Issue 28
Published July 15, 2020

Main topic of this week are first reports from GSoC. Then we take a look at the rest of BSD world with latest news and tutorials.

NetBSD Summer of Code first reports

NetBSD is taking part in Google Summer of Code this year again. First reports are in:

Releases

Seems to be none.

BSDSec

FreeBSD Security Advisory FreeBSD-SA-20:19.unbound - Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service. A malicious query can cause a traffic amplification attack against third party authoritative nameservers.

FreeBSD Security Advisory FreeBSD-SA-20:20.ipv6 - The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.

FreeBSD Security Advisory FreeBSD-SA-20:18.posix_spawnp - posix_spawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable.

FreeBSD Errata Notice FreeBSD-EN-20:14.linuxkpi - A bug in one of the LinuxKPI subroutines could cause a kernel panic.

FreeBSD Errata Notice FreeBSD-EN-20:15.mps - mps(4) implements a pass-through interface which allows privileged user processes to submit commands directly to disks behind the controller. A bug in the code which copies command results out to the requesting process could cause a kernel panic.

FreeBSD Errata Notice FreeBSD-EN-20:13.bhyve - When an attempt is made to pass through a PCI device to a bhyve(8) VM (causing initialization of IOMMU) on certain Intel chipsets using VT-d the PCI bus stops working entirely resulting in a host crash. This issue occurs at least on the Intel Skylake series processors and those released later. A device passed through to a guest VM running OpenBSD at least since version 6.4 on both AMD and Intel processors may not fully work in the guest. OpenBSD issues 4-byte PCI configuration-space register reads and writes to consecutive 2-byte fields, which were not handled correctly by bhyve(8).

OpenBSD Errata: July 9th, 2020 (shmget): Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7. shmget IPC_STAT leaked some kernel data. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

As always, it's worth following BSDSec. RSS feed and Twitter account available.

News

Sponsor NetBSD project on Github You can now sponsor The NetBSD Foundation on Github Sponsors. Tiers range from 5 to 500 $ and can get you different rewards, such as link on their website or dedicate resources to either pkgsrc bulk builds or source builds on two platforms of your choice. Donations to The NetBSD Foundation allow the project to purchase build hardware and fund development. GitHub does not charge fees for GitHub Sponsors. They cover payment processing costs, so one-hundred percent of your sponsorship goes to the developers and organizations.

Tutorial sites treating FreeBSD like a Linux distro: It is true that FreeBSD often gets treated as a Linux distro. Is this good? Is this bad? Should we do something about it?

Timecounters available to userland in -current: Paul Irofti (pirofti@) added support for reading timecounters in userland without making a syscall.

Jailing GUI Applications: This is a short tutorial on how to run GUI applications jailed. This is done primarily for Firefox but the same principle can be applied for any other application.

Tutorials

minio Distributed Mode on FreeBSD: minio is a well-known S3 compatible object storage platform that supports high availability features. This document described how to set it up on FreeBSD as a high availability platform. The certificate setup described might be interesting even if you plan to run minio on another platform and not FreeBSD.

Dummynet: The Better Way to Build FreeBSD Networks: Dummynet is the FreeBSD traffic shaper, packet scheduler, and network emulator. Dummynet allows you to emulate a whole set of network environments in a straight-forward way. It has the ability to model delay, packet loss, and can act as a traffic shaper and policer. Dummynet is roughly equivalent to netem in Linux, but we have found that dummynet is easier to integrate and provides much more consistent results.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more.

The Valuable News weekly series is dedicated to providing summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-07-13.

In Other BSDs for 2020/07/11 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!