BSD News 08/02/2016

BSD News 08/02/2016

Last week in BSD

Releases:AsiaBSDCon, FreeBSD, BSDnow, OPNsense, DragonFly BSD, LibertyBSD, Wallpaper
Other news: HardenedBSD, OPNsense


BSDSec


Releases 

New stable release: HardenedBSD-stable 10-STABLE v40.2

HardenedBSD-10-STABLE-v40.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
----------------------------------------
[freebsd] 10.3-BETA1
[freebsd] The zfsboot (zfs auto mode) part of bsdinstall now supports UEFI
[freebsd] bhyve windows support

OPNsense 16.1.1 released

OPNsense 16.1.2 released

Without fuzz, here are the full patch notes:
o ports: libressl 2.2.6[1], openssl 1.0.2f[2]
o intrusion prevention: add SSL fingerprint blacklist and other abuse lists (courtesy of abuse.ch[3])
o captive portal: limit the max vouchers per call
o captive portal: change voucher download filename to match group name
o captive portal: strip bad characters from group name
o captive portal: fix multiple voucher generation
o firewall: add rule categorisation tag field
o search: tweak padding to align with right visual boarder
o console: fix halt script to show product name again
o firmware: revoked the old 15.7 update fingerprint
o interfaces: fix VLAN edit page to show the correct page name
o squid: fix authentication script permission regression
o dashboard: remove non-authoriative hardware crypto probing
o system: do not accept an authentication server with an empty name
o system: added hint that device polling setting needs reboot (contributed by Olivier Paroz)
o system: assorted translation fixes (contributed by Fabian Franz)
o logging: unhide IGMP packets from firewall log view (contributed by Isaac Levy)

[1] http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.6-relnotes.txt
[2] https://www.openssl.org/news/secadv/20160128.txt
[3] https://www.abuse.ch/

o src: OpenSSL SSLv2 ciphersuite downgrade vulnerability[1]
o src: Fix packet forwarding in Hyper-V netvsc driver[2]
o src: Honour disabled pf(4) log flag on dropped packets with IP options[3]
o ports: curl 7.47.0[4], nettle 3.2[5]
o wizard: fix certificate generation for OpenVPN
o firewall: fix interface selection on post issues in floating rules
o firewall: make category filter multi-select for maximum convenience
o firewall: do not hide gateways from the gateway selection
o firewall: added null routes to the gateway selection
o firewall: rather than hiding associated nat rules, remove their edit and clone buttons so they can still be deleted manually
o dns resolver: fix $numprocs setting in config according to manual
o dns resolver: do not render illegal output for empty IPv6 addresses
o dhcp: applying static mappings with DNS resolver enabled no longer seems stuck in apply step
o search: resize box on focus and also propagate proxy server tabs
o system: fix inversion bug of the default pass logging setting
o captive portal: properly log messages to associated log file
o intrusion detection: can now add user rules based on SSL fingerprints and IP geolocation
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:11.openssl.asc
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630
[3] https://reviews.freebsd.org/D3222
[4] https://curl.haxx.se/changes.html
[5] https://fossies.org/diffs/nettle/3.1.1_vs_3.2/ChangeLog-diff.html

News

AsiaBSDCon 2016 registration open

AsiaBSDCon 2016 is happening in Tokyo, March 10-13.  Registration for it opens today.  The registration page isn’t up as I post this, but I assume very soon.  (via)

Initial FreeBSD RISC-V Architecture Port Committed

Ruslan Bukin, a research engineer at the University of Cambridge Computer Laboratory has committed kernel support for the FreeBSD RISC-V port to the  FreeBSD source tree. This is the latest in a series of commits including user space support, making his work at the University of Cambridge more accessible to the broader open-source hardware and software communities. RISC-V is an exciting new open-source Instruction-Set Architecture (ISA) developed at the University of California at Berkeley, which is seeing increasing interest in the embedded systems and hardware-software research communities. Ruslan’s work at Cambridge allows FreeBSD to boot on Berkeley’s Spike simulator, and makes the FreeBSD Project the first operating-system vendor to include formal, in-tree support the RISC-V architecture. Ruslan has recently given a talk on the FreeBSD port at the RISC-V workshop in the San Francisco Bay Area, and his work was highlighted in EE Times in January 2016.

The current FreeBSD RISC-V port is able to boot to multi-user mode on Spike, and allows a range of userspace commands and services such as SSH, mail delivery, and a user shell to run reliably. His next steps are to add multicore support to the port, and bring up FreeBSD on early hardware platforms becoming available for RISC-V, such as as FPGA simulations of the Cambridge’s open-source LowRISC System-on-Chip. FreeBSD ports and packages will appear over coming days allowing others in the community to reproduce the work, and making it easy for developers interested in contributing to the project to join the effort.

Ruslan’s work has been supported by the UK Higher Education Innovation Fund (HEIF5) and DARPA CTSRD project at the University of Cambridge, with participation in the RISC-V workshop supported by the FreeBSD Foundation. Other contributors to the FreeBSD RISC-V porting effort include Ed Maste (FreeBSD Foundation), Arun Thomas (BAE Systems), Andrew Turner (ABT Systems Ltd.), and Robert Watson (University of Cambridge). 
 

DNS, Black Holes & Willem | BSD Now 127

Today on the show, we welcome Allan back from FOSSDEM & enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD Now, the place to B...SD!
 

LibertyBSD

A "deblobbed" version of OpenBSD. So that you can get all of the benefits of OpenBSD, while being sure that there are no non-free blobs lurking in the depths of your system.

Slim for BSD

A modified version of SLiM for BSD systems.
 

Code stuff


Interesting articles



Wallpaper of the week 


BSD News 01/02/2016

BSD News 01/02/2016

Last week in BSD

Releases: OPNsesne, HardenedBSD
Other news:Talks, HardenedBSD, NetBSD, Minix, FreeBSD, DragonFly BSD, ZFS, HardenedBSD, PC-BSD, OPNsense, LibreSSL, BSDSec, BSDTalk

BSDSec


Releases 

OPNsense 16.1 Released

It has been more than a year since OPNsense first came out. Back then it was FreeBSD 10.0. Not even two months after, 10.1 was introduced along with the opnsense-update utility. Today is the day for FreeBSD 10.2, the latest and greatest release currently available for broader driver support and stability improvements. 16.1 is nick-named “Crafty Coyote” in honour of our beloved childhood TV sessions. It is the accumulation of 6 months of work, having had our focus on reengineering the captive portal, native intrusion prevention, plugin support, and transforming the reporting frontend into something more modern and flexible just to name a few[1]. Apart from the recently published security advisories (see patch notes below), we have included a quick navigation feature which can be activated by pressing (TAB) followed by search keywords and hitting (ENTER) to go to the desired page. Last but not least, a larger batch of improvements and fixes went into assorted sections of the GUI that certainly help to get your work done without ending up dazed and confused.
 

HardenedBSD New development versions.

New stable versions: HardenedBSD-stable 10-STABLE and 11-CURRENT v40

New stable versions: HardenedBSD-stable 10-STABLE and 11-CURRENT v40.1

HardenedBSD-10-STABLE-v40.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
---------------------------------------
[hardenedbsd] HBSD: Don't check for ZFS KLD when non-root.
[hardenedbsd] HBSD: Harden KLD-related syscalls
[hardenedbsd] HBSD: Add /proc to the hbsd-update's skipped files list.
[hardenedbsd/freebsd] HBSD: ktrace: tidy up ktrstruct
[freebsd] Merge OpenSSL 1.0.1r.
[freebsd] Add EFI ZFS boot support
[freebsd] e1000 driver update
HardenedBSD-11-CURRENT-v40.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
------------------------------------------
[hardenedbsd] HBSD: Don't check for ZFS KLD when non-root.
[freebsd] Merge OpenSSL 1.0.2f. (SA candidate)
[hardenedbsd] HBSD: Add /proc to the installer's skipped files list.

News

A Reimplementation of NetBSD Using a Microkernel

This talk covers some of the history of Minix 3, what it is and why Andrew started the project, and how after years of fighting it why he realized that Minix 3 should be more like BSD than being its own thing.
Join the discussion  on site. 

New Member - CTurt

We've added a new member to the HardenedBSD team! CTurt will be working with us to research, exploit, and produce patches for kernel-level vulnerabilities. We'll be working on getting these kernel security enhancements upstreamed to FreeBSD after the fixes have been deemed stable in HardenedBSD first.

License corrections for DragonFly

This has no effect on the actual operation of DragonFly, but it makes me feel better that it’s done: Rimvydas Jasinskas has gone through DragonFly source and removed the unnecessary 3rd BSD license clause, which is no longer needed.

illuminating the future on PC-BSD | BSD Now 126

This week on BSDNow, we are going to be talking to Ken Moore about the Lumina desktop environment, where it stands now and looking ahead. Then Allan turns the tables and interviews both myself and Ken about new ongoings in PC-BSD land. Stay tuned, lots of exciting show is coming your way right now on BSDNow, the place to B...SD!
 

bsdtalk261 - Jails and System Management with Kris Moore

An interview with Kris Moore about the Warden jail management system, iocage, and progress on a new system management API.

File Info: 30Min, 14MB.

Ogg Link: https://archive.org/download/BSDTalk261/BSDTalk261.ogg 

Code stuff 


Interesting articles

Wallpaper of the week 

 from http://hdw.eweb4.com/out/637260.html

BSD News 18/01/2016

BSD News 18/01/2016

Last week in BSD

Releases:OPNsense, MidnightBSD
Other news: OPNsense, FreeBSD, DragonFly BSD, DiscoverBSD, Talks, BSDSec, BSDNow, Wallpaper

BSDSec

 

Releases 


OPNsense 15.7.24 Released

Most notably, the firewall pages received a lot of subtle tweaks to improve user experience. Secondly, the firmware pages gained the plugins management feature. And last but not least, the kernel and base upgrade gained better signature support[1] that ties right into FreeBSD’s pkg verification mechanism, how cool is that!


News 


[OS X] Unleash your inner console cowboy

2 weeks has passed since the first video on DiscoverBSD talks, so it's about time for the new one.

Last time we were watching Early days of Unix and design of sh presented by Stephen R. Bourne at BSDCan 2015 so when I found presentation called Unleash your inner console cowboy, I was quite happy that we can continue in similar topic.

So second video of 2016 is:
Unleash your inner console cowboy presented by Kenneth Geisshirt at ├średev 2015
This talk will go through how to use the command-line/terminal/shell efficiently (key bindings, pipes, redirection, etc.), and general patterns and pitfall in shell scripting will be discussed (checking if a file exists, looping, etc.). To feel the real power of OS X, knowing how to write shell scripts is essential.
I hope that you will join me in discussion.


Get your engine(x) started! | BSD Now 124

This week on the show, we have a very full news roster to rundown, plus an oldie, but goodie with Igor of the nginx project. That plus all your questions and feedback, keep it tuned to BSDNow, the place to B...SD.
 

OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778

This is the most serious bug you'll hear about this week: the issues identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778. An early heads up came from Theo de Raadt in this mailing list posting.
Until you are able to patch affected systems, the recommended workaround is to use
# echo -e 'Host *\nUseRoaming no' >> /etc/ssh/ssh_config
That is, add the option UseRoaming no to your /etc/ssh/ssh_config (or your user's ~/.ssh/config) file, or start your ssh client with -oUseRoaming=no included on the commandline.
We will be updating this article with more information as it becomes available. Read more...


Code stuff 


Xen Support Enabled in OpenBSD -current

Interesting articles


Wallpaper of the week 

 
from http://technology.desktopnexus.com/wallpaper/8275/

[OS X] Unleash your inner console cowboy

[OS X] Unleash your inner console cowboy
2 weeks has passed since the first video on DiscoverBSD talks, so it's about time for the new one.

Last time we were watching Early days of Unix and design of sh presented by Stephen R. Bourne at BSDCan 2015 so when I found presentation called Unleash your inner console cowboy, I was quite happy that we can continue in similar topic.

So second video of 2016 is:

Unleash your inner console cowboy presented by Kenneth Geisshirt at ├średev 2015

This talk will go through how to use the command-line/terminal/shell efficiently (key bindings, pipes, redirection, etc.), and general patterns and pitfall in shell scripting will be discussed (checking if a file exists, looping, etc.). To feel the real power of OS X, knowing how to write shell scripts is essential.
I hope that you will join me in discussion

BSD News 11/01/2016

BSD News 11/01/2016

Last week in BSD

Releases: none
Other news:DragonFly BSD, OpenBSD, BSDnow, BSDnow, FreeBSD, PC-BSD,


BSDSec

seems to be no warnings

Releases

seems to be none

News 

opensource.com PC-BSD review

Joshua Allen Holm of opensource.com gave PC-BSD an awesome review on their web blog!   Head on over and check it out!   Make sure to comment on their blog to show your thanks for supporting PC-BSD.
https://opensource.com/life/15/12/bsd-desktop-user-review-pc-bsd

ZFS in the trenches | BSD Now 123

This week on BSDNow, we will be talking shop with Josh Paetzel of FreeNAS fame, hearing about his best dos and don'ts of using ZFS in production. Also, a quick look back at 2015 & lots of stuff to start talking about for 2016; Welcome to another exciting year of BSD Now!

New ports utility for DragonFly: Synth

John Marino has opened up his new utility for testing: Synth.  It’s made for building custom package repositories, similar to poudriere, but much less setup work.  If you’ve ever said “I like binary installs, but I want my own build options”, this is for you.  The README includes screenshots to show all the things it can do.
 

Code stuff


Interesting articles

openbsdjumpstart.org

Wallpaper of the week 

 from http://kde-look.org/