Other news: DragonFly BSD, BSDSec, SCALE, pfSense, OpenBSD, ZFS, m0n0wall, BSDTalk
FreeBSD Security Advisory FreeBSD-SA-15:05.bind
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp
OPNsense version 22.214.171.124 Released
OPNsense version 15.1.7 Released
Change Log 126.96.36.199:
- Don’t clobber user and group settings when running opnsense-update. Caused e.g. dhcpd to refuse operation.
- Fix a regression that would prevent e.g. sshd from starting.
- Install opnsense-update by default.
This is the official change log for 15.1.7:
- Merged the latest FreeBSD 10.1-p6 patches:
- Disabled OpenSSH’s High Performance SSH/SCP and None-Cipher extensions to follow up on several security-related discussions.
- Switched from a heavy Bind installation to a lightweight one to reduce attack surface.
- Removed and replaced the legacy `check_reload_status’ daemon with a Python-based rewrite.
- Fixed the auto-login console lockout regression introduced in 188.8.131.52.
- Fixed a problem associated with OpenVPN not being able to read passwords from files.
- Notable ports upgrades: bind-tools 9.10.2, strongswan 5.2.2_1, curl 7.41 plus our LibreSSL fixes for mpd4/mpd5/libpdel.
- Removed PHP-FPM remnants from IPv6 and OpenVPN scripts.
- Fixed several OpenSSL invokes to use the latest port version as opposed to the base version.
- Improved memory/disc/swap usage on the dashboard.
- Properly set DNS Resolver Advanced defaults.
- Fixed append of custom Unbound scrips.
- Modified the root menu shell to pass through to a real shell when arguments are given.
- Zapped the spurious “Array” prefix in user-defined aliases.
- Moved the bogons files fetch location to a local mirror.
- The core.git development boot hook has been improved to properly include /usr/local/etc/rc changes.
- All of our packages are now annotated as coming from our mirror as well as additional safeguards potentially allowing you to use additional FreeBSD packages on top of OPNsense.
- —Fix integer overflow in IGMP protocol. (SA-15:04)
- —Fix vt(4) crash with improper ioctl parameters. (EN-15:01)
- —Updated base system OpenSSL to 1.0.1l. (EN-15:02)
- —Fix freebsd-update libraries update ordering issue. (EN-15:03)
Final message - mailing list and forum frozen
As announced earlier, the m0n0wall mailing list and forum are now frozen. This is the final message, and I would like to take the opportunity to thank all those who have sent me emails with kind words and expressions of gratitude. They were too numerous for me to reply to individually, but they were all very much appreciated!
There have been some questions on what the way forward is for current m0n0wall users. If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall.
For a more feature-rich alternative that is still based on FreeBSD and has the same roots, both pfSense and OPNsense (which is a fork of the former) are excellent choices. They have higher hardware requirements than m0n0wall, but on the other hand, a lot of new embedded hardware has recently become available, with 2 GB or more of memory and 1 GHz or faster CPUs, at a similar price as earlier platforms. It makes sense (pun intended) to use these additional resources - something that m0n0wall hasn't been particularly good at in recent times. Just keep that in mind for your next hardware upgrade.
DragonFly GUI resurrected
Michael Neumann has switched out pkgsrc packages for dpkg packages for building DragonFly with a GUI. There’s no built image to download right now, but I’m optimistic the next release will have it. You can build it now on a DragonFly system using src/nrelease. With all this video work going in lately, it will give us something to show.
OpenBSD Foundation 2014/2015 News & Fundraising
Ken Westerback (krw@) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:
2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.Read more...
A detailed summary of the Foundation's activities in 2014 can be seen at
But here are some highpoints.
From the Foundation (Part 2) | BSD Now 78
bsdtalk251 - Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon
A talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon
File info: 47Min, 22MB
Ogg link: https://archive.org/download/bsdtalk251/bsdtalk251.ogg
Radeon updates, too
Did you upgrade DragonFly on the 25th?
In Other BSDs for 2015/02/28
SCALE 13x Trip Report: Michael Dexter
SCALE 2015 Recap
Further (a roadmap for pfSense)
FreeBSD From the Trenches: ZFS, and How to Make a Foot Cannon
Wallpaper of the week
as fount at http://technology.desktopnexus.com/wallpaper/845709/