Home FreeBSD
Showing posts with label FreeBSD. Show all posts
Showing posts with label FreeBSD. Show all posts

BSD News 15/01/2018

Add Comment

Last week in BSD

Releases: OPNsense
News: OpenBSD, OPNsense, Meltdown, Spectre, Dragon Fly, FreeBSD, Bhyve


BSDSec

OpenBSD Errata: January 14th, 2018 (libssl)

Releases


OPNsense® 18.1 Release Candidate 1

For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. Over the second half of 2017 well over 500 changes have made it into this first release candidate. Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. Meltdown and Spectre patches are currently being worked on in FreeBSD, but there is no reliable timeline.


News

An update on Meltdown and Spectre

We have previously issued a short statement with preliminary analysis of Meltdown and Spectre vulnerabilities. This post is an update now that we have an official statement from the FreeBSD project.

Dragonfly More Meltdown fixes

If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get. Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware.   There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.

Dragonfly Even more Meltdown

Are you tired of hearing about Meltdown/Spectre yet?  Doesn’t matter!  The two sysctls for controlling mitigation in DragonFly have been renamed:

machdep.meltdown_mitigation
machdep.spectre_mitigation

They go to hopefully sensible defaults, but Matthew Dillon has done some testing to show the effects of each in various combinations.   (Update: more changes and tests.)  Note that this is not the final mitigation work; compilers (i.e. gcc) are being updated to include workarounds for this, so new gcc -> new compiler in DragonFly -> new defenses.  No silver bullet there, though.

OpenBSD-current now has 'smtpctl spf walk'

If you run a mail service, you probably like to have greylisting in place, via spamd(8) or similar means. However, there are some sites that simply do not play well with greylisting, and for those it's useful to extract SPF information to identify their valid outgoing SMTP hosts.
Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.
This feature is still in need of testing, so please grab a snapshot and test!

The Spectre of Meltdown | BSD Now 228

We review the information about Spectre & Meltdown thus far, we look at NetBSD memory sanitizer progress, Postgres on ZFS & show you a bit about NomadBSD.




Code stuff

In Other BSDs for 2018/01/13
Microcode updates on DragonFly
IBRS and IBPB support in DragonFly
CPU microcode update code for amd64 for OpenBSD
HAMMER1, mounted and unmounted cleanup

Interesting articles

Handling of CPU bugs disclosure 'incredibly bad': OpenBSD's de Raadt
Running CentOS with Bhyve
July-September 2017 FreeBSD Status Report

Read More»

BSD News 08/01/2018

Add Comment

Last week in BSD

News: DragonFly BSD, NetBSD, BSDSec, HardenedBSD, Meltdown, Spectre, MirOS, OpenBSD, FreeBSD, BSDnow, 
Releases: HardenedBSD

BSDSec

NetBSD Security Advisory 2018-002: Local DoS in virecover
NetBSD Security Advisory 2018-001: Several vulnerabilities in context handling 

Releases

HardenedBSD-stable 10-STABLE v1000050.1

Downloads here, release notes here.

News

OpenBSD Response to the "Meltdown" Vulnerability

A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:

 So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack.  While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
hidden.
Read it.

Meltdown and Spectre and DragonFly

By now you’ve probably heard of the Meltdown/Spectre attacks.  (background rumors, technical note)  Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.
It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs.  Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.
Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.
Update: Matthew Dillon posted a summary to users@.

MirOS - The Intelpocalypse

The unveiling of the three new CPU bug classes, collected in the two brandbugs “Meltdown” and “Spectre”, has mostly shocked the BSDs; I’ve got it on some authority that even FreeBSD was not informed ahead of time, left alone the others. Thanks to laffer1 from MidnightBSD for a couple of heads-up warnings into our direction!
Here’s what I could gather until now (please do correct me if I’m wrong):
Meltdown is specific to Intel® CPUs with out-of-order execution, that is, all P6-class (Pentium Pro/MMX, Pentium Ⅱ, but not Pentium Ⅰ/MMX) or newer (except old Atom) CPUs. It appears to allow user processes to read kernel memory, but not across VMs, nor to attack a hypervisor. A variant for ARM exists but AMD’s x86 CPUs are supposedly safe. The KAISER/FUCKWIT/UASS/KPTI patches for Linux fix this, at huge performance cost on x86, not so much on ARM, and no cost for unaffected CPU models (runtime detected).
Spectre affects x86, ARM, POWER CPUs and possibly others. I’ve not yet found information on whether it is also limited to CPUs with out-of-order executions, but it seems likely. SPARC CPUs might be safe; Solaris/SPARC64 is safe due to the way its memory addressing works. If the OOO execution assumption is true, 80486 and P5 class x86 CPUs are also safe. This one does allow cross-VM and hypervisor attacks, so if the bare metal CPU is vulnerable, SOL. There does not yet seem to be a generic fix; some hint at having to patch the compiler and recompile everything with a workaround that has a performance cost, even if the CPU is not affected, or was fixed with a microcode update. AMD’s x86 CPUs are partially hit, one of the variants does not work on them.
“CERT recommends throwing away your CPU and buying an non-vulnerable one” (thanks to El Reg), but nobody states which CPUs are not vulnerable.
At the present time, we suggest any MirBSD/i386 instances that run on any CPU other than an 80486 or P5-class (Pentium Ⅰ or a non-PPro MMX) to be restricted to single user or trusted user access only, and no untrusted software including ECMAscript to be run on them.
Watch this space for updates. Oh, and, if you know what you’re (and I’m) talking about, please, again, do provide me with information necessary to provide those updates, both to MirBSD and to this space.

FreeBSD About the Meltdown and Spectre attacks

FreeBSD was made aware of the problems in late December 2017. We're working with CPU vendors and the published papers on these attacks to mitigate them on FreeBSD. Due to the fundamental nature of the attacks, no estimate is yet available for the publication date of patches.

HardenedBSD announcing the 2018 donation run

We've just published our goals for 2018. We've got a number of new goals planned, some that require new infrastructure. In 2018, we plan to migrate at least 90% of our infrastructure to a single data center in addition to expanding out existing infrastructure.

Hello, HelBUG

More user group news: Helsinki, Finland, has a new BSD User Group: HelBUG.  First meeting is February 7th.  There’s no mailing list/site that I know of, yet.

The long core dump | BSD Now 227

We walk through dumping a PS4 kernel in only 6 days, tell you the news that NetBSD 7.1.1 has been released, details on how to run FreeBSD on a Thinkpad T470 & there’s progress in OpenBSD’s pledge.


Code stuff

NetBSD: the LLVM Memory Sanitizer support work in progress
In Other BSDs for 2018/01/06

Read More»

BSD News 03/12/2017

BSD News 03/12/2017
Add Comment

Last week in BSD

Releases: HardenedBSD
News: BSDSec, FreeBSD, OpenBSD, DragonFly BSD, BSDnow, NetBSD, Vagrant

BSDSec

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:11.openssl
OpenBSD Errata: December 1st, 2017 (fktrace)

Releases

Stable release: HardenedBSD-stable 11-STABLE v1100054.1

Highlights:
- fixed syslogd - restore host name handling in UDP case
- fixed ARM64 control flow problem
- fixed MAP_GUARRD issues
- upgrade to Unicode 10.0.0
- ZFS fixes
(side note: the recent OpenSSL security issues (FreeBSD-SA-17:11.openssl) are already fixed in previous releases)
Download

News

scfb support in DragonFly

If you’re booting DragonFly in UEFI mode, and you have unsupported video (i.e. NVIDIA), there’s the scfb driver for xorg.  It doesn’t support NVIDIA chipsets either, but it gives more options than the generic vesa driver.  It appears to be present in all the BSDs to some extent.

How Netflix works | BSD Now 222

We take a look at two-faced Oracle, cover a FAMP installation, how Netflix works the complex stuff & show you who the patron of yak shaving is.

Code stuff
In Other BSDs for 2017/12/02
World without sharing
The LLVM Thread Sanitizer has been ported to NetBSD

Interesting articles

DragonFly on Vagrant with shared folders

Pic of the week

Fixed the apple root bug.

from https://twitter.com/nehalist/status/937337658707202048/photo/1
Read More»

BSD News 20/11/2017

BSD News 20/11/2017
Add Comment

Last week in BSD

News: BSDSec, FreeBSD, OpenZFS, BSDnow, OpenBSD, DragonFly BSD, C5, p2k17
Releases: HardenedBSD


Releases

Stable release: HardenedBSD-stable 11-STABLE v1100054

Tthis is a security update and reinstallation of pkgs/ports are required due LibreSSL upgrade!
Highlights:
- Changed AT_PAXFLAG auxvector position (4c04e4a613679510cd16bb13d7974c18e3f54460)
- Properly bzero kldstat structure to prevent kernel information leak. (3ff3ec467d4eb11cdbf706cf386935d5e58c2e91) [FreeBSD-SA-17:10.kldstat, CVE-2017-1088]
- CloudABI 0.17 (cf6ac9b4efa43a9c64c5ab311666080a0e8632b1)
- MFH (r325010): don't bother verifying a password that we know is too long. (b242fe393914310e50673eb62d480ce03706d745) [CVE-2016-6210]
Installer

BSDSec

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat
FreeBSD Security Advisory FreeBSD-SA-17:09.shm
FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace

News

Opening ZFS in 2017 | BSD Now 220

We have a first PS4 kernel exploit, the long awaited OpenZFS devsummit report by Allan, DragonflyBSD 5.0 is out, we show you vmadm to manage jails, parallel processing with Unix tools & more!

Official OpenBSD 6.2 CD set - the only one to be made!

Our dear friend Bob Beck (beck@) writes:
So, again this release the tradition of making Theo do art has continued!
Up for sale by auction to the highest bidder on Ebay is the only OpenBSD 6.2 CD set to be produced.
The case and CD's feature the 6.2 artwork, custom drawn ans signed by Theo.
All proceeds to support OpenBSD
Go have a look at the auction
As with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project.

Code stuff

rdist out of DragonFly
DragonFly, IPv6, and direct routes
In Other BSDs for 2017/11/18

Interesting Articles

FreeBSD/EC2 on C5 instances
Never too much RAM for DragonFly

p2k17 Hackathon

OpenBSD is holding hackathons as an attempt to get new changes into the source tree quickly. Here are some reports from the latest: 
Florian Obser on network stack progress, kernel relinking and more
Landry Breuil on Mozilla things and much more

Wallpaper of the week


from http://i1-news.softpedia-static.com/images/news2/security-oriented-openbsd-6-2-os-released-with-better-arm-support-improvements-517978-2.jpg




Read More»

BSD News 29/08/2016

BSD News 29/08/2016
Add Comment

Last week in BSD

Releases: FreeBSD, pfSense
Other news: BSDNow, OpenBSD


BSDSec

there seems to be none SA

Releases

FreeBSD 11.0-RC2 Available

The second RC build for the FreeBSD 11.0 release cycle is now available. ISO images for the amd64, armv6, i386, aarch64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

2.4 pre-alpha snapshots now available.

pfSense® software version 2.4 pre-alpha snapshots are now available.
pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.
More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  Simultaneously, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:
There appears to be a bug in pf (likely due to the interaction of one of our patches).  This only manifests under high usage.
New features and changes are listed here.
Full change list:
source and build tools
ports
FreeBSD source
Outstanding bugs/features/todo items:
Everything else
We advise that you do not use this on a production system yet. If you have the time and interest, we encourage you to try this on a scratch system or VM and provide feedback for any issues you find.

News

The Fresh BSD experience | BSD Now 156

This week on BSDNow, Allan is back from his UK trip & we’ll get to hear his thoughts on the developer summit. That plus all the latest news & an interview with Drew Gurkowski discussing tutorial writing for FreeBSD. Keep it tuned to your place to B...SD!
View attached file (571 MB, video/mp4)

Code stuff

Read More»

BSD News 22/08/2016

BSD News 22/08/2016
Add Comment

Last week in BSD

Releases: OPNsense, HardenedBSD
Other news:HardenedBSD, BSDnow, NetBSD, DragonFly BSD, FreeBSD,

BSDSec

seems to be none warnings

Releases

OPNsense 16.7.2 released

  • src: revert fix ICMP translation in pf
  • src: better handle unknown options received from a DHCP server
  • src: void using spin locks for channel message locks
  • src: enable INQUIRY result check only on Windows 10 host systems
  • src: register time counter early enough for TSC freq calibration
  • src: disable incorrect callout in hv_storvsc(4)
  • src: better handle the GPADL setup failure in Hyper-V
  • src: fix SCSI INQUIRY checks and error handling
  • ports: lighttpd 1.4.41, strongswan 5.5.0, curl 7.50.1
  • ports: ca_root_nss 3.26, openssh 7.3p1
  • ports: enabled LDAP SASL bindings
  • system: remove source maps to prevent further Chrome breakage during API calls
  • system: switch to individual registration of PHP extensions
  • system: added UO field to CSR
  • interfaces: properly remove PPPoE server from list of firewall interfaces when deactivated
  • interfaces: extended logging for 4G modems
  • interfaces: correct download of large packet captures
  • interfaces: add lacp_fast_timeout flag support for LAGG
  • interfaces: fix clearing the DHCP config file when override file is gone
  • interfaces: improve dmesg probe on interface listing (contributed by Per von Zweigbergk)
  • firewall: double-check file availability after alias URL download
  • services: corrected DNS forwarder settings save in mobile layout
  • dashboard: fix gateway widget status text update
  • plugins: corrected firewall interface usage for multi-point VPNs
  • vpn: removed the stale OpenVPN windows installer binaries
  • vpn: default to IPsec main mode
  • lang: assorted translation fixes (contributed by Fabian Franz and Antonio Prado)
  • lang: translation updates for Chinese, French, German and Japanese


New stable version: HardenedBSD-stable 10-STABLE v46.9

HardenedBSD-10-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Oliver Pinter (2):
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit
HBSD: fix build error after kib's 8ef9c6fc5bcfe1b606229a8da024f76b2d5048c1 commit - part 2.
Shawn Webb (1):
HBSD: Temporarily disable PIE with the stdlib ATF tests.

News

Cabling up FreeBSD | BSD Now 155

This week on BSDNow, Allan is away in the UK for BSDCam, but we still have a full episode for you! Don’t miss our interview with Myke Geiger talking about using FreeBSD in the ISP environment & the latest news, here on your place to B...SD!
View attached file (757 MB, video/mp4)

Code stuff


Interesting articles


Read More»

BSD News 25/07/2016

BSD News 25/07/2016
Add Comment

Last week in BSD

Releases: pfSense, FreeBSD, PacBSD, DragonFlyBSD
Other news: NetBSD, BSDnow, PC-BSD, Lumina Desktop, DragonFlyBSD, n2k16, BSDSec,


BSDSec


Releases

pfSense 2.3.2-RELEASE Now Available!
We are happy to announce the release of pfSense® software version 2.3.2!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.
This release includes fixes for 60 bugs, 8 features and 2 todo items completed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.


FreeBSD 11.0-BETA2

The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary of changes since 11.0-BETA1 includes: several build- and toolchain-related fixes; WITNESS and INVARIANTS have been disabled on powerpc, powerpc64, arm and armv6 architectures; freebsd-update(8) has been updated to allow '*-dbg' distribution sets; ctld(8) no longer exits when reloading the configuration with invalid initiator-portal clauses; GENERIC-NODEBUG kernel configurations have been removed; the callout code has been updated to avoid a system panic with TCP timers; several other changes." See also the (incomplete) release notes which are still work-in-progress. Quick links to download the amd64 and i386 installation DVD images: FreeBSD-11.0-BETA2-amd64-dvd1.iso (2,479MB, SHA512), FreeBSD-11.0-BETA2-i386-dvd1.iso (2,203MB, SHA512).

New PacBSD ISO Available

A new iso is available for testing for 64bit. Currently there are two install media, one for DVD/CD and one for USB devices. Be sure to select the right media. Dot img for usb and dot iso for CD/DVD.
Download is available here
Currently the main packages available for testing are: LXDE, chromium, Xorg, wine, transmission and a few Window Managers. New Packages are added daily and more DE should be available in a few days.
xfce4, firefox and vlc will be next uploaded. Though there are multiple PKGBUILD for these already available at
Github
Also you can view daily reports of the repository, which includes broken packages, packages which fail to pull in dependencies, outdated packages (Checked against freebsd ports) and other information:
Repository Report
Installation help can be found at:
ZFS Install Guide
If You need additional help, feel free to join irc.freenode.net ‪#‎pacbsd‬-dev as this is quite active. All new uploaded packages, git commits, repository reports are posted here daily.
One more note, any issues can be reported to us directly on #pacbsd-dev on IRC, or on our bug tracker.
Bug Tracker

DragonFly 4.6 release candidate 2 available

DragonFly 4.6 release candidate 2 has been tagged.  You can pull it directly from the master site in img or iso form (check your local mirror instead if possible), or shift to the new tag.
“Where is RC1?” you may ask?  I tagged the first release candidate some days ago, and this bug was immediately found right after.  It was easier to go right to RC2 once a fix was found.
This candidate will probably lead directly to a release version, so if you want to run the release version exactly, wait a few days.

News

New Security Advisory: NetBSD-SA2016-006 (mail.local)

A new security advisory was published:
You can find more information about them on the Security and NetBSD page.

Fuzzy Auditing | BSD Now 151

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved ‘C’ client for LetsEncrypt, an interview with Dru Lavigne and more! Stick around for your place to B...SD!
View attached file (451 MB, video/mp4)

Code stuff


Interesting articles


Read More»

BSDNews 11/07/2016

BSDNews 11/07/2016
Add Comment

Last 2 weeks in BSD

Releases: OPNsense
Other news: BSDSec, FreeBSD, EuroBSDCon, Lumina Desktop, DragonFly BSD, BSDnow, HardenedBSD, LibreSSL, Hammer2, NetBSD

BSDSec


Releases

OPNsense 16.1.18 released

  • system: properly run fsck on boot if needed
  • system: new Cron page and API now available for general use
  • system: QR codes are now generated locally in the browser (contributed by Fabian Franz)
  • system: harden serial config write against power failures
  • system: allow serial config to attach to all available ttys
  • system: added missing ACL entry for LDAP user import page
  • system: reworked log page layout and dependencies
  • firmware: detach / reattach support for upgrade page
  • firmware: mirror and flavour selection moved to respective page
  • interfaces: improvements for 4G devices (sponsored by OSNet.eu[1])
  • interfaces: debug mode and logging for rtsold in DHCPv6 mode
  • dhcp: separate pages for router advertisements and service control
  • dhcp: IPv6 server as a stand-alone process for service control
  • dhcp: fixed and improved writing of dynamic DNSconfiguration
  • ports: python 2.7.11_3[2], unbound 1.5.9[3], curl 7.49.1[4], openssl 1.0.2_14[5], sudo 1.8.17p1[6], php 5.6.23[7], pcre 8.39[8], haproxy 1.6.6[9]
  • src: tzdata updated to 2016e[10]
  • src: fix pf fragement timeout[11]


News

Lumina 1.0.0 sources frozen

The source tree for the Lumina desktop has just been soft-frozen in preparation for the upcoming release of version 1.0.0 in mid-August (tentatively targeting August 8th for final reviews/checks).
This means that all interface elements (GUI’s, widgets, etc) as well as any text which requires translation may no longer be changed without approval from both Ken Moore and the documentation team (basically only things like bug fixes or spelling errors).
This is now the time to go through and perform any translations of the Lumina desktop in preparation for the release. You can see the current translation progress and help perform translations on the PC-BSD translations website.
We have also created a new tarball of the Lumina source tree on github (v1.0.0-Beta2) so that package distributors have time to audit their current build systems and ensure that the Lumina files/binaries are being packaged properly (please report any packaging issues ASAP so that we can adjust things as necessary). This is very important as a few binary names and install locations for files have changed, and some optional dependencies have changed as well (“compton” may be used instead of “xcompmgr” for example).

Kisumu digital library and DragonFly

There’s a new digital library in Kisumu, Kenya – and it’s running DragonFly for file storage.

The place to B... A Robot! | BSD Now 148

This week on the show, Allan & I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive a Robot! You won’t want to miss this one. That plus all the latest news, heading your way right now!
View attached file (674 MB, video/mp4)

A Wild Dexter Appears! | BSD Now 149

Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus the latest news is heading your way right now on BSDNow, the place to B….SD!
View attached file (907 MB, video/mp4)
 

A single function for creating a new port

In my two previous posts I talked about creating a new port and copying a port from head to a branch. The goal of this post is the creation of a new function: CreatePortOnBranch($category_name, $port_name, $CommitBranch) The failed start I started out with this stored procedure: Running it gave this message: # select CreatePort('sysutils', 'bacula-server', [...]

LibreSSL Package Repo

We are pleased to announce the availability of the LibreSSL package repo for 11-CURRENT/amd64. This repo is based off of the LibreSSL-in-base branch (hardened/current/master-libressl) that Bernard Spil has been working on. Going forward, along with providing binary updates for that branch via hbsd-update(8), we will also provide binary packages. We will also provide binary packages soon for the LibreSSL 10-STABLE branch (hardened/10-stable/master-libressl). Having both the feature branches along with package repos will allow us to investigate making LibreSSL the standard in HardenedBSD.
We would like to thank Bernard Spil for his continuous hard work. We're glad to have him on the team. Thanks to him, HardenedBSD is the first downstream FreeBSD project to have both LibreSSL in base along with a package repo that matches.

Code stuff


Interesting articles


Read More»

BSD News 31/05/2016

BSD News 31/05/2016
Add Comment

Last week in BSD

Releases: pfSense, NetBSD, OPNsense, GhostBSD, SoloBSD,
Other news: Talks, OpenBSD, BSDnow, DragonFly BSD


BSDSec



Releases

pfSense 2.3.1 Update 1 Available

2.3.1 Update 1 (2.3.1_1) is now available. This includes one security fix to the web GUI, and 7 other bug fixes. The 2.3.1-RELEASE change list has been updated with an Update 1 section specifying the changes.
This update will reboot the system after installing.

NetBSD 7.0.1 released

The NetBSD Project is pleased to announce NetBSD 7.0.1, the first security/bugfix update of the NetBSD 7.0 release branch. It represents a selected subset of fixes deemed important for security or stability reasons. If you are running an earlier release of NetBSD, we strongly suggest updating to 7.0.1.
For more details, please see the release notes.
Complete source and binaries for NetBSD are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at http://www.NetBSD.org/mirrors/

OPNsense 16.1.15 released

Here are the full patch notes for 16.1.15:
  • system: make authentication fallback configurable
  • system: settings cleanup and prettify
  • system: added explicit ETC timezone selection
  • high availability: add page for remote service control
  • high availability: properly enforce authentication
  • firmware: reboot and poweroff API actions
  • firmware: only kill GUI process, not captive portal
  • firmware: show errors in update window
  • firmware: keep polling for progress even when GUI restarts
  • backend: skip failing templates on bootup
  • trust: fix CA certificate count in overview
  • trust: allow key size up to 8192 bits
  • firewall: fix invalid NPT rule generation
  • firewall: speed up filter log pages
  • firewall: do not allow to change virtual IP mode after creation
  • firewall: moved settings page and rearranged settings accordingly
  • interfaces: unhook all but the last custom PHP module functions
  • interfaces: moved settings page and rearranged settings accordingly
  • dhcp: do not override RA settings after save
  • dns: resolver outgoing interface section moved to advanced as it will break setups with dynamic interfaces selected there
  • load balancer: sticky mode from firewall / system split off as separate setting
  • snmp: do not allow unicode in system location
  • intrusion detection: remove deprecated rbn-malvertisers.rules set
  • intrusion detection: add promiscuous mode / physical interface selection
  • overall: fix menu width on small size screens
  • overall: numerous translation fixes (contributed by Frederic Lietart)
  • overall: numerous translation fixes (contributed by Fabian Franz)
  • plugins: assorted bugfixes for HAProxy (contributed by Frank Wall)
  • mvc: fix translations by adding an escaping wrapper

GhostBSD 10.3 ALPHA2 is ready for testing

This second ALPHA development release is for testing and debugging new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.

SoloBSD 10.3-STABLE-v46.1

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.1
You can grab it from Here. (61.6 Mb)
root password: solobsd


News

FreeBSD Now Has Initial Graphics Support For Bhyve

Bhyve, the hypervisor developed by FreeBSD that supports running BSD/Linux/Windows guests, has initial graphics support...

The Devil in the Details - Switching to BSD from Linux

Most Free/Open Source Software users run Linux as their operating system of choice, choosing one (or more) of the 300 or so distros currently active on DistroWatch. Not as many have crossed the street, rhetorically speaking, and taken a look at the other Open Source operating system, BSD and its many variants.
As a long time and current Linux user new to PC-BSD — essentially the BSD equivalent to Linux Mint — my intention is to:
· Outline the (many) similarities and (few) differences between Linux and BSD,
· Walk the audience through the process of moving from Linux to BSD, unless the audience is in a hurry, then I’ll run them through it,
· Describe the ease-of-use and pitfalls of day-to-day use of PC-BSD for the average user, and
· How to pitch in and make code and other contributions (e.g., documentation, translation) to BSD variants, even while doing the same for Linux distributions,
· And more!

Privilege Separation and Pledge (video)

This year's dotSecurity conference featured a presentation from OpenBSD founder Theo de Raadt, titled "Privilege Separation and Pledge." The video is now available here, in addition to the slides.

One small step for DRM, one giant leap for BSD | BSD Now 143

This week on BSDNow, we have an interview with Matthew Macy, who has some exciting news to share with us regarding the state of graphics on FreeBSD. That plus all the latest news on BSDNow, the place to B...SD!
View attached file (770 MB, video/mp4)

OpenBSD ARMv7 now has a bootloader

Progress on the armv7 platform continues, and Jonathan Gray writes in to the arm@ mailing list with some promising news:
There is now a bootloader for armv7 thanks to kettenis@ Recent armv7 snapshots will configure disks to use efiboot and install device tree dtb files on a fat partition at the start of the disk. u-boot kernel images are no longer part of the release but can still be built for the time being. We are going to start assuming the kernel has been loaded with a dtb file to describe the hardware sometime soon. Those doing new installs can ignore the details but here they are. 


Code stuff



Interesting articles


Read More»

BSD News 23/05/2016

BSD News 23/05/2016
Add Comment

Last week in BSD

Releases: HardenedBSD, SoloBSD, SmallWall, pfSense, OPNsense, 
Other news: BSDSec, BSDnow, BSD Magazine, DragonFlyBSD, p2k16, freeNAS, OpenBSD

BSDSec


Releases

HardenedBSD-stable 10-STABLE v46.1

HardenedBSD-10-STABLE-v46.1
----------------------------------------
https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
https://github.com/HardenedBSD/hardenedBSD-stable/commits/HardenedBSD-10...
This release fixes CVE-1541 and CVE-2015-2304 in libarchive, a lot of Coverity warnings / programing errors and an overflow in amd64's sysarch system call (00696f0, eac2aab, bd784f7).

SoloBSD 10.3-STABLE-v46

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46
You can grab it from Here. (61.7 Mb)
root password: solobsd

SmallWall 1.8.4b10 beta release

Just released a new beta with updated mini-httpd, and many t1n1wall changes ported in.

New stable version: HardenedBSD-stable 11-CURRENT v46.2

HardenedBSD-11-CURRENT-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
UPDATE TO THIS RELEASE IS STRONGLY ADVISED!
This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

pfSense 2.3.1-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.1!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes, two security fixes in the GUI, as well as security fixes for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg. The full list of changes is on the 2.3.1 New Features and Changes page.
This release includes a total of 103 bug fixes. 79 regressions in 2.3 have been fixed, mostly minor issues in the new GUI. Several of these are significant issues, and have resolved nearly all the post-upgrade problems encountered in 2.3-RELEASE. 24 issues affecting 2.2.x and prior versions have also been fixed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

OPNsense 16.1.14 released

How about an update with your new NetFlow remote export. Or your local reporting frontend? Well, you can always use both if you like. Read all about it here: https://docs.opnsense.org/manual/netflow.html
Furthermore, we have added the brand new AQM CoDel version 0.2.1 to the mix, yesterday’s FreeBSD security advisories, released the HAProxy plugin, bundled a full Japanese translation.
There is also a refreshed website for our general viewing pleasure.
https://opnsense.org/

News

Diving for BSD Perls | BSD Now 142

This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you won’t want to miss. Sit tight, the show starts now on your place to B...SD!
View attached file (624 MB, video/mp4)
 

BSD Magazine for May 2016 out

The May issue of BSD Magazine is available now.  There’s articles on ZFS, OpenBSD’s arc4random, an interview of Fernando Rodríguez of KeepCoding, and more.  It’s a free PDF download if you didn’t know.

eX, clisp, and DragonFly

DragonFly versions of TeX have been available for some time now.  However, Nelson Beebe, who is part of the TeX project, is having trouble building some related binaries – asymptote and clisp.  He could use help from anyone interested, to match up with this summer’s release of TeX 2016.

Mounting as non-root

Read this email thread for how to mount devices (e.g. USB drives) in DragonFly when you aren’t root.

Code stuff 

p2k16 Hackathon Report: pirofti@ on octeon and TPM

Interesting articles


Read More»

BSD News 16/05/2016

BSD News 16/05/2016
Add Comment

Last week in BSD

Releases: HardenedBSD, SoloBSD
Other news: BSDnow, OpenBSD, p2k16, LibreSSL, DragonFlyBSD, FreeBSD

BSDSec

seems to be none SA warnings

Releases

New stable version: HardenedBSD-stable HardenedBSD-10-STABLE-v44.6

HardenedBSD-10-STABLE-v44.6 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
 

SoloBSD 10.3-STABLE-v44.6

Aventuras BSDeras by Guillermo García Rojas C.
There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.6
Changelog v44.6
- Switched to Python3.5 interpreter.
- Now with PIE on base!
You can grab it from Here. (60.6 Mb)
root password: solobsd
 

News

BSD Likes Ike! | BSD Now 141

This week on the show, we have all the latest news & stories! Plus we’ll be hearing more about OpnSense from the man himself, Ike! Sit tight, the show starts now on your place to B…SD!
View attached file (652 MB, video/mp4)
 

Code stuff

libressl - more vague promises

Interesting articles


Wallpaper of the week
Read More»

BSD News 09/05/2016

BSD News 09/05/2016
Add Comment

Last week in BSD

Releases:SoloBSD, HardenedBSD,
Other news:BSDSec, FreeBSD, OpenBSD, pkgsrc, SoloBSD, HardenedBSD, BSDnow, DragonFly BSD, LibreSSL, MirOS


BSDSec

Releases

SoloBSD 10.3-STABLE-v44.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.5
- Changelog v44.5
- Python3.5 interpreter has been added.
You can grab it from Here. (58.7 Mb)
root password: solobsd

New stable version: HardenedBSD-stable 11-CURRENT v46.1

HardenedBSD-11-CURRENT-v46.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

News

Tracing it back to BSD | BSD Now 140

This week on BSDNow, Allan is back in down from Europe! We’ll get to hear some of his wrap-up and get caught up on the latest BSD news. That plus our interview about Backtrace.io! Keep it tuned to BSDNow, the place to B….SD!
View attached file (587 MB, video/mp4)

modules.local now possible

If you happen to be testing kernel modules, DragonFly can now load them from a modules.local directory.  This keeps modules that aren’t part of the base system, separate.  This is probably of most use to developers.  Set local_modules=”YES” in rc.conf to enable.

LibreSSL in HardenedBSD Base

A few months ago, we added Bernard Spil to the HardenedBSD team with a goal to bring in and maintain LibreSSL in base. Given the effort involved in maintaining such a complex piece of software, we at HardenedBSD have made the decision to keep it as a feature branch in the playground repo for now. Those who wish to check out Bernard's awesome, hard work can check out the repo here. We will soon start auto-syncing that feature branch on our normal six-hour cycle and we will produce periodic binary updates. As of today, the first binary update has been published. You can use this hbsd-update.conf file to tell hbsd-update to switch to the LibreSSL branch. If you wish to compile your own version of HardenedBSD with LibreSSL base, you will need to add WITH_LIBRESSL=yes to src.conf.
We would like to thank Bernard for volunteering. He has been a tremendous help. Here is a teaser screenshot.

New SSH hostkey for fish, taking over AnonCVS/AnonRSYNC service

As announced in the earlier wlog entry about server reorg I’ve now switched over most services from the soon-to-be-defunct eurynome to fish, with gecko2’s www.ig42.org providing the redirection HTTP vhost for hostname-less mirbsd.org requests (i.e. people who don’t know how this works) and, soon, fallback HTTP services should they be needed. (He’s trusted with the SSL key and certificate.)
This also involves switching SSH hostkeys for AnonCVS, unfortunately; I’ve taken the chance to generate a fresh key for fish. Look in /MirOS/ for the files (gzsig(1) signed) hostkeys.gz or (PGP signed) hostkeys.asc for a less-dependent source for the new keys.


Code stuff

Interesting articles


Read More»

BSD News 02/05/2016

BSD News 02/05/2016
Add Comment

Last week in BSD

Releases: FreeBSD, BSDSec, OpenBSD, BSDnow, CheriBSD, BSDTalk, NFS, p2k16
Other news: SoloBSD, GhostBSD, OPNsense, pfSense, HardenedBSD


BSDSec


Releases

New stable release: HardenedBSD-stable 10-STABLE v44.3

New stable release: HardenedBSD-stable 10-STABLE v44.4

New stable version: HardenedBSD-stable HardenedBSD-11-CURRENT v46

HardenedBSD-11-CURRENT-v46 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
 

pfSense 2.3 Update 1 Available

Since the new pkg system enables us to update pieces of the system individually, rather than the monolithic updates of the past, we have released a patch that fixes the NTP CVEs covered by FreeBSD SA 16:16.ntp. Updating ntpd from 4.2.8p6 to 4.2.8p7 is the only change.
This update appears as 2.3_1, for update 1. This should not be confused with 2.3.1, which is a full maintenance release coming soon. 2.3_1 is only available for those already running 2.3 release.
Note for this update, your version number will remain the same afterwards, still showing as 2.3-RELEASE.
This update does not trigger a reboot. The NTP service needs to be manually restarted under Status>Services afterwards.

OPNsense 16.1.12 released

The progress for our upcoming version 16.7 now accumulates to 3 full months. To that end we are making the transition from ALPHA to BETA on the 16.7 development series. And since we have been asked to incorporate development change logs as well, look no further (well, look below).
Anyway, 16.1.12 brings a handful of anticipated additions like FreeBSD’s package manager version 1.7.2 and the ability to use CoDel / FQ-Codel in the traffic shaper. We have also started to move services to the plugin framework instead of having them in the base installation. And, maybe as a last point, initial work for fixing the trusty apinger utility for gateway monitoring has surfaced.
Het bericht OPNsense 16.1.12 released verscheen eerst op OPNsense.

GhostBSD 10.3 ALPHA1 is now ready for Testing

Yes we skip 10.2 for 10.3 since was FreeBSD 10.3 was coming we thought we should wait for 10.3. This is the first ALPHA development release for testing and debugging for GhostBSD 10.3, only as MATE been released yet which is available on SourceForge and for the amd64 and i386 architectures.

SoloBSD 10.3-STABLE-v44.3

SoloBSD 10.3-STABLE-v44.4

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.4
You can grab it from Here. (45.8 Mb)
root password: solobsd

News

Cheri-picking BSD | BSD Now 139

This week, Allan is out of town, but since when has that ever stopped us from bringing you a new episode of BSDNow? We have news, feedback & an excellent interview with Brooks Davis telling us about CheriBSD that you won’t want to miss.
View attached file (449 MB, video/mp4)

bsdtalk264 - Down the Gopher Hole

Playing around with the gopher protocol.   Description of gopher from the 1995 book "Student's Guide to the Internet" by David Clark. Also, at the end of the episode is audio from an interview with Mark McCahilll and Farhad Anklesaria that can be found at https://www.youtube.com/watch?v=oR76UI7aTvs
Check out http://gopher.floodgap.com/gopher/
File Info: 27 Min, 13 MB.
Ogg Link:https://archive.org/download/bsdtalk264/bsdtalk264.ogg

Code stuff 


Interesting articles



Read More»

BSD News 18/04/2016

Add Comment

Last week in BSD

Releases: pfSense, OPNsense
Other news: BSDSec, HardenedBSD, freeNAS, xhyve, FreeBSD


BSDSec

 

Releases

pfSense 2.3-RELEASE

The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on  a wide range of devices from desktop to mobile phones.
For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
The full list of changes is on the 2.3 New Features and Changes page.
To get to a release, we’ve closed 760 total tickets.  While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.
Downloads for New Installs
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

OPNsense 16.1.9 released

There is tremendous progress in the translations. It just so happens that we now have a comprehensive Russian translation as well which is going to be completed in the upcoming weeks. Many thanks to Smart-Soft Ltd. for making this happen. The contender is Japanese through the work of Chie Taguchi, who did most of the translation that we have had for a year. It is going to be a close race to the finish line for both languages. Then again, the whole translation team is doing an amazing job.
As polarising as it may be, we have added HTTPS support in the proxy server. Another noteworthy item is StrongSwan 5.4.0, which helps to address IPSec status page hangs that some have observed with complex setups. We are looking for feedback for these items, please do write in.

OPNsense 16.1.10 released

It has been a quite uneventful week. Suricata and Squid have been
upgraded to their latest versions and you can find their individual
change logs below. The next part of the Russian translation brings
it to number one with a dreamy 83% completed. Otherwise only small
fixes and improvements have been made and those will not even require
a reboot.

OPNsense 16.1.11 released

We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability, which shows us the good path we have been on since we started[1] and we will surely continue this security-aware trend.
In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed.


News

Introducing Full PIE Support

We at HardenedBSD have added support in 11-CURRENT for compiling nearly all of base as Position-Independent Executables (PIEs, for short). This work bumps hardening.version to 45. We've enabled PIE base for amd64 and i386 and hope to enable it for arm64 before or during BSDCan 2016. Compiling an application as a PIE enables it to take full advantage of ASLR. Without PIE support, the application itself is loaded at a fixed address, determined at compile time. As of this writing, only nine applications are not compiled as PIEs. At least two of them must stay that way (/sbin/init and /sbin/init.bak), so that leaves the outstanding list at seven. This is a huge leap forward for HardenedBSD. We have tested PIE base on several amd64 systems, both virtualized and bare metal. We have done multiple amd64 package builds with success. We would like to thank Bryan Drewery for his help.
An hbsd-update(8) update archive has been published for 11-CURRENT/amd64 with the "PIEified" base. Update at your leisure.
PIE base is enabled by default for amd64 and i386. We hope to enable it for ARM64 before or during BSDCan. Speaking of ARM64, we will be bringing ten Raspberry Pi 3 devices (which are ARM64) with us to BSDCan, eight of which will be given out to lucky individuals. We want the BSD community to hack on them and get ARM64/Aarch64 fully functional on them.

FreeNAS Mini XL | BSD Now 137

This week on BSD Now, I’m out of town for the week, but we have a special unboxing video to share with you that you won’t want to miss. That, plus the latest BSD news, is coming your way right now!
View attached file (257 MB, video/mp4)


Code stuff


Interesting articles


Wallpaper of the week 


 from http://freebsdwallpapers.blogspot.cz/
Read More»
Subscribe to: Posts ( Atom )