BSD News 31/08/2015

Last week in BSD

Releases: OPNsense
Other news:  OPNsense, LibreSSL, pfSense, OpenBSD, BSDnow, NextBSD, Wallpaper, NetBSD, DragonFly BSD



OPNsense 15.7.10 Released

Here are the full patch notes:
  • src: Multiple integer overflows in expat (libbsdxml) XML parser [1]
  • src: bumped tzdata to 2015f [2]
  • ports: curl 7.44.0 [3], ca_root_nss 3.20, openssh-portable 7.1p1_1 [4], sqlite3 [5], phalcon 2.0.7 [6], pcre 8.37_4 [7]
  • crash reporter: create custom reports on demand
  • certificates: ca generation issues with recent LibreSSL
  • dns resolver: switched to ports-based Unbound (1.5.4) as per FreeBSD handbook
  • menu: moved the crash reporter to system category for visibility
  • menu: added hot-plugging support for upcoming plugins
  • acl: added hot-plugging support for upcoming plugins
  • ipsec: fix faulty behaviour on configuration changes
  • console: switched halt and reboot numbering
  • languages: bring German to 51% completed
  • graphs: remove obsolete CPU graph pages 

OPNsense 15.7.11 Released

Here are the full patch notes:
  • dns resolver: switch unbound to use libevent to address “too many fds” log message
  • firmware: os-update package was renamed to opnsense-update so “os-“ can be our plugin prefix
  • firewall: fix alias page not being available due to a dirty config.xml sample entry
  • ipsec: fix pages throwing warnings due to a dirty config.xml sample entry
  • ipsec: fix hash algorithm and protocol settings behaviour
  • openvpn: honour TLS authentication disable
  • themes: fix theme selection fallback not working in new components
  • diagnostics: unhide routing table header


pfsense-tools is gone again, this time forever

As some have noticed, we’ve changed the build system for pfSense such that the very need for the pfsense-tools repo has been removed.
While the pfsense-tools repo still exists, it’s not used for pfSense version 2.3 and later.
The former structure, where a set of discrete patches were kept against a given version of the FreeBSD source and ports trees, has now been replaced by a system where those patches are kept on a vendor branch of these trees.  This improves both the process of bringing new versions of FreeBSD and ports to pfSense and the process of upstreaming changes we make to these.  By upstreaming, we make both FreeBSD and pfSense better.
These changes have been a long-time coming.  There has been sustained effort toward this type of setup since September 2012.
There are still many parts of the build scripts that need to change, and we will continue to improve these, along with the rest of pfSense software.  As one example of where we’re headed, after base-as-pkg is done in FreeBSD 11, with only a few more changes on our tree, we should be able to build pfSense using only the build tools from FreeBSD.

OpenBSD 5.8, Another Song

The second of an anticipated four songs for the OpenBSD 5.8 release has ben published, this one written and performed by Alexandre Ratchov ([email protected]). In the announcement he says:
For the 20th anniversary release of OpenBSD, I have contributed this
short sound track:

Beverly Hills 25519 | BSD Now 104

Coming up this week on the show, we'll be talking with Damien Miller of the OpenSSH team. We will be discussing some of the changes in their latest 7.0 release, including phasing out older crypto and changing one of the defaults that might surprise you.

Call for Testing: Using tame() in userland

Theo de Raadt ([email protected]) has just released a call for testing of an initial conversions of programs in OpenBSD base to use the tame(2) API:
This is for those of you interested in tame, and skilled enough to
play along.
Read more... 

Clarifying NextBSD's Near Term Expectations

A dissatisfied discussion of the NextBSD talk being "just marketing" was brought to my attention recently. The gist of it is that the premature publicity resulting from Jordan's recent BAFUG talk has inadverently created expectations that we're not delivering on.
What works (and does not) now:
  • The basic ecosystem of launchd, notifyd, asld, and libdispatch work.
  • These can be installed by cloning the NextBSD repo from github, building GENERIC or MACHTEST kernels, installing a new world on an existing 10.x or CURRENT system, and then following the instructions in the README.
  • Launchd will start the initial jobs that are part of the repo now.
  • At this moment the release ISO installer does not work due to an interaction between launchd and the environment created by make release for the installer.
What will work in the very near future:
  • Somewhere between this weekend and mid-September we will have the installer working. This means that an existing FreeBSD install won't be necessary to try out NextBSD. This is obviously pretty rudimentary and even before the unanticipated wave of interest a source of displeasure for me. Under 'Milestones' I refer to this as Milestone 0.
  • The remaining issues currently fall in to Milestone 1 and I expect to have them addressed by the end of September. At that time the system should, in some sense, be complete with future work being to convert rc and to tie notifyd in to potential consumers.

Code stuff

Wallpaper of the week



Jan Hovancik

software developer - guitar player - poetry lover