller <at> verisign.com

t: 703-948-4395  m: 703-581-3068
12061 Bluemont Way, Reston, VA  20190

http://www.vbsdcon.com
http://www.verisigninc.com

“This message (including any attachments) is intended only for the use of the individual or entity to
which it is addressed, and may contain information that is non-public, proprietary, privileged,
confidential and exempt from disclosure under applicable law or may be constituted as attorney work
product. If you are not the intended recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If you have received this
message in error, notify sender immediately and delete this message immediately.”
(Continue reading)

Theo de Raadt | 1 May 07:05 2015
Picon

5.7 CDs delayed

Sorry, 5.7 CDs will be delayed because of an error at the production
plant.

We all hoped it would be resolved before release day, or at most a day
or so after.  It has dragged on.

First delay in nearly 20 years.  That is kind of crazy, isn't it.

Of course the online release is out like clockwork.

Stefan Sperling | 1 May 00:06 2015
Picon

OpenBSD 5.7 Released

May 1, 2015.

We are pleased to announce the official release of OpenBSD 5.7.
This is our 37th release on CD-ROM (and 38th via FTP/HTTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 5.7 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
    o New xhci(4) driver for USB 3.0 host controllers.
    o New umcs(4) driver for MosChip Semiconductor 78x0 USB multiport
      serial adapters.
    o New skgpio(4) driver for Soekris net6501 GPIO and LEDs.
    o New uslhcom(4) driver for Silicon Labs CP2110 USB HID based UART.
    o New nep(4) driver for Sun Neptune 10Gb Ethernet devices.
    o New iwm(4) driver for Intel 7260, 7265, and 3160 wifi cards.
    o The rtsx(4) driver now supports RTS5227 and RTL8411B card readers.
    o The bge(4) driver now supports jumbo frames on various additional
      BCM57xx chipsets.
    o The ciss(4) driver now supports HP Gen9 Smart Array/Smart HBA
      devices.
    o The mpi(4) and mfi(4) drivers now have mpsafe interrupt handlers
      running without the big lock.
    o The ppb(4) driver now supports PCI bridges that support
      subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI
      bridge), and devices with 64-bit BARs behind PCI-PCI bridges as
      seen on SPARC T5-2 systems.
    o The puc(4) driver now supports Winchiphead CH382 devices.
(Continue reading)


Gmane