FreeBSD vs DragonflyBSD : Episode 2

In episode 1 I reported some freezes repeatedly on DragonflyBSD running in VMware. The problem is reproduced on an another VM which had been spared so far. So I migrated from VMware to VirtualBox (just create a VM using the existing .vmdk disk, then change the IDE in SAS controller) to see if things improve.

The warning kernel that popped up seem to have disappeared… on the other hand I still have warnings about “sendmail/postfix” (what? sendmail? I fought hours so it is silent because I use postfix!). The other odd point is that I receive by mail of the operation (logwatch) reports that report me the existence of vulnerabilities in installed third-party packages:

Fetching package vulnerabilities database:

Checking pkgsrc packages for vulnerabilities:

Package perl – 5.14.2nb5 has has arbitrary-code-execution vulnerability, see

Package perl – 5.14.2nb5 has a denial-of-service vulnerability, see

Package dovecot – 2.1.9 has a denial-of-service vulnerability, see

Package curl – 7.27.0 has a remote-system-access vulnerability, see

Package curl – 7.27.0 has a remote-information-disclosure vulnerability, see

Package scmgit-base – 1.7.12nb1 has a man-in-the-middle-attack vulnerability, see

It’s very well but… What can I do? These software have been installed from pkgin and they are already up to date. What good report me the existence of vulnerabilities since I can’t do anything except wait until this is corrected in the deposits of pkgin? Better: why are there so many vulnerabilities on software provided by pkgin?

On the side of difficult FreeBSD to judge, since the tool pkgng (equivalent to pkgin) is not fully usable. Indeed the public deposits are closed for several months due to security problems! Therefore the only way to test pkgng is to create yourself your deposit… What I did not really want to do.

DragonflyBSD offers many interesting points, but seems to have problems of behaviour in a VMware environment and with some third party software. FreeBSD is still in transition to pkgng but behaves rather well in different cases where I tested it.