BSD News 01/06/15

Last week in BSD

Releases: OPNsense
Other news: Lumina Desktop, pkgsrcCon, BSDnow, Hammer, PC-BSD, DragonFly BSD, Wallpaper

Releases

OPNsense version 15.1.11 Released

Here is the full list of changes for 15.1.11:

• core: removed unused package dependencies b42-fwcutter, bwi-firmware-kmod, dmidecode, ifstated, pecl-ssh2
• core: switched back from bind-tools to the latest full bind 9.10 package due to various requests
• src: fix panic in pf(4) in conjunction with ALTQ[3]
• src: updated to FreeBSD 10.0-RELEASE-p10[4][5]
• src: reverted two more custom patches to align with FreeBSD
• ports: updated to ca_root_nss 3.19, sqlite3 3.8.10.1, php56 5.6.9[6], openssh-portable 6.8p1_7[7]
• opnsense-update: exclude /etc/tty from the upgrade
• bsdinstaller: reworked the internals to align to modern port standards
• captive portal: switched rules generation to new template engine
• firmware: reimplement the GUI firmware update using MVC code
• menu: remove collapse/expand inconsistencies
• dashboard: fix disabled widgets dialog
• nat: fixed delete of multiple item
• nat: fix display of disabled rules
• queues: the legacy ALTQ traffic shaper is now found under “Firewall: Queues” to make room for the upcoming traffic shaper reimplementation based on IPFW/dummynet
• core: fix faulty read of /var/log/dmesg.boot

OPNsense version 15.1.11.1 Released 

• crypto: regenerate DH parameters for 1024, 2048 and 4096 bit
• crypto: tweak the web server config to harden against Logjam

Other news

Announcing pkgsrcCon 2015 in Berlin 

The 10th pkgsrcCon is happening on the weekend of July 4th and 5th 2015 in Berlin. Developers, contributors, and users are all welcome to attend.
More details can be found on the pkgsrcCon 2015 website.
Everyone is welcome to make a presentation. So please do! If you already have title or topic please send an email to wiedi@frubar.net.

HardenedBSD Poll: linuxulator Removal 

The linuxulator (the Linux emulation/translation layer in FreeBSD) has recently undergone a major overhaul. Many of FreeBSD's userbase relies on the linuxulator to provide things like the Adobe Flash Player browser plugin, linux browsers, and certain linux-centric tasks. The linuxulator provides a set of security challenges. It is yet another attack vector. The core HardenedBSD team would like to completely remove the linuxulator from HardenedBSD's codebase.
What would be removed:

1. linuxulator and its dependents
2. linprocfs (pending investigation, this might not be removed)
3. packages that require the linuxulator

Should the linuxulator be removed?

Recent dragonfly-master users: update 

If you were running a version of DragonFly 4.1 (i.e. the master version, not release) built between the 20th and 25th, rebuild.  There’s a UFS bug introduced in that short timeframe.
If you are running 4.0.x release or built your version of DragonFly-master outside of that date range – you are unaffected.

Vox Populi | BSD Now 91   

This week on the show, we've got something pretty different. We went to a Linux convention and asked various people if they've ever tried BSD and what they know about it. Stay tuned for that, all this week's news and, of course, answers to your emails, on BSD Now - the place to B.. SD.

Code stuff

Recent Hammer2 work
More Hammer 2 improvements 
In Other BSDs for 2015/05/30 

Interesting articles

Lumina Desktop Status Update/FAQ 
PC-BSD 10.1.2: an Interview with Kris Moore
[05/29/2015] zfscron - A great idea from the BSDNow podcast to backup your home directory.

Wallpaper of the week

from https://www.freebsd.org/logo.html

Read More»

BSD News 25/05/15

Last week in BSD

Releases: PC-BSD
News: FreeBSD, OpenBSD, ArchBSD, PacBSD, Hammer, BSDnow, pkgsrcCon, HardenedBSD, Wallapper

Releases

PC-BSD 10.1.2 Released

• New PersonaCrypt Utility
  • Allows moving all of users $HOME directory to an encrypted USB Drive. This drive can be connected at login, and used across different systems
  • Stealth Mode — Allows login to a blank $HOME directory, which is encrypted with a one-time GELI key. This $HOME directory is then discarded at logout, or rendered unreadable after a reboot
• Tor mode — Switch firewall to running transparent proxy, blocking all traffic except what is routed through Tor.
• Migrated to IPFW firewall for enabling VIMAGE in 10.2
• Added sound configuration via the first boot utility
• Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media
• New HTML handbook, updated via normal package updates
• Media Center support allowing direct login to Kodi and PlexHomeTheater for the 10ft user experience
• Switch to new AppCafe interface, with remote support via web-browser
• Improvements to Online Updater, along with GRUB nested menus for Boot-Environments
• Migrate all ports to using LibreSSL instead of OpenSSL
• Switch from NTPD to OpenNTPD
• Lumina desktop 0.8.4
• Chromium 42.0.2311.135
• Firefox 38.0
• NVIDIA Driver 346.47
• Pkg 1.5.2

 

HotFix release to 10.1.2 – Now available 

A minor hotfix update to the 10.1.2 ISO’s has been released today. This includes fixes to advanced installation using raidz, cache and log devices, as well as a fix to the text-installer when booted in UEFI mode. Users who have already installed 10.1.2 will not need to download, and can instead online-update to install any fixes.
Download Now

Other news

Heads Up: spamd(8) PF Rule Change

With a recent commit, Reyk Flöter (reyk@) flipped the switch on spamd(8)'s pf interfacement:

hange spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.

Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.

Those of you running spamd setups looking to upgrade need to double-check your pf configurations to make sure they still work the way you expect.

ArchBSD changes to PacBSD 

Over the next few days we will be migrating to a new name for the project. Due to potential trademark issues with using ArchBSD and our current logo. We have decided to rename the project.
The new name can currently be used to browser the website, but our current certificates only work with ArchBSD.net, so there will be warnings when browsing with https. We will have to wait a few days before our new certificate will be generated to work with *.pacbsd.org.
The Organization on git has been updated and can be found: PacBSD
After the migration to our new name PacBSD we will be switching to a new website and new logo.

ZFS Armistice | BSD Now 90   

This time on the show, we'll be chatting with Jed Reynolds about ZFS. He's been using it extensively on a certain other OS, and we can both learn a bit about the other side's implementation. Answers to your questions and all this week's news, coming up on BSD Now - the place to B.. SD. 

Announcing pkgsrcCon 2015 in Berlin   

The 10th pkgsrcCon is happening on the weekend of July 4th and 5th 2015 in Berlin. Developers, contributors, and users are all welcome to attend.
More details can be found on the pkgsrcCon 2015 website.

Everyone is welcome to make a presentation. So please do! If you already have title or topic please send an email to wiedi@frubar.net.

Code stuff

Automatic encryption of swap
Hammer abort-cleanup added 
In Other BSDs for 2015/05/23 

Interesting articles

freebsd-wifi-build, or "wait, you can run freebsd on atheros MIPS access points? where do I get that?" 
A scanning tip 
Lumina Desktop Status Update/FAQ

Wallpaper of the week

Not really. http://fapp.to/hardenedbsd-mate-desktop/

Read More»