Last week in BSD
Releases:AsiaBSDCon, FreeBSD, BSDnow, OPNsense, DragonFly BSD, LibertyBSD, Wallpaper
Other news: HardenedBSD, OPNsense
A "deblobbed" version of OpenBSD. So that you can
get all of the benefits of OpenBSD, while being sure that there are no non-free
blobs lurking in the depths of your system.
Other news: HardenedBSD, OPNsense
BSDSec
Releases
New stable release: HardenedBSD-stable 10-STABLE v40.2
HardenedBSD-10-STABLE-v40.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
----------------------------------------
[freebsd] 10.3-BETA1
[freebsd] The zfsboot (zfs auto mode) part of bsdinstall now supports UEFI
[freebsd] bhyve windows support
----------------------------------------
[freebsd] 10.3-BETA1
[freebsd] The zfsboot (zfs auto mode) part of bsdinstall now supports UEFI
[freebsd] bhyve windows support
OPNsense 16.1.1 released
OPNsense 16.1.2 released
Without fuzz, here are the full patch notes:
o ports: libressl 2.2.6[1], openssl 1.0.2f[2]
o intrusion prevention: add SSL fingerprint blacklist and other abuse lists (courtesy of abuse.ch[3])
o captive portal: limit the max vouchers per call
o captive portal: change voucher download filename to match group name
o captive portal: strip bad characters from group name
o captive portal: fix multiple voucher generation
o firewall: add rule categorisation tag field
o search: tweak padding to align with right visual boarder
o console: fix halt script to show product name again
o firmware: revoked the old 15.7 update fingerprint
o interfaces: fix VLAN edit page to show the correct page name
o squid: fix authentication script permission regression
o dashboard: remove non-authoriative hardware crypto probing
o system: do not accept an authentication server with an empty name
o system: added hint that device polling setting needs reboot (contributed by Olivier Paroz)
o system: assorted translation fixes (contributed by Fabian Franz)
o logging: unhide IGMP packets from firewall log view (contributed by Isaac Levy)
[1] http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.6-relnotes.txt
[2] https://www.openssl.org/news/secadv/20160128.txt
[3] https://www.abuse.ch/
o src: OpenSSL SSLv2 ciphersuite downgrade vulnerability[1]
o src: Fix packet forwarding in Hyper-V netvsc driver[2]
o src: Honour disabled pf(4) log flag on dropped packets with IP options[3]
o ports: curl 7.47.0[4], nettle 3.2[5]
o wizard: fix certificate generation for OpenVPN
o firewall: fix interface selection on post issues in floating rules
o firewall: make category filter multi-select for maximum convenience
o firewall: do not hide gateways from the gateway selection
o firewall: added null routes to the gateway selection
o firewall: rather than hiding associated nat rules, remove their edit and clone buttons so they can still be deleted manually
o dns resolver: fix $numprocs setting in config according to manual
o dns resolver: do not render illegal output for empty IPv6 addresses
o dhcp: applying static mappings with DNS resolver enabled no longer seems stuck in apply step
o search: resize box on focus and also propagate proxy server tabs
o system: fix inversion bug of the default pass logging setting
o captive portal: properly log messages to associated log file
o intrusion detection: can now add user rules based on SSL fingerprints and IP geolocation
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:11.openssl.asc
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630
[3] https://reviews.freebsd.org/D3222
[4] https://curl.haxx.se/changes.html
[5] https://fossies.org/diffs/nettle/3.1.1_vs_3.2/ChangeLog-diff.html
o ports: libressl 2.2.6[1], openssl 1.0.2f[2]
o intrusion prevention: add SSL fingerprint blacklist and other abuse lists (courtesy of abuse.ch[3])
o captive portal: limit the max vouchers per call
o captive portal: change voucher download filename to match group name
o captive portal: strip bad characters from group name
o captive portal: fix multiple voucher generation
o firewall: add rule categorisation tag field
o search: tweak padding to align with right visual boarder
o console: fix halt script to show product name again
o firmware: revoked the old 15.7 update fingerprint
o interfaces: fix VLAN edit page to show the correct page name
o squid: fix authentication script permission regression
o dashboard: remove non-authoriative hardware crypto probing
o system: do not accept an authentication server with an empty name
o system: added hint that device polling setting needs reboot (contributed by Olivier Paroz)
o system: assorted translation fixes (contributed by Fabian Franz)
o logging: unhide IGMP packets from firewall log view (contributed by Isaac Levy)
[1] http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.6-relnotes.txt
[2] https://www.openssl.org/news/secadv/20160128.txt
[3] https://www.abuse.ch/
o src: OpenSSL SSLv2 ciphersuite downgrade vulnerability[1]
o src: Fix packet forwarding in Hyper-V netvsc driver[2]
o src: Honour disabled pf(4) log flag on dropped packets with IP options[3]
o ports: curl 7.47.0[4], nettle 3.2[5]
o wizard: fix certificate generation for OpenVPN
o firewall: fix interface selection on post issues in floating rules
o firewall: make category filter multi-select for maximum convenience
o firewall: do not hide gateways from the gateway selection
o firewall: added null routes to the gateway selection
o firewall: rather than hiding associated nat rules, remove their edit and clone buttons so they can still be deleted manually
o dns resolver: fix $numprocs setting in config according to manual
o dns resolver: do not render illegal output for empty IPv6 addresses
o dhcp: applying static mappings with DNS resolver enabled no longer seems stuck in apply step
o search: resize box on focus and also propagate proxy server tabs
o system: fix inversion bug of the default pass logging setting
o captive portal: properly log messages to associated log file
o intrusion detection: can now add user rules based on SSL fingerprints and IP geolocation
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:11.openssl.asc
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630
[3] https://reviews.freebsd.org/D3222
[4] https://curl.haxx.se/changes.html
[5] https://fossies.org/diffs/nettle/3.1.1_vs_3.2/ChangeLog-diff.html
News
AsiaBSDCon 2016 registration open
AsiaBSDCon 2016 is happening in Tokyo, March 10-13. Registration for it opens today. The registration page isn’t up as I post this, but I assume very soon. (via)
Initial FreeBSD RISC-V Architecture Port Committed
Ruslan Bukin, a research engineer at the University of Cambridge Computer Laboratory has committed kernel support for the FreeBSD RISC-V
port to the FreeBSD source tree. This is the latest in a series of
commits including user space support, making his work at the University
of Cambridge more accessible to the broader open-source hardware and
software communities. RISC-V is an
exciting new open-source Instruction-Set Architecture (ISA) developed at
the University of California at Berkeley, which is seeing increasing
interest in the embedded systems and hardware-software research
communities. Ruslan’s work at Cambridge allows FreeBSD to boot on
Berkeley’s Spike simulator, and makes the FreeBSD Project the first
operating-system vendor to include formal, in-tree support the
RISC-V architecture. Ruslan has recently given a talk on the FreeBSD port at the RISC-V workshop in the San Francisco Bay Area, and his work was highlighted in EE Times in January 2016.
The current FreeBSD RISC-V port is able to boot to multi-user mode on Spike, and allows a range of userspace commands and services such as SSH, mail delivery, and a user shell to run reliably. His next steps are to add multicore support to the port, and bring up FreeBSD on early hardware platforms becoming available for RISC-V, such as as FPGA simulations of the Cambridge’s open-source LowRISC System-on-Chip. FreeBSD ports and packages will appear over coming days allowing others in the community to reproduce the work, and making it easy for developers interested in contributing to the project to join the effort.
Ruslan’s work has been supported by the UK Higher Education Innovation Fund (HEIF5) and DARPA CTSRD project at the University of Cambridge, with participation in the RISC-V workshop supported by the FreeBSD Foundation. Other contributors to the FreeBSD RISC-V porting effort include Ed Maste (FreeBSD Foundation), Arun Thomas (BAE Systems), Andrew Turner (ABT Systems Ltd.), and Robert Watson (University of Cambridge).
The current FreeBSD RISC-V port is able to boot to multi-user mode on Spike, and allows a range of userspace commands and services such as SSH, mail delivery, and a user shell to run reliably. His next steps are to add multicore support to the port, and bring up FreeBSD on early hardware platforms becoming available for RISC-V, such as as FPGA simulations of the Cambridge’s open-source LowRISC System-on-Chip. FreeBSD ports and packages will appear over coming days allowing others in the community to reproduce the work, and making it easy for developers interested in contributing to the project to join the effort.
Ruslan’s work has been supported by the UK Higher Education Innovation Fund (HEIF5) and DARPA CTSRD project at the University of Cambridge, with participation in the RISC-V workshop supported by the FreeBSD Foundation. Other contributors to the FreeBSD RISC-V porting effort include Ed Maste (FreeBSD Foundation), Arun Thomas (BAE Systems), Andrew Turner (ABT Systems Ltd.), and Robert Watson (University of Cambridge).
DNS, Black Holes & Willem | BSD Now 127
Today on the show, we welcome Allan back from FOSSDEM &
enjoy an interview with Willem about DNS and MTU Black Holes. That plus
all the weeks news, keep it turned here to BSD Now, the place to B...SD!
LibertyBSD
Slim for BSD
A modified version of SLiM for BSD systems.Code stuff
Interesting articles
Wallpaper of the week
0 comments:
Post a Comment