BSD News 08/02/2016

Last week in BSD

Releases:AsiaBSDCon, FreeBSD, BSDnow, OPNsense, DragonFly BSD, LibertyBSD, Wallpaper
Other news: HardenedBSD, OPNsense


BSDSec


Releases 

New stable release: HardenedBSD-stable 10-STABLE v40.2

HardenedBSD-10-STABLE-v40.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
----------------------------------------
[freebsd] 10.3-BETA1
[freebsd] The zfsboot (zfs auto mode) part of bsdinstall now supports UEFI
[freebsd] bhyve windows support

OPNsense 16.1.1 released

OPNsense 16.1.2 released

Without fuzz, here are the full patch notes:
o ports: libressl 2.2.6[1], openssl 1.0.2f[2]
o intrusion prevention: add SSL fingerprint blacklist and other abuse lists (courtesy of abuse.ch[3])
o captive portal: limit the max vouchers per call
o captive portal: change voucher download filename to match group name
o captive portal: strip bad characters from group name
o captive portal: fix multiple voucher generation
o firewall: add rule categorisation tag field
o search: tweak padding to align with right visual boarder
o console: fix halt script to show product name again
o firmware: revoked the old 15.7 update fingerprint
o interfaces: fix VLAN edit page to show the correct page name
o squid: fix authentication script permission regression
o dashboard: remove non-authoriative hardware crypto probing
o system: do not accept an authentication server with an empty name
o system: added hint that device polling setting needs reboot (contributed by Olivier Paroz)
o system: assorted translation fixes (contributed by Fabian Franz)
o logging: unhide IGMP packets from firewall log view (contributed by Isaac Levy)

[1] http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.6-relnotes.txt
[2] https://www.openssl.org/news/secadv/20160128.txt
[3] https://www.abuse.ch/

o src: OpenSSL SSLv2 ciphersuite downgrade vulnerability[1]
o src: Fix packet forwarding in Hyper-V netvsc driver[2]
o src: Honour disabled pf(4) log flag on dropped packets with IP options[3]
o ports: curl 7.47.0[4], nettle 3.2[5]
o wizard: fix certificate generation for OpenVPN
o firewall: fix interface selection on post issues in floating rules
o firewall: make category filter multi-select for maximum convenience
o firewall: do not hide gateways from the gateway selection
o firewall: added null routes to the gateway selection
o firewall: rather than hiding associated nat rules, remove their edit and clone buttons so they can still be deleted manually
o dns resolver: fix $numprocs setting in config according to manual
o dns resolver: do not render illegal output for empty IPv6 addresses
o dhcp: applying static mappings with DNS resolver enabled no longer seems stuck in apply step
o search: resize box on focus and also propagate proxy server tabs
o system: fix inversion bug of the default pass logging setting
o captive portal: properly log messages to associated log file
o intrusion detection: can now add user rules based on SSL fingerprints and IP geolocation
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:11.openssl.asc
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630
[3] https://reviews.freebsd.org/D3222
[4] https://curl.haxx.se/changes.html
[5] https://fossies.org/diffs/nettle/3.1.1_vs_3.2/ChangeLog-diff.html

News

AsiaBSDCon 2016 registration open

AsiaBSDCon 2016 is happening in Tokyo, March 10-13.  Registration for it opens today.  The registration page isn’t up as I post this, but I assume very soon.  (via)

Initial FreeBSD RISC-V Architecture Port Committed

Ruslan Bukin, a research engineer at the University of Cambridge Computer Laboratory has committed kernel support for the FreeBSD RISC-V port to the  FreeBSD source tree. This is the latest in a series of commits including user space support, making his work at the University of Cambridge more accessible to the broader open-source hardware and software communities. RISC-V is an exciting new open-source Instruction-Set Architecture (ISA) developed at the University of California at Berkeley, which is seeing increasing interest in the embedded systems and hardware-software research communities. Ruslan’s work at Cambridge allows FreeBSD to boot on Berkeley’s Spike simulator, and makes the FreeBSD Project the first operating-system vendor to include formal, in-tree support the RISC-V architecture. Ruslan has recently given a talk on the FreeBSD port at the RISC-V workshop in the San Francisco Bay Area, and his work was highlighted in EE Times in January 2016.

The current FreeBSD RISC-V port is able to boot to multi-user mode on Spike, and allows a range of userspace commands and services such as SSH, mail delivery, and a user shell to run reliably. His next steps are to add multicore support to the port, and bring up FreeBSD on early hardware platforms becoming available for RISC-V, such as as FPGA simulations of the Cambridge’s open-source LowRISC System-on-Chip. FreeBSD ports and packages will appear over coming days allowing others in the community to reproduce the work, and making it easy for developers interested in contributing to the project to join the effort.

Ruslan’s work has been supported by the UK Higher Education Innovation Fund (HEIF5) and DARPA CTSRD project at the University of Cambridge, with participation in the RISC-V workshop supported by the FreeBSD Foundation. Other contributors to the FreeBSD RISC-V porting effort include Ed Maste (FreeBSD Foundation), Arun Thomas (BAE Systems), Andrew Turner (ABT Systems Ltd.), and Robert Watson (University of Cambridge). 
 

DNS, Black Holes & Willem | BSD Now 127

Today on the show, we welcome Allan back from FOSSDEM & enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD Now, the place to B...SD!
 

LibertyBSD

A "deblobbed" version of OpenBSD. So that you can get all of the benefits of OpenBSD, while being sure that there are no non-free blobs lurking in the depths of your system.

Slim for BSD

A modified version of SLiM for BSD systems.
 

Code stuff


Interesting articles



Wallpaper of the week 


SHARE

Jan Hovancik

software developer - guitar player - poetry lover