The FreeBSD Security Team has identified an issue in bind and nfsserver and has issued the following security advisories:
Please read and take the recommended action(s).
Kris Moore has announced new images for PC-BSD 9.1-RELEASE (Isotope Infusion) and PC-BSD 9-STABLE (Based upon FreeBSD 9.2-BETA1)
These releases are among the first in our new “Rolling-Release” model, and will allow you to easily keep your system updated with bi-monthly package set updates along side your regular PBI updates. In addition the images now include support for creating and booting from ZFS boot-environments. Due to the nature of implementing ZFS boot-environments, users on previous installs of 9.1-RELEASE will need to perform a re-installation in order to take advantage of these ZFS features. With the upcoming release of 9.2, currently in BETA, existing users may opt to wait for its release in order to migrate to the newer version. Many additional new features are also listed in the notes below.
Highlights for 9.1-RELEASE
* FreeBSD 9.1-RELEASE
* Bootable ZFS Boot Environments
– Using GRUB2, any new ZFS boot-environments created via the “beadm” command will be added to the boot-loader and available at boot-time
* PNGNG support
– In addition to PBIs and the AppCafe, system admins and power users will now have access to a full PKGNG repository with frequent updates
* Switched over to CDN for downloads
– No more having to hunt for a closest mirror, downloads will automatically pull from our CDN service hosted by ScaleEngine
* New version of AppCafe
– New streamlining and PBI management functionality
* GitHub Migration
– All PC-BSD / TrueOS sources are now available via GitHub (https://github.org/pcbsd and https://github.org/trueos)
* Warden Updates
– Support for setting various jail options via the GUI
– Option to create jail “templates” based upon different versions of FreeBSD
– Support for VIMAGE jails
– Jails without any IPV4 or IPV6 address assigned
* Graphical PKGNG manager
– GUI supports basic or advanced mode, which allows full package management / upgrades
* Home directory encryption
– PEFS based encryption, allows users to encrypt their home-directory contents with their login password, which is only unencrypted while logged in
* Boot times improved substantially
These are some miscellaneous FreeBSD related links you may find interesting.
FreeBSD pkgng vs custom ports (Michael W. Lucas)
New BSDA Study DVD Released (nycbug mailinglist)
New ArchBSD ISO Install 2013-07-12 (ArchBSD)
PC-BSD now uses a Content Delivery Network (CDN) (PC-BSD Blog)
Glen Barber has announced the availability of the second BETA build for the FreeBSD-9.2 release cycle.
The second BETA build of the 9.2-RELEASE release cycle is now available
on the FTP servers for the amd64, i386, powerpc64 and sparc64
ISO images and, for architectures that support it, the memory stick images
are available here.
If you notice problems you can report them through the normal GNATS PR
system or here on the -stable mailing list.
Changes between -BETA1 and -BETA2 include:
Alfred Perlstein has announced the availability of FreeNAS 9.1.0-RC1.
This is the first release candidate for FreeNAS 9.1.0. We have passed a great alpha and rolling beta cycle with many bug fixes and regressions fixed. At this point, only bug fixes and regressions will be addressed.
Release Notes for FreeNAS 9.1.0-RC1:
Some of the major changes:
Check the forum post for all the details.
NodePaint is a new application for creating and editing images with nodes. Nodes are small operations that you can combine to achieve unlimited flexibility and creativity in your work. At any time you can go back and change any parameter in your node chain, which updates everything connected automatically.
NodePaint is in an early state of development, but has already usable for basic
image editing tasks. More features are added on a weekly basis.
The basic features are:
This video gives an overview of some of the possibilities NodePaint offers.
Thanks Heiko for your email to let me know about your project. If you’re working on a FreeBSD related project or offer a FreeBSD related service and want the world to know about it, let me know.
The first BETA build of the 9.2-RELEASE release cycle is now available on the FTP servers for the amd64, i386, and ia64 architectures.
If you notice problems you can report them through the normal GNATS PR
system or here on the -stable mailing list. If you would like to use SVN to do a source based update of an existing system use “stable/9”.
Please be aware that cvsup and CVS are both deprecated, and are not
supported methods of updating the src/ tree.
Important note to freebsd-update(8) users: Due to a last minute problem
found in the 9.2-BETA1 freebsd-update(8) builds, freebsd-update(8) is
NOT supported for 9.2-BETA1 upgrades. Please do not use
freebsd-update(8) to upgrade to 9.2-BETA1.
If all goes well and according to the release schedule FreeBSD 9.2 should be released around 31 August 2013.
GvE: Can you tell a bit about Verisign in general and yourself?
BK: Verisign is a provider of Internet infrastructure services, headquartered in Reston, VA, just over 20 miles from Washington, DC. As the global leader in domain names, Verisign powers the invisible navigation that takes people to where they want to go on the Internet. For more than 15 years, Verisign has operated the infrastructure for a portfolio of top-level domains that today includes .com, .net, .tv, .edu, .gov, .jobs, .name and .cc, as well as two of the world’s 13 Internet root servers (A & J-root DNS servers). Verisign’s product suite also includes Distributed Denial of Service (DDoS) Protection Services, iDefense Security Intelligence Services and Managed DNS. These services help companies identify potential cyber threats and mitigate them before they impact the business’s network availability and overall Internet presence.
As senior vice president and CTO of Verisign, I work with the company’s technology and business leaders to advance the company’s long-term technology vision through applied research, university collaboration, industry leadership and patent strategy. I was previously the founding scientist of RSA Laboratories, where my contributions included the development of the Public-Key Cryptography Standards (PKCS), now widely deployed in internet security.
GvE: Does Verisign Inc use FreeBSD internally?
BK: Verisign began deploying FreeBSD approximately 3 years ago. It is used to support Internet operations on a global scale.
GvE: Does Verisign contribute to FreeBSD?
BK: Yes. In 2012, Verisign became a bronze level donor to the FreeBSD Foundation. Verisign has contributed both code and concepts to the FreeBSD project, in the areas of sysinstall/bsdinstall, the VFS subsystem, device drivers, and kernel code.
GvE: Why did Verisign decide to set up a new conference? Was there a special reason for this?
BK: Verisign had been looking to contribute back to the BSD community in various ways. After attending MeetBSD 2012, Verisign felt that hosting a BSD conference was an appropriate way to show our support and to give back to the community. The Internet enables so many more people all over the world to connect and collaborate, but meeting in person at conferences still adds depth and breadth to those interactions. By bringing together members of the BSD community for a series of roundtable discussions, educational sessions, and best practice conversations, we are hoping to help advance the goals of the FreeBSD Project and community worldwide.
GvE: Can you tell us a bit more about vBSDcon 2013?
BK: Verisign’s Technology Services Group is hosting a BSD-related conference for BSD developers, engineers, and administrators on October 25 – 27, 2013 at the Dulles Hyatt in Dulles, VA. The conference will slightly resemble an unconference concept with a single track and nine or 10 speakers. In other words, we are planning a series of plenary speakers along with lightning talks and birds-of-a-feather discussions in one track over the weekend.
The weekend will start with a welcome dinner on Friday evening sponsored by Verisign. Saturday and Sunday are the main conference days. A mid-conference social event is being planned for Saturday evening following a 20-year anniversary theme for FreeBSD. The BSD Certification Group will administer the BSDA exam on Saturday following the completion of conference activities and before the mid-conference social.
The vBSDcon website, hosted at http://www.vbsdcon.com/, is currently in development and will be functional by the end of July 2013. The website will provide detailed information on the conference schedule, participating speakers, presentation abstracts, the registration process, and sponsorship packages. A link will be provided for registrants to register for the BSDA exam at the BSD Certification Group’s website.
GvE: Which speakers have you lined up for the conference?
BK: We have an excellent group of presenters scheduled to appear at vBSDcon, including David Chisnall (FreeBSD Core Team), Luigi Rizzo (netmap developer), Baptiste Daroussin (PkgNG developer), Devin Teske (bsdconfig developer), Henning Brauer (OpenBSD developer), Reyk Floeter (OpenBSD developer), Scott Long (Netflix), Kris Moore (PC-BSD director/developer), and John Hixson (FreeNAS).
GvE: Thank you so much, Burt (and Verisign), for taking the time out to answer these questions, for organising this conference and for promoting FreeBSD.
If you have any other questions you’d like to have answered, drop me a line or leave a comment and I’ll get in touch with Verisign for the answer(s).
This issue of BSD Magazine is dedicated to security concepts including Elliptic Curve Cryptography, Security Policy Development in TrustedBSD MAC Framework and Naxsi, the Nginx Web Application Firewall. Moreover, you will find articles about MaheshaOpenBSD and CSS programming.
You’ll find the following subjects inside:
From the table of contents: