FreeBSD Errata Notice FreeBSD-EN-21:09.pf - pf(4) may fail to load filtering rules if they cause the default requestmaxcount bound to be exceeded. Users that relied on loader.conf to increase the requestmaxcount value could see their rules fail to load.
FreeBSD Security Advisory FreeBSD-SA-21:08.vm - A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.
Very small and compact solution for notifications on X11 desktop – herbe – as its author describes it – its daemon-less notifications without D-Bus. Minimal and lightweight.
Enjoying DiscoverBSD? There is more...
Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles.
It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).
Since Unbound DNS in OPNsense does not support DNS over HTTPS (DoH) directly, it was necessary to use the DNSCrypt-Proxy plugin. The plugin also supports DNS over TLS (DoT). However, Unbound gained native support for DoT at some point in time, which is very nice. Because of built-in support for DoT, the configuration of DNS over TLS becomes pretty trivial.
iostat provides a window into the i/o effort of the storage subsystem. You can use it to determine usage patterns, bottlenecks and poor behavior at a glance. It can produce data to support conclusions and suggest further avenues of investigation when used judiciously. In this article, we will dissect its output and introduce disk subsystem troubleshooting using statistical output from iostat.
Errata patches for the X server have been released for OpenBSD 6.7 and 6.8. Input validation failures in X server XInput extension can lead to privileges elevations for authorized clients. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility.