BSD News 29/08/2016

BSD News 29/08/2016

Last week in BSD

Releases: FreeBSD, pfSense
Other news: BSDNow, OpenBSD


BSDSec

there seems to be none SA

Releases

FreeBSD 11.0-RC2 Available

The second RC build for the FreeBSD 11.0 release cycle is now available. ISO images for the amd64, armv6, i386, aarch64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

2.4 pre-alpha snapshots now available.

pfSense® software version 2.4 pre-alpha snapshots are now available.
pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.
More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  Simultaneously, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:
There appears to be a bug in pf (likely due to the interaction of one of our patches).  This only manifests under high usage.
New features and changes are listed here.
Full change list:
source and build tools
ports
FreeBSD source
Outstanding bugs/features/todo items:
Everything else
We advise that you do not use this on a production system yet. If you have the time and interest, we encourage you to try this on a scratch system or VM and provide feedback for any issues you find.

News

The Fresh BSD experience | BSD Now 156

This week on BSDNow, Allan is back from his UK trip & we’ll get to hear his thoughts on the developer summit. That plus all the latest news & an interview with Drew Gurkowski discussing tutorial writing for FreeBSD. Keep it tuned to your place to B...SD!

Code stuff

BSD News 22/08/2016

BSD News 22/08/2016

Last week in BSD

Releases: OPNsense, HardenedBSD
Other news:HardenedBSD, BSDnow, NetBSD, DragonFly BSD, FreeBSD,

BSDSec

seems to be none warnings

Releases

OPNsense 16.7.2 released

  • src: revert fix ICMP translation in pf
  • src: better handle unknown options received from a DHCP server
  • src: void using spin locks for channel message locks
  • src: enable INQUIRY result check only on Windows 10 host systems
  • src: register time counter early enough for TSC freq calibration
  • src: disable incorrect callout in hv_storvsc(4)
  • src: better handle the GPADL setup failure in Hyper-V
  • src: fix SCSI INQUIRY checks and error handling
  • ports: lighttpd 1.4.41, strongswan 5.5.0, curl 7.50.1
  • ports: ca_root_nss 3.26, openssh 7.3p1
  • ports: enabled LDAP SASL bindings
  • system: remove source maps to prevent further Chrome breakage during API calls
  • system: switch to individual registration of PHP extensions
  • system: added UO field to CSR
  • interfaces: properly remove PPPoE server from list of firewall interfaces when deactivated
  • interfaces: extended logging for 4G modems
  • interfaces: correct download of large packet captures
  • interfaces: add lacp_fast_timeout flag support for LAGG
  • interfaces: fix clearing the DHCP config file when override file is gone
  • interfaces: improve dmesg probe on interface listing (contributed by Per von Zweigbergk)
  • firewall: double-check file availability after alias URL download
  • services: corrected DNS forwarder settings save in mobile layout
  • dashboard: fix gateway widget status text update
  • plugins: corrected firewall interface usage for multi-point VPNs
  • vpn: removed the stale OpenVPN windows installer binaries
  • vpn: default to IPsec main mode
  • lang: assorted translation fixes (contributed by Fabian Franz and Antonio Prado)
  • lang: translation updates for Chinese, French, German and Japanese


New stable version: HardenedBSD-stable 10-STABLE v46.9

HardenedBSD-10-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Oliver Pinter (2):
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit - part 2.
Shawn Webb (1):
HBSD: Temporarily disable PIE with the stdlib ATF tests.

News

Cabling up FreeBSD | BSD Now 155

This week on BSDNow, Allan is away in the UK for BSDCam, but we still have a full episode for you! Don’t miss our interview with Myke Geiger talking about using FreeBSD in the ISP environment & the latest news, here on your place to B...SD!

Code stuff


Interesting articles


BSD News 15/08/2016

BSD News 15/08/2016

Last week in BSD

Releases: GhostBSD
Other news: OPNsense, HardenedBSD, OpenBSD, Linux, BSDnow, n2k16, Wallpaper, DragonFlyBSD

BSDSec



Releases

GhostBSD 10.3 RC1 is ready for testing

This first RC release is ready for testing new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.
Language Undefined

News

New Core Team Member

The OPNsense project is growing rapidly and it’s with great pleasure that the OPNsense core team may announce that our team will be strengthened with Shawn Webb. Shawn has already  been doing lots of great work and his formal membership is seen as a logical step forward by all of us.
Shawn Webb Over the past year, I have had the wonderful experience of working with the OPNsense core team in porting over HardenedBSD’s robust ASLR
implementation. It is with pleasure and humility that I have accepted their invitation to join the core team. My overarching goal will be to port the main features of HardenedBSD to OPNsense.
Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology that aims to make certain kinds of vulnerabilities
harder to successfully exploit. In order to fully apply ASLR, applications must be compiled as a Position-Independent Executable (PIE). In the short term, my next goal is to enable PIE fully across OPNsense’s ports tree. I’m using HardenedBSD’s ports tree and package building infrastructure as a test bed prior to importing into OPNsense.
OPNsense is investigating migrating to 11.0-RELEASE for its 17.1 release. The Virtual Memory (VM) subsystem has changed drastically between FreeBSD 10 and FreeBSD 11. Since ASLR deals with the VM subsystem, extreme care must be taken in the update of the codebase from FreeBSD 10.3 to 11.0. I will assist in those efforts by freshly porting over the ASLR implementation from HardenedBSD 11.0 to OPNsense’s FreeBSD 11.0 codebase.
I look forward to being a part of the OPNsense core team. The coordination between HardenedBSD and OPNsense will bring a more solid
foundation on which home users and enterprises alike can build secure and scalable networks.

OpenBSD tmpfs on its last legs

As a result of apparent lack of maintenance, Theo de Raadt has disabled tmpfs.

CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/07/25 13:52:56

Modified files:
 sys/conf       : GENERIC 

Log message:
disable tmpfs because it receives zero maintainance.

You probably didn’t use this anyway

The last bits of Linux emulation have been removed from DragonFly.  It’s 32-bit, so it’s been unsupported since DragonFly went to 64-bit only with the 4.0 release.  Also, some other 32-bit only items are gone, including the cs, ep, ex, fe, and vx network drivers.  It’s almost impossible that anyone was using it, but it’s notable because that’s some… 15-20k lines of code gone?  Removal of unused code is also positive.

Myths, Pi's & Features, oh my! | BSD Now 154

This week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you know you’ve thought of it). Plus we have a GhostBSD tutorial, a look at a GitHub project to run Steam Linux on FreeBSD 11 & more!
You’ll want to stick-around for your place to B...SD!


Code stuff


Interesting articles


BSD News 25/07/2016

BSD News 25/07/2016

Last week in BSD

Releases: pfSense, FreeBSD, PacBSD, DragonFlyBSD
Other news: NetBSD, BSDnow, PC-BSD, Lumina Desktop, DragonFlyBSD, n2k16, BSDSec,


BSDSec


Releases

pfSense 2.3.2-RELEASE Now Available!


We are happy to announce the release of pfSense® software version 2.3.2!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.
This release includes fixes for 60 bugs, 8 features and 2 todo items completed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.


FreeBSD 11.0-BETA2

The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary of changes since 11.0-BETA1 includes: several build- and toolchain-related fixes; WITNESS and INVARIANTS have been disabled on powerpc, powerpc64, arm and armv6 architectures; freebsd-update(8) has been updated to allow '*-dbg' distribution sets; ctld(8) no longer exits when reloading the configuration with invalid initiator-portal clauses; GENERIC-NODEBUG kernel configurations have been removed; the callout code has been updated to avoid a system panic with TCP timers; several other changes." See also the (incomplete) release notes which are still work-in-progress. Quick links to download the amd64 and i386 installation DVD images: FreeBSD-11.0-BETA2-amd64-dvd1.iso (2,479MB, SHA512), FreeBSD-11.0-BETA2-i386-dvd1.iso (2,203MB, SHA512).

New PacBSD ISO Available

A new iso is available for testing for 64bit. Currently there are two install media, one for DVD/CD and one for USB devices. Be sure to select the right media. Dot img for usb and dot iso for CD/DVD.
Download is available here
Currently the main packages available for testing are: LXDE, chromium, Xorg, wine, transmission and a few Window Managers. New Packages are added daily and more DE should be available in a few days.
xfce4, firefox and vlc will be next uploaded. Though there are multiple PKGBUILD for these already available at
Github
Also you can view daily reports of the repository, which includes broken packages, packages which fail to pull in dependencies, outdated packages (Checked against freebsd ports) and other information:
Repository Report
Installation help can be found at:
ZFS Install Guide
If You need additional help, feel free to join irc.freenode.net ‪#‎pacbsd‬-dev as this is quite active. All new uploaded packages, git commits, repository reports are posted here daily.
One more note, any issues can be reported to us directly on #pacbsd-dev on IRC, or on our bug tracker.
Bug Tracker

DragonFly 4.6 release candidate 2 available

DragonFly 4.6 release candidate 2 has been tagged.  You can pull it directly from the master site in img or iso form (check your local mirror instead if possible), or shift to the new tag.
“Where is RC1?” you may ask?  I tagged the first release candidate some days ago, and this bug was immediately found right after.  It was easier to go right to RC2 once a fix was found.
This candidate will probably lead directly to a release version, so if you want to run the release version exactly, wait a few days.

News

New Security Advisory: NetBSD-SA2016-006 (mail.local)

A new security advisory was published:
You can find more information about them on the Security and NetBSD page.

Fuzzy Auditing | BSD Now 151

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved ‘C’ client for LetsEncrypt, an interview with Dru Lavigne and more! Stick around for your place to B...SD!

Code stuff


Interesting articles


BSD News 18/07/2016

BSD News 18/07/2016

Last week in BSD

Releases: HardenedBSD, SoloBSD, OPNsense, 
Other news: BSDsec, DragonFly BSD, pfSense, BSDnow

BSDSec


Releases

OPNsense 16.7-RC2 released

16.7-RC2 is here and brings major additions to amd64 architectures: Intel’s Hyperscan library to speed up Suricata rule matching and UEFI boot support! It also brings language packs to their correct 16.7 state, with Japanese already having been completed by the amazing Chie Taguchi. The mirrors have been expanded to allow trackers of -stable or -devel packages to upgrade to the release candidate. Users of LibreSSL wanting to upgrade can now switch to OpenSSL instead of seeing upgrade errors until LibreSSL becomes available again and their systems move back to LibreSSL automatically.
Otherwise, only minor issues have been reported and fixed. This likely means there will not be another release candidate.
New images are available from all known mirrors with all checksums listed after this announcement:
https://opnsense.org/download/
 

New stable release: HardenedBSD-stable 10-STABLE v46.5

HardenedBSD-10-STABLE-v46.5 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
security updates for: expat, libarchive, file, coverity related fixes
bigger updates for: hyper-v, zfs

SoloBSD 10.3-STABLE-v46.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.5
Changelog v46.5
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.
You can grab it from Here. (48.4 Mb)
 root password: solobsd

News

Any Mono/DragonFly users out there?

This is a specialized use case, but Mono 4.x has some issues on DragonFly.  Some minor testing has been done, but if you are already using it, please contribute.

pfSense moves to Apache License

With the pending departure of Chris Buechler, we wanted to find a way to express to the community our continued commitment to keep pfSense® software open source.
As such, pfSense is moving to the Apache License 2.0  in order to align the goals of the project with other (unannounced) offerings from Netgate.  The Apache License 2.0 is a permissive license similar to the MIT License. The main conditions of this license require preservation of copyright and license notices.
Where the 2-Clause and 3-Clause BSD licenses provides no direct language around the areas of copyright, patents and trademarks, the Apache License does. The Apache License is very clear that individual contributors grant copyright license to anyone who receives the code, that their contribution is free from patent encumbrances (and if it is not, that they license that patent to anyone who receives the code,) and that use of Trademarks extends only as far as is necessary to use the product.  As a reminder, only genuine pfSense software can bear the registered trademark of pfSense. It also includes a patent termination clause, should a lawsuit arise.
The Apache License 2.0 is the third most popular license on github. Android, Apache, Chef, DockerOpenStackSalt Stack, and Swift use the Apache License 2.0.
Now pfSense does as well.

Sprinkle A Little BSD Into Your Life | BSD Now 150

Today on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it… That runs FreeBSD!
That plus news & of course your feedback, keep it tuned to BSD Now, the place to B...SD!

UEFI booting and manual installation


karu.pruun shares a story of manually installing DragonFly on a UEFI-booting machine.  In this case, it’s a Macbook, though there’s other non-fruit UEFI machines out there?

Code stuff


Interesting articles