Releases: pfSense, HardenedBSD
Other news: DragonFly BSD, FreeBSD, libvrt, Lumina Desktop, nginx, OpenBSD, PC-BSD, VMWare, ZFS, NetBSD, BSDSec, BSDTalk, MidnightBSD, BSDnow
Releases
pfSense2.1.5 RELEASE Now Available
The 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.
- pfSense-SA-14_14.openssl
- See http://www.openssl.org/news/secadv_20140806.txt
- Updated to OpenSSL 0.9.8zb and 1.0.1i
- pfSense-SA-14_15.webgui
- pfSense-SA-14_16.webgui
- pfSense-SA-14_17.webgui
New Build of HardenedBSD
We've just published a new build, so head on over to the Latest Builds page to check it out. The new build contains a new HardenedBSD-only change (so a change we will not upstream) that adds a sysctl tunable to fully disable mmap(MAP_32BIT) support on amd64. Mappings that reside only in the 32bit address space don't have enough bits to randomize, so disabling this feature entirely removes one more attack vector. Now that pkg 1.3.7 is out, we're building our first pkg repo. Over time, we'll apply security-centric patches to the ports tree and this pkg repo will be a good developmental/test repo. My next goal is to automate the build process so we can have nightly builds of base and weekly (or semi-weekly) builds of ports.
Other news
DragonFly: New kernel and new target
You should perform a full world and kernel install if on master.
Several people (including me) have been getting bit by a problem: when performing an installworld with a changed kernel, the vn kernel module is loaded, but it was built by the previous kernel and may cause problems when it doesn’t match up.
To fix that, vn is now built in, instead of being a separate module. The rescue initrd (which is what is being mounted when it has this problem) is now installed via a ‘make rescue‘ command that can wait until a successful installworld and reboot.
As we are getting ready for PC-BSD 10.0.3, I wanted to share a little preview of what to expect with the Lumina desktop environment as you move from version 0.4.0 to 0.6.2.
ZFS support in libvirt
An upcoming release of libvirt, 1.2.8 that should be released early September, will include an initial support of managing ZFS volumes.
That means that it's possible to boot VMs and use ZFS volumes as disks. Additionally, it allows to control volumes using the libvirt API. Currently, supported operations are:
- list volumes in a pool
- create and delete volumes
- upload and download volumes
Heads Up: Nginx Removed From Base OpenBSD
With this commit, Robert Nagy (robert@) removed nginx(8) from base:
Log message:Read more...
remove nginx from the base system in favor of OpenBSD's own httpd(8)
bsdtalk244 – The Lumina Desktop Environment with Ken Moore
An interview with Ken Moore about the Lumina Desktop Environment.File Info: 28Min, 14MB.
Ogg Link: https://archive.org/download/bsdtalk244/bsdtalk244.ogg
Reverse Takeover | BSD Now 52
Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD.
After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now, the place to B.. SD.
FreeBSD Foundation announces IPsec Enhancement Project
The Internet Protocol Security (IPsec) suite is used to implement virtual private networks on FreeBSD and other operating systems. As the networking world continues its transition from 1 to 10, to 40 gigabit per second speeds, and faster, improvements in IPsec’s cryptographic building blocks are necessary to keep pace. The FreeBSD Foundation is pleased to announce that long-time FreeBSD developer John-Mark Gurney is adding modern AES modes to FreeBSD’s cryptographic framework and IPsec. This project is co-sponsored by the FreeBSD Foundation and Netgate, a leading vendor of BSD-based firewalls and networking gear.
After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now, the place to B.. SD.
FreeBSD Foundation announces IPsec Enhancement Project
The Internet Protocol Security (IPsec) suite is used to implement virtual private networks on FreeBSD and other operating systems. As the networking world continues its transition from 1 to 10, to 40 gigabit per second speeds, and faster, improvements in IPsec’s cryptographic building blocks are necessary to keep pace. The FreeBSD Foundation is pleased to announce that long-time FreeBSD developer John-Mark Gurney is adding modern AES modes to FreeBSD’s cryptographic framework and IPsec. This project is co-sponsored by the FreeBSD Foundation and Netgate, a leading vendor of BSD-based firewalls and networking gear.
Some MidnightBSD news
0.5-CURRENT is building again.
PostgreSQL 9 mport updated to 9.0.18
Another bug was fixed where ports using unzip were using the wrong path to unzip.
A bug was fixed today with any ports using gmake. In some cases, gmake was not being used to build.
It is strongly recommended that you reinstall all perl ports if you're tracking current and update. Perl was updated in base recently.
Interesting articles
VMWare Tools on FreeBSD 10
Time Machine backups on FreeBSD 10
BSDNow Interview
SpiderOak installation into a Jail (FreeNas 9.2)
Code stuff
NetBSD Security Advisory 2014-008: Multiple OpenSSL vulnerabilities
NetBSD Security Advisory 2014-009: Multiple vulnerabilities in the execve system call
NetBSD Security Advisory 2014-010: Multiple vulnerabilities in the compatibility layers
NetBSD Security Advisory 2014-011: User-controlled memory allocation in the modctl system call
Special procedure to update pkg 1.3.6
In Other BSDs for 2014/08/30
0 comments:
Post a Comment