From dan at langille.org Wed Apr 9 15:00:41 2008
From: dan at langille.org (Dan Langille)
Date: Wed Apr 9 15:42:55 2008
Subject: [FreeBSD-Announce] BSDCan 2008 - only a few weeks to go
Message-ID: <37515572-4566-4A2E-9225-AD5ABD60FE93@langille.org>
Hi,
In this email:
- coming soon
- sponsors
- map
Coming Soon:
There are only a few weeks to go until BSDCan 2008. I hope
you've made your travel bookings. If you are coming in from
other than USA or Canada, we can provide you with a Letter
of Invitation after you have registered and paid. This letter
can help you if you need to apply for visa.
We have an amazing line up of talks and speakers. Full
details here: http://www.bsdcan.org/2008/schedule/
Sponsors:
The preparations are well underway. We've had tremendous support
from our sponsors:
The FreeBSD Foundation
Google
USENIX
XipLink
Juniper Networks
For more about our sponsors, please see http://www.bsdcan.org/2008/
sponsors.php
Maps:
This year we have added a Google map of the venue
and surrounding area. It is available from the home
page of http://bsdcan.org/ or from http://tinyurl.com/2lzthw
People keep telling me how much they're looking forward
to BSDCan. So much so that we've alerted the pubs.
--
Dan Langille -- http://www.langille.org/
dan@langille.org
From lgj at usenix.org Mon Apr 14 18:15:03 2008
From: lgj at usenix.org (Lionel Garth Jones)
Date: Mon Apr 14 18:47:29 2008
Subject: [FreeBSD-Announce] USENIX Annual Tech '08 Registration Now Open
Message-ID: <48039737.9030309@usenix.org>
---------------------------------------
2008 USENIX Annual Technical Conference
June 22-27, 2008, Boston, MA
Early Bird Registration Deadline: June 6, 2008
http://www.usenix.org/usenix08/proga
---------------------------------------
We're pleased to invite you to attend the 2008 USENIX Annual Technical
Conference. This year we're offering 3 days of training followed by a
3-day conference program filled with the latest systems research,
security breakthroughs, and practical approaches to the questions and
problems you wrestle with. You'll also have many opportunities to chat
with peers who share your concerns and interests.
http://www.usenix.org/usenix08/proga
Training: Sunday-Tuesday, June 22-24, 2008
The 3-day training program at USENIX '08 provides in-depth and
immediately useful training on the latest techniques, effective tools,
and best strategies, including:
* Bruce Potter on Botnets: Understanding and Defense
* Peter Baer Galvin on Solaris 10 Administration
* Phil Cox and Brad Johnson on Securing Virtual Environments
* Alan Robertson on Configuring and Deploying Linux-HA
Find out more at http://www.usenix.org/events/usenix08/training/
Technical Sessions: Wednesday-Friday, June 25-27, 2008
The 3-day technical program begins with a keynote address by David
Patterson, Director, U.C. Berkeley Parallel Computing Laboratory, on
"The Parallel Revolution Has Started: Are You Part of the Solution or
Part of the Problem?" and includes other noteworthy invited talks, such
as:
* Plenary Closing Session by Matthew Melis of the NASA Glenn Research
Center on "The Columbia Accident Investigation and Returning NASA's
Space Shuttle to Flight"
* Drew Endy, Cabot Assistant Professor of Biological Engineering at MIT
and a co-founder of the BioBricks Foundation (BBF), on "Programming DNA:
A 2-bit Language for Engineering Biology"
* Robert J. Lang on "From Flapping Birds to Space Telescopes: The Modern
Science of Origami"
The USENIX '08 Refereed Papers Track is the leading forum for presenting
the latest in ground-breaking systems research. Be among the first to
check out the latest innovative work in the systems field.
The Poster Session at USENIX '08 is an excellent forum for discussing
new ideas and getting useful feedback from the community. Poster
submissions should include a brief description of the research idea(s);
the submission must not exceed 2 pages. Send poster submissions to
usenix08posters@usenix.org by Tuesday, May 6, 2008.
Finally, don't miss the opportunity to pose your toughest questions to
the experts in the Guru Is In sessions. Mingle with colleagues and
leading experts in the Birds-of-a-Feather sessions and at the various
evening social events, including a Poster Session & Happy Hour, vendor
BoFs, and the Conference Reception.
USENIX '08 promises to be an exciting showcase for the latest in
innovative research and cutting-edge practices in technology. We look
forward to seeing you in Boston.
On behalf of the USENIX '08 organizers,
Rebecca Isaacs, Microsoft Research
Yuanyuan Zhou, University of Illinois at Urbana-Champaign
USENIX '08 Program Co-Chairs
usenix08chairs@usenix.org
P.S. Don't miss the workshops co-located with USENIX '08, including:
Xen Summit North America 2008
June 23-24, 2008
http://xen.org/xensummit/
First USENIX Workshop on Large-Scale Computing (LASCO '08)
June 23, 2008
http://www.usenix.org/events/lasco08/
From security-advisories at freebsd.org Thu Apr 17 00:14:55 2008
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Thu Apr 17 00:15:02 2008
Subject: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-08:05.openssh
Message-ID: <200804170014.m3H0Etrr028267@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:05.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH X11-forwarding privilege escalation
Category: contrib
Module: openssh
Announced: 2008-04-17
Credits: Timo Juhani Lindfors
Affects: All supported versions of FreeBSD
Corrected: 2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
2008-04-16 23:58:52 UTC (RELENG_7_0, 7.1-RELEASE-p1)
2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
CVE Name: CVE-2008-1483
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote shell access. The OpenSSH server daemon (sshd)
provides support for the X11 protocol by binding to a port on the
server and forwarding any connections which are made to that port.
II. Problem Description
When logging in via SSH with X11-forwarding enabled, sshd(8) fails to
correctly handle the case where it fails to bind to an IPv4 port but
successfully binds to an IPv6 port. In this case, applications which
use X11 will connect to the IPv4 port, even though it had not been
bound by sshd(8) and is therefore not being securely forwarded.
III. Impact
A malicious user could listen for X11 connections on a unused IPv4
port, e.g tcp port 6010. When an unaware user logs in and sets up X11
fowarding the malicious user can capture all X11 data send over the
port, potentially disclosing sensitive information or allowing the
execution of commands with the privileges of the user using the
X11 forwarding.
NOTE WELL: FreeBSD ships with IPv6 enabled by default in the GENERIC
and SMP kernels, so users are vulnerable even they have not explicitly
enabled IPv6 networking.
IV. Workaround
Disable support for IPv6 in the sshd(8) daemon by setting the option
"AddressFamily inet" in /etc/ssh/sshd_config.
Disable support for X11 forwarding in the sshd(8) daemon by setting
the option "X11Forwarding no" in /etc/ssh/sshd_config.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or 7-STABLE,
or to the RELENG_7_0, RELENG_6_3, RELENG_6_2, RELENG_6_1, RELENG_5_5
security branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 5.5, 6.1,
6.2, 6.3, and 7.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch
# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/secure/lib/libssh
# make obj && make depend && make && make install
# cd /usr/src/secure/usr.sbin/sshd
# make obj && make depend && make && make install
# /etc/rc.d/sshd restart
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_5
src/crypto/openssh/channels.c 1.18.2.1
RELENG_5_5
src/UPDATING 1.342.2.35.2.21
src/sys/conf/newvers.sh 1.62.2.21.2.22
src/crypto/openssh/channels.c 1.18.8.1
RELENG_6
src/crypto/openssh/channels.c 1.20.2.3
RELENG_6_3
src/UPDATING 1.416.2.37.2.6
src/sys/conf/newvers.sh 1.69.2.15.2.5
src/crypto/openssh/channels.c 1.20.2.2.4.1
RELENG_6_2
src/UPDATING 1.416.2.29.2.16
src/sys/conf/newvers.sh 1.69.2.13.2.15
src/crypto/openssh/channels.c 1.20.2.2.2.1
RELENG_6_1
src/UPDATING 1.416.2.22.2.27
src/sys/conf/newvers.sh 1.69.2.11.2.26
src/crypto/openssh/channels.c 1.20.2.1.4.1
RELENG_7
src/crypto/openssh/channels.c 1.23.2.1
RELENG_7_0
src/UPDATING 1.507.2.3.2.5
src/sys/conf/newvers.sh 1.72.2.5.2.5
src/crypto/openssh/channels.c 1.23.4.1
- -------------------------------------------------------------------------
VII. References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
http://www.openssh.com/txt/release-5.0
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFIBpWTFdaIBMps37IRAomdAJ9hKgp/MG2PbVVojAMjCTtcY6T5HgCeNDxa
iA55tmcA3GXbsXAd/flJZO4=
=joYI
-----END PGP SIGNATURE-----
From errata-notices at freebsd.org Thu Apr 17 00:15:16 2008
From: errata-notices at freebsd.org (FreeBSD Errata Notices)
Date: Thu Apr 17 00:15:20 2008
Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-08:01.libpthread
Message-ID: <200804170015.m3H0FGsQ028320@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-08:01.libpthread Errata Notice
The FreeBSD Project
Topic: Problems with fork(2) within threaded programs
Category: core
Module: libpthread
Announced: 2008-04-17
Credits: Julian Elischer, Dan Eischen
Affects: FreeBSD 6.3
Corrected: 2008-02-04 20:05:20 UTC (RELENG_6, 6.3-STABLE)
2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
POSIX threads are a set of functions that support applications with
requirements for multiple flows of control, called threads, within a
process. The fork(2) system call is used to create a new process.
II. Problem Description
The libpthread threading library on FreeBSD 6.3 fails to properly
reinitialize mutexes when a threaded process invokes fork(2).
III. Impact
After the fork(2) system returns, the newly created child process may
freeze in user space for no apparent reason. This affects any threaded
application that invokes fork(2), most frequently those that call
fork(2) before execve(2) or system(3) to run external programs.
IV. Workaround
On some systems, using libthr instead of libpthread, via the libmap
configuration file libmap.conf(5), may be an acceptable workaround.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE or the RELENG_6_3
security branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 6.3 systems:
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch
# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libpthread
# make obj && make depend && make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/lib/libpthread/sys/lock.c 1.9.2.2
src/lib/libpthread/thread/thr_kern.c 1.116.2.2
RELENG_6_3
src/UPDATING 1.416.2.37.2.6
src/sys/conf/newvers.sh 1.69.2.15.2.5
src/lib/libpthread/sys/lock.c 1.9.2.1.8.1
src/lib/libpthread/thread/thr_kern.c 1.116.2.1.6.1
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-08:01.libpthread.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFIBpWeFdaIBMps37IRAg2wAJ9jwXi2ZTaYXBdsU6CzS8dCzsQ5cwCcD2Fu
NCao693yWJo1bJrCrrbG8Ww=
=7mo1
-----END PGP SIGNATURE-----
From dan at langille.org Tue Apr 22 03:02:44 2008
From: dan at langille.org (Dan Langille)
Date: Tue Apr 22 03:13:19 2008
Subject: [FreeBSD-Announce] Three weeks to go
Message-ID: <8C56A107-2882-493A-8F29-D3DD4CE526F7@langille.org>
Hi,
In three weeks, the BSD masses will be gathering in Ottawa
for the 5th annual BSDCan. The schedule is phenomenal,
even if I do say so myself.
If you are interested in spreading the word about BSDCan,
and getting your name out there, consider reporting on one
or more of the talks for USENIX. Rik Farrow tells me that
the summaries will be published in the August 2008 issue of ;login:.
A summary can be as short as a paragraph or so. It's pretty easy,
and Rik provides past summaries as examples. If you can type,
you can do a summary.
Sign up here: http://www.spirit.com/cgi-new/bsdcan08
If you have not made your plans for BSDCan 2008 yet, you better
get started before all the good rooms are gone and you have
to stay off-campus. :)
--
Dan Langille -- http://www.langille.org/
dan@langille.org
From murray at FreeBSD.org Tue Apr 22 08:38:28 2008
From: murray at FreeBSD.org (Murray Stokely)
Date: Tue Apr 22 08:38:35 2008
Subject: [FreeBSD-Announce] Congratulations to our Summer of Code Students
Message-ID: <20080422083828.GB48531@hub.freebsd.org>
Google announced today that they are funding 21 Summer of Code
students to work on FreeBSD. We had over 100 very competitive
applications and so it was difficult to narrow it down to these 21
students. Each student will be paid by Google to spend the summer
working on a specified FreeBSD project with an assigned senior
developer to mentor them. More information about this program is
available from http://code.google.com/soc.
We are very much looking forward to working with these students this
summer on the chosen FreeBSD related projects. So without further
ado, the student/mentor pairs are :
* Dynamic memory allocation for dirhash in UFS2,
Sean Nicholas Barkas, mentored by David Malone
* TCP/IP regression test suite,
Victor Hugo Bilouro, mentored by George Neville-Neil
* Improved Wine support under FreeBSD,
Eric Durbin, mentored by Kristofer Paul Moore (PC-BSD)
* Allowing for Parallel builds in the FreeBSD Ports Collection,
David Forsythe, mentored by Mark Linimon
* Implementation of MPLS in FreeBSD,
Ryan French, mentored by Kip Macy
* Audit Firewall Events from Kernel,
Diego Giagio, mentored by Christian S.J. Peron
* Embedded FreeBSD project,
James Andrew Harrison, mentored by Warner Losh
* FreeBSD auditing system testing,
Vincenzo Iozzo, mentored by Attilio Rao
* Multibyte collation support,
Konrad Jankowski, mentored by Diomidis Spinellis
* Porting BSD-licensed Text-Processing Tools from OpenBSD,
Gabor Kovesdan, mentored by Max Khon
* Reference implementation of the SNTP client,
Johannes Maximilian Kuehn, mentored by Harlan Stenn (NTP)
* Improving layer2 filtering in FreeBSD,
Gleb Kurtsov, mentored by Andrew Thompson
* DTrace Toolkit on FreeBSD,
LIQUN LI, mentored by John Birrell
* NFSv4 ACLs,
Edward Tomasz Napierala, mentored by Robert Watson
* Adding .db support to pkg_tools --> pkg_improved,
Anders Nore, mentored by Florent Thoumie
* 802.11 Fuzzing and Testing,
Aniket Patankar, mentored by Sam Leffler
* TCP anomaly detector,
Rui Alexandre Cunha Paulo, mentored by Andre Oppermann
* Ports license auditing infrastructure,
Alejandro Pulver, mentored by Brooks Davis
* VM Algorithm Improvement,
Mayur Shardul, mentored by Jeffrey Roberson
* Enhancing FreeBSD's Libarchive,
Anselm Strauss, mentored by Timothy Kientzle
* Porting FreeBSD to Efika SoC (PPC bring up),
Przemek Witaszczyk, mentored by Rafal Jaworowski
We are still in the process of getting these students signed up for
perforce and wiki accounts and such, but eventually the students will
create project pages describing their plans and progress at :
http://wiki.freebsd.org/SummerOfCode2008
Thanks to everyone (over 60 committers registered this year!) that
helped review the student applications, and especially thanks to
Google for this significant investment in the the FreeBSD development
community.
- Murray Stokely
Robert Watson
From dan at langille.org Mon Apr 28 17:00:34 2008
From: dan at langille.org (Dan Langille)
Date: Mon Apr 28 17:03:54 2008
Subject: [FreeBSD-Announce] BSDCan - two weeks to go!
Message-ID: <38A36F5A-BD31-4D99-A242-43119EFF75A2@langille.org>
Hi,
In this announcement:
- Countdown
- Accommodation
- bring a cable
- Sponsors
COUNTDOWN
BSDCan 2008 starts in two weeks. By this time in a fortnight,
the people for the tutorials will have arrived. I also want to
mention
that the FreeBSD DevSummit has more than 80 people invited
this year.
ACCOMMODATION
If you have not already booked your accommodation for BSDCan 2008
chances are, you will not be able to stay on campus. By all means,
call them and ask, but most people have been getting "no vacancy".
Not to worry. We have you covered. There is nearby accommodation,
and it's not much more expensive than residence.
Les Suites have two deals for us:
One bedroom suite, one bed, one fold-out bed. $149 a night plus taxes
(1-2 persons)
Two bedroom suite, three beds, one fold-out bed. $209 a night plus
taxes (1-4 persons)
Phone and use the booking code: BSDCan2008
1 800 267-1989 (Canada/US toll free)
+1 613 232-2000
See http://www.bsdcan.org/2008/travel.php for details and see our
home page
for a Google map showing all the local amenities.
There are other nearby hotels as well, but Les Suites is closest.
If you have difficulty finding accommodation, please let us know and
we'll
try to help. If you're looking to share a room, try here:
http://www.bsdcan.org/phorum/list.php?f=6
CABLES
Even if your laptop has wireless, bring a cable. If you're staying in
residence, you'll
need a cable to connect to their network. Better still, bring your
own WAP and use
that.
You might also find an extension cord useful so you don't have to sit
next
to a power plug.
SPONSORS
Thanks to our sponsors:
The FreeBSD Foundation
Google
USENIX
iXsystems
Isilon
XipLink
Juniper Networks
BSD Perimeter
--
Dan Langille -- http://www.langille.org/
dan@langille.org