We have initiated a BSD user group in New York City called NYCBUG

(pronounced "nice-bug").
There are two goals for this new user group:
First, to provide a forum for the many BSD users in New York City to

discuss and debate topics of interest to the BSD community.
Second, to provide a bridge to users interested in learning more about or

expanding their knowledge of the BSD family.
Our kick-off event will be a free "birds-of-a-feather" session at

LinuxWorld Expo at the Jacob Javits Center on January 22nd at 5:45pm, Room

1E15.  We will have a presence at various tables at the expo, including

those of BSDMall and New York PHP.
Our first presentation, "Secure by Default: Learning from OpenBSD," will

be held on Wednesday, February 4th at 7:00pm in the offices of

SageSecure, 116 West 23rd Street and 6th Avenue on the fifth floor.  To be

given by Wes Sonnenreich, author of "Building Linux and OpenBSD Firewalls"

and "Network Security Illustrated," this talk will deal with crucial

security concepts and best practices for today's computing environments.

Subsequent meetings will take place at 7:00pm on the first Wednesday of

the month.
Our website is located at www.nycbug.org.  The site will include a joint

documentation project with New York PHP and OpenlySecure.org, focused on

providing original documentation to new and experienced BSD users alike.

NYCBUG also provides community mailing lists to assist in discussion and

learning about the BSD world.  Interested users join the mailing list at

http://www.nycbug.org/mailinglist.html.
NYCBUG is open to all interested individuals, including, but not limited

to, users of FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, OpenDarwin, Darwin

and Mac OSX.
Since the origins of Berkeley Software Distribution (BSD) UNIX in the

1970's, BSD has been a consistent force among the backroom servers of the

world, powering internet service providers, hosting firms, and web sites

such as Yahoo! and 2600.com.  NYCBUG works to assist current users, those

in...
[ message continues ]

Due to the release of OpenBSD 3.5, the 3.3-STABLE branch will be

be out of regular maintainance starting today. There will be

NO MORE fixes commited to this branch nor new patches.
People relying on 3.3-STABLE (or older releases even) are strongly

advised to upgrade to a more recent release (preferrably 3.5 as it

was released on May 1st) as soon as possible.
// Brad

-------------------------------------------------------

Call For Papers:

FREENIX Track

http://www.usenix.org/events/usenix05/cfp/freenix.html

-------------------------------------------------------
  FREENIX is the forum on free and open source software. We are looking

for papers providing practical and/or academic insight. FREENIX is an

excellent showcase for the latest developments in and interesting

applications of free and open source software. Any project with a focus

on software that is redistributable in source-code form and available

online is a good candidate for a FREENIX submission. (Submissions

focusing on proprietary software will not be accepted.) Projects that,

while not yet 100% finished, anticipate release in the near term are

also good candidates for FREENIX. Submission of any sort of free and

open source software-related work is encouraged, including:
 	- Project reports

	- Academic studies and relevant theory

	- Usage and development experiences, both successful and unsuccessful
The emphasis of a FREENIX submission should be on clearly

communicating important and technically interesting software ideas to

a broad audience.
IMPORTANT DATES:

Submissions due Monday, October 18, 2004

Notification to authors Tuesday, December 7, 2004

Camera-ready papers due Thursday, February 24, 2005
Submission guidelines and a full list of suggested topics are available

on our website:

http://www.usenix.org/events/usenix05/cfp/freenix.html
We look forward to your submissions

The anoncvs3.usa.openbsd.org alias has moved to a machine at the

National Center for Atmospheric Research in Boulder, Colorado.
As a result, the ssh keys have changed and anoncvs users updating

from this server may need to edit their ~/.ssh/known_hosts file.
OLD public key finger prints:

(RSA1) 1024 21:d3:93:29:bc:3f:68:37:6c:84:9f:12:0c:8a:35:2f

(RSA) 1024 f4:85:d1:b4:c3:df:62:b9:cf:78:64:73:67:05:e3:ca

(DSA) 1024 8d:c7:c3:07:3b:60:fa:80:85:c1:b4:1c:0a:33:c4:33
NEW public key finger prints:

(RSA1) 1024 34:95:19:c2:b3:e7:61:7b:39:e8:ab:86:37:cd:c4:49

(RSA) 1024 42:56:39:98:65:05:e7:2a:98:2b:ee:cc:e5:a3:53:ed

(DSA) 1024 e3:e7:83:ef:f6:78:dc:d3:ca:a5:cf:64:c6:b7:4f:43
 - todd

OpenSSH 4.0 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support to the project, especially those who contributed source and

bought T-shirts or posters.
We have a new design of T-shirt available, more info on

        http://www.openbsd.org/tshirts.html#18
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 3.9:

============================ 
* ssh(1) now allows the optional specification of an address to bind to

  in port forwarding connections (local, remote and dynamic). Please

  refer to the documentation for the -L and -R options in the ssh(1)

  manual page and the LocalForward and RemoteForward options in the

  ssh_config(5) manpage. (Bugzilla #413)
* To control remote bindings while retaining backwards compatibility,

  sshd(8)'s GatewayPorts option has been extended. To allow client

  specified bind addresses for remote (-R) port forwardings, the server

  must be configured with "GatewayPorts clientspecified".
* ssh(1) and ssh-keyscan(1) now support hashing of host names and

  addresses added to known_hosts files, controlled by the ssh(1)

  HashKnownHosts configuration directive. This option improves user

  privacy by hiding which hosts have been visited. At present this

  option is off by default, but may be turned on once it receives

  sufficient testing.
* Added options for managing keys in known_hosts files to ssh-keygen(1),

  including the ability to search for hosts by name, delete hosts by

  name and convert an unhashed known_hosts file into one with hashed

  names. These are particularly useful for managing known_hosts files

  with hashed hostnames.
* Improve account and password expir...
[ message continues ]

OpenSSH 4.1 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support to the project, especially those who contributed source and

bought T-shirts or posters.
We have a new design of T-shirt available, more info on

        http://www.openbsd.org/tshirts.html#18
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 4.0:

============================ 
* This is a bugfix release, no new features have been added. Some notable

  fixes are:
  - Fix segfault when using forwardings configured in ssh_config(5) and

    ClearAllForwardings (bugzilla #996)
  - Limit input buffer size for channels. A peer could send more data

    than the buffer code was willing to accept. This would cause OpenSSH

    to abort the connection (bugzilla #896)
* Several improvements to the regression tests
* Portable OpenSSH:
  - OpenSSH will now always normalise IPv4 in IPv6 mapped addresses back to

    IPv4 addresses. This means that IPv4 addresses in log messages on IPv6

    enabled machines will no longer be prefixed by "::ffff:" and AllowUsers,

    DenyUsers, AllowGroups, DenyGroups will match IPv4-style addresses only

    for 4-in-6 mapped connections. This ensures a consistent representation

    of IPv4 addresses regardless of whether or not the machine is IPv6

    enabled.
* Other bugfixes, including bugzilla #950, #997, #998, #999, #1005, #1006,

  #1024, and #1038
Changes since OpenSSH 3.9:

============================ 
* ssh(1) now allows the optional specification of an address to bind to

  in port forwarding connections (local, remote and dynamic). Please

  refer to the documentation for the -L and -R options in the ssh(...
[ message continues ]

June 4, 2005
We are pleased to announce the official release of OpenBGPD 3.7.

This is our second formal release.
OpenBGPD is a fairly complete implementation of the Border Gateway

Protocol, Version 4, as described in RFC 1771. BGP is a protocol used

by routers to exchange routing information, and is one of the core

protocols of the Internet.
Highlights include:

-full support for the BGP protocol as defined in RFC 1771

-full support for tcp md5 signatures (RFC 2385)

-full ipsec integration, with both static and dynamic keying supported

-pf and CARP integration

-communities support (RFC 1997)

-route refresh (RFC 2918)

-capabilities advertisement (RFC 3392)

-low memory footprint: under 30 MB with one full-mesh session,

 still under 40 MB for three

-kernel routing table can be coupled and decoupled any time

-easy, straightforward configuration language

-very good performance

-easy to use bgpctl program, to control bgpd at runtime

-complete and accurate manpages
OpenBGPD is in use in many production environments, with dozens to

hundreds of peers.
OpenBGPD 3.7 comes with OpenBSD 3.7, or can be downloaded seperately

from one of the mirrors listed at http://www.openbgpd.org/.
OpenBGPD is developed as part of the OpenBSD project, which offers CDs,

T-Shirts and Posters. Sales of these items help funding OpenBGPD

development. Orders can be placed via

  http://www.openbsd.org/orders.html
OpenBGPD is primarily written by Claudio Jeker and Henning Brauer.

Parts of the design were done by Andre Oppermann. Many thanks to him, the

whole OpenBSD developer base and especially Theo de Raadt for their

continued help and support.

OpenSSH 4.9 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots and purchased

T-shirts or posters.
T-shirt, poster and CD sales directly support the project. Pictures

and more information can be found at:

        http://www.openbsd.org/tshirts.html and

	http://www.openbsd.org/orders.html
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Note that OpenSSH 4.8 was an OpenBSD-only release shipped with the

OpenBSD 4.3 CD.
Changes since OpenSSH 4.7:

============================
Security:
 * Disable execution of ~/.ssh/rc for sessions where a command has been

   forced by the sshd_config ForceCommand directive. Users who had

   write access to this file could use it to execute abritrary commands.

   This behaviour was documented, but was an unsafe default and an extra

   hassle for administrators.
New features:
  * Added chroot(2) support for sshd(8), controlled by a new option

    "ChrootDirectory". Please refer to sshd_config(5) for details, and

    please use this feature carefully. (bz#177 bz#1352)

  * Linked sftp-server(8) into sshd(8). The internal sftp server is

    used when the command "internal-sftp" is specified in a Subsystem

    or ForceCommand declaration. When used with ChrootDirectory, the

    internal sftp server requires no special configuration of files

    inside the chroot environment. Please refer to sshd_config(5) for

    more information.

  * Added a "no-user-rc" option for authorized_keys to disable execution

    of ~/.ssh/rc

  * Added a protocol extension method "posix-rename@openssh.com" for

   ...
[ message continues ]

Hello folks,
BSDCan 2005 proved that the first annual BSDCan was no fluke.  We've

demonstrated repeatedly that we know how to put on a good conference.

It's hard to follow on from such success, but we know we can keep

improving.  It is with great pleasure that I announce the BSDCan 2006 Call

For Papers.  
BSDCan 2006 will be held May 12-13, 2006, in Ottawa at University of

Ottawa.  We are now requesting proposals for papers.
The papers should be written with a very strong technical content

bias. Papers and proposals of a business development or marketing

nature are not appropriate for this venue.
The schedule is:
19 Dec 2005	Proposal acceptance begins

19 Jan 2006	Proposal acceptance ends

19 Feb 2006	Confirmation of accepted proposals

19 Mar 2006	Abstracts due

19 Apr 2006	Formatted final papers must arrive no later than this date
Please submit all proposals to papers@bsdcan.org
NOTE: This is the schedule for formal papers. We are also accepting

submissions for for talks and presentations. If you have a proposal,

please contact us on papers@bsdcan.org.

--

Dan Langille : http://www.langille.org/

BSDCan - The Technical BSD Conference - http://www.bsdcan.org/

Yes, that is supposed to be 2006, not 2005.  Sorry.

--

Dan Langille : http://www.langille.org/

BSDCan - The Technical BSD Conference - http://www.bsdcan.org/

------------------------------------------------------------------------

- OpenBSD 3.9 RELEASED -------------------------------------------------
May 1, 2006.
We are pleased to announce the official release of OpenBSD 3.9.

This is our 19th release on CD-ROM (and 18th via FTP).  We remain

proud of OpenBSD's record of eight years with only a single remote

hole in the default install.  As in our previous releases, 3.9

provides significant improvements, including new features, in nearly

all areas of the system:
- Improved hardware support, including:

    o Some G5-based Apple Macintosh machines, including W^X support (currently

      restricted to 32-bit mode).

    o Many more audio drivers in the OpenBSD/macppc port.

    o Support for many system sensors (temperature, voltage, fan speed) via

      the following subsystems:

          o Dell's Embedded Server Management (esm)

          o Intelligent Platform Management Interface (ipmi)

          o I2C/SMBus sensor subsystems found on most motherboards (iic)

    o Touchpad on recent Apple laptops (tpms).

    o nfe, a binary blob free driver for the NVIDIA nForce Ethernet interface.

    o Opteron systems now have all their PCI buses detected.

    o CardBus and PCMCIA support on OpenBSD/amd64.

    o ixgb, Intel PRO/10GbE Ethernet.

    o Support for new Intel i82571, i82572 and i82573 PCI Express based devices

      in the em(4) driver.

    o Support for new Broadcom BCM5714, BCM5715 and BCM5903M based devices in

      the bge(4) driver.

    o Support for new Ralink RT2501 and RT2600 based devices in ral.

    o Support for ASIX AX88178 Gigabit and AX88772 10/100 based devices

        in axe(4).

    o Support for devices incorporating GCT RF transceivers in rtw.

    o Zaurus remote control (zrc) support.

    o Initial Sound Blaster Audigy support in the emu(4) driver.

    o The Level 1 LXT1001 Gigabit driver has been fixed and now works (lge(4)).

    o More HP Smart ARRAY controllers recognized by the ciss(4) driver.

    o Support ...
[ message continues ]

FOR IMMEDIATE RELEASE
From: The OpenBSD Foundation

Contact: directors@openbsdfoundation.org

Date: May 28, 2008
THE OPENBSD FOUNDATION ANNOUNCES SUPPORT FOR C2K8 CONFERENCE
The OpenBSD Foundation is pleased to announce that it has completed

arrangements with the University of Alberta in Edmonton to host the

2008 Annual OpenBSD Developer's Conference (C2K8 Hackathon)

from June 7 to June 15, 2008.
The facility support from the University of Alberta Computer Science

Department will provide C2K8 the best facilities yet for the annual

OpenBSD Developer Conference. C2K8 will be the 10th annual event of

its kind. Previous hackathons have produced tools such as the PF

firewall, OpenBGP, relayd and spamd, as well as innumerable

critical improvements to OpenBSD, OpenSSH, and related projects.
This year, the OpenBSD Foundation will disburse approximately

$15,000

to support C2K8, enabling more than 50 OpenBSD developers from

around

the world to attend this important event. The Foundation thanks

all who have generously donated the resources to make C2K8

possible.
The OpenBSD Foundation relies on donations of money and equipment

from

corporations and individuals to make events like this one possible.

If

you or your organization are interested in making a contribution,

please contact us at: directors@openbsdfoundation.org.
-30-

The DCBSDCon conference has opened up a Call for Papers for the 2009

event.  Speakers are welcome to submit any topic of interest, although

security themes are preferred. This conference leads up to the very

popular ShmooCon hacker convention in Washington, D.C. where OpenBSD

developers and users are always in attendance.
Main Website: http://www.dcbsdcon.org/

Call For Papers: http://www.dcbsdcon.org/cfp.html
P.S.  ShmooCon registration opens Saturday, November 1 at 12pm EDT. If

you're planning to attend both events, make sure you register for their

event.  Previous attendees know how hard it can be to get tickets.
ShmooCon: http://www.shmoocon.org/registration.html
Hope to see you there!
--

Jason Dixon

DixonGroup Consulting

http://www.dixongroup.net/

------------------------------------------------------------------------

- OpenBSD 4.0 RELEASED -------------------------------------------------
Nov 1, 2006.
We are pleased to announce the official release of OpenBSD 4.0.

This is our 20th release on CD-ROM (and 21st via FTP).  We remain

proud of OpenBSD's record of ten years with only a single remote

hole in the default install.  As in our previous releases, 4.0

provides significant improvements, including new features, in nearly

all areas of the system:
- New/extended platforms:

    o OpenBSD/armish.

      Various ARM-based appliances, using the Redboot boot loader, currently

      only supporting the Thecus N2100 and IOData HDL-G.

    o OpenBSD/sparc64.

      UltraSPARC III based machines are now supported!

    o OpenBSD/zaurus.

      Support for the Zaurus SL-C3200. 
- Improved hardware support, including:

    o New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.

    o New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.

    o New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.

    o New rum(4) driver for Ralink Technology 2nd gen USB IEEE

      802.11a/b/g wireless.

    o New acx(4) driver for Texas Instruments ACX100/ACX111

      IEEE 802.11a/b/g wireless.

    o New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC

      IEEE 802.11a/b/g wireless.

    o New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.

    o New binary blob free wpi(4) driver for Intel PRO/Wireless

      3945ABG IEEE 802.11a/b/g wireless.

    o New arc(4) driver for Areca Technology Corporation SATA RAID;

      including RAID management via bio(4).

    o New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including

      RAID management via bio(4).

    o New azalia(4) driver for generic High Definition Audio.

    o New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting

      SD memory cards as fake SCSI sd(4) drives.

    o New udcf(4) driver for Gude ADS Expert mouseCLOCK ...
[ message continues ]

OpenSSH 5.3 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
This release marks the 10th anniversary of the OpenSSH project.

We would like to thank the OpenSSH community for their support,

especially those who will continue to contribute code or patches,

report bugs, test snapshots or donate to the project during the

next 10 years.  More information on donations may be found at:

http://www.openssh.com/donations.html
This is a bugfix release, no new features have been added.
Changes since OpenSSH 5.2

=========================
General Bugfixes:
 * Do not limit home directory paths to 256 characters. bz#1615
 * Several minor documentation and correctness fixes.
Portable OpenSSH Bugfixes:
 * This release removes for support for very old versions of Cygwin and

   for Windows 95/98/ME
 * Move the deletion of PAM credentials on logout to after the session

   close. bz#1534
 * Make PrintLastLog work on AIX. bz#1595
 * Avoid compile errors on FreeBSD from conflicts in glob.h. bz#1634
 * Delay dropping of root privileges on AIX so chroot and pam_open_session

   work correctly. bz#1249 and bz#1567
 * Increase client IO buffer on Cygwin to 64K, realising a significant

   performance improvement.
 * Roll back bz#1241 (better handling for expired passwords on Tru64).

   The change broke password logins on some configurations.
 * Accept ENOSYS as a fallback error when attempting atomic

   rename(). bz#1535
 * Fix passing of variables to recursive make(1) invocations on Solaris.

   bz#1505
 * Skip the tcgetattr call on the pty master on Solaris, since it never

   succeeds and can hang if large amounts of data is sent to the slave

   (eg a copy-paste). bz#1528 
 * Fix detection of krb5-config. bz#1639
 * Fix test for server-assigned remote forwarding port for non-root users.

...
[ message continues ]

OpenSSH 4.7 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots and purchased

T-shirts or posters.
T-shirt, poster and CD sales directly support the project. Pictures

and more information can be found at:

        http://www.openbsd.org/tshirts.html and

        http://www.openbsd.org/orders.html
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 4.6:

============================
Security bugs resolved in this release:
 * Prevent ssh(1) from using a trusted X11 cookie if creation of an

   untrusted cookie fails; found and fixed by Jan Pechanec.
Other changes, new functionality and fixes in this release:
 * sshd(8) in new installations defaults to SSH Protocol 2 only.

   Existing installations are unchanged.
 * The SSH channel window size has been increased, and both ssh(1)

   sshd(8) now send window updates more aggressively. These improves

   performance on high-BDP (Bandwidth Delay Product) networks.
 * ssh(1) and sshd(8) now preserve MAC contexts between packets, which

   saves 2 hash calls per packet and results in 12-16% speedup for

   arcfour256/hmac-md5.
 * A new MAC algorithm has been added, UMAC-64 (RFC4418) as

   "umac-64@openssh.com". UMAC-64 has been measured to be

   approximately 20% faster than HMAC-MD5.
 * A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes
 * Failure to establish a ssh(1) TunnelForward is now treated as a

   fatal error when the ExitOnForwardFailure option is set.
 * ssh(1) returns a sensible exit status if the control master goes

   away withou...
[ message continues ]

The latest sparc64 snapshot going out to the mirrors now contains new

support for running X on sparc64 consoles.  Some stuff doesn't quite

work yet, but that's the nature of a huge brand new feature...
What works:

	Framebuffers:

		pci: vga (ATI) framebuffers (must be prom console)

		sbus: cgsix, cgthree

	Keyboards:

		usb: sun type 6

		sbus: sun type 3/4/5/6 on zs

		pci: sun type 3/4/5/6 on com

	Mice:

		usb: any usb mouse will do

		sbus: sun on zs

		pci: sun on com
What doesn't work:

	- accelerated X servers

	- xdm (coredumps) [xinit or startx can be used to start the server]

	- ico (hangs X server)

	- probably more stuff like this...
I'm interested in having folks help find and fix problems in X, which is

why the snapshot is going out now... So, if you've been wanting X on

your OpenBSD/sparc64 machine, grab the snapshot and start sending

patches...
--Jason L. Wright

Hello folks,
  Due the release of OpenBSD 3.1 on May 19th, the 2.9-STABLE branch will

be out of regular maintainance starting June 1st.  After this day, there

will be NO MORE fixes commited to this branch.
  People relying on 2.9-STABLE are strongly advised to upgrade to a more

recent release (preferrably 3.1 as it becomes available) as soon as

possible.
  Thanks for reading,

Miod

OpenSSH 3.3 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support and encouragement.
Changes since OpenSSH 3.2.3:

============================ 
Security Changes:

=================
- improved support for privilege separation:
	privilege separation is now enabled by default
  See UsePrivilegeSeparation in sshd_config(5)

  and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more

  information.

- ssh no longer needs to be installed setuid root for protocol

  version 2 hostbased authentication, see ssh-keysign(8).

  protocol version 1 rhosts-rsa authentication still requires privileges

  and is not recommended.
Other Changes:

==============
- documentation for the client and server configuration options have

  been moved to ssh_config(5) and sshd_config(5).

- the server now supports the Compression option, see sshd_config(5).

- the client options RhostsRSAAuthentication and RhostsAuthentication now

  default to no, see ssh_config(5).

- the client options FallBackToRsh and UseRsh are deprecated.

- ssh-agent now supports locking and timeouts for keys, see ssh-add(1).

- ssh-agent can now bind to unix-domain sockets given on the command line,

  see ssh-agent(1).

- fixes problems with valid RSA signatures from putty clients.
Reporting Bugs:

===============
- please read http://www.openssh.com/report.html

  and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,

Kevin Steves, Damien Miller and Ben Lindstrom.

I am pleased to announce that ComixWall ISG 4.2 has been released.

ComixWall is an Internet Security Gateway (ISG): FOSS UTM firewall

running on OpenBSD, with a user-friendly web interface for

administration and monitoring. ComixWall is unique, first of its kind in

many ways.
Highlights of this release are:

- OpenBSD 4.2-stable, i.e. includes all of the stable patches as of

December

- Support for both amd64 and i386 architectures, thus there are 2

installation CD images

- Upgrade support, from ComixWall 4.1b amd64 to 4.2 amd64

- New install/upgrade scripts, based on OpenBSD installation scripts

- xbase install set stripped down to save space on the CD image and the

file system

- SnortIPS: Intrusion Prevention System (IPS) based on snort alerts,

totally relies on pfctl

- Snort 2.8.0.1: Intrusion Detection System (IDS), with alerts log

rotate and 64-bit time stamp patches

- ClamAV 0.92: Anti-virus scanner

- DansGuardian 2.9.9.2 with clamd: Content scanning web filter

- IMSpector, CVS build as of 20071130: Message logging IM proxy which

supports MSN, IRC, Yahoo, etc.

- pfw 0.7.8: Web interface for pf, patched for bugs

- Updated software packages from OpenBSD ports collection

- Additions, enhancements, and fixes to the Web Administration

Interface, too numerous to list here

- Full English, partial Turkish, and even less complete Spanish support

on the web interface

- Installation and System Administration Guides, both in English and

Turkish
ComixWall ISG comes bundled with other software too, which are either

included in OpenBSD and its ports collection or specifically ported to

OpenBSD for ComixWall:
- SpamAssassin: Anti-spam scanner

- OpenBSD spamd: spam deferral daemon

- P3scan: POP3 anti-virus/anti-spam proxy

- smtp-gated: SMTP anti-virus/anti-spam proxy

- Dante: SOCKS proxy

- Squid: HTTP proxy

- Apache Web Server (OpenBSD httpd)

- OpenBSD ftp-proxy

- DNS server

- DHCP server

- OpenSSH

- symon: System monitoring daemon

- pmacct: Network monitoring daemon
The W...
[ message continues ]

Hi,
BSDCon Italy 2003 will be held during Webbit'03 event (www.webb.it).

Nothing really official, we'll try to promote *BSD systems with various

workshops.
We are looking for people that can talk about OpenBSD using italian language.
Details and news will be released on bsdcon.it

Good luck.
        Ed

OpenSSH 3.6 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support to the project, especially those who contributed source and

bought T-shirts or posters.
We have a new design of T-shirt available, more info on

	http://www.openbsd.org/tshirts.html#18
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 3.5:

============================ 
* RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1).

  in order to avoid potential timing attacks against the RSA keys.

  Older versions of OpenSSH have been using RSA blinding in

  ssh-keysign(1) only.
  Please note that there is no evidence that the SSH protocol is

  vulnerable to the OpenSSL/TLS timing attack described in

        http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
* ssh-agent(1) optionally requires user confirmation if a key gets

  used, see '-c' in ssh-add(1).
* sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation

  is enabled.
* sshd(8) now removes X11 cookies when a session gets closed.
* ssh-keysign(8) is disabled by default and only enabled if the

  new EnableSSHKeysign option is set in the global ssh_config(5)

  file.
* ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange

  guesses).
* ssh(1) no longer overwrites SIG_IGN.  This matches behaviour from

  rsh(1) and is used by backup tools.
* setting ProxyCommand to 'none' disables the proxy feature, see

  ssh_config(5).
* scp(1) supports add -1 and -2.
* scp(1) supports bandwidth limiting.
* sftp(1) displays a progressmeter.
* sftp(1) has improved error handling for scripting.
Checksums:

==========
- MD5 (openssh-3.6p1.tar.g...
[ message continues ]

TOORCON 2003 LINEUP FINALIZED
We are proud to announce the finalized lineup for ToorCon this year. With=

 a

total of 29 talks on 2 tracks spanning 2 days, we have a really compellin=

g

lineup this year. This year we are going Back to Basics and introducing a

Policy and Procedure track along side the standard Attack and Defense

topics. This bridges the gap between the underground attack and defense

technologies that are being developed and the business policies and laws

that are in place to ensure your safety and security. This year will also

have a special emphasis on wireless, cryptography, and steganography

technologies that are being developed to protect your freedom and anonymi=

ty

from the every increasing listening entities on the internet. More

information is available at:
http://www.toorcon.org
PRE-REGISTRATION
Pre-registration for toorcon this year is only $50 and will be closing

September 12th, 2003, so please pre-register ASAP and save $15 off the do=

or

price! To commemorate our 5-year milestone, we will be giving away offici=

al

commemorative t-shirts to the first 50 registered attendees. There are a =

few

shirts left so register today for your chance at a FREE shirt.
http://www.toorcon.org/registration.html
ATTACK AND DEFENSE
Saturday, September 27th 2003

10:00-11:00=A0Keynote: Robert X. Cringely

11:00-12:00=A0Simple Nomad, NMRC - NMRC Happenings

12:00-13:00=A0divide, dd & spoonm, Ghettohackers - Root-Fu ; Rise of the

            Ninjas=20

14:30-15:30=A0FtR, Phenoelit - More Embedded Systems

15:30-16:30=A0Bruce Potter, The Shmoo Group - Bluetooth Service Discovery

16:30-17:30=A0Dan Kaminsky, Avaya - Stack Black Ops: New Concepts for Net=

work

            Manipulation

17:30-18:30=A0Jaya Baloo - De-Mystifying Quantum Crypto

18:30-20:00=A0Alexander Payne, Ron DuFresne, Dennis W. Mattison - Securin=

g

            802.11 Panel
Sunday, September 28th 2003

11:00-12:00=A0Dave Killion, Netscreen - UPS: The Undetectable Packet Snif=

fer

12:00...
[ message continues ]

Due to the release of OpenBSD 3.4, the 3.2-STABLE branch will be

be out of regular maintainance starting today.

There will be NO MORE fixes commited to this branch nor new patches.
  People relying on 3.2-STABLE (or older releases even) are strongly

advised to upgrade to a more recent release (preferrably 3.4 as it

was released on Oct 30th) as soon as possible.
Margarida