Issue 166
Published November 15, 2023

Seems like we’re in a release part of the year. New Midnight 3.1.1 and NetBSD 10 RC1 are here.


MidnightBSD 3.1.1: Includes several security fixes plus updates to the mport package manager.

NetBSD 10.0 RC1 available: The netbsd-10 release branch is more than a year old now, so it is high time the 10.0 release makes it to the front stage. This matches the long time it took for the developement branch to get ready for branching, a lot of development went into this new release.


FreeBSD Security Advisory FreeBSD-SA-23:16.cap_net: Casper services allow limiting operations that a process can perform. Each service maintains a specific list of permitted operations. Certain operations can be further restricted, such as specifying which domain names can be resolved. During the verification of limits, the service must ensure that the new set of constraints is a subset of the previous one. In the case of the cap_net service, the currently limited set of domain names was fetched incorrectly. In certain scenarios, if only a list of resolvable domain names was specified without setting any other limitations, the application could submit a new list of domains including include entries not previously in the list.

FreeBSD Errata Notice FreeBSD-EN-23:13.freebsd-update: Some systems use non-default configurations referred to as “deep” boot environments. Deep boot environments place datasets belonging to the boot environment subordinate to the boot environment dataset itself, rather than elsewhere in the pool structure. This kind of boot environment requires the -r flag to bectl(8) for most operations in order to recurse on these subordinate datasets, but freebsd-update(8) was not recursing when creating a backup boot environment. Without recursing in bectl(8), backups taken of a deep boot environment are not complete snapshots of the system state before the upgrade takes place. This means that it’s potentially painful to try and rollback to the pre-upgrade state after the upgrade has completed.

FreeBSD Errata Notice FreeBSD-EN-23:14.regcomp: In some instances, the regcomp() implementation would inadvertently sign-extend a character in the regular expression. Additionally, alphabetic wide-characters were not properly being considered as such. Regular expressions supplied to grep(1) or sed(1) that contained an alphabetic wide-character would incorrectly error out as if a bogus trailing backslash had been supplied.

FreeBSD Security Advisory FreeBSD-SA-23:15.stdio: For line-buffered streams the __sflush() function did not correctly update the FILE object’s write space member when the write(2) system call returns an error. Depending on the nature of an application that calls libc’s stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overfly may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.


clang(1) / llvm updated to version 16: Naturally, this has involved supporting work elsewhere in base, and in ports.

Valuable News – 2023/11/13: The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

BSD Now 532: 2^18 dollars sponsorship: 218 dollars to open source, EuroBSDCon 2023 Trip Report, FreeBSD vs Linux (Debian), Introduction to sysclean8, Run your own Syncthing discovery server on OpenBSD, FreeBSD years: 2000-2005, Using OpenBSD relayd(8) as an Application Layer Gateway, and more.

September/October 2023 Issue of the FreeBSD Journal is Here: The most recent issue of the FreeBSD Journal is now available. It focuses on Ports and Packages and contains articles on “Custom Poudriere Packages in Your Own Repository,” “Wazuh and MITRE Caldera Using FreeBSD Jails,” and more.


GPU passthrough on Proxmox VE - Deploying a cloud image of OpenBSD 7.3: This is the fourth in a series of five articles covering the installation and configuration of VMs (Linux, Windows, macOS and BSD) in PCI Passthrough on Proxmox VE 8. In this article, we’ll explore together how to easily create and deploy a VM with a full desktop (under Mate), using an unofficial OpenBSD image adapted to Cloud-init, while benefiting from good graphics acceleration thank of GPU Passthrough.

OpenZFS Storage Best Practices and Use Cases – Part 1: Snapshots and Backups: In a new series of articles on OpenZFS, they’ll go over some universal best practices for OpenZFS storage, and then dig into several common use cases along with configuration tips and best practices specific to those use cases.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.