That’s a pretty cryptic headline, isn’t it? John Marino has ‘privatized’ several libraries in DragonFly, so that they can’t get included involuntarily as part of a port build. That may mean you will need to perform a full rebuild of your system if you are tracking DragonFly-current.
(This is the way to fix ‘system’ languages like Perl was in FreeBSD 4.x – keep them clearly separate from the port version. It’s about a decade too late for that idea to work out, though.)
There’s two important security updates for SSH. DragonFly release and development have been updated for it, and you can correct for it on your running system using the one-liner at Undeadly.
Note: keep in mind this is a client bug – it’s an information leak when you as a client connect out to somewhere else. A server, as an endpoint, is not affected.
If you are running DragonFly-master (i.e. 4.5), and you have a system between these two updates (roughly between November 27th and now), please rebuild your kernel to avoid a TCP bug.
If you are on bleeding-edge DragonFly (4.3), you will need to rebuild both kernel and world to keep them in sync, after Sepherosa Ziehau’s commit. This won’t affect you at all if you are on 4.2.x.
If you are using bleeding-edge DragonFly (4.3) on a machine with Intel video, the i915 module has been renamed. This means you will probably need to rebuild xf86-video-intel from source to have it match. There should be a matching binary package soon.
If you are on DragonFly 4.2, this does not affect you.
It has finally happened: There’s no more IPv4 addresses left to allocate, at least for ARIN – and that’s going to affect most people reading this. Ask your ISP for IPv6 access. The next step is being forced to implement either wonky 6to4 mappings, or just plain IPv6 networks.
If you were running a version of DragonFly 4.1 (i.e. the master version, not release) built between the 20th and 25th, rebuild. There’s a UFS bug introduced in that short timeframe.
If you are running 4.0.x release or built your version of DragonFly-master outside of that date range – you are unaffected.
DragonFly now has GCC 5.1 release. If you are running DragonFly master (i.e. 4.1), you’ll probably want to both rebuild world and kernel, and update your packages so they all match. There’s already packages built with GCC 5.1, so binary package upgrades can happen quickly. There’s GCC 4.7 packages still available if you aren’t making the jump yet.
If you’re on DragonFly 4.0.x – nothing’s changed.
The default compiler in DragonFly is going to change over from GCC 4.7 to GCC 5.x very soon, to match the GCC 5.1 release. This means that packages built for DragonFly-master won’t be compatible with the old ones. You will need to reinstall packages when you next ‘pkg install’. John Marino has an extensive writeup detailing what’s needed, and the actual change is some days off.
If you are using DragonFly 4.0.x (the release), this doesn’t affect you at all.
If you are on DragonFly-master and you upgraded during select hours on the 25th of February, you may have been bit by a makefile error. The fix, as listed in that link, is simple:
cp /usr/src/share/mk/sys.mk /usr/share/mk
If you are not on -master or you did not upgrade in that timeframe: never mind.
Well, might rather than will , but I had to make a music reference. There’s a bug in versions of pkg from 1.4.6(ish) to 1.4.11 that can make it accidentally delete itself while updating packages. If this happens to you, there’s an easy fix, as posted to users@:
# cd /usr && make pkg-bootstrap
Once you’re on version 1.4.12+, you’re fine.
Sepherosa Ziehau has posted a note that V4-mapped addressing is no longer supported in DragonFly. You will need to do a full buildworld/buildkernel if you are running master. Also, TCP MTU path discovery is on by default. Also also, he’s added a SOL_SOCKET/SO_CPUINT socket option for use to reduce load in heavy network activity. As usual, I don’t quite comprehend.
The 4.0 release of DragonFly is out! Quoting from the release page:
Version 4 of DragonFly brings Haswell graphics support, 3D acceleration, and improved performance in extremely high-traffic networks. DragonFly now supports up to 256 CPUs, Haswell graphics (i915), concurrent pf operation, and a variety of other devices.
The more eagle-eyed downloader will notice it’s version 4.0.1, not 4.0.0. That’s because
nobody trusts .0 releases I tagged 4.0.0 just before a few useful commits went in, and it’s better to retag to make sure everyone got them. See also my message to kernel@/users@
There’s a new bash vulnerability that could be a problem for a network-facing machine that happens to use bash. (See here for test.) As a BSD user, you can feel somewhat smugly superior since the default shell is tcsh and therefore it may not affect you – unless you’ve installed it from dports.
John Marino has already updated dports. A new binary is forthcoming, though you can always rebuild by hand if you don’t want to wait.
Update: oh, wait, not done.
If you are on DragonFly, using pf, using altq, and using fairq to control usage, there’s a latency bug that Matthew Dillon recently fixed. He’s posted an announcement and committed fixes to master and 3.8, so it’s only an upgrade away.
Because of some structure changes made by Matthew Dillon while chasing a pf bug, you will need to do a full buildworld/buildkernel on your next update – if you are running DragonFly-master. 3.8 users are unaffected by the bug or the change.
It seems pkg 1.3.6 was slightly scrambled. If you happen to have built and installed it, John Marino has special instructions on how to update to 1.3.7. If you are on DragonFly 3.8, you can follow those instructions now, and if you are on 3.9, that repo should be ready for an update in the next few days.
You should perform a full world and kernel install if on master.
Several people (including me) have been getting bit by a problem: when performing an installworld with a changed kernel, the vn kernel module is loaded, but it was built by the previous kernel and may cause problems when it doesn’t match up.
To fix that, vn is now built in, instead of being a separate module. The rescue initrd (which is what is being mounted when it has this problem) is now installed via a ‘make rescue‘ command that can wait until a successful installworld and reboot.
The mfi(4) driver has had some data corruption problems on “Thunderbird” series RAID controllers. There’s a newer driver, mrsas(4), that replaces mfi(4) for these controllers and does not have these issues, but switching may mean new drive locations and therefore some work to get booting correctly again. Sascha Wildner has an extensive writeup about what this entails, and how to switch now if you have that hardware (recommended).
If you are upgrading a DragonFly 3.6 system to 3.8, make sure you have the absolute latest version of 3.6 first. A few people have had a crash during install of the new initrd, which leaves the system in an unbootable state.
There’s a fix now in 3.6 from Joris Giovannangeli, so updating 3.6 and then moving to 3.8 will ensure this doesn’t happen. He posted a heads-up notice too.
(Why, yes, that is why shiningsilence.com was down for some hours today… With Matthew Dillon and Sascha Wildner’s help, I was able to copy bits of /boot and /usr from a live CD back on disk and get online again.)
Sascha Wildner has removed some drivers in the x86_64 config. This will only really affect you if you use a custom kernel and still have entries for those drivers in the config file.
The 3.8 release of DragonFly is out! See the release page for a changelog and check your local mirror for download first.
Binary dports packages for 3.8 have been built; they are available for download. (link goes to release versions of the packages. Future updates will be in ../LATEST)
For upgrades from 3.6: You can pull the 3.8 source normally with git:
git fetch origin
git branch DragonFly_RELEASE_3_8 origin/DragonFly_RELEASE_3_8
git checkout DragonFly_RELEASE_3_8
Assuming you are using an unmodified kernel, here’s the steps I usually do for an upgrade:
# make buildworld && make buildkernel && make installkernel && make installworld && make upgrade
After upgrading from 3.6, pkg (as designed) will download the appropriate 3.8 packages with
NYCBUG is having a meeting tomorrow night with the theme “Cloud and Colocation“. However! Suspenders, the usual restaurant location, has closed. (Aw, I liked it) This meeting is happening at the About.com offices, which means you can’t just show up – send email if you plan to attend.
I’ve branched DragonFly 3.8, and tagged a release candidate. Please try the release candidate if you can. I have links in my post to users@/kernel@. Don’t forget the remaining issues! Planned release date is June 4th.
If ever there was a golden moment, this would be it: with the news that networking hardware from the US is suspect, as is China’s, the best networking setup seems to be one you can look at yourself. Someone get those OpenCompute Networking machines going! More port density! Running BSD!
(Suggestions on how I can get a system with 24+ 1G ports are welcome; I need that at work immediately.)
Sepherosa Ziehau has enabled GSI target CPU auto selection, by default, on x86_64. He says to let him know if there’s problems. I’m not sure what form the problems would take, cause I’m not sure what this does.
Here’s the announcement from Francois Tigeot: DragonFly now uses dynamic binaries in the root filesystem. You will need to do a full buildworld/buildkernel if on 3.7 and upgrading.
If you didn’t know what the Heartbleed bug is, here’s your explanation, plus details. (via). You should probably update your systems.
If you’re on DragonFly 3.7, you will need to build world before building the kernel again if you are updating to some point in the last 24 hours. Sascha Wildner points out the related commit.
pkg 1.2 is coming out. This brings a number of new features, but as John Marino posted, you may want to delete your old pkg.conf to keep the new version from complaining about an old config file. This upgrade is a step on the way to signed packages, which is a Good Idea.
Branched, not released. The release should happen in two weeks. One major bug has been squished, and remember the upgrade process from 3.4 to 3.6 is a little different from normal.
Matthew Dillon’s been working to make huge parallel software builds (i.e. dports) go a bit faster, so watch out. This only affects you if you are running DragonFly 3.5, of course.
John Marino has put in a large patch to DragonFly 3.5, updating all sorts of language-related items. As he warns, you will need a full buildworld/buildkernel in a specific order to update. On the plus side, you can now probably use your native language for nvi and for git.
Because Sepherosa Ziehau changed mbstat, anyone on bleeding-edge DragonFly will need to rebuild world, or else netstat will become confused.
If you are running DragonFly 3.5, make sure you do a full buildworld depending on how recent your version is. Just a quickworld will cause problems. DragonFly 3.4.x users are unaffected.
It’s been 2 years since the pkgsrc packages for DragonFly 2.12/2.13 were getting updated, so I am going to remove them. If you’re running DragonFly 2.12, you’ll want to either build from source or upgrade DragonFly.
As posted in my email to users@: Version 3.4 of DragonFly is officially out.
The release ISO/IMG files are all available at the usual mirrors:
The release notes have details on all the changes:
If you are planning to try the new dports system for installing third-party software, check the DPorts Howto page:
If you have an installed DragonFly 3.2 system and you are looking to upgrade, these (not directly tested) steps should work, as root:
git fetch origin
git branch DragonFly_RELEASE_3_4 origin/DragonFly_RELEASE_3_4
git checkout DragonFly_RELEASE_3_4
… And then go through the normal buildworld/buildkernel process found in /usr/src/UPDATING. If you are running a generic kernel, that can be as simple as
make buildworld && make buildkernel && make installkernel && make installworld && make upgrade
(and then reboot)
If you encounter problems, please report them at bugs.dragonflybsd.org. I get better at testing for each release, but I also get better at discovering new problems just after release.
There’s an as-yet-undiagnosed problem with the @dragonflybsd.org mailing lists; you won’t see any mail from them right now. I don’t have an ETA for a fix because I don’t know the underlying cause yet…
Update: Fixed; I think – dragonflybsd.org DNS server was not responding, and it had a ripple effect.
If you are on DragonFly 3.3, and you are running a kernel built after January 1st, there’s a bug in the way FP context is handled when the kernel supports AVX. (January 1st is when AVX support was committed.) Matthew Dillon has committed a fix and issued a note to update for everyone.
If you’re running DragonFly 3.3, make sure you perform a full buildworld and buildkernel when you next upgrade. Sascha Wildner is mentioning this as a cautionary note after experiencing issues when using quickkernel, after removing a number of syscalls. Once past that point, it should be safe to go back to quickworld/quickkernel.
On the 10th of November, I’m going to remove the binary pkgsrc packages from mirror-master.dragonflybsd.org for DragonFly 2.8 through 2.11. They are closing in on 2 years old at this point, and are from a pkgsrc branch that hasn’t been updated for that long.
If you are actually using version of DragonFly that old, you can continue building from pkgsrc normally; these are just prebuilt packages.
I’ve written a release email that includes the steps for updating from source and updating pkgsrc for existing installs. This release enjoys better performance and new packages, so go, enjoy.
The pkgsrc packages for DragonFly 3.2 are still building… I’ve tagged the release, so it will be ready as soon as the packages are ready.
Remember the new scheduler work? Well, it continued, and now Francois Tigeot has posted pgbench benchmarks of the progress and benchmarks of DragonFly vs. other operating systems. The links are to PDFs; scroll down as each have multiple pages.
The summary result: If you’re running Postgres, you probably want to do it on DragonFly. The numbers are the best results for any BSD, even better to some extent than Linux, which has had its own issues with schedulers and Postgres. DragonFly 3.2 will include these improvements.
As I typed elsewhere, my general plan is to branch DragonFly 3.2 on the 8th, and release on the 22nd. That should give the recent scheduler and gcc work a chance to settle, and perhaps get a new version of USB support in too. It will probably be using pkgsrc-2012Q3, also, though we may not have binary i386 packages. 3.2 is shaping up to be a much more significant release than I expected.
According to Aleksej Saushev, pkgsrc is going to start defaulting to Postgres 9.1 instead of Postgres 8.4 by default, in just a few weeks. That means an upgrade in the next quarterly release, so keep that in mind.
This was going to go into a Lazy Reading post, but then I realized it shouldn’t. Here’s the source: “A Tragically Comedic Security Flaw in MySQL” (via)
The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what. I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy. Then I thought about it… I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.
To fix this for your own installation, put
in /usr/pkg/etc/my.cnf to disallow remote connections. I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.
Or just use Postgres, if possible.
Sepherosa Ziehau has made some changes to SIOCGIFDATA, so if you are using DragonFly-master and pf, you will need a full rebuild. Also pftop, if you use it.
If you are running bleeding-edge DragonFly, libpthread was broken for a short period. If you built anything in the last … 12 hours? You may want to rebuild it. If that doesn’t describe you, it’s a nonevent.
It’s funny that I’m reporting a short-term break in bleeding-edge operating system code as any sort of surprise. It shows something about how stable DragonFly-master is most of the time.
There’s a Day Against DRM sale going on for O’Reilly. 50% off everything, and all the books are DRM-free. I found out about this through Michael Lucas, whose No Starch books are represented there too. It’s a fantastic deal and it’s today only, so strike now while you have the chance.
(I should make a ‘buy buy buy!’ tag for articles.)
If you’re running bleeding-edge DragonFly (meaning version 3.1), you will need to do a full buildworld on your next update. ‘make quickworld’ will appear to succeed but the kernel won’t work.
If you’re running DragonFly 3.0.x, this does not affect you.
Matthias Schmidt found a discussion about DragonFly’s password encryption. The result, if I am reading it correctly, is that brute-forcing the password from available hashes is quicker than it should be. Matthias also found a contributed fix. Samuel Greear updated to match the reference SHA implementation also in Linux, with this very pertinent warning.
The answer is “not very”. As I wrote in a post to kernel@, DragonFly 3.0 will be tagged soon, and released when there’s pkgsrc-2011Q4 packages to go with it. Probably a week if everything goes to plan.
The presence of /usr/include/crypt.h in DragonFly (starting in December 2010) meant that some programs compiled during that time will expect that file to always be there. It was recently removed, so any programs compiled in that timeframe will also need to be recompiled. Right now, this affects you only if you are running DragonFly 2.13 , since that’s the only place crypt.h was removed. This may be an issue for the release, but we’ll worry about that when we get there… I’m kicking off new 2.13 bulk builds now.
There’s a rare crash in DragonFly 2.10, where applications would segfault. The system would run find. This is apparently more likely to happen in 2.12, though reports on this vary. It’s real, though.
Matthew Dillon went looking for this bug, and happened to roll back vm_token, the last lock in DragonFly that presented a serious impediment to multiprocessing. It’s a big patch. It fixes the problem, which is great! It also happens to make DragonFly buildworlds almost twice as fast depending on the number of cores in the system.
Holy crap we want to get that out… but it makes some significant changes to the system and needs to be tested. So, the next release probably won’t be for a few weeks.
If you want to help, build master and do something with it – move data, run server programs, whatever. Report crashes. This performance improvement is worth working for.
Some ISA devices have been removed from DragonFly. That probably affects approximately 0% of everyone, cause they’re old devices, but a few of them
are were in the GENERIC kernel configs, so you’ll get an error for an unrecognized option when you next rebuild your kernel using a GENERIC-based config, based on an older version of GENERIC. The description of which drivers went is quite sensibly placed in UPDATING.
If you’re running 64-bit DragonFly, and you’re on version 2.11, you will want to rebuild with the latest sources. Peter Avalos found a bug with file descriptor passing, and Venkatesh Srinivas fixed it. It will require a quickworld/kernel build – maybe a full buildworld and kernel? I’m not sure. Some pkgsrc packages might need recompilation, too if they also passed file descriptors around.
17 different ISA device drivers have been removed by Sascha Wildner. The commit message has device descriptions. This may mean you need to change your kernel configuration file on the next buildkernel, since some of them were in the GENERIC kernel. If you need any of them, speak up. (I don’t think I’ve ever used any of them. Oh darn.)
If you are a Summer of Code student or mentor, make sure you’ve filled out your midterm survey. Without it, your project fails – and they are due for everyone in roughly the next 24 hours!
Venkatesh Srinivas is making vmobj_token and vm_token much more fine-grained. That’s great, but watch out over the next few weeks as this work goes into 2.11. (i.e. don’t upgrade your DragonFly 2.11 unless you are ready for surprises.) Venkatesh has already found some.
The SMP option is now in the GENERIC kernel config. This means you’ll have a SMP-capable kernel even on an uniprocessor machine, unless you configure a special kernel.
It’s out! See the 2.10 release page for the startlingly extensive list of updates in this version. Download images from the mirrors, or follow these steps (using a 2.10 version number) to build from source.
Sascha Wildner has updated the default version of binutils in DragonFly from 2.17 to 2.21. You’ll want to do a full buildworld on your next upgrade, if you’re running DragonFly 2.9.
Also, Matthew Dillon has made version 6 the default version of Hammer in DragonFly 2.9. Version 6 has improved handling of directory names in some circumstances. Just don’t ask me which, cause I lost track. It’s been a hard day!
The mentor signup page for Google Summer of Code 2011 is available again, launched using a new interface. If you want to be a mentor, please sign up now. The student application period opens tomorrow!
The mentor signup page for Google Summer of Code 2011 as of this writing still says “We have temporarily disabled the creation of new requests and invites in preparation of the launch of the new UI for Melange later this week.”, as it has said since the 20th.
So, if you’re wanting to mentor, keep an eye on it. I’ll send mentor requests to any of the names on my list of people that have already expressed interest, if I get to a working version of the page before you do…
This shouldn’t be a surprise considering recent events: AsiaBSDCon 2011 has had some event cancellations; specifically the tutorials and meetings. The paper presentations starting on the 19th, and the banquet, are still on, however. (via)
Sascha Wildner has changed the default compiler to gcc 4.4. See his commit notes for some details. To my knowledge, we’re the only BSD using this recent a version.
A full buildworld/buildkernel is probably the best strategy. I’ll be rebuilding all the pkgsrc packages for 2.9 using gcc 4.4… This will take at least a week.
avalon.dragonflybsd.org, also known as mirror-master.dragonflybsd.org, is back up at a new location, with new disks and new connectivity. pkg_radd should work by default again, as should git.dragonflybsd.org.
Avalon, the machine that works as the master mirror site for DragonFly, and also as git.dragonflybsd.org, is being moved. Binary package downloads and source updates won’t work in the meantime. If you can’t wait for the system to come back, change the settings for pkg_radd or in /usr/Makefile to point at a different host.
Sepherosa Ziehau recently made a change in TCP handling that could cause a panic. If you get it to happen, he wants to know about it. This only applies to people running bleeding edge DragonFly as of a few days ago.
Bleeding-edge DragonFly may suffer some instability issues; Matthew Dillon is making scheduler changes to accomodate larger numbers of CPUs. On the other hand: yay, better performance!
If you have net/proftpd installed, and you installed it in the last week or so, you may want to upgrade. There’s been a security problem with the source files.
The index page of the DragonFly site has been updated by Matt Dillon with some notes regarding the status of the 2.8 release. Among these, it is mentioned that the GUI image will be making a return for 2.8! There will be no DVD image this time, only an image suitable for writing to a disk, such as a usb stick.
Matt Dillon and Venkatesh Srinivas conspired to fix another nmalloc issue, which should resolve any remaining problems people were having with Firefox, and possibly other applications as well. Due to an oversight of sorts, all locking operations on nmalloc’s depot were ineffective, as if there were no locking at all. Curiously, it worked remarkably well considering such a large race condition was present.
If you run any flavor of BSD, you should make sure your ftpd is off, as Mathias Schmidt points out based on this recent security advisory.
Our mirror of the never-quite-official git repository for pkgsrc is being rebuilt, so it will be temporarily inaccessible. Matthew Dillon is working on building a new one directly from pkgsrc CVS, which will have a different link.
Update: It’s finished. Matthew Dillon’s posted a summary of the changes and what you need to update in order to use it.
A little work has snowballed into even more of the network systems in DragonFly being pulled apart in order to get rid of the Giant Lock. It may delay the 2.8 release by a week or two, but it’s already paying dividends, such as NFSv3 now performing at maximum physically possible speeds on gigabit Ethernet.
Well, technically not ripped out, just serialized roughly. This means if you update your DragonFly 2.7 machine in the next few days, the wireless drivers may not work, except for (I think) ath(4). They should return, better, by next week.