From kensmith at FreeBSD.org Mon Jan 5 04:40:20 2009 From: kensmith at FreeBSD.org (Ken Smith) Date: Mon Jan 5 04:40:29 2009 Subject: [FreeBSD-Announce] FreeBSD 7.1-RELEASE Available Message-ID: <20090105042951.GA9039@myers.cse.buffalo.edu> The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 7.1-RELEASE. This is the second release from the 7-STABLE branch which improves on the functionality of FreeBSD 7.0 and introduces some new features. Some of the highlights: - The ULE scheduler is now the default in GENERIC kernels for amd64 and i386 architectures. The ULE scheduler significantly improves performance on multicore systems for many workloads. - Support for using DTrace inside the kernel has been imported from OpenSolaris. DTrace is a comprehensive dynamic tracing framework. - A new and much-improved NFS Lock Manager (NLM) client. - Boot loader changes allow, among other things, booting from USB devices and booting from GPT-labeled devices. - The cpuset(2) system call and cpuset(1) command have been added, providing an API for thread to CPU binding and CPU resource grouping and assignment. - KDE updated to 3.5.10, GNOME updated to 2.22.3. - DVD-sized media for the amd64 and i386 architectures For a complete list of new features and known problems, please see the online release notes and errata list, available at: http://www.FreeBSD.org/releases/7.1R/relnotes.html http://www.FreeBSD.org/releases/7.1R/errata.html For more information about FreeBSD release engineering activities, please see: http://www.FreeBSD.org/releng/ Availability ------------- FreeBSD 7.1-RELEASE is now available for the amd64, i386, ia64, pc98, powerpc, and sparc64 architectures. FreeBSD 7.1 can be installed from bootable ISO images or over the network; the required files can be downloaded via FTP or BitTorrent as described in the sections below. While some of the smaller FTP mirrors may not carry all architectures, they will all generally contain the more common ones, such as i386 and amd64. MD5 and SHA256 hashes for the release ISO images are included at the bottom of this message. The purpose of the ISO images provided as part of the release are as follows: dvd1: Contains everything necessary to install the base FreeBSD operating system, a collection of pre-built packages, the documentation, and supports booting into a "livefs" based rescue mode. This should be all you need if you can burn and use DVD-sized media. disc1, disc2, disc3, livefs, docs: disc1 contains the base FreeBSD system and a few pre-built packages. disc2 and disc3 contain more pre-built packages. Those three can be burned to CDROM sized media and should be all you need to do a normal installation. livefs contains support for entering into a "livefs" based rescue mode but you need disc1 to do the initial boot first. docs contains the documentation. bootonly: This supports booting a machine using the CDROM drive but does not contain the support for installing FreeBSD from the CD itself, you would need to perform a network based install (e.g. from an FTP server) after booting from the CD. FreeBSD 7.1-RELEASE can also be purchased on CD-ROM or DVD from several vendors. One of the vendors that will be offering FreeBSD 7.1-based products is: ~ FreeBSD Mall, Inc. http://www.freebsdmall.com/ BitTorrent ---------- 7.1-RELEASE ISOs are available via BitTorrent. A collection of torrent files to download the images is available at: http://torrents.freebsd.org:8080/ FTP --- At the time of this announcement the following FTP sites have FreeBSD 7.1-RELEASE available. ftp://ftp.freebsd.org/pub/FreeBSD/ ftp://ftp3.freebsd.org/pub/FreeBSD/ ftp://ftp7.freebsd.org/pub/FreeBSD/ ftp://ftp10.freebsd.org/pub/FreeBSD/ ftp://ftp12.freebsd.org/pub/FreeBSD/ ftp://ftp.at.freebsd.org/pub/FreeBSD/ ftp://ftp.au.freebsd.org/pub/FreeBSD/ ftp://ftp.cz.freebsd.org/pub/FreeBSD/ ftp://ftp.dk.freebsd.org/pub/FreeBSD/ ftp://ftp.fr.freebsd.org/pub/FreeBSD/ ftp://ftp2.ie.freebsd.org/pub/FreeBSD/ ftp://ftp2.ru.freebsd.org/pub/FreeBSD/ ftp://ftp.se.freebsd.org/pub/FreeBSD/ ftp://ftp.si.freebsd.org/pub/FreeBSD/ ftp://ftp.tw.freebsd.org/pub/FreeBSD/ ftp://ftp2.uk.freebsd.org/pub/FreeBSD/ ftp://ftp3.us.freebsd.org/pub/FreeBSD/ ftp://ftp7.us.freebsd.org/pub/FreeBSD/ ftp://ftp10.us.freebsd.org/pub/FreeBSD/ ftp://ftp11.us.freebsd.org/pub/FreeBSD/ However before trying these sites please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html Updating Existing Systems ------------------------- NOTE: If updating from a 7.0 or earlier system due to a change in the Vendor's drivers certain Intel NICs will now come up as igb(4) instead of em(4). We normally try to avoid changes like that in stable branches but the vendor felt it necessary in order to support the new adapters. See the UPDATING entry dated 20080811 for details. There are only 3 PCI ID's that should have their name changed from em(4) to igb(4): 0x10A78086, 0x10A98086, and 0x10D68086. You should be able to determine if your card will change names by running the command "pciconf -l", and for the line representing your NIC (should be named em on older systems, e.g. em0 or em1, etc) check the fourth column. If that says "chip=0x10a78086" (or one of the other two IDs given above) you will have the adapter's name change. Updates from Source ------------------- The procedure for doing a source code based update is described in the FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html The branch tag to use for updating the source is RELENG_7_1. FreeBSD Update -------------- The freebsd-update(8) utility supports binary upgrades of i386 and amd64 systems running earlier FreeBSD releases. Systems running 7.0-RELEASE, 7.1-BETA, 7.1-BETA2, 7.1-RC1, or 7.1-RC2 can upgrade as follows: # freebsd-update upgrade -r 7.1-RELEASE During this process, FreeBSD Update may ask the user to help by merging some configuration files or by confirming that the automatically performed merging was done correctly. # freebsd-update install The system must be rebooted with the newly installed kernel before continuing. # shutdown -r now After rebooting, freebsd-update needs to be run again to install the new userland components, and the system needs to be rebooted again: # freebsd-update install # shutdown -r now Users of Intel network interfaces which are changing their name from "em" to "igb" should make necessary changes to configuration files BEFORE running freebsd-update, since otherwise the network interface will not be configured appropriately after rebooting for the first time. Users of earlier FreeBSD releases (FreeBSD 6.x) can also use freebsd-update to upgrade to FreeBSD 7.1, but will be prompted to rebuild all third-party applications (e.g., anything installed from the ports tree) after the second invocation of "freebsd-update install", in order to handle differences in the system libraries between FreeBSD 6.x and FreeBSD 7.x. For more information, see: http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html Support ------- The FreeBSD Security Team currently plans to support FreeBSD 7.1 until January 31st 2011. For more information on the Security Team and their support of the various FreeBSD branches see: http://www.freebsd.org/security/ Acknowledgments ---------------- Many companies donated equipment, network access, or man-hours to support the release engineering activities for FreeBSD 7.1 including The FreeBSD Foundation, FreeBSD Systems, Hewlett-Packard, Yahoo!, Network Appliances, and Sentex Communications. The release engineering team for 7.1-RELEASE includes: Ken Smith Release Engineering, amd64, i386, sparc64 Release Building, Mirror Site Coordination Robert Watson Release Engineering, Security Konstantin Belousov Release Engineering Marc Fonvieille Release Engineering, Documentation Maxime Henrion Release Engineering Bruce A. Mah Release Engineering, Documentation George Neville-Neil Release Engineering Hiroki Sato Release Engineering, Documentation Murray Stokely Release Engineering Marcel Moolenaar ia64, powerpc Release Building Takahashi Yoshihiro PC98 Release Building Kris Kennaway Package Building Joe Marcus Clarke Package Building Erwin Lansing Package Building Mark Linimon Package Building Pav Lucistnik Package Building Colin Percival Security Officer Peter Wemm Bittorrent Coordination Trademark --------- FreeBSD is a registered trademark of The FreeBSD Foundation. ISO Image Checksums ------------------- MD5 (7.1-RELEASE-amd64-bootonly.iso) = f127de85eb1f3a945b56ef750fa610ae MD5 (7.1-RELEASE-amd64-disc1.iso) = ac88bfa3359aea242450d74c20347bde MD5 (7.1-RELEASE-amd64-disc2.iso) = 918d89e3ee330f5bd13535bc82def802 MD5 (7.1-RELEASE-amd64-disc3.iso) = d01747e4de48acb052f827d723ef9672 MD5 (7.1-RELEASE-amd64-docs.iso) = 4558db657d0b021849c2b1a802e1bea4 MD5 (7.1-RELEASE-amd64-dvd1.iso) = df1a3604d4f99b7cf3511d42d33c550a MD5 (7.1-RELEASE-amd64-livefs.iso) = 83dd8e10ff27f8799c66bd4bd26ac5b3 MD5 (7.1-RELEASE-i386-bootonly.iso) = 6988cd1662a03e5465cb38b1100a28eb MD5 (7.1-RELEASE-i386-disc1.iso) = ebdea2ebae35597bed323047cd70bcf2 MD5 (7.1-RELEASE-i386-disc2.iso) = e20444a71dd709d92f3340323e58535c MD5 (7.1-RELEASE-i386-disc3.iso) = e64fab3db2917e1ba15bc72ab2af35f6 MD5 (7.1-RELEASE-i386-docs.iso) = e04e8dc0261fc947efb699faf8852eb8 MD5 (7.1-RELEASE-i386-dvd1.iso) = bbb47ab60bda55270ddd9ff4f73b9dc8 MD5 (7.1-RELEASE-i386-livefs.iso) = 148b2aae58b4a9e27970ff77b5dd6f08 MD5 (7.1-RELEASE-ia64-bootonly.iso) = 43c55b764bcc0b6c7ec07037cdca12a7 MD5 (7.1-RELEASE-ia64-disc1.iso) = 47ffbdbdf8b258c6b1018e3a75b3cab3 MD5 (7.1-RELEASE-ia64-disc2.iso) = e603d24d1c8e21dbc8e85e4bf30f0482 MD5 (7.1-RELEASE-ia64-disc3.iso) = ef356f4e4efc7258899a9ead3fa834ea MD5 (7.1-RELEASE-ia64-docs.iso) = 7dba36505623251068e7fc1f06099634 MD5 (7.1-RELEASE-ia64-livefs.iso) = d3f6f2d47b1bd2b46cb7db7180215385 MD5 (7.1-RELEASE-pc98-bootonly.iso) = c46d9eed8fb421f294ffd6a6770dbd46 MD5 (7.1-RELEASE-pc98-disc1.iso) = 90d8d8c24d8a14c166428df037addc68 MD5 (7.1-RELEASE-pc98-livefs.iso) = 4c578bfe71d3dd7c2de4ba490fae04ee MD5 (7.1-RELEASE-powerpc-bootonly.iso) = c7f8b40c7b7194f4b40776b86864e257 MD5 (7.1-RELEASE-powerpc-disc1.iso) = 228c53863c604298f66a86f0a1fd4f88 MD5 (7.1-RELEASE-powerpc-disc2.iso) = a1d8c054fdfa420ac1965ca0795f6693 MD5 (7.1-RELEASE-powerpc-disc3.iso) = 24aa15c263cebf28e1d2f66f7c6b9215 MD5 (7.1-RELEASE-powerpc-docs.iso) = 3073516ccd548a979794ea0aaba7b732 MD5 (7.1-RELEASE-sparc64-bootonly.iso) = 0fd076346a8d6d49601f4aaa2148edb1 MD5 (7.1-RELEASE-sparc64-disc1.iso) = 715680a781ed8649271430c10f7907db MD5 (7.1-RELEASE-sparc64-disc2.iso) = 7179853c118549dbe780f94e74e90ddf MD5 (7.1-RELEASE-sparc64-disc3.iso) = f640b3a800c18020279158f444cf1643 MD5 (7.1-RELEASE-sparc64-docs.iso) = 94d5661906826735b0a4264197a5f4b4 SHA256 (7.1-RELEASE-amd64-bootonly.iso) = a633924d756812eb6916d0e9cc2821c20935daaf76eb741319bcabd246a2d4ab SHA256 (7.1-RELEASE-amd64-disc1.iso) = 4f7deebbd5e3211d144c6e630b808e918fcbb901ff4689b64087ed4c2d6e781d SHA256 (7.1-RELEASE-amd64-disc2.iso) = 2236148b61b896d62086889bc6fedaf36a24dbf327c1d1f30f79a6c1ff677b8d SHA256 (7.1-RELEASE-amd64-disc3.iso) = 19035ad37eae028bf27b060ea10ecff7a9cc9feae10f951d63907b6be852c458 SHA256 (7.1-RELEASE-amd64-docs.iso) = ac17871f20b9438ce27ec6598c2441c8ad58f19b5696cacddc332976c2e24a4c SHA256 (7.1-RELEASE-amd64-dvd1.iso) = 1c148191e8c01191011d5fde4688aaa567a166838ed9722d1ae73451c4ef2b7d SHA256 (7.1-RELEASE-amd64-livefs.iso) = 1a30fca92c806b2f58c569c894bec221e7e2aad9c2937e6c09cd8e340bfb0903 SHA256 (7.1-RELEASE-i386-bootonly.iso) = ad848e85c0a8e83fc5c26fad4f370eb6c34d2e3154966cd460788f56f734085c SHA256 (7.1-RELEASE-i386-disc1.iso) = 58e588c26d06b84d8c3c01d8507b2ffe2e237b167f72604c82d34011dc850a46 SHA256 (7.1-RELEASE-i386-disc2.iso) = 6d0476f77e3a17863eddf59eadb41ecb52c4399614442a0df39f97c8e4c74b2e SHA256 (7.1-RELEASE-i386-disc3.iso) = b58d19c5bcb88e5651dce06ccf55bd9a309efaec2b2fe47a9277343a8f6646fe SHA256 (7.1-RELEASE-i386-docs.iso) = 521e45641f4e50168a74ea315720d13844e8a1220f28656302aca8281261ac5b SHA256 (7.1-RELEASE-i386-dvd1.iso) = 303be4ce844f0cb18aa38a41988dc5fba960427dbcc69263410308176cb5875f SHA256 (7.1-RELEASE-i386-livefs.iso) = db1609e72ad3f979b3f6d954ac2811588cc99c460c57e3035835cb604447dc0d SHA256 (7.1-RELEASE-ia64-bootonly.iso) = 059c82e3e4b535730795a52b939d3085c7cd891a37570a3567e47dee6a345787 SHA256 (7.1-RELEASE-ia64-disc1.iso) = e97ad79b9f21e3554e47bd125a25dea5adac112608bbcba8c60d45aebc0b1837 SHA256 (7.1-RELEASE-ia64-disc2.iso) = f1c91524eebe8d1933057669ad7ce1343f18aecbad092d1402652e6c0d69f7a9 SHA256 (7.1-RELEASE-ia64-disc3.iso) = ed838b4c4801d6244f33cdd02abcca4c208b0dd2d89c6f0446a1913d95662096 SHA256 (7.1-RELEASE-ia64-docs.iso) = dd7c1dc8fe4968bd32b2fef42b21460211bef5284ecf9be53490de595f4b6a8b SHA256 (7.1-RELEASE-ia64-livefs.iso) = 81a8cad96e8540e32a9197d4dcba587b1266a8d56ff75db3755381471793e90f SHA256 (7.1-RELEASE-pc98-bootonly.iso) = 8b4038d22b59464e7df7cc1273a1929bdf89be77bc8fecfa88faf4d81db049c9 SHA256 (7.1-RELEASE-pc98-disc1.iso) = 43eae1bc95cc307f0b228cd8388c94cfad0db1402650e5b31262c8a2040ead7a SHA256 (7.1-RELEASE-pc98-livefs.iso) = ba4e744629fb5a7f40e288b15a39dc971c3a5108a38e9952ec00fd951292f677 SHA256 (7.1-RELEASE-powerpc-bootonly.iso) = e1c0e47b3aa66604853e9a27ccad381d1abb3b6dbe49fc7a773ba91720dd5862 SHA256 (7.1-RELEASE-powerpc-disc1.iso) = e672b975d10502677076014804d486c406e79cd7724353f76abc68b55dd5972e SHA256 (7.1-RELEASE-powerpc-disc2.iso) = 9f6aff26f127a229cdae1e73c4eb25d6d51b595380110bb99f9882b88c0a2a20 SHA256 (7.1-RELEASE-powerpc-disc3.iso) = 0c0c3a012fad489b425d35e4df539f23be4c26cc46a950f5699b84da4a37bdb2 SHA256 (7.1-RELEASE-powerpc-docs.iso) = 4fc75610e7bed8c05e474053266b4a8cce40c039707e39970ca2cf78ff99dee9 SHA256 (7.1-RELEASE-sparc64-bootonly.iso) = d8259fa546988201cb629ce606a10f8928e7b93a6e317e4078abbe6804bd5068 SHA256 (7.1-RELEASE-sparc64-disc1.iso) = 020030fff08be2a2e99dfa057096a27305c762ad5aebc4b880de84587dd3ef1a SHA256 (7.1-RELEASE-sparc64-disc2.iso) = 0d287b855a94317332d0dada8ac6ba2e216200f76551e463e94af30dc14cebdc SHA256 (7.1-RELEASE-sparc64-disc3.iso) = 246c73be0f35fcdc7437b346a796c6224a9de887325cdc99f3008fd961c47edb SHA256 (7.1-RELEASE-sparc64-docs.iso) = 30e298e8d36cdabcf6b48eea5d5fb784351c44f8cb97df29695037d9513843cc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-announce/attachments/20090105/0a2846c8/attachment.pgp From security-advisories at freebsd.org Wed Jan 7 21:36:22 2009 From: security-advisories at freebsd.org (FreeBSD Security Advisories) Date: Wed Jan 7 21:36:30 2009 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd Message-ID: <200901072136.n07LaKBR049694@freefall.freebsd.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:01.lukemftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in lukemftpd(8) Category: core Module: lukemftpd Announced: 2009-01-07 Credits: Maksymilian Arciemowicz Affects: All supported versions of FreeBSD. Corrected: 2009-01-07 20:17:55 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-4247 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background lukemftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server. A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site. II. Problem Description The lukemftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. III. Impact This could, with a specifically crafted command, be used in a cross-site request forgery attack. FreeBSD systems running lukemftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites. IV. Workaround No workaround is available, but systems not running FTP servers are not vulnerable. Systems not running the FreeBSD lukemftpd(8) server are not affected, but users of other ftp daemons are advised to take care since several other ftp daemons are known to have related bugs. NOTE WELL: lukemftpd(8) is a different implementation of an FTP server than ftpd(8). V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch # fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/libexec/lukemftpd # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.2 src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.2 src/contrib/lukemftpd/src/ftpd.c 1.4.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.1.6.1 src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.1.6.1 src/contrib/lukemftpd/src/ftpd.c 1.4.2.1.6.2 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.1.4.1 src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.1.4.1 src/contrib/lukemftpd/src/ftpd.c 1.4.2.1.4.1 RELENG_7 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.2.1 src/contrib/lukemftpd/src/extern.h 1.1.1.5.2.1 src/contrib/lukemftpd/src/ftpd.c 1.5.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.6.1 src/contrib/lukemftpd/src/extern.h 1.1.1.5.6.1 src/contrib/lukemftpd/src/ftpd.c 1.5.6.2 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.4.1 src/contrib/lukemftpd/src/extern.h 1.1.1.5.4.1 src/contrib/lukemftpd/src/ftpd.c 1.5.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r186872 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247 http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFJZR5UFdaIBMps37IRApUJAKCEGZggeEjPC67j5Tmxl2fEDJ9sIQCfTAKn vpOXC5jix3XiB7wxGKrvNJM= =qPEc -----END PGP SIGNATURE----- From security-advisories at freebsd.org Wed Jan 7 21:37:20 2009 From: security-advisories at freebsd.org (FreeBSD Security Advisories) Date: Wed Jan 7 21:37:27 2009 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:02.openssl Message-ID: <200901072137.n07LbHco049772@freefall.freebsd.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL incorrectly checks for malformed signatures Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys. III. Impact For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. IV. Workaround For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate. Note that Mozilla Firefox does not use OpenSSL and thus is not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssl # make obj && make depend && make && make install # cd /usr/src/secure/usr.bin/openssl # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://www.openssl.org/news/secadv_20090107.txt The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFJZR5ZFdaIBMps37IRAofJAJ4lm2jGfsMo28c0W4zRkhZrKmttGwCgmdd9 IvNUwk47W24SwhQAGH5+Ggw= =UHSl -----END PGP SIGNATURE----- From deb at freebsdfoundation.org Fri Jan 9 21:51:36 2009 From: deb at freebsdfoundation.org (Deb Goodkin) Date: Fri Jan 9 22:03:21 2009 Subject: [FreeBSD-Announce] Thank You FreeBSD Community! Message-ID: <4967BE06.4070500@freebsdfoundation.org> Dear FreeBSD Community, The FreeBSD Foundation would like to thank everyone for your donations in 2008. We are extremely grateful to everyone who dug deep in their pockets, during these hard times, to help us get very close to our goal. We raised $282,481 towards our goal of $300,000. With the downturn in the economy, we were very concerned about getting close to our goal. By the end of November, we had only raised $190,000. We sent out a plea for donations and we received 173 donations in December! This year we had 450 donors, compared to 374 last year. We were impressed with all the donations received from developers and other volunteers who already put in countless hours supporting the project. We will be posting our 2009 budget soon, so you can see how we plan to spend the funds. Sincerely, The FreeBSD Foundation From security-advisories at freebsd.org Tue Jan 13 14:33:24 2009 From: security-advisories at freebsd.org (FreeBSD Security Advisories) Date: Tue Jan 13 14:33:32 2009 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:03.ntpd Message-ID: <200901132233.n0DMXKVI055218@freefall.freebsd.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:03.ntpd Security Advisory The FreeBSD Project Topic: ntpd cryptographic signature bypass Category: contrib Module: ntpd Announced: 2009-01-13 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-13 21:19:27 UTC (RELENG_7, 7.1-STABLE) 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2) 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9) 2009-01-13 21:19:27 UTC (RELENG_6, 6.4-STABLE) 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3) 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9) CVE Name: CVE-2009-0021 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ntpd daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. When ntpd(8) is set to cryptographically authenticate NTP data it incorrectly checks the return value from EVP_VerifyFinal(). III. Impact An attacker which can send NTP packets to ntpd, which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. IV. Workaround Use IP based restrictions in ntpd itself or in IP firewalls to restrict which systems can send NTP packets to ntpd. NOTE WELL: If ntpd is not explicitly set to use cryptographic authentication of NTP data the setup is not vulnerable to the issue as described in this Security Advisory. V. Solution NOTE WELL: Due to an error in building the updates, this fix is not available via freebsd-update at the time of this advisory. We expect that this will be fixed within the next 48 hours. Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 6.4 and 7.1] # fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch.asc [FreeBSD 6.3 and 7.0] # fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch # fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp/ntpd # make obj && make depend && make && make install # /etc/rc.d/ntpd restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.6 src/sys/conf/newvers.sh 1.69.2.18.2.9 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.1.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.14 src/sys/conf/newvers.sh 1.69.2.15.2.13 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.20.1 RELENG_7 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.5 src/sys/conf/newvers.sh 1.72.2.9.2.6 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.1.2.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.13 src/sys/conf/newvers.sh 1.72.2.5.2.13 src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.22.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r187194 releng/6.4/ r187194 releng/6.3/ r187194 stable/7/ r187194 releng/7.1/ r187194 releng/7.0/ r187194 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-09:03.ntpd.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFJbRUfFdaIBMps37IRAqdjAJ42YSH0bjaAJBEVyMM7/em/tu0xUQCfVPrs IrH0Qxo4slvboQHsy1PbkN4= =Q4rn -----END PGP SIGNATURE----- From security-advisories at freebsd.org Tue Jan 13 14:33:59 2009 From: security-advisories at freebsd.org (FreeBSD Security Advisories) Date: Tue Jan 13 14:34:08 2009 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:04.bind Message-ID: <200901132233.n0DMXvvZ055296@freefall.freebsd.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:04.bind Security Advisory The FreeBSD Project Topic: BIND DNSSEC incorrect checks for malformed signatures Category: contrib Module: bind Announced: 2009-01-13 Credits: Google Security Team Affects: All supported FreeBSD versions Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE) 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2) 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9) 2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE) 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3) 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9) CVE Name: CVE-2009-0025 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) are additional protocol options that add authentication as part of responses to DNS queries. FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The DSA_do_verify() function from OpenSSL is used to determine if a DSA digital signature is valid. When DNSSEC is used within BIND it uses DSA_do_verify() to verify DSA signatures, but checks the function return value incorrectly. III. Impact It is in theory possible to spoof a DNS reply even though DNSSEC is set up to validate answers. This could be used by an attacker for man-in-the-middle or other spoofing attacks. IV. Workaround Disable the the DSA algorithm in named.conf. This will cause answers from zones signed only with DSA to be treated as insecure. Add the following to the options section of named.conf: disable-algorithms . { DSA; }; NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is not vulnerable to the issue as described in this Security Advisory. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch # fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/bind # make obj && make depend && make && make install # cd /usr/src/usr.sbin/named # make obj && make depend && make && make install # /etc/rc.d/named restart c) Install and use a fixed version of BIND from the FreeBSD Ports Collection. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/bind9/CHANGES 1.1.1.3.2.10 src/contrib/bind9/FAQ 1.1.1.2.2.5 src/contrib/bind9/FAQ.xml 1.1.1.1.2.5 src/contrib/bind9/README 1.1.1.2.2.6 src/contrib/bind9/aclocal.m4 1.1.4.1 src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4 src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4 src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4 src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5 src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4 src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4 src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4 src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4 src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4 src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4 src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7 src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4 src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4 src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2 src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4 src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4 src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3 src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4 src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3 src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4 src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4 src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5 src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4 src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4 src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4 src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6 src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6 src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2 src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4 src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4 src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2 src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1 src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4 src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3 src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4 src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1 src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3 src/contrib/bind9/config.h.in 1.1.4.1 src/contrib/bind9/configure.in 1.1.1.2.2.6 src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2 src/contrib/bind9/lib/bind/api 1.1.1.2.2.4 src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4 src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5 src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4 src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4 src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2 src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1 src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1 src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1 src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2 src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4 src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2 src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2 src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2 src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4 src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2 src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2 src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1 src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4 src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4 src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4 src/contrib/bind9/lib/dns/api 1.1.1.2.2.7 src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5 src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3 src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2 src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3 src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3 src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1 src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1 src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2 src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1 src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4 src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10 src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5 src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2 src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5 src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1 src/contrib/bind9/lib/isc/api 1.1.1.2.2.5 src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1 src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1 src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2 src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1 src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2 src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1 src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2 src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3 src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4 src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1 src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3 src/contrib/bind9/lib/isc/portset.c 1.1.4.1 src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2 src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3 src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5 src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3 src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1 src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3 src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3 src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5 src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2 src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1 src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4 src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5 src/contrib/bind9/version 1.1.1.3.2.10 RELENG_6_4 src/UPDATING 1.416.2.40.2.6 src/sys/conf/newvers.sh 1.69.2.18.2.9 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.14 src/sys/conf/newvers.sh 1.69.2.15.2.13 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1 RELENG_7 src/contrib/bind9/CHANGES 1.1.1.10.2.4 src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3 src/contrib/bind9/FAQ 1.1.1.6.2.2 src/contrib/bind9/FAQ.xml 1.1.1.4.2.2 src/contrib/bind9/README 1.1.1.7.2.2 src/contrib/bind9/aclocal.m4 1.1.2.1 src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2 src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1 src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2 src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2 src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2 src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2 src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3 src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2 src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2 src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2 src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2 src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2 src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2 src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2 src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4 src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3 src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2 src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1 src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2 src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1 src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1 src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1 src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2 src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2 src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2 src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1 src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2 src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2 src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3 src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2 src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2 src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2 src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2 src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4 src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1 src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1 src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2 src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1 src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2 src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2 src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2 src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1 src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2 src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2 src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2 src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2 src/contrib/bind9/config.h.in 1.1.2.1 src/contrib/bind9/configure.in 1.1.1.6.2.3 src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2 src/contrib/bind9/lib/bind/api 1.1.1.5.2.2 src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3 src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3 src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2 src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2 src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1 src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1 src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1 src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1 src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1 src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1 src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1 src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1 src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1 src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1 src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1 src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1 src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2 src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1 src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1 src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2 src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1 src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1 src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1 src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1 src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2 src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4 src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1 src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2 src/contrib/bind9/lib/dns/api 1.1.1.6.2.4 src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4 src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1 src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4 src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2 src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2 src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1 src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1 src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1 src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2 src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1 src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1 src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1 src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1 src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1 src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4 src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2 src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2 src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1 src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2 src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2 src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2 src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3 src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2 src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2 src/contrib/bind9/lib/isc/api 1.1.1.5.2.3 src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1 src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1 src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1 src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1 src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1 src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2 src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1 src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2 src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2 src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2 src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1 src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2 src/contrib/bind9/lib/isc/portset.c 1.1.2.1 src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1 src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1 src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3 src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2 src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1 src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2 src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2 src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3 src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2 src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1 src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3 src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2 src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2 src/contrib/bind9/make/rules.in 1.1.1.4.2.2 src/contrib/bind9/version 1.1.1.10.2.4 RELENG_7_1 src/UPDATING 1.507.2.13.2.5 src/sys/conf/newvers.sh 1.72.2.9.2.6 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.13 src/sys/conf/newvers.sh 1.72.2.5.2.13 src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1 src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r187002 releng/6.4/ r187194 releng/6.3/ r187194 stable/7/ r186997 releng/7.1/ r187194 releng/7.0/ r187194 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc https://www.isc.org/node/373 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd ZFPKsX8/XspOTzRWA1h3QPk= =dpqG -----END PGP SIGNATURE----- From brd at FreeBSD.org Thu Jan 29 17:13:25 2009 From: brd at FreeBSD.org (Brad Davis) Date: Thu Jan 29 17:14:43 2009 Subject: [FreeBSD-Announce] FreeBSD Quarterly Status Report for October - December 2008 Message-ID: <20090130011322.GE99305@valentine.liquidneon.com> Introduction This quarter included some very exciting work including the release of FreeBSD 6.4 and the much anticipated release of FreeBSD 7.1. We also launched our own official FreeBSD Forums. The first Bugathon of the year will be held this weekend, see below for more information and how to participate. Thanks to all the reporters for the excellent work! We hope you enjoy reading. __________________________________________________________________ Projects * BSD# Project * FreeBSD Bugathons * FreeBSD BugBusting Team * The FreeBSD Foundation Status Report * VuXML generator FreeBSD Team Reports * Ports Collection * Release Engineering Kernel * HDA sound driver (snd_hda) * Multi-IPv4/v6/no-IP jails * Network Stack Virtualization * PmcTools * SD/MMC subsystem Architectures * FreeBSD/powerpc for AMCC/IBM PPC440/460 * FreeBSD/sparc64 UltraSPARC III support Documentation * The FreeBSD Greek Documentation Project * The FreeBSD Hungarian Documentation Project Miscellaneous * BSD-licensed grep * The FreeBSD Forums * YouTube Channel for BSD __________________________________________________________________ BSD# Project URL: http://code.google.com/p/bsd-sharp/ URL: http://www.mono-project.org/ Contact: Phillip Neumann Contact: Romain Tarti?re The BSD# Project is devoted to porting the Mono .NET framework and applications to the FreeBSD operating system. Because of a lack of time, Mono stalled at version 1.2.5 for more than one year in the FreeBSD ports tree. However, things have moved and the BSD# Team is proud to announce that the Mono ports are about to be updated to 2.0.1. Ports depending on Mono will also be updated to the latest available version at the same occasion. While the ports will be updated really soon now that FreeBSD 7.1 has been released, impatient people can download and merge the BSD# ports in their FreeBSD tree right now following the instructions provided on the BSD# Project's page. Open tasks: 1. Test and send feedback. 2. Port Mono applications to FreeBSD. 3. Build a debug live-image of FreeBSD so that Mono hackers without a FreeBSD box can help us fixing bugs more efficiency. __________________________________________________________________ BSD-licensed grep URL: http://p4web.FreeBSD.org/@md=d&cd=//depot/projects/soc2008/gabor_textpr oc/&c=vqZ@//depot/projects/soc2008/gabor_textproc/grep/?ac=83 Contact: G?bor K?vesd?n Some bugs have been fixed in the buffering and binary file detection parts of grep. Due to the differences between the GNU regexp library and our libc regexp implementation, I switched to the GNU library so that we can maintain an acceptable level of compatibility. The desired option would be to drop both GNU grep and the GNU regexp library, but unfortunately we cannot just do that because of these incompatibilities. Accordingly, the first step should be replacing grep and then we should review and optimize our regexp library. With this decision, BSD grep has acquired a higher level of compatibility and now seems to be much more useful. Open tasks: 1. Make a tinderbox run with BSD grep and fix possible bugs. __________________________________________________________________ FreeBSD Bugathons URL: http://wiki.FreeBSD.org/BugBusting URL: http://wiki.FreeBSD.org/BugBusting/Resources URL: http://bugs.FreeBSD.org URL: http://www.FreeBSD.org/cgi/query-pr-summary.cgi?responsible=freebsd-net Contact: Last year, we didn't have many Bugathons - this year is planned to be different! The BugBusting team is trying to improve bug handling and thus we'll start a new experiment. In the past our Bugathons were general Bugathons with no special topic set. Instead, starting in 2009 we'll try to hold a series of Bugathons that concentrate on special interest areas. Our next Bugathon will be held from 2009-01-30 to 2009-02-01 (Fri-Sun). We'll try to handle as many network related bugs as we can. Our plan is to try to work through all network related PRs still open in GNATS. We need a number of maintainers in the area of networking (drivers, chipsets, protocols, userland processes) to attend and committers willing to commit fixes and improvements. Of course, we also need users and administrators with special interest in network related items to be with us to sort out things. Every helping hand, everyone able to debug and analyze things is welcome. If you're interested in getting networking stuff improved, join us to make the upcoming releases of 7.2 and 8.0 the best ever FreeBSD releases. Join us on IRC: EFnet #FreeBSD-bugbusters from Friday 2009-01-30 to Sunday 2009-02-01. Don't miss this event! The next Bugathon (TBA) will have topics in different special interest areas. Open tasks: 1. Feel free to ask questions! You can reach the BugBusting team at bugbusters@FreeBSD.org. Be there! Work with us! Join the team - be a part! __________________________________________________________________ FreeBSD BugBusting Team URL: http://www.FreeBSD.org/support.html#gnats URL: http://wiki.FreeBSD.org/BugBusting URL: http://people.FreeBSD.org/~linimon/studies/prs/ Contact: Remko Lodder Contact: Mark Linimon We will be having our next Bugathon on 2009-01-30 to 2009-02-01 (see this entry). At the recent DevSummit in Strasbourg, the participants spent half a day working through the current "recommended PRs" list. The list was divided up into sections by date, and each table was assigned one section to work through. Not only were a good number of fixes committed and their PRs closed, but the src developers were brought up to speed on the triage work that the BugBusting team has been doing (see below). We hope to build on this momentum in the future. In addition, many new ideas for improved report pages were discussed. We continue to make good progress in categorizing PRs as they arrive with 'tags' that correspond to manpages. As a result, we now have created some prototype reports that allow browsing the database by manpage. In addition, another new report, oriented towards PR submitters, summarizes the most commonly reported issues. Many of these issues persist because they are difficult to fix. Before filing a PR, you may want to check through this list. As well, we now have a more active set of volunteers who are willing to help users with reported problems of the form "xyz does not seem to work". These types of reports are now being handled much better than in the past. One of those volunteers, Bruce Cran (brucec@), has now been released from mentorship. Mark Linimon (linimon@) continues to work on more new prototype reports, including: * New PRs in the past day, week, month. * PRs with regressions. * A way for developers to create their own customized reports. The commonly reported issues summary page, previously maintained by Jeremy Chadwick, has been moved to a new location. The overall PR count jumped to over 5600 during the 6.4/7.1 release cycle, but has come down a bit. Open tasks: 1. Try to find ways to get more committers helping us with closing PRs that the team has already analyzed. 2. Think of some way for committers to only view PRs that have been in some way 'vetted' or 'confirmed'. 3. Generate more publicity for what we've already got in place, and for what we intend to do next. 4. Define new categories, classifications, and states for PRs, that will better match our workflow. __________________________________________________________________ FreeBSD/powerpc for AMCC/IBM PPC440/460 Contact: Rafal Jaworowski This work is bringing support for another Book-E style PowerPC implementation (PPC440/460 core) embedded in a wide range of system-on-chip devices. Current state highlights: * Locore kernel initialisation * TLB handling * Console (UART) * Interrupts controller (UIC) * USB controller (OHCI, EHCI) * Multi user operation The CPU layer (kernel start-up, TLB handling) is derived from existing E500 support. Eventually the code will be re-factored so that the common logic is shared between processor variations and only the lowest-level routines are provided separately. A number of drivers for peripherals integrated on the chip needs to be written (Ethernet, PCI/PCI-Express, crypto engines, SATA, I2C, SPI, GPIO and others). __________________________________________________________________ FreeBSD/sparc64 UltraSPARC III support URL: http://people.FreeBSD.org/~marius/8.0-20090111-SNAP-sparc64-disc1.iso.g z Contact: Marius Strobl FreeBSD 8.0-CURRENT now has basic support for sun4u-machines based on UltraSPARC III and beyond. This is still a work in progress though due to the diversity of these machines, hardware errata and bugs in machine independent parts of FreeBSD showing up. A install image with the latest code which in comparison to the official snapshot 200812 contains more dcons(4) fixes, an isp(4) working with 10160 and 12160 on sparc64, an endian-clean mpt(4) as needed for the on-board controller found in Fire V440, workarounds needed for Fire V880 and a fix for machines with more than 8GB of RAM (tested with 16GB) are available at the above URL. Known working machines so far are: * Blade 1000 * Blade 1500 * Blade 2000 * Fire 280R * Fire V210 * Fire V440 (except for the on-board NICs) * Fire V880 * Netra 20/Netra T4 The stability of FreeBSD on these machines is en par with that on pre-USIII-based sun4u-machines. Machines similar to the ones above like for example Fire V240 should also just work with all essential on-board devices, i.e. serial console, ATA/SCSI controller and NIC, being supported. So far the intention is to MFC this code in time for FreeBSD 7.2. Open tasks: 1. Apart from serial devices, only cards supported by creator(4) are currently usable as console, i.e. not even machfb(4) works in sun4u-machines based on UltraSPARC III or beyond at this point (it will trigger a RED state exception, which should not be that hard to fix though), let alone XVR graphics cards. 2. A driver for the Sun Cassini/Cassini+ as well as National Semiconductor DP83065 Saturn Gigabit NICs found on-board for example in Fire V440 and as add-on cards is under development but still needs some work. 3. There is no driver for controlling the fans in machines based on the Excalibur board, yet. This means that Blade 1000/2000 are not very usable as workstations so far due to the noise caused by the fans permanently running at full speed. 4. There is no support for host-to-PCI-Express or host-to-PCI-X bridges so far, at least for the latter due to lack of access to such machines. Adding support for the XMITS PCI-X bridges to the existing schizo(4) should be rather straightforward, PCI-Express will require a new driver and probably some additional tweaking though. __________________________________________________________________ HDA sound driver (snd_hda) Contact: Alexander Motin snd_hda(4) audio driver was significantly improved to provide better functionality according to High Definition Audio (HDA) and Universal Audio Architecture (UAA) specifications. According to HDA specification, driver now supports multiple codecs per HDA bus and multiple audio functional groups per codec. According to UAA specification, driver now implements idea of multiple logical audio devices per audio functional group. It means, that depending on specific system needs, single audio codec may provide several independent functions. For example, main multichannel output, headset input/output and digital SPDIF/HDMI audio input/output. Each of these functions are provided as separate pcm devices and can be used independently. Comparing to ALSA and OSS HDA drivers which are heavily tuned to support each specific codec in every specific system, this driver uses advanced codec tracing logic which allows it to support most of existing HDA codecs and systems without any special tuning, using only information provided by system and codec itself. This also allows user to widely reconfigure logical audio devices in his system for his own needs, just by specifying wanted audio connectors usage in device.hints. Also new driver implements SPDIF/HDMI digital audio, suspend/resume and initial parts of multichannel support. Open tasks: 1. Implement input-to-output audio bypass tracing for codecs where bypass signal is not taken from main input mixer. 2. Improve amplifiers control logic for cases where one signal can be controlled in several points. 3. Implement multichannel playback, that required significant sound(4) modifications. __________________________________________________________________ Multi-IPv4/v6/no-IP jails URL: http://sources.zabbadoz.net/FreeBSD/jail.html URL: http://p4web.FreeBSD.org/@md=d&cd=//depot/user/bz/jail/&rc=s&c=kmz@//de pot/user/bz/jail/?ac=43&mx=50 Contact: Bjoern A. Zeeb The multi-IPv4/v6/no-IP jails project patch has finally been committed to FreeBSD-CURRENT at the end of November. As an alternate solution to full network stack virtualization, this work shall provide a lightweight solution for multi-IP virtualization. The changes are even more important because of the emerging demand for IPv6. Ideally this will be merged to FreeBSD 7 before 7.2-RELEASE and stay in FreeBSD 8 for the transitional period to full network stack virtualization. Since the commit a few minor things have been fixed and work to address most of the remaining old jails PRs has almost been finished. The fallout from ports breakage has been handled with help from Erwin Lansing from the PortMgr Team. __________________________________________________________________ Network Stack Virtualization URL: http://wiki.FreeBSD.org/Image URL: http://www.FreeBSDfoundation.org/project%20announcements.shtml#Bjoern Contact: Bjoern A. Zeeb Contact: Marko Zec The network stack virtualization project aims at extending the FreeBSD kernel to maintain multiple independent instances of networking state. This allows for networking independence between jail-like environments, each maintaining its own private network interfaces, IPv4 and IPv6 network and port address space, routing tables, IPSec configuration, firewalls, and more. During BSDCan 2007 an initial commit plan had been worked out. The Developer Summit at Cambridge in August brought the first parts of VImage into the kernel. Marko gave a summary and outlook at EuroBSDCon in Strasbourg. From autumn until December all but the last step had been committed by Marko. Druing December Bjoern was able to work full time on VImage because of FreeBSD Foundation funding. In addition to helping with reviews, summarizing things on the Wiki, a virtual cross-over Ethernet-like interface pair was developed to be able to bring networking to an instances without the mandatory need of netgraph. The next steps will be to bring in the most important last step giving us multiple network stacks. After that all developers will be able to help to find (and fix) bugs. Further subsystems not yet addressed will need to be virtualized then. In addition to this Jamie Gritton's management interface will be imported. __________________________________________________________________ PmcTools URL: http://wiki.FreeBSD.org/PmcTools URL: http://code.google.com/p/pmctools/issues Contact: Joseph Koshy Support for Intel (TM) Atom/Core/Core2 family PMCs was added to PmcTools. Bugs in the toolset were tracked down and fixed, and the ABI between libpmc(3) and hwpmc(4) was reworked to hopefully be more future proof. __________________________________________________________________ Ports Collection URL: http://www.FreeBSD.org/ports/ URL: http://www.FreeBSD.org/doc/en_US.ISO8859-1/articles/contributing-ports/ URL: http://portsmon.FreeBSD.org/index.html URL: http://www.FreeBSD.org/portmgr/index.html URL: http://tinderbox.marcuscom.com Contact: Mark Linimon Most of the effort in the last quarter has been QA effort for 6.4-RELEASE and 7.1-RELEASE. Since that time, we have once again begun work on experimental package runs. The ports count has jumped to over 19,600. The PR count had jumped during the freeze/slush cycle for release, but has now dropped back to its usual count of around 900. GNOME has been updated to 2.24.3. KDE has been updated to 4.1.4. X.Org has been updated to 7.4. The following large changes are in the pipeline: * Introduction of Perl 5.10. We are currently building packages for amd64-6, amd64-7, amd64-8, i386-6, i386-7, i386-8, sparc64-6, and sparc64-7. Several new i386 and sparc64 machines have been added, which has helped speed up the builds. We especially appreciate the loan of a number of sparc64 machines by Gavin Atkinson. We have added 5 new committers since the last report, and 2 older ones have rejoined. Open tasks: 1. Most of the remaining ports PRs are "existing port/PR assigned to committer". Although the maintainer-timeout policy is helping to keep the backlog down, we are going to need to do more to get the ports in the shape they really need to be in. 2. Although we have added many maintainers, we still have over 4,700 unmaintained ports (see, for instance, the list on portsmon). (The percentage hovers around 24%.) We are always looking for dedicated volunteers to adopt at least a few unmaintained ports. As well, the packages on amd64 and sparc64 lag behind i386, and we need more testers for those. __________________________________________________________________ Release Engineering Contact: Release Engineering Since the last status report both 7.1-RELEASE (5 January 2009) and 6.4-RELEASE (28 November 2008) have been released. Starting with 6.4-RELEASE, a new DVD ISO image called "dvd1" is provided for amd64/i386. This image contains everything that is on the CDROM discs. So "dvd1" can be used to do a full installation that includes a basic set of packages, it has all of the documentation for all supported languages, and it can be used for booting into a "live CD-based filesystem" and system rescue mode. 6.4-RELEASE was the last release of the 6.X branch, we have currently no plan for any other 6.X release since most of the developers are focused on 8-CURRENT and 7.X. The long awaited 7.1-RELEASE is out since 5th of January. This release process was far too long from everyone's point of view. Working on another release (6.4-RELEASE) at the same time was not helping the things, but we are aware of many problems that need to be worked on to ease the whole release process. As a consequence, we are currently working on a new plan for future 7.X (or 8.0) release. We plan to: * Reduce the freeze period of ports tree, the freeze should occur near the end of the release process during RC cycle * Change the way showstoppers are handled and do not stop a release process for non-important issues or lack of features. Some work has also been done on the documentation build, we want to provide a more flexible way to install docs (Handbook, FAQ, etc.) and detach the release build to use instead ports (packages). This should make release building easier on slow architectures. Hopefully this switch will be done for 7.2-RELEASE or 8.0-RELEASE. Regarding the time line, we still plan to release 8.0-RELEASE in mid-June 2009. A time for the 7.2-RELEASE has not been set yet. __________________________________________________________________ SD/MMC subsystem Contact: Alexander Motin Contact: M. Warner Losh FreeBSD mmc(4)/mmcsd(4) stack was improved to support all MMC/SD card types existing now. Support was added for SD High Capacity (SDHC) cards and MultiMediaCards (MMC) memory cards of normal (up to 2GB) and high capacity. Support was also added for 4/8bits wide buses, High Speed timings and multi-block transfers allows to reach speeds up to 25MB/s (SD) and 52MB/s (MMC) depending on which card and controller was used. Added SD Host Controller driver, sdhci(4), that implements support for SD specification compatible PCI SD/MMC card readers to be used with mmc(4)/mmcsd(4) stack. Driver supports PIO and DMA transfers, 1/4bits buses, high speed timings, card insert/remove detection and write protection. Open tasks: 1. Many of the existing SD Host Controllers have undocumented registers beyond SD specification. Some of them are unable to detect the card without some additional initialization implemented. __________________________________________________________________ The FreeBSD Forums URL: http://forums.FreeBSD.org/ Contact: FreeBSD Forums Admins Contact: FreeBSD Forums Moderators The FreeBSD forums were publicly launched on November 16th, 2008 as a complementary support channel to our great mailing lists. There were almost 2000 new users registered in the first three days and each day we receive about 20 new user registrations. After less than three months after going public, we are now serving around 10,000 posts in 1,500 threads. We have received very positive feedback from our users, which we take as a good compensation for our efforts put into this project. __________________________________________________________________ The FreeBSD Foundation Status Report URL: http://www.FreeBSDfoundation.org Contact: Deb Goodkin We ended the year raising over $282,000! We received 173 donations just in December. We are very grateful to all the people who helped us come very close to our 2008 goal. Three projects were started that are being funded by the foundation. They are Safe Removal of Active Disk Devices, Improvements to the FreeBSD TCP Stack, and Network Stack Virtualization Projects. Click here to find out more about the projects. We were a sponsor for meetBSD. We provided a travel grant for a developer to attend this conference. We also handed out a few limited edition foundation vests for developer recognition. Read our end-of-year newsletter, to find out what else we've done to help The FreeBSD Project and community. __________________________________________________________________ The FreeBSD Greek Documentation Project URL: http://www.FreeBSDgr.org Contact: Giorgos Keramidas Contact: Manolis Kiagias The FreeBSD Greek Documentation Project managed to complete a significant amount of work during 2008. The first ten chapters of the Handbook are now completely translated and kept in sync with the English text. Work is also progressing nicely in the second part of The Handbook, with many new translated chapters. At this pace, we hope to have a complete Greek Handbook by 8.0-RELEASE. More volunteers are always welcome of course, as there is still plenty of work to be done. Open tasks: 1. Complete the Greek translation of the Handbook (about ten chapters remaining) 2. Complete the Greek translation of the FAQ (currently at around 40%) 3. Translate more documentation (articles) to Greek 4. Begin a Greek website on FreeBSD.org (volunteers needed) __________________________________________________________________ The FreeBSD Hungarian Documentation Project URL: http://www.FreeBSD.org/hu URL: http://www.FreeBSD.org/doc/hu URL: http://wiki.FreeBSD.org/HungarianDocumentationProject URL: http://p4web.FreeBSD.org/@md=d&cd=//depot/projects/docproj_hu/&c=aXw@// depot/projects/docproj_hu/?ac=83 Contact: G?bor K?vesd?n Contact: G?bor P?li Hungarian translation of the FreeBSD Documentation Project Primer for New Contributors has been finished and now it is available both online and for download. We hope that having the FDP Primer translated will encourage people to help our work. There is always place in our team, every submitted translation or feedback is appreciated and very welcome. Beside the continuous maintenance of the Hungarian documentation and web pages, a new article translation has been added to the Hungarian Documentation Set, CUPS. Open tasks: 1. Read the translations, send feedback 2. Translate web pages 3. Translate articles 4. Translate release notes for -CURRENT and 7.X __________________________________________________________________ VuXML generator URL: http://www.credentia.cc/services/vuxml/ Contact: Mark Foster VuXML generator ("wizard") is intended for end-users who want to generate VuXML (XML) definitions. Users can just fill out an HTML form & this removes some of the guesswork and the learning curve. The resulting VuXML can be submitted via send-pr as-is for inclusion into the portaudit database. Open tasks: 1. Option to submit generated XML into a "review" queue somewhere (thus eliminate the need for users to run send-pr at all) 2. Option to generate OVAL definition in addition to VuXML 3. Option to generate ready-to-run pr (e.g send-pr -f ) __________________________________________________________________ YouTube Channel for BSD URL: http://www.youtube.com/bsdconferences URL: http://murrayFreeBSD.blogspot.com/2008/12/new-channel-on-youtube-for-bs d.html URL: http://wiki.FreeBSD.org/VideoProductionAndPublishing Contact: Murray Stokely A new channel has been setup on YouTube explicitly for BSD conference recordings. This channel does not have the normal 10 minute limit so full high quality presentations from 30 minutes to nearly 2 hours have been uploaded. So far over 23 videos are available from MeetBSD and NYCBSDCon, with more from BSDCan and AsiaBSDCon coming soon. We are currently looking for more videos from BSDCan, EuroBSDCon, AsiaBSDCon, etc to upload to the channel. We also need help in creating subtitles for each video in various languages. If you would like to help out in generating subtitles for your language or if you have old video content from one of the above BSD conferences please let us know. Open tasks: 1. Adding subtitles in various languages to all of the technical talks. 2. Finding more videos from previous conferences to upload. 3. Audio post-processing. If anyone has experience removing audio artifacts from a video recording we would love to talk to you about working some magic on raw footage we have before uploading it to YouTube. 4. We could use additional tips for improved video recording and post-processing added to our video production and publishing wiki. __________________________________________________________________