BSD News 09/02/2015

Last week in BSD
Releases: OPNsense, PC-BSD
Other news:  BSDSec, FreeBSD, pkg, DragonFly BSD, freeNAS, HardenedBSD, s2k15, OpenBSD


Reminder: FreeBSD 10.0 end-of-life approaching  
Changes to the FreeBSD Support Model  !!!


OPNsense version 15.1.4 Released 

It has been quite calm on the ports side of things, but there have been many commits in the core adding up to an incentive to upgrade as soon as possible. And, yes, there are patches addressing CVEs in FreeBSD. Here is the change log:
* FreeBSD-SA-15:02.kmem — CVE-2014-8612 —
* FreeBSD-SA-15:03.sctp — CVE-2014-8613 —
* time zone data updated to 2015a —
* sshd now uses the correct OpenSSH version
* fixed SSL certificate generation issue
* interfaces, unbound, certificates and NAT GUI fixes
* captive portal voucher key regeneration and OpenSSL usage fixed
The images can be found here:
The advised upgrade method is to boot from install media, recover your device configuration using the import configuration option, then do a quick/easy install (or a custom one if you did that previously).
Please note that the current firmware upgrade does *not* update the kernel and base system to fix the FreeBSD security advisories.

PC-BSD 10.1.1-Release  

notable Changes
* Brand new system updater which supports automatic background updating
of the system
* Many improvements to boot-environments and GRUB support for a wider
variety of setups
* Support for installation to a specific GPT partition and GPT
dual-booting improvements
* Conversion to Qt5 for all desktop utilities
* Fixes to using dtrace when booted from GRUB
* Re-write of Mount Tray utility, improves mounting of external media
* Support for full-disk encryption (without an unencrypted /boot) using
* More packages available for installation from DVD/USB/CD images via
“PC-BSD roles“
* New OVA files for virtual machines
* Misc bugfixes and improvements to utilities
* GNOME 3.14.1
* Cinnamon 2.4.2
* Lumina desktop 0.8.1
* Chromium 39.0.2171.95
* Firefox 35.0
* NVIDIA Driver 340.65
* Pkg 1.4.4
Getting media
10.1.1-RELEASE DVD/USB media can be downloaded from the following URL via
HTTP or Torrent.


 From the Foundation (Part 1) | BSD Now 75 

This week on the show, we'll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we'll talk about what all they've been up to lately. All this week's news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD.  

Encryption and Signing of HardenedBSD's main site and package repository 

Word got out that we didn't support SSL/TLS on our site due to lack of funding. A couple companies reached out to us to offer us free SSL/TLS certificates. Thanks to DigiCert, as of today, HardenedBSD's main site and package repository is now running SSL/TLS! We will update our Jenkins server with SSL/TLS over the next week. We've also started signing all the release media in our nightly builds with a GPG key created for the dev team. The GPG key's Key ID is 4BB5228E and its fingerprint is 2FB0 10E7 4676 C06C 23C5 7687 E57D 5B65 4BB5 228E.

Code stuff
More i915 upgrades
Many wireless updates 
Removal of ChaCha20 Import 
DragonFly and Git 
In Other BSDs for 2015/02/07 
Update to the i915 kernel driver 
On the OpenCL front 

Interesting articles
A Complete Guide to FreeNAS Hardware Design, Part I: Purpose and Best Practices  
A Complete Guide to FreeNAS Hardware Design, Part II: Hardware Specifics
pkg(8) passes coverity scans 
Why ZIL Size Matters (or Doesn't) 
s2k15: warming up


Jan Hovancik

software developer - guitar player - poetry lover