BSD News 25/07/2016

BSD News 25/07/2016

Last week in BSD

Releases: pfSense, FreeBSD, PacBSD, DragonFlyBSD
Other news: NetBSD, BSDnow, PC-BSD, Lumina Desktop, DragonFlyBSD, n2k16, BSDSec,


BSDSec


Releases

pfSense 2.3.2-RELEASE Now Available!


We are happy to announce the release of pfSense® software version 2.3.2!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.
This release includes fixes for 60 bugs, 8 features and 2 todo items completed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.


FreeBSD 11.0-BETA2

The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary of changes since 11.0-BETA1 includes: several build- and toolchain-related fixes; WITNESS and INVARIANTS have been disabled on powerpc, powerpc64, arm and armv6 architectures; freebsd-update(8) has been updated to allow '*-dbg' distribution sets; ctld(8) no longer exits when reloading the configuration with invalid initiator-portal clauses; GENERIC-NODEBUG kernel configurations have been removed; the callout code has been updated to avoid a system panic with TCP timers; several other changes." See also the (incomplete) release notes which are still work-in-progress. Quick links to download the amd64 and i386 installation DVD images: FreeBSD-11.0-BETA2-amd64-dvd1.iso (2,479MB, SHA512), FreeBSD-11.0-BETA2-i386-dvd1.iso (2,203MB, SHA512).

New PacBSD ISO Available

A new iso is available for testing for 64bit. Currently there are two install media, one for DVD/CD and one for USB devices. Be sure to select the right media. Dot img for usb and dot iso for CD/DVD.
Download is available here
Currently the main packages available for testing are: LXDE, chromium, Xorg, wine, transmission and a few Window Managers. New Packages are added daily and more DE should be available in a few days.
xfce4, firefox and vlc will be next uploaded. Though there are multiple PKGBUILD for these already available at
Github
Also you can view daily reports of the repository, which includes broken packages, packages which fail to pull in dependencies, outdated packages (Checked against freebsd ports) and other information:
Repository Report
Installation help can be found at:
ZFS Install Guide
If You need additional help, feel free to join irc.freenode.net ‪#‎pacbsd‬-dev as this is quite active. All new uploaded packages, git commits, repository reports are posted here daily.
One more note, any issues can be reported to us directly on #pacbsd-dev on IRC, or on our bug tracker.
Bug Tracker

DragonFly 4.6 release candidate 2 available

DragonFly 4.6 release candidate 2 has been tagged.  You can pull it directly from the master site in img or iso form (check your local mirror instead if possible), or shift to the new tag.
“Where is RC1?” you may ask?  I tagged the first release candidate some days ago, and this bug was immediately found right after.  It was easier to go right to RC2 once a fix was found.
This candidate will probably lead directly to a release version, so if you want to run the release version exactly, wait a few days.

News

New Security Advisory: NetBSD-SA2016-006 (mail.local)

A new security advisory was published:
You can find more information about them on the Security and NetBSD page.

Fuzzy Auditing | BSD Now 151

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved ‘C’ client for LetsEncrypt, an interview with Dru Lavigne and more! Stick around for your place to B...SD!

Code stuff


Interesting articles


BSD News 18/07/2016

BSD News 18/07/2016

Last week in BSD

Releases: HardenedBSD, SoloBSD, OPNsense, 
Other news: BSDsec, DragonFly BSD, pfSense, BSDnow

BSDSec


Releases

OPNsense 16.7-RC2 released

16.7-RC2 is here and brings major additions to amd64 architectures: Intel’s Hyperscan library to speed up Suricata rule matching and UEFI boot support! It also brings language packs to their correct 16.7 state, with Japanese already having been completed by the amazing Chie Taguchi. The mirrors have been expanded to allow trackers of -stable or -devel packages to upgrade to the release candidate. Users of LibreSSL wanting to upgrade can now switch to OpenSSL instead of seeing upgrade errors until LibreSSL becomes available again and their systems move back to LibreSSL automatically.
Otherwise, only minor issues have been reported and fixed. This likely means there will not be another release candidate.
New images are available from all known mirrors with all checksums listed after this announcement:
https://opnsense.org/download/
 

New stable release: HardenedBSD-stable 10-STABLE v46.5

HardenedBSD-10-STABLE-v46.5 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
security updates for: expat, libarchive, file, coverity related fixes
bigger updates for: hyper-v, zfs

SoloBSD 10.3-STABLE-v46.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.5
Changelog v46.5
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.
You can grab it from Here. (48.4 Mb)
 root password: solobsd

News

Any Mono/DragonFly users out there?

This is a specialized use case, but Mono 4.x has some issues on DragonFly.  Some minor testing has been done, but if you are already using it, please contribute.

pfSense moves to Apache License

With the pending departure of Chris Buechler, we wanted to find a way to express to the community our continued commitment to keep pfSense® software open source.
As such, pfSense is moving to the Apache License 2.0  in order to align the goals of the project with other (unannounced) offerings from Netgate.  The Apache License 2.0 is a permissive license similar to the MIT License. The main conditions of this license require preservation of copyright and license notices.
Where the 2-Clause and 3-Clause BSD licenses provides no direct language around the areas of copyright, patents and trademarks, the Apache License does. The Apache License is very clear that individual contributors grant copyright license to anyone who receives the code, that their contribution is free from patent encumbrances (and if it is not, that they license that patent to anyone who receives the code,) and that use of Trademarks extends only as far as is necessary to use the product.  As a reminder, only genuine pfSense software can bear the registered trademark of pfSense. It also includes a patent termination clause, should a lawsuit arise.
The Apache License 2.0 is the third most popular license on github. Android, Apache, Chef, DockerOpenStackSalt Stack, and Swift use the Apache License 2.0.
Now pfSense does as well.

Sprinkle A Little BSD Into Your Life | BSD Now 150

Today on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it… That runs FreeBSD!
That plus news & of course your feedback, keep it tuned to BSD Now, the place to B...SD!

UEFI booting and manual installation


karu.pruun shares a story of manually installing DragonFly on a UEFI-booting machine.  In this case, it’s a Macbook, though there’s other non-fruit UEFI machines out there?

Code stuff


Interesting articles


BSDNews 11/07/2016

BSDNews 11/07/2016

Last 2 weeks in BSD

Releases: OPNsense
Other news: BSDSec, FreeBSD, EuroBSDCon, Lumina Desktop, DragonFly BSD, BSDnow, HardenedBSD, LibreSSL, Hammer2, NetBSD

BSDSec


Releases

OPNsense 16.1.18 released

  • system: properly run fsck on boot if needed
  • system: new Cron page and API now available for general use
  • system: QR codes are now generated locally in the browser (contributed by Fabian Franz)
  • system: harden serial config write against power failures
  • system: allow serial config to attach to all available ttys
  • system: added missing ACL entry for LDAP user import page
  • system: reworked log page layout and dependencies
  • firmware: detach / reattach support for upgrade page
  • firmware: mirror and flavour selection moved to respective page
  • interfaces: improvements for 4G devices (sponsored by OSNet.eu[1])
  • interfaces: debug mode and logging for rtsold in DHCPv6 mode
  • dhcp: separate pages for router advertisements and service control
  • dhcp: IPv6 server as a stand-alone process for service control
  • dhcp: fixed and improved writing of dynamic DNSconfiguration
  • ports: python 2.7.11_3[2], unbound 1.5.9[3], curl 7.49.1[4], openssl 1.0.2_14[5], sudo 1.8.17p1[6], php 5.6.23[7], pcre 8.39[8], haproxy 1.6.6[9]
  • src: tzdata updated to 2016e[10]
  • src: fix pf fragement timeout[11]


News

Lumina 1.0.0 sources frozen

The source tree for the Lumina desktop has just been soft-frozen in preparation for the upcoming release of version 1.0.0 in mid-August (tentatively targeting August 8th for final reviews/checks).
This means that all interface elements (GUI’s, widgets, etc) as well as any text which requires translation may no longer be changed without approval from both Ken Moore and the documentation team (basically only things like bug fixes or spelling errors).
This is now the time to go through and perform any translations of the Lumina desktop in preparation for the release. You can see the current translation progress and help perform translations on the PC-BSD translations website.
We have also created a new tarball of the Lumina source tree on github (v1.0.0-Beta2) so that package distributors have time to audit their current build systems and ensure that the Lumina files/binaries are being packaged properly (please report any packaging issues ASAP so that we can adjust things as necessary). This is very important as a few binary names and install locations for files have changed, and some optional dependencies have changed as well (“compton” may be used instead of “xcompmgr” for example).

Kisumu digital library and DragonFly

There’s a new digital library in Kisumu, Kenya – and it’s running DragonFly for file storage.

The place to B... A Robot! | BSD Now 148

This week on the show, Allan & I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive a Robot! You won’t want to miss this one. That plus all the latest news, heading your way right now!

A Wild Dexter Appears! | BSD Now 149

Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus the latest news is heading your way right now on BSDNow, the place to B….SD!

A single function for creating a new port

In my two previous posts I talked about creating a new port and copying a port from head to a branch. The goal of this post is the creation of a new function: CreatePortOnBranch($category_name, $port_name, $CommitBranch) The failed start I started out with this stored procedure: Running it gave this message: # select CreatePort('sysutils', 'bacula-server', [...]

LibreSSL Package Repo

We are pleased to announce the availability of the LibreSSL package repo for 11-CURRENT/amd64. This repo is based off of the LibreSSL-in-base branch (hardened/current/master-libressl) that Bernard Spil has been working on. Going forward, along with providing binary updates for that branch via hbsd-update(8), we will also provide binary packages. We will also provide binary packages soon for the LibreSSL 10-STABLE branch (hardened/10-stable/master-libressl). Having both the feature branches along with package repos will allow us to investigate making LibreSSL the standard in HardenedBSD.
We would like to thank Bernard Spil for his continuous hard work. We're glad to have him on the team. Thanks to him, HardenedBSD is the first downstream FreeBSD project to have both LibreSSL in base along with a package repo that matches.

Code stuff


Interesting articles


BSD News 27/06/2016

BSD News 27/06/2016

Last week in BSD

Releases: seems to be none
Other news: BSDSec, BSDnow, ubuntuBSD, DragonFly BSD, OpenBSD, Google Summer of Code,


BSDSec


Releases

seems to be none

News

Release all the things! | BSD Now 147

On this episode of BSDNow, we will be talking to Glen Barber & Peter Wemm of the FreeBSD RE and Cluster Admin teams! That plus our re-cap of BSDCan and the latest news, all on your place to B...SD!
View attached file (646 MB, video/mp4)

ubuntuBSD 16.04 to feature a combo of BusyBox and OpenRC, no systemd

For those interested in the latest developments of ubuntuBSD, the developer mentions that the official release will come bundled with BusyBox and OpenRC, sans systemd. You can try out the BETA version from their website. In a series of tweets, ubuntuBSD project leader Jon Boden has announced a few of the technical features coming to […]

HEADS UP: world reneeds rebuilding

If you are running DragonFly 4.5 (i.e. bleeding edge), Sepherosa Ziehau made an ifnet change that will require a full buildkernel/world if you want things like netstat to keep working.
 

Code stuff

 

Interesting articles


BSDNews 20/06/2016

BSDNews 20/06/2016

Last week in BSD

Releases: BSDSec, pfSense,
Other news:pfSense, OPNsense, HardenedBSD, BSDCan, BSDnow, FreshPorts, DragonflyBSD


BSDSec

 [Security-announce] pfSense-SA-16_08.webgui 
 [Security-announce] pfSense-SA-16_07.webgui 
 [Security-announce] pfSense-SA-16_06.squid 

Releases 

GhostBSD 10.3 BETA1 is ready for testing

This first BETA development release is ready for testing and debugging new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.

OPNsense 16.1.17 released


Today we offer complementary improvements and fixes to your swinging installation in the hopes that they will make your daily experience even better, rounded off with a pinch of SSL crypto updates.
In other news, we are getting ready for a first 16.7 release candidate after having finished the full work on the FreeBSD 10.3 base system including the addition of HardenedBSD’s ASLR. More on this next week.

Here is the change log for 16.1.17:
  • ports: isc-dhcp-server 4.3.4[1], syslogd 10.3, libressl 2.3.6[2], openssl 1.0.2_13[3]
  • system: fix OTP QR code link to amend the first request
  • system: allow to override TRIM apply at boot time via /etc/fstab[4]
  • dashboard: fix OpenVPN test data display
  • dashboard: gateway widget style updated
  • interfaces: allow debug option for dhcp6 client
  • interfaces: allow to delete WAN as well
  • interfaces: properly restart the respective proxy ARP daemon
  • firewall: fixed HTML errors in NAT edit page
  • services: fixed unbound custom option handling
  • services: allow RA send behaviour to be configured
  • services: show correct dynamic DNS type when editing an existing entry
  • openvpn: bring back authentication method selector
  • openvpn: create interfaces at boot time and even when disabled
  • power: separate menu for power off and reboot functions
  • intrusion detection: allow to drop/reset log files
  • plugins: can now create local logging sockets for chroot environments
  • plugins: new HAProxy version 1.3 with assorted fixes (contributed by Frank Wall and Manus Freedom)
  • lang: major updates for Russian (contributed by Smart-Soft Ltd.)
  • lang: assorted translation fixes (contributed by Fabian Franz)
  • lang: minor updates to Chinese, German and French

 

pfSense 2.3.1 Update 5 Available

2.3.1 Update 5 (2.3.1_5) is now available. Note that updates 2 through 4 were internal-only. This includes two security fixes to the web GUI, and 7 other bug fixes. The 2.3.1-RELEASE change list has been updated with an Update 5 section specifying the changes.
This update will reboot the system after installing.

New stable version: HardenedBSD-stable 10-STABLE v46.4

HardenedBSD-10-STABLE-v46.4 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
* libarchive updates
* hbsd-update updates
* coverity fixes
* sfxge updates
* hyperv updates


News 

BSDCan 2016 Presentations Online

The BSDCan 2016 conference in Ottawa has just concluded, with a number of OpenBSD-themed talks. These are the talks by OpenBSD developers: Reyk Flöter: An OpenFlow implementation for OpenBSD - Introducing switchd(8) and more about SDN (slides)
Henning Brauer: Running an ISP on OpenBSD - Why OpenBSD and several uncommon uses of it (slides)
Peter Hessler: Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD. Or: A new protocol actually did improve our routing. (slides)
Mike Belopuhov: Implementation of Xen PVHVM drivers in OpenBSD (slides)
Antoine Jacoutot: OpenBSD rc.d(8) (slides)
Sebastian Benoit: Opensource Routing - Running an enterprise network on OpenBSD (slides)
In addition, two OpenBSD-centric tutorials were offered by people who are not themselves OpenBSD developers:
Peter Hansteen: Building The Network You Need With PF, The OpenBSD Packet Filter (slides)
Aaron Poffenberger: OpenSMTPD for the Real World (slides)

Music to Beastie’s ears | BSD Now 146

Kris is on vacation this week, so allan flies solo, provides a recap of BSDCan & covers a boatload of news including Microsoft providing support & SLAs for BSD, how terrible select() may be, an interview with Hans Petter Selasky about designing the USB drivers for FreeBSD & more!
View attached file (412 MB, video/mp4)

Quarterly branches are available

This afternoon, Bert JW Regeer wished that FreshPorts “would show information from the quarterly branches too…”. I knew I had done some work on this and that there was a way to display branch information. I check the source code and found the ?branch= parameter, but there was nothing in the database for this branch. [...]
 

Code stuff 


Interesting articles