From marcus at FreeBSD.org  Sun Jun  1 17:52:19 2008
From: marcus at FreeBSD.org (Joe Marcus Clarke)
Date: Sun Jun  1 18:20:56 2008
Subject: [FreeBSD-Announce] HEADS UP: Ports support for 5.X is no more
Message-ID: <1212342736.99695.13.camel@shumai.marcuscom.com>

As of June 1, 2008 00:00:00 UTC, FreeBSD 5.X support in the ports tree
is End Of Life.  This means that a ports tree checked out after this
date is not guaranteed to produce usable packages on 5.X.  Additionally,
5.X package builds on the cluster will cease.  Users are encouraged to
upgrade to 6.3 or 7.0 if they wish to continue to track the latest ports
tree.

A tag, RELEASE_5_EOL, has been laid down to mark the last point in the
ports tree that officially supported FreeBSD 5.X.  Port Manager asks
that you not rush to remove 5.X support right away as we'd like a
settling-down period, and we want secteam to have a chance to make their
EOL announcements as well.

Marcus on behalf of portmgr

Bcc: ports, developers, portmgr
-- 
Joe Marcus Clarke
FreeBSD GNOME Team      ::      gnome@FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-announce/attachments/20080601/db698fe7/attachment.pgp
From cperciva at freebsd.org  Tue Jun  3 03:32:38 2008
From: cperciva at freebsd.org (FreeBSD Security Officer)
Date: Tue Jun  3 03:43:55 2008
Subject: [FreeBSD-Announce] FreeBSD supported branches update
Message-ID: <20080603033237.GC90341@freefall.freebsd.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Everyone,

The branches supported by the FreeBSD Security Officer have been updated
to reflect recent EoL (end-of-life) events.  The new list is below and
at <URL: http://security.freebsd.org/ >.  FreeBSD 5.5, FreeBSD 6.1, and
FreeBSD 6.2 have `expired' and are no longer supported effective June 1,
2008.  Users of these releases are advised to upgrade promptly to FreeBSD
6.3 or FreeBSD 7.0, either by downloading an updated source tree and
building updates manually, or (for i386 and amd64 systems) using the
FreeBSD Update utility as described in the FreeBSD 6.3 and FreeBSD 7.0
release announcements.

This marks the end of support by the FreeBSD Security Team for the
FreeBSD 5-STABLE branch, and at this time support for running software
from the ports tree on FreeBSD 5.x is also ceasing:  Packages for binary
installations will no longer be built for FreeBSD 5.5, building ports
from source on FreeBSD 5.x will no longer be supported, and the ports
INDEX will no longer be built and made available via portsnap or the
'make fetchindex' target.  Patches for individual ports specific for
their functioning on FreeBSD 5.5 may still be accepted at the discretion
of the port maintainer.

[Excerpt from http://security.freebsd.org/ follows]

FreeBSD Security Advisories

   The FreeBSD Security Officer provides security advisories for
   several branches of FreeBSD development. These are the -STABLE
   Branches and the Security Branches. (Advisories are not issued for
   the -CURRENT Branch.)

     * There is usually only a single -STABLE branch, although during
       the transition from one major development line to another
       (such as from FreeBSD 5.x to 6.x), there is a time span in
       which there are two -STABLE branches. The -STABLE branch tags
       have names like RELENG_6. The corresponding builds have names
       like FreeBSD 6.1-STABLE.

     * Each FreeBSD Release has an associated Security Branch. The
       Security Branch tags have names like RELENG_6_1. The
       corresponding builds have names like FreeBSD 6.1-RELEASE-p1.

   Isses affecting the FreeBSD Ports Collection are covered in the
   FreeBSD VuXML document.

   Each branch is supported by the Security Officer for a limited
   time only, and is designated as one of `Early adopter', `Normal',
   or `Extended'.  The designation is used as a guideline for
   determining the lifetime of the branch as follows.

   Early adopter
       Releases which are published from the -CURRENT branch will be
       supported by the Security Officer for a minimum of 6 months
       after the release.

   Normal
       Releases which are published from a -STABLE branch will be
       supported by the Security Officer for a minimum of 12 months
       after the release.

   Extended
       Selected releases will be supported by the Security Officer
       for a minimum of 24 months after the release.

   The current designation and estimated lifetimes of the currently
   supported branches are given below.  The Estimated EoL (end-of-life)
   column gives the earliest date on which that branch is likely to be
   dropped.  Please note that these dates may be extended into the
   future, but only extenuating circumstances would lead to a branch's
   support being dropped earlier than the date listed.

   +--------------------------------------------------------------------+
   |  Branch   |  Release  |  Type  |  Release date   |  Estimated EoL  |
   |-----------+-----------+--------+-----------------+-----------------|
   |RELENG_6   |n/a        |n/a     |n/a              |January 31, 2010 |
   |-----------+-----------+--------+-----------------+-----------------|
   |RELENG_6_3 |6.3-RELEASE|Extended|January 18, 2008 |January 31, 2010 |
   |-----------+-----------+--------+-----------------+-----------------|
   |RELENG_7   |n/a        |n/a     |n/a              |last release + 2y|
   |-----------+-----------+--------+-----------------+-----------------|
   |RELENG_7_0 |7.0-RELEASE|Normal  |February 27, 2008|February 28, 2009|
   +--------------------------------------------------------------------+

[End excerpt]

Colin Percival
FreeBSD Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkhEe5MACgkQFdaIBMps37IXoQCbB3RkY/s2CA+o/OFkuC/1YvUV
rY8An1JawL1x8DdUOlVUL0b2+9N4XZ2v
=X+Zm
-----END PGP SIGNATURE-----

From peter at wemm.org  Wed Jun  4 08:23:12 2008
From: peter at wemm.org (Peter Wemm)
Date: Wed Jun  4 08:24:14 2008
Subject: [FreeBSD-Announce] FreeBSD.org begins switch to Subversion
Message-ID: <e7db6d980806040054w5229502cu62d3e43c3735c97b@mail.gmail.com>

The FreeBSD Project has begun the switch of its source code management
system from CVS to Subversion. At this point in time, FreeBSD's
developers are making changes to the base system in the Subversion
repository. There is a replication system in place that exports our
work to the legacy CVS tree on a continuous basis.

People who are using our extensive CVS based distribution network
(including anoncvs, CVSup, csup, cvsweb, ftp) will not be interrupted
by our work-in-progress.  You do not need to change anything if you do
not wish to.

We are committed to maintaining the existing CVS based distribution
system for *at least* the support lifetime of all existing "stable"
branches. Security and errata patches will continue to be made
available in their usual CVS locations.  The rest of the FreeBSD-6 and
FreeBSD-7 releases will be built and released from the CVS tree.

We expect to make our Subversion based source tree and other
supporting infrastructure public very soon. There will be new mailing
lists to subscribe to if you wish to receive Subversion commit
notifications.

Our ports, doc and www trees are not affected at this time. A separate
decision will be made regarding the direction of those CVS
repositories soon.

Many people have contributed to the effort, but I particularly wish to
thank Michael Haggerty and the cvs2svn project developers for their
assistance with extracting and decrypting our 14 years of CVS history.
  Yahoo (my employer) donated server hardware and allowed me to spend
a considerable amount of time on the preparation, assembling the
infrastructure, and the conversion.
-- 
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell
From philip at freebsd.org  Thu Jun  5 09:07:53 2008
From: philip at freebsd.org (Philip Paeps)
Date: Thu Jun  5 11:16:27 2008
Subject: [FreeBSD-Announce] EuroBSDCon 2008 - extension of submission
	deadline
Message-ID: <20080605090748.GS810@carrot.home.paeps.cx>

Hi!
 
As announced earlier, EuroBSDCon 2008 will be held on 18 and 19 October 2008,
in Strasbourg, France.  We are still looking for proposals for presentations
and tutorials.  The submission deadline has been extended to 1 July 2008.

Important dates to remember:

  1 July 2008 
  Abstracts for papers and tutorials due

  1 August 2008
  Selected speakers notified

  16 October 2008
  First day of tutorials

  18 October 2008
  First day of presentations

Please consider submitting a paper as soon as possible if you would like to
present at EuroBSDCon 2008!

Regards,

 - Philip [for the program committee]

-- 
Philip Paeps                           Calm down ... it is only ones and zeros
philip@freebsd.org

  All things being equal, all things are never equal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-announce/attachments/20080605/759c6560/attachment.pgp
From errata-notices at freebsd.org  Thu Jun 19 06:54:38 2008
From: errata-notices at freebsd.org (FreeBSD Errata Notices)
Date: Thu Jun 19 06:54:41 2008
Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-08:02.tcp
Message-ID: <200806190654.m5J6sbLs064185@freefall.freebsd.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-08:02.tcp                                      Errata Notice
                                                          The FreeBSD Project

Topic:          TCP options padding

Category:       core
Module:         sys_netinet
Announced:      2008-06-19
Credits:        Bjoern A. Zeeb, Mike Silbersack, Andre Oppermann
Affects:        7.0-RELEASE
Corrected:      2008-05-05 20:59:36 UTC (RELENG_7, 7.0-STABLE)
                2008-06-19 06:36:10 UTC (RELENG_7_0, 7.0-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.   Background

The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service.  TCP packets can contain "TCP options" which allow for
enhancements to basic TCP functionality; depending on the length of
these options, it may be necessary for padding to be added.

II.  Problem Description

Under certain conditions, TCP options are not correctly padded.

III. Impact

A small number of firewalls have been reported to block incorrectly
padded TCP SYN and SYN/ACK packets generated by FreeBSD 7.0, with the
result that an attempt to open a TCP connection to or from an affected
host across such a firewall will fail.

IV.  Workaround

Disabling RFC 1323 extensions and selective acknowledgments will
eliminate the need for TCP option padding and restore interoperability.
Note that disabling these features may cause a reduction in performance
on high latency networks and networks that experience frequent packet
loss.

To disable these features, add the following lines to /etc/sysctl.conf:

net.inet.tcp.rfc1323=0
net.inet.tcp.sack.enable=0

And then run "/etc/rc.d/sysctl restart" to make the change effective.

V.   Solution

Perform one of the following:

1) Upgrade your affected system to 7-STABLE, or the RELENG_7_0 security
branch dated after the correction date.

2) To patch your present system:

The following patch has been verified to apply to FreeBSD 7.0 systems:

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch
# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_7
  src/sys/netinet/tcp.h                                          1.40.2.1
  src/sys/netinet/tcp_output.c                                  1.141.2.6
RELENG_7_0
  src/UPDATING                                              1.507.2.3.2.6
  src/sys/conf/newvers.sh                                    1.72.2.5.2.6
  src/sys/netinet/tcp.h                                          1.40.4.1
  src/sys/netinet/tcp_output.c                              1.141.2.3.2.1
- -------------------------------------------------------------------------

VII. References

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-08:02.tcp.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkhaAaQACgkQFdaIBMps37KmwgCfdC7qerBUDdmxPLe6yKZEwb7/
TqwAoJGFuowGOY/oeEQr6/AQZm3zgRY3
=UlPD
-----END PGP SIGNATURE-----