Issue 86
Published September 29, 2021

MidnightBSD and OPNsense releases plus all the latest news and tutorials from BSD world.

Releases

OPNsense 21.7.3 released: This release finally brings in Suricata version 6 as well as OpenVPN tls-crypt support, automatic user creation on LDAP-based logins and more. As a general note the Realtek vendor driver currently bundled with the base system will be moved to a plugin-based kernel module in version 22.1 and the original re(4) driver inside FreeBSD 13 will be restored. To ease migration and because the version maintained in FreeBSD ports actually offers additional fixes we have inlcuded the new plugin into this build.

MidnightBSD 2.1.0 is now available for amd64 and i386: This is an incremental release focusing on bug fixes, improvements to the package manager and a new system compiler.

BSDSec

OpenBSD Errata: September 27, 2021 (libressl): An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. A stack overread could occur when checking X.509 name constraints. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility.

OpenBSD Errata: September 27, 2021 (sshd): An errata patch for sshd(8) has been released for OpenBSD 6.8 and OpenBSD 6.9. sshd(8) from OpenSSH 6.2 (OpenBSD 5.3) through 8.7 (OpenBSD 6.9) failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege. Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.

News

Measuring power efficiency of a CPU frequency scheduler on OpenBSD: Solenne started to work on the OpenBSD code dealing with the CPU frequency scaling. The current automatic logic is a trade-off between okay performance and okay battery. She’d like the auto policy to be different when on battery and when on current (for laptops) to improve battery life for nomad users and performance for people connected to the grid.

OpenBGPD 7.2 released: We have released OpenBGPD 7.2, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon.

OpenBSD on the Vortex86DX CPU: This is the OpenBSD counterpart of Frederic Cambus’s article about running NetBSD on the Vortex86DX CPU, and its purpose is mostly to archive a dmesg entry and various benchmarks for this machine

OpenBSD and Wayland: Experience and thoughts about trying to port Wayland to OpenBSD.

In Other BSDs for 2021/09/25: BSD-related news from last week.

BSD Now 421: ZFS eats CPU : Useless use of GNU, Meet the 2021 FreeBSD GSoC Students, historical note on Unix portability, vm86-based venix emulator, ZFS Mysteriously Eating CPU, traceroute gets speed boost, and more.

Tutorials

How to Configure OPNsense for a Directly Connected PC or Server: One of the most common ways to set up a home network with OPNsense is to use the following configuration: Internet > modem > OPNsense > network switch(es) > end devices/wireless access points. Many network appliances will have more than 2 ports/interfaces. You may use the extra ports to attach network switches or other devices you may have on your network including PCs, laptops, game consoles, media servers/players, and wireless access points. This may be a convenient option for you based on the location of your OPNsense box.

What Makes a Good Time to Use OpenZFS Slog and When Should You Avoid It : In this article, they’re talking about the OpenZFS SLOG. Find out, among others, about synchronous vs asynchronous writes and the ZIL, why you should use a SLOG and on what type of devices.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Take a vaccine and stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.