Tuesday, March 3, 2015

BSD News 02/03/2015

Last week in BSD
Releases: OPNsense
Other news: DragonFly BSD, BSDSec, SCALE, pfSense, OpenBSD, ZFS, m0n0wall, BSDTalk

FreeBSD Security Advisory FreeBSD-SA-15:05.bind
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp 


OPNsense version Released 
OPNsense version 15.1.7 Released 

Change Log
  • Don’t clobber user and group settings when running opnsense-update. Caused e.g. dhcpd to refuse operation.
  • Fix a regression that would prevent e.g. sshd from starting.
  • Install opnsense-update by default.

This is the official change log for 15.1.7:
  • Merged the latest FreeBSD 10.1-p6 patches:
    • —Fix integer overflow in IGMP protocol. (SA-15:04)
      —Fix vt(4) crash with improper ioctl parameters. (EN-15:01)
      —Updated base system OpenSSL to 1.0.1l. (EN-15:02)
      —Fix freebsd-update libraries update ordering issue. (EN-15:03)
  • Disabled OpenSSH’s High Performance SSH/SCP and None-Cipher extensions to follow up on several security-related discussions.
  • Switched from a heavy Bind installation to a lightweight one to reduce attack surface.
  • Removed and replaced the legacy `check_reload_status’ daemon with a Python-based rewrite.
  • Fixed the auto-login console lockout regression introduced in
  • Fixed a problem associated with OpenVPN not being able to read passwords from files.
  • Notable ports upgrades: bind-tools 9.10.2, strongswan 5.2.2_1, curl 7.41 plus our LibreSSL fixes for mpd4/mpd5/libpdel.
  • Removed PHP-FPM remnants from IPv6 and OpenVPN scripts.
  • Fixed several OpenSSL invokes to use the latest port version as opposed to the base version.
  • Improved memory/disc/swap usage on the dashboard.
  • Properly set DNS Resolver Advanced defaults.
  • Fixed append of custom Unbound scrips.
  • Modified the root menu shell to pass through to a real shell when arguments are given.
  • Zapped the spurious “Array” prefix in user-defined aliases.
  • Moved the bogons files fetch location to a local mirror.
  • The core.git development boot hook has been improved to properly include /usr/local/etc/rc changes.
  • All of our packages are now annotated as coming from our mirror as well as additional safeguards potentially allowing you to use additional FreeBSD packages on top of OPNsense.

Other news 

Final message - mailing list and forum frozen

As announced earlier, the m0n0wall mailing list and forum are now frozen. This is the final message, and I would like to take the opportunity to thank all those who have sent me emails with kind words and expressions of gratitude. They were too numerous for me to reply to individually, but they were all very much appreciated!
There have been some questions on what the way forward is for current m0n0wall users. If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall.
For a more feature-rich alternative that is still based on FreeBSD and has the same roots, both pfSense and OPNsense (which is a fork of the former) are excellent choices. They have higher hardware requirements than m0n0wall, but on the other hand, a lot of new embedded hardware has recently become available, with 2 GB or more of memory and 1 GHz or faster CPUs, at a similar price as earlier platforms. It makes sense (pun intended) to use these additional resources - something that m0n0wall hasn't been particularly good at in recent times. Just keep that in mind for your next hardware upgrade.

DragonFly GUI resurrected 

Michael Neumann has switched out pkgsrc packages for dpkg packages for building DragonFly with a GUI.  There’s no built image to download right now, but I’m optimistic the next release will have it.  You can build it now on a DragonFly system using src/nrelease.  With all this video work going in lately, it will give us something to show.

OpenBSD Foundation 2014/2015 News & Fundraising

Ken Westerback (krw@) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:
2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.
A detailed summary of the Foundation's activities in 2014 can be seen at
But here are some highpoints.

From the Foundation (Part 2) | BSD Now 78 

This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD.

bsdtalk251 - Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon 

 A talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon

File info: 47Min, 22MB

Ogg link: https://archive.org/download/bsdtalk251/bsdtalk251.ogg

Code stuff
Radeon updates, too 
Did you upgrade DragonFly on the 25th? 
 In Other BSDs for 2015/02/28 

Interesting articles
SCALE 13x Trip Report: Michael Dexter 
SCALE 2015 Recap 
Further (a roadmap for pfSense)   
FreeBSD From the Trenches: ZFS, and How to Make a Foot Cannon 

Wallpaper of the week

as fount at http://technology.desktopnexus.com/wallpaper/845709/

Thursday, February 26, 2015

DiscoverBSD, BSDSec and what's going on...


You might have noticed that I've been playing with style of DiscoverBSD. The reason is that I wanna make a new theme. Was almost there but need some time fix this and that, so... Going to old one for some time.

About BSDSec
- there will be some changes, well, changes.

I was hosting app on Ninefold but they are sunsetting theirs Rails hosting so I am moving it to Heroku.

Why Heroku?
It's free.  I don't have money for paid services. So let's see how it will work. Might get a bit more slowly. 100% sure.


Tuesday, February 24, 2015

BSD News 23/02/2015

Last week in BSD
OPNsense, pfSense, m0n0wall, HardenedBSD, Lumina Desktop, BSDnow, NetBSD, s2k15, DragonFly BSD

 there seems to be none, let me know if I am wrong

Other news

Request For Testing: OPNsense on FreeBSD 10.1   

As most of you know FreeBSD 10.0 is approaching End Of Life at the end of this month. OPNsense is still based on FreeBSD 10.0, but the necessary custom patches have been forward-ported to FreeBSD 10.1 in the past week. We would love to push out our next stable release 15.1.6 on top of FreeBSD 10.1 including a new feature for base system upgrades which is one of our current weak points for delivering quick and easy security updates for your running installations.
In order to ship FreeBSD 10.1 we ask you to participate in this request for testing by trying the following snapshot for amd64:
i386 snapshots can be produced based on demand.
Please let us know how the snapshot works for you (bad *and* good) right here in this thread, or use one of the following alternatives.
#opnsense on Freenode IRC
[email protected]

End of the m0n0wall project 

After 12 years, the m0n0wall project has officially ended. No development will be done anymore, and there will be no further releases. 

 Lumina Desktop 0.8.2 Released!

The next version of the Lumina desktop environment has just been released! Version 0.8.2 is mainly a “spit-and-polish” release: focusing on bugfixes, overall appearances, and interface layout/design. The FreeBSD port has already been updated to the new version, and the PC-BSD “Edge” repository will be making the new version available within the next day or two (packages building now). If you are creating/distributing your own packages, you can find the source code for this release in the “qt5/0.8.2″ branch in the Lumina repository on GitHub.
The major difference that people will notice is that the themes/colors distributed with the desktop have been greatly improved, and I have included a few examples below. The full details about the changes in this release are listed at the bottom of the announcement.
Reminder: The Lumina desktop environment is still considered to be “beta-quality”, so if you find things that either don’t work or don’t work well, please report them on the PC-BSD bug tracker so that they can get fixed as soon as possible.

Noah's L2ARC | BSD Now 77   

 This week on the show, we'll be chatting with Alex Reece and Matt Ahrens about what's new in the world of OpenZFS. After that, we're starting a new tutorial series on submitting your first patch. All the latest BSD news and answers to your emails, coming up on BSD Now - the place to B.. SD.

Code stuff
HEADS UP: pkg will eat itself  
s2k15 Hackathon Report: mpi@ on network stack SMP
s2k15 Hackathon Report: krw@ on improvements in dhclient(8), fdisk(8) and more
FreeBSD Random Number Generator Vulnerability and HardenedBSD
memtemp(4) update
In Other BSDs for 2015/02/21 
FreeBSD on the POWER8: it’s alive! 

Interesting articles
pfSense Donations
Find Out Why TrueNAS Is Replacing NetApp & EMC Every Day
Regular test runs down to zero unexpected failures on multiple architectures

Wallpaper of the week
this wallpaper was found in FreeBSD forums


Tuesday, February 17, 2015

BSD News 16/02/2015

Last week in BSD
Releases: OPNsense, PC-BSD
News: OpenBSD, PC-BSD, DragonFly BSD, OPNsense, freeNAS, HardenedBSD, s2k15, BSDNow


OPNsense version 15.1.5 Released 

Here is the full list of changes:
  • Removed a spurious user-agent check to restore mobile device support.
  • Fixed pop-up window handling for LDAP configuration.
  • Fixed several minor GUI bugs in firewall rules and system pages.
  • Grab the correct OpenSSL from the system for encrypting/decrypting the configuration files.
  • Message of the day now shows the correct system version.
  • Fixed sorting and button for deleting selected rules in NAT pages.
  • Notable ports updates: pkg 1.4.10, gettext 0.19.4, libzmq 4.0.5, ntp 4.2.8p1, ca_root_nss 3.17.4, libsodium 1.0.2
  • Groundwork on the MVC-based GUI replacement including examples. This does not affect the current GUI.
All upgrade methods are viable. The images can be found here:


The PC-BSD project is pleased to announce the availability of our first
images based upon FreeBSD 11.0-CURRENT!
WARNING: These images are considered “bleeding-edge” and should be
treated as such.
The DVD/USB ISO files can now be downloaded from the following URL:
We hope to continue rolling these –CURRENT images as a way for testers
and developers to tryout both FreeBSD and PC-BSD bleeding edge features,
often months before a planned release. These images include a full PKG
repository compiled for that months image. Users of this system will
also be able to “upgrade” when the next monthly image is published.

Other news

Time for a Change | BSD Now 76

This week, we'll be talking to Henning Brauer about OpenNTPD and its recently revived portable version. After that, we'll be discussing different ways to securely tunnel your traffic: specifically OpenVPN, IPSEC, SSH and Tor. All that and the latest news, coming up on BSD Now - the place to B.. SD.

Code stuff
s2k15: Authenticated TLS 'constraints' in ntpd(8) 
s2k15: the stack overflow that wasn't 
em(4), emx(4) updates 
GCC 5 Arrives 
More gcc 5 details 
In Other BSDs for 2015/02/14 
secadm 0.1 Released

Interesting articles
PC-BSD Featured on itwire.com 
A Complete Guide to FreeNAS Hardware Design, Part III: Pools, Performance, and Cache 
A Complete Guide to FreeNAS Hardware Design, Part IV: Network Notes & Conclusion

Monday, February 9, 2015

BSD News 09/02/2015

Last week in BSD
Releases: OPNsense, PC-BSD
Other news:  BSDSec, FreeBSD, pkg, DragonFly BSD, freeNAS, HardenedBSD, s2k15, OpenBSD


Reminder: FreeBSD 10.0 end-of-life approaching  
Changes to the FreeBSD Support Model  !!!


OPNsense version 15.1.4 Released 

It has been quite calm on the ports side of things, but there have been many commits in the core adding up to an incentive to upgrade as soon as possible. And, yes, there are patches addressing CVEs in FreeBSD. Here is the change log:
* FreeBSD-SA-15:02.kmem — CVE-2014-8612 — https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
* FreeBSD-SA-15:03.sctp — CVE-2014-8613 — https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc
* time zone data updated to 2015a — http://mm.icann.org/pipermail/tz-announce/2015-January/000028.html
* sshd now uses the correct OpenSSH version
* fixed SSL certificate generation issue
* interfaces, unbound, certificates and NAT GUI fixes
* captive portal voucher key regeneration and OpenSSL usage fixed
The images can be found here: https://sourceforge.net/projects/opnsense/files/15.1.4/
The advised upgrade method is to boot from install media, recover your device configuration using the import configuration option, then do a quick/easy install (or a custom one if you did that previously).
Please note that the current firmware upgrade does *not* update the kernel and base system to fix the FreeBSD security advisories.

PC-BSD 10.1.1-Release  

notable Changes
* Brand new system updater which supports automatic background updating
of the system
* Many improvements to boot-environments and GRUB support for a wider
variety of setups
* Support for installation to a specific GPT partition and GPT
dual-booting improvements
* Conversion to Qt5 for all desktop utilities
* Fixes to using dtrace when booted from GRUB
* Re-write of Mount Tray utility, improves mounting of external media
* Support for full-disk encryption (without an unencrypted /boot) using
* More packages available for installation from DVD/USB/CD images via
“PC-BSD roles“
* New OVA files for virtual machines
* Misc bugfixes and improvements to utilities
* GNOME 3.14.1
* Cinnamon 2.4.2
* Lumina desktop 0.8.1
* Chromium 39.0.2171.95
* Firefox 35.0
* NVIDIA Driver 340.65
* Pkg 1.4.4
Getting media
10.1.1-RELEASE DVD/USB media can be downloaded from the following URL via
HTTP or Torrent.


 From the Foundation (Part 1) | BSD Now 75 

This week on the show, we'll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we'll talk about what all they've been up to lately. All this week's news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD.  

Encryption and Signing of HardenedBSD's main site and package repository 

Word got out that we didn't support SSL/TLS on our site due to lack of funding. A couple companies reached out to us to offer us free SSL/TLS certificates. Thanks to DigiCert, as of today, HardenedBSD's main site and package repository is now running SSL/TLS! We will update our Jenkins server with SSL/TLS over the next week. We've also started signing all the release media in our nightly builds with a GPG key created for the dev team. The GPG key's Key ID is 4BB5228E and its fingerprint is 2FB0 10E7 4676 C06C 23C5 7687 E57D 5B65 4BB5 228E.

Code stuff
More i915 upgrades
Many wireless updates 
Removal of ChaCha20 Import 
DragonFly and Git 
In Other BSDs for 2015/02/07 
Update to the i915 kernel driver 
On the OpenCL front 

Interesting articles
A Complete Guide to FreeNAS Hardware Design, Part I: Purpose and Best Practices  
A Complete Guide to FreeNAS Hardware Design, Part II: Hardware Specifics
pkg(8) passes coverity scans 
Why ZIL Size Matters (or Doesn't) 
s2k15: warming up