GhostBSD 4.0 Karine is now available

ghostbsd_1The GhostBSD Team is pleased to announce the availability of GhostBSD 4.0 Karine. This is the first release of the 4.* branch, which is base on FreeBSD 10 and introduces some new features.

Some of the highlights:

  • GCC is no longer installed by default, clang is the default compiler.
  • make(1) has been replaced with bmake(1), obtained from the NetBSD Project.
  • pkg(7) is now the default package management utility.
  • pkg_add(1), pkg_delete(1), bxpkg and related tools have been removed.
  • Networkmgr is the default network manager.
  • Mate is the default Desktop.
  • 3 workstation to chose

Download the ISO/image file here: http://www.ghostbsd.org/download

Check out the official announcement here: http://ghostbsd.org/4.0-release

Debian kFreeBSD at risk of being dropped

debiaDebian developers warned in a mailing list post that Debian kFreeBSD is at risk of being dropped from official support.

kFreeBSD
========

We remain gravely concerned about the viability of this port. Despite
the reduced scope, we feel that the port is not currently of sufficient
quality to feature as a fully supported release architecture in Jessie.
However, we accept that our published view of the port has not been as
‘clear and unambiguous’ as we would wish.

We therefore advise the kFreeBSD porters that the port is in danger of
being dropped from Jessie, and invite any porters who are able to commit
to working on the port in the long term to make themselves known *now*.
The factor that gives us greatest concern is the human resources
available to the port.

Porters of any architecture need to bear in mind that being part of a
stable release is a long commitment to both taking care of stable and
oldstable, and continuing development in sid. It has implications for
the security team, release team, DSA and other parties.

The urgency of this matter cannot be over-stated. We will assess the
viability of kFreeBSD in Jessie on or after 1st November, and a yes/no
decision will be taken at that time. This will not be a full
architecture qualification, but a simple decision on whether or not the
release team’s concerns have been adequately addressed.

Check out the official announcement here: https://lists.debian.org/debian-devel-announce/2014/09/msg00002.html

FreeNAS 9.2.1.8 is now available

FreeNAS_logo_lightThe developers of FreeNAS have made available version 9.2.1.8.

Time for another FreeNAS release! This one fixes a number of issues in 9.2.1.7 as well as addressing the “shellshock” security vulnerability in bash (to which FreeNAS is not generally vulnerable as bash is not the system shell, but it was still worth fixing).

The list of bugs fixed in 9.2.1.8-RELEASE can be found here. The release notes for 9.2.1.8:

Check out the official announcement here: http://forums.freenas.org/index.php?threads/freenas-9-2-1-8-release-is-now-available.23773

Bash Vulnerability in FreeBSD

As has been widely reported, a major vulnerability in bash has been discovered. This vulnerability, which is being referred to as “Shellshock”, is considerably less severe in FreeBSD than most other Unix-like systems because bash is not in the base system, and FreeBSD does not link /bin/sh to bash by default. However, anyone running a system that uses bash, or especially one that might allow external input into bash environments, should be aware of this issue and patch any potentially vulnerable systems as soon as possible.

Brian Drewery (bdrewery [at] freebsd.org) has patched the FreeBSD bash port to disable function importing from the environment unless an option is set at build time. Packages should be available soon.

Brian also gave the following tips for reducing exposure to this vulnerablity:

The port is fixed with all known public exploits. The package is
building currently.

However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:

1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI :)
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.

Related links:
https://svnweb.freebsd.org/ports?view=revision&revision=369341

http://blog.pcbsd.org/2014/09/bash-shell-bug/

GhostBSD 4.0 RC 3 Karine edition now available

ghostbsd_1The developers of GhostBSD have made available the third release candidate for version 4.0.

Changes and fix between 4.0-RC2 and 4.0-RC3 include:

  • SpiderOak was not compilable and it is missing in the system.
  • GhostBSD Network Manager aded on i386

Warning:

Updating software using “pkg upgrade” will corrupt xorg and might corrupt GDM too. The solution is to use update the software that you want to update with “pkg install” , you can see the list of update by doing “pkg upgrade -n”, “pkg install” automatically update software dependency. Be sure to not upgrade xorg-server, xorg-drivers, and any xf86 with “pkg” use “portupgrade”

A special thanks to those who had reported any issues.

Where to download:

The image checksums, ISO images and USB images are available here:
http://www.ghostbsd.org/download-4.0

Check out the official announcement here: http://ghostbsd.org/4.0-rc3

pfSense 2.2 enters BETA

pfsenseThe developers of pfSense have released the BETA version for 2.2.

The 2.2 release has now reached the beta milestone. This means the release is feature complete, a comprehensive list of new features and changes can be found here, and should stay relatively stable throughout the remainder of the development process. That’s not to say it’s production ready though, our developers are using it in production and have been for months, but unless you have a solid understanding of the underlying system and can manually verify the configuration, 2.2 is not yet for you (young padawan).

If you have a non-critical environment where you can try it out, you can find the latest build on the snapshot server. Please report your experiences on the 2.2 board on the forum. Note that snapshots have the risk of changes being made in the source very frequently, and you may get a snapshot from a point in time that caught part but not all of certain changes.

Check out the official announcement here: https://blog.pfsense.org/?p=1449

Download the BETA version here: http://snapshots.pfsense.org/