From owner-freebsd-announce@FreeBSD.ORG Sat Feb 22 20:07:08 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9DEE8F1C for ; Sat, 22 Feb 2014 20:07:08 +0000 (UTC) Received: from nyi.unixathome.org (nyi.unixathome.org [64.147.113.42]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6E2E71896 for ; Sat, 22 Feb 2014 20:07:08 +0000 (UTC) Received: from nyi.unixathome.org (localhost [127.0.0.1]) by nyi.unixathome.org (Postfix) with ESMTP id AC64150832 for ; Sat, 22 Feb 2014 20:07:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at unixathome.org Received: from nyi.unixathome.org ([127.0.0.1]) by nyi.unixathome.org (nyi.unixathome.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fx6qyQLBgunM for ; Sat, 22 Feb 2014 20:07:07 +0000 (UTC) Received: from smtp-auth.unixathome.org (smtp-auth.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) by nyi.unixathome.org (Postfix) with ESMTPSA id 4CBA450830 for ; Sat, 22 Feb 2014 20:07:07 +0000 (UTC) From: Dan Langille Content-Type: multipart/signed; boundary="Apple-Mail=_14731265-C91D-48A5-9835-A8879F4E4C37"; protocol="application/pgp-signature"; micalg=pgp-sha1 Message-Id: <83444086-2969-435C-89F0-BC0F3D5D7EA3@langille.org> Date: Sat, 22 Feb 2014 15:07:06 -0500 To: freebsd-announce@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) X-Mailer: Apple Mail (2.1827) X-Mailman-Approved-At: Sun, 23 Feb 2014 00:31:44 +0000 Subject: [FreeBSD-Announce] BSDCan 2014 schedule released X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Feb 2014 20:07:08 -0000 --Apple-Mail=_14731265-C91D-48A5-9835-A8879F4E4C37 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hello, The schedule for BSDCan 2014 has been released. You can view the = details here: http://www.bsdcan.org/2014/schedule/events.en.html For more information about the conference, see = http://www.bsdcan.org/2014/ Our keynote this year will be by Karl Lehenbauer, CTO of FlightAware. With thanks to our sponsors EMC - http://www.emc.com/ Follow us: Google+: https://plus.google.com/u/0/b/101572035005283336149/ Facebook: http://www.facebook.com/group.php?gid=3D272755641371 Twitter: http://www.twitter.com/bsdcan --=20 Dan Langille - http://langille.org --Apple-Mail=_14731265-C91D-48A5-9835-A8879F4E4C37 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlMJA2oACgkQCgsXFM/7nTzETQCg2JP70Yx27Uz47GDHfsF5W/fr O3gAnjRvL6kzr8RjLg8vIMVjzudEWl89 =BMj5 -----END PGP SIGNATURE----- --Apple-Mail=_14731265-C91D-48A5-9835-A8879F4E4C37-- From owner-freebsd-announce@FreeBSD.ORG Wed Feb 26 19:27:34 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0E2A3D2D for ; Wed, 26 Feb 2014 19:27:34 +0000 (UTC) Received: from mail-qc0-x235.google.com (mail-qc0-x235.google.com [IPv6:2607:f8b0:400d:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C19A711B8 for ; Wed, 26 Feb 2014 19:27:33 +0000 (UTC) Received: by mail-qc0-f181.google.com with SMTP id c9so2008265qcz.40 for ; Wed, 26 Feb 2014 11:27:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:date:message-id:subject:from:to :content-type; bh=mXmwM6NQNa9GRmOwKqI3cJubEsibAjShHXLGqh6i3X8=; b=BwK+bllreKBCXsNFSA2aCisJMy2XWtfqEZJDPNEvXSmI1X2vhP1oPY3VxjZnWof5z6 zaAfGh+KQwH3RfrZP7Eg8KMaT3duB/p0Qh2y+oiWzci9eJ/5w2DYGH1z50YTsh2re0Aj mxbTZdM6//09tDGAShVbGGRntlKxmikEBKSoxOmayT9DJoHpTFDemQa5hd9Qgr+MsWUa veAuQtalpmEt1KB/10Tgj92IIPz9mF4K7fj+0AZq89d/pvnTdzokKqbc0jhDZmI8ZzKm KOTK+vU8MXw8qpja5OdTkyKUPJp8MI5q8x2apc81TM6HuplON7E0EA1c2A951EYcROVN TuGA== MIME-Version: 1.0 X-Received: by 10.140.95.45 with SMTP id h42mr1906553qge.2.1393442852867; Wed, 26 Feb 2014 11:27:32 -0800 (PST) Sender: shteryana@gmail.com Received: by 10.224.128.69 with HTTP; Wed, 26 Feb 2014 11:27:32 -0800 (PST) Date: Wed, 26 Feb 2014 21:27:32 +0200 X-Google-Sender-Auth: 9rO9j_6_C0WufHfiDoO7AXkmvT0 Message-ID: From: Shteryana Shopova To: freebsd-announce@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Wed, 26 Feb 2014 19:35:25 +0000 Subject: [FreeBSD-Announce] EuroBSDCon 2014 - Call for Papers X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: syrinx@FreeBSD.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Feb 2014 19:27:34 -0000 EuroBSDcon 2014: September 25-28 in Sofia, Bulgaria EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference will take place September 25 to 28 at InterExpo Congress Center in Sofia (see http://iec.bg/en/). Tutorials will be held on thursday and friday, while the shorter talks and papers program is on saturday and sunday. Call for Talk and Presentation Proposals (CFP) The EuroBSDcon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. Call for Tutorial Proposals The EuroBSDcon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. Tutorials are to be held in English. Submissions Proposals should be sent by email to submission at eurobsdcon.org. They should contain a short and concise text description in about 100 words. The submission should also include a short CV of the speaker and an estimate of the expected travel expenses. Please submit each proposal as a separate email. Important dates The EuroBSDcon program committee is accepting talk and tutorial proposals until May 19th, 2014. Speakers will be informed of acceptance status by June 10th, 2014. Other important dates will be announced soon at the conference website http://2014.EuroBSDcon.org/ . Program Committee This year's program committee is Peter Hansteen (Chair, representing OpenBSD, peter at bsdly dot net) Janne Johansson (representing OpenBSD, jj at OpenBSD dot org) Vasil Dimov (representing FreeBSD, vd at FreeBSD dot org) Ollivier Robert (representing FreeBSD, roberto at FreeBSD dot net) Martin Husemann (representing NetBSD, martin at NetBSD dot org) Marc Balmer (representing NetBSD, mbalmer at NetBSD dot org) Shteryana Shopova (OC liaison, syrinx at FreeBSD dot org) I am looking forward to your submissions and hope to see you in Sofia, Shteryana Shopova On the behalf of EuroBSDcon 2014 Program Committee From owner-freebsd-announce@FreeBSD.ORG Mon Mar 10 21:19:00 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CF96610 for ; Mon, 10 Mar 2014 21:19:00 +0000 (UTC) Received: from aslan.scsiguy.com (ns1.scsiguy.com [70.89.174.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D75469A for ; Mon, 10 Mar 2014 21:18:59 +0000 (UTC) Received: from [192.168.0.102] (c-50-183-54-121.hsd1.co.comcast.net [50.183.54.121]) (authenticated bits=0) by aslan.scsiguy.com (8.14.7/8.14.7) with ESMTP id s2ALIvfA070474 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Mon, 10 Mar 2014 15:18:58 -0600 (MDT) (envelope-from deb@freebsdfoundation.org) From: Deb Goodkin Message-Id: Date: Mon, 10 Mar 2014 15:18:52 -0600 To: freebsd-announce@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) X-Mailman-Approved-At: Tue, 11 Mar 2014 01:22:04 +0000 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Subject: [FreeBSD-Announce] FreeBSD Foundation Accepting Travel Grant Applications for BSDCan 2014 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 21:19:00 -0000 Calling all FreeBSD developers needing assistance with travel expenses = to BSDCan 2014. The FreeBSD Foundation will be providing a limited number of travel = grants to individuals requesting assistance. Please fill out and submit = the Travel Grant Request Application at = http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by = April 7th, 2014 to apply for this grant. How it works: This program is open to FreeBSD developers of all sorts (kernel hackers, = documentation authors, bugbusters, system administrators, etc). In = some cases we are also able to fund non-developers, such as active = community members and FreeBSD advocates. (1) You request funding based on a realistic and economical estimate of = travel costs (economy airfare, trainfare, ...), accommodations = (conference hotel and sharing a room), and registration or tutorial = fees. If there are other sponsors willing to cover costs, such as your = employer or the conference, we prefer you talk to them first, as our = budget is limited. We are happy to split costs with you or another = sponsor, such as just covering airfare or board. *If you are a speaker at the conference, we expect the conference to = cover your travel costs, and will most likely not approve your direct = request to us. * (2) We review your application and if approved, authorize you to seek = reimbursement up to a limit. We consider several factors, including our = overall and per-event budgets, and (quite importantly) the benefit to = the community by funding your travel. Most rejected applications are rejected because of an over-all limit on = travel budget for the event or year, due to unrealistic or uneconomical = costing, or because there is an unclear or unconvincing argument that = funding the applicant will directly benefit the FreeBSD Project. Please = take these points into consideration when writing your application. (3) We reimburse costs based on actuals (receipts), and by check or bank = transfer. And, we do not cover your costs if you end up having to cancel = your trip. We require you to submit a report on your trip, which we may = show to current or potential sponsors, post on our blog, and include in = our semi-annual newsletter. There's some flexibility in the mechanism, so talk to us if something = about the model doesn't quite work for you or if you have any questions. = The travel grant program is one of the most effective ways we can spend = money to help support the FreeBSD Project, as it helps developers get = together in the same place at the same time, and helps advertise and = advocate FreeBSD in the larger community. Thank You, The FreeBSD Foundation= From owner-freebsd-announce@FreeBSD.ORG Tue Mar 11 19:16:02 2014 Return-Path: Delivered-To: announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E724865E for ; Tue, 11 Mar 2014 19:16:02 +0000 (UTC) Received: from buffy.york.ac.uk (unknown [IPv6:2a00:14f0:e000:9b::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 64AB31FE for ; Tue, 11 Mar 2014 19:16:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by buffy.york.ac.uk (8.14.7/8.14.7) with ESMTP id s2BJFwsJ077576 for ; Tue, 11 Mar 2014 19:15:58 GMT (envelope-from gavin@FreeBSD.org) From: Gavin Atkinson To: announce@FreeBSD.org Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-P88x93GrQDF4vu31M5nt" Date: Tue, 11 Mar 2014 19:15:58 +0000 Message-ID: <1394565358.47240.59.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port X-Mailman-Approved-At: Tue, 11 Mar 2014 19:47:45 +0000 Subject: [FreeBSD-Announce] FreeBSD is participating in Google Summer of Code X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: soc-admins@FreeBSD.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 19:16:03 -0000 --=-P88x93GrQDF4vu31M5nt Content-Type: text/plain; charset="ASCII" Content-Transfer-Encoding: quoted-printable Hi all, FreeBSD is pleased to announce that once again we have been selected to participate in the Google Summer of Code program. This gives University students the opportunity to earn a $5,500 USD stipend in exchange for working on Open Source software over their Summer break. Students have around 12 weeks to work on their project, and will be mentored by existing FreeBSD committers. Participating organisations will earn $500 USD per student mentored. FreeBSD's organisation page may be found at=20 http://www.google-melange.com/gsoc/org/google/gsoc2014/freebsd and a list of possible project ideas may be found at=20 https://wiki.freebsd.org/SummerOfCode2014 . Please note that projects do not have to come from the ideas list, and indeed students are encouraged to produce their own project ideas - the majority of past projects have been thought up by the participants themselves. More details about FreeBSD's participation in Google Summer of Code including contact details can be found at http://gsoc.freebsd.org/ Students are also encouraged to visit http://www.google-melange.com/ to=20 view more details of the program, including eligibility requirements, and a list of other participating organisations. Please also help us advertise Google Summer of Code and FreeBSD at your local university or college campus! A poster is available at http://gsoc.freebsd.org/ The application deadline is March 21st 19:00 UTC. Thanks, Gavin --=20 Gavin Atkinson FreeBSD committer and bugmeister GPG: A093262B (313A A79F 697D 3A5C 216A EDF5 935D EF44 A093 262B) --=-P88x93GrQDF4vu31M5nt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAABCgAGBQJTH2DuAAoJEE2hFOXEouV/0yQQAK8neMY4kXUN3l6akoHyoY1l LIVBcC57jgEsPNWVqnGjaKtpF6KwNM7tgJEdhCQYx+9ACC5E+hOVh/sCt9gtUFWa tIOGX6C4H91Q9+OL9ghrLZJj/iUto+dp2yNth/qVbx5XvKPyHadehn0R2kNsqzuX pRQ7xFbLOfrGCqFXvWcmzH+cZbWNSOTss0dtqbnCWrJVwGOVS1bWsM65QM2ZdKcN +uYIC23rp4QTucj3BjXivfp6IAWLKr/O0SglzwGpvM7cMySbF1TAgr3BwJlAujgj fSwtRo1Dzi6rNNQolOzYdephmAqmXSHeyN2c74UAiWoIWkF+GDFJTCyYp7SPwEoL nyKm1lb6I3JBSEp8HrDNHUCgNDIYKTkm6FDHE6o4C5SeBqFlhG05RvvZjpqctQv7 Ulj7T3uOk3FDov97/+lvIiKGNAAmB4zDotYoQqS1h6UUfe5PRnnFdqxaIXI1v0Cc 4cgq9ppmwv9xhl3fjdUkd/8kel6L6pfkC7RcfFN4zisJRnwhlNlSDb6dWsqM3pYI PS0gwyiraWEZD8NBq6xicyhoYds+LjTJeENXYUu+6C1UpeCSLNAvL/j6/aXCCphi VkhcXq8maHsrqoo4MtPLzWo6vv0YTpUtaiQjBl/nFMg14pjZi8cqHuqEb0sbh37U 7K+SovkphwgJh6xHz5Nh =LFOW -----END PGP SIGNATURE----- --=-P88x93GrQDF4vu31M5nt-- From owner-freebsd-announce@FreeBSD.ORG Thu Mar 20 14:17:41 2014 Return-Path: Delivered-To: freebsd-announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2EAF3A90 for ; Thu, 20 Mar 2014 14:17:41 +0000 (UTC) Received: from mail-gw13.york.ac.uk (mail-gw13.york.ac.uk [144.32.129.163]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E9947AD8 for ; Thu, 20 Mar 2014 14:17:40 +0000 (UTC) Received: from ury.york.ac.uk ([144.32.64.162]:53981) by mail-gw13.york.ac.uk with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1WQdmn-0000TL-4p for freebsd-announce@FreeBSD.org; Thu, 20 Mar 2014 14:17:33 +0000 Date: Thu, 20 Mar 2014 14:17:32 +0000 (GMT) From: Gavin Atkinson X-X-Sender: gavin@ury.york.ac.uk To: freebsd-announce@FreeBSD.org Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Thu, 20 Mar 2014 16:20:20 +0000 Subject: [FreeBSD-Announce] Students: Summer of Code deadline fast approaching X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: soc-admins@FreeBSD.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 14:17:41 -0000 Hi all, A reminder: The deadline for applications is 19:00 UTC Friday March 21st (i.e. tomorrow, approximately 28 hours time). FreeBSD is pleased to announce that once again we have been selected to participate in the Google Summer of Code program. This gives University students the opportunity to earn a $5,500 USD stipend in exchange for working on Open Source software over their Summer break. Students have around 12 weeks to work on their project, and will be mentored by existing FreeBSD committers. Participating organisations will earn $500 USD per student mentored. FreeBSD's organisation page may be found at http://www.google-melange.com/gsoc/org2/google/gsoc2014/freebsd and a list of possible project ideas may be found at https://wiki.FreeBSD.org/SummerOfCode2014 . Please note that projects do not have to come from the ideas list, and indeed students are encouraged to produce their own project ideas - the majority of past projects have been thought up by the participants themselves. More details about FreeBSD's participation in Google Summer of Code including contact details can be found at http://gsoc.FreeBSD.org/ Students are also encouraged to visit http://www.google-melange.com/ to view more details of the program, including eligibility requirements, and a list of other participating organisations. If you have administrative questions you can contact the FreeBSD GSoC administration team at soc-admins@FreeBSD.org. The application deadline is March 21st 19:00 UTC. Thanks, Gavin -- Gavin Atkinson FreeBSD committer and bugmeister GPG: A093262B (313A A79F 697D 3A5C 216A EDF5 935D EF44 A093 262B) From owner-freebsd-announce@FreeBSD.ORG Tue Apr 8 20:42:30 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CEF853B; Tue, 8 Apr 2014 20:42:30 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0888A1201; Tue, 8 Apr 2014 20:42:30 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s38KgTX7045264; Tue, 8 Apr 2014 20:42:29 GMT (envelope-from security-officer@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s38KgTVE045263; Tue, 8 Apr 2014 20:42:29 GMT (envelope-from security-officer@freebsd.org) Date: Tue, 8 Apr 2014 20:42:29 GMT Message-Id: <201404082042.s38KgTVE045263@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-officer@freebsd.org using -f From: FreeBSD Security Officer To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] HEADSUP! OpenSSL "Heartbleed" bug X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 20:42:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, This is a heads-up for the OpenSSL "Heartbleed" bug. FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40 UTC (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549). FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head, r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08 18:27:46 UTC (releng/10.0, r264267). The update is available with freebsd-update. All other supported FreeBSD branches are not affected by this issue. Users who use TLS client and/or server are strongly advised to apply updates immediately. Because of the nature of this issue, it's also recommended for system administrators to consider revoking all of server certificate, client certificate and keys that is used with these systems and invalidate active authentication credentials with a forced passphrase change. Formal security advisories would be announced later today. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRF6nAAoJEO1n7NZdz2rnA7AP/jG89g90O5ULI3aXZOeeYH6U /l3Cb5/vUgEQWiG5HO50lID3fJOktTWvwMBs+q7E7vaGJ4icL5kl816Zucj3cI8j H4JZZVYWbY1cBET2sNAxz5+XqGvERL8LUj8+hvVxo5L071plAbiucnvisx4K9Vyd IQryUOvRwxUUbmOXIVbfPLoY4VJFT+fDMxEXjeOh3vFWXftg5v4KaB9jYCRKBiAo BTEKlU1/bVjkJ4sU5ApavMOuyeqqOPTxLpqs6+9bsPUsBoiMR1LyxrWW9tWPb/x+ LKoLwwkHwjHmrCx9ob/L5jNtOiLeFAsN/Rvox8eLLCb2VRe90dkMKazAJCGT/Shf DKRo4jlRCVqmHofc96+bWBGDGHvTT7xY3MZQYU9IEHIXSzAgxykXmyYSdIDm6bxk tsladfGEpKNzpwQXbuzLFXjl0nd87P1ZcPh+cDprP4+b68knfAXDIF/ca7mVD00B PTIUmXOSuvmYfhQyY4lurB3vjbWoJv06JkYJRe4luPyZiEulw7PNNPqR0BqR4vPX R9VhOhDhXn1AJcF8urTMIwZ3tGyhwWbOjqOgAdI9jW4gTTtXqwwesWhjX0ZghzRf Pqs9T7IrZ4pNvfHBETSc7JN/9kpspTEm/a2tUalEIKIErSxmaOAWUTethrjf3lyd kNC30mma046jR7E4/ccB =J3Tm -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Apr 8 23:34:12 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 60B099CA; Tue, 8 Apr 2014 23:34:12 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BEEC14FB; Tue, 8 Apr 2014 23:34:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s38NYCgQ098544; Tue, 8 Apr 2014 23:34:12 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s38NYCi6098542; Tue, 8 Apr 2014 23:34:12 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 8 Apr 2014 23:34:12 GMT Message-Id: <201404082334.s38NYCi6098542@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 23:34:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:05.nfsserver Security Advisory The FreeBSD Project Topic: Deadlock in the NFS server Category: core Module: nfsserver Announced: 2014-04-08 Credits: Rick Macklem Affects: All supported versions of FreeBSD. Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) CVE Name: CVE-2014-1453 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. II. Problem Description The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. III. Impact An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service. IV. Workaround Systems that do not provide NFS services are not vulnerable. Neither are systems that do but use the old NFS implementation, which is the default in FreeBSD 8.x. To determine which implementation an NFS server is running, run the following command: # kldstat -v | grep -cw nfsd This will print 1 if the system is running the new NFS implementation, and 0 otherwise. To switch to the old NFS implementation: 1) Append the following lines to /etc/rc.conf: nfsv4_server_enable="no" oldnfs_server_enable="yes" 2) If the NFS server is compiled into the kernel (which is the case for the stock GENERIC kernel), replace the NFSD option with the NFSSERVER option, then recompile your kernel as described in . If the NFS server is not compiled into the kernel, the correct module will be loaded at boot time. 3) Finally, reboot the system. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:05/nfsserver.patch # fetch http://security.FreeBSD.org/patches/SA-14:05/nfsserver.patch.asc # gpg --verify nfsserver.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r264285 releng/8.3/ r264284 releng/8.4/ r264284 stable/9/ r264285 releng/9.1/ r264284 releng/9.2/ r264284 stable/10/ r264266 releng/10.0/ r264267 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRISyAAoJEO1n7NZdz2rnOvoQAJoxWjKV1UACccAi4Z/ChESU rSi2NrW6ZixCmSzbPxAcz9Qv7vaQVSywfG5Zy1JddNh1aVy4ExUsd/FZcRr92Cz2 ujprve/JBMc0YOsND7KIna9Rk7Ryj0IchRXquN5SyDhZbvWwnDNatQWID5awzgYM aX+48WUFk/oFX009JCR2LO3u3GqOZN6fJhLSQs+Yj+CuxQO9XlQSSUK+lTDO/2ig snT7j52eCJhsMNn1QcdMGx1Y+NdfIEDfinioAPKLUfWCXWwNRAhTD5scasHDQWV4 60kVXZzl/CNOD7awOXwIrx3GRPQSwsg2YUqGP+jXlEdIA+MNE5+vUijDcLI/cTBj WSApShrdybIyOyPzczDKmLae9NUeKspUoZTwwwSJ6p8Zr6m0/dBzKbk7TB+XFn17 Q1FVDkpq7pJUzPQxNfB9Z6wwRXeZgaJBEck/P0DvHZwJDq1mZLbcPFap91I4p471 iBVhSHHP466pj0EUuCjNrld7BgVj/iCrCO7LZr4L9t/7sDAIE+CYqv5eR7byUIOO WoMs3zplSR1XgTk5c9p6XQifv3dtRGyJicfjtKdNFxYjeokIhXxdAjWjQmwC2XoG PK7enzV2MHWg3nCpdCztD+4ZjHqdwOq/o2g0rVrum7SfOeZXyqr+YB58rpd6uR11 8z8hxDfKCzc/Lo1/T+EO =xBcd -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Apr 8 23:34:13 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2959D9D1; Tue, 8 Apr 2014 23:34:13 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 14A351500; Tue, 8 Apr 2014 23:34:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s38NYCwY098578; Tue, 8 Apr 2014 23:34:12 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s38NYC1X098576; Tue, 8 Apr 2014 23:34:12 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 8 Apr 2014 23:34:12 GMT Message-Id: <201404082334.s38NYC1X098576@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 23:34:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-04-08 Affects: All supported versions of FreeBSD. Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) CVE Name: CVE-2014-0076, CVE-2014-0160 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS. Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication in a fixed amount of time, which does not leak any information through timing or power. II. Problem Description The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. [CVE-2014-0160]. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. [CVE-2014-0076] III. Impact An attacker who can send a specifically crafted packet to TLS server or client with an established connection can reveal up to 64k of memory of the remote system. Such memory might contain sensitive information, including key material, protected content, etc. which could be directly useful, or might be leveraged to obtain elevated privileges. [CVE-2014-0160] A local attacker might be able to snoop a signing process and might recover the signing key from it. [CVE-2014-0076] IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols implementation and do not use the ECDSA implementation from OpenSSL are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.x and FreeBSD 9.x] # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc # gpg --verify openssl.patch.asc [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install IMPORTANT: the update procedure above does not update OpenSSL from the Ports Collection or from a package, known as security/openssl, which has to be updated separately via ports or package. Users who have installed security/openssl should update to at least version 1.0.1_10. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r264285 releng/8.3/ r264284 releng/8.4/ r264284 stable/9/ r264285 releng/9.1/ r264284 releng/9.2/ r264284 stable/10/ r264266 releng/10.0/ r264267 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRISyAAoJEO1n7NZdz2rnwdgP/RFT6HsugPJZeIKX2Rn36Mat qgAET7gotiU1Y7G/647BiSCOn/BQs9Z1yTLE7wKdgiVDDTZOHJCJxssXav/+Cqli G1Cyoi2Rv9R77sno0wdj62YguTg0EKnU52CYpHVmF2NA0H/zexXDrCgiQtyvnU62 ZtM2TO76qhKFXwNtIQ1EQYmu+qsxLbp65ryyu9Tq7rXlc52JYTa0QdWDcKoPtcBO U85HzJwQglX2lEmipv63s0vwur5eSTtlWSmUSpFzE1jsjYiRl7xFHQKdXxA5Ifw0 qO7LYrYK7b4EyEq9TcQQKvh05IgorjRcA4i0mSQFpc0HINtgv3bYlHyQL+tyN1+k /4uzdDFB27j8EuKZzEg6aF1JLNq9/zMvx+E0iykPodb5i+n5BzPzWc4rogHvj7rU mfSeABG3m/SifTewy1258V3TRfTKLNU8EPX2CTnJI9WjYX83GO7sM1vtaGQUOAFK gff2tFfeSmDpyCmp+RwnmIr5IefIG2y8s/0iJM/wLF3rW8ZrwP1zX+cot5KRCWfT FpdhHHLRcsCLM7frxmSgRdN+iuXIAcdfbj1EN7z1ryHLk2vRsm2n66kojt4BCnig 7JcStOjMSz843+1L3eCZubHIxVxxjKBGwqVfQ9OWbgeIro0+bapYLJIavuAa9BM6 1T0hWKFh59zAxyGPqX49 =X7Qk -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Apr 9 01:06:32 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 073EBD59; Wed, 9 Apr 2014 01:06:32 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DBCA610CE; Wed, 9 Apr 2014 01:06:31 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3916Vow035427; Wed, 9 Apr 2014 01:06:31 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3916VRm035425; Wed, 9 Apr 2014 01:06:31 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 9 Apr 2014 01:06:31 GMT Message-Id: <201404090106.s3916VRm035425@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 01:06:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-04-08 Affects: All supported versions of FreeBSD. Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) CVE Name: CVE-2014-0076, CVE-2014-0160 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2014-04-08 Initial release. v1.1 2014-04-08 Added patch applying step in Solutions section. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS. Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication in a fixed amount of time, which does not leak any information through timing or power. II. Problem Description The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. [CVE-2014-0160]. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. [CVE-2014-0076] III. Impact An attacker who can send a specifically crafted packet to TLS server or client with an established connection can reveal up to 64k of memory of the remote system. Such memory might contain sensitive information, including key material, protected content, etc. which could be directly useful, or might be leveraged to obtain elevated privileges. [CVE-2014-0160] A local attacker might be able to snoop a signing process and might recover the signing key from it. [CVE-2014-0076] IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols implementation and do not use the ECDSA implementation from OpenSSL are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.x and FreeBSD 9.x] # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc # gpg --verify openssl.patch.asc [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch # fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install IMPORTANT: the update procedure above does not update OpenSSL from the Ports Collection or from a package, known as security/openssl, which has to be updated separately via ports or package. Users who have installed security/openssl should update to at least version 1.0.1_10. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r264285 releng/8.3/ r264284 releng/8.4/ r264284 stable/9/ r264285 releng/9.1/ r264284 releng/9.2/ r264284 stable/10/ r264266 releng/10.0/ r264267 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI QwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu tXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO yu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD ThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN 1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh Z4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq uzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC dlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm qg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4 Iqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu EpUXgezogk1Rd3EVsaJ+ =UBO0 -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Thu Apr 17 18:35:58 2014 Return-Path: Delivered-To: announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7CFA5CB for ; Thu, 17 Apr 2014 18:35:58 +0000 (UTC) Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 64C421337 for ; Thu, 17 Apr 2014 18:35:58 +0000 (UTC) Received: by mail-ob0-f177.google.com with SMTP id wp18so832123obc.36 for ; Thu, 17 Apr 2014 11:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=rx1BjCp19wpnZgo4UvvQ4Z5PU9eSMbPlyIHHUW0pTKU=; b=yDyxCBNa3AFWEWAKf4jxWUTSDoKz3Fs2cFrXWGcZEOv93oPUDCD8bj2GVdl4lMerNK jin4ow2zWd4CDh9PK7BXTsAjzj0H3izJG4dGw4UtPkPOeiL5LqAcEcV/dzm3bgmPGvoF aiYSiSLceO/0phZfYELvdg7GixVSb+sWjHPvZtnE66paJT7VzhLL8vEXlwWu5kXGEDAG owmbEAM50wMBadB2bjVVv6B5O8PRCDDwmxEu95I8Csb98VORplaIpSxpNUCIL5cuCA2C BdVNtU7gk8AU/+1wqILtecTcgj5x1Lg9+0qaEeZQU25qlH4CBMkEfNp7PRA6XUPNe/0v Sx4Q== MIME-Version: 1.0 X-Received: by 10.182.166.40 with SMTP id zd8mr12933056obb.25.1397759757632; Thu, 17 Apr 2014 11:35:57 -0700 (PDT) Sender: pali.gabor@gmail.com Received: by 10.182.22.44 with HTTP; Thu, 17 Apr 2014 11:35:57 -0700 (PDT) Date: Thu, 17 Apr 2014 20:35:57 +0200 X-Google-Sender-Auth: Vnt74K2lE1oPWvEmywWsAeOEkE4 Message-ID: From: Gabor Pali To: announce@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 17 Apr 2014 18:38:15 +0000 Subject: [FreeBSD-Announce] FreeBSD Quarterly Status Report, January-March 2014 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2014 18:35:58 -0000 FreeBSD Quarterly Status Report, January-March 2014 This report covers FreeBSD-related projects between January and March 2014. This is the first of four reports planned for 2014. Note that there is an HTML version available at http://www.FreeBSD.org/news/status/report-2014-01-2014-03.html Introduction The first quarter of 2014 was, again, a hectic and productive time for FreeBSD. The Ports team released their landmark first quarterly "stable" branch. FreeBSD continues to grow on the ARM architecture, now running on an ARM-based ChromeBook. SMP is now possible on multi-core ARM systems. bhyve, the native FreeBSD hypervisor, continues to improve. An integral test suite is taking shape, and the Jenkins Continuous Integration system has been implemented. FreeBSD patches to GCC are being "forward-ported", and LLDB, the Clang/LLVM debugger is being ported. Desktop use has also seen improvements, with work on Gnome, KDE, Xfce, KMS video drivers, X.org, and vt, the new console driver which supports KMS and Unicode. Linux and Wine binary compatibility layers have been improved. UEFI booting support has been merged to head. The FreeBSD Foundation continues to assist in moving FreeBSD forward, sponsoring conferences and meetings and numerous development projects. And these are only some of the things that happened! Read on for even more. Thanks to all the reporters for the excellent work! This report contains 41 entries and we hope you enjoy reading it. The deadline for submissions covering between April and June 2014 is July 7th, 2014. __________________________________________________________________ FreeBSD Team Reports * FreeBSD Cluster Administration Team * FreeBSD Core Team * FreeBSD Documentation Engineering Team * FreeBSD Port Management Team * FreeBSD Postmaster Team * FreeBSD Release Engineering Team Projects * Jenkins Continuous Integration for FreeBSD * ZFSguru Kernel * ASLR and PIE * Intel GPU Driver Update * Native iSCSI Stack * New Automounter * PCI SR-IOV Infrastructure * SDIO Driver * UEFI Boot * Updated vt(4) System Console Architectures * bhyve * FreeBSD Host Support for OpenStack and OpenContrail * FreeBSD on Chromebook * FreeBSD/arm64 * FreeBSD/armv6hf * SMP on Multi-Core ARM Systems Userland Programs * auditdistd(8) * External Toolchain Improvements * Forward Port FreeBSD GCC * FreeBSD Test Suite * LLDB Debugger Port Ports * Chromium * FreeBSD Ada Ports * GCC in the Ports Collection * GNOME/FreeBSD * KDE/FreeBSD * libvirt/bhyve Support * OpenAFS on FreeBSD * The Graphics Stack on FreeBSD * Using CentOS 6.5 as Linux Base * Wine/FreeBSD * Xfce/FreeBSD Documentation * ZFS Chapter of the Handbook Miscellaneous * FreeBSD Participating in Summer of Code 2014 * The FreeBSD Foundation __________________________________________________________________ FreeBSD Cluster Administration Team Contact: FreeBSD Cluster Administration Team The FreeBSD Cluster Administration Team consists of the people responsible for administering the machines that the project relies on for its distributed work and communications to be synchronised. In this quarter, the team has worked on the following: * Assimilated master email configurations into a single source control repository. * Moved the FreeBSD web server CGI services to a new location (sponsored). * Further enhanced upon our internal monitoring utilities. * Added a Russian pkg(8) mirror, hosted by Yandex. * Moved the FreeBSD Foundation web services to a new server (sponsored). This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ FreeBSD Core Team Contact: FreeBSD Core Team The FreeBSD Core Team constitutes the project's "Board of Directors", responsible for deciding the project's overall goals and direction as well as managing specific areas of the FreeBSD project landscape. The first quarter of 2014 was very active for the Core Team. John Baldwin and David Chisnall kept coordinating the work required for providing a newer version of X.Org for 9.x and 10.x systems. Now that vt(4), a successor to syscons(4) that offers a KMS-enabled console, has been merged to both stable/9 and stable/10, an alternative pkg(8) repository is in preparation for wider testing of vt(4) and the new X.Org version. In addition to that, John Baldwin published the policy on licenses for new files and files with non-standard licenses. Thanks to the efforts of Gavin Atkinson, FreeBSD has again made it into the Google Summer of Code program, for the tenth time. David Chisnall reported that both libc++ and libstdc++ can now be built, as all of the standards-compliant implementations of the required numerical functions have been added. The Core Team conducted an annual review among the Project teams and hats, where team members had to declare whether they wished to continue their service. As a result, Florian Smeets replaced David Wolfskill in the lead role of the Postmaster Team, and Glen Barber assumed the head Release Engineer position from Ken Smith. The Core Team congratulates Florian and Glen, and thanks David and Ken for their long-standing work. The Core Team approved chartering the Ports Security Team, which is established to maintain security updates for the ported applications. In coordination with the Port Management Team, pkg_tools was eventually deprecated and tagged with an End-of-Life date, in order to clear the way for pkg(8). The Port Management Team also requested a way to make it possible to track userland ABI and KBI changes reliably for the Ports Collection. Ideally this can be achieved by increasing the value of __FreeBSD_version on each fix, therefore the corresponding discussion concluded in freezing the ABI note tag for releases in order to keep the size of binary patches for freebsd-update(8) low. A related Errata Notice is about to be published soon. Only a single commit bit was taken for safekeeping. We did not have new committers to the src/ repository in this quarter. __________________________________________________________________ FreeBSD Documentation Engineering Team URL: http://lists.freebsd.org/pipermail/freebsd-doc/2014-February/023265= .html Contact: FreeBSD Documentation Engineering Team The FreeBSD Documentation Engineering Team is responsible for defining and following up on the documentation goals for the committers in the Documentation project. The team is pleased to announce a new member -- Warren Block. In early March, the FreeBSD Documentation Engineering Team members assumed responsibility for the FreeBSD Webmaster Team. __________________________________________________________________ FreeBSD Port Management Team URL: http://www.FreeBSD.org/ports/ URL: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing-po= rts/ URL: http://portsmon.freebsd.org/index.html URL: http://www.freebsd.org/portmgr/index.html URL: http://blogs.freebsdish.org/portmgr/ URL: http://www.twitter.com/freebsd_portmgr/ URL: http://www.facebook.com/portmgr URL: http://plus.google.com/communities/108335846196454338383 Contact: Thomas Abthorpe Contact: Frederic Culot Contact: FreeBSD Port Management Team The role of the FreeBSD Port Management Team is to ensure that the FreeBSD Ports Developer community provides a ports collection that is functional, stable, up-to-date and full-featured. It is also to coordinate among the committers and developers who work on it. The ports tree slowly approaches the 25,000 ports threshold, while the PR count exceeds 1,800. In the first quarter, we added four new committers, took in three commit bits for safe keeping, and reinstated one commit bit. In January, the longest serving port manager, Joe Marcus Clarke, stepped down from his active duties on the team. At a similar time Ion-Mihai Tetcu also stepped down from his duties. Fortunately, as a result of the first portmgr-lurkers intake, we were able to replace them with Mathieu Arnold and Antoine Brodin. Commencing March 1, the second intake of portmgr-lurkers started active duty on portmgr for a four month duration. The next two candidates are Alexey Dokuchaev and Frederic Culot. This quarter also saw the release of the first quarterly branch, namely 2014Q1. This branch is intended to provide a stable and high-quality ports tree, with patches related to security fixes as well as packaging and runtime fixes being backported from head. Ongoing maintenance goes into redports.org, including QAT runs and ports and security updates. Open tasks: 1. As previously noted, many PRs continue to languish. We would like to see committers dedicate themselves to closing as many as possible. __________________________________________________________________ FreeBSD Postmaster Team Contact: FreeBSD Postmaster Team The FreeBSD Postmaster Team is responsible for mail being correctly delivered to the committers' email addresses, ensuring that the mailing lists work, and should take measures against possible disruptions of project mail services, such as having troll-, spam- and virus-filters. In the first quarter of 2014, the team has implemented these items that may be interest of the general public: * Continued a discussion on current and possible future mail and spam filtering. * Discovered more of what needs to be done for a new year (with respect to email archives), did what we could, and recorded the steps for next time. * Added Kubilay Kocak to donations, requested by Pietro Cerutti. * Added Warren Block to doceng. * Made sure portmgr receives bounces for pkg-fallout messages. * Created a jenkins-admin mail alias. * Enabled Mailman password reminder emails again. * Discovered that all Mailman cron jobs were disabled in November during upgrades. Enabled those again. This caused problems like digests not being sent. __________________________________________________________________ FreeBSD Release Engineering Team URL: http://www.FreeBSD.org/releases/9.3R/schedule.html URL: http://www.FreeBSD.org/releases/9.3R/todo.html URL: http://ftp.FreeBSD.org/pub/FreeBSD/snapshots/ISO-IMAGES/ Contact: FreeBSD Release Engineering Team The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things. In early January, the team became aware of several last-minute showstopper issues in FreeBSD 10.0, which led to an extension in the final release builds. FreeBSD 10.0-RELEASE was announced on January 20, two months behind the original schedule. The schedule for the FreeBSD 9.3-RELEASE cycle has been written and posted to the website, and the release cycle will begin early May. There is ongoing work to integrate support for embedded architectures as part of the release build process. At this time, support exists for a number of ARM kernels, in particular the Raspberry Pi, BeagleBone, and WandBoard. This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ Jenkins Continuous Integration for FreeBSD URL: https://jenkins.FreeBSD.org URL: https://wiki.freebsd.org/Jenkins#Jenkins_for_FreeBSD_status URL: https://wiki.freebsd.org/Jenkins#Presentations_and_Working_Groups URL: http://empt1e.blogspot.ru/2014/03/using-jenkins-libvirt-slave-plugi= n-with.html URL: http://jenkins-ci.org/ URL: http://www.ansible.com/ Contact: Craig Rodrigues Contact: Jenkins Administrators Contact: FreeBSD Testing Jenkins is a framework used by many companies and open source projects for Continuous Integration (CI). CI allows developers to commit code to a Source Code Management (SCM) system such as Subversion, and then have automated programs check out, build, and test the code. Jenkins is implemented in the Java language. Ed Maste reviewed some CI work that Craig Rodrigues had done for the FreeNAS project with Jenkins, and encouraged him to set up something similar for the FreeBSD Project. With the help of the FreeBSD Cluster Administration Team, he set up a FreeBSD machine running two bhyve virtual machines, jenkins-9.FreeBSD.org and jenkins-10.FreeBSD.org. He set up software builds of head and several stable branches on these machines. The status of these builds is visible on a web interface accessible at jenkins.FreeBSD.org. When any of the builds fail, emails are sent to freebsd-current or freebsd-stable. Emails are also sent directly to the list of people who recently committed code to Subversion since the last successful build. As part of the Jenkins setup, Craig Rodrigues encountered problems with running Java on FreeBSD 9.2 and FreeBSD 10.0. Both problems stemmed from changes to the FreeBSD Virtual Memory (VM) subsystem. On FreeBSD 9.2-RELEASE, running Jenkins under Java would cause the kernel to panic. This was a known problem, and fixed in 9.2.-RELEASE-p3. On FreeBSD 10.0-RELEASE, Java processes would randomly crash. Disabling the vm.pmap.pcid_enabled sysctl(3) variable seemed to fix the problem. In kern/187238, Henrik Gulbrandsen submitted fixes to the FreeBSD VM to address this problem. Konstantin Belousov committed the fixes to head, where they are being tested now. During the setup of the bhyve VMs which run Jenkins processes, Craig Rodrigues wrote scripts to start bhyve VMs from the rc.d bootup scripts, which were then published at GitHub. On February 19, 2014, Craig Rodrigues notified the FreeBSD developers that Jenkins was running in the FreeBSD cluster, and that they could look at the web interface to see the status of builds. On March 13, 2014, Craig Rodrigues gave a presentation of the Jenkins work at the Bay Area FreeBSD User Group (BAFUG) in Mountain View, California, USA. Video of the presentation was recorded and put online by iXsystems. Craig Rodrigues assembled a team of volunteers, jenkins-admin, to help maintain jenkins.FreeBSD.org and expand the use of Jenkins CI used in the FreeBSD cluster. jenkins-admin consists of the following people working in the following areas: * R. Tyler Croy is both a FreeBSD developer and a Jenkins developer. He will be working on fixing bugs in Jenkins specific to FreeBSD. He is first looking at fixing the libpam4j library which is used by Jenkins to interface with the PAM system for user authentication. The released version of libpam4j does not currently work on FreeBSD. * Li-Wen Hsu maintains the devel/jenkins port. He set up a Jenkins build which runs the scan-build static analyzer which is part of LLVM. * Steven Kreuzer has experience administering Jenkins systems. He set up several builds on jenkins.FreeBSD.org, including a Jenkins build of the FreeBSD documentation. He is looking into using Ansible for automatic provisioning of VMs running Jenkins in the FreeBSD cluster. * Craig Rodrigues will be running a Continuous Testing working group at the FreeBSD Devsummit in Ottawa on May 15, 2014. He will also give a Jenkins presentation on May 17, 2014. He is interested in working with Julio Merino to integrate Jenkins and Kyua. They have exchanged some emails about this on the freebsd-testing list. * Steve Wills maintains the devel/jenkins-lts port. He has implemented several builds at jenkins.FreeBSD.org which detect commits to the FreeBSD ports repository, and then build the ports tree using Poudri=C3=A8re. At the end of March, Roman Bogorodskiy reported to jenkins-admin that he has successfully run the Jenkins libvirt plugin with his libvirt modifications to integrate with bhyve. He provided a link to a blog posting where he described his experience. This project is sponsored by iXsystems, Inc. Open tasks: 1. Obtain certificates for LDAP and web servers, to replace self-signed certificates. 2. Set up more Jenkins builds of the FreeBSD base repository on different branches and with different configurations. 3. Set up more Jenkins builds of the FreeBSD ports repository on different FreeBSD versions. 4. Integrate with Kyua, so that Jenkins can run Kyua tests and report the results directly in the native Jenkins web UI where test results are reported. 5. Write scripts which can take a Jenkins build of FreeBSD, and boot the results in a bhyve VM or on real hardware. 6. Fix libpam4j on FreeBSD. 7. Continuous Testing working group at Devsummit on May 15, 2014 8. Jenkins presentation at BSDCan on May 17, 2014 __________________________________________________________________ ZFSguru URL: http://zfsguru.com/ Contact: Jason Edwards ZFSguru is a multifunctional server appliance with a strong emphasis on storage. It wants to deliver all the great BSD and ZFS technology to a wider audience, while at the same time pleasing more advanced users as well with unique features and customization. A "vanilla" ZFSguru installation comes with only Samba and a web-interface setup, but can be extended easily by installing addons called "services" to add functionality as desired. This prevents users from running programs they do not need and do not want. Advanced users can still use ZFSguru as they would a normal FreeBSD installation with a 100% ZFS setup ("Root-on-ZFS"). ZFSguru does not strip away anything, and uses a GENERIC-like kernel with only some additional settings added like InfiniBand networking, Device Polling and AltQ. This means you can use a ZFSguru installation as you would use a FreeBSD installation. In the first month of 2014, ZFSguru has released beta9 version of the web interface. This release brings vastly improved support for Samba and NFS configuration. In particular, it adds a convenient drag-and-drop interface for Samba permissions. This allows novice users to configure access to shares in various configurations. It allows both control and usability, with no manual being necessary in order to operate it. This is the ZFSguru style. New system versions have been released, based on FreeBSD 9.2, 10.0, and head. The experimental head version has vt(4) and X.org 7.12.4 and the Intel/Radeon KMS graphics drivers. That is, the latest and greatest of FreeBSD graphics development. The ZFSguru project plans to release stable/10 builds in the near future which also have the MFCed patches for vt(4), the KMS-enabled system console with Unicode support. Please see the vt(4) entry for more information. Support for ZFS version 5000 is now universal across 9.2, 10.0 and head builds. LZ4 compression is the key feature for ZFS version 5000. Otherwise users are advised to keep their pool versions as is, to be as compatible as you can with as many ZFS platforms as possible. Only upgrade the pool as you desire its functionality, forfeiting the compatibility with older storage platforms. Open tasks: 1. ZFSguru beta10 will increase the compatibility of newly added Samba functionality with non-Gecko browsers. It will also fix some minor bugs as well as speed up some pages by having a redesigned remote database system called GuruDB. 2. ZFSguru beta11 will add the one major feature still missing in ZFSguru: the Migration Manager. This allows users to maintain a file with all the configuration of their ZFSguru installation. It can be used like a firmware -- restoring the machine to the exact state and configuration of the snapshot configuration. It allows users to maintain a backup of their ZFSguru configuration and allows upgrading to a newer ZFSguru system version without any hassle. 3. Automated system builds should bring more system image releases. 4. New website with new forum and new login system. 5. Developer website with GitLab setup, allowing bug reports, code contributions, wiki, and wall messages. Note that GitLab has also been provided as a ZFSguru service, for those interested in trying GitLab. __________________________________________________________________ ASLR and PIE URL: http://0xfeedface.org/blog/lattera/2014-04-03/awesome-freebsd-aslr-= progress URL: https://github.com/lattera/freebsd/tree/soldierx/lattera/aslr URL: https://github.com/opntr/opBSD/tree/op/stable/10-aslr Contact: Shawn Webb Contact: Oliv=C3=A9r Pint=C3=A9r Address space layout randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. In order to prevent an attacker from reliably jumping to a particular exploited function in memory, ASLR involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries, in a process' address space. We have added ASLR support to all architectures. As the primary developers behind this feature have the most access to amd64, the focus of development is on the amd64 architecture. Other architectures, such as ARM, have known bugs with our current ASLR implementation and we are working hard to fix them. We added support for Position-Independent Executables (PIEs) in a number of applications in base. Open tasks: 1. Shawn has access to a Raspberry Pi (RPI). PIE is 90% broken. Debug and fix major issues on the RPI. The existing NX stack protections are not obeyed on RPI. Properly implemented ASLR requires a NX stack. 2. Shawn will be receiving a sparc64 box on April 6, 2014. He will test ASLR on sparc64, identifying and fixing any bugs that pop up. 3. Oliv=C3=A9r has identified one or more bugs with the Linuxulator. He will be looking into that and fixing those. 4. Shawn will be cleaning up code and adding support for PIE to more applications in base. He will also add PIE support to the ports framework for general consumption. 5. Shawn will be giving a presentation regarding ASLR at BSDCan 2014. __________________________________________________________________ Intel GPU Driver Update Contact: Konstantin Belousov The project to update the Intel graphics chipset driver (i915kms) to a recent snapshot of the Linux upstream code continues. Progress was delayed by external circumstances, but it is hoped to reach a useful milestone in the near future. This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ Native iSCSI Stack URL: https://wiki.freebsd.org/Native%20iSCSI%20target Contact: Edward Tomasz Napieral/a The new FreeBSD in-kernel iSCSI stack was functionally complete in FreeBSD 10.0-RELEASE, but ongoing enhancements and bug fixes are being committed to FreeBSD head, with a plan to merge them back to stable/10 in time for FreeBSD 10.1-RELEASE. Many issues have been resolved, including very slow operation with data digests enabled, bugs in persistent reservations which impacted Hyper-V Failover Cluster, and a negotiation problem affecting Dell Equallogic users. There have also been numerous enhancements, such as support for redirections, which are necessary for some High Availability setups, and the ability to modify session parameters in the iscsictl utility. Previously it was necessary to remove the session and add it again. This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ New Automounter Contact: Edward Tomasz Napieral/a The automount project is nearing the functional prototype stage, and a call for testing is expected in the next month. The userspace portion consists of the automountd(8) daemon, which is designed to be fully compatible with its counterparts in OS X, Solaris, and Linux, and which is nearly complete. Work on the kernel component continues. This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ PCI SR-IOV Infrastructure URL: https://github.com/rysto32/freebsd/tree/iov_ixgbe Contact: Ryan Stone PCI Single Root I/O Virtualization (SR-IOV) is an optional part of the PCIe standard that provides hardware acceleration for the virtualization of PCIe devices. When SR-IOV is in use, a function in a PCI device (known as a Physical Function, or PF) will present multiple Virtual PCI Functions (VF) on the PCI bus. These VFs are fully independent PCI devices that have access to the resources of the PF. For example, on a network interface card, VFs could transmit and receive packets independent of the PF. The most obvious use case for SR-IOV is virtualization. A hypervisor like bhyve could instantiate a VF for every VM and use PCI passthrough to assign the VFs to the VMs. This would allow multiple VMs to share access to the PCI device without having to do any expensive communication with the hypervisor, greatly increasing performance of performing I/O from a VM. There are two parts to this project. The first is implementing an API in the PCI subsystem for creating VFs and configuring standard PCI features like BARs. The second part is updating individual drivers for PCI devices that support SR-IOV to configure their VFs. For example, a network interface driver will typically have to assign a MAC address to a VF and configure the interface to route packets destined for that MAC address to the VF. At this point only SR-IOV support for the ixgbe(4) driver is planned. The PCI subsystem API is designed to be generic and should support SR-IOV on any device, but fairly extensive driver work is necessary to support SR-IOV, which is currently not planned due to lack of time and hardware. At present, ixgbe(4) is able to create VFs and the ixgbevf driver is able to pass traffic. There is still a fair amount of work to support VLAN tags, multicast addresses, and other features on the VFs. Also, the VF configuration needs to be better integrated with the PF initialization path to ensure that resets of the PF do not interrupt operation of the VFs. This project is sponsored by Sandvine, Inc. __________________________________________________________________ SDIO Driver URL: https://wiki.freebsd.org/SDIO URL: https://github.com/kibab/freebsd/tree/mmccam Contact: Ilya Bakulin SDIO is an interface designed as an extension of the existing SD card standard, allowing connection of different peripherals to the host with the standard SD controller. Peripherals currently sold on the general market include WLAN/BT modules, cameras, fingerprint readers, and barcode scanners. The FreeBSD driver is implemented as an extension to the existing MMC bus, adding a lot of new SDIO-specific bus methods. A prototype of the driver for the Marvell SDIO WLAN/BT (Avastar 88W8787) module is also being developed, using the existing Linux driver as a reference. SDIO card detection and initialization already work; most needed bus methods are implemented and tested. The WiFi driver is able to load firmware onto the card and initialize it. Migration of the MMC stack to the new locking model is necessary in order to work with SDIO cards effectively. The FreeBSD CAM implementation is believed to be a good choice. There is ongoing work to implement an MMC transport for CAM. Open tasks: 1. SDIO stack: finish CAM migration. The XPT layer is almost ready. What is missing is a SIM module, for which a modified version of the SDHCI controller driver will be used, and a peripheral module, where porting the mmcsd(4) driver is required. 2. Marvell SDIO WiFi: connect it to the FreeBSD network stack, write the code to implement required functions, such as sending and receiving data, network scanning and so on. __________________________________________________________________ UEFI Boot URL: https://wiki.freebsd.org/UEFI Contact: Ed Maste The Unified Extensible Firmware Interface (UEFI) provides boot- and run-time services for x86 computers, and is a replacement for the legacy BIOS. This project will adapt the FreeBSD loader and kernel boot process for compatibility with UEFI firmware, found on contemporary servers, desktops, and laptops. Starting with Rui Paulo's i386 EFI loader, Benno Rice developed a working proof-of-concept amd64 loader in 2013 under sponsorship from the FreeBSD Foundation. After refinement, that work has now been merged from the projects/uefi Subversion branch into FreeBSD head. The project includes the infrastructure to build a UEFI-enabled loader, and the kernel-side changes to parse metadata provided by the loader. A number of integration tasks remain, with a plan to have UEFI installation and boot support merged to stable/10 in time for FreeBSD 10.1-RELEASE. This project is sponsored by The FreeBSD Foundation. Open tasks: 1. Document manual installation, including dual-boot configurations. 2. Implement chain-loading from UFS/ZFS file systems. 3. Integrate UEFI configuration with the FreeBSD installer. 4. Support secure boot. __________________________________________________________________ Updated vt(4) System Console URL: https://wiki.freebsd.org/Newcons Contact: Aleksandr Rybalko Contact: Ed Maste Contact: Ed Schouten vt(4) is a modern replacement for the existing, quite old, virtual terminal emulator called syscons(4). Initially motivated by the lack of Unicode support and infrastructural issues in syscons(4), the project was later expanded to cover the new requirement to support Kernel Mode Setting (KMS). The project is now in head, stable/10 and stable/9 branches. Hence, vt(4) can be tested by using the VT kernel configuration (i386 and amd64) or by replacing two lines in the GENERIC kernel configuration file: device sc device vga with the following ones: device vt device vt_vga Or, to use for UEFI testing, add the following lines instead: device vt device vt_efifb Major highlights: * Unicode support. * Double-width character support for CJK characters. * xterm(1)-like terminal emulation. * Support for Kernel Mode Setting (KMS) drivers (i915kms, radeonkms). * Support for different fonts per terminal window. * Simplified drivers. Brief status of supported architectures and hardware: * amd64 (VGA/i915kms/radeonkms) -- works. * ARM framebuffer -- works. * i386 (VGA/i915kms/radeonkms) -- works. * IA64 -- untested. * MIPS -- untested. * PPC and PPC64 -- work, but without X.Org yet. * SPARC -- works on certain hardware (e.g., Ultra 5). * vesa(4) -- in progress. * i386/amd64 nVidia driver -- not supported. VGA should be used (VESA planned). * Xbox framebuffer driver -- will be deleted as unused. This project is sponsored by The FreeBSD Foundation. Open tasks: 1. Create sub-directories for vt(4) under /usr/share/ to store key maps and fonts. 2. Implement the remaining features supported by vidcontrol(1). 3. Write the vt(4) manual page. (This is in progress.) 4. Support direct handling of keyboard by the kbd device (without kbdmux(4)). 5. CJK fonts. (This is in progress). 6. Address performance issues on some architectures. 7. Switch to vt(4) by default. __________________________________________________________________ bhyve URL: http://www.bhyve.org/ URL: http://www.youtube.com/watch?v=3DlTOiSyu0-MA Contact: Peter Grehan Contact: Neel Natu Contact: John Baldwin Contact: Tycho Nightingale Contact: Allan Jude bhyve is a Type-1 hypervisor that runs on the FreeBSD platform. It currently only runs FreeBSD (9.x or later) and Linux guests; current development efforts aim at widening support for other x86 64-bit operating systems. After a great deal of work by all involved, bhyve was shipped as part of FreeBSD 10.0-RELEASE. Increased interest in bhyve and the first usable versions have provided great feedback and many bug reports. A number of important improvements have been made to bhyve this quarter: * Optionally ignore accesses to unimplemented MSRs * Support soft power-off via the ACPI S5 state for bhyve guests * Graceful shutdown via ACPI on SIGTERM * Fix an issue with virtio-blk devices on Linux guests with more than 4GB of RAM * Increase the block-layer backend maximum requests to match AHCI command queue depth * Add SMBIOS support * Improve support for nmdm, opening the tty non-blocking * Add HPET device emulation * Implement the "Virtual Interrupt Delivery" and "Posted Interrupt Processing" VT-x features on newer Intel CPUs * Add support for booting FreeBSD/i386 guests * Add virtualized XSAVE support for features like AVX * Add Support for booting from ZFS with bhyveload Open tasks: 1. Improve documentation. 2. Write Handbook chapter for bhyve. 3. Merge fixes and features back to stable/10. 4. Support for booting with UEFI instead of userspace loaders. 5. CSM BIOS boot support for FreeBSD (which has no UEFI support currently). 6. Add support for virtio-scsi. 7. Improve virtio-net, add offload features, support multiple queues. 8. Implement Intel 82580 and e1000 NIC emulation. 9. Netmap support. 10. Flexible networking backend: wanproxy, vhost-net. 11. Improve resource accounting. 12. Move to a single process model, instead of bhyveload and bhyve. 13. Support running bhyve as non-root. 14. Add filters for popular VM file formats (VMDK, VHD, QCOW2). 15. Implement an abstraction layer for video (no X11 or SDL in base system). 16. Support for VNC as a video output. 17. Implement USB and Sound. 18. Suspend/resume support. 19. Live Migration. 20. Nested VT-x support (bhyve in bhyve). 21. Support for other architectures (ARM, MIPS, PPC). __________________________________________________________________ FreeBSD Host Support for OpenStack and OpenContrail URL: http://www.openstack.org/ URL: http://www.opencontrail.org/ URL: https://github.com/Semihalf/openstack-devstack URL: https://github.com/Semihalf/openstack-nova URL: https://github.com/Semihalf/contrail-vrouter URL: https://blueprints.launchpad.net/nova/+spec/freebsd-compute-node Contact: Grzegorz Bernacki Contact: Micha=C5=82 Dubiel Contact: Dominik Ermel Contact: Rafa=C5=82 Jaworowski OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources in a data center. OpenContrail is a network virtualization (SDN) solution comprising a network controller, virtual router, and analytics engine, which can be integrated with cloud orchestration systems like OpenStack or CloudStack. The goal of this work is to make FreeBSD a fully supported compute host for OpenStack using OpenContrail virtualized networking. The main areas of development are: * Libvirt hypervisor driver for bhyve. * Support for bhyve (via the libvirt compute driver) and the FreeBSD platform in overall in nova-compute. * Port OpenContrail vRouter (forwarding plane kernel module) to FreeBSD. * Port OpenContrail Agent (network controller node) to FreeBSD. * Integration, performance optimization. The current state of development allows for a working demo of OpenStack with compute node component running on a FreeBSD host: * The native bhyve hypervisor is driven by a nova-compute component for spawning guest instances using libvirt and a nova-network component for providing simple networking using bridges between guest VMs. * QEMU might also be used instead of bhyve this way. * The main goal on the networking side is to use the OpenContrail solution, compliant with the modern OpenStack networking API ("neutron"). Also, an initial port of the OpenContrail vRouter kernel module has been completed. It successfully handles all networking on the host. This project is sponsored by Juniper Networks. __________________________________________________________________ FreeBSD on Chromebook URL: https://wiki.freebsd.org/FreeBSD/arm/Chromebook Contact: Ruslan Bukin One model of Chromebook is an ARMv7 Cortex-A15 personal computer powered by a Samsung Exynos 5 Dual System-on-Chip. As of the current status of this project, such laptops can be booted with FreeBSD from USB flash -- it works stably (including SMP) and it can build third-party applications. The display and keyboard work. Thanks to Peter Grehan for providing hardware. Open tasks: 1. Implement keyboard polling mode. 2. Add support for the upcoming second generation of Chromebook. 3. Write SD, SATA drivers. __________________________________________________________________ FreeBSD/arm64 URL: http://svnweb.freebsd.org/base/projects/arm64/ URL: https://github.com/zxombie/aarch64-freebsd-sandbox Contact: Andrew Turner Arm64 is the name of the in-progress port of FreeBSD to the ARMv8 CPU when it is in AArch64 mode. Until recently, all ARM CPU designs were 32-bit only. With the introduction of the ARMv8 architecture, ARM has added a new 64-bit mode. This new mode has been named AArch64. Progress has been good on getting FreeBSD to build and run on the ARM Foundation model. FreeBSD is able to be built for this architecture, however, it requires a number of external tools including objdump(1) and ld(1). These tools are provided by an external copy of binutils until replacements can be written. FreeBSD will run the early boot on the Foundation model. The loader has been ported to the AArch64 UEFI environment and can load and run the kernel. The kernel is able to create the initial page tables to be able to run from virtual memory. It can then execute C code to parse the memory map provided by the loader. This is as far as the kernel currently boots. This work is now happening in the FreeBSD Subversion repository in a project branch, see the links. Open tasks: 1. Implement an initial pmap(9) layer. 2. Write the missing machine-dependent code. 3. Test on real hardware. __________________________________________________________________ FreeBSD/armv6hf Contact: Andrew Turner FreeBSD has been updated to allow it to use the VFP variant of the ARM EABI ABI. The VFP unit is the ARM hardware to perform floating-point operations. This changes the ABI to improve the performance of code that uses floating-point operations. By default, FreeBSD already uses the ARM EABI on all releases from 10.0. This is important for FreeBSD/arm users running code with floating-point operations on ARMv6 or ARMv7 SoC systems. It removes the need for the slow software floating-point support in libc. This is mostly compatible with the existing ABI, with the exception of how floating-point values are passed into functions. Because no floating-point values are passed to the kernel, the armv6 and armv6hf kernels will work with either userland. As part of this change, some support functions have been updated to use the VFP unit when available. The existing armv6 target architecture will be kept for cases where the SoC lacks a VFP unit, or existing binaries that are incompatible with the new ABI. Open tasks: 1. Testing. 2. More testing. __________________________________________________________________ SMP on Multi-Core ARM Systems URL: http://lists.freebsd.org/pipermail/freebsd-arm/2014-April/007886.ht= ml Contact: Ian Lepore Contact: Olivier Houchard Contact: Wojciech Macek FreeBSD now supports Symmetrical MultiProcessing (SMP) on a variety of ARM multi-core systems. The effort to bring SMP to ARM has been underway for quite some time, but a major push by the FreeBSD ARM developer community over the past two months has resulted in robust production-ready SMP support. An ever-growing number of ARM-based development boards and small low-power computer systems are available with multi-core processors. FreeBSD is now able to make good use of all that computing power, making such systems more attractive to both end users and vendors looking to create products based on similar designs. As of r264138 in FreeBSD head, SMP is now enabled by default in the configuration files for all currently-supported systems that have multi-core processors. This includes systems based on the following processor families: * Allwinner A20 * Freescale i.MX6 * Marvell Armada XP * Samsung Exynos 5 * Texas Instruments OMAP4 We plan to merge this work to stable/10 in time for 10.1-RELEASE. This project is sponsored by Microsemi, Inc., and Semihalf sp.j. __________________________________________________________________ auditdistd(8) Contact: Pawel Jakub Dawidek The auditdistd(8) daemon is responsible for distributing audit trail files over TCP/IP networks securely and reliably. The daemon now supports client-side certificates, which can be used to automatically configure the receiver side -- the directory name for received trail files is determined based on the commonName field in client's certificate. There is no need any more to add every sender to the receiver's configuration file. The sender's functionality was extended to allow sending audit trail files to multiple receivers. Complete Public Key Infrastructure (PKI) support is now implemented, including full certificate chain verification, Certificate Revocation Lists (CRL) verification at every level and support for multiple Certificate Authority (CA) certificates. This project is sponsored by The FreeBSD Foundation. __________________________________________________________________ External Toolchain Improvements URL: https://wiki.freebsd.org/ExternalToolchain Contact: Warner Losh Building on the work that Brooks Davis did to enable external Clang toolchains, this project hopes to generalize that to GCC, as well as support different versions of these compilers simultaneously for the FreeBSD base system and the kernel. We also hope get to the point that a port can be cross-compiled entirely from scratch with no initial binary artifacts. Open tasks: 1. Setup Subversion project repository. 2. Fix issues with differences of interpretation of the -B argument between GCC and Clang. 3. Support building the entire tree based only on xdev-built compilers. 4. Support building the entire tree based only on ports-built GCC compilers. 5. Support full bootstrapping of FreeBSD to new platforms. __________________________________________________________________ Forward Port FreeBSD GCC Contact: Warner Losh Not all of the FreeBSD changes to GCC have been reflected upstream. A large amount of the platform support as well as a couple of minor improvements like the kernel formatting checker need to be forward ported (and if possible, moved upstream into GCC). We will be targeting the FreeBSD ports tree lang/gcc* ports for these efforts to (optionally) include them in these builds. Some variation from normal builds may be required due to bootstrapping issues when combined with the external toolchain enhancements project. __________________________________________________________________ FreeBSD Test Suite URL: http://wiki.FreeBSD.org/TestSuite URL: http://kyua1.nyi.FreeBSD.org/ URL: http://julipedia.meroh.net/2014/01/freebsd-test-suite-goals-and-pla= nning.html URL: https://drive.google.com/a/meroh.net/#folders/0B08g-X1kPkSYNmlEdTB5= RjlFbkk Contact: Julio Merino The FreeBSD Test Suite project aims to equip FreeBSD with a comprehensive collection of tests that are easy to run out of the box and during the development of the system. The test suite is installed into /usr/tests/ and the kyua(1) command-line tool (devel/kyua in the Ports Collection) is used to run them. See the project page for more details. Since the last status report, we have been hard at work polishing the framework in many different areas. The highlights are: * A roadmap for the project has been prepared and published, see links. * Many tests have been added to the test suite thanks to the work of various developers and, in particular, a good bunch of old tests from src/tools/regression/ have been incorporated into the new test suite. As of this writing, there are 509 test cases continuously running. * The testing infrastructure in the stable/10 branch has been synced to head. It should now be possible to seamlessly MFC changes to the stable branch along with their tests, if any. * The testing cluster, which only issued amd64 builds, has been extended to perform i386 builds as well. Additionally, a canary machine has been put in place so that changes to the cluster configuration can be properly validated before deployment. * A tutorial on Kyua and the FreeBSD Test Suite was given at AsiaBSDCon 2014. The tutorial materials are available for public consumption, please consult the links. * Both Kyua's and ATF's upstream sites have been moved to GitHub, mostly due to the discontinuation of file downloads in Google Code. Open tasks: 1. Enable the build of the test suite by default. 2. Add alerting for failed or missing test runs from the testing cluster. 3. Add bhyve support to the testing cluster for faster turnaround times. 4. Simplify and improve Kyua HTML reports. In particular, reports will be coalesced into single HTML files for easier management and will include more useful details for debugging. Such details are the revision at which the system was built, the date and duration of the whole run, or the list of installed packages, to mention a few examples. 5. Add JUnit XML output to Kyua for better integration with Jenkins. This work is actively ongoing and should be ready for prime time at BSDCan 2014. __________________________________________________________________ LLDB Debugger Port URL: https://wiki.FreeBSD.org/lldb Contact: Ed Maste LLDB is the debugger project associated with Clang/LLVM. It supports the Mac OS X, Linux, and FreeBSD platforms, with ongoing work on Windows. It builds on existing components in the larger LLVM project, for example using Clang's expression parser and LLVM's disassembler. The majority of work since the last status update has been on bugfixes and implementation of the remaining functionality missing on FreeBSD. Most of these improvements are now in the LLDB snapshot in the base system, which has been updated to upstream Subversion revision r202189. Some highlights of the new update include: * Improvements to the remote GDB protocol client. * Bug fixes for big-endian targets. * Initial support for libdispatch (GCD) queues in the debuggee. * Add "step-avoid-libraries" setting. * IO subsystem improvements (including initial work on a curses GUI). * Support hardware watchpoints. * Improved unwinding through hand-written assembly functions. * Handle DW_TAG_unspecified_parameters for variadic functions. * Fix Ctrl+C interrupting a running inferior process. * Various bug fixes for memory leaks, LLDB segfaults, the C++ demangler, ELF core files, DWARF debug info, and others. LLDB is currently not yet built by default and may be enabled by adding WITH_LLDB=3D to src.conf(5). A port will be made available for those who wish to track ongoing development more closely. This project is sponsored by DARP/AFRL, SRI International, and University of Cambridge. Open tasks: 1. Add support for remote debugging (gdbserver-compatible debugserver). 2. Add support for local and core file kernel debugging. 3. Implement, fix or test support on all non-amd64 architectures. 4. Verify cross-debugging. 5. Investigate and fix test suite failures. 6. Package LLDB as a port. 7. Enable by default in the base system for working architectures. __________________________________________________________________ Chromium URL: http://www.chromium.org/Home URL: https://github.com/gliaskos/freebsd-chromium URL: https://wiki.freebsd.org/Chromium Contact: Chromium on FreeBSD Team Chromium is the open source web browser project from which Google Chrome draws its source code. The browsers share the majority of code and features, though there are some minor differences in features and they have different licensing. Over the last four years, the Chromium team has been busy with porting Chromium to FreeBSD. This involves patching the browser so that it runs on FreeBSD, tracking and documenting security updates, and merging patches back upstream. While there are already several browsers available for FreeBSD, advantages of Chromium are: * Quick response from upstream to security issues, resulting in approximately bi-weekly updates. * A testbed for security features of FreeBSD, like Capsicum. While support for this capability and sandbox framework is currently not included in the browser, a proof-of-concept implementation for an early version of Chromium was realized within a single weekend. George Liaskos and Ren=C3=A9 Ladan are currently busy with submitting th= e remaining patches specific to FreeBSD back upstream. Apart from making future updates easier, it sometimes also improves the overall code quality. Jonathan Anderson recently updated the Capsicum patches for Chromium and is talking to upstream about them. Open tasks: 1. Advocate FreeBSD. While patches are getting accepted by both humans and bots, it is not an official platform so attitude varies from developer to developer. While Ren=C3=A9 Ladan thinks it is a bit ear= ly, it might be fruitful to investigate what is required to make FreeBSD (and possibly OpenBSD) an official platform in terms of both hardware and procedures. 2. If you feel comfortable with large source trees, you can try to build the Git version of Chromium on FreeBSD. If you are also comfortable with signing Google's Contributor License Agreement, you can join in testing and submitting patches upstream. __________________________________________________________________ FreeBSD Ada Ports URL: http://www.dragonlace.net/ URL: http://www.spark-2014.org/about/ Contact: John Marino Ada is a structured, statically typed, imperative, wide-spectrum, and object-oriented high-level computer programming language, extended from Pascal and other languages, originally targeted at embedded and real-time systems. The number of Ada ports in the collection has grown significantly since the last report six months ago. There are almost 50 Ada-related ports now, with new ones getting added all the time. The previous plan was to move from the GCC 4.7-based GNAT compiler to a GCC 4.8-based one, but finally GCC 4.8 was skipped and now a GCC 4.9-based GNAT is the standard Ada compiler, which fully supports the new ISO standard, Ada 2012. Moving to a newer compiler allowed several important ports like PolyOrb and GPRBuild to be upgraded to the latest available versions. In fact, almost every Ada port is currently at its most recent upstream version. For non-Windows-based Ada development, FreeBSD and DragonFly are now undisputed as the go-to platforms. The other candidates are Debian and Fedora, but there are few Ada softwares on those platforms that are not also in the FreeBSD ports tree, and the FreeBSD versions are much newer. The Ports Collection also features software not found anywhere else such as the USAFA's Ironsides DNS server, libsparkcrypto, matreshka, GNATDroid (Android cross-compiler) and several developer libraries. A desired addition to the Ada ports will be SPARK 2014 (see links), which should cement FreeBSD as an option for professional, safety-critical application development. This package should have its first release by early summer. __________________________________________________________________ GCC in the Ports Collection URL: http://gcc.gnu.org/ Contact: Gerald Pfeifer While the age old version of the GNU Compiler Collection (GCC) in the base system is on its way out with FreeBSD 10 and later, there are many users who want--and some platforms which need--to use GCC. For that purpose there are various versions of GCC in the ports tree, including lang/gcc46, lang/gcc47, lang/gcc48 and lang/gcc49 which track upstream snapshots of the respective release branches, and more importantly lang/gcc which serves as the canonical version of GCC and is the default when a port requests USE_GCC=3Dyes as well as for some cases of USES=3Dcompiler. With a lot of help from Christoph Moench-Tegeder who fixed many ports and made a fair number respect CXXFLAGS, LDFLAGS and friends, we managed to update the canonical version from GCC 4.6.4 to GCC 4.7.3. Many of Christoph's fixes also benefit Clang and other modern compilers. For users of lang/gcc, this upgrade proved very smooth, and we generally recommend using this port over version specific ones. After ten years of service lang/gcc34 retired, as did lang/gcc44 after half that timespan. On a related note, with the help of John Marino, the license of the GCC ports now properly reflects the combination of GPLv3 for the compiler itself and GPLv3 with GCC Runtime Library Exception for the runtime. The latter is the key in making it possible to use GCC for building and distributing non-free software. Open tasks: 1. Move lang/gcc from GCC 4.7 to GCC 4.8. __________________________________________________________________ GNOME/FreeBSD URL: http://www.freebsd.org/gnome URL: https://wiki.gnome.org/Projects/Jhbuild/FreeBSD URL: https://github.com/jlmess77/mate-ports URL: http://marcuscom.com/downloads/marcusmerge Contact: FreeBSD GNOME Team GNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. GNOME is part of the GNU Project and can be used with various Unix-like operating systems, including FreeBSD. Preparations for merging GNOME 3 are moving forward. The work on the documentation is falling behind a bit, but we got some solid feedback on the rough work to keep this moving forward as well. In the meantime, deprecation of ports that need the old GNOME 2 desktop ports has begun. These ports will break when the GNOME desktop components are updated to the GNOME 3 version. Thanks to a combined effort by Ryan Lortie (GNOME developer), Ting-Wei Lan (upstream contributor), and Koop Mast, we now have a FreeBSD-powered JHbuild tinderbox. JHbuild is a build system that allows building GNOME upstream code. Twice a day, it will attempt to build Gnome components from a specific branch, usually the git master branch, to catch compile issues. A positive side effect is that it lets upstream know GNOME still lives on non-Linux systems. It also exposes the GNOME code base to the Clang compiler and libc++. Since the start of this project over a hundred issues have been fixed. Gustau Perez has stepped up and put together a port set in the "ports-experimental" tree of our development repository with GNOME 3.12. It was decided to polish GNOME 3.12. It will be merged when the preparation work has (mostly) finished, and we are happy with the stability of GNOME 3.12. Gustau Perez also ported Cinnamon 2.0 to FreeBSD. It will appear in the Ports Collection after GNOME 3 has been merged. MATE 1.8 was released at the beginning of April, Eric Turgeon of GhostBSD had volunteered to do that update for FreeBSD. Note that this update is still based on GTK+, version 2. The GTK+ 3-based MATE is on the roadmap for 1.10. Open tasks: 1. Finish the work needed to be done before GNOME 3 can be merged at all. Documentation work, port deprecation, and so on. 2. Finish porting of MATE 1.8. 3. Update Cairo to 1.12 in coordination with the Graphics Team. __________________________________________________________________ KDE/FreeBSD URL: http://FreeBSD.kde.org/ URL: http://FreeBSD.kde.org/area51.php URL: http://portscout.freebsd.org/kde@freebsd.org.html Contact: KDE/FreeBSD Team KDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Solaris, Microsoft Windows, and OS X systems. The KDE/FreeBSD Team have continued to improve the experience of KDE software and Qt under FreeBSD. During this quarter, the team has kept most of the KDE and Qt ports up-to-date, working on the following releases: * KDE SC: 4.12.2, 4.12.3, and 4.12.4; Workspace: 4.11.6, 4.11.7, and 4.11.8 * Qt: 5.2.1 * KDevelop: 4.6.0 * Digikam (and KIPI-plugins): 3.5.0 As a result -- according to PortScout -- kde@ has 526 ports (up from 464), of which 98.86% are up-to-date (up from 88.15%). iXsystems continues to provide a machine for the team to build packages and to test updates. They have been providing the KDE/FreeBSD team with support for quite a long time and we are very grateful for that. A major change has been the deprecation of the KDE3 ports and the move of the KDE4_PREFIX to LOCALBASE. Also, work on Qt5 continues to maturity. Raphael Kubo da Costa has been working with upstream to ensure Baloo (Nepomuk successor in KDE SC 4.13) compiles and runs on non-Linux systems. His work not only benefits FreeBSD but other BSDs and OS X. As usual, the team is always looking for more testers and porters, so please contact us and visit our home page (see links). It would be especially useful to have more helping hands on tasks such as getting rid of the dependency on the defunct HAL project and providing integration with KDE's Bluedevil Bluetooth interface. This project is sponsored by iXsystems, Inc. Open tasks: 1. Update out-of-date ports, see PortScout for a list. 2. Work on Qt 5. 3. Make sure the whole KDE stack (including Qt) builds and works correctly with Clang and libc++. 4. Remove the dependency on HAL. __________________________________________________________________ libvirt/bhyve Support URL: http://libvirt.org/drvbhyve.html URL: http://libvirt.org/ URL: http://empt1e.blogspot.ru/search/label/libvirt Contact: Roman Bogorodskiy Libvirt is a virtualization library providing a common API for various hypervisors (Qemu/KVM, Xen, LXC, and others), and also a popular library used by a number of projects. Libvirt 1.2.2, released on March, 2014, was the first release to include bhyve support. Enabling bhyve support allows consumers to use bhyve in libvirt-ready applications without major efforts. Currently, libvirt supports almost all essential features of bhyve, such as Virtual Machine lifecycle (start, stop), bridged networking, and virtio/SATA driver support. The work continues to implement more API calls and to cover more of features offered by bhyve. Open tasks: 1. FreeBSD port of netcf is needed for adding interface driver support to libvirt. __________________________________________________________________ OpenAFS on FreeBSD URL: http://openafs.org/ Contact: Benjamin Kaduk AFS is a distributed network filesystem that originated from the Andrew Project at Carnegie-Mellon University. OpenAFS is an open-source implementation of the AFS protocol derived from IBM AFS, which was released under the IBM Public License. OpenAFS on FreeBSD (the net/openafs port) is suitable for light use, but is not yet production ready. We got a chance to pick up this porting project after some hiatus. Recent work focused on investigating the bugs preventing the use of a disk cache for caching file data. An internal "lookupname" abstraction was intended to return an unlocked, referenced vnode, but instead returned a locked, referenced vnode, leading to various failure modes depending on the number of kernel debugging options enabled. Open tasks: 1. Track down an issue involving incorrect reference counts on the AFS root vnode that cause warnings on shutdown. 2. Audit the locking in all the vnode operations code -- it is expected that there remain some incorrectly locked areas, though none that present visible issues under light load. __________________________________________________________________ The Graphics Stack on FreeBSD URL: https://wiki.freebsd.org/Graphics URL: https://wiki.freebsd.org/Graphics/WITH_NEW_XORG URL: http://trillian.chruetertee.ch/ports/browser/trunk Contact: FreeBSD Graphics Team On the kernel side, the Radeon KMS driver was merged in stable/9 and will be available in FreeBSD 9.3-RELEASE. Now both the 9.x and 10.x branches share the same support for Intel and AMD GPUs. The next big tasks are the updates of the DRM generic code and the i915 driver. Both are making good progress and the DRM update should hopefully be ready for wider testing during April. An update of the Radeon driver is on the to-do list, but nothing is scheduled yet. On the ports tree and packages side, the update to Cairo 1.12 mentioned in the last quarterly report is ready to be committed, as people who tested it either reported improvements or no regressions. As a reminder, the switch from Cairo 1.10 to 1.12 causes display artifacts with xf86-video-intel 2.7.1, but fixes similar problems with other hardware/driver combinations. Furthermore, Cairo 1.12 is required by Pango 1.36.0, GTK+ 3.10 and Firefox 27.0. A "Heads up" mail will be posted to the freebsd-x11 mailing-list when this update goes live. In the graphics stack's ports development tree, new Mesa ports are being worked on. Those ports are required to support GLAMOR (the GL-based 2D acceleration library used by Radeon HD 7000+ cards for instance) and OpenCL (using the GPU to perform non-graphical calculations). We were able to execute some "Hello World" OpenCL programs and play with OpenCL in darktable, but there are some compatibility issues between Clover (Mesa's libOpenCL implementation) and Clang/libc++. We are preparing an alternate pkg(8) repository with packages built with WITH_NEW_XORG. The goal is to ease the usage of the KMS drivers and move forward with the graphics stack updates. The main pkg(8) repository will still use the default setting (WITH_NEW_XORG set on head, but not on the stable branches). This will pave the way to the deprecation ofWITH_NEW_XORG and the removal of the older stack. The current plan is to do this after 10.0-RELEASE End-of-Life, scheduled on January 31st, 2015. By that time, the only supported releases will be 8.4-RELEASE, 9.3-RELEASE and 10.1-RELEASE. FreeBSD 9.3 and 10.1 will be fully equipped to work with the newer stack. Unfortunately, FreeBSD 8.x misses the required kernel DRM infrastructure: supporting X.Org here cripples progress on the graphics stack and, once WITH_NEW_XORG is gone, we will not support 8.x as a desktop any more. Therefore, please upgrade to 9.3 or 10.1 when they are available. Open tasks: 1. See the "Graphics" and "WITH_NEW_XORG" wiki pages for up-to-date information. __________________________________________________________________ Using CentOS 6.5 as Linux Base URL: http://github.com/xmj/linux-ports URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/187786 Contact: Johannes Meixner The Linux emulation layer relies on a Linux base distribution along with Linux ports of relevant non-base software. Fedora 10 was imported in 2006, and it shows -- current Linux software like Skype 4, Sublime Text 2, or even modern games fail to run with the provided libraries. CentOS 6.5 was released in December 2013 and will be supported until 2017, making it an ideal basis for an update to the ports infrastructure. Built upon the work of Carlos Jacobo Puga Medina, all ports using Linux have been updated to work with either Fedora 10 or CentOS 6.5. The goal of this project is to make CentOS 6.5 the default Linux distribution, so that FreeBSD users can enjoy running modern Linux binaries without having to resort to virtualization =C3=A0 la VirtualBox= , or even dual-booting. This project is sponsored by Goldener Grund O=C3=9C. Open tasks: 1. Clean up Mk/bsd.linux-*.mk and fix errors detected in ports/187786. 2. Revert making c6 the default (in the git repository). 3. Testing. 4. Review patches and import into the ports tree (any help appreciated). 5. Make c6 the default (after sufficient testing) within the ports tree. __________________________________________________________________ Wine/FreeBSD URL: http://wiki.FreeBSD.org/Wine URL: http://wiki.FreeBSD.org/i386-Wine URL: http://www.winehq.org/ Contact: Gerald Pfeifer Contact: David Naylor Wine is a free and open source software application that aims to allow applications designed for Microsoft Windows to run on Unix-like operating systems, such as FreeBSD. The Wine project has been in maintenance mode this quarter and has updated the ports for the following versions: * Stable releases: 1.6.2 * Development releases: 1.7.9 through 1.7.15 The ports have packages built for amd64, available through the ports emulators/i386-wine and emulators/i386-wine-devel. Open tasks: 1. See the "Open Tasks" and "Known Problems" sections on the Wine wiki page. 2. FreeBSD/amd64 integration, consult the i386-Wine wiki page for the details. 3. Port WoW64 (supporting Windows 32-bit and 64-bit from the same port) and Wine64. __________________________________________________________________ Xfce/FreeBSD URL: https://wiki.freebsd.org/Xfce URL: https://svn.redports.org/olivierd/xfce4/ URL: https://people.freebsd.org/~olivierd/xfce-core-unstable.html URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D183690 Contact: FreeBSD Xfce Team Xfce is a free software desktop environment for Unix and Unix-like platforms, such as FreeBSD. It aims to be fast and lightweight, while still being visually appealing and easy to use. The Xfce team continues to keep each piece of the Xfce Desktop up to date. The latest commits concerned: * Applications: - Midori (0.5.7) - xfburn (0.5.0) - xfce4-parole (0.5.4) - xfce4-taskmanager (1.0.1) - xfce4-tumbler (0.1.30) * Panel plugins: - xfce4-clipman-plugin (1.2.5) - xfce4-equake-plugin (1.3.4) - xfce4-wavelan-plugin (0.5.11) - xfce4-whiskermenu-plugin (1.3.2) We also follow development of core components (available in your repository). See the links for documentation on how to upgrade those libraries. * garcon (0.3.0) * libxfce4menu (4.11.1) * libxfce4util (4.11.0) * xfce4-appfinder (4.11.0) * xfce4-desktop (4.11.4) * xfce4-dev-tools (4.11.0) * xfce4-panel (4.11.0) * xfce4-parole (0.6.0) * xfce4-settings (4.11.2) * xfce4-session (4.11.0) * xfce4-wm (4.11.1) * xfce4-xkb-plugin (0.7.0) Open tasks: 1. Add support of DragonFly for xfce4-taskmanger. 2. Finish replacing Tango icon theme with GNOME, in order to close ports/183690 (see links, Midori remains to be fixed). __________________________________________________________________ ZFS Chapter of the Handbook URL: http://www.allanjude.com/zfs_handbook/zfs.html URL: http://www.allanjude.com/talks/AsiaBSDCon_2014_-_WIP_-_ZFS_Handbook= .pdf Contact: Allan Jude Contact: Benedict Reuschling Contact: Warren Block ZFS is one of the premier features of FreeBSD. The current documentation in the Handbook and elsewhere online is severely lacking. Much of the original documentation from Sun and Oracle has disappeared, moved, or is about the proprietary version of ZFS. New users have many questions about ZFS and yet there exists a great deal more bad advice about ZFS than proper documentation. The current ZFS chapter of the FreeBSD Handbook starts off with the required steps to configure an i386 machine to run ZFS. This is more likely to scare off a new user than to educate them about how to properly use ZFS. At BSDCan 2013, the process of writing an entirely new chapter of the Handbook on ZFS was started. Currently this chapter consists of approximately 16,000 words covering all subcommands of the zpool(8) and zfs(8) utilities, delegation, tuning and a section devoted to definitions and explanations of the terms and features of ZFS. The remaining section is the FAQ, to help users address the most common problems they might run into with ZFS. It would be useful to hear experiences, questions, misconceptions, gotchas, stumbling blocks, and suggestions for the FAQ section from other users. Also, it would be good to have a use cases section that highlights some of the cases where ZFS provides advantages over traditional file systems. Please send suggestions to the freebsd-doc mailing list. This project is sponsored by ScaleEngine, Inc. Open tasks: 1. Technical review by Matt Ahrens (co-creator of ZFS). 2. Improve delegation section. 3. Improve tuning section, add new sysctls added in head. 4. Add section on jails and the jailed property. 5. Add FAQ section. 6. Add "Use Cases" section. 7. General editing and review. __________________________________________________________________ FreeBSD Participating in Summer of Code 2014 URL: http://gsoc.FreeBSD.org/ URL: https://wiki.freebsd.org/SummerOfCode2014 Contact: Gavin Atkinson Contact: Glen Barber Contact: Wojciech Koszek FreeBSD is pleased to have been accepted as a participating organization in Google's Summer of Code 2014. This will be the tenth time we have participated in the program, having been selected to participate every year since its introduction. This year, the administrators made a special attempt to spread the word about Summer of Code around universities, including making contact with around 350 mainly Polish, British, African and American universities to advertise the Summer of Code program, with a particular focus on FreeBSD's participation. We made contact with both technical departments and student societies. Posters were produced in several languages, and FreeBSD committers and users were encouraged to distribute these posters around their local universities. FreeBSD received a total of 39 proposals from students, and were subsequently granted 15 slots from Google. We are now facing the unpleasant challenge of trying to decide which of the 39 proposals to select, taking into account the quality, desirability and feasibility of each proposal, as well as ensuring we will be able to provide an excellent mentoring experience to each selected student. All mentors have volunteered to mentor, and we pair students with mentors primarily based on the prospective mentor's areas of expertise, interest in the project, also taking into account the desire to pair students up with mentors in similar time zones in order to improve the student experience. The final list of accepted students is expected to be announced on the 21st April. __________________________________________________________________ The FreeBSD Foundation URL: http://www.FreeBSDFoundation.org/ URL: http://freebsdjournal.com/ Contact: Deb Goodkin The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the FreeBSD Project and community worldwide. Most of the funding is used to support FreeBSD development projects, conferences and developer summits, purchase equipment to grow and improve the FreeBSD infrastructure, and provide legal support for the Project. We published the first issue of the FreeBSD Journal, our new on-line FreeBSD magazine. The positive feedback from both the FreeBSD and outside communities has been incredible. This quarter we began work on articles and promotion for the second issue. We also started working on a dynamic version of the magazine that can be read in many web browsers including those that run on FreeBSD. This year we are earmarking more funding towards FreeBSD advocacy and education. You will see more literature, white papers, articles, and so on to help promote FreeBSD. The Foundation held a board meeting in Berkeley, California, in January. We discussed longer term strategy and planning for the year. We put together our 2014 budget with a plan of raising at least $1,000,000 and spending $900,000. Two Foundation funded projects were completed. The first, co-sponsored by Google, integrated the Casper daemon into FreeBSD. The second was auditdistd(8) improvements for the FreeBSD cluster. Work continued on these Foundation-sponsored projects: Intel graphics driver update by Konstantin Belousov, UEFI boot support for amd64 by Ed Maste, autofs automounter and in-kernel iSCSI stack enhancements and bug fixes by Edward Tomasz Napierala, and updated vt(4) system console by Aleksandr Rybalko. A more detailed project update for each of the above projects can be found within this quarterly status report. We were a Gold Sponsor for NYCBSDCon 2014 in New York, February 8, which was attended by several board members. We were represented at SCALE in Los Angeles, February 22-23, and ICANN in Singapore, March 22-25. We were a sponsor for AsiaBSDCon in Tokyo, March 15-16. Board member Hiroki Sato was the conference organizer. Board members Kirk McKusick and George V. Neville-Neil taught tutorials and Kirk gave a keynote. Board member Dru Lavigne manned the foundation table and spoke at one of the sessions. We became a Gold+ sponsor for BSDCan 2014, May 16-17 and have started reaching out to vendors to attend the developer summit that runs in the two days before BSDCan. Board members George, Kirk, and Robert Watson pushed to finish the final draft of the next edition of their book "The Design and Implementation of the FreeBSD Operating System". ITWire editor Sam Varghese published an interview with Kirk and Foundation technical manager Ed Maste about the status of secure boot on FreeBSD. The FreeBSD Logo is now officially a registered trademark to represent the FreeBSD operating system. We are working to expand the registration beyond just the FreeBSD operating system, but currently still have to use the "TM" symbol when using it on apparel and other non-operating-system items. We continued reviewing requests and granting permission to use FreeBSD trademarks. After finishing the 10.0-RELEASE, Foundation system administrator and release engineer Glen Barber began work on adding support for FreeBSD/arm image builds as part of the release build process. As a result of this work, FreeBSD/arm images are produced as part of the weekly development snapshot builds, and are available from any of the FreeBSD FTP mirrors. Supported kernel configurations currently include BEAGLEBONE, RPI-B, PANDABOARD, WANDBOARD-QUAD, and ZEDBOARD. George visited six large FreeBSD users in the Bay Area in February. These meetings are conducted to help facilitate collaboration between FreeBSD customers and the FreeBSD Project. It is an opportunity to exchange information on what the customers are doing and what is being worked on in the Project. It is also an opportunity to try to connect customers with the appropriate FreeBSD developers who may be working on areas of FreeBSD that interest these customers. __________________________________________________________________ Love FreeBSD? Support the development with a donation to the FreeBSD Foundation! https://www.freebsdfoundation.org/donate/ From owner-freebsd-announce@FreeBSD.ORG Wed Apr 30 04:35:11 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CAFAE972; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B6895143C; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U4ZAqq093708; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3U4ZAuJ093696; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 Apr 2014 04:35:10 GMT Message-Id: <201404300435.s3U4ZAuJ093696@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:08.tcp X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 04:35:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:08.tcp Security Advisory The FreeBSD Project Topic: TCP reassembly vulnerability Category: core Module: inet Announced: 2014-04-30 Credits: Jonathan Looney Affects: All supported versions of FreeBSD. Corrected: 2014-04-30 04:04:20 UTC (stable/8, 8.4-STABLE) 2014-04-30 04:05:47 UTC (releng/8.4, 8.4-RELEASE-p9) 2014-04-30 04:05:47 UTC (releng/8.3, 8.3-RELEASE-p16) 2014-04-30 04:04:20 UTC (stable/9, 9.2-STABLE) 2014-04-30 04:05:47 UTC (releng/9.2, 9.2-RELEASE-p5) 2014-04-30 04:05:47 UTC (releng/9.1, 9.1-RELEASE-p12) 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) CVE Name: CVE-2014-3000 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. When network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled. II. Problem Description FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry. III. Impact An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while extremely difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system. IV. Workaround It is possible to defend to these attacks by doing traffic normalization using a firewall. This can be done by including the following /etc/pf.conf configuration: scrub in all This requires pf(4) to be enabled, and have the mentioned configuration loaded. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:08/tcp.patch # fetch http://security.FreeBSD.org/patches/SA-14:08/tcp.patch.asc # gpg --verify tcp.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r265123 releng/8.3/ r265125 releng/8.4/ r265125 stable/9/ r265123 releng/9.1/ r265125 releng/9.2/ r265125 stable/10/ r265122 releng/10.0/ r265124 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rngywP/joAE0afufOlFvOsSxeeXUWg kNhtEQV5iXgsbu8QPwM/ikmAgg2ONGLQ47A7w7vHF98qg8jk6W1aZCcRE5lIg8hg WP5boSFvzvTXIQCo8EsIdcbnNBEA6CrtVQOIvWtuow2z8T0MtSou78Ctq2SO0O+8 7lY9pFYguFBgUNmVC6jpChIGJS9uZtdz2Vn697B4fOyv1pn6wenW7teOsyN+4Dyj 7Wq/qppZDrYSnd+YdveUAFCyCoYIXcsLXbeeIVJC2g8x6LlDw8swZElZL6refX6L UPDBViI3ctAcjEgzAP1fN3d9FpA5oGJ67J9QcDxYIfTj5YrQiYoTs49ER9FD7k9Q UxrgLamZ45/D762/IpmLHCwD+FWdzhl9wufklUptrHNIyNyovwMxQDNnoGZUIKeZ x1fAfctXRAztISyQ5xqVw3nKLauPCSG6IniyyZ12BcFxmDvoEcyOFLqB1eN+l5DB aJvfiA4PjWIV1nVU+w4MKKAQbHQSgh9bu8EvYUuwNrGOtP49RV1HejWD85ePSgtr KOQ0HU8CGmTpWOMkDQBl8Ap1boP9iUOTRp/WuIxwMi+AqoKRuDrWs0sOAXIksu2s 0sgGnbI0lrg77lBW4FPvMaCg1dlzlfv4J9AExAh6Ur52qxh5GaOcI2NhYWbxvijh 5wgOBszZXV2kPRDAaJTa =uhXC -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Apr 30 04:35:10 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D754B973; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B78C4143E; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U4ZApj093710; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3U4ZA8k093703; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 Apr 2014 04:35:10 GMT Message-Id: <201404300435.s3U4ZA8k093703@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:07.devfs X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 04:35:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:07.devfs Security Advisory The FreeBSD Project Topic: devfs rules not applied by default for jails Category: core Module: etc_rc.d Announced: 2014-04-30 Affects: FreeBSD 10.0 Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) CVE Name: CVE-2014-3001 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The device file system, or devfs(5), provides access to kernel's device namespace in the global file system namespace. The devfs(5) rule subsystem provides a way for the administrator of a system to control the attributes of DEVFS nodes. Each DEVFS mount-point has a ``ruleset'', or a list of rules, associated with it, allowing the administrator to change the properties, including the visibility, of certain nodes. II. Problem Description The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. III. Impact Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation. IV. Workaround Systems that do not run jails are not affected. The system administrator can do the following to load the default ruleset: /etc/rc.d/devfs onestart Then apply the default ruleset for jails on a devfs mount using: devfs -m ${devfs_mountpoint} rule -s 4 applyset Or, alternatively, the following command will apply the ruleset over all devfs mountpoints except the host one: mount -t devfs | grep -v '^devfs on /dev ' | awk '{print $3;}' | \ xargs -n 1 -J % devfs -m % rule -s 4 applyset After this, the system administrator should add the following configuration to /etc/rc.conf to make it permanent, so the above operations do not have to be done each time the host system reboots. devfs_load_rulesets="YES" V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:07/devfs.patch # fetch http://security.FreeBSD.org/patches/SA-14:07/devfs.patch.asc # gpg --verify devfs.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # install -o root -g wheel -m 444 etc/defaults/rc.conf /etc/defaults/ Follow the steps described in the "Workaround" section, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r265122 releng/10.0/ r265124 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYHsGAAoJEO1n7NZdz2rnXsQP/iInaOcBlBDIsZokdpQCgAoF eSKuD5ihYTnlUew9l7lsizOn9se8Lj692FOXWsAjVqodp+A+ew8mUYNBjrOZnPDq HMo/yV7iYHNMUFHOOa7baeUO5M84KIGwTvaWIhMtb7QsRIn3KkJaxBL75LbTjtAa odBrXv+/3K2aG0s7rVGtykmWaWmmo/fln27wtZTo0jzLikw3l/iSNsW7qy3RZWKh g48nf+yNlFPhUpcNnvtjdziw04aCT9KGLfJ8csY5inM5LgLs9TcXCYoHyFqyNWeD f0+dEbUDTp/ATppz6cCovjpFbBS6wKfg1k3JoVBNtrVOyu7+qgTQi58JnVpmLdBx s7msIWf/LlIiA9Jz0RKEdFbRBw1UVc45Zxse8gzVRnCxIwywFEuXDPQ0a3UxnQ1c Te0/QQ/rodS/WpELhhu3DGq3aONbznuP/NzQRSQpe1Oqr56+ATiiUo7ITXjm7fpW iqJ9I0BfeyrP/mI3cs2D8V6hOHqrlgdOSgoUwjpNcZCkO2yo/vl0Sk/NEhMhfHYO Wn3Dc/dQYwgFjqL1UW4WGKe/j/SW/JFLyb0+r/mIDq8Z2en1kBSHWBtvRu2hoFc+ mMZ2UpwxBXF71zeslajuGIZ/tfIsHmGLjj6BsRQcdbinEodwIJnlDb5y/KmsBV0w Yyigteth/aK/m3ikDCGs =qxER -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Apr 30 04:35:10 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD720974; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B89BB143F; Wed, 30 Apr 2014 04:35:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U4ZAuX093712; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3U4ZA17093706; Wed, 30 Apr 2014 04:35:10 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 Apr 2014 04:35:10 GMT Message-Id: <201404300435.s3U4ZA17093706@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:09.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 04:35:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects: FreeBSD 10.x. Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) CVE Name: CVE-2010-5298 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. II. Problem Description The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. III. Impact An attacker may be able to inject data to a different connection that they should not be able to. IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process to handle multiple SSL connections, are not vulnerable. The FreeBSD base system service daemons and utilities do not use the SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this mode to reduce their memory footprint and may therefore be affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc # gpg --verify openssl.patch.asc Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r265122 releng/10.0/ r265124 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rn2EsP+wYlobS4EiYtgspXAFgKLha1 0aeA7UokUs21QRTV9tIiFD0Se5HwdmHdh94bRJMRFraU22QYbAelG5GPsZPdRCt4 0ECLKUBDK6ng2M7UNyKhkstsL0+wBq6y5dzKjpR49QX4Vh2zEUYw5BcC5vrIk+YK Qazq8l1t5bl9ebm9rIDmd2uCv/Qe1MgnMlAczeH9HckfzMiH6NhnAuiYpP7K0mIL By6gpSxsHPeQShgJN/5kJjVGkdQK1/A1q0KnNf5r/itQdSC96NazKpCCpkud6RMm k9aPxI5As5Scl70zuCUDAS6vbNI3dvzCU46k8t65/FTeYQO2lxje0QZpqaDiB3+2 tbN5kDviQdWHlJyygCeNK3jxdv0H3+zUZidjPuo158Zcbhb4ckTEZtMtgTn0fRoY alG8qLn3hLj51fPHQK3Ff96xL+1DrhT+3D18OYIbjx7LKtsJJbnorB3jrbW68Ggr h0bW+8yAm1jDFM4kPQw6gcrmtyjxNhnVRLoeoBPSIkmS9cm+12YcXufbSyLm/WqG hkpPCrvUXibZmLi0CDlRMhLkjaOUhEXQsV3OR0gCmuFtN52gncyrIoPaxs79HZ1A g2JxLp7b56B2XOyakEmNc+rqJJkzi+LV8HTp5DcrbXjAunYk9ipfxPakqXFDD6jV L3ElC6aFDJ2UchtmjBRk =Y+tE -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Apr 30 19:06:30 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F59DCB6; Wed, 30 Apr 2014 19:06:30 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 702FE1853; Wed, 30 Apr 2014 19:06:30 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3UJ6UIH017095; Wed, 30 Apr 2014 19:06:30 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3UJ6UFd017093; Wed, 30 Apr 2014 19:06:30 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 Apr 2014 19:06:30 GMT Message-Id: <201404301906.s3UJ6UFd017093@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED] X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 19:06:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects: FreeBSD 10.x. Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) CVE Name: CVE-2010-5298 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2014-04-30 Initial release. v1.1 2014-04-30 Added patch applying step in Solutions section. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. II. Problem Description The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. III. Impact An attacker may be able to inject data to a different connection that they should not be able to. IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process to handle multiple SSL connections, are not vulnerable. The FreeBSD base system service daemons and utilities do not use the SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this mode to reduce their memory footprint and may therefore be affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc # gpg --verify openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r265122 releng/10.0/ r265124 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYUi5AAoJEO1n7NZdz2rnk/8QAMUvAUQzbd0PE8QYH2ZlnHuO fhY8xeIxXzK7/e4WOpXDmC68phxLcGQF4YRtX7Wu/yEchIk7cJPocx6kkht8CpCG t7BpgQOyWY7QRHkIg+hzcooWJFK8nS9miXrwI0vOgWNIbI+iNaSZwNcBsrqF45hI U1/Z6EWFqmEq+VJBtzpp6F7etYYn8OomBF0XFj13Dtr1UnuG+QqOF0c7FH4o0oiL +LpTPlgpubOR1wIx/7nR4j5VeXUwHK3Lrv9X5395YmLVca6pHzeG3pFjGuJJMf8E 9t4Y13EfnetO1AEX7Up86i2h28P8nTqmse+m60LAAwMuHpTRvzruQNvzBguv5Nb7 kVoZKbHb8Ji2rrUEQ//tEYcp57iry0ukvP3uzyvA8q17FeGvx/aJl9Wcc6s+Untd n2WbVvYLnGGNWWI35Yi5eo7TCKcj8z/s0Wgb0omWh7cz7YCjveoG/2x9BHwVGunf VxEmhXPW8HKSEVf/w/yEIAJIechpRv3q9y+Yh5vgMzVqwoP3nXESuQxpzm6Bx/2P 0ZV+IQNAGRXIBQWqjDqC0yZJ/8QNkp+NDRE8ZZHjxnJeQZCayCaEBmjQZcU9qRHP Y2eHu+AiDSi5j2hKyWwY59xlUJ+hBCejzSc0kGiuNq1GWIKltGZ48dnN+H4d4Z6C ZYF6H9F0ykvTxWFfVlFx =H1mN -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Sat May 3 19:30:12 2014 Return-Path: Delivered-To: announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4A8D7C2E; Sat, 3 May 2014 19:30:12 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1A54C1B48; Sat, 3 May 2014 19:30:12 +0000 (UTC) Received: from nibbler-wlan.home.lan (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s43JUAMu061489; Sat, 3 May 2014 19:30:10 GMT (envelope-from flo@FreeBSD.org) Message-ID: <536543B1.4070504@FreeBSD.org> Date: Sat, 03 May 2014 21:29:53 +0200 From: Florian Smeets User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Thunderbird/32.0a1 MIME-Version: 1.0 To: announce@freebsd.org, freebsd-ops-announce@freebsd.org X-Enigmail-Version: 1.7a1pre Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6uCp8w7XefodNG34GPF5kKW92eBNxLqKx" X-Mailman-Approved-At: Sat, 03 May 2014 19:31:44 +0000 Subject: [FreeBSD-Announce] FreeBSD.org mailing list changes X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: "postmaster@freebsd.org >> Postmaster Team" List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2014 19:30:12 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6uCp8w7XefodNG34GPF5kKW92eBNxLqKx Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Some of the big email providers recently enabled and started to enforce DMARC. This causes problems for mailing lists and messages from DMARC enabled domains might not be delivered to email services that check and enforce DMARC. We will implement the following change once mailman 2.1.18 is released, which should be very soon now. Emails from DMARC-enabled services will have the From header rewritten to the mailing list: From: Some One would become From: Some One via FreeBSD-test Reply-to: someone@example.org For most email clients this should not change anything. You can find more information about the subject at http://dmarc.org/ Florian on behalf of postmaster@FreeBSD.org --6uCp8w7XefodNG34GPF5kKW92eBNxLqKx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTZUPCAAoJEOcFPfn/hvB2PHwQAKp0YWa6O3y9dXttX0HOnCkJ 7opGBYHn4h8/DXi6D8mTBpshE8pxCaCdX5WyWGj9NM+TQvnu05fWKtd/o2xyuvZu L9+TFolSMrOx9kA92UdXAZP61+eAVptGngY5/LDDrnLlnkSoyRLcZlce/8O7AlNG 3oZUAXNsHSpejLxYxPB6WR7+jHX2FTDRHyvSnZEQxYMf6tGyHxXCRJZbSnP8SBvx cl5cdzExOnXq3bnhrnECkFxnzX5bORAixsbbiZ52bpMKYOTCc7opgF2tA9M8lz0r vVz09yi8UXDF2iYuHkIq5vGG4xN2Jx7dtn30qhLhYT3RnnvBcWQSnCnGNqrr2ei5 j4fcnvJ00PDegtmGIstZBNPVgDFbsYsIahZt63r30LV9W9CDxP0nFGXY3MzPFWkI mqcrblJF5WWSCfvv7YhM302irn/xcauI/5Wn8THt2MsURMwPihqQRhg0qSdghmG1 EnaZp1z50/u0A4w3fQeWl4O3X5zDfcPpgrWR6lZZT4SJwRbUkVTsGMeEDLuLzX/2 I1R3yyCfHVtZ7FlfqZy+J/j596xvtXDoIgaF6XAeGf1QyrvGy4TzhEdMd5/8Ep/T exA9i2IptqAsRaem8EsxLM7V7TgKs3+lKzUKZ250jyqaTJpjq73oJrs/lBOx/z7e VRsZR3XQTFs6cZmBQKnG =bChM -----END PGP SIGNATURE----- --6uCp8w7XefodNG34GPF5kKW92eBNxLqKx-- From owner-freebsd-announce@FreeBSD.ORG Wed May 7 20:13:08 2014 Return-Path: Delivered-To: freebsd-announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4DA129DB for ; Wed, 7 May 2014 20:13:08 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1FD8C8F1 for ; Wed, 7 May 2014 20:13:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s47KD70P072143 for ; Wed, 7 May 2014 20:13:07 GMT (envelope-from security-officer@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s47KD7VT072142; Wed, 7 May 2014 20:13:07 GMT (envelope-from security-officer@freebsd.org) Date: Wed, 7 May 2014 20:13:07 GMT Message-Id: <201405072013.s47KD7VT072142@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-officer@freebsd.org using -f From: Xin Li To: freebsd-announce@FreeBSD.org Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] HEADS UP: FreeBSD 8.3 EoL X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2014 20:13:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Everyone, As previously announced on January 31, 2014, FreeBSD 8.3 has reached its End of Life on April 30, 2014, and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 8.3 are strongly encouraged to upgrade to one of the newer releases before the that date. The current supported branches and expected EoL dates are: +-----------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+------------------+------------------| |stable/8 |n/a |n/a |n/a |June 30, 2015 | |-----------+------------+--------+------------------+------------------| |releng/8.4 |8.4-RELEASE |Extended|June 9, 2013 |June 30, 2015 | |-----------+------------+--------+------------------+------------------| |stable/9 |n/a |n/a |n/a |last release + 2y | |-----------+------------+--------+------------------+------------------| |releng/9.1 |9.1-RELEASE |Extended|December 30, 2012 |December 31, 2014 | |-----------+------------+--------+------------------+------------------| |releng/9.2 |9.2-RELEASE |Normal |September 30, 2013|September 30, 2014| |-----------+------------+--------+------------------+------------------| |stable/10 |n/a |n/a |n/a |last release + 2y | |-----------+------------+--------+------------------+------------------| |releng/10.0|10.0-RELEASE|Normal |January 20, 2014 |January 31, 2015 | +-----------------------------------------------------------------------+ When FreeBSD 9.3-RELEASE is released, it will receive "Extended" support, i.e., it will be supported for at least 24 months. - -- Xin Li FreeBSD Security Officer (acting) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTapMPAAoJEO1n7NZdz2rnYEkP/joPmgeJuorywT+k0zzS//uy Fdu7K35GECdOYmZLnX204xYQX6uWjuRPbNTm8cqAjeZ2bjwhJlcU3eW78AkJ4TQY afTTtAfw74ey7zg2cdE6b8IQL6yb/tFikVaLkTkpnLxrU/Iuqr36eEFu95aMbjmV jPZEHabj1yJ6LwIw13mS3O+VuBysoZU/U3JRKSiFDZOr+UVymCBSojMjYPtIu/zK wXBe4WPgeDY2I3G4FvtZodJbjhvFmJwDtk7cxfR6yVilztVBkTVYBMtMgo2Z84mC u36Wh9JynxzTVO5Snt+5R4bORCFv38aqUw1hyI/NBXWeg+yR0BCfJK+rGNyjYm8Y 0esAfX1BLVeteAAKlgMji1toHY9IXXRlJZX4hNtoZ0rvww2+Ej+PvNPFD0ExSyif yM+q68O2oJpHo0NhtWeAiuhvUWWUHhR3r7NjgeyM9qBMwhnwZYQL8qcPpOwnG2eU zdSwgGkxET939UV0HB1tsSU2S/v4pkWmKVUQ18t0EQ87EKWvA1MbiC1enqNNl40m K3A3HRtHhg/Z9M8CGthXYiVcMa+VFBg914dW4bNB7Fv/wm6hLxn6+cGhJDnltnII BV/nmS3o2+tdBVcQ0Kh4tJy+M/zUf/OdCrCLpeufpD02pqTHRgUl27vyuu9sBet2 4FE5HacmypZPJcl0tUos =xCZn -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed May 14 00:00:02 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A006C252; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 829942C70; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4E002fs029935; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4E002J0029933; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 May 2014 00:00:02 GMT Message-Id: <201405140000.s4E002J0029933@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:04.kldxref X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 00:00:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:04.kldxref Errata Notice The FreeBSD Project Topic: Build repeatability for kldxref(8) Category: core Module: kldxref Announced: 2014-05-13 Credits: Jilles Tjoelker Affects: All versions of FreeBSD prior to 10.0-RELEASE. Corrected: 2014-05-13 23:35:29 UTC (stable/8, 8.4-STABLE) 2014-05-13 23:24:32 UTC (releng/8.4, 8.4-RELEASE-p10) 2013-12-23 22:38:41 UTC (stable/9, 9.2-STABLE) 2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6) 2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The kldxref utility is used to generate hint files which list modules, their version numbers, and the files that contain them. These hints are used by the kernel loader to determine where to find a particular KLD module. II. Problem Description Previous versions of kldxref(8) do not use an ordered list of files when generating the hints file. The result of kldxref(8) is equivalent but not the same if file system layout have been changed. III. Impact The generated hint files can be different across different builds, making unnecessary downloads for binary patch files. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch # fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch.asc # gpg --verify kldxref.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r265990 releng/8.4/ r265989 stable/9/ r259799 releng/9.1/ r265988 releng/9.2/ r265988 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:04.kldxref.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnmPgP/iPAKX2lIGwRXkrYFbNPEBSz +Tehkgw/ReNG0iaAJql/p0LrxyGUoCwE2rpTJxxC8KB9X8Eq74DhjSNpdYaE12E2 YFMyIyAb1b6wqU34Q7DsR9oPhqIcb9yET2dEg+s5NVSWfC7AMWdvvaJjjxtLgG4L M9yksDAKs3AJOHEVEtluy7Do8A5W/6b5SHXENbG+AUUBtwnDBKcs9riXic/TQ1WB vJzHwAJVznQ03bnxqjuG+gZoej6xUHusX+ih87ioKiJrcZ/5szq2C6LIUnRnAA66 6b/szBJ3gRBweOKeopESIcZfwaLCd53EX9/r9vqAfXK6+3uqoIXzkZCyzo+cgSwa +88SmZ3/4dao24JPoLbVupIyU0CJjmoLsV9jVCrC/fbkUFTxq7Cgbxeai3rmrpXC p11FXPJd4cOgwuQYUw3rowtoq8z8Wn3PI073SzwT2OZg4SgXRUn+FzGpMWwqbWoa 1idQ9KSM/pFkoa7bdK5S7mYtp7jU9HQeiTXZYYF1S3URr2XpE1vyUFVOuDJpGkkW KIT/hdy02wGzPPGjQoFkSR2KpUmJr2zHhVSUdt7a8vvYhbZBR21sBIUNKSoWkYtC 2CQXF4pFBHO/i79RiEU+2E1CKWpsqoHnvnKNRq3Bp54aaU9xa4YcRwRJ7lj9RALm +igNrZJMo3yw3gs89uGp =W4to -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed May 14 00:00:01 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECAC024E; Wed, 14 May 2014 00:00:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CE4582C6C; Wed, 14 May 2014 00:00:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4E001mw029891; Wed, 14 May 2014 00:00:01 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4E001nQ029888; Wed, 14 May 2014 00:00:01 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 May 2014 00:00:01 GMT Message-Id: <201405140000.s4E001nQ029888@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:10.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 00:00:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:10.openssl Security Advisory The FreeBSD Project Topic: OpenSSL NULL pointer deference vulnerability Category: contrib Module: openssl Announced: 2014-05-13 Affects: FreeBSD 10.x. Corrected: 2014-05-13 23:19:16 UTC (stable/10, 10.0-STABLE) 2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3) CVE Name: CVE-2014-0198 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The TLS protocol supports an alert protocol which can be used to signal the other party with certain failures in the protocol context that may require immediate termination of the connection. II. Problem Description An attacker can trigger generation of an SSL alert which could cause a null pointer deference. III. Impact An attacker may be able to cause a service process that uses OpenSSL to crash, which can be used in a denial-of-service attack. IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process to handle multiple SSL connections, are not vulnerable. The FreeBSD base system service daemons and utilities do not use the SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this mode to reduce their memory footprint and may therefore be affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch.asc # gpg --verify openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r265986 releng/10.0/ r265987 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNb4QAODp1Pxk3GlTwlptWQkC+DJb bwd2RRtkvkz677JIbdtyM7b5POgUih/NtAF9Yyy/pg8IJcSRiv0f7F5L+maV9nee KGb27zizWOgIqor6HhRAv2OniVN271OfoyCkt0xRmigBR6dQ80iBVuCk6McvxvjL 5Yfw8wtfF8zAo5p1d4V3EEPOIVPwgJ31YnB/sVv+SyV6Ldl5DS0Gp1Cm9KjvaJUI CUIljIaH6AFuzs671V4DpuFPtFPIsvGUhEdpf6+ypVJN1J/D+BNRvoIX1zxou4Kf 34qB6cs/LlyBKCPctK/qLU7UScNsuUItpWrw5ESHFHdgsTr8XA9POxU72wlCRCoQ T2A6zIqPQRgCWfrPnmJNwLN9riMQGc2oFBXd19iITyc8/7OcXAFnzIy+zu++jZp6 rMwGIUCg5UKkSGVWnoYyS/1SQRYqi4MzUqC/AwpQHKoE5CqUzVCJ7zGTFcsie0o4 wfWoFlkgbNl0Attn4HLuXncjvGVCMeWqUERKBU7xIxC1D5PKXF5QmCUqlZrddBaw ATIFsPEopu2bX/+sbgcGKSF5WAWwdT92vIgarjW3UkKDYihRNKusrOwp3sue7Iw+ QIweOaJLqpSnfQ3me62I3fWYjRwceeASeTx7dYdxrK1Dx5DnlN8gGwwhl/7cvoWe Xm6DqYXeQRsIxZ7Ng/PO =4EYM -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed May 14 00:00:02 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B9634253; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A5E532C71; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4E002xV029948; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4E002Nx029946; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 May 2014 00:00:02 GMT Message-Id: <201405140000.s4E002Nx029946@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:05.ciss X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 00:00:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:05.ciss Errata Notice The FreeBSD Project Topic: data corruption with ciss(4) Category: core Module: ciss Announced: 2014-05-13 Credits: Sean Bruno Affects: FreeBSD 10.x and FreeBSD 9.x Corrected: 2014-04-15 17:52:22 UTC (stable/9, 9.2-STABLE) 2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6) 2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13) 2014-04-15 17:49:47 UTC (stable/10, 10.0-STABLE) 2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ciss driver supports HP Smart Array line of hardware RAID controllers. II. Problem Description There is a programming error discovered in the ciss(4) driver, where a missing lock can trigger a failed assertion when the volume state changes, such as disk failure or a disk rebuild. III. Impact Systems using the ciss(4) driver may experience system crashes or data corruption when the volume state change. IV. Workaround No workaround is available, but systems that do not use ciss(4) devices are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch # fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch.asc # gpg --verify ciss-10.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r264511 releng/9.1/ r265988 releng/9.2/ r265988 stable/10/ r264510 releng/10.0/ r265987 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:05.ciss.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNqAQAJCfdCBubWSDRO/dsSaqK6yT bnPY4Xly523ABRCQySe0vajSIK1qqfE0bAmhYa/7BTMqyJKz0BRhx819D8SiWNS9 Hdy4yU/hOjBkbT6KAtpBaSUNXX4ODWaNbd78c+uDSvj9UeQgrunAQC7OJR6iYWuq 25fBUXgovSr4g9puNyBs8sH+c7IzbG4HvhoPrjRDwdasEyCBzx6RggpnxusfVsd9 91Eg/WPG3hIJW6kaHOWWeVwz4vCRZjv0u7myeJBcAa7gcwDX/J2DHeDrG60O3BNY /fZT2UcfDxE0rEVuVnV3Vc0XkIQjuNk7G9SkGjH4Zdx+I34UT05cxU5ZrdpKNiGL fjbo4H/KBML4agRGAPzeo3KU3rxOUmss+mh7Mu+CVoZP5uQUr1sEUkfQ+FkJjjbv es47Ij6ZmfGyUPuVKVCW34bXm6Ieyc0QZ10kRv8paOmPsWBA+WYWGibEhvwp5v0p AHdlGGO/FpOac4h/YEqOh6ryN8QldjCI+SCqkfs38DjeTX5IWecgax586oH7BpJm RGc/fgx3YSO8tmMaTwKZm5VVlujsld6t95XrA2dGWOhiWcRsoWGs+SaUTNf5Y0Te k2vD7tMsk37PG4jbp7pk4FH2Mfb9KRHe82ebdOnkOj4C5kWIB8FwYJyMIjDl3C4r OdXZDrbyKh/swjJZJIuP =orSF -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed May 14 00:00:02 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75D25251; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5BD2A2C6F; Wed, 14 May 2014 00:00:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4E002QP029921; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4E002sO029919; Wed, 14 May 2014 00:00:02 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 May 2014 00:00:02 GMT Message-Id: <201405140000.s4E002sO029919@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:03.pkg X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 00:00:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:03.pkg Errata Notice The FreeBSD Project Topic: pkg bootstrapping, configuration and public keys Category: core, packages Module: pkg Announced: 2014-05-13 Credits: Baptiste Daroussin, Bryan Drewery Affects: All versions of FreeBSD prior to 10.0-RELEASE Corrected: 2014-04-15 23:40:47 UTC (stable/8, 8.4-STABLE) 2014-05-13 23:24:32 UTC (releng/8.4, 8.4-RELEASE-p10) 2014-03-11 14:48:44 UTC (stable/9, 9.2-STABLE) 2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6) 2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The pkg(7) utility is the new package management tool for FreeBSD. The FreeBSD project has provided official pkg(7) packages since October 2013 and signed packages since the pkg-1.2 release in November 2013. The signature checking requires known public keys to be installed locally. The repository configuration must be installed as well. The base system also includes a pkg(7) bootstrap tool that installs the latest real pkg(7) package. The bootstrap tool knows where to find the official pkg(7) package but once that is installed the real pkg(7) will not know where to find official packages, nor have the known public key for signature checking. The bootstrap tool was also improved in 10.0-RELEASE to check the signature on the pkg(7) package it is installing. II. Problem Description Only FreeBSD 10.0 has been released with the official repository configuration, known public keys, and a bootstrap tool that checks the signature of the pkg(7) package it is installing. To allow packages to be used on a system, the configuration must be manually setup and keys securely fetched and installed to the proper location. III. Impact Releases before 10.0 require manual configuration. Manually configuring the pkg(7) signatures could result in insecurely installing the keys or leaving the signature checking disabled. The bootstrap tool is not secure on releases prior to 10.0 due to not checking the signature and could result in having an unofficial pkg(7) installed due to MITM attacks. IV. Workaround To securely install pkg(7) on releases prior to 10.0, install it from ports obtained from a secure portsnap checkout: # portsnap fetch extract # echo "WITH_PKGNG=yes" >> /etc/make.conf # make -C /usr/ports/ports-mgmt/pkg install clean If this is an existing system it may be converted to pkg(7) as well by running: # pkg2ng After this is done /usr/ports may be removed if no longer required. To workaround the configuration and keys being missed, apply the solution in this Errata. V. Solution No solution is provided for pkg(7) bootstrap signature checking on releases prior to 10.0. Upgrading to 10.0 or stable/9 after r263038 will suffice. To install the configuration and public key in a secure means, perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.2] # fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-9.2.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/pkg-en-releng-9.2.patch.asc # gpg --verify pkg-en-releng-9.2.patch.asc [FreeBSD 9.1] # fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-9.1.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/pkg-en-releng-9.1.patch.asc # gpg --verify pkg-en-releng-9.1.patch.asc [FreeBSD 8.4] # fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-8.4.patch # fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-8.4.patch.asc # gpg --verify pkg-en-releng-8.4.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/etc/pkg # mkdir -p /etc/pkg /usr/share/keys/pkg/trusted /usr/share/keys/pkg/revoked # make install # cd /usr/src/share/keys/pkg # make install 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r264519 releng/8.4/ r265989 stable/9/ r263937 (*) releng/9.1/ r265988 releng/9.2/ r265988 - ------------------------------------------------------------------------- (*) The actual required changeset consists a series of changes, including r263023,r258550,r263050,r263053 and r263937. To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:03.pkg.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnPgsP/i1EV9g4qXg9v6HvakiFFKrv 51810uJe/Eo9iujDT1TpwuYJuFQPzkW+h4JRvapaSLAMxeLsYqxj8WDuKz0eU6sW WjaPv6LZWUG91jHbFr3uEAgLLvkc86kMI/hfSmzq5FY7gsisEKoyfdraR2E63jtp BFARxAq9hnddck5zZiX7wCOMtvCVrvrSsozft1p885AUra+Tg9F1RuUloS0CYddD FtUb1dPMshkHlqHqC1wGzRfBVFgX7NnXfnxIi2St1ft0tEDKIL+HQgnjU2CwKbK7 S9ioLYbbUhyo6edpS/4+y5gJ1kVLvlelY4myBHUkSOMJrsxoIBCTuXjdnO9PL5gr qpS9R6TQEMF5auEG5aIOwfu5t8wqczAfC4zVzbm4UPakRYPFS0NfvkDGW2Gno7Yh iOur/JFLUOqbV9i8UwssS8OzG0cr8EzbZ3iLkVPqt1Cxuxxpx8+NYiYV3F0PMxB8 iImoOD1BY0lS3x0gqgeZb5ssBk988aVq1cmbrUuriHuKLK/uvSaFHlGXprQyQmTn 4FEFmMNTCSMbYy3J2daEajUroiZVcBEjORPFR8QYtncRgbzB6u/AjVIo+3Uk/0hj paC8dvBikmT7ity3b7YoOvJIJn62XVqrq9srkYowkDuLJ1E8zQqmR2eZUOmf5vG1 u3zAXa3xup1ginA9Wi6O =UI84 -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue May 20 20:03:07 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96A6A915; Tue, 20 May 2014 20:03:07 +0000 (UTC) Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49E7C2C25; Tue, 20 May 2014 20:03:07 +0000 (UTC) Received: by mail-qc0-f171.google.com with SMTP id x13so1606263qcv.2 for ; Tue, 20 May 2014 13:03:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:date:message-id:subject:from:to:cc :content-type; bh=1inOEhFogrL2MDowsPmUAYCepbaXUijJ0Jz2ngtFDjg=; b=xpj40gsOjoy09bgQPUZ4ZXUhBXuewgjc/e1xEhCvxwzzXtupfL3nr5sXKUO1Aymk8y 7CMQfg5daxv1KYTt81jRTrBUZqMVgwhm9TDeSsOY0hiCueYJvavrPi8Ef4+9D30kekA9 b4D1BV664XdWoy8a7l/OFdDRz9tRZUQ8KO4nwhyPY6HiRiMp2OtQ9tdzzA8fCL3vfxn2 PrYK74HYdEUU1isxjkk1foeIdMgjSQnZZyuySX7Pyo28YC3/WcdTDPKn1rjle7l6WbPu +oKlDkkAcRNu/WWZiB6tlQr6iC011ML93Bh7TX0QrQI0mNzdu9WejCMqpgZZCzcYllTp RbCw== MIME-Version: 1.0 X-Received: by 10.140.96.162 with SMTP id k31mr8280500qge.38.1400616186413; Tue, 20 May 2014 13:03:06 -0700 (PDT) Reply-To: syrinx@FreeBSD.org Sender: shteryana@gmail.com Received: by 10.224.73.81 with HTTP; Tue, 20 May 2014 13:03:06 -0700 (PDT) Date: Tue, 20 May 2014 23:03:06 +0300 X-Google-Sender-Auth: CXCDJrXN49Qh06Q7FjBwPwDvYuM Message-ID: From: Shteryana Shopova To: freebsd-announce@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Tue, 20 May 2014 20:11:56 +0000 Cc: FreeBSD Developers Subject: [FreeBSD-Announce] EuroBSDCon 2014 submissions deadline extended until June 2nd X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2014 20:03:07 -0000 Hi all, The deadline for submissions to the EuroBSDCon 2014 conference has been extended until June 2nd 2014. A number of high quality proposals for talks and tutorials have been received by the program commitee already, but we have reason to believe that there are potential authors out there who may just be too busy at the moment or haven't heard about the opportunity to meet with BSD-minded colleagues in Sofia in late September yet. Remember the first rule of EuroBSDCon: You talk about EuroBSDCon. So if you suspect somebody you know has not yet submitted a proposal to submission@eurobsdcon.org but should, please remind them that the June 2nd deadline will be final. At midnight CEST, no more proposals will be entertained. Please see the Call for Papers page, http://2014.eurobsdcon.org/calendar/call-for-papers/ for further guidance. Looking forward to see you in Sofia. On behalf of the EuroBSDCon 2014 program committee, Shteryana -- Shteryana Shopova EuroBSDCon 2014 Organizing Committee Chair shteryana@eurobsdconfoundation.org, syrinx@freebsd.org http://eurobsdcon.org http://www.eurobsdconfoundation.org/ Mobile: +359888546727 From owner-freebsd-announce@FreeBSD.ORG Mon May 26 22:53:45 2014 Return-Path: Delivered-To: announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C320B20 for ; Mon, 26 May 2014 22:53:45 +0000 (UTC) Received: from smtp2.wemm.org (smtp2.wemm.org [IPv6:2001:470:67:39d::78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 291EE236C for ; Mon, 26 May 2014 22:53:45 +0000 (UTC) Received: from overcee.wemm.org (canning.wemm.org [192.203.228.65]) by smtp2.wemm.org (Postfix) with ESMTP id 9640ABD6 for ; Mon, 26 May 2014 15:53:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1401144824; bh=xm6lvCaVjsmXlSWioRHwOj0puytZYel6x3+wf7wMUBk=; h=From:To:Subject:Date; b=KILa+DP7Y0i8ISMm5OqMfdQpR0lgilPerkMfpEvRIYUfBXUmp9ZOsCQ44wHPHxxIv qkVnb1HcJ3xYWTaLOprxI1y7r3M9lxSIyClprnEE0uIfTs7iDoYLR/FyqVnbPHTk7n UT+qQP8pbgAS10bTBNflXCwWe/eMfz5L78UvzZs8= From: Peter Wemm To: announce@freebsd.org Date: Mon, 26 May 2014 15:53:39 -0700 Message-ID: <3758691.XbW7o8IdhQ@overcee.wemm.org> User-Agent: KMail/4.12.4 (FreeBSD/11.0-CURRENT; KDE/4.12.4; amd64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1552936.8n2QSSpe14"; micalg="pgp-sha1"; protocol="application/pgp-signature" X-Mailman-Approved-At: Mon, 26 May 2014 23:05:45 +0000 Subject: [FreeBSD-Announce] The base src to cvs exporter is being retired X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2014 22:53:45 -0000 --nextPart1552936.8n2QSSpe14 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" While doing some maintenance work on the svn->cvs exporter last week, I= t was=20 discovered that its staging areas had been corrupted again. As a reminder, we said we'd try to keep the exporter running "best effo= rt basis=20 until 9.0-RELEASE, 8.3-RELEASE, 7.4-RELEASE are no longer supported". = All of=20 these milestones are in the past. Archives of the last runs of the exporter are propagating to ftp.FreeBS= D.org=20 in /pub/FreeBSD/development/CVS-archive/ at this time. The contents of the src collection in the cvsup mirrors has been frozen= and=20 will soon only be available from the archive above. The previously rem= oved=20 ports, doc, www collections are also archived there for archaeology pur= poses. We still provide old-style pkg_add binary packages for both "subversion= " and=20 "svnup" for FreeBSD-8.x and 9.x. We provide new style 'pkg install' bi= nary=20 builds of these every week via pkg.FreeBSD.org. Both subversion and svnup build from source without too much difficulty= on older=20 versions of FreeBSD if required. We also provide daily source and ports tarballs on ftp.FreeBSD.org at=20= /pub/FreeBSD/development/tarballs/ as last resort for people with very= =20 ancient releases. Obtaining FreeBSD via subversion is documented at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html The temporary transition aid from 2008 had a good run. It is time to p= ut it=20 to rest. =2DPeter (murderer of cvs) =2D-=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI= 6FJV UTF-8: for when a ' just won\342\200\231t do. --nextPart1552936.8n2QSSpe14 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAABAgAGBQJTg8X4AAoJEDXWlwnsgJ4EXe4H/REbekzwWNpy/sefeuzhmFa2 N2uQ0NizJ4sDGlDaUK41I9drNYVu+xJmzQVaapnbTH2n5DgFG1mrwoF17b+g+5FG 30Mm11RLLpLaAKwZ+nFGaKuC6uTqMfzEMy+IoayTbmh5CeuHer+TO81Gtd9KX9GI hSAOfxi9xl91GvaZRQnXoujCcJOMxarVg+EpKGz+RoKFoKNPflGcigk27FjJLJA3 tSlJ424oK+EUFP5mDewK+AgeMXwJIidxnSazqpfuW/gSZOz39STJOzDbnyZlcKzB 0mgoj8Hw+2QavSAiVtoQTv8MP+EaiDD5lDEWE7vcMMVTs6RAYRnDzq5FlWES7B8= =gtwB -----END PGP SIGNATURE----- --nextPart1552936.8n2QSSpe14-- From owner-freebsd-announce@FreeBSD.ORG Sat May 31 05:35:41 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DBD1D30 for ; Sat, 31 May 2014 05:35:41 +0000 (UTC) Received: from smtp2.wemm.org (smtp2.wemm.org [IPv6:2001:470:67:39d::78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3AC5D2623 for ; Sat, 31 May 2014 05:35:41 +0000 (UTC) Received: from overcee.wemm.org (canning.wemm.org [192.203.228.65]) by smtp2.wemm.org (Postfix) with ESMTP id 44A74FFF for ; Fri, 30 May 2014 22:35:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1401514540; bh=4kLtGi99hdoHp401lCIoD8UL0WcofHgDBJ/rEenntvI=; h=From:To:Subject:Date; b=vGTwrsIhlycjRRWKjehVL21PvEomUMafw86ktjPfM+KBbep3mA9Dx8xu+9GJNRmZl yYSJ8SSt4bu91wuUbTO8988irUZuJxJwSpz0ADHE2ZfeBdJ9jYwU1g4LHRGMWtRm+B 4SAovlDmDE3dnjh4NtPAptKC47lfU37QTucnm5y4= From: Peter Wemm To: freebsd-announce@freebsd.org Date: Fri, 30 May 2014 22:35:34 -0700 Message-ID: <1622966.3BB9bA4cde@overcee.wemm.org> User-Agent: KMail/4.12.4 (FreeBSD/11.0-CURRENT; KDE/4.12.4; amd64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1850735.WVaFvh7v7h"; micalg="pgp-sha1"; protocol="application/pgp-signature" X-Mailman-Approved-At: Sat, 31 May 2014 05:36:31 +0000 Subject: [FreeBSD-Announce] The FreeBSD.org bug database will be read-only or offline this weekend X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2014 05:35:41 -0000 --nextPart1850735.WVaFvh7v7h Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" Within the next few hours we will be freezing the project's gnats bug d= atabase=20 to make way for a migration attempt to bugzilla. We are setting aside the entire weekend for migration attempt and at va= rious=20 times the database will be either read-only or unavailable. We will be= =20 queueing incoming bug related email for later processing. There are extensive interconnections between the old gnats system and t= here=20 are great many tendrils into other cluster systems. We expect this to = be=20 bumpy but we will be doing our best to keep the chaos to a minimum. There will be a followup once we've either committed or aborted. =2D-=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI= 6FJV UTF-8: for when a ' just won\342\200\231t do. --nextPart1850735.WVaFvh7v7h Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAABAgAGBQJTiWorAAoJEDXWlwnsgJ4EpMkH/jFXlIUDrd2FUKoXuJUDGf9z C8LIEHYiFVscjyrtOSNxyJzmTaypsH7B1MCZCqZ86XiMJLoPPG7fE+bRirPp7BAJ iK4qcPKWTV/0iOMAu/lvytajGPPeH9MldYafTqtgtBO31PfI/z9VEgJM6kMgKs1U cQqobbI2J2SlE5MHaIs6iLGUkoX6WeCTCHn/QaAyx3xKdgl1JEzK92cHdfo0diGn /C9TBviYNqXnj/2rtj3GDHbQ+UpctRGfQ4fpk14HlKu39X/R+uUH70noJ+5Jxbu6 lkQ8T8LHxayFWKdgH4dd8Tu9JuxfQUj1uH0yDmzq0cp+O4NbGojTON+ExLYmu2I= =JJlS -----END PGP SIGNATURE----- --nextPart1850735.WVaFvh7v7h-- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 3 08:05:31 2014 Return-Path: Delivered-To: freebsd-announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 15B3516C for ; Tue, 3 Jun 2014 08:05:31 +0000 (UTC) Received: from theravensnest.org (theraven.freebsd.your.org [216.14.102.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cloud.theravensnest.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BE0132A48 for ; Tue, 3 Jun 2014 08:05:30 +0000 (UTC) Received: from [192.168.0.96] (cpc14-cmbg15-2-0-cust307.5-4.cable.virginm.net [82.26.1.52]) (authenticated bits=0) by theravensnest.org (8.14.7/8.14.7) with ESMTP id s5385Rg7067738 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 3 Jun 2014 08:05:29 GMT (envelope-from theraven@FreeBSD.org) From: David Chisnall Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <92E4FB10-DDC8-4B3E-9242-4E8494491630@FreeBSD.org> Date: Tue, 3 Jun 2014 09:05:22 +0100 To: freebsd-announce@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) X-Mailman-Approved-At: Tue, 03 Jun 2014 11:25:59 +0000 Subject: [FreeBSD-Announce] FreeBSD bug tracking moves from GNATS to Bugzilla X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 08:05:31 -0000 We are pleased to announce that the FreeBSD project has begin the transition from the GNATS bug-tracking system to Bugzilla. The Bugzilla installation can be found here: https://bugs.freebsd.org/bugzilla/ This process is expected to cause some disruption, but comes with several benefits. Bugzilla, unlike GNATS, is actively maintained and is used by a number of other projects of similar size and scope to FreeBSD. We hope that users will be familiar with it from other projects and so not have to learn yet another bug-tracking system to file bugs with FreeBSD. Bugzilla supports finer granularity for categories and keywords and over time we will adopt more of these, making it easier to filter bugs into specific target areas. It is now easy for multiple people to track a single bug, without having to have them assigned to custom mailing lists, add attachments to bugs, and so on. Many features that people expect from a modern bug tracker are simply not present in GNATS. The Bugzilla migration comes with several changes to the workflow, illustrated in this state transition diagram: http://people.freebsd.org/~eadler/bugrelocation/workflow.html All of the interaction with the bug tracker can now happen via the web interface. The send-pr script will continue functioning as a compatibility interface, but it is not guaranteed to run in a timely fashion (currently, importing bugs submitted via send-pr involves a manual step). In addition, there are command line tools available in the devel/pybugz package. Going forward, Bugzilla is a more modern platform for integrating with other tools, for example code review systems. This should allow us to improve the workflow for both regular FreeBSD committers and other contributors. Please be warned that there is likely to be some disruption during this process. If you find any specific problems, please file a bug in Bugzilla (now that the search function works well, you can also easily check for duplicates before you file a new issue). If the issue that you encounter is that you can't file bugs, then please send an email to bugmeister@FreeBSD.org. On behalf of Core any myself, many thanks to the people who made this possible. Please be nice to them, they haven't had much sleep recently... David From owner-freebsd-announce@FreeBSD.ORG Tue Jun 3 19:34:10 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E8416BA; Tue, 3 Jun 2014 19:34:10 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8EDF2E89; Tue, 3 Jun 2014 19:34:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s53JYANU015042; Tue, 3 Jun 2014 19:34:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s53JYAgH015040; Tue, 3 Jun 2014 19:34:10 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 3 Jun 2014 19:34:10 GMT Message-Id: <201406031934.s53JYAgH015040@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:34:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:12.ktrace Security Advisory The FreeBSD Project Topic: ktrace kernel memory disclosure Category: core Module: kern Announced: 2014-06-03 Credits: Jilles Tjoelker Affects: FreeBSD 8.4, FreeBSD 9.1 and FreeBSD 9.2 Corrected: 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1) 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1-p1) 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) 2014-06-03 19:02:42 UTC (stable/8, 8.4-STABLE) 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) CVE Name: CVE-2014-3873 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ktrace utility enables kernel trace logging for the specified processes, commonly used for diagnostic or debugging purposes. The kernel operations that are traced include system calls, namei translations, signal processing, and I/O as well as data associated with these operations. The utility may be used only with a kernel that has been built with the ``KTRACE'' option in the kernel configuration file, which is enabled by default. II. Problem Description Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. III. Impact A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password. IV. Workaround The system administrator may set sysctl security.bsd.unprivileged_proc_debug to 0 to prevent non-privileged users from using all process debugging facilities provided by the kernel, that includes ktrace functionality. Please note that this flag have broad effect and may break applications, as some of them may rely on certain debugging facilities to function. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:12/ktrace.patch # fetch http://security.FreeBSD.org/patches/SA-14:12/ktrace.patch.asc # gpg --verify ktrace.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r267016 releng/8.4/ r267019 stable/9/ r267015 releng/9.1/ r267018 releng/9.2/ r267018 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnIfQP/0kHBNvnNUiZ+1OWo5fMDg3N Oe7UdrvnfyeXlgw5bP4t0qwbTpn0kVYL2dfr3bxhkT1w7oF/xQjbcosx/DbzPZZs VtlAGQYh0CvOXcUZmh+COuRfcy2wkr1kKFlc2bGQVTq1uzKS+vceqA3619IWMnJO b6ClzFnn+0hk6BrUd8xdvoiYIF2RG+zcw7CxuoBQrzPYA9iO/S4ACmxzfTIgRcAD ZLGXfUEw3wlftfg605H1iV9xKm4FDUGr9qoL4W0UmYmmTmU4Z71yXSzX3A53qlRg Xd1Grw2K+zhaKaV6xL+mqox0nzSKiYuNf/ZguB5+x9ZA14ck7NtCYg6up1fgh7Ms pznVb8/GCc+IPdWJGXpSz6yFhl/MJc6mTOi+L0gOGvNKp0raNHelCpxlqavGt/tv 9Niv791FK32S8ynlP0yKRvd8Hzq4b185ehWuGWbQO8bEHljqhOyZDhysBYYWdgFi 0KG16lJopCbMPPPBVb4zfsFBvokr31m2w+/xsDD+hmaXa6C9bHIvHpuyJep4q02E 4NOoVr1x8dO5s7yVk7bNZx0WFCDYZ/DLMycLjEftHog7iq4nw29HW/Mt/rPgJWOf NiO0GEJ1XucJ1ShV/OC0B+69mFx9OsOI8kDNLE4l9oqGu2UqcZ/W0Dsa9PPl+ec+ njyksdL+yqvx9kF8fnJ0 =46Yf -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 3 19:34:10 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51E9EB6; Tue, 3 Jun 2014 19:34:10 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 337932E85; Tue, 3 Jun 2014 19:34:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s53JYAxZ015008; Tue, 3 Jun 2014 19:34:10 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s53JYAZh015006; Tue, 3 Jun 2014 19:34:10 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 3 Jun 2014 19:34:10 GMT Message-Id: <201406031934.s53JYAZh015006@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:34:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:11.sendmail Security Advisory The FreeBSD Project Topic: sendmail improper close-on-exec flag handling Category: contrib Module: sendmail Announced: 2014-06-03 Affects: All supported versions of FreeBSD. Corrected: 2014-05-26 15:35:11 UTC (stable/10, 10.0-STABLE) 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) 2014-05-26 20:10:00 UTC (stable/9, 9.3-PRERELEASE) 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) 2014-05-26 15:30:27 UTC (stable/8, 8.4-STABLE) 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes sendmail(8), a general purpose internetwork mail routing facility, as the default Mail Transfer Agent (MTA). FreeBSD uses file descriptor as an abstract indicator for accessing a file. Upon execve(2), file descriptors open in the calling process image remain open in the new process image, except for those for which the close-on-exec flag is set. II. Problem Description There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. III. Impact A local user who can execute their own program for mail delivery will be able to interfere with an open SMTP connection. IV. Workaround Do not allow untrusted users to specify programs for mail delivery, for instance, procmail. Systems that do not use sendmail(8) MTA are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch.asc # gpg --verify sendmail.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r266693 releng/8.4/ r267019 stable/9/ r266711 releng/9.1/ r267018 releng/9.2/ r267018 stable/10/ r266692 releng/10.0/ r267017 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnMxgP/0N9dTCKztkx92+Er1riKEns k0dfQswsTn2BwKzqIwiuzYcC9YFuBbU/ydfhIy3CGHJoZXd98sl0IZkWok7N7gYb N46aSyMypHh5RtoxtRm7aLhmKSBXiXhygwoeV8HW5fBhgZG544BQ+zs3wDWL/Y4J sfTEV4C254hm8+loCjtg+WIoFDtaYFWTWCUm1Yhxb1puN5scCNNgbvqvmhmrCLtb n/AoWUvqQi8B7tu2YafbG+BE8qaLC+tGpqC4mF3NxtNUX++4HMC6ZhbcOaa2PKrk kepReV/zdc3DaZ0e0KsiwFBiWMe9NW0RjHaZeDe3wzbX9fer2WjoOszLw7xLo/8s GPZwI+fPRysKGRXeW+0Bp3itbHYAFUhS5PttZQcGqzFKIRNLdVcAIMsj/+j32/LM vVw3e1NpsIhpxqIorxJEwuBxr4SWzCY26TbJVG+jWqEzhaRgjgpW+TZ2bhW3EDKm CNnngufJzh54/rEKolWxntyiw442JRpcPvumiUiH9WmRHipkCrMttQGA9TfjUy0u diQFs/nWNa9YeUkF1jB7eMFoJubg5d/7/gDFPbHMvgjP7kN75k1TmeyzrBVUuplH ek+XMzxkWYPStw1QHub94VpKhVm7fjvLrq2+2bfdQnM7bRbgwdA66jSwqVQ569Hr oOFXJjVfz279BMqszAsw =JUzV -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 3 19:34:12 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 01677C7; Tue, 3 Jun 2014 19:34:11 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD2492E91; Tue, 3 Jun 2014 19:34:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s53JYBgw015105; Tue, 3 Jun 2014 19:34:11 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s53JYBGI015103; Tue, 3 Jun 2014 19:34:11 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 3 Jun 2014 19:34:11 GMT Message-Id: <201406031934.s53JYBGI015103@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:06.exec X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:34:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:06.exec Errata Notice The FreeBSD Project Topic: triple-fault when executing from a threaded process Category: core Module: kern Announced: 2014-06-03 Credits: Ivo De Decker and Debian GNU/kFreeBSD porters Affects: All supported versions of FreeBSD. Corrected: 2014-05-23 09:29:04 UTC (stable/10, 10.0-STABLE) 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) 2014-05-23 11:56:32 UTC (stable/9, 9.2-STABLE) 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) 2014-05-23 09:48:42 UTC (stable/8, 8.4-STABLE) 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) CVE Name: CVE-2014-3880 For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The execve and fexecve system calls transforms the calling process into a new process, constructed from an ordinarty file. When executing a new process, the FreeBSD virtual memory subsystem tries to optimize the process by avoiding destroying the old virtual memory address space when the calling process do not share its address space with another process (for instance, via rfork(2) with RFMEM) and when the new min/max address limit stays the same. In the optimized scenario, the virtual memory subsystem only removes usermode mappings from the existing virtual memory address space instead of destroying and recreating it. II. Problem Description When the virtual memory address space is recreated for the calling process, the old virtual memory address space as well as its associated mappings are destroyed before thread_single(9) boundary, where threads were allowed to run to safely terminate. If such threads were on other CPUs, the old page table pointer may still be referenced. III. Impact The system will crash when this happens due to a triple-fault triggered by dereferencing an invalid page table pointer. IV. Workaround No workaround is available, but systems that do not run binaries that are of different bit-ness (e.g. 32-bit and 64-bit binaries) are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4] # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-8.4.patch # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-8.4.patch.asc # gpg --verify exec-8.4.patch.asc [FreeBSD 9.1] # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.1.patch # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.1.patch.asc # gpg --verify exec-9.1.patch.asc [FreeBSD 9.2] # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.2.patch # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.2.patch.asc # gpg --verify exec-9.2.patch.asc [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-10.0.patch # fetch http://security.FreeBSD.org/patches/EN-14:06/exec-10.0.patch.asc # gpg --verify exec-10.0.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r266583 releng/8.4/ r267019 stable/9/ r266585 releng/9.1/ r267018 releng/9.2/ r267018 stable/10/ r266582 releng/10.0/ r267017 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:06.exec.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnNcIQANX2RW/Yeuso43ziviT10iH9 IBd0Ibazfq4HIVANEGfBF9pkL7vQ4VZzzWJBZEA6r/0qDMVO0mMoFA2/SDAB3oCO Wjc2TF/FLNPlrYamO1Comb1lKG8nmXj3C+AEEOyzlxDBLIH4cEuCX6yBbjZgjeuz eYTmFWqiMBwjOctZSFzmaZjaG0EtUIig8ELkPePXBP+zGZiBlBRpLuXWTUuRTT1T I8YbhEhlvw7rZmtK7rq5uRFfFclmFCC1cYRxKb9o+9tXUL9Qq6q0740hAG/I1HJU s7M3gvQZNhFa6B8fC2XbBwe1g51pfcxRkU8ZZ0kIU4064r9CP9In9InmcFKrfZTo xNYNiV9/8rY2lHts6cXZgfrJQLfEWzYghlKVBBZpd8syVjt8ozA08YAD4RAzGAsb s1cwI9ZCpc9ak6kd9xvDV/ZUmJLE3XS8HkogUd/RBYiu0GTn6MsCIc/pnOpAL1Cq BWLmWS8vDT4rcuC828L2VmdfLjrdWcr9DHreiW7xxCX4O+/ktOT43PrgQtjd/mf+ i0k9OAJRwdoh92ylLkEJqm3kugoDGxOITKHvo2dx+g2ySukIzTv0BCNT9EAJ0kX+ i4G0eyGNTsIycZcokil1rUzk2giNLa5yqKOZNzPZ3EA7U/knuXDN1rdN0OzrqncY WZlllko53SvpSDli15vp =A9nK -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 3 19:34:11 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7B483BE; Tue, 3 Jun 2014 19:34:11 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 657922E8D; Tue, 3 Jun 2014 19:34:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s53JYBn7015077; Tue, 3 Jun 2014 19:34:11 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s53JYBGL015075; Tue, 3 Jun 2014 19:34:11 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 3 Jun 2014 19:34:11 GMT Message-Id: <201406031934.s53JYBGL015075@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:13.pam X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:34:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits: Peter Wemm, Dag-Erling Smørgrav Affects: FreeBSD 9.2 and later. Corrected: 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1) 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1-p1) 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) 2014-06-03 19:02:18 UTC (stable/10, 10.0-STABLE) 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) CVE Name: CVE-2014-3879 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. It is used not only in the base system, but also by a large number of third-party applications. Various authentication methods (UNIX, LDAP, Kerberos etc.) are implemented in modules which are loaded and executed according to predefined, named policies. These policies are defined in /etc/pam.conf, /etc/pam.d/, /usr/local/etc/pam.conf or /usr/local/etc/pam.d/. The PAM API is a de facto industry standard which has been implemented by several parties. FreeBSD uses the OpenPAM implementation. II. Problem Description The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller). The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration. A similar issue can arise if a policy contains an include directive that refers to a non-existent policy. III. Impact If a module is removed, or the name of a module is misspelled in the policy file, the PAM library will proceed with a partially loaded configuration. Depending on the exact circumstances, this may result in a fail-open scenario where users are allowed to log in without a password, or with an incorrect password. In particular, if a policy references a module installed by a package or port, and that package or port is being reinstalled or upgraded, there is a brief window of time during which the module is absent and policies that use it may fail open. This can be especially damaging to Internet-facing SSH servers, which are regularly subjected to brute-force scans. IV. Workaround If your system uses customized PAM policies, carefully review your policies to ensure that all module names are spelled correctly. If your system uses third-party authentication modules, either refrain from upgrading those modules until you have patched your system, or shut down the affected services before upgrading. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.2] # fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd9.patch # fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd9.patch.asc # gpg --verify pam-freebsd9.patch.asc [FreeBSD 9.3 and 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd10.patch # fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd10.patch.asc # gpg --verify pam-freebsd10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r267015 releng/9.2/ r267018 stable/10/ r267014 releng/10.0/ r267017 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnx90P/je9ArC02N90sK//UauenbXV BJCNh1WRSVE3hoxgVyPC0R+6Ts6J9At42ANUHXHVxipA2Qpu2UKf+/c3JreSuSGs 6rgAj1TPZEideQInTs9qCJWr6f/M2aPlYCF8iHuuLMJTO35wfVYQENDaFJmebKoI fKkVvTh8ig2cgJWe7RZxd+Y4tPxKZb5ix5jV+xFjDPrmzVgSCUVpW0GrD7qWOg1W 25Ysx+LLBr03guDnFd9RodObWoNZ+aFxuvkKELmjUKva7xRSEw6PfwPCpLp9/83Q HDVlkw0jH+0sF1SY7V+GUvQriPNpwyGNEOfDvL47gnlN/Z7HOZ0hYlVuYw4QYGv5 l5PZOL5eFC6xl88fn+ypKQwGDdzpM4i+svBy//2CW17luU31L4F/cde+yCxsEJB5 JXNhVTYe2z+ACfSs+Oxzk5uGI1f9FhvTzIyoO26Coq6e2Nk2633451kRgdPNxoAP kMimT2Mle/1kqupLirGi44lEyUYV9As2AhnLBFFUXTnESlWVe6q0N0Rb8G6D2jcR 0m5hccsS2HcysUtSIP8ADB6LlSgH+bKP2FUFopdjQUx3J+/KQ5kl6L/UhOOr1Hag 4PdoCPpR15s2CaICmu5HkDtGNkZQV7xdN6TLcksJHXRshISlbzZjlaNyrbu6oJu9 nz3mhzGz1ZH6l7kuNYXD =qUxk -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Thu Jun 5 13:16:55 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9554B145; Thu, 5 Jun 2014 13:16:55 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 80BC02B4E; Thu, 5 Jun 2014 13:16:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s55DGtlJ041943; Thu, 5 Jun 2014 13:16:55 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s55DGteX041941; Thu, 5 Jun 2014 13:16:55 GMT (envelope-from security-advisories@freebsd.org) Date: Thu, 5 Jun 2014 13:16:55 GMT Message-Id: <201406051316.s55DGteX041941@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:14.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 13:16:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:14.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-06-05 Affects: All supported versions of FreeBSD. Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE) 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2) 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15) 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE) 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12) CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. [CVE-2014-0195] Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. [CVE-2014-0221] Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. [CVE-2014-0224] Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014-3470] III. Impact A remote attacker may be able to run arbitrary code on a vulnerable client or server by sending invalid DTLS fragments to an OpenSSL DTLS client or server. [CVE-2014-0195] A remote attacker who can send an invalid DTLS handshake to an OpenSSL DTLS client can crash the remote OpenSSL DTLS client. [CVE-2014-0221] A remote attacker who can send a carefully crafted handshake can force the use of weak keying material between a vulnerable client and a vulnerable server and decrypt and/or modify traffic from the attacked client and server in a man-in-the-middle (MITM) attack. [CVE-2014-0224] A remote attacker who can send carefully crafted packets can cause OpenSSL TLS client to crash. [CVE-2014-3470] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc [FreeBSD 9.x and 8.x] # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc # gpg --verify openssl-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r267103 releng/8.4/ r267104 stable/9/ r267106 releng/9.1/ r267104 releng/9.2/ r267104 stable/10/ r267103 releng/10.0/ r267104 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTkGuTAAoJEO1n7NZdz2rnomEP/AzIur2b4KXcOJnPSq+Fgz2E ThZnGpYaWGQXkBnPcARtLUN+98UQkdcVOpDXExdTP/mz+fRH5P14qBCwgFXfMX1a Ins6M696pAyBE+SHjFMwX/pSA402Y2LFcfUgq1f9oBKPM77+X/9J4z4NPXB72qTp ULLTBVtHiqwlcO6bD+YlpE5AfvoKoUI0MmmkuA4R1zmY/JBgDqN68oiTn7KwRp5m v44uVuGF+gGMMkN5oZmXqn89+CbRjDkyk9gvHhe1VXZLfZi6GDlayNMpuBdj9laU 3jpMMqwXGF45j524Ai03U/lAzO7Fn1Zl87dlElPk1BMaVmG8uGFipiULPQqsyUC9 rchzXxtDM7VVA/p7G3Vn6RHbOPeNCxhuFonq1WxVBrXImIw23PRWDlYx+Kve5trH gJvztI6CkD0f6NOf7HM7LYU1slvGFykFhoGeurxFVfKT2YlulL6HcRx4QPFE33c1 W57wPHUvZ2w8hO0OU1zX1pz1qE6je+DoSTq7bob5ExXmDWCu2LElmKXW67N2tGYq kNetRkTR9qwDlmexrcyAVgR45a/9oe/p9taTgm2/8ITzaHjexYcGn/tL7Mc9pYCa Dj9FP0D52foKj3PjVfSZc/8kgJklKhtugDvbK74MmruA6vUELRrY84O2kfpgAzLj KfE2eBuieG9+Pdpk011t =/CUF -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 24 19:33:53 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0085369A; Tue, 24 Jun 2014 19:33:52 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D55D02065; Tue, 24 Jun 2014 19:33:52 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJXqmp035129; Tue, 24 Jun 2014 19:33:52 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s5OJXqRg035127; Tue, 24 Jun 2014 19:33:52 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 24 Jun 2014 19:33:52 GMT Message-Id: <201406241933.s5OJXqRg035127@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:15.iconv X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:33:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:15.iconv Security Advisory The FreeBSD Project Topic: iconv(3) NULL pointer dereference and out-of-bounds array access Category: core Module: libc/iconv Announced: 2014-06-24 Credits: Manuel Mausz, Tijl Coosemans Affects: FreeBSD 10.0 Corrected: 2014-03-04 12:43:10 UTC (stable/10, 10.0-STABLE) 2014-06-24 19:05:08 UTC (releng/10.0, 10.0-RELEASE-p6) CVE Name: CVE-2014-3951 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The iconv(3) API allows converting text data from one character set encoding to another. Applications first open a converter between two encodings using iconv_open(3) and then convert text using iconv(3). HZ is an encoding of the GB2312 character set used for simplified Chinese characters. VIQR is an encoding for Vietnamese characters. II. Problem Description A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash. III. Impact Services where an attacker can control the arguments of an iconv_open(3) call can be caused to crash resulting in a denial-of-service. For example, an email encoded in HZ may cause an email delivery service to crash if it converts emails to a more generic encoding like UTF-8 before applying filtering rules. IV. Workaround No workaround is available, but systems that do not process untrusted Chinese or Vietnamese input are not affected by this vulnerability. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:15/iconv.patch # fetch http://security.FreeBSD.org/patches/SA-14:15/iconv.patch.asc # gpg --verify iconv.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r262731 releng/10.0/ r267829 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTqc+KAAoJEO1n7NZdz2rnmqsP/1VXkGjjBB34Qh43HGxmVofB 8Zfkc19nQtHvQaS+wAUfm10Onu2QJUPPm5OZL+kYYxJs1G4/VLTDTl/7cHBkCoA0 abdDpRbtG6CMHfnaARpMOAkg+uvHl41pjHgr+mi4TRYivzSNp+qfw8BsPJ21DAS6 Om6H6m+ggHjTXrtniBtQ+os2wfxbGGMJQzL94QC+tyzzFTEknIt8lgn6hboh99eV pQb8WnSRCPuyiw+hKHdOOS7er7ZCIy9l0VWWfyJzcZP3/W5q6qSNCdnMUNZsTk0L ruiUrhRjookK6/3VKb+9/YMfpB8xuQad2fk2mbQZkaxdSVJyFIfOI6Y9PJYbx9BP Z7Bp0qyEGs+5/CZhiSwr2E/3k7kNe+30dvbPE0SBw9JNS4T0FyzlRUM4Y8s843Lf GUcacSLcgCv8DUU517GmTL+UvnE+dajppr/vueRTC2T0mj8OX1qukq1Rjs9RpZkc l2ajo3TbMZjwwivEsJEI2706tqv2v7+xON6WrZbUvbXlp4Kw7v01pS2Z3DFIeK8d D9H80XuBIM6ZvMUd3NZHBGBjcxYEHvB5hM26ceCAP/ZvOSa4jp8vVQcPVONwj55n RvX+K66t3yGiRznjhUUL+/8T9ulcI8TomgKL+U3UXasinYU9F4v55yXRugYvgnig jh8e1kgmRt2rt5ZLthe5 =Wr8S -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 24 19:33:54 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B96BB6A1; Tue, 24 Jun 2014 19:33:54 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A4946206B; Tue, 24 Jun 2014 19:33:54 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJXsXt035170; Tue, 24 Jun 2014 19:33:54 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s5OJXsCw035168; Tue, 24 Jun 2014 19:33:54 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 24 Jun 2014 19:33:54 GMT Message-Id: <201406241933.s5OJXsCw035168@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:16.file X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:33:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:16.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file(1) and libmagic(3) Category: contrib Module: file Announced: 2014-06-24 Affects: All supported versions of FreeBSD. Corrected: 2014-06-24 19:04:55 UTC (stable/10, 10.0-STABLE) 2014-06-24 19:05:08 UTC (releng/10.0, 10.0-RELEASE-p6) 2014-06-24 19:04:55 UTC (stable/9, 9.3-PRERELEASE) 2014-06-24 19:05:19 UTC (releng/9.3, 9.3-RC2) 2014-06-24 19:05:36 UTC (releng/9.2, 9.2-RELEASE-p9) 2014-06-24 19:05:36 UTC (releng/9.1, 9.1-RELEASE-p16) 2014-06-24 19:04:55 UTC (stable/8, 8.4-STABLE) 2014-06-24 19:05:47 UTC (releng/8.4, 8.4-RELEASE-p13) CVE Name: CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. II. Problem Description A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. [CVE-2012-1571] A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. [CVE-2013-7345] A malicious input file could trigger infinite recursion in libmagic(3). [CVE-2014-1943] A specifically crafted Portable Executable (PE) can trigger out-of-bounds read. [CVE-2014-2270] III. Impact An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can the application to crash or consume excessive CPU resources, resulting in a denial-of-service. IV. Workaround No workaround is available, but systems where file(1) and other libmagic(3)-using applications are never run on untrusted input are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.1, 9.2, 9.3, 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:16/file.patch # fetch http://security.FreeBSD.org/patches/SA-14:16/file.patch.asc # gpg --verify file.patch.asc [FreeBSD 8.4] # fetch http://security.FreeBSD.org/patches/SA-14:16/file-8.4.patch # fetch http://security.FreeBSD.org/patches/SA-14:16/file-8.4.patch.asc # gpg --verify file.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r267828 releng/8.4/ r267832 stable/9/ r267828 releng/9.1/ r267831 releng/9.2/ r267831 releng/9.3/ r267830 stable/10/ r267828 releng/10.0/ r267829 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTqc+KAAoJEO1n7NZdz2rnaLsP/jwrr5b1qZ9tObnN3FXwzEjD jNHa3AJKHXgrYGzF8yNrZElhE48f02sr9dEXqIw/E5eElcVhi38RBEkwblE8Nj2H M5bzEwVS7kWPcAl1vBno1rFTHutUTOSSopBGgwlNAlWSFnr1iFIIU9dQ6kcGCnBj LvMx5kTSyZ707kArRrFjrDeYlPLSE/vSBOC00TqReS+3Q9By1IH5kUWesDWr+3Gk lvW/JzSTcyOicrGR6vRHiLn9+NKojd6pV3hqV/uxuth1OxRtiGPeodL6CyvkipMo rKjTgXEY2KluBGV9ff+rbeARLfUh2PDJ9Z5BfF7O8ZyMZpKkcw6MFRRfJ0xgtUZK vpF0u8NVMIZhHLSJ9q1Roij2POxeOETNXG2bGKtVu8pqhJ14DvMfPgamsQLhzKRX vBN1Gw+3RctJrQpF9HvYFOsKlfzcWyka82lw5GSsDYGH2TamU00CTQmx/5PW+WVo xV3C17Wj8AkmRYWeC4IzkTiZ8avVOZ+TMyJKRhL6EGBT3ramu8BFdV8oZOcHHpR/ rAI6eZcFtNuwKuvfqHZmh84GicHDkMHXy6OiyCYUW9uNdWl7nUPMMxp/zEA6gtay ozVedGIIrhYkfQAJRcRAcnEBYqcBVkCD/rKXJtdALl3RDQrediRaz0nWE2bJ/qs3 bHjS6vu9VS/3z0+pEYri =5Ihe -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 24 19:33:55 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 85C2F6E1; Tue, 24 Jun 2014 19:33:55 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6DE9F206F; Tue, 24 Jun 2014 19:33:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJXtYT035204; Tue, 24 Jun 2014 19:33:55 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s5OJXtZj035202; Tue, 24 Jun 2014 19:33:55 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 24 Jun 2014 19:33:55 GMT Message-Id: <201406241933.s5OJXtZj035202@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:07.pmap X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:33:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:07.pmap Errata Notice The FreeBSD Project Topic: Bug with PCID implementation Category: core Module: kernel Announced: 2014-06-24 Credits: Henrik Gulbrandsen Affects: FreeBSD 10.0-RELEASE Corrected: 2014-03-04 21:51:09 UTC (stable/10, 10.0-STABLE) 2014-06-24 19:05:08 UTC (releng/10.0, 10.0-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Process-context identifiers (PCIDs) are a facility in modern x86 processors, which tags TLB entries with the Id of the address space and allows to avoid TLB invalidation on the context switch. II. Problem Description Due to bug in the handling of the mask of the CPU set where the given address space could have cached TLB entries, stale mappings could be seen by multithreaded programs. III. Impact Applications, most notably Java, which makes heavy use of threads may randomly crash due to the inconcistency. IV. Workaround Systems that do not run have a CPU that supports the Process-Context Identifiers feature are not affected. The system administrator can add the following to /boot/loader.conf which disables Process-Context Identifiers to workaround this problem: vm.pmap.pcid_enabled="0" V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/EN-14:07/pmap.patch # fetch http://security.FreeBSD.org/patches/EN-14:07/pmap.patch.asc # gpg --verify pmap.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r262753 releng/10.0/ r267829 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:07.pmap.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTqc+KAAoJEO1n7NZdz2rnAbYP/iZKU3SSwHwWPzYa03ZwgW4u 54MigJuV/wyOfJj2ZZuOXTaYZP1miRgFr7mn9OWkA6slWHLAVkmN9fWrUU8tRPjJ UDVhnbToVYIcmW2tEH5lZ5y1Stt178NZTeMo26jgkWhj74RZ10OIFdSuNlNUQGSr djanCdgpnGL+odml+rQcGAAKKH97PchQ6r9IivNgE6mnGhGvzOjQOSdxioBLew14 w5Ua3k4nn/4hYi4RMPJ/vAlPdJHVsnZb8kRWhf4Ncj19IkvJ8EO6PmnHCbdGmV1I cvqVFxXPGGA/A+O9E+1S+54SWotivpgjSujuQFFmvuzBbPhlt/Hmtn6YwljNG4+e V6MsMRPMHVoIhOCBv9xfCHgyajA7jgbRGqQkMWxwKPVLjmk2NWOsbGBjHMFHnqYn 87Sh7crbFffNGwqGJgn+vXSXeNZ/95EWSBE0/B4KfqPeX6XCJI/C/sMRl0ATKa7C k227J0olXKKUInLEq7tS1nLS0IKlWLF5WiRFx7DOa4DKLBcLZkYKTu3ATJySQ4V3 hDNDpubB3/94ug1slRNWDYGxzaZq0ctUTubxsHW7a0iYQi/PkssCT/8jVAdsx8hq S1DjGZiFAKLOiJUSvPfONdwodORyEyMB+z37EfgeHKKqnjJXgSEtmnmI+7sT8hlR FhXX1XQOBUtPxF+MY4bT =vNzu -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 24 19:33:55 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A86DE712; Tue, 24 Jun 2014 19:33:55 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 938312070; Tue, 24 Jun 2014 19:33:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJXtOK035217; Tue, 24 Jun 2014 19:33:55 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s5OJXt8l035215; Tue, 24 Jun 2014 19:33:55 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 24 Jun 2014 19:33:55 GMT Message-Id: <201406241933.s5OJXt8l035215@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:08.heimdal X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:33:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:08.heimdal Errata Notice The FreeBSD Project Topic: gss_pseudo_random interoperability issue Category: contrib Module: heimdal Announced: 2014-06-24 Credits: Marc Dionne, Nico Williams, and Benjamin Kaduk Affects: All supported versions of FreeBSD prior to 9.2-RELEASE. Corrected: 2013-12-16 06:52:30 UTC (stable/9, 9.2-STABLE) 2014-06-24 19:05:36 UTC (releng/9.2, 9.2-RELEASE-p9) 2014-06-24 19:05:36 UTC (releng/9.1, 9.1-RELEASE-p16) 2013-12-16 06:56:38 UTC (stable/8, 8.4-STABLE) 2014-06-24 19:05:47 UTC (releng/8.4, 8.4-RELEASE-p13) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Heimdal provides an implementation of Kerberos 5, the Generic Security Service API (GSS-API), and the krb5 GSS-API mechanism. The GSS-API is an abstract API that provides a unified interface for security services that wraps many underlying security mechanisms. Application protocols using the GSS-API exchange context tokens to establish a security context. Once the security context has successfully been established, it can be used to checksum and/or encrypt messages between the two parties of the context, securely generate an identical pseudorandom bitstring at both endpoints, and other security-related functionality. Kerberos 5 permits the use of different encryption types for encryption keys; part of the specification for each encryption type is a pseudo-random function that uses an encryption key and some optional seed data to produce a pseudo-random bitstring of a fixed length. The GSS_Pseudo_random function uses an established security context and some optional seed data to produce a pseudo-random bitstring of (nearly) arbitrary lengh. The specification for GSS_Pseudo_random for the krb5 mechanism (RFC 4402) uses a counter mode to produce the arbitrary length output from the fixed-length output of the underlying enctype's pseudo-random output. II. Problem Description RFC 4402 specifies that the counter which is prepended to the seed data must be encoded in network (big-endian) byte order before being input to the encryption type's pseudo-random function. All released versions of Heimdal that include a GSS_Pseudo_random implementation for the krb5 mechanism encode the counter as a little-endian integer. III. Impact Only applications using the GSS_Pseudo_random functionality with the krb5 mechanism are affected; the number of such applications is believed to be small. (RFC 4402 was published in 2006.) Since the first value used for the counter is zero, the first block of output is correct, but the second and all subsequent blocks of output are incorrect. Old versions of Heimdal will interoperate over the network with each other, but will not interoperate with MIT krb5 peers or other implementations of RFC 4402, if producing more than one block of pseudo-random output. For the commonly used AES encryption types, the first 128 bits of output are correct but the subsequent output differs. IV. Workaround Applications which do not use the GSS_Pseudo_random functionality are not affected. Applications which can reduce their pseudo-random needs to a single block length (e.g., 128 bits for AES) will interoperate with all known implementations. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-14:08/heimdal.patch # fetch http://security.FreeBSD.org/patches/EN-14:08/heimdal.patch.asc # gpg --verify heimdal.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r259452 releng/8.4/ r267832 stable/9/ r259451 releng/9.1/ r267831 releng/9.2/ r267831 stable/10/ r259447 releng/10.0/ r259758 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The discussion of this interoperability issue in the IETF kitten working group archives may be found here: http://www.ietf.org/mail-archive/web/kitten/current/msg04479.html The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:08.heimdal.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTqc+KAAoJEO1n7NZdz2rnk2wP/RXxr1lgWeKY1wCusB/wlkLO 6cVsvZwIkvTvKNglkqY4dEvJJ1mdy25xP2yoft+ChM9ugTiGs5gfxsROXLCufobP 0ycnbl0pxL00aNwU3nXaejPhfblwwLmnwZAb3JuxF795BH/7z4a9vdC0mEn86RbQ efeu3hqxJJxDL65xUntlgzWiFSWB+DZUjBU9DAFWlOPnbVR2T3n5w4sFSWMDtmv+ AxqKjNVLgIHQKECTYjyFV2UjXCn6Np2m0dWHSpYM5MsdSaUolOqDRRxzAK5LKHg0 ieHTf1OgBpfe/iBuSwybtEv/4cagDvN82Vsni8MbLEeDMa4DSsKorea1SIrCTcBv CW4ugln7bBWgm3hnCEIWsy0wwhSVQetGFjYgimZySI5/nO2Jnh1Ung705MPCYpb7 +X+G/oLqp04Bq81sWY4KFN8cfcmM2fQyL0zYOS72VPjXEvwcHnsbjZ/yO8eekO+J oxkd8FaXR4b21HCh5cdlwWNNU4mu9wId8CLJW0y9l15zloTQvjW8+MSlEhAm9KUl nYq/qHGiLTvxmsHlnQumay8lhtRJf0r3pNih+xchxy7JCVeu84aZHSIDrklZoiAr LjOWagYFP9qHqhmmRxVoHKBeHgUaDWiJ9J0a0R44GadowrstYT7cYCzfSQr1KkDz HPlEHgAxXm0shG0bbEA5 =tTXE -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Thu Jun 26 14:13:04 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D53EFF0D for ; Thu, 26 Jun 2014 14:13:04 +0000 (UTC) Received: from mail-pd0-x230.google.com (mail-pd0-x230.google.com [IPv6:2607:f8b0:400e:c02::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AFBA52D54 for ; Thu, 26 Jun 2014 14:13:04 +0000 (UTC) Received: by mail-pd0-f176.google.com with SMTP id ft15so3090272pdb.35 for ; Thu, 26 Jun 2014 07:13:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=prmVmWoNG8mZR9IVL9t7dmpSnrutyShZ5c3Rs1Oab/0=; b=hvDgl4N3rZmWIYJkZC+EbUfIrnWuWmCnF7Cw2w62unlCYHLj+vLQTiNOMOvfpT5Rve qTGnGD0BfONv7uGFpS84ALqrWkMH6QjCt0scT1ky+pPUgS2sTsf/x3DiEVFjjjOaKALN ahV257hqfgSR1iR1TMMeU19wdeYtAUcYsxce5wAqzHUrstDQwKUn/IWNpvajyQSRuawg /49HMD0CpUOpeRcdCvPE9vBN1is1SB/dUsM40mm2QyEt4xNUOv+ybFjDV6K/qpwFR58Z +qwS6kHwslvxxxOYK+HEu3h5oeDOIr1pLMB4jWaQ5nUbnJwkSHemlr81Ls8sFVVDd3Zv naAw== MIME-Version: 1.0 X-Received: by 10.68.202.167 with SMTP id kj7mr22122429pbc.160.1403791984069; Thu, 26 Jun 2014 07:13:04 -0700 (PDT) Received: by 10.70.54.41 with HTTP; Thu, 26 Jun 2014 07:13:04 -0700 (PDT) Date: Thu, 26 Jun 2014 11:13:04 -0300 Message-ID: From: Mate Cocido To: freebsd-announce@freebsd.org X-Mailman-Approved-At: Thu, 26 Jun 2014 16:16:41 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Subject: [FreeBSD-Announce] [BSDday] Call for talks BSDday 2014 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2014 14:13:05 -0000 BSDday (Argentina) 2014 will be held 9th August 2014 in University of Buenos Aires' Faculty of natural and exact sciences. BSDday conference was created in 2008 and it is the only active conference in Argentina. Previous years attendants were mostly sysadmins, but developers and users are encouraged to participate too. Our conference budget is very tight, so no promises can be done at this point about covering any traveling expenses. Anyway, we are working in get more founding right now and it might be possible in some cases. The submits should be sent to cfp [at] bsdday.org before 1st august and include: - Talk title - Authors information - Estimated duration time for the talk. - Required previous knowledges. - Topic area - Contacts (phone and email) The conference usually redistributes the slides and video of the talks afterwards, so we also require you to chose a Licence for the distribution that allow us to redistribute it. Best regards, BSDday-Argentina organization committee From owner-freebsd-announce@FreeBSD.ORG Fri Jul 4 20:39:10 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3622D448 for ; Fri, 4 Jul 2014 20:39:10 +0000 (UTC) Received: from fep14.mx.upcmail.net (fep14.mx.upcmail.net [62.179.121.34]) by mx1.freebsd.org (Postfix) with ESMTP id 7ADDA2F71 for ; Fri, 4 Jul 2014 20:39:08 +0000 (UTC) Received: from edge03.upcmail.net ([192.168.13.238]) by viefep14-int.chello.at (InterMail vM.8.01.05.05 201-2260-151-110-20120111) with ESMTP id <20140704203901.PHJN19818.viefep14-int.chello.at@edge03.upcmail.net> for ; Fri, 4 Jul 2014 22:39:01 +0200 Received: from [127.0.0.1] ([178.84.134.112]) by edge03.upcmail.net with edge id NLf01o00t2Rg3Ey03Lf0yk; Fri, 04 Jul 2014 22:39:01 +0200 X-SourceIP: 178.84.134.112 Message-ID: <53B710E5.7080203@rainbow-runner.nl> Date: Fri, 04 Jul 2014 22:39:01 +0200 From: Koop Mast User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-announce@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 140704-1, 04-07-2014), Outbound message X-Antivirus-Status: Clean X-Mailman-Approved-At: Fri, 04 Jul 2014 21:09:36 +0000 Subject: [FreeBSD-Announce] temporary WITH_NEW_XORG repositories available X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 20:39:10 -0000 Hello, For people needing WITH_NEW_XORG, an alternate pkg(8) repository is now online. It contains a subset of packages affected by this knob: you must keep the primary repository enabled while using the new one. The URL is: pkg+http://pkg.FreeBSD.org/${ABI}/new_xorg The following FreeBSD releases are supported: o FreeBSD 9.x/amd64 o FreeBSD 9.x/i386 o FreeBSD 10.x/amd64 o FreeBSD 10.x/i386 It's not available for FreeBSD 8.x because newer KMS drivers aren't included in this release. It's not available for FreeBSD 11-CURRENT either because WITH_NEW_XORG is already the default (ie. packages from the primary repository are built with WITH_NEW_XORG). Packages are updated once a week, like the primary repository. To use it, you need to declare this new repository. Here's how to do it: mkdir -p /usr/local/etc/pkg/repos cat > /usr/local/etc/pkg/repos/FreeBSD_new_xorg.conf < Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD9996EF; Tue, 8 Jul 2014 22:33:48 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 992902A24; Tue, 8 Jul 2014 22:33:48 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s68MXm8u043076; Tue, 8 Jul 2014 22:33:48 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s68MXmkX043074; Tue, 8 Jul 2014 22:33:48 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 8 Jul 2014 22:33:48 GMT Message-Id: <201407082233.s68MXmkX043074@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:17.kmem X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 22:33:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp Announced: 2014-07-08 Credits: Michael Tuexen Affects: All supported versions of FreeBSD. Corrected: 2014-07-08 21:54:50 UTC (stable/10, 10.0-STABLE) 2014-07-08 21:55:27 UTC (releng/10.0, 10.0-RELEASE-p7) 2014-07-08 21:54:50 UTC (stable/9, 9.3-PRERELEASE) 2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC3-p1) 2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC2-p1) 2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC1-p2) 2014-07-08 21:55:27 UTC (releng/9.3, 9.3-BETA3-p2) 2014-07-08 21:55:27 UTC (releng/9.2, 9.2-RELEASE-p10) 2014-07-08 21:55:27 UTC (releng/9.1, 9.1-RELEASE-p17) 2014-07-08 21:54:50 UTC (stable/8, 8.4-STABLE) 2014-07-08 21:55:39 UTC (releng/8.4, 8.4-RELEASE-p14) CVE Name: CVE-2014-3952, CVE-2014-3953 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The control message API is used to construct ancillary data objects for use in control messages sent and received across sockets and passed via the recvmsg(2) and sendmsg(2) system calls. II. Problem Description Buffer between control message header and data may not be completely initialized before being copied to userland. [CVE-2014-3952] Three SCTP cmsgs, SCTP_SNDRCV, SCTP_EXTRCV and SCTP_RCVINFO, have implicit padding that may not be completely initialized before being copied to userland. In addition, three SCTP notifications, SCTP_PEER_ADDR_CHANGE, SCTP_REMOTE_ERROR and SCTP_AUTHENTICATION_EVENT, have padding in the returning data structure that may not be completely initialized before being copied to userland. [CVE-2014-3953] III. Impact An unprivileged local process may be able to retrieve portion of kernel memory. For the generic control message, the process may be able to retrieve a maximum of 4 bytes of kernel memory. For SCTP, the process may be able to retrieve 2 bytes of kernel memory for all three control messages, plus 92 bytes for SCTP_SNDRCV and 76 bytes for SCTP_EXTRCV. If the local process is permitted to receive SCTP notification, a maximum of 112 bytes of kernel memory may be returned to userland. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem.patch # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem.patch.asc # gpg --verify kmem.patch.asc [FreeBSD 8.4, 9.2 and 9.3-RC] # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-89.patch # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-89.patch.asc # gpg --verify kmem.patch.asc [FreeBSD 9.1] # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-9.1.patch # fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-9.1.patch.asc # gpg --verify kmem.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r268432 releng/8.4/ r268435 stable/9/ r268432 releng/9.1/ r268434 releng/9.2/ r268434 releng/9.3/ r268433 stable/10/ r268432 releng/10.0/ r268434 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTvHEtAAoJEO1n7NZdz2rnbRcP+gJ9CIH2kch1kXgs94McM1L+ uSnUQsv30OQFe/J//q65HUINVwCMwyRZRFZ238sVsJ6jpft6UTaDxDSdJAqR2opi hew/KEYYQhrrFXCHAgyaXh7Ph1B9URBJ5/MOkDWIBYOei3bxPZRP4ordrtclq/bA qFRvov9gXUah6imbnRMvmC68tzt9v7I/vE2VwsC9fE/yL25IvP5ZunEATegOm4IQ w+fk2VB/6GNFbTsWW1aR6FM60mWXVj2uJfHenEG1K381AXXQb4lSzo8E2SsdkI3B x+MJkxBhNrpSm6tV/zndtYRoDtFseuTHBjKxe7liTyJcFuztkZqmdHaNzbeBSVON P/fIqMHt2f143028ZZZEFqHzuqiEWrWB3WcgQnfsp3HrhMPnhnwkfo8TuC5NiKYx 6CsdnWLdPb1ix9RqX4MqnbFBHDKCoK28nuCKcxJB/OXanikGzcIBazpLsqFmTcm6 9bZ79zuMWU7wiU8p5qdGURmjTJQx9eF5UHcyfIPX6wZLyx8WVltbF5zVJa0nw0LC OEf5KmmgEbPhfdkJ5R2UyHffwQDCNs+vixNLRSJS9/D/6lczT8qPxpDEkjQCsSKw YxmLubDOjnqR57yrh4kKEj2V5ZJcRu2G1q1EKdLfD98VJOrot8p4qa4sCL+o9sbw nII906M+PVUAnsa9synp =nTZs -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jul 8 22:33:49 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 29A6F6F2; Tue, 8 Jul 2014 22:33:49 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11EB02A27; Tue, 8 Jul 2014 22:33:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s68MXm5i043105; Tue, 8 Jul 2014 22:33:48 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s68MXmdK043103; Tue, 8 Jul 2014 22:33:48 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 8 Jul 2014 22:33:48 GMT Message-Id: <201407082233.s68MXmdK043103@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:09.jail X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 22:33:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:09.jail Errata Notice The FreeBSD Project Topic: Jail fails to start if WITHOUT_INET/WITHOUT_INET6 is used Category: core Module: jail Announced: 2014-07-08 Credits: Eugene Grosbein, Chris Rees Affects: FreeBSD 8.4 Corrected: 2014-07-02 19:18:59 UTC (stable/8, 8.4-STABLE) 2014-07-08 21:55:39 UTC (releng/8.4, 8.4-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The jail(8) utility creates new jails, or modifies or removes existing jails. II. Problem Description The jail(8) rc(8) script used to start jails on the system does not properly detect if an address protocol is in use on the system. III. Impact When the FreeBSD kernel and userland are built either without IPv4 or IPv6 support by defining WITHOUT_INET or WITHOUT_INET6 in src.conf(5), the jail(8) will fail to start with an non-descriptive error. IV. Workaround No workaround is available, however systems that do not define WITHOUT_INET or WITHOUT_INET6 are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-14:09/jail.patch # fetch http://security.FreeBSD.org/patches/EN-14:09/jail.patch.asc # gpg --verify jail.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r268168 releng/8.4/ r268435 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:09.jail.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJTvG0oAAoJEO1n7NZdz2rnEeUP+gJuYN0VoSbT+0zPJH9u61/K gJma3dUY4zuKDRyLhYNTCM+fKIwCZ07+9lesAeDm8mXts0UGGvjSHVqxXlG1hiGi 2W8AxNzvV0FQuE6awlz8dDE2ikATkae7VPBoLraq0a7CEH4kW/mnl4+xQ3I2Hgc+ wTmF+R13mb905xbF+52aj1jDUus8+ZFuDY0VRV3IY34i9OxcnoQO+T8v1w6d9ly3 KbHmZXd2LPS0yeITAWuk4p1gwl8vi7uz7IiJcxrw/YEOUC6LkHO5/JUPRDz1O5Dd snRmFFF5w77u5bYWpHHU6kw4/k0GwuS1jfQnQm1ag/Gl8A1O4BA4ixvItOrU/FiT KxoOsdrMgD9jvIyHKOGPyio+FQuRdn+TsyE7WDw/MO2sZ3Et8nG49PccSbFQxuWu IFXoK+1gI1Vst5YlMUwbCwQRCuBawaUVhfWqF5jIeVvW2uPRr6S1rIJOyGy/HlKO HwdEtBbDcukWYojjG3pcORdv/HaQkN47NrJrJ6bWldJCshhSwPJ1ivyKLL16hjf2 H/Tk+IHfVULjxgMEY7wQ3fL6kkgMHbrfxhBSy6LVYJggzvV+hgJXNY0116gUuAhA 5UTKFfEHyXDtlgsTHSyETiHw3qXQ6JmyNUPepuAcf1Ly/yTvlFPhM56R52ZjBLRs rQOf3Vdelgpnpo4olu7L =4r/Q -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jul 9 10:56:15 2014 Return-Path: Delivered-To: announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0F4B46A for ; Wed, 9 Jul 2014 10:56:14 +0000 (UTC) Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 75D3A2D8E for ; Wed, 9 Jul 2014 10:56:14 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id f8so2014845wiw.11 for ; Wed, 09 Jul 2014 03:56:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:subject:message-id:organization:mime-version :content-type; bh=7wZZqzC1BC+nCdi5pyDBXEgWei4imRF0TUWy9H7d+7A=; b=b7RLNpSC/OqC1qLx1vSweRnKqLtIA79olREzefcNsNS+GLnfxgwVRi8fKUXxF2QOMP GJTt5oOL0fZ4rtZtzUUB/fARI5287/I/naL9MllN9hRQR55LLeBn4hAAHQt3CdDatdGi dqkeejgIi2cMGpEzlIHrLUG5T5O/wvlHLqlG4xm552nfPgac9Hwc+qE65bNQ95T9eETs u7K9G7SSCm3nuHgxXYgQgt8QrOvL2lAd7ie6JM0Tc5BjUgyM2Mi1Hjw5aN3eWmpw3ZEK 93FcR49Bd22pKESvlJyuxPRoOdr7fdOxtaYynPgorHczhiOGDiW+wO9biZSdsGkuOH5n Wmdw== X-Received: by 10.181.11.232 with SMTP id el8mr10851426wid.57.1404903372671; Wed, 09 Jul 2014 03:56:12 -0700 (PDT) Received: from funktor (dial-3-199.pool.emitel.hu. [194.149.57.199]) by mx.google.com with ESMTPSA id de6sm21763464wjc.16.2014.07.09.03.56.11 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Wed, 09 Jul 2014 03:56:12 -0700 (PDT) Sender: =?UTF-8?B?UMOhbGkgR8OhYm9yIErDoW5vcw==?= Date: Wed, 9 Jul 2014 12:55:54 +0200 From: FreeBSD Core Team Secretary To: announce@freebsd.org Message-ID: <20140709125554.7abb9ee4@funktor> Organization: The FreeBSD Project X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.22; i386-portbld-freebsd9.1) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/t8qJQlvbz0tDoVtW_Y9IQP2"; protocol="application/pgp-signature" X-Mailman-Approved-At: Wed, 09 Jul 2014 11:28:38 +0000 Subject: [FreeBSD-Announce] New FreeBSD Core Team Elected X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2014 10:56:15 -0000 --Sig_/t8qJQlvbz0tDoVtW_Y9IQP2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dear FreeBSD Community, The FreeBSD Project is pleased to announce the completion of the 2014 Core Team Election. The FreeBSD Core Team acts as the Project's "board of directors" and is responsible for approving new src committers, resolving disputes between developers, appointing sub-committees for specific purposes (security officer, release engineering, port managers, webmaster, et cetera), and making any other administrative or policy decisions as needed. The Core Team has been elected by active FreeBSD committers every 2 years since 2000. George Neville-Neil and Robert Watson rejoin core after four years and two years of hiatus respectively, with new members Baptiste Daroussin, Ed Maste, and Gleb Smirnoff, joining incumbents Gavin Atkinson, David Chisnall, Hiroki Sato, and Peter Wemm. The complete newly elected Core Team is: ---------------------------------------- Gavin Atkinson David Chisnall Baptiste Daroussin Ed Maste George Neville-Neil Hiroki Sato Gleb Smirnoff Peter Wemm Robert Watson The new Core Team would like to thank outgoing members Thomas Abthorpe, John Baldwin, Konstantin Belousov, and Martin Wilke for their service over the past two (and in some cases, many more) years. Finally, the Core Team would also like to thank Dag-Erling Sm=C3=B8rgrav for running the election. Cheers, --=20 Gabor Pali | FreeBSD Core Team Secretary pgj@FreeBSD.org | core-secretary@FreeBSD.org --Sig_/t8qJQlvbz0tDoVtW_Y9IQP2 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJTvR/BAAoJEE1Y/c0spJd2P2MH/ReQWoQIfIPuiEKiL3sz9fV8 gvxAaD2W4gHzpHGujnSq2rkD84WynL/x3FIOOXjfXFRFielVc6s0EYqLL0uFdO8Q 5eLc+Dp+4RGf/5UTeWz5met4fwnPxPd8hZhJcE9TEOU1T00zTfLgE9bS5ZC3OaaG J6DDyb9dq+FbJDZPeqMs6FwTHHDTbTYWD50SgmX4c9ZS+v14G4veXk61+rF5g3wG eKbBFohcxgkXWy+0OvBZprA625J/l4qJBiCSVbnwsd3BzU2BHJfp4CMJOiY5OLQs Az3MbgVNpnq7JBWwCOvzqyOKSHSacxj/MwHtZvAMXp2dP8JbzTnFi1BnVcfqFqM= =gdOw -----END PGP SIGNATURE----- --Sig_/t8qJQlvbz0tDoVtW_Y9IQP2-- From owner-freebsd-announce@FreeBSD.ORG Thu Jul 10 21:56:30 2014 Return-Path: Delivered-To: freebsd-announce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DB9811CF for ; Thu, 10 Jul 2014 21:56:30 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AE7AD2920 for ; Thu, 10 Jul 2014 21:56:30 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s6ALuUgb058790 for ; Thu, 10 Jul 2014 21:56:30 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s6ALuU4H058789; Thu, 10 Jul 2014 21:56:30 GMT (envelope-from security-advisories@freebsd.org) Date: Thu, 10 Jul 2014 21:56:30 GMT Message-Id: <201407102156.s6ALuU4H058789@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: Xin Li To: freebsd-announce@FreeBSD.org Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] HEADS UP: FreeBSD 9.2 EoL coming soon X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 21:56:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Everyone, On September 30, 2014, FreeBSD 9.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 9.2 are strongly encouraged to upgrade to one of the newer releases before the that date. The current supported branches and expected EoL dates are: +----------------------------------------------------------------------------+ | Branch | Release | Type | Release Date | Estimated EoL | +-----------+------------+--------+------------------+-----------------------+ |stable/8 |n/a |n/a |n/a |June 30, 2015 | +-----------+------------+--------+------------------+-----------------------+ |releng/8.4 |8.4-RELEASE |Extended|June 9, 2013 |June 30, 2015 | +-----------+------------+--------+------------------+-----------------------+ |stable/9 |n/a |n/a |n/a |last release + 2 years | +-----------+------------+--------+------------------+-----------------------+ |releng/9.1 |9.1-RELEASE |Extended|December 30, 2012 |December 31, 2014 | +-----------+------------+--------+------------------+-----------------------+ |releng/9.2 |9.2-RELEASE |Normal *|September 30, 2013|September 30, 2014 | +-----------+------------+--------+------------------+-----------------------+ |stable/10 |n/a |n/a |n/a |last release + 2 years | +-----------+------------+--------+------------------+-----------------------+ |releng/10.0|10.0-RELEASE|Normal |January 20, 2014 |January 31, 2015 | +----------------------------------------------------------------------------+ The upcoming 9.3-RELEASE will be "Extended" support release and receive at least 2 years of support. - -- Xin Li FreeBSD Acting Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 iQIcBAEBCgAGBQJTvwt3AAoJEO1n7NZdz2rnVVAP/RRXhk+W+ihODqgSzK2sR8bl eXWpEVoStPLU9b7zaGQP24LnQbtmH4yIvCTT/NHjJmSYRPchExbGRlosnmgCTNlU nqahP2yzTTm98yWo2mfpp1snY83bw5gVj1UZRbjNXk0W4Saa7Ig6ccnze5PJBh8W IqshFKJITcQi7MBJvXCR0hIllhWFBEBBMyhd0LFiOH3yHRl4Qp4yIJRBDHo6q2Dn 6ZcdVC48Ln3AlWe+yFHrsgSMnIDAFlkxBHpIktJsWNE0UtCdlwpsbd0Sy6CFU0l0 4vLQUC2cwTZiDnBbDvBK9xVzaRA4S7FJw0VQ5pc8NJeqWDTqa+TXqpVGp8AGMiYf fXL/IzEGO/c65b3s89fL2aO46cpagBAAqSUx75eJHzZ/MyMrMPA0DrtzF7fYQ7cx zhLngkag0Jyx1pvFFBPZlputyJL+HrgDP1udtecgsUK/aoDe74f3FRkATfxIln+I oU14djeblQol40btLr35RDhYqquMjzt6gClzyEDOpk41rOmwQ2GZJghpnv+m8cYI dwXNXENBqQn9eC+GsI6u6XyPHWIbv9kZMJgcoUNjF+0koE4E77HneIVL3lpaNNXE qHRzVTtO5uaoo2TknLFZZXIB+oNlZwVDFcypV5Jt02amd1rS1BvsvdodrAC9nhtU vlG49T1e14r6qPXXmm7O =rerV -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jul 15 16:29:57 2014 Return-Path: Delivered-To: freebsd-announce@FreeBSD.org Received: by hub.freebsd.org (Postfix, from userid 1237) id 2391E813; Tue, 15 Jul 2014 16:29:57 +0000 (UTC) To: freebsd-announce@FreeBSD.org Precedence: bulk Message-Id: <20140715162957.2391E813@hub.freebsd.org> Date: Tue, 15 Jul 2014 16:29:57 +0000 (UTC) From: gjb@FreeBSD.org (Glen Barber) X-Mailman-Approved-At: Tue, 15 Jul 2014 16:30:19 +0000 Cc: FreeBSD Release Engineering Team Subject: [FreeBSD-Announce] FreeBSD 9.3-RELEASE Now Available X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 16:29:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 FreeBSD 9.3-RELEASE Announcement The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 9.3-RELEASE. This is the fourth release of the stable/9 branch, which improves on the stability of FreeBSD 9.2-RELEASE and introduces some new features. Some of the highlights: * The zfs(8) filesystem has been updated to support the bookmarks feature. * The uname(1) utility has been updated to include the -U and -K flags, which print the __FreeBSD_version for the running userland and kernel, respectively. * The fetch(3) library has been updated to support SNI (Server Name Identification), allowing to use virtual hosts on HTTPS. * Several updates to gcc(1) have been imported from Google. * The hastctl(8) utility has been updated to output the current queue sizes. * The protect(1) command has been added, which allows exempting processes from being killed when swap is exhausted. * The etcupdate(8) utility, a tool for managing updates to files in /etc, has been merged from head/. * A new shared library directory, /usr/lib/private, has been added for internal-use shared libraries. * OpenPAM has been updated to Nummularia (20130907). * A new flag, "onifconsole" has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off. * Sendmail has been updated to version 8.14.9. * BIND has been updated to version 9.9.5. * The xz(1) utility has been updated to a post-5.0.5 snapshot. * OpenSSH has been updated to version 6.6p1. * OpenSSL has been updated to version 0.9.8za. For a complete list of new features and known problems, please see the online release notes and errata list, available at: * https://www.FreeBSD.org/releases/9.3R/relnotes.html * https://www.FreeBSD.org/releases/9.3R/errata.html For more information about FreeBSD release engineering activities, please see: * https://www.FreeBSD.org/releng/ Availability FreeBSD 9.3-RELEASE is now available for the amd64, i386, ia64, powerpc, powerpc64, and sparc64 architectures. FreeBSD 9.3-RELEASE can be installed from bootable ISO images or over the network. Some architectures also support installing from a USB memory stick. The required files can be downloaded via FTP as described in the section below. While some of the smaller FTP mirrors may not carry all architectures, they will all generally contain the more common ones such as amd64 and i386. SHA256 and MD5 hashes for the release ISO and memory stick images are included at the bottom of this message. A PGP-signed version of this announcement is available at: * https://www.FreeBSD.org/releases/9.3R/announce.asc The purpose of the images provided as part of the release are as follows: dvd1 This contains everything necessary to install the base FreeBSD operating system, the documentation, and a small set of pre-built packages aimed at getting a graphical workstation up and running. It also supports booting into a "livefs" based rescue mode. This should be all you need if you can burn and use DVD-sized media. disc1 This contains the base FreeBSD operating system. It also supports booting into a "livefs" based rescue mode. There are no pre-built packages. bootonly This supports booting a machine using the CDROM drive but does not contain the installation distribution sets for installing FreeBSD from the CD itself. You would need to perform a network based install (e.g. from an FTP server) after booting from the CD. memstick This can be written to an USB memory stick (flash drive) and used to do an install on machines capable of booting off USB drives. It also supports booting into a "livefs" based rescue mode. There are no pre-built packages. As one example of how to use the memstick image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-9.3-RELEASE-amd64-memstick.img of=/dev/da0 bs=10240 conv=sync Be careful to make sure you get the target (of=) correct. mini-memstick This can be written to an USB memory stick (flash drive) and used to boot a machine, but does not contain the installation distribution sets on the medium itself, similar to the bootonly image. It also supports booting into a "livefs" based rescue mode. There are no pre-built packages. As one example of how to use the mini-memstick image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-9.3-RELEASE-amd64-mini-memstick.img of=/dev/da0 bs=10240 conv=sync Be careful to make sure you get the target (of=) correct. FreeBSD 9.3-RELEASE can also be purchased on CD-ROM or DVD from several vendors. One of the vendors that will be offering FreeBSD 9.3-based products is: * FreeBSD Mall, Inc.https://www.freebsdmall.com FTP FreeBSD 9.3-RELEASE may be downloaded via ftp from the following site: * ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.3/ However before trying this site, please check your regional mirror(s) first by going to: * ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: * https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD or updating an existing machine to 9.3-RELEASE please see: * https://www.FreeBSD.org/releases/9.3R/installation.html Support FreeBSD 9.3-RELEASE will be supported until January 1, 2017. The End-of-Life dates can be found at: * https://www.FreeBSD.org/security/ Other Projects Based on FreeBSD There are many "third party" Projects based on FreeBSD. The Projects range from re-packaging FreeBSD into a more "novice friendly" distribution to making FreeBSD available on Amazon's EC2 infrastructure. For more information about these Third Party Projects see: * https://wiki.FreeBSD.org/3rdPartyProjects Acknowledgments Many companies donated equipment, network access, or man-hours to support the release engineering activities for FreeBSD 9.3 including The FreeBSD Foundation, Yahoo!, NetApp, Internet Systems Consortium, ByteMark Hosting, Sentex Communications, New York Internet, Juniper Networks, NLNet Labs, iXsystems, and Yandex. The release engineering team for 9.3-RELEASE includes: Glen Barber Release Engineering Lead, 9.3-RELEASE Release Engineer Konstantin Belousov Release Engineering Joel Dahl Release Engineering Baptiste Daroussin Package Building Bryan Drewery Package Building Marc Fonvieille Release Engineering, Documentation Steven Kreuzer Release Engineering Xin Li Release Engineering, Security Officer Josh Paetzel Release Engineering Colin Percival Security Officer Emeritus Craig Rodrigues Release Engineering Hiroki Sato Release Engineering, Documentation Gleb Smirnoff Release Engineering Ken Smith Release Engineering Dag-Erling Smørgrav Security Officer Marius Strobl Release Engineering Robert Watson Release Engineering, Security Trademark FreeBSD is a registered trademark of The FreeBSD Foundation. ISO Image Checksums amd64 (x86_64): SHA256 (FreeBSD-9.3-RELEASE-amd64-bootonly.iso) = e6962c2605c6a191a9c238545576eff3a5a2c2c96b5058c26c8c54b6cf701914 SHA256 (FreeBSD-9.3-RELEASE-amd64-bootonly.iso.xz) = bcb5d5c8bbc1aa06baf769a6a57908e6cbf820a02c6f6f57a902db564bff4a1f SHA256 (FreeBSD-9.3-RELEASE-amd64-disc1.iso) = 5a3c82653d77bba7d7ded8bd7efbedc09d52cf4045d98ce52a82c9e0f8fa9b0e SHA256 (FreeBSD-9.3-RELEASE-amd64-disc1.iso.xz) = daf255ccb9694f0a82e34e71be1e6d0bbcf332bf74f1c6f92343f00dad579d99 SHA256 (FreeBSD-9.3-RELEASE-amd64-dvd1.iso) = 30c0baa7d51a4b3130108c862bbc9439f60a3a6362b13183c1ae0be959ae9a95 SHA256 (FreeBSD-9.3-RELEASE-amd64-dvd1.iso.xz) = 292cac57dea0ad7723798842a2ddf582661c41c428bc78a951535d69ae92aceb SHA256 (FreeBSD-9.3-RELEASE-amd64-memstick.img) = 04c2c98c9bcf188bb2df988ebc2c1c02ea7350c77e1711904fc368db62709634 SHA256 (FreeBSD-9.3-RELEASE-amd64-memstick.img.xz) = 56deb31212c19c18852baee6097bebd048658d464e14a14e125840a24c939e63 SHA256 (FreeBSD-9.3-RELEASE-amd64-mini-memstick.img) = d5a0379caa5ebb9f8252a44417d10d2b3ab0ce424d275d546689fcf9c4dd6dbe SHA256 (FreeBSD-9.3-RELEASE-amd64-mini-memstick.img.xz) = 0e6fe54a2fcd3173f27fafc62f0d67cff44cdf5a9f133adba7aedff804cbb087 MD5 (FreeBSD-9.3-RELEASE-amd64-bootonly.iso) = b53878805ea89633aaa59351d706081f MD5 (FreeBSD-9.3-RELEASE-amd64-bootonly.iso.xz) = f3b2bfdce28af6ce3fe2fecb0838ae86 MD5 (FreeBSD-9.3-RELEASE-amd64-disc1.iso) = 1fc7f8bace8dc861258af9042c9918d6 MD5 (FreeBSD-9.3-RELEASE-amd64-disc1.iso.xz) = 69701074a505b78c998807e0bb20dae6 MD5 (FreeBSD-9.3-RELEASE-amd64-dvd1.iso) = 14c176c236c27a0fa276ffb554768d38 MD5 (FreeBSD-9.3-RELEASE-amd64-dvd1.iso.xz) = da4f382733c63260877184ef33dbfec6 MD5 (FreeBSD-9.3-RELEASE-amd64-memstick.img) = ebcf069c96aeb59279af0c480b5717ca MD5 (FreeBSD-9.3-RELEASE-amd64-memstick.img.xz) = d52f0909d7e4ea3c9080f7ac5358edd5 MD5 (FreeBSD-9.3-RELEASE-amd64-mini-memstick.img) = 6077f2f90b09b4926dbf0e59df6528bf MD5 (FreeBSD-9.3-RELEASE-amd64-mini-memstick.img.xz) = 0c342b43053375a48bea2e7413a3c3e8 i386 (x86): SHA256 (FreeBSD-9.3-RELEASE-i386-bootonly.iso) = 84a26479e690caaa428b361f2f96c0723a5f1b09a342bd58e5eee345fc5f7406 SHA256 (FreeBSD-9.3-RELEASE-i386-bootonly.iso.xz) = 66bad7f519bb6f504932c3ba701c4d83709699a785258aba6b3ee11c651d868a SHA256 (FreeBSD-9.3-RELEASE-i386-disc1.iso) = cab6aad9c3d5ea6a3fb4059f808225c67f1edaea730c555a86a9707ac41ba75d SHA256 (FreeBSD-9.3-RELEASE-i386-disc1.iso.xz) = f248e0c16a2a03a5c8a39ee41b99e0ff656f75035ccf5e720c83587d9733ca39 SHA256 (FreeBSD-9.3-RELEASE-i386-dvd1.iso) = 6c47c17ec1e0e0ccca2c24bec0f880334d5a52847bdc092a3ff4cdd7be7a85f3 SHA256 (FreeBSD-9.3-RELEASE-i386-dvd1.iso.xz) = 76830e50357aec289daeb9eb01416dcb42414bf57126b4875e7352e976a7451b SHA256 (FreeBSD-9.3-RELEASE-i386-memstick.img) = 3465923d625d07ef40448e2c03bfe5c61bf89ac56cbe34fb358500860e9524aa SHA256 (FreeBSD-9.3-RELEASE-i386-memstick.img.xz) = 30480eb3ed73e2c8d45ff7928e5edcb7f69704f0c459bbaf943907ec69adcc10 SHA256 (FreeBSD-9.3-RELEASE-i386-mini-memstick.img) = 17c6a518b000bb9ba81229658a71a7d47f71a4e46a3846e82887d43b1d73bf81 SHA256 (FreeBSD-9.3-RELEASE-i386-mini-memstick.img.xz) = 44b4d7d1cf1c6c59d440df84731efb110dd062c2226a25adef168bc24d55dcbe MD5 (FreeBSD-9.3-RELEASE-i386-bootonly.iso) = c9abbb89fa43eed6efefb2b7926d7fa7 MD5 (FreeBSD-9.3-RELEASE-i386-bootonly.iso.xz) = 9a797ff03c3eade54654120fdbc23ccb MD5 (FreeBSD-9.3-RELEASE-i386-disc1.iso) = 752fa8cd15f0f1e240042c342a161eb4 MD5 (FreeBSD-9.3-RELEASE-i386-disc1.iso.xz) = f4ace2617eea05e2898d8d0b70249bf4 MD5 (FreeBSD-9.3-RELEASE-i386-dvd1.iso) = fb598013bf363c44e248054106c33829 MD5 (FreeBSD-9.3-RELEASE-i386-dvd1.iso.xz) = 2024f7f2aaa73353e225ef7a1ec5aeea MD5 (FreeBSD-9.3-RELEASE-i386-memstick.img) = c8a833fffc40a8eee2bb6a9a36595ac4 MD5 (FreeBSD-9.3-RELEASE-i386-memstick.img.xz) = 4189b56c90e7a40e1bb69ff6f26f37e2 MD5 (FreeBSD-9.3-RELEASE-i386-mini-memstick.img) = a2b0c1085db9424ea25b594e32230a3a MD5 (FreeBSD-9.3-RELEASE-i386-mini-memstick.img.xz) = a95d50f326868c739f06aa1a3a76d636 ia64: SHA256 (FreeBSD-9.3-RELEASE-ia64-bootonly.iso) = 8d9236f55b1467f4e882a751d5e040ea6538da88f4d319746679874a8dc9caba SHA256 (FreeBSD-9.3-RELEASE-ia64-bootonly.iso.xz) = eceb7125b8a8711969d7c3997044f9043ec938fc3518dd8a197fd94f4d7076c6 SHA256 (FreeBSD-9.3-RELEASE-ia64-disc1.iso) = 953b7c847f21e6316c22c0741a5de76865b521b594b593d67fe60bf5e348452d SHA256 (FreeBSD-9.3-RELEASE-ia64-disc1.iso.xz) = 3fef900ad1ef288202701e04ce3c9ef1ab6c870e5e7ec97b9ab6a6a5e5dccf59 SHA256 (FreeBSD-9.3-RELEASE-ia64-memstick.img) = c4d5d921443c993e294fe9e9ca9ae60409c5c663ad895f6e582ba955c9155e86 SHA256 (FreeBSD-9.3-RELEASE-ia64-memstick.img.xz) = ccd354b7571ebd5c3763158b49b1aa51c2bed63d0ce36eb49a6cf1e227bc133e SHA256 (FreeBSD-9.3-RELEASE-ia64-mini-memstick.img) = 7475bfafd661600de2516d9ce0ed6c5621699d3ebda59f672d1e7cfc8efeb504 SHA256 (FreeBSD-9.3-RELEASE-ia64-mini-memstick.img.xz) = 1ed6d2ea23e320b6708958989aaf90788cd56371a4c25e9145911dc4f890dbfa MD5 (FreeBSD-9.3-RELEASE-ia64-bootonly.iso) = 6d2210defeb17219a600d02917fa3f79 MD5 (FreeBSD-9.3-RELEASE-ia64-bootonly.iso.xz) = f17b43d7fbec6dab1d05bb0d2f0bfb15 MD5 (FreeBSD-9.3-RELEASE-ia64-disc1.iso) = 1bdf7afa83a7494e9569888cb162752c MD5 (FreeBSD-9.3-RELEASE-ia64-disc1.iso.xz) = 81c6d02da1645bda86a2c1fec716e622 MD5 (FreeBSD-9.3-RELEASE-ia64-memstick.img) = b5003d7260190a5123ae478a1980b526 MD5 (FreeBSD-9.3-RELEASE-ia64-memstick.img.xz) = d53ba4fc4748ca0953067f3c4c31b4f0 MD5 (FreeBSD-9.3-RELEASE-ia64-mini-memstick.img) = 1946ba71adecc220d66f70d0aee6606e MD5 (FreeBSD-9.3-RELEASE-ia64-mini-memstick.img.xz) = d891966f184e6264203bf964404a4530 powerpc: SHA256 (FreeBSD-9.3-RELEASE-powerpc-bootonly.iso) = 6a2d0ac953ead098e7dbee736e4e19b28b8d914baa5947083d494c150d257381 SHA256 (FreeBSD-9.3-RELEASE-powerpc-bootonly.iso.xz) = a68b22d933ef03894da5eee16c8f1fd8bdc05003d2ee40f34f0e0f165eb97715 SHA256 (FreeBSD-9.3-RELEASE-powerpc-disc1.iso) = dd30aa9491b14410dd520f2cb8c231be701debbc36c5b023a427e3e28bcba3c4 SHA256 (FreeBSD-9.3-RELEASE-powerpc-disc1.iso.xz) = a609d8d641d7839707d8caf9796434deee0e3f4218c79d7cadaa7787d3975c33 SHA256 (FreeBSD-9.3-RELEASE-powerpc-memstick.img) = 0e0c449026084f8431bc7852dcdaeaa3101301c2c73151204e9ce4d4ccdbfb38 SHA256 (FreeBSD-9.3-RELEASE-powerpc-memstick.img.xz) = f5d3b880fa1d737b708e96584c52804c33af9e7de4c7e2ee744584c08c8d8b84 SHA256 (FreeBSD-9.3-RELEASE-powerpc-mini-memstick.img) = c8fb345384558215eb7d5126684c827e73104eabe36309a3de275c7ea9512822 SHA256 (FreeBSD-9.3-RELEASE-powerpc-mini-memstick.img.xz) = 931706a17b708c1db6337cf0fbf8bad877a8dfce64c2e5079fe890e5e85339e3 MD5 (FreeBSD-9.3-RELEASE-powerpc-bootonly.iso) = e80fd4c1278db39e3f8740612dff0da9 MD5 (FreeBSD-9.3-RELEASE-powerpc-bootonly.iso.xz) = 7690229bf847dbf377a5086652dfc1aa MD5 (FreeBSD-9.3-RELEASE-powerpc-disc1.iso) = a308f49d59c6553cfcb625ec3c2a278d MD5 (FreeBSD-9.3-RELEASE-powerpc-disc1.iso.xz) = 8d5783474fdf5463ab5aa06d7d09509e MD5 (FreeBSD-9.3-RELEASE-powerpc-memstick.img) = ec112f1085ab363b27931c25c451fb2c MD5 (FreeBSD-9.3-RELEASE-powerpc-memstick.img.xz) = 1c9d741dd889b1461812fce34fb48e93 MD5 (FreeBSD-9.3-RELEASE-powerpc-mini-memstick.img) = 0b3c655654d8def1eeb96b478a0572f0 MD5 (FreeBSD-9.3-RELEASE-powerpc-mini-memstick.img.xz) = f7913ffa1eebb43e875ba81c5bd8e992 powerpc64: SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-bootonly.iso) = c8bb1f3105f2a2d9dd4a76536d8d44d8ae0aa7742230d549ea280f04e41f81b2 SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = f5327d0c665cf7f286e3daca382e04abb0aee9d125cc70a41a2d96ad13ffe531 SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-disc1.iso) = f89d13f3c292381549b8c9b70e81cd152491f34e0e889d78e439d63884a346c6 SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 5047b76a8c4299d3f2a56271a9798a7088717356792c91bea96ca61f871f087a SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-memstick.img) = b94b05b0999aae0d197ad45b19d4d2b2678d322109da43bd10b2556b441b207c SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-memstick.img.xz) = 9da446da2dfb73f24195b70c873317c4dd7578dc339dd051e082e2351b3bcac3 SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-mini-memstick.img) = 21874e49e3c7685c098c90100717f28975db2dbc9043e810fef554f08a6bc940 SHA256 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = a6cc4f340802bd936acb4b7920aa4fced54a2e265b60ffecf0b7b1c2f71fa644 MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-bootonly.iso) = 674ed0a922e0f662c2f8118d8424473f MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = 5836f439da4dc8372da0e20d1a78ec97 MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-disc1.iso) = 0c5cf50f3bbf1263708ca3f9da0465bb MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-disc1.iso.xz) = d2788b12c02134da11ba72238081e4cc MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-memstick.img) = 5e5123677e21a53b463a3cceb2ad324d MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-memstick.img.xz) = d6fd35a61aed2d529432e9c9df425be5 MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-mini-memstick.img) = a850121bc10455c3b835fd161237e8b2 MD5 (FreeBSD-9.3-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = 3bcf3571a3815ea78fbed61094745437 sparc64: SHA256 (FreeBSD-9.3-RELEASE-sparc64-bootonly.iso) = d9f9089c7f992744bb9675206042224bdabcfd924e72d322195acb207fe96294 SHA256 (FreeBSD-9.3-RELEASE-sparc64-bootonly.iso.xz) = 67830e9f64ee617acf2fff79770ea47aa3e98c7e2901068b413d41d2282d4372 SHA256 (FreeBSD-9.3-RELEASE-sparc64-disc1.iso) = 989a2d8181b889ec0c1ee08e3afabfdcaf23c75b4157c9463c9ab7496e82a949 SHA256 (FreeBSD-9.3-RELEASE-sparc64-disc1.iso.xz) = 2f2b94f379ae3df05762e2618e573b19ae83756dfde11d6628236c3c6a0052bc MD5 (FreeBSD-9.3-RELEASE-sparc64-bootonly.iso) = 8b97d45e204dcfa8515f227189a35b1c MD5 (FreeBSD-9.3-RELEASE-sparc64-bootonly.iso.xz) = fae6c32e0f9dd2f909b729ba6f4bfeb6 MD5 (FreeBSD-9.3-RELEASE-sparc64-disc1.iso) = 838b0211322dd19f1285b9b94e6ac17e MD5 (FreeBSD-9.3-RELEASE-sparc64-disc1.iso.xz) = c8a8ab9f3b6eddca77623e5bc3f6718b Love FreeBSD? Support this and future releases with a donation to The FreeBSD Foundation! https://www.FreeBSDFoundation.org/donate/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJTxU6KAAoJELls3eqvi17QY9wP/2oA5mgByx4Ixv4rfFl2RZRX hH0C3xTsevtTlYYdcDJWdqw9sRBYxWYz3OgguczPd5GhVhTC6442Pclx1jmK3rXD NXeTlc6HU1eRmEPgLKxzK+hunz0ol80Aob4S9b/jKhSkvrIMez/pXrGU4npY1wIz 6C7YWTA3UHYtwUSbsB/C6zOi5SOs9yQ41CMue6hye3FRyBn2Ok6uyEx3nEqtvf9f mbqYz5fkQ7t0+TV2Qlde5T9t7sTLXChpXwy0l0a2qUE9zAnkpaz6gTtliAEoIfz0 uIlQ2adDpPq8TMFiEo8LDMTuRAWMz3zs45qmOjSUf8wZOdTcTBHi7JvrL9Ea/Yqp xlqeJ3Myzi8B5Lm92IJpu3qFVGYK5POhcn86OapfpbfKGu9w0/W1ZordJTnEh23o Z0hsF13Uay5bjSPEngovKdx4nQ9BALBK9RC00NeuyrYQyBuOcyaBqO99zJlBTWMu QcsoICsGwyinseU79cPxIWd1E9n7BMPAJY7hpHQoJEplTZbRpEHgOUD23AxPlylz nOtvuy0bb5yqxyAUPZ7Uc2fzQ6hmggYiNH1X2dScLF0vTAP6YFTpp7lQPYO6rpo7 B0MWzxs3TrpD2B/BTldeKpvgxHmmHNvf3we983/hJCS1nqlWBX+BYpYxSix9hu4K yhxIhAPGmK8M5V4VP9CL =Tl2P -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jul 15 18:09:35 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 307B1D93 for ; Tue, 15 Jul 2014 18:09:35 +0000 (UTC) Received: from mail-qg0-x235.google.com (mail-qg0-x235.google.com [IPv6:2607:f8b0:400d:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E87762308 for ; Tue, 15 Jul 2014 18:09:34 +0000 (UTC) Received: by mail-qg0-f53.google.com with SMTP id q107so2942912qgd.26 for ; Tue, 15 Jul 2014 11:09:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:date:message-id:subject:from:to :content-type; bh=ttFEAbMUOzGscIfYeYQH7AgNR0OmzKEXi+BCkfSZuAY=; b=FWfUWLtNvetl2EYPSRIMUPA4l/vlG4dEfd7rqDz/OLVfRiajhUSIzhW4YTP+lwupxk nOoC49jT0s/SvJZqGymdrzXvXpq9m5nFN+xij2FOC5tN2MhkCuxs/nom7GuLi7oDve5A M6aCbzj95N3tRuoKwDaWdH081cEQlfOc6kHURzNC3JLyHOdbr55UsNC+Mmw0cprlCcQF 7nv+fxmkVdbT/pTSeiFnZqsY19S1E23swslCb6AQGgFKv5GFqLzfTMMk2u1vEQmx7pAL qT9ZZZh/8zM1tNXh9AN+/+PKpTeZPzkZHyMGi9616PbzbHVzL5khyJJ0dOZN9Z57LY+X fuIA== MIME-Version: 1.0 X-Received: by 10.224.13.4 with SMTP id z4mr35820024qaz.51.1405447773872; Tue, 15 Jul 2014 11:09:33 -0700 (PDT) Reply-To: syrinx@FreeBSD.org Sender: shteryana@gmail.com Received: by 10.224.28.137 with HTTP; Tue, 15 Jul 2014 11:09:33 -0700 (PDT) Date: Tue, 15 Jul 2014 21:09:33 +0300 X-Google-Sender-Auth: pfJCDOeQBrGO2LTTTqx3LC6RhRs Message-ID: From: Shteryana Shopova To: freebsd-announce@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Tue, 15 Jul 2014 18:39:53 +0000 Subject: [FreeBSD-Announce] EuroBSDCon 2014, Sofia - registration now open! X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 18:09:35 -0000 Dear all, EuroBSDcon is the premier European conference on the open source BSD operating systems attracting about 250 highly skilled engineering professionals, software developers, computer science students and professors, and users from all over Europe and other parts of the world. The goal of EuroBSDcon is to exchange knowledge about the BSD operating systems, facilitate coordination and cooperation among users and developers. EuroBSDcon gives the exceptional opportunity to learn about latest news from the BSD world, witness contemporary deployment case studies, and meet personally other users and companies using BSD oriented technologies. EuroBSDcon is also a boiler plate for ideas, discussions and information exchange, which often turn into programming projects. The dates for EuroBSDCon 2014 in Sofia, Bulgaria are: 25-26 September /Thursday & Friday/ - Tutorials 27-28 September /Saturday & Sunday/ - Main conference 27 September /Saturday evening/ - Social event The conference will be held at InterExpo Congress Center, 147, Tsarigradsko shose blvd, Sofia, Bulgaria (http://2014.eurobsdcon.org/venue-locations/). The program has been published - http://2014.eurobsdcon.org/talks-and-schedule and we are pleased to announce that the registration for the EuroBSDcon 2014 edition is now officially open! You can find all information about the conference at its official website - http://2014.eurobsdcon.org/ Register now to benefit from early registration fees at - http://2014.eurobsdcon.org/registration/ If you want to be sure to attend, we strongly recommend that you register early. Please do not delay hotel booking either, as our pool of available rooms will be dropping quickly. It is very important that you book your room as soon as possible. You can find the recommended hotels to stay at for EuroBSDCon 2014 at - http://2014.eurobsdcon.org/travel-and-stay/hotels/ . EuroBSDcon 2014 is also still looking for sponsors - you can reach the organizers at oc-2014 (at) eurobsdcon (dot) org. Join us in September in Sofia! On behalf of the EuroBSDCon 2014 organizers, Shteryana -- Shteryana Shopova EuroBSDCon 2014 Organizing Committee Chair shteryana@eurobsdconfoundation.org, syrinx@freebsd.org http://eurobsdcon.org http://www.eurobsdconfoundation.org/ Mobile: +359888546727 From owner-freebsd-announce@FreeBSD.ORG Tue Jul 15 19:48:16 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C4624414 for ; Tue, 15 Jul 2014 19:48:16 +0000 (UTC) Received: from aslan.scsiguy.com (mail.scsiguy.com [70.89.174.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 98E742CF8 for ; Tue, 15 Jul 2014 19:48:15 +0000 (UTC) Received: from [192.168.0.106] (c-73-181-102-26.hsd1.co.comcast.net [73.181.102.26]) (authenticated bits=0) by aslan.scsiguy.com (8.14.8/8.14.8) with ESMTP id s6FJmCUk026743 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 15 Jul 2014 13:48:14 -0600 (MDT) (envelope-from deb@freebsdfoundation.org) From: Deb Goodkin Content-Type: multipart/signed; boundary="Apple-Mail=_E3F7746B-2186-49B2-AE96-42818457B1FC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Message-Id: <792B2E62-033B-48D6-8881-5D38648A95BE@freebsdfoundation.org> Date: Tue, 15 Jul 2014 13:48:06 -0600 To: freebsd-announce@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-Mailman-Approved-At: Tue, 15 Jul 2014 20:03:52 +0000 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Subject: [FreeBSD-Announce] The FreeBSD Foundation is Accepting Travel Grant Applications for EuroBSDCon 2014 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 19:48:16 -0000 --Apple-Mail=_E3F7746B-2186-49B2-AE96-42818457B1FC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Calling all FreeBSD developers needing assistance with travel expenses = to EuroBSDCon 2014. The FreeBSD Foundation will be providing a limited number of travel = grants to individuals requesting assistance. Please fill out and submit = the Travel Grant Request Application at = http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by = August 15th, 2014 to apply for this grant. How it works: This program is open to FreeBSD developers of all sorts (kernel hackers, = documentation authors, bugbusters, system administrators, etc). In = some cases we are also able to fund non-developers, such as active = community members and FreeBSD advocates. (1) You request funding based on a realistic and economical estimate of = travel costs (economy airfare, trainfare, ...), accommodations = (conference hotel and sharing a room), and registration or tutorial = fees. If there are other sponsors willing to cover costs, such as your = employer or the conference, we prefer you talk to them first, as our = budget is limited. We are happy to split costs with you or another = sponsor, such as just covering airfare or board. *If you are a speaker at the conference, we expect the conference to = cover your travel costs, and will most likely not approve your direct = request to us. * (2) We review your application and if approved, authorize you to seek = reimbursement up to a limit. We consider several factors, including our = overall and per-event budgets, and (quite importantly) the benefit to = the community by funding your travel. Most rejected applications are rejected because of an over-all limit on = travel budget for the event or year, due to unrealistic or uneconomical = costing, or because there is an unclear or unconvincing argument that = funding the applicant will directly benefit the FreeBSD Project. Please = take these points into consideration when writing your application. (3) We reimburse costs based on actuals (receipts), and by check or bank = transfer. And, we do not cover your costs if you end up having to cancel = your trip. We require you to submit a report on your trip, which we may = show to current or potential sponsors, post on our blog, and include in = our semi-annual newsletter. There's some flexibility in the mechanism, so talk to us if something = about the model doesn't quite work for you or if you have any questions. = The travel grant program is one of the most effective ways we can spend = money to help support the FreeBSD Project, as it helps developers get = together in the same place at the same time, and helps advertise and = advocate FreeBSD in the larger community. Thank You, The FreeBSD Foundation --Apple-Mail=_E3F7746B-2186-49B2-AE96-42818457B1FC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJTxYV2AAoJELLsYiYPtogfqZ0H/ilQbeLwH/vPaOKTK+5h3Sqa rZDsDuKNTYJ+67QH5DoE1AsBT4i86gMjwW30jM2th0JSrUQ5wlanO6qEKJLWMFIZ dHc2b40Rdct6h0H0ZEujZ5FCbAUFCpxGqED2Dv4XcJTQXau/Vtevym3qQyY//3xY LLvzvJg1xExLGS94YStfDGGD5BXq3nzZeqZp9Z708eRBue3wMEK8fjN8gLEu9M0K NEohLsu12oxiFK9jEoyYEF48CJ/i/9tMNEwPkyeX+N09qIXOSCp8n95cS4EiZ/Lt cPXgSPUWtmGinMnazQJJDvjmvpcltpe73t3ImGLo2TWQqhVWX7ShbwQUyL/gAn4= =GMjT -----END PGP SIGNATURE----- --Apple-Mail=_E3F7746B-2186-49B2-AE96-42818457B1FC-- From owner-freebsd-announce@FreeBSD.ORG Wed Jul 16 12:47:04 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0D0B256A for ; Wed, 16 Jul 2014 12:47:04 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id C3895240B for ; Wed, 16 Jul 2014 12:47:03 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 76E9075A0 for ; Wed, 16 Jul 2014 12:47:02 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 242BA6072; Wed, 16 Jul 2014 14:46:41 +0200 (CEST) From: FreeBSD Security Officer To: freebsd-announce@freebsd.org Precedence: bulk Date: Wed, 16 Jul 2014 14:46:36 +0200 Message-ID: <8638e1v5cj.fsf@nine.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Subject: [FreeBSD-Announce] FreeBSD 9.2 EoL extension X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 12:47:04 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Dear FreeBSD community, After the recent reminder about the upcoming EoL for FreeBSD 9.2, many of you have expressed concerns over the fact that support for 9.2 would end before 9.1, and over the short time available to upgrade from 9.2 to 9.3. As a result of your feedback, we have decided to postpone the EoL date for 9.2 to December 31, 2014. Note that due to technical limitations, freebsd-update(8) will continue to warn about the approaching EoL for 9.2 until the next errata notice or security advisory is published. A complete list of supported branches and their EoL dates is available on http://security.freebsd.org/. DES =2D-=20 Dag-Erling Sm=C3=B8rgrav - FreeBSD Security Officer --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTxnQsAAoJEO1n7NZdz2rnXxkP/jCO8gJEbf9g3+0xGOVG2g4X ky3uUV5Nm5RTGhFbZFma++ySHg/1Vx+lKZmeI8EORQ8CFSlbKt/tmQeK/PvTtHoU YcpnGov2bJ1Ed686pT+yKmt+A2kxxkuAp9hj36GEerH3eNmcV2bz5TBWlknGjFHb sRFEpyNh5de2JBJxolv0xEdsWrjpbEP5/L0Xka+zZkariV8VGSMVFKvjuJiaQdJr dgtQgYV19ezVq67aaGGsHoFd8ssvAi9ko+LWOOT3JZt33nKUov5lGClVuEq9kS8d 5UI9tfrYeriqIfqM56U8/9FThYRGLyNx38dmRocgEazKbkx8eA8TWpWKtxtjSpFU 03Qp+Uq/V7O05oBH//vhk94bGfIOfqLx0j78c6p2OvPz8GfIuHfHzXFq5ax+GqIJ lpi8eU/cnVN7cAh0OXiDms82SK1n9ZOOo77fHNTeZSzOzWqyL4QqCKcDpwfIXmHv MhBNIr3AtRBhnM0WEGBBriu+UB9+YLmk9Ljzk3tLQrSawD2RoPoeTKdA9/dDYbHH RZ0+TiVD0NlozHaClHS8Xbq3z/gTEaqc0a5iijqDp1hv//YTH+qvoKYS98Rj9q8m kbyaW/KkVdtTn6c198KoJVOk+9waGB41ILAOPc5LLkSvzyhuhdTNxZ5TqqV/L63X 959gjYEdGKWWrvNBun+v =dcuN -----END PGP SIGNATURE----- --=-=-=--