Language Selection

English French German Italian Portuguese Spanish

BSD

OpenSSH 8.0 released

Filed under
Security
BSD

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Read more

GhostBSD 19.04 Release Switches To LightDM, Based On FreeBSD 13.0-CURRENT

Filed under
BSD

With TrueOS (formerly PC-BSD) shifting away from its desktop FreeBSD focus, the GhostBSD project remains one of the nice "desktop BSD" operating system offerings. GhostBSD 19.04 is now available in MATE and Xfce desktop spins.

GhostBSD 19.04 is based on FreeBSD 13.0-CURRENT while officially using the MATE desktop but also providing a community Xfce desktop image. GhostBSD 19.04 switches to LightDM as its display/log-in manager, supports ZFS now when using the MBR mode in the installer, drops gksu, and has a number of bug fixes especially to its installer among other packages.

Read more

Also: t2k19 Hackathon Report: Stefan Sperling on 802.11? progress, suspend/resume and more

BSD, GNU and SUSE Events

Filed under
GNU
OSS
SUSE
BSD
  • t2k19 Hackathon Report: Ken Westerback on dhclient, disklabel, and more
  • Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone

    This year’s edition of LibrePlanet went on so well, we had people stopping by to ask questions before the conference was open for the day.

    Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

    The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

  • SUSECON – Cloud Talkin’

    With over 1,000 attendees from 45 different countries, SUSECON was a truly global affair with a uniquely country twist.

NetBSD's New Hypervisor and GhostBSD 19.04 RC4

Filed under
BSD

WireGuard Snapshot `0.0.20190406` Available

Filed under
Software
Security
BSD

Hello,

A new snapshot, `0.0.20190406`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * allowedips: initialize list head when removing intermediate nodes
  
  Fix for an important regression in removing allowed IPs from the last
  snapshot. We have new test cases to catch these in the future as well.
  
  * wg-quick: freebsd: rebreak interface loopback, while fixing localhost
  * wg-quick: freebsd: export TMPDIR when restoring and don't make empty
  
  Two fixes for FreeBSD which have already been backported into ports.
  
  * tools: genkey: account for short reads of /dev/urandom
  * tools: add support for Haiku
  
  The tools now support Haiku! Maybe somebody is working on a WireGuard
  implementation for it?
  
  * tools: warn if an AllowedIP has a nonzero host part
  
  If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
  will now print a warning. Even though we mask this automatically down to
  192.168.1.0/24, usually when people specify it like this, it's a mistake.
  
  * wg-quick: add 'strip' subcommand
  
  The new strip subcommand prints the config file to stdout after stripping
  it of all wg-quick-specific options. This enables tricks such as:
  `wg addconf $DEV <(wg-quick strip $DEV)`.
  
  * tools: avoid unneccessary next_peer assignments in sort_peers()
  
  Small C optimization the compiler was probably already doing.
  
  * peerlookup: rename from hashtables
  * allowedips: do not use __always_inline
  * device: use skb accessor functions where possible
  
  Suggested tweaks from Dave Miller.
  
  * qemu: set framewarn 1280 for 64bit and 1024 for 32bit
  
  These should indicate to us more clearly when we cross the most strict stack
  thresholds expected when using recent compilers with the kernel.
  
  * blake2s: simplify
  * blake2s: remove outlen parameter from final
  
  The blake2s implementation has been simplified, since we don't use any of the
  fancy tree hashing parameters or the like. We also no longer separate the
  output length at initialization time from the output length at finalization
  time.
  
  * global: the _bh variety of rcu helpers have been unified
  * compat: nf_nat_core.h was removed upstream
  * compat: backport skb_mark_not_on_list
  
  The usual assortment of compat fixes for Linux 5.1.

This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, Samuel 
Neves, Bruno Wolff III, and Alexander von Gluck IV.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.xz
  SHA2-256: 2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b
  BLAKE2b-256: 787a01fa3d6a800d7376a04ff57dd16d884a7d3cb99d2f91bfc59895ab759200

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld

Read more

Also: New WireGuard Snapshot Offers FreeBSD Fixes, Other Tweaks

LLVM Clang 9.0 Adds "-ftime-trace" To Produce Useful Time Trace Profiling Data

Filed under
Development
BSD

LLVM has merged a very useful feature for the Clang 9.0 release this autumn: the -ftime-trace feature allows producing time trace profiling data in a friendly format that is useful for developers to better understand where the compiler is spending most of its time and other areas for improvement.

Clang has already supported -ftime-report for printing time summaries for each stage of the compilation process while -ftime-trace yields much more useful data. The output of -ftime-trace is JSON-based profiling outputs that can be loaded into Chrome's chrome://tracing visualizer. This data shows how much time LLVM/Clang is spending on compiling each file, down to the function granularity.

Read more

DragonFlyBSD Receives Initial FUSE Port For File-Systems In User-Space

Filed under
BSD

Tomohiro Kusumi has contributed an initial FUSE implementation to DragonFlyBSD for implementing file-systems in user-space support.

The design is based roughly on FreeBSD code but is a cleanly written implementation for allowing user-space file-systems to work on this BSD. This initial FUSE support isn't designed to be API/ABI compatible with the FreeBSD code due to different sysctls and other factors.

Read more

BSD Leftovers

Filed under
BSD

Release of HardenedBSD 1200058.4 and BSD Now 290

Filed under
BSD

LLVM 8.0.0 Released

Filed under
Development
BSD
  • LLVM 8.0.0 released

    I'm pleased to announce that LLVM 8 is now available.

    Get it here: https://llvm.org/releases/download.html#8.0.0

    This release contains the work on trunk up to Subversion revision
    r351319, plus work on the release branch. It's the result of the LLVM
    community's work over the past six months, including: speculative load
    hardening, concurrent compilation in the ORC JIT API, no longer
    experimental WebAssembly target, a Clang option to initialize
    automatic variables, improved pre-compiled header support in clang-cl,
    the /Zc:dllexportInlines- flag, RISC-V support in lld. And as usual,
    many bug fixes, optimization and diagnostics improvements, etc.

    For more details, see the release notes:
    https://llvm.org/releases/8.0.0/docs/ReleaseNotes.html
    https://llvm.org/releases/8.0.0/tools/clang/docs/ReleaseN...
    https://llvm.org/releases/8.0.0/tools/clang/tools/extra/d...
    https://llvm.org/releases/8.0.0/tools/lld/docs/ReleaseNot...
    https://llvm.org/releases/8.0.0/projects/libcxx/docs/Rele...

    Special thanks to the release testers and packagers: Amy Kwan, Bero
    Rosenkränzer, Brian Cain, Diana Picus, Dimitry Andric, Kim Gräsman,
    Lei Huang, Michał Górny, Sylvestre Ledru, Ulrich Weigand, Vedant
    Kumar, and Yvan Roux.

    For questions or comments about the release, please contact the
    community on the mailing lists. Onwards to LLVM 9!

    Thanks,
    Hans

  • LLVM 8.0.0 released

    Version 8.0.0 of the LLVM compiler suite is out. "It's the result of the LLVM community's work over the past six months, including: speculative load hardening, concurrent compilation in the ORC JIT API, no longer experimental WebAssembly target, a Clang option to initialize automatic variables, improved pre-compiled header support in clang-cl, the /Zc:dllexportInlines- flag, RISC-V support in lld." For details one can see separate release notes for LLVM, Clang, Extra Clang Tools, lld, and libc++.

  • LLVM 8.0 Released With Cascade Lake Support, Better Diagnostics, More OpenMP/OpenCL

    After being delayed the better part of one month, LLVM 8.0 officially set sail this morning.

Syndicate content

More in Tux Machines

Nebra Anybeam turns your Raspberry Pi into a pocket home cinema projector

TVs are available to buy in truly huge sizes these days, and with 4K (and upwards) resolution, movies and TV shows really come to life. But there’s something even more magical about watching a film projected onto a screen or a wall. With the right setup, it can be like having a cinema in your home. You don’t necessarily need to spend a fortune on a projector though. Nebra Anybeam can turn your Raspberry Pi into a cinema projector that you can slip into your pocket and take anywhere. Read more Also: Nebra AnyBeam - world's smallest pocket cinema projectors

Back in the Day: UNIX, Minix and Linux

I don't remember my UCSD email address, but some years later, I was part of the admin team on the major UUCP hub hplabs, and my email address was simply hplabs!taylor. Somewhere along the way, networking leaped forward with TCP/IP (we had TCP/IP "Bake Offs" to test interoperability). Once we had many-to-many connectivity, it was clear that the "bang" notation was unusable and unnecessarily complicated. We didn't want to worry about routing, just destination. Enter the "@" sign. I became taylor@hplabs.com. Meanwhile, UNIX kept growing, and the X Window System from MIT gained popularity as a UI layer atop the UNIX command line. In fact, X is a public domain implementation of the windowing system my colleagues and I first saw at the Xerox Palo Alto Research Center. PARC had computers where multiple programs were on the screen simultaneously in "windows", and there was a pointer device used to control them—so cool. Doug Englebart was inspired too; he went back to Stanford Research Institute and invented the mouse to make control of those windows easier. At Apple, they also saw what was being created at PARC and were inspired to create the Macintosh with all its windowing goodness. Still, who doesn't love the command line, as Ritchie and Kernighan had originally designed it in the early days of UNIX? (UNIX, by the way, is a wordplay on a prior multiuser operating system called Multics, but that's another story.) Read more

Python Programming Leftovers

GNU/Linux Leftovers

  • USB Support In Chrome OS 75 Will Make Linux Incredibly Versatile
    Chrome OS Linux instances are on the cusp of becoming immensely more useful and versatile based on a recent change spotted by Keith I Myers in the beta-specific Developer Channel following an update to version 75.0.3759.4. That's because while the update inevitably introduced some new bugs that will need to be squashed before a final release, it also included full support for USB devices on the Crostini side of the equation.
  • Old computer? Linux can give it a new lease on life
    The operating system is called Linux and was created in 1991 by Finnish student Linus Torvalds. He released Linux as open source which meant that any good programmer could tinker with it and improve upon the original. Today Linux is a popular free alternative for Windows and Mac computers and used by millions of people. The beauty is that Linux requires much less processing power and memory than Windows and is perfect for older computers.
  • At Least 27% Of Gentoo's Portage Can Be Easily LTO Optimized For Better Performance
    entooLTO is a configuration overlay for Gentoo's overlay to make it easy to enable Link Time Optimizations (LTO) and other compiler optimizations for enabling better performance out of the Gentoo packages. GentooLTO appears to be inspired in part by the likes of Clear Linux who employ LTO and other compiler optimization techniques like AutoFDO for yielding better performance than what is conventionally shipped by Linux distributions. The GentooLTO developers and users have wrapped up their survey looking at how practical this overlay configuration is on the massive Portage collection.  The initial GentooLTO survey has been going on since last October and they have collected data from more than 30 users. The survey found that of the Gentoo Portage 18,765 packages as of writing, at least 5,146 of them are working with the GentooLTO configuration.