BSD News 13/04/15

Last week in BSD

Releases: OPNsense
Other news: Hammer, DragonFly BSD, FreeBSD, OPNsense, BSDSec, BSDnow, p2k15, freeNAS, TrueNAS, Wallpaper,


BSDSec

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:04.igmp [REVISED] 
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:07.ntp
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:08.bsdinstall 
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:09.ipv6 
[Midnightbsd-security] MidnightBSD security update 0.5.11-RELEASE

Releases

OPNsense version 15.1.8.4 Released
OPNsense version 15.1.9 Released 

Here is the change log for 15.1.9:
  • tools: install media live images now use the more flexible tmpfs(5)
  • tools: cxgbe(4) is now compiled into the kernel
  • ports: strongswan 5.3.0, openssh-portable 6.8p1, ntp 4.2.8p2
  • src: reverted inconsistent carp(4) and pfsync(4) patches to retain standard FreeBSD behaviour
  • src: fix multiple vulnerabilities of ntp (SA-15:07)
  • src: fix denial of service with IPv6 router advertisements (SA-15:09)
  • core: console upgrade now also triggers the unused package removal
  • core: fix regression that caused a faulty config.xml when applying limiter settings
  • core: refactored the configd command structure for clarity
  • core: fix for SMTP notifications that broke due to PHP 5.6’s new default SSL behaviour
  • core: thorough unused java script purge under the hood
  • upnp: fix redeclaration error on main page shortcut click
  • user manager: consolidated the labels of all privileges, especially OpenVPN
  • development: opnsense-update can selectively upgrade base/kernel for testing
  • development: new chunk of progress on the new proxy feature and MVC structure


Other news


pkg remove freebsd-update | BSD Now 84


On this week's mini-episode, we'll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We'll find out, and also get to a couple of your emails while we're at it, on BSD Now - the place to B.. SD. 

DragonFly on Vultr   


There’s been some linking to the updated HAMMER2 design document.  The Reddit link doesn’t have anything specific, but the Hacker News one has some details (including a credit code!) for installing DragonFly on a Vultr VPS.

Code stuff

Hammer and Hammer2 details 
ACPICA update for DragonFly 
Mars time, too 
In Other BSDs for 2015/04/11
p2k15 Hackathon Report: landry@ on mozilla and more 

Interesting articles

ICC profiles and “startx” on FreeBSD 
The History of FreeNAS & TrueNAS 
Lies, Damn Lies, and Benchmarks 
Intel DDIO, LLC cache, buffer alignment, prefetching, shared locks and packet rates.

 Wallapaper of the week


as at http://www.netbsd.org/images/logos/ghen-unix-wallpaper.png
 

BSD News 30/03/15

Last week in BSD

Releases: OPNsense
News: EuroBSDCon, OpenBSD, ssh, DragonFly BSD, BSDnow, Hammer, FreeBSD, BSDSec, OpenNTPD

BSDSec

OpenNTPD 5.7p4 released

Releases

OPNsense version 15.1.8 Released


Here is the full list of changes:
  • src: applied FreeBSD-SA-15:06.openssl
  • src: updated to tzdata2015b
  • src: add missing max-packets parsing for pf(4)
  • src: OPNsense branding for boot loader
  • bsdinstaller: speed up SD card writes using async mode and assorted cleanups
  • opnsense-update: don’t trigger a spurious update after a fresh install when invoked for the first time
  • notable port updates: isc-dhcp42 4.2.8, libressl 2.1.6, openssl 1.0.1m, ca_root_nss 3.18
  • core: removed obsolete conf_mount_ro() and conf_mount_rw() usage
  • core: removed platform awareness with a more appropriate probe for install media
  • core: removed all remnants of the old firmware update code
  • core: completely rewrote the config.xml handling to unify old and new GUI components
  • core: added support for config backup to Google Drive
  • packages: removed the legacy package system
  • upnp: transformed the preinstalled package into a standard feature
  • openvpn: added the client export package as a standard feature
  • dyndns: minor follow-ups for Duck DNS support
  • firewall log: fix bug that would prevent the filter from working correctly
  • ntp: added numerous config form tweaks and fixed daemon startup
  • igmpproxy: fixed daemon startup
  • dns: properly regenerate hosts file on reload
  • ssh: fix sshd reload on save in system admin access page
  • rc: avoid invoke of FreeBSD’s rc system on halt and reboot
  • dhcp: improve compatibility with IPv6 deployments
The install media images can be found here:
https://sourceforge.net/projects/opnsense/files/15.1.8/
 

News

EuroBSDCon 2015 Call for Papers Is Out 

The EuroBSDCon 2015 conference organizers have announced the Call for Papers for the upcoming conference in Stockholm, Sweden.
Go to https://2015.eurobsdcon.org/call-for-papers/ for details; the full text of the announcement also follows after the fold.
Read more... 


SSL in the Wild | BSD Now 82   


We'll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He's been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now - the place to B.. SD.



Code stuff

In Other BSDs for 2015/03/28
OpenBSD SSH Protocol 1 Now Disabled at Compile Time
DragonFly: A PHP upgrade note
DragonFly: New locking and synchronization docs 

Interesting articles

 Running FreeBSD on the server: a sysadmin speaks, iTWire, Sam Varghese 
Clustering and copies in HAMMER2 
Using the arswitch ethernet switch on FreeBSD

Wallpaper of the week

as found at http://www.pcbsd.org/en/artwork.html
Thanks for reading ;]



BSD News 23/03/15

Last week in BSD

Releases: pfSense, GhostBSD, DragonFly, BSDrp
Other news: BSDSec, FreeNAS, DragonFly, LibreSSL, NetBSD, AsiaBSDCon, BSDnow, OpenBSD, OpenSSH, HardenedBSD,

BSDSec

LibreSSL 2.1.5 released 
LibreSSL 2.1.6 released 
libxfont errata 
libre/openssl patches available 
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:06.openssl  
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:06.openssl [REVISED]  
NetBSD Security Advisory 2015-003: NTPd multiple vulnerabilities (CVE-2014-929[3-6]) 
NetBSD Security Advisory 2015-004: Two vulnerabilities in the compatibility layers  
NetBSD Security Advisory 2015-005: buffer overflow in libevent (CVE-2014-6272)  
NetBSD Security Advisory 2015-006: OpenSSL and SSLv3 vulnerabilities 

Releases

 

BSD Router Project

BSDRP 1.55 is out: It includes latest FreeBSD security fixes and pmacct.

2.2.1 RELEASE Now Available 

pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.

DragonFly 4.0.5 out 

I’ve tagged version 4.0.5 of DragonFly, and it’s available at your nearest mirror.  This revision is mostly to incorporate the newest OpenSSL security bump.

GhostBSD 10.1 Alpha 2 now available   


Changes and fix between 10.1-ALPHA1 and 10.1-ALPHA2 include:
  • The PCDM theme file as been fixed which was creating blinking black screen.
  • Macro windows decoration has been fixed.
  • The installer GPT partition problem has been found and fixed in pc-sysintall.
  • Some installer text error has been fix.
  • The user shell selection has been fix from the last change to have csh by default since fish have a bug from the ports.

Other news

 

 NetBSD ported to Hardkernel ODROID-C1

The Hardkernel ODROID-C1 is a quad-core ARMv7 development board that features an Amlogic S805 SoC (quad-core Cortex-A5 @ 1.5GHz), 1GB RAM and gigabit ethernet for $35 USD.
The ODROID-C1 is the first Cortex-A5 board supported by NetBSD. Matt Thomas (matt@) added initial Cortex-A5 support to the tree, and based on his work I added support for the Amlogic S805 SoC.
NetBSD -current (and soon 7.0) includes support for this board with the ODROID-C1 kernel.


Puffy in a Box | BSD Now 81

We're back from AsiaBSDCon! This week on the show, we'll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They're getting BSD in the hands of Windows admins who don't even realize it.  

Introducing NoExec 

Over the past few months, Oliver has been busy writing a new exploit mitigation feature for HardenedBSD: NoExec. The first part of this project was merged into master tree, and there are still ongoing issues to solve. Our implementation is inspired by PaX's. NoExec prevents pages that are marked as writable from being marked executable as well. It also prevents using mprotect(2) to change a non-executable page to an executable one. This, of course, can cause issues with applications that expect to be able to mark existing pages as executable. Firefox is a good example. You will need to either jail the application in a jail with NoExec turned off or use secadm to turn off NoExec for that application.
This feature bumps the HardenedBSD version number up to 17. We're doing a new package build as well. You'll also get some applications built as Position-Independent Executables (PIEs) with this package build.

Donation request for network SMP development 

 Martin Pieuchot (mpi@) writes in about what's needed for further SMP improvements in the network stack:
If you've been following my contributions to OpenBSD's kernel, you already know that in the past years I've been working on the Network Stack to make it more SMP friendly. All the network hackers present at s2k15 agreed to volunteer me to work on the next step: properly integrate the pseudo-drivers (carp(4), vlan(4), trunk(4)...) in order to take ether_input() out of the kernel lock.
Read more... 

bsdtalk252 - devio.us with Brian Callahan  


An interview with devio.us admin Brian Callahan. http://devio.us is a free shell provider that runs on OpenBSD.
File Info: 18Min, 8MB.
Ogg Link: https://archive.org/download/bsdtalk252/bsdtalk252.ogg

Code stuff

DRM 3.8 update committed 
New sshlockout option 
OpenSSH 6.8 Released
In Other BSDs for 2015/03/21 
 

Interesting articles

The FreeNAS Hardware Guide You’ve Asked For | Does ZIL Size Matter? Issue #18 
Unifying Mesa ports’ configure 
AsiaBSDCon 2015 Recap

Wallpaper of the week

 

as found at http://ghostbsd.org/wallpaper

BSD News 16/03/15

BSD News 16/03/15

Last week in BSD

Releases: OPNsense, DragonflyBSD, GhostBSD
Other news: NetBSD, DragonFly BSD, pfSense, OpenBSD, BSDNow, TrueNAS, FreeBSD Foundation,


BSDSec

freetype patches available 
libssl patch available 


Releases

OPNsense version 15.1.7.1 Released

  • bsdinstaller: work towards embedded installations, e.g. Quick/Easy disk selection
  • opnsense-update: added command line switches and a manual page for usability’s sake
  • opnsense-update: will now remember that the base system is up to date
  • ports: updated to LibreSSL 2.1.4 (for our experimental LibreSSL flavour only)
  • directory layout: collapsed the /conf -> /cf/conf magic into a simple /conf directory (needs a reboot to take effect)
  • certificates: consistently lowered the default lifetime to 1 year
  • captive portal: fixed an issue that prevented traffic forwarding in some cases
  • NAT: do not resolve aliases on display to stay consistent with rules page
  • console menu: rebuilt the firmware upgrade option 12 to work on top of our new pkgng/opnsense-update system
  • crash reporter: can now be found under Diagnostics and was extended to show all parsing errors. The send button is currently disabled but feel free to copy+paste the messages to push them through the usual channels.
  • rc: fixed numerous parse errors in files previously missed by the regression test
  • rc: DHCP lease and RRD graph persistency after reboot, halt and config import (reinstall)
  • UPnP: the shortcuts menu has been reintroduced
  • login: redirect after login now brings up the previously selected page
  • dynamic DNS: fixed validation for custom entries that do not require a hostname
  • dynamic DNS: added support for Duck DNS
  • firewall log widget: fixed multiple bugs and updated style
  • pptp: brought back missing PHP includes
  • core: removed thousands of lines of unused code, style consolidation and path unwinding
  • core: multiple image to glyphicon conversions
  • development: moved pkgng config files out of the src/ directory to avoid tainting the system on core.git live mount
  • development: steady progress on the first MVC framework implementation of the upcoming proxy support

OPNsense version 15.1.7.2 Released   


  • bsdinstaller: fixed the package database wipe on custom install
  • bsdinstaller: install progress bar is now more responsive with regard to individual directories in /usr
  • firmware: removed obsoleted upgrade code and tools following our pkgng/opnsense-update approach
  • miniupnpd: now properly links to the OpenSSL/LibreSSL port
  • ipmitool: now properly links to the OpenSSL/LibreSSL port
  • core: extensive cleanups for PHP shebang usage, wiped numerous unused scripts and unreachable web pages, removed PBI remnants, removed ‘tmp_path’ softcoding to improve readability and git-grep(1) experience, removed stale debug statement that were only marginally useful while bumping the statements to default that indicate real errors
  • console: fixed halt script permissions and switched to synchronous mode
  • sysctl: added net.inet6.ip6.rfc6204w3 to improve the DHCPv6 experience
  • nat: remove target IP hardcoding in automatic rules (props to pfSense for pointing that out to us)
  • rc: fixed missing package database when using the MFS option for /var
  • configd: added a standard rc.d script for easy daemon control
  • mvc: a lot of new code to support general infrastructure for upcoming porting of features, e.g. proxy feature
  • help: adjusted links in the help menu to use HTTPS and improved targeting

DragonFly 4.0.4 out 


DragonFly 4.0 has had a minor point release, to 4.0.4.  There was a bug in the initial install where the rescue image installed on disk would be incorrect.  This was fixed after the first time a build/installworld was done, but might as well have it start out right.  There’s some other small fixes, and the release commit will show you the summary.  Download from your nearest mirror or update normally.

GhostBSD 10.1 Alpha 1 now available  


I am pleased to announce the availability the fist ALPHA build of the 10.1-RELEASE Release cycle which is available on SourceForge for the amd64 and i386 architectures.
Changes and fix between 4.0-RELEASE and 10.1-ALPHA1 include:
  • GDM as been replaced by PCDM
  • Wifimgr is now fully replaced by Networkmgr
  • A beta version of Update Station is now in GhostBSD whish update FreeBSD base system and software
  • The installer partition editor got a lot of improment
  • The installer use the latest pc-sysinstall from PCBSD GitHup
  • GhostBSD is now following the same release number then FreeBSD and PCBSD
The image checksums, ISO images and USB images are available here:
http://www.ghostbsd.org/download-10.1
 

Other news

The PC-BSD Tour II | BSD Now 80 


We're away at AsiaBSDCon this week, but we've still got a packed episode for you. First up is a sequel to the "PC-BSD tour" segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation's 15th anniversary. We'll return next week with a normal episode of BSD Now - which is of course, the place to B.. SD.


OpenBSD 5.7 Preorders Started

Yes, you read that right!

Preorders of the upcoming OpenBSD 5.7 release have been enabled at the OpenBSD Store (based in the UK, ships worldwide).

The OpenBSD 5.7 release page is filling out nicely as we speak, and you can look up further details of what you have in store come May 1st by taking a peek at the detailed changelog page.

Now don't just stand there! Go ahead, order a CD set (or a few), or if you'll be downloading anyway, donate!

Update: The first copy has already been sold, just a few moments after the initial commit and before the actual announcement to misc@ (both by deraadt@) went out.


15th Anniversary and Spring Fundraising Kickoff 




Why donate to the Foundation? Your donations will help us continue and increase our support in the following areas:
  • Funding improvement and development projects, including: Native ISCSI kernel Stack, Updated video console (Newcons), UEFI system boot support, Capsicum component framework, IPv6 support in FreeBSD, Auditdistd improvements for FreeBSD cluster, and adding modern AES modes to OpenCrypto (to support IP/SEC).
  • Helping to provide consistent and on-time releases.
  • Educating the public and promoting FreeBSD with tools like our high-quality FreeBSD 10X Brochure and company visits to help
  • facilitate collaboration efforts with the Project.
  • Sponsoring BSD conferences and summits in Europe, Japan, Canada, and the US.
  • Protecting FreeBSD IP and providing legal support to the Project.
  • Purchasing hardware to build and improve FreeBSD project infrastructure.


Code stuff

Raspberry PI 2 support added
Sendmail removed, DMA added 
USB update  
Extra world messages
In Other BSDs for 2015/03/14 

Interesting Articles

5 Fun Things to Do with FreeNAS
Recent developments in pfSense 
TrueNAS 9.3 State of the Union
FreeBSD From the Trenches: Using autofs(5) to Mount Removable Media  
OpenBSD @ AsiaBSDCon: httpd, PIE, and more  

Wallpaper of the week

 


 http://www.wallpapersonweb.com/image-654271.html



BSD News 09/03/2015

Last week in BSD

GhostBSD, OpenBSD, BSDSec, FreeBSD, Google Summer of Code, DragonFly BSD, PC-BSD, m0n0wall, s2k15, BSDnow, NetBSD,

BSDSec

FreeBSD 10.0-RELEASE End of Life
errata for X server infoleak
LibreSSL 2.1.4 released

Releases

seems to be none

Other news

Ted Unangst: Improving Browser Security

In a recent post to misc@, Ted Unangst (tedu@), outlined some of his upcoming work on improving browser security. Ted writes,
A few words about a project I've started working on today with support from the OpenBSD Foundation.
Read more...

Summer of Code 2015 Project Ideas Announced 


The OpenBSD foundation has published its Project Ideas List for this year's Google-sponsored Summer of Code. If you're a student with an appropriate background, this could be your chance to take a stab at contributing to the OpenBSD code base, with OpenBSD developers as your mentors.
The Foundation and the OpenBSD project do not guarantee that SOC projects are accepted into the OpenBSD code base, but it's worth trying, isn't it?
Check out the list and see if there's something there you want to spend most of the summer hacking on.

Just Add QEMU | BSD Now 79 


Watch here: http://youtu.be/ohf_Dp55O9I

Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD. 

Tarsnap Mastery book out 


Michael W. Lucas’s Tarsnap Mastery book is out, in electronic form.  While not a strictly BSD news items, it’s a service built on BSD, so worth looking at if you care about that – or about encryption.

Code Stuff

GhostBSD Development News - 03/01/2014
A look at the upcoming features for PC-BSD 10.1.2
s2k15 Hackathon Report: Jonathan Gray on X Graphic Acceleration Improvements, afl fuzzer 
s2k15 Hackathon Report: tedu@ on UVM SMP 
In Other BSDs for 2015/03/07 
CI20 reaches userland 

Interesting Articles

End of the m0n0wall project and alternatives
cache line aliasing effects, or "why is freebsd slower than linux?" 


Wallpaper of the week 




as found at http://hdw.eweb4.com/out/637260.html