Announcing The HardenedBSD Foundation

submited 18 September 2018

On 06 September 2018, HardenedBSD Foundation Corp was granted 501(c)(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

Submit

12 July 2020
In Other BSDs for 2020/07/11  

BSD related items from DragonFlyBSD digest

10 July 2020
Sponsor NetBSD project on Github  

You can now sponsor The NetBSD Foundation on Github Sponsors. Tiers range from 5 to 500 $ and can get you different rewards, such as link on their website or dedicate resources to either pkgsrc bulk builds or source builds on two platforms of your choice.

Donations to The NetBSD Foundation allow the project to purchase build hardware and fund development.

GitHub does not charge fees for GitHub Sponsors. They cover payment processing costs, so one-hundred percent of your sponsorship goes to the developers and organizations.

OpenBSD Errata: July 9th, 2020 (shmget)  

Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7. shmget IPC_STAT leaked some kernel data. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
09 July 2020
Jailing GUI Applications  

This is a short tutorial on how to run GUI applications jailed. This is done primarily for Firefox but the same principle can be applied for any other application.

FreeBSD Errata Notices and Security Advisories  
  • FreeBSD Security Advisory FreeBSD-SA-20:19.unbound - Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service. A malicious query can cause a traffic amplification attack against third party authoritative nameservers.
  • FreeBSD Security Advisory FreeBSD-SA-20:20.ipv6 - The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.
  • FreeBSD Security Advisory FreeBSD-SA-20:18.posix_spawnp - posix_spawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable.
  • FreeBSD Errata Notice FreeBSD-EN-20:14.linuxkpi - A bug in one of the LinuxKPI subroutines could cause a kernel panic.
  • FreeBSD Errata Notice FreeBSD-EN-20:15.mps - mps(4) implements a pass-through interface which allows privileged user processes to submit commands directly to disks behind the controller. A bug in the code which copies command results out to the requesting process could cause a kernel panic.
  • FreeBSD Errata Notice FreeBSD-EN-20:13.bhyve - When an attempt is made to pass through a PCI device to a bhyve(8) VM (causing initialization of IOMMU) on certain Intel chipsets using VT-d the PCI bus stops working entirely resulting in a host crash. This issue occurs at least on the Intel Skylake series processors and those released later. A device passed through to a guest VM running OpenBSD at least since version 6.4 on both AMD and Intel processors may not fully work in the guest. OpenBSD issues 4-byte PCI configuration-space register reads and writes to consecutive 2-byte fields, which were not handled correctly by bhyve(8).
08 July 2020
minio Distributed Mode on FreeBSD  

minio is a well-known S3 compatible object storage platform that supports high availability features. This document described how to set it up on FreeBSD as a high availability platform. The certificate setup described might be interesting even if you plan to run minio on another platform and not FreeBSD.

Timecounters available to userland in -current  

Paul Irofti ([email protected]) added support for reading timecounters in userland without making a syscall.

Tutorial sites treating FreeBSD like a Linux distro  

It is true that FreeBSD often gets treated as a Linux distro. Is this good? Is this bad? Should we do something about it?

BSD Weekly 27: FreeBSD Core Team Office Hours  

Main topic of this week is new Core Team of FreeBSD and newly announced Core Team Office Hours. Then we take a look at the rest of BSD world with latest releases, news and tutorials.

07 July 2020
NomadBSD 1.3.2 released with FreeBSD 12.1-p6 Foundation - Community Blog  

The NomadBSD team has announced the release of versoin 1.3.2 which is based on FreeBSD 12.1-p6.

NomadBSD 1.3.2 released  

The release of NomadBSD 1.3.2 is now available, base system has been upgraded to FreeBSD 12.1-p6.

Booting DragonFly on APU2 boards  

If you happen to have an APU2, here’s some tips on the boot process.

FreeBSD 12.1-RELEASE Now Available on Microsoft Azure Marketplace  

The FreeBSD Azure Release Engineering Team is pleased to announce the availability of FreeBSD 12.1-RELEASE on Microsoft Azure Marketplace.

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_1

Please provide feedback and report issues to the [email protected] mailing list: https://lists.freebsd.org/mailman/listinfo/freebsd-cloud

This work is sponsored by the FreeBSD Foundation, with technical assistance from Microsoft.

First powerpc64 snapshots available for OpenBSD  

Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform. So, if you have a POWER8 system idling around, go to your nearest mirror and fetch a snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.

load more