BSD News 23/03/15

Last week in BSD

Releases: pfSense, GhostBSD, DragonFly, BSDrp
Other news: BSDSec, FreeNAS, DragonFly, LibreSSL, NetBSD, AsiaBSDCon, BSDnow, OpenBSD, OpenSSH, HardenedBSD,


LibreSSL 2.1.5 released 
LibreSSL 2.1.6 released 
libxfont errata 
libre/openssl patches available 
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:06.openssl  
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:06.openssl [REVISED]  
NetBSD Security Advisory 2015-003: NTPd multiple vulnerabilities (CVE-2014-929[3-6]) 
NetBSD Security Advisory 2015-004: Two vulnerabilities in the compatibility layers  
NetBSD Security Advisory 2015-005: buffer overflow in libevent (CVE-2014-6272)  
NetBSD Security Advisory 2015-006: OpenSSL and SSLv3 vulnerabilities 



BSD Router Project

BSDRP 1.55 is out: It includes latest FreeBSD security fixes and pmacct.

2.2.1 RELEASE Now Available 

pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.

DragonFly 4.0.5 out 

I’ve tagged version 4.0.5 of DragonFly, and it’s available at your nearest mirror.  This revision is mostly to incorporate the newest OpenSSL security bump.

GhostBSD 10.1 Alpha 2 now available   

Changes and fix between 10.1-ALPHA1 and 10.1-ALPHA2 include:
  • The PCDM theme file as been fixed which was creating blinking black screen.
  • Macro windows decoration has been fixed.
  • The installer GPT partition problem has been found and fixed in pc-sysintall.
  • Some installer text error has been fix.
  • The user shell selection has been fix from the last change to have csh by default since fish have a bug from the ports.

Other news


 NetBSD ported to Hardkernel ODROID-C1

The Hardkernel ODROID-C1 is a quad-core ARMv7 development board that features an Amlogic S805 SoC (quad-core Cortex-A5 @ 1.5GHz), 1GB RAM and gigabit ethernet for $35 USD.
The ODROID-C1 is the first Cortex-A5 board supported by NetBSD. Matt Thomas ([email protected]) added initial Cortex-A5 support to the tree, and based on his work I added support for the Amlogic S805 SoC.
NetBSD -current (and soon 7.0) includes support for this board with the ODROID-C1 kernel.

Puffy in a Box | BSD Now 81

We're back from AsiaBSDCon! This week on the show, we'll be talking to Lawrence Teo about how Calyptix uses OpenBSD in their line of commercial routers. They're getting BSD in the hands of Windows admins who don't even realize it.  

Introducing NoExec 

Over the past few months, Oliver has been busy writing a new exploit mitigation feature for HardenedBSD: NoExec. The first part of this project was merged into master tree, and there are still ongoing issues to solve. Our implementation is inspired by PaX's. NoExec prevents pages that are marked as writable from being marked executable as well. It also prevents using mprotect(2) to change a non-executable page to an executable one. This, of course, can cause issues with applications that expect to be able to mark existing pages as executable. Firefox is a good example. You will need to either jail the application in a jail with NoExec turned off or use secadm to turn off NoExec for that application.
This feature bumps the HardenedBSD version number up to 17. We're doing a new package build as well. You'll also get some applications built as Position-Independent Executables (PIEs) with this package build.

Donation request for network SMP development 

 Martin Pieuchot ([email protected]) writes in about what's needed for further SMP improvements in the network stack:
If you've been following my contributions to OpenBSD's kernel, you already know that in the past years I've been working on the Network Stack to make it more SMP friendly. All the network hackers present at s2k15 agreed to volunteer me to work on the next step: properly integrate the pseudo-drivers (carp(4), vlan(4), trunk(4)...) in order to take ether_input() out of the kernel lock.
Read more... 

bsdtalk252 - with Brian Callahan  

An interview with admin Brian Callahan. is a free shell provider that runs on OpenBSD.
File Info: 18Min, 8MB.
Ogg Link:

Code stuff

DRM 3.8 update committed 
New sshlockout option 
OpenSSH 6.8 Released
In Other BSDs for 2015/03/21 

Interesting articles

The FreeNAS Hardware Guide You’ve Asked For | Does ZIL Size Matter? Issue #18 
Unifying Mesa ports’ configure 
AsiaBSDCon 2015 Recap

Wallpaper of the week


as found at


Jan Hovancik

software developer - guitar player - poetry lover