From nobody Wed Jun 19 21:06:37 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W4GQ50wpVz5Nqjq for ; Wed, 19 Jun 2024 21:06:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W4GQ50SSkz4TmJ; Wed, 19 Jun 2024 21:06:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831197; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=72woZjxYhBV90RW/DiWR/Xczr1INNonFlmlNOnqpDys=; b=rTR26mx7X/k80eWPiU3nHHPwWe0rQ2lJNBgBNvG566pl0Gldc/lAVe7eJUhHHBFsvVZXVd 4f4dLGyhyiexEVfrot4Y8Rjxy07hpEeOan1drcfLtUAfUbhGyUsyFNxyIdyvhlIunQ3oC7 8mbrO3n9Ezd4E8VJXsflYhWXITw7O+WC+qXRqt7YReSH19JaMdsSWpVUXEnvG7cwg0SiX3 e3F9X2Ke2coHqmg+VbYqix35XkI5JgCM0zKKF/tqvbxTGcKweSycQI47KuFR9n61FUqQ8c 8qLqMFP7YownvVDN6EiK2DF9wR2sgSfRmtC7NBGIBzkMpIvzvBGUdAX+DSewbg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718831197; a=rsa-sha256; cv=none; b=N6Pmxvp0XcV1NuSQZKOkL3N+zpqACpZlnlG0kYCPK/wJz+Tlw84v3ROf+C7ulYRgx7tn9O a2xqitN3yIK+aPE3srmFsQpTmzxwLMjDekw23CIYXWyw9BGVLHui5OYt63wi8IsbLbmi+G 7zgHlz9VGSP/ARfzP13DVki5BGLPyQdfkqevOAPxh27zvb8p4jRfGuvJQ1jUT/lm10az2+ xs/3N3Bzjj1MEI2/5YPFj9eigRvGgnZJRgzgSdunsQBMcduud3UA2DlUNLdpu4tWBGvJ0s OnAT6xSt1Dw0eIXh5o5I14wjaSrm8Vyg0i/K7ed+zgCohOiVoLP1CcFw8gAsYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831197; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=72woZjxYhBV90RW/DiWR/Xczr1INNonFlmlNOnqpDys=; b=ZXuJ65YfIz19ueb55+jjQFr1eiwZ3a3sHD+pyyudN+kxYY4uHYlaUWSNuBp5gYWmWZq4e4 TswE+m01HoIkDKtta/bpMpk0KXeKi5YPJcBn+TYn0NG4cWOTBz+txya8LF6+5vC4SVC/PV xPW1LXU3HmBerKb9dT60Bz6XqKl6nUvNRhPe1VieArT0nwIFESJEc8yVByhDa+qzbI3dyS /KP4RQOPmqVmpP7c9UbjiglN8Ojl1TliDTg2jDUWp5HivKlYlmp0Zn/q7Zx4PcK5JjP3sd eCX38hPeGQV19bf8j5hwwLqC6DpAxgfRth65TBTxk4dStx8HS27tr+x8Wxtexw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0655C2445; Wed, 19 Jun 2024 21:06:37 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:10.zfs Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240619210637.0655C2445@freefall.freebsd.org> Date: Wed, 19 Jun 2024 21:06:37 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:10.zfs Errata Notice The FreeBSD Project Topic: Kernel memory leak in ZFS Category: core Module: openzfs Announced: 2024-06-19 Affects: FreeBSD 14.1 Corrected: 2024-06-17 14:35:24 UTC (stable/14, 14.1-STABLE) 2024-06-19 20:36:48 UTC (releng/14.1, 14.1-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ZFS is an advanced and scalable file system originally developed by Sun Microsystems for its Solaris operating system. ZFS was integrated as part of the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent and preferred choice for storage management. II. Problem Description When writing data to a file on ZFS, the kernel may need to handle soft page faults that can occur when accessing user data. When doing so, in some cases ZFS needs to undo an earlier kernel buffer allocation. A bug in the handling of these cases causes this buffer to be leaked. III. Impact The leaked kernel memory is effectively lost and cannot be reused for other purposes. Some workloads may trigger the leak frequently, eventually requiring a reboot of the system. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # reboot 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch # fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch.asc # gpg --verify zfs.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 1c27279ed22d stable/14-n267965 releng/14.1/ f566b7eb8d94 releng/14.1-n267680 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTcACgkQbljekB8A Gu+zUQ/+IiSe/HQFSKrBwIxBxnlFQfTjNq02f14TPZghCTxNCWdGXXD6QR2d8ydZ bfryBwVsnnU3WlCPs6kyJfIlSp9vH2hqRJ+N5VyDvGkBUpWaGm0+ps5LGTQbGR8O ig/kIuRzNO0Mqi42MIse6UvozLAuahYA6sQ3nn6j/4grV7jiuxDCrfmfBOMLgN4D LZ87ApJM09lT2pe8x7hZBxk8wJKf6cWvpBjNh+zwPLc+oMvvIPkqiMjuy7ni7f/5 K/GDf4i3XgTf9pdPAwLNZoTNb7UebKzRGWlxmdOie6FUDHIuEwoJledmhbOmH91G PKtHx2skFVKKtFXgfMGraK5FBpwkoJbIo1uCUamEoo4cGMGR92ErP/MVa6MsIs3Z pLq1M/eN9aYQHCogb1uirQVZAutJhNJ9QsQo0rBJNgLE9l1UPnSIJ6CLpW83nY1f 8eedQKyfwMYL5jivH/aKEsd/vzqInAiFU55oO64OPvgKv3pj3TgIECoc9kfdfXc7 VR2yfNy8CKd/exb+CRqgeJGT8LaL2Wy66pUd9usIc/mNola8ce0uuPDc0703b5ob xfCorrd3gRhNB+Od3wrs4p7tzwqndfo5882w9EXEhuhubfft9voRTzpDvSe0y3ib YPY6EnHWSYAP56+f/shnworMxYtYrUipBYQVYxLBBtdV7DsYuKo= =YxSw -----END PGP SIGNATURE----- From nobody Wed Jun 19 21:06:41 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W4GQB0dNjz5Nqct for ; Wed, 19 Jun 2024 21:06:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W4GQ96xw8z4TyZ; Wed, 19 Jun 2024 21:06:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831202; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=dpui4iCHbPFckcY9dz5F0eM9Vm1oXpAzvTCulwsN09A=; b=H7eERKtx1LaR+RmEH4TNOwomzcbooarbWleWNzXGF/yVfh/fF3j2O8hVFxSoJ+pRG/vJ3R QwT3RSceD6j4k+qt7cSKWQI3V/wNkgChVn68GSd4rJ9kaG9uV2SwgIVcRkBS3SbOrSDxIk bjNwRKi/bOwG8d7CzOkPYdHIp/BTHfEQADqG74xjagM02/hq2wfxo4n4MOsc97kYQs3T93 3cPqpU2O6uJ2uZ1udg177tHymTw/0hLidQpfq0GWm0Xag54jmYUiJzTQqqxlVR1dp8CsCS 7TjMWc+HBthnTObKoNOhNOkfO0gP5dRAJvbFJF5B0OI0PhJaK2C0vBIIGomG8w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718831202; a=rsa-sha256; cv=none; b=ZucwmhHGPaKYJEYZgF1P2fXB63vxYVKw2AuHTyeVTGkmxVbOoOctwXh7yNVmhDBTYWi/fh wZvb/RAgNTFrIL9sONFeeQ6cyMbStcsAw+xUx73FSS4djEfK9ZNBtgxb2u0jWpMnpyHls0 /3vnd+4ydD54OTxpnyhLKkZQT60qKFr+VyS2Bosl15tBB6ZDz2e3oPFDvZ90kPFs4e/6mj h4iy+6ZKXIueK8TmnptZqGUWGdTkrb4UwuwLoapRBbhVxOeJPkoU7RXI5oYJT9Q46qFldz SfneQXywoMenONbGAaSCZ1GMbT4XMedvBixZBj+1E8+DQQWMOaEcuhVSTCPGrw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831202; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=dpui4iCHbPFckcY9dz5F0eM9Vm1oXpAzvTCulwsN09A=; b=HIzUxSMtJdXKoe7F+llXMEb2rG75aG6pRaPMesQb3f8V7Cu5yyB4JpbJLTE/k24KeER3Wc IMD/tggHNQj9CBy6cyDMZyiOWAzbk/3N7SBl+xh50n4kqcX6iwm2G+XUspKLi7H0eOnkrv Nb6DfT20CkyIwKSXdm+7lVRc+rdsIzi9pMy+ej0gYnPA6VKQv63EnmyQ02Yy6/uD9XulXL 3lt1wZMFxzxBzvt7xUhJzhZdiGuh0oulXFDS4tm+o02O7bKG7Kntlal0VJome8/iCTEeOo bIpSqiNTQ3feVkvsWv60J2hrnAiUqqTqci871tJroWMgk66i4AQWKp76xxKN0w== Received: by freefall.freebsd.org (Postfix, from userid 945) id D5C5A2519; Wed, 19 Jun 2024 21:06:41 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:11.ldns Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240619210641.D5C5A2519@freefall.freebsd.org> Date: Wed, 19 Jun 2024 21:06:41 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:11.ldns Errata Notice The FreeBSD Project Topic: LDNS uses nameserver commented out in resolv.conf Category: contrib Module: ldns Announced: 2024-06-19 Credits: Michael Gmelin Dag-Erling Smørgrav Affects: FreeBSD 13.3 and FreeBSD 14.0. Corrected: 2024-05-20 09:04:54 UTC (stable/14, 14.0-STABLE) 2024-06-19 20:36:59 UTC (releng/14.0, 14.0-RELEASE-p7) 2024-05-20 09:04:59 UTC (stable/13, 13.3-STABLE) 2024-06-19 20:37:08 UTC (releng/13.3, 13.3-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background LDNS is a DNS library that facilitates DNS tool programming. II. Problem Description Due to a bug in the library's configuration file parser, commented out configuration settings in /etc/resolv.conf were picked up by the LDNS resolver, potentially leading to malfunction and/or information leakage. This included, but was not limited to, the nameserver setting. Given this example # /etc/resolv.conf # nameserver 8.8.8.8 nameserver 127.0.0.1 DNS requests were sent to the commented out external resolver instead of the local one. III. Impact Programs using the LDNS library might behave in unexpected ways. Name resolution could be inconsistent with what other tools which use libc return, e.g., `ping` vs. `host`. DNS request containing private information could leak to third parties. A system's attack surface is increased. Affected tools include host(1), drill(1), and ssh(1), which uses LDNS in the VerifyHostKeyDNS feature to fetch SSHFP records. IV. Workaround Removing empty lines from /etc/resolv.conf mitigates the problem: sed -i '' '/^[[:space:]]*$/d' /etc/resolv.conf V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch # fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch.asc # gpg --verify ldns.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 7daf36028411 stable/14-n267742 releng/14.0/ bdf75e830a77 releng/14.0-n265418 stable/13/ e95e16191f63 stable/13-n257915 releng/13.3/ d45cf1d2f124 releng/13.3-n257434 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTkACgkQbljekB8A Gu9BYBAApSQZbv3wgT5PhJRsaCulmOZOH5gywlVdaBA1I4sDF3on0CFwLQfy7lLH q2xFEfll5vBVbfGCVp2zVBgb4IyknqMgf8Ae4uBEEJJejRgxxnFTnQmdlzg7a8TR 9UW3g6QB/5tUIGrxFqIdx4qRAQz1ie6NwR+KvP8ojXk0xVscKIaijXACbmAgT6nH HygG7snrB9VmMMlRIHYhoarhRBd+aX68Jg3F+yGUX76FB4HVMSFMYo0fEWgi7SQ3 psZfq54GvCH+kSvYduXS3QkTJ7N/S9p6JAVraRlJmFnjQ69qE7u59bc68zW0D2pn Pj6/c0OZtWE2SQGqCuqgnBffjArisAJ/BKiK/XeO8B1fSvaVKJToR18+6KGTmc0f nnqQLxFeGbh5gHHcM8QaLBJFUgm5TVvdevcDmLuiVMSvQyt5iC6rIGwb3UNYAnW7 w/UFSresVKppsB2JDqyGjaSf2FI00rYIKHChZ8nkKYPMhb6V/TJZr3k25/3idbvi 6zO7wfbOhwAYQ44Mg/gY/v206qpoYiZO2tMQazbiicOqBOQBYWdXsojYhCB6qkyU ++kBNAMugpOAsDkIvN9mWLniRnvycrbEqthQlmfR7X3tZRiuz+0S1alx03Z5VsP6 zM5//i6W2Lt8DmX34zQDeQAMTZXD3bG1JSe2UbKyZkL20vrSTfg= =lQUa -----END PGP SIGNATURE----- From nobody Wed Jun 19 21:06:46 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W4GQH3rJYz5Nqrt for ; Wed, 19 Jun 2024 21:06:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W4GQH1cp0z4V9D; Wed, 19 Jun 2024 21:06:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831207; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=gmlo+36G+EeR/in0vHz7J9a69t71d46RTK3oFccdhkM=; b=tmCtW1D4Z8Wyw/+/+Px9Hzwqzo1TXPakykXxqJzzDS9Hbq75WJjm0IUOT+lFRfyq1zeMMm 6JCsMD2NQH26FwgOL/2owZyqAKHsHhW3gv5F+WOgufRNJaJN5EbVIRmy/9lzIKUnE42c+X KbLbad0h2/AS24sdIkajZ8n2qtJYDGsr1XJvzUkfG9xQfgarGBfAvo7sbcX/8Nwpm9mxZf 7tysaYhgVC+vVhdXZmgw4UiXpHMGNDs5nqYbKyL9hNfbAoK/iElsY293wCrN9EPfHUy9+J fnBSAfLei7mUbof1ALdk/HP6NGwrtJMZuI6M2v8FVv5SuD1EjzblTkQxH0SCMg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718831207; a=rsa-sha256; cv=none; b=dREurGrB//CodHV692tOgM0DBKQedpOlwvxhDNdV+kZ+0gSYooHsQcgLbjvEFcM0zGuh05 7u5TyY44+VBNAzcz7R6VszN4BCNBC7q663CMMHfj9mhCwUgwwr2cO/UFe5HDl8QKHqWY1+ EaDOI539YbFBS5HHhq6cfPUI3L2gq85T5S6meVznBrifr2zO4lwX2ArmM2LMCKXct/2+b8 4YG3tLeSSdpmz03D3Te8v+QV2B2bQUvtHUO7p9P70Et2a3R6tUr05YqkBD0N+hOV3Qgij7 OWkskunSk1EAbwV21jjoDmBQMOGD5MAKFw4wy6p2ZoAS28hZOCWjsF2neZ7xWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831207; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=gmlo+36G+EeR/in0vHz7J9a69t71d46RTK3oFccdhkM=; b=dLrUtMKiS7Wueow8RJOoK6Mt8qeJS0g9lrCy/QVNnl29kEtxxDffbXUJAut2ituTMgZU/4 Dj+mf/ukJOVTu+PmdjYgtD9j6UQEtF7XpmecoUPogt/Tg8YTQnkLvODvRSovdS5r1eyQW2 5U1EPBhBk/YSznPMV2hMdxUfxW3tLTBKxA6WLR9Hyrzsfp7I1OX9CIlqBqlkEzslfIOGyo 1TLjlfKer/SnGAc8MVjbq7TcKAC1E4Gbf7K2paVfdosCnbRSl/WrOa0ed7m2DAaVhMLDGG mWhpM/AQ5xLoGxq+1VYnkNB3EOKX29V9qsQt7kGjDVzX6FnU+AWzVHUkHTDVMA== Received: by freefall.freebsd.org (Postfix, from userid 945) id E52E72596; Wed, 19 Jun 2024 21:06:46 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:12.killpg Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240619210646.E52E72596@freefall.freebsd.org> Date: Wed, 19 Jun 2024 21:06:46 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:12.killpg Errata Notice The FreeBSD Project Topic: Lock order reversal in killpg causing livelock Category: core Module: kern Announced: 2024-06-19 Credits: Peter Holm Konstantin Belousov Michael Gmelin Affects: FreeBSD 13.3 Corrected: 2024-05-22 23:47:55 UTC (stable/13, 13.3-STABLE) 2024-06-19 20:37:09 UTC (releng/13.3, 13.3-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background killpg(2) is a system call that sends signals to process groups. In order to prevent race conditions with the fork(2) system call, locking is required. II. Problem Description The code designed to prevent lock order reversals between killpg(2) and fork(2) did not wait for lock availability before retrying to acquire a lock, which could result in a livelock causing very high system load. III. Impact Affected machines are practically unusable. They recover if the processes causing the load are killed. IV. Workaround No workaround is available. Systems that fork a lot are more likely to to hit this problem. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10m "Rebooting for a stability patch" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch # fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch.asc # gpg --verify killpg.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ cd73b38955f6 stable/13-n257926 releng/13.3/ eb410545d00d releng/13.3-n257435 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTsACgkQbljekB8A Gu9uEA//cITydBAKrRYsf6xP1z/tDmKR3DqAkQYYytFGFI35lsvM6iN77wq5QFW4 5i1nVS1+YMPINlI9jXCfgoEsA8KAC2l8untSKHRh0uR8TzFak6BWTjbnCBFYd1K/ I0bnc38FeRDjMEPyCDmiq26aU7WZ0Ftjb5mgf0PUn09pX9hP8/MXa1FTxkwyWq5Y 9RZXNXUSAEug9+uCgJqzl4CiYzqbaxHZ3ich6Erd955gDb72LwxHHkWiq0ADi35K d0C8LipwtpKCYoo1dfXkLnoPo0loDt18pzSIx0svmUQinlipfwSbGxuZ31NiLLgE bEzc6OFhV1D0WhIxM8z+kunTmWAY5/Uo5YHARulD406SS27GWp0s8fEbnN4rcnPG m5cPNQYXemBjRB2LnqoocgczkEHNVHr+ZuN3/mPSadS/m4llavj8xqGlrdDB1eLT LCkSSnF/4kBLZyHO7C5hJHQseRoWpLd/hR+h4Q/nnTsU2mbelhFm0C297mPWpt+D 8RHxOshrA8WryQCVEqJmC63bmA3MtmqyuMhpi3+c4Iy4bvj2GKGcdsB0E4JugbMf 5zg+muywBmIQMYIIFrdRN0i3BW8y6KPvgokoBPUfnCsdS65WWlLBQLxKpfDHCkzl juEZY5CUGvBnc3eFtLOzEvriFY7tAhephW0ZSal0wMyHw2NbE7E= =5wI2 -----END PGP SIGNATURE----- From nobody Wed Jun 19 21:06:52 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W4GQN5G3Qz5NqsF for ; Wed, 19 Jun 2024 21:06:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W4GQN3DDQz4VBW; Wed, 19 Jun 2024 21:06:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831212; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ZhD15i/z03u3W8pAJgtUab8vsCbjT29x5FOT/rKNMdQ=; b=osmw8fSYqqlfPe9d8LeQ6SiATMP/pcocTjExhX0QZRzBB8gXavyJw4C6Y55HWTHVq8F7y/ kIXqlnEhoO6UKfwDFda4fOQMtFsdgcSKwN2cOOpi7uVpZbFQtEeriCmJneW1FwLE9IHbG1 +YlIOnS+6QeObKKFPCmPA3wlOjt6LGmbZMJc/CWqAubORq40Qlrv4cT4b2kMTxCpcqjvxf pK7mNAEWDJWcsCrYfs7QBdX1ns1RlMmvEU/bLnB0/ilU0k7yrOjBQv1Z/gjOWe8yj5GZWO KZqDvuiK64fD1IlLpQImgwrfoqMaw0ZUnNvDuLRlWZlLayuYhm+i5ENB8QAmCw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718831212; a=rsa-sha256; cv=none; b=ksJwZUTJ/+NiYwMVZXdfcxVbAyMTrZAAaLxAaEndfxEIOVZGitlJJFK4igmoyzeMKx2uFC SFoOwlQS4MLQcdP49t0KByk2iQMYT1Nb76wU5y94gnTD0dPpSxKFZEYFz1eENP+1ovBqHG OEGG3GztWRnfhroAOanDXyy2QsVNRh/VQ9eF9hpKV+eCZPOYegcKpvLtGzCNFDouaTy67M 9jTMGuPWi16stT101xMIaJNRQG7Jj4EB3R4XO9lZu3ZseRoSkoYtAlWK+KO/uWeR5pNMWg qgBLs7x/lUIzRxVwUoS7QHsxxxY/kfKEZD73691lsZ8L8F1HnaVnOUoS4Ghujw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718831212; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ZhD15i/z03u3W8pAJgtUab8vsCbjT29x5FOT/rKNMdQ=; b=hpKwnSlY7iC8M/mcL7SJzm95VDsboB01olZEW/nR8uMYZNd/9HH7eEoeiVk0SmRyPAVrWV BOiScBU38pWaS0CHtMTyz/XCg8Li7tCcKPPh3zsbipK0vKwehEARIF+gt4/QE1p+PpUmZB O7LKG9fu3HXQCEnDp8bI0fIFO1ZdwZRTy+ZsnuLMdymcsNp7hR9C2u+EbwfhyoLhBzbQZb GOuGwbPZTxWkppm5j8CcDylDtrIJrXsa70QQRVDcis9I42MgG3ER0xB8nd1YGhdTwuatjc T2Vx2GiSskI09IneZdej9G4ljfsM/jB/IzSf/kVUYfS/4f+0OFSiCFC/9tdtzA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 58F8423B4; Wed, 19 Jun 2024 21:06:52 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:13.libc++ Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240619210652.58F8423B4@freefall.freebsd.org> Date: Wed, 19 Jun 2024 21:06:52 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:13.libc++ Errata Notice The FreeBSD Project Topic: Incorrect size passed to heap allocated std::string delete Category: contrib Module: libc++ Announced: 2024-06-19 Affects: FreeBSD 14.1 Corrected: 2024-06-07 07:29:25 UTC (stable/14, 14.1-STABLE) 2024-06-19 20:36:50 UTC (releng/14.1, 14.1-RELEASE-p1) 2024-06-07 07:29:30 UTC (stable/13, 13.3-STABLE) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background libc++ is an implementation of the C++ Standard Library, provided by the LLVM project. It is used by C++ programs in the base system, and also by many C++ programs in the ports collection. II. Problem Description C++14 and later supports size-aware deletion of heap objects, when the compiler is able to determine at compile time what the exact size of a particular object is. For this purpose, there are specific variants of "operator delete" that take an additional size_t argument. If such a variant is called, the size is passed through to the underlying allocator, which can optionally utilize this size for for more efficient deallocation. A recent change in libc++'s implementation of std::string has introduced a potential mismatch between the actual size allocated on the heap for the contained string, and the size that is passed to "operator delete" when the string is eventually destroyed. III. Impact The default allocator in FreeBSD does not leverage the size_t argument and is unaffected. When std::string objects of a known size are deleted, and the size passed through to the deallocation function does not match the actual size on the heap, the underlying allocator can potentially produce unexpected results. In case of allocators that are used for heap debugging or profiling, such as with Google's gperftools (aka tcmalloc) this can lead to runtime warnings about incorrect deallocations. IV. Workaround No workaround is available. Systems using the default memory allocator are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install No reboot is necessary, but programs compiled against the old version of the header should be rebuilt to fully fix the problem. 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch # fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch.asc # gpg --verify libc++.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . No reboot is necessary, but programs compiled against the old version of the header should be rebuilt to fully fix the problem. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 55c5dad2f305 stable/14-n267917 releng/14.1/ 8e0e6b428cb8 releng/14.1-n267681 stable/13/ ef4d145057c1 stable/13-n257958 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRT0ACgkQbljekB8A Gu/HpQ//Xkz6NMBUg4CdmV1ElSP+dTUfh8YpNfD/X//4RgngKoz9DKt6CM78KSWI 68JfNrn6XRGdhjG0Mn/YvRCe8xzGBGpvcd1lcun7mAw5yqpsbSAUKvFmywjX+oxs bQpCJRloBLZJE6NoZgBmhw2K2HzfmvApPin3TjLGa/u/ovsK+pD7SvDynbR5VsxH Bey21H2+3LOqyBPaiTe6ccJ4JXCOX9+oAK5byhMLPrnRqLyvh3IV2jttWurbtNki nFMYhqoBq6cWoAba3gVD0ZM7S5C+P5VDeMMIBOPKQVRwIl9eDS/UKICXrMbaMNqL 002egG7Oia22H0dpYuYX6dl7cAtn/M3NcBEwDDvqNuHncbGVeaYA8qXHAh+eeA3R gBK2NkltdDvZbk8Uv9hgHwIrdJyENhWGoT1OQ1JqgaIKo7tIvlhIA/HtpTygeyMA F/TgFvg+K42/kWQ/N1UTwUFbEH6jgDu1BGTZzkMMyQf3rymdQ1VM6Z1p7dxppVI7 uw2+80BePzDbnV9naXMzlhr/YjYgytRRQFbVR2ZlPM+rEGyfMAM/XvtCWfdlstwY 3bZXo/vPRZPXg/sd/AFEKqIiz1ZvVTJroMUCnnDvsDKcRzAHgIIHfMK1mMpSizna LNDS/vvyQszgINWPUMZOZaALQzUY9SAmm0eNqIz3uV4o0qM6DQE= =7Qxx -----END PGP SIGNATURE-----