BSD News 02/03/2015

Last week in BSD
Releases: OPNsense
Other news: DragonFly BSD, BSDSec, SCALE, pfSense, OpenBSD, ZFS, m0n0wall, BSDTalk

FreeBSD Security Advisory FreeBSD-SA-15:05.bind
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp 


OPNsense version Released 
OPNsense version 15.1.7 Released 

Change Log
  • Don’t clobber user and group settings when running opnsense-update. Caused e.g. dhcpd to refuse operation.
  • Fix a regression that would prevent e.g. sshd from starting.
  • Install opnsense-update by default.

This is the official change log for 15.1.7:
  • Merged the latest FreeBSD 10.1-p6 patches:
    • —Fix integer overflow in IGMP protocol. (SA-15:04)
      —Fix vt(4) crash with improper ioctl parameters. (EN-15:01)
      —Updated base system OpenSSL to 1.0.1l. (EN-15:02)
      —Fix freebsd-update libraries update ordering issue. (EN-15:03)
  • Disabled OpenSSH’s High Performance SSH/SCP and None-Cipher extensions to follow up on several security-related discussions.
  • Switched from a heavy Bind installation to a lightweight one to reduce attack surface.
  • Removed and replaced the legacy `check_reload_status’ daemon with a Python-based rewrite.
  • Fixed the auto-login console lockout regression introduced in
  • Fixed a problem associated with OpenVPN not being able to read passwords from files.
  • Notable ports upgrades: bind-tools 9.10.2, strongswan 5.2.2_1, curl 7.41 plus our LibreSSL fixes for mpd4/mpd5/libpdel.
  • Removed PHP-FPM remnants from IPv6 and OpenVPN scripts.
  • Fixed several OpenSSL invokes to use the latest port version as opposed to the base version.
  • Improved memory/disc/swap usage on the dashboard.
  • Properly set DNS Resolver Advanced defaults.
  • Fixed append of custom Unbound scrips.
  • Modified the root menu shell to pass through to a real shell when arguments are given.
  • Zapped the spurious “Array” prefix in user-defined aliases.
  • Moved the bogons files fetch location to a local mirror.
  • The core.git development boot hook has been improved to properly include /usr/local/etc/rc changes.
  • All of our packages are now annotated as coming from our mirror as well as additional safeguards potentially allowing you to use additional FreeBSD packages on top of OPNsense.

Other news 

Final message - mailing list and forum frozen

As announced earlier, the m0n0wall mailing list and forum are now frozen. This is the final message, and I would like to take the opportunity to thank all those who have sent me emails with kind words and expressions of gratitude. They were too numerous for me to reply to individually, but they were all very much appreciated!
There have been some questions on what the way forward is for current m0n0wall users. If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall.
For a more feature-rich alternative that is still based on FreeBSD and has the same roots, both pfSense and OPNsense (which is a fork of the former) are excellent choices. They have higher hardware requirements than m0n0wall, but on the other hand, a lot of new embedded hardware has recently become available, with 2 GB or more of memory and 1 GHz or faster CPUs, at a similar price as earlier platforms. It makes sense (pun intended) to use these additional resources - something that m0n0wall hasn't been particularly good at in recent times. Just keep that in mind for your next hardware upgrade.

DragonFly GUI resurrected 

Michael Neumann has switched out pkgsrc packages for dpkg packages for building DragonFly with a GUI.  There’s no built image to download right now, but I’m optimistic the next release will have it.  You can build it now on a DragonFly system using src/nrelease.  With all this video work going in lately, it will give us something to show.

OpenBSD Foundation 2014/2015 News & Fundraising

Ken Westerback ([email protected]) wrote in on behalf of the OpenBSD Foundation to let us know what happened last year, and what's in store for us now:
2014 was the most successful year to date for the OpenBSD Foundation. Both in the amount of money we raised and in the support we provided for the OpenBSD and related projects. We are extremely grateful for the support shown by our contributers large and small.
A detailed summary of the Foundation's activities in 2014 can be seen at
But here are some highpoints.

From the Foundation (Part 2) | BSD Now 78 

This week we continue our two-part series on the activities of various BSD foundations. Ken Westerback joins us today to talk all about the OpenBSD foundation and what it is they do. We've also got answers to your emails and all the latest news, on BSD Now - the place to B.. SD.

bsdtalk251 - Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon 

 A talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon

File info: 47Min, 22MB

Ogg link:

Code stuff
Radeon updates, too 
Did you upgrade DragonFly on the 25th? 
 In Other BSDs for 2015/02/28 

Interesting articles
SCALE 13x Trip Report: Michael Dexter 
SCALE 2015 Recap 
Further (a roadmap for pfSense)   
FreeBSD From the Trenches: ZFS, and How to Make a Foot Cannon 

Wallpaper of the week

as fount at


Jan Hovancik

software developer - guitar player - poetry lover