Issue 62
Published March 31, 2021

This week we look at the NetBSD's donations, new FreeBSD release, security announcements, news and tutorials from the BSD world.

NetBSD donations and financial report for 2020

NetBSD nearly hit their 2020 donation milestone set after the release of 9.0 of $50,000. These donations have enabled them to fund significant work on NetBSD in 2020 such as:

  • an aarch64 package build server, victory.netbsd.org. Thanks to Western Washington University for hosting this machine.
  • Modernizing wi-fi network stack and release engineering work by Martin Husemann
  • LLDB support by Michał Górny
  • ptrace and GDB improvements by Kamil Rytarowski

If you are interested in seeing more work like this, please consider donating via PayPal or GitHub sponsors. The financial report for 2020 is also available.

Releases

FreeBSD 13.0-RC4 Released With POWER Fixes, Other Bugs Addressed: Last week saw FreeBSD 13.0-RC3 released as an "extra" build due to the fallout from the last minute WireGuard situation. Due to other bugs, FreeBSD 13.0-RC4 was issued today rather than going for the final release. FreeBSD 13.0-RC4 is now the second unplanned/as-needed release candidate ahead of the big FreeBSD 13.0 debut. FreeBSD 13.0-RC4 fixes an issue with scripted installations and also has several PowerPC fixes. FreeBSD 13.0-RC4 is also rounded out by a NETMAP memory leak fix, an issue with lock-unbound and some IPv6 deployments, updated to OpenSSL 1.1.1k over its recent security issues, and other various bug fixes.

BSDSec

FreeBSD Security Advisory FreeBSD-SA-21:07.openssl : This advisory covers two distinct OpenSSL issues: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the mplementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension results in a NULL pointer dereference in the server.

As always, it's worth following BSDSec. RSS feed and Twitter account available.

News

GSoC Reports: Make system(3), popen(3) and popenve(3) use posix_spawn(3) internally: This final report was prepared by Nikita Gillmann as a part of Google Summer of Code 2020

pkgsrc-2021Q1 branch announcement: In total, 381 packages were added, 61 packages were removed, and 2,349 package updates (to 2,064 unique packages) were processed since the pkgsrc-2020Q4 release. Updates include 29 R packages, 499 Python, and 332 Ruby packages. The default Go version in pkgsrc is now 1.16. As always, many packages have been brought up to date relative to upstream.

Valuable News – 2021/03/29: The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

FreeBSD Core Team Statement on FreeBSD Development Processes: In light of the recent commentary on FreeBSD's development practices, members of the Core team would like to issue the following statement. Also, over the next month the FreeBSD Core Team will lead a discussion on appropriate pre-commit testing, static analysis, code review, and integration policies to avoid a repeat of this situation and to continue improving FreeBSD's code quality.

In Other BSDs for 2021/03/27 : BSD-related news from last week.

KDE on FreeBSD 2021o2 : Let’s take a look at the big things that happened in KDE-on-FreeBSD in last six-and-a-half weeks.

BSD Now 395: Tracing ARM’s history : Tracing the History of ARM and FreeBSD, Make ‘less’ more friendly, NomadBSD 1.4 Release, Create an Ubuntu Linux jail on FreeBSD 12.2, OPNsense 21.1.2 released, Midnight BSD and BastilleBSD, and more.

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call: 40,000 lines of flawed code almost made it into FreeBSD's kernel—this article examines how.

kmalloc_obj added to DragonFly: Matthew Dillon has implemented per-zone memory management in DragonFly with the kmalloc_obj subsystem.

mport package manager updates: Several bug fixes have been made on the mport package manager. - it's now using a sha256 hash for verification of files rather than md5. - it gracefully ignores missing files on a mport update. - mport install can now update dependencies it needs to install a package.

Tutorials

FreeBSD on arm64 In The Cloud : FreeBSD/arm64 is the FreeBSD port to the 64-bit ARM architecture, also known as AArch64 or ARMv8. All supported FreeBSD releases include support for ARMv8 and there are many packages and ports (3rd party applications) available to support the software you normally deploy with FreeBSD.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay home and stay safe!