login
Search
------------------------------------------------------------------------
- OpenBSD 4.0 RELEASED -------------------------------------------------
Nov 1, 2006.
We are pleased to announce the official release of OpenBSD 4.0.
This is our 20th release on CD-ROM (and 21st via FTP). We remain
proud of OpenBSD's record of ten years with only a single remote
hole in the default install. As in our previous releases, 4.0
provides significant improvements, including new features, in nearly
all areas of the system:
- New/extended platforms:
o OpenBSD/armish.
Various ARM-based appliances, using the Redboot boot loader, currently
only supporting the Thecus N2100 and IOData HDL-G.
o OpenBSD/sparc64.
UltraSPARC III based machines are now supported!
o OpenBSD/zaurus.
Support for the Zaurus SL-C3200.
- Improved hardware support, including:
o New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
o New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.
o New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.
o New rum(4) driver for Ralink Technology 2nd gen USB IEEE
802.11a/b/g wireless.
o New acx(4) driver for Texas Instruments ACX100/ACX111
IEEE 802.11a/b/g wireless.
o New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC
IEEE 802.11a/b/g wireless.
o New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.
o New binary blob free wpi(4) driver for Intel PRO/Wireless
3945ABG IEEE 802.11a/b/g wireless.
o New arc(4) driver for Areca Technology Corporation SATA RAID;
including RAID management via bio(4).
o New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including
RAID management via bio(4).
o New azalia(4) driver for generic High Definition Audio.
o New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting
SD memory cards as fake SCSI sd(4) drives.
o New udcf(4) driver for Gude ADS Expert mouseCLOCK ...OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 3.9: ============================ * ssh(1) now allows the optional specification of an address to bind to in port forwarding connections (local, remote and dynamic). Please refer to the documentation for the -L and -R options in the ssh(1) manual page and the LocalForward and RemoteForward options in the ssh_config(5) manpage. (Bugzilla #413) * To control remote bindings while retaining backwards compatibility, sshd(8)'s GatewayPorts option has been extended. To allow client specified bind addresses for remote (-R) port forwardings, the server must be configured with "GatewayPorts clientspecified". * ssh(1) and ssh-keyscan(1) now support hashing of host names and addresses added to known_hosts files, controlled by the ssh(1) HashKnownHosts configuration directive. This option improves user privacy by hiding which hosts have been visited. At present this option is off by default, but may be turned on once it receives sufficient testing. * Added options for managing keys in known_hosts files to ssh-keygen(1), including the ability to search for hosts by name, delete hosts by name and convert an unhashed known_hosts file into one with hashed names. These are particularly useful for managing known_hosts files with hashed hostnames. * Improve account and password ...
TOORCON 2003 LINEUP FINALIZED We are proud to announce the finalized lineup for ToorCon this year. With= a total of 29 talks on 2 tracks spanning 2 days, we have a really compellin= g lineup this year. This year we are going Back to Basics and introducing a Policy and Procedure track along side the standard Attack and Defense topics. This bridges the gap between the underground attack and defense technologies that are being developed and the business policies and laws that are in place to ensure your safety and security. This year will also have a special emphasis on wireless, cryptography, and steganography technologies that are being developed to protect your freedom and anonymi= ty from the every increasing listening entities on the internet. More information is available at: http://www.toorcon.org PRE-REGISTRATION Pre-registration for toorcon this year is only $50 and will be closing September 12th, 2003, so please pre-register ASAP and save $15 off the do= or price! To commemorate our 5-year milestone, we will be giving away offici= al commemorative t-shirts to the first 50 registered attendees. There are a = few shirts left so register today for your chance at a FREE shirt. http://www.toorcon.org/registration.html ATTACK AND DEFENSE Saturday, September 27th 2003 10:00-11:00=A0Keynote: Robert X. Cringely 11:00-12:00=A0Simple Nomad, NMRC - NMRC Happenings 12:00-13:00=A0divide, dd & spoonm, Ghettohackers - Root-Fu ; Rise of the Ninjas=20 14:30-15:30=A0FtR, Phenoelit - More Embedded Systems 15:30-16:30=A0Bruce Potter, The Shmoo Group - Bluetooth Service Discovery 16:30-17:30=A0Dan Kaminsky, Avaya - Stack Black Ops: New Concepts for Net= work Manipulation 17:30-18:30=A0Jaya Baloo - De-Mystifying Quantum Crypto 18:30-20:00=A0Alexander Payne, Ron DuFresne, Dennis W. Mattison - Securin= g 802.11 Panel Sunday, September 28th 2003 11:00-12:00=A0Dave Killion, Netscreen - UPS: The Undetectable Packet ...
------------------------------------------------------------------------
- OpenBSD 3.9 RELEASED -------------------------------------------------
May 1, 2006.
We are pleased to announce the official release of OpenBSD 3.9.
This is our 19th release on CD-ROM (and 18th via FTP). We remain
proud of OpenBSD's record of eight years with only a single remote
hole in the default install. As in our previous releases, 3.9
provides significant improvements, including new features, in nearly
all areas of the system:
- Improved hardware support, including:
o Some G5-based Apple Macintosh machines, including W^X support (currently
restricted to 32-bit mode).
o Many more audio drivers in the OpenBSD/macppc port.
o Support for many system sensors (temperature, voltage, fan speed) via
the following subsystems:
o Dell's Embedded Server Management (esm)
o Intelligent Platform Management Interface (ipmi)
o I2C/SMBus sensor subsystems found on most motherboards (iic)
o Touchpad on recent Apple laptops (tpms).
o nfe, a binary blob free driver for the NVIDIA nForce Ethernet interface.
o Opteron systems now have all their PCI buses detected.
o CardBus and PCMCIA support on OpenBSD/amd64.
o ixgb, Intel PRO/10GbE Ethernet.
o Support for new Intel i82571, i82572 and i82573 PCI Express based devices
in the em(4) driver.
o Support for new Broadcom BCM5714, BCM5715 and BCM5903M based devices in
the bge(4) driver.
o Support for new Ralink RT2501 and RT2600 based devices in ral.
o Support for ASIX AX88178 Gigabit and AX88772 10/100 based devices
in axe(4).
o Support for devices incorporating GCT RF transceivers in rtw.
o Zaurus remote control (zrc) support.
o Initial Sound Blaster Audigy support in the emu(4) driver.
o The Level 1 LXT1001 Gigabit driver has been fixed and now works (lge(4)).
o More HP Smart ARRAY controllers recognized by the ciss(4) driver.
o ...OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================ Security Changes: ================= - improved support for privilege separation: privilege separation is now enabled by default See UsePrivilegeSeparation in sshd_config(5) and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more information. - ssh no longer needs to be installed setuid root for protocol version 2 hostbased authentication, see ssh-keysign(8). protocol version 1 rhosts-rsa authentication still requires privileges and is not recommended. Other Changes: ============== - documentation for the client and server configuration options have been moved to ssh_config(5) and sshd_config(5). - the server now supports the Compression option, see sshd_config(5). - the client options RhostsRSAAuthentication and RhostsAuthentication now default to no, see ssh_config(5). - the client options FallBackToRsh and UseRsh are deprecated. - ssh-agent now supports locking and timeouts for keys, see ssh-add(1). - ssh-agent can now bind to unix-domain sockets given on the command line, see ssh-agent(1). - fixes problems with valid RSA signatures from putty clients. Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
OpenSSH 4.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Note that OpenSSH 4.8 was an OpenBSD-only release shipped with the OpenBSD 4.3 CD. Changes since OpenSSH 4.7: ============================ Security: * Disable execution of ~/.ssh/rc for sessions where a command has been forced by the sshd_config ForceCommand directive. Users who had write access to this file could use it to execute abritrary commands. This behaviour was documented, but was an unsafe default and an extra hassle for administrators. New features: * Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) * Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files inside the chroot environment. Please refer to sshd_config(5) for more information. * Added a "no-user-rc" option for authorized_keys to disable execution of ~/.ssh/rc * Added a protocol extension method "posix-rename@openssh.com" ...
OpenSSH 4.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.6: ============================ Security bugs resolved in this release: * Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec. Other changes, new functionality and fixes in this release: * sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. * The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. * ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. * A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. * A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes * Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. * ssh(1) returns a sensible exit status if the control master goes away ...
I am pleased to announce that ComixWall ISG 4.2 has been released. ComixWall is an Internet Security Gateway (ISG): FOSS UTM firewall running on OpenBSD, with a user-friendly web interface for administration and monitoring. ComixWall is unique, first of its kind in many ways. Highlights of this release are: - OpenBSD 4.2-stable, i.e. includes all of the stable patches as of December - Support for both amd64 and i386 architectures, thus there are 2 installation CD images - Upgrade support, from ComixWall 4.1b amd64 to 4.2 amd64 - New install/upgrade scripts, based on OpenBSD installation scripts - xbase install set stripped down to save space on the CD image and the file system - SnortIPS: Intrusion Prevention System (IPS) based on snort alerts, totally relies on pfctl - Snort 2.8.0.1: Intrusion Detection System (IDS), with alerts log rotate and 64-bit time stamp patches - ClamAV 0.92: Anti-virus scanner - DansGuardian 2.9.9.2 with clamd: Content scanning web filter - IMSpector, CVS build as of 20071130: Message logging IM proxy which supports MSN, IRC, Yahoo, etc. - pfw 0.7.8: Web interface for pf, patched for bugs - Updated software packages from OpenBSD ports collection - Additions, enhancements, and fixes to the Web Administration Interface, too numerous to list here - Full English, partial Turkish, and even less complete Spanish support on the web interface - Installation and System Administration Guides, both in English and Turkish ComixWall ISG comes bundled with other software too, which are either included in OpenBSD and its ports collection or specifically ported to OpenBSD for ComixWall: - SpamAssassin: Anti-spam scanner - OpenBSD spamd: spam deferral daemon - P3scan: POP3 anti-virus/anti-spam proxy - smtp-gated: SMTP anti-virus/anti-spam proxy - Dante: SOCKS proxy - Squid: HTTP proxy - Apache Web Server (OpenBSD httpd) - OpenBSD ftp-proxy - DNS server - DHCP server - OpenSSH - symon: System monitoring daemon - pmacct: Network monitoring ...
We have initiated a BSD user group in New York City called NYCBUG (pronounced "nice-bug"). There are two goals for this new user group: First, to provide a forum for the many BSD users in New York City to discuss and debate topics of interest to the BSD community. Second, to provide a bridge to users interested in learning more about or expanding their knowledge of the BSD family. Our kick-off event will be a free "birds-of-a-feather" session at LinuxWorld Expo at the Jacob Javits Center on January 22nd at 5:45pm, Room 1E15. We will have a presence at various tables at the expo, including those of BSDMall and New York PHP. Our first presentation, "Secure by Default: Learning from OpenBSD," will be held on Wednesday, February 4th at 7:00pm in the offices of SageSecure, 116 West 23rd Street and 6th Avenue on the fifth floor. To be given by Wes Sonnenreich, author of "Building Linux and OpenBSD Firewalls" and "Network Security Illustrated," this talk will deal with crucial security concepts and best practices for today's computing environments. Subsequent meetings will take place at 7:00pm on the first Wednesday of the month. Our website is located at www.nycbug.org. The site will include a joint documentation project with New York PHP and OpenlySecure.org, focused on providing original documentation to new and experienced BSD users alike. NYCBUG also provides community mailing lists to assist in discussion and learning about the BSD world. Interested users join the mailing list at http://www.nycbug.org/mailinglist.html. NYCBUG is open to all interested individuals, including, but not limited to, users of FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, OpenDarwin, Darwin and Mac OSX. Since the origins of Berkeley Software Distribution (BSD) UNIX in the 1970's, BSD has been a consistent force among the backroom servers of the world, powering internet service providers, hosting firms, and web sites such as Yahoo! and 2600.com. NYCBUG works to assist current users, ...
Hi, BSDCon Italy 2003 will be held during Webbit'03 event (www.webb.it). Nothing really official, we'll try to promote *BSD systems with various workshops. We are looking for people that can talk about OpenBSD using italian language. Details and news will be released on bsdcon.it Good luck. Ed
------------------------------------------------------- Call For Papers: FREENIX Track http://www.usenix.org/events/usenix05/cfp/freenix.html ------------------------------------------------------- FREENIX is the forum on free and open source software. We are looking for papers providing practical and/or academic insight. FREENIX is an excellent showcase for the latest developments in and interesting applications of free and open source software. Any project with a focus on software that is redistributable in source-code form and available online is a good candidate for a FREENIX submission. (Submissions focusing on proprietary software will not be accepted.) Projects that, while not yet 100% finished, anticipate release in the near term are also good candidates for FREENIX. Submission of any sort of free and open source software-related work is encouraged, including: - Project reports - Academic studies and relevant theory - Usage and development experiences, both successful and unsuccessful The emphasis of a FREENIX submission should be on clearly communicating important and technically interesting software ideas to a broad audience. IMPORTANT DATES: Submissions due Monday, October 18, 2004 Notification to authors Tuesday, December 7, 2004 Camera-ready papers due Thursday, February 24, 2005 Submission guidelines and a full list of suggested topics are available on our website: http://www.usenix.org/events/usenix05/cfp/freenix.html We look forward to your submissions
Hello folks, Due the release of OpenBSD 3.1 on May 19th, the 2.9-STABLE branch will be out of regular maintainance starting June 1st. After this day, there will be NO MORE fixes commited to this branch. People relying on 2.9-STABLE are strongly advised to upgrade to a more recent release (preferrably 3.1 as it becomes available) as soon as possible. Thanks for reading, Miod
The DCBSDCon conference has opened up a Call for Papers for the 2009 event. Speakers are welcome to submit any topic of interest, although security themes are preferred. This conference leads up to the very popular ShmooCon hacker convention in Washington, D.C. where OpenBSD developers and users are always in attendance. Main Website: http://www.dcbsdcon.org/ Call For Papers: http://www.dcbsdcon.org/cfp.html P.S. ShmooCon registration opens Saturday, November 1 at 12pm EDT. If you're planning to attend both events, make sure you register for their event. Previous attendees know how hard it can be to get tickets. ShmooCon: http://www.shmoocon.org/registration.html Hope to see you there! -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
The latest sparc64 snapshot going out to the mirrors now contains new support for running X on sparc64 consoles. Some stuff doesn't quite work yet, but that's the nature of a huge brand new feature... What works: Framebuffers: pci: vga (ATI) framebuffers (must be prom console) sbus: cgsix, cgthree Keyboards: usb: sun type 6 sbus: sun type 3/4/5/6 on zs pci: sun type 3/4/5/6 on com Mice: usb: any usb mouse will do sbus: sun on zs pci: sun on com What doesn't work: - accelerated X servers - xdm (coredumps) [xinit or startx can be used to start the server] - ico (hangs X server) - probably more stuff like this... I'm interested in having folks help find and fix problems in X, which is why the snapshot is going out now... So, if you've been wanting X on your OpenBSD/sparc64 machine, grab the snapshot and start sending patches... --Jason L. Wright
OpenSSH 5.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release marks the 10th anniversary of the OpenSSH project. We would like to thank the OpenSSH community for their support, especially those who will continue to contribute code or patches, report bugs, test snapshots or donate to the project during the next 10 years. More information on donations may be found at: http://www.openssh.com/donations.html This is a bugfix release, no new features have been added. Changes since OpenSSH 5.2 ========================= General Bugfixes: * Do not limit home directory paths to 256 characters. bz#1615 * Several minor documentation and correctness fixes. Portable OpenSSH Bugfixes: * This release removes for support for very old versions of Cygwin and for Windows 95/98/ME * Move the deletion of PAM credentials on logout to after the session close. bz#1534 * Make PrintLastLog work on AIX. bz#1595 * Avoid compile errors on FreeBSD from conflicts in glob.h. bz#1634 * Delay dropping of root privileges on AIX so chroot and pam_open_session work correctly. bz#1249 and bz#1567 * Increase client IO buffer on Cygwin to 64K, realising a significant performance improvement. * Roll back bz#1241 (better handling for expired passwords on Tru64). The change broke password logins on some configurations. * Accept ENOSYS as a fallback error when attempting atomic rename(). bz#1535 * Fix passing of variables to recursive make(1) invocations on Solaris. bz#1505 * Skip the tcgetattr call on the pty master on Solaris, since it never succeeds and can hang if large amounts of data is sent to the slave (eg a copy-paste). bz#1528 * Fix detection of krb5-config. bz#1639 * Fix test for server-assigned remote forwarding port for non-root ...
OpenSSH 3.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 3.5: ============================ * RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1). in order to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(8) is disabled by default and only enabled if the new EnableSSHKeysign option is set in the global ssh_config(5) file. * ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange guesses). * ssh(1) no longer overwrites SIG_IGN. This matches behaviour from rsh(1) and is used by backup tools. * setting ProxyCommand to 'none' disables the proxy feature, see ssh_config(5). * scp(1) supports add -1 and -2. * scp(1) supports bandwidth limiting. * sftp(1) displays a progressmeter. * sftp(1) has improved error handling for scripting. Checksums: ========== - MD5 ...
Due to the release of OpenBSD 3.5, the 3.3-STABLE branch will be be out of regular maintainance starting today. There will be NO MORE fixes commited to this branch nor new patches. People relying on 3.3-STABLE (or older releases even) are strongly advised to upgrade to a more recent release (preferrably 3.5 as it was released on May 1st) as soon as possible. // Brad
Yes, that is supposed to be 2006, not 2005. Sorry. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
Due to the release of OpenBSD 3.4, the 3.2-STABLE branch will be be out of regular maintainance starting today. There will be NO MORE fixes commited to this branch nor new patches. People relying on 3.2-STABLE (or older releases even) are strongly advised to upgrade to a more recent release (preferrably 3.4 as it was released on Oct 30th) as soon as possible. Margarida
Hello folks, BSDCan 2005 proved that the first annual BSDCan was no fluke. We've demonstrated repeatedly that we know how to put on a good conference. It's hard to follow on from such success, but we know we can keep improving. It is with great pleasure that I announce the BSDCan 2006 Call For Papers. BSDCan 2006 will be held May 12-13, 2006, in Ottawa at University of Ottawa. We are now requesting proposals for papers. The papers should be written with a very strong technical content bias. Papers and proposals of a business development or marketing nature are not appropriate for this venue. The schedule is: 19 Dec 2005 Proposal acceptance begins 19 Jan 2006 Proposal acceptance ends 19 Feb 2006 Confirmation of accepted proposals 19 Mar 2006 Abstracts due 19 Apr 2006 Formatted final papers must arrive no later than this date Please submit all proposals to papers@bsdcan.org NOTE: This is the schedule for formal papers. We are also accepting submissions for for talks and presentations. If you have a proposal, please contact us on papers@bsdcan.org. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
FOR IMMEDIATE RELEASE From: The OpenBSD Foundation Contact: directors@openbsdfoundation.org Date: May 28, 2008 THE OPENBSD FOUNDATION ANNOUNCES SUPPORT FOR C2K8 CONFERENCE The OpenBSD Foundation is pleased to announce that it has completed arrangements with the University of Alberta in Edmonton to host the 2008 Annual OpenBSD Developer's Conference (C2K8 Hackathon) from June 7 to June 15, 2008. The facility support from the University of Alberta Computer Science Department will provide C2K8 the best facilities yet for the annual OpenBSD Developer Conference. C2K8 will be the 10th annual event of its kind. Previous hackathons have produced tools such as the PF firewall, OpenBGP, relayd and spamd, as well as innumerable critical improvements to OpenBSD, OpenSSH, and related projects. This year, the OpenBSD Foundation will disburse approximately $15,000 to support C2K8, enabling more than 50 OpenBSD developers from around the world to attend this important event. The Foundation thanks all who have generously donated the resources to make C2K8 possible. The OpenBSD Foundation relies on donations of money and equipment from corporations and individuals to make events like this one possible. If you or your organization are interested in making a contribution, please contact us at: directors@openbsdfoundation.org. -30-
The OpenBSD mailing lists will be down on Saturday April 10 from 6am MDT to 6pm MDT while machine room the server is located in undergoes scheduled maintainance. This also applies to ftp.usa.openbsd.org (aka ftp3.usa.openbsd.org and anoncvs3.usa.openbsd.org), which is located in the same machine room. - todd
OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.0: ============================ * This is a bugfix release, no new features have been added. Some notable fixes are: - Fix segfault when using forwardings configured in ssh_config(5) and ClearAllForwardings (bugzilla #996) - Limit input buffer size for channels. A peer could send more data than the buffer code was willing to accept. This would cause OpenSSH to abort the connection (bugzilla #896) * Several improvements to the regression tests * Portable OpenSSH: - OpenSSH will now always normalise IPv4 in IPv6 mapped addresses back to IPv4 addresses. This means that IPv4 addresses in log messages on IPv6 enabled machines will no longer be prefixed by "::ffff:" and AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style addresses only for 4-in-6 mapped connections. This ensures a consistent representation of IPv4 addresses regardless of whether or not the machine is IPv6 enabled. * Other bugfixes, including bugzilla #950, #997, #998, #999, #1005, #1006, #1024, and #1038 Changes since OpenSSH 3.9: ============================ * ssh(1) now allows the optional specification of an address to bind to in port forwarding connections (local, remote and dynamic). Please refer to the documentation for the -L and -R options in the ...
The anoncvs3.usa.openbsd.org alias has moved to a machine at the National Center for Atmospheric Research in Boulder, Colorado. As a result, the ssh keys have changed and anoncvs users updating from this server may need to edit their ~/.ssh/known_hosts file. OLD public key finger prints: (RSA1) 1024 21:d3:93:29:bc:3f:68:37:6c:84:9f:12:0c:8a:35:2f (RSA) 1024 f4:85:d1:b4:c3:df:62:b9:cf:78:64:73:67:05:e3:ca (DSA) 1024 8d:c7:c3:07:3b:60:fa:80:85:c1:b4:1c:0a:33:c4:33 NEW public key finger prints: (RSA1) 1024 34:95:19:c2:b3:e7:61:7b:39:e8:ab:86:37:cd:c4:49 (RSA) 1024 42:56:39:98:65:05:e7:2a:98:2b:ee:cc:e5:a3:53:ed (DSA) 1024 e3:e7:83:ef:f6:78:dc:d3:ca:a5:cf:64:c6:b7:4f:43 - todd
June 4, 2005 We are pleased to announce the official release of OpenBGPD 3.7. This is our second formal release. OpenBGPD is a fairly complete implementation of the Border Gateway Protocol, Version 4, as described in RFC 1771. BGP is a protocol used by routers to exchange routing information, and is one of the core protocols of the Internet. Highlights include: -full support for the BGP protocol as defined in RFC 1771 -full support for tcp md5 signatures (RFC 2385) -full ipsec integration, with both static and dynamic keying supported -pf and CARP integration -communities support (RFC 1997) -route refresh (RFC 2918) -capabilities advertisement (RFC 3392) -low memory footprint: under 30 MB with one full-mesh session, still under 40 MB for three -kernel routing table can be coupled and decoupled any time -easy, straightforward configuration language -very good performance -easy to use bgpctl program, to control bgpd at runtime -complete and accurate manpages OpenBGPD is in use in many production environments, with dozens to hundreds of peers. OpenBGPD 3.7 comes with OpenBSD 3.7, or can be downloaded seperately from one of the mirrors listed at http://www.openbgpd.org/. OpenBGPD is developed as part of the OpenBSD project, which offers CDs, T-Shirts and Posters. Sales of these items help funding OpenBGPD development. Orders can be placed via http://www.openbsd.org/orders.html OpenBGPD is primarily written by Claudio Jeker and Henning Brauer. Parts of the design were done by Andre Oppermann. Many thanks to him, the whole OpenBSD developer base and especially Theo de Raadt for their continued help and support.
