BSD News 22/08/2016

BSD News 22/08/2016

Last week in BSD

Releases: OPNsense, HardenedBSD
Other news:HardenedBSD, BSDnow, NetBSD, DragonFly BSD, FreeBSD,

BSDSec

seems to be none warnings

Releases

OPNsense 16.7.2 released

  • src: revert fix ICMP translation in pf
  • src: better handle unknown options received from a DHCP server
  • src: void using spin locks for channel message locks
  • src: enable INQUIRY result check only on Windows 10 host systems
  • src: register time counter early enough for TSC freq calibration
  • src: disable incorrect callout in hv_storvsc(4)
  • src: better handle the GPADL setup failure in Hyper-V
  • src: fix SCSI INQUIRY checks and error handling
  • ports: lighttpd 1.4.41, strongswan 5.5.0, curl 7.50.1
  • ports: ca_root_nss 3.26, openssh 7.3p1
  • ports: enabled LDAP SASL bindings
  • system: remove source maps to prevent further Chrome breakage during API calls
  • system: switch to individual registration of PHP extensions
  • system: added UO field to CSR
  • interfaces: properly remove PPPoE server from list of firewall interfaces when deactivated
  • interfaces: extended logging for 4G modems
  • interfaces: correct download of large packet captures
  • interfaces: add lacp_fast_timeout flag support for LAGG
  • interfaces: fix clearing the DHCP config file when override file is gone
  • interfaces: improve dmesg probe on interface listing (contributed by Per von Zweigbergk)
  • firewall: double-check file availability after alias URL download
  • services: corrected DNS forwarder settings save in mobile layout
  • dashboard: fix gateway widget status text update
  • plugins: corrected firewall interface usage for multi-point VPNs
  • vpn: removed the stale OpenVPN windows installer binaries
  • vpn: default to IPsec main mode
  • lang: assorted translation fixes (contributed by Fabian Franz and Antonio Prado)
  • lang: translation updates for Chinese, French, German and Japanese


New stable version: HardenedBSD-stable 10-STABLE v46.9

HardenedBSD-10-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Oliver Pinter (2):
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit - part 2.
Shawn Webb (1):
HBSD: Temporarily disable PIE with the stdlib ATF tests.

News

Cabling up FreeBSD | BSD Now 155

This week on BSDNow, Allan is away in the UK for BSDCam, but we still have a full episode for you! Don’t miss our interview with Myke Geiger talking about using FreeBSD in the ISP environment & the latest news, here on your place to B...SD!

Code stuff


Interesting articles


BSD News 15/08/2016

BSD News 15/08/2016

Last week in BSD

Releases: GhostBSD
Other news: OPNsense, HardenedBSD, OpenBSD, Linux, BSDnow, n2k16, Wallpaper, DragonFlyBSD

BSDSec



Releases

GhostBSD 10.3 RC1 is ready for testing

This first RC release is ready for testing new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.
Language Undefined

News

New Core Team Member

The OPNsense project is growing rapidly and it’s with great pleasure that the OPNsense core team may announce that our team will be strengthened with Shawn Webb. Shawn has already  been doing lots of great work and his formal membership is seen as a logical step forward by all of us.
Shawn Webb Over the past year, I have had the wonderful experience of working with the OPNsense core team in porting over HardenedBSD’s robust ASLR
implementation. It is with pleasure and humility that I have accepted their invitation to join the core team. My overarching goal will be to port the main features of HardenedBSD to OPNsense.
Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology that aims to make certain kinds of vulnerabilities
harder to successfully exploit. In order to fully apply ASLR, applications must be compiled as a Position-Independent Executable (PIE). In the short term, my next goal is to enable PIE fully across OPNsense’s ports tree. I’m using HardenedBSD’s ports tree and package building infrastructure as a test bed prior to importing into OPNsense.
OPNsense is investigating migrating to 11.0-RELEASE for its 17.1 release. The Virtual Memory (VM) subsystem has changed drastically between FreeBSD 10 and FreeBSD 11. Since ASLR deals with the VM subsystem, extreme care must be taken in the update of the codebase from FreeBSD 10.3 to 11.0. I will assist in those efforts by freshly porting over the ASLR implementation from HardenedBSD 11.0 to OPNsense’s FreeBSD 11.0 codebase.
I look forward to being a part of the OPNsense core team. The coordination between HardenedBSD and OPNsense will bring a more solid
foundation on which home users and enterprises alike can build secure and scalable networks.

OpenBSD tmpfs on its last legs

As a result of apparent lack of maintenance, Theo de Raadt has disabled tmpfs.

CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/07/25 13:52:56

Modified files:
 sys/conf       : GENERIC 

Log message:
disable tmpfs because it receives zero maintainance.

You probably didn’t use this anyway

The last bits of Linux emulation have been removed from DragonFly.  It’s 32-bit, so it’s been unsupported since DragonFly went to 64-bit only with the 4.0 release.  Also, some other 32-bit only items are gone, including the cs, ep, ex, fe, and vx network drivers.  It’s almost impossible that anyone was using it, but it’s notable because that’s some… 15-20k lines of code gone?  Removal of unused code is also positive.

Myths, Pi's & Features, oh my! | BSD Now 154

This week on BSDNow, we are taking a look at a few different tutorials, including running your very own RPi web-server. (Come-on, you know you’ve thought of it). Plus we have a GhostBSD tutorial, a look at a GitHub project to run Steam Linux on FreeBSD 11 & more!
You’ll want to stick-around for your place to B...SD!


Code stuff


Interesting articles


BSD News 25/07/2016

BSD News 25/07/2016

Last week in BSD

Releases: pfSense, FreeBSD, PacBSD, DragonFlyBSD
Other news: NetBSD, BSDnow, PC-BSD, Lumina Desktop, DragonFlyBSD, n2k16, BSDSec,


BSDSec


Releases

pfSense 2.3.2-RELEASE Now Available!


We are happy to announce the release of pfSense® software version 2.3.2!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.
This release includes fixes for 60 bugs, 8 features and 2 todo items completed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.


FreeBSD 11.0-BETA2

The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary of changes since 11.0-BETA1 includes: several build- and toolchain-related fixes; WITNESS and INVARIANTS have been disabled on powerpc, powerpc64, arm and armv6 architectures; freebsd-update(8) has been updated to allow '*-dbg' distribution sets; ctld(8) no longer exits when reloading the configuration with invalid initiator-portal clauses; GENERIC-NODEBUG kernel configurations have been removed; the callout code has been updated to avoid a system panic with TCP timers; several other changes." See also the (incomplete) release notes which are still work-in-progress. Quick links to download the amd64 and i386 installation DVD images: FreeBSD-11.0-BETA2-amd64-dvd1.iso (2,479MB, SHA512), FreeBSD-11.0-BETA2-i386-dvd1.iso (2,203MB, SHA512).

New PacBSD ISO Available

A new iso is available for testing for 64bit. Currently there are two install media, one for DVD/CD and one for USB devices. Be sure to select the right media. Dot img for usb and dot iso for CD/DVD.
Download is available here
Currently the main packages available for testing are: LXDE, chromium, Xorg, wine, transmission and a few Window Managers. New Packages are added daily and more DE should be available in a few days.
xfce4, firefox and vlc will be next uploaded. Though there are multiple PKGBUILD for these already available at
Github
Also you can view daily reports of the repository, which includes broken packages, packages which fail to pull in dependencies, outdated packages (Checked against freebsd ports) and other information:
Repository Report
Installation help can be found at:
ZFS Install Guide
If You need additional help, feel free to join irc.freenode.net ‪#‎pacbsd‬-dev as this is quite active. All new uploaded packages, git commits, repository reports are posted here daily.
One more note, any issues can be reported to us directly on #pacbsd-dev on IRC, or on our bug tracker.
Bug Tracker

DragonFly 4.6 release candidate 2 available

DragonFly 4.6 release candidate 2 has been tagged.  You can pull it directly from the master site in img or iso form (check your local mirror instead if possible), or shift to the new tag.
“Where is RC1?” you may ask?  I tagged the first release candidate some days ago, and this bug was immediately found right after.  It was easier to go right to RC2 once a fix was found.
This candidate will probably lead directly to a release version, so if you want to run the release version exactly, wait a few days.

News

New Security Advisory: NetBSD-SA2016-006 (mail.local)

A new security advisory was published:
You can find more information about them on the Security and NetBSD page.

Fuzzy Auditing | BSD Now 151

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved ‘C’ client for LetsEncrypt, an interview with Dru Lavigne and more! Stick around for your place to B...SD!

Code stuff


Interesting articles


BSD News 18/07/2016

BSD News 18/07/2016

Last week in BSD

Releases: HardenedBSD, SoloBSD, OPNsense, 
Other news: BSDsec, DragonFly BSD, pfSense, BSDnow

BSDSec


Releases

OPNsense 16.7-RC2 released

16.7-RC2 is here and brings major additions to amd64 architectures: Intel’s Hyperscan library to speed up Suricata rule matching and UEFI boot support! It also brings language packs to their correct 16.7 state, with Japanese already having been completed by the amazing Chie Taguchi. The mirrors have been expanded to allow trackers of -stable or -devel packages to upgrade to the release candidate. Users of LibreSSL wanting to upgrade can now switch to OpenSSL instead of seeing upgrade errors until LibreSSL becomes available again and their systems move back to LibreSSL automatically.
Otherwise, only minor issues have been reported and fixed. This likely means there will not be another release candidate.
New images are available from all known mirrors with all checksums listed after this announcement:
https://opnsense.org/download/
 

New stable release: HardenedBSD-stable 10-STABLE v46.5

HardenedBSD-10-STABLE-v46.5 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
security updates for: expat, libarchive, file, coverity related fixes
bigger updates for: hyper-v, zfs

SoloBSD 10.3-STABLE-v46.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.5
Changelog v46.5
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.
You can grab it from Here. (48.4 Mb)
 root password: solobsd

News

Any Mono/DragonFly users out there?

This is a specialized use case, but Mono 4.x has some issues on DragonFly.  Some minor testing has been done, but if you are already using it, please contribute.

pfSense moves to Apache License

With the pending departure of Chris Buechler, we wanted to find a way to express to the community our continued commitment to keep pfSense® software open source.
As such, pfSense is moving to the Apache License 2.0  in order to align the goals of the project with other (unannounced) offerings from Netgate.  The Apache License 2.0 is a permissive license similar to the MIT License. The main conditions of this license require preservation of copyright and license notices.
Where the 2-Clause and 3-Clause BSD licenses provides no direct language around the areas of copyright, patents and trademarks, the Apache License does. The Apache License is very clear that individual contributors grant copyright license to anyone who receives the code, that their contribution is free from patent encumbrances (and if it is not, that they license that patent to anyone who receives the code,) and that use of Trademarks extends only as far as is necessary to use the product.  As a reminder, only genuine pfSense software can bear the registered trademark of pfSense. It also includes a patent termination clause, should a lawsuit arise.
The Apache License 2.0 is the third most popular license on github. Android, Apache, Chef, DockerOpenStackSalt Stack, and Swift use the Apache License 2.0.
Now pfSense does as well.

Sprinkle A Little BSD Into Your Life | BSD Now 150

Today on the show, we are going to be talking to Jim Brown (of BSD Cert Fame) about his home-brew sprinkler system… Wait for it… That runs FreeBSD!
That plus news & of course your feedback, keep it tuned to BSD Now, the place to B...SD!

UEFI booting and manual installation


karu.pruun shares a story of manually installing DragonFly on a UEFI-booting machine.  In this case, it’s a Macbook, though there’s other non-fruit UEFI machines out there?

Code stuff


Interesting articles


BSDNews 11/07/2016

BSDNews 11/07/2016

Last 2 weeks in BSD

Releases: OPNsense
Other news: BSDSec, FreeBSD, EuroBSDCon, Lumina Desktop, DragonFly BSD, BSDnow, HardenedBSD, LibreSSL, Hammer2, NetBSD

BSDSec


Releases

OPNsense 16.1.18 released

  • system: properly run fsck on boot if needed
  • system: new Cron page and API now available for general use
  • system: QR codes are now generated locally in the browser (contributed by Fabian Franz)
  • system: harden serial config write against power failures
  • system: allow serial config to attach to all available ttys
  • system: added missing ACL entry for LDAP user import page
  • system: reworked log page layout and dependencies
  • firmware: detach / reattach support for upgrade page
  • firmware: mirror and flavour selection moved to respective page
  • interfaces: improvements for 4G devices (sponsored by OSNet.eu[1])
  • interfaces: debug mode and logging for rtsold in DHCPv6 mode
  • dhcp: separate pages for router advertisements and service control
  • dhcp: IPv6 server as a stand-alone process for service control
  • dhcp: fixed and improved writing of dynamic DNSconfiguration
  • ports: python 2.7.11_3[2], unbound 1.5.9[3], curl 7.49.1[4], openssl 1.0.2_14[5], sudo 1.8.17p1[6], php 5.6.23[7], pcre 8.39[8], haproxy 1.6.6[9]
  • src: tzdata updated to 2016e[10]
  • src: fix pf fragement timeout[11]


News

Lumina 1.0.0 sources frozen

The source tree for the Lumina desktop has just been soft-frozen in preparation for the upcoming release of version 1.0.0 in mid-August (tentatively targeting August 8th for final reviews/checks).
This means that all interface elements (GUI’s, widgets, etc) as well as any text which requires translation may no longer be changed without approval from both Ken Moore and the documentation team (basically only things like bug fixes or spelling errors).
This is now the time to go through and perform any translations of the Lumina desktop in preparation for the release. You can see the current translation progress and help perform translations on the PC-BSD translations website.
We have also created a new tarball of the Lumina source tree on github (v1.0.0-Beta2) so that package distributors have time to audit their current build systems and ensure that the Lumina files/binaries are being packaged properly (please report any packaging issues ASAP so that we can adjust things as necessary). This is very important as a few binary names and install locations for files have changed, and some optional dependencies have changed as well (“compton” may be used instead of “xcompmgr” for example).

Kisumu digital library and DragonFly

There’s a new digital library in Kisumu, Kenya – and it’s running DragonFly for file storage.

The place to B... A Robot! | BSD Now 148

This week on the show, Allan & I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive a Robot! You won’t want to miss this one. That plus all the latest news, heading your way right now!

A Wild Dexter Appears! | BSD Now 149

Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus the latest news is heading your way right now on BSDNow, the place to B….SD!

A single function for creating a new port

In my two previous posts I talked about creating a new port and copying a port from head to a branch. The goal of this post is the creation of a new function: CreatePortOnBranch($category_name, $port_name, $CommitBranch) The failed start I started out with this stored procedure: Running it gave this message: # select CreatePort('sysutils', 'bacula-server', [...]

LibreSSL Package Repo

We are pleased to announce the availability of the LibreSSL package repo for 11-CURRENT/amd64. This repo is based off of the LibreSSL-in-base branch (hardened/current/master-libressl) that Bernard Spil has been working on. Going forward, along with providing binary updates for that branch via hbsd-update(8), we will also provide binary packages. We will also provide binary packages soon for the LibreSSL 10-STABLE branch (hardened/10-stable/master-libressl). Having both the feature branches along with package repos will allow us to investigate making LibreSSL the standard in HardenedBSD.
We would like to thank Bernard Spil for his continuous hard work. We're glad to have him on the team. Thanks to him, HardenedBSD is the first downstream FreeBSD project to have both LibreSSL in base along with a package repo that matches.

Code stuff


Interesting articles