BSD News 05/09/2016

BSD News 05/09/2016

Last week in BSD

Releases: DesktopBSD, HardenedBSD, OPNsense, GhostBSD, OpenBSD
Other news: OpenBSD, BSDnow, ZFS, Let's Encrypt, g2k16, DragonFlyBSD,

BSDSec


Releases

DesktopBSD-2.0 Gnome test version

We are pleased to announce that DesktopBSD-2.0 Gnome test version is available,  more flavours will come soon.

Based on FreeBSD-10.3 amd64, mainly because UEFI is supported by FreeBSD only for amd64 architecture.

Before burning the ISO to a DVD, please check the md5 or sha256 of the downloaded ISO against those  from our repo

DesktopBSD ISOs are hybrid, UEFI enabled, and can be written to USB sticks using the 'dd' command:
dd if=DESKTOPBSD-2.0-FBSD-20160903-152502-gnome-amd64.iso of=/dev/daN bs=1M conv=sync

(where /dev/daN is your's usb stick)
Bsdstats is included as in DesktopBSD-1.7 Release, so DesktopBSD will be counted in www.bsdstats.org.
Bsdstats can be launched or is launched from console using bsdstats.send, via rc.conf or via cron from /usr/local/etc/poeriodic/monthly/300.statistics.

We have included tools to:
  • Connect to desktopbsd irc channel to get help using desktopbsd-irc
  • Open bugtracker page in forums using desktopbsd-bug-report
  • Get system information using inxi scripts ported from linux

Inxi can be run from console, terminal and even under irc client to send informations in irc channel directly.
desktopbsd-irc plus inxi are great tools to help users in #desktopbsd channel.

ISOs are installable using gbi (GhostBSD Installer) and includes another GhostBSD tools.
Please notice that Eric Turgeon ( GhostBSD founder and developer ) is also in our's dev team.
 
Please test and send bugs using desktopbsd-bug-report to be able to fix them.

To enable desktop icons on desktop please run dconf-editor and go to org.gnome.desktop.background and check show-desktop-icons. (desktop icons are not enabled by default due to a gnome bug)

We'll use for support www.desktopbsd.weebly.com website, desktopbsd.boards.net forum and #desktopbsd irc channel on irc.freenode.server.


New stable version: HardenedBSD-stable 11-STABLE v46.2

HardenedBSD-11-STABLE-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Installers: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
Git repo: https://github.com/HardenedBSD/hardenedBSD-stable.git
Highlights:
libarchive update (CVE fixes, FreeBSD SA candidate)
sqlite update (CVE fixes, FreeBSD SA candidate)

OPNsense 16.7.3 released

Patch notes:
  • system: allow selection of secondary console
  • system: added EFI as a console option
  • system: fixed status display of tiered gateway groups
  • system: allow to configure sudo usage for administrators
  • system: package manager can no longer uninstall the GUI package (marked as “vital”)
  • system: also beep on factory reset
  • system: added opnsense-code command line utility
  • interfaces: do not store packet captures in /root
  • interfaces: sort interface listings by name only
  • interfaces: do not prevent configuring an IP used by the PPTP and L2TP plugins
  • firewall: add normalisation options for source port and direction
  • firewall: improved parsing of alias input
  • firewall: fixed nesting of aliases with underscores in their names
  • openvpn: fix script mismatch on export page
  • openvpn: added reneg-sec option to server to allow persistent TOTP sessions
  • openvpn: added option to prevent usage of username-as-common-name
  • services: fix WOL widget link
  • services: aligned backend calls of DNS and DHCP
  • services: fix writing of DNS resolver host entries
  • services: simplify configuring of DNS resolver listening addresses
  • services: allow proxy to match against SSL URLs only (contributed by Fabio Mello)
  • lang: updated Source Sans Pro font to improve the cyrillic experience
  • lang: Italian is now a release language (contributed by Antonio Prado)
  • lang: minor updates for Russian (contributed by Smart-Soft Ltd.)
  • lang: minor updates for German and French
  • ports: haproxy 1.6.8[1], php 5.6.25[2], sqlite 3.14.1[3]
  • ports: openvpn 2.3.12[4], libxml 2.9.4[5]

GhostBSD 10.3 Enoch Finally Available

After a year of development, testing and debugging we are pleased to announce the release of GhostBSD 10.3 MATE & XFCE which is available on SourceForge and torrents for the amd64 and i386 architectures.
What's new in GhostBSD 10.3
  • ZFS support
  • UEFI support
  • Installer custom partition creation subjection
  • VirtualBox support get setup at boot time if needed.
  • 4k partition alignment by default
  • GhostBSD Software will be updated Quarterly which will bring more stability to GhostBSD still user will be able to change it to latest to have the latest software update.
What changed in GhostBSD 10.3
  • The installer partition editor UI and partitioning have been improved
  • VirtualBox additions would be uninstall after installer if it is not runnig in a VirtualBox
  • Slim is replacing GDM.
  • Networkmgr display the full SSID
  • Replaced the HTML/CSS installation slide with a GTK/CSS the slide.
What has been fix.
  • Networkmgr SSID list
  • VirtualBox supports
  • Installer MBR partition issue
  • Some installer text error
  • Keyboard layout after installation with MATE
  • Network Manager slowness to open the menu
  • Network Manager icon tray crash
  • Localtime time as been fix
  • Fix boot partition for GPT to supports freebsd-boot, bios-boot and efi
  • System Update duplicating the whole install under /boot/kernel.old
  • sudo configuration
  • Wifi down by default
  • Locales are not correctly set up on installation
Where to download:
The image checksum's, hybrid ISO(DVD, USB) images are available here:
http://www.ghostbsd.org/download


OpenBSD 6.0 released

September 1st, 2016: The OpenBSD team announces the availability of 6.0!
We are pleased to announce the official release of OpenBSD 6.0.
This is our 40th release on CD-ROM (and 41st via FTP/HTTP).  We remain
proud of OpenBSD's record of more than twenty years with only two remote
holes in the default install.

As in our previous releases, 6.0 provides significant improvements,
including new features, in nearly all areas of the system:
Read more...

News

ZFS, The “Universal” Filesystem | BSD Now 157

This week on BSDNow, we have an interview with Richard Yao, who will be telling us about the experience & challenges of porting ZFS to Linux. That plus the latest news & feedback is coming your way, on your place to B….SD!

Let's Encrypt client imported into -current

Kristaps Dzonsons' Let's Encrypt client, letskencrypt, has been imported into OpenBSD-current as acme-client.
letskencrypt, which has previously been available as a port, is a privilege-separated Let's Encrypt (ACME protocol) client written in C.


Code stuff


Interesting articles


BSD News 29/08/2016

BSD News 29/08/2016

Last week in BSD

Releases: FreeBSD, pfSense
Other news: BSDNow, OpenBSD


BSDSec

there seems to be none SA

Releases

FreeBSD 11.0-RC2 Available

The second RC build for the FreeBSD 11.0 release cycle is now available. ISO images for the amd64, armv6, i386, aarch64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

2.4 pre-alpha snapshots now available.

pfSense® software version 2.4 pre-alpha snapshots are now available.
pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.
More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  Simultaneously, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:
There appears to be a bug in pf (likely due to the interaction of one of our patches).  This only manifests under high usage.
New features and changes are listed here.
Full change list:
source and build tools
ports
FreeBSD source
Outstanding bugs/features/todo items:
Everything else
We advise that you do not use this on a production system yet. If you have the time and interest, we encourage you to try this on a scratch system or VM and provide feedback for any issues you find.

News

The Fresh BSD experience | BSD Now 156

This week on BSDNow, Allan is back from his UK trip & we’ll get to hear his thoughts on the developer summit. That plus all the latest news & an interview with Drew Gurkowski discussing tutorial writing for FreeBSD. Keep it tuned to your place to B...SD!

Code stuff

BSD News 22/08/2016

BSD News 22/08/2016

Last week in BSD

Releases: OPNsense, HardenedBSD
Other news:HardenedBSD, BSDnow, NetBSD, DragonFly BSD, FreeBSD,

BSDSec

seems to be none warnings

Releases

OPNsense 16.7.2 released

  • src: revert fix ICMP translation in pf
  • src: better handle unknown options received from a DHCP server
  • src: void using spin locks for channel message locks
  • src: enable INQUIRY result check only on Windows 10 host systems
  • src: register time counter early enough for TSC freq calibration
  • src: disable incorrect callout in hv_storvsc(4)
  • src: better handle the GPADL setup failure in Hyper-V
  • src: fix SCSI INQUIRY checks and error handling
  • ports: lighttpd 1.4.41, strongswan 5.5.0, curl 7.50.1
  • ports: ca_root_nss 3.26, openssh 7.3p1
  • ports: enabled LDAP SASL bindings
  • system: remove source maps to prevent further Chrome breakage during API calls
  • system: switch to individual registration of PHP extensions
  • system: added UO field to CSR
  • interfaces: properly remove PPPoE server from list of firewall interfaces when deactivated
  • interfaces: extended logging for 4G modems
  • interfaces: correct download of large packet captures
  • interfaces: add lacp_fast_timeout flag support for LAGG
  • interfaces: fix clearing the DHCP config file when override file is gone
  • interfaces: improve dmesg probe on interface listing (contributed by Per von Zweigbergk)
  • firewall: double-check file availability after alias URL download
  • services: corrected DNS forwarder settings save in mobile layout
  • dashboard: fix gateway widget status text update
  • plugins: corrected firewall interface usage for multi-point VPNs
  • vpn: removed the stale OpenVPN windows installer binaries
  • vpn: default to IPsec main mode
  • lang: assorted translation fixes (contributed by Fabian Franz and Antonio Prado)
  • lang: translation updates for Chinese, French, German and Japanese


New stable version: HardenedBSD-stable 10-STABLE v46.9

HardenedBSD-10-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Oliver Pinter (2):
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit - part 2.
Shawn Webb (1):
HBSD: Temporarily disable PIE with the stdlib ATF tests.

News

Cabling up FreeBSD | BSD Now 155

This week on BSDNow, Allan is away in the UK for BSDCam, but we still have a full episode for you! Don’t miss our interview with Myke Geiger talking about using FreeBSD in the ISP environment & the latest news, here on your place to B...SD!

Code stuff


Interesting articles


BSD News 15/08/2016

BSD News 15/08/2016

Last week in BSD

Releases: GhostBSD
Other news: OPNsense, HardenedBSD, OpenBSD, Linux, BSDnow, n2k16, Wallpaper, DragonFlyBSD

BSDSec



Releases

GhostBSD 10.3 RC1 is ready for testing

This first RC release is ready for testing new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.
Language Undefined

News

New Core Team Member

The OPNsense project is growing rapidly and it’s with great pleasure that the OPNsense core team may announce that our team will be strengthened with Shawn Webb. Shawn has already  been doing lots of great work and his formal membership is seen as a logical step forward by all of us.
Shawn Webb Over the past year, I have had the wonderful experience of working with the OPNsense core team in porting over HardenedBSD’s robust ASLR
implementation. It is with pleasure and humility that I have accepted their invitation to join the core team. My overarching goal will be to port the main features of HardenedBSD to OPNsense.
Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology that aims to make certain kinds of vulnerabilities
harder to successfully exploit. In order to fully apply ASLR, applications must be compiled as a Position-Independent Executable (PIE). In the short term, my next goal is to enable PIE fully across OPNsense’s ports tree. I’m using HardenedBSD’s ports tree and package building infrastructure as a test bed prior to importing into OPNsense.
OPNsense is investigating migrating to 11.0-RELEASE for its 17.1 release. The Virtual Memory (VM) subsystem has changed drastically between FreeBSD 10 and FreeBSD 11. Since ASLR deals with the VM subsystem, extreme care must be taken in the update of the codebase from FreeBSD 10.3 to 11.0. I will assist in those efforts by freshly porting over the ASLR implementation from HardenedBSD 11.0 to OPNsense’s FreeBSD 11.0 codebase.
I look forward to being a part of the OPNsense core team. The coordination between HardenedBSD and OPNsense will bring a more solid
foundation on which home users and enterprises alike can build secure and scalable networks.

OpenBSD tmpfs on its last legs

As a result of apparent lack of maintenance, Theo de Raadt has disabled tmpfs.

CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/07/25 13:52:56

Modified files:
 sys/conf       : GENERIC 

Log message:
disable tmpfs because it receives zero maintainance.

You probably didn’t use this anyway

The last bits of Linux emulation have been removed from DragonFly.  It’s 32-bit, so it’s been unsupported since DragonFly went to 64-bit only with the 4.0 release.  Also, some other 32-bit only items are gone, including the cs, ep, ex, fe, and vx network drivers.  It’s almost impossible that anyone was using it, but it’s notable because that’s some… 15-20k lines of code gone?  Removal of unused code is also positive.

Myths, Pi's & Features, oh my! | BSD Now 154

This week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you know you’ve thought of it). Plus we have a GhostBSD tutorial, a look at a GitHub project to run Steam Linux on FreeBSD 11 & more!
You’ll want to stick-around for your place to B...SD!


Code stuff


Interesting articles


BSD News 25/07/2016

BSD News 25/07/2016

Last week in BSD

Releases: pfSense, FreeBSD, PacBSD, DragonFlyBSD
Other news: NetBSD, BSDnow, PC-BSD, Lumina Desktop, DragonFlyBSD, n2k16, BSDSec,


BSDSec


Releases

pfSense 2.3.2-RELEASE Now Available!


We are happy to announce the release of pfSense® software version 2.3.2!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.
This release includes fixes for 60 bugs, 8 features and 2 todo items completed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.


FreeBSD 11.0-BETA2

The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary of changes since 11.0-BETA1 includes: several build- and toolchain-related fixes; WITNESS and INVARIANTS have been disabled on powerpc, powerpc64, arm and armv6 architectures; freebsd-update(8) has been updated to allow '*-dbg' distribution sets; ctld(8) no longer exits when reloading the configuration with invalid initiator-portal clauses; GENERIC-NODEBUG kernel configurations have been removed; the callout code has been updated to avoid a system panic with TCP timers; several other changes." See also the (incomplete) release notes which are still work-in-progress. Quick links to download the amd64 and i386 installation DVD images: FreeBSD-11.0-BETA2-amd64-dvd1.iso (2,479MB, SHA512), FreeBSD-11.0-BETA2-i386-dvd1.iso (2,203MB, SHA512).

New PacBSD ISO Available

A new iso is available for testing for 64bit. Currently there are two install media, one for DVD/CD and one for USB devices. Be sure to select the right media. Dot img for usb and dot iso for CD/DVD.
Download is available here
Currently the main packages available for testing are: LXDE, chromium, Xorg, wine, transmission and a few Window Managers. New Packages are added daily and more DE should be available in a few days.
xfce4, firefox and vlc will be next uploaded. Though there are multiple PKGBUILD for these already available at
Github
Also you can view daily reports of the repository, which includes broken packages, packages which fail to pull in dependencies, outdated packages (Checked against freebsd ports) and other information:
Repository Report
Installation help can be found at:
ZFS Install Guide
If You need additional help, feel free to join irc.freenode.net ‪#‎pacbsd‬-dev as this is quite active. All new uploaded packages, git commits, repository reports are posted here daily.
One more note, any issues can be reported to us directly on #pacbsd-dev on IRC, or on our bug tracker.
Bug Tracker

DragonFly 4.6 release candidate 2 available

DragonFly 4.6 release candidate 2 has been tagged.  You can pull it directly from the master site in img or iso form (check your local mirror instead if possible), or shift to the new tag.
“Where is RC1?” you may ask?  I tagged the first release candidate some days ago, and this bug was immediately found right after.  It was easier to go right to RC2 once a fix was found.
This candidate will probably lead directly to a release version, so if you want to run the release version exactly, wait a few days.

News

New Security Advisory: NetBSD-SA2016-006 (mail.local)

A new security advisory was published:
You can find more information about them on the Security and NetBSD page.

Fuzzy Auditing | BSD Now 151

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved ‘C’ client for LetsEncrypt, an interview with Dru Lavigne and more! Stick around for your place to B...SD!

Code stuff


Interesting articles