If you are using ‘set skip on …’ in your pf config, it used to match any interface that matched the specified type. It now only matches members of that named group. That may change behavior of your pf rules; check the commit to see what to look for.
There’s a new build of binary packages for DragonFly, based off the 2021Q4 quarterly ports release. This will require an upgrade of most if not all packages cause of a switch from LibreSSL to OpenSSL as the default SSL library.
If you have encountered that problem with Let’s Encrypt and dports, the fix is committed and a make world is needed.
You may get some errors because of an expiring base Let’s Encrypt certificate when using pkg. It’s being worked on.
If you’re upgrading to the latest dports, and you use tmux – don’t update that particular port yet.
Since DragonFly 6.x is a major number change, there’s no prebuilt packages that match that release number. As of this writing, the mirror master site shows 5.10 packages, which would work… if that was the next release. That’s where the number change trips it up. There should be new 6.x packages in the next few days. (Thanks to Jan Peter Vogt for the reminder)
Because there’s a newer version of sh(1) in DragonFly, you may need to update your 5.8 system to continue building ports from source. Binary installation through pkg still works as expected so this may not affect you.
Some of the larger application sets on DragonFly have had trouble building, and inconsistent problems with that build. i.e. rust would fail, but in different parts of the build process, every time. It looks to be a problem with signal interaction, and there’s now much safer ways to do that on DragonFly.
That is going to require a full buildworld/buildkernel if you are on DragonFly-master, 5.7. Release/5.6 users are unaffected.
ABI breakage continues, so continue the full buildworld/buildkernel cycle, if you are on DragonFly-current, and continue to ignore it, if you are on 5.6.
Update: yeah aim for next week.
There’s commits being made in DragonFly that will break binary compatibility. If you are running DragonFly-master, that means you will need to do a full buildworld/buildkernel when updating, and you will either have to rebuild packages or wait some days until a new set are built.
If you are running the 5.6 release, you are unaffected.
DragonFly’s tcp keepalive was changed from milliseconds to seconds. This happened in both DragonFly-current and in the 5.6 release, and it changes the networking API, which means a dports rebuild is needed… or a pkg upgrade, for which happily all packages have been rebuilt. So, on your next update of the system, be sure to update packages too.
Matthew Dillon’s made a change to the DragonFly kernel that could be disruptive, but will help make sure chromium runs. If you update after this point, make sure to update your dports, too, just to be sure everything is in sync. This applies to 5.6 and 5.7.
A last-minute drm change in DragonFly 5.6 turned out to cause a reproducible lockup, so there’s changes in place for it. This means 5.6.1 will need to be rolled, which I will do in a day or two. If you want to update now, the normal buildworld/buildkernel process will get you this change.
OPIE was disabled recently in DragonFly. Now that the 5.6 release is out, it has been removed. This may require manual intervention if you are on DragonFly-master (i.e. 5.5. or 5.7) and update in the next day or two. This need to fiddle with it will go away soon with changes to ‘make upgrade’; I will mention it when I see it.
This won’t affect anyone running 5.4 or 5.6. It’s only in development.
It’s possible to have data corrupted on a HAMMER2 volume during a specific combination of a bulkfree operation and a lot of writing to disk. Matthew Dillon has a potential fix already. As he announced, it’s scheduled to go into 5.4 this weekend. It’s a rare bug, but if you want to check for it, look for CHECK FAIL entries in /var/log/messages.
And because every cloud has a silver lining: some not-yet-quantified performance improvements.
DragonFly 5.2.0 has been released. Spectre/Meltdown mitigations are in there, along with improvements for HAMMER2, accelerated video, and ipfw. My users@ post has the details on upgrading, as does the release notes.
If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.
Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware. There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.
Update: step-by-step microcode fixes from Intel if you really want to trash your performance.
By now you’ve probably heard of the Meltdown/Spectre attacks. (background rumors, technical note) Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.
It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs. Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.
Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.
Update: Matthew Dillon posted a summary to users@.
Update 2: He told us so.
SSH in DragonFly 5, by default, does not make a password authentication request on outgoing ssh sessions. You can manually add the option or change the config. Or use public keys, which is really the best idea if at all possible.
DragonFly 4.8 has been updated to 4.8.1, bringing in a lot of small fixes. Improved Intel video support and the virtio_scsi driver will be of most interest, I think. The 4.8.1 tag commit has all the details. You can update the normal way, and if you need an install image, I’ve uploaded them and they should appear at your local mirror.