headers
br1an | 15 Oct 2004 14:17

Stephanie for OpenBSD 3.6 released

Stephanie for OpenBSD 3.6 is released
-------------------------------------

Introduction
------------
Stephanie is an OpenBSD hardening package. It's compiled of kernel and
userland patches that when used add several security features. In this
version included are:

  - Vexec: Verify file integrity before executing/opening it.
  - TPE: Prevent untrusted users executing files in untrusted locations.
  - Privacy: Privacy extensions, in-kernel and userland.

What's new?
-----------
  - Vexec: Mostly rewritten. Now uses hash tables to store data,
    introducing O(1) performance in best case and O(n) where 'n' is
    number of inodes that produce same hash on a given device in worst
    case.

    Noting the recent collision discovery in SHA-0, it's worth
    mentioning that Vexec offers 6 hash types (MD5, SHA1, SHA256,
    SHA384, SHA512, and RMD160 - all hash types supported by the OpenBSD
    3.6 kernel) and it's design allows easy extensions for adding new
    hash types, if required. (read NEW_HASH)

  - Privacy: More privacy features. Namely, there are hooks in netstat,
    w, who, last, and finger. The output is filtered according to the
    features status.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Todd C. Miller | 18 Oct 2004 17:38
Favicon

anoncvs3.usa.openbsd.org change

The anoncvs3.usa.openbsd.org alias has moved to a machine at the
National Center for Atmospheric Research in Boulder, Colorado.

As a result, the ssh keys have changed and anoncvs users updating
from this server may need to edit their ~/.ssh/known_hosts file.

OLD public key finger prints:
(RSA1) 1024 21:d3:93:29:bc:3f:68:37:6c:84:9f:12:0c:8a:35:2f
(RSA) 1024 f4:85:d1:b4:c3:df:62:b9:cf:78:64:73:67:05:e3:ca
(DSA) 1024 8d:c7:c3:07:3b:60:fa:80:85:c1:b4:1c:0a:33:c4:33

NEW public key finger prints:
(RSA1) 1024 34:95:19:c2:b3:e7:61:7b:39:e8:ab:86:37:cd:c4:49
(RSA) 1024 42:56:39:98:65:05:e7:2a:98:2b:ee:cc:e5:a3:53:ed
(DSA) 1024 e3:e7:83:ef:f6:78:dc:d3:ca:a5:cf:64:c6:b7:4f:43

 - todd
Permalink | Reply | 0 comments |
headers
Theo de Raadt | 29 Oct 2004 19:44
Picon
Favicon

OpenBSD 3.6 released! plus.html

To ease the load on our FTP mirrors, I am happy to announce that we
are opening up the release before the weekend rather than after it.

Enjoy!

------------------------------------------------------------------------
- OpenBSD 3.6 RELEASED -------------------------------------------------

Oct 29, 2004.

We are pleased to announce the official release of OpenBSD 3.6.
This is our 16th release on CD-ROM (and 17th via FTP).  We remain
proud of OpenBSD's record of eight years with only a single remote
hole in the default install.  As in our previous releases, 3.6
provides significant improvements, including new features, in nearly
all areas of the system:

- New platform:
  o OpenBSD/luna88k
    Expanding the mvme88k porting effort by supporting Omron's
    line of 88100-based workstations.

- SMP support on OpenBSD/i386 and OpenBSD/amd64 platforms.

- New functionality:
  o A cleaned up DHCP server and client implementation,
    now featuring privilege separation and safe defaults.
  o A new NTP daemon written from scratch, which ought to fit
    the needs of most NTP users.
  o pfctl(8) now provides a rules optimizer to help improve
(Continue reading)

Permalink | Reply | 0 comments |
headers
Robert Nagy | 31 Oct 2004 01:35
Picon
Favicon

OpenBSD 3.4 End Of Life

Due to the release of OpenBSD 3.6, the 3.4-STABLE branch will be
out of regular maintainance starting today. There will be
NO MORE fixes commited to this branch nor new patches.

People relying on 3.4-STABLE (or older releases even) are strongly
advised to upgrade to a more recent release (preferrably 3.6)
as soon as possible.
Permalink | Reply | 0 comments |

Gmane