[BlueOnyx:24868] FreeBSD 13 and pfSense drama (Off-Topic)
Michael Stauber
mstauber at blueonyx.it
Sat Mar 27 23:42:46 -05 2021
Hi all,
This is not BlueOnyx related at all, but if you want a giggle at the
expense of others, say no more:
https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
TL;DR: Netgate paid a convicted felon to port WireGuard into the FreeBSD
kernel to make it easier for them to use pfSense on FreeBSD for their
stuff. That guy eventually delivered and the code submission was merged
into the code tree for the upcoming release of FreeBSD 13.
Until the FreeBSD core maintainers found out what an unmitigated and
exploitable disaster that code was. "Bad" just doesn't cut it. It was a
hell of a lot worse.
So in a two week bender they rewrote it from scratch on their own. Which
gave Netgate the fits and put them into a rage-fit of accusations and
easily refutable denials. The reason for that unwise move was: They
already had merged the shitty pre-beta FreeBSD-code into pfSense 2.5.0
(released a month before FreeBSD 13 was to come out) and FreeBSD's fixes
now clearly showed what an exploitable buggy mess pfSense 2.5.0 actually
had become.
End result: FreeBSD and Netgate no longer seem to be "friends" and
WireGuard has been stripped from the upcoming FreeBSD 13 release entirely.
That went well. /facepalm
I actually liked pfSense a little. Now I'm wondering what other
"surprises" they have under the hood. :-/
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list