BSD News 01/09/2014

Last week in BSD
Releases: pfSense, HardenedBSD
Other news: DragonFly BSD, FreeBSD, libvrt, Lumina Desktop, nginx, OpenBSD, PC-BSD, VMWare, ZFS, NetBSD, BSDSec, BSDTalk, MidnightBSD, BSDnow


pfSense2.1.5 RELEASE Now Available 

The 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.

New Build of HardenedBSD 

We've just published a new build, so head on over to the Latest Builds page to check it out. The new build contains a new HardenedBSD-only change (so a change we will not upstream) that adds a sysctl tunable to fully disable mmap(MAP_32BIT) support on amd64. Mappings that reside only in the 32bit address space don't have enough bits to randomize, so disabling this feature entirely removes one more attack vector. Now that pkg 1.3.7 is out, we're building our first pkg repo. Over time, we'll apply security-centric patches to the ports tree and this pkg repo will be a good developmental/test repo. My next goal is to automate the build process so we can have nightly builds of base and weekly (or semi-weekly) builds of ports.

Other news

DragonFly: New kernel and new target

You should perform a full world and kernel install if on master.
Several people (including me) have been getting bit by a problem: when performing an installworld with a changed kernel, the vn kernel module is loaded, but it was built by the previous kernel and may cause problems when it doesn’t match up.
To fix that, vn is now built in, instead of being a separate module.  The rescue initrd (which is what is being mounted when it has this problem) is now installed via a ‘make rescue‘ command that can wait until a successful installworld and reboot.
 PC-BSD 10.0.3 Preview: Lumina Desktop

As we are getting ready for PC-BSD 10.0.3, I wanted to share a little preview of what to expect with the Lumina desktop environment as you move from version 0.4.0 to 0.6.2.

ZFS support in libvirt

An upcoming release of libvirt, 1.2.8 that should be released early September, will include an initial support of managing ZFS volumes.
That means that it's possible to boot VMs and use ZFS volumes as disks. Additionally, it allows to control volumes using the libvirt API. Currently, supported operations are:
  • list volumes in a pool
  • create and delete volumes
  • upload and download volumes
It's not possible to create and delete pools yet, hope to implement that in the next release.

Heads Up: Nginx Removed From Base OpenBSD 
With this commit, Robert Nagy ([email protected]) removed nginx(8) from base:

Log message:
remove nginx from the base system in favor of OpenBSD's own httpd(8)

bsdtalk244 – The Lumina Desktop Environment with Ken Moore 

An interview with Ken Moore about the Lumina Desktop Environment.File Info: 28Min, 14MB.
Ogg Link:

Reverse Takeover | BSD Now 52   

Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD.
After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now, the place to B.. SD.

FreeBSD Foundation announces IPsec Enhancement Project 

The Internet Protocol Security (IPsec) suite is used to implement virtual private networks on FreeBSD and other operating systems. As the networking world continues its transition from 1 to 10, to 40 gigabit per second speeds, and faster, improvements in IPsec’s cryptographic building blocks are necessary to keep pace. The FreeBSD Foundation is pleased to announce that long-time FreeBSD developer John-Mark Gurney is adding modern AES modes to FreeBSD’s cryptographic framework and IPsec. This project is co-sponsored by the FreeBSD Foundation and Netgate, a leading vendor of BSD-based firewalls and networking gear.

Some MidnightBSD news

0.5-CURRENT is building again.
PostgreSQL 9 mport updated to 9.0.18
Another bug was fixed where ports using unzip were using the wrong path to unzip.
A bug was fixed today with any ports using gmake. In some cases, gmake was not being used to build.

It is strongly recommended that you reinstall all perl ports if you're tracking current and update. Perl was updated in base recently.

Interesting articles
VMWare Tools on FreeBSD 10 
Time Machine backups on FreeBSD 10  
BSDNow Interview 

SpiderOak installation into a Jail (FreeNas 9.2)

Code stuff
NetBSD Security Advisory 2014-008: Multiple OpenSSL vulnerabilities 
NetBSD Security Advisory 2014-009: Multiple vulnerabilities in the execve system call 
NetBSD Security Advisory 2014-010: Multiple vulnerabilities in the compatibility layers 
NetBSD Security Advisory 2014-011: User-controlled memory allocation in the modctl system call 
Special procedure to update pkg 1.3.6 
In Other BSDs for 2014/08/30 

Jan Hovancik

software developer - guitar player - poetry lover