From deb at freebsdfoundation.org Mon Apr 6 14:57:26 2009
From: deb at freebsdfoundation.org (Deb Goodkin)
Date: Mon Apr 6 15:35:35 2009
Subject: [FreeBSD-Announce] Deadline Approaching for Travel Grant
Applications for BSDCan 2009
Message-ID: <49DA7ABF.4020508@freebsdfoundation.org>
This is a reminder that the deadline for submitting travel grant
applications for BSDCan 2009 is April 9, 2009. If you already submitted
an application, you will be receiving our decision soon.
The FreeBSD Foundation will be providing a limited number of travel
grants to individuals requesting assistance. Please fill out and submit
the Travel Grant Request Application at
http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by
April 9, 2009 to apply for this grant.
How it works:
This program is open to FreeBSD developers of all sorts (kernel hackers,
documentation authors, bugbusters, system administrators, etc). In some
cases we are also able to fund non-developers, such as active community
members and FreeBSD advocates.
(1) You request funding based on a realistic and economical estimate of
travel costs (economy airfare, trainfare, ...), accommodations
(conference hotel and sharing a room), and registration or tutorial
fees. If there are other sponsors willing to cover costs, such as your
employer or the conference, we prefer you talk to them first, as our
budget is limited. We are happy to split costs with you or another
sponsor, such as just covering airfare or board.
If you are a speaker at the conference, we expect the conference to
cover your travel costs, and will most likely not approve your direct
request to us.
(2) We review your application and if approved, authorize you to seek
reimbursement up to a limit. We consider several factors, including our
overall and per-event budgets, and (quite importantly) the
benefit to the community by funding your travel.
Most rejected applications are rejected because of an over-all limit on
travel budget for the event or year, due to unrealistic or uneconomical
costing, or because there is an unclear or unconvincing argument that
funding the application will directly benefit the FreeBSD Project.
Please take these points into consideration when writing your application.
(3) We reimburse costs based on actuals (receipts), and by check or bank
transfer. We require you submit a report on your trip, which we may
show to current or potential sponsors, and may include in our quarterly
newsletter.
There's some flexibility in the mechanism, so talk to us if something
about the model doesn't quite work for you or if you have any questions.
The travel grant program is one of the most effective ways we can
spend money to help support the FreeBSD Project, as it helps developers
get together in the same place at the same time, and helps advertise and
advocate FreeBSD in the larger community.
Thank You,
The FreeBSD Foundation
From lgj at usenix.org Wed Apr 15 10:42:20 2009
From: lgj at usenix.org (Lionel Garth Jones)
Date: Wed Apr 15 12:42:17 2009
Subject: [FreeBSD-Announce] USENIX '09 Registration Now Open
Message-ID: <43E14810-F872-472D-9EC2-35CFB66E63F2@usenix.org>
We're pleased to invite you to attend the 2009 USENIX Annual Technical
Conference. This year we're offering 6 days of training and a
3-day conference program filled with the latest systems research,
security breakthroughs, and practical approaches to the questions and
problems you wrestle with. You'll also have many opportunities to chat
with peers who share your concerns and interests.
http://www.usenix.org/usenix09/proga
Training: Sunday-Friday, June 14-19, 2009
The 6-day training program at USENIX '09 provides in-depth
and immediately useful training on the latest techniques,
effective tools, and best strategies to help you
stay competitive. Take a full series or individual classes covering:
* Solaris: Debugging, administration, and DTrace taught by James Mauro,
Peter Baer Galvin, and Marc Staveley
* Virtualization: Xen Hypervisor, VMware ESX 3i, and security taught by
Phil Cox, Wenjin Hu, Zach Shepherd, and Dan Anderson
* Plus classes on cloud computing by Milind Bhandarkar, system
administration by David N. Blank-Edelman, and more
Find out more at http://www.usenix.org/usenix09/training/
Technical Sessions: Wednesday-Friday, June 17-19, 2009
The technical program begins with the Keynote Address, "Where Does the
Power Go in High-Scale Data Centers?" by James Hamilton, VP &
Distinguished Engineer, Amazon Web Services, and continues with an
impressive slate of invited speakers such as:
* Plenary Closing Session by David Brin, Hugo Award-winning author
* Diomidis Spinellis, Athens University of Economics and Business, on
"The Antikythera Mechanism: Hacking with Gears"
* Matthew Jadud, Allegheny College in Meadville, on "Towards Designing
Usable Languages"
The USENIX '09 Refereed Papers Track is the leading forum for presenting
the latest in ground-breaking systems research. Be among the first to
check out the latest innovative work in the systems field.
The Poster Session at USENIX '09 is an excellent forum for discussing
new ideas and getting useful feedback from the community. Poster
submissions should include a brief description of the research idea(s);
the submission must not exceed 2 pages. Send poster submissions to
usenix09posters@usenix.org by Tuesday, May 5, 2009.
Finally, don't miss the opportunity to mingle with colleagues and
leading experts in the Birds-of-a-Feather sessions and at the various
evening social events, including a Poster Session & Happy Hour, vendor
BoFs, and the Conference Reception.
USENIX '09 promises to be an exciting showcase for the latest in
innovative research and cutting-edge practices in technology. We look
forward to seeing you in San Diego.
On behalf of the USENIX '09 organizers,
Geoffrey M. Voelker, University of California, San Diego
Alec Wolman, Microsoft Research
USENIX '09 Program Co-Chairs
usenix09chairs@usenix.org
P.S. Don't miss the workshops co-located with USENIX '09, including:
Workshop on Hot Topics in Cloud Computing (HotCloud '09)
Monday, June 15
http://www.usenix.org/events/hotcloud09/
Workshop on Large-scale Systems (LARGE '09)
Tuesday, June 16
http://www.usenix.org/events/large09/
P.P.S. Stay connected with the USENIX '09 Facebook page:
http://www.facebook.com/event.php?eid=29453586085&ref=ts
----------------------------------------------
2009 USENIX Annual Technical Conference
June 14-19, 2009, San Diego, CA
http://www.usenix.org/usenix09/proga
Early Bird Registration Deadline: June 1, 2009
Discounts Available:
http://www.usenix.org/usenix09/discounts
-----------------------------------------------
From security-advisories at freebsd.org Wed Apr 22 14:19:09 2009
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Wed Apr 22 14:19:16 2009
Subject: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-09:08.openssl
Message-ID: <200904221419.n3MEJ83S073361@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:08.openssl Security Advisory
The FreeBSD Project
Topic: Remotely exploitable crash in OpenSSL
Category: contrib
Module: openssl
Announced: 2009-04-22
Affects: All supported versions of FreeBSD.
Corrected: 2009-04-22 14:07:14 UTC (RELENG_7, 7.2-PRERELEASE)
2009-04-22 14:07:14 UTC (RELENG_7_2, 7.2-RC2)
2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
2009-04-22 14:07:14 UTC (RELENG_6, 6.4-STABLE)
2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
CVE Name: CVE-2009-0590
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
The function ASN1_STRING_print_ex is often used to print the contents of
an SSL certificate.
II. Problem Description
The function ASN1_STRING_print_ex does not properly validate the lengths
of BMPString or UniversalString objects before attempting to print them.
III. Impact
An application which attempts to print a BMPString or UniversalString
which has an invalid length will crash as a result of OpenSSL accessing
invalid memory locations. This could be used by an attacker to crash a
remote application.
IV. Workaround
No workaround is available, but applications which do not use the
ASN1_STRING_print_ex function (either directly or indirectly) are not
affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_2, RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security
branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.0, 7.1, and 7.2 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 7.x]
# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch.asc
[FreeBSD 6.x]
# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch
# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/secure/lib/libcrypto
# make obj && make depend && make includes && make && make install
NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.12.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.2
src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.10.1
RELENG_6_4
src/UPDATING 1.416.2.40.2.8
src/sys/conf/newvers.sh 1.69.2.18.2.10
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.24.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1.6.1
src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.22.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.15
src/sys/conf/newvers.sh 1.69.2.15.2.14
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.22.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1.4.1
src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.20.1
RELENG_7
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.2.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.2.1
src/crypto/openssl/crypto/asn1/asn1.h 1.2.2.1
RELENG_7_2
src/UPDATING 1.507.2.23.2.2
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.8.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.8.1
src/crypto/openssl/crypto/asn1/asn1.h 1.2.8.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.8
src/sys/conf/newvers.sh 1.72.2.9.2.9
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.6.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.6.1
src/crypto/openssl/crypto/asn1/asn1.h 1.2.6.1
RELENG_7_0
src/UPDATING 1.507.2.3.2.16
src/sys/conf/newvers.sh 1.72.2.5.2.16
src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.4.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.4.1
src/crypto/openssl/crypto/asn1/asn1.h 1.2.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r191381
releng/6.4/ r191381
releng/6.3/ r191381
stable/7/ r191381
releng/7.2/ r191381
releng/7.1/ r191381
releng/7.0/ r191381
- -------------------------------------------------------------------------
VII. References
http://openssl.org/news/secadv_20090325.txt
[Note that two of the issues mentioned in the OpenSSL advisory do
not affect FreeBSD.]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAknvJegACgkQFdaIBMps37LB4gCffpTTOSdqyLK6ravrv6h8LqWE
MDcAn2SIjNmRL8Oktk0l9hLz0mhtcxWP
=Q7Zz
-----END PGP SIGNATURE-----
From security-advisories at freebsd.org Wed Apr 22 14:19:12 2009
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Wed Apr 22 14:19:36 2009
Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:07.libc
Message-ID: <200904221419.n3MEJCbe073403@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:07.libc Security Advisory
The FreeBSD Project
Topic: Information leak in db(3)
Category: core
Module: libc
Announced: 2009-04-22
Credits: Jaakko Heinonen, Xin LI
Affects: All supported versions of FreeBSD.
Corrected: 2009-04-11 15:19:26 UTC (RELENG_7, 7.2-PRERELEASE)
2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
2009-04-11 15:21:11 UTC (RELENG_6, 6.4-STABLE)
2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD's C library (libc) contains code for creating and accessing
Berkeley DB 1.85 database files. Such databases are used extensively
in FreeBSD; for example, the system password files (/etc/passwd and
/etc/master.passwd) are normally accessed via their database files
(/etc/pwd.db and /etc/spwd.db).
II. Problem Description
Some data structures used by the database interface code are not properly
initialized when allocated.
III. Impact
Programs using the db(3) interface to create Berkeley database files may
"leak" sensitive information into database files. If those files can be
read by other users, this may result in the disclosure of sensitive
information such as login credentials.
IV. Workaround
No workaround is available, but systems without untrusted local users are
probably not affected (since remote attackers will in most cases not be
able to read such database files).
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.0, and 7.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch
# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libc
# make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
NOTE: System administrators may wish to rebuild any system database files
which were created prior to applying this patch in case they contain
sensitive information.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/lib/libc/db/btree/bt_split.c 1.7.2.1
src/lib/libc/db/btree/bt_open.c 1.11.14.1
src/lib/libc/db/hash/hash_buf.c 1.7.14.1
src/lib/libc/db/mpool/mpool.c 1.12.2.1
src/lib/libc/db/README 1.1.40.1
RELENG_6_4
src/UPDATING 1.416.2.40.2.8
src/sys/conf/newvers.sh 1.69.2.18.2.10
src/lib/libc/db/btree/bt_split.c 1.7.12.2
src/lib/libc/db/hash/hash_buf.c 1.7.26.2
src/lib/libc/db/mpool/mpool.c 1.12.12.2
RELENG_6_3
src/UPDATING 1.416.2.37.2.15
src/sys/conf/newvers.sh 1.69.2.15.2.14
src/lib/libc/db/btree/bt_split.c 1.7.10.1
src/lib/libc/db/hash/hash_buf.c 1.7.24.1
src/lib/libc/db/mpool/mpool.c 1.12.10.1
RELENG_7
src/lib/libc/db/btree/bt_split.c 1.8.2.1
src/lib/libc/db/btree/bt_open.c 1.12.2.1
src/lib/libc/db/hash/hash_buf.c 1.8.2.1
src/lib/libc/db/mpool/mpool.c 1.13.2.1
src/lib/libc/db/README 1.1.50.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.8
src/sys/conf/newvers.sh 1.72.2.9.2.9
src/lib/libc/db/btree/bt_split.c 1.8.6.2
src/lib/libc/db/hash/hash_buf.c 1.8.6.2
src/lib/libc/db/mpool/mpool.c 1.13.6.2
RELENG_7_0
src/UPDATING 1.507.2.3.2.16
src/sys/conf/newvers.sh 1.72.2.5.2.16
src/lib/libc/db/btree/bt_split.c 1.8.4.1
src/lib/libc/db/hash/hash_buf.c 1.8.4.1
src/lib/libc/db/mpool/mpool.c 1.13.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r190940
releng/6.4/ r191381
releng/6.3/ r191381
stable/7/ r190939
releng/7.1/ r191381
releng/7.0/ r191381
- -------------------------------------------------------------------------
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:07.libc.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAknvJlkACgkQFdaIBMps37JcyACggmDk96JTy3G5gGlzMlNuVsV7
s5wAoIT2G2c3T6bYa7GeftWLpGGFo2Rp
=rdqD
-----END PGP SIGNATURE-----
From deb at freebsd.org Wed Apr 22 14:44:45 2009
From: deb at freebsd.org (Deb Goodkin)
Date: Wed Apr 22 17:53:03 2009
Subject: [FreeBSD-Announce] Foundation Project Announcement
Message-ID: <49EF2533.3000304@freebsd.org>
Dear FreeBSD Community,
The FreeBSD Foundation is pleased to announce one of the projects from
our accepted project proposals!
Rui Paulo will be implementing the forthcoming IEEE 802.11s wireless
mesh standard for FreeBSD. Wireless mesh networks are expected to become
widespread as routers and network appliances deploy them, allowing
wireless networks to be built and extended dynamically. Support for the
standard will allow FreeBSD consumers to take advantage of this new
technology.
"As well as end-users, FreeBSD-based product vendors will benefit from
access to mesh networking technology in building future versions of
their products," said Robert Watson, president of the FreeBSD Foundation.
"I am thrilled to be bringing such an exciting and technically advanced
feature to the FreeBSD operating system," said FreeBSD Developer Rui
Paulo. The project will be completed by July 2009.
Sincerely,
The FreeBSD Foundation
From soc-admins at FreeBSD.org Sat Apr 25 22:13:55 2009
From: soc-admins at FreeBSD.org (FreeBSD SoC Admin Team)
Date: Sat Apr 25 22:32:02 2009
Subject: [FreeBSD-Announce] 20 Student Projects Funded by GSoC
Message-ID: <20090425215328.GF8251@lor.one-eyed-alien.net>
The FreeBSD Project is happy to announce the funding of 20
student projects this summer as part of the Google Summer of
Code 2009. This is our fifth year participating in GSoC. In
the Summer of Code, open source projects such as FreeBSD
invite students to propose summer projects. Over the summer
students work with mentors to complete their projects.
Students who successfully complete the program receive
$4500(US) and the project receives $500. For more information
about the summer of code, please visit:
http://code.google.com/soc/.
Students will work on a wide array of projects
in the kernel, userspace, and the ports collection. We are
excited to see many new participants as well as several
returning students. We thank Google for this opportunity
to improve FreeBSD and expand our developer community.
The full list of projects and descriptions can be found at
http://socghop.appspot.com/org/home/google/gsoc2009/freebsd
and a list of projects can be found below.
For more information on these projects see student
posts to hackers@, check out the wiki project list
(http://wiki.freebsd.org/SummerOfCode2009Projects) or join
the soc-status mailing list were students will be posting
periodic status reports.
Please make our our students fell welcome. We encourage
interested parties to keep up with student progress and to
feel free to offer appropriate assistance through out the summer.
Application-Specific Audit Trails
Student: Ilias Marinos
Mentor: Robert Watson
BSD-licensed libiconv in base system
Student: Gabor Kovesdan
Mentor: Xin LI
Design and Implementation of Subsystem Support Libraries for
Monitoring and Management
Student: Gabor Janos Pali
Mentor: Oleksandr Tymoshenko
FIFO Optimizations
Student: Zhao Shuai
Mentor: John Baldwin
Geom-based Disk Schedulers
Student: Fabio Checconi
Mentor: Luigi Rizzo
Hierarchical Resource Limits
Student: Edward Napierala
Mentor: Brooks Davis
Implement TCP UTO
Student: Fang Wang
Mentor: Rui Paulo
Improving Second Extended File system (ext2fs) and making it
GPL free
Student: Aditya Sarawgi
Mentor: Ulf Lilleengen
In kernel stackable cryptographic filesystem (ownfs)
Student: Gleb Kurtsov
Mentor: Stanislav Sedov
IPFW and dummynet improvements
Student: Marta Carbone
Mentor: Luigi Rizzo
IPFW ruleset optimization and highlevel rule definition language
Student: Tatsiana Elavaya
Mentor: Diomidis Spinellis
IPv6 Secure Neighbor Discovery - native kernel APIs for FreeBSD
Student: Ana Kukec
Mentor: Bjoern Zeeb
Package tools rewrite via a new package library, with new
features
Student: David Forsythe
Mentor: Tim Kientzle
Porting NetworkManager to FreeBSD
Student: Nikhil Bysani
Mentor: Ed Schouten
Ports license infrastructure (part 2: integration)
Student: Alejandro Pulver
Mentor: Erwin Lansing
puffs (pass-to-userspace framework file system) port for FreeBSD
Student: Tatsiana Severyna
Mentor: Konstantin Belousov
Reworking the callout scheme: towards a tickless kernel
Student: Prashant Vaibhav
Mentor: Ed Maste
TCP/IP Regression Testing Suite
Student: Zachariah Riggle
Mentor: George Neville-Neil
TrustedBSD Audit: Developing BSD licensed tools for importing,
exporting from/to Linux audit log format and BSM
Student: Satish Srinivasan
Mentor: Stacey Son
USB improvements under FreeBSD
Student: Sylvestre Gallon
Mentors: Philip Paeps, Warner Losh
The FreeBSD Google Summer of Code Administrators
soc-admins@FreeBSD.org