Tuesday, October 21, 2014

BSD News 20/10/2014

Last week in BSD
Releases: JabirOS, FreeBSD
Other news: BSDSec, FreeBSD, Unix, LibreSSL, DragonFly BSD, OpenBSD, FreeBSD Foundation, pfSense, HardenedBSD


First beta release of #JabirOS 2.1 
  1. Based on FreeBSD 10.1’s codebase
  2. bsdinstall problems solved
  3. Used Jabir Project’s GENERIC configuration.
  4. based on JPPSL license
(JPPSL won’t be used anymore )

FreeBSD 10.1-RC2 Now Available   

The second RC build of the 10.1-RELEASE release cycle is now available on the FTP servers for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures.

The image checksums follow are included in the original announcement email.

Changes between 10.1-RC1 and 10.1-RC2 include:
  • Fix XHCI driver for devices which have more than 15 physical root HUB ports.
  • Fix old iSCSI initiator to work with new CAM locking.
  • Fix page length reported for Block Limits VPD page.
  • Add QCOW v1 & v2 support to mkimg(1).

LibreSSL 2.1.0 released. 
LibreSSL 2.1.1 released. 
[FreeBSD-Announce] Reminder: FreeBSD 9.1 and 9.2 end-of-life approaching 

Other news

July–September, 2014 Status Report 

The July–September, 2014 Status Report is now available.

This report covers FreeBSD-related projects between July and September 2014. This is the third of four reports planned for 2014.
The third quarter of 2014 was another productive quarter for the FreeBSD project. A lot of work has been done on various ARM platforms, with the goal of bringing them to Tier 1 status in FreeBSD 11. The various ports teams have also worked hard to improve the state of FreeBSD as a desktop operating system. As usual, performance improvements feature in several places in this report and many of these can benefit from user benchmarking to validate our results.

faster pf 

As I’ve written elsewhere, we are starting to focus on performance in pfSense 2.2 and beyond.  The first project was to implement AES-GCM with AES-NI acceleration (on CPUs that support it) for IPSec.   This project was accomplished in partnership between the FreeBSD Foundation, ESF, and Netgate, and has been stable in pfSense 2.2 snapshots for several weeks.

BSDって聞いたことある? | BSD Now 59   

This week on the show we'll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD.

Interesting articles
Unix: Expiring passwords with chage
Hardening procfs and linprocfs 
MineOS (Minecraft) Plugin for FreeNAS 
FreeBSD 10.1 Is to Support Secure Boot Capabilities

Code stuff
OpenBSD Passes 300,000 Commits 
Pile of point upgrades 
A Sneak Peek at the Upcoming OpenBSD 5.6 Release
OpenSSH update and incompatibility 
ingo@ incorporates man into mandoc 
/dev/upmap and /dev/kpmap added 

Tuesday, October 14, 2014

BSD News 13/10/2014

Last Week in BSD
Releases: NetBSD, MidnightBSD
Other news: PC-BSD, NetBSD, mksh, LibreSSL, BSDNow


NetBSD 6.1.5 and 6.0.6 released 

The NetBSD Project is pleased to announce NetBSD 6.1.5, the fifth security/bugfix update of the NetBSD 6.1 release branch, and NetBSD 6.0.6, the sixth security/bugfix update of the NetBSD 6.0 release branch. They represent a selected subset of fixes deemed important for security or stability reasons, and if you are running a prior release of either branch, we strongly suggest that you update to one of these releases.
For more details, please see the NetBSD 6.1.5 release notes or NetBSD 6.0.6 release notes.
Complete source and binaries for NetBSD are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at http://www.NetBSD.org/mirrors/.

#midnightbsd 0.5.2-RELEASE is available via SVN. It fixes a regression with #mksh R50c and includes R50d.  

Other news

mksh R50d released 

The last MirBSD Korn Shell update broke update-initramfs because I accidentally introduced a regression in field splitting while fixing other bugs – sorry!
mksh R50d was just released to fix that, and a small NULL pointer dereference found by Goodbox on IRC. Thanks to my employer tarent for a bit of time to work on it.

Behind the Masq | BSD Now 58 

LibreSSL 2.1.0 Released 
Bob Beck (beck@) has announced the release of LibreSSL 2.1.0:
We have released LibreSSL 2.1.0 - which should be arriving in the
LIbreSSL directory of an OpenBSD mirror near you very soon.

This release continues on with further work from after OpenBSD 5.6
code freeze. Our intention is to finalize LibreSSL 2.1 with OpenBSD

As noted before, we welcome feedback from the broader community.



Code stuff
Testers: CentOS 6.5 Emulation and New AppCafe 

Thursday, October 9, 2014

BSDSec now using SSL

Kind of.

I went with free SSL from CloudFlare. Right now it's only from your browser to CF, but I plan to add stuff to my server as well so everything is covered with SSL. I am going to make my own cert, not buying as it's pretty pricey. Consider that this is all my personal expense. (Any BSD hosting company willing to host Rails app for free as BSDSec sponsor?)

To be honest, I have no idea how am I gonna do it, as I use Ninefold and I don't have access to server, and I never did all that SSL stuff, but hey, I am gonna learn. Pretty sure there are bunch of tutorials.

And I'll also have something to blog about.

Tuesday, October 7, 2014

BSD News 06/10/2014

Last week in BSD
Releases: FreeNAS, GhostBSD, FreeBSD
Other news: bsd, freeNAS, OpenBSD, HardenedBSD, EuroBSDCon, FreeBSD, SSL, FreeBSD, NetBSD, FreeBSD Foundation, DiscoverBSD



The list of bugs fixed in can be found here. The release notes for
  • Fix bug where use of NONE cipher in replication erroneously reported an error on a successful replication.
  • Don’t enable lz4 compression on replication by default if upgrading from a pre- release.
  • Multiple kernel iSCSI / CTL improvements. This includes VMWare VAAI and Microsoft ODX acceleration support, improved performance and fixes for number of bugs. Kernel iSCSI can be activated by checking the experimental target checkbox under services -> iSCSI.
  • Improve performance of viewing snapshots when replication tasks are set up.
  • Allow binding CIFS to specific IPs.
  • Fix LDAP bind URL when using TLS.
  • Validate AD advanced settings. If the GC or DC are manually specified make sure they are reachable.
  • Set UNIX permissions when the Mac permissions radio button is selected. Netatalk does not play nicely with ACLs.
  • Fix a bug in the mail sending routines used by FreeNAS. With some mailserver configurations the To: address could’ve been set to root instead of the address specified in the root user.
  • Fix a bug that prevented the system from showing the replicated status of a snapshot if the remote path differed from the local path.
  • “Shellshock” security vulnerability in bash (which is not the system shell FreeNAS or FreeBSD) proactively closed.
  • GCC is no longer installed by default, clang is the default compiler.
  • make(1) has been replaced with bmake(1), obtained from the NetBSD Project.
  • pkg(7) is now the default package management utility.
  • pkg_add(1), pkg_delete(1), bxpkg and related tools have been removed.
  • Networkmgr is the default network manager.
  • Mate is the default Desktop.
  • 3 workstation to chose

FreeBSD 10.1-RC1 Now Available   

Changes between 10.1-BETA3 and 10.1-RC1 include:
  • A bug that would cause all processes to appear to have the parent PID of '1' has been fixed.
  • Various updates to bsdinstall(8) and bsdconfig(8).
  • The Hyper-V KVP (key-value pair) driver has been added, and enabled by default on amd64 and i386 architectures.

BSDSec September 2014 Security Advisories and Announcements 

[FreeBSD-Announce] FreeBSD CVSup network shutting down.
fix for nginx SSL session reuse 
Announcing the pkgsrc-2014Q3 Release 

BSD Releases September 2014 

Other news

OpenBSDs EuroBSDCon 2014 Papers Online

 OpenBSD 5.6 Pre-Orders Available

OpenBSD 5.6 CD sets are available for pre-order
Be the first kid on your block to serve up man pages in a brand-spanking-new httpd(8)!

The Daemon's Apprentice | BSD Now 57 

We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD.

FreeBSD Foundation and Cavium Inc. Collaborate on FreeBSD ARMv8 Based Implementation 

The FreeBSD Foundation is pleased to announce a collaboration with Cavium Inc. to  develop and deliver the first ARMv8 reference design and implementation of the FreeBSD Operating System based on the ThunderX™ workload optimized processor family.  Find out more at here

Code stuff
EuroBSDCon and ARM
UDP improvements
DragonFlyBSD Powersaving tips 
mksh R50c released, security fix 
In Other BSDs for 2014/10/04

Interesting Articles
bsdtalk245 - Looking for a new /home 

Introducing ASLR In FreeBSD 
Installing MySQL on FreeBSD 
Installing tomcat7 on FreeBSD 
A Sneak Peek at the Upcoming OpenBSD 5.6 Release
NetBSD developer summit at EuroBSDCon 2014 in Sofia 
Package building without sudo (part 2) 
Unix: The aftershock of shellshock

Monday, October 6, 2014

[BSDSec.net] Adding new stuff, please comment

Hey guys, I need some input. 

Today I am adding pfSense and MidnightBSD, as they have security announces mailing lists.

I was looking on another ones (m0n0wall, PC-BSD, freeNAS, nas4free, BSD router, etc...) as well. They do not have security advisories lists, but they have 'regular' announces (releases etc).

So I need input: should I include them as well? Do you want to see them in BSDSec? 

For example BSD Router does not have security advisories, they rather have new releases when there is some important thing to do. Others the similar logic, I guess.

Let me know ;]