gmane.os.freebsd.announce
http://blog.gmane.org/gmane.os.freebsd.announce
hourly11901-01-01T00:00+00:00Gmanehttp://gmane.org/img/gmane-25t.png
http://gmane.org
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap
http://comments.gmane.org/gmane.os.freebsd.announce/671
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project
Topic: Privilege escalation via mmap
Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and later
Corrected: 2013-06-18 09:04:19 UTC (stable/9, 9.1-STABLE)
2013-06-18 09:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
CVE Name: CVE-2013-2171
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The FreeBSD virtual memory system allows files to be memory-mapped.
All or parts of a file can be made available to a process via its
address space. The process can then access the file using memory
operations rather than filesystem I/O calls.
The ptrace(2) system call provides tracing and debugging facilities by
allowing one process (the tracing process) to watch and control
another (the traced process).
II. Problem Description
Due to insufficient permission checks in the virtual memory system, a
tracing process (such as a debugger) may be able to modify portions of
the traced process's address space to which the traced process itself
does not have write access.
III. Impact
This error can be exploited to allow unauthorized modification of an
arbitrary file to which the attacker has read access, but not write
access. Depending on the file and the nature of the modifications,
this can result in privilege escalation.
To exploit this vulnerability, an attacker must be able to run
arbitrary code with user privileges on the target system.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch.asc
# gpg --verify mmap.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r251902
releng/9.1/ r251903
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing XXXXXX with the revision number, on a
machine with Subversion installed:
# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing XXXXXX with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=XXXXXX>
VII. References
<other info on vulnerability>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:06.mmap.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)
iEYEARECAAYFAlHAB+YACgkQFdaIBMps37IjFACdFSoiYO1YkcPunLh7Zw4TC6MF
X9MAnjjVWB2uEl60Rl3K4WOuJ71AVNlP
=8309
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>FreeBSD Security Advisories2013-06-18T07:32:24FreeBSD 8.4-RELEASE Available
http://comments.gmane.org/gmane.os.freebsd.announce/670
<pre>The FreeBSD Release Engineering Team is pleased to announce the availability
of FreeBSD 8.4-RELEASE. This is the fifth release from the 8-STABLE
branch which improves on the functionality of FreeBSD 8.3 and introduces some
new features. Some of the highlights:
- Gnome version 2.32.1, KDE version 4.10.1
- Feature flags 5000 version of the ZFS filesystem.
- Support for all shipping LSI storage controllers.
For a complete list of new features and known problems, please see the
online release notes and errata list, available at:
http://www.FreeBSD.org/releases/8.4R/relnotes.html
http://www.FreeBSD.org/releases/8.4R/errata.html
For more information about FreeBSD release engineering activities,
please see:
http://www.FreeBSD.org/releng/
Availability
-------------
FreeBSD 8.4-RELEASE is now available for the amd64 and i386
architectures. Images for the pc98 architecture should be available
within the next 24 hours.
FreeBSD 8.4 can be installed from bootable ISO images or over the
network. Some architectures (currently amd64 and i386) also support
installing from a USB memory stick. The required files can be downloaded
via FTP as described in the sections below. While some of the smaller
FTP mirrors may not carry all architectures, they will all generally
contain the more common ones such as amd64 and i386.
SHA256 and MD5 hashes for the release ISO and memory stick images are
included at the bottom of this message.
The purpose of the images provided as part of the release are as follows:
dvd1: This contains everything necessary to install the base FreeBSD
operating system, a collection of pre-built packages, and the
documentation. It also supports booting into a "livefs" based
rescue mode. This should be all you need if you can burn
and use DVD-sized media.
disc1: This contains the base FreeBSD operating system and the
English documentation package for CDROM-sized media. There are
no other packages.
livefs: This contains support for booting into a "livefs" based
rescue mode but does not support doing an install from the
CD itself. It is meant to help rescue an existing system
but could be used to do a network based install if necessary.
bootonly: This supports booting a machine using the CDROM drive but
does not contain the support for installing FreeBSD from the
CD itself. You would need to perform a network based install
(e.g. from an FTP server) after booting from the CD.
memstick: This can be written to an USB memory stick (flash drive) and
used to do an install on machines capable of booting off USB
drives. It also supports booting into a "livefs" based rescue
mode. The documentation packages are provided but no other
packages.
As one example of how to use the memstick image, assuming the USB drive
appears as /dev/da0 on your machine something like this should work:
# dd if=FreeBSD-8.4-RELEASE-amd64-memstick.img of=/dev/da0 bs=10240 conv=sync
Be careful to make sure you get the target (of=) correct.
FreeBSD 8.4-RELEASE can also be purchased on CD-ROM or DVD from several
vendors. One of the vendors that will be offering FreeBSD 8.4-based
products is:
~ FreeBSD Mall, Inc. http://www.freebsdmall.com/
FTP
---
At the time of this announcement the following FTP sites have
FreeBSD 8.4-RELEASE available.
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp5.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp7.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp10.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.cn.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.cz.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.dk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.fr.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.ru.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp1.ru.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp.tw.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp4.tw.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp5.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
ftp://ftp10.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.4/
However before trying these sites please check your regional mirror(s)
first by going to:
ftp://ftp.<yourdomain>.FreeBSD.org/pub/FreeBSD
Any additional mirror sites will be labeled ftp2, ftp3 and so on.
More information about FreeBSD mirror sites can be found at:
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
For instructions on installing FreeBSD or updating an existing machine
to 8.4-RELEASE please see:
http://www.FreeBSD.org/releases/8.4R/installation.html
Support
-------
The FreeBSD Security Team currently plans to support FreeBSD 8.4 until
June 30, 2015. For more information on the Security Team and their
support of the various FreeBSD branches see:
http://www.FreeBSD.org/security/
Acknowledgments
---------------
Many companies donated equipment, network access, or man-hours to
support the release engineering activities for FreeBSD 8.4 including
The FreeBSD Foundation, Yahoo!, NetApp, Internet Systems Consortium,
Sentex Communications, New York Internet, Juniper Networks, and
iXsystems.
The release engineering team for 8.4-RELEASE includes:
Josh Paetzel <jpaetzel< at >FreeBSD.org> Release Engineering,
8.4-RELEASE Release Engineer
Ken Smith <kensmith< at >FreeBSD.org> Release Engineering, Release
Engineering Team Lead,
sparc64 Release Building,
Mirror Site Coordination
Robert Watson <rwatson< at >FreeBSD.org> Release Engineering, Security
Konstantin Belousov <kib< at >FreeBSD.org> Release Engineering
Marc Fonvieille <blackend< at >FreeBSD.org> Release Engineering, Documentation
Hiroki Sato <hrs< at >FreeBSD.org> Release Engineering, Documentation
Marcus von Appen <mva< at >FreeBSD.org> Release Engineering
Glen Barber <gjb< at >FreeBSD.org> Release Engineering
Joel Dahl <joel< at >FreeBSD.org> Release Engineering
Steven Kreuzer <skreuzer< at >FreeBSD.org> Release Engineering
Xin Li <delphij< at >FreeBSD.org> Release Engineering
Craig Rodrigues <rodrigc< at >FreeBSD.org> Release Engineering
Gleb Smirnoff <glebius< at >FreeBSD.org> Release Engineering
Marius Strobl <marius< at >FreeBSD.org> Release Engineering
Takahashi Yoshihiro <nyan< at >FreeBSD.org> PC98 Release Building
Erwin Lansing <erwin< at >FreeBSD.org> Package Building
Mark Linimon <linimon< at >FreeBSD.org> Package Building
Martin Wilke (miwi< at >FreeBSD.org> Package Building
Dag-Erling Sm?rgrav <des< at >FreeBSD.org> Security Officer
Colin Percival <cperciva< at >FreeBSD.org> Security Officer Emeritus
Simon L. B. Nielsen <simon< at >FreeBSD.org> Security Officer Emeritus
Trademark
---------
FreeBSD is a registered trademark of The FreeBSD Foundation.
ISO Image Checksums
-------------------
o amd64:
SHA256 (FreeBSD-8.4-RELEASE-amd64-bootonly.iso) = c167d11721c2e505c062ccec4d0923fe18839d56c49e99e0646ab0de04294338
SHA256 (FreeBSD-8.4-RELEASE-amd64-disc1.iso) = 2fb17d77d4eba34736eb98c142c56546dd73a4e7ac38895bb6c8517949282438
SHA256 (FreeBSD-8.4-RELEASE-amd64-dvd1.iso) = 0a1acf77dee7fca7f71864e39804414ef53ad0540f2205bf0bfb954150f171f2
SHA256 (FreeBSD-8.4-RELEASE-amd64-livefs.iso) = 6c0e004556e931da711d48bd530aaf45c056e4336b15acc00495cde128d8337a
SHA256 (FreeBSD-8.4-RELEASE-amd64-memstick.img) = fe6686ce9f1c9afd3d1ee41d6c842d2173cfc8fed700fb76954fa2e2bef149cd
MD5 (FreeBSD-8.4-RELEASE-amd64-bootonly.iso) = 6d0cb38073c803d5f76cdbd89e0a6f24
MD5 (FreeBSD-8.4-RELEASE-amd64-disc1.iso) = 642aba9299a30f06aca521abe0abb102
MD5 (FreeBSD-8.4-RELEASE-amd64-dvd1.iso) = c8dfd45a0b4d6afca1aa79b7374682fe
MD5 (FreeBSD-8.4-RELEASE-amd64-livefs.iso) = 72631f6b8a494390393db9f7c7a877bf
MD5 (FreeBSD-8.4-RELEASE-amd64-memstick.img) = 36823c5c2613220ebc304d2508874cf6
o i386:
SHA256 (FreeBSD-8.4-RELEASE-i386-bootonly.iso) = 8a92bea891f2e9bb3a4c8613c3e075c72491a5f3904219abea00eadf3c8d4258
SHA256 (FreeBSD-8.4-RELEASE-i386-disc1.iso) = 73ecc5ba0c36e7682c4862e7351d385e2e07bc97a09f9dff326d3cc1ec690cf8
SHA256 (FreeBSD-8.4-RELEASE-i386-dvd1.iso) = 28fcba3954f5014b67748f9870b7db9a95797a88e68956523f39dea8824fa694
SHA256 (FreeBSD-8.4-RELEASE-i386-livefs.iso) = 7ed52fd38bc399603ff2f69013df54032f44fb431bcf1cfb4e30230cd37e323b
SHA256 (FreeBSD-8.4-RELEASE-i386-memstick.img) = 071d889db802fc144c977023a94aece94dbe5a9e4019e85f7449128153110031
MD5 (FreeBSD-8.4-RELEASE-i386-bootonly.iso) = aca12a59ee988cccd19e4835ef8e6291
MD5 (FreeBSD-8.4-RELEASE-i386-disc1.iso) = 051bfda6a9521ca950548b5449c8c5ce
MD5 (FreeBSD-8.4-RELEASE-i386-dvd1.iso) = ca3ae875d0880e6b966f8eee2b13da40
MD5 (FreeBSD-8.4-RELEASE-i386-livefs.iso) = 13ca52edd45284fb64133ceef804f890
MD5 (FreeBSD-8.4-RELEASE-i386-memstick.img) = 52affc47ba90c9fa8df823a8c8c046e0
Glen
</pre>Glen Barber2013-06-07T11:17:53FreeBSD Virtual Machine images
http://comments.gmane.org/gmane.os.freebsd.announce/669
<pre>I am happy to announce the availablilty of pre-installed VM images for
the FreeBSD head/ branch.
Images are available for the amd64 and i386 architectures, and can be
downloaded from the FreeBSD FTP site, including most mirrors:
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/VM-IMAGES/Latest/
Images are planned to be generated at the same 1-week interval as
installer snapshots. VM images for stable/9 are not yet available, but
are a work in progress.
Technical details:
o VM hard disk image formats available are QCOW2 (qemu) and VMDK
(VirtualBox and VMWare)
o The VM disk images are approximately 750Mb uncompressed, and 10Gb
when attached to a VM. File size of the raw disk image will grow as
data is written to the virtual device.
o The partition layout is:
- 512k - freebsd-boot GPT partition type (bootfs GPT label)
- 1Gb - freebsd-swap GPT partition type (swapfs GPT label)
- ~8Gb - freebsd-ufs GPT partition type (rootfs UFS label)
Those interested are encouraged to subscribe to the freebsd-snapshots
announcement list for relevant updates and/or notices regarding these
VM images:
http://lists.freebsd.org/mailman/listinfo/freebsd-snapshots
Regards,
Glen
</pre>Glen Barber2013-05-31T12:05:26EuroBSDCon Sep 28/29 2013 in Malta: Last Callfor Proposals
http://comments.gmane.org/gmane.os.freebsd.announce/668
<pre>Important Dates
---------------
Sep 26-29: Tutorials and Talks in St. Julian's, Malta
http://2013.eurobsdcon.org/eurobsdcon-2013/talks-and-schedule/
Mid June: Registration opens
http://2013.eurobsdcon.org/eurobsdcon-2013/registration/
May 27: Request for Proposals closes
http://2013.eurobsdcon.org/2013/03/28/call-for-proposals/
EuroBSDcon is the European technical conference for users and developers
of BSD-based systems. The conference will take place Thursday, September
26 through Sunday, September 29 at the Hilton (http://goo.gl/maps/hnACd)
in St. Julian's, Malta (tutorials on Thursday and Friday, talks on
Saturday and Sunday).
Last Call for Talk Proposals
----------------------------
The EuroBSDcon program committee is inviting BSD developers and users to
submit innovative and original talk proposals not previously presented
at other European conferences.
Topics of interest to the conference include, but are not limited to
applications, architecture, implementation, performance and security of
BSD-based operating systems, as well as topics concerning the economic
or organizational aspects of BSD use.
Presentations are expected to be 45 minutes and are to be delivered in
English.
Last Call for Tutorial Proposals
--------------------------------
The EuroBSDcon program committee is also inviting qualified
practitioners in their field to submit proposals for half or full day
tutorials on topics relevant to development, implementation and use of
BSD-based systems.
Half-day tutorials are expected to be 2.5 to 3 hours and full-day
tutorials 5 to 6 hours. Tutorials are to be held in English.
Submissions
-----------
Proposals should be sent by email to <submission< at >eurobsdcon.org>. They
should contain a short and concise proposal abstract in about 100 words.
The submission should also include a short CV of the speaker and an
estimate of the expected travel expenses. Please submit each proposal as
a separate email.
RFP Deadline
------------
The EuroBSDcon program committee is accepting talk and tutorial
proposals until Monday, May 27 2013.
We are looking forward to your proposals and to see you at EuroBSDcon!
Beat Gätzi
On behalf of the EuroBSDcon 2013 Program Committee
</pre>Beat Gaetzi2013-05-14T17:38:57Binary Packages Are Available Again
http://comments.gmane.org/gmane.os.freebsd.announce/667
<pre>Dear FreeBSD Community,
Six months have passed since the November security incident which
brought the Project's binary package building capacity offline; we are
pleased to announce that all services are now restored. This has
followed a significant effort to review security throughout the FreeBSD
Project's infrastructure, and reengineer the package-building system to
support greater compartmentalization and resilience. This includes the
redports.org and ports QAT, generation and update of INDEX files,
publication of binary package sets, and binary-package building itself.
The revised infrastructure provided binary packages for the recent
release of FreeBSD 8.4.
We are now glad to announce that binary packages available again for
8.x, 9.x branches on i386 and amd64 architectures at the usual
locations:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.4-release/
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/
Note that the previously missed binary packages for 9.1-RELEASE have
been also recovered and can be found here:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.1-release/
ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.1-release/
However before trying any of these sites above please check your
regional mirrors first by going to:
ftp://ftp.<yourdomain>.FreeBSD.org/pub/FreeBSD
Any additional mirror sites will be labeled ftp2, ftp3 and so on. More
information about FreeBSD mirror sites can be found at:
http://www.FreeBSD.org/handbook/mirrors-ftp.html
Note that these are still the "old-style" packages. Port managers are
currently working on introducing new-style (as known as pkgng) binary
packages in the coming months, please check the FreeBSD ports
announcements list for further gradual status updates:
http://lists.freebsd.org/mailman/listinfo/freebsd-ports-announce/
The Core Team thanks especially Peter Wemm, Mark Linimon, Simon Nielsen,
Robert Watson, Erwin Lansing, Brad Davis, Bernhard Froehlich, Beat
Gaetzi, Martin Wilke, Jonathan Anderson, George Neville-Neil, Sean
Bruno, Colin Percival, and Bjoern Zeeb for their hard work on restoring
the binary-package building cluster and the associated services, and
Gavin Atkinson for maintaining and updating the compromise page.
</pre>FreeBSD Core Team Secretary2013-05-14T04:55:48FreeBSD Quarterly Status Report,January-March 2013
http://comments.gmane.org/gmane.os.freebsd.announce/666
<pre>FreeBSD Quarterly Status Report, January-March 2013
Introduction
This report covers FreeBSD-related projects between January and March
2013. This is the first of four reports planned for 2013.
Highlights from this status report include the busy preparations of
8.4-RELEASE, restoration of binary package building, steady progress
of several porting efforts, like work on the FreeBSD ports of xorg,
GNOME, KDE, and Xfce, bringing FreeBSD to Cubieboard and Hackberry
boards, development of ARM and AMD GPU support, improving
performance of UFS/FFS and callouts, and introducing a multipath TCP
implementation for the network stack.
Thanks to all the reporters for the excellent work! This report
contains 31 entries and we hope you enjoy reading it.
The deadline for submissions covering the period between April and
June 2013 is July 7th, 2013.
__________________________________________________________________
Projects
* FreeNAS
* Kernel Information in Process Core Dumps
* Native iSCSI Stack
FreeBSD Team Reports
* FreeBSD Bugmeister Team
* FreeBSD Core Team
* FreeBSD Port Managers
* FreeBSD Postmaster Team
* FreeBSD Release Engineering Team
Kernel
* AMD GPU Kernel Mode-Setting (KMS) Support
* Atomic "close-on-exec"
* callout(9) Improvements
* Multipath TCP (MPTCP) for FreeBSD
* racct: Block IO Accounting
* Read-only Port of NetBSD's UDF File System
* TCP-AO Authentication Option
* UFS/FFS Performance Work
Documentation
* Improving the Documentation Project Infrastructre
* The entities Documentation Branch
* The FreeBSD Japanese Documentation Project
Architectures
* FreeBSD on Cubieboard
* FreeBSD/arm Superpages for ARMv7
* FreeBSD/ARM Toolchain Improvements
Ports
* FreeBSD Haskell Ports
* GNOME/FreeBSD
* KDE/FreeBSD
* PyPy
* Wine32 on FreeBSD/amd64
* Xfce/FreeBSD
* xorg on FreeBSD
Miscellaneous
* BXR.SU -- Super User's BSD Cross Reference
* mdoc.su -- Short Manual Page URLs
__________________________________________________________________
AMD GPU Kernel Mode-Setting (KMS) Support
URL: https://wiki.freebsd.org/AMD_GPU
Contact: Jean-Sébastien Pédron <dumbbell< at >FreeBSD.org>
Contact: J.R. Oldroyd <jr< at >opal.com>
Contact: Konstantin Belousov <kib< at >FreeBSD.org>
The project progressed well since February:
* Konstantin committed is TTM port to 10-CURRENT.
* With the help of John Baldwin (jhb) and Andriy Gapon (avg), the
Video BIOS situation greatly improved: the radeonkms driver reads
the BIOS shadow copy if the video card is the primary one, or
query the PCI expansion ROM otherwise. In the end, this code
will be probably committed to the PCI driver so that other video
drivers benefit from it.
* Andriy also reported several problems with the I2C code. Now that
they are fixed, the monitors plugged into DVI and HDMI connectors
are detected and their EDID is read correctly. VGA connector is
not tested so far.
* There is a locking problem in either TTM or the Radeon driver
which prevents OpenGL from working properly. Jean-Sébastien is
currently tracking this down.
* J.R. Oldroyd started to work on a 9-STABLE backport of the driver
which is now working quite well. He had to backport some features
from the VM which may need further refinement by the VM folks.
Yakaz lended Jean-Sébastien a computer which allows him to test a
RV630-based discrete card and, in the future, other PCIe cards.
Several users already kindly tested the driver. Big thanks to all
those contributors!
In its current state, the driver allows to have a simple X session
(no OpenGL), run common applications, watch movies, change the
resolution and enable additional monitors with xrandr(1). The most
blocking issue now is the OpenGL deadlock which prevents to run
modern compositors/desktop environment, games and WebGL demos. We
are not ready for a "Call For Testers" yet.
Open tasks:
1. Test multiple cards configurations for Video BIOS issues,
especially Intel integrated card + Radeon discrete card, and AMD
integrated card (IGP) + Radeon discrete card. No need to check
configurations with one shared connector though, it is not
supported right now.
__________________________________________________________________
Atomic "close-on-exec"
URL: https://wiki.freebsd.org/AtomicCloseOnExec
Contact: Jilles Tjoelker <jilles< at >FreeBSD.org>
If threads or signal handlers call fork() and exec(), file
descriptors may be passed undesirably to child processes, which may
lead to hangs (if a pipe is not closed), exceeding the file
descriptor limit and security problems (if the child process has
lower privilege). One solution is various new APIs that set the
"close-on-exec" flag atomically with allocating a file descriptor.
Some existing software will use the new features if present or will
even refuse to compile without them.
Various parts have been present for some time.
In first quarter of 2013, extensions to recvmsg(), socket(),
socketpair() and posix_openpt() have been added.
__________________________________________________________________
BXR.SU -- Super User's BSD Cross Reference
URL: http://bxr.su/
URL:
http://lists.freebsd.org/pipermail/freebsd-hackers/2013-April/042334.html
Contact: Constantine A. Murenin <cnst++< at >FreeBSD.org>
Super User's BSD Cross Reference (BXR.SU) is a new source-code search
engine that covers the complete kernel and non-GNU userland source
trees of FreeBSD, NetBSD, OpenBSD, and DragonFly BSD.
BXR.SU is optimised to be very fast, has daily updates of all the
trees, and also acts as a deterministic URL shortener.
BXR.SU is based on an OpenGrok fork, but it is more than just
OpenGrok. We have fixed a number of annoyances, eliminated features
that just never worked right from the outright, and provided
integration with tools like CVSweb (including great mirrors like
allbsd.org), FreeBSD's ViewVC (SVN), as well as GitHub and Gitweb
from git.freebsd.your.org, plus a tad of other improvements,
including a complete rewrite of an mdoc parser. Last, but definitely
not least, is an extensive set of nginx rewrite rules that makes it
a breeze to use BXR.SU as a deterministic URL compactor for
referencing BSD source code. For example, the
http://bxr.su/f/kern/sched_ule.c URL will automatically redirect to
http://bxr.su/FreeBSD/sys/kern/sched_ule.c through nginx.
Note that according to the release schedule of BXR.SU, there is no
IPv4 glue until 2013-04-24; otherwise, the service is available via
both IPv4 and IPv6. See the 2013-04-01 announcement on the
freebsd-hackers mailing list for more details.
Open tasks:
1. Find up-to-date git repositories (served with Gitweb) of NetBSD
and OpenBSD.
2. Find a Gitweb mirror of FreeBSD that is faster than GitHub and
Gitorious.
__________________________________________________________________
callout(9) Improvements
URL: http://people.freebsd.org/~davide/asia/callout_paper.pdf
URL: http://people.freebsd.org/~davide/asia/calloutng.pdf
URL: http://svnweb.freebsd.org/base?view=revision&revision=247777
Contact: Davide Italiano <davide< at >FreeBSD.org>
Contact: Alexander Motin <mav< at >FreeBSD.org>
In FreeBSD, timers are provided by the callout facility, which allows
to register a function with an argument to be called at specified
future time. The subsystem suffered of some problems, such as the
impossibility of handling high-resolution events or its inherent
periodic structure, which may lead to spurious wakeups and higher
power consumption. Some consumers, such as high-speed networking,
VoIP and other real-time applications need a better precision than
the one currently allowed. Also, especially with the ubiquity of
laptops in the last years, the energy wasted by interrupts waking
CPUs from sleep may be a sensitive factor. Recent changes in the
subsystem addressed those long-standing issues as well as introduced
a new programming interface to take advantage of the new features.
Open tasks:
1. Evaluating if it is worth to migrate any of the other callout(9)
consumers to the new interface.
2. Move callout consumers still using the legacy
timeout()/untimeout() interface to callout_*() in order to get rid
of redundant code and clean up KPI.
__________________________________________________________________
FreeBSD Bugmeister Team
Contact: Eitan Adler <eadler< at >FreeBSD.org>
Contact: Gavin Atkinson <gavin< at >FreeBSD.org>
Contact: Oleksandr Tymoshenko <gonzo< at >FreeBSD.org>
The FreeBSD Bugmeister Team are continuing to evaluate options for
alternate bug trackers and have narrowed their choices to two
possibilities: Bugzilla and roundup.
The number of non-ports PRs have remained relatively static over the
last three months, with as many coming in as being closed. The number
of ports PRs have increased recently, largely due to the ports freeze
for the upcoming 8.4-RELEASE.
The Bugmeister team continue work on trying to make the contents of
the GNATS PR database cleaner, more accessible and easier for
committers to find and resolve PRs, by tagging PRs to indicate the
areas involved, and by ensuring that there is sufficient info within
each PR to resolve each issue.
As always, anybody interested in helping out with the PR queue is
welcome to join us in #freebsd-bugbusters on EFnet. We are always
looking for additional help, whether your interests lie in triaging
incoming PRs, generating patches to resolve existing problems, or
simply helping with the database housekeeping (identifying duplicate
PRs, ones that have already been resolved, etc). This is a great way
of getting more involved with FreeBSD!
Open tasks:
1. Finalize the decision of which new bug tracker to use.
2. Get more users involved with triaging PRs as they come in.
3. Assist committers with closing PRs.
__________________________________________________________________
FreeBSD Core Team
Contact: Core Team <core< at >FreeBSD.org>
At the end of 2012, the Core Team approved using Google Analytics on
the Project web site to enable the Documentation Engineering Team to
collect statistics on its usage for better profiling. In the first
quarter of 2013, the Core Team worked with the Documentation
Engineering Team to finalize the associated policies.
Due to some debates around the political correctness of quotes added
for the fortune(6) utility, the corresponding data file has been
removed from the base system in -CURRENT.
In light of the security incident, the liaison role between the Core
Team and the Security Team has been restored, with Gavin Atkinson
assuming this role. The Core Team work hard on resolving the current
situation of the binary package building cluster and the associated
security problems in tight cooperation with the Ports Management
Team, Cluster Administators, and the FreeBSD Foundation Board. The
compromise page is kept updated on the results.
The FreeBSD Project submitted an application for Google Summer of
Code this year again.
There was access granted for 2 new committers and 1 commit bit was
taken for safekeeping in this quarter.
__________________________________________________________________
FreeBSD Haskell Ports
URL: http://wiki.freebsd.org/Haskell
URL: https://github.com/freebsd-haskell/freebsd-haskell/
Contact: Gábor Páli <pgj< at >FreeBSD.org>
Contact: Ashish Shukla <ashish< at >FreeBSD.org>
We are proud to announce FreeBSD Haskell Team has updated existing
ports to their latest stable versions. We also added number of new
ports, which brings the count of Haskell ports in FreeBSD ports tree
to more than 400, featuring many popular software, e.g. xmonad,
git-annex, pandoc or various web framework implementations. All of
these updates will be available as part of the upcoming 8.4-RELEASE.
We also came to know that Haskell ports are also being used
successfully on DragonFlyBSD's dports tree.
In our development repository, there was some optional support added
for LLVM-based code generation using the GHC LLVM backend. This works
mostly on FreeBSD too, though some of the ports would need fixing so
it is still considered experimental.
Open tasks:
1. Try to build GHC with clang (as system compiler).
2. Commit pending Haskell ports to the FreeBSD ports tree.
3. Add more ports to the Ports Collection.
__________________________________________________________________
FreeBSD on Cubieboard
Contact: Ganbold Tsagaankhuu <ganbold< at >FreeBSD.org>
Contact: Oleksandr Tymoshenko <gonzo< at >FreeBSD.org>
Initial support of Allwinner A10 SoC is committed to -CURRENT.
FreeBSD is now running on boards such as Cubieboard, Hackberry and
it supports following peripherals:
* USB EHCI
* GPIO
Open tasks:
1. Get EMAC Ethernet driver working. Need more help from network
driver experts.
2. Implement more drivers.
__________________________________________________________________
FreeBSD Port Managers
URL: http://www.FreeBSD.org/ports/
URL: http://www.freebsd.org/doc/en/articles/contributing-ports/
URL: http://portsmon.freebsd.org/
URL: http://www.freebsd.org/portmgr/
URL: http://blogs.freebsdish.org/portmgr/
URL: http://www.twitter.com/freebsd_portmgr/
URL: http://www.facebook.com/portmgr
Contact: Thomas Abthorpe <portmgr-secretary< at >FreeBSD.org>
Contact: Port Management Team <portmgr< at >FreeBSD.org>
The ports tree contains approximately 24,300 ports, while the PR
count still is close to 1600.
In the first quarter we added 4 new committers, took in 1 commit bit
for safe keeping, and re-instated 1 commit bit.
In February, Mark Linimon (linimon) stepped down from his duties in
the team. Mark had been the longest serving member of the team. Mark
had spent many long hours refactoring and documenting the portbuild
software to ensure that pointyhat services could be restored.
After a security review, redports.org was turned back on, restoring
Tinderbox services to contributors, along with post commit QATs. In
addition, pointyhat infrastructure had also undergone a review and
work begain on restoring the package build system.
Erwin Lansing (erwin) and Martin Wilke (miwi) took on the principle
roles of getting the portbuild software installed and running on
pointyhat. As a result of all their hard work, portmgr< at > was finally
able to resume doing -exp runs, preparing packages for the upcoming
8.4 release, as well as getting a set of 9.1 packages retroactively
prepared.
After many long years of being the defacto standard for the Project,
CVS support for the ports tree officially ended on February 28.
The ports tree was tagged with RELEASE_7_EOL, to coincide with the
end of life for FreeBSD 7.X.
Beat Gaetzi (beat) stepped down from his duties on portmgr< at > in March.
Among his notable contributions, was the task of migrating the Ports
Tree from the old CVS repo to Subversion.
Bryan Drewery (bdrewery) joined the Ports Management team in March,
bringing with him his wealth of knowledge and skill from maintaining
portupgrade, portmaster, assisting with pkgng, as well as
co-developing poudriere.
Open tasks:
1. Most ports PRs are assigned, we now need to focus on testing,
committing and closing.
__________________________________________________________________
FreeBSD Postmaster Team
Contact: David Wolfskill <postmaster< at >FreeBSD.org>
In the first quarter of 2013, the FreeBSD Postmaster Team has
implemented the following items that may be interest of the general
public:
* Changes in configuration of Mailman-managed lists: allow to
accept the application/pkcs7-signature MIME type (in addition to
the application/x-pkcs7-signature MIME type), thus permitting
S/MIME signatures on list mail.
* New lists: freebsd-ops-announce -- announcements of
infrastructure issues, and freebsd-pkg -- discussion of binary
package management and package tools.
__________________________________________________________________
FreeBSD Release Engineering Team
URL: http://www.freebsd.org/releases/8.4R/schedule.html
Contact: FreeBSD Release Engineering Team <re< at >FreeBSD.org>
FreeBSD 8.4-RC1 just got out the door and we are planning RC2. A
couple of critical fixes have come in that will be included in RC2.
The schedule has slipped about 10 days so far. We are expecting the
final release by the end of April. Packages for 8.4 have been
provided by a fully operational package building cluster.
__________________________________________________________________
FreeBSD/arm Superpages for ARMv7
URL:
http://static.usenix.org/events/osdi02/tech/full_papers/navarro/navarro.pdf
URL: https://wiki.freebsd.org/ARMSuperpages URL:
https://github.com/semihalf-bodek-zbigniew/freebsd-arm-superpages.git
Contact: Zbigniew Bodek <zbb< at >semihalf.com>
Contact: Grzegorz Bernacki <gjb< at >semihalf.com>
Contact: Rafał Jaworowski <raj< at >semihalf.com>
ARM architecture is more and more prevailing, not only in the mobile
and embedded space. Among the more interesting industry trends
emerging in the recent months has been the "ARM server" concept.
Some top-tier companies started developing systems like this already
(Dell, HP).
Key to FreeBSD success in these new areas are sophisticated features,
among them are superpages.
The objective of this project is to provide FreeBSD/arm with the
superpages support, which will allow for efficient use of TLB
translations (enlarge TLB coverage), leading to improved performance
in many applications and scalability. Indicated functionality is
intended to work on ARMv7-based processors, however compatibility
with ARMv6 will be preserved.
Current support status:
* Port of the pv_entry allocator.
* Switch to "AP[2:1]" access permissions model.
* PTE-based, page-referenced/modified emulation.
* Fixes regarding page replacement strategy.
* Code optimizations and bug fixes.
Next steps:
* Dirty pages management.
* Gradual integration to FreeBSD -CURRENT.
* Further pmap optimizations.
* Fragmentation control management.
* Testing and benchmarking.
Open tasks:
1. Support for multiple page sizes.
2. Implementation of page promotion, demotion and eviction
mechanisms.
__________________________________________________________________
FreeBSD/ARM Toolchain Improvements
Contact: Andrew Turner <andrew< at >FreeBSD.org>
Clang has been made the default compiler on ARM. A number of issues
with LLVM and clang have been found, reported, and fixed upstream.
An issue where some ARM EABI applications compiled with clang crash
has been reported upstream with a patch and will be brought into the
FreeBSD tree when it is accepted. The only other issue blocking
moving to the ARM EABI is C++ exceptions fail to work correctly with
shared objects. This will need us to either import libunwind or
implement the functions libgcc_s requires to find the correct unwind
table.
Open tasks:
1. Fix exception handling for EABI.
__________________________________________________________________
FreeNAS
URL: http://www.FreeNAS.org/
Contact: Alfred Perlstein <alfred< at >FreeBSD.org>
Contact: Josh Paetzel <jpaetzel< at >FreeBSD.org>
FreeNAS 8.3.1-RELEASE-p2 will hit Sourceforge the second week of
April, and should end up as the last FreeNAS release based on
FreeBSD 8.X It's currently the only Free Open Source NAS product
available with any form of ZFS encryption (provided by GELI).
Open tasks:
1. The team is hard at work on getting a FreeBSD 9.X-based release
of FreeNAS ready. Currently there are several nightly snapshots
available.
2. Add HAST to the webinterface.
3. Migrate to NFSv4.
4. Integrate foundation sponsored kernel iSCSI target.
__________________________________________________________________
GNOME/FreeBSD
URL: http://www.freebsd.org/gnome
URL: http://www.freebsd.org/gnome/docs/develfaq.html
URL: http://www.marcuscom.com:8080/viewvc/viewvc.cgi/marcuscom
URL: https://github.com/jlmess77/mate-ports
Contact: FreeBSD GNOME team <gnome< at >FreeBSD.org>
The GNOME/FreeBSD Team has recently merged Glib 2.34, Gtk+ 2.24.17
and Gtk+ 3.6.4 into ports, the C++ bindings also have got updates. In
additional "low-level" GNOME ports received updates, like libsoup,
gobject-introspection, atk and vala for example. The telepathy stack
and empathy where also updated.
The USE_GNOME macro has received support for :run and :build targets
thanks to Jeremy Messenger (mezz). Currently only libxml2 and libxslt
support these targets.
USE_GNOME=pkgconfig is being deprecated in favor of
USE_PKGCONFIG=build. The former also adds a run dependency on
pkg-config, which is not required. A first pass was done to get rid
of this in the Glib update to 2.34. In cooperation with the X11
Team, the usage of USE_GNOME=pkgconfig in X components will be
removed. After the fallout from this is handled and stranglers are
converted, the USE_GNOME option will be removed.
In addition USE_GNOME=gnomehack is deprecated and should not be used.
Please replace it with USES=pathfix.
The GNOME development repository has switched from CVS to SVN. CVS
will not get any more updates. Uses can get a new version of the
marcusmerge script that supports SVN from its home page, and should
remove the old CVS checkout "ports" dir.
* SVN anonymous root: svn://creme-brulee.marcuscom.com/ or
svn://sushi.marcuscom.com/ (IPv6)
* ViewVC: http://www.marcuscom.com:8080/viewvc/viewvc.cgi/marcuscom
On-going efforts:
* glib 2.36, pango 1.34.0, gtk 3.8.0 and gobject-introspection
1.36.0 where updated in the GNOME development repository.
* Gustau Perez i Querol stepped up and started work on updating the
old GNOME 3.4 ports to 3.6. At the moment of writing these are
not available in the GNOME development repository just yet. For
his efforts, he was awarded a FreeBSD GNOME team membership.
* Jeremy Messenger (mezz) has completed Mate 1.6 which will be
arriving in ports near you when deemed stable enough.
If you want to help with keeping the documentation updated or helping
out in other ways, even if it only parts for the Glib/Gtk/GNOME stack
you are interested in, please contact us!
Open tasks:
1. Update the FreeBSD.org/gnome website, in particular the developer
information about USE_GNOME, maybe put that section in the
Porter's Handbook instead.
2. Merge more updated ports from MC to ports.
3. Testing latest Glib/Gtk releases with existing ports, and import
it into ports when it is ready.
4. After porting GNOME 3.6 run tests and fix bugs.
__________________________________________________________________
Improving the Documentation Project Infrastructre
URL: http://svnweb.freebsd.org/doc/projects/xml-tools/
Contact: Gábor Kövesdán <gabor< at >FreeBSD.org>
There is an on-going work to improve the documentation infrastructure
and modernize our documentation toolchain. The work can be found in
the xml-tools branch and is very near to completion. The improvements
include the following:
* Upgrade to DocBook 4.5.
* Use XSLT instead of DSSSL to render XHTML-based output.
* Generate PDF from PS and simplify image processing.
* Fix make lint and validate the whole documentation set.
* Fix rendering of TOC elements.
* Fix misused link elements that resulted in a corrupt rendering.
* Use more human-friendly publication data and release info
rendering.
* Add support for XInclude in DocBook documents.
* Add support for profiling with attributes.
* Add support for Schematron constraints.
* Add experimental epub support.
* Add experimental support for XSL-FO-based printed output.
* Clean up obsolete SGML constructs.
* Clean up catalogs.
* Drop HTML Tidy since it is not needed any more.
The changes eliminate some dependencies and switch the doc repository
to a real XML toolchain with proper validation and more advanced
rendering tools. The only exceptions are Jade and the DSSSL
stylesheets, which are still needed for printed output.
Open tasks:
1. Fix rendering problems with images in printed formats.
2. Update the Documentation Primer to reflect changes.
__________________________________________________________________
KDE/FreeBSD
URL: http://FreeBSD.kde.org
URL: http://FreeBSD.kde.org/area51.php
Contact: KDE FreeBSD <kde< at >FreeBSD.org>
The KDE/FreeBSD Team is very proud to have Schaich Alonso (aschai)
joining the team. Welcome!
The KDE/FreeBSD Team have continued to improve the experience of KDE
software and Qt under FreeBSD. The latest round of improvements
include:
* Fix problems establishing UDP connections.
The Team have also made many releases and upstreamed many fixes and
patches. The latest round of releases include:
* KDE SC: 4.9.5, 4.10.1 (ports)
* Qt: 5.0.0 (area51) and 4.8.4 (ports)
* PyQt: 4.9.6 (ports); QScintilla 2.7 (ports); SIP: 4.14.2 (area51)
and 4.14.3 (ports)
* KDevelop: 4.4.1 (ports); KDevPlatform: 1.4.1 (ports)
* Calligra: 2.5.5, 2.6.2 (ports)
* Amarok: 2.7.0
* CMake: 2.8.10.2
* Digikam (and KIPI-plugins): 3.1.0 (area51)
* QtCreator: 4.6.1 (ports)
* KDE Telepathy 0.6.0 (area51)
* many smaller ports
As a result -- according to PortScout -- we have 431 ports, of which
93.5% (from 91%) are up-to-date.
The Team are always looking for more testers and porters so please
contact us and visit our home page.
Open tasks:
1. Updating out-of-date ports, see PortScout for a list.
__________________________________________________________________
Kernel Information in Process Core Dumps
Contact: Mikolaj Golub <trociny< at >freebsd.org>
When doing postmortem analysis of a crashed process it is sometimes
very useful to have kernel information about the process at the
moment of the crash, like open file descriptors or resource limits.
For a live process this information can be obtained via sysctl(3)
interface e.g. using procstat(1).
The aim of the project is to add additional notes to a process core
dump, which include process information from the kernel at the moment
of the process crash, teach libprocstat(3) to extract this
information and make procstat(1) use this functionality.
At the moment all necessary code changes are committed to HEAD and
are going to be merge to stable/9 in 1 month.
__________________________________________________________________
mdoc.su -- Short Manual Page URLs
URL: http://mdoc.su/
URL: http://nginx.conf.mdoc.su/mdoc.su.nginx.conf
URL: https://github.com/cnst/mdoc.su
URL:
http://lists.freebsd.org/pipermail/freebsd-doc/2013-February/021465.html
Contact: Constantine A. Murenin <cnst++< at >FreeBSD.org>
mdoc.su is a deterministic URL shortener for BSD manual pages,
written entirely in nginx.conf.
Since the original announcement, OS version support has been added
(e.g. /f91/ and /FreeBSD-9.1/ etc.), as well as dynamic multi-flavour
web-pages with multiple links (e.g. http://mdoc.su/f,d/ifnet.9 and
http://mdoc.su/-/mdoc), which even let you specify the versions too
(e.g. http://mdoc.su/f91,n60,o52,d/mdoc).
The source code for the whole site is available under a BSD licence.
Open tasks:
1. Fork it on GitHub (see links)!
__________________________________________________________________
Multipath TCP (MPTCP) for FreeBSD
URL: http://caia.swin.edu.au/urp/newtcp/mptcp/tools.html
URL: http://caia.swin.edu.au/newtcp/mptcp/
URL: http://caia.swin.edu.au/reports/130424A/CAIA-TR-130424A.pdf
URL: https://pub.allbsd.org/FreeBSD-snapshots/
Contact: Nigel Williams <njwilliams< at >swin.edu.au>
Contact: Lawrence Stewart <lastewart< at >swin.edu.au>
Contact: Grenville Armitage <garmitage< at >swin.edu.au>
We have been working to create a BSD-licensed implementation of
Multipath TCP -- a set of TCP extensions that allow for transparent
multipath operation with multiple IP addresses as specified in
experimental RFC6824.
We made our first v0.1 public release on 2013-03-11 and recently
released v0.3 on 2013-04-16. The code is currently considered to be
of alpha quality. We are working towards pushing the code into a
FreeBSD Subversion repository project branch to continue the on-going
development effort in a more publicly accessible location. As part of
this move, we hope to begin releasing regular snapshot installer ISOs
of the MPTCP project branch courtesy of Hiroki Sato and the
allbsd.org daily snapshot infrastructure.
We are about to release a CAIA technical report 130424A entitled
"Design Overview of Multipath TCP version 0.3 for FreeBSD 10" on
2013-04-24 which provides a high-level design and architecture
overview of the v0.3 code release.
Going forward, we expect to continue development and release
additional technical reports and academic papers covering topics
such as performance analysis and multipath congestion
control/scheduling.
Open tasks:
1. The code is currently of alpha quality so we welcome all testing
feedback, but please familiarize yourself with the README file
and "Known Limitations" section in particular before jumping in.
__________________________________________________________________
Native iSCSI Stack
URL: https://wiki.freebsd.org/Native%20iSCSI%20target
Contact: Edward Tomasz Napieral/a <trasz< at >FreeBSD.org>
Focus of the project was extended to also include a new iSCSI
initiator. Compared to the old one, it is more reliable, much more
user-friendly, and somewhat faster. It uses exactly the same
configuration file format as the old one to make migration easier.
As for the target side, it was verified to work properly against
major initiators (FreeBSD, Linux, Solaris, Windows and VMWare ESX).
This project is being sponsored by FreeBSD Foundation.
Open tasks:
1. RDMA support, for both the target and the initiator.
2. Performance optimization.
__________________________________________________________________
PyPy
URL: http://wiki.FreeBSD.org/PyPy
Contact: David Naylor <dbn< at >FreeBSD.org>
PyPy has been successfully updated to 2.0-beta1 with 2.0-beta2
finishing translating and other tests. Many major changes were made
to the PyPy port fr the 2.0-beta1 release, these include:
* Reworking the build script.
* Optionally use pypy (when available) for self-translating.
* Refine memory checks.
* Fix the test target.
Although the port is in a healthy state; PyPy on FreeBSD has some
rough edges (see make test for examples of roughness).
Open tasks:
1. Fix failed unit tests.
2. Integrate PyPy into bsd.python.mk.
3. See the project page for more items.
__________________________________________________________________
racct: Block IO Accounting
URL: https://wiki.freebsd.org/RudolfTomori/IOLimits
Contact: Rudolf Tomori <rudot< at >FreeBSD.org>
This project adds the block IO access accounting to the racct/rctl
resource limiting framework, a working prototype implementation is
available.
__________________________________________________________________
Read-only Port of NetBSD's UDF File System
URL: https://github.com/williamdevries/UDF
Contact: Will DeVries <william.devries< at >gmail.com>
An initial read-only port of NetBSD's UDF file system has been
largely completed. (The UDF file system is often used on CD, DVD and
Blu-Ray discs.) This port provides a number of advantages over
FreeBSD's current UDF implementation, which include:
* Support for version 2.60 of the UDF file system specification.
FreeBSD's current implementation only partially supports version
1.5 of the standard, which was released in 1997. Since Windows
and other systems support newer version of this file system, our
users are left without the ability to read some media written by
these systems. In addition, Blu-Ray discs are commonly written
using version 2.50 or 2.60.
* The ability to override the owner and group for all the files and
directories on a UDF volume using mount options.
* The ability to set the owner and group for files and directories
that lack defined owner or group information using mount options.
(The UDF specification allows for files and directories without
owners or groups.)
* The ability to override the mode for all directories and files
on a volume using mount options.
* Support for mounting previous versions of incrementally recorded
media, like CD-Rs.
__________________________________________________________________
TCP-AO Authentication Option
URL: http://svnweb.freebsd.org/base/user/andre/tcp-ao/
Contact: André Oppermann <andre< at >FreeBSD.org>
Work is under way to implement TCP-AO (TCP Authentication Option)
according to RFC5925 and RFC5926. TCP-AO is an extension to TCP-MD5
signatures commonly used in routers to secure BGP routing protocol
sessions against spoofing attacks. The work is under contract and
sponsored by Juniper Networks.
__________________________________________________________________
The entities Documentation Branch
URL: http://svnweb.freebsd.org/doc/projects/entities/
Contact: René Ladan <rene< at >FreeBSD.org>
The entities branch was created to reduce duplication of committer
entities. Currently there is one in authors.ent (with email
addresses) and another one in developers.ent (without email
addresses). This seems to be a leftover from the doc/www split in
earlier times. To remedy this, developers.ent is merged into
authors.ent and entities with email addresses are postfixed as such.
Apart from the instructions for the initial commit, there should be
little user-visible changes. Some related cleanups, like cleaning up
team definitions, replacing literal names by entities from
authors.ent, and adding missing names to authors.ent are also made.
Open tasks:
1. Finish processing of the <email> tag.
2. Send out a CFT.
3. Merge back into head branch.
__________________________________________________________________
The FreeBSD Japanese Documentation Project
URL: http://www.FreeBSD.org/ja/
URL: http://www.jp.FreeBSD.org/doc-jp/
Contact: Hiroki Sato <hrs< at >FreeBSD.org>
Contact: Ryusuke Suzuki <ryusuke< at >FreeBSD.org>
Web page (htdocs): Newsflash and some other updates in the English
version have been translated to keep them up-to-date. Specifically,
the release related contents were updated in this period.
Books: FreeBSD Handbook has constantly been updated since the last
report; particularly, "ports", "desktop" section were largely
updated. Some progress has been made in the "advanced-networking"
section, contributed by a new translator.
"Writing FreeBSD Problem Reports" article is now in sync with the
English version.
Open tasks:
1. Further translation work of outdated documents in ja_JP.eucJP
subtree.
__________________________________________________________________
UFS/FFS Performance Work
URL: http://www.mckusick.com/publications/faster_fsck.pdf
Contact: Kirk McKusick <mckusick< at >mckusick.com>
Some work on the performance of UFS/FFS has been recently committed
to HEAD. The purpose of the corresponding change to the FFS layout
policy is to reduce the running time for a full file system check.
It also reduces the random access time for large files and speeds up
the traversal time for directory tree walks.
The key idea is to reserve a small area in each cylinder group
immediately following the inode blocks for the use of metadata,
specifically indirect blocks and directory contents. The new policy
is to preferentially place metadata in the metadata area and
everything else in the blocks that follow the metadata area.
The size of this area can be set when creating a filesystem using
newfs(8) or changed in an existing filesystem using tunefs(8). Both
utilities use the -k held-for-metadata-blocks option to specify the
amount of space to be held for metadata blocks in each cylinder
group. By default, newfs(8) sets this area to half of minfree
(typically 4% of the data area).
As with all layout policies, it only affect layouts of things
allocated after it is put in place. So these changes will primarily
be noticable on newly created file systems.
File system checks have been sped up by caching the cylinder group
maps in pass1 so that they do not need to be read again in pass5. As
this nearly doubles the memory requirement for fsck(8), the cache is
thrown away if other memory needs in fsck(8) would otherwise fail.
Thus, the memory footprint of fsck(8) remains unchanged in memory
constrained environments. This optimization will be evident on all
UFS/FFS filesystems.
This work was inspired by a paper presented at Usenix's FAST '13.
Open tasks:
1. MFC to 9-STABLE and possibly 8-STABLE should happen by May unless
problems arise with these changes in HEAD.
__________________________________________________________________
Wine32 on FreeBSD/amd64
URL: http://wiki.freebsd.org/i386-Wine
Contact: David Naylor <dbn< at >FreeBSD.org>
The i386-wine port (formally wine-fbsd64) has been added to the ports
collection (as emulators/i386-wine-devel). Although the port can only
be compiled under a x86 32-bit system the resulting package can be
installed on a x86 64-bit system and enable running of 32-bit
Microsoft Windows programs.
Packages for the port are in development and should be announced
shortly on the freebsd-questions and freebsd-emulation mailing lists.
There are some issues with Wine32 on FreeBSD/amd64 -- possibly
related to FreeBSD32_COMPACT, or other general 32/64-bit issues --
that could do with some focus.
Open tasks:
1. Port wine64 to FreeBSD.
2. Port WoW64 (wine32 and wine64 together) to FreeBSD.
3. Fix 32- and 64-bit issues (such as Intel graphics not
accelerating).
__________________________________________________________________
Xfce/FreeBSD
URL: https://wiki.FreeBSD.org/Xfce
URL:
http://people.freebsd.org/~olivierd/patches/midori-0.4.9_0.5.0.diff
Contact: FreeBSD Xfce Team <xfce< at >FreeBSD.org>
The Xfce FreeBSD Team has updated many ports, especially:
* tumbler: 0.1.27 (add new option, COVER)
* Parole: 0.5.0
* xfdesktop: 4.10.2
* Midori: 0.4.9 (full compatible with Vala 0.18), 0.5.0 is
available (see links)
* Orage: 4.8.4
* xfce4-terminal: 0.6.1 (renamed by upstream, previous name was
Terminal)
This last application contains drop-down functionality, new window
slides down from the top of the screen when key (we can define
keyboard shortcut) is pressed.
Open tasks:
1. Replace libxfce4gui (deprecated and not maintained by upstream)
by libxfce4ui in order to enhance support panel plugins for Xfce >=
4.10.
2. Work on Midori Gtk3 port.
3. Fix gtk-xfce-engine with Gtk+ >=3.6.
__________________________________________________________________
xorg on FreeBSD
URL: http://wiki.freebsd.org/Xorg
URL: http://people.freebsd.org/~zeising/xorg-7.7.diff
URL: http://trillian.chruetertee.ch/ports/browser/trunk
URL: http://trillian.chruetertee.ch/ports/browser/branches/xorg-7.7
Contact: FreeBSD X11 Team <x11< at >FreeBSD.org>
Contact: Niclas Zeising <zeising< at >FreeBSD.org>
Contact: Koop Mast <kwm< at >FreeBSD.org>
Most of the work during this period has been in updating, testing and
stabilizing the development repository. A number of xorg applications
and various other leaf ports has been committed as part of this
effort. After this a CFT was sent out asking for help in testing the
remaining bits in development, including updates to all major
libraries and xorg-server.
Currently, the CFT patch has been submitted for an exp-run to iron
out any final bugs. The plan is to merge it sometime after FreeBSD
8.4 is released and the ports tree is reopened for commits.
Work is also on-going to port new versions of MESA and OpenGL, as
well as a new version of xorg-server, and perhaps in the future,
Wayland. These are considered more long-term goals and are not
targeted for the current update.
Open tasks:
1. Decide how to handle the new and old xorg distributions. In
recent xorg, a lot of legacy driver support has been dropped,
therefore we need to maintain two xorg distributions to not lose a
lot of hardware drivers. Currently, this is done by setting the flag
WITH_NEW_XORG in /etc/make.conf, but a more practical solution is
needed. This is especially important since the flag is not very
user-friendly, and since there currently will be no official
packages for the new distribution.
2. Continue to test and update xorg related ports. There are new
versions of xserver, as well as MESA and related OpenGL libraries
which needs to be ported and eventually integrated into the ports
tree.
3. Port Wayland. The future of graphical environments in open source
operating systems seems to be Wayland. This needs to be ported to
FreeBSD so that a wider audience can test it, and so that it
eventually can be integrated into the ports tree, perhaps as a
replacement for the current xorg.
4. Look into replacements for HAL. HAL is used for hot-plugging of
devices, but it has been long abandoned by Linux. A replacement,
perhaps build on top of devd would be nice to have. This work
should be coordinated with the FreeBSD GNOME and KDE teams.
__________________________________________________________________
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"</pre>Gabor Pali2013-05-12T17:56:47FreeBSD Foundation Announces Ed Maste asDirector of Project Development
http://comments.gmane.org/gmane.os.freebsd.announce/665
<pre>The FreeBSD Foundation is pleased to announce Ed Maste's new role as the
Foundation's part-time Director of Project Development. Ed has served
on the Foundation's board for two years, and has stepped down in order to
accept this new position.
In this position Ed will manage the Foundation's sponsored work,
including projects funded under specific grants, operational support and
project development undertaken by the Foundation's permanent technical
staff.
Working with the Foundation's Board of Directors, Ed will identify
and document specific areas of future project work interest. This
roadmap planning will include coordination with FreeBSD consumers and
the FreeBSD community.
"2012 represented an inflection point in the Foundation's history,''
said Justin T. Gibbs, President of the FreeBSD Foundation. "The
Foundation has a stated goal of investing in permanent staff through
2013. With Ed taking on this new position I'm excited by the
Foundation's increased capacity to manage our project development and
operational support.''
Ed has over ten years of experience in companies building products
on FreeBSD, in both technical and managerial roles. He resides in
Kitchener, Ontario, Canada.
</pre>Deb Goodkin2013-05-09T16:11:40Google Summer of Code 2013
http://comments.gmane.org/gmane.os.freebsd.announce/664
<pre>Hi all,
A reminder: The deadline for applications is 19:00 UTC Friday May 3rd
(tomorrow).
FreeBSD is pleased to announce that once again we have been selected to
participate in the Google Summer of Code program. This gives University
students the opportunity to earn a $5000 USD stipend in exchange for
working on Open Source software over their Summer break. Students have
around 12 weeks to work on their project, and will be mentored by
existing FreeBSD committers. Participating organisations will earn $500
USD per student mentored. Over the past eight years we have hosted over
150 successful projects, and look forward to continuing this trend.
FreeBSD's organisation page may be found at
http://www.google-melange.com/gsoc/org/google/gsoc2013/freebsd and a
list of possible project ideas may be found at
https://wiki.freebsd.org/IdeasPage . Please note that projects do not
have to come from the ideas list, and indeed students are encouraged to
produce their own project ideas - the majority of past projects have
been thought up by the particpants themselves. We are encouraging
discussion of projects on the freebsd-hackers mailing list and the
#freebsd-soc IRC channel on EFNet.
Students are also encouraged to visit http://www.google-melange.com/ to
view more details of the program, including eligibility requirements,
and a list of other participating organisations.
If you have administrative questions you can contact the FreeBSD GSoC
administration team at soc-admins< at >FreeBSD.org.
Thanks,
Gavin
</pre>Gavin Atkinson2013-05-02T13:05:16FreeBSD Security AdvisoryFreeBSD-SA-13:05.nfsserver [REVISED]
http://comments.gmane.org/gmane.os.freebsd.announce/663
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:05.nfsserver Security Advisory
The FreeBSD Project
Topic: Insufficient input validation in the NFS server
Category: core
Module: nfsserver
Announced: 2013-04-29
Revised: 2013-04-29
Credits: Adam Nowacki
Affects: All supported versions of FreeBSD.
Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE)
2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8)
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1)
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1)
2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE)
2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3)
CVE Name: CVE-2013-3266
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2013-04-29 Initial release.
v1.1 2013-04-29 Corrected patch URL.
Additional workaround information.
I. Background
The Network File System (NFS) allows a host to export some or all of its
file systems so that other hosts can access them over the network and mount
them as if they were on local disks. FreeBSD includes server and client
implementations of NFS.
FreeBSD 8.0 and onward has two NFS implementations: the original CSRG
NFSv2 and NFSv3 implementation and a new implementation which also
supports NFSv4.
FreeBSD 9.0 and onward uses the new NFS implementation by default.
II. Problem Description
When processing READDIR requests, the NFS server does not check that
it is in fact operating on a directory node. An attacker can use a
specially modified NFS client to submit a READDIR request on a file,
causing the underlying filesystem to interpret that file as a
directory.
III. Impact
The exact consequences of an attack depend on the amount of input
validation in the underlying filesystem:
- If the file resides on a UFS filesystem on a little-endian server,
an attacker can cause random heap corruption with completely
unpredictable consequences.
- If the file resides on a ZFS filesystem, an attacker can write
arbitrary data on the stack. It is believed, but has not been
confirmed, that this can be exploited to run arbitrary code in
kernel context.
Other filesystems may also be vulnerable.
IV. Workaround
Systems that do not provide NFS service are not vulnerable. Neither
are systems that do but use the old NFS implementation, which is the
default in FreeBSD 8.x.
To determine which implementation an NFS server is running, run the
following command:
# kldstat -v | grep -cw nfsd
This will print 1 if the system is running the new NFS implementation,
and 0 otherwise.
To switch to the old NFS implementation:
1) Append the following lines to /etc/rc.conf:
nfsv4_server_enable="no"
oldnfs_server_enable="yes"
2) If the NFS server is compiled into the kernel (which is the case
for the stock GENERIC kernel), replace the NFSD option with the
NFSSERVER option, then recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>.
If the NFS server is not compiled into the kernel, the correct
module will be loaded at boot time.
3) Finally, reboot the system.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc
# gpg --verify nfsserver.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r250068
releng/8.3/ r250069
releng/8.4/ r250073
stable/9/ r250070
releng/9.1/ r250071
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3266
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4
GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5
=bbRm
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>FreeBSD Security Advisories2013-04-29T21:56:49FreeBSD Security AdvisoryFreeBSD-SA-13:05.nfsserver
http://comments.gmane.org/gmane.os.freebsd.announce/662
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:05.nfsserver Security Advisory
The FreeBSD Project
Topic: Insufficient input validation in the NFS server
Category: core
Module: nfsserver
Announced: 2013-04-29
Credits: Adam Nowacki
Affects: All supported versions of FreeBSD.
Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE)
2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8)
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1)
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1)
2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE)
2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3)
CVE Name: CVE-2013-3266
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The Network File System (NFS) allows a host to export some or all of its
file systems so that other hosts can access them over the network and mount
them as if they were on local disks. FreeBSD includes server and client
implementations of NFS.
FreeBSD 8.0 and onward has two NFS implementations: the original CSRG
NFSv2 and NFSv3 implementation and a new implementation which also
supports NFSv4.
FreeBSD 9.0 and onward uses the new NFS implementation by default.
II. Problem Description
When processing READDIR requests, the NFS server does not check that
it is in fact operating on a directory node. An attacker can use a
specially modified NFS client to submit a READDIR request on a file,
causing the underlying filesystem to interpret that file as a
directory.
III. Impact
The exact consequences of an attack depend on the amount of input
validation in the underlying filesystem:
- If the file resides on a UFS filesystem on a little-endian server,
an attacker can cause random heap corruption with completely
unpredictable consequences.
- If the file resides on a ZFS filesystem, an attacker can write
arbitrary data on the stack. It is believed, but has not been
confirmed, that this can be exploited to run arbitrary code in
kernel context.
Other filesystems may also be vulnerable.
IV. Workaround
Systems that do not provide NFS service are not vulnerable. Neither
are systems that do but use the old NFS implementation, which is the
default in FreeBSD 8.x.
To determine which implementation an NFS server is running, run the
following command:
# kldstat -v | grep -cw nfsd
This will print 1 if the system is running the new NFS implementation,
and 0 otherwise.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc
# gpg --verify nfsserver.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r250058
releng/8.3/ r250059
releng/8.4/ r250062
stable/9/ r250060
releng/9.1/ r250061
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3266
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q
9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ
=polM
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>FreeBSD Security Advisories2013-04-29T20:55:38FreeBSD Foundation announces second technicalstaff member and iSCSI project
http://comments.gmane.org/gmane.os.freebsd.announce/661
<pre>The FreeBSD Foundation is pleased to announce that Edward Tomasz
Napierala has joined as its second member of technical staff. This is
a continuation of the Foundation's plan to invest in staff in 2013.
A FreeBSD committer since 2007, Edward previously completed a number
of projects under Foundation grants, including safe device removal
with mounted filesystems, growing mounted filesystems, and resource
containers.
Edward is currently implementing a native in-kernel iSCSI stack (both
target and initiator) for this increasingly popular block storage
protocol. "Although there are a number of iSCSI target implementations
that support FreeBSD, the project lacks a high performance and reliable
in-kernel target. As iSCSI gains favor, this stack will be a key
element in maintaining FreeBSD's competitive position in enterprise and
open-source deployments" said Justin T. Gibbs, president of the FreeBSD
Foundation. The project is expected to be completed in October 2013.
Another part of Edward's responsibilities will be assisting the FreeBSD
Security Team in preparing security advisories and patches.
Edward lives in Warsaw, Poland.
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Ed Maste2013-04-29T15:10:06FreeBSD is participating in Google Summer of Code
http://comments.gmane.org/gmane.os.freebsd.announce/660
<pre>
Hi all,
FreeBSD is pleased to announce that once again we have been selected to
participate in the Google Summer of Code program. This gives University
students the opportunity to earn a $5000 USD stipend in exchange for
working on Open Source software over their Summer break. Students have
around 12 weeks to work on their project, and will be mentored by existing
FreeBSD committers. Participating organisations will earn $500 USD per
student mentored.
FreeBSD's organisation page may be found at
http://www.google-melange.com/gsoc/org/google/gsoc2013/freebsd and a list
of possible project ideas may be found at
https://wiki.freebsd.org/IdeasPage . Please note that projects do not
have to come from the ideas list, and indeed students are encouraged to
produce their own project ideas - the majority of past projects have been
thought up by the particpants themselves.
Students are also encouraged to visit http://www.google-melange.com/ to
view more details of the program, including eligibility requirements, and
a list of other participating organisations.
Thanks,
Gavin
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Gavin Atkinson2013-04-22T08:42:53Verisign Announces vBSDCon
http://comments.gmane.org/gmane.os.freebsd.announce/659
<pre>Hi all,
Verisign, Inc., who has become involved with FreeBSD over the last 3 years, would like to announce a user and developer conference to be held Oct 25 – 27, 2013 at the Dulles Hyatt in Dulles, VA. More information on this conference is available at http://blog.hostileadmin.com/2013/04/17/vbsdcon-oct-25-27-2013/. We are excited to host this conference and are looking forward to seeing you there.
--
Vincent (Rick) Miller
Systems Engineer
vmiller< at >verisign.com
t: 703.948.4395 m: 703.581.3068
12061 Bluemont Way, Reston, VA 20190
http://www.verisigninc.com
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Miller, Vincent (Rick2013-04-17T13:37:37Raise a Million - Spend a Million!
http://comments.gmane.org/gmane.os.freebsd.announce/658
<pre>FreeBSD is internationally recognized as an innovative leader in
providing a high-performance, secure, and stable operating system. Our
mission is to continue and increase our support and funding to keep
FreeBSD at the forefront of operating system technology. But, we can’t
do this without your help!
Last year with your generosity, we raised over $770,000. This allowed us
to not only achieve our goal, but to exceed it by over $250,000.
This year, with your help, we will do more.
This year we will double the amount we spend.
This year we will invest $1,000,000 to support and promote FreeBSD.
What will the Foundation accomplish with your donation in 2013?
• Spend almost $600,000 on software development projects for FreeBSD.
• Support the Release Engineering and Security teams with paid staff time.
• Grow to five technical staff members by year-end.
• Support BSD conferences around the globe, in Europe, Japan, Canada,
and the USA.
• Spend over $130,000 on hardware to maintain and improve FreeBSD
project infrastructure.
• Grow the FreeBSD community through marketing and outreach to users and
businesses.
• Protect the FreeBSD trademarks and provide the project with access to
legal counsel.
We have kicked off the new year with 3 newly funded projects, and are
actively soliciting additional project proposals now. We've added one
new technical staff member and are in the process of adding more.
Please support the Foundation during our Spring Fundraising Drive, and
help us raise $100,000 from 1000 donors between April 16th and May 30th.
We can’t do this without you! Just go to
http://www.freebsdfoundation.org/donate to make your donation. Then talk
to your employer to either match your gift or to make their own donation.
Thank you for your support!
The FreeBSD Foundation
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Deb Goodkin2013-04-16T13:13:33FreeBSD Foundation Announces Capsicum FrameworkProject
http://comments.gmane.org/gmane.os.freebsd.announce/657
<pre>Dear FreeBSD Community,
The FreeBSD Foundation is pleased to announce that Pawel Jakub Dawidek has
been awarded a development grant to further improve the Capsicum framework.
The grant is jointly funded by Google's Open Source Programs Office.
The project includes the integration of previous work, implementation of
new programmer-friendly capability system calls, improvements to the Casper
Capsicum service daemon, and sandboxing various security-sensitive
applications.
"My previous Capsicum work focused on improving the framework itself to
make it a better fit for real world applications. This new project will
make use of the improved Capsicum to secure sensitive programs and
libraries found in FreeBSD. The project will also produce many examples
for others to follow, allowing them to take advantage of Capsicum to
improve the security of their programs," said Pawel.
Ben Laurie, of Google's security team, added that "traditional operating
system security is based on Access Control Lists (ACLs). Decades of
experience has made it quite clear this is the wrong model - but how can we
move to a better way without having to rebuild everything? Capsicum shows
that it is possible to migrate gradually from the broken ACL world to a more
robust capability based world. We are pleased to be involved in the next
step of its evolution."
The project is expected to be completed by June 2013.
The FreeBSD Foundation
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Deb Goodkin2013-04-15T15:55:26FreeBSD Security Advisory FreeBSD-SA-13:04.bind
http://comments.gmane.org/gmane.os.freebsd.announce/656
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:04.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service
Category: contrib
Module: bind
Announced: 2013-04-02
Credits: Matthew Horsfall of Dyn, Inc.
Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x
Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)
2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)
2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
CVE Name: CVE-2013-2266
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. The libdns
library is a library of DNS protocol support functions.
II. Problem Description
A flaw in a library used by BIND allows an attacker to deliberately
cause excessive memory consumption by the named(8) process. This
affects both recursive and authoritative servers.
III. Impact
A remote attacker can cause the named(8) daemon to consume all available
memory and crash, resulting in a denial of service. Applications linked
with the libdns library, for instance dig(1), may also be affected.
IV. Workaround
No workaround is available, but systems not running named(8) service
and not using base system DNS utilities are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
# gpg --verify bind.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart the named daemon, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r248807
stable/9/ r248808
releng/9.0/ r249029
releng/9.1/ r249029
- -------------------------------------------------------------------------
VII. References
https://kb.isc.org/article/AA-00871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu
1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI
=BX1M
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>FreeBSD Security Advisories2013-04-02T18:04:11FreeBSD Security AdvisoryFreeBSD-SA-13:03.openssl
http://comments.gmane.org/gmane.os.freebsd.announce/655
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:03.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2013-04-02
Affects: All supported versions of FreeBSD.
Corrected: 2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE)
2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7)
2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE)
2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
CVE Name: CVE-2013-0166, CVE-2013-0169
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A flaw in the OpenSSL handling of OCSP response verification could be exploited
to cause a denial of service attack. [CVE-2013-0166]
OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and
DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169]
III. Impact
The Denial of Service could be caused in the OpenSSL server application by
using an invalid key. [CVE-2013-0166]
A remote attacker could recover sensitive information by conducting
an attack via statistical analysis of timing data with crafted packets.
[CVE-2013-0169]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated dated after the correction
date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.3 and 9.0]
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc
# gpg --verify openssl.patch.asc
[FreeBSD 9.1]
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc
# gpg --verify openssl-9.1.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart the all deamons using the library, or reboot your the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r248057
releng/8.3/ r249029
stable/9/ r248272
releng/9.0/ r249029
releng/9.1/ r249029
- -------------------------------------------------------------------------
VII. References
CVE Name:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P
4RMAn22ppeZnRVfje8up3cyOx/D8CCmI
=rQqV
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>FreeBSD Security Advisories2013-04-02T18:03:51EuroBSDcon 2013: Call for Proposals
http://comments.gmane.org/gmane.os.freebsd.announce/654
<pre>EuroBSDcon 2013: September 26-29 in Malta
=========================================
EuroBSDcon is the European technical conference for users and developers
of BSD-based systems. The conference will take place Thursday, September
26 through Sunday, September 29 at the Hilton in St. Julian's, Malta
(tutorials on Thursday and Friday, talks on Saturday and Sunday).
Call for Proposals
------------------
The EuroBSDcon program committee is inviting BSD developers and users to
submit innovative and original talk proposals not previously presented
at other European conferences.
Topics of interest to the conference include, but are not limited to
applications, architecture, implementation, performance and security of
BSD-based operating systems, as well as topics concerning the economic
or organizational aspects of BSD use.
Presentations are expected to be 45 minutes and are to be delivered in
English.
Call for Tutorial Proposals
---------------------------
The EuroBSDcon program committee is also inviting qualified
practitioners in their field to submit proposals for half or full day
tutorials on topics relevant to development, implementation and use of
BSD-based systems.
Half-day tutorials are expected to be 2.5 to 3 hours and full-day
tutorials 5 to 6 hours. Tutorials are to be held in English.
Submissions
-----------
Proposals should be sent by email to <submission< at >eurobsdcon.org>. They
should contain a short and concise text description in about 100 words.
The submission should also include a short CV of the speaker and an
estimate of the expected travel expenses. Please submit each proposal as
a separate email.
Important dates
---------------
The EuroBSDcon program committee is accepting talk and tutorial
proposals until Monday, May 25 2013. Other important dates will be
announced soon at the conference website http://2013.EuroBSDcon.org/.
</pre>Beat Gaetzi2013-03-28T06:47:29FreeBSD Foundation Soliciting the Submission ofProject Proposals
http://comments.gmane.org/gmane.os.freebsd.announce/653
<pre>The FreeBSD Foundation is soliciting the submission of project
proposals for funded development grants. Proposals may be related to
any of the major subsystems or infrastructure within the FreeBSD
operating system, and will be evaluated based on desirability,
technical merit, and cost-effectiveness.
Key dates for this proposal solicitation:
Call for proposals: 27th March 2013
Deadline for submissions: 26th April 2013
Notifcation of accepted proposals: 17th May 2013
Proposals must include the following:
* A detailed description of what is being proposed, how it will
benefit the FreeBSD Project, and why the work is needed.
* A timeline and costing for the project.
* One or more people that will act as technical reviewers for the work.
Proposals are open to all developers, including non-FreeBSD
committers, but developers without access to commit to the source tree
must provide details about how the completion guidelines will be
achieved.
For details on the proposal submission process see:
http://www.freebsdfoundation.org/documents/Project%20Proposal%20Procedures%202013.shtml
The FreeBSD Foundation
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Deb Goodkin2013-03-27T15:05:19Accepting Travel Grant Applications for BSDCan2013
http://comments.gmane.org/gmane.os.freebsd.announce/652
<pre>Calling all FreeBSD developers needing assistance with travel expenses
to BSDCan 2013.
The FreeBSD Foundation will be providing a limited number of travel
grants to individuals requesting assistance. Please fill out and submit
the Travel Grant Request Application at
http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by
April 17, 2013 to apply for this grant.
How it works:
This program is open to FreeBSD developers of all sorts (kernel
hackers, documentation authors, bugbusters, system administrators,
etc). In some cases we are also able to fund non-developers, such as
active community members and FreeBSD advocates.
(1) You request funding based on a realistic and economical estimate of
travel costs (economy airfare, trainfare, ...), accommodations
(conference hotel and sharing a room), and registration or tutorial
fees. If there are other sponsors willing to cover costs, such as your
employer or the conference, we prefer you talk to them first, as our
budget is limited. We are happy to split costs with you or another
sponsor, such as just covering airfare or board.
*If you are a speaker at the conference, we expect the conference to
cover your travel costs, and will most likely not approve your direct
request to us. *
(2) We review your application and if approved, authorize you to seek
reimbursement up to a limit. We consider several factors, including our
overall and per-event budgets, and (quite importantly) the benefit to
the community by funding your travel.
Most rejected applications are rejected because of an over-all limit on
travel budget for the event or year, due to unrealistic or uneconomical
costing, or because there is an unclear or unconvincing argument that
funding the applicant will directly benefit the FreeBSD Project. Please
take these points into consideration when writing your application.
(3) We reimburse costs based on actuals (receipts), and by check or bank
transfer. And, we do not cover your costs if you end up having to cancel
your trip. We also do not cover meal/food/alcohol expenses. We require
you to submit a report on your trip, which we may show to current or
potential sponsors, and may include in our semi-annual newsletter and
our blog.
There's some flexibility in the mechanism, so talk to us if something
about the model doesn't quite work for you or if you have any questions.
The travel grant program is one of the most effective ways we can spend
money to help support the FreeBSD Project, as it helps developers get
together in the same place at the same time, and helps advertise and
advocate FreeBSD in the larger community.
Thank You,
The FreeBSD Foundation
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Deb Goodkin2013-03-18T21:34:17Foundation Announces New Technical Staff Member
http://comments.gmane.org/gmane.os.freebsd.announce/651
<pre>Dear FreeBSD Community,
The FreeBSD Foundation is pleased to announce that Konstantin Belousov
has been hired as its first full-time member of techical staff, a key
milestone of the Foundation's investment in staff for 2013.
Konstantin has been a FreeBSD committer since 2006, and he recently
implemented support for current-generation Intel graphics controllers
under contract to the FreeBSD Foundation. This new position will
allow him to spend his full working time on supporting and improving
FreeBSD.
Konstantin's first project brings support for unmapped I/O to FreeBSD.
The unmapped I/O project improves performance by avoiding mapping
buffers in the buffer cache, significantly reducing overhead on
multi-processor systems. The project builds on foundational work to
unify machine-dependent parts of the busdma interface, recently
contributed by Jeff Robertson at EMC's Isilon Storage Division.
EMC became a FreeBSD foundation donor in 2012.
Netflix, another new Foundation donor for 2012, is already making use of
this project. "Netflix partnered closely with Konstantin to provide
design input and testing resources for the unmapped I/O project. The
work helped us realize an immediate 25% increase in system performance
on production workloads. It underscores the immense value of
collaborating and investing in the open source community and FreeBSD
in particular," said Scott Long, Senior Software Engineer at Netflix.
Konstantin has also been working with the release engineering team
since 2008 and his new role with the Foundation will allow him to
focus more time on the tools and process used to make FreeBSD
releases.
Konstantin lives in Kiev, Ukraine.
The FreeBSD Foundation
_______________________________________________
freebsd-announce< at >freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe< at >freebsd.org"
</pre>Deb Goodkin2013-03-14T15:21:08Search EngineSearch the mailing list at Gmanequery
http://search.gmane.org/?group=$group=gmane.os.freebsd.announce