From owner-freebsd-security@freebsd.org Mon Feb 26 05:43:45 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F088F2D4B1 for ; Mon, 26 Feb 2018 05:43:45 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F102E845E7 for ; Mon, 26 Feb 2018 05:43:44 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-it0-x229.google.com with SMTP id j7so8225855ita.3 for ; Sun, 25 Feb 2018 21:43:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=TGS3esuDFse8jSvbKsbYfHoFQgz5NkGBZZnq6AcCNxE=; b=sWHNiZkklKgNR7sxNrgEwcQTovB2XNFMwysC66+vzu4ahz33DLKWJNfpmbveKACS0S 3cLLAwT4fVM77y7nhuE8SQeWeNn8yk4YE6Ii+UUDAO1q3dHO1j5nQjRhx9rpoMbfHKQx MZfOw7ydwpfMOfGpVVPXy8rDxe3mcUvUJeOZT756DGAdo9x14+AgZ/vHRihIO+I1XF2H 1p4KbgFF4YtnUMZiV4tcEbP0AA+WJ3KEwNF3vAkh/KIXiNAsb/1jboH4V4BppHvWXQBN RT2+3lwpY9SPQoj35wpldugFxvF/LYRnqwOklc8g/+nNq+oxWnwcboLBSCY80W9Rx2TR majg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=TGS3esuDFse8jSvbKsbYfHoFQgz5NkGBZZnq6AcCNxE=; b=Oj46WjAHnMBh+NNEADwR1h4hqjtQnJZTGcGLJDYsN36qqRN9DZkMN3TYgVmJOu2ZOH fLK7od+eQe6icnWOPyifX6Xw85VtYQ1Xtye7pyZ6VGywtmiNC9GyEDFyLEt3RqUU41gO WFnmokit7O7uW4f/SW5nvanZIsNys8qLBSQXfLt8PMJFyZfv0E8mJ6tdFIkYeac3RrMK 5lV5/2S5ht6uMZlnTzbhUVgfSpvDqPg9hFz/S0RD5PII5oR9PZd7mgdP3xnr0zZ4lLiL SKwD0EjAPjjCBa5HvUMIX5AzJs4672GmkF7U40i0WXrkJC856JwWw54Urokr9oh7d89o Dfdw== X-Gm-Message-State: APf1xPAQij4IGluRjJREw0QCIZVNXhB3Uj3wdvu2cisvDQyvkgjDywgX 1mmvLXo7dqtAbtkAYny400DpKMNtt1pZOVPTHBc= X-Google-Smtp-Source: AG47ELuPwrG2a/T7w8cwxrwGdFcnNKnYniPipldnPw1ZvlU5RCWvrSKwcVJE+N+UNDRJCUs8f52mIR97V/lljGhpACk= X-Received: by 10.36.91.201 with SMTP id g192mr11888424itb.101.1519623823905; Sun, 25 Feb 2018 21:43:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.177.217 with HTTP; Sun, 25 Feb 2018 21:43:03 -0800 (PST) In-Reply-To: <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd> References: <1778362.rEQJjLh0zu@beastie> <735f5c0a-f6a3-adb4-c615-7e0ce8fb6dea@queair.net> <20180225215044.vzuablpgcweaxwlh@mutt-hbsd> <2537598.fuWUYQZvu7@beastie> <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd> From: grarpamp Date: Mon, 26 Feb 2018 00:43:03 -0500 Message-ID: Subject: Fwd: [tor-relays] FreeBSD 11.1 ZFS Tor Image To: freebsd-security@freebsd.org Content-Type: multipart/mixed; boundary="001a11424b1c37740a056616feb3" X-Mailman-Approved-At: Tue, 27 Feb 2018 12:32:07 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 05:43:45 -0000 --001a11424b1c37740a056616feb3 Content-Type: text/plain; charset="UTF-8" ---------- Forwarded message ---------- From: Shawn Webb Date: Sun, Feb 25, 2018 at 5:17 PM Subject: Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image To: tor-relays@lists.torproject.org On Sun, Feb 25, 2018 at 04:03:49PM -0600, Conrad Rockenhaus wrote: > Wow, I didn't expect my friendly gesture to start another debate, but the > reasoning behind offering this image was mainly for people who were operating > on OpenStack clouds who wanted to upload the image to their infrastructure > using glance and start things up quickly. I'm more than willing to provide the > ansible scripts I use to initially spin things up, once I clean things up > since there's still some manual things that can be automated. > > I'll just consider this idea dead in the water. That being said: > > On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote: > > On Sun, Feb 25, 2018 at 09:05:00PM +0000, George wrote: > > > Conrad Rockenhaus: > > > > Hello All, > > > > > > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image > > > > that is fully configured and ready to run Tor. Right now it's an eight > > > > GB image, but I'm reducing the size by removing all of the extra stuff > > > > on it from the upgrade from FreeBSD 11 to 11.1. > > > > > > I think it's great to ease the implementation of Tor relays, > > > particularly on BSDs. > > > > > > However, I'd be wary of an image that I didn't build myself, personally. > > > > I agree with that sentiment. I would rather Tor relay operators set up > > their systems themselves so that they know how that system is > > configured. > > > > I would also suggest users run operating systems that specialize in > > security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens > > the door to mass exploitation via copy and paste style exploits. I > > would caution against such setups. Tor has a very unique threat > > landscape and the security of the relay should be of upmost > > importance. > > I'll be honest, I have never heard of a copy and paste style exploit. What is > it? Could you provide me a link with info about it, because I run several > FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix > it. With FreeBSD's complete lack of exploit mitigations, all tor instances running on like FreeBSD systems can be exploited the same way. The memory layout is predictable, memory mappings can be writable and executable, etc. The virtual memory layout of tor on your FreeBSD 11.1-RELEASE-p6 instance is going to be the exact same as John Smith's instance. This means that attackers can write their exploits with 100% reliability, even with virtual memory addresses hardcoded. There's no need for ROP, JOP, SROP, etc. on FreeBSD. FreeBSD is literally stuck in 1999-era security. Writing exploits for such systems is extremely easy for today's offensive security researchers. FreeBSD really needs ASLR and W^X, at a minimum, for me to put even the slightest trust in for applications that are security-sensitive (like tor). Until then, I'd encourage Tor relay operators to make use of operating systems that put a focus on security, like OpenBSD or HardenedBSD. Just yesterday, I was notified of yet another FreeBSD box getting popped by an offensive security researcher. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays --001a11424b1c37740a056616feb3 Content-Type: application/pgp-signature; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Transfer-Encoding: base64 X-Attachment-Id: aaaf23f05c48c2d0_0.0.1 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NCg0KaVFJekJBRUJDQUFkRmlFRUtycTJ2ZTlx OUlhK2lUMmVhb1JsajFKRmJ1NEZBbHFUTmZjQUNna1Fhb1JsajFKRg0KYnU1bFpBLy9XeUcrL3c5 TCtHdVplbUs2L1FvQ3g5ajV4Tk1EN0VOV1RZcTZtQ0l5dkJ6Zm9QKzEzei84UUdXYg0KRDd4S08y aG5oSDdaMnExazNZRmJzd1VPVUJ5U1QvS1VLUTFMM0pxVTQ0UWFHSis4TmRWdjk1NTAzbzdpbS9T Qw0KOWZCTmMwNXJwSEgxWk5pbE1YSTY3TjEwOWhmMUdPei8vZURUTklzV0F0UEU5QzM3NHl4R2dQ eVdQa0o0bHIzcA0KTWR4RVhXalpHbW1kWGhRQ0lpLyswdWZsZWYwN2VDVTFqQ0xKRDNwMS9wZmlL YXRRbjRvNFJ5TVNJa0pFQ1Rncw0KU1Ntb1dSWDcrRGY5VnowbWZVVENRRmJjRnlqQ0lXSytIQUZO ZE5HNVd6NlY5YmtYb1hRaGk2eEo1YWtJRXJTRg0KMXJSb1RxbFVkcjZtV2hWSlZUMTZaZ0FaRmlW UFR2dTI3S0ZRWUxYQzMwazV5cmRiYm9mN0dzdWRHdGJwcHhISw0KNWFyYnhjSTQvYTJVTE50ajk5 SUZSU0gyd1dmRHhPczBmamtrVUhRcXBjYjl6d0srSDdzNWdQNUFzNkF4cjZiWQ0KMnFwSlE2Nm9X M3VZdXpHQnNFNjRsU0l0MU5sdVhGS0FyZW10RDdzUDR4WnllU3l6b25saEVSSFpLVlhqaUV4bg0K UDlhdFY2VllvSFZ2NkFSVjVVekY5TndCRWwrUmdTSWlkZ0U3cTcyTklaazdZcTBWUHFIT0JvM2c2 UDRGSSt1Lw0KNHkvZDZhbnJaNFJjdXl0VzVKZUtaWmJVbWVXNGhOOGhwMjFhUnhwL0ZLL3Q0cjB5 b1ZNa3RyN1ZoYlAzeGE4Wg0KNGUvWkd4MTNkVHZOcU1HNUk0Tng3a3FCSFBWbDVSZDA0SG5SV01Z clJxdUNreUdmMmY0PQ0KPWwzbWENCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K --001a11424b1c37740a056616feb3-- From owner-freebsd-security@freebsd.org Tue Feb 27 19:30:47 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FBF6F1E64F; Tue, 27 Feb 2018 19:30:47 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C7DBE6B09D; Tue, 27 Feb 2018 19:30:46 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id E47824195; Tue, 27 Feb 2018 11:30:38 -0800 (PST) Date: Tue, 27 Feb 2018 11:30:38 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org cc: freebsd-ports@freebsd.org Subject: Re: Fwd: [tor-relays] FreeBSD 11.1 ZFS Tor Image In-Reply-To: Message-ID: References: <1778362.rEQJjLh0zu@beastie> <735f5c0a-f6a3-adb4-c615-7e0ce8fb6dea@queair.net> <20180225215044.vzuablpgcweaxwlh@mutt-hbsd> <2537598.fuWUYQZvu7@beastie> <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 19:30:47 -0000 Shawn Webb wrote: > There's no need for ROP, JOP, SROP, etc. on FreeBSD. FreeBSD is > literally stuck in 1999-era security. This is doubly true for ports, including Tor. I submitted a vuxml entry for apache-tomcat 5 days ago that still has not been committed. A follow-up resulted in two replies from a helpful member of the ports-secteam, but which took as long to write as the vulxml would have taken to validate and commit. Its CVE is priority 7 (remotely exploitable) but almost a week later pkg audit still won't tell you if you're running an exploitable Tomcat. The explanation I received is that the ports-secteam is a volunteer effort and nobody really expects 'pkg audit' to be timely anyhow. Such easily fixable problems. Even the FreeBSD Foundation for all the projects it funds, and could fund with +$2.5M in the bank, doesn't seem to care. Roger Marquis From owner-freebsd-security@freebsd.org Tue Feb 27 20:36:15 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B47AF26987 for ; Tue, 27 Feb 2018 20:36:15 +0000 (UTC) (envelope-from diotonante@gmail.com) Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D8D296EA29 for ; Tue, 27 Feb 2018 20:36:14 +0000 (UTC) (envelope-from diotonante@gmail.com) Received: by mail-ua0-x232.google.com with SMTP id m43so112669uah.1 for ; Tue, 27 Feb 2018 12:36:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=6itCQxTHkU84erhy+5nMeeJDNIe5duwlYVPSbxDcbEE=; b=vRuUZ2iv1OlR1wyhtSj8UG1lZLRwmlZTSuKAJO5Wq2V+U/blYTaqwYCGFM3vC/96LJ VDgHdzwI0KvVHLgqN0ICJG/XdmzzJdfjxatI7Z+QEq6lFWQi3s+jMjzIUG/A7RkX89bL L0Yg0AofAjBWN/VCxLictn+jy/7JObTdw7dKKPpXNzmXuohWJ/+t5mOkzLKtpDKZvqbf w2v9WhzDUgBkapneeZkqKUJOt8dNHspvKqEAcyYhcAB92W2ds/zkg+GfUf1GTin9BkX5 Vd711XeKbDb+NVomaHTdZ7mV9FiJ9qT623jF9b6+ZlfjL1x/Bai9dQOLNOQy6DF7nGT8 MiGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=6itCQxTHkU84erhy+5nMeeJDNIe5duwlYVPSbxDcbEE=; b=Fpdm8gYkPgf9b3iKHoISMYg+508+QDiT3fZDUjgYgTelna5+VXJmWPa3BKcBBhp7dH uf5bYV3h3ijwt/sp5428z+KWHVcI0jQfboXRMmlRhPOQW0PgBbINXn2/BO9qqQr9qoyk VMEohw9L1Zreik9aMTB/IwWuZ8oR7FVtBH01U7qvKFxAeSCcEvtSGQ9oqPRfy1JQRNwZ hqyMCh0hBqmVmXHUrCbHh1vNNmm0+KNYky9dM6VVVbadKd8ALnIZPVhleYW5y2V45ean PSoC+jsDRzYnvjTisuhh8VZRPFH6mDWkZ2ZVJekiCxtDR98wd0L/uHeyeTPKBIoUfIL3 O4lg== X-Gm-Message-State: APf1xPDv+zo6pH6lb00KD47Kf0RCCnucqyoBTWB2cZNbUOHQ8sk20Xcn grUAjXu+oECd9LSfvcVAJE2pVwFA2edAPMoBHiJFQg== X-Google-Smtp-Source: AG47ELv6V0Gzu9hfTNXJ2+zmaundSWr5bbzC7DgPQsWj1T1atFSone1csK1yC/oa1MgNyhIaMBACpGL89i4XqPAGMy4= X-Received: by 10.176.79.229 with SMTP id t37mr11667008uah.70.1519763774211; Tue, 27 Feb 2018 12:36:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.219.131 with HTTP; Tue, 27 Feb 2018 12:36:13 -0800 (PST) In-Reply-To: References: From: Davide Davini Date: Tue, 27 Feb 2018 21:36:13 +0100 Message-ID: Subject: Re: Re: Response to Meltdown and Spectre To: "freebsd-security@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 20:36:15 -0000 Hi, I'd like to know too. Maybe I missed something but as I understand it there are only patches on 11-stable now, is that correct? Is 10 ever going to be patched? On Wed, Jan 31, 2018 at 10:27 AM, Zahrir, Abderrahmane < Abderrahmane.Zahrir@ca.com> wrote: > Hi Guys, > > I understand that you have not been notified early enough about the > Meltdown and spectre security flow. > However do we have a rough estimate (something like an approximate month) > of when a patch will be available for the latest version 11.1 and possibly > 11.0? > From owner-freebsd-security@freebsd.org Tue Feb 27 17:57:40 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27488F3B3DF for ; Tue, 27 Feb 2018 17:57:40 +0000 (UTC) (envelope-from steve@localhost.lu) Received: from mail1.mbox.lu (mail.mbox.lu [85.93.212.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B1A488617B for ; Tue, 27 Feb 2018 17:57:39 +0000 (UTC) (envelope-from steve@localhost.lu) Received: from mail1.mbox.lu (localhost [127.0.0.1]) by mail1.mbox.lu (Postfix) with ESMTPS id 774AB78059; Tue, 27 Feb 2018 18:48:49 +0100 (CET) Received: from mail1.mbox.lu (localhost [127.0.0.1]) by mail1.mbox.lu (Postfix) with ESMTPS id 669D17805D; Tue, 27 Feb 2018 18:48:49 +0100 (CET) Received: from localhost (unknown [37.168.228.93]) by mail1.mbox.lu (Postfix) with ESMTPSA id 1AE8778059; Tue, 27 Feb 2018 18:48:48 +0100 (CET) Date: Tue, 27 Feb 2018 18:48:41 +0100 From: Steve Clement To: grarpamp Cc: freebsd-security@freebsd.org Subject: Re: Fwd: [tor-relays] FreeBSD 11.1 ZFS Tor Image Message-ID: <20180227174841.uk3aunj5srwkrj2c@localhost.lu> References: <1778362.rEQJjLh0zu@beastie> <735f5c0a-f6a3-adb4-c615-7e0ce8fb6dea@queair.net> <20180225215044.vzuablpgcweaxwlh@mutt-hbsd> <2537598.fuWUYQZvu7@beastie> <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="thoqtp64m5idykvd" Content-Disposition: inline In-Reply-To: OpenPGP: url=https://localhost.lu/0x9BE4AEE9.asc; id=9BE4AEE9 X-PGP-Fingerprint: 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9 X-Operating-System: Darwin User-Agent: NeoMutt/20171215-136-032aca X-Mailman-Approved-At: Tue, 27 Feb 2018 21:08:35 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 17:57:40 -0000 --thoqtp64m5idykvd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Just yesterday, I was notified of yet another FreeBSD box getting > popped by an offensive security researcher. >=20 Dear Shawn, If there is a post-mortem analysis and details on that incident, it would be really interesting what the MO is of that/those attackers who massively own all the FreeBSDs There must be quiet a few PoCs out there yet in-depth analysis (that are on recent versions of FreeBSD) might be interesting. Depending on the various attack vectors, perhaps other mitigations can be discussed. But honestly, I run fairly recent FreeBSD machines and they aren't popped, that I know of, on a regular basis. Sincerely, --=20 Steve Clement https://www.twitter.com/SteveClement mailto:steve@localhost.lu =2Elu: +352 20 333 55 65 --thoqtp64m5idykvd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEP02M9gj5T4goFSyxaaIPUJvkrukFAlqVmfkACgkQaaIPUJvk rukNWhAAmG66fLxJFqefYgI3TPH9h8nx4lPmGA9hMuKXhqihYy3LlCchl7X7/lTK UDN0qMfJsag415FRWnx7ZERwOgaBnfG3/FsnJTIred5AjyZEfQORPaJl+xO0AzbE M/D+p3vUlZwoVjW8fBN0C6Lr9LFADV6hvD/lpq+TC80pR6S26hub2TZO11Fi08Zn kxiZIfdzmyGspxPiYqyWutIE3EWPHrWqjbVlkp4faw98PkH/Ah9F5Vvgl2pXXnR3 kC5zo9fjmUcgzLM+fscGrbAhRUJY0VfWre8MvDUi5fEhJim7zYzjO4Ta/AVKFu5C hik5AZIMoQnhhrOMub3pPLq96/YNp1QUJWsE+2wbpLPr0i+nxPIcBg9dI5ogk2eA +7OOGqqDzHlmO1RpT3CzICrV7rOyjb198w3BmNd/Vui6mfgqjxxAXHzlZAKmVRFZ 8j4mhRbW9Q47NZpAviwpcneD7rYwm8BT/fq35he9rZDcd6QLJkR5Dl0PkZFyUUb3 zWOD1LmjGU4dp8Z9u3XaCGMAjHsiy1i+wuLs392vSvL3+39c1uEo+g7CjWKKRd/J VaxFkx+dRZdj+dVDfX4/FaOG8fqzOWVoJevNhpP6J1s65kIiKEP9R8YW4JWhC4OO hwzZwyGGEWkvfVF5Mu7yZbRCIAnkWPbfmlrRP7TcXOM3kPmqdF4= =BW7d -----END PGP SIGNATURE----- --thoqtp64m5idykvd-- From owner-freebsd-security@freebsd.org Tue Feb 27 22:37:38 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81D90F30296 for ; Tue, 27 Feb 2018 22:37:38 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1911B74B6D for ; Tue, 27 Feb 2018 22:37:38 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-it0-x233.google.com with SMTP id o9so1154237itc.1 for ; Tue, 27 Feb 2018 14:37:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=0KgDMBi9vTvwfQRs/mwZXSTBZsPu25Zypz5oYSLJEnw=; b=WqRi8g0DO3tsX8+YsMLBN/uOmD0wTSc7tMCDe+8CZnxgyyNszUM7HyLK/5ssRMsGJl aNyf6OwpL+MkiHb/ZO+LN/Byme5poMAdoWUiA8mn8oT/iH+UrjLWmrhmoCYJM+Vp5rOp HWIkozUDrT6URBMKqi/kVRHCq3nQbLiVzpJ4U1bPT1GkUsZd0gmUe4ohlCsyzX4v8oJd xVE0CFSMkqOsNzH7H4ySmMfKSDwAU+Ebi68dVVIgCBk6aMU7wPT4y/SMH3Np1wD9qrkd Q2vkWsuMMHo6B8tGRrB2ko2K/Q9CBjU9TjXpXTecCskkWzlXr/O+oAghoV46H8p+Xk6Y 3rVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=0KgDMBi9vTvwfQRs/mwZXSTBZsPu25Zypz5oYSLJEnw=; b=enrpfPAIFFsI4GteCr6B0utIWSq+C5vmgainTpuiS1mpQ5VVyGKbQ30jEqsNICw71b m0MD8cDklIALd+f6epJg2hQxCl1F/dgMmQnrDMllUjGN+fHeC9100zUkzJRv0CWQHYK2 U0Aj1n4pw4I9fChR/2nwOwS9EFQn6Vm6Kxpv2XrB0Aa3ZfjzW0Tr8Ty7mdl44t+/+R4J tesblkt12oeUjGe/wXE3SV5V9ArZJDI4ACXw5Q8IRiUuHBFqnuRF9HD7dFEcINgy00xc eYE1rXPqmkyYzT89sp0SrjiC3IFj0Is2on+tpHlPtdU9G3aturnIEnzNSLc2QqSf5DOP wWJg== X-Gm-Message-State: APf1xPClmebgvmMfwmd9w2vP2TububTcpwXiPyH1BwmPnvf5YuHo0nrO joqlV1kR0LOgHh7cZDnQs7lqTSzV1zC5d48EBtbi+3Rv X-Google-Smtp-Source: AG47ELsUqImm2n8eBI7wPFSnCkDhl8DsW6UlO507RdixOQwF/MgoKsxkOgD152CkizZ5S0BY0lUclVO3nkgI/whzXww= X-Received: by 10.36.47.135 with SMTP id j129mr18895076itj.78.1519771057166; Tue, 27 Feb 2018 14:37:37 -0800 (PST) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.163.13 with HTTP; Tue, 27 Feb 2018 14:37:16 -0800 (PST) In-Reply-To: References: From: Ed Maste Date: Tue, 27 Feb 2018 17:37:16 -0500 X-Google-Sender-Auth: vxJnylDDy7YEEcSIGczBPqpE3vs Message-ID: Subject: Re: Re: Response to Meltdown and Spectre To: "freebsd-security@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 22:37:38 -0000 On 27 February 2018 at 15:36, Davide Davini wrote: > Hi, > > I'd like to know too. Maybe I missed something but as I understand it there > are only patches on 11-stable now, is that correct? The change is committed to stable/11, and a patch against 11.1 is available for testing now. Kostik posted a link to the patch to the FreeBSD-stable mailing list (see https://lists.freebsd.org/pipermail/freebsd-stable/2018-February/088451.html). It will be turned into an update in the near future. > Is 10 ever going to be patched? It will, but differences between 10 and 11 mean that more work is still needed for the backport.