From nobody Mon Mar 25 02:11:01 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V2xHm1w5yz5F22y for ; Mon, 25 Mar 2024 02:11:16 +0000 (UTC) (envelope-from chris.torek@gmail.com) Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V2xHl4CjGz424g for ; Mon, 25 Mar 2024 02:11:15 +0000 (UTC) (envelope-from chris.torek@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=Zv6RTUO5; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of chris.torek@gmail.com designates 2a00:1450:4864:20::130 as permitted sender) smtp.mailfrom=chris.torek@gmail.com Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-5157af37806so4527212e87.0 for ; Sun, 24 Mar 2024 19:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711332673; x=1711937473; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=KkcWNew7VDJMdyQPaYiEwlPDmz8jgVu2AtabOf4JOj0=; b=Zv6RTUO5IJDFEY1gGEpio15o05vhe4aID2mvCinDM3gSmNp+DcFFI+2Ne/W6C2wMpC wfTTcE0qPj4qy1feqDZiUj9NXBauyKmdhbUPBbPp9S12BdmcVSSgKmcmBXDXpZYnmF8K O1Ua9nlCdsyQ6ZHVM0XTYHEwKlGbq/Y34H5OgBnx0klYu3Mq/GfdfF/6gOYuYnpGfM9h t9QzuKizhmbDkEjq+OJSnUaa7LBvsWkYRoKeFp5NoOQ1ViLVMebV7AeM8piMBFYL8gvW PqpT5CLD5bOPf/i7F6z4tWmQsh+vyDH4DIMgzXLwlaoVvkSXFTG47pPbw7snfoVukRDi TVxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711332673; x=1711937473; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=KkcWNew7VDJMdyQPaYiEwlPDmz8jgVu2AtabOf4JOj0=; b=qqyniRsNjc+oU99vADIhhPofzPQp8G3N7HEGm4GZVH64aMF5xj+QRAW110zRsDv5Ts EtLrNsASELhZTryx3NduB1bE7s7i0JN6LFlUN5wnnYNKepoSbCyddiv95hoJPhrxK+jn QqVu49q6pfWGRNRipYbMK+MeglyoiMX84C6lXlbfygueQgf7LCU9oFQ8FOxzVx3Cr816 6hi8vx6B9ha7eg9CUzvTVyrngPSJFfxbpSGL2YLFGaDPn8L9gwT26U9HjOkBihM4VZIN haDBvIEPpNSm7HrgCussBs9pCLGvXvQyrDxMGd1AVGH7Y0NFiwDBvMBPIbefHSRseES5 TycA== X-Gm-Message-State: AOJu0YwGygUUgcsv4J3E+Mb4n8ZVwgvCBau97AFt8rOZHqnbdOKl+AZ7 UT4+ljHuegxHW0L4n2QrWYv4ci7Ko19uQBNGxZ9P+UU5j8b9AZUx6XMScGnQMr2hXo7cB579WPq 8UlFZmc6hs2bBOfU2rn5QqpNvSm7ya8rlOUY= X-Google-Smtp-Source: AGHT+IEVJxk+QJBQ7YRPY4Bwh8/HIIl7xJoWHjUvfcF7uE+YFF1YlRT4VM8Q76KD1PNoNErI0d9bLtjWF/GT6bHUaKc= X-Received: by 2002:ac2:5464:0:b0:513:dd59:bb3d with SMTP id e4-20020ac25464000000b00513dd59bb3dmr3462794lfn.20.1711332673036; Sun, 24 Mar 2024 19:11:13 -0700 (PDT) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 From: Chris Torek Date: Sun, 24 Mar 2024 19:11:01 -0700 Message-ID: Subject: 14-stable on AMD7950X: Good and bad news To: freebsd-stable@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.37 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.37)[-0.366]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::130:from] X-Rspamd-Queue-Id: 4V2xHl4CjGz424g I built and booted up the latest 14-stable tree on my AMD7950X machine: Good news: the mysterious AHCI adapter problem is gone, presumably because of the new PCI range allocation code. So now both sets of SATA ports work (at least, the drive I've left plugged in to the previously-failing port now shows up). Bad news: building drm-61-kmod, then loading amdgpu.ko, causes a crash. The immediate problem is that vm_phys_fictitious_unreg_range() does this: rw_wlock(&vm_phys_fictitious_reg_lock); seg = RB_FIND(fict_tree, &vm_phys_fictitious_tree, &tmp); if (seg->start != start || seg->end != end) { At line 1115, `seg` is NULL, so we die with a kernel segfault. It's probably a good idea to add a NULL test here since RB_FIND can return NULL. (Presumably just stick `sig == NULL ||` in front of the start/end tests.) It's not clear why the unregister is failing though, as the drm code seems correct at first glance. It *is* clear why it's unregistering, though, as the console printed: drmn0: could not load firmware image 'amdgpu/psp_13_0_5_toc.bin' and the expected subsequent cleanup messages (and now I've run out of Stuff I Just Know Off-Hand at this point so I'll have to dig into this more). Chris From nobody Mon Mar 25 08:01:50 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V354Z5pm4z5Fbyy for ; Mon, 25 Mar 2024 08:02:06 +0000 (UTC) (envelope-from bakul@iitbombay.org) Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V354Y4kwzz4cDW for ; Mon, 25 Mar 2024 08:02:05 +0000 (UTC) (envelope-from bakul@iitbombay.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=iitbombay-org.20230601.gappssmtp.com header.s=20230601 header.b=AzAWKl67; dmarc=pass (policy=quarantine) header.from=iitbombay.org; spf=pass (mx1.freebsd.org: domain of bakul@iitbombay.org designates 2607:f8b0:4864:20::634 as permitted sender) smtp.mailfrom=bakul@iitbombay.org Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-1dfff641d10so27093385ad.2 for ; Mon, 25 Mar 2024 01:02:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iitbombay-org.20230601.gappssmtp.com; s=20230601; t=1711353722; x=1711958522; darn=freebsd.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=9YgZqM5pcGJ7kNxNVaE+VsSw0BLRs41rRSgWVtVxlwE=; b=AzAWKl67PGXvWaQfkEoX2jGDjLaWEeG4AyBS3oleQ6PGDMTr19cnAzwxKMRdbOc8dd lh4ANlaqtg2h7x+gYXtZhc18QRv+tfG4CZccilsdqHDpOD5QZsk0xDhxbt8URZ7/7jfF IVlgfmHcKR6oZ03xiS/IzVZK4x321uoTCq+jvjjnacMv7J0N8pTWAWtmpDQ0lrPbicCZ +a2+hTe0CTqV5ZBI1NT3X3UJmMMwA0nNVN9Je2pENr0hwogTFhJuDdT5XMJfP7io7hZ/ j2D2yE1udJ1mQeXoH4E7aN8AmVet265l+Gt5OYFg76wdKkYgfS8u5OINYynfbm62Qvxz lzHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711353722; x=1711958522; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9YgZqM5pcGJ7kNxNVaE+VsSw0BLRs41rRSgWVtVxlwE=; b=Tl7lo61iHaFNBgSMiPnpjamRMsCGbHzX4So9X599d5Cv85r57YQhRe9W1xAajvyvWI OfE9+OpYowAiKpDClgYYAb4AmsYYw2SIulii0FKuQ2w4C5b0fvKfuhphfbVXcJgsZE9v COA2i/+O5w6bgYAPc3UO//pPWqIg3T9qU5WMyMolfPwGC0EdomG6fdreYJHQs5GU+Mef I/J5RXj87rxzo20NlQPcsnKm7SciTasi1j+AfFozjBjkAFz79hIALJgqXClTRdskLNEr ym79Azf9DyLQKhlcnUoD0FoqSJNKfiCmaUGSJaUtO/jS2ya70EQHsq7gTdfyJoi7tpFU sKAw== X-Gm-Message-State: AOJu0YxPUxMa8yIAAWFMW9kfj9gemfc49c9SMx549JG4h1VNkW7HNzIm MwwBHZ9RIpCQ09RjZRmJX/7yOBY2Cvsu18jZOVbb5ht0pUZnCjrkifLpGr0hJTdP4W4Yr4OXDWA = X-Google-Smtp-Source: AGHT+IGYU+Il0kqEHXuFk2JeanZTZ7fckbdkp+UReFHKeEjjZqcMll22MFAxJMdeCH52y/O1R0nuVw== X-Received: by 2002:a17:902:cf0a:b0:1e0:b62a:c0a2 with SMTP id i10-20020a170902cf0a00b001e0b62ac0a2mr3001468plg.51.1711353721737; Mon, 25 Mar 2024 01:02:01 -0700 (PDT) Received: from smtpclient.apple (107-215-223-229.lightspeed.sntcca.sbcglobal.net. [107.215.223.229]) by smtp.gmail.com with ESMTPSA id h5-20020a170902f54500b001e0942da6c7sm4177754plf.284.2024.03.25.01.02.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Mar 2024 01:02:01 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Bakul Shah List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (1.0) Subject: Re: 14-stable on AMD7950X: Good and bad news Date: Mon, 25 Mar 2024 01:01:50 -0700 Message-Id: References: Cc: freebsd-stable@freebsd.org In-Reply-To: To: Chris Torek X-Mailer: iPad Mail (20H330) X-Spamd-Bar: --- X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[iitbombay.org,quarantine]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[iitbombay-org.20230601.gappssmtp.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DKIM_TRACE(0.00)[iitbombay-org.20230601.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; APPLE_IOS_MAILER_COMMON(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FREEFALL_USER(0.00)[bakul]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; TAGGED_RCPT(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::634:from] X-Rspamd-Queue-Id: 4V354Y4kwzz4cDW On Mar 24, 2024, at 7:11 PM, Chris Torek wrote: >=20 > Bad news: building drm-61-kmod, then loading amdgpu.ko, > causes a crash. Isn=E2=80=99t drm-61 for -current? drm-515 seems to work with 14-stable for m= e but none of my machines are all that recent.= From nobody Mon Mar 25 08:57:14 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V36JR0gt1z5Fh0B for ; Mon, 25 Mar 2024 08:57:27 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mx.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V36JP6Lwlz4hRZ for ; Mon, 25 Mar 2024 08:57:25 +0000 (UTC) (envelope-from manu@bidouilliste.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bidouilliste.com header.s=mx header.b=gk2l+hMU; dmarc=pass (policy=none) header.from=bidouilliste.com; spf=pass (mx1.freebsd.org: domain of manu@bidouilliste.com designates 212.83.155.74 as permitted sender) smtp.mailfrom=manu@bidouilliste.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com; s=mx; t=1711357037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MnW+nyrf1BtIybnHJ/SX9xdOd0FMRviVQd4JBEoSkm4=; b=gk2l+hMUitVmRaONa+7SgOafrBMn6i8xsMnPzOQAlNNTMM9Ffy3MdRowjf8+lsxIRHaLhe tHh5Z2QFjoG2pPYLvQwqThQVVk53BPcn1s2FYLxg0UKMfloTk275A92Ko0V2K7BgCLjXz7 IBhBkNVeZVC3qm0EZxDdNVRDz6Zu5QM= Received: from skull.home.blih.net (lfbn-lyo-1-2174-135.w90-66.abo.wanadoo.fr [90.66.97.135]) by mx.blih.net (OpenSMTPD) with ESMTPSA id d7ce174b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 25 Mar 2024 08:57:17 +0000 (UTC) Date: Mon, 25 Mar 2024 09:57:14 +0100 From: Emmanuel Vadot To: Chris Torek Cc: freebsd-stable@freebsd.org Subject: Re: 14-stable on AMD7950X: Good and bad news Message-Id: <20240325095714.77aa9945eb5baed415b4bb5b@bidouilliste.com> In-Reply-To: References: X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.40 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[bidouilliste.com,none]; R_SPF_ALLOW(-0.20)[+ip4:212.83.155.74/32]; R_DKIM_ALLOW(-0.20)[bidouilliste.com:s=mx]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[bidouilliste.com:+]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR]; FREEFALL_USER(0.00)[manu]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[] X-Rspamd-Queue-Id: 4V36JP6Lwlz4hRZ On Sun, 24 Mar 2024 19:11:01 -0700 Chris Torek wrote: > I built and booted up the latest 14-stable tree on my > AMD7950X machine: > > Good news: the mysterious AHCI adapter problem is gone, presumably > because of the new PCI range allocation code. So now both sets of SATA > ports work (at least, the drive I've left plugged in to the previously-failing > port now shows up). > > Bad news: building drm-61-kmod, then loading amdgpu.ko, > causes a crash. > > The immediate problem is that vm_phys_fictitious_unreg_range() > does this: > > rw_wlock(&vm_phys_fictitious_reg_lock); > seg = RB_FIND(fict_tree, &vm_phys_fictitious_tree, &tmp); > if (seg->start != start || seg->end != end) { > > At line 1115, `seg` is NULL, so we die with a kernel segfault. It's probably > a good idea to add a NULL test here since RB_FIND can return NULL. > (Presumably just stick `sig == NULL ||` in front of the start/end tests.) > > It's not clear why the unregister is failing though, as the drm code > seems correct at first glance. > > It *is* clear why it's unregistering, though, as the console printed: > > drmn0: could not load firmware image 'amdgpu/psp_13_0_5_toc.bin' amdgpu is known to be bad at unloading and also unregistering when firmware isn't present, please test again after installing the firmware (using fwget(8) should work, if you still missed firmware after that please install all amdgpu firmware packages and report which one are needed for you pciid so we can fix fwget(8)). > and the expected subsequent cleanup messages (and now I've run > out of Stuff I Just Know Off-Hand at this point so I'll have to dig > into this more). > > Chris > Cheers, -- Emmanuel Vadot From nobody Mon Mar 25 09:17:36 2024 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V36lw6DgXz5Fjsr for ; Mon, 25 Mar 2024 09:17:48 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V36lt5VJxz4m4h for ; Mon, 25 Mar 2024 09:17:46 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp designates 153.125.133.21 as permitted sender) smtp.mailfrom=junchoon@dec.sakura.ne.jp Received: from kalamity.joker.local (123-1-21-232.area1b.commufa.jp [123.1.21.232]) (authenticated bits=0) by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 42P9HaKv021157 for ; Mon, 25 Mar 2024 18:17:36 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) Date: Mon, 25 Mar 2024 18:17:36 +0900 From: Tomoaki AOKI To: stable@freebsd.org Subject: Re: 14-stable on AMD7950X: Good and bad news Message-Id: <20240325181736.1397e27116ae9ab98eef598c@dec.sakura.ne.jp> In-Reply-To: References: Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.13 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; MV_CASE(0.50)[]; NEURAL_HAM_SHORT(-0.43)[-0.433]; R_SPF_ALLOW(-0.20)[+ip4:153.125.133.16/28]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]; R_DKIM_NA(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[stable@freebsd.org]; DMARC_NA(0.00)[sakura.ne.jp]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[stable@freebsd.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4V36lt5VJxz4m4h On Mon, 25 Mar 2024 01:01:50 -0700 Bakul Shah wrote: > On Mar 24, 2024, at 7:11 PM, Chris Torek wrote: > > > > Bad news: building drm-61-kmod, then loading amdgpu.ko, > > causes a crash. > > Isn’t drm-61 for -current? drm-515 seems to work with 14-stable for me > but none of my machines are all that recent. graphics/drm-62-kmod supports recent stable/14 with OSVERSION >= 1400508 (means, __FreeBSD_version >= 1400508 in /usr/src/sys/sys/param.h. [1] What I suspect is that required firmware is not installed, thus fail to initialize GPU. Maybe graphics/gpu-firmware-amd-kmod here? If you're not sure, you can use metaport graphics/gpu-firmware-kmod. [1] https://cgit.freebsd.org/ports/commit/graphics/drm-61-kmod?id=e04b01217828bf06d36a02ad8e69dbb54c30b607 -- Tomoaki AOKI From nobody Mon Mar 25 10:40:52 2024 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V38cD2NNJz5Dctd for ; Mon, 25 Mar 2024 10:41:16 +0000 (UTC) (envelope-from jon@xyinn.org) Received: from mail-4022.proton.ch (mail-4022.proton.ch [185.70.40.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V38cC5QZZz4tCn for ; Mon, 25 Mar 2024 10:41:15 +0000 (UTC) (envelope-from jon@xyinn.org) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xyinn.org; s=protonmail3; t=1711363272; x=1711622472; bh=+uDWwg/SqDEuqK8ToV/KUblFHkt75dVnEYpUX1LKx30=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=KZnhtqI7A2zSITU0eDFClB9QuyPjn00/gFz5hO8/bJsOlRU6AsEuHtFCuAG3O8Com W/SlvMs6rHaKpfUDPnuCUm+sDSGvL633qKDqreMrpUXNVtRGoZyfJRWZEtRrWRG6WL 7WfV1mki3BFujRFlFrM3IpS4KsSHhpDu5p6RAtsXllI4MyEAalB4HAni/V6vWlGYca s9klzgnksTmvxq0dMpPl2ftUUmsiNnaPlWtBNSmrUXWKMX/ImW040ncBAiA8Crn6Yj KLklVD6VUgAolXyl0SueaaiWzSbTNI87o4NbqoFEDPJwRjTyNyNGE4veFZYpVuAVCp uyJR+8UlTcDlg== Date: Mon, 25 Mar 2024 10:40:52 +0000 To: Tomoaki AOKI From: Jonathan Vasquez Cc: "stable@freebsd.org" Subject: Re: 14-stable on AMD7950X: Good and bad news Message-ID: In-Reply-To: <20240325181736.1397e27116ae9ab98eef598c@dec.sakura.ne.jp> References: <20240325181736.1397e27116ae9ab98eef598c@dec.sakura.ne.jp> Feedback-ID: 12351801:user:proton List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_4nG75RxBDV8gqXvUNPTzlAVC6qwVV8d3Zl631Yh0A" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH] X-Rspamd-Queue-Id: 4V38cC5QZZz4tCn This is a multi-part message in MIME format. --b1_4nG75RxBDV8gqXvUNPTzlAVC6qwVV8d3Zl631Yh0A Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 SSBtYXkgbmVlZCB0byByZS10ZXN0IHRoaXMgb24gbXkgNzk1MFggdGhlbiwgSSByZXBvcnRlZCB0 aGlzIGlzc3VlIGEgd2hpbGUgYWdvIHJlZ2FyZGluZyB0aGUgaW50ZWdyYXRlZCBSYXBoYWVsIGdy YXBoaWNzIG5vdCBiZWluZyBzdXBwb3J0ZWQ6CgpodHRwczovL2J1Z3MuZnJlZWJzZC5vcmcvYnVn emlsbGEvc2hvd19idWcuY2dpP2lkPTI2ODM5NAoKT24gTW9uLCBNYXIgMjUsIDIwMjQgYXQgMDU6 MTcsIFRvbW9ha2kgQU9LSSA8W2p1bmNob29uQGRlYy5zYWt1cmEubmUuanBdKG1haWx0bzpPbiBN b24sIE1hciAyNSwgMjAyNCBhdCAwNToxNywgVG9tb2FraSBBT0tJIDw8YSBocmVmPSk+IHdyb3Rl OgoKPiBPbiBNb24sIDI1IE1hciAyMDI0IDAxOjAxOjUwIC0wNzAwCj4gQmFrdWwgU2hhaCA8YmFr dWxAaWl0Ym9tYmF5Lm9yZz4gd3JvdGU6Cj4KPj4gT24gTWFyIDI0LCAyMDI0LCBhdCA3OjExIFBN LCBDaHJpcyBUb3JlayA8Y2hyaXMudG9yZWtAZ21haWwuY29tPiB3cm90ZToKPj4gPgo+PiA+IEJh ZCBuZXdzOiBidWlsZGluZyBkcm0tNjEta21vZCwgdGhlbiBsb2FkaW5nIGFtZGdwdS5rbywKPj4g PiBjYXVzZXMgYSBjcmFzaC4KPj4KPj4gSXNu4oCZdCBkcm0tNjEgZm9yIC1jdXJyZW50PyBkcm0t NTE1IHNlZW1zIHRvIHdvcmsgd2l0aCAxNC1zdGFibGUgZm9yIG1lCj4+IGJ1dCBub25lIG9mIG15 IG1hY2hpbmVzIGFyZSBhbGwgdGhhdCByZWNlbnQuCj4KPiBncmFwaGljcy9kcm0tNjIta21vZCBz dXBwb3J0cyByZWNlbnQgc3RhYmxlLzE0IHdpdGggT1NWRVJTSU9OID49Cj4gMTQwMDUwOCAobWVh bnMsIF9fRnJlZUJTRF92ZXJzaW9uID49IDE0MDA1MDgKPiBpbiAvdXNyL3NyYy9zeXMvc3lzL3Bh cmFtLmguIFsxXQo+Cj4gV2hhdCBJIHN1c3BlY3QgaXMgdGhhdCByZXF1aXJlZCBmaXJtd2FyZSBp cyBub3QgaW5zdGFsbGVkLCB0aHVzIGZhaWwgdG8KPiBpbml0aWFsaXplIEdQVS4gTWF5YmUgZ3Jh cGhpY3MvZ3B1LWZpcm13YXJlLWFtZC1rbW9kIGhlcmU/Cj4gSWYgeW91J3JlIG5vdCBzdXJlLCB5 b3UgY2FuIHVzZSBtZXRhcG9ydCBncmFwaGljcy9ncHUtZmlybXdhcmUta21vZC4KPgo+IFsxXQo+ IGh0dHBzOi8vY2dpdC5mcmVlYnNkLm9yZy9wb3J0cy9jb21taXQvZ3JhcGhpY3MvZHJtLTYxLWtt b2Q/aWQ9ZTA0YjAxMjE3ODI4YmYwNmQzNmEwMmFkOGU2OWRiYjU0YzMwYjYwNwo+Cj4gLS0KPiBU b21vYWtpIEFPS0kgPGp1bmNob29uQGRlYy5zYWt1cmEubmUuanA+ --b1_4nG75RxBDV8gqXvUNPTzlAVC6qwVV8d3Zl631Yh0A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5PiAgIDxkaXYgZGlyPSJhdXRvIj5JIG1heSBuZWVkIHRv IHJlLXRlc3QgdGhpcyBvbiBteSA3OTUwWCB0aGVuLCBJIHJlcG9ydGVkIHRoaXMgaXNzdWUgYSB3 aGlsZSBhZ28gcmVnYXJkaW5nIHRoZSBpbnRlZ3JhdGVkIFJhcGhhZWwgZ3JhcGhpY3Mgbm90IGJl aW5nIHN1cHBvcnRlZDo8L2Rpdj48ZGl2IGRpcj0iYXV0byI+PGJyPjwvZGl2PjxkaXYgZGlyPSJh dXRvIj48YSBocmVmPSJodHRwczovL2J1Z3MuZnJlZWJzZC5vcmcvYnVnemlsbGEvc2hvd19idWcu Y2dpP2lkPTI2ODM5NCI+aHR0cHM6Ly9idWdzLmZyZWVic2Qub3JnL2J1Z3ppbGxhL3Nob3dfYnVn LmNnaT9pZD0yNjgzOTQ8L2E+PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PiAgPGRpdj48YnI+PC9k aXY+PGRpdj48YnI+PC9kaXY+T24gTW9uLCBNYXIgMjUsIDIwMjQgYXQgMDU6MTcsIFRvbW9ha2kg QU9LSSAmbHQ7PGEgY2xhc3M9IiIgaHJlZj0ibWFpbHRvOk9uIE1vbiwgTWFyIDI1LCAyMDI0IGF0 IDA1OjE3LCBUb21vYWtpIEFPS0kgPDxhIGhyZWY9Ij5qdW5jaG9vbkBkZWMuc2FrdXJhLm5lLmpw PC9hPiZndDsgd3JvdGU6PGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9InByb3Rvbm1haWxf cXVvdGUiPiAgT24gTW9uLCAyNSBNYXIgMjAyNCAwMTowMTo1MCAtMDcwMDxicj5CYWt1bCBTaGFo ICZsdDtiYWt1bEBpaXRib21iYXkub3JnJmd0OyB3cm90ZTo8YnI+PGJyPiZndDsgT24gTWFyIDI0 LCAyMDI0LCBhdCA3OjExIFBNLCBDaHJpcyBUb3JlayAmbHQ7Y2hyaXMudG9yZWtAZ21haWwuY29t Jmd0OyB3cm90ZTo8YnI+Jmd0OyAmZ3Q7PGJyPiZndDsgJmd0OyBCYWQgbmV3czogYnVpbGRpbmcg ZHJtLTYxLWttb2QsIHRoZW4gbG9hZGluZyBhbWRncHUua28sPGJyPiZndDsgJmd0OyBjYXVzZXMg YSBjcmFzaC48YnI+Jmd0Ozxicj4mZ3Q7IElzbuKAmXQgZHJtLTYxIGZvciAtY3VycmVudD8gZHJt LTUxNSBzZWVtcyB0byB3b3JrIHdpdGggMTQtc3RhYmxlIGZvciBtZTxicj4mZ3Q7IGJ1dCBub25l IG9mIG15IG1hY2hpbmVzIGFyZSBhbGwgdGhhdCByZWNlbnQuPGJyPjxicj5ncmFwaGljcy9kcm0t NjIta21vZCBzdXBwb3J0cyByZWNlbnQgc3RhYmxlLzE0IHdpdGggT1NWRVJTSU9OICZndDs9PGJy PjE0MDA1MDggKG1lYW5zLCBfX0ZyZWVCU0RfdmVyc2lvbiAmZ3Q7PSAxNDAwNTA4PGJyPmluIC91 c3Ivc3JjL3N5cy9zeXMvcGFyYW0uaC4gWzFdPGJyPjxicj5XaGF0IEkgc3VzcGVjdCBpcyB0aGF0 IHJlcXVpcmVkIGZpcm13YXJlIGlzIG5vdCBpbnN0YWxsZWQsIHRodXMgZmFpbCB0bzxicj5pbml0 aWFsaXplIEdQVS4gTWF5YmUgZ3JhcGhpY3MvZ3B1LWZpcm13YXJlLWFtZC1rbW9kIGhlcmU/PGJy PklmIHlvdSdyZSBub3Qgc3VyZSwgeW91IGNhbiB1c2UgbWV0YXBvcnQgZ3JhcGhpY3MvZ3B1LWZp cm13YXJlLWttb2QuPGJyPjxicj48YnI+WzFdPGJyPmh0dHBzOi8vY2dpdC5mcmVlYnNkLm9yZy9w b3J0cy9jb21taXQvZ3JhcGhpY3MvZHJtLTYxLWttb2Q/aWQ9ZTA0YjAxMjE3ODI4YmYwNmQzNmEw MmFkOGU2OWRiYjU0YzMwYjYwNzxicj48YnI+PGJyPi0tPGJyPlRvbW9ha2kgQU9LSSAgICAmbHQ7 anVuY2hvb25AZGVjLnNha3VyYS5uZS5qcCZndDs8YnI+PGJyPjwvYmxvY2txdW90ZT48L2JvZHk+ PC9odG1sPg== --b1_4nG75RxBDV8gqXvUNPTzlAVC6qwVV8d3Zl631Yh0A-- From nobody Mon Mar 25 17:59:21 2024 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V3LKt12cSz5FT5Z for ; Mon, 25 Mar 2024 17:59:30 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V3LKq4jgTz4gRq for ; Mon, 25 Mar 2024 17:59:26 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp designates 153.125.133.21 as permitted sender) smtp.mailfrom=junchoon@dec.sakura.ne.jp Received: from kalamity.joker.local (123-1-21-232.area1b.commufa.jp [123.1.21.232]) (authenticated bits=0) by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 42PHxLAw084330; Tue, 26 Mar 2024 02:59:21 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) Date: Tue, 26 Mar 2024 02:59:21 +0900 From: Tomoaki AOKI To: Kevin Oberman Cc: stable@freebsd.org Subject: Re: 14-stable on AMD7950X: Good and bad news Message-Id: <20240326025921.4648b172020203720c206a99@dec.sakura.ne.jp> In-Reply-To: References: <20240325181736.1397e27116ae9ab98eef598c@dec.sakura.ne.jp> Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.37 / 15.00]; NEURAL_HAM_SHORT(-0.99)[-0.995]; NEURAL_HAM_LONG(-0.97)[-0.968]; NEURAL_HAM_MEDIUM(-0.71)[-0.706]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:153.125.133.16/28]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]; MIME_TRACE(0.00)[0:+]; FREEMAIL_TO(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[stable@freebsd.org]; DMARC_NA(0.00)[sakura.ne.jp]; R_DKIM_NA(0.00)[]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4V3LKq4jgTz4gRq On Mon, 25 Mar 2024 09:56:53 -0700 Kevin Oberman wrote: > On Mon, Mar 25, 2024 at 2:18$B".(BAM Tomoaki AOKI > wrote: > > > On Mon, 25 Mar 2024 01:01:50 -0700 > > Bakul Shah wrote: > > > > > On Mar 24, 2024, at 7:11 PM, Chris Torek wrote: > > > > > > > > Bad news: building drm-61-kmod, then loading amdgpu.ko, > > > > causes a crash. > > > > > > Isn$B!G(Bt drm-61 for -current? drm-515 seems to work with 14-stable for me > > > but none of my machines are all that recent. > > > > graphics/drm-62-kmod supports recent stable/14 with OSVERSION >= > > 1400508 (means, __FreeBSD_version >= 1400508 > > in /usr/src/sys/sys/param.h. [1] > > > > Just in case someone gets confused, I'm pretty sure that the reference to > graphics/drm-62-kmod is a typo. > -- > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkoberman@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 Ah, thanks! My bad. You're right. graphics/drm-61-kmod is correct. -- Tomoaki AOKI From nobody Thu Mar 28 14:51:58 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V562N2MYWz5G2lq for ; Thu, 28 Mar 2024 14:52:12 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-vk1-f175.google.com (mail-vk1-f175.google.com [209.85.221.175]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V562N0kC8z4m9d for ; Thu, 28 Mar 2024 14:52:12 +0000 (UTC) (envelope-from asomers@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-vk1-f175.google.com with SMTP id 71dfb90a1353d-4d42d18c683so336027e0c.1 for ; Thu, 28 Mar 2024 07:52:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711637531; x=1712242331; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=txeRc35kQ8n8haxQ8BK4i4Ey4trA9rM1+GDm8BdTRNk=; b=jxyvC3M4m0MFlyj6pH2RnzfUVJOOp7RGs5spZMTp00TL5pCkWRWB0f10cduMBk4MpJ FNhBt025VzMoHXPVisByscPw6ktEofbqa7Y+U0KP8z8kLI9IKr9cOqhCjmluA4ndUNpV 89RWy5XzYP+5x7CAJux7uDo9vliqPWGKByHPuFKXLxyenKzCkXGHdz/5pXe4dUB3XS4a /t+oEZL46XgaQpJLtj1AswRVZFwqL7mNKN9/8TT7z9i64r+yLzCQbImKQLpYpKB/pDeF DDhiWZwpQoaZNBGlVy3WGMz+w67y7aonAE11mu66gzBPrKCoyEvF2IBRmW4ei8HxF+2s gBjA== X-Gm-Message-State: AOJu0Yx2a/yvu7dboLkKNKNwWVmn31aUTqCYd7r1XhHoMdYn/mBZ7Wt9 WJboAFIByjx36JoGarSWW9YaZ8iCXi/VWsaHGubwSjVVW3lVP8Gz5PM8mVsbKSVd2eQPkSarrMb aARlf8eTa8frCPBgHUUuXFyUOTd3BiJeMZJE= X-Google-Smtp-Source: AGHT+IHQbjcb+x7ByjfoR4LBtGhEg67KJR7FtWPyp/9bZ6o0RiRbK4F3Ow+5Z2crtpsd78WMZZ4mO4f1Lo0e8jvckK8= X-Received: by 2002:a05:6122:4125:b0:4d4:b89:bd2d with SMTP id ce37-20020a056122412500b004d40b89bd2dmr3164192vkb.1.1711637530638; Thu, 28 Mar 2024 07:52:10 -0700 (PDT) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 References: <20240328075045.EFBA13437@freefall.freebsd.org> In-Reply-To: <20240328075045.EFBA13437@freefall.freebsd.org> From: Alan Somers Date: Thu, 28 Mar 2024 08:51:58 -0600 Message-ID: Subject: Re: FreeBSD Errata Notice FreeBSD-EN-24:08.kerberos To: freebsd-stable@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4V562N0kC8z4m9d On Thu, Mar 28, 2024 at 1:56=E2=80=AFAM FreeBSD Errata Notices wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-EN-24:08.kerberos Errata No= tice > The FreeBSD Pro= ject > > Topic: Kerberos segfaults when using weak crypto > > Category: contrib > Module: heimdal > Announced: 2024-03-28 > Affects: FreeBSD 14.0 > Corrected: 2024-01-22 15:49:24 UTC (stable/14, 14.0-STABLE) > 2024-03-28 05:06:25 UTC (releng/14.0, 14.0-RELEASE-p6) > > For general information regarding FreeBSD Errata Notices and Security > Advisories, including descriptions of the fields above, security > branches, and the following sections, please visit > . > > I. Background > > FreeBSD includes Heimdal, an implementation of ASN.1/DER, PKIX, and Kerbe= ros. > It uses OpenSSL to provide a number of cryptographic routines. > > II. Problem Description > > Weak crypto is provided by the openssl "legacy" provider which is not loa= ded > by default. > > III. Impact > > Attempting to use weak crypto routines when the legacy provider is not lo= aded > results in the application crashing. > > IV. Workaround > > Edit /etc/ssl/openssl.cnf to load the legacy provider unconditionally. > > V. Solution > > Upgrade your system to a supported FreeBSD stable or release / security > branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platfo= rms, > or the i386 platform on FreeBSD 13, can be updated via the freebsd-update= (8) > utility: > > # freebsd-update fetch > # freebsd-update install > > 2) To update your system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch > # fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch.asc > # gpg --verify kerberos.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > Restart all daemons that use the library, or reboot the system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > - -----------------------------------------------------------------------= -- > stable/14/ c7db2e15e404 stable/14-n266467 > releng/14.0/ c48fe39ad139 releng/14.0-n265415 > - -----------------------------------------------------------------------= -- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat > > Or visit the following URL, replacing NNNNNN with the hash: > > > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGawACgkQbljekB8A > Gu9Euw/+LX8qcrGUvA11MNOVemD+SEH/Ol97L4gLHhzGlWSf3VMq5F1KtY0VRwGK > ykM3VsSAk3PoYHLn+jbHPuAMjJVym+MLg27ZZWlqnx2Z7/wk2KuAb9RVCUl4FnPy > eTXzBNt3tCSYa2ZCRWEH+uN6dZh4o8VP0DWfrNdaazH7R7ezRmTzirvcQ39MXTcE > 8wI+zQedVZG4OSuqOSFY21d70nlzqgs6ThY3K6KrtcaQGfenYBSQgFmjMJlBqtrb > Mr1Yvgc+wE66Ara/Hz+/2L11bwjyFwT1dpO57DKrcyTaGTnSYiDQiDscUIAW0gCh > bUMCgWCHq+kk7pAyUIMlRbdrA/6N/wmvwP/iO6GGxYmN0lNX8udxeZWz3OPPnbif > anM5OGnvKFkkTzCqnpHumljolvJL0/VeD7XCNBBgWa1I46gFmmNZ7R2esm7UEdU8 > IR4Hk9EqGhfl+EwU7OW04/Hq3br667kXbVsq1TTVM4ht39K+WhVoxzirp7QzOGTJ > WjRq6DK+44PyhQgnnAJgM/4gOGr5O/Y3ezRx4uj1S9L9faXTC5xlT8Vw78xU2wXq > BjG7vXi5r9d4POjtRcNiaMVKXQPF/saGjHcPGrGnuBLC8AFG54bFycmvM5QzWqng > AeRFOg+O8lkxLoQMDqJsNt8OMIk7vZHguwL7pt0tRtouuoaszU0=3D > =3DUnED > -----END PGP SIGNATURE----- Cherry-picking the suggested hash doesn't work. It produces a merge conflict. It looks like a second change is needed too: aaf2c7fdb81a1dd9de9fc77c9313f4e60e68fa76 . Should we update the advisory to include both? From nobody Sat Mar 30 01:15:53 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V5zqc5sL3z5Fl29 for ; Sat, 30 Mar 2024 01:15:56 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.tutanota.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V5zqb3jvBz4kjG for ; Sat, 30 Mar 2024 01:15:55 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuta.io header.s=s1 header.b=sISTaDNm; dmarc=pass (policy=quarantine) header.from=tuta.io; spf=pass (mx1.freebsd.org: domain of henrichhartzer@tuta.io designates 81.3.6.162 as permitted sender) smtp.mailfrom=henrichhartzer@tuta.io Received: from tutadb.w10.tutanota.de (unknown [192.168.1.10]) by w1.tutanota.de (Postfix) with ESMTP id 5B214FBF88F for ; Sat, 30 Mar 2024 01:15:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1711761353; s=s1; d=tuta.io; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender; bh=WQtmNyWcMDtf9LJ3eDcXN/gQyqHIFvYrosMDkylZ1S4=; b=sISTaDNm7mJhdyeRyHh8dJZkmbhldG2qBWA+y8M/DONAcTFlS9Jtr3HtsCSp5DWI qZ0HMIUabFZFsd4roHbuiklJXnGP0kWQIpmE0+FrwGPxYTaa48Hnfpzf2bx0yIQ7UDZ r2T+bbSgCJ8FrDzNB/AeUiFhMjBCb7xqcZcm5u9Bpt7EUeWqL1nJrjnBf6IMxwtq8lk DEEleJjAkqccam7Qx1aRddbzEwja2KF614783QCLizs4fyTdU+P6EPQGPIW9JeAxtCH ITnM+WGy0wRdqppb9Hp/tOoO8hfLrTngI8jqKpxrz3XRYzUzSWrTGq46DDrolEtvHB+ 3TYsocr7Nw== Date: Sat, 30 Mar 2024 02:15:53 +0100 (CET) From: henrichhartzer@tuta.io To: Freebsd Stable Message-ID: Subject: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.10 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tuta.io,quarantine]; R_SPF_ALLOW(-0.20)[+ip4:81.3.6.160/28]; R_DKIM_ALLOW(-0.20)[tuta.io:s=s1]; RWL_MAILSPIKE_VERYGOOD(-0.20)[81.3.6.162:from]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:24679, ipnet:81.3.0.0/18, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_TRACE(0.00)[tuta.io:+] X-Rspamd-Queue-Id: 4V5zqb3jvBz4kjG Hi everyone, I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4 It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer. I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well. The Github repository has currently been locked out. Hoping that someone more aware of what's going on can offer more insight. Thanks! -Henrich From nobody Sat Mar 30 01:22:05 2024 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V5zyt197Hz5Flpb for ; Sat, 30 Mar 2024 01:22:14 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V5zyq0XWbz4mMv for ; Sat, 30 Mar 2024 01:22:10 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp designates 153.125.133.21 as permitted sender) smtp.mailfrom=junchoon@dec.sakura.ne.jp Received: from kalamity.joker.local (123-1-21-232.area1b.commufa.jp [123.1.21.232]) (authenticated bits=0) by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 42U1M5Cj058731 for ; Sat, 30 Mar 2024 10:22:05 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) Date: Sat, 30 Mar 2024 10:22:05 +0900 From: Tomoaki AOKI To: stable@freebsd.org Subject: Re: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well Message-Id: <20240330102205.6da8d3ca7cba362cb3d2ebe8@dec.sakura.ne.jp> In-Reply-To: References: Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.70 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_LONG(-1.00)[-0.997]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:153.125.133.16/28]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; HAS_ORG_HEADER(0.00)[]; R_DKIM_NA(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[stable@freebsd.org]; DMARC_NA(0.00)[sakura.ne.jp]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[stable@freebsd.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4V5zyq0XWbz4mMv On Sat, 30 Mar 2024 02:15:53 +0100 (CET) henrichhartzer@tuta.io wrote: > Hi everyone, > > I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4 > > It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer. > > I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well. > > The Github repository has currently been locked out. > > Hoping that someone more aware of what's going on can offer more insight. > > Thanks! > > -Henrich At least base is not affected. See [1] and [2]. [1] https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html [2] https://forums.freebsd.org/threads/backdoor-in-upstream-xz-liblzma-leading-to-ssh-server-compromise.92922/ -- Tomoaki AOKI From nobody Sat Mar 30 01:46:53 2024 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V60WL6n5cz5Fp3q for ; Sat, 30 Mar 2024 01:46:54 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits)) (Client CN "mail.tutanota.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V60WL5s3Jz4pCq for ; Sat, 30 Mar 2024 01:46:54 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Authentication-Results: mx1.freebsd.org; none Received: from tutadb.w10.tutanota.de (unknown [192.168.1.10]) by w1.tutanota.de (Postfix) with ESMTP id D47E7FBF88F; Sat, 30 Mar 2024 01:46:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1711763213; s=s1; d=tuta.io; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:References:Sender; bh=tsQFPjqJRBRx4IwNKZYHDIh2MEAv9JeF2+VmeRRRAIw=; b=plgDgLdwph9Zg5/hgkttmK0TsDJ+iWyZCrppMt7yGUvPe/ze9fODPkA5uIXYjuQ6 9PgzPXPJc1HZZytIIMqBL6lIuVhSs20ZJI/05D/aR8U+/hbaK/R1fLG/QtktVnMSYZq baz4IfsfO+0xHun2aYjF+GRyFRGZD+xTTfZDSpLV6R3778NVpSMUBu/CS8+ATRIgJHE XaPppmsEZs7P79POWGp/ZyH6oc3BB6dQge/mYYck6cC1xvXGB7kujAD4XCY/u8GQsdS yrR75P9zQIuOrGR//kKWY6D613ZQYVHBBa804JpK0sDw3+nW0Dq9/GuvIpxjbyS6DRe e5ryT0S5Bw== Date: Sat, 30 Mar 2024 02:46:53 +0100 (CET) From: henrichhartzer@tuta.io To: Tomoaki AOKI Cc: "stable@freebsd.org" Message-ID: In-Reply-To: <20240330102205.6da8d3ca7cba362cb3d2ebe8@dec.sakura.ne.jp> References: <20240330102205.6da8d3ca7cba362cb3d2ebe8@dec.sakura.ne.jp> Subject: Re: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24679, ipnet:81.3.0.0/18, country:DE] X-Rspamd-Queue-Id: 4V60WL5s3Jz4pCq Good to know, thank you! I do think in this case it may be worth going to an older version because the maintainer was actively malicious. Even if *this* vulnerability looks safe. Just feels like playing with fire at the moment. Also, it sounds like libarchive had a suspicious commit by the author as well. Good synopsis: https://boehs.org/node/everything-i-know-about-the-xz-backdoor I should probably join freebsd-security while I'm at it... -Henrich Mar 30, 2024, 01:22 by junchoon@dec.sakura.ne.jp: > On Sat, 30 Mar 2024 02:15:53 +0100 (CET) > henrichhartzer@tuta.io wrote: > >> Hi everyone, >> >> I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4 >> >> It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer. >> >> I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well. >> >> The Github repository has currently been locked out. >> >> Hoping that someone more aware of what's going on can offer more insight. >> >> Thanks! >> >> -Henrich >> > > At least base is not affected. See [1] and [2]. > > [1] > https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html > > [2] > https://forums.freebsd.org/threads/backdoor-in-upstream-xz-liblzma-leading-to-ssh-server-compromise.92922/ > > > -- > Tomoaki AOKI > From nobody Sat Mar 30 21:53:48 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V6WJ36dtMz5G5lF for ; Sat, 30 Mar 2024 21:53:55 +0000 (UTC) (envelope-from jon@xyinn.org) Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V6WJ33k2Zz4tZp for ; Sat, 30 Mar 2024 21:53:55 +0000 (UTC) (envelope-from jon@xyinn.org) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xyinn.org; s=protonmail3; t=1711835633; x=1712094833; bh=vaLSO/Q568R790d3NtCdzmDA+MvhgDV5Dm4odOiG3B8=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=Zmf8phhkhesi95ZdEz2b5HKrPaY1JVcNxP9QkA6rryJFo5Rcbe/iMTzLpBQlr0Nba CqSb3XaeYUQWGFJScPX8kjIoipJdFAu20KrfJis+m3w0neYR/SSAcP+QzbAG2fBJCB H00ttCRIoC7KLG13XRgpC0ZKayyJNgnP80TliD1ypuWYD9I31GUuMhW9zJJmPchXJG MQF185Zw02HZYBvyJFt/9OBwonC6bJA8iw7cBJ0qMCFWqHycGGUKe0VsSVDRy23CN9 K5uttI9SQbQwvbXeYvbFpLYF8jnlLBqZGYy880JMaAejc7Ab/LOdUGScnSB+mit3hT LJh+CQrx0GMWg== Date: Sat, 30 Mar 2024 21:53:48 +0000 To: "henrichhartzer@tuta.io" From: Jonathan Vasquez Cc: Freebsd Stable Subject: Re: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well Message-ID: In-Reply-To: References: Feedback-ID: 12351801:user:proton List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_kuKzhbe2XkkrOvQ7aGZlzYNG8luhnTGXhYDGMoOAtrU" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:62371, ipnet:185.70.43.0/24, country:CH] X-Rspamd-Queue-Id: 4V6WJ33k2Zz4tZp This is a multi-part message in MIME format. --b1_kuKzhbe2XkkrOvQ7aGZlzYNG8luhnTGXhYDGMoOAtrU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 VGhhbmtzIGZvciBzZW5kaW5nIHRoaXMgSGVucmljaC4gRm9yIHdoYXRldmVyIHJlYXNvbiBJIHRo b3VnaHQgSSB3YXMgYWxyZWFkeSBzdWJzY3JpYmVkIHRvIEBzZWN1cml0eSBidXQgSSB3YXNu4oCZ dOKApiB0aGlzIGhhcyBiZWVuIHJlc29sdmVkIDopLgoKT24gRnJpLCBNYXIgMjksIDIwMjQgYXQg MjE6MTUsIDxbaGVucmljaGhhcnR6ZXJAdHV0YS5pb10obWFpbHRvOk9uIEZyaSwgTWFyIDI5LCAy MDI0IGF0IDIxOjE1LCAgPDxhIGhyZWY9KT4gd3JvdGU6Cgo+IEhpIGV2ZXJ5b25lLAo+Cj4gSSBy ZWNlbnRseSByZWFkIHRocm91Z2ggdGhpczogaHR0cHM6Ly93d3cub3BlbndhbGwuY29tL2xpc3Rz L29zcy1zZWN1cml0eS8yMDI0LzAzLzI5LzQKPgo+IEl0IHNvdW5kcyBsaWtlIHh6IDUuNi4wIGFu ZCA1LjYuMSBhcmUgYmFja2Rvb3JlZC4gTm90IHN1cmUgaWYgRnJlZUJTRCBpcyBvciBub3QsIGJ1 dCBpdCBsb29rcyBsaWtlIDE0LXN0YWJsZSBhbmQgbWFpbiBoYXZlIHh6IDUuNi4wLiBJbiBteSBv cGluaW9uLCBlYXJsaWVyIHZlcnNpb25zIG1heSBhbHNvIGJlIHN1c3BlY3QgZ2l2ZW4gdGhhdCB0 aGlzIG1heSBoYXZlIGJlZW4gYSBkZWxpYmVyYXRlIGJhY2tkb29yIGZyb20gYSBtYWludGFpbmVy Lgo+Cj4gSSBwcm9wb3NlIHRoYXQgd2UgZ28gYmFjayB0byBhICJrbm93biBzYWZlIiB2ZXJzaW9u LiBJdCB3b3VsZCBwcm9iYWJseSBiZSB1bndpc2UgdG8gcHVzaCAxNC4xIGFzLWlzLCBhcyB3ZWxs Lgo+Cj4gVGhlIEdpdGh1YiByZXBvc2l0b3J5IGhhcyBjdXJyZW50bHkgYmVlbiBsb2NrZWQgb3V0 Lgo+Cj4gSG9waW5nIHRoYXQgc29tZW9uZSBtb3JlIGF3YXJlIG9mIHdoYXQncyBnb2luZyBvbiBj YW4gb2ZmZXIgbW9yZSBpbnNpZ2h0Lgo+Cj4gVGhhbmtzIQo+Cj4gLUhlbnJpY2g= --b1_kuKzhbe2XkkrOvQ7aGZlzYNG8luhnTGXhYDGMoOAtrU Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5PiAgIDxkaXYgZGlyPSJhdXRvIj5UaGFua3MgZm9yIHNl bmRpbmcgdGhpcyBIZW5yaWNoLiBGb3Igd2hhdGV2ZXIgcmVhc29uIEkgdGhvdWdodCBJIHdhcyBh bHJlYWR5IHN1YnNjcmliZWQgdG8gQHNlY3VyaXR5IGJ1dCBJIHdhc27igJl04oCmIHRoaXMgaGFz IGJlZW4gcmVzb2x2ZWQgOikuPC9kaXY+PGRpdj48YnI+PC9kaXY+ICA8ZGl2Pjxicj48L2Rpdj48 ZGl2Pjxicj48L2Rpdj5PbiBGcmksIE1hciAyOSwgMjAyNCBhdCAyMToxNSwgICZsdDs8YSBjbGFz cz0iIiBocmVmPSJtYWlsdG86T24gRnJpLCBNYXIgMjksIDIwMjQgYXQgMjE6MTUsICA8PGEgaHJl Zj0iPmhlbnJpY2hoYXJ0emVyQHR1dGEuaW88L2E+Jmd0OyB3cm90ZTo8YmxvY2txdW90ZSB0eXBl PSJjaXRlIiBjbGFzcz0icHJvdG9ubWFpbF9xdW90ZSI+ICBIaSBldmVyeW9uZSw8YnI+PGJyPkkg cmVjZW50bHkgcmVhZCB0aHJvdWdoIHRoaXM6IGh0dHBzOi8vd3d3Lm9wZW53YWxsLmNvbS9saXN0 cy9vc3Mtc2VjdXJpdHkvMjAyNC8wMy8yOS80PGJyPjxicj5JdCBzb3VuZHMgbGlrZSB4eiA1LjYu MCBhbmQgNS42LjEgYXJlIGJhY2tkb29yZWQuIE5vdCBzdXJlIGlmIEZyZWVCU0QgaXMgb3Igbm90 LCBidXQgaXQgbG9va3MgbGlrZSAxNC1zdGFibGUgYW5kIG1haW4gaGF2ZSB4eiA1LjYuMC4gSW4g bXkgb3BpbmlvbiwgZWFybGllciB2ZXJzaW9ucyBtYXkgYWxzbyBiZSBzdXNwZWN0IGdpdmVuIHRo YXQgdGhpcyBtYXkgaGF2ZSBiZWVuIGEgZGVsaWJlcmF0ZSBiYWNrZG9vciBmcm9tIGEgbWFpbnRh aW5lci48YnI+PGJyPkkgcHJvcG9zZSB0aGF0IHdlIGdvIGJhY2sgdG8gYSAia25vd24gc2FmZSIg dmVyc2lvbi4gSXQgd291bGQgcHJvYmFibHkgYmUgdW53aXNlIHRvIHB1c2ggMTQuMSBhcy1pcywg YXMgd2VsbC48YnI+PGJyPlRoZSBHaXRodWIgcmVwb3NpdG9yeSBoYXMgY3VycmVudGx5IGJlZW4g bG9ja2VkIG91dC48YnI+PGJyPkhvcGluZyB0aGF0IHNvbWVvbmUgbW9yZSBhd2FyZSBvZiB3aGF0 J3MgZ29pbmcgb24gY2FuIG9mZmVyIG1vcmUgaW5zaWdodC48YnI+PGJyPlRoYW5rcyE8YnI+PGJy Pi1IZW5yaWNoPGJyPjxicj48L2Jsb2NrcXVvdGU+PC9ib2R5PjwvaHRtbD4= --b1_kuKzhbe2XkkrOvQ7aGZlzYNG8luhnTGXhYDGMoOAtrU-- From nobody Sat Mar 30 22:31:00 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V6X6y15vLz5G9mK for ; Sat, 30 Mar 2024 22:31:06 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2116.outbound.protection.outlook.com [40.107.127.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V6X6x5ycgz4xyH for ; Sat, 30 Mar 2024 22:31:05 +0000 (UTC) (envelope-from hausen@punkt.de) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=crtqkev+qTnAqvQIiqvXfyRKQtVsmuk77cTSLYOjL7bTZmyLdYl13UhFYEQGTyiXTOEbR2OJTzewmmT78LW+NGvxcKiai2MNU5ZwbMmilWsuwFYq0bYQdFQxa6NsSjkc7O2t3KIdgarXKkpyB0Nz0RHK5wVP02kG4G6JDilFAuTNct0pHM8FnueMcoG/YkGRXiGwgoFHxyjgEqzqaYIwiOMDZqyMVDj0uSYDbSvlJlkng6y/bcn8hb3+lCifmjRS1NSI1qn9Kw79xizKR2+TPbT2KUy5Ugpn+s3RHy8Kdoee1io4DGjb4ZUzDb0PZtrOTMGTFBeEoUHjop+3T39/5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R1WbLLn3S9gbfGbXzQLweLxcTASBKw/QiELJdem02OE=; b=fz3ybuCSWcJeA6YUyAJsdTU3W16ey2HAfA/6NIEojbV2rfwbsfvu3iljibffb+2YORcGiIBXpPgXP7A27xH0y1BjWlNhxjzVsk3pZ81NYARDSqXuLA7AtDNa9UHVP26yqUFt2+r+bEJm+UV81BNI4oNPJKL9gRyNJj02UaUctlRvlZQT81vQ3WJk5HJm7VQaz8/MFclS8uA7dbXtuwldJ+uBJVgkWc1vvomdHkxs/4BB9RycDNhE3fZOb02aZV/CqLrIqgrgrn86SSCwGgdbYk5R2f9GT/eTA9kbJIKri6Tsgg3Mq0S2ICrzzSNvkNCrVktZhyDMzT+LtvZHc6ea5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=punkt.de; dmarc=pass action=none header.from=punkt.de; dkim=pass header.d=punkt.de; arc=none Received: from FRYP281MB3306.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:73::11) by BE1P281MB2870.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:4e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.45; Sat, 30 Mar 2024 22:31:02 +0000 Received: from FRYP281MB3306.DEUP281.PROD.OUTLOOK.COM ([fe80::3e0e:ddc9:b987:28e0]) by FRYP281MB3306.DEUP281.PROD.OUTLOOK.COM ([fe80::3e0e:ddc9:b987:28e0%7]) with mapi id 15.20.7409.042; Sat, 30 Mar 2024 22:31:02 +0000 From: "Patrick M. Hausen" To: Freebsd Stable CC: "henrichhartzer@tuta.io" , Jonathan Vasquez Subject: Re: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well Thread-Topic: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well Thread-Index: AQHaguy+1D4KdLhcAUKDdyxaLT1i0bFQ3fwA Date: Sat, 30 Mar 2024 22:31:00 +0000 Message-ID: <02919DCB-5778-47C3-8754-249F76596928@punkt.de> References: In-Reply-To: Accept-Language: de-DE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: FRYP281MB3306:EE_|BE1P281MB2870:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: kq5ZWGx/E4o3GwHXoAFPrUEZk3+SuqpftX5oM5OstfrIKyCuKj74czWhSQRE4d2qkFPNaVoAUn0dpQtv7fqNRsBvbkdvzKMAeiN9UzrKT8zsSJ1hx22WOJXiktk5MAQ6sFbjau7bcUrNH0s+y6gdIsmcbeXYxmLo/IYUycbx/00SZ2+GAGoNZCXBPEPJ2eo409ZKir2VRHMYW1zEc5PvxFuHgL3In6yKN0J5C2cyvD/UBaRjjqumXzv3HCUD3Vl/NgxT0AdFAzFXkhpD8R0QlubTa03Erv3yVbHnmIxFgMYYXXz03LAQUp1XYfJQJBceYxamfXJocmS25TLGXI9yp2oCbzB9oS4rgjuXFv48k7Fh7R+HHTWMS/gZFkdtd7e3xaBQ8ami9QpuP9a1XJOxEh5bYrkC3EQ6IojHrqTBw5lXGCTB+2gI+tWB91O0XQKY4dE4rUbyHxALy9KjdC54KtCxWRWjuTP7Rtz89QM1i2Thsyjk+FIruAI7cExsCQ8jHRzQVDAGRE5Fb1/rI7hzw5+Nk+LdlKHMCjxNoMvPnGpb3gl0yFsEEB5ZVIaxMqgHvPDRIaPjWNPPTgac0EJCMEufG3lpAGpdimVWzRO53Hc= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FRYP281MB3306.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(376005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/ETYnD5qmMZxYjQMr+wwu++geb1YSnxfXwDyskrGZfHtjtju9rHXYku3A9Pb?= =?us-ascii?Q?TC8CixGiyoEAyyHmjs4lfZ4AO7jLceVhwatBUnjQmvbBQRfrFm2q8JCsC3nr?= =?us-ascii?Q?d9npIaToR7oGfOsuWNqP8z2fLgUFtFjzhr+lyCZJbtkmki6ldW+mL9MApDMe?= =?us-ascii?Q?QM5WqPk3p3P588rmms5LIQJ+U3R4502kYgPLn2oHonqVMELTSFfClTfuvf8G?= =?us-ascii?Q?n4Bu/LkWhCRRvHg41HGVthqKXU2sNUmfB6FKpsrBd1XUvfB67cinOGWi7YTE?= =?us-ascii?Q?LLO2ak78v5XHsQkpeeIBafXp3d54f5iXSoFEJvWBKETtTn6TdLe943I6Etdd?= =?us-ascii?Q?WXzaNmDbMxv+pye4MKmIgm4aPg037fLYAAIeDOjLPspFgGxliVYUq0pTtiPk?= =?us-ascii?Q?tFCbj5/a9pAdqm6W+p/5JVbOFKTdXnkJV+7tlDell02wfU08plLt5h4s/aXm?= =?us-ascii?Q?0+EVlJVh4ia5Smbsp7KBUZRTe+DDy9HTRYJHUlVI4Tahy7DKIn8s+KmD8ZXa?= =?us-ascii?Q?ZtHcdkgeLcF7KrKIgh7VEWlA2Zyt2+8rQJtySGiriz0S9Lou6r9vJWg0j4/p?= =?us-ascii?Q?f6+eOaNZBEpGgVzKVoXAKrPzp7KVpJ80rBaXH+uVokWURGZ4dLoRwmFZT0Gc?= =?us-ascii?Q?+F1eYORW4eRKf9ekwQ97rJekZdZi8/A8RIBXgoUT70cQdkLl0xHZ0vApwJoS?= =?us-ascii?Q?fb2UN7tBLb8ob62sT37vxx05oLGh4e5buDYxEXBQeEGJPxknKTw3KOrQruxo?= =?us-ascii?Q?glDjC3/bspEle083CBk3MwPbbqtpVM5p6pnoF333O22v6DmWhlrmEZO3/DlL?= =?us-ascii?Q?oQmX3F/bUGtiSWXNmWjGhCb2R70rpAmzJmxi/JlkaqUtDV0ojoQPVvW4wIy6?= =?us-ascii?Q?aVCrjoooB2i2AA/ga9cN2cyLWA4DOIHbzZkvJcP7caM1PomOSAwu1q7GVLv8?= =?us-ascii?Q?/kP8GnuWWGZsyj/bzNYYCqNqNX7lscH12eUAe6Dv2yUp+xv/SPb32KLd+iD2?= =?us-ascii?Q?prSsUkLcVqIEB6kcfgU0FAb1USHfbj9pVlrcAnLICNxHs7v8+sC4++d9sJJD?= =?us-ascii?Q?PVoIPRgC3fOpRVoyK9S4hbLTipEF38nD1VOOVKoF+Ev8bics/Ks1ajndgyJG?= =?us-ascii?Q?qNpEUW6i4Y05uUTRkVhPpfCfPiywtRAhol6hlWeOxg/fRpwDZic7sjQcWks6?= =?us-ascii?Q?gAJzC51Uhy16uljiN8SHTC90s/2v/BawfQEWIPaV1uRVnp3TCNd7ukyQJPR1?= =?us-ascii?Q?mQZX2pzUFywQSjQeAv7253yAQ92s9ZuH/1OWsSPAAlaKJJrfqnvlLNKOL0QN?= =?us-ascii?Q?TtPx0WCG3mNAHmgxxR8FSsKJa/zBvkI3IglfP5LnexpavD3D4EatLe8pqAex?= =?us-ascii?Q?3o1JwLVicm86bwWQXQmRmnsCMkdSfFTx4jI24RfBdAgVhNIVPuRbm4ikifNc?= =?us-ascii?Q?MrIcAjmdXUkLDCLfTOolh4vGoAM2VFOjNdmhimvHI46PEHsPg+aSAK0SQ+Gr?= =?us-ascii?Q?LpCCv+u3cljfPCTM4QMoMqECCkaA1WlEFEWP46t93Icr8JvQOAfNYzrnT8Ud?= =?us-ascii?Q?qfmLAeV2LMWG8+nbWPk+q5xveLzH49i6L+k8zC26ungHmeZRuGUsZxzeNYXE?= =?us-ascii?Q?DBd7irAkYsdZjmL7jsCfRcinHitlnIirgMqM9Y6ly1gn?= Content-Type: text/plain; charset="us-ascii" Content-ID: <8FD8C205E24D444183F86E5EABB6FB99@DEUP281.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 X-OriginatorOrg: punkt.de X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: FRYP281MB3306.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: afa3f388-ed70-4eca-fc91-08dc510913cb X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2024 22:31:00.7871 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d1aa1808-3734-45fc-a490-f8ba49028756 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: oHCnXt2aUM8Jb+Ep/jfIOJpbEHRiJhR0Xz+WPkdwxC4RSO2GGv4RBuYu8tSOp0KT X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB2870 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US] X-Rspamd-Queue-Id: 4V6X6x5ycgz4xyH Hi all, On Fri, Mar 29, 2024 at 21:15, wrote: >=20 > I recently read through this: https://www.openwall.com/lists/oss-security= /2024/03/29/4 >=20 > It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is = or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, = earlier versions may also be suspect given that this may have been a delibe= rate backdoor from a maintainer. >=20 > I propose that we go back to a "known safe" version. It would probably be= unwise to push 14.1 as-is, as well. >=20 > [...] 1. The point of this backdoor is - to my knowledge - to get a rogue login v= ia SSH. 2. The mechanism relies on the compromised liblzma being linked with sshd. 3. Which is the case for some Linux distributions because they pull in some= extra functions for better systemd integration which then pulls in liblzma as a = dependency. 4. FreeBSD is - to my knowledge - not susceptible to this attack because o= ur sshd is not linked to the compromised library at all. 5. Even if you installed a supposedly compromised xz from ports, there are = probably no ill consequences. Kind regards, Patrick= From nobody Sun Mar 31 00:28:41 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V6Zkx5lrgz5GNC8 for ; Sun, 31 Mar 2024 00:28:57 +0000 (UTC) (envelope-from elid9122@gmail.com) Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V6Zkw5FSTz58WJ for ; Sun, 31 Mar 2024 00:28:56 +0000 (UTC) (envelope-from elid9122@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=cfehEppZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of elid9122@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=elid9122@gmail.com Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a4e37d4f4c0so178038066b.1 for ; Sat, 30 Mar 2024 17:28:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711844933; x=1712449733; darn=freebsd.org; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dtAgHj4MQqQxPvjqT4Qwpn/vi7ahLxPGqrLtfAFql5o=; b=cfehEppZy96YvIXl/AjfXFLNgLzkqfNXoySQuHdx22BtrjNVKetdZjpCcd3G6+ntuF J2Wf3sGsUrUJ82Je6Ls+6HekR8ddG7WDEms+LuNie8wjs6e9GKBpp6FjIVFKzL/pFxiL cdNjSur30xFshA44RNJj52MRDIQQuRxN63NNKHt9Ksg/yt2Yptfwa0GVF1fsBP4S6X94 HPoX19eGFxWe8bF6Zx4EWM5NAwdx8tFBLiCY3j1BwXT/WWjrxFKbkkllOUOfMWncILgz 6IFQHhSaTNT9B3aSAKyuAtb7n50Cpm4rDbN7eX6fUkvkHuwe3ILyn8p33X2J4ZcbZzcN gYng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711844933; x=1712449733; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dtAgHj4MQqQxPvjqT4Qwpn/vi7ahLxPGqrLtfAFql5o=; b=tAXGZ+0iCN4gXBj2YgG10UoAmQAsCxYk+xXu7m6BiIaG+elpbQzDBOAwMD+cBhuhHG Dy8tOPhod/Peu8iGCWmF3PPv4prOQF0reO7j4daueUwbmd0lcwYEjB7u5NDH/peBRPn4 68HEFgdYoJ+BdZgfQcbZXB2XsG23bo2aJBZPTXU8arNXPWIFYsckRtKBjofjzWAfrCtg I5/g/GrgxSFHdGrFG/s4r10Mxv1Kqh6mAmcK3q5iXSgvteyl5+CMwiIfVxy2zN2g60Kp 884wxo//PmlGfOVsuXaDOPJyh0SQZ/d6ouyjvWuvIeY4p4D+sbfgh+joqIBjooYFrFIO 4y7g== X-Gm-Message-State: AOJu0YzkNpL/IfawXo7YSyF0yeWOVI9BOnkpQkJU7R1gxqb6I7RxNfMh jU62QQbPwLB+oD89vnhpZGEVl9OIi89qVRSX1p8wORIxS2z/oSXzxovTWULnkFyG93tnfpzqYa6 ss+k882IxeRBfbkMnmxRJf1NT13+eXWNh X-Google-Smtp-Source: AGHT+IEiUnVV+i0dP9N2E+S/usMwsvhlHTOhJqQ9yOog2QPNHJ/KRT+mrwQ7umZBaW4FkvTzPsdsWnBQUS9/QLQL41k= X-Received: by 2002:a17:906:d8e:b0:a4a:3557:6be8 with SMTP id m14-20020a1709060d8e00b00a4a35576be8mr3635460eji.53.1711844932978; Sat, 30 Mar 2024 17:28:52 -0700 (PDT) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 References: <02919DCB-5778-47C3-8754-249F76596928@punkt.de> In-Reply-To: <02919DCB-5778-47C3-8754-249F76596928@punkt.de> Reply-To: Eli@devejian.net From: Eli Devejian Date: Sat, 30 Mar 2024 20:28:41 -0400 Message-ID: Subject: Re: xz 5.6.0/5.6.1 backdoored, possibly in src/contrib as well To: Freebsd Stable Content-Type: multipart/alternative; boundary="0000000000002410830614e9f5c0" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.86 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.86)[-0.860]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62e:from]; TO_DN_ALL(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; HAS_REPLYTO(0.00)[Eli@devejian.net]; MID_RHS_MATCH_FROMTLD(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4V6Zkw5FSTz58WJ --0000000000002410830614e9f5c0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable This is my understanding too: this vulnerability only affects versions openssh compiled against compromised versions of xz with extra support for systemd integration so freebsd is unaffected. Also, this only affects release tarballs, with malicious binary blobs. Like arch Linux, as long as we pull from the repo and compile in-house this should mitigate other vulnerabilities possibly created by this rogue maintainer. I have not seen any evidence that more action than this is needed. Cheers, -Eli On Sat, Mar 30, 2024 at 6:31=E2=80=AFPM Patrick M. Hausen = wrote: > Hi all, > > On Fri, Mar 29, 2024 at 21:15, wrote: > > > > I recently read through this: > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > > > It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD i= s > or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion= , > earlier versions may also be suspect given that this may have been a > deliberate backdoor from a maintainer. > > > > I propose that we go back to a "known safe" version. It would probably > be unwise to push 14.1 as-is, as well. > > > > [...] > > 1. The point of this backdoor is - to my knowledge - to get a rogue > login via SSH. > > 2. The mechanism relies on the compromised liblzma being linked with > sshd. > > 3. Which is the case for some Linux distributions because they pull > in some extra > functions for better systemd integration which then pulls in > liblzma as a dependency. > > 4. FreeBSD is - to my knowledge - not susceptible to this attack > because our sshd > is not linked to the compromised library at all. > > 5. Even if you installed a supposedly compromised xz from ports, > there are probably > no ill consequences. > > Kind regards, > Patrick > --0000000000002410830614e9f5c0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This is my understanding too: this vulnerability only= affects versions openssh compiled against compromised versions of xz with = extra support for systemd integration so freebsd is unaffected. Also, this = only affects release tarballs, with malicious binary blobs. Like arch Linux= , as long as we pull from the repo and compile in-house this should mitigat= e other vulnerabilities possibly created by this rogue maintainer. I have n= ot seen any evidence that more action than this is needed.

Cheers,
-Eli

On Sat, Mar 30, 2024 at 6:31=E2=80=AFPM = Patrick M. Hausen <hausen@punkt.de> wrote:
Hi = all,

On Fri, Mar 29, 2024 at 21:15, <henrichhartzer@tuta.io> wrote:
>
> I recently read through this: https://w= ww.openwall.com/lists/oss-security/2024/03/29/4
>
> It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD = is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinio= n, earlier versions may also be suspect given that this may have been a del= iberate backdoor from a maintainer.
>
> I propose that we go back to a "known safe" version. It woul= d probably be unwise to push 14.1 as-is, as well.
>
> [...]

1.=C2=A0 =C2=A0 =C2=A0 The point of this backdoor is - to my knowledge - to= get a rogue login via SSH.

2.=C2=A0 =C2=A0 =C2=A0 The mechanism relies on the compromised liblzma bein= g linked with sshd.

3.=C2=A0 =C2=A0 =C2=A0 Which is the case for some Linux distributions becau= se they pull in some extra
=C2=A0 =C2=A0 =C2=A0 =C2=A0 functions for better systemd integration which = then pulls in liblzma as a dependency.

4.=C2=A0 =C2=A0 =C2=A0 FreeBSD is - to my knowledge=C2=A0 - not susceptible= to this attack because our sshd
=C2=A0 =C2=A0 =C2=A0 =C2=A0 is not linked to the compromised library at all= .

5.=C2=A0 =C2=A0 =C2=A0 Even if you installed a supposedly compromised xz fr= om ports, there are probably
=C2=A0 =C2=A0 =C2=A0 =C2=A0 no ill consequences.

Kind regards,
Patrick
--0000000000002410830614e9f5c0--