Issue 16
Published April 22, 2020

OpenZFS has now merged the new FreeBSD support. Plus all the rest of BSD world with the latest releases, news, tutorials and security announcements.

OpenZFS Merges The New FreeBSD Support

FreeBSD developers have been working on transitioning to using OpenZFS as their ZFS file-system upstream code rather than the dormant Illumos base. That initial FreeBSD support has been mainlined this week into the OpenZFS repository, now providing a common code-base between for the open-source ZFS file-system code between Illumos, FreeBSD, Linux, and work-in-progress macOS.

The FreeBSD code was merged this week into the OpenZFS repository and in turn FreeBSD ports is now making use of this branch.

Compared to the existing ZFS support in FreeBSD, migrating to OpenZFS means better SSD TRIM support, native encryption capabilities, persistent L2ARC, and a variety of new/improved features compared.

Up until this chage, sync writes to a ZVOL were done serially. But with the new code, ZVOLs are processed concurrently with sync writes in parallel. Following this change, "The result is that the throughput of sync writes is tripled."

Releases

FuryBSD 2020-Q2 images are available for XFCE, and KDE. The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support.

BSDSec

OpenBSD Errata: April 19th, 2020 (drm): Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6. There was an incorrect test for root in the DRM Linux compatiblity code. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility.As these affect the kernel, a reboot will be needed after patching.

FreeBSD Errata Notice FreeBSD-EN-20:07.quotad. The Network File System (NFS) allows a system to share directories and files with others over a network. By using this, users and programs can access files on remote systems almost as if they were local files.

FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw. The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces. Incomplete packet data validation may result in accessing out-of-bounds memory (CVE-2019-5614) or may access memory after it has been freed (CVE-2019-15874).

FreeBSD Security Advisory FreeBSD-SA-20:11.openssl. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognized signature algorithm is received from the peer.

As always, it's worth following BSDSec. RSS feeds and Twitter account available.

News

Bastille 0.6.20200414 has been published to GitHub. This is a hotfix release to address reported issues. Upgrading is recommended! Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.

FreeBSD progress on Slimbook Base14: Some notes on the – thusfar unsuccessful – work towards getting a full KDE-on-FreeBSD environment working on the Slimbook Base14. tl;dr version: “driver issues”.

OpenBSD on the HP Envy 13: After one user managed to break their existing setup, they decided to give OpenBSD a try and put a blowfish in their laptop.

If you want to work on Bluetooth on DragonFly, there’s more people adding to the bounty.

rpki-client 6.6p2 has just been released. It is the first public portable release of the rpki-client code, available in OpenBSD. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement.

Tutorials

Setting Up Users, Permissions, and ACLs on FreeNAS: In this tutorial, we’re going to talk about setting up Users, Permissions, and ACLs in FreeNAS. ACL stands for Access Control List, which designates access control entries for users and administrators on FreeNAS systems, specifically for Windows SMB shares.

Using OpenVPN with Multi-WAN: OpenVPN servers can be used with any WAN, or multiple WANs, as can OpenVPN clients. This document covers only a remote access OpenVPN server, but a similar process could be applied for site to site VPNs.

3-Antivirus Protection using OPNsense Plugins: This How To video will use the Plugins C-ICAP and ClamAV to protect your Network with OPNsense.

This write up is going to consist of “things to do” after you have FreeBSD installed. While not necessarily a set of standards, it is essentially what author did to get their development environment up and running on FreeBSD.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.

The Valuable News weekly series is dedicated to providing summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020/04/20.

In Other BSDs for 2020/04/18 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!