From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 00:51:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 14E48277 for ; Sun, 18 Nov 2012 00:51:00 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 59B6B8FC12 for ; Sun, 18 Nov 2012 00:50:58 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so3655938lah.13 for ; Sat, 17 Nov 2012 16:50:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=dk08iiL/LG9Q3jqhfzPXqP61EFUeTdcMUbWsQx+9FXs=; b=PqZwfPxLgEx+zsqV1fFF+eRY/5A04XuDRqoEnS+gBjtNBddDV7SGlf5JA7+Y4g1yh4 jQ1UWOhd7ssy/LiO27dE0outGUbVPdwFx725Jn4pWvzujUNVGxEDipg+3AJ0iDaQXRtR jtTCYsnOLhZtbxu4rOPxrMXoQTNX5gt9jzYLE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=dk08iiL/LG9Q3jqhfzPXqP61EFUeTdcMUbWsQx+9FXs=; b=Ea0PXuS1KbdJ81yDH49GaTwj5YMfnGgCJa3fH+qunxaBwKLYkhbMA9FbDWzDsfQ2Hl bakID58xea04DRshtm3OOte6NTITc9jVFfE9cmJWK3zHQQILQvKw5fEzbbK0hIT6Cbap YFakoTVWLEzKpaPzmNdmRu3WhHRiqPYbkfi8jaCnaBFaSI/nERkEz/9cesWxarcFsqLk jG4o9Ifc2FHUjPPM6AzeXKsUM5xW9+UlbplZTcLgDMjP2o/ibb2eWwbV+LubSzbXXVEG 4tgId6Wz+R5P0yqYLhJK5VIECWC6W2QWwBseve0q+t9lIwegm0PIVfFsOPSweeuZBAqm kirA== Received: by 10.152.106.171 with SMTP id gv11mr8070129lab.26.1353199857838; Sat, 17 Nov 2012 16:50:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Sat, 17 Nov 2012 16:50:27 -0800 (PST) In-Reply-To: References: <20121117150556.GE24320@in-addr.com> From: Eitan Adler Date: Sat, 17 Nov 2012 19:50:27 -0500 Message-ID: Subject: Re: Recent security announcement and csup/cvsup? To: Trevor Johnson Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQna+edz+6uVnKwn/8eaK2SMdwgkEBzkhWwvN3UfNzRftRRs1JWigfXz8JmRJVwbg2BvHC1x Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 00:51:00 -0000 On 17 November 2012 18:05, Trevor Johnson wrote: > Is the plan to eventually shut down the anoncvs and CVsup services entirely? > If so, shall the Gnats database be made available to the public through > other means besides the query-pr CGI? I ask this after looking at > http://www.freebsd.org/doc/en/articles/committers-guide/article.html#gnats . We have no plans to shut down the gnats or source cvsup *at this time*. There are eventual plans to do but no firm date. For ports, a date has been decided: Feburary 28, 2013 we will stop exporting ports to cvsup. It is strongly recommended that you use portsnap or svn if at all possible. As for GNATS, there are plans to eventually move away from GNATS but details have not been decided. -- Eitan Adler From owner-freebsd-security@FreeBSD.ORG Sat Nov 17 20:00:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB04F78D; Sat, 17 Nov 2012 20:00:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 601468FC18; Sat, 17 Nov 2012 20:00:12 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id 16so4790120obc.13 for ; Sat, 17 Nov 2012 12:00:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=eEZebhEa120cHs09zQV+wxTjYj+r9MyZMv6nxLZhZjo=; b=kNicltchmN65YQ4qJmaUOz6v+etBw+e0sRV2evlJFaljKUDqvpJ6H6tnV13jGzCLUG kNn63zV/HCsrJ3n0DZwiSAkySFJBJSkzi/o//VeQSczturmG2yXWE8EKhVOSqDAhegXz FJhK8FMODiVEFWwOZhfUTrfBuQwVfyCTHXC2I/0wVADAawIzOmZPjbZlftfDUxtwGGeC MK+O6ZUBpHhehAhXk6KHpTxnungYeS9VRP5fawQts1bYJU1rIy1KnRWRffTfgrCtr8rz BJLeD319zojEStRmK73prxv9w/NDHp+HOrSE99xiRVq5l+a9zDfprJKBvs2NS9sA3GOM 83Xg== MIME-Version: 1.0 Received: by 10.60.2.103 with SMTP id 7mr7104777oet.79.1353182406751; Sat, 17 Nov 2012 12:00:06 -0800 (PST) Received: by 10.76.68.39 with HTTP; Sat, 17 Nov 2012 12:00:06 -0800 (PST) Date: Sat, 17 Nov 2012 15:00:06 -0500 Message-ID: Subject: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: grarpamp To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Sun, 18 Nov 2012 01:34:32 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 20:00:12 -0000 http://www.freebsd.org/news/2012-compromise.html http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key This is not about this incident, but about why major opensource projects need to be using a repository that has traceable, verifiable, built-in cryptographic authentication. Any of hundreds of committer and admin accounts could be compromised with the attacker silently editing the repo. The same applies to any of those accounts going rogue. Backtrack diffing from a breach to 'see what changed' is not the ideal option. You really need to be using a strong repo so that any attack on it is null from the start. Another problem is bit rot wherever it may occur... disk, hardware, the wire, EMP and other systems. As it is now, we have no way to verify that what we get on pressed CD's, ISO's, FTP sites, torrents, etc is strongly linked back to the original repo. Signing over a hash of the ISO is *not* the same as including the strong repo hash (commit) that was used to build the release and then signing over that and the ISO. We can't know that our local repository updates match the master. ports.tar.gz has no authentication either. Nor does anything in the entire project that originates from the current SVN/CVS repo... webpages, docs, tools, source tarballs, etc. The FTP packages aren't signed, and there are weak MD5's used in various parts of the install/package tools, mirrors, etc. We can't trade hashes amongst people. It's all just a bunch of random bits that someone may or may not have signed over. And even if signed they still wouldn't be strongly linked back to the master repo. Having such a disconnect at the root of everything you do is simply not good practice these days. And these days, Git is what people and projects are moving to, and its rate of adoption and prevalence have essentially won out over all the rest in the new 'revision control 2.0 world'. And knowing Git is now more or less essential if you want to participate in a wide variety of community development, ref: github, etc. The FreeBSD project needs to be providing both itself, and its users and benefactors with verifiable assurance that its repository, and any copies and derived products, are authentic and intact. Don't argue against such a repository feature, or the cost to move, or bury your head in the sand by saying it could never happen to us... Take this as a real opportunity to lead amongst the major opensource projects like Linux, and among the BSD's (like DragonFly has), and move to Git. Once the root is fixed, you can push out secure distribution and update models from there. It all starts at the root and can't be done without it. https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html Verifies the connectivity and validity of the objects in the database http://git-scm.com/about/info-assurance The data model that Git uses ensures the cryptographic integrity of every bit of your project. Every file and commit is checksummed and retrieved by its checksum when checked back out. It's impossible to get anything out of Git other than the exact bits you put in. It is also impossible to change any file, date, commit message, or any other data in a Git repository without changing the IDs of everything after it. This means that if you have a commit ID, you can be assured not only that your project is exactly the same as when it was committed, but that nothing in its history was changed. https://en.wikipedia.org/wiki/Git_(software) The Git history is stored in such a way that the id of a particular revision (a "commit" in Git terms) depends upon the complete development history leading up to that commit. Once it is published, it is not possible to change the old versions without it being noticed. The structure is similar to a hash tree, but with additional data at the nodes as well as the leaves. Some references... http://git-scm.com/ https://github.com/ http://gitweb.dragonflybsd.org/dragonfly.git https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git From owner-freebsd-security@FreeBSD.ORG Sat Nov 17 20:42:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7EAD5A4; Sat, 17 Nov 2012 20:42:14 +0000 (UTC) (envelope-from fidaj@ukr.net) Received: from fsm2.ukr.net (fsm2.ukr.net [195.214.192.121]) by mx1.freebsd.org (Postfix) with ESMTP id 64F188FC14; Sat, 17 Nov 2012 20:42:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=fsm; h=Content-Transfer-Encoding:Content-Type:Mime-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=KkVc4Kfh0xFnqQkT+o5OWwY4+X3OcSmK7ZyH2sXT6s0=; b=Ye1wH+yTCZdZfb3s8jgwrkOGF/I+hXNiD2eA1IiusepDJ9zqGUKVnR5njMVhKSggARZ8mLbUrnc03mIPVeJW5JmJ46NxCYgzGfem1a/XGLoS4mQNHM8SO7G+Igzsir2C9A8SE+iZnhJ+mwuMFmaOxB7QlO/ss4/fCEPsJl4CSzI=; Received: from [178.137.138.140] (helo=nonamehost) by fsm2.ukr.net with esmtpsa ID 1TZojz-000FQR-Sl ; Sat, 17 Nov 2012 22:11:48 +0200 Date: Sat, 17 Nov 2012 22:11:43 +0200 From: Ivan Klymenko To: grarpamp Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121117221143.41c29ba2@nonamehost> In-Reply-To: References: X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWpqak/Pz/i4uIfHx8GBwZwcHAQEBA6o92AAAACHElEQVQ4jWWUTY7bMAyF6QzUPSEoa8PFHEBgqwuM4bVVg7MvZOj+R+ijpMTpjIwgkT7z75EKrdfattpXERG6zqvUOtAr2LCRYfEKcB4l/Q+2cc6XjQH7hv+2YZYreIk5nevZEPvuzUzptizHLzgDMnC5Wpbl7ewJlOEqlQF+DlCjgVLki0WV6FMDMsBxjlJiQulIznwZ+DxHiQyDyIg0wN3Oo6o6ZQ5s5AIfar+W2Wlmz+kCcb8tg6j3voMEwNrBQk69dDBDqw/urpqJH+m+Q6u/4QnoAeYpnUXC/s1iup9rhCd6xMgAqdDyAyFegbKkVAHeLCcOulPLawaoUIDos4M88iLNrVkU7uu5ccTDO6naJzWLum51C6Yb7y4HKKbdArLWir0PBiS8glJRBZHeyHl7J9lENpAC6qT9NlNG4u5hsVYDyJP6mlJJtY3oVju4WSUzHal1sDU17NASoBWSk40J2eBLBJhYrVmzC5gVALGpNIAiQgN6eGstOp9Oa6zFbbLTISYi28BGZDRUJKWeroECkCEkzXjUtbmmaKMfAx2RfbT69/cO+tgHcmx6AfyZOmj3NDIah0F0GB66d4CrdIoplNFFGHSpSheRxbo0W4S8azNItEoMWbw3uXAeJgCrmX5joz7CGXqSg6PcryEhnFr/C1C2ntPxBOYbdwY+8dO3+wZJyFlbMX9s8zNnvp/tLwAv03NB4j3HVpn8Awwm+GrlP6MVAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sun, 18 Nov 2012 01:34:54 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 20:42:15 -0000 =D0=92 Sat, 17 Nov 2012 15:00:06 -0500 grarpamp =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > http://www.freebsd.org/news/2012-compromise.html > http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-se= curity-breach-via-stolen-ssh-key >=20 > This is not about this incident, but about why major opensource > projects need to be using a repository that has traceable, verifiable, > built-in cryptographic authentication. >=20 > Any of hundreds of committer and admin accounts could be compromised > with the attacker silently editing the repo. The same applies to > any of those accounts going rogue. Backtrack diffing from a breach > to 'see what changed' is not the ideal option. You really need to > be using a strong repo so that any attack on it is null from the > start. Another problem is bit rot wherever it may occur... disk, > hardware, the wire, EMP and other systems. >=20 > As it is now, we have no way to verify that what we get on pressed > CD's, ISO's, FTP sites, torrents, etc is strongly linked back to > the original repo. Signing over a hash of the ISO is *not* the same > as including the strong repo hash (commit) that was used to build > the release and then signing over that and the ISO. We can't know > that our local repository updates match the master. ports.tar.gz > has no authentication either. Nor does anything in the entire project > that originates from the current SVN/CVS repo... webpages, docs, > tools, source tarballs, etc. The FTP packages aren't signed, and > there are weak MD5's used in various parts of the install/package > tools, mirrors, etc. We can't trade hashes amongst people. It's all > just a bunch of random bits that someone may or may not have signed > over. And even if signed they still wouldn't be strongly linked > back to the master repo. Having such a disconnect at the root of > everything you do is simply not good practice these days. >=20 > And these days, Git is what people and projects are moving to, and > its rate of adoption and prevalence have essentially won out over > all the rest in the new 'revision control 2.0 world'. And knowing > Git is now more or less essential if you want to participate in a > wide variety of community development, ref: github, etc. >=20 > The FreeBSD project needs to be providing both itself, and its users > and benefactors with verifiable assurance that its repository, and > any copies and derived products, are authentic and intact. >=20 > Don't argue against such a repository feature, or the cost to move, > or bury your head in the sand by saying it could never happen to us... >=20 > Take this as a real opportunity to lead amongst the major opensource > projects like Linux, and among the BSD's (like DragonFly has), and > move to Git. >=20 > Once the root is fixed, you can push out secure distribution and > update models from there. It all starts at the root and can't be > done without it. >=20 > https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html > Verifies the connectivity and validity of the objects in the database >=20 > http://git-scm.com/about/info-assurance > The data model that Git uses ensures the cryptographic integrity > of every bit of your project. Every file and commit is checksummed > and retrieved by its checksum when checked back out. It's impossible > to get anything out of Git other than the exact bits you put in. > It is also impossible to change any file, date, commit message, > or any other data in a Git repository without changing the IDs of > everything after it. This means that if you have a commit ID, you > can be assured not only that your project is exactly the same as > when it was committed, but that nothing in its history was changed. >=20 > https://en.wikipedia.org/wiki/Git_(software) > The Git history is stored in such a way that the id of a particular > revision (a "commit" in Git terms) depends upon the complete > development history leading up to that commit. Once it is published, > it is not possible to change the old versions without it being > noticed. The structure is similar to a hash tree, but with additional > data at the nodes as well as the leaves. >=20 > Some references... > http://git-scm.com/ > https://github.com/ > http://gitweb.dragonflybsd.org/dragonfly.git > https://git.kernel.org/?p=3Dlinux/kernel/git/stable/linux-stable.git LOL And how will this help Linux? http://lwn.net/Articles/457142/ From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 04:56:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 96084956; Sun, 18 Nov 2012 04:56:00 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-da0-f54.google.com (mail-da0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4FC518FC0C; Sun, 18 Nov 2012 04:56:00 +0000 (UTC) Received: by mail-da0-f54.google.com with SMTP id z9so1806751dad.13 for ; Sat, 17 Nov 2012 20:55:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=r4Spnbd7JOUMfsBpUZ/uOQlZGUob0EWVY4OIQYmJxBw=; b=GDJSKEIiK+yGTAgOyhKwDJR+iBD1vp41mNsyMMMCnV3ve8E8n1g+uELrV3E3Do4sCx 4ndMeHdZEi/2QfpwFPlsqpggr6dOXWzmGOswkq5s5S3xTrHtC0HLPZSG0LE9zGL2ZeQS HIQw38MXcBO27HcuAkXtN9qVC1INkZXuOYHHbq2j3AybuBGGA5BMy+q1TOF5t7g+S0cd 5npXVgmg4qLkzhY/qX0CcEbErM2PhWxI3+2C1NRjeSR65f/2PI/isw2N8rDEH5SpTB73 wM+a0q8irQWSK+oZkJbaDVpM95p+7LO7s5HqhuJ9tioEK7DBYGEvcrMAkRbw7sZTh+MO /D6A== MIME-Version: 1.0 Received: by 10.68.137.41 with SMTP id qf9mr28898631pbb.103.1353214554609; Sat, 17 Nov 2012 20:55:54 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.68.124.130 with HTTP; Sat, 17 Nov 2012 20:55:54 -0800 (PST) In-Reply-To: References: Date: Sat, 17 Nov 2012 20:55:54 -0800 X-Google-Sender-Auth: tMFF_cYfztIW57aV4vV_M78FNAU Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Adrian Chadd To: grarpamp Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Sun, 18 Nov 2012 05:13:10 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 04:56:00 -0000 [snip] There's a git repository. It's public. You can look at what goes into the FreeBSD git clone to get your assurance that things aren't being snuck in. People are using it, right now. Honestly, I'd rather see subversion grow this kind of cryptographic signing of each commit in the short term then migrate everyone over to git. Those who want to use git can use it, right now. Honest. Adrian From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 05:21:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0253DEB2; Sun, 18 Nov 2012 05:21:23 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0E4F78FC08; Sun, 18 Nov 2012 05:21:22 +0000 (UTC) Received: by mail-lb0-f182.google.com with SMTP id go10so1113897lbb.13 for ; Sat, 17 Nov 2012 21:21:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cFFz8NUEKjvvnWESvbfeMldTh3XXNvPljiBnbVgHkfI=; b=xj0yJOtCRqhSGj0ruH9AUzTepAQH72wa3NzWdScNEhMt4SMg5iBy59WRHDAXdSxTPB xF44F8DuG5jdY8inR+T1qNZnHE1+pKLmngyM0fgRH8i9yUzsKOm6F3QpS2t+Fb3aqmWq 33P/KzWmoyVVMWXdol+FiAuTr2dWCPju3np387VDKY80g3MD/41Xis1oid/4ItUtKrT8 S/rcJKdgfv8/FxlXnj9G1+GAd2TfS2/u65EhkkjmlAHEB8Jp3s9dVhIaBhbaSIUBr+BK E2sZHvY9sS8JbUhpluR8EGA9vX7qCfXu6pD1V/YUxDG0MIYrsdXNanhAGDyuR6+bGYVN 8EuQ== MIME-Version: 1.0 Received: by 10.152.162.1 with SMTP id xw1mr8449830lab.3.1353216081458; Sat, 17 Nov 2012 21:21:21 -0800 (PST) Received: by 10.112.135.104 with HTTP; Sat, 17 Nov 2012 21:21:21 -0800 (PST) In-Reply-To: References: Date: Sun, 18 Nov 2012 00:21:21 -0500 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Robert Simmons To: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 05:21:24 -0000 On Sat, Nov 17, 2012 at 11:55 PM, Adrian Chadd wrote: > Those who want to use git can use it, right now. Honest. Yup: https://github.com/freebsd/ From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 10:44:45 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 43FF2A6A; Sun, 18 Nov 2012 10:44:45 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id C8A0E8FC0C; Sun, 18 Nov 2012 10:44:44 +0000 (UTC) Received: from lion.home.serebryakov.spb.ru (unknown [IPv6:2001:470:923f:1:cc83:142f:c735:4700]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id 19D234AC1C; Sun, 18 Nov 2012 14:44:43 +0400 (MSK) Date: Sun, 18 Nov 2012 14:44:41 +0400 From: Lev Serebryakov X-Priority: 3 (Normal) Message-ID: <583715708.20121118144441@serebryakov.spb.ru> To: Adrian Chadd Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, grarpamp , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 10:44:45 -0000 Hello, Adrian. You wrote 18 =D0=BD=D0=BE=D1=8F=D0=B1=D1=80=D1=8F 2012 =D0=B3., 8:55:54: AC> There's a git repository. It's public. You can look at what goes into AC> the FreeBSD git clone to get your assurance that things aren't being AC> snuck in. People are using it, right now. But commits in this repo aren't signed by developers../ --=20 // Black Lion AKA Lev Serebryakov From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 08:52:32 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B97761E6 for ; Sun, 18 Nov 2012 08:52:32 +0000 (UTC) (envelope-from andrej@brodnik.org) Received: from svarun.brodnik.org (www.brodnik.org [193.77.156.167]) by mx1.freebsd.org (Postfix) with ESMTP id 7198F8FC0C for ; Sun, 18 Nov 2012 08:52:31 +0000 (UTC) Received: from AndyMac.gotska.brodnik.org (AndyMac.gotska.brodnik.org [192.168.127.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by svarun.brodnik.org (Postfix) with ESMTPSA id B9CDF4AC49 for ; Sun, 18 Nov 2012 09:45:19 +0100 (CET) Message-ID: <50A8A035.3030304@brodnik.org> Date: Sun, 18 Nov 2012 09:45:41 +0100 From: "Andrej (Andy) Brodnik" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? References: <20121117150556.GE24320@in-addr.com> <20121117234248.GB11298@redundancy.redundancy.org> In-Reply-To: <20121117234248.GB11298@redundancy.redundancy.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Sun, 18 Nov 2012 13:20:50 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 08:52:32 -0000 I agree, but there is signature system, which with addition of appropriate SW (e.g. built in in ports fetch/update/ ...) provides the required security. LPA Dne 11/18/12 12:42 AM, piše David Thiel: > On Sat, Nov 17, 2012 at 10:05:33AM -0500, Gary Palmer wrote: >> Can someone explain why the cvsup/csup infrastructure is considered insecure >> if the person had access to the *package* building cluster? Is it because >> the leaked key also had access to something in the chain that goes to cvsup, >> or is it because the project is not auditing the cvsup system and so the >> default assumption is that it cannot be trusted to not be compromised? > Regardless of the circumstances of the incident, use of cvsup/csup has > always been horrendously dangerous. People should regard any code > retrieved over this channel to have been potentially compromised by a > network attacker. > > Portsnap. Srsly. > > -David > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 18:04:27 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9D418F6F for ; Sun, 18 Nov 2012 18:04:27 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 66E648FC12 for ; Sun, 18 Nov 2012 18:04:27 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Ta9ED-000Maq-Fg; Sun, 18 Nov 2012 13:04:21 -0500 Date: Sun, 18 Nov 2012 13:04:21 -0500 From: Gary Palmer To: "M. Schulte" Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121118180421.GF24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 18:04:27 -0000 On Sat, Nov 17, 2012 at 05:07:16PM +0100, M. Schulte wrote: > Hi, > > > Can someone explain why the cvsup/csup infrastructure is considered > > insecure [...] > > Speaking of cvsup security -- correct me if I'm wrong, but as far as I > know cvsup is generally vulnerable to man-in-the-attacks[0]. Hence I'd > be very happy about more and more people moving over to the portsnap > camp. > > Best, > mel > > [0] http://en.wikipedia.org/wiki/Portsnap > http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2003-11/0287.html While I haven't investigated its protocol in detail, I would tend to suspect that svn is just as vulnerable as AFAIK the FreeBSD SVN servers are running in clear text mode. And yet we are being pushed towards SVN for source access instead of cvsup. portsnap is great if you can use the official ports tree without local modifications. If you need to patch some ports locally (for whatever reason) then I believe it is less helpful. cvs/svn let you update your local ports tree while keeping your local changes. In other words: while signed updates via freebsd-update and portsnap are great for a good chunk of users, they don't address everyones needs. Regards, Gary From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 18:17:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3CF49284 for ; Sun, 18 Nov 2012 18:17:17 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 01F358FC08 for ; Sun, 18 Nov 2012 18:17:17 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Ta9Qd-000Mbk-G8; Sun, 18 Nov 2012 13:17:11 -0500 Date: Sun, 18 Nov 2012 13:17:11 -0500 From: Gary Palmer To: Chris Rees Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121118181711.GG24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 18:17:17 -0000 On Sat, Nov 17, 2012 at 03:14:00PM +0000, Chris Rees wrote: > On 17 Nov 2012 15:06, "Gary Palmer" wrote: > > > > Hi, > > > > Can someone explain why the cvsup/csup infrastructure is considered > insecure > > if the person had access to the *package* building cluster? Is it because > > the leaked key also had access to something in the chain that goes to > cvsup, > > or is it because the project is not auditing the cvsup system and so the > > default assumption is that it cannot be trusted to not be compromised? > > > > If it is the latter, someone from the community could check rather than > > encourage everyone who has been using csup/cvsup to wipe and reinstall > > their boxes. Unfortunately the wipe option is not possible for me right > > now and my backups do go back to before the 19th of September > > Checks are being made, but CVS makes it slow work. > > It's incredibly unlikely that there will be a problem, but the Project has > to be cautious in recommendations. Thanks Chris for the update. May I politely suggest that the web page as I read it yesterday was more along the lines of "assume your machine is rooted, reinstall it". The reality is the message should have been "we cannot prove cvs/cvsup was not affected yet, but we are continuing to investigate. If you want to be really sure you weren't affected, reinstall from known clean media. Else wait for further updates". While I understand some people, especially the more security minded people, want to deprecate all access that isn't signed and secured, its no reason to cause people unnecessary work/panic. Plus signing is only as good as the security of the systems doing the builds and signing the content. Its just been proven that they may not be as secure as expected. Regards, Gary From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 19:28:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 88481CE1 for ; Sun, 18 Nov 2012 19:28:15 +0000 (UTC) (envelope-from brett@lariat.org) Received: from lariat.net (lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id 2777E8FC08 for ; Sun, 18 Nov 2012 19:28:14 +0000 (UTC) Received: from Toshi.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2] (may be forged)) by lariat.net (8.9.3/8.9.3) with ESMTP id MAA15211 for ; Sun, 18 Nov 2012 12:28:13 -0700 (MST) Message-Id: <201211181928.MAA15211@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sun, 18 Nov 2012 12:28:06 -0700 To: freebsd-security@freebsd.org From: Brett Glass Subject: How much will intrusion delay 9.1-RELEASE? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 19:28:15 -0000 How much will the current security issue delay 9.1-RELEASE? I do want to see the integrity of the code protected, but must plan server updates, which I'd hoped to do over US Thanksgiving. (9.0-RELEASE is now within a couple of months of EOL unless it's extended.) --Brett Glass From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 18:26:46 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BAB9C3DB; Sun, 18 Nov 2012 18:26:46 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 17C728FC13; Sun, 18 Nov 2012 18:26:45 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id je9so896144bkc.13 for ; Sun, 18 Nov 2012 10:26:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/51kezh219uZfiQ52+07+lrM8qK/g9Jcm6Cnyv6whMI=; b=Pv49L0Lr0YKU2CWfV8vXb+XSI7tyzvMwpav2GfPTXXdikXJg+nXt5/8fKxEcCr0ojG 6XqCvT2Zn7XJM0ylIF9hbSUlgOhpWSvkd3udeukLjL8BmUjQbWqeCTD7e1qR8ZGl4H4b 6bQPKg0f4T8G+o8vw6ztSjzUpjXt/XIUM0OIJdWea5BFL2d3sVydVeQQrG/rpRWtjTn8 t5wPQFQjnc5p338em9JnufI1u7LGc04y3VBXZ+Y5pza8/ulOGSp5gSA8DL0s47YsLOL4 unHiwARC1/UKR+aAFvcO0DXbAPd1VqPK/g1JDGUz/E7RZ5FKC3Zcf4oEKLvpHlxgP/Fj F/Bw== Received: by 10.205.120.3 with SMTP id fw3mr731904bkc.40.1353263204817; Sun, 18 Nov 2012 10:26:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.204.50.197 with HTTP; Sun, 18 Nov 2012 10:26:14 -0800 (PST) In-Reply-To: <20121118181711.GG24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com> <20121118181711.GG24320@in-addr.com> From: Chris Rees Date: Sun, 18 Nov 2012 18:26:14 +0000 Message-ID: Subject: Re: Recent security announcement and csup/cvsup? To: Gary Palmer Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Sun, 18 Nov 2012 19:49:22 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 18:26:46 -0000 On 18 November 2012 18:17, Gary Palmer wrote: > On Sat, Nov 17, 2012 at 03:14:00PM +0000, Chris Rees wrote: >> On 17 Nov 2012 15:06, "Gary Palmer" wrote: >> > >> > Hi, >> > >> > Can someone explain why the cvsup/csup infrastructure is considered >> insecure >> > if the person had access to the *package* building cluster? Is it because >> > the leaked key also had access to something in the chain that goes to >> cvsup, >> > or is it because the project is not auditing the cvsup system and so the >> > default assumption is that it cannot be trusted to not be compromised? >> > >> > If it is the latter, someone from the community could check rather than >> > encourage everyone who has been using csup/cvsup to wipe and reinstall >> > their boxes. Unfortunately the wipe option is not possible for me right >> > now and my backups do go back to before the 19th of September >> >> Checks are being made, but CVS makes it slow work. >> >> It's incredibly unlikely that there will be a problem, but the Project has >> to be cautious in recommendations. > > Thanks Chris for the update. May I politely suggest that the web page > as I read it yesterday was more along the lines of "assume your machine is > rooted, reinstall it". The reality is the message should have been "we > cannot prove cvs/cvsup was not affected yet, but we are continuing to > investigate. If you want to be really sure you weren't affected, reinstall > from known clean media. Else wait for further updates". > > While I understand some people, especially the more security minded people, > want to deprecate all access that isn't signed and secured, its no reason > to cause people unnecessary work/panic. Plus signing is only as good as > the security of the systems doing the builds and signing the content. > Its just been proven that they may not be as secure as expected. I'm afraid that you have to do your own risk assessment-- for the Project to recommend anything else would be irresponsible, and a major disaster should anything turn out to be compromised several months down the line... Having said that, on a personal note I don't think I'll be reinstalling in a hurry, but I'm also not handling banking details etc. As I said, you have to assess your own risk :) Chris From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 20:28:29 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B3F156F8; Sun, 18 Nov 2012 20:28:29 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 69A6B8FC1B; Sun, 18 Nov 2012 20:28:29 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id k10so7525046iea.13 for ; Sun, 18 Nov 2012 12:28:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=QIp9727u6USBngIiqZ6VFpr29BFrgt4LJhw9/BLoxcw=; b=f4/HvZRATHtpJNVZzVqLjOb3g1D+zWSzS9v0KutyDcreTy5T3fK17qeJFlLEGhTOSD 1diFMT0YA+DEcF4L8otfycIsqmeI9H4MdaSPL2H/GEjH7BctMS2zRDW11wPZ3pG3e0Kl G80L27QQVlb7RtANzlsqwcfoZDoQy93v65ByVs3QEBtv96dNvr196DfifSUOg59Rraav 43Jty/VIkCARvE1OTWkx7Iq+Ej6QKo7Xnh03UrGJdQkOx6UmVWIQ3FAydDYQiinvlvkt NGtOOMaa47iQuMEFC4JvCUA4MKCQWsBzvBvI07xtKXtEMackQ33OmycV0mX2hApmsT8I MnAQ== MIME-Version: 1.0 Received: by 10.50.152.137 with SMTP id uy9mr4739745igb.62.1353270508712; Sun, 18 Nov 2012 12:28:28 -0800 (PST) Received: by 10.50.88.137 with HTTP; Sun, 18 Nov 2012 12:28:28 -0800 (PST) In-Reply-To: <20121118180421.GF24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> Date: Sun, 18 Nov 2012 15:28:28 -0500 Message-ID: Subject: Re: Recent security announcement and csup/cvsup? From: "b. f." To: Gary Palmer Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, "M. Schulte" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: bf1783@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 20:28:29 -0000 On 11/18/12, Gary Palmer wrote: > On Sat, Nov 17, 2012 at 05:07:16PM +0100, M. Schulte wrote: >> Hi, >> >> > Can someone explain why the cvsup/csup infrastructure is considered >> > insecure [...] >> >> Speaking of cvsup security -- correct me if I'm wrong, but as far as I >> know cvsup is generally vulnerable to man-in-the-attacks[0]. Hence I'd >> be very happy about more and more people moving over to the portsnap >> camp. >> >> Best, >> mel >> >> [0] http://en.wikipedia.org/wiki/Portsnap >> >> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2003-11/0287.html > > While I haven't investigated its protocol in detail, I would tend to > suspect > that svn is just as vulnerable as AFAIK the FreeBSD SVN servers are running > in clear text mode. And yet we are being pushed towards SVN for source > access instead of cvsup. For the base system, and for projects, you should be able to use: https://svn0.us-west.FreeBSD.org/ https://svn0.us-east.FreeBSD.org/ Unfortunately, AFAIK, the ports tree is not yet available via this interface. (You could use a script and a https client with https://svnweb.FreeBSD.org/ports , but this isn't very convenient.) > > portsnap is great if you can use the official ports tree without local > modifications. If you need to patch some ports locally (for whatever > reason) then I believe it is less helpful. cvs/svn let you update your > local > ports tree while keeping your local changes. True. There are workarounds, but they're a bit awkward. CTM+PGP is only slightly more convenient in this regard. > > In other words: while signed updates via freebsd-update and portsnap > are great for a good chunk of users, they don't address everyones needs. > b. From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 23:00:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C4F913BF for ; Sun, 18 Nov 2012 23:00:15 +0000 (UTC) (envelope-from clbuisson@orange.fr) Received: from smtp.smtpout.orange.fr (smtp06.smtpout.orange.fr [80.12.242.128]) by mx1.freebsd.org (Postfix) with ESMTP id 57DC88FC16 for ; Sun, 18 Nov 2012 23:00:14 +0000 (UTC) Received: from localhost ([92.162.140.93]) by mwinf5d12 with ME id RB0B1k00A216Bas03B0BpD; Mon, 19 Nov 2012 00:00:13 +0100 Message-ID: <50A9687B.1090705@orange.fr> Date: Mon, 19 Nov 2012 00:00:11 +0100 From: Claude Buisson User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:10.0.10) Gecko/20121030 Thunderbird/10.0.10 MIME-Version: 1.0 To: bf1783@gmail.com Subject: Re: Recent security announcement and csup/cvsup? References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Gary Palmer , freebsd-security@freebsd.org, "M. Schulte" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 23:00:15 -0000 On 11/18/2012 21:28, b. f. wrote: > For the base system, and for projects, you should be able to use: > > https://svn0.us-west.FreeBSD.org/ > https://svn0.us-east.FreeBSD.org/ > > Unfortunately, AFAIK, the ports tree is not yet available via this > interface. (You could use a script and a https client with > https://svnweb.FreeBSD.org/ports , but this isn't very convenient.) > I use update my port tree since August 26 from svn0.us-west !!! Claude Buisson From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 23:13:04 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BF6256BC; Sun, 18 Nov 2012 23:13:04 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7308C8FC0C; Sun, 18 Nov 2012 23:13:04 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id k10so7646096iea.13 for ; Sun, 18 Nov 2012 15:13:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=O56zAGFJ08zfVvIa8BW3u49NC74YDmFQPmq2nlgKAoo=; b=CIiVmv368LMcy1AVonhoiZ0vS6Ld893hSkvQABp5uy0WgOxz4T9qyMZiS8pjnoQNKA pXilmQGybKMw5VUYJJLd2VJc1pJfHVreWoK86iBMrjT/lnM1CuGca6eTf1suOnnJpWme mIEiCHg//PwQWcQQSGdWukG0ZMb1xaVLiW6mQpv503g5cs3XZwzMBGZFmSxPmT8UiJIa lU4A1A096E9eeVJYzi/NWqjOcVTybELHjQGuKjwGQYvGS3bMY//gToFqwprrn07G2yWc VIv61o4wu68Jh3e/p26uOQ0EnGqp/m1wXh7w29WRBHfUAdQFg9+LtCTvJLTf8R/qKbX5 99IA== MIME-Version: 1.0 Received: by 10.50.161.169 with SMTP id xt9mr4993978igb.62.1353280383550; Sun, 18 Nov 2012 15:13:03 -0800 (PST) Received: by 10.50.88.137 with HTTP; Sun, 18 Nov 2012 15:13:03 -0800 (PST) In-Reply-To: <50A9687B.1090705@orange.fr> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <50A9687B.1090705@orange.fr> Date: Sun, 18 Nov 2012 18:13:03 -0500 Message-ID: Subject: Re: Recent security announcement and csup/cvsup? From: "b. f." To: Claude Buisson Content-Type: text/plain; charset=ISO-8859-1 Cc: Gary Palmer , freebsd-security@freebsd.org, "M. Schulte" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: bf1783@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 23:13:04 -0000 On 11/18/12, Claude Buisson wrote: > On 11/18/2012 21:28, b. f. wrote: > > > >> For the base system, and for projects, you should be able to use: >> >> https://svn0.us-west.FreeBSD.org/ >> https://svn0.us-east.FreeBSD.org/ >> >> Unfortunately, AFAIK, the ports tree is not yet available via this >> interface. (You could use a script and a https client with >> https://svnweb.FreeBSD.org/ports , but this isn't very convenient.) >> > > I use update my port tree since August 26 from svn0.us-west !!! I checked again, and yes, you're right: the ports tree is now available via the https interface for the two servers above. b. From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 01:30:25 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 35AC4656 for ; Mon, 19 Nov 2012 01:30:25 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id F2AED8FC17 for ; Mon, 19 Nov 2012 01:30:24 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1TaGBm-000N1m-Na; Sun, 18 Nov 2012 20:30:18 -0500 Date: Sun, 18 Nov 2012 20:30:18 -0500 From: Gary Palmer To: Chris Rees Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121119013018.GH24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com> <20121118181711.GG24320@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 01:30:25 -0000 On Sun, Nov 18, 2012 at 06:26:14PM +0000, Chris Rees wrote: > On 18 November 2012 18:17, Gary Palmer wrote: > > On Sat, Nov 17, 2012 at 03:14:00PM +0000, Chris Rees wrote: > >> On 17 Nov 2012 15:06, "Gary Palmer" wrote: > >> > > >> > Hi, > >> > > >> > Can someone explain why the cvsup/csup infrastructure is considered > >> insecure > >> > if the person had access to the *package* building cluster? Is it because > >> > the leaked key also had access to something in the chain that goes to > >> cvsup, > >> > or is it because the project is not auditing the cvsup system and so the > >> > default assumption is that it cannot be trusted to not be compromised? > >> > > >> > If it is the latter, someone from the community could check rather than > >> > encourage everyone who has been using csup/cvsup to wipe and reinstall > >> > their boxes. Unfortunately the wipe option is not possible for me right > >> > now and my backups do go back to before the 19th of September > >> > >> Checks are being made, but CVS makes it slow work. > >> > >> It's incredibly unlikely that there will be a problem, but the Project has > >> to be cautious in recommendations. > > > > Thanks Chris for the update. May I politely suggest that the web page > > as I read it yesterday was more along the lines of "assume your machine is > > rooted, reinstall it". The reality is the message should have been "we > > cannot prove cvs/cvsup was not affected yet, but we are continuing to > > investigate. If you want to be really sure you weren't affected, reinstall > > from known clean media. Else wait for further updates". > > > > While I understand some people, especially the more security minded people, > > want to deprecate all access that isn't signed and secured, its no reason > > to cause people unnecessary work/panic. Plus signing is only as good as > > the security of the systems doing the builds and signing the content. > > Its just been proven that they may not be as secure as expected. > > I'm afraid that you have to do your own risk assessment-- for the > Project to recommend anything else would be irresponsible, and a major > disaster should anything turn out to be compromised several months > down the line... In order to do a risk assesment you have to have information that is lacking so far. There was nothing on the web announcement about the fact that cvs/csup was being audited, but the audit wasn't complete. I've also seen people comment that csup started working again, but there has been no word on the results of the cvs audit. I agree it is up to individual circumstances, but right now there is little information on which to base the decision Thanks, Gary P.S. Please don't take this personally Chris, I appreciate that you have been replying. However the FreeBSD Project has to start working with its users and communicating more effectively with them about this potential problem. From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 12:47:48 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 468B7C5B; Mon, 19 Nov 2012 12:47:48 +0000 (UTC) (envelope-from c.kworr@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id C7FA98FC14; Mon, 19 Nov 2012 12:47:47 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id s9so117785iec.13 for ; Mon, 19 Nov 2012 04:47:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=wQBp/ibivS1FFyrXGG0Pup4w4ShASk52PSMGCkiryVs=; b=AHEhpYZ1vWlC5Hitw7/DE/WGf6ygb3R/A2l08hV1QDanbk3kNbyBzltMeB7cCQ+T6S 3mg9ki58T3QLjoc3iJTh+/HyTvrER+jDBMoAkYRVB0dlb0kOoZGu7yux8l6xPy4gJdD4 1ysMgH6Wu9Bp/R0PVyvdzyuL183YwXXaNz3uGZlERN1PrNOUYT/Z/vSaKwXbB76Duf2v L16vCUTp39ASJJZCG/CJ2fHu3Qdjr6vq0q33a+3zbyVpiXSBQCLKEDAav9ED/89Wjb/Y 3vqNFtcu84WTjS0yRipl+lKx/I0vJiVfds3NEPee0qVIfisLJW8l2A1XuSNT5GKYHcah wO8A== Received: by 10.50.104.164 with SMTP id gf4mr6557334igb.1.1353329266944; Mon, 19 Nov 2012 04:47:46 -0800 (PST) Received: from [192.168.1.132] (mau.donbass.com. [92.242.127.250]) by mx.google.com with ESMTPS id cg5sm2444760igb.8.2012.11.19.04.47.43 (version=SSLv3 cipher=OTHER); Mon, 19 Nov 2012 04:47:46 -0800 (PST) Message-ID: <50AA2A6C.8060604@gmail.com> Date: Mon, 19 Nov 2012 14:47:40 +0200 From: Volodymyr Kostyrko User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:16.0) Gecko/20121116 Thunderbird/16.0.2 MIME-Version: 1.0 To: Ivan Voras Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] References: <20121117221143.41c29ba2@nonamehost> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 19 Nov 2012 12:56:51 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 12:47:48 -0000 19.11.2012 14:34, Ivan Voras wrote: > On 17/11/2012 22:48, Chris Rees wrote: > >> (and is GPL btw) > > Since we're discussing it, Mercurial is BSDL-ed, and apparently has > proper crypto signing using GPG: > > http://mercurial.selenic.com/wiki/FAQ#FAQ.2FTechnicalDetails.How_do_Mercurial_hashes_get_calculated.3F :%s/BSD/LGP/ http://mercurial.selenic.com/about/ -- Sphinx of black quartz, judge my vow. From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 12:48:55 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CD146E12; Mon, 19 Nov 2012 12:48:55 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 396548FC14; Mon, 19 Nov 2012 12:48:54 +0000 (UTC) Received: by mail-vb0-f54.google.com with SMTP id l1so6406765vba.13 for ; Mon, 19 Nov 2012 04:48:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RWYYZ+qZ60CQJ4ahX6jdItyrCSl7GH+lhI2UP6VW5eo=; b=u8GYOoOrVzS/ADdxt/gqBDl4p9cYdosrWSWzlsYRQPUXDEw0ZGym3H7GYctoY3zfS5 /H9YYkotX2ewjTIwqfS/NTqQ3gtpDIGv1QAfKSlQ74ZzYzRj83qlguZ2L6Lk6cdwnEkt Gs7ZMoN3VGemHvpdhxtrmyu0tExivcljsPN+1Es43l1cX8qG+HFOzTLmkRgxkrZwqjP3 XktUdOGZD4QBk9ahRdOBvho31a1fe6J4faAkBsXyYZoSLuGgwXDDWv1Wt3Qez6yCWzm3 vDYfcrWABbK4d09uQ/J+Tg/Ms5Wq1xQDHSI9dnW1wpMiqq1Tc+SA3wSfa8EkULVXHlQW LYgw== MIME-Version: 1.0 Received: by 10.52.90.212 with SMTP id by20mr16897257vdb.118.1353329332897; Mon, 19 Nov 2012 04:48:52 -0800 (PST) Received: by 10.58.218.35 with HTTP; Mon, 19 Nov 2012 04:48:52 -0800 (PST) In-Reply-To: References: <20121117221143.41c29ba2@nonamehost> Date: Mon, 19 Nov 2012 04:48:52 -0800 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Mehmet Erol Sanliturk To: Ivan Voras X-Mailman-Approved-At: Mon, 19 Nov 2012 13:16:44 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 12:48:56 -0000 On Mon, Nov 19, 2012 at 4:34 AM, Ivan Voras wrote: > On 17/11/2012 22:48, Chris Rees wrote: > > > (and is GPL btw) > > Since we're discussing it, Mercurial is BSDL-ed, and apparently has > proper crypto signing using GPG: > > > http://mercurial.selenic.com/wiki/FAQ#FAQ.2FTechnicalDetails.How_do_Mercurial_hashes_get_calculated.3F > > > http://selenic.com/repo/hg/file/fd903f89e42b http://selenic.com/repo/hg/file/fd903f89e42b/COPYING " GNU GENERAL PUBLIC LICENSE Version 2, June 1991 " In their repository , it is GPL v2 . Is there any other place which specifies its license as BSDL ? Thank you very much . Mehmet Erol Sanliturk From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 13:10:44 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C1494A58 for ; Mon, 19 Nov 2012 13:10:44 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from mail-ia0-f182.google.com (mail-ia0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 733CF8FC14 for ; Mon, 19 Nov 2012 13:10:41 +0000 (UTC) Received: by mail-ia0-f182.google.com with SMTP id x2so4251622iad.13 for ; Mon, 19 Nov 2012 05:10:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=/6RYBNtLoqDMG+mcDy4a6K1DqhuZG0Fv3q3z+ZLc24U=; b=a0tuJVOZK4/Hnbzx5EvjLLRaasZpgAxgnlZp8wnl2hZGPaFlOliru6M9OMDmgDfdBx bKbXppsLx7QRIQ2A/m9zczWGHAfi78v+kdG8nwg9JjwTN9PFqgX22gK5XvgmsAcWYsLy g7nUDEH37DlIK6XYDtVY08XS0llEqxmRpKMItsnDhOdYbdPxdWO9GMvV1kfHYS8sdO7G l5OVxstdgW3BgDW8oTSpT8wwxbIfvUdKuOijvMrhROKfu7iZVD8Mqhj7uzZYVy2UD7Xi hmyGYgYrd1toNvUcr7zb6heONb4XNCHGdpJDSpxLtJ9w6oJSXIUmN7Gu7koZKuEsDq1y Dc0g== MIME-Version: 1.0 Received: by 10.50.140.103 with SMTP id rf7mr6448795igb.56.1353330640756; Mon, 19 Nov 2012 05:10:40 -0800 (PST) Received: by 10.64.49.67 with HTTP; Mon, 19 Nov 2012 05:10:40 -0800 (PST) X-Originating-IP: [93.221.171.204] In-Reply-To: <50AA2A6C.8060604@gmail.com> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> Date: Mon, 19 Nov 2012 14:10:40 +0100 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: "C. P. Ghost" To: Volodymyr Kostyrko Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQkESUvJmEDPy/KtSD4cS8uDg7WqsdrA4lBMrk38Z7gRqedISsIZ3ACkoGnNIWra3qQVMwO/ X-Mailman-Approved-At: Mon, 19 Nov 2012 13:28:48 +0000 Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 13:10:44 -0000 On Mon, Nov 19, 2012 at 1:47 PM, Volodymyr Kostyrko wrote: > 19.11.2012 14:34, Ivan Voras wrote: >> >> On 17/11/2012 22:48, Chris Rees wrote: >> >>> (and is GPL btw) >> >> >> Since we're discussing it, Mercurial is BSDL-ed, and apparently has >> proper crypto signing using GPG: >> >> >> http://mercurial.selenic.com/wiki/FAQ#FAQ.2FTechnicalDetails.How_do_Mercurial_hashes_get_calculated.3F > > > :%s/BSD/LGP/ > > http://mercurial.selenic.com/about/ Even if it was BSD licensed, Mercurial has a huge dependency: Python; and Git is Perl-based. So neither of them is ideal, IMHO. If at all, we'd need a lean and mean distributed SCM program like Mercurial or Git, but written in C that we could add to base. Any volunteers? -cpghost. -- Cordula's Web. http://www.cordula.ws/ From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 13:18:02 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EBAEF174; Mon, 19 Nov 2012 13:18:02 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 416788FC14; Mon, 19 Nov 2012 13:18:01 +0000 (UTC) Received: by mail-vc0-f182.google.com with SMTP id fo13so6572038vcb.13 for ; Mon, 19 Nov 2012 05:18:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=e44nTj0gNhviH1QGqQQ1w/ZuGlBOwxAZDYMwbCG+9IM=; b=oyFr5jqUrVWtF3N7h5TfJBPCez3YfxtYaYp9KWzsgeGdd2069O7XwM/d29OaDChk6G pIsfpYMpMhBt70NcnENl+ld78O8OWaidBYBtL/j/7jbnoh/tMBzo8fWBHeZ872kU7gbO V++FhGnslTq3+SnVPpK1qwAkjYxJ/CoDHLg2IRpfzPnZ0wBfzQYD24JV7c/QkJ2Fbtol fAW/tmh9ZSAUFyXo7Lz9XRC1oQ1Kkm5o1LNdo0JG2OK9RG/glZJ+VvXgf7pHIzqQbeUD 99MPC/ysMQTqE1TiIz7bCMS2YC2+PrkfR1eHb5e4o/mOrf5Dxvfq4HmC6HjT37xtDkw+ i6cA== MIME-Version: 1.0 Received: by 10.58.161.113 with SMTP id xr17mr17169363veb.3.1353331081128; Mon, 19 Nov 2012 05:18:01 -0800 (PST) Received: by 10.58.218.35 with HTTP; Mon, 19 Nov 2012 05:18:01 -0800 (PST) In-Reply-To: References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> Date: Mon, 19 Nov 2012 05:18:01 -0800 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Mehmet Erol Sanliturk To: "C. P. Ghost" X-Mailman-Approved-At: Mon, 19 Nov 2012 13:29:04 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org, Volodymyr Kostyrko , Ivan Voras , freebsd-hackers@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 13:18:03 -0000 On Mon, Nov 19, 2012 at 5:10 AM, C. P. Ghost wrote: > On Mon, Nov 19, 2012 at 1:47 PM, Volodymyr Kostyrko > wrote: > > 19.11.2012 14:34, Ivan Voras wrote: > >> > >> On 17/11/2012 22:48, Chris Rees wrote: > >> > >>> (and is GPL btw) > >> > >> > >> Since we're discussing it, Mercurial is BSDL-ed, and apparently has > >> proper crypto signing using GPG: > >> > >> > >> > http://mercurial.selenic.com/wiki/FAQ#FAQ.2FTechnicalDetails.How_do_Mercurial_hashes_get_calculated.3F > > > > > > :%s/BSD/LGP/ > > > > http://mercurial.selenic.com/about/ > > Even if it was BSD licensed, Mercurial has a huge dependency: > Python; and Git is Perl-based. So neither of them is ideal, IMHO. > If at all, we'd need a lean and mean distributed SCM program > like Mercurial or Git, but written in C that we could add to base. > Any volunteers? > > -cpghost. > > -- > Cordula's Web. http://www.cordula.ws/ > http://mercurial.selenic.com/wiki/License http://selenic.com/hg/file/tip/COPYING http://mercurial.selenic.com/about/ "Mercurial is free software licensed under the terms of the GNU General Public License Version 2 or any later version." No one of them above mentions "BSD license" , or "dual license" , etc. Thank you very much . Mehmet Erol Sanliturk Similar projects From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 13:42:45 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 03C67EA1; Mon, 19 Nov 2012 13:42:45 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (centre.keltia.net [IPv6:2a01:240:fe5c::41]) by mx1.freebsd.org (Postfix) with ESMTP id A1CC98FC13; Mon, 19 Nov 2012 13:42:44 +0000 (UTC) Received: from roberto-aw.eurocontrol.fr (aran.keltia.net [88.191.250.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix/TLS) with ESMTPSA id 7AE1A6BF8; Mon, 19 Nov 2012 14:42:40 +0100 (CET) Date: Mon, 19 Nov 2012 14:42:34 +0100 From: Ollivier Robert To: freebsd-hackers@freebsd.org, freebsd-security@freebsd.org Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121119134233.GA90169@roberto-aw.eurocontrol.fr> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7.2 / Dell D820 SMP User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 13:42:45 -0000 According to C. P. Ghost on Mon, Nov 19, 2012 at 02:10:40PM +0100: > Even if it was BSD licensed, Mercurial has a huge dependency: > Python; > and Git is Perl-based. So neither of them is ideal, IMHO. Nope, git is almost all C even though some other tools relying on git are in Perl. > If at all, we'd need a lean and mean distributed SCM program > like Mercurial or Git, but written in C that we could add to base. > Any volunteers? We don't have svn in base either. Your point? -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Mon Nov 19 13:40:35 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 99544D96; Mon, 19 Nov 2012 13:40:35 +0000 (UTC) (envelope-from yerenkow@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2195F8FC19; Mon, 19 Nov 2012 13:40:34 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id 16so6115166obc.13 for ; Mon, 19 Nov 2012 05:40:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nXOYt6w37svRL85hqtaDOmxE37Yu3ojBP8SRzn0F6Ag=; b=g2l6z5a0n/lyhJ/7s2tYdnyYOr2+x95djZGKTdMe0S8L8NPvLJBljtl2kj9gCiJ9pk HO/vN1qKftoWeEknShRHcXSXlj0MobSmoerOvxczpISziaNkl2eMM34sl91QPcm+zhGZ qsUqvjHD5QXLt1kNOSO5vvH3DPEyIhUO322CIhOqx1Ej/wCJujF0ANZMdbIfrNb7m5CE ojRrAcKjSW1uZdjZC1sa9tP81nUyg3fIuum6lzSvFYhYK19ieLx/hNAHXyGxf7igFVgv 4EhjqKRSppwa01dZ4bpgqONUmWUKD1zej0xTA9Zi7l85dQSCn+0f4nu+bRxUsP4yBXWJ zdKg== MIME-Version: 1.0 Received: by 10.182.160.65 with SMTP id xi1mr10402238obb.49.1353332433710; Mon, 19 Nov 2012 05:40:33 -0800 (PST) Received: by 10.60.132.50 with HTTP; Mon, 19 Nov 2012 05:40:33 -0800 (PST) In-Reply-To: References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> Date: Mon, 19 Nov 2012 15:40:33 +0200 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Alexander Yerenkow To: Mehmet Erol Sanliturk X-Mailman-Approved-At: Mon, 19 Nov 2012 13:58:33 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "C. P. Ghost" , freebsd-hackers@freebsd.org, Volodymyr Kostyrko , freebsd-security@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2012 13:40:35 -0000 http://www.fossil-scm.org/ I'm not fossil user, but it's BSD licensed in written in C. Baptise Daroussin probably could tell us more about fossil pro and cons. -- Regards, Alexander Yerenkow From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 03:04:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 08D6D631; Tue, 20 Nov 2012 03:04:50 +0000 (UTC) (envelope-from xaque208@gmail.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) by mx1.freebsd.org (Postfix) with ESMTP id A9B4C8FC13; Tue, 20 Nov 2012 03:04:49 +0000 (UTC) Received: by mail-pa0-f54.google.com with SMTP id kp6so4025546pab.13 for ; Mon, 19 Nov 2012 19:04:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=ka4POaggfWqht6arGSuXewq3KgCzCUWkGmyCQLKeVA0=; b=tAUrZYw+Avbax1oD3sv3Qdnx6mC64iIPTyv0TT0BnT4b+N6Ta8/VP90lga5QfoRY19 0DBb0q/EEqB6p33J7Wd40+S+KRNp9OuauUqtLxwKMeJvXUQD2jVzh+o8Topw0O8BGmnf iimqy5g1VNvvqnp8UdsSouvGXjDUNkTgUa91YKie43y6tvZBx8u44qDD56Xt17pTVKHw +OiIsc1TNxePz+owWgz/nZLTsf5UDB/9/ruDoGXMDoJUZNi2GqlIJdmT//da0O2n+hry C5daJwBD9P6J4qyR7vMt87iZN+1e0o1y085PSGP810K37b+HqWW8bwu6jWKonps7CVgR fAZg== Received: by 10.68.197.197 with SMTP id iw5mr38584521pbc.22.1353380689192; Mon, 19 Nov 2012 19:04:49 -0800 (PST) Received: from localhost (c-67-171-138-28.hsd1.or.comcast.net. [67.171.138.28]) by mx.google.com with ESMTPS id gu5sm7228613pbc.10.2012.11.19.19.04.46 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Nov 2012 19:04:48 -0800 (PST) Date: Mon, 19 Nov 2012 19:04:45 -0800 From: Zach Leslie To: Adrian Chadd Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121120030445.GA38037@zjl.local> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, grarpamp , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 03:04:50 -0000 > There's a git repository. It's public. You can look at what goes into > the FreeBSD git clone to get your assurance that things aren't being > snuck in. People are using it, right now. I've always been confused by this. Which source repo is the true source of truth? To obtain the FreeBSD source, you can use CVS, SVN, or Git? Do all have the same level of support? Are they all up to date? > Honestly, I'd rather see subversion grow this kind of cryptographic > signing of each commit in the short term then migrate everyone over to > git. How much effor would their really be involved, considering your link to the FreeBSD source repo on github. Converting the repos to me seems like it would be the bulk of it, and that work is already done. Help me understand please. Also, local branching and merging is amazing. -- Zach From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 03:08:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6C3817BB; Tue, 20 Nov 2012 03:08:17 +0000 (UTC) (envelope-from xaque208@gmail.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1C3F58FC08; Tue, 20 Nov 2012 03:08:16 +0000 (UTC) Received: by mail-pa0-f54.google.com with SMTP id kp6so4027350pab.13 for ; Mon, 19 Nov 2012 19:08:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=yQ/TOjNSqILr3aI8+yiBsSVCJK+ZerB5cZceCt9Nrdw=; b=T6qmKhLTinyq2wPBvfimGV4ok9nOeMkrfh1hrMNkbfIoTVCjSHw/8Yasds5/0QMAka tgHgTmrm5cFaR/sq/FMKiec0s8y4fd5X7kf+unqZYTtsE4sGH6b46lhztfpfwfPDOOnZ zYNSJKUwlXrkRvRa/kyqpijWbeLV5cp+mNqq15Jc6VqX+DXtII79yI+wpZrvSTFMp4uU Hd8x4NvnIVidBBcC9Rb+hZp4YHJePj+zuuu6s3qoOoQxxDAyGUWMrWn+csmmO8ZSjPM9 pz9Z/l/NPmbpexamR1Jx7fh/cRJUxIZYYNpUJyHftIuL0DWONPz1qfMqTQvX3CwPQwDL wFmw== Received: by 10.68.83.68 with SMTP id o4mr45518238pby.25.1353380896692; Mon, 19 Nov 2012 19:08:16 -0800 (PST) Received: from localhost (c-67-171-138-28.hsd1.or.comcast.net. [67.171.138.28]) by mx.google.com with ESMTPS id l4sm4470616paw.15.2012.11.19.19.08.14 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Nov 2012 19:08:15 -0800 (PST) Date: Mon, 19 Nov 2012 19:08:13 -0800 From: Zach Leslie To: Alexander Yerenkow Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121120030813.GB38037@zjl.local> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "C. P. Ghost" , freebsd-hackers@freebsd.org, Volodymyr Kostyrko , Mehmet Erol Sanliturk , freebsd-security@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 03:08:17 -0000 > http://www.fossil-scm.org/ > > I'm not fossil user, but it's BSD licensed in written in C. > Baptise Daroussin probably could tell us more about fossil pro and cons. This misses one of of the main points raised in the original post. The proliferation of git as a revision control system. Also, this particular tool bails out on the unix philosophy, with its web gui, ticket tracker etc. Do one thing. Do it well. -- Zach From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 03:27:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D9BC0EE0 for ; Tue, 20 Nov 2012 03:27:34 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 421128FC15 for ; Tue, 20 Nov 2012 03:27:33 +0000 (UTC) Received: by mail-lb0-f182.google.com with SMTP id go10so2633371lbb.13 for ; Mon, 19 Nov 2012 19:27:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=jsS/E58dp6B0WJ/g1W3K/kKKp7huNh7sb8xpxuxuHd8=; b=iLcuL5O+xhZVDo9Zdhfo8JyfFDj28TI0I0ItaVXn2auerCYASOBYMdiBYvKVDI8e/5 U8lcHIyPgaUv9uRroRjIe2E3XeohwaMFpCcHVLMzHhqK/pIaBMWUJ26jr13CYLjY4Vm6 3Cpazmy+CxSNxa4db554v0MV5S5oxcn/5whjM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=jsS/E58dp6B0WJ/g1W3K/kKKp7huNh7sb8xpxuxuHd8=; b=HNc86p5zO+YPbk4xXBnyNW0e5NjCSHoSV5DmHt2N0+UxccUE5AISevD79Ag2xqMOvX HWIuEnxtLpo/OOfkDtHctR5On08QEkUmSI6lnSbgyc4s6yDPG1u24M7esilEbRQE+Ucv 0tuVhVzvG7gAfFP9tqlXnXtf4/7uruYGjb5sLw7gch4jJuVC8mVkVfobzpXfP4jwLEbO hLSIHBpdPRhFDOPsAPoIWhEPKue9F2+jOyGc+kP3gOWjJ4JlAOgZoXIVLcVvgP/PEZOW jG3Zp4hJMXFrI8r6zZjqaKqxMeH4xuLXbFQb9jcg/KcAhZo2n+ld9PAIVh98jJu7xYjX NsnA== Received: by 10.152.104.148 with SMTP id ge20mr13171371lab.51.1353382052946; Mon, 19 Nov 2012 19:27:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Mon, 19 Nov 2012 19:27:01 -0800 (PST) In-Reply-To: <20121120030445.GA38037@zjl.local> References: <20121120030445.GA38037@zjl.local> From: Eitan Adler Date: Mon, 19 Nov 2012 22:27:01 -0500 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] To: Zach Leslie Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmyeI17+8V3nI+f+CRygX0TVKLHIVIlubDsUaP0ciNmM7ehk1Bs8qgomMIPNztNICuoWpZn Cc: Adrian Chadd , freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, grarpamp , freebsd-security@freebsd.org, freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 03:27:34 -0000 On 19 November 2012 22:04, Zach Leslie wrote: > I've always been confused by this. Which source repo is the true source > of truth? This changed a few months ago when ports and doc switched. As of now: - SVN is *the* source of truth. - CVS is exported from svn. It will eventually go away - git is exported from svn. It will remain as an option for developers (including myself). > To obtain the FreeBSD source, you can use CVS, SVN, or Git? Do all have > the same level of support? Are they all up to date? SVN is *always* up to date. We try really hard to keep the others up to date, but fail at times. > Also, local branching and merging is amazing. +1 - but one can always use git-svn. -- Eitan Adler From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 09:55:20 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A271A933 for ; Tue, 20 Nov 2012 09:55:20 +0000 (UTC) (envelope-from xenophon+freebsd@irtnog.org) Received: from mx1.irtnog.org (bge0-1.edge1.cincinnati.irtnog.org [IPv6:2001:470:c445::1]) by mx1.freebsd.org (Postfix) with ESMTP id 6418B8FC12 for ; Tue, 20 Nov 2012 09:55:20 +0000 (UTC) Received: from cinep001bsdgw.irtnog.net (localhost [127.0.0.1]) by mx1.irtnog.org (Postfix) with ESMTP id 8DA7514C29 for ; Tue, 20 Nov 2012 04:55:17 -0500 (EST) X-Virus-Scanned: amavisd-new at irtnog.org Received: from mx1.irtnog.org ([127.0.0.1]) by cinep001bsdgw.irtnog.net (mx1.irtnog.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5bHBlEWWC1Mz for ; Tue, 20 Nov 2012 04:55:03 -0500 (EST) Received: from cinip100ntsbs.irtnog.net (cinip100ntsbs.irtnog.net [10.63.1.100]) by mx1.irtnog.org (Postfix) with ESMTP for ; Tue, 20 Nov 2012 04:55:02 -0500 (EST) Subject: RE: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 20 Nov 2012 04:54:59 -0500 Content-class: urn:content-classes:message Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.5 In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Thread-Index: Ac3GzyvYe4PKcJTESFeFOD1Am0Q5UAANYGKQ References: <20121120030445.GA38037@zjl.local> From: "xenophon\\+freebsd" To: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 09:55:20 -0000 > As of now: >=20 > - SVN is *the* source of truth. Would it be possible to publish FreeBSD's Subversion repository using HTTPS, instead of HTTP?=20 --=20 I FIGHT FOR THE USERS From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 10:01:56 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E820AFC for ; Tue, 20 Nov 2012 10:01:56 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (centre.keltia.net [IPv6:2a01:240:fe5c::41]) by mx1.freebsd.org (Postfix) with ESMTP id E39B18FC14 for ; Tue, 20 Nov 2012 10:01:55 +0000 (UTC) Received: from roberto-aw.eurocontrol.fr (aran.keltia.net [88.191.250.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix/TLS) with ESMTPSA id 674276E14 for ; Tue, 20 Nov 2012 11:01:54 +0100 (CET) Date: Tue, 20 Nov 2012 11:01:48 +0100 From: Ollivier Robert To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121120100148.GA93826@roberto-aw.eurocontrol.fr> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121118180421.GF24320@in-addr.com> X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7.2 / Dell D820 SMP User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 10:01:56 -0000 According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500: > In other words: while signed updates via freebsd-update and portsnap > are great for a good chunk of users, they don't address everyones needs. Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter). -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 11:45:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A1B4B62E for ; Tue, 20 Nov 2012 11:45:36 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from strudel.ki.iif.hu (strudel.ki.iif.hu [IPv6:2001:738:0:411:20f:1fff:fe6e:ec1e]) by mx1.freebsd.org (Postfix) with ESMTP id 221DC8FC08 for ; Tue, 20 Nov 2012 11:45:35 +0000 (UTC) Received: from cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [193.225.14.182]) by strudel.ki.iif.hu (Postfix) with ESMTP id 2C85B3D9; Tue, 20 Nov 2012 12:45:34 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu Received: from strudel.ki.iif.hu ([IPv6:::ffff:193.6.222.244]) by cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id BkOJbN6WeEw1; Tue, 20 Nov 2012 12:45:19 +0100 (CET) Received: by strudel.ki.iif.hu (Postfix, from userid 9002) id 2819E3F4; Tue, 20 Nov 2012 12:45:19 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by strudel.ki.iif.hu (Postfix) with ESMTP id 1FD6C3EC; Tue, 20 Nov 2012 12:45:19 +0100 (CET) Date: Tue, 20 Nov 2012 12:45:19 +0100 (CET) From: Mohacsi Janos X-X-Sender: mohacsi@strudel.ki.iif.hu To: Ollivier Robert Subject: Re: Recent security announcement and csup/cvsup? In-Reply-To: <20121120100148.GA93826@roberto-aw.eurocontrol.fr> Message-ID: References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 11:45:36 -0000 Dear Ollivier and all, I have problem with the portsnap: I maintain a private "repository" under the /usr/ports: There is a /usr/ports/tmp where I store new ports to be tested, and submitted. The portsnap is removing unrecognized local files. With cvsup I don't have such a problem. I have no information about pkgng, whether I can maintain private repository with pkgng or not? Janos Mohacsi Head of HBONE+ project Network Engineer, Director Network and Multimedia NIIF/HUNGARNET, HUNGARY Co-chair of Hungarian IPv6 Forum Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Tue, 20 Nov 2012, Ollivier Robert wrote: > According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500: >> In other words: while signed updates via freebsd-update and portsnap >> are great for a good chunk of users, they don't address everyones needs. > > Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter). > > -- > Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net > In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 10:15:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAB71DFF for ; Tue, 20 Nov 2012 10:15:10 +0000 (UTC) (envelope-from mwm@mired.org) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6E2F18FC16 for ; Tue, 20 Nov 2012 10:15:10 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id n9so7342554oag.13 for ; Tue, 20 Nov 2012 02:15:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=user-agent:in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:from:date:to:cc:message-id :x-gm-message-state; bh=PsOx20ZF2cgshgI6vtE8CpGUE4lqpDnsLZHn/15gzqw=; b=Hwj7bMfaphZQc74poN+iU8SQlHig+LcDZ1yOpYXA8Vktx3sFXlQ9F1epxY0XKDpFQo iM/EsDOzbJJm73gQ0zIIZxa5H23Nqn6yGb5PWp+xjynRD9U6ExYlEMdAJcXzABOvyr0R gy0KeTuFiSSqeTc/QGZ11MuV+w825qQsuQ2FdXXxKOPBYHaB2A66HXy/BPOt95iZjCT5 6QnunOb5GOe5VUz/BFNAC/J3QUHn9q99PNV41uE/zwVtEHu3jQ99Lmlr6yJuki0rjv6h su+6rKI/iCRO9ro38JLrt1X8CN8bFJZjrYLoPlrvWDhwripsaXXaOw5a81Y0+Q5Fam9A 3e7Q== Received: by 10.60.14.200 with SMTP id r8mr13203099oec.45.1353406509540; Tue, 20 Nov 2012 02:15:09 -0800 (PST) Received: from android-17cbdb9246b29c31.mired.org (ip72-200-195-210.ok.ok.cox.net. [72.200.195.210]) by mx.google.com with ESMTPS id yn8sm12625408obb.12.2012.11.20.02.15.07 (version=SSLv3 cipher=OTHER); Tue, 20 Nov 2012 02:15:08 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: <20121120030813.GB38037@zjl.local> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> <20121120030813.GB38037@zjl.local> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Mike Meyer Date: Tue, 20 Nov 2012 04:15:02 -0600 To: Zach Leslie ,Alexander Yerenkow Message-ID: X-Gm-Message-State: ALoCoQkJL1JXpNUO4biV4H5BgdcopbEaNPKRvJecl0RXgbvjkuLGuYDTD/TpThncTUgKZUqJQ/4q X-Mailman-Approved-At: Tue, 20 Nov 2012 11:47:10 +0000 Cc: "C. P. Ghost" , freebsd-hackers@freebsd.org, Volodymyr Kostyrko , freebsd-security@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 10:15:11 -0000 Zach Leslie wrote: >> http://www.fossil-scm.org/ l >> >> I'm not fossil user, but it's BSD licensed in written in C. >Also, this particular tool bails out on the unix philosophy, with its >web >gui, ticket tracker etc. Do one thing. Do it well. I would argue that git bails on that as well, but that's a different discussion. Whether or not fossil does "one thing" depends on which "one thing" you pick. If the one thing is "version control", you're right. However "version control" is just one aspect of a larger task that does't have a common name. But if you look at systems designed for managing projects with source, you'll see they universally provide web uis, issue trackers, and wikis. Due you trash IDE's because they provide tools that are useful for doing "software development" instead of limiting themselves to being "text editors"? That fossil provides all of those things in a single relatively small program is a major win - at least for small projects (which is the fossil target). On the other hand, the fossil project does stay focused on the core task. They will reject a change proposal because it's not part of that task. That said, much as I like fossil (it's my goto VCS) I don't think it would be a good choice for FreeBSD. We're not a small project - we have people who are willing to devote time to things like an external wiki and isse tracker. Nuts, we have (had?) repos in four different VCSs! Those features in fossil are purposely kept simple since they're meant for doing one thing, not as general-purpose tools for lots of things. The issue tracker doesn't support branching issues, which is liable to cause problems in a large project. The FreeBSD wiki's are used for lots of things other than just project documents. The web ui - well, that's probably useable as is. But that one thing isn't a deal maker. -- Sent from my Android tablet with K-9 Mail. Please excuse my swyping. From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 10:49:24 2012 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4F790963 for ; Tue, 20 Nov 2012 10:49:24 +0000 (UTC) (envelope-from john.bayly@tipstrade.net) Received: from intra.tipstrade.net (unknown [IPv6:2a01:348:2c2:100::3]) by mx1.freebsd.org (Postfix) with ESMTP id 0C2CB8FC08 for ; Tue, 20 Nov 2012 10:49:23 +0000 (UTC) Received: from intra.tipstrade.net (localhost [127.0.0.1]) by intra.tipstrade.net (Postfix) with ESMTP id C741FDB9D3A for ; Tue, 20 Nov 2012 10:49:14 +0000 (GMT) Received: from [192.168.0.30] (unknown [192.168.0.30]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: john.bayly@tipstrade.net) by intra.tipstrade.net (Postfix) with ESMTPSA id AB1FDDB9C71 for ; Tue, 20 Nov 2012 10:49:14 +0000 (GMT) Message-ID: <50AB6029.4090608@tipstrade.net> Date: Tue, 20 Nov 2012 10:49:13 +0000 From: John Bayly User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121028 Thunderbird/16.0.2 MIME-Version: 1.0 To: FreeBSD-security@FreeBSD.org Subject: Clarrification on whether portsnap was affected by the 2012 compromise X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Mailman-Approved-At: Tue, 20 Nov 2012 11:47:27 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 10:49:24 -0000 Regarding the 2012 compromise, I'm a little confused as to what was and wasn't affected: >From the release: > or of any ports compiled from trees obtained via any means other than > through svn.freebsd.org or one of its mirrors Does that mean that any ports updated using the standard "portsnap fetch" may have been affected, I'm guessing yes. Many thanks, John From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 12:06:30 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E92F96AE for ; Tue, 20 Nov 2012 12:06:30 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id B37C08FC14 for ; Tue, 20 Nov 2012 12:06:30 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Tamau-00017Q-6d; Tue, 20 Nov 2012 07:06:24 -0500 Date: Tue, 20 Nov 2012 07:06:24 -0500 From: Gary Palmer To: "xenophon\\+freebsd" Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121120120624.GA88593@in-addr.com> References: <20121120030445.GA38037@zjl.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 12:06:31 -0000 On Tue, Nov 20, 2012 at 04:54:59AM -0500, xenophon\+freebsd wrote: > > As of now: > > > > - SVN is *the* source of truth. > > Would it be possible to publish FreeBSD's Subversion repository using > HTTPS, instead of HTTP? I don't know how often they update, but the mirrors listed at http://www.freebsd.org/doc/handbook/mirrors-svn.html have both http and https available Gary From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 12:15:37 2012 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FF44BAA for ; Tue, 20 Nov 2012 12:15:37 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 2D80B8FC0C for ; Tue, 20 Nov 2012 12:15:37 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Tamjj-00018f-1f; Tue, 20 Nov 2012 07:15:31 -0500 Date: Tue, 20 Nov 2012 07:15:30 -0500 From: Gary Palmer To: John Bayly Subject: Re: Clarrification on whether portsnap was affected by the 2012 compromise Message-ID: <20121120121530.GC88593@in-addr.com> References: <50AB6029.4090608@tipstrade.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50AB6029.4090608@tipstrade.net> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: FreeBSD-security@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 12:15:37 -0000 On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: > Regarding the 2012 compromise, I'm a little confused as to what was and > wasn't affected: > > >From the release: > > or of any ports compiled from trees obtained via any means other than > > through svn.freebsd.org or one of its mirrors > Does that mean that any ports updated using the standard "portsnap > fetch" may have been affected, I'm guessing yes. > " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. " From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 12:47:22 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 453E9D6 for ; Tue, 20 Nov 2012 12:47:22 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (centre.keltia.net [IPv6:2a01:240:fe5c::41]) by mx1.freebsd.org (Postfix) with ESMTP id E4E578FC13 for ; Tue, 20 Nov 2012 12:47:21 +0000 (UTC) Received: from roberto-aw.eurocontrol.fr (aran.keltia.net [88.191.250.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix/TLS) with ESMTPSA id D9B0462D2; Tue, 20 Nov 2012 13:47:20 +0100 (CET) Date: Tue, 20 Nov 2012 13:47:19 +0100 From: Ollivier Robert To: Mohacsi Janos Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121120124718.GB93826@roberto-aw.eurocontrol.fr> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7.2 / Dell D820 SMP User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 12:47:22 -0000 According to Mohacsi Janos on Tue, Nov 20, 2012 at 12:45:19PM +0100: > Dear Ollivier and all, > I have problem with the portsnap: I maintain a private "repository" > under the /usr/ports: There is a /usr/ports/tmp where I store new > ports to be tested, and submitted. The portsnap is removing > unrecognized local files. This is the main issue most preople have with portsnap, yes. > With cvsup I don't have such a problem. I use svn myself but I have access to the main FreeBSD repo. > I have no information about pkgng, whether I can maintain private > repository with pkgng or not? I don't know what portsnap does with things like .svn/.hg (from different VCS). If it does not remove them, use hg/git/svn to "merge" from the official portsnap tree into your own. If it does, just rsync periodically from portsnap into your /usr/ports. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 12:48:08 2012 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 60D7B1DB; Tue, 20 Nov 2012 12:48:08 +0000 (UTC) (envelope-from john.bayly@tipstrade.net) Received: from intra.tipstrade.net (unknown [IPv6:2a01:348:2c2:100::3]) by mx1.freebsd.org (Postfix) with ESMTP id 1AB7F8FC15; Tue, 20 Nov 2012 12:48:08 +0000 (UTC) Received: from intra.tipstrade.net (localhost [127.0.0.1]) by intra.tipstrade.net (Postfix) with ESMTP id 013C6DB9FD3; Tue, 20 Nov 2012 12:47:58 +0000 (GMT) Received: from [192.168.0.30] (unknown [192.168.0.30]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: john.bayly@tipstrade.net) by intra.tipstrade.net (Postfix) with ESMTPSA id CDD9DDB9DF2; Tue, 20 Nov 2012 12:47:57 +0000 (GMT) Message-ID: <50AB7BFC.7040506@tipstrade.net> Date: Tue, 20 Nov 2012 12:47:56 +0000 From: John Bayly User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121028 Thunderbird/16.0.2 MIME-Version: 1.0 To: Gary Palmer Subject: Re: Clarrification on whether portsnap was affected by the 2012 compromise References: <50AB6029.4090608@tipstrade.net> <20121120121530.GC88593@in-addr.com> In-Reply-To: <20121120121530.GC88593@in-addr.com> X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Mailman-Approved-At: Tue, 20 Nov 2012 13:01:06 +0000 Cc: FreeBSD-security@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 12:48:08 -0000 On 20/11/12 12:15, Gary Palmer wrote: > On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: >> Regarding the 2012 compromise, I'm a little confused as to what was and >> wasn't affected: >> >> >From the release: >>> or of any ports compiled from trees obtained via any means other than >>> through svn.freebsd.org or one of its mirrors >> Does that mean that any ports updated using the standard "portsnap >> fetch" may have been affected, I'm guessing yes. >> > " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. " I suppose that implies that the previous portsnap snapshots couldn't be [completely] trusted. Basically I wanted to know whether I had to go through all the ports I've updated from the snapshots within the given time frame and to a portupgrade --force on them. In the end I decided yes (luckily it's only on a single box) From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 13:05:04 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E533859C for ; Tue, 20 Nov 2012 13:05:04 +0000 (UTC) (envelope-from a.zhuravlev@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5A8648FC13 for ; Tue, 20 Nov 2012 13:05:03 +0000 (UTC) Received: by mail-lb0-f182.google.com with SMTP id go10so3029015lbb.13 for ; Tue, 20 Nov 2012 05:05:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Uvk29S+1CG7j/IAjWctCUyAGP16H9X5VCtAY/f9AuDw=; b=Vo56h/vrmbDhNruMrhDPJWg61ycy0WS3NL491Ra8jOYtZSRTDKMh3IucOTRcVSCkro P/+ZEv+iB4DTHNXLH7PBXqJX7zppE4wlU+IbQBbeQnPf7HKhAuwkTyDv+P3IuLmtAzy7 uHxdafkeFBSFFCFgV9ADYDJqcV2diiQEbbToqWhOCjI0YcClFbp+cvBrCAjDUcEs9+8G +hxEcx96f9LeiLKFW5bmnH1aX0ZQvRtSxjVPwdyfABGdteYTCgCVrhhZw57HWsYNedhn E3X3vyp0gB80iInYhB9InNqjubUsNXnmIY/81pHm52/faYkcmgKPGDEHojDsT04KesNO ZJ9A== Received: by 10.152.105.68 with SMTP id gk4mr14420274lab.48.1353416702871; Tue, 20 Nov 2012 05:05:02 -0800 (PST) Received: from zmac (ip109.209.dars-ip.ru. [109.74.209.109]) by mx.google.com with ESMTPS id l1sm4894462lbm.1.2012.11.20.05.04.58 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 20 Nov 2012 05:05:00 -0800 (PST) Date: Tue, 20 Nov 2012 17:04:56 +0400 From: Alexander Zhuravlev To: Mohacsi Janos Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121120130456.GA22418@zmac> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 13:05:05 -0000 On Tue, Nov 20, 2012 at 12:45:19PM +0100, Mohacsi Janos wrote: > Dear Ollivier and all, > I have problem with the portsnap: I maintain a private "repository" > under the /usr/ports: There is a /usr/ports/tmp where I store new > ports to be tested, and submitted. The portsnap is removing > unrecognized local files. MacPorts has a really nice feature of Local Portfile Repositories: http://guide.macports.org/chunked/development.local-repositories.html I assume FreeBSD ports system can be modified to have something like this (to have a list of port directories which can be modified by, for example, defining local ports tree via /etc/make.conf). > With cvsup I don't have such a problem. > I have no information about pkgng, whether I can maintain private > repository with pkgng or not? > > Janos Mohacsi > Head of HBONE+ project > Network Engineer, Director Network and Multimedia > NIIF/HUNGARNET, HUNGARY > Co-chair of Hungarian IPv6 Forum > Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 > > On Tue, 20 Nov 2012, Ollivier Robert wrote: > > >According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500: > >>In other words: while signed updates via freebsd-update and portsnap > >>are great for a good chunk of users, they don't address everyones needs. > > > >Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter). > > > >-- > >Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net > >In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ > > > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Alexander Zhuravlev From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 13:50:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 67860873 for ; Tue, 20 Nov 2012 13:50:17 +0000 (UTC) (envelope-from richard@bader-muenchen.de) Received: from gate1.bader-muenchen.de (host-213-179-151-243.customer.m-online.net [213.179.151.243]) by mx1.freebsd.org (Postfix) with ESMTP id E1CDC8FC12 for ; Tue, 20 Nov 2012 13:50:15 +0000 (UTC) Received: from [127.0.0.1] (border.bader.loc [192.168.16.98]) by gate1.bader-muenchen.de (8.14.5/8.14.5) with ESMTP id qAKDo83S041237; Tue, 20 Nov 2012 14:50:09 +0100 (CET) (envelope-from richard@bader-muenchen.de) Message-ID: <50AB8AAB.7050102@bader-muenchen.de> Date: Tue, 20 Nov 2012 14:50:35 +0100 From: richard bader User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Clarrification on whether portsnap was affected by the 2012 compromise References: <50AB6029.4090608@tipstrade.net> <20121120121530.GC88593@in-addr.com> <50AB7BFC.7040506@tipstrade.net> In-Reply-To: <50AB7BFC.7040506@tipstrade.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 20 Nov 2012 14:12:05 +0000 Cc: richard@bader-muenchen.de X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 13:50:17 -0000 Am 20.11.2012 13:47, schrieb John Bayly: > On 20/11/12 12:15, Gary Palmer wrote: >> On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: >>> Regarding the 2012 compromise, I'm a little confused as to what was and >>> wasn't affected: >>> >>> >From the release: >>>> or of any ports compiled from trees obtained via any means other than >>>> through svn.freebsd.org or one of its mirrors >>> Does that mean that any ports updated using the standard "portsnap >>> fetch" may have been affected, I'm guessing yes. >>> >> " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted." > I suppose that implies that the previous portsnap snapshots couldn't be > [completely] trusted. Basically I wanted to know whether I had to go > through all the ports I've updated from the snapshots within the given > time frame and to a portupgrade --force on them. In the end I decided > yes (luckily it's only on a single box)-unsubscribe@freebsd.org" So what ist the way to get a 'secure' portscollection? first update with 'portsnap -f /etc/portsnap.conf fetch update ' and then 'portupgrade -caDf' -- Dipl.Ing.Bader Richard GmbH, Helferichstrasse 32, 80999 Muenchen Tel.: +49 89 892205 31 Fax.: +49 89 892205 33 http://www.bader-muenchen.de From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 15:05:38 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 68214312 for ; Tue, 20 Nov 2012 15:05:38 +0000 (UTC) (envelope-from mk@acc.umu.se) Received: from mail.acc.umu.se (mail.acc.umu.se [130.239.18.156]) by mx1.freebsd.org (Postfix) with ESMTP id 174138FC08 for ; Tue, 20 Nov 2012 15:05:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 6C618C51; Tue, 20 Nov 2012 15:47:39 +0100 (MET) X-Virus-Scanned: amavisd-new at acc.umu.se Received: from acc.umu.se (kennedy.acc.umu.se [IPv6:2001:6b0:e:2018::157]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: mk) by mail.acc.umu.se (Postfix) with ESMTPSA id 87AFAC4F; Tue, 20 Nov 2012 15:47:38 +0100 (MET) Date: Tue, 20 Nov 2012 15:47:37 +0100 From: Marcus Karlsson To: richard bader Subject: Re: Clarrification on whether portsnap was affected by the 2012 compromise Message-ID: <20121120144736.GI24300@acc.umu.se> References: <50AB6029.4090608@tipstrade.net> <20121120121530.GC88593@in-addr.com> <50AB7BFC.7040506@tipstrade.net> <50AB8AAB.7050102@bader-muenchen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50AB8AAB.7050102@bader-muenchen.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 15:05:38 -0000 On Tue, Nov 20, 2012 at 02:50:35PM +0100, richard bader wrote: > Am 20.11.2012 13:47, schrieb John Bayly: > >On 20/11/12 12:15, Gary Palmer wrote: > >>On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: > >>>Regarding the 2012 compromise, I'm a little confused as to what was and > >>>wasn't affected: > >>> > >>>>From the release: > >>>>or of any ports compiled from trees obtained via any means other than > >>>>through svn.freebsd.org or one of its mirrors > >>>Does that mean that any ports updated using the standard "portsnap > >>>fetch" may have been affected, I'm guessing yes. > >>> > >>" We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted." > >I suppose that implies that the previous portsnap snapshots couldn't be > >[completely] trusted. Basically I wanted to know whether I had to go > >through all the ports I've updated from the snapshots within the given > >time frame and to a portupgrade --force on them. In the end I decided > >yes (luckily it's only on a single box)-unsubscribe@freebsd.org" > So what ist the way to get a 'secure' portscollection? > first update with 'portsnap -f /etc/portsnap.conf fetch update ' > and then 'portupgrade -caDf' If we assume that ports have been compromised then just rebuilding them won't fix anything that they might have done to your system while they were installed. So in that case you would have to completely reinstall the system from known good install media, build everything again and restore as much as possible from backup. Marcus From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 15:45:25 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 524E61D5 for ; Tue, 20 Nov 2012 15:45:25 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id CDADC8FC08 for ; Tue, 20 Nov 2012 15:45:24 +0000 (UTC) Received: from rufus.webfusion.com (mail.heartinternet.co.uk [79.170.40.31]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id qAKFjK7Q028904 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 20 Nov 2012 15:45:20 GMT (envelope-from matthew@freebsd.org) X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk qAKFjK7Q028904 Authentication-Results: smtp.infracaninophile.co.uk/qAKFjK7Q028904; dkim=none (no signature); dkim-adsp=none X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host mail.heartinternet.co.uk [79.170.40.31] claimed to be rufus.webfusion.com Message-ID: <50ABA590.5090600@freebsd.org> Date: Tue, 20 Nov 2012 15:45:20 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:16.0) Gecko/20121115 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> In-Reply-To: <20121120100148.GA93826@roberto-aw.eurocontrol.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_SOFTFAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Tue, 20 Nov 2012 16:08:52 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 15:45:25 -0000 On 20/11/2012 10:01, Ollivier Robert wrote: > According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500: >> > In other words: while signed updates via freebsd-update and portsnap >> > are great for a good chunk of users, they don't address everyones needs. > Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter). kngng? I had visions of Kerberized pkgng there for a moment... pkgng will have a crypto-signing mechanism for packages with per-repository public keys and so forth. It's not there yet -- stuff is awaiting review by security team people, who are (even moreso, given current events) generally insanely busy. This will allow everyone to be confident that the packages they install are as generated on the build system used to generate them. Which won't help at all if an attacker can subvert either the mechanisms by which the build system gets its source code[*], or the source repositories that code comes from -- and remember, since this is the ports, that code comes from all sorts of places of greater and lesser security. In that sense, pkgng offers no fundamental security advantage over using the ports directly yourself. pkgng will be more convenient and a lot quicker, but it isn't meant to entirely replace the ports. Cheers, Matthew [*] Including faking the SHA checksums of the distfiles, which is a little extra step that seems to elude most attackers and that has resulted in uncovering such attacks in the past. From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:27:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 57F8F3A6 for ; Tue, 20 Nov 2012 16:27:15 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id BA1978FC12 for ; Tue, 20 Nov 2012 16:27:14 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so5855856lah.13 for ; Tue, 20 Nov 2012 08:27:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=+Wyv8wW6QN1BuonDaQYB6EJXQvba9aljO2wklP/UXEU=; b=MpKCPLNhzfK+Q2C7aiC6HH2/4OLlBhhmzVbzMPFVs6/su/1K2rds3QOM+mkSQ/U3QY CQ8dGOueOQodCrJmoRqf21NU9wudopBh06yn8MGJMYWSNaOlAFsCCpEqfTSPGU3vobsO X3iBU8F0GZcxt3AUnFMupE6o0uBqJ113/hd0I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=+Wyv8wW6QN1BuonDaQYB6EJXQvba9aljO2wklP/UXEU=; b=QxSym0QszbzBUr40oMfV1D5be+AXZsZdAR8OBX46G1Bu6TBL+BA7MeDjOhMCFkj83o 375J6yTJUCzKQFgwzTSa51SVGyGxC8XO1XainBClxqcfoYOvowl48W3YX4Iwg+jjBO0b fz8EF/n/mv+EvlsQvhxnUrDq8YdNV0t9eVsuSMG/tHmXq1pSET33wruNO+wTsMI7puy8 5TV/WGQdeVHl4cP3KqK0j9MhdmT4nE5Dy9twDvlSy9ytW0IBmQcwUGpaJyEZvKH3hyKG bJJpK3U9kAXcbW0Fvfu/hDd20VYOH1W07oOlhKGqgqGDDmVEdMS0wED8ungkWB552kXC TFMg== Received: by 10.152.131.200 with SMTP id oo8mr15025935lab.34.1353428833289; Tue, 20 Nov 2012 08:27:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Tue, 20 Nov 2012 08:26:42 -0800 (PST) In-Reply-To: References: <20121120030445.GA38037@zjl.local> From: Eitan Adler Date: Tue, 20 Nov 2012 11:26:42 -0500 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] To: "xenophon\\+freebsd" Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQnJq9qphcBHE6viMO/BCttYY5xy7zUVD4w4+6iXFeuHJ/YCOah2nm3vA7BLrTrBji/XvCrA Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 16:27:15 -0000 On 20 November 2012 04:54, xenophon\+freebsd wrote: >> As of now: >> >> - SVN is *the* source of truth. > > Would it be possible to publish FreeBSD's Subversion repository using > HTTPS, instead of HTTP? %svn ls https://svn0.us-west.FreeBSD.org/base/ -- Eitan Adler From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:28:47 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A6025B1 for ; Tue, 20 Nov 2012 16:28:47 +0000 (UTC) (envelope-from lcampbell@ironclad.mobi) Received: from mail-qa0-f54.google.com (mail-qa0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id BBB5F8FC0C for ; Tue, 20 Nov 2012 16:28:46 +0000 (UTC) Received: by mail-qa0-f54.google.com with SMTP id g24so1035973qab.13 for ; Tue, 20 Nov 2012 08:28:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=BUv9PqhtV6VGzXDzQP6nFlEQLGs8suB6TbHCWLN7UnQ=; b=NXSGK+QYsfxsQASSjsCpwBmjMfaIx8nu/znBC8S8m1un+3Z2ntSnwynhR3ddPWebVC mppnF+4gXY1JJIRK46/fLhEJIGcFeqJW0i8pfJLGVKV56v+AIf1BJlSMHh0h/RXkF8Pz MvTdNXr+GzyLibumB8Q6Qujf8oYOfzk+Q/99Lys5X+J/pyzEUBHZvumhNQp4jUXkE83W 4Ej1baKgtOqdiCN8UK/5QDc832FTuzS5wYBQciKeG2Ug0ssGdYGNVnEb1ZYOe6bcJX7j fxm9cUQ9XNjdKg/xSCfP0KVwJDCj5IPMoQ7icNonuMU2zMggbZsKIONFXcXgddRJBEk3 116w== MIME-Version: 1.0 Received: by 10.224.78.148 with SMTP id l20mr15426969qak.27.1353428925789; Tue, 20 Nov 2012 08:28:45 -0800 (PST) Received: by 10.49.130.67 with HTTP; Tue, 20 Nov 2012 08:28:45 -0800 (PST) Date: Tue, 20 Nov 2012 10:28:45 -0600 Message-ID: Subject: Re: Recent security announcement and csup/cvsup? From: L Campbell To: Ollivier Robert Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQkYsgsLLbHCIVfl2IrnIyyYyk4x35j8eG+RxF2twhTPtGLO2L1A9ZiEnFPq9D88q6zEFu1j X-Mailman-Approved-At: Tue, 20 Nov 2012 16:29:49 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 16:28:47 -0000 > I have problem with the portsnap: I maintain a private > "repository" under the /usr/ports: There is a /usr/ports/tmp where I store > new ports to be tested, and submitted. The portsnap is removing > unrecognized local files. Adding the line REFUSE tmp to /etc/portsnap.conf should make portsnap ignore that directory. Check `man portsnap.conf` for more details. From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:31:06 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E0AE6DE for ; Tue, 20 Nov 2012 16:31:06 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 52F9D8FC14 for ; Tue, 20 Nov 2012 16:31:06 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Taqix-0001ag-C3; Tue, 20 Nov 2012 11:30:59 -0500 Date: Tue, 20 Nov 2012 11:30:59 -0500 From: Gary Palmer To: Eitan Adler Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121120163059.GD88593@in-addr.com> References: <20121120030445.GA38037@zjl.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org, "xenophon\\+freebsd" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 16:31:06 -0000 On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: > On 20 November 2012 04:54, xenophon\+freebsd > wrote: > >> As of now: > >> > >> - SVN is *the* source of truth. > > > > Would it be possible to publish FreeBSD's Subversion repository using > > HTTPS, instead of HTTP? > > %svn ls https://svn0.us-west.FreeBSD.org/base/ You will get a certificate warning. The certificates used do not appear to be officially signed by a recognised CA. The hashes of the certificate keys are on the mirror website I pointed out in my email Regards, Gary From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:32:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7EA177F9 for ; Tue, 20 Nov 2012 16:32:16 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from strudel.ki.iif.hu (strudel.ki.iif.hu [IPv6:2001:738:0:411:20f:1fff:fe6e:ec1e]) by mx1.freebsd.org (Postfix) with ESMTP id 2DC318FC1D for ; Tue, 20 Nov 2012 16:32:15 +0000 (UTC) Received: from cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [193.225.14.182]) by strudel.ki.iif.hu (Postfix) with ESMTP id 3CC1B33A; Tue, 20 Nov 2012 17:32:15 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu Received: from strudel.ki.iif.hu ([IPv6:::ffff:193.6.222.244]) by cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id 8+V8EkdWxEBt; Tue, 20 Nov 2012 17:32:12 +0100 (CET) Received: by strudel.ki.iif.hu (Postfix, from userid 9002) id 638F93D7; Tue, 20 Nov 2012 17:32:12 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by strudel.ki.iif.hu (Postfix) with ESMTP id 58AAF33A; Tue, 20 Nov 2012 17:32:12 +0100 (CET) Date: Tue, 20 Nov 2012 17:32:12 +0100 (CET) From: Mohacsi Janos X-X-Sender: mohacsi@strudel.ki.iif.hu To: L Campbell Subject: Re: Recent security announcement and csup/cvsup? In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 16:32:16 -0000 thanks for pointing out. Janos Mohacsi Head of HBONE+ project Network Engineer, Director Network and Multimedia NIIF/HUNGARNET, HUNGARY Co-chair of Hungarian IPv6 Forum Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Tue, 20 Nov 2012, L Campbell wrote: >> I have problem with the portsnap: I maintain a private >> "repository" under the /usr/ports: There is a /usr/ports/tmp where I store >> new ports to be tested, and submitted. The portsnap is removing >> unrecognized local files. > > Adding the line > > REFUSE tmp > > to /etc/portsnap.conf should make portsnap ignore that directory. > Check `man portsnap.conf` for more details. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 17:19:57 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38397CF0 for ; Tue, 20 Nov 2012 17:19:57 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id B1B3F8FC0C for ; Tue, 20 Nov 2012 17:19:56 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id je9so1936635bkc.13 for ; Tue, 20 Nov 2012 09:19:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=e34T3KpH0tCVJzSF4OW/ZCho4FiYQyCwdi6GJ5mft/E=; b=QXpYo366U8J/uUMt41EjljOynr1YB10Lh9kK4Dm6tP9H7R0/QX4hCkjoscPmxiqSzc GkQIb59tdBmq65UrmwL+7Zayku+vrhqtx8Y8KUfM7qwqAip6JHoRIzSAwBIIsRYlBJGo NErw7vX5mC2E2EgcEUcOXxyyYjbLv/t/QoCguktj9Y0PGFsNZriaR2I9ppyetr3BjgXD sUiRduaqjGTenBxYQ4oBeTtwN5lcXRRwu4SURGfFVm4WMEw7hmnSEwB99wT64waYwtHn oNrSfjiG2nvjvG4egbJ+XnCxEjFYPfo/94c/CP+soSp7RXyMp5gfZ/A6SQCmbrHWH8Zr 0mqA== Received: by 10.204.5.135 with SMTP id 7mr3522929bkv.48.1353431995618; Tue, 20 Nov 2012 09:19:55 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id f24sm4854938bkv.7.2012.11.20.09.19.54 (version=SSLv3 cipher=OTHER); Tue, 20 Nov 2012 09:19:54 -0800 (PST) Date: Tue, 20 Nov 2012 17:19:51 +0000 From: RW To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <20121120171951.5496e29e@gumby.homeunix.com> In-Reply-To: <20121120124718.GB93826@roberto-aw.eurocontrol.fr> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> <20121120124718.GB93826@roberto-aw.eurocontrol.fr> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 17:19:57 -0000 On Tue, 20 Nov 2012 13:47:19 +0100 Ollivier Robert wrote: > According to Mohacsi Janos on Tue, Nov 20, 2012 at 12:45:19PM +0100: > > Dear Ollivier and all, > > I have problem with the portsnap: I maintain a private > > "repository" under the /usr/ports: There is a /usr/ports/tmp where > > I store new ports to be tested, and submitted. The portsnap is > > removing unrecognized local files. > > This is the main issue most preople have with portsnap, yes. > >... > I don't know what portsnap does with things like .svn/.hg (from > different VCS). If it does not remove them, use hg/git/svn to > "merge" from the official portsnap tree into your own. If it does, > just rsync periodically from portsnap into your /usr/ports. AFAIK portsnap only removes local files that are under port directories and only does that during an initial extract. On normal updates it doesn't delete local files at all. IMO file deletion is not a significant problem. The more serious problem is that it only updates that which has changed in the repository. csup reverts any changes, so patches can be re-applied unconditionally. From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 00:41:07 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 79CAFFDD; Wed, 21 Nov 2012 00:41:07 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-ea0-f182.google.com (mail-ea0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 733618FC14; Wed, 21 Nov 2012 00:41:06 +0000 (UTC) Received: by mail-ea0-f182.google.com with SMTP id a14so1347965eaa.13 for ; Tue, 20 Nov 2012 16:41:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=a2qUeBhYJcVqm/vWaf/MxxA39D9XaLvFlXyjJ3FpUPU=; b=ESwbhsbrlxE4XzSU+N78XfG3itpBuxjhnh4SlpnsneeYXmojeT+E5ZKAMnBXS5gyCn 3n0sw0PYtGL/F6UZTZp8vuZULewO1ngNCYUMTwLfP+P+Rl0ZABz99/Jh/ptj6pQEB615 /Ken8TgwK3iZwD5iHyoFj63OvZupvGHbt6812ZdzbK77AZK5VcSoax6gNnMbAXo7G6ol 0bhsPRyG/1OV+Qo6gOFW8A0xfnYEB29QD+qgfsIorPJyR3l52PoQhTaYvIgNiaePgVSJ bznkKn3qp6CGSpWwhX+GPdM9QEhmc4ohFrHhYFYRYWKz/4xCCUXPvPK2nnMex+E30amJ 0j6Q== Received: by 10.14.216.193 with SMTP id g41mr39367451eep.37.1353458465269; Tue, 20 Nov 2012 16:41:05 -0800 (PST) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPS id 2sm33788564eef.17.2012.11.20.16.41.03 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 20 Nov 2012 16:41:04 -0800 (PST) Sender: Baptiste Daroussin Date: Wed, 21 Nov 2012 01:41:02 +0100 From: Baptiste Daroussin To: Zach Leslie Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121121004102.GQ71195@ithaqua.etoilebsd.net> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> <20121120030813.GB38037@zjl.local> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="G6ArjEZjY3m60389" Content-Disposition: inline In-Reply-To: <20121120030813.GB38037@zjl.local> User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Wed, 21 Nov 2012 02:16:56 +0000 Cc: Alexander Yerenkow , "C. P. Ghost" , freebsd-hackers@freebsd.org, Volodymyr Kostyrko , freebsd-security@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 00:41:07 -0000 --G6ArjEZjY3m60389 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 19, 2012 at 07:08:13PM -0800, Zach Leslie wrote: > > http://www.fossil-scm.org/ > >=20 > > I'm not fossil user, but it's BSD licensed in written in C. > > Baptise Daroussin probably could tell us more about fossil pro and cons. >=20 > This misses one of of the main points raised in the original post. The > proliferation of git as a revision control system. >=20 > Also, this particular tool bails out on the unix philosophy, with its web > gui, ticket tracker etc. Do one thing. Do it well. >=20 Look at the internal of fossil and how things are done in fossil and you wo= uld understand that the last sentence is totally wrong. Fossil has really nice features that could nicely fits with FreeBSD workflo= ws and greatly improves it. It has most of the new shiny feature everyone can expect from a dvcs, but it also has it drawbacks: The converted repositories (I did convert docs, src and ports) with full hi= story kept: branches, tags, etc. is huge and the first clone would be painful to = do. On the other side you have multiple working copies open on the same clone w= hich is really nice. Some of the operations can be slow, J=F6rg Sonnenberger wrote an analysis a= bout this one the fossil wiki, but don't remember the link sorry. =46rom my testing, apart from the do we really need a new scm question? I a= m a big fan of fossil and find it easier and cleaner than all the other scm I know,= I use git for pkgng and other projects, I use a lot mercurial on some other a= rea, and fossil remains my favorite :). But I really don't think it could fit FreeBSD's requirements as it is now. but there are lots of room of improvem= ents. The learning curve to fossil is probably really easy. On of the last thing is that fossil lacks keyword expansion. That said I'm happy with svn on FreeBSD, I still from time to time do conve= rsion of out different tree to fossil for fun, but no more and I won't advocate f= or any vcs change. Bapt --G6ArjEZjY3m60389 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCsIx4ACgkQ8kTtMUmk6ExNdQCeOyKnCwMEgLgxzYvhc291sQen c3cAnjTrPoy2qLq4wd9QHtU+9zjb366B =eJAx -----END PGP SIGNATURE----- --G6ArjEZjY3m60389-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 03:20:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E5A7CFA1 for ; Wed, 21 Nov 2012 03:20:09 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id 51C078FC08 for ; Wed, 21 Nov 2012 03:20:08 +0000 (UTC) Received: from server.rulingia.com (c220-239-241-202.belrs5.nsw.optusnet.com.au [220.239.241.202]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id qAL3K5ck015465 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 21 Nov 2012 14:20:06 +1100 (EST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.14.5/8.14.5) with ESMTP id qAL3Jx42031345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 21 Nov 2012 14:19:59 +1100 (EST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.14.5/8.14.5/Submit) id qAL3Jxar031344 for freebsd-security@freebsd.org; Wed, 21 Nov 2012 14:19:59 +1100 (EST) (envelope-from peter) Date: Wed, 21 Nov 2012 14:19:59 +1100 From: Peter Jeremy To: freebsd-security@freebsd.org Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121121031959.GA30708@server.rulingia.com> References: <20121120030445.GA38037@zjl.local> <20121120163059.GD88593@in-addr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline In-Reply-To: <20121120163059.GD88593@in-addr.com> X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 03:20:10 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Nov-20 11:30:59 -0500, Gary Palmer wrote: >On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: >> On 20 November 2012 04:54, xenophon\+freebsd >> wrote: >> >> As of now: >> >> >> >> - SVN is *the* source of truth. >> > >> > Would it be possible to publish FreeBSD's Subversion repository using >> > HTTPS, instead of HTTP? >>=20 >> %svn ls https://svn0.us-west.FreeBSD.org/base/ > >You will get a certificate warning. The certificates used do not >appear to be officially signed by a recognised CA. The hashes of the=20 >certificate keys are on the mirror website I pointed out in my email The certificates are self-signed. Whilst the hashes are published on the FreeBSD website, that site is only available via HTTP so there's still a bootstrap issue - which I don't have a general solution for. --=20 Peter Jeremy --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCsSF8ACgkQ/opHv/APuIc5vwCfWnBBlriOye74JIgsfALizn0Z 0IMAniQoDtg7sgN/UqMvjD4BahnbPq5y =vC+k -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 03:38:06 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6DB41370 for ; Wed, 21 Nov 2012 03:38:06 +0000 (UTC) (envelope-from marka@isc.org) Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by mx1.freebsd.org (Postfix) with ESMTP id EE2DA8FC08 for ; Wed, 21 Nov 2012 03:38:05 +0000 (UTC) Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 51BE05F9A58; Wed, 21 Nov 2012 03:37:54 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:3c0e:404f:1fe2:ca82]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id A41AA216C3D; Wed, 21 Nov 2012 03:37:52 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 48D8B2B723EB; Wed, 21 Nov 2012 14:37:50 +1100 (EST) To: Peter Jeremy From: Mark Andrews References: <20121120030445.GA38037@zjl.local> <20121120163059.GD88593@in-addr.com> <20121121031959.GA30708@server.rulingia.com> Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] In-reply-to: Your message of "Wed, 21 Nov 2012 14:19:59 +1100." <20121121031959.GA30708@server.rulingia.com> Date: Wed, 21 Nov 2012 14:37:49 +1100 Message-Id: <20121121033750.48D8B2B723EB@drugs.dv.isc.org> X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 03:38:06 -0000 In message <20121121031959.GA30708@server.rulingia.com>, Peter Jeremy writes: > On 2012-Nov-20 11:30:59 -0500, Gary Palmer wrote: > >On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: > >> On 20 November 2012 04:54, xenophon\+freebsd > >> wrote: > >> >> As of now: > >> >> > >> >> - SVN is *the* source of truth. > >> > > >> > Would it be possible to publish FreeBSD's Subversion repository using > >> > HTTPS, instead of HTTP? > >>=20 > >> %svn ls https://svn0.us-west.FreeBSD.org/base/ > > > >You will get a certificate warning. The certificates used do not > >appear to be officially signed by a recognised CA. The hashes of the=20 > >certificate keys are on the mirror website I pointed out in my email > > The certificates are self-signed. Whilst the hashes are published on > the FreeBSD website, that site is only available via HTTP so there's > still a bootstrap issue - which I don't have a general solution for. See DANE, RFC 6698. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 04:00:08 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B9E47532; Wed, 21 Nov 2012 04:00:08 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) by mx1.freebsd.org (Postfix) with ESMTP id 64A248FC12; Wed, 21 Nov 2012 04:00:08 +0000 (UTC) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.14.5/8.14.5) with ESMTP id qAL4076d029882; Tue, 20 Nov 2012 23:00:07 -0500 (EST) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.14.5/8.14.4/Submit) id qAL40764029879; Tue, 20 Nov 2012 23:00:07 -0500 (EST) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20652.20935.513138.382822@hergotha.csail.mit.edu> Date: Tue, 20 Nov 2012 23:00:07 -0500 From: Garrett Wollman To: Matthew Seaman Subject: Re: Recent security announcement and csup/cvsup? In-Reply-To: <50ABA590.5090600@freebsd.org> References: <20121117150556.GE24320@in-addr.com> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr> <50ABA590.5090600@freebsd.org> X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (hergotha.csail.mit.edu [127.0.0.1]); Tue, 20 Nov 2012 23:00:07 -0500 (EST) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=disabled version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hergotha.csail.mit.edu X-Mailman-Approved-At: Wed, 21 Nov 2012 04:07:11 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 04:00:08 -0000 < said: > pkgng will have a crypto-signing mechanism for packages with > per-repository public keys and so forth. It's not there yet -- stuff is > awaiting review by security team people, who are (even moreso, given > current events) generally insanely busy. Huh? What's not there yet? I've been signing my local repository since the very beginning. (I'm an unusual case and don't really care about "official" binary packages -- I want/need to control the options things are built with, and pkgng won't be able to handle that case usefully until it has a SAT solver for dependency resolution.) pkgng is the thing that is finally allowing my to manage the FreeBSD machines in our infrastructure as easily as the Debian machines; thankfully we only need about a hundred packages (and no X) rather than the full set. -GAWollman From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 08:33:59 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 050A830E for ; Wed, 21 Nov 2012 08:33:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id B4B838FC12 for ; Wed, 21 Nov 2012 08:33:58 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 6547E46B0D for ; Wed, 21 Nov 2012 03:33:58 -0500 (EST) Date: Wed, 21 Nov 2012 08:33:58 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-security@FreeBSD.org Subject: OpenBSM new addition: auditdistd. (fwd) Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 08:33:59 -0000 freebsd-security folk may also be interested in this forthcoming addition to OpenBSM from Pawel. I plan to cut a new OpenBSM alpha rev with auditdistd in the next couple of days. Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Wed, 21 Nov 2012 00:42:45 +0100 From: Pawel Jakub Dawidek To: trustedbsd-audit@FreeBSD.org Subject: OpenBSM new addition: auditdistd. Hi. In the new release of OpenBSM one of the major additions would be the auditdistd daemon. The work was sponsored by the FreeBSD Foundation. Thank you! Auditdistd is used to reliably and securely transfer local audit trail files over the network to separate machine, so that in case of successful attack on the local machine, an attack is unable to tamper with already distributed audit records. The auditdistd can operate in two modes: as a sender and as a receiver. In the first mode (the sender), auditdistd is reponsible for sending audit events gathered locally to remote auditdistd that operates in the receiver mode. The auditdistd in the receiver mode is responsible for receiving and storing audit trail files locally. On the receiver side there is no need for audit subsystem to be turned on. Auditdistd for speed, reliability and also security doesn't interpret audit trail files. Any file could be send and receive. The receiver places the files in a directory dedicated to the sending system. Sending side has no control over the place where received trail files are stored. The receiver also accepts only new audit events. It works in append-only mode. Previously received trail files and audit records stored in most recent trail file cannot be modified by the sender. These restrictions allow to assume that even if sender side was compromised in the given point in time, all previous audit records from this host can be trusted. Auditdistd uses sandboxing (including Capsicum's capability mode if availble), which is especially important for the receiver mode. In the current implementation after breaking through auditdistd protocol into the receiver process, an attacker has no access to audit trail files from other senders. This may be improved to use Capsicum's capabilities and only provide append-only file descriptors to the receiver process. Unfortunately with the current Capsicum implementation it is not possible to limit file descriptor to append-only writes. As part of another projected I changed that, so it should be available in the future. The auditdistd is as autonomous as possible, but sometimes auditd help is needed. Audit trail files are created by auditd in response to a request from the kernel audit subsystem. Auditd creates a file in /var/audit/ directory and of .not_terminated format. It also creates symlink 'current' to this file. Auditdistd needs hardlink to audit trail file in /var/audit/dist/ directory. It could create the hardlink by itself by monitoring changes to the /var/audit/ directory, but it might not be reliable. It might be possible that new audit trail file is created, terminated and removed before auditdistd had a chance to notice the file. This way we would lose some audit events. That's why more reliable option is to modify auditd to create hardlink in the /var/audit/dist/ directory the same way it creates symlink to current audit trail file. Similarly, auditd might be responsible for renaming .not_terminated files in /var/audit/dist/ directory to final name after termination for the same reason - auditdistd might not see the final name before trail expires and is removed from /var/audit/. Having a hardlink to trail file in /var/audit/dist/ eliminates the need for communication between auditd and auditdistd daemons. Each of them can remove their links whenever they want. If auditd decides that trail file expired and removes it from /var/audit/ directory, it doesn't affect link in /var/audit/dist/ directory that might not be sent yet by the auditdistd to the receiver side. And vice-versa - if auditdistd successfully sends trail file to the receiver side before it expires locally, it will just remove its link from /var/audit/dist/ without affecting /var/audit/ link. Configuration is pretty trivial. On the sender side where we gather audit records we have to add the following line to the /etc/security/audit_control file: dist:on And create /etc/security/auditdistd.conf file, eg.: sender { host "bigbrother.freebsd.org" { remote "tls://10.0.0.5" fingerprint "SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30:14:D7:F9:AA:8B:3E:73:CD:F5:76:2B" password "YjwbK69H5cEBlhcT+eJpJgJTFn5B2SrG" } } Fingerprint from receiver's public key can be obtained by running: openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | awk -F '[ =]' '{printf("%s=%s\n", $1, $3)}' On the receiver side we need to put certificate and private key into the following files: /etc/security/auditdistd.cert.pem /etc/security/auditdistd.key.pem And create the following /etc/security/auditdistd.conf: receiver { host "freefall.freebsd.org" { remote "tls://10.0.0.2" password "YjwbK69H5cEBlhcT+eJpJgJTFn5B2SrG" } } -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 06:18:39 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 997B36DA for ; Wed, 21 Nov 2012 06:18:39 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 168738FC12 for ; Wed, 21 Nov 2012 06:18:38 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id qAL6IMLj047486 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 21 Nov 2012 06:18:29 GMT (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.7.1 smtp.infracaninophile.co.uk qAL6IMLj047486 Authentication-Results: smtp.infracaninophile.co.uk/qAL6IMLj047486; dkim=none reason="no signature"; dkim-adsp=none (insecure policy) Message-ID: <50AC7225.2070906@FreeBSD.org> Date: Wed, 21 Nov 2012 06:18:13 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] References: <20121120030445.GA38037@zjl.local> <20121120163059.GD88593@in-addr.com> <20121121031959.GA30708@server.rulingia.com> <20121121033750.48D8B2B723EB@drugs.dv.isc.org> In-Reply-To: <20121121033750.48D8B2B723EB@drugs.dv.isc.org> X-Enigmail-Version: 1.4.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF34D7DB1FB0961A1817C83B4" X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_SOFTFAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Wed, 21 Nov 2012 12:16:38 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 06:18:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF34D7DB1FB0961A1817C83B4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 21/11/2012 03:37, Mark Andrews wrote: >> The certificates are self-signed. Whilst the hashes are published on >> > the FreeBSD website, that site is only available via HTTP so there's= >> > still a bootstrap issue - which I don't have a general solution for.= > See DANE, RFC 6698. Which means getting the FreeBSD.org domain signed using DNSSEC. Something I'd be very happy to see. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enigF34D7DB1FB0961A1817C83B4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCsci4ACgkQ8Mjk52CukIxNogCfe9PZry+ejaa86Us5ueQhFHw+ ioEAn09lasIPuDPYeluU8x4RMh7SBKg7 =A+ww -----END PGP SIGNATURE----- --------------enigF34D7DB1FB0961A1817C83B4-- From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:01:43 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9BCB23B5; Fri, 23 Nov 2012 00:01:43 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 77A848FC12; Fri, 23 Nov 2012 00:01:43 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAN01hKP018224; Fri, 23 Nov 2012 00:01:43 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAN01hiQ018223; Fri, 23 Nov 2012 00:01:43 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 23 Nov 2012 00:01:43 GMT Message-Id: <201211230001.qAN01hiQ018223@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-12:06.bind Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:01:43 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:06.bind Security Advisory The FreeBSD Project Topic: Multiple Denial of Service vulnerabilities with named(8) Category: contrib Module: bind Announced: 2012-11-22 Affects: All supported versions of FreeBSD before 9.1-RC2. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-10-11 13:25:09 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-10-10 19:50:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4244, CVE-2012-5166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. III. Impact A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. The attacker can also cause the server to lock up with specific combinations of RDATA. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, or 9.1-RC1 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. The following versions and newer versions of BIND installed from the Ports Collection are not affected by this vulnerability: bind96-9.6.3.1.ESV.R7.4 bind97-9.7.6.4 bind98-9.8.3.4 bind99-9.9.1.4 VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r241443 releng/8.3/ r243417 stable/9/ r241415 releng/9.0/ r243417 releng/9.1/ r243417 - ------------------------------------------------------------------------- VII. References https://kb.isc.org/article/AA-00778 https://kb.isc.org/article/AA-00801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:06.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 iEYEARECAAYFAlCutVIACgkQFdaIBMps37JhPQCfcwCHE7CxzBnrMdszdFYODgQs 1+kAn316Rx2d0Ecig5JHUR3broq5Hpog =EklC -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:01:57 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A34AB3C9; Fri, 23 Nov 2012 00:01:57 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 884498FC1A; Fri, 23 Nov 2012 00:01:57 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAN01vDV018275; Fri, 23 Nov 2012 00:01:57 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAN01vWO018274; Fri, 23 Nov 2012 00:01:57 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 23 Nov 2012 00:01:57 GMT Message-Id: <201211230001.qAN01vWO018274@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:01:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:07.hostapd Security Advisory The FreeBSD Project Topic: Insufficient message length validation for EAP-TLS messages Category: contrib Module: wpa Announced: 2012-11-22 Credits: Timo Warns, Jouni Malinen Affects: FreeBSD 8.0 and later. Corrected: 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4445 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The hostapd utility is an authenticator for IEEE 802.11 networks. It provides full support for WPA/IEEE 802.11i and can also act as an IEEE 802.1X Authenticator with a suitable backend Authentication Server (typically FreeRADIUS). EAP-TLS is the original, standard wireless LAN EAP authentication protocol defined in RFC 5216. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. II. Problem Description The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. III. Impact A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service. IV. Workaround No workaround is available, but systems not running hostapd are not vulnerable. Note that for FreeBSD 8.x systems, the EAP-TLS authentication method is not enabled by default. Systems running FreeBSD 8.x are only affected when hostapd is built with -DEAP_SERVER and as such, binary installations from the official release are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 8-STABLE or 9-STABLE, or to the RELENG_8_3, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 8.3 and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.x] # fetch http://security.FreeBSD.org/patches/SA-12:07/hostapd-8.patch # fetch http://security.FreeBSD.org/patches/SA-12:07/hostapd-8.patch.asc [FreeBSD 9.x] # fetch http://security.FreeBSD.org/patches/SA-12:07/hostapd.patch # fetch http://security.FreeBSD.org/patches/SA-12:07/hostapd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . 3) To update your vulnerable system via a binary patch: Systems running 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, 9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r releng/8.3/ r stable/9/ r releng/9.0/ r releng/9.1/ r - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:07.hostapd.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 iEYEARECAAYFAlCuu28ACgkQFdaIBMps37JpRwCfVJmZsx+mAF22hqtL3YvcGU2x g9IAoIUfP/8eJjQACi30QVdvjFtGDw7f =SJZf -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:02:04 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1F50E3D1; Fri, 23 Nov 2012 00:02:04 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id EF58A8FC12; Fri, 23 Nov 2012 00:02:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAN023Gg018319; Fri, 23 Nov 2012 00:02:03 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAN023hw018318; Fri, 23 Nov 2012 00:02:03 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 23 Nov 2012 00:02:03 GMT Message-Id: <201211230002.qAN023hw018318@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-12:08.linux Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:02:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel Announced: 2012-11-22 Credits: Mateusz Guzik Affects: All supported versions of FreeBSD. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4576 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. II. Problem Description A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. III. Impact It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 9.0, and 9.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, 9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r243417 releng/8.3/ r243417 stable/9/ r243417 releng/9.0/ r243417 releng/9.1/ r243417 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP =KVp4 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:11:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A51AEF8 for ; Fri, 23 Nov 2012 00:11:50 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 028938FC3F for ; Fri, 23 Nov 2012 00:11:49 +0000 (UTC) Received: by mail-lb0-f182.google.com with SMTP id go10so5660640lbb.13 for ; Thu, 22 Nov 2012 16:11:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=n6mSYpy0EhCuhJosfHiqobtD8WTYLlKLr7BBNiB2AUU=; b=KAtDCJ5bpkPtq9iECl1bduUweEn3hCs3GP0VXavqulKRfzwSrwOjAN5MR2FInHJxRh CWXmc7Zeb+xfB2hWNTQ7ghpo+1jDmfE/QVgi9S0sv9hoALjwP+Xf2TJ7RcunuoKnQ1ru qGrblDEpMM2Vzh2jhUpfJzUMJlTqDqsHOMtlQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :x-gm-message-state; bh=n6mSYpy0EhCuhJosfHiqobtD8WTYLlKLr7BBNiB2AUU=; b=HDVvNsMKLZwCUh1bHBIddjcJyoyPfCIz7Xma8EdGIi1249oY5ib9ZL49O63CfiNSil gqIgZnZnH4w8wPdHO9HpBuPJP+BqsgATMTz77r75YP0f/bHPnTysiJi7uoOLc1blvgfj z/GrgiN9dpkMqrMpWKVK4LdxtL8I2Az3mjLHQIvnGXlpOWZQbEdC4f990h222ow+OFgx E9MOsgLiRDUO/6iV4mzyYsSAxvVLgqt5BGspp00DBvcOHwOdImzhkJc5G6lIlqoQNkcJ gDRFYQpEEkTDYw2WPZ4AdqKvdfeiUbkrfIuuE7johFRZxrIme5HamS04YrluZkKh3/+C u62Q== MIME-Version: 1.0 Received: by 10.152.106.171 with SMTP id gv11mr1874523lab.26.1353629508542; Thu, 22 Nov 2012 16:11:48 -0800 (PST) Sender: simon@qxnitro.org Received: by 10.112.134.196 with HTTP; Thu, 22 Nov 2012 16:11:48 -0800 (PST) X-Originating-IP: [89.100.2.68] In-Reply-To: <201211230001.qAN01hiQ018223@freefall.freebsd.org> References: <201211230001.qAN01hiQ018223@freefall.freebsd.org> Date: Fri, 23 Nov 2012 00:11:48 +0000 X-Google-Sender-Auth: h6ZHXaNt2ISt8wd3FQ-a5m05a8E Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:06.bind From: "Simon L. B. Nielsen" To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmL+SPIW6DBPjoO+3S2MW1rzf2JpNOuyJhc3WyOL7TlZ8bcLM6c4GGPdEmcL8lcqWeDOapl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:11:50 -0000 On 23 November 2012 00:01, FreeBSD Security Advisories wrote: ============================================================================= > FreeBSD-SA-12:06.bind Security Advisory > The FreeBSD Project > > Topic: Multiple Denial of Service vulnerabilities with named(8) Just to make two points clear (since I suspect people might ask). - These fixes are exported to CVS/CVSup. - No, these SA's had nothing to do with the recent security incident. -- Simon L. B. Nielsen From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:30:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BCABFD73 for ; Fri, 23 Nov 2012 00:30:16 +0000 (UTC) (envelope-from bryan-lists@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 62D238FC20 for ; Fri, 23 Nov 2012 00:30:16 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=PNL9xi 3x0D4wrPYVhELaEvOUThHu0xlPGQKXT4k/RHhbC8zxPlvGjRC+hdyaEKAp87J8JZ TcR+ZlG0xpQk950oAufkWWw+MeAoe0bF2xj9hEFDKc+vPb8XpL96HFen1ptf0y+u vi+SwGvRrVTL2NsjwwDpOs1EfVE0bY6VGLlfw= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=COKy1/GLzfND f3A+zoA0POa16wIRnUI4Tn7GsVQPyk8=; b=cOVc4ocxJDZNQmo0CZRnf0G4+Geq YO32N6Xb7bWzIDiv9bKH0KiT0hwWzI3UX51AHBBy68KZl9DyZqCQVEuJ14TTmJOI yIPVfXtw4DAYkdTh2F7UuMjAm9ltMqqlDdeMWWKUzY/3VDGq/GNYdNVT1c8Rvhpn cV4ZnO6oqI6Huos= Received: (qmail 89021 invoked from network); 22 Nov 2012 18:30:14 -0600 Received: from unknown (HELO ?10.10.0.115?) (bryan@shatow.net@10.10.0.115) by sweb.xzibition.com with ESMTPA; 22 Nov 2012 18:30:14 -0600 Message-ID: <50AEC391.9020105@shatow.net> Date: Thu, 22 Nov 2012 18:30:09 -0600 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:08.linux References: <201211230002.qAN023hw018318@freefall.freebsd.org> In-Reply-To: <201211230002.qAN023hw018318@freefall.freebsd.org> X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:30:16 -0000 On 11/22/2012 6:02 PM, FreeBSD Security Advisories wrote: > IV. Workaround > > No workaround is available, but systems not using the Linux binary > compatibility layer are not vulnerable. > > The following command can be used to test if the Linux binary > compatibility layer is loaded: > > # kldstat -m linuxelf Is it sufficient to kldunload linux? Bryan From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:40:48 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 971F8FAB for ; Fri, 23 Nov 2012 00:40:48 +0000 (UTC) (envelope-from bryan-lists@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 38FA58FC13 for ; Fri, 23 Nov 2012 00:40:47 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=UTcOOJ ysELox3qpymhiUyiCqV713DwjwQ4w1f7B2KqAcCLamg6qvgShZ6RVA9YWPSjPlml kkLKVkbgAHCUAijSN6hNhMU3Pst3vL6eo3oP9eMOOGDRNxQ1Ad89UHhd1wuNTB6/ P+4w4nyJUWrg033mNWF3RtNHdRWOIv/aGZi/I= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=QllFEFQNpEFp oIb2YZJz3dKnYaxRWmTwjzATlJjzQII=; b=BDypNzqZQ6OKdr5kzp/kb2eAfIbg dvSWPATdGR2O81u7JFgb3mO8aGvgc0vFQsWtupsfyOjNRvIfGvHMvu/XdnkSdnrb hD6vQkDwuJbwS3AKZFMuTPl6/IpWvRbvXRLJjHfWs7smaxu8i7zxbqe50nnNYrig vlNRhVoVXSfh6y0= Received: (qmail 4873 invoked from network); 22 Nov 2012 18:40:46 -0600 Received: from unknown (HELO ?10.10.0.115?) (bryan@shatow.net@10.10.0.115) by sweb.xzibition.com with ESMTPA; 22 Nov 2012 18:40:46 -0600 Message-ID: <50AEC609.2040102@shatow.net> Date: Thu, 22 Nov 2012 18:40:41 -0600 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:08.linux References: <201211230002.qAN023hw018318@freefall.freebsd.org> <50AEC391.9020105@shatow.net> In-Reply-To: <50AEC391.9020105@shatow.net> X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:40:48 -0000 On 11/22/2012 6:30 PM, Bryan Drewery wrote: > On 11/22/2012 6:02 PM, FreeBSD Security Advisories wrote: >> IV. Workaround >> >> No workaround is available, but systems not using the Linux binary >> compatibility layer are not vulnerable. >> >> The following command can be used to test if the Linux binary >> compatibility layer is loaded: >> >> # kldstat -m linuxelf > > Is it sufficient to kldunload linux? > > Bryan Assuming it is enough to unload[/recompile/reload], here's a tip if it refuses to unload (in use), assuming no securelevel: > # kldunload linux > kldunload: can't unload file: Device busy > # procstat -ka|grep linux > 40338 100221 bot - mi_switch sleepq_switch sleepq_catch_signals sleepq_timedwait_sig _cv_timedwait_sig kern_select linux_select syscall Xint0x80_syscall > # kill 40338 > # kldunload linux > # kldstat -m linuxelf > kldstat: can't find module linuxelf: No such file or directory -- Regards, Bryan Drewery bdrewery@freenode/EFNet From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 00:40:55 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 81D6DFB1 for ; Fri, 23 Nov 2012 00:40:55 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id E9C5D8FC0C for ; Fri, 23 Nov 2012 00:40:54 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so8274262lah.13 for ; Thu, 22 Nov 2012 16:40:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=G+7xFsdDfc3l1BXeCTyhRTM9q+VyjnBtxkkaQNJ6VCg=; b=mgSYsSxTvSK+Hbtw2JdRKukOi23mDXYgYoQ/5OYgwotMvdVT2sl3/DVUeGF/CDQraw WxNTn9KCT+qgfMxOLlraMGDeWcDUvRyb/W7fci9+wA4CzmI0J6fTIlHEi/z7Kx3S3xb+ /eRH7n3GoTbAwHeq3xn2lT33Vtr8uvVTb0Dqo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :x-gm-message-state; bh=G+7xFsdDfc3l1BXeCTyhRTM9q+VyjnBtxkkaQNJ6VCg=; b=Ip12IQlnPJ9ZdJ+1lUgB7rA+3igMkBscsrZEF9U7X2XAzE+ZrrS8IoavH67bjSxQlh kSrZ7eGXY1kZjmJ3pFGqr0SPKVJYnWU7fBNimLlipLkq+yirsxLyXI8vZwYiU2v/fAvA 5+JUyZeGo4y2wJA5dYxu0l8i/0gfEMQRJU0LdSokUTklflmoM6UfCdwLvq0To5H3MbAU z9FwZF/3ul+Hrb3g1rGKV6vVyXlT7DR88NTwRGHITicCk2GDq6vQtecKozHJXjdr7NDx jNWjZql2MlwdVrEMwCJLgmKqiBIzmYxGS1odo862ctUJT33UFO28IKa/RXAsFt90UDvG bsVw== MIME-Version: 1.0 Received: by 10.152.132.3 with SMTP id oq3mr1893263lab.18.1353631253424; Thu, 22 Nov 2012 16:40:53 -0800 (PST) Sender: simon@qxnitro.org Received: by 10.112.134.196 with HTTP; Thu, 22 Nov 2012 16:40:53 -0800 (PST) X-Originating-IP: [89.100.2.68] In-Reply-To: References: <201211230001.qAN01hiQ018223@freefall.freebsd.org> Date: Fri, 23 Nov 2012 00:40:53 +0000 X-Google-Sender-Auth: VYksfNAalGYI6QMCaAMrKefNJUc Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:06.bind From: "Simon L. B. Nielsen" To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQkTExnrwNlmx2fbj/UZe/ULwgBPvEJxAQG1UnTvG32rG9bqZcIQFHfYF/hOESu2uh5tKDEb X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 00:40:55 -0000 On 23 November 2012 00:11, Simon L. B. Nielsen wrote: > On 23 November 2012 00:01, FreeBSD Security Advisories > wrote: > > ============================================================================= >> FreeBSD-SA-12:06.bind Security Advisory >> The FreeBSD Project >> >> Topic: Multiple Denial of Service vulnerabilities with named(8) > > Just to make two points clear (since I suspect people might ask). > > - These fixes are exported to CVS/CVSup. > - No, these SA's had nothing to do with the recent security incident. Oh, and sorry to the Americans about releasing this on Thanksgiving, but delaying these advisories even further would mean they got in the way of other work within the project. -- Simon L. B. Nielsen From owner-freebsd-security@FreeBSD.ORG Fri Nov 23 01:04:18 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CA993B7; Fri, 23 Nov 2012 01:04:18 +0000 (UTC) (envelope-from brett@lariat.org) Received: from lariat.net (lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id D8C2F8FC08; Fri, 23 Nov 2012 01:04:17 +0000 (UTC) Received: from Toshi.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2] (may be forged)) by lariat.net (8.9.3/8.9.3) with ESMTP id SAA11159; Thu, 22 Nov 2012 18:04:05 -0700 (MST) Message-Id: <201211230104.SAA11159@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 22 Nov 2012 18:03:58 -0700 To: "Simon L. B. Nielsen" , freebsd-security@freebsd.org From: Brett Glass Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:06.bind In-Reply-To: References: <201211230001.qAN01hiQ018223@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 01:04:18 -0000 At 05:40 PM 11/22/2012, Simon L. B. Nielsen wrote: >Oh, and sorry to the Americans about releasing this on Thanksgiving, >but delaying these advisories even further would mean they got in the >way of other work within the project. This American does not mind. Would not want to see further delay of 9.1-RELEASE, which I'd hoped to install on servers during Thanksgiving! --Brett Glass