BSD News 18/04/2016

Last week in BSD

Releases: pfSense, OPNsense
Other news: BSDSec, HardenedBSD, freeNAS, xhyve, FreeBSD




pfSense 2.3-RELEASE

The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on  a wide range of devices from desktop to mobile phones.
For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
The full list of changes is on the 2.3 New Features and Changes page.
To get to a release, we’ve closed 760 total tickets.  While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.
Downloads for New Installs
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

OPNsense 16.1.9 released

There is tremendous progress in the translations. It just so happens that we now have a comprehensive Russian translation as well which is going to be completed in the upcoming weeks. Many thanks to Smart-Soft Ltd. for making this happen. The contender is Japanese through the work of Chie Taguchi, who did most of the translation that we have had for a year. It is going to be a close race to the finish line for both languages. Then again, the whole translation team is doing an amazing job.
As polarising as it may be, we have added HTTPS support in the proxy server. Another noteworthy item is StrongSwan 5.4.0, which helps to address IPSec status page hangs that some have observed with complex setups. We are looking for feedback for these items, please do write in.

OPNsense 16.1.10 released

It has been a quite uneventful week. Suricata and Squid have been
upgraded to their latest versions and you can find their individual
change logs below. The next part of the Russian translation brings
it to number one with a dreamy 83% completed. Otherwise only small
fixes and improvements have been made and those will not even require
a reboot.

OPNsense 16.1.11 released

We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability, which shows us the good path we have been on since we started[1] and we will surely continue this security-aware trend.
In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed.


Introducing Full PIE Support

We at HardenedBSD have added support in 11-CURRENT for compiling nearly all of base as Position-Independent Executables (PIEs, for short). This work bumps hardening.version to 45. We've enabled PIE base for amd64 and i386 and hope to enable it for arm64 before or during BSDCan 2016. Compiling an application as a PIE enables it to take full advantage of ASLR. Without PIE support, the application itself is loaded at a fixed address, determined at compile time. As of this writing, only nine applications are not compiled as PIEs. At least two of them must stay that way (/sbin/init and /sbin/init.bak), so that leaves the outstanding list at seven. This is a huge leap forward for HardenedBSD. We have tested PIE base on several amd64 systems, both virtualized and bare metal. We have done multiple amd64 package builds with success. We would like to thank Bryan Drewery for his help.
An hbsd-update(8) update archive has been published for 11-CURRENT/amd64 with the "PIEified" base. Update at your leisure.
PIE base is enabled by default for amd64 and i386. We hope to enable it for ARM64 before or during BSDCan. Speaking of ARM64, we will be bringing ten Raspberry Pi 3 devices (which are ARM64) with us to BSDCan, eight of which will be given out to lucky individuals. We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.

FreeNAS Mini XL | BSD Now 137

This week on BSD Now, I’m out of town for the week, but we have a special unboxing video to share with you that you won’t want to miss. That, plus the latest BSD news, is coming your way right now!

Code stuff

Interesting articles

Wallpaper of the week 


Jan Hovancik

software developer - guitar player - poetry lover