Last week in BSD
Releases: OPNsenseOther news: OPNsense, LibreSSL, pfSense, OpenBSD, BSDnow, NextBSD, Wallpaper, NetBSD, DragonFly BSD
BSDSec
Releases
OPNsense 15.7.10 Released
Here are the full patch notes:- src: Multiple integer overflows in expat (libbsdxml) XML parser [1]
- src: bumped tzdata to 2015f [2]
- ports: curl 7.44.0 [3], ca_root_nss 3.20, openssh-portable 7.1p1_1 [4], sqlite3 3.8.11.1 [5], phalcon 2.0.7 [6], pcre 8.37_4 [7]
- crash reporter: create custom reports on demand
- certificates: ca generation issues with recent LibreSSL
- dns resolver: switched to ports-based Unbound (1.5.4) as per FreeBSD handbook
- menu: moved the crash reporter to system category for visibility
- menu: added hot-plugging support for upcoming plugins
- acl: added hot-plugging support for upcoming plugins
- ipsec: fix faulty behaviour on configuration changes
- console: switched halt and reboot numbering
- languages: bring German to 51% completed
- graphs: remove obsolete CPU graph pages
OPNsense 15.7.11 Released
Here are the full patch notes:- dns resolver: switch unbound to use libevent to address “too many fds” log message
- firmware: os-update package was renamed to opnsense-update so “os-“ can be our plugin prefix
- firewall: fix alias page not being available due to a dirty config.xml sample entry
- ipsec: fix pages throwing warnings due to a dirty config.xml sample entry
- ipsec: fix hash algorithm and protocol settings behaviour
- openvpn: honour TLS authentication disable
- themes: fix theme selection fallback not working in new components
- diagnostics: unhide routing table header
News
pfsense-tools is gone again, this time forever
As some have noticed, we’ve changed the build system for pfSense such that the very need for the pfsense-tools repo has been removed.While the pfsense-tools repo still exists, it’s not used for pfSense version 2.3 and later.
The former structure, where a set of discrete patches were kept against a given version of the FreeBSD source and ports trees, has now been replaced by a system where those patches are kept on a vendor branch of these trees. This improves both the process of bringing new versions of FreeBSD and ports to pfSense and the process of upstreaming changes we make to these. By upstreaming, we make both FreeBSD and pfSense better.
These changes have been a long-time coming. There has been sustained effort toward this type of setup since September 2012.
There are still many parts of the build scripts that need to change, and we will continue to improve these, along with the rest of pfSense software. As one example of where we’re headed, after base-as-pkg is done in FreeBSD 11, with only a few more changes on our tree, we should be able to build pfSense using only the build tools from FreeBSD.
OpenBSD 5.8, Another Song
The second of an anticipated four songs for the OpenBSD 5.8 release has
ben published, this one written and performed by Alexandre Ratchov
(ratchov@). In the announcement he says:
For the 20th anniversary release of OpenBSD, I have contributed thisRead more...
short sound track:
http://www.openbsd.org/lyrics.html#58b
Beverly Hills 25519 | BSD Now 104
Coming up this week on the show, we'll be talking with Damien
Miller of the OpenSSH team. We will be discussing some of the changes in
their latest 7.0 release, including phasing out older crypto and
changing one of the defaults that might surprise you.
Call for Testing: Using tame() in userland
Theo de Raadt (deraadt@) has just
released
a call for testing of an initial conversions of programs in OpenBSD base
to use the
tame(2)
API:
Read more...This is for those of you interested in tame, and skilled enough to play along.
Clarifying NextBSD's Near Term Expectations
A dissatisfied discussion of the NextBSD talk being "just
marketing" was brought to my attention recently. The gist of it is that
the premature publicity resulting from Jordan's recent BAFUG talk has inadverently created expectations that we're not delivering on.
What works (and does not) now:
What works (and does not) now:
- The basic ecosystem of launchd, notifyd, asld, and libdispatch work.
- These can be installed by cloning the NextBSD repo from github, building GENERIC or MACHTEST kernels, installing a new world on an existing 10.x or CURRENT system, and then following the instructions in the README.
- Launchd will start the initial jobs that are part of the repo now.
- At this moment the release ISO installer does not work due to an interaction between launchd and the environment created by make release for the installer.
- Somewhere between this weekend and mid-September we will have the installer working. This means that an existing FreeBSD install won't be necessary to try out NextBSD. This is obviously pretty rudimentary and even before the unanticipated wave of interest a source of displeasure for me. Under 'Milestones' I refer to this as Milestone 0.
- The remaining issues currently fall in to Milestone 1 and I expect to have them addressed by the end of September. At that time the system should, in some sense, be complete with future work being to convert rc and to tie notifyd in to potential consumers.
Code stuff
Wallpaper of the week
from http://wallpapers.mi9.com/wallpaper/openbsd-picture_36248/
0 comments:
Post a Comment