OPIE removal in DragonFly-master

OPIE was disabled recently in DragonFly.  Now that the 5.6 release is out, it has been removed.  This may require manual intervention if you are on DragonFly-master (i.e. 5.5. or 5.7) and update in the next day or two.  This need to fiddle with it will go away soon with changes to ‘make upgrade’; I will mention it when I see it.

This won’t affect anyone running 5.4 or 5.6.  It’s only in development.

HAMMER2 corruption bug and fix

It’s possible to have data corrupted on a HAMMER2 volume during a specific combination of a bulkfree operation and a lot of writing to disk.  Matthew Dillon has a potential fix already.  As he announced, it’s scheduled to go into 5.4 this weekend.  It’s a rare bug, but if you want to check for it, look for CHECK FAIL entries in /var/log/messages.

And because every cloud has a silver lining: some not-yet-quantified performance improvements.

 

More Meltdown fixes

If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.

Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware.   There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.

Update: step-by-step microcode fixes from Intel if you really want to trash your performance.

Meltdown and Spectre and DragonFly

By now you’ve probably heard of the Meltdown/Spectre attacks.  (background rumors, technical note)  Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.

It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs.  Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.

Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.

Update: Matthew Dillon posted a summary to users@.

Update 2: He told us so.

Changes in release, master

Recent changes for virtual machine support and the new powerd utility have been rolled into the release branch for DragonFly. They’ll probably be in the next point release, or you can rebuild a release machine now for immediate access.

Also mentioned in the update from Matthew Dillon, DragonFly-master users should upgrade carefully as DragonFly migrates to using LibreSSL in base, and dports-based LibreSSL in dports.

OpenSSH, OpenSSL updates

Because this always happens just after I create a DragonFly release, there’s a new version of OpenSSL.  However, this is for version 1.0.2.  1.0.1 is what’s in the release, and it’s supported through the end of the year.

OpenSSH has a major version bump in DragonFly, to 7.3p1.  This means some features – specifically patches for High Performance Networking – are no longer there, and you’ll get an error if your config file requires them.  Either remove the options from your config, or install OpenSSH from dports.