Security, Performance, and Interoperability; Introducing FreeBSD 14

submited 19 December 2023

The FreeBSD community is proud to herald the release of FreeBSD 14. FreeBSD 14 represents the 82nd release in the history of one of the world’s first open source projects, and contains over two and a half years of development work since the launch of the previous release. In this blog, we’ll take a look at these key themes to outline what’s new in FreeBSD 14, and more importantly, why it matters.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

Submit

20 February 2024
Valuable News – 2024/02/19  

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

19 February 2024
FreeBSD 14.0 Installation on Xneelo Dedicated Server  

Xneelo is a South African hosting provider offering dedicated servers. FreeBSD is not available as an operating system to install, however, it can installed from the rescue console using the depenguin.me installer. This article describes how to do that.

Run Your Own Mastodon Server on FreeBSD in a Potluck Container  

This article describes how Mastodon can easily be set up as a container (i.e. jail) with the help of Ansible, Pot and Potluck.

OpenBSD -current moves to 7.5-beta  

Theo de Raadt changed the version string for the OpenBSD development branch (i.e. -current) to 7.5-beta. With the upcoming release expected to appear in May, testing is particularly welcome. 7.5-beta snapshots are already appearing on the mirrors.

New wi-fi driver, qwx(4), enabled in OpenBSD -current  

The driver currently supports only 11a/b/g modes.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
17 February 2024
October-December 2023 Status Report  

This is the last 2023 quarter. As you have probably noticed, this status report comes later than usual and with fewer reports than the preceding quarter. Indeed, please keep in mind that the last quarter of every year is for many members of our community the quarter of the celebrations for Christmas and for the New Year, which implies that those members will spend more time with their families and will have less time for their favorite voluntary software projects. Thus there is less to report and reports tend to arrive later. But finally, here they are.

BSD Now 546 - Debunking FreeBSD Myths  

Debunking Common Myths About FreeBSD, Please, don’t force me to log in, Exploring FreeBSD service(8) basics, Failed Product Designs: A Laptop with Seven Screens, What’s a Permissive License – and Why Should I Care?, Beginning of the year Laugh.

16 February 2024
OpenBSD Errata: February 13, 2024 (unbound unwind)  

Errata patches for unbound and unwind have been released for OpenBSD 7.4 and 7.3. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.

15 February 2024
FreeBSD Errata Notice FreeBSD-EN-24:04.ip  

The race condition can trigger a NULL pointer dereference in the kernel, resulting in a kernel panic.

FreeBSD Errata Notice FreeBSD-EN-24:03.kqueue  

Using kqueue(2) with a process using rfork(2) can panic the system.

FreeBSD Security Advisory FreeBSD-SA-24:02.tty  

Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

FreeBSD Errata Notice FreeBSD-EN-24:02.libutil  

An unprivileged user may bypass the administrator's resource limits and/or CPU mask settings stemming from his login class provided he can run a (setuid) login-like program that: - - Calls setusercontext() with the LOGINSETRESOURCES and/or LOGINSETCPUMASK flags but without LOGINSETUSER (which excludes the use of LOGINSETALL), and with a non-NULL 'pwd' argument. - - Does so before changing the effective user ID to the target user. No programs in FreeBSD's base system, including login(1) and su(1), meet these requirements, but third-party programs may. In particular, sudo(8) does when using the default sudoers(5) plugin configured with the 'use_loginclass' flag enabled. doas(8) does not.

FreeBSD Errata Notice FreeBSD-EN-24:01.tzdata  

An incorrect time will be displayed on a system configured to use one of the affected time zones if the /usr/share/zoneinfo and /etc/localtime files are not updated, and all applications on the system that rely on the system time, such as cron(8) and syslog(8), will be affected. With the default configuration, FreeBSD systems cannot file updates to the installed leap-seconds.list file. Since no leap second was introduced at the end of 2023, the leap-seconds.list file included with all supported FreeBSD releases is still accurate. Moreover, ntpd(8) is able to receive updated leap second information from its peers. However, a diagnostic warning about an expired leap-seconds.list is printed at startup.

FreeBSD Security Advisory FreeBSD-SA-24:01.bhyveload  

In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

load more