Issue 14
Published April 8, 2020

Last week we have seen releases of GhostBSD and NetBSD plus OpenBSD Errata for dhcpd. Read on because as always we cover all the rest of BSD world with the latest news and tutorials.

Releases

GhostBSD 20.03 Now Available. This new build comes with some minor system update and numerous software applications updates. What has changed since 20.02:

  • The default pkg configuration now points to the GhostBSD packages repository instead of FreeBSD.
  • Fixed Update Station to make sure it only runs pkg update alone.
  • Added code to make sure that the update icon appears appropriately.
  • Added wg in notnics of NetworkMgr to avoid adding wireguard as a nics.

The third release in the NetBSD-8 is now available. This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.

BSDSec

OpenBSD Errata: April 7th, 2020 (dhcpd). Errata patches for dhcpd have been released for OpenBSD 6.5 and 6.6. dhcpd could reference freed memory after releasing a lease with an unusually long uid. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. After patching, restart the dhcpd service.

As always, it's worth following BSDSec. RSS feeds and Twitter account available.

News

FreeBSD Office Hours - April 1 2020. This was the first of the FreeBSD Office Hours sessions. Each Office Hours session, they invite users, contributors, and developers to ask questions, and a team of developers will try to answer or direct the questioner in the appropriate direction.

MixerTUI 0.1 is out! MixerTUI is an audio mixer with a Terminal User Interface built on the FreeBSD sound system wiki.freebsd.org/Sound. It can show the current Sound Driver configuration and select an audio device: to get its information, change the volume or to set as default, the last feature allows to switch easily audio from/to laptop and hdmi, headphones and speakers, etc.

Extending support for the NetBSD-7 branch. Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), NetBSD team will announce the end-of-life of the N-2 branch, in this case NetBSD-7. They've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong. Security fixes will still be made to the NetBSD-7 branch.

NetBSD's LLDB work concluded. Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages. In February 2019, work on LLDB have started, as contracted by the NetBSD Foundation, working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support, porting to i386. March 2020 was the last month of contract. During it, the primary focus was to prepare integration of LLDB into NetBSD's src tree.

The ssh-copy-id utility is now included in DragonFly 5.8 and in -current. Useful for your next machine setup.

Tutorials

Tale of two hypervisor bugs - Escaping from FreeBSD bhyve. VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT.

Update Lenovo X260 BIOS with OpenBSD: X260 runs OpenBSD fine, but has no CD driver. But one might still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image. There are tools on OpenBSD to get this working.

NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial for NextCloud on OpenBSD.

"I’ve been playing with Bastille for a few months now. The more I use it, the more it makes 100% sense." Learn how to use Bastille, caddy, restic and more to build a self hosted secure static website on FreeBSD.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.

The Valuable News weekly series is dedicated to providing summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-04-06.

In Other BSDs for 2020/04/04 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!