Language Selection

English French German Italian Portuguese Spanish

BSD

OpenSSH 8.0 released

Filed under
Security
BSD

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Read more

GhostBSD 19.04 Release Switches To LightDM, Based On FreeBSD 13.0-CURRENT

Filed under
BSD

With TrueOS (formerly PC-BSD) shifting away from its desktop FreeBSD focus, the GhostBSD project remains one of the nice "desktop BSD" operating system offerings. GhostBSD 19.04 is now available in MATE and Xfce desktop spins.

GhostBSD 19.04 is based on FreeBSD 13.0-CURRENT while officially using the MATE desktop but also providing a community Xfce desktop image. GhostBSD 19.04 switches to LightDM as its display/log-in manager, supports ZFS now when using the MBR mode in the installer, drops gksu, and has a number of bug fixes especially to its installer among other packages.

Read more

Also: t2k19 Hackathon Report: Stefan Sperling on 802.11? progress, suspend/resume and more

BSD, GNU and SUSE Events

Filed under
GNU
OSS
SUSE
BSD
  • t2k19 Hackathon Report: Ken Westerback on dhclient, disklabel, and more
  • Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone

    This year’s edition of LibrePlanet went on so well, we had people stopping by to ask questions before the conference was open for the day.

    Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

    The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

  • SUSECON – Cloud Talkin’

    With over 1,000 attendees from 45 different countries, SUSECON was a truly global affair with a uniquely country twist.

NetBSD's New Hypervisor and GhostBSD 19.04 RC4

Filed under
BSD

WireGuard Snapshot `0.0.20190406` Available

Filed under
Software
Security
BSD

Hello,

A new snapshot, `0.0.20190406`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * allowedips: initialize list head when removing intermediate nodes
  
  Fix for an important regression in removing allowed IPs from the last
  snapshot. We have new test cases to catch these in the future as well.
  
  * wg-quick: freebsd: rebreak interface loopback, while fixing localhost
  * wg-quick: freebsd: export TMPDIR when restoring and don't make empty
  
  Two fixes for FreeBSD which have already been backported into ports.
  
  * tools: genkey: account for short reads of /dev/urandom
  * tools: add support for Haiku
  
  The tools now support Haiku! Maybe somebody is working on a WireGuard
  implementation for it?
  
  * tools: warn if an AllowedIP has a nonzero host part
  
  If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
  will now print a warning. Even though we mask this automatically down to
  192.168.1.0/24, usually when people specify it like this, it's a mistake.
  
  * wg-quick: add 'strip' subcommand
  
  The new strip subcommand prints the config file to stdout after stripping
  it of all wg-quick-specific options. This enables tricks such as:
  `wg addconf $DEV <(wg-quick strip $DEV)`.
  
  * tools: avoid unneccessary next_peer assignments in sort_peers()
  
  Small C optimization the compiler was probably already doing.
  
  * peerlookup: rename from hashtables
  * allowedips: do not use __always_inline
  * device: use skb accessor functions where possible
  
  Suggested tweaks from Dave Miller.
  
  * qemu: set framewarn 1280 for 64bit and 1024 for 32bit
  
  These should indicate to us more clearly when we cross the most strict stack
  thresholds expected when using recent compilers with the kernel.
  
  * blake2s: simplify
  * blake2s: remove outlen parameter from final
  
  The blake2s implementation has been simplified, since we don't use any of the
  fancy tree hashing parameters or the like. We also no longer separate the
  output length at initialization time from the output length at finalization
  time.
  
  * global: the _bh variety of rcu helpers have been unified
  * compat: nf_nat_core.h was removed upstream
  * compat: backport skb_mark_not_on_list
  
  The usual assortment of compat fixes for Linux 5.1.

This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, Samuel 
Neves, Bruno Wolff III, and Alexander von Gluck IV.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.xz
  SHA2-256: 2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b
  BLAKE2b-256: 787a01fa3d6a800d7376a04ff57dd16d884a7d3cb99d2f91bfc59895ab759200

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld

Read more

Also: New WireGuard Snapshot Offers FreeBSD Fixes, Other Tweaks

LLVM Clang 9.0 Adds "-ftime-trace" To Produce Useful Time Trace Profiling Data

Filed under
Development
BSD

LLVM has merged a very useful feature for the Clang 9.0 release this autumn: the -ftime-trace feature allows producing time trace profiling data in a friendly format that is useful for developers to better understand where the compiler is spending most of its time and other areas for improvement.

Clang has already supported -ftime-report for printing time summaries for each stage of the compilation process while -ftime-trace yields much more useful data. The output of -ftime-trace is JSON-based profiling outputs that can be loaded into Chrome's chrome://tracing visualizer. This data shows how much time LLVM/Clang is spending on compiling each file, down to the function granularity.

Read more

DragonFlyBSD Receives Initial FUSE Port For File-Systems In User-Space

Filed under
BSD

Tomohiro Kusumi has contributed an initial FUSE implementation to DragonFlyBSD for implementing file-systems in user-space support.

The design is based roughly on FreeBSD code but is a cleanly written implementation for allowing user-space file-systems to work on this BSD. This initial FUSE support isn't designed to be API/ABI compatible with the FreeBSD code due to different sysctls and other factors.

Read more

BSD Leftovers

Filed under
BSD

Release of HardenedBSD 1200058.4 and BSD Now 290

Filed under
BSD

LLVM 8.0.0 Released

Filed under
Development
BSD
  • LLVM 8.0.0 released

    I'm pleased to announce that LLVM 8 is now available.

    Get it here: https://llvm.org/releases/download.html#8.0.0

    This release contains the work on trunk up to Subversion revision
    r351319, plus work on the release branch. It's the result of the LLVM
    community's work over the past six months, including: speculative load
    hardening, concurrent compilation in the ORC JIT API, no longer
    experimental WebAssembly target, a Clang option to initialize
    automatic variables, improved pre-compiled header support in clang-cl,
    the /Zc:dllexportInlines- flag, RISC-V support in lld. And as usual,
    many bug fixes, optimization and diagnostics improvements, etc.

    For more details, see the release notes:
    https://llvm.org/releases/8.0.0/docs/ReleaseNotes.html
    https://llvm.org/releases/8.0.0/tools/clang/docs/ReleaseN...
    https://llvm.org/releases/8.0.0/tools/clang/tools/extra/d...
    https://llvm.org/releases/8.0.0/tools/lld/docs/ReleaseNot...
    https://llvm.org/releases/8.0.0/projects/libcxx/docs/Rele...

    Special thanks to the release testers and packagers: Amy Kwan, Bero
    Rosenkränzer, Brian Cain, Diana Picus, Dimitry Andric, Kim Gräsman,
    Lei Huang, Michał Górny, Sylvestre Ledru, Ulrich Weigand, Vedant
    Kumar, and Yvan Roux.

    For questions or comments about the release, please contact the
    community on the mailing lists. Onwards to LLVM 9!

    Thanks,
    Hans

  • LLVM 8.0.0 released

    Version 8.0.0 of the LLVM compiler suite is out. "It's the result of the LLVM community's work over the past six months, including: speculative load hardening, concurrent compilation in the ORC JIT API, no longer experimental WebAssembly target, a Clang option to initialize automatic variables, improved pre-compiled header support in clang-cl, the /Zc:dllexportInlines- flag, RISC-V support in lld." For details one can see separate release notes for LLVM, Clang, Extra Clang Tools, lld, and libc++.

  • LLVM 8.0 Released With Cascade Lake Support, Better Diagnostics, More OpenMP/OpenCL

    After being delayed the better part of one month, LLVM 8.0 officially set sail this morning.

Syndicate content

More in Tux Machines

today's howtos and programming

  • How to Install Postman on Debian 10
  • freshclam[15552]: Can’t create temporary directory /var/lib/clamav/clamav-969944fd9a258fa7aff08976496d8541.tmp
  • 30 Linux Permissions Exercises for Sysadmins
  • How to Check Linux Mint Version Number & Codename
  • Four semanage commands to keep SELinux in enforcing mode
  • How to start developing with .NET [Ed: Red Hat has totally lost it. It promotes Microsoft.]
  • Constraint programming by example

    There are many different ways to solve problems in computing. You might "brute force" your way to a solution by calculating as many possibilities as you can, or you might take a procedural approach and carefully establish the known factors that influence the correct answer. In constraint programming, a problem is viewed as a series of limitations on what could possibly be a valid solution. This paradigm can be applied to effectively solve a group of problems that can be translated to variables and constraints or represented as a mathematic equation. In this way, it is related to the Constraint Satisfaction Problem (CSP). Using a declarative programming style, it describes a general model with certain properties. In contrast to the imperative style, it doesn't tell how to achieve something, but rather what to achieve. Instead of defining a set of instructions with only one obvious way to compute values, constraint programming declares relationships between variables within constraints. A final model makes it possible to compute the values of variables regardless of direction or changes. Thus, any change in the value of one variable affects the whole system (i.e., all other variables), and to satisfy defined constraints, it leads to recomputing the other values.

  • Samuel Sutch: Why Python Has Become an Industry Favorite Among Programmers

    With the world stepping towards a new age of technology development, it isn’t hard to imagine a future that will be full of screens. And if so be the case then, demand for people with strong programming skills will definitely rise with more number of people required to develop and support the applications. Python Training is always a good idea for those wishes to be a part of this constantly developing industry. Python language is not only easy to grasp, but emphasizes less on syntax which is why a few mistakes here and there doesn’t give as much trouble as some other languages does.

Linux commands to display your hardware information

There are many reasons you might need to find out details about your computer hardware. For example, if you need help fixing something and post a plea in an online forum, people will immediately ask you for specifics about your computer. Or, if you want to upgrade your computer, you'll need to know what you have and what you can have. You need to interrogate your computer to discover its specifications. Alternatively, you could open up the box and read the labels on the disks, memory, and other devices. Or you could enter the boot-time panels—the so-called UEFI or BIOS panels. Just hit the proper program function key during the boot process to access them. These two methods give you hardware details but omit software information. Or, you could issue a Linux line command. Wait a minute… that sounds difficult. Why would you do this? Read more

Android Leftovers

BlackWeb 1.2

BlackWeb is a penetration and security testing distribution based on Debian. The project's website presents the distribution's features as follows: BlackWeb is a Linux distribution aimed at advanced penetration testing and security auditing. BlackWeb contains several hundred tools which are geared towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering. Starting from an appropriately configured LXDE desktop manager it offers stability and speed. BlackWeb has been designed with the aim of achieving the maximum performance and minimum consumption of resources. There are 32-bit (x86) and 64-bit (x86_64) builds of BlackWeb available on the distribution's website. I downloaded the 64-bit build which is 2.6GB in size. Booting from the media brings up a menu asking if we would like to try BlackWeb's live desktop, run the installer or run the graphical installer. Taking the live desktop options presents us with a graphical login screen where we can sign in with the username "root" and the password "blackweb". Read more