Index: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml =================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml (revision 46528) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml (revision 46529) @@ -1,608 +1,703 @@ January-March 2015
Introduction

This is a draft of the January–March 2015 status report. Please check back after it is finalized, and an announcement email is sent to the &os;-Announce mailing list.

This report covers &os;-related projects between January and March 2015. This is the first of four reports planned for 2015.

The first quarter of 2015... was a very busy and productive time.

Thanks to all the reporters for the excellent work!

The deadline for submissions covering the period from April to June 2015 is July 7th, 2015.

team &os; Team Reports proj Projects kern Kernel arch Architectures bin Userland Programs ports Ports doc Documentation misc Miscellaneous Address Space Layout Randomization (ASLR) Shawn Webb shawn.webb@hardenedbsd.org Oliver Pinter oliver.pinter@hardenedbsd.org HardenedBSD ASLR Call For Testing FreeBSD Code Review of ASLR

Address Space Layout Randomization (ASLR) is a computer security technique that aids in mitigating low-level vulnerabilities such as buffer overflows. ASLR randomizes the memory layout of running applications to prevent an attacker from knowing where a given exploitable vulnerability lies in memory.

We have been working hard the last few months to ensure the robustness of our ASLR implementation. We have written a helpful manpage. We have updated the patch on FreeBSD's code review system (Phabricator). Our ASLR implementation is in heavy use by the HardenedBSD team in production environments and is performing robustly.

The next task is to compile the base system applications as Position-Independent Executables (PIEs). In order for ASLR to be effective, applications must be compiled as PIEs. It is likely that this part will take a long time to accomplish, given the complexity surrounding building the libraries in the base system. Even if applications are not compiled as PIEs, having ASLR available still helps those applications (like HardenedBSD's secadm) which force compilation as PIE for themselves.

SoldierX

Test our patch against 11-CURRENT.

For &os; committers: work with us to get this merged into &os;.

 Xfce on &os; &os; Xfce Team xfce@FreeBSD.org

Xfce is a free software desktop environment for Unix and Unix-like platforms, such as &os;. It aims to be fast and lightweight, while still being visually appealing and easy to use.

This quarter was an exciting time for the Xfce Team. We imported the Xfce desktop environment 4.12 into the ports tree, after more than two years of development.

Overall, we have updated the following ports:

At the same time we switched to the USES framework, and a new plugin has been added, called audio/xfce4-pulseaudio-plugin.

We also follow the unstable releases (available in our experimental repository) of:

The following documentation patches are ready:

Work on support for Compact Disc Digital Audio (CD-DA) in multimedia/xfce4-parole.

Add a new property (through xfconf-query) in order to allow users to change the greyscale value of quicklaunch icons in x11/xfce4-dashboard (this feature is only available in the unstable release).

 Lua boot loader Rui Paulo rpaulo@FreeBSD.org Pedro Souza pedrosouza@FreeBSD.org Wojciech Koszek wkoszek@FreeBSD.org

The Lua boot loader project is in its final stage and it can be used on x86 already. The aim of this project is to replace the Forth boot loader with a Lua boot loader. All the scripts were re-written in Lua and are available in sys/boot/lua. Once all the Forth features have been tested and once the boot menus look exactly like in Forth, we will start merging this project to &os; HEAD. Both loaders can co-exist in the source tree with no problems because a pluggable loader functionality was introduced for this purpose.

The project was initially started by Wojciech Koszek, and Pedro Souza wrote most of the Lua code last year in his Google Summer of Code project.

To build a Lua boot loader just use:

WITH_LUA=y
 WITHOUT_FORTH=y

Feature/appearance parity with Forth.

Investigate use of floating point by Lua.

Test the EFI Lua loader.

Test the U-Boot Lua loader.

Test the serial console.

 More Michael Lucas &os; books Michael Lucas mwlucas@michaelwlucas.com

The &os; storage books are proceeding slower than expected. This is a complex project.

It appears that ZFS will be a two-book topic. The first book will cover basic ZFS, while the second will cover advanced cases like live and cold replication, sharing, performance, and using ZFS on top of less common GEOM providers. More details can be found in the links section.

Allan Jude (allanjude@) is co-authoring the ZFS books. Little did he know of the magnitude of the task ahead of him when he signed up....

 Opaque ifnet Gleb Smirnoff glebius@FreeBSD.org Project wiki page

The project is to design a new KPI for network drivers that would allow for the network stack to evolve, without breaking compatibility with older drivers. The core idea is to hide struct ifnet from drivers, thus the project has the name "opaque ifnet". However, the project will include more changes than just hiding the struct's definition.

At present, the new KPI has been prototyped, most important parts of network stack have been modified appropriately, and several drivers have been converted to new KPI.

The project needs more manpower, since there are many network drivers in the tree, with a total of 245 sites where a struct ifnet is allocated.

Netflix

Convert more drivers.

 Ports Collection Frederic Culot portmgr-secretary@FreeBSD.org Port Management Team portmgr@FreeBSD.org

As of the end of Q1 the ports tree holds almost 25,000 ports, and the PR count is just over 1,500. The tree saw more activity than during the previous quarter, with almost 7,000 commits performed by 163 active committers. The number of problem reports closed also increased by about 20%, with nearly 2,000 PRs closed!

In Q1 two new developers were granted a ports commit bit (jbeich@ and brd@) and one was taken in for safekeeping (rafan@, on his request).

On the management side, decke@ decided to step down from his portmgr duties in February. No other changes were made to the team during Q1.

This quarter also saw the release of the first quarterly branch of the year, 2015Q1. On this branch, 140 changes were applied by 35 committers.

On the QA side, 29 exp-runs were performed to validate sensitive updates or cleanups.

As during the previous quarter a tremendous amount of work was done on the tree to update major ports and to close even more PRs than in 2014 Q4. However, we sometimes lag behind with regards to documentation, so volunteers are welcome to help on this important task.

 bhyve Peter Grehan grehan@FreeBSD.org Neel Natu neel@FreeBSD.org John Baldwin jhb@FreeBSD.org Tycho Nightingale tychon@FreeBSD.org Allan Jude freebsd@allanjude.com Alexander Motin mav@freebsd.org bhyve FAQ and talks

bhyve is a hypervisor that runs on the FreeBSD/amd64 platform. At present, it runs FreeBSD (8.x or later), Linux i386/x64, OpenBSD i386/amd64, and NetBSD/amd64 guests. Current development is focused on enabling additional guest operating systems and implementing features found in other hypervisors.

Peter Grehan did a status update at bhyvecon 2015 in Tokyo. The slides are available at http://bhyvecon.org/bhyvecon2015-Peter.pdf

Mihai Carabas presented the results of his GSoC project on implementing instruction caching in bhyve at AsiaBSDCon 2015 in Tokyo. The slides are available at http://people.freebsd.org/~neel/bhyve/bhyve-cache-emul-slides.pdf

A number of improvements were made to bhyve this quarter:

Improve documentation.

bhyveucl is a script for starting bhyve instances based on a libUCL config file. More information is at https://github.com/allanjude/bhyveucl

Add support for virtio-scsi.

Flexible networking backends: wanproxy, vhost-net.

Move to a single process model, instead of bhyveload and bhyve.

Support running bhyve as non-root.

Add filters for popular VM file formats (VMDK, VHD, QCOW2).

Implement an abstraction layer for video (no X11 or SDL in the base system).

Suspend/resume support.

Live Migration.

Nested VT-x support (bhyve in bhyve).

Support for other architectures (ARM, MIPS, PPC).

 + + Jenkins Continuous Integration for &os; + + + + + Craig + Rodrigues + + rodrigc@FreeBSD.org + + + + Jenkins Administrators + jenkins-admin@FreeBSD.org + + + + &os; Testing + freebsd-testing@FreeBSD.org + + + + + Jenkins CI server in &os; cluster + Cloud9ers + Ahmed Kamal + Ahmed's contributions to SaltStack + Kyua turns parallel + Jenkins Multiple SCM's plugin fixes + GCC 4.9 problems + External Toolchain Support + + + +

The Jenkins Continuous Integration and Testing + project has been helping to improve the quality of &os;. + Since the last status report, we have quickly found commits + which caused build breakage or test failures. &os; developers + saw these problems and quickly fixed them. Some of the + highlights include:

+ + + + + + +

Set up more builds based on different architectures.

+ + + +

Improve the maintenance of nodes in the Jenkins cluster + using devops frameworks such as Saltstack.

+ + + +

People interested in helping out should join the + freebsd-testing@FreeBSD.org list.

+ + + +