EuroBSDCon Trip Report: Bjoern Heidotting

The FreeBSD Foundation was a gold sponsor of EuroBSDCon 2014, which was held in Sofia, Bulgaria in September. The Foundation also sponsored Bjoern Heidotting to attend the conference, who provides the following trip report:

Since I'm fairly new to the FreeBSD community I would like to introduce myself first. My name is Bjoern Heidotting, I live in Germany, I work as a system administrator and I'm a FreeBSD user since 2006 and a contributor since 2012. I mostly contribute patches for the German documentation in the doc-tree. Why do I contribute? Well, the short version is that I simply wanted to give something back to FreeBSD and the community.

Thanks to Benedict Reuschling, who invited me, and the FreeBSD Foundation, I was able to attend the DevSummit and the conference at EuroBSDCon 2014 in Sofia.

I arrived at Sofia airport on Wednesday and I took a taxi to get to my hotel the Best Western Expo, directly located at the IEC where the conference was held. However, the taxidriver decided to take me on a sightseeing tour through the city of Sofia. But after 1,5 hours I finally arrived at the hotel. The actual time to get from the airport to my hotel is about 10 minutes. Fortunately taxis are cheap in Bulgaria compared to Germany. And the city is really, really worth seeing.

Later that day, I met Daniel Peyrolon, a GSoC student with whom I shared a room. We decided to take dinner together and started getting to know each other. Afterwards, we socialized with some other FreeBSD people at the hotel bar.

On Thursday the DevSummit started with every attendee and developer introducing himself. Then some interesting topics and roadmaps were discussed for the upcoming 11.0 release, as well as other topics such as ASLR, UEFI, 10G Ethernet, just to name a few. It was a very interesting brainstorming with valuable input from all attendees. Since it was my first time at a DevSummit, I was impressed to see how fast these people can fill a bunch of foils with topics and ideas. Awesome!

After lunch a small group, including me, sat together in another room where I started to work on several patches for the Handbook. In the evening we had dinner at Lebed Restaurant. A very nice location. This is where I first met Deb Goodkin from the Foundation. She was the one I talked to prior to the conference and she brought Daniel and me together. Thank you Deb. It was very nice meeting her.

On Friday I mostly worked on a big patch for the network-servers section in the Handbook. I also met Beat Gaetzi while catching fresh air outside and we talked about our roles in the Project and what we do. After lunch the documentation topic started, which I was very interested in. We talked about issues on the website, Handbook sections, etc. The details of the session can be found on the wiki.

In the evening we had dinner at "The Windmill" and I met Henning Brauer from the OpenBSD project. It was really fun talking to him. Man, this guy can tell crazy stories.

Saturday and Sunday were conference days with one interesting talk chasing the next. All the talks were great, altough I had some favorites, including "Snapshots, Replication, and Boot-Environments" by Kris Moore, "Introducing ASLR in FreeBSD" by Shawn Webb, and "Securing sensitive & restricted data" by Dag-Erling Smorgrav. One of the highlights for me was the social event in Hotel Balkan on Saturday. Again, meeting the people behind the email addresses and talking to them was a great experience.

A big thanks goes out to Shteryana Shopova and her crew for organizing this great event.

VC4 driver status update

I've just spent another week hanging out with my Broadcom and Raspberry Pi teammates, and it's unblocked a lot of my work.

Notably, I learned some unstated rules about how loading and storing from the tilebuffer work, which has significantly improved stability on the Pi (as opposed to simulation, which only asserted about following half of these rules).

I got an intro on the debug process for GPU hangs, which ultimately just looks like "run it through simpenrose (the simulator) directly. If that doesn't catch the problem, you capture a .CLIF file of all the buffers involved and feed it into RTL simulation, at which point you can confirm for yourself that yes, it's hanging, and then you hand it to somebody who understands the RTL and they tell you what the deal is." There's also the opportunity to use JTAG to look at the GPU's perspective of memory, which might be useful for some classes of problems. I've started on .CLIF generation (currently simulation-environment-only), but I've got some bugs in my generated files because I'm using packets that the .CLIF generator wasn't prepared for.

I got an overview of the cache hierarchy, which pointed out that I wasn't flushing the ARM dcache to get my writes got into system L2 (more like an L3) so that the GPU could see it. This should also improve stability, since before we were only getting lucky that the GPU would actually see our command stream.

Most importantly, I ended up fixing a mistake in my attempt at reset using the mailbox commands, and now I've got working reset. Testing cycles for GPU hangs have dropped from about 5 minutes to 2-30 seconds. Between working reset and improved stability from loads/stores, we're at the point that X is almost stable. I can now run piglit on actual hardware! (it takes hours, though)

On the X front, the modesetting driver is now merged to the X Server with glamor-based X rendering acceleration. It also happens to support DRI3 buffer passing, but not Present's pageflipping/vblank synchronization. I've submitted a patch series for DRI2 support with vblank synchronization (again, no pageflipping), which will get us more complete GLX extension support, including things like GLX_INTEL_swap_event that gnome-shell really wants.

In other news, I've been talking to a developer at Raspberry Pi who's building the KMS support. Combined with the discussions with keithp and ajax last week about compositing inside the X Server, I think we've got a pretty solid plan for what we want our display stack to look like, so that we can get GL swaps and video presentation into HVS planes, and avoid copies on our very bandwidth-limited hardware. Baby steps first, though -- he's still working on putting giant piles of clock management code into the kernel module so we can even turn on the GPU and displays on our own without using the firmware blob.

Testing status:
- 93.8% passrate on piglit on simulation
- 86.3% passrate on piglit gpu.py on Raspberry Pi

All those opcodes I mentioned in the previous post are now completed -- sadly, I didn't get people up to speed fast enough to contribute before those projects were the biggest things holding back the passrate. I've started a page at http://dri.freedesktop.org/wiki/VC4/ for documenting the setup process and status.

And now, next steps. Now that I've got GPU reset, a high priority is switching to interrupt-based render job tracking and putting an actual command queue in the kernel so we can have multiple GPU jobs queued up by userland at the same time (the VC4 sadly has no ringbuffer like other GPUs have). Then I need to clean up user <-> kernel ABI so that I can start pushing my linux code upstream, and probably work on building userspace BO caching.

PC-BSD YouTube Channel

Hey everyone just a quick heads up we’ve just started a PC-BSD YouTube channel!  If you want to check it out you can follow this link https://www.youtube.com/channel/UCyd7MaPVUpa-ueUsGjUujag.  Don’t forget to subscribe for new videos and if you have a video or tutorial you’d like to submit send it my way!  We only have a couple videos right now so we need your help to grow our channel :).  Also we’d love for you to submit your ideas we can do for videos in the future.

Thanks!

PC-BSD at Ohio Linux Fest

Several members of the PC-BSD and FreeBSD Projects will be at Ohio LinuxFest, to be held at the Greater Columbus Convention Center in Columbus, OH on October 24–26. Paid and free registration is available for this event.

Ken Moore will present “Lumina DE: A new desktop environment for PC-BSD” on Friday, October 11 at 11:00. Dru Lavigne will present “A Sneak Peak at FreeNAS 9.3″ on Friday, October 24 at 15:00. Dan Langille will present “Virtualization with FreeBSD Jails, ezjail, and ZFS” on Saturday, October 25 at 14:00.

There will be a FreeBSD booth in the expo area. Expo hours are 17:00–19:00 on Friday, October 24 and 8:00–17:00 on Saturday, October 25. As usual, we’ll have cool swag, PC-BSD DVDs, FreeNAS CDs, and will accept donations to the FreeBSD Foundation.

The BSDA certification exam will be available at 16:00 on Saturday, October 25 and at 10:00 on Sunday, October 26. The cost for the exam is $75.

PC-BSD at All Things Open

There will be a FreeBSD booth in the expo area of All Things Open, to be held at the Raleigh Convention Center in Raleigh, NC on October 22–23. Registration is required for this event.

Expo hours are from 8:00–17:00 on Tuesday, October 21 and Wednesday, October 22. As usual, we’ll have some cool swag, PC-BSD DVDs, FreeNAS CDs, and brochures. We will also accept donations to the FreeBSD Foundation.

SSLv3

UPDATE 2014-10-14 23:40 UTC The details have been published: meet the SSL POODLE attack.

UPDATE 2014-10-15 11:15 UTC Simpler server test method, corrected info about browsers

UPDATE 2014-10-15 16:00 UTC More information about client testing

El Reg posted an article earlier today about a purported flaw in SSL 3.0 which may or may not be real, but it’s been a bad year for SSL, we’re all on edge, and we’d rather be safe than sorry. So let’s take it at face value and see what we can do to protect ourselves. If nothing else, it will force us to inspect our systems and make conscious decisions about their configuration instead of trusting the default settings. What can we do?

The answer is simple: there is no reason to support SSL 3.0 these days. TLS 1.0 is fifteen years old and supported by every browser that matters and over 99% of websites. TLS 1.1 and TLS 1.2 are eight and six years old, respectively, and are supported by the latest versions of all major browsers (except for Safari on Mac OS X 10.8 or older), but are not as widely supported on the server side. So let’s disable SSL 2.0 and 3.0 and make sure that TLS 1.0, 1.1 and 1.2 are enabled.

What to do next

Test your server

The Qualys SSL Labs SSL Server Test analyzes a server and calculates a score based on the list of supported protocols and algorithms, the strength and validity of the server certificate, which mitigation techniques are implemented, and many other factors. It takes a while, but is well worth it. Anything less than a B is a disgrace.

If you’re in a hurry, the following command will attempt to connect to your server using SSL 2.0 or 3.0:

:|openssl s_client -ssl3 -connect www.example.net:443

If the last line it prints is DONE, you have work to do.

Fix your server

Disable SSL 2.0 and 3.0 and enable TLS 1.0, 1.1 and 1.2 and forward secrecy (ephemeral Diffie-Hellman).

For Apache users, the following line goes a long way:

SSLProtocol ALL -SSLv3 -SSLv2

It disables SSL 2.0 and 3.0, but does not modify the algorithm preference list, so your server may still prefer older, weaker ciphers and hashes over more recent, stronger ones. Nor does it enable Forward Secrecy.

The Mozilla wiki has an excellent guide for the most widely used web servers and proxies.

Test your client

The Poodle Test website will show you a picture of a poodle if your browser is vulnerable and a terrier otherwise. It is the easiest, quickest way I know of to test your client.

Qualys SSL Labs also have an SSL Client Test which does much the same for your client as the SSL Server Test does for your server; unfortunately, it is not able to reliably determine whether your browser supports SSL 3.0.

Fix your client

On Windows, use the Advanced tab in the Internet Properties dialog (confusingly not searchable by that name, search for “internet options” or “proxy server” instead) to disable SSL 2.0 and 3.0 for all browsers.

On Linux and BSD:

  • Firefox: open and set security.tls.version.min to 1. You can force this setting for all users by adding lockPref("security.tls.version.min", 1); to your system-wide Mozilla configuration file. Support for SSL 3.0 will be removed in the next release.

  • Chrome: open and select “show advanced settings”. There should be an HTTP/SSL section which lets you disable SSL 3.0 is apparently no way to disable SSL 3.0. Support for SSL 3.0 will be removed in the next release.

I do not have any information about Safari and Opera. Please comment (or email me) if you know how to disable SSL 3.0 in these browsers.

Good luck, and stay safe.

FreeBSD 10.1-RC2 Now Available

The second RC build of the 10.1-RELEASE release cycle is now available on the FTP servers for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures.

The image checksums follow are included in the original announcement email.

Installer images and memory stick images are available here.

If you notice problems you can report them through the Bugzilla PR system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing system, use the "releng/10.1" branch.

A list of changes since 10.0-RELEASE are available here.

Changes between 10.1-RC1 and 10.1-RC2 include:
  • Fix XHCI driver for devices which have more than 15 physical root HUB ports.
  • Fix old iSCSI initiator to work with new CAM locking.
  • Fix page length reported for Block Limits VPD page.
  • Add QCOW v1 & v2 support to mkimg(1).
Pre-installed virtual machine images for 10.1-RC2 are also available for amd64 and i386 architectures.  The images are located here.

The disk images are available in QCOW2, VHD, VMDK, and raw disk image formats.  The image download size is approximately 135 MB, which decompress to a 20GB sparse image.

The partition layout is:
  • 512k - freebsd-boot GPT partition type (bootfs GPT label)
  • 1GB  - freebsd-swap GPT partition type (swapfs GPT label)
  • ~17GB - freebsd-ufs GPT partition type (rootfs GPT label)
To install packages from the dvd1.iso installer, create and mount the /dist directory:

# mkdir -p /dist
# mount -t cd9660 /dev/cd0 /dist

Next, install pkg(8) from the DVD:
 

# env REPOS_DIR=/dist/packages/repos pkg bootstrap

At this point, pkg-add(8) can be used to install additional packages from the DVD.  Please note, the REPOS_DIR environment variable should be used each time using the DVD as the package repository, otherwise conflicts with packages from the upstream mirrors may occur when they are fetched.  For example, to install Gnome and Xorg, run:
 

# env REPOS_DIR=/dist/packages/repos pkg install \
  xorg-server xorg gnome2 [...]

The freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

# freebsd-update upgrade -r 10.1-RC2

During this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically
performed merging was done correctly.

# freebsd-update install

The system must be rebooted with the newly installed kernel before continuing.


# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new userland components:


# freebsd-update install
It is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 8.x.  Alternatively, the user can install misc/compat9x and other compatibility libraries, afterwards the system must be rebooted
into the new userland:

# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove stale files:

# freebsd-update install

Love FreeBSD?  Support this and future releases with a donation to the FreeBSD Foundation!

FreeBSD 10.1-RC2 Available

The second RC build for the FreeBSD 10.1 release cycle is now available. ISO images for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

Testers: CentOS 6.5 Emulation and New AppCafe

For those of you on Edge and who wish to test the new Linux emulation and the new Appcafe, Kris has posted the instructions:

CentOS 6.5 emulation has been made the default for the EDGE packages going out this weekend. This replaces the legacy f10 package set. I’ve tested / confirmed that Flash works properly, haven’t tried net-im/skype4 yet, but a package is available for those who want to try.

I’ve seen a few issues doing the update here with PKG. It seems often the conflict detection won’t remove f10 on its own, so I’ve had to do this:

# pkg update –f
# pkg delete linux_base-f10\*
# pkg install nvidia-driver (Skip this if you don’t use nvidia drivers)
# pkg install pcbsd-base
# pkg upgrade
# pc-extractoverlay ports
# reboot

After reboot, you need to recreate the flash plugin:

% flashpluginctl off && flashpluginctl on

Let us know any issues you see with the newer linux emulation layer.

Also, if you run into problems launching / navigating the newer AppCafe, please open bug reports asap. We are working to stabilize that as quickly as possible. Bug reports should be created at bugs.pcbsd.org.

 

FreeBSD 10.1-RC1 Now Available

The first RC build of the 10.1-RELEASE release cycle is now available on the FTP servers for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures.

The image checksums follow are included in the original announcement email.

Installer images and memory stick images are available here.

If you notice problems you can report them through the Bugzilla PR system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing system, use the "releng/10.1" branch.

A list of changes since 10.0-RELEASE are available here.

Changes between 10.1-BETA3 and 10.1-RC1 include:
  • A bug that would cause all processes to appear to have the parent PID of '1' has been fixed.
  • Various updates to bsdinstall(8) and bsdconfig(8).
  • The Hyper-V KVP (key-value pair) driver has been added, and enabled by default on amd64 and i386 architectures.
Pre-installed virtual machine images for 10.1-RC1 are also available for amd64 and i386 architectures.  The images are located here.

The disk images are available in QCOW2, VHD, VMDK, and raw disk image formats.  The image download size is approximately 135 MB, which decompress to a 20GB sparse image.

The partition layout is:
  • 512k - freebsd-boot GPT partition type (bootfs GPT label)
  • 1GB  - freebsd-swap GPT partition type (swapfs GPT label)
  • ~17GB - freebsd-ufs GPT partition type (rootfs GPT label)
To install packages from the dvd1.iso installer, create and mount the /dist directory:

# mkdir -p /dist
# mount -t cd9660 /dev/cd0 /dist

Next, install pkg(8) from the DVD:
 

# env REPOS_DIR=/dist/packages/repos pkg bootstrap

At this point, pkg-add(8) can be used to install additional packages from the DVD.  Please note, the REPOS_DIR environment variable should be used each time using the DVD as the package repository, otherwise conflicts with packages from the upstream mirrors may occur when they are fetched.  For example, to install Gnome and Xorg, run:
 

# env REPOS_DIR=/dist/packages/repos pkg install \
  xorg-server xorg gnome2 [...]

The freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

# freebsd-update upgrade -r 10.1-BETA3

During this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically
performed merging was done correctly.

# freebsd-update install

The system must be rebooted with the newly installed kernel before continuing.


# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new userland components:


# freebsd-update install
It is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 8.x.  Alternatively, the user can install misc/compat9x and other compatibility libraries, afterwards the system must be rebooted
into the new userland:

# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove stale files:

# freebsd-update install

Love FreeBSD?  Support this and future releases with a donation to the FreeBSD Foundation!

FreeBSD 10.1-RC1 Available

The first RC build for the FreeBSD 10.1 release cycle is now available. ISO images for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

Foundation at Grace Hopper Celebration of Women in Computing

The FreeBSD Foundation is excited to be participating in the Grace Hopper Celebration of Women in Computing conference to be held in Phoenix, AZ on October 8-10. As many of you know, Rear Admiral Grace Hopper was a pioneer in computing, inventor of the first compiler, and the first person to record a (literal) bug. This year's annual conference in her honor has a full registration of 8,000 women computing technologists from all over the world.

The Foundation is a Silver non-profit sponsor for this event and will have a booth in the Expo area. In addition to informational brochures and Foundation pens, we'll be giving away some stickers created for this event. The stickers say "I choose FreeBSD because I know my ability to create the future has nothing to do with my gender and everything to do with my skills".

As part of this year's Grace Hopper Open Source Day on October 8, Dru Lavigne will be presenting "An Introduction to FreeBSD" at 14:00 in rooms South 164-166.

Shteryana Shopova will be hosting a lunchtime table topic on FreeBSD at table #12 on October 9 from 12:45 to 15:30.

Registration has closed for this event as it has reached its maximum capacity. However, if you know a woman technologist who is attending, let her know about the FreeBSD booth, presentation, and lunchtime table topic.

bsdtalk245 – Looking for a new /home

Just a short update about the server that houses the podcast files.  University IT consolidation has created some unplanned changes, but I hope to have a new server spun up soon.  Also, curious to hear what all of you use for your home directory on the Internet.

File Info: 7Min, 3MB.

Ogg Link: https://archive.org/download/bsdtalk245/bsdtalk245.ogg

Cavium to Sponsor FreeBSD ARMv8 Based Implementation, PR Newswire, Cavium, Inc.

Cavium, Inc., a leading provider of semiconductor products that enable intelligent processing for enterprise, data center, cloud, wired and wireless networking announced today that it is collaborating with the FreeBSD Foundation to develop and deliver the first ARMv8 reference design and implementation of the FreeBSD Operating System based on the ThunderX workload optimized processor family for next generation Data Center and Cloud workloads.

FreeBSD 10.1-BETA3 Now Available

The third BETA build of the 10.1-RELEASE release cycle is now available on the FTP servers for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures.

This is expected to be the final BETA release of the 10.1-RELEASE cycle.

The image checksums follow are included in the original announcement email.

Installer images and memory stick images are available here.

If you notice problems you can report them through the Bugzilla PR system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing system, use the "stable/10" branch.

A list of changes since 10.0-RELEASE are available on the stable/10 release notes page.

Changes between 10.1-BETA2 and 10.1-BETA3 include:
  • Support for serial and null console has been added to the UEFI boot loader.
  • A potential panic triggered by referencing a device that has been renamed has been fixed in the cam(4) subsystem.
  • OpenPAM has been updated to the Ourouparia (20140912) release.
  • New sysctls have been added to vt(4) to enable or disable potentially dangerous key combinations (such as reboot, halt, and break to debugger).
  • The mkimg(1) utility has been updated to allow creating empty partition entries.
  • The GEOM_ELI class will now cache passphrases for disk decryption, which allows the system to boot after the first passphrase entry if the remaining disks on the system use the same passphrase.
  • Support for controlling mfi(4) controller properties has been added to mfiutil(8).
  • The /usr/lib32/compat shared library directory has been added to the default ld-elf32.so.1 path.
  • Use of "no" for a Norwegian keymap file is now permitted in rc.conf(5).
  • Several bug fixes to autofs(5) have been implemented.
Pre-installed virtual machine images for 10.1-BETA3 are also available for amd64 and i386 architectures.  The images are located here.

The disk images are available in QCOW2, VHD, VMDK, and raw disk image formats.  The image download size is approximately 135 MB, which decompress to a 20GB sparse image.

The partition layout is:
  • 512k - freebsd-boot GPT partition type (bootfs GPT label)
  • 1GB  - freebsd-swap GPT partition type (swapfs GPT label)
  • ~17GB - freebsd-ufs GPT partition type (rootfs GPT label)
To install packages from the dvd1.iso installer, create and mount the /dist directory:

# mkdir -p /dist
# mount -t cd9660 /dev/cd0 /dist

Next, install pkg(8) from the DVD:
 

# env REPOS_DIR=/dist/packages/repos pkg bootstrap

At this point, pkg-add(8) can be used to install additional packages from the DVD.  Please note, the REPOS_DIR environment variable should be used each time using the DVD as the package repository, otherwise conflicts with packages from the upstream mirrors may occur when they are fetched.  For example, to install Gnome and Xorg, run:
 

# env REPOS_DIR=/dist/packages/repos pkg install \
  xorg-server xorg gnome2 [...]

The freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

# freebsd-update upgrade -r 10.1-BETA3

During this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically
performed merging was done correctly.

# freebsd-update install

The system must be rebooted with the newly installed kernel before continuing.


# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new userland components:


# freebsd-update install
It is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 8.x.  Alternatively, the user can install misc/compat9x and other compatibility libraries, afterwards the system must be rebooted
into the new userland:

# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove stale files:

# freebsd-update install

Love FreeBSD?  Support this and future releases with a donation to the FreeBSD Foundation!

FreeBSD 10.1-BETA3 Available

The third BETA build for the FreeBSD 10.1 release cycle is now available. ISO images for the amd64, armv6, i386, ia64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.

BASH shell bug

As many of you are probably aware, there is a serious security issue that is currently all over the web regarding the GNU BASH shell.  We at the PC-BSD project are well aware of the issue, a fix is already in place to plug this security hole, and packages with this fix are currently building. Look for an update to your BASH shell within the next 24 hours in the form of a package update.

As a side note: nothing written by the PC-BSD project uses BASH in any way — and BASH is not built-in to the  FreeBSD operating system itself (it is an optional port/package), so the level of severity of this bug is lower on FreeBSD than on other operating systems.

According to the FreeBSD mailing list: Bryan Drewery has already sent a notice that the port is fixed in FreeBSD. However, since he also added some good recommendations in the email for BASH users, we decided to copy that email here for anyone else that is interested.
_______________

From: Bryan Drewery — FreeBSD mailing list

The port is fixed with all known public exploits. The package is
building currently.

However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:

1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI :)
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.
_______________

For more information the bug itself you can visit arstechnica and read the article by clicking the link below.

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/