Latest News

When reporting bug or issue.

When reporting bug or issue to forum or to the testing maling list.

Follow these tips so that you can accurately describe your findings so they can be fixed as soon as possible:

  • Before sending an post, search the forum list to see if anyone else has reported a similar problem.
  • When reporting a new issue, use a descriptive subject in your on that includes the error and the version of GhostBSD. Ideally, the subject should be short (8 words or less), and contains key words about the error. An example would be "Bxpkg on 3.0-BETA1 Error while fetching".
  • Ensure that the body of your email includes the GhostBSD version and architecture (e.g. 3.0-BETA1, Gnome 32-bit ISO version).
  • Give a short (2-3 sentences) description of how to recreate the error. If there is an error message, include its text. More information at this page .
  • Include any other info that may be useful (e.g. this seems to work on my 32 bit system or this used to work on 2.5).
  • If the problem appears to be hardware related, include a copy of /var/run/dmesg.boot as this file shows the hardware that was probed the last time the GhostBSD system booted.
  • If its Installer related include /tmp/.pc-sysinstall/pc-sysinstall.log intrusion announced November 17th 2012



Security Incident on FreeBSD Infrastructure

From: FreeBSD Security Officer <>
To: FreeBSD Security <>
Subject: Security Incident on FreeBSD Infrastructure

On Sunday 11th of November, an intrusion was detected on two machines within the cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.

We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.

As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.

More information is available at

Saturday November 17th, 2012


Initial details


On Sunday 11th November 2012, two machines within the infrastructure were found to have been compromised. These machines were head nodes for the legacy third-party package building infrastructure. It is believed that the compromise may have occurred as early as the 19th September 2012.


The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD.


To understand the impact of this compromise, you must first understand that the FreeBSD operating system is divided into two parts: the "base" maintained by the FreeBSD community, and a large collection of third-party "packages" distributed by the Project. The kernel, system libraries, compiler, core command-line tools (e.g., SSH client), and daemons (e.g., sshd(8)) are all in the "base". Most information in this advisory refers only to third-party packages distributed by the Project.


No part of the base FreeBSD system has been put at risk. At no point has the intruder modified any part of the FreeBSD base system software in any way. However, the attacker had access sufficient to potentially allow the compromise of third-party packages. No evidence of this has been found during in-depth analysis, however the FreeBSD Project is taking an extremely conservative view on this and is working on the assumption that third-party packages generated and distributed within a specific window could theoretically have been modified.


What is the Impact?


If you are running a system that has had no third-party packages installed or updated on it between the 19th September and 11th November 2012, you have no reason to worry.


The Source, Ports and Documentation Subversion repositories have been audited, and we are confident that no changes have been made to them. Any users relying on them for updates have no reason to worry.


We have verified the state of FreeBSD packages and releases currently available on Anglų kalbos kursai Vilniuje ir vaikų dienos stovyklos už gerą kainą All package sets for existing versions of FreeBSD and all available releases have been validated and we can confirm that the currently available packages and releases have not been modified in any way.


A package set for the upcoming FreeBSD 9.1-RELEASE had been uploaded to the FTP distribution sites in preparation for 9.1-RELEASE. We are unable to verify the integrity of this package set, and therefore it has been removed and will be rebuilt. Please note that as these packages were for a future release, the standard pkg_add -r tools to install packages could not have downloaded these packages unless they were requested explicitly.


We unfortunately cannot guarantee the integrity of any packages available for installation between 19th September 2012 and 11th November 2012, or of any ports compiled from trees obtained via any means other than through or one of its mirrors. Although we have no evidence to suggest any tampering took place and believe such interference is unlikely, we have to recommend you consider reinstalling any machine from scratch, using trusted sources.


We can confirm that the freebsd-update(8) binary upgrade mechanism is unaffected, as it uses an entirely separate infrastructure. We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. Please note that as a precaution, newer portsnap(8) snapshots are currently not being generated.


What has done about this?


As soon as the incident came to light, the FreeBSD Cluster Administration team took the following actions:


  • Power down the compromised machines.
  • Power down all machines on which the attacker may have had access.
  • Audit the SVN and Perforce repositories to:
    • Verify that there had been no server intrusion.
    • Verify that no malicious commits had been made to the repository.
    • Verify that the SVN repository exactly matched a known-clean off-site copy.
  • Verify that all FreeBSD base release media and install files on the master FTP distribution sites are clean.
  • Verify all package sets available have checksums that match known-good copies stored off-site.
  • The package set built for the upcoming 9.1-RELEASE did not have an offsite backup to verify against. These have been deleted, and will be rebuilt before 9.1 is released.
  • All suspect machines are being either reinstalled, retired, or thoroughly audited before being brought back online.


At this time, we recommend:


  • If you use the already-deprecated cvsup/csup distribution mechanisms, you should stop now.
  • If you were using cvsup/csup for ports, you should switch to portsnap(8) right away. ports developers should be using Subversion already. Further information on preferred mechanisms for obtaining and updating the ports tree can be found at
  • If you were using cvs/anoncvs/cvsup/csup for src, you should consider either freebsd-update(8) for signed binary distribution or Subversion for source. Please see the chapter on updating FreeBSD from source in the handbook. Further details on using Subversion and a list of official mirrors can be found at
  • If you use portsnap(8), you should portsnap fetch && portsnap extract to the most recent snapshot. The most recent portsnap(8) snapshot has been verified to exactly match the audited Subversion repository. Please note that as a precaution, portsnap(8) updates have been suspended temporarily.
  • Follow best practice security policies to determine how your organization may be affected.
  • Conduct an audit of your system that uses provided binary packages. Anything that may have been installed during the affected period should be considered suspect. Although we have no evidence of any tampering of any packages, you may wish to consider rebuilding any affected machine from scratch, or if that is not possible, rebuild your ports/packages.


If you have any further questions about this announcement, please contact the mailing list, or for questions where public mailing list distribution is inappropriate, please contact the FreeBSD Security Team.

GhostBSD 3.0 RC3 is now available.

The third release candidate of GhostBSD 3.0 is now supporting Gnome 2, LXDE and Openbox Desktop and it is now available for testing. This is the last development release. While this is a release candidate, it might contain some bugs and other problems, which have not been discovered during beta tests so we still only encourage you to run it only on non-critical systems.

Changes since RC2.

  • FreeBSD 9.1-RC2 to FreeBSD 9.1-RC3.
  • Bwi and Bwn firmware for Broadcom has been added to the default system.
  • Openbox is now part of GhostBSD development.
  • Mixmos have been added to Lxde and is port of Openbox version too.
  • Now with Xorg configured in the boot process the keyboard, Mice, and video card should work properly.

Know Issues

  • ZFS need more testing and will probably not work properly for 3.0.

About Openbox Version.

This version will not contain panel. We release it on a default configuration.


Gnome package list.

cups system-config-printer foomatic-db foomatic-db-engine foomatic-db-hpijs hpijs eog evince file-roller gcalctool gconf-editor gdm gedit gedit-plugins gnome-audio gnome-applets gnome-control-center gnome-keyring gnome-media gnome-power-manager gnome-screensaver gnome-session gnome-system-tools gnome-system-monitor gnome-terminal gnome-themes gnome-utils freedesktop-sound-theme gtk-murrine-engine metacity brasero rhythmbox evolution totem system-config-printer pitivi gnome-netstatus gnome-user-share alacarte libreoffice rsync sudo virtualbox-ose-additions gksu e2fsprogs florence bxpkg cursor-dmz-theme xorg-minimal xorg-drivers setxkbmap linux-f10-flashplugin nspluginwrapper gnome-audio dejavu cyberbit-ttfonts font-kochi wifimgr pidgin transmission firefox xchatbwi-firmware-kmod bwn-firmware-kmod

Lxde package list.

cursor-dmz-theme xorg-minimal xorg-drivers setxkbmap cups lxde-meta lxappearance gdm lxmusic xfburn xarchiver galculator gxneur leafpad freedesktop-sound-theme evince sylpheed parole xscreensaver gnome-utils gnome-themes lxrandr xrandr gtk-murrine-engine zenity mixmos rsync sudo virtualbox-ose-additions gksu e2fsprogs florence bxpkg abiword gnumeric gnome-audio dejavu cyberbit-ttfonts font-kochi wifimgr pidgin transmission firefox xchat bwi-firmware-kmod bwn-firmware-kmod

Openbox package list.

openbox zenity obconf obmenu nitrogen terminator lxappearance xscreensaver geany gmrun xarchiver gnome-utils gnome-themes lxtask mixmos gpicview xfburn Thunar zenity vlc e2fsprogs wifimgr pidgin transmission firefox xchat bwi-firmware-kmod bwn-firmware-kmod cursor-dmz-theme xorg-minimal xorg-drivers setxkbmap cups rsync sudo virtualbox-ose-additions gksu e2fsprogs florence bxpkg abiword gnumeric gnome-audio dejavu cyberbit-ttfonts font-kochi

Reporting bugs and issue.

Report bugs by the mailing list, the development portal or by the forum.If you get an installation error please provide us with /tmp/.pc-sysinstall/pc-sysinstall.log and the full explanation of the way you have configured it.

Download 3.0 RC3