It’s been possible for some time to automatically check for vulnerabilities in installed pkgsrc packages. However, it requires some initial setup work. NetBSD now will check automatically if there’s any packages installed. The same feature could work in DragonFly – I have a post about that even links to the appropriate changes. Someone want to take this on?
BIND has been updated by Jan Lentfer, fixing two recent vulnerabilities. His note about the update has a link to vulnerability info, for the curious. Along the same lines, Jeremy C. Reed is looking for others using DNSSEC, just to see how widespread it is.
Matthew Dillon has a summary of the development work he’s done over the past week or so. The condensed version: things faster, bugs fixed. Generally what you want to hear.
Jan Lentfer’s committed support for DNSSEC. It’s supported by default, meaning you can use it right now on a 2.5.1+ system. He’s tested it locally using these instructions, which I link to for everyone’s edification. Is this important? A lot of people seem to think so.
Peter Avalos has added the HPN patch for OpenSSH; the commit message notes changes and links to a page with far more detail and acronyms than I can easily fit in a post.
There isn’t an official release announcement as of this moment, but the next quarterly release of pkgsrc is out. This is 2009Q4, meaning development happened in the 4th quarter of 2009. I’ll start binary package builds for DragonFly tonight…
That didn’t take long: Matthew Dillon has an update on his REDO work; he’s about halfway there. His summary includes instructions on how to test this new work, including ways to change how Hammer syncs to disk.
Recently, Sascha Wildner committed a huge number of changes to the various games, bringing them in line with what’s on NetBSD and style(9). This was all put together by Ulrich Spoerlein.
I draw attention to this not because it changed anything with the games in a functional sense, but because it’s huge (450 files changed, 31450 insertions(+), 29998 deletions(-)) and because it came out of nowhere. It’s always nice to have new surprise contributions arrive.
Matthew Dillon declared his intention to have REDO working for Hammer very soon. This will improve speed by lowering the number of fsync()s needed in a given period of time to flush data to disk.
He continues in a separate message talking at length about data flushing and how to implement it efficiently, with some comparisons to work in FreeBSD. The followups are worth reading, too.
Antonio Huete Jimenez wants to find anyone working on tmpfs for DragonFly; his post about it summarizes the work so far. He’s interested in working on it, in any case.
Why, BSDTalk 184 is our very own Matthew Dillon talking about all the recent changes in DragonFly, for a good half-hour! I’ve listened to about half of it so far… I hadn’t realized the significance of some of the changes in the last two releases. It’s also strange to hear someone mentioning the work you’ve done (pkgsrc bulk builds)…
Jan Lentfer’s posted the steps to test OpenSSL encryption – I link to them because it’s interesting to see the steps spelled out.
Jan’s also posted a patch to enable DNSSEC support throughout BIND and related tools. Test if this interests you. (and it should.)
There’s a recent libc vulnerability that appears to be present in every BSD and Linux flavor. (Nearly every? There’s a lot…) Antonio Huete Jimenez committed the fix, with instructions on how to just rebuild libc for thatupdate.
I’ve always said you can’t be too rich, too thin, or have too much RAM. (I’m paraphrasing a quote from the Dutchess of Windsor.) However, maybe you can have too much RAM. Recent changes by Matthew Dillon have made it possible to run the kernel_map out of RAM depending on the quantity of video RAM and system RAM in use.
This isn’t a significant danger; I’m highlighting it because it’s an odd problem. It’s easy to work around for now. There’s a new utility, kmapinfo, to show mow much kernel memory is being used.
Thomas Nikolajsen experienced firsthand a bug where downgrading a Hammer PFS master to a slave and then later making it a master again lost all data. Lucky him… The problem’s now fixed.
Jan Lentfer needs someone with cryptographic hardware that isn’t padlock (e.g. not VIA) to test his recent OpenSSL upgrade. Do you have hardware that matches? Please help.
Jan Lentfer noticed a lot of errors with his vr(4) card under load. Matthew Dillon suggested some reasons/fixes, and then made a commit that may fix it. Please test if you have an older Rhine card.
In response to a question about fine-grained vs. coarse locking, Matthew Dillon detailed the locking types used by DragonFly and the remaining work left to make the system able to function completely without the Giant Lock. (hint: VM, something Matt’s known for.)
There were some errors with the dragonflybsd.org domain, which are now fixed. This includes some issues in NNTP access to the discussion groups, which is why I don’t have a link for this.
This has been bouncing around other news outlets, but I’ll mention it here: There’s an out of data SpamAssassin rule that can potentially mark mail as spam because of the 2010 date. A mail to tech-pkg@netbsd.org describes the various fixes.
The step of ‘sa-update && /etc/rc.d/spamd restart’ seems to have fixed it for me. Incidentally, if you are using SpamAssassin, sa-update is a good tool to run on a regular basis.