June 21, 2018

httpd(8) Gains Simple Request RewritesUndeadly

Reyk Floeter (reyk@) has committed support for simple request rewrites to httpd(8)/ httpd.conf(5) [in -current]:

CVSROOT:        /cvs
Module name:    src
Changes by:     r...@cvs.openbsd.org    2018/06/20 10:43:05

Modified files:
        usr.sbin/httpd : config.c httpd.conf.5 httpd.h parse.y 

Log message:
Add support for simple one-off internal rewrites.

For example:

location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"

Requested by many.

Ok benno@
configure script may not check pthread correctly on OpenBSDNan Xiao
I have come into at least 2 times that one project was built well on Linux, while can’t find pthread related definitions on OpenBSD, like this: ...... ../../runtime/cilk-internal.h:39:6: error: unknown type name 'pthread_mutex_t' pthread_mutex_t posix; ^ ../../runtime/cilk-internal.h:211:6: error: unknown type name 'pthread_t' pthread_t *tid; ^ ../../runtime/cilk-internal.h:216:6: error: unknown type name 'pthread_cond_t' pthread_cond_t waiting_workers_cond; ^ ../../runtime/cilk-internal.h:217:6: … Continue reading configure script may not check pthread correctly on OpenBSD
New package, p5-Email-Address-XS-1.04OpenBSD packages
parse and format RFC 5322 email addresses and groups

June 20, 2018

New package, py-axolotl-curve25519-0.4.1pl2OpenBSD packages
Python curve25519 library with ed25519 signatures
Half billion tries for a HAMMER2 bugDragonFly BSD Digest

I’m pulling a quote off of IRC to show some of the testing on HAMMER2, specifically as the background for this commit:

14:22 <@dillon_> ^^^ hammer2 bug, could reproduce it around once a day doing a continuous rm -rf on hardlinked snapshots. reproduced about once every 500 million directory entries or so

I am somewhat tickled by the notion that you might have a problem after deleting half a billion directory entries.

SMT Disabled by Default in -currentUndeadly

As part of ongoing mitigations against CPU vulnerabilities, -current has gained a new sysctl, "hw.smt", to control Simultaneous Multi Threading (SMT). This is disabled by default (only on Intel® CPUs, for now).

Read more…

OpenBSD Disables Intel CPU Hyper-Threading Due To Security ConcernsSlashdot
The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." Bleeping Computer reports: Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. The feature has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion. But today, Mark Kettenis of the OpenBSD project, said the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks. Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms. The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup."

Read more of this story at Slashdot.

June 19, 2018

SemiBUG, tonight: James Turner and BHCSDragonFly BSD Digest

SemiBUG meets tonight at 7 PM, and James Turner is presenting about BHCS.  I rarely say this, but: I wish I was closer to Michigan.  Go, if you are near.

Update: the files referenced during the talk.

New package, py-xlrd-1.1.0OpenBSD packages
extract data from xls and xlsx spreadsheet files
New package, libhidapi-0.8.0pre20160128OpenBSD packages
library for communicating with USB and Bluetooth HID devices

June 18, 2018

DragonFly 5.2.2 taggedDragonFly BSD Digest

I’ve tagged and built DragonFly 5.2.2.  This is mostly so that our current release image includes the fixes for the LazyFP bug, CVE-2018-3665.  My email to users@ has upgrade details.

Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and ElasticsearchTuM'Fatig

I’ve enabled an OpenBSD unbound(8) daemon that is used as a central DNS cache resolver. Now I needed to know what it was doing and how it performed. The question was answered grabbing statistics from unbound and render them using Grafana. The whole monitoring stack is composed of Net-SNMP, Telegraf and InfluxDB for the metrics …

The post Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and Elasticsearch appeared first on TuM'Fatig.

slaacd(8) fully pledgedOpenBSD -current updates
slaacd(8)'s main process is now pledged and uses the new "wroute;" promise. Make sure to have a current kernel or update via snapshots.

June 17, 2018

Lazy Reading for 2018/06/17DragonFly BSD Digest

I’m going heavy on history this week.

June 16, 2018

In Other BSDs for 2018/06/16DragonFly BSD Digest

Lots of different items, probably because of BSDCan.

More Mitigations for (potential) CPU VulnerabilitiesUndeadly

There have been more developments in the continuing work mitigating against (Intel®, and potentially other) CPU vulnerabilities…

Philip Guenther (guenther@) committed the following:

Read more…

LDAP client added to -currentUndeadly

Reyk Floeter (reyk@) has committed a simple LDAP client to -current:

Module name:	src
Changes by:	reyk@cvs.openbsd.org	2018/06/13 09:45:58

Log message:
    Import ldap(1), a simple ldap search client.

Read more…

June 14, 2018

BSDNow 250: BSDCan 2018 recapDragonFly BSD Digest

I am typing BSDXXX phrases a lot, it seems.  BSDNow 250 goes over the just-finished BSDCan.  There’s a ton of events, so get reading/listening.

NX on by default for readsDragonFly BSD Digest

DragonFly has had NX (Non-eXecutable) support for some time.  It’s now on by default for read operations in DragonFly master – not the current release.  You can step it up to level 2, for write operations, with a loader tunable, but it may cause issues with dports.

New package, py-termcolor-1.1.0OpenBSD packages
ANSII Color formatting for output in terminal