From deb at freebsdfoundation.org Wed Mar 4 06:54:21 2009
From: deb at freebsdfoundation.org (Deb Goodkin)
Date: Wed Mar 4 10:17:02 2009
Subject: [FreeBSD-Announce] Accepting Travel Grant Applications for BSDCan
2009
Message-ID: <49AE960F.4060908@freebsdfoundation.org>
Calling all FreeBSD developers needing assistance with travel expenses
to BSDCan 2009.
The FreeBSD Foundation will be providing a limited number of travel
grants to individuals requesting assistance. Please fill out and submit
the Travel Grant Request Application at
http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by
April 9, 2009 to apply for this grant.
How it works:
This program is open to FreeBSD developers of all sorts (kernel hackers,
documentation authors, bugbusters, system administrators, etc). In some
cases we are also able to fund non-developers, such as active community
members and FreeBSD advocates.
(1) You request funding based on a realistic and economical estimate of
travel costs (economy airfare, trainfare, ...), accommodations
(conference hotel and sharing a room), and registration or tutorial
fees. If there are other sponsors willing to cover costs, such as your
employer or the conference, we prefer you talk to them first, as our
budget is limited. We are happy to split costs with you or another
sponsor, such as just covering airfare or board.
If you are a speaker at the conference, we expect the conference to
cover your travel costs, and will most likely not approve your direct
request to us.
(2) We review your application and if approved, authorize you to seek
reimbursement up to a limit. We consider several factors, including
our overall and per-event budgets, and (quite importantly) the
benefit to the community by funding your travel.
Most rejected applications are rejected because of an over-all limit on
travel budget for the event or year, due to unrealistic or uneconomical
costing, or because there is an unclear or unconvincing argument that
funding the application will directly benefit the FreeBSD Project.
Please take these points into consideration when writing your application.
(3) We reimburse costs based on actuals (receipts), and by check or bank
transfer. We require you submit a report on your trip, which we may
show to current or potential sponsors, and may include in our quarterly
newsletter.
There's some flexibility in the mechanism, so talk to us if something
about the model doesn't quite work for you or if you have any questions.
The travel grant program is one of the most effective ways we can
spend money to help support the FreeBSD Project, as it helps developers
get together in the same place at the same time, and helps advertise and
advocate FreeBSD in the larger community.
Thank You,
The FreeBSD Foundation
From deb at freebsd.org Mon Mar 9 08:35:49 2009
From: deb at freebsd.org (Deb Goodkin)
Date: Mon Mar 9 08:58:41 2009
Subject: [FreeBSD-Announce] The FreeBSD Foundation is Requesting Project
Proposals!
Message-ID: <49B53143.5040505@freebsd.org>
Only one more day to submit your project proposals! The deadline is
March 10!!
The FreeBSD Foundation is soliciting the submission of proposals for
work relating to any of the major subsystems or infrastructure within
the FreeBSD operating system. A budget of $30,000 was allocated to fund
multiple development projects. Proposals will be evaluated based on
desirability, technical merit and cost-effectiveness.
To find out more about the proposal process please read the attached
document. You can also find the document on our website at
http://www.freebsdfoundation.org/documents/FreeBSD%20Foundation%20Proposals%20Feb%202009.pdf.
We look forward to reading all the interesting project proposals!
Sincerely,
The FreeBSD Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FreeBSD Foundation Proposals Feb 2009.pdf
Type: application/pdf
Size: 44087 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-announce/attachments/20090309/2c65790d/FreeBSDFoundationProposalsFeb2009.pdf
From kientzle at freebsd.org Sun Mar 22 10:43:50 2009
From: kientzle at freebsd.org (Tim Kientzle)
Date: Sun Mar 22 11:03:13 2009
Subject: [FreeBSD-Announce] FreeBSD and Google's Summer of Code
Message-ID: <49C672ED.6040707@freebsd.org>
We're quite pleased that Google has once again
invited the FreeBSD Project to participate in
their Summer of Code program, which pays student
developers to work on Open Source projects.
Over the last four years, over 70 Summer of Code
projects have generated improvements to almost
every part of FreeBSD; many of the students have
gone on to become permanent members of FreeBSD's
international development team.
Students interested in working with the FreeBSD
Project should start preparing now by visiting
the Google Summer of Code website[1] and the
FreeBSD Summer of Code site[2] and discussing their
ideas on one of the FreeBSD public mailing lists[3]
or on the #freebsd-soc IRC channel on EFNet.
P.S. Please pass along this email or one of these[4]
posters[5] to anyone who might be interested.
[1] http://socghop.appspot.com/
[2] http://www.freebsd.org/projects/summerofcode.html
[3] http://www.freebsd.org/community/mailinglists.html
especially freebsd-hackers@freebsd.org
[4] http://www.freebsd.org/projects/2009-freebsd-gsoc.pdf
[5] http://people.freebsd.org/~manolis/2009-freebsd-gsoc-alternate.png
From errata-notices at freebsd.org Sun Mar 22 17:09:06 2009
From: errata-notices at freebsd.org (FreeBSD Errata Notices)
Date: Sun Mar 22 17:09:13 2009
Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-09:01.kenv
Message-ID: <200903230009.n2N095su065197@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-09:01.kenv Errata Notice
The FreeBSD Project
Topic: Kernel panic when dumping environment
Category: core
Module: kern
Announced: 2009-03-23
Affects: FreeBSD 7.x
Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE)
2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4)
2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The kenv(2) system call allows userland processes to get, set, and unset
kernel environment variables, as well as to dump all of the entries in
the kernel environment.
II. Problem Description
When dumping all of the entries in the kernel environment, the kernel
does not adequately bounds-check the size of the buffer into which the
environment should be written.
III. Impact
An unprivileged process can cause the FreeBSD kernel to attempt to
allocate a very large amount of memory, thereby causing the FreeBSD
kernel to panic.
IV. Workaround
No workaround is available, but systems without untrusted local users
are not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1
or RELENG_7_0 security branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 7.0 and 7.1
systems.
a) Download the patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch
# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/kern/kern_environment.c 1.47.2.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.7
src/sys/conf/newvers.sh 1.72.2.9.2.8
src/sys/kern/kern_environment.c 1.47.6.2
RELENG_7_0
src/UPDATING 1.507.2.3.2.15
src/sys/conf/newvers.sh 1.72.2.5.2.15
src/sys/kern/kern_environment.c 1.47.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r190301
releng/7.1/ r190301
releng/7.0/ r190301
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-09:01.kenv.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEUEARECAAYFAknG0gwACgkQFdaIBMps37ILlwCfcbVKW5FlPK+GtATY34wfkDWr
5tAAmMteIrkXAeBgp3QNI6pFiHzgunE=
=wJeF
-----END PGP SIGNATURE-----
From security-advisories at freebsd.org Sun Mar 22 17:09:13 2009
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Sun Mar 22 17:09:24 2009
Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer
Message-ID: <200903230009.n2N09CRQ065222@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:06.ktimer Security Advisory
The FreeBSD Project
Topic: Local privilege escalation
Category: core
Module: kern
Announced: 2009-03-23
Affects: FreeBSD 7.x
Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE)
2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4)
2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11)
CVE Name: CVE-2009-1041
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
In FreeBSD 7.0, support was introduced for per-process timers as defined
in the POSIX realtime extensions. This allows a process to have a limited
number of timers running at once, with various actions taken when each
timer reaches zero.
II. Problem Description
An integer which specifies which timer a process wishes to operate upon is
not properly bounds-checked.
III. Impact
An unprivileged process can overwrite an arbitrary location in kernel
memory. This could be used to change the user ID of the process (in order
to "become root"), to escape from a jail, or to bypass security mechanisms
in other ways.
IV. Workaround
No workaround is available, but systems without untrusted local users are
not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1
or RELENG_7_0 security branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 7.0 and 7.1
systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch
# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/kern/kern_time.c 1.142.2.3
RELENG_7_1
src/UPDATING 1.507.2.13.2.7
src/sys/conf/newvers.sh 1.72.2.9.2.8
src/sys/kern/kern_time.c 1.142.2.2.2.2
RELENG_7_0
src/UPDATING 1.507.2.3.2.15
src/sys/conf/newvers.sh 1.72.2.5.2.15
src/sys/kern/kern_time.c 1.142.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r190301
releng/7.1/ r190301
releng/7.0/ r190301
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1041
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-06:09.ktimer.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAknG0hQACgkQFdaIBMps37JA4gCfaznvIWKB/AU0cv6ojZUhheD4
MuYAnAp3wuz3E7gIX6VK7PeUVnPp/41o
=MPIX
-----END PGP SIGNATURE-----
From kientzle at freebsd.org Tue Mar 31 19:13:53 2009
From: kientzle at freebsd.org (Tim Kientzle)
Date: Tue Mar 31 19:26:11 2009
Subject: [FreeBSD-Announce] Summer of Code Deadline Approaching...
Message-ID: <49D2CB82.2010403@freebsd.org>
Students interested in participating in
Google's Summer of Code---whether with the
FreeBSD project or not---should file their
applications as soon as possible.
Remember that the Summer of Code website
allows you to
revise your proposal until the April 3
deadline; submitting your idea now allows the
FreeBSD mentors to give you feedback that you
can use to improve your proposal. You can
also discuss Summer of Code ideas and
suggestions on the freebsd-hackers@freebsd.org
mailing list.