Last week in BSD
Releases: pfSense, OPNsense
Other news: BSDSec, HardenedBSD, freeNAS, xhyve, FreeBSD
The most significant changes in this release are a rewrite of the
webGUI utilizing Bootstrap, and the underlying system, including the
base system and kernel, being converted entirely to FreeBSD pkg. The pkg
conversion enables us to update pieces of the system individually going
forward, rather than the monolithic updates of the past. The webGUI
rewrite brings a new responsive look and feel to pfSense requiring a
minimum of resizing or scrolling on a wide range of devices from
desktop to mobile phones.
For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
The full list of changes is on the 2.3 New Features and Changes page.
To get to a release, we’ve closed 760 total tickets. While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.
Downloads for New Installs
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.
As polarising as it may be, we have added HTTPS support in the proxy server. Another noteworthy item is StrongSwan 5.4.0, which helps to address IPSec status page hangs that some have observed with complex setups. We are looking for feedback for these items, please do write in.
upgraded to their latest versions and you can find their individual
change logs below. The next part of the Russian translation brings
it to number one with a dreamy 83% completed. Otherwise only small
fixes and improvements have been made and those will not even require
a reboot.
In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed.
Other news: BSDSec, HardenedBSD, freeNAS, xhyve, FreeBSD
BSDSec
Releases
pfSense 2.3-RELEASE
For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
The full list of changes is on the 2.3 New Features and Changes page.
To get to a release, we’ve closed 760 total tickets. While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.
Downloads for New Installs
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.
OPNsense 16.1.9 released
There is tremendous progress in the translations. It just so happens that we now have a comprehensive Russian translation as well which is going to be completed in the upcoming weeks. Many thanks to Smart-Soft Ltd. for making this happen. The contender is Japanese through the work of Chie Taguchi, who did most of the translation that we have had for a year. It is going to be a close race to the finish line for both languages. Then again, the whole translation team is doing an amazing job.As polarising as it may be, we have added HTTPS support in the proxy server. Another noteworthy item is StrongSwan 5.4.0, which helps to address IPSec status page hangs that some have observed with complex setups. We are looking for feedback for these items, please do write in.
OPNsense 16.1.10 released
It has been a quite uneventful week. Suricata and Squid have beenupgraded to their latest versions and you can find their individual
change logs below. The next part of the Russian translation brings
it to number one with a dreamy 83% completed. Otherwise only small
fixes and improvements have been made and those will not even require
a reboot.
OPNsense 16.1.11 released
We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability, which shows us the good path we have been on since we started[1] and we will surely continue this security-aware trend.In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed.
News
Introducing Full PIE Support
We at HardenedBSD have added support in 11-CURRENT for compiling nearly all of base as Position-Independent Executables (PIEs, for short). This work bumps
An
PIE base is enabled by default for amd64 and i386. We hope to enable it for ARM64 before or during BSDCan. Speaking of ARM64, we will be bringing ten Raspberry Pi 3 devices (which are ARM64) with us to BSDCan, eight of which will be given out to lucky individuals. We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.
hardening.version
to 45. We've enabled PIE base for amd64 and i386 and hope to enable it
for arm64 before or during BSDCan 2016. Compiling an application as a
PIE enables it to take full advantage of ASLR. Without PIE support, the
application itself is loaded at a fixed address, determined at compile
time. As of this writing, only nine applications are not compiled as
PIEs. At least two of them must stay that way (/sbin/init
and /sbin/init.bak
),
so that leaves the outstanding list at seven. This is a huge leap
forward for HardenedBSD. We have tested PIE base on several amd64
systems, both virtualized and bare metal. We have done multiple amd64
package builds with success. We would like to thank Bryan Drewery for
his help.An
hbsd-update(8)
update archive has been published for 11-CURRENT/amd64 with the "PIEified" base. Update at your leisure.PIE base is enabled by default for amd64 and i386. We hope to enable it for ARM64 before or during BSDCan. Speaking of ARM64, we will be bringing ten Raspberry Pi 3 devices (which are ARM64) with us to BSDCan, eight of which will be given out to lucky individuals. We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.
FreeNAS Mini XL | BSD Now 137
This week on BSD Now, I’m out of town for the week, but we have a
special unboxing video to share with you that you won’t want to miss.
That, plus the latest BSD news, is coming your way right now!
0 comments:
Post a Comment