LibreSSL 3.2.4 Released

submited 16 February 2021

It includes the following bug and interoperability fixes:

  • Switch back to certificate verification code from LibreSSL 3.1.x. The new verifier is not bug compatible with the old verifier causing issues with applications expecting behavior of the old verifier.
  • Unbreak DTLS retransmissions for flights that include a CCS
  • Only check BIOshouldread() on read and BIOshouldwrite() on write
  • Implement autochain for the TLSv1.3 server
  • Use the legacy verifier for autochain
  • Implement exporter for TLSv1.3
  • Free alertdata and phhdata in tls13recordlayer_free()
  • Plug leak in x509verifychain_dup()
  • Free the policy tree in x509vfycheck_policy()
The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


01 March 2021
BastilleBSD on MidnightBSD  

MidnightBSD has recently added a new port, mports/sysutils/bastille that allows you to manage containers. This is a port of a project that originally targetted FreeBSD, but also works on HardenedBSD.

Development Release: FreeBSD 13.0-BETA4  

The fourth beta snapshot of FreeBSD 13.0 is now available for download and testing. This is an unplanned release which means that the final build of FreeBSD 13.0 has been rescheduled to arrive a week later than originally envisaged, on 30 March. "The fourth BETA build of the 13.0-RELEASE release cycle is now available. A summary of changes since 13.0-BETA3 includes: a possible race between jailremove(2) and fork(2) had been fixed; an issue with the pf(4) osfp configuration had been fixed; an update to the ena(4) driver had been added; a bug fix to flex(1) had been addressed; fixes for FreeBSD-SA-21:06.xen and FreeBSD-SA-21:03.pamlogin_access had been addressed; a fix to ZFS to address a potential system crash if scrubbing after removing a slog device had been addressed; other miscellaneous fixes."

26 February 2021
resolvd(8) - daemon to handle nameserver configuration  

Florian Obser ([email protected]) imported resolvd(8), a daemon for handling nameserver configuration.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
25 February 2021
i386 tear shedding  

Follow-up about FreeBSD jail advantages, Install Prometheus, Node Exporter and Grafana, Calibrate your touch-screen on OpenBSD, OPNsense 21.1 Marvelous Meerkat Released, NomadBSD 1.4-RC1, Lets all shed a Tear for 386, find mostly doesn't need xargs today on modern Unixes, OpenBSD KDE Status Report, and more.

OpenBSD Errata: February 24th, 2021 (pffrag)  

Errata patches for the kernel have been released for OpenBSD 6.7 and 6.8. A sequence of overlapping IPv4 fragments could crash the kernel in pf due to an assertion. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

Tracing the History of ARM and FreeBSD  

FreeBSD developers started working on support for 32-bit ARM chips during FreeBSD 6.0. (For reference, this was 4 years before the Raspberry Pi was introduced.) The support for 32-bit ARM was officially added to the kernel in FreeBSD 7.0 in February of 2008. Support for 64-bit ARM processors was added a few years later in FreeBSD 11 in October 2016.

MidnightBSD 2.0.5  

New 2.0.5 release tagged in git. Fixes: pam security issue. Updates: mport 2.0.5 tzdata 2021a Now uses sysrc for firstboot script.

load more