From nobody Thu Nov 4 05:13:41 2021 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1C8F4182A69F for ; Thu, 4 Nov 2021 05:13:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlBcj73p7z4XWG; Thu, 4 Nov 2021 05:13:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636002822; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=yEWpzvlTwTmP80POtWb8lr5ELHpmjyeVTjtVe0KgR40=; b=VKoIpE5QVr591UMI3LIQNq9xxU8crRB26jBtTBgIgjxbZseE2YXRSAL24Iq+75yGq3bClM Ge6HYu8glNILtf7ZmfmHm4zALJdDeZwgiJFvPMHzwmwODax/B/I9Ki/ksRKM5Z7mYfJgo6 zdgauDR+Ow+WPSkLXvjrLm7omOP6qzuH5ib0O6qKwuIZPVWCt6GCLWddzepCVy8ZZtm/e2 WwWL3MbYFk/Nfemvxccy7hpPp1T7r5tA+etw1yCQOFFvWE0jysr5Ok+BG/C1WvEDEUXgSm g9kM01WxQOk7CeYswpBpAAmTVW0v7LR29QfnWw+hdZDcRVIXvOv9v4az0aqBcA== Received: by freefall.freebsd.org (Postfix, from userid 1003) id E42C21A927; Thu, 4 Nov 2021 05:13:41 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:27.caroot Reply-To: freebsd-stable@freebsd.org Precedence: bulk Approved: BingGo! Message-Id: <20211104051341.E42C21A927@freefall.freebsd.org> Date: Thu, 4 Nov 2021 05:13:41 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636002822; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=yEWpzvlTwTmP80POtWb8lr5ELHpmjyeVTjtVe0KgR40=; b=d1HdC1A1xzRf/4M0AGZhlChCP/B8qWBwGT33PvHsnTq96LWXCID0WgnXp6/SZjOeTAxj9m hPUMvCss4Rgt7p6kQD88oMBKWfG6tfCOmOwCQDS+lwBtUctyZ947Y/qwCohezZgGEHPBXM JrLFJWO1ZppIODNCYXP4gumhPrPtnjx1HElMR938SNd+TEB/NZLl45GQierAZrKiyLgg7B nbm7dzNKq3SDuwNaKhFJLpaEBDT0o9yuQJPc2255AFbastWm0tii/hJjIypt7xRV4zGi7s zg6wJe1znCkk+jc7quzbWsH2d3VgSOJ0wC3gMADU0YMqXDM3goERP8OaigjkSg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636002822; a=rsa-sha256; cv=none; b=ZWJLsYbJ5bKhidOlPO2PeGQH3KhDCIVpA52qGYNGYl6lhY0YcJqRNMmWk46xzQ/9ATsYoQ DItIGrAOmeDeSiiC8+pNOhAn4p/zG3qxK4UzXF+ySTgmfvIhrsolaVCTNIAYUhucb2HCty YxN/nzOFHpaV8niUvyIjZDLCWiuoa/1Ijx0UQcYpuMeEvZrSEzP2l/Ef8KHuIcX+CMBMZ3 i9R9lNP2AnHvIeR3TGQbJU1ierJr4odxQ2/YDtPdEoCaeYMbXcsxNll1hd3EIkuAUKVgMM AORrY5BxEo77nilnDAGWnH6r3nLYxUpSTN4dGj6UdVy68hdz9TdsVJO2Zzq1hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:27.caroot Errata Notice The FreeBSD Project Topic: Root certificate bundle update Category: core Module: caroot Announced: 2021-11-03 Affects: FreeBSD 12.2 and later. Corrected: 2021-09-04 07:39:07 UTC (stable/13, 13.0-STABLE) 2021-11-03 20:37:26 UTC (releng/13.0, 13.0-RELEASE-p5) 2021-09-04 07:39:03 UTC (stable/12, 12.2-STABLE) 2021-11-03 20:55:26 UTC (releng/12.2, 12.2-RELEASE-p11) Note: Systems running FreeBSD 12.3-BETA are unaffected. For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The root certificate bundle is the trust store that is used by OpenSSL programs and libraries to aide in determining whether it should trust a given TLS certificate. II. Problem Description Several certificates were removed from the bundle after the latest release of FreeBSD 12.2 and FreeBSD 13.0. Additionally, an oversight in the root bundle processor included some roots that were not intended to be trusted for these purposes (SERVER_AUTH). III. Impact Certificates are often removed from the root bundle due to a failure to meet the standards established by Mozilla for being considered a trusted Certificate Authority. Continuing to trust roots despite their removal from the bundle should be considered risky. IV. Workaround No workaround is available. Software that uses an internal trust store is not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.0] # fetch https://security.FreeBSD.org/patches/EN-21:27/caroot.13.patch # fetch https://security.FreeBSD.org/patches/EN-21:27/caroot.13.patch.asc # gpg --verify caroot.13.patch.asc [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/EN-21:27/caroot.12.patch # fetch https://security.FreeBSD.org/patches/EN-21:27/caroot.12.patch.asc # gpg --verify caroot.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all applications that may be using OpenSSL, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 62aaa70143a6 stable/13-n247098 releng/13.0/ b76aaa35423e releng/13.0-n244762 stable/12/ r370507 releng/12.2/ r370978 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmGDD88ACgkQ05eS9J6n 5cKyaA//RQJ2wYygqL8o9iQK9FAl+gZO8x9C7Vlbgj1PBe0VHxlKoEmE48Iu4+vi 56DR0rgPflx4EdqStFYzkjWnwIEhWGCJLIxFnDpL15/b3cxYoD+R9ipF3qt8ljz+ Yyuw0NCCgyq36IfJMThQ3pKBOBbY8Bw4GLHAJE790AqXY+wIdUKdo+DxzYj/NcyS kbis9f+PCGPoDXSf4wMIj2IbE5LiMZbM6NF9QkmPE1ZzOh9eegsO2opm1FWE8UyD 43i3HkpnBbKooq9yE/MpldrUH3+4VWiXpD0FtBMUY65ZMBSw2ddzzvupQ8jROkQq F6ZB4nwAVLwCiq7Yvwg5gTFyy6KUywdYs211R3SycjHwMoyCZOPLLFPqM1vio8u+ Z1TItxKfW0/MT0yTQFNQK6CAPd92Co3mmEGKzPmvbxwK7idfB2lgFjExCeF3FwVU guUeIDTXDKQ+V0nynWERmDdI1S3x9bllZzIMU23BuuwKZDdR+lPJiKX1vUXmpe8p lmISyCVIg+0bIRL4WNAqceAIuUA/7zLCtCWF4OEl6utmb7hWVxmPH8GyjyzktLWh BwwHCspeT2h5y1leCVXigFv9nGgTj+kDXtgE4itIJXRPiliQ2j9VueGOe/I0gS/4 9R2ro6t4UIi/E4T7Mp+oaiOGKARnE3Uf2aAelQbt9Do68taqTSU= =9hM5 -----END PGP SIGNATURE----- From nobody Thu Nov 4 05:05:19 2021 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A2A33182651F for ; Thu, 4 Nov 2021 05:05:19 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlBR34FvPz4VBx; Thu, 4 Nov 2021 05:05:19 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636002319; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=oqaWjARtT7WqChf47AekZVQwuVcXM97qknC5PUCpyFg=; b=mqF1auWzVdkuyEcvqE2Ddup+kP8/rzrCjM5PmqnCIfklGcDkCZXwmeTBvTeNUiU/44w4Ep f+mcrNXxNRl72t8N87v4SLzUun3+Mv5luCTHMDmNGFdVYCHzE97Gv1iQwLgEKc/rOHXXH8 NFTM7QVJ5eUW1Zx4gdedbg9mmMQTCS2QmjPx27vvd+xdBe4Wx63y4iRyRt/H3Esr6l6gih XY2LXKU42QDpzi+fo3bKtTy9uj0uqx2/HsPTGdcbUD0y2ZqVcgCsZS9RcK8XpjSt/QqGlk DC4FIQ1YuFRiU0pMePVxTL9mNyUGQo3v9hOcDl+jFO3WkTV4QKQsl6iLR5hEJA== Received: by freefall.freebsd.org (Postfix, from userid 1003) id 836671A9A4; Thu, 4 Nov 2021 05:05:19 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:26.libevent Reply-To: freebsd-stable@freebsd.org Precedence: bulk Approved: BingGo! Message-Id: <20211104050519.836671A9A4@freefall.freebsd.org> Date: Thu, 4 Nov 2021 05:05:19 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636002319; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=oqaWjARtT7WqChf47AekZVQwuVcXM97qknC5PUCpyFg=; b=JFb5aqFctVwphs3l1aL9KbDrRZTRI3Zfs3uP1D+qc538wYJynvDteXT0V99/5JIBZ5tQPb Hxts6vFfbgPLTYKU+ZFbX0LfAnLAPgRGGqqwsnzB2SCZkqrrIXYL5NlESZECoJMHcUNxpu yPMwG8fo8jGCkDY75Wm0p/nOfSpyx0SGQIKwmn4WgXdplCNoWwGnc69xPOhMIxjzCl+So+ hpONQji8UnvKdZBG7Oqnx3iNxrmIXb2rirfoFMYrhvtGRfAP0LGvkhg8UbuLmJ8uxIFQhl v0up5EGLGa77hgb+6fssOTuPsyD/HpmNJGEKXVT6PJWJlaB73nIqBgEwQXTLXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636002319; a=rsa-sha256; cv=none; b=psTy4I8VE2Rdrjk0BDanapC6Et6IUq146UVqyL1UxtnefT+XQ7U8nb9OZCAUPRmDcDdHA4 ge9SEhPDZ013AyNXfWlpyeJXZXnRTVDSRlCntGmMgfSBePDYx/qLhG9d15J7lPXGL6+myw cMJLD+Z7D2A7cqAp/HGi7kFK1JNzcaM/aDAtf3rGMrK0Ss15JaqQDcmUeigAviF4En7Tq4 oJPePzL3m2jav7CoU9Cxyb4mxP+v8cX3UXFgErmHAZQkRZIGZUPMtX4LhpUFiOYIn9XgF8 PkO6mZluiMEHICuZcnXi9QEL2dqZoqBz2pMLXi6Xn57BOHaKVqui3EmPjt10sg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:26.libevent Errata Notice The FreeBSD Project Topic: libevent1 ABI breakage Category: core Module: libevent1 Announced: 2021-11-03 Affects: FreeBSD 13.0 Corrected: 2021-04-01 17:29:20 UTC (stable/13, 13.0-STABLE) 2021-11-03 20:37:22 UTC (releng/13.0, 13.0-RELEASE-p5) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background libevent1 is a version of libevent in the base system used in ftp-proxy(8) and ypldap(8). II. Problem Description libevent1 maintains a local copy of some structure definitions from system headers to simplify consumers of the library. One of these structures no longer matched the corresponding system definition, causing inconsistent views of the `struct event` and `struct bufferevent` layouts. III. Impact ftp-proxy(8) will no longer handle incoming connections, ypldap(8) is likely affected as well. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot will be required, but ftp-proxy and ypldap will need to be restarted. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:26/libevent.patch # fetch https://security.FreeBSD.org/patches/EN-21:26/libevent.patch.asc # gpg --verify libevent.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ e0ad785a5d29 stable/13-n245086 releng/13.0/ 5cd45ad4784b releng/13.0-n244761 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmGDD8QACgkQ05eS9J6n 5cJe9g/6A2NIX4/0rlO0gGzTvYcRGb/0aAiR58mcinn5SNPVN40kzG93iq8AxKhq h9U2BtM/KZEIgbmwaltoQWQUrzHwF/K1pKFo6+u1nNSSbUy3dLV+rIDKXSinNND6 vPkZIZbVBIsEWvMRbLexuuBI9QT+jEQFrMnRKocEXp3Yr0eooEzpseKUEfAS5yvt +WlbN4m7lwCnod8gCT7phKATPfQZ1aKj46z5f99qc1+VyJ3323uI//1LsN9A7ra5 sWW40FeNfbxKweaqgYZRqdwPvxtwh7luQGWBTk/2uQZ7yxEKLgGp5mRkIYG8GQsM d3gvGgw0ZUuRAjlA9io10T1Drb31pOR8/7aeD3EtsnBNEc3+M7OSOju5C1bU3put zAvForqifSq45wMTnW3CbsMdurq2JKhhAwpYXFib19Lv2yKVWNTOrtR6MGtbBv9b KSsJw2w8xLVN1/xGCtbrd4qZQhakQijyoqgG4reP1J+mw073WJVJMRG29YDvDcwD Zu+rAVlO7dz/uQZKowQJrWh4+kKxZCRbBPIQiQUxQ1T5XsCrQ6DNzvNZHuRWWoDs KV43T2RNgq70ur1sX4L+VSU0RVx4q9akGSD0lEl8pb/OvbEwCTWzs+UmjdpiTnUS b8ySlj56z6/yTpAVjQsHQijTCOy8L/uaVd2sXlr4sfDnbL+2mgg= =oYzJ -----END PGP SIGNATURE----- From nobody Thu Nov 4 05:17:03 2021 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 34F7E182BCDE for ; Thu, 4 Nov 2021 05:17:03 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlBhb13LNz4ZB7; Thu, 4 Nov 2021 05:17:03 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636003023; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=mFWYndxHqP39mblbhoBMk1vJI6+UoiaIHsEqRZumK5I=; b=cysic3OT0jGhnyyLGnQyEl6rXnzQY1xF6ygBUFz7DH6TSH1q5svb8ZcpedZ5zS7TczaO8B TD4kfk7BlX7RVET1MIy/lJLAWPiX7IvzPszgtsgH1jw6NsVoCF2er3a2DWbTFYx+ufabOd 810yaGNOXgVsGF0YuEDmA2kOOcg01HU6rqXQcEjxMtrP82xTTmGD2N1iUs6Z2Ed2TdEp+X x6bQovJUXBnS6fChJH4RWvn9ZtHTzG4sm1WVh38ySq9zLdZyGJsiVqtUs0z/sh4AxG5mQA YBsV1KPGeNxIu32s6F0ZciiViJY3QMRHgriToaV/R3e5unHcqCrmhe8yQ046EA== Received: by freefall.freebsd.org (Postfix, from userid 1003) id 0B1581AA1B; Thu, 4 Nov 2021 05:17:03 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:28.vmci Reply-To: freebsd-stable@freebsd.org Precedence: bulk Approved: BingGo! Message-Id: <20211104051703.0B1581AA1B@freefall.freebsd.org> Date: Thu, 4 Nov 2021 05:17:03 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636003023; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=mFWYndxHqP39mblbhoBMk1vJI6+UoiaIHsEqRZumK5I=; b=bVZ0YyYkkAau33IaUOC29fTjGd0fiD6EphCCKad3g7KtpzHO4QT+vQszQxPF0EflARc+Yv s9PNsd+tahPM7QEHEuNukyLXmL1n0ypEavNwyhgmilS56k9GWxpTIbv+f2ErFARQX6kgF+ E7SKHri6aVc/XurjPR6XzeNP46YnUvizDXOl1cWZ5kHUKCMAP4n5A19uhkkqDCqkl0LakZ uxoXf+hgqgKLpKYPGDFC3N312UcNUiw+Z0kH9cCtogWojtznzbDB1+XJa0ITYmrM5NqlKF Tpgkeqs4CrVgla7KSc6lVPdzsH4IvrLW6fYqP3AbwEf81Qlae7S+GSl5V8nAzw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636003023; a=rsa-sha256; cv=none; b=rawoOSFjD7qHkJFDrtYqPkJzPD5rc8dNWC5gAmxVk1yIM2Rn/GW//EUBKXM9LkK+hHL54d zTsyHBOgXcuSl4zT+5WX3Lw2U6lG9HYRDQWqKU4U+KN+ktuVnAXK4WBXwQT+u/5fwuJik4 /LHVjITws468E2vHJOEHUnTyPeyLGU6rn//T84dkq8pCCSuKAuKCyOjPKpdKO0MfYpKCKY d0g2BjvvxKxPaekSK4sTdDKr12SERl687WhmIEIJ0Laf8F8p0mYJZ5asxUUXIkMPAPucZv u0e9uMnz530caYS9QkqYqG6rMkXuFsz6Pho4o3cHikGJESUUW9rh3xmD8AS8jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:28.vmci Errata Notice The FreeBSD Project Topic: Fix kernel panic in vmci driver initialization Category: core Module: vmci Announced: 2021-11-03 Affects: FreeBSD 12.x, FreeBSD 13.0 Corrected: 2021-10-16 18:22:43 UTC (stable/13, 13.0-STABLE) 2021-11-03 20:40:19 UTC (releng/13.0, 13.0-RELEASE-p5) 2021-10-17 18:51:19 UTC (stable/12, 12.2-STABLE) 2021-11-03 20:55:32 UTC (releng/12.2, 12.2-RELEASE-p11) Note: Systems running FreeBSD 12.3-BETA are unaffected. For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The vmci(4) driver implements VMware Virtual Machine Communication Interface for FreeBSD. It allows virtual machines to communicate with host kernel modules and VMware hypervisors. II. Problem Description An error during driver initialization results in a kernel panic due to unallocated resources being freed up. III. Impact The vmci(4) driver is loaded automatically by devd when the system is being run on the VMWare hypervisor. The kernel panic happens at the system boot stage. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r now 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:28/vmci.patch # fetch https://security.FreeBSD.org/patches/EN-21:28/vmci.patch.asc # gpg --verify vmci.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 4e5c1be4202a stable/13-n247688 releng/13.0/ 847819dca14d releng/13.0-n244763 stable/12/ r370935 releng/12.2/ r370979 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmGDD9AACgkQ05eS9J6n 5cLAKxAApP3naU6wV6gwTGIVfugBt74TG6Q3thkg8mWqFUIRnpBgHH5yBrP7SESu N07Y21Z84tNzOoQtZs1MrF2gfW8KUdBC80wIT+1I8fEmteX/+8/6CKsu0JRh//n4 8YXf5/BjqgC2aQXfm0Zp4ddKLymmq1rLrxJcjOGqlrVsxXgSyh/ExUbpM/vIUBDi DKSpK0zjv+54R0B3ihWM2+qRmMEMKEAwxNTm3IKVUyZymYm7SpLpKZetE9GFOmKU 1AFlTomJmxbPcSGR2APu0R8xHf+wZIMiw1SqJR8bBrXxHjoVTrjl+PosIlX9jakE S9V0xbnVBSxsmIOfEXw3U8Q+AYCQ3bQXXJ1E6YmKCpOcqKYF8wC+iD7Q/OHzUCFE Hrnf8mNJHdZ8QK3WjdzfLwR2JAQ6yVJ2F2Bojqp+wwBIX+/Sq/mGPsZMVPVImdXj 9OOo+O+nZmBVqRHcLeis/GOy7CdPlnVQOxdhMcR4DMv739dJwKDYb0iYHw86KM++ 3RNbJk89TSHGYGR4bKNZsDtq+9UUclBqwZesZSVDsgyB4gJvmqeBbV1g21yVdjw8 ZvUI7MgI/4IB3Ac8qH5XSYdfUDZtDqzcjo6FnK/cEOYKFAgTPsCbBbbi3lZHoV9y Hz1Hwg0mqS1VEIUh8ipMTIod3yBiGoYEMiF4TGhpJhn100LaVFQ= =+4Iy -----END PGP SIGNATURE----- From nobody Thu Nov 4 05:17:13 2021 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DD4B2182BF77 for ; Thu, 4 Nov 2021 05:17:13 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlBhn3mByz4Z7L; Thu, 4 Nov 2021 05:17:13 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636003033; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=d8AJ2+wAKFWPevyX+WpOnfqpgGhRzjWja3NbrE47hQc=; b=oNVvE5XzoavOGAngxobN17sFPRZM6KJ17hUVp8aa7hQafqyL/P3QyNCBbw4o3fkpfv6FmW c38/LsTZ0lSEIvqO81pZYZlobgu4lCgUKwrFLWwLLFTWllv3BLyTMlTtu8vpVTt/z7Tq52 tS4VKzkGZ0qybrsksw9QuDb4noN40ItHztTNrRMC9mPz9bepDE7X/Ia/F0rd24Jbya83wq l535F7vGZeU25hMcRZsusPVKzIkWdBLT4B5BXYOR5ZAjBc4Oy3O3KI6nNiKpPLibbgbv8M LlXZHyxQUNrmrKhzro9hQTiHZzYABwq2XATBbw/NBzeKibuoFyXZKCMOwMKcqQ== Received: by freefall.freebsd.org (Postfix, from userid 1003) id 66DA21A92C; Thu, 4 Nov 2021 05:17:13 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:29.tzdata Reply-To: freebsd-stable@freebsd.org Precedence: bulk Approved: BingGo! Message-Id: <20211104051713.66DA21A92C@freefall.freebsd.org> Date: Thu, 4 Nov 2021 05:17:13 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636003033; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=d8AJ2+wAKFWPevyX+WpOnfqpgGhRzjWja3NbrE47hQc=; b=g5jwKDxApK4p2RzzVfRRupQVRyrI8DbwXDWvn5KOSUwMubtnlE63waEOc4E4JE8+TiWpFL 4prbn/oZYTCmA+tZlHFHGEVlmm3r3z83YVw0Y7R2ovk+JN8mqZyYpgg11Mxt8TGEUjXi1o u6w8eK279iqJrV65l7ov9d7axnjP4879FtcWtIWO73qtR4XSW9C/eyP8D5L/SWElwoa9kD pes1ucuwfjbvSztEsuh5BLitBC4FX8y0Yw7zXcJiYyL/up/1vzJWY0yiSMwXh/rukkw8/X s9RS16467WDhW6yn/aROmkVOL9vhhnyo82Q8TCKArpM6LZpbOtzezMCnEXmTbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636003033; a=rsa-sha256; cv=none; b=ZBP7xyVLvhDD7VUqEycgHZkaA4cW1B1/Q1u/2l5L+PBJV+NxyUDjQy0CkjDgqA2HdynA1W pGPXnO5KDsggO0kMSyAlChvQIbjDqUOYZlP2YQSW9ybezZh4siEoCR1D6DsQ/zHer2SrZ4 4vQWN3PzhqXSIo82fyt+J1P4WwFh3nUyJ/eYg6ZMjYNv6Uyt/CIL5p4oD+6SYA5bujlulF OAnc6B+qAmjZAFqjwIRzr5sQqaWfvoOPSuhTlkdFs8dCEoKdZj1jhgM9nukAMFhCIQszcg Gu28QKVZEVAXqOCckKQJUZLACv3Bb+zuIPFLP8OwpPSmHOm4KpKBzXLrxAC6Lg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:29.tzdata Errata Notice The FreeBSD Project Topic: Timezone database information update Category: contrib Module: zoneinfo Announced: 2021-11-03 Affects: All supported versions of FreeBSD. Corrected: 2021-10-25 01:09:01 UTC (stable/13, 13.0-STABLE) 2021-11-03 20:44:52 UTC (releng/13.0, 13.0-RELEASE-p5) 2021-10-25 01:09:08 UTC (stable/12, 12.3-STABLE) 2021-10-25 01:12:50 UTC (releng/12.3, 12.3-BETA1) 2021-11-03 20:55:36 UTC (releng/12.2, 12.2-RELEASE-p11) Note: Systems running FreeBSD 12.3-BETA1 are affected, however 12.3-BETA2 and later are already remediated. For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The tzsetup(8) program allows the user to specify the default local timezone. Based on the selected timezone, tzsetup(8) copies one of the files from /usr/share/zoneinfo to /etc/localtime. This file actually controls the conversion. II. Problem Description Several changes in Daylight Saving Time transition dates happened after previous FreeBSD releases were released affecting many users in different parts of the world. Because of these changes, the data in the zoneinfo files need to be updated, and if the local timezone on the running system is affected, tzsetup(8) needs to be run so the /etc/localtime is updated. III. Impact An incorrect time will be displayed on a system configured to use one of the affected timezones if the /usr/share/zoneinfo and /etc/localtime files are not updated, and all applications on the system that rely on the system time, such as cron(8) and syslog(8), will be affected. IV. Workaround The system administrator can install an updated timezone database from the misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. Applications that store and display times in Coordinated Universal Time (UTC) are not affected. V. Solution Please note that some third party software, for instance PHP, Ruby, Java, Perl and Python, may be using different zoneinfo data source, in such cases this software must be updated separately. Software packages that are installed via binary packages can be upgraded by executing `pkg upgrade'. Following the instructions in this Errata Notice will update all of the zoneinfo files to be the same as what was released with FreeBSD release. Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all the affected applications and daemons, or reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all the affected applications and daemons, or reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:29/tzdata-2021a3.patch # fetch https://security.FreeBSD.org/patches/EN-21:29/tzdata-2021a3.patch.asc # gpg --verify tzdata-2021a3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all the affected applications and daemons, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ ed325e2ec2dc stable/13-n247816 releng/13.0/ 11754a61115f releng/13.0-n244764 stable/12/ r370968 releng/12.3/ r370969 releng/12.2/ r370980 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmGDD9AACgkQ05eS9J6n 5cLIrg/+L/OYcepPmR4va4+0Q+vv90D0lsZGH/So6FJ2aa8zXdAmpQJaA5g+cptW pwwOPa58UzOVCuIZSlAsBubqj9XPT/LUFN0FxcsduyHf0izf2+tfjS/RsmOtzCD0 muE5UwIDQwXdmDNnyWnrdBbBW94nqD3BU526LbG/RkmKumDgd4wPIuGsbFAcSiAW BVyrZQXdttyw6ZK7I7YxITsXtqrCMmYwDm4ZpnI+iLzh5droQxf7S2ejMTyKLPxQ mRNHQxa+TAVWZUyLDPT6mZc9yWzuM0huuIl70iTaz59SFcs2/s4Qw+J2WTVammsl 4FzVoFjLD9/Bkx2JyghC5MD45XE5oHrxQ2duL6TLgqu1ZnN1EUvw8AS9TRD51pEP 6ryG9OZ5ICpaiEniEbgfuvzbM3sJm0DwA84LVahpVD7fCflzimn4NESz6UyVDp86 B9l1O2yRLpaMz5CIUBI9yRI7QefK2em3PE19n0/JGYZbSMOd5J9no3692vIMZhS9 xEgUCRTpr68s2df+liXK1oKJe6v8uZWIeptINGLA9aHfYPw4pI4jYN67S93mhqXc ORO9VPTeJPrmmn82/fpPKFRZsi8nE+pHatCYeKwLA1ZiClDJo+nTcdIP8jMJAixW S1yDx0acbOWth7NzgRf3bdA3NZ9Vp8jX0oxmYYbJxQjh4K+mwRY= =uW9d -----END PGP SIGNATURE-----